@nestjs-mod/sso/src/lib/sso.service.js

NestJS SDK for Single Sign-On on NestJS and Angular with webhooks and social authorization (Wrapper for https://www.npmjs.com/package/@nestjs-mod/sso-rest-sdk)

"use strict";
var SsoService_1;
Object.defineProperty(exports, "__esModule", { value: true });
exports.SsoService = void 0;
const tslib_1 = require("tslib");
const common_1 = require("@nestjs-mod/common");
const sso_rest_sdk_1 = require("@nestjs-mod/sso-rest-sdk");
const common_2 = require("@nestjs/common");
const core_1 = require("@nestjs/core");
const sso_configuration_1 = require("./sso.configuration");
const sso_decorators_1 = require("./sso.decorators");
const sso_environments_1 = require("./sso.environments");
const sso_errors_1 = require("./sso.errors");
let SsoService = SsoService_1 = class SsoService {
    constructor(reflector, ssoConfiguration, ssoStaticEnvironments) {
        this.reflector = reflector;
        this.ssoConfiguration = ssoConfiguration;
        this.ssoStaticEnvironments = ssoStaticEnvironments;
        this.logger = new common_2.Logger(SsoService_1.name);
    }
    onModuleInit() {
        this.ssoRestSdkService = new sso_rest_sdk_1.SsoRestSdkService({
            serverUrl: this.ssoStaticEnvironments.url,
        });
        this.adminSsoRestSdkService = new sso_rest_sdk_1.SsoRestSdkService({
            serverUrl: this.ssoStaticEnvironments.url,
            headers: {
                ['x-admin-secret']: this.ssoStaticEnvironments.adminSecret,
            },
        });
    }
    getSsoClient(isAdmin) {
        if (isAdmin) {
            return this.adminSsoRestSdkService;
        }
        return this.ssoRestSdkService;
    }
    // eslint-disable-next-line @typescript-eslint/no-explicit-any
    async getUserFromRequest(ctx, checkAccess = true) {
        await this.tryGetOrCreateCurrentUserWithExternalUserId(ctx);
        await this.checkAccessValidator(checkAccess, ctx);
        const req = this.getRequestFromExecutionContext(ctx);
        this.setInfoOfExternalUserIdToRequest(req);
        this.setSkippedBySsoIfUserIsEmpty(req);
        return req.ssoUser;
    }
    setSkippedBySsoIfUserIsEmpty(req) {
        req.skippedBySso =
            req.ssoUser === undefined || req.ssoUser?.id === undefined;
    }
    setInfoOfExternalUserIdToRequest(req) {
        if (req.ssoUser?.id) {
            req.externalUserId = req.ssoUser?.id;
        }
    }
    async checkAccessValidator(checkAccess, ctx) {
        const { checkAccessMetadata, allowEmptyUserMetadata } = this.getHandlersReflectMetadata(ctx);
        const req = this.getRequestFromExecutionContext(ctx);
        if (allowEmptyUserMetadata) {
            req.skipEmptySsoUser = true;
        }
        if (checkAccess) {
            // check access by custom logic
            const checkAccessValidatorResult = this.ssoConfiguration
                .checkAccessValidator
                ? await this.ssoConfiguration.checkAccessValidator(req.ssoUser, checkAccessMetadata, ctx)
                : false;
            // check access by roles
            if (!req.skipEmptySsoUser &&
                !checkAccessValidatorResult &&
                !req.ssoUser?.id) {
                throw new sso_errors_1.SsoError(sso_errors_1.SsoErrorEnum.UNAUTHORIZED);
            }
        }
    }
    async tryGetOrCreateCurrentUserWithExternalUserId(ctx) {
        const req = this.getRequestFromExecutionContext(ctx);
        if (!req.ssoUser?.id) {
            const token = req.headers?.authorization?.split(' ')[1];
            if (token && token !== 'undefined') {
                // check user in sso
                try {
                    const getProfileResult = await this.ssoRestSdkService
                        .getSsoApi()
                        .ssoControllerProfile({
                        headers: { authorization: req.headers['authorization'] },
                    });
                    req.ssoUser = getProfileResult.data;
                }
                catch (err) {
                    this.logger.error(err, err.stack);
                    req.ssoUser = { id: undefined };
                }
            }
        }
        req.ssoUser = (req.ssoUser || { id: undefined });
    }
    getRequestFromExecutionContext(ctx) {
        const req = (0, common_1.getRequestFromExecutionContext)(ctx);
        req.headers = req.headers || {};
        return req;
    }
    getHandlersReflectMetadata(ctx) {
        const allowEmptyUserMetadata = Boolean((typeof ctx.getHandler === 'function' &&
            this.reflector.get(sso_decorators_1.AllowEmptySsoUser, ctx.getHandler())) ||
            (typeof ctx.getClass === 'function' &&
                this.reflector.get(sso_decorators_1.AllowEmptySsoUser, ctx.getClass())) ||
            undefined);
        const checkAccessMetadata = (typeof ctx.getHandler === 'function' &&
            this.reflector.get(sso_decorators_1.CheckSsoAccess, ctx.getHandler())) ||
            (typeof ctx.getClass === 'function' &&
                this.reflector.get(sso_decorators_1.CheckSsoAccess, ctx.getClass())) ||
            undefined;
        return {
            checkAccessMetadata,
            allowEmptyUserMetadata,
        };
    }
};
exports.SsoService = SsoService;
exports.SsoService = SsoService = SsoService_1 = tslib_1.__decorate([
    (0, common_2.Injectable)(),
    tslib_1.__metadata("design:paramtypes", [core_1.Reflector,
        sso_configuration_1.SsoConfiguration,
        sso_environments_1.SsoStaticEnvironments])
], SsoService);
//# sourceMappingURL=sso.service.js.map