@httpc/kit/dist/esm/auth/BearerAuthenticationService.js

httpc toolbox for building function-based API with minimal code and end-to-end type safety

var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __param = (this && this.__param) || function (paramIndex, decorator) {
    return function (target, key) { decorator(target, key, paramIndex); }
};
import { UnauthorizedError } from "@httpc/server";
import { singleton } from "tsyringe";
import { options, optionsOf, env, alias, KEY } from "../di";
import { logger } from "../logging";
import { BaseService, ServiceErrorPreset } from "../services";
import { cleanNotDefined } from "../utils";
import { JwtService, JWT_CLAIMS } from "./JwtService";
const BearerAuthenticationServiceErrors = ServiceErrorPreset
    .add("expired", { status: 401 });
let BearerAuthenticationService = class BearerAuthenticationService extends BaseService(BearerAuthenticationServiceErrors) {
    constructor(logger, jwt, options) {
        //@ts-expect-error
        super(...arguments);
        this.jwt = jwt;
        this.options = options;
    }
    async authenticate(token) {
        if (!this.options.jwtSecret) {
            this._raiseError("misconfiguration", "No jwtSecret configured");
        }
        const result = this.jwt.validate(token, {
            secret: this.options.jwtSecret
        });
        if (!result.success) {
            if (result.error === "expired") {
                this._raiseError("expired");
            }
            else {
                this._raiseError("unauthorized");
            }
        }
        return await this.onDecode(result.payload);
    }
    async onDecode(payload) {
        if (this.options.onDecodePayload) {
            return await this.options.onDecodePayload(payload);
        }
        if (typeof payload.sub !== "string" || !payload.sub) {
            throw new UnauthorizedError("Missing auth data (sub claim)");
        }
        const props = Object.fromEntries(Object.entries(payload)
            .filter(([key]) => !JWT_CLAIMS.includes(key)));
        return {
            id: payload.sub,
            ...cleanNotDefined(props),
        };
    }
};
BearerAuthenticationService = __decorate([
    singleton(),
    alias(KEY("BearerAuthentication")),
    __param(0, logger()),
    __param(2, options()),
    __metadata("design:paramtypes", [Object, JwtService, Object])
], BearerAuthenticationService);
export { BearerAuthenticationService };
let DefaultBearerAuthenticationServiceOptions = class DefaultBearerAuthenticationServiceOptions {
    constructor(jwtSecret, onDecodePayload) {
        this.jwtSecret = jwtSecret;
        this.onDecodePayload = onDecodePayload;
    }
};
DefaultBearerAuthenticationServiceOptions = __decorate([
    optionsOf(BearerAuthenticationService),
    singleton(),
    __param(0, env("JWT_SECRET")),
    __param(1, env("JWT_DECODE", undefined)),
    __metadata("design:paramtypes", [String, Function])
], DefaultBearerAuthenticationServiceOptions);
export { DefaultBearerAuthenticationServiceOptions };