{"version":3,"sources":["../../../../src/server/requests-auth-methods/jwt.ts"],"sourcesContent":["import type { IncomingHttpHeaders } from 'node:http2'\n\nimport cookie from '@fastify/cookie'\nimport jwt from 'jsonwebtoken'\n\nimport { BaseRequestAuthMethod } from './base'\nimport { NotAuthenticatedError, TokenExpired } from '../../errors'\n\nexport interface BaseJwtRequestAuthMethodOptions {\n\tsigningKey: string\n\tstorageTTL: number\n\tstoragePrefix?: string\n\tenforceSingleSession?: boolean\n}\n\nexport abstract class BaseJwtRequestAuthMethod<T extends { id: string }> extends BaseRequestAuthMethod<T> {\n\tprotected readonly options: BaseJwtRequestAuthMethodOptions\n\tprotected abstract parseHeader(headers: IncomingHttpHeaders): Promise<string>\n\tprotected abstract store(key: string, token: string, ttl: number): Promise<void>\n\tprotected abstract retrieve(key: string): Promise<string | null>\n\tprotected abstract delete(key: string): Promise<void>\n\n\tconstructor(options: BaseJwtRequestAuthMethodOptions) {\n\t\tsuper()\n\t\tthis.options = options\n\t}\n\n\t#getKey(userId: string) {\n\t\treturn `${this.options.storagePrefix ?? ''}${userId}`\n\t}\n\n\tasync createToken(payload: T) {\n\t\tconst token = jwt.sign(payload, this.options.signingKey, { expiresIn: this.options.storageTTL })\n\t\tawait this.store(this.#getKey(payload.id), token, this.options.storageTTL)\n\t\treturn token\n\t}\n\n\tasync parse(headers: IncomingHttpHeaders) {\n\t\ttry {\n\t\t\tconst token = await this.parseHeader(headers)\n\t\t\tconst user = jwt.verify(token, this.options.signingKey) as T\n\t\t\tif (!user) throw new NotAuthenticatedError()\n\n\t\t\tif (this.options.enforceSingleSession) {\n\t\t\t\tconst cachedToken = await this.retrieve(this.#getKey(user.id))\n\t\t\t\tif (token && token !== cachedToken) throw new TokenExpired()\n\t\t\t}\n\n\t\t\treturn user\n\t\t} catch (err) {\n\t\t\tif (err instanceof TokenExpired) throw err\n\t\t\tif (err instanceof jwt.TokenExpiredError) throw new TokenExpired(undefined, err)\n\t\t\telse throw new NotAuthenticatedError(undefined, err)\n\t\t}\n\t}\n\n\tasync retrieveFor(userId: string) {\n\t\treturn this.retrieve(this.#getKey(userId))\n\t}\n\n\tasync deleteFor(userId: string) {\n\t\tawait this.delete(this.#getKey(userId))\n\t}\n}\n\ninterface BaseJwtHeaderRequestAuthMethodOptions<T extends string> extends BaseJwtRequestAuthMethodOptions {\n\theaderName: T\n}\n\nexport abstract class BaseJwtHeaderRequestAuthMethod<T extends { id: string }, Name extends string = string> extends BaseJwtRequestAuthMethod<T> {\n\tprotected readonly options: BaseJwtHeaderRequestAuthMethodOptions<Name>\n\n\tconstructor(options: BaseJwtHeaderRequestAuthMethodOptions<Name>) {\n\t\tsuper(options)\n\t\tthis.options = options\n\t}\n\n\tasync parseHeader(headers: IncomingHttpHeaders) {\n\t\tconst value = headers[this.options.headerName]\n\t\tif (!value || typeof value !