sentinel-nestjs-core 0.1.0

package/README.md

@@ -0,0 +1,47 @@
+# sentinel-nest-core
+
+## Description
+Librairie destinée aux backs NestJS qui se connectent au serveur Sentinel.<br :>
+Elle permet de gérer simplement les permissions d'accès aux APIs et de mettre en place un logger.
+
+## Logger
+
+Le logger est basé sur le paquet `winston` et `winston-daily-rotate-file`.<br />
+Les fichiers logs sont dans le répertoire `log`.<br />
+ATTENTION : il n'y a pas de gestion de suppression des fichiers actuellement.
+
+### Installation et utilisation
+
+```ts
+// constructor
+private readonly logger: LoggerAppService,
+
+// méthod
+logger.log('text');
+logger.warn('text');
+logger.debug('text');
+logger.verbose('text');
+logger.error('text', e);
+```
+
+## Permission
+
+L'objectif de cette fonctionnalité et de proposer un guard `@Permission` afin de controller l'accès aux APIs.<br />
+Il est développé pour tester le token fourni par Sentinel avec la clé publique transmis également par Snetinel.<br />
+Les clés peuvent être renouvelées via le scheduler de Sentinel.
+
+### Installation et utilisation
+
+```ts
+//app.module
+SentinelCoreModule.forRootAsync({
+  useFactory: async (config: ConfigService) => ({
+    mode: 'remote',
+    apiSentinel: 'http://localhost:3000',
+  }),
+  inject: [ConfigService],
+})
+
+//controller
+@Permission('resourceName', 'action')
+```

package/dist/index.d.ts

@@ -0,0 +1 @@
+export * from './sentinel-nest-core.module';

package/dist/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./sentinel-nest-core.module"), exports);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,8DAA4C"}

package/dist/logger/logger.interceptor.d.ts

@@ -0,0 +1,8 @@
+import { CallHandler, ExecutionContext, NestInterceptor } from '@nestjs/common';
+import { Observable } from 'rxjs';
+import { LoggerAppService } from "./logger.service";
+export declare class LoggerInterceptor implements NestInterceptor {
+    private readonly logger;
+    constructor(logger: LoggerAppService);
+    intercept(context: ExecutionContext, next: CallHandler): Observable<any>;
+}

package/dist/logger/logger.interceptor.js

@@ -0,0 +1,45 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LoggerInterceptor = void 0;
+const common_1 = require("@nestjs/common");
+const operators_1 = require("rxjs/operators");
+const logger_service_1 = require("./logger.service");
+let LoggerInterceptor = class LoggerInterceptor {
+    constructor(logger) {
+        this.logger = logger;
+    }
+    intercept(context, next) {
+        const req = context.switchToHttp().getRequest();
+        const res = context.switchToHttp().getResponse();
+        const { method, url } = req;
+        const controller = context.getClass().name;
+        const handler = context.getHandler().name;
+        const start = Date.now();
+        this.logger.debug(`[IN] ${method} ${url} → ${controller}.${handler}()`);
+        return next.handle().pipe((0, operators_1.tap)(() => {
+            const duration = Date.now() - start;
+            const statusCode = res.statusCode;
+            this.logger.log(`[OUT] ${method} ${url} ← ${controller}.${handler}() | ${statusCode} (${duration} ms)`);
+        }), (0, operators_1.catchError)((err) => {
+            var _a;
+            const duration = Date.now() - start;
+            this.logger.error(`[ERROR] ${method} ${url} ← ${controller}.${handler}() | ${(_a = res.statusCode) !== null && _a !== void 0 ? _a : 500} (${duration} ms)`, err.stack);
+            throw err;
+        }));
+    }
+};
+exports.LoggerInterceptor = LoggerInterceptor;
+exports.LoggerInterceptor = LoggerInterceptor = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [logger_service_1.LoggerAppService])
+], LoggerInterceptor);
+//# sourceMappingURL=logger.interceptor.js.map

package/dist/logger/logger.interceptor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.interceptor.js","sourceRoot":"","sources":["../../src/logger/logger.interceptor.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAKwB;AAExB,8CAAiD;AAEjD,qDAAkD;AAG3C,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAC5B,YAA6B,MAAwB;QAAxB,WAAM,GAAN,MAAM,CAAkB;IAAG,CAAC;IAEzD,SAAS,CAAC,OAAyB,EAAE,IAAiB;QACpD,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAW,CAAC;QACzD,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,WAAW,EAAY,CAAC;QAE3D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC;QAC5B,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC,IAAI,CAAC;QAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,IAAI,CAAC;QAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAGzB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,MAAM,IAAI,GAAG,MAAM,UAAU,IAAI,OAAO,IAAI,CAAC,CAAC;QAExE,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CACvB,IAAA,eAAG,EAAC,GAAG,EAAE;YACP,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;YACpC,MAAM,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC;YAClC,IAAI,CAAC,MAAM,CAAC,GAAG,CACb,SAAS,MAAM,IAAI,GAAG,MAAM,UAAU,IAAI,OAAO,QAAQ,UAAU,KAAK,QAAQ,MAAM,CACvF,CAAC;QACJ,CAAC,CAAC,EACF,IAAA,sBAAU,EAAC,CAAC,GAAG,EAAE,EAAE;;YACjB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;YACpC,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,WAAW,MAAM,IAAI,GAAG,MAAM,UAAU,IAAI,OAAO,QAAQ,MAAA,GAAG,CAAC,UAAU,mCAAI,GAAG,KAAK,QAAQ,MAAM,EACnG,GAAG,CAAC,KAAK,CACV,CAAC;YACF,MAAM,GAAG,CAAC;QACZ,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;CACF,CAAA;AAjCY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,mBAAU,GAAE;qCAE0B,iCAAgB;GAD1C,iBAAiB,CAiC7B"}

package/dist/logger/logger.interceptor.spec.js

@@ -0,0 +1,2 @@
+"use strict";
+//# sourceMappingURL=logger.interceptor.spec.js.map

package/dist/logger/logger.interceptor.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.interceptor.spec.js","sourceRoot":"","sources":["../../src/logger/logger.interceptor.spec.ts"],"names":[],"mappings":""}

package/dist/logger/logger.module.d.ts

@@ -0,0 +1,2 @@
+export declare class LoggerModule {
+}

package/dist/logger/logger.module.js

@@ -0,0 +1,22 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LoggerModule = void 0;
+const common_1 = require("@nestjs/common");
+const logger_service_1 = require("./logger.service");
+let LoggerModule = class LoggerModule {
+};
+exports.LoggerModule = LoggerModule;
+exports.LoggerModule = LoggerModule = __decorate([
+    (0, common_1.Global)(),
+    (0, common_1.Module)({
+        providers: [logger_service_1.LoggerAppService],
+        exports: [logger_service_1.LoggerAppService],
+    })
+], LoggerModule);
+//# sourceMappingURL=logger.module.js.map

