├── .circleci
    └── config.yml
├── .commitlintrc.json
├── .github
    ├── ISSUE_TEMPLATE
    │   ├── Bug_report.yml
    │   ├── Feature_request.yml
    │   ├── Regression.yml
    │   └── config.yml
    └── PULL_REQUEST_TEMPLATE.md
├── .gitignore
├── .husky
    ├── .gitignore
    ├── commit-msg
    └── pre-commit
├── .npmignore
├── .prettierrc
├── .release-it.json
├── CONTRIBUTING.md
├── LICENSE
├── README.md
├── eslint.config.mjs
├── index.d.ts
├── index.js
├── index.ts
├── jest.json
├── lib
    ├── index.ts
    ├── interfaces
    │   ├── index.ts
    │   └── jwt-module-options.interface.ts
    ├── jwt.constants.ts
    ├── jwt.errors.ts
    ├── jwt.module.ts
    ├── jwt.providers.ts
    ├── jwt.service.spec.ts
    └── jwt.service.ts
├── package-lock.json
├── package.json
├── renovate.json
├── tsconfig.build.json
└── tsconfig.json


/.circleci/config.yml:
--------------------------------------------------------------------------------
 1 | version: 2
 2 | 
 3 | aliases:
 4 |   - &restore-cache
 5 |     restore_cache:
 6 |       key: dependency-cache-{{ checksum "package.json" }}
 7 |   - &install-deps
 8 |     run:
 9 |       name: Install dependencies
10 |       command: npm install --legacy-peer-deps
11 |   - &build-packages
12 |     run:
13 |       name: Build
14 |       command: npm run build
15 | 
16 | jobs:
17 |   build:
18 |     working_directory: ~/nest
19 |     docker:
20 |       - image: cimg/node:22.15.0
21 |     steps:
22 |       - checkout
23 |       - restore_cache:
24 |           key: dependency-cache-{{ checksum "package.json" }}
25 |       - run:
26 |           name: Install dependencies
27 |           command: npm install --legacy-peer-deps
28 |       - save_cache:
29 |           key: dependency-cache-{{ checksum "package.json" }}
30 |           paths:
31 |             - ./node_modules
32 |       - run:
33 |           name: Build
34 |           command: npm run build
35 |   test:
36 |     working_directory: ~/nest
37 |     docker:
38 |       - image: cimg/node:22.15.0
39 |     steps:
40 |       - checkout
41 |       - *restore-cache
42 |       - *install-deps
43 |       - run:
44 |           name: Unit tests
45 |           command: npm run test
46 | 
47 | workflows:
48 |   version: 2
49 |   build-and-test:
50 |     jobs:
51 |       - build
52 |       - test:
53 |           requires:
54 |             - build
55 | 


--------------------------------------------------------------------------------
/.commitlintrc.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "extends": ["@commitlint/config-angular"],
 3 |   "rules": {
 4 |     "subject-case": [
 5 |       2,
 6 |       "always",
 7 |       ["sentence-case", "start-case", "pascal-case", "upper-case", "lower-case"]
 8 |     ],
 9 |     "type-enum": [
10 |       2,
11 |       "always",
12 |       [
13 |         "build",
14 |         "chore",
15 |         "ci",
16 |         "docs",
17 |         "feat",
18 |         "fix",
19 |         "perf",
20 |         "refactor",
21 |         "revert",
22 |         "style",
23 |         "test",
24 |         "sample"
25 |       ]
26 |     ]
27 |   }
28 | }
29 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/Bug_report.yml:
--------------------------------------------------------------------------------
  1 | name: "\U0001F41B Bug Report"
  2 | description: "If something isn't working as expected \U0001F914"
  3 | labels: ["needs triage", "bug"]
  4 | body:
  5 |   - type: markdown
  6 |     attributes:
  7 |       value: |
  8 |         ## :warning: We use GitHub Issues to track bug reports, feature requests and regressions
  9 |  
 10 |         If you are not sure that your issue is a bug, you could:
 11 | 
 12 |         - use our [Discord community](https://discord.gg/NestJS)
 13 |         - use [StackOverflow using the tag `nestjs`](https://stackoverflow.com/questions/tagged/nestjs)
 14 |         - If it's just a quick question you can ping [our Twitter](https://twitter.com/nestframework)
 15 | 
 16 |         **NOTE:** You don't need to answer questions that you know that aren't relevant.
 17 | 
 18 |         ---
 19 | 
 20 |   - type: checkboxes
 21 |     attributes:
 22 |       label: "Is there an existing issue for this?"
 23 |       description: "Please search [here](./?q=is%3Aissue) to see if an issue already exists for the bug you encountered"
 24 |       options:
 25 |       - label: "I have searched the existing issues"
 26 |         required: true
 27 | 
 28 |   - type: textarea
 29 |     validations:
 30 |       required: true
 31 |     attributes:
 32 |       label: "Current behavior"
 33 |       description: "How the issue manifests?"