== 'string') throw new NotAuthenticatedError()\n\t\treturn value.startsWith('Bearer ') ? value.slice(7) : value\n\t}\n\n\trouteSecuritySchemeName() {\n\t\treturn this.options.headerName\n\t}\n}\n\ninterface BaseJwtCookieRequestAuthMethodOptions<T extends string> extends BaseJwtRequestAuthMethodOptions {\n\tcookieName: T\n}\n\nexport abstract class BaseJwtCookieRequestAuthMethod<T extends { id: string }, Name extends string = string> extends BaseJwtRequestAuthMethod<T> {\n\tprotected readonly options: BaseJwtCookieRequestAuthMethodOptions<Name>\n\n\tconstructor(options: BaseJwtCookieRequestAuthMethodOptions<Name>) {\n\t\tsuper(options)\n\t\tthis.options = options\n\t}\n\n\tasync parseHeader(headers: IncomingHttpHeaders) {\n\t\tconst cookies = cookie.parse(headers.cookie || '') ?? {}\n\t\tconst value = cookies[this.options.cookieName]\n\t\tif (!value || typeof value !== 'string') throw new NotAuthenticatedError()\n\t\treturn value\n\t}\n\n\trouteSecuritySchemeName() {\n\t\treturn `cookie:${this.options.cookieName}`\n\t}\n}\n"],"mappings":"AAEA,OAAO,YAAY;AACnB,OAAO,SAAS;AAEhB,SAAS,6BAA6B;AACtC,SAAS,uBAAuB,oBAAoB;AAS7C,MAAe,iCAA2D,sBAAyB;AAAA,EACtF;AAAA,EAMnB,YAAY,SAA0C;AACrD,UAAM;AACN,SAAK,UAAU;AAAA,EAChB;AAAA,EAEA,QAAQ,QAAgB;AACvB,WAAO,GAAG,KAAK,QAAQ,iBAAiB,EAAE,GAAG,MAAM;AAAA,EACpD;AAAA,EAEA,MAAM,YAAY,SAAY;AAC7B,UAAM,QAAQ,IAAI,KAAK,SAAS,KAAK,QAAQ,YAAY,EAAE,WAAW,KAAK,QAAQ,WAAW,CAAC;AAC/F,UAAM,KAAK,MAAM,KAAK,QAAQ,QAAQ,EAAE,GAAG,OAAO,KAAK,QAAQ,UAAU;AACzE,WAAO;AAAA,EACR;AAAA,EAEA,MAAM,MAAM,SAA8B;AACzC,QAAI;AACH,YAAM,QAAQ,MAAM,KAAK,YAAY,OAAO;AAC5C,YAAM,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,UAAU;AACtD,UAAI,CAAC,KAAM,OAAM,IAAI,sBAAsB;AAE3C,UAAI,KAAK,QAAQ,sBAAsB;AACtC,cAAM,cAAc,MAAM,KAAK,SAAS,KAAK,QAAQ,KAAK,EAAE,CAAC;AAC7D,YAAI,SAAS,UAAU,YAAa,OAAM,IAAI,aAAa;AAAA,MAC5D;AAEA,aAAO;AAAA,IACR,SAAS,KAAK;AACb,UAAI,eAAe,aAAc,OAAM;AACvC,UAAI,eAAe,IAAI,kBAAmB,OAAM,IAAI,aAAa,QAAW,GAAG;AAAA,UAC1E,OAAM,IAAI,sBAAsB,QAAW,GAAG;AAAA,IACpD;AAAA,EACD;AAAA,EAEA,MAAM,YAAY,QAAgB;AACjC,WAAO,KAAK,SAAS,KAAK,QAAQ,MAAM,CAAC;AAAA,EAC1C;AAAA,EAEA,MAAM,UAAU,QAAgB;AAC/B,UAAM,KAAK,OAAO,KAAK,QAAQ,MAAM,CAAC;AAAA,EACvC;AACD;AAMO,MAAe,uCAA+F,yBAA4B;AAAA,EAC7H;AAAA,EAEnB,YAAY,SAAsD;AACjE,UAAM,OAAO;AACb,SAAK,UAAU;AAAA,EAChB;AAAA,EAEA,MAAM,YAAY,SAA8B;AAC/C,UAAM,QAAQ,QAAQ,KAAK,QAAQ,UAAU;AAC7C,QAAI,CAAC,SAAS,OAAO,UAAU,SAAU,OAAM,IAAI,sBAAsB;AACzE,WAAO,MAAM,WAAW,SAAS,IAAI,MAAM,MAAM,CAAC,IAAI;AAAA,EACvD;AAAA,EAEA,0BAA0B;AACzB,WAAO,KAAK,QAAQ;AAAA,EACrB;AACD;AAMO,MAAe,uCAA+F,yBAA4B;AAAA,EAC7H;AAAA,EAEnB,YAAY,SAAsD;AACjE,UAAM,OAAO;AACb,SAAK,UAAU;AAAA,EAChB;AAAA,EAEA,MAAM,YAAY,SAA8B;AAC/C,UAAM,UAAU,OAAO,MAAM,QAAQ,UAAU,EAAE,KAAK,CAAC;AACvD,UAAM,QAAQ,QAAQ,KAAK,QAAQ,UAAU;AAC7C,QAAI,CAAC,SAAS,OAAO,UAAU,SAAU,OAAM,IAAI,sBAAsB;AACzE,WAAO;AAAA,EACR;AAAA,EAEA,0BAA0B;AACzB,WAAO,UAAU,KAAK,QAAQ,UAAU;AAAA,EACzC;AACD;","names":[]}