{"version":3,"sources":["../../../../src/server/requests-auth-methods/jwt.ts","/home/runner/work/equipped/equipped/dist/cjs/server/requests-auth-methods/jwt.cjs"],"names":[],"mappings":"AAEA,sWAAmB;AACnB,wGAAgB;AAEhB,qCAAsC;AACtC,kDAAoD;AAS7C,MAAe,yBAAA,QAA2D,+BAAyB;AAAA,EACtF;AAAA,EAMnB,WAAA,CAAY,OAAA,EAA0C;AACrD,IAAA,KAAA,CAAM,CAAA;AACN,IAAA,IAAA,CAAK,QAAA,EAAU,OAAA;AAAA,EAChB;AAAA,EAEA,CAAA,MAAA,CAAQ,MAAA,EAAgB;AACvB,IAAA,OAAO,CAAA,mBAAA;AACR,EAAA;AAEM,EAAA;AACC,IAAA;AACA,IAAA;AACC,IAAA;AACR,EAAA;AAEM,EAAA;AACD,IAAA;AACG,MAAA;AACA,MAAA;AACD,MAAA;AAED,MAAA;AACH,QAAA;AACI,QAAA;AACL,MAAA;AAEA,MAAA;AACD,IAAA;AACK,MAAA;AACA,MAAA;AACC,MAAA;AACN,IAAA;AACD,EAAA;AAEM,EAAA;AACE,IAAA;AACR,EAAA;AAEM,EAAA;AACC,IAAA;AACP,EAAA;AACD;AAMsB;AACF,EAAA;AAEnB,EAAA;AACO,IAAA;AACD,IAAA;AACN,EAAA;AAEM,EAAA;AACC,IAAA;AACD,IAAA;AACE,IAAA;AACR,EAAA;AAEA,EAAA;AACQ,IAAA;AACR,EAAA;AACD;AAMsB;AACF,EAAA;AAEnB,EAAA;AACO,IAAA;AACD,IAAA;AACN,EAAA;AAEM,EAAA;AACC,IAAA;AACA,IAAA;AACD,IAAA;AACE,IAAA;AACR,EAAA;AAEA,EAAA;AACQ,IAAA;AACR,EAAA;AACD;ACtCY;AACA;AACA;AACA;AACA","file":"/home/runner/work/equipped/equipped/dist/cjs/server/requests-auth-methods/jwt.cjs","sourcesContent":["import type { IncomingHttpHeaders } from 'node:http2'\n\nimport cookie from '@fastify/cookie'\nimport jwt from 'jsonwebtoken'\n\nimport { BaseRequestAuthMethod } from './base'\nimport { NotAuthenticatedError, TokenExpired } from '../../errors'\n\nexport interface BaseJwtRequestAuthMethodOptions {\n\tsigningKey: string\n\tstorageTTL: number\n\tstoragePrefix?: string\n\tenforceSingleSession?: boolean\n}\n\nexport abstract class BaseJwtRequestAuthMethod<T extends { id: string }> extends BaseRequestAuthMethod<T> {\n\tprotected readonly options: BaseJwtRequestAuthMethodOptions\n\tprotected abstract parseHeader(headers: IncomingHttpHeaders): Promise<string>\n\tprotected abstract store(key: string, token: string, ttl: number): Promise<void>\n\tprotected abstract retrieve(key: string): Promise<string | null>\n\tprotected abstract delete(key: string): Promise<void>\n\n\tconstructor(options: BaseJwtRequestAuthMethodOptions) {\n\t\tsuper()\n\t\tthis.options = options\n\t}\n\n\t#getKey(userId: string) {\n\t\treturn `${this.options.storagePrefix ?? ''}${userId}`\n\t}\n\n\tasync createToken(payload: T) {\n\t\tconst token = jwt.sign(payload, this.options.signingKey, { expiresIn: this.options.storageTTL })\n\t\tawait this.store(this.#getKey(payload.id), token, this.options.storageTTL)\n\t\treturn token\n\t}\n\n\tasync parse(headers: IncomingHttpHeaders) {\n\t\ttry {\n\t\t\tconst token = await this.parseHeader(headers)\n\t\t\tconst user = jwt.verify(token, this.options.signingKey) as T\n\t\t\tif (!user) throw new NotAuthenticatedError()\n\n\t\t\tif (this.options.enforceSingleSession) {\n\t\t\t\tconst cachedToken = await this.retrieve(this.#getKey(user.id))\n\t\t\t\tif (token && token !== cachedToken) throw new TokenExpired()\n\t\t\t}\n\n\t\t\treturn user\n\t\t} catch (err) {\n\t\t\tif (err instanceof TokenExpired) throw err\n\t\t\tif (err instanceof jwt.TokenExpiredError) throw new TokenExpired(undefined, err)\n\t\t\telse throw new NotAuthenticatedError(undefined, err)\n\t\t}\n\t}\n\n\tasync retrieveFor(userId: string) {\n\t\treturn this.retrieve(this.#getKey(userId))\n\t}\n\n\tasync deleteFor(userId: string) {\n\t\tawait this.delete(this.#getKey(userId))\n\t}\n}\n\ninterface BaseJwtHeaderRequestAuthMethodOptions<T extends string> extends BaseJwtRequestAuthMethodOptions {\n\theaderName: T\n}\n\nexport abstract class BaseJwtHeaderRequestAuthMethod<T extends { id: string }, Name extends string = string> extends BaseJwtRequestAuthMethod<T> {\n\tprotected readonly options: BaseJwtHeaderRequestAuthMethodOptions<Name>\n\n\tconstructor(options: BaseJwtHeaderRequestAuthMethodOptions<Name>) {\n\t\tsuper(options)\n\t\tthis.options = options\n\t}\n\n\tasync parseHeader(headers: IncomingHttpHeaders) {\n\t\tconst value = headers[this.options.headerName]\n\t\tif (!value || typeof value !== 'string') throw new NotAuthenticatedError()\n\t\treturn value.startsWith('Bearer ') ? value.slice(7) : value\n\t}\n\n\trouteSecuritySchemeName() {\n\t\treturn this.options.headerName\n\t}\n}\n\ninterface BaseJwtCookieRequestAuthMethodOptions<T extends string> extends BaseJwtRequestAuthMethodOptions {\n\tcookieName: T\n}\n\nexport abstract class BaseJwtCookieRequestAuthMethod<T extends { id: string }, Name extends string = string> extends BaseJwtRequestAuthMethod<T> {\n\tprotected readonly options: BaseJwtCookieRequestAuthMethodOptions<Name>\n\n\tconstructor(options: BaseJwtCookieRequestAuthMethodOptions<Name>) {\n\t\tsuper(options)\n\t\tthis.options = options\n\t}\n\n\tasync parseHeader(headers: IncomingHttpHeaders) {\n\t\tconst cookies = cookie.parse(headers.cookie || '') ?? {}\n\t\tconst value = cookies[this.options.cookieName]\n\t\tif (!value || typeof value !== 'string') throw new NotAuthenticatedError()\n\t\treturn value\n\t}\n\n\trouteSecuritySchemeName() {\n\t\treturn `cookie:${this.options.cookieName}`\n\t}\n}\n",null]}