 34 | 
 35 |   - type: input
 36 |     validations:
 37 |       required: true
 38 |     attributes:
 39 |       label: "Minimum reproduction code"
 40 |       description: "An URL to some git repository or gist that reproduces this issue. [Wtf is a minimum reproduction?](https://jmcdo29.github.io/wtf-is-a-minimum-reproduction)"
 41 |       placeholder: "https://github.com/..."
 42 | 
 43 |   - type: textarea
 44 |     attributes:
 45 |       label: "Steps to reproduce"
 46 |       description: |
 47 |         How the issue manifests?
 48 |         You could leave this blank if you alread write this in your reproduction code/repo
 49 |       placeholder: |
 50 |         1. `npm i`
 51 |         2. `npm start:dev`
 52 |         3. See error...
 53 | 
 54 |   - type: textarea
 55 |     validations:
 56 |       required: true
 57 |     attributes:
 58 |       label: "Expected behavior"
 59 |       description: "A clear and concise description of what you expected to happend (or code)"
 60 | 
 61 |   - type: markdown
 62 |     attributes:
 63 |       value: |
 64 |         ---
 65 | 
 66 |   - type: input
 67 |     validations:
 68 |       required: true
 69 |     attributes:
 70 |       label: "Package version"
 71 |       description: |
 72 |         Which version of `@nestjs/jwt` are you using?
 73 |         **Tip**: Make sure that all of yours `@nestjs/*` dependencies are in sync!
 74 |       placeholder: "8.1.3"
 75 | 
 76 |   - type: input
 77 |     attributes:
 78 |       label: "NestJS version"
 79 |       description: "Which version of `@nestjs/core` are you using?"
 80 |       placeholder: "8.1.3"
 81 | 
 82 |   - type: input
 83 |     attributes:
 84 |       label: "Node.js version"
 85 |       description: "Which version of Node.js are you using?"
 86 |       placeholder: "14.17.6"
 87 | 
 88 |   - type: checkboxes
 89 |     attributes:
 90 |       label: "In which operating systems have you tested?"
 91 |       options:
 92 |         - label: macOS
 93 |         - label: Windows
 94 |         - label: Linux
 95 | 
 96 |   - type: markdown
 97 |     attributes:
 98 |       value: |
 99 |         ---
100 | 
101 |   - type: textarea
102 |     attributes:
103 |       label: "Other"
104 |       description: |
105 |         Anything else relevant? eg: Logs, OS version, IDE, package manager, etc.
106 |         **Tip:** You can attach images, recordings or log files by clicking this area to highlight it and then dragging files in
107 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/Feature_request.yml:
--------------------------------------------------------------------------------
 1 | name: "\U0001F680 Feature Request"
 2 | description: "I have a suggestion \U0001F63B!"
 3 | labels: ["feature"]
 4 | body:
 5 |   - type: markdown
 6 |     attributes:
 7 |       value: |
 8 |         ## :warning: We use GitHub Issues to track bug reports, feature requests and regressions
 9 |  
10 |         If you are not sure that your issue is a bug, you could:
11 | 
12 |         - use our [Discord community](https://discord.gg/NestJS)
13 |         - use [StackOverflow using the tag `nestjs`](https://stackoverflow.com/questions/tagged/nestjs)
14 |         - If it's just a quick question you can ping [our Twitter](https://twitter.com/nestframework)
15 | 
16 |         ---
17 | 
18 |   - type: checkboxes
19 |     attributes:
20 |       label: "Is there an existing issue that is already proposing this?"
21 |       description: "Please search [here](./?q=is%3Aissue) to see if an issue already exists for the feature you are requesting"
22 |       options:
23 |       - label: "I have searched the existing issues"
24 |         required: true
25 | 
26 |   - type: textarea
27 |     validations:
28 |       required: true
29 |     attributes:
30 |       label: "Is your feature request related to a problem? Please describe it"
31 |       description: "A clear and concise description of what the problem is"
32 |       placeholder: |
33 |         I have an issue when ...
34 | 
35 |   - type: textarea
36 |     validations:
37 |       required: true
38 |     attributes:
39 |       label: "Describe the solution you'd like"
40 |       description: "A clear and concise description of what you want to happen. Add any considered drawbacks"
41 | 
42 |   - type: textarea
43 |     attributes:
44 |       label: "Teachability, documentation, adoption, migration strategy"
45 |       description: "If you can, explain how users will be able to use this and possibly write out a version the docs. Maybe a screenshot or design?"
46 | 
47 |   - type: textarea
48 |     validations:
49 |       required: true
50 |     attributes:
51 |       label: "What is the motivation / use case for changing the behavior?"
52 |       description: "Describe the motivation or the concrete use case"
53 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/Regression.yml:
--------------------------------------------------------------------------------
 1 | name: "\U0001F4A5 Regression"
 2 | description: "Report an unexpected behavior while upgrading your Nest application!"