package/dist/logger/logger.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.module.js","sourceRoot":"","sources":["../../src/logger/logger.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAA8C;AAC9C,qDAAoD;AAO7C,IAAM,YAAY,GAAlB,MAAM,YAAY;CAAG,CAAA;AAAf,oCAAY;uBAAZ,YAAY;IALxB,IAAA,eAAM,GAAE;IACR,IAAA,eAAM,EAAC;QACN,SAAS,EAAE,CAAC,iCAAgB,CAAC;QAC7B,OAAO,EAAE,CAAC,iCAAgB,CAAC;KAC5B,CAAC;GACW,YAAY,CAAG"}

package/dist/logger/logger.service.d.ts

@@ -0,0 +1,10 @@
+import { LoggerService } from '@nestjs/common';
+export declare class LoggerAppService implements LoggerService {
+    private logger;
+    constructor();
+    log(message: string): void;
+    error(message: string, trace?: string): void;
+    warn(message: string): void;
+    debug(message: string): void;
+    verbose(message: string): void;
+}

package/dist/logger/logger.service.js

@@ -0,0 +1,124 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LoggerAppService = void 0;
+const common_1 = require("@nestjs/common");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const winston = __importStar(require("winston"));
+const DailyRotateFile = require('winston-daily-rotate-file');
+let LoggerAppService = class LoggerAppService {
+    constructor() {
+        const logDir = process.env.LOG_PATH
+            ? path.resolve(process.cwd(), process.env.LOG_PATH)
+            : path.resolve(process.cwd(), 'logs');
+        if (!fs.existsSync(logDir)) {
+            fs.mkdirSync(logDir, { recursive: true });
+            console.log(`[Logger] Dossier créé : ${logDir}`);
+        }
+        const level = process.env.LOG_LEVEL || 'info';
+        const datePattern = process.env.LOG_DATE_PATTERN || 'YYYY-MM-DD';
+        const maxFiles = process.env.LOG_MAX_DAYS || '14d';
+        const maxSize = process.env.LOG_MAX_SIZE || '20m';
+        const consoleFormat = winston.format.combine(winston.format.colorize(), winston.format.timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }), winston.format.printf(({ timestamp, level, message }) => {
+            return `${timestamp} [${level}]: ${message}`;
+        }));
+        const fileFormat = winston.format.combine(winston.format.timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }), winston.format.printf(({ timestamp, level, message }) => {
+            return `${timestamp} [${level}]: ${message}`;
+        }));
+        const combinedTransport = new DailyRotateFile({
+            level,
+            dirname: logDir,
+            filename: 'combined-%DATE%.log',
+            datePattern,
+            zippedArchive: true,
+            maxSize,
+            maxFiles,
+            format: fileFormat,
+        });
+        const errorTransport = new DailyRotateFile({
+            level: 'error',
+            dirname: logDir,
+            filename: 'error-%DATE%.log',
+            datePattern,
+            zippedArchive: true,
+            maxSize,
+            maxFiles,
+            format: fileFormat,
+        });
+        combinedTransport.on('new', (filename) => {
+            this.logger.info(`[Logger] Initialisation réussie — fichier ${filename}`);
+        });
+        this.logger = winston.createLogger({
+            level,
+            transports: [
+                new winston.transports.Console({ format: consoleFormat }),
+                combinedTransport,
+                errorTransport,
+            ],
+        });
+        console.log(`[Logger] Winston initialisé au niveau "${level}"`);
+    }
+    log(message) {
+        this.logger.info(message);
+    }
+    error(message, trace) {
+        this.logger.error(trace ? `${message} - ${trace}` : message);
+    }
+    warn(message) {
+        this.logger.warn(message);
+    }
+    debug(message) {
+        this.logger.debug(message);
+    }
+    verbose(message) {
+        this.logger.verbose(message);
+    }
+};
+exports.LoggerAppService = LoggerAppService;
+exports.LoggerAppService = LoggerAppService = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [])
+], LoggerAppService);
+//# sourceMappingURL=logger.service.js.map

package/dist/logger/logger.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.service.js","sourceRoot":"","sources":["../../src/logger/logger.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA2D;AAC3D,uCAAyB;AACzB,2CAA6B;AAC7B,iDAAmC;AAInC,MAAM,eAAe,GAAG,OAAO,CAAC,2BAA2B,CAAC,CAAC;AAGtD,IAAM,gBAAgB,GAAtB,MAAM,gBAAgB;IAG3B;QAEE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ;YACjC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;YACnD,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,CAAC;QAExC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,2BAA2B,MAAM,EAAE,CAAC,CAAC;QACnD,CAAC;QAGD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,MAAM,CAAC;QAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,YAAY,CAAC;QACjE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,KAAK,CAAC;QACnD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,KAAK,CAAC;QAGlD,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAC1C,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,EACzB,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC,EAC3D,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE;YACtD,OAAO,GAAG,SAAS,KAAK,KAAK,MAAM,OAAO,EAAE,CAAC;QAC/C,CAAC,CAAC,CACH,CAAC;QAEF,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CACvC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC,EAC3D,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE;YACtD,OAAO,GAAG,SAAS,KAAK,KAAK,MAAM,OAAO,EAAE,CAAC;QAC/C,CAAC,CAAC,CACH,CAAC;QAGF,MAAM,iBAAiB,GAAG,IAAI,eAAe,CAAC;YAC5C,KAAK;YACL,OAAO,EAAE,MAAM;YACf,QAAQ,EAAE,qBAAqB;YAC/B,WAAW;YACX,aAAa,EAAE,IAAI;YACnB,OAAO;YACP,QAAQ;YACR,MAAM,EAAE,UAAU;SACnB,CAAC,CAAC;QAEH,MAAM,cAAc,GAAG,IAAI,eAAe,CAAC;YACzC,KAAK,EAAE,OAAO;YACd,OAAO,EAAE,MAAM;YACf,QAAQ,EAAE,kBAAkB;YAC5B,WAAW;YACX,aAAa,EAAE,IAAI;YACnB,OAAO;YACP,QAAQ;YACR,MAAM,EAAE,UAAU;SACnB,CAAC,CAAC;QAGH,iBAAiB,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,QAAgB,EAAE,EAAE;YAC/C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6CAA6C,QAAQ,EAAE,CAAC,CAAC;QAC5E,CAAC,CAAC,CAAC;QAGH,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;YACjC,KAAK;YAEL,UAAU,EAAE;gBACV,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;gBACzD,iBAAiB;gBACjB,cAAc;aACf;SACF,CAAC,CAAC;QAGH,OAAO,CAAC,GAAG,CAAC,0CAA0C,KAAK,GAAG,CAAC,CAAC;IAClE,CAAC;IAGD,GAAG,CAAC,OAAe;QACjB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,OAAe,EAAE,KAAc;QACnC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,OAAO,MAAM,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC,OAAe;QAClB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,OAAe;QACnB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO,CAAC,OAAe;QACrB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;CACF,CAAA;AAnGY,4CAAgB;2BAAhB,gBAAgB;IAD5B,IAAA,mBAAU,GAAE;;GACA,gBAAgB,CAmG5B"}

