1 | "use strict";
|
2 | var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
3 | var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
4 | if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
5 | else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
6 | return c > 3 && r && Object.defineProperty(target, key, r), r;
|
7 | };
|
8 | var __metadata = (this && this.__metadata) || function (k, v) {
|
9 | if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
10 | };
|
11 | var __param = (this && this.__param) || function (paramIndex, decorator) {
|
12 | return function (target, key) { decorator(target, key, paramIndex); }
|
13 | };
|
14 | Object.defineProperty(exports, "__esModule", { value: true });
|
15 | exports.JwtService = void 0;
|
16 | const common_1 = require("@nestjs/common");
|
17 | const jwt = require("jsonwebtoken");
|
18 | const interfaces_1 = require("./interfaces");
|
19 | const jwt_constants_1 = require("./jwt.constants");
|
20 | const jwt_errors_1 = require("./jwt.errors");
|
21 | let JwtService = class JwtService {
|
22 | constructor(options = {}) {
|
23 | this.options = options;
|
24 | this.logger = new common_1.Logger('JwtService');
|
25 | }
|
26 | sign(payload, options) {
|
27 | const signOptions = this.mergeJwtOptions({ ...options }, 'signOptions');
|
28 | const secret = this.getSecretKey(payload, options, 'privateKey', interfaces_1.JwtSecretRequestType.SIGN);
|
29 | if (secret instanceof Promise) {
|
30 | secret.catch(() => { });
|
31 | this.logger.warn('For async version of "secretOrKeyProvider", please use "signAsync".');
|
32 | throw new jwt_errors_1.WrongSecretProviderError();
|
33 | }
|
34 | const allowedSignOptKeys = ['secret', 'privateKey'];
|
35 | const signOptKeys = Object.keys(signOptions);
|
36 | if (typeof payload === 'string' &&
|
37 | signOptKeys.some((k) => !allowedSignOptKeys.includes(k))) {
|
38 | throw new Error('Payload as string is not allowed with the following sign options: ' +
|
39 | signOptKeys.join(', '));
|
40 | }
|
41 | return jwt.sign(payload, secret, signOptions);
|
42 | }
|
43 | signAsync(payload, options) {
|
44 | const signOptions = this.mergeJwtOptions({ ...options }, 'signOptions');
|
45 | const secret = this.getSecretKey(payload, options, 'privateKey', interfaces_1.JwtSecretRequestType.SIGN);
|
46 | const allowedSignOptKeys = ['secret', 'privateKey'];
|
47 | const signOptKeys = Object.keys(signOptions);
|
48 | if (typeof payload === 'string' &&
|
49 | signOptKeys.some((k) => !allowedSignOptKeys.includes(k))) {
|
50 | throw new Error('Payload as string is not allowed with the following sign options: ' +
|
51 | signOptKeys.join(', '));
|
52 | }
|
53 | return new Promise((resolve, reject) => Promise.resolve()
|
54 | .then(() => secret)
|
55 | .then((scrt) => {
|
56 | jwt.sign(payload, scrt, signOptions, (err, encoded) => err ? reject(err) : resolve(encoded));
|
57 | }));
|
58 | }
|
59 | verify(token, options) {
|
60 | const verifyOptions = this.mergeJwtOptions({ ...options }, 'verifyOptions');
|
61 | const secret = this.getSecretKey(token, options, 'publicKey', interfaces_1.JwtSecretRequestType.VERIFY);
|
62 | if (secret instanceof Promise) {
|
63 | secret.catch(() => { });
|
64 | this.logger.warn('For async version of "secretOrKeyProvider", please use "verifyAsync".');
|
65 | throw new jwt_errors_1.WrongSecretProviderError();
|
66 | }
|
67 | return jwt.verify(token, secret, verifyOptions);
|
68 | }
|
69 | verifyAsync(token, options) {
|
70 | const verifyOptions = this.mergeJwtOptions({ ...options }, 'verifyOptions');
|
71 | const secret = this.getSecretKey(token, options, 'publicKey', interfaces_1.JwtSecretRequestType.VERIFY);
|
72 | return new Promise((resolve, reject) => Promise.resolve()
|
73 | .then(() => secret)
|
74 | .then((scrt) => {
|
75 | jwt.verify(token, scrt, verifyOptions, (err, decoded) => err ? reject(err) : resolve(decoded));
|
76 | })
|
77 | .catch(reject));
|
78 | }
|
79 | decode(token, options) {
|
80 | return jwt.decode(token, options);
|
81 | }
|
82 | mergeJwtOptions(options, key) {
|
83 | delete options.secret;
|
84 | if (key === 'signOptions') {
|
85 | delete options.privateKey;
|
86 | }
|
87 | else {
|
88 | delete options.publicKey;
|
89 | }
|
90 | return options
|
91 | ? {
|
92 | ...(this.options[key] || {}),
|
93 | ...options
|
94 | }
|
95 | : this.options[key];
|
96 | }
|
97 | overrideSecretFromOptions(secret) {
|
98 | if (this.options.secretOrPrivateKey) {
|
99 | this.logger.warn(`"secretOrPrivateKey" has been deprecated, please use the new explicit "secret" or use "secretOrKeyProvider" or "privateKey"/"publicKey" exclusively.`);
|
100 | secret = this.options.secretOrPrivateKey;
|
101 | }
|
102 | return secret;
|
103 | }
|
104 | getSecretKey(token, options, key, secretRequestType) {
|
105 | const secret = this.options.secretOrKeyProvider
|
106 | ? this.options.secretOrKeyProvider(secretRequestType, token, options)
|
107 | : options?.secret ||
|
108 | this.options.secret ||
|
109 | (key === 'privateKey'
|
110 | ? options?.privateKey || this.options.privateKey
|
111 | : options?.publicKey ||
|
112 | this.options.publicKey) ||
|
113 | this.options[key];
|
114 | return secret instanceof Promise
|
115 | ? secret.then((sec) => this.overrideSecretFromOptions(sec))
|
116 | : this.overrideSecretFromOptions(secret);
|
117 | }
|
118 | };
|
119 | exports.JwtService = JwtService;
|
120 | exports.JwtService = JwtService = __decorate([
|
121 | (0, common_1.Injectable)(),
|
122 | __param(0, (0, common_1.Optional)()),
|
123 | __param(0, (0, common_1.Inject)(jwt_constants_1.JWT_MODULE_OPTIONS)),
|
124 | __metadata("design:paramtypes", [Object])
|
125 | ], JwtService);
|