 3 | labels: ["needs triage"]
 4 | body:
 5 |   - type: markdown
 6 |     attributes:
 7 |       value: |
 8 |         ## :warning: We use GitHub Issues to track bug reports, feature requests and regressions
 9 |  
10 |         If you are not sure that your issue is a bug, you could:
11 | 
12 |         - use our [Discord community](https://discord.gg/NestJS)
13 |         - use [StackOverflow using the tag `nestjs`](https://stackoverflow.com/questions/tagged/nestjs)
14 |         - If it's just a quick question you can ping [our Twitter](https://twitter.com/nestframework)
15 | 
16 |         **NOTE:** You don't need to answer questions that you know that aren't relevant.
17 | 
18 |         ---
19 | 
20 |   - type: checkboxes
21 |     attributes:
22 |       label: "Did you read the migration guide?"
23 |       description: "Check out the [migration guide here](https://docs.nestjs.com/migration-guide)!"
24 |       options:
25 |       - label: "I have read the whole migration guide"
26 |         required: false
27 | 
28 |   - type: checkboxes
29 |     attributes:
30 |       label: "Is there an existing issue that is already proposing this?"
31 |       description: "Please search [here](./?q=is%3Aissue) to see if an issue already exists for the feature you are requesting"
32 |       options:
33 |       - label: "I have searched the existing issues"
34 |         required: true
35 | 
36 |   - type: input
37 |     attributes:
38 |       label: "Potential Commit/PR that introduced the regression"
39 |       description: "If you have time to investigate, what PR/date/version introduced this issue"
40 |       placeholder: "PR #123 or commit 5b3c4a4"
41 | 
42 |   - type: input
43 |     attributes:
44 |       label: "Versions"
45 |       description: "From which version of `@nestjs/jwt` to which version you are upgrading"
46 |       placeholder: "8.1.0 -> 8.1.3"
47 | 
48 |   - type: textarea
49 |     validations:
50 |       required: true
51 |     attributes:
52 |       label: "Describe the regression"
53 |       description: "A clear and concise description of what the regression is"
54 | 
55 |   - type: textarea
56 |     attributes:
57 |       label: "Minimum reproduction code"
58 |       description: |
59 |         Please share a git repo, a gist, or step-by-step instructions. [Wtf is a minimum reproduction?](https://jmcdo29.github.io/wtf-is-a-minimum-reproduction)
60 |         **Tip:** If you leave a minimum repository, we will understand your issue faster!
61 |       value: |
62 |         ```ts
63 | 
64 |         ```
65 | 
66 |   - type: textarea
67 |     validations:
68 |       required: true
69 |     attributes:
70 |       label: "Expected behavior"
71 |       description: "A clear and concise description of what you expected to happend (or code)"
72 | 
73 |   - type: textarea
74 |     attributes:
75 |       label: "Other"
76 |       description: |
77 |         Anything else relevant? eg: Logs, OS version, IDE, package manager, etc.
78 |         **Tip:** You can attach images, recordings or log files by clicking this area to highlight it and then dragging files in
79 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/config.yml:
--------------------------------------------------------------------------------
1 | ## To encourage contributors to use issue templates, we don't allow blank issues
2 | blank_issues_enabled: false
3 | 
4 | contact_links:
5 |   - name: "\u2753 Discord Community of NestJS"
6 |     url: "https://discord.gg/NestJS"
7 |     about: "Please ask support questions or discuss suggestions/enhancements here."
8 | 


--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | ## PR Checklist
 2 | Please check if your PR fulfills the following requirements:
 3 | 
 4 | - [ ] The commit message follows our guidelines: https://github.com/nestjs/nest/blob/master/CONTRIBUTING.md
 5 | - [ ] Tests for the changes have been added (for bug fixes / features)
 6 | - [ ] Docs have been added / updated (for bug fixes / features)
 7 | 
 8 | 
 9 | ## PR Type
10 | What kind of change does this PR introduce?
11 | 
12 | <!-- Please check the one that applies to this PR using "x". -->
13 | - [ ] Bugfix
14 | - [ ] Feature
15 | - [ ] Code style update (formatting, local variables)
16 | - [ ] Refactoring (no functional changes, no api changes)
17 | - [ ] Build related changes
18 | - [ ] CI related changes
19 | - [ ] Other... Please describe:
20 | 
21 | ## What is the current behavior?
22 | <!-- Please describe the current behavior that you are modifying, or link to a relevant issue. -->
23 | 
24 | Issue Number: N/A
25 | 
26 | 
27 | ## What is the new behavior?
28 | 
29 | 
30 | ## Does this PR introduce a breaking change?