package/dist/logger/logger.service.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/logger/logger.service.spec.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const testing_1 = require("@nestjs/testing");
+const logger_service_1 = require("./logger.service");
+describe('LoggerService', () => {
+    let service;
+    beforeEach(async () => {
+        const module = await testing_1.Test.createTestingModule({
+            providers: [logger_service_1.LoggerAppService],
+        }).compile();
+        service = module.get(logger_service_1.LoggerAppService);
+    });
+    it('should be defined', () => {
+        expect(service).toBeDefined();
+    });
+});
+//# sourceMappingURL=logger.service.spec.js.map

package/dist/logger/logger.service.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.service.spec.js","sourceRoot":"","sources":["../../src/logger/logger.service.spec.ts"],"names":[],"mappings":";;AAAA,6CAAsD;AACtD,qDAAoD;AAEpD,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,IAAI,OAAyB,CAAC;IAE9B,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,MAAM,MAAM,GAAkB,MAAM,cAAI,CAAC,mBAAmB,CAAC;YAC3D,SAAS,EAAE,CAAC,iCAAgB,CAAC;SAC9B,CAAC,CAAC,OAAO,EAAE,CAAC;QAEb,OAAO,GAAG,MAAM,CAAC,GAAG,CAAmB,iCAAgB,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;QAC3B,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;IAChC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/permission/decorator/permission.decorator.d.ts

@@ -0,0 +1,2 @@
+export declare const PERMISSION_METADATA = "permission_metadata";
+export declare function Permission(resource: string, action: string): <TFunction extends Function, Y>(target: TFunction | object, propertyKey?: string | symbol, descriptor?: TypedPropertyDescriptor<Y>) => void;

package/dist/permission/decorator/permission.decorator.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PERMISSION_METADATA = void 0;
+exports.Permission = Permission;
+const common_1 = require("@nestjs/common");
+const jwt_auth_guard_1 = require("../guard/jwt-auth.guard");
+const permission_guard_1 = require("../guard/permission.guard");
+exports.PERMISSION_METADATA = 'permission_metadata';
+function Permission(resource, action) {
+    return (0, common_1.applyDecorators)((0, common_1.SetMetadata)(exports.PERMISSION_METADATA, { resource, action }), (0, common_1.UseGuards)(jwt_auth_guard_1.JwtAuthGuard, permission_guard_1.PermissionGuard));
+}
+//# sourceMappingURL=permission.decorator.js.map

package/dist/permission/decorator/permission.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission.decorator.js","sourceRoot":"","sources":["../../../src/permission/decorator/permission.decorator.ts"],"names":[],"mappings":";;;AAMA,gCAKC;AAXD,2CAAyE;AACzE,4DAAuD;AACvD,gEAA4D;AAE/C,QAAA,mBAAmB,GAAG,qBAAqB,CAAC;AAEzD,SAAgB,UAAU,CAAC,QAAgB,EAAE,MAAc;IACzD,OAAO,IAAA,wBAAe,EACpB,IAAA,oBAAW,EAAC,2BAAmB,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,EACtD,IAAA,kBAAS,EAAC,6BAAY,EAAE,kCAAe,CAAC,CACzC,CAAC;AACJ,CAAC"}

package/dist/permission/decorator/user.decorator.d.ts

@@ -0,0 +1 @@
+export declare const User: (...dataOrPipes: unknown[]) => ParameterDecorator;

package/dist/permission/decorator/user.decorator.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.User = void 0;
+const common_1 = require("@nestjs/common");
+exports.User = (0, common_1.createParamDecorator)((data, ctx) => {
+    const request = ctx.switchToHttp().getRequest();
+    return request.user;
+});
+//# sourceMappingURL=user.decorator.js.map

package/dist/permission/decorator/user.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.decorator.js","sourceRoot":"","sources":["../../../src/permission/decorator/user.decorator.ts"],"names":[],"mappings":";;;AAAA,2CAAwE;AAE3D,QAAA,IAAI,GAAG,IAAA,6BAAoB,EACtC,CAAC,IAAa,EAAE,GAAqB,EAAE,EAAE;IACvC,MAAM,OAAO,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;IAChD,OAAO,OAAO,CAAC,IAAI,CAAC;AACtB,CAAC,CACF,CAAC"}

package/dist/permission/guard/jwt-auth.guard.d.ts

@@ -0,0 +1,4 @@
+declare const JwtAuthGuard_base: import("@nestjs/passport").Type<import("@nestjs/passport").IAuthGuard>;
+export declare class JwtAuthGuard extends JwtAuthGuard_base {
+}
+export {};

package/dist/permission/guard/jwt-auth.guard.js

@@ -0,0 +1,18 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtAuthGuard = void 0;
+const common_1 = require("@nestjs/common");
+const passport_1 = require("@nestjs/passport");
+let JwtAuthGuard = class JwtAuthGuard extends (0, passport_1.AuthGuard)('jwt') {
+};
+exports.JwtAuthGuard = JwtAuthGuard;
+exports.JwtAuthGuard = JwtAuthGuard = __decorate([
+    (0, common_1.Injectable)()
+], JwtAuthGuard);
+//# sourceMappingURL=jwt-auth.guard.js.map

package/dist/permission/guard/jwt-auth.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-auth.guard.js","sourceRoot":"","sources":["../../../src/permission/guard/jwt-auth.guard.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAA4C;AAC5C,+CAA6C;AAGtC,IAAM,YAAY,GAAlB,MAAM,YAAa,SAAQ,IAAA,oBAAS,EAAC,KAAK,CAAC;CAAG,CAAA;AAAxC,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;GACA,YAAY,CAA4B"}

package/dist/permission/guard/permission.guard.d.ts

@@ -0,0 +1,9 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { LoggerAppService } from '../../logger/logger.service';
+export declare class PermissionGuard implements CanActivate {
+    private readonly reflector;
+    private readonly logger;
+    constructor(reflector: Reflector, logger: LoggerAppService);
+    canActivate(context: ExecutionContext): boolean;
+}

