@mercury-labs/nest-auth/dist/domain/services/token.service.js

Mercury framework auth library. It supports local auth, jwt with both bearer token and cookie, basic auth.

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __param = (this && this.__param) || function (paramIndex, decorator) {
    return function (target, key) { decorator(target, key, paramIndex); }
};
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.TokenService = void 0;
const common_1 = require("@nestjs/common");
const jwt_1 = require("@nestjs/jwt");
const moment_1 = __importDefault(require("moment"));
const rxjs_1 = require("rxjs");
const decorators_1 = require("../decorators");
const hash_text_service_1 = require("./hash-text.service");
const uuid_1 = require("uuid");
let TokenService = exports.TokenService = class TokenService {
    constructor(authDefinitions, jwtService, hashTextService) {
        this.authDefinitions = authDefinitions;
        this.jwtService = jwtService;
        this.hashTextService = hashTextService;
    }
    generateTokenResponse(userInfo) {
        return (0, rxjs_1.forkJoin)([
            this.generateAccessToken(userInfo),
            this.generateRefreshToken(userInfo),
        ]).pipe((0, rxjs_1.map)(([accessToken, refreshToken]) => {
            const jwtPayload = this.decodeAccessToken(accessToken);
            const refreshTokenJwtPayload = this.decodeRefreshToken(refreshToken);
            return {
                accessToken,
                refreshToken,
                expiryDate: (0, moment_1.default)(parseInt(`${jwtPayload.exp}`) * 1000).toDate(),
                refreshTokenExpiryDate: (0, moment_1.default)(parseInt(`${refreshTokenJwtPayload.exp}`) * 1000).toDate(),
            };
        }));
    }
    generateJwtToken(userInfo, expiresIn) {
        return (0, rxjs_1.of)({
            username: this.hashTextService.encode(userInfo[this.authDefinitions.usernameField || 'username']),
            sub: this.hashTextService.encode(userInfo.id),
            iss: 'self-signed',
            uuid: (0, uuid_1.v6)(),
        }).pipe((0, rxjs_1.map)((payload) => {
            var _a;
            return this.jwtService.sign(payload, {
                ...(((_a = this.authDefinitions.jwt) === null || _a === void 0 ? void 0 : _a.signOptions) || {}),
                expiresIn,
            });
        }));
    }
    generateAccessToken(userInfo) {
        if (!this.authDefinitions.jwt) {
            return (0, rxjs_1.of)('');
        }
        return this.generateJwtToken(userInfo, this.authDefinitions.jwt.expiresIn);
    }
    decodeAccessToken(token) {
        return this.decodeTokenFromRawDecoded(this.jwtService.decode(token));
    }
    decodeTokenFromRawDecoded(rawPayload) {
        const isSelfSigned = rawPayload.iss === 'self-signed';
        const username = isSelfSigned
            ? this.hashTextService.decode(rawPayload.username) || ''
            : undefined;
        const sub = isSelfSigned
            ? this.hashTextService.decode(rawPayload.sub)
            : rawPayload.sub;
        if (sub) {
            return {
                ...rawPayload,
                username,
                sub,
            };
        }
        return undefined;
    }
    generateRefreshToken(userInfo) {
        var _a;
        if (!this.authDefinitions.jwt) {
            return (0, rxjs_1.of)('');
        }
        return this.generateJwtToken(userInfo, (_a = this.authDefinitions.jwt) === null || _a === void 0 ? void 0 : _a.refreshTokenExpiresIn).pipe((0, rxjs_1.map)((res) => this.hashTextService.encode(res)));
    }
    decodeRefreshToken(refreshToken) {
        try {
            return pipe([
                transform((token) => this.hashTextService.decode(token)),
                transform((value) => value
                    ? this.jwtService.decode(value)
                    : undefined),
                transform((value) => value ? this.decodeTokenFromRawDecoded(value) : undefined),
                transform((value) => {
                    if ((value === null || value === void 0 ? void 0 : value.exp) && value.exp < (0, moment_1.default)().unix()) {
                        return undefined;
                    }
                    return value;
                }),
            ])(refreshToken);
        }
        catch {
            return undefined;
        }
    }
};
exports.TokenService = TokenService = __decorate([
    (0, common_1.Injectable)(),
    __param(0, (0, decorators_1.InjectAuthDefinitions)()),
    __metadata("design:paramtypes", [Object, jwt_1.JwtService,
        hash_text_service_1.HashTextService])
], TokenService);
function transform(iteratee) {
    return (value) => iteratee(value);
}
function pipe(funcs) {
    return (input) => funcs.reduce((acc, func) => func(acc), input);
}
//# sourceMappingURL=token.service.js.map