31 | - [ ] Yes
32 | - [ ] No
33 | 
34 | <!-- If this PR contains a breaking change, please describe the impact and migration path for existing applications below. -->
35 | 
36 | 
37 | ## Other information
38 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # dependencies
 2 | /node_modules
 3 | 
 4 | # IDE
 5 | /.idea
 6 | /.awcache
 7 | /.vscode
 8 | 
 9 | # misc
10 | npm-debug.log
11 | .DS_Store
12 | 
13 | # tests
14 | /test
15 | /coverage
16 | /.nyc_output
17 | 
18 | # source
19 | dist


--------------------------------------------------------------------------------
/.husky/.gitignore:
--------------------------------------------------------------------------------
1 | _


--------------------------------------------------------------------------------
/.husky/commit-msg:
--------------------------------------------------------------------------------
1 | npx --no-install commitlint --edit $1


--------------------------------------------------------------------------------
/.husky/pre-commit:
--------------------------------------------------------------------------------
1 | npx --no-install lint-staged


--------------------------------------------------------------------------------
/.npmignore:
--------------------------------------------------------------------------------
1 | # source
2 | lib
3 | index.ts
4 | package-lock.json
5 | tslint.json
6 | tsconfig.json
7 | .prettierrc


--------------------------------------------------------------------------------
/.prettierrc:
--------------------------------------------------------------------------------
1 | {
2 |   "trailingComma": "none",
3 |   "singleQuote": true
4 | }


--------------------------------------------------------------------------------
/.release-it.json:
--------------------------------------------------------------------------------
1 | {
2 |   "git": {
3 |     "commitMessage": "chore(): release v${version}"
4 |   },
5 |   "github": {
6 |     "release": true
7 |   }
8 | }
9 | 


--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
  1 | # Contributing to Nest
  2 | 
  3 | We would love for you to contribute to Nest and help make it even better than it is
  4 | today! As a contributor, here are the guidelines we would like you to follow:
  5 | 
  6 |  - [Code of Conduct](#coc)
  7 |  - [Question or Problem?](#question)
  8 |  - [Issues and Bugs](#issue)
  9 |  - [Feature Requests](#feature)
 10 |  - [Submission Guidelines](#submit)
 11 |  - [Coding Rules](#rules)
 12 |  - [Commit Message Guidelines](#commit)
 13 |  <!-- - [Signing the CLA](#cla) -->
 14 | 
 15 | <!-- ## <a name="coc"></a> Code of Conduct
 16 | Help us keep Nest open and inclusive. Please read and follow our [Code of Conduct][coc]. -->
 17 | 
 18 | ## <a name="question"></a> Got a Question or Problem?
 19 | 
 20 | **Do not open issues for general support questions as we want to keep GitHub issues for bug reports and feature requests.** You've got much better chances of getting your question answered on [Stack Overflow](https://stackoverflow.com/questions/tagged/nestjs) where the questions should be tagged with tag `nestjs`.
 21 | 
 22 | Stack Overflow is a much better place to ask questions since:
 23 | 
 24 | <!-- - there are thousands of people willing to help on Stack Overflow [maybe one day] -->
 25 | - questions and answers stay available for public viewing so your question / answer might help someone else
 26 | - Stack Overflow's voting system assures that the best answers are prominently visible.
 27 | 
 28 | To save your and our time, we will systematically close all issues that are requests for general support and redirect people to Stack Overflow.
 29 | 
 30 | If you would like to chat about the question in real-time, you can reach out via [our gitter channel][gitter].
 31 | 
 32 | ## <a name="issue"></a> Found a Bug?
 33 | If you find a bug in the source code, you can help us by
 34 | [submitting an issue](#submit-issue) to our [GitHub Repository][github]. Even better, you can
 35 | [submit a Pull Request](#submit-pr) with a fix.
 36 | 
 37 | ## <a name="feature"></a> Missing a Feature?
 38 | You can *request* a new feature by [submitting an issue](#submit-issue) to our GitHub
 39 | Repository. If you would like to *implement* a new feature, please submit an issue with
 40 | a proposal for your work first, to be sure that we can use it.
 41 | Please consider what kind of change it is:
 42 | 
 43 | * For a **Major Feature**, first open an issue and outline your proposal so that it can be
 44 | discussed. This will also allow us to better coordinate our efforts, prevent duplication of work,
 45 | and help you to craft the change so that it is successfully accepted into the project. For your issue name, please prefix your proposal with `[discussion]`, for example "[discussion]: your feature idea".
 46 | * **Small Features** can be crafted and directly [submitted as a Pull Request](#submit-pr).
 47 | 
 48 | ## <a name="submit"></a> Submission Guidelines
 49 | 
 50 | ### <a name="submit-issue"></a> Submitting an Issue
 51 | 
 52 | Before you submit an issue, please search the issue tracker, maybe an issue for your problem already exists and the discussion might inform you of workarounds readily available.