package/dist/permission/guard/permission.guard.js

@@ -0,0 +1,53 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermissionGuard = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const logger_service_1 = require("../../logger/logger.service");
+const permission_decorator_1 = require("../decorator/permission.decorator");
+const permission_map_1 = require("../permission.map");
+let PermissionGuard = class PermissionGuard {
+    constructor(reflector, logger) {
+        this.reflector = reflector;
+        this.logger = logger;
+    }
+    canActivate(context) {
+        const { resource, action } = this.reflector.get(permission_decorator_1.PERMISSION_METADATA, context.getHandler()) || {};
+        if (!resource || !action)
+            return true;
+        const request = context.switchToHttp().getRequest();
+        const user = request.user;
+        if (!(user === null || user === void 0 ? void 0 : user.permissions)) {
+            this.logger.warn(`Aucune permission trouvée pour l'utilisateur`);
+            return false;
+        }
+        const perm = user.permissions.find((p) => p.slug === resource);
+        if (!perm) {
+            this.logger.warn(`Permission manquante : ${resource}`);
+            return false;
+        }
+        const ownBit = permission_map_1.ACTION_BITS[`${action}:own`];
+        const allBit = permission_map_1.ACTION_BITS[`${action}:all`];
+        const authorized = (perm.bitmask & ownBit) === ownBit ||
+            (perm.bitmask & allBit) === allBit;
+        if (!authorized)
+            this.logger.warn(`Accès refusé à ${resource}:${action}`);
+        return authorized;
+    }
+};
+exports.PermissionGuard = PermissionGuard;
+exports.PermissionGuard = PermissionGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [core_1.Reflector,
+        logger_service_1.LoggerAppService])
+], PermissionGuard);
+//# sourceMappingURL=permission.guard.js.map

package/dist/permission/guard/permission.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission.guard.js","sourceRoot":"","sources":["../../../src/permission/guard/permission.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,2CAIwB;AACxB,uCAAyC;AACzC,gEAA+D;AAC/D,4EAAwE;AACxE,sDAAgD;AAIzC,IAAM,eAAe,GAArB,MAAM,eAAe;IAC1B,YACmB,SAAoB,EACpB,MAAwB;QADxB,cAAS,GAAT,SAAS,CAAW;QACpB,WAAM,GAAN,MAAM,CAAkB;IACxC,CAAC;IAEJ,WAAW,CAAC,OAAyB;QACnC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAC1B,IAAI,CAAC,SAAS,CAAC,GAAG,CAChB,0CAAmB,EACnB,OAAO,CAAC,UAAU,EAAE,CACrB,IAAI,EAAE,CAAC;QAER,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEtC,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAE1B,IAAI,CAAC,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,WAAW,CAAA,EAAE,CAAC;YACvB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;YACjE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAChC,CAAC,CAAoB,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAC9C,CAAC;QAEF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,QAAQ,EAAE,CAAC,CAAC;YACvD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,4BAAW,CAAC,GAAG,MAAM,MAAM,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,4BAAW,CAAC,GAAG,MAAM,MAAM,CAAC,CAAC;QAE5C,MAAM,UAAU,GACd,CAAC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,MAAM;YAClC,CAAC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,MAAM,CAAC;QAErC,IAAI,CAAC,UAAU;YACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,QAAQ,IAAI,MAAM,EAAE,CAAC,CAAC;QAE3D,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAA;AA5CY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;qCAGmB,gBAAS;QACZ,iCAAgB;GAHhC,eAAe,CA4C3B"}

package/dist/permission/interfaces/jwt-key.interface.d.ts

@@ -0,0 +1,14 @@
+export interface JwkKey {
+    kty: 'RSA' | 'EC' | 'oct';
+    kid: string;
+    use?: 'sig' | 'enc';
+    alg?: string;
+    e?: string;
+    n?: string;
+    crv?: string;
+    x?: string;
+    y?: string;
+}
+export interface JwksResponse {
+    keys: JwkKey[];
+}

package/dist/permission/interfaces/jwt-key.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=jwt-key.interface.js.map

package/dist/permission/interfaces/jwt-key.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-key.interface.js","sourceRoot":"","sources":["../../../src/permission/interfaces/jwt-key.interface.ts"],"names":[],"mappings":""}

package/dist/permission/interfaces/payload.interface.d.ts

@@ -0,0 +1,7 @@
+import { PermissionEncoded } from "./permission-encoded.interface";
+export interface Payload {
+    userId: string;
+    username: string;
+    site: string;
+    permissions: PermissionEncoded[];
+}

package/dist/permission/interfaces/payload.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=payload.interface.js.map

package/dist/permission/interfaces/payload.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"payload.interface.js","sourceRoot":"","sources":["../../../src/permission/interfaces/payload.interface.ts"],"names":[],"mappings":""}

package/dist/permission/interfaces/permission-decoded.interface.d.ts

@@ -0,0 +1,4 @@
+export interface PermissionDecoded {
+    slug: string;
+    bitValue: number;
+}

package/dist/permission/interfaces/permission-decoded.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=permission-decoded.interface.js.map

package/dist/permission/interfaces/permission-decoded.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-decoded.interface.js","sourceRoot":"","sources":["../../../src/permission/interfaces/permission-decoded.interface.ts"],"names":[],"mappings":""}

package/dist/permission/interfaces/permission-encoded.interface.d.ts

@@ -0,0 +1,4 @@
+export interface PermissionEncoded {
+    slug: string;
+    bitmask: number;
+}

package/dist/permission/interfaces/permission-encoded.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=permission-encoded.interface.js.map

package/dist/permission/interfaces/permission-encoded.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-encoded.interface.js","sourceRoot":"","sources":["../../../src/permission/interfaces/permission-encoded.interface.ts"],"names":[],"mappings":""}

package/dist/permission/interfaces/sentinel-permission-options.interface.d.ts

@@ -0,0 +1,4 @@
+export interface SentinelPermissionOptions {
+    mode: 'local' | 'remote';
+    apiSentinel?: string;
+}

package/dist/permission/interfaces/sentinel-permission-options.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=sentinel-permission-options.interface.js.map

package/dist/permission/interfaces/sentinel-permission-options.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sentinel-permission-options.interface.js","sourceRoot":"","sources":["../../../src/permission/interfaces/sentinel-permission-options.interface.ts"],"names":[],"mappings":""}

package/dist/permission/permission.map.d.ts

@@ -0,0 +1 @@
+export declare const ACTION_BITS: Record<string, number>;

package/dist/permission/permission.map.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ACTION_BITS = void 0;
+exports.ACTION_BITS = {
+    'create:all': 0b00000001,
+    'update:own': 0b00000010,
+    'update:all': 0b00000100,
+    'read:own': 0b00001000,
+    'read:all': 0b00010000,
+    'delete:own': 0b00100000,
+    'delete:all': 0b01000000,
+    'manage:all': 0b10000000,
+};
+//# sourceMappingURL=permission.map.js.map

