{"version":3,"sources":["../../../../src/server/requests-auth-methods/jwt.ts"],"names":["options","#getKey"],"mappings":"AAEA,sWAAmB,wGACH,4CAGP,yDAUW,MAMnB,EAAA,QAAsD,iCACrD,CAAA,WACK,CAAUA,CAChB,CAEAC,CAAAA,KACC,CAAA,CAAA,CAAA,IAAO,CAAA,OAAQ,CAAA,CAAA,CAAA,CAAA,CAAA,CAAA,CAAQ,CAAA,CAAA,MAAA,CAAA,mBAAA","file":"/home/runner/work/equipped/equipped/dist/cjs/server/requests-auth-methods/jwt.min.cjs","sourcesContent":["import type { IncomingHttpHeaders } from 'node:http2'\n\nimport cookie from '@fastify/cookie'\nimport jwt from 'jsonwebtoken'\n\nimport { BaseRequestAuthMethod } from './base'\nimport { NotAuthenticatedError, TokenExpired } from '../../errors'\n\nexport interface BaseJwtRequestAuthMethodOptions {\n\tsigningKey: string\n\tstorageTTL: number\n\tstoragePrefix?: string\n\tenforceSingleSession?: boolean\n}\n\nexport abstract class BaseJwtRequestAuthMethod extends BaseRequestAuthMethod {\n\tprotected readonly options: BaseJwtRequestAuthMethodOptions\n\tprotected abstract parseHeader(headers: IncomingHttpHeaders): Promise\n\tprotected abstract store(key: string, token: string, ttl: number): Promise\n\tprotected abstract retrieve(key: string): Promise\n\tprotected abstract delete(key: string): Promise\n\n\tconstructor(options: BaseJwtRequestAuthMethodOptions) {\n\t\tsuper()\n\t\tthis.options = options\n\t}\n\n\t#getKey(userId: string) {\n\t\treturn `${this.options.storagePrefix ?? ''}${userId}`\n\t}\n\n\tasync createToken(payload: T) {\n\t\tconst token = jwt.sign(payload, this.options.signingKey, { expiresIn: this.options.storageTTL })\n\t\tawait this.store(this.#getKey(payload.id), token, this.options.storageTTL)\n\t\treturn token\n\t}\n\n\tasync parse(headers: IncomingHttpHeaders) {\n\t\ttry {\n\t\t\tconst token = await this.parseHeader(headers)\n\t\t\tconst user = jwt.verify(token, this.options.signingKey) as T\n\t\t\tif (!user) throw new NotAuthenticatedError()\n\n\t\t\tif (this.options.enforceSingleSession) {\n\t\t\t\tconst cachedToken = await this.retrieve(this.#getKey(user.id))\n\t\t\t\tif (token && token !== cachedToken) throw new TokenExpired()\n\t\t\t}\n\n\t\t\treturn user\n\t\t} catch (err) {\n\t\t\tif (err instanceof TokenExpired) throw err\n\t\t\tif (err instanceof jwt.TokenExpiredError) throw new TokenExpired(undefined, err)\n\t\t\telse throw new NotAuthenticatedError(undefined, err)\n\t\t}\n\t}\n\n\tasync retrieveFor(userId: string) {\n\t\treturn this.retrieve(this.#getKey(userId))\n\t}\n\n\tasync deleteFor(userId: string) {\n\t\tawait this.delete(this.#getKey(userId))\n\t}\n}\n\ninterface BaseJwtHeaderRequestAuthMethodOptions extends BaseJwtRequestAuthMethodOptions {\n\theaderName: T\n}\n\nexport abstract class BaseJwtHeaderRequestAuthMethod extends BaseJwtRequestAuthMethod {\n\tprotected readonly options: BaseJwtHeaderRequestAuthMethodOptions\n\n\tconstructor(options: BaseJwtHeaderRequestAuthMethodOptions) {\n\t\tsuper(options)\n\t\tthis.options = options\n\t}\n\n\tasync parseHeader(headers: IncomingHttpHeaders) {\n\t\tconst value = headers[this.options.headerName]\n\t\tif (!value || typeof value !== 'string') throw new NotAuthenticatedError()\n\t\treturn value.startsWith('Bearer ') ? value.slice(7) : value\n\t}\n\n\trouteSecuritySchemeName() {\n\t\treturn this.options.headerName\n\t}\n}\n\ninterface BaseJwtCookieRequestAuthMethodOptions extends BaseJwtRequestAuthMethodOptions {\n\tcookieName: T\n}\n\nexport abstract class BaseJwtCookieRequestAuthMethod extends BaseJwtRequestAuthMethod {\n\tprotected readonly options: BaseJwtCookieRequestAuthMethodOptions\n\n\tconstructor(options: BaseJwtCookieRequestAuthMethodOptions) {\n\t\tsuper(options)\n\t\tthis.options = options\n\t}\n\n\tasync parseHeader(headers: IncomingHttpHeaders) {\n\t\tconst cookies = cookie.parse(headers.cookie || '') ?? {}\n\t\tconst value = cookies[this.options.cookieName]\n\t\tif (!value || typeof value !== 'string') throw new NotAuthenticatedError()\n\t\treturn value\n\t}\n\n\trouteSecuritySchemeName() {\n\t\treturn `cookie:${this.options.cookieName}`\n\t}\n}\n"]}