 53 | 
 54 | We want to fix all the issues as soon as possible, but before fixing a bug we need to reproduce and confirm it. In order to reproduce bugs we will systematically ask you to provide a minimal reproduction scenario using a repository or [Gist](https://gist.github.com/). Having a live, reproducible scenario gives us wealth of important information without going back & forth to you with additional questions like:
 55 | 
 56 | - version of NestJS used
 57 | - 3rd-party libraries and their versions
 58 | - and most importantly - a use-case that fails
 59 | 
 60 | <!--
 61 | // TODO we need to create a playground, similar to plunkr
 62 | 
 63 | A minimal reproduce scenario using a repository or Gist allows us to quickly confirm a bug (or point out coding problem) as well as confirm that we are fixing the right problem. If neither of these are not a suitable way to demonstrate the problem (for example for issues related to our npm packaging), please create a standalone git repository demonstrating the problem. -->
 64 | 
 65 | <!-- We will be insisting on a minimal reproduce scenario in order to save maintainers time and ultimately be able to fix more bugs. Interestingly, from our experience users often find coding problems themselves while preparing a minimal plunk. We understand that sometimes it might be hard to extract essentials bits of code from a larger code-base but we really need to isolate the problem before we can fix it. -->
 66 | 
 67 | Unfortunately, we are not able to investigate / fix bugs without a minimal reproduction, so if we don't hear back from you we are going to close an issue that don't have enough info to be reproduced.
 68 | 
 69 | You can file new issues by filling out our [new issue form](https://github.com/nestjs/nest/issues/new).
 70 | 
 71 | 
 72 | ### <a name="submit-pr"></a> Submitting a Pull Request (PR)
 73 | Before you submit your Pull Request (PR) consider the following guidelines:
 74 | 
 75 | 1. Search [GitHub](https://github.com/nestjs/nest/pulls) for an open or closed PR
 76 |   that relates to your submission. You don't want to duplicate effort.
 77 | <!-- 1. Please sign our [Contributor License Agreement (CLA)](#cla) before sending PRs.
 78 |   We cannot accept code without this. -->
 79 | 1. Fork the nestjs/nest repo.
 80 | 1. Make your changes in a new git branch:
 81 | 
 82 |      ```shell
 83 |      git checkout -b my-fix-branch master
 84 |      ```
 85 | 
 86 | 1. Create your patch, **including appropriate test cases**.
 87 | 1. Follow our [Coding Rules](#rules).
 88 | 1. Run the full Nest test suite, as described in the [developer documentation][dev-doc],
 89 |   and ensure that all tests pass.
 90 | 1. Commit your changes using a descriptive commit message that follows our
 91 |   [commit message conventions](#commit). Adherence to these conventions
 92 |   is necessary because release notes are automatically generated from these messages.
 93 | 
 94 |      ```shell
 95 |      git commit -a
 96 |      ```
 97 |     Note: the optional commit `-a` command line option will automatically "add" and "rm" edited files.
 98 | 
 99 | 1. Push your branch to GitHub:
100 | 
101 |     ```shell
102 |     git push origin my-fix-branch
103 |     ```
104 | 
105 | 1. In GitHub, send a pull request to `nestjs:master`.
106 | * If we suggest changes then:
107 |   * Make the required updates.
108 |   * Re-run the Nest test suites to ensure tests are still passing.
109 |   * Rebase your branch and force push to your GitHub repository (this will update your Pull Request):
110 | 
111 |     ```shell
112 |     git rebase master -i
113 |     git push -f
114 |     ```
115 | 
116 | That's it! Thank you for your contribution!
117 | 
118 | #### After your pull request is merged
119 | 
120 | After your pull request is merged, you can safely delete your branch and pull the changes
121 | from the main (upstream) repository:
122 | 
123 | * Delete the remote branch on GitHub either through the GitHub web UI or your local shell as follows:
124 | 
125 |     ```shell
126 |     git push origin --delete my-fix-branch
127 |     ```
128 | 
129 | * Check out the master branch:
130 | 
131 |     ```shell
132 |     git checkout master -f
133 |     ```
134 | 
135 | * Delete the local branch:
136 | 
137 |     ```shell
138 |     git branch -D my-fix-branch
139 |     ```
140 | 
141 | * Update your master with the latest upstream version:
142 | 
143 |     ```shell
144 |     git pull --ff upstream master
145 |     ```
146 | 
147 | ## <a name="rules"></a> Coding Rules
148 | To ensure consistency throughout the source code, keep these rules in mind as you are working:
149 | 
150 | * All features or bug fixes **must be tested** by one or more specs (unit-tests).
151 | <!--
152 | // We're working on auto-documentation.
153 | * All public API methods **must be documented**. (Details TBC). -->
154 | * We follow [Google's JavaScript Style Guide][js-style-guide], but wrap all code at
155 |   **100 characters**. An automated formatter is available, see
156 |   [DEVELOPER.md](docs/DEVELOPER.md#clang-format).
157 | 
158 | ## <a name="commit"></a> Commit Message Guidelines
159 | 
160 | We have very precise rules over how our git commit messages can be formatted.  This leads to **more
161 | readable messages** that are easy to follow when looking through the **project history**.  But also,
162 | we use the git commit messages to **generate the Nest change log**.
163 | 
164 | ### Commit Message Format
165 | Each commit message consists of a **header**, a **body** and a **footer**.  The header has a special
166 | format that includes a **type**, a **scope** and a **subject**:
167 | 
168 | ```
169 | <type>(<scope>): <subject>
170 | <BLANK LINE>
171 | <body>
172 | <BLANK LINE>
173 | <footer>
174 | ```
175 | 
176 | The **header** is mandatory and the **scope** of the header is optional.
