UNPKG

@nxtoai/jwtette

Version:

JWT authentication package for NxtoAI microservices

61 lines (53 loc) 2.53 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
import { Injectable, NestMiddleware, UnauthorizedException } from '@nestjs/common'; import { Request, Response, NextFunction } from 'express'; import { ConfigService } from '@nestjs/config'; import { JwtHelper } from './jwt.helper'; import { AagService } from '@nxtoai/aag'; import { JwtService } from './jwt.service'; @Injectable() export class AuthMiddleware implements NestMiddleware { constructor( private readonly configService: ConfigService, private readonly jwtService: JwtService, private readonly jwtHelper: JwtHelper, private readonly aag: AagService ) {} async use(req: Request, res: Response, next: NextFunction) { const skipJwtEndpoints = this.configService.get<string[]>('JWTETTE_MODULE_OPTIONS.skipJwtEndpoints') || []; const path = req.path; const method = req.method; const endpoint = `${method}:${path}`; // Check if the endpoint should skip JWT validation if (skipJwtEndpoints.includes(path) || skipJwtEndpoints.includes(endpoint)) { this.aag.debug(`Skipping JWT validation for endpoint: ${endpoint}`); return next(); } const authHeader = req.headers.authorization; if (!authHeader) { this.aag.warn(`No authorization header found for endpoint: ${endpoint}`); throw new UnauthorizedException('No authorization header'); } const [type, token] = authHeader.split(' '); if (type !== 'Bearer' || !token) { this.aag.warn(`Invalid authorization header format for endpoint: ${endpoint}`); throw new UnauthorizedException('Invalid authorization header format'); } try { // Verify token const payload = this.jwtService.verify(token); // Check if token is blacklisted const isBlacklisted = await this.jwtHelper.isTokenBlacklisted(token); if (isBlacklisted) { this.aag.warn(`Blacklisted token used for endpoint: ${endpoint}`); throw new UnauthorizedException('Token has been invalidated'); } // Attach user to request req['user'] = payload; this.aag.debug(`JWT validation successful for endpoint: ${endpoint}`); next(); } catch (error) { this.aag.error(`JWT validation failed for endpoint: ${endpoint}`, error.stack); throw new UnauthorizedException('Invalid token'); } } }