lbx-jwt/dist/services/access-token.service.js

Provides JWT authentication for loopback applications. Includes storing roles inside tokens and handling refreshing. Built-in reuse detection.

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.AccessTokenService = void 0;
const tslib_1 = require("tslib");
const core_1 = require("@loopback/core");
const rest_1 = require("@loopback/rest");
const security_1 = require("@loopback/security");
const convert_ms_to_seconds_function_1 = require("./convert-ms-to-seconds.function");
const jwt_utilities_1 = require("../encapsulation/jwt.utilities");
const keys_1 = require("../keys");
/**
 * Generates and verifies access tokens.
 */
let AccessTokenService = class AccessTokenService {
    constructor(accessTokenSecret, accessTokenExpiresInMs) {
        this.accessTokenSecret = accessTokenSecret;
        this.accessTokenExpiresInMs = accessTokenExpiresInMs;
    }
    // eslint-disable-next-line jsdoc/require-jsdoc
    async verifyToken(token) {
        try {
            const decodedToken = await jwt_utilities_1.JwtUtilities.verifyAsync(token, this.accessTokenSecret);
            // don't copy over  token field 'iat' and 'exp', nor 'email' to user profile
            const userProfile = Object.assign({
                [security_1.securityId]: decodedToken.payload.id,
                name: ''
            }, {
                id: decodedToken.payload.id,
                roles: decodedToken.payload.roles
            });
            return userProfile;
        }
        catch (error) {
            // eslint-disable-next-line typescript/no-unsafe-member-access
            throw new rest_1.HttpErrors.Unauthorized(`Error verifying access token: ${error.message}`);
        }
    }
    // eslint-disable-next-line jsdoc/require-jsdoc
    async generateToken(userProfile) {
        // eslint-disable-next-line jsdoc/require-jsdoc
        const jwtPayload = {
            id: userProfile[security_1.securityId],
            email: userProfile.email,
            roles: userProfile.roles
        };
        // Generate a JSON Web Token
        try {
            return await jwt_utilities_1.JwtUtilities.signAsync(jwtPayload, this.accessTokenSecret, { expiresIn: (0, convert_ms_to_seconds_function_1.convertMsToSeconds)(this.accessTokenExpiresInMs) });
        }
        catch (error) {
            // eslint-disable-next-line typescript/no-unsafe-member-access
            throw new rest_1.HttpErrors.Unauthorized(`Error generating token: ${error.message}`);
        }
    }
};
exports.AccessTokenService = AccessTokenService;
exports.AccessTokenService = AccessTokenService = tslib_1.__decorate([
    tslib_1.__param(0, (0, core_1.inject)(keys_1.LbxJwtBindings.ACCESS_TOKEN_SECRET)),
    tslib_1.__param(1, (0, core_1.inject)(keys_1.LbxJwtBindings.ACCESS_TOKEN_EXPIRES_IN_MS)),
    tslib_1.__metadata("design:paramtypes", [String, Number])
], AccessTokenService);
//# sourceMappingURL=access-token.service.js.map