177 | 
178 | Any line of the commit message cannot be longer 100 characters! This allows the message to be easier
179 | to read on GitHub as well as in various git tools.
180 | 
181 | Footer should contain a [closing reference to an issue](https://help.github.com/articles/closing-issues-via-commit-messages/) if any.
182 | 
183 | Samples: (even more [samples](https://github.com/nestjs/nest/commits/master))
184 | 
185 | ```
186 | docs(changelog) update change log to beta.5
187 | ```
188 | ```
189 | fix(@nestjs/core) need to depend on latest rxjs and zone.js
190 | 
191 | The version in our package.json gets copied to the one we publish, and users need the latest of these.
192 | ```
193 | 
194 | ### Revert
195 | If the commit reverts a previous commit, it should begin with `revert: `, followed by the header of the reverted commit. In the body it should say: `This reverts commit <hash>.`, where the hash is the SHA of the commit being reverted.
196 | 
197 | ### Type
198 | Must be one of the following:
199 | 
200 | * **build**: Changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)
201 | * **chroe**: Updating tasks etc; no production code change
202 | * **ci**: Changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)
203 | * **docs**: Documentation only changes
204 | * **feat**: A new feature
205 | * **fix**: A bug fix
206 | * **perf**: A code change that improves performance
207 | * **refactor**: A code change that neither fixes a bug nor adds a feature
208 | * **style**: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
209 | * **test**: Adding missing tests or correcting existing tests
210 | 
211 | 
212 | ### Subject
213 | The subject contains succinct description of the change:
214 | 
215 | * use the imperative, present tense: "change" not "changed" nor "changes"
216 | * don't capitalize first letter
217 | * no dot (.) at the end
218 | 
219 | ### Body
220 | Just as in the **subject**, use the imperative, present tense: "change" not "changed" nor "changes".
221 | The body should include the motivation for the change and contrast this with previous behavior.
222 | 
223 | ### Footer
224 | The footer should contain any information about **Breaking Changes** and is also the place to
225 | reference GitHub issues that this commit **Closes**.
226 | 
227 | **Breaking Changes** should start with the word `BREAKING CHANGE:` with a space or two newlines. The rest of the commit message is then used for this.
228 | 
229 | A detailed explanation can be found in this [document][commit-message-format].
230 | 
231 | <!-- ## <a name="cla"></a> Signing the CLA
232 | 
233 | Please sign our Contributor License Agreement (CLA) before sending pull requests. For any code
234 | changes to be accepted, the CLA must be signed. It's a quick process, we promise!
235 | 
236 | * For individuals we have a [simple click-through form][individual-cla].
237 | * For corporations we'll need you to
238 |   [print, sign and one of scan+email, fax or mail the form][corporate-cla]. -->
239 | 
240 | 
241 | <!-- [angular-group]: https://groups.google.com/forum/#!forum/angular -->
242 | <!-- [coc]: https://github.com/angular/code-of-conduct/blob/master/CODE_OF_CONDUCT.md -->
243 | [commit-message-format]: https://docs.google.com/document/d/1QrDFcIiPjSLDn3EL15IJygNPiHORgU1_OOAqWjiDU5Y/edit#
244 | [corporate-cla]: http://code.google.com/legal/corporate-cla-v1.0.html
245 | [dev-doc]: https://github.com/nestjs/nest/blob/master/docs/DEVELOPER.md
246 | [github]: https://github.com/nestjs/nest
247 | [gitter]: https://gitter.im/nestjs/nest
248 | [individual-cla]: http://code.google.com/legal/individual-cla-v1.0.html
249 | [js-style-guide]: https://google.github.io/styleguide/jsguide.html
250 | [jsfiddle]: http://jsfiddle.net
251 | [plunker]: http://plnkr.co/edit
252 | [runnable]: http://runnable.com
253 | <!-- [stackoverflow]: http://stackoverflow.com/questions/tagged/angular -->
254 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2018-2022 Kamil Mysliwiec <https://kamilmysliwiec.com>
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | <p align="center">
  2 |   <a href="http://nestjs.com/" target="blank"><img src="https://nestjs.com/img/logo-small.svg" width="120" alt="Nest Logo" /></a>
  3 | </p>
  4 | 
  5 | [travis-image]: https://api.travis-ci.org/nestjs/nest.svg?branch=master
  6 | [travis-url]: https://travis-ci.org/nestjs/nest
  7 | [linux-image]: https://img.shields.io/travis/nestjs/nest/master.svg?label=linux
  8 | [linux-url]: https://travis-ci.org/nestjs/nest
