@mercury-labs/auth
Version:
Mercury framework auth library. It supports local auth, jwt with both bearer token and cookie, basic auth.
84 lines • 4.15 kB
JavaScript
;
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __param = (this && this.__param) || function (paramIndex, decorator) {
return function (target, key) { decorator(target, key, paramIndex); }
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.RefreshTokenStrategy = exports.REFRESH_TOKEN_STRATEGY_NAME = void 0;
const common_1 = require("@nestjs/common");
const passport_1 = require("@nestjs/passport");
const moment_1 = __importDefault(require("moment"));
const passport_jwt_1 = require("passport-jwt");
const passport_strategy_1 = require("passport-strategy");
const rxjs_1 = require("rxjs");
const __1 = require("..");
const decorators_1 = require("../decorators");
const repositories_1 = require("../repositories");
const services_1 = require("../services");
exports.REFRESH_TOKEN_STRATEGY_NAME = 'mercury-refresh-token';
const cookieExtractor = (transferTokenMethod) => (request) => {
if (transferTokenMethod === __1.AuthTransferTokenMethod.BEARER_ONLY) {
return null;
}
return ((0, __1.getRequestCookie)(request, 'RefreshToken') || null);
};
const refreshTokenHeaderExtractor = (transferTokenMethod) => (request) => {
if (transferTokenMethod === __1.AuthTransferTokenMethod.COOKIE_ONLY) {
return null;
}
return ((0, __1.getRequestHeader)(request, 'refresh-token') || null);
};
let RefreshTokenStrategy = class RefreshTokenStrategy extends (0, passport_1.PassportStrategy)(passport_strategy_1.Strategy, exports.REFRESH_TOKEN_STRATEGY_NAME) {
constructor(authDefinitions, authRepository, jwtService) {
super();
this.authDefinitions = authDefinitions;
this.authRepository = authRepository;
this.jwtService = jwtService;
this.jwtFromRequest = passport_jwt_1.ExtractJwt.fromExtractors([
cookieExtractor(authDefinitions.transferTokenMethod),
refreshTokenHeaderExtractor(authDefinitions.transferTokenMethod),
]);
}
async authenticate(req, options) {
const token = this.jwtFromRequest(req);
const jwtPayload = token
? this.jwtService.decodeRefreshToken(token)
: undefined;
const user = jwtPayload ? await this.validate(jwtPayload) : undefined;
if (!jwtPayload || !user) {
this.fail(common_1.HttpStatus.UNAUTHORIZED);
}
else {
this.success(user);
}
}
async validate(payload) {
return (0, rxjs_1.lastValueFrom)((0, rxjs_1.of)(payload).pipe((0, rxjs_1.mergeMap)((res) => {
if ((0, moment_1.default)().isAfter((0, moment_1.default)(payload.exp * 1000).toDate())) {
return (0, rxjs_1.of)(undefined);
}
return this.authRepository
.getAuthUserByUsername(res.username)
.pipe((0, rxjs_1.map)((0, __1.hideRedactedFields)(this.authDefinitions.redactedFields)));
})));
}
};
RefreshTokenStrategy = __decorate([
(0, common_1.Injectable)(),
__param(0, (0, decorators_1.InjectAuthDefinitions)()),
__metadata("design:paramtypes", [Object, repositories_1.AuthRepository,
services_1.TokenService])
], RefreshTokenStrategy);
exports.RefreshTokenStrategy = RefreshTokenStrategy;
//# sourceMappingURL=refresh-token.strategy.js.map