package/dist/permission/permission.map.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission.map.js","sourceRoot":"","sources":["../../src/permission/permission.map.ts"],"names":[],"mappings":";;;AAAa,QAAA,WAAW,GAA2B;IAEjD,YAAY,EAAE,UAAU;IACxB,YAAY,EAAE,UAAU;IACxB,YAAY,EAAE,UAAU;IACxB,UAAU,EAAE,UAAU;IACtB,UAAU,EAAE,UAAU;IACtB,YAAY,EAAE,UAAU;IACxB,YAAY,EAAE,UAAU;IACxB,YAAY,EAAE,UAAU;CAEzB,CAAC"}

package/dist/permission/sentinel-permission.module.d.ts

@@ -0,0 +1,8 @@
+import { DynamicModule } from '@nestjs/common';
+import { SentinelPermissionOptions } from "./interfaces/sentinel-permission-options.interface";
+export declare class SentinelPermissionModule {
+    static forRootAsync(options: {
+        useFactory: (...args: any[]) => Promise<SentinelPermissionOptions> | SentinelPermissionOptions;
+        inject?: any[];
+    }): DynamicModule;
+}

package/dist/permission/sentinel-permission.module.js

@@ -0,0 +1,39 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var SentinelPermissionModule_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SentinelPermissionModule = void 0;
+const common_1 = require("@nestjs/common");
+const jwt_strategy_1 = require("./strategy/jwt.strategy");
+const sentinel_permission_service_1 = require("./services/permission/sentinel-permission.service");
+const key_service_1 = require("./services/key/key.service");
+let SentinelPermissionModule = SentinelPermissionModule_1 = class SentinelPermissionModule {
+    static forRootAsync(options) {
+        return {
+            module: SentinelPermissionModule_1,
+            global: true,
+            providers: [
+                {
+                    provide: 'SENTINEL_PERMISSION_OPTIONS',
+                    useFactory: options.useFactory,
+                    inject: options.inject || [],
+                },
+                jwt_strategy_1.JwtStrategy,
+                sentinel_permission_service_1.SentinelPermissionService,
+            ],
+            exports: [jwt_strategy_1.JwtStrategy, sentinel_permission_service_1.SentinelPermissionService],
+        };
+    }
+};
+exports.SentinelPermissionModule = SentinelPermissionModule;
+exports.SentinelPermissionModule = SentinelPermissionModule = SentinelPermissionModule_1 = __decorate([
+    (0, common_1.Module)({
+        providers: [key_service_1.KeyService],
+    })
+], SentinelPermissionModule);
+//# sourceMappingURL=sentinel-permission.module.js.map

package/dist/permission/sentinel-permission.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sentinel-permission.module.js","sourceRoot":"","sources":["../../src/permission/sentinel-permission.module.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAAuD;AACvD,0DAAoD;AACpD,mGAA4F;AAE5F,4DAAwD;AAMjD,IAAM,wBAAwB,gCAA9B,MAAM,wBAAwB;IACnC,MAAM,CAAC,YAAY,CAAC,OAGnB;QACC,OAAO;YACL,MAAM,EAAE,0BAAwB;YAChC,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE;gBACT;oBACE,OAAO,EAAE,6BAA6B;oBACtC,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,EAAE;iBAC7B;gBACD,0BAAW;gBACX,uDAAyB;aAC1B;YACD,OAAO,EAAE,CAAC,0BAAW,EAAE,uDAAyB,CAAC;SAClD,CAAC;IACJ,CAAC;CACF,CAAA;AApBY,4DAAwB;mCAAxB,wBAAwB;IAHpC,IAAA,eAAM,EAAC;QACN,SAAS,EAAE,CAAC,wBAAU,CAAC;KACxB,CAAC;GACW,wBAAwB,CAoBpC"}

package/dist/permission/services/key/key.service.d.ts

@@ -0,0 +1,9 @@
+import { SentinelPermissionOptions } from '../../interfaces/sentinel-permission-options.interface';
+export declare class KeyService {
+    private readonly options;
+    private cache;
+    constructor(options: SentinelPermissionOptions);
+    getPublicKey(kid?: string): Promise<string>;
+    private getLocalPublicKey;
+    private getRemotePublicKey;
+}

package/dist/permission/services/key/key.service.js

@@ -0,0 +1,85 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KeyService = void 0;
+const common_1 = require("@nestjs/common");
+const path_1 = __importDefault(require("path"));
+const promises_1 = require("fs/promises");
+const axios_1 = __importDefault(require("axios"));
+const jwk_to_pem_1 = __importDefault(require("jwk-to-pem"));
+let KeyService = class KeyService {
+    constructor(options) {
+        this.options = options;
+        this.cache = new Map();
+    }
+    async getPublicKey(kid) {
+        if (this.options.mode === 'local') {
+            return this.getLocalPublicKey();
+        }
+        else if (this.options.mode === 'remote') {
+            return this.getRemotePublicKey(kid);
+        }
+        throw new common_1.InternalServerErrorException('Invalid Sentinel mode');
+    }
+    async getLocalPublicKey() {
+        try {
+            const filePath = path_1.default.resolve(process.cwd(), 'keys/public.pem');
+            return await (0, promises_1.readFile)(filePath, 'utf-8');
+        }
+        catch (_a) {
+            throw new common_1.InternalServerErrorException('Impossible de lire la clé publique locale');
+        }
+    }
+    async getRemotePublicKey(kid) {
+        var _a;
+        if (!this.options.apiSentinel) {
+            throw new common_1.InternalServerErrorException('apiSentinel non défini pour le mode remote');
+        }
+        try {
+            const url = `${this.options.apiSentinel}/.well-known/jwks.json`;
+            const { data } = await axios_1.default.get(url, { timeout: 5000 });
+            if (!((_a = data === null || data === void 0 ? void 0 : data.keys) === null || _a === void 0 ? void 0 : _a.length)) {
+                throw new Error('Aucune clé trouvée dans le JWKS');
+            }
+            const key = kid ? data.keys.find((k) => k.kid === kid) : data.keys[0];
+            if (!key) {
+                throw new Error(`Aucune clé correspondant au kid "${kid}"`);
+            }
+            if (!key.n || !key.e) {
+                console.error('Clé JWK invalide:', key);
+                throw new Error('Clé JWK incomplète (n ou e manquant)');
+            }
+            const pem = (0, jwk_to_pem_1.default)(key);
+            if (key.kid) {
+                this.cache.set(key.kid, pem);
+                setTimeout(() => this.cache.delete(key.kid), 15 * 60 * 1000);
+            }
+            return pem;
+        }
+        catch (e) {
+            console.error('Erreur lors du chargement du JWKS :', e.message);
+            throw new common_1.InternalServerErrorException('Impossible de récupérer la clé distante');
+        }
+    }
+};
+exports.KeyService = KeyService;
+exports.KeyService = KeyService = __decorate([
+    (0, common_1.Injectable)(),
+    __param(0, (0, common_1.Inject)('SENTINEL_PERMISSION_OPTIONS')),
+    __metadata("design:paramtypes", [Object])
+], KeyService);
+//# sourceMappingURL=key.service.js.map