  9 | 
 10 |   <p align="center">A progressive <a href="http://nodejs.org" target="blank">Node.js</a> framework for building efficient and scalable server-side applications.</p>
 11 |     <p align="center">
 12 | <a href="https://www.npmjs.com/~nestjscore"><img src="https://img.shields.io/npm/v/@nestjs/core.svg" alt="NPM Version" /></a>
 13 | <a href="https://www.npmjs.com/~nestjscore"><img src="https://img.shields.io/npm/l/@nestjs/core.svg" alt="Package License" /></a>
 14 | <a href="https://www.npmjs.com/~nestjscore"><img src="https://img.shields.io/npm/dm/@nestjs/core.svg" alt="NPM Downloads" /></a>
 15 | <a href="https://discord.gg/G7Qnnhy" target="_blank"><img src="https://img.shields.io/badge/discord-online-brightgreen.svg" alt="Discord"/></a>
 16 | <a href="https://opencollective.com/nest#backer"><img src="https://opencollective.com/nest/backers/badge.svg" alt="Backers on Open Collective" /></a>
 17 | <a href="https://opencollective.com/nest#sponsor"><img src="https://opencollective.com/nest/sponsors/badge.svg" alt="Sponsors on Open Collective" /></a>
 18 |   <a href="https://paypal.me/kamilmysliwiec"><img src="https://img.shields.io/badge/Donate-PayPal-dc3d53.svg"/></a>
 19 |   <a href="https://twitter.com/nestframework"><img src="https://img.shields.io/twitter/follow/nestframework.svg?style=social&label=Follow"></a>
 20 | </p>
 21 |   <!--[![Backers on Open Collective](https://opencollective.com/nest/backers/badge.svg)](https://opencollective.com/nest#backer)
 22 |   [![Sponsors on Open Collective](https://opencollective.com/nest/sponsors/badge.svg)](https://opencollective.com/nest#sponsor)-->
 23 | 
 24 | ## Description
 25 | 
 26 | JWT utilities module for [Nest](https://github.com/nestjs/nest) based on the [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) package.
 27 | 
 28 | ## Installation
 29 | 
 30 | ```bash
 31 | $ npm i --save @nestjs/jwt
 32 | ```
 33 | 
 34 | ## Usage
 35 | 
 36 | Import `JwtModule`:
 37 | 
 38 | ```typescript
 39 | @Module({
 40 |   imports: [JwtModule.register({ secret: 'hard!to-guess_secret' })],
 41 |   providers: [...],
 42 | })
 43 | export class AuthModule {}
 44 | ```
 45 | 
 46 | Inject `JwtService`:
 47 | 
 48 | ```typescript
 49 | @Injectable()
 50 | export class AuthService {
 51 |   constructor(private readonly jwtService: JwtService) {}
 52 | }
 53 | ```
 54 | 
 55 | ## Secret / Encryption Key options
 56 | 
 57 | If you want to control secret and key management dynamically you can use the `secretOrKeyProvider` function for that purpose. You also can use asynchronous version of `secretOrKeyProvider`.
 58 | NOTE: For asynchronous version of `secretOrKeyProvider`, synchronous versions of `.sign()` and `.verify()` will throw an exception.
 59 | 
 60 | ```typescript
 61 | JwtModule.register({
 62 |    /* Secret has precedence over keys */
 63 |   secret: 'hard!to-guess_secret',
 64 | 
 65 |   /* public key used in asymmetric algorithms (required if non other secrets present) */
 66 |   publicKey: '...',
 67 | 
 68 |   /* private key used in asymmetric algorithms (required if non other secrets present) */
 69 |   privateKey: '...',
 70 | 
 71 |   /* Dynamic key provider has precedence over static secret or pub/private keys */
 72 |   secretOrKeyProvider: (
 73 |     requestType: JwtSecretRequestType,
 74 |     tokenOrPayload: string | Object | Buffer,
 75 |     verifyOrSignOrOptions?: jwt.VerifyOptions | jwt.SignOptions
 76 |   ) => {
 77 |     switch (requestType) {
 78 |       case JwtSecretRequestType.SIGN:
 79 |         // retrieve signing key dynamically
 80 |         return 'privateKey';
 81 |       case JwtSecretRequestType.VERIFY:
 82 |         // retrieve public key for verification dynamically
 83 |         return 'publicKey';
 84 |       default:
 85 |         // retrieve secret dynamically
 86 |         return 'hard!to-guess_secret';
 87 |     }
 88 |   },
 89 | });
 90 | ```
 91 | 
 92 | ## Async options
 93 | 
 94 | Quite often you might want to asynchronously pass your module options instead of passing them beforehand. In such case, use `registerAsync()` method, that provides a couple of various ways to deal with async data.
 95 | 
 96 | **1. Use factory**
 97 | 
 98 | ```typescript
 99 | JwtModule.registerAsync({
100 |   useFactory: () => ({
101 |     secret: 'hard!to-guess_secret'
102 |   })
103 | });
104 | ```
105 | 
106 | Obviously, our factory behaves like every other one (might be `async` and is able to inject dependencies through `inject`).
