nest-authify/dist/implementations/base-auth.service.js

Complete authentication and authorization package for NestJS - Monolith and Microservices ready with OAuth, JWT, Redis sessions

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __param = (this && this.__param) || function (paramIndex, decorator) {
    return function (target, key) { decorator(target, key, paramIndex); }
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.BaseAuthService = void 0;
const common_1 = require("@nestjs/common");
const jwt_1 = require("@nestjs/jwt");
const crypto_1 = require("crypto");
let BaseAuthService = class BaseAuthService {
    constructor(jwtService, sessionStore) {
        this.jwtService = jwtService;
        this.sessionStore = sessionStore;
    }
    generateSessionId() {
        return (0, crypto_1.randomBytes)(32).toString('hex');
    }
    async createJwt(user, expiresIn = '60m', sessionId) {
        const payload = {
            sub: user.id,
            roles: user.roles,
            type: 'access',
            sessionId: sessionId || this.generateSessionId(),
        };
        return this.jwtService.sign(payload, { expiresIn });
    }
    async createRefreshToken(user, expiresIn = '7d', sessionId) {
        const payload = {
            sub: user.id,
            type: 'refresh',
            sessionId: sessionId || this.generateSessionId(),
        };
        return this.jwtService.sign(payload, { expiresIn });
    }
    async createSession(user, options) {
        const sessionId = this.generateSessionId();
        const accessToken = await this.createJwt(user, options?.jwtExpiresIn, sessionId);
        const refreshToken = await this.createRefreshToken(user, options?.refreshExpiresIn, sessionId);
        const session = {
            sub: user.id,
            roles: user.roles,
            accessToken,
            refreshToken,
            provider: options?.provider,
            providerData: options?.providerData,
            sessionId,
        };
        if (this.sessionStore) {
            const ttl = this.parseTTL(options?.refreshExpiresIn || '7d');
            await this.sessionStore.set(`session:${sessionId}`, { userId: user.id, roles: user.roles, createdAt: Date.now() }, ttl);
        }
        return session;
    }
    async verifyToken(token) {
        const payload = await this.jwtService.verifyAsync(token);
        if (this.sessionStore && payload.sessionId) {
            const sessionExists = await this.sessionStore.exists(`session:${payload.sessionId}`);
            if (!sessionExists) {
                throw new Error('Session expired or invalid');
            }
        }
        return payload;
    }
    async refreshAccessToken(refreshToken) {
        const payload = await this.verifyToken(refreshToken);
        if (payload.type !== 'refresh') {
            throw new Error('Invalid token type');
        }
        const user = await this.getUserById(payload.sub);
        if (!user) {
            throw new Error('User not found');
        }
        const accessToken = await this.createJwt({ id: user.id, roles: user.roles }, '60m', payload.sessionId);
        return { accessToken };
    }
    async revokeSession(sessionId) {
        if (this.sessionStore) {
            await this.sessionStore.delete(`session:${sessionId}`);
        }
    }
    async revokeAllUserSessions(userId) {
        if (this.sessionStore) {
            console.warn('revokeAllUserSessions requires custom implementation');
        }
    }
    parseTTL(duration) {
        const match = duration.match(/^(\d+)([smhd])$/);
        if (!match)
            return 604800;
        const value = parseInt(match[1]);
        const unit = match[2];
        const multipliers = {
            s: 1,
            m: 60,
            h: 3600,
            d: 86400,
        };
        return value * multipliers[unit];
    }
};
exports.BaseAuthService = BaseAuthService;
exports.BaseAuthService = BaseAuthService = __decorate([
    (0, common_1.Injectable)(),
    __param(1, (0, common_1.Optional)()),
    __param(1, (0, common_1.Inject)('SESSION_STORE')),
    __metadata("design:paramtypes", [jwt_1.JwtService, Object])
], BaseAuthService);
//# sourceMappingURL=base-auth.service.js.map