@point3/logto-module
Version:
포인트3 내부 logto Authentication 모듈입니다
150 lines • 7.01 kB
JavaScript
"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
var OAuthClient_1;
Object.defineProperty(exports, "__esModule", { value: true });
exports.SignInType = exports.OAuthClient = exports.OAuthClientToken = void 0;
const common_1 = require("@nestjs/common");
const axios_1 = __importDefault(require("axios"));
const config_1 = require("./config");
const point3_common_tool_1 = require("point3-common-tool");
const errors_1 = require("../errors");
const types_1 = require("./types");
const Gulid = point3_common_tool_1.p3Values.Gulid;
exports.OAuthClientToken = "OAuthClient";
let OAuthClient = OAuthClient_1 = class OAuthClient {
constructor(config, logger) {
this.config = config;
this.logger = logger;
this.logtoConfig = {
endpoint: config.endpoint,
appId: config.clientId,
appSecret: config.clientSecret,
resources: config.resources,
scopes: config.scopes,
prompt: config.prompt,
redirectUri: config.redirectUri,
grantType: config_1.GrantType.AuthorizationCode,
};
this.logtoRestTemplate = new types_1.LogtoOAuthRESTTemplate(logger, this.logtoConfig.endpoint);
this.logtoRestTemplate.setBasic(this.logtoConfig.appId, this.logtoConfig.appSecret);
}
getSignInURI(signInType) {
try {
let uri;
if (signInType === SignInType.Dashboard) {
if (this.config.dashboardSignInUri) {
uri = new URL(`${this.config.dashboardSignInUri}/auth`);
}
else {
this.logger.warn("대시보드 로그인 URI 설정을 찾을 수 없어 기본 URI를 사용합니다.", this.constructor.name);
uri = new URL(`${this.config.signInUri}/auth`);
}
}
else {
uri = new URL(`${this.config.signInUri}/auth`);
}
const state = Gulid.create(OAuthClient_1.prefix);
uri.searchParams.set("redirect_uri", this.logtoConfig.redirectUri);
uri.searchParams.set("response_type", "code");
uri.searchParams.set("scope", this.logtoConfig.scopes.join(" "));
uri.searchParams.set("prompt", this.logtoConfig.prompt);
uri.searchParams.set("client_id", this.logtoConfig.appId);
uri.searchParams.set("resource", this.logtoConfig.resources.join(" "));
uri.searchParams.set("state", state.toString());
return { uri: uri.toString(), state: state.toString() };
}
catch (error) {
throw new errors_1.SignInUriGenerationError(signInType);
}
}
async getSignOutURI() {
try {
const uri = new URL(`${this.config.signInUri}/session/end`);
uri.searchParams.set("redirect_uri", this.logtoConfig.redirectUri);
uri.searchParams.set("client_id", this.logtoConfig.appId);
return uri.toString();
}
catch (error) {
throw new errors_1.SignOutUriGenerationError();
}
}
async fetchTokenByAuthorizationCode(code) {
try {
const parameters = new URLSearchParams();
parameters.set("code", code);
parameters.set("grant_type", this.logtoConfig.grantType);
parameters.set("redirect_uri", this.logtoConfig.redirectUri);
parameters.set("resource", this.logtoConfig.resources.join(" "));
parameters.set("scope", this.logtoConfig.scopes.join(" "));
const response = await this.logtoRestTemplate.post(`${this.logtoConfig.endpoint}/token`, parameters.toString());
return {
accessToken: response.data.access_token,
idToken: response.data.id_token,
};
}
catch (error) {
throw new errors_1.AuthorizationCodeTokenFetchError(code);
}
}
async fetchAccessTokenByPAT(pat) {
try {
const parameters = new URLSearchParams();
parameters.set("client_id", this.logtoConfig.appId);
parameters.set("grant_type", 'urn:ietf:params:oauth:grant-type:token-exchange');
parameters.set("resource", this.logtoConfig.resources.join(" "));
parameters.set("scope", this.logtoConfig.scopes.join(" "));
parameters.set("subject_token", pat);
parameters.set("subject_token_type", 'urn:logto:token-type:personal_access_token');
const response = await this.logtoRestTemplate.post(`${this.logtoConfig.endpoint}/token`, parameters.toString(), {
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
});
return {
accessToken: response.data.access_token,
};
}
catch (error) {
this.logger.error(`PAT를 이용한 AccessToken 발급 실패: ${error.message}`, error.stack, this.constructor.name);
throw new errors_1.PersonalAccessTokenFetchError();
}
}
async revokeToken(token) {
try {
const response = await axios_1.default.post(`${this.logtoConfig.endpoint}/token/revoke`, new URLSearchParams({
token: token,
client_id: this.logtoConfig.appId,
}).toString(), {
headers: { "Content-Type": "application/x-www-form-urlencoded" },
});
if (response.status === 200)
return;
throw new errors_1.TokenRevocationFailedError();
}
catch (error) {
throw new errors_1.TokenRevocationFailedError();
}
}
};
exports.OAuthClient = OAuthClient;
OAuthClient.prefix = "signin";
exports.OAuthClient = OAuthClient = OAuthClient_1 = __decorate([
(0, common_1.Global)(),
(0, common_1.Injectable)(),
__metadata("design:paramtypes", [Object, Object])
], OAuthClient);
var SignInType;
(function (SignInType) {
SignInType["Admin"] = "admin";
SignInType["Dashboard"] = "dashboard";
})(SignInType || (exports.SignInType = SignInType = {}));
//# sourceMappingURL=oauth-client.js.map