package/dist/permission/services/key/key.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key.service.js","sourceRoot":"","sources":["../../../../src/permission/services/key/key.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAAA,2CAAkF;AAClF,gDAAwB;AACxB,0CAAuC;AACvC,kDAA0B;AAC1B,4DAA2C;AAKpC,IAAM,UAAU,GAAhB,MAAM,UAAU;IAGrB,YAEE,OAAmD;QAAlC,YAAO,GAAP,OAAO,CAA2B;QAJ7C,UAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IAKvC,CAAC;IAEJ,KAAK,CAAC,YAAY,CAAC,GAAY;QAC7B,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAClC,OAAO,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAClC,CAAC;aAAM,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;QACtC,CAAC;QACD,MAAM,IAAI,qCAA4B,CAAC,uBAAuB,CAAC,CAAC;IAClE,CAAC;IAEO,KAAK,CAAC,iBAAiB;QAC7B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,cAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,iBAAiB,CAAC,CAAC;YAChE,OAAO,MAAM,IAAA,mBAAQ,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC3C,CAAC;QAAC,WAAM,CAAC;YACP,MAAM,IAAI,qCAA4B,CAAC,2CAA2C,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,GAAY;;QAC3C,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YAC9B,MAAM,IAAI,qCAA4B,CAAC,4CAA4C,CAAC,CAAC;QACvF,CAAC;QAOD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,wBAAwB,CAAC;YAChE,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,eAAK,CAAC,GAAG,CAAqB,GAAG,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;YAE7E,IAAI,CAAC,CAAA,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,IAAI,0CAAE,MAAM,CAAA,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;YAED,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACtE,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,MAAM,IAAI,KAAK,CAAC,oCAAoC,GAAG,GAAG,CAAC,CAAC;YAC9D,CAAC;YAGD,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACrB,OAAO,CAAC,KAAK,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;gBACxC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;YAC1D,CAAC;YAGD,MAAM,GAAG,GAAG,IAAA,oBAAQ,EAAC,GAAqB,CAAC,CAAC;YAG5C,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;gBACZ,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBAC7B,UAAU,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC/D,CAAC;YAED,OAAO,GAAG,CAAC;QACb,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC;YAChE,MAAM,IAAI,qCAA4B,CAAC,yCAAyC,CAAC,CAAC;QACpF,CAAC;IACH,CAAC;CACF,CAAA;AAtEY,gCAAU;qBAAV,UAAU;IADtB,IAAA,mBAAU,GAAE;IAKR,WAAA,IAAA,eAAM,EAAC,6BAA6B,CAAC,CAAA;;GAJ7B,UAAU,CAsEtB"}

package/dist/permission/services/key/key.service.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/permission/services/key/key.service.spec.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const testing_1 = require("@nestjs/testing");
+const key_service_1 = require("./key.service");
+describe('KeyService', () => {
+    let service;
+    beforeEach(async () => {
+        const module = await testing_1.Test.createTestingModule({
+            providers: [key_service_1.KeyService],
+        }).compile();
+        service = module.get(key_service_1.KeyService);
+    });
+    it('should be defined', () => {
+        expect(service).toBeDefined();
+    });
+});
+//# sourceMappingURL=key.service.spec.js.map

package/dist/permission/services/key/key.service.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key.service.spec.js","sourceRoot":"","sources":["../../../../src/permission/services/key/key.service.spec.ts"],"names":[],"mappings":";;AAAA,6CAAsD;AACtD,+CAA2C;AAE3C,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IAC1B,IAAI,OAAmB,CAAC;IAExB,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,MAAM,MAAM,GAAkB,MAAM,cAAI,CAAC,mBAAmB,CAAC;YAC3D,SAAS,EAAE,CAAC,wBAAU,CAAC;SACxB,CAAC,CAAC,OAAO,EAAE,CAAC;QAEb,OAAO,GAAG,MAAM,CAAC,GAAG,CAAa,wBAAU,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;QAC3B,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;IAChC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/permission/services/permission/sentinel-permission.service.d.ts

@@ -0,0 +1,7 @@
+import { PermissionDecoded } from "../../interfaces/permission-decoded.interface";
+import { PermissionEncoded } from "../../interfaces/permission-encoded.interface";
+export declare class SentinelPermissionService {
+    encodePermissionCode(permissionsList: PermissionDecoded[]): Promise<PermissionEncoded[]>;
+    decodePermissionCode(code: number): string[];
+    hasPermission(user: any, resource: string, action: string): 'all' | 'own' | false;
+}

package/dist/permission/services/permission/sentinel-permission.service.js

@@ -0,0 +1,54 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SentinelPermissionService = void 0;
+const common_1 = require("@nestjs/common");
+const permission_map_1 = require("../../permission.map");
+let SentinelPermissionService = class SentinelPermissionService {
+    async encodePermissionCode(permissionsList) {
+        const maxBit = 8;
+        const result = {};
+        for (const perm of permissionsList) {
+            const [resource] = perm.slug.split(':');
+            if (!result[resource]) {
+                result[resource] = Array(maxBit).fill(0);
+            }
+            const index = Math.log2(perm.bitValue);
+            result[resource][maxBit - index - 1] = 1;
+        }
+        return Object.entries(result).map(([slug, bits]) => ({
+            slug,
+            bitmask: parseInt(bits.join(''), 2)
+        }));
+    }
+    decodePermissionCode(code) {
+        return Object.entries(permission_map_1.ACTION_BITS)
+            .filter(([_, bit]) => (code & bit) === bit)
+            .map(([action]) => action);
+    }
+    hasPermission(user, resource, action) {
+        var _a;
+        const perm = (_a = user === null || user === void 0 ? void 0 : user.permissions) === null || _a === void 0 ? void 0 : _a.find((p) => p.slug === resource);
+        if (!perm)
+            return false;
+        const ownBit = permission_map_1.ACTION_BITS[`${action}:own`];
+        const allBit = permission_map_1.ACTION_BITS[`${action}:all`];
+        if ((perm.bitmask & allBit) === allBit) {
+            return 'all';
+        }
+        if ((perm.bitmask & ownBit) === ownBit) {
+            return 'own';
+        }
+        return false;
+    }
+};
+exports.SentinelPermissionService = SentinelPermissionService;
+exports.SentinelPermissionService = SentinelPermissionService = __decorate([
+    (0, common_1.Injectable)()
+], SentinelPermissionService);
+//# sourceMappingURL=sentinel-permission.service.js.map