107 | 
108 | ```typescript
109 | JwtModule.registerAsync({
110 |   imports: [ConfigModule],
111 |   useFactory: async (configService: ConfigService) => ({
112 |     secret: configService.get<string>('SECRET'),
113 |   }),
114 |   inject: [ConfigService],
115 | }),
116 | ```
117 | 
118 | **2. Use class**
119 | 
120 | ```typescript
121 | JwtModule.registerAsync({
122 |   useClass: JwtConfigService
123 | });
124 | ```
125 | 
126 | Above construction will instantiate `JwtConfigService` inside `JwtModule` and will leverage it to create options object.
127 | 
128 | ```typescript
129 | class JwtConfigService implements JwtOptionsFactory {
130 |   createJwtOptions(): JwtModuleOptions {
131 |     return {
132 |       secret: 'hard!to-guess_secret'
133 |     };
134 |   }
135 | }
136 | ```
137 | 
138 | **3. Use existing**
139 | 
140 | ```typescript
141 | JwtModule.registerAsync({
142 |   imports: [ConfigModule],
143 |   useExisting: ConfigService,
144 | }),
145 | ```
146 | 
147 | It works the same as `useClass` with one critical difference - `JwtModule` will lookup imported modules to reuse already created `ConfigService`, instead of instantiating it on its own.
148 | 
149 | ## API Spec
150 | 
151 | The `JwtService` uses [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) underneath.
152 | 
153 | #### jwtService.sign(payload: string | Object | Buffer, options?: JwtSignOptions): string
154 | 
155 | The sign method is an implementation of jsonwebtoken `.sign()`. Differing from jsonwebtoken it also allows an additional `secret`, `privateKey`, and `publicKey` properties on `options` to override options passed in from the module. It only overrides the `secret`, `publicKey` or `privateKey` though not a `secretOrKeyProvider`.
156 | NOTE: Will throw an exception for asynchronous version of `secretOrKeyProvider`;
157 | 
158 | #### jwtService.signAsync(payload: string | Object | Buffer, options?: JwtSignOptions): Promise\<string\>
159 | 
160 | The asynchronous `.sign()` method.
161 | 
162 | #### jwtService.verify\<T extends object = any>(token: string, options?: JwtVerifyOptions): T
163 | 
164 | The verify method is an implementation of jsonwebtoken `.verify()`. Differing from jsonwebtoken it also allows an additional `secret`, `privateKey`, and `publicKey` properties on `options` to override options passed in from the module. It only overrides the `secret`, `publicKey` or `privateKey` though not a `secretOrKeyProvider`.
165 | NOTE: Will throw an exception for asynchronous version of `secretOrKeyProvider`;
166 | 
167 | #### jwtService.verifyAsync\<T extends object = any>(token: string, options?: JwtVerifyOptions): Promise\<T\>
168 | 
169 | The asynchronous `.verify()` method.
170 | 
171 | #### jwtService.decode(token: string, options: DecodeOptions): object | string
172 | 
173 | The decode method is an implementation of jsonwebtoken `.decode()`.
174 | 
175 | The `JwtModule` takes an `options` object:
176 | 
177 | - `secret` is either a string, buffer, or object containing the secret for HMAC algorithms
178 | - `secretOrKeyProvider` function with the following signature `(requestType, tokenOrPayload, options?) => jwt.Secret | Promise<jwt.Secret>` (allows generating either secrets or keys dynamically)
179 | - `signOptions` [read more](https://github.com/auth0/node-jsonwebtoken#jwtsignpayload-secretorprivatekey-options-callback)
180 | - `privateKey` PEM encoded private key for RSA and ECDSA with passphrase an object `{ key, passphrase }` [read more](https://github.com/auth0/node-jsonwebtoken#jwtsignpayload-secretorprivatekey-options-callback)
181 | - `publicKey` PEM encoded public key for RSA and ECDSA
182 | - `verifyOptions` [read more](https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback)
183 | - `secretOrPrivateKey` (DEPRECATED!) [read more](https://github.com/auth0/node-jsonwebtoken#jwtsignpayload-secretorprivatekey-options-callback)
184 | 
185 | ## Support
186 | 
187 | Nest is an MIT-licensed open source project. It can grow thanks to the sponsors and support by the amazing backers. If you'd like to join them, please [read more here](https://docs.nestjs.com/support).
188 | 
189 | ## Stay in touch
190 | 
191 | - Author - [Kamil Myśliwiec](https://twitter.com/kammysliwiec)
192 | - Website - [https://nestjs.com](https://nestjs.com/)
193 | - Twitter - [@nestframework](https://twitter.com/nestframework)
194 | 
195 | ## License
196 | 
197 | Nest is [MIT licensed](LICENSE).
198 | 


--------------------------------------------------------------------------------
/eslint.config.mjs:
--------------------------------------------------------------------------------
 1 | // @ts-check
 2 | import eslint from '@eslint/js';
 3 | import eslintPluginPrettierRecommended from 'eslint-plugin-prettier/recommended';
 4 | import globals from 'globals';
 5 | import tseslint from 'typescript-eslint';
 6 | 
 7 | export default tseslint.config(
 8 |   {
 9 |     ignores: ['tests/**'],
10 |   },
11 |   eslint.configs.recommended,
12 |   ...tseslint.configs.