@webundsoehne/nestjs-auth0-guard
Version:
NestJS Auth0 Guard
67 lines • 3.4 kB
JavaScript
;
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __param = (this && this.__param) || function (paramIndex, decorator) {
return function (target, key) { decorator(target, key, paramIndex); }
};
Object.defineProperty(exports, "__esModule", { value: true });
const common_1 = require("@nestjs/common");
const passport_1 = require("@nestjs/passport");
const passport_jwt_1 = require("passport-jwt");
const jwks_rsa_1 = require("jwks-rsa");
const auth0_service_1 = require("../auth0.service");
const auth0_constant_1 = require("../auth0.constant");
let Auth0JwtStrategy = class Auth0JwtStrategy extends passport_1.PassportStrategy(passport_jwt_1.Strategy) {
constructor(options, auth0Service, inject) {
super({
...(options.passportOptions || {}),
audience: options.audience || auth0_constant_1.AUTH0_DEFAULT_AUDIENCE,
issuer: `https://${options.domain}/`,
jwtFromRequest: passport_jwt_1.ExtractJwt.fromAuthHeaderAsBearerToken(),
passReqToCallback: true,
ignoreExpiration: true,
secretOrKeyProvider: jwks_rsa_1.passportJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://${options.domain}/.well-known/jwks.json`
})
});
this.auth0Service = auth0Service;
this.HttpException = common_1.HttpException;
this.namespace = null;
if (inject && inject.HttpException) {
this.HttpException = inject.HttpException;
}
this.namespace = `${options.namespace || options.audience || auth0_constant_1.AUTH0_DEFAULT_AUDIENCE}/`;
}
validate({ auth0, params: { id } }, payload) {
try {
if (!this.auth0Service.verifyPayload(payload)) {
throw new common_1.UnauthorizedException();
}
if (!this.auth0Service.verifyPermissions({ payload, auth0, id })) {
throw new common_1.ForbiddenException();
}
return this.auth0Service.prepareUserPayload(payload, this.namespace);
}
catch (error) {
const status = typeof error.getStatus === 'function' ? error.getStatus() : error.status || error.statusCode || 500;
throw new this.HttpException(error.message, status);
}
}
};
Auth0JwtStrategy = __decorate([
common_1.Injectable(),
__param(1, common_1.Inject(auth0_service_1.Auth0Service)),
__metadata("design:paramtypes", [Object, auth0_service_1.Auth0Service, Object])
], Auth0JwtStrategy);
exports.Auth0JwtStrategy = Auth0JwtStrategy;
//# sourceMappingURL=auth0-jwt.strategy.js.map