@chevre/domain/lib/chevre/service/code.js

Chevre Domain Library for Node.js

"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.getToken = getToken;
/**
 * 承認サービス
 */
const jwt = require("jsonwebtoken");
const factory = require("../factory");
/**
 * コードをトークンに変換する
 */
function getToken(params) {
    return (repos) => __awaiter(this, void 0, void 0, function* () {
        var _a;
        const jwtSetting = yield repos.jwtSetting.findDefault();
        if (typeof params.project.id !== 'string' || params.project.id.length === 0) {
            throw new factory.errors.ArgumentNull('project.id');
        }
        if (typeof params.code !== 'string' || params.code.length === 0) {
            throw new factory.errors.ArgumentNull('code');
        }
        const authorization = yield repos.authorization.findValidOneByCode({
            project: { id: params.project.id },
            code: params.code
        });
        // if (typeof params.issuer !== 'string' || params.issuer.length === 0) {
        //     throw new factory.errors.ArgumentNull('issuer');
        // }
        let subject;
        let typ;
        // jti必須化(2024-08-22~)
        const { id } = yield repos.ticket.issueByTicketToken(Object.assign({ project: { id: params.project.id }, ticketToken: params.code }, (typeof ((_a = authorization.issuedBy) === null || _a === void 0 ? void 0 : _a.id) === 'string') ? { issuedBy: authorization.issuedBy } : undefined));
        const jti = id;
        // ロール承認の場合、subjectはメンバーID,typはメンバータイプ
        if (authorization.object.typeOf === factory.role.RoleType.OrganizationRole) {
            subject = authorization.object.member.id;
            typ = `${jwtSetting.payloadTypPrefix}:${authorization.object.member.typeOf}`;
        }
        else {
            // useJtiの場合、subject,typはagent(2024-05-09~)
            subject = params.agent.id;
            typ = `${jwtSetting.payloadTypPrefix}:${params.agent.typeOf}`;
        }
        const payload = {
            token_use: 'access', // 拡張(2024-05-01~)
            version: jwtSetting.version, // 拡張(2024-05-02~)
            typ //  拡張(2024-05-07~)
        };
        const token = yield new Promise((resolve, reject) => {
            // 所有権を暗号化する
            jwt.sign(payload, jwtSetting.secret, {
                algorithm: jwtSetting.algorithm, // 明示的に指定(2024-05-05~)
                issuer: jwtSetting.issuer, // 都度指定に変更(2024-05-05~)
                expiresIn: params.expiresIn,
                subject, // 拡張(2024-05-01~)
                audience: jwtSetting.issuer, // 拡張(2024-05-02~)
                jwtid: jti // 拡張(2024-05-08~)
            }, (err, encoded) => {
                if (err instanceof Error) {
                    reject(err);
                }
                else {
                    if (typeof encoded !== 'string') {
                        reject(new factory.errors.Internal('authorization.object cannot be signed unexpectedly'));
                    }
                    else {
                        resolve(encoded);
                    }
                }
            });
        });
        return { token };
    });
}