package/dist/permission/services/permission/sentinel-permission.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sentinel-permission.service.js","sourceRoot":"","sources":["../../../../src/permission/services/permission/sentinel-permission.service.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAA0C;AAG1C,yDAAiD;AAG1C,IAAM,yBAAyB,GAA/B,MAAM,yBAAyB;IAEpC,KAAK,CAAC,oBAAoB,CAAC,eAAoC;QAC7D,MAAM,MAAM,GAAG,CAAC,CAAC;QACjB,MAAM,MAAM,GAA6B,EAAE,CAAC;QAE5C,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,MAAM,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAExC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACtB,MAAM,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC3C,CAAC;YAED,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;QAC3C,CAAC;QAED,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;YACnD,IAAI;YACJ,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;SACpC,CAAC,CAAC,CAAC;IACN,CAAC;IAED,oBAAoB,CAAC,IAAY;QAC/B,OAAO,MAAM,CAAC,OAAO,CAAC,4BAAW,CAAC;aAC/B,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,KAAK,GAAG,CAAC;aAC1C,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;IAC/B,CAAC;IAED,aAAa,CAAC,IAAS,EAAE,QAAgB,EAAE,MAAc;;QACvD,MAAM,IAAI,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,WAAW,0CAAE,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;QACtE,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QAExB,MAAM,MAAM,GAAG,4BAAW,CAAC,GAAG,MAAM,MAAM,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,4BAAW,CAAC,GAAG,MAAM,MAAM,CAAC,CAAC;QAE5C,IAAI,CAAC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,MAAM,EAAE,CAAC;YACvC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,MAAM,EAAE,CAAC;YACvC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;CACF,CAAA;AA9CY,8DAAyB;oCAAzB,yBAAyB;IADrC,IAAA,mBAAU,GAAE;GACA,yBAAyB,CA8CrC"}

package/dist/permission/services/permission/sentinel-permission.service.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/permission/services/permission/sentinel-permission.service.spec.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const testing_1 = require("@nestjs/testing");
+const sentinel_permission_service_1 = require("./sentinel-permission.service");
+describe('SentinelPermissionService', () => {
+    let service;
+    beforeEach(async () => {
+        const module = await testing_1.Test.createTestingModule({
+            providers: [sentinel_permission_service_1.SentinelPermissionService],
+        }).compile();
+        service = module.get(sentinel_permission_service_1.SentinelPermissionService);
+    });
+    it('should be defined', () => {
+        expect(service).toBeDefined();
+    });
+});
+//# sourceMappingURL=sentinel-permission.service.spec.js.map

package/dist/permission/services/permission/sentinel-permission.service.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sentinel-permission.service.spec.js","sourceRoot":"","sources":["../../../../src/permission/services/permission/sentinel-permission.service.spec.ts"],"names":[],"mappings":";;AAAA,6CAAsD;AACtD,+EAA0E;AAE1E,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;IACzC,IAAI,OAAkC,CAAC;IAEvC,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,MAAM,MAAM,GAAkB,MAAM,cAAI,CAAC,mBAAmB,CAAC;YAC3D,SAAS,EAAE,CAAC,uDAAyB,CAAC;SACvC,CAAC,CAAC,OAAO,EAAE,CAAC;QAEb,OAAO,GAAG,MAAM,CAAC,GAAG,CAA4B,uDAAyB,CAAC,CAAC;IAC7E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;QAC3B,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;IAChC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/permission/strategy/jwt.strategy.d.ts

@@ -0,0 +1,19 @@
+import { Strategy } from 'passport-jwt';
+import { KeyService } from '../services/key/key.service';
+import { Payload } from '../interfaces/payload.interface';
+import { LoggerAppService } from '../../logger/logger.service';
+declare const JwtStrategy_base: new (...args: [opt: import("passport-jwt").StrategyOptionsWithRequest] | [opt: import("passport-jwt").StrategyOptionsWithoutRequest]) => Strategy & {
+    validate(...args: any[]): unknown;
+};
+export declare class JwtStrategy extends JwtStrategy_base {
+    private readonly keyService;
+    private readonly logger;
+    constructor(keyService: KeyService, logger: LoggerAppService);
+    validate(payload: Payload): Promise<{
+        userId: string;
+        username: string;
+        site: string;
+        permissions: import("../interfaces/permission-encoded.interface").PermissionEncoded[];
+    }>;
+}
+export {};

package/dist/permission/strategy/jwt.strategy.js

@@ -0,0 +1,103 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtStrategy = void 0;
+const common_1 = require("@nestjs/common");
+const passport_1 = require("@nestjs/passport");
+const passport_jwt_1 = require("passport-jwt");
+const jwt = __importStar(require("jsonwebtoken"));
+const key_service_1 = require("../services/key/key.service");
+const logger_service_1 = require("../../logger/logger.service");
+let JwtStrategy = class JwtStrategy extends (0, passport_1.PassportStrategy)(passport_jwt_1.Strategy) {
+    constructor(keyService, logger) {
+        const algorithm = 'RS256';
+        super({
+            jwtFromRequest: passport_jwt_1.ExtractJwt.fromAuthHeaderAsBearerToken(),
+            ignoreExpiration: false,
+            algorithms: [algorithm],
+            secretOrKeyProvider: async (request, rawJwtToken, done) => {
+                var _a;
+                try {
+                    const decoded = jwt.decode(rawJwtToken, { complete: true });
+                    if (!((_a = decoded === null || decoded === void 0 ? void 0 : decoded.header) === null || _a === void 0 ? void 0 : _a.kid)) {
+                        this.logger.warn('Token reçu sans kid → rejeté');
+                        return done(new common_1.UnauthorizedException('Token sans identifiant de clé'));
+                    }
+                    const kid = decoded.header.kid;
+                    this.logger.debug(`Vérification du token avec kid=${kid}`);
+                    const publicKey = await this.keyService.getPublicKey(kid);
+                    if (!publicKey) {
+                        this.logger.log(`Aucune clé publique trouvée pour kid=${kid}`);
+                        return done(new common_1.UnauthorizedException('Clé publique introuvable'));
+                    }
+                    this.logger.log(`Clé publique trouvée pour kid=${kid}`);
+                    done(null, publicKey);
+                }
+                catch (e) {
+                    this.logger.error(`Erreur interne lors du chargement de la clé : ${e.message}`, e.stack);
+                    done(new common_1.UnauthorizedException('Erreur lors de la récupération de la clé'));
+                }
+            },
+        });
+        this.keyService = keyService;
+        this.logger = logger;
+        this.logger.log('JwtStrategy initialisée');
+    }
+    async validate(payload) {
+        this.logger.log(`Token valide pour user=${payload.username} site=${payload.site}`);
+        return {
+            userId: payload.userId,
+            username: payload.username,
+            site: payload.site,
+            permissions: payload.permissions,
+        };
+    }
+};
+exports.JwtStrategy = JwtStrategy;
+exports.JwtStrategy = JwtStrategy = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [key_service_1.KeyService,
+        logger_service_1.LoggerAppService])
+], JwtStrategy);
+//# sourceMappingURL=jwt.strategy.js.map

package/dist/permission/strategy/jwt.strategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.strategy.js","sourceRoot":"","sources":["../../../src/permission/strategy/jwt.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAGwB;AACxB,+CAAoD;AACpD,+CAAoD;AACpD,kDAAoC;AAEpC,6DAAyD;AAEzD,gEAA+D;AAGxD,IAAM,WAAW,GAAjB,MAAM,WAAY,SAAQ,IAAA,2BAAgB,EAAC,uBAAQ,CAAC;IACzD,YACmB,UAAsB,EACtB,MAAwB;QAEzC,MAAM,SAAS,GAAc,OAAO,CAAC;QAErC,KAAK,CAAC;YACJ,cAAc,EAAE,yBAAU,CAAC,2BAA2B,EAAE;YACxD,gBAAgB,EAAE,KAAK;YACvB,UAAU,EAAE,CAAC,SAAS,CAAC;YACvB,mBAAmB,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE;;gBACxD,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;oBAC5D,IAAI,CAAC,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,0CAAE,GAAG,CAAA,EAAE,CAAC;wBAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;wBACjD,OAAO,IAAI,CAAC,IAAI,8BAAqB,CAAC,+BAA+B,CAAC,CAAC,CAAC;oBAC1E,CAAC;oBAED,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC;oBAC/B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kCAAkC,GAAG,EAAE,CAAC,CAAC;oBAE3D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;oBAC1D,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,wCAAwC,GAAG,EAAE,CAAC,CAAC;wBAC/D,OAAO,IAAI,CAAC,IAAI,8BAAqB,CAAC,0BAA0B,CAAC,CAAC,CAAC;oBACrE,CAAC;oBAED,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;oBAExD,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBACxB,CAAC;gBAAC,OAAO,CAAM,EAAE,CAAC;oBAChB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,KAAK,CAAE,CAAC;oBAC1F,IAAI,CAAC,IAAI,8BAAqB,CAAC,0CAA0C,CAAC,CAAC,CAAC;gBAC9E,CAAC;YACH,CAAC;SACF,CAAC,CAAC;QAlCc,eAAU,GAAV,UAAU,CAAY;QACtB,WAAM,GAAN,MAAM,CAAkB;QAmCzC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAgB;QAC7B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,0BAA0B,OAAO,CAAC,QAAQ,SAAS,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAEnF,OAAO;YACL,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC;IACJ,CAAC;CACF,CAAA;AAnDY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAU,GAAE;qCAGoB,wBAAU;QACd,iCAAgB;GAHhC,WAAW,CAmDvB"}

package/dist/sentinel-nest-core.module.d.ts

@@ -0,0 +1,8 @@
+import { DynamicModule } from '@nestjs/common';
+import { SentinelPermissionOptions } from './permission/interfaces/sentinel-permission-options.interface';
+export declare class SentinelCoreModule {
+    static forRootAsync(options: {
+        useFactory: (...args: any[]) => Promise<SentinelPermissionOptions> | SentinelPermissionOptions;
+        inject?: any[];
+    }): DynamicModule;
+}

package/dist/sentinel-nest-core.module.js

@@ -0,0 +1,31 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var SentinelCoreModule_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SentinelCoreModule = void 0;
+const common_1 = require("@nestjs/common");
+const logger_module_1 = require("./logger/logger.module");
+const sentinel_permission_module_1 = require("./permission/sentinel-permission.module");
+let SentinelCoreModule = SentinelCoreModule_1 = class SentinelCoreModule {
+    static forRootAsync(options) {
+        return {
+            module: SentinelCoreModule_1,
+            imports: [
+                logger_module_1.LoggerModule,
+                sentinel_permission_module_1.SentinelPermissionModule.forRootAsync(options),
+            ],
+            exports: [logger_module_1.LoggerModule, sentinel_permission_module_1.SentinelPermissionModule],
+        };
+    }
+};
+exports.SentinelCoreModule = SentinelCoreModule;
+exports.SentinelCoreModule = SentinelCoreModule = SentinelCoreModule_1 = __decorate([
+    (0, common_1.Global)(),
+    (0, common_1.Module)({})
+], SentinelCoreModule);
+//# sourceMappingURL=sentinel-nest-core.module.js.map

package/dist/sentinel-nest-core.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sentinel-nest-core.module.js","sourceRoot":"","sources":["../src/sentinel-nest-core.module.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAA+D;AAC/D,0DAAsD;AACtD,wFAAmF;AAK5E,IAAM,kBAAkB,0BAAxB,MAAM,kBAAkB;IAC7B,MAAM,CAAC,YAAY,CAAC,OAGnB;QACC,OAAO;YACL,MAAM,EAAE,oBAAkB;YAC1B,OAAO,EAAE;gBACP,4BAAY;gBACZ,qDAAwB,CAAC,YAAY,CAAC,OAAO,CAAC;aAC/C;YACD,OAAO,EAAE,CAAC,4BAAY,EAAE,qDAAwB,CAAC;SAClD,CAAC;IACJ,CAAC;CACF,CAAA;AAdY,gDAAkB;6BAAlB,kBAAkB;IAF9B,IAAA,eAAM,GAAE;IACR,IAAA,eAAM,EAAC,EAAE,CAAC;GACE,kBAAkB,CAc9B"}

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "sentinel-nestjs-core",
+  "version": "0.1.0",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist/**/*"
+  ],
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "build": "nest build"
+  },
+  "keywords": [],
+  "author": "Cedric RAYMOND",
+  "license": "ISC",
+  "description": "",
+  "dependencies": {
+    "reflect-metadata": "^0.2.2",
+    "rxjs": "^7.8.2"
+  },
+  "devDependencies": {
+    "@types/express": "^5.0.5",
+    "@types/jest": "^30.0.0",
+    "@types/node": "^24.9.2",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.9.3",
+    "@types/axios": "^0.9.36",
+    "@types/jwk-to-pem": "^2.0.3",
+    "@types/passport-jwt": "^4.0.1"
+  },
+  "peerDependencies": {
+    "@nestjs/common": "^11.1.8",
+    "@nestjs/testing": "^11.1.6",
+    "express": "^5.1.0",
+    "winston": "^3.17.0",
+    "winston-daily-rotate-file": "^5.0.0",
+    "@nestjs/config": "^4.0.2",
+    "@nestjs/core": "^11.1.6",
+    "@nestjs/jwt": "^11.0.0",
+    "@nestjs/passport": "^11.0.5",
+    "axios": "^1.13.1",
+    "jwk-to-pem": "^2.0.7",
+    "passport-jwt": "^4.0.1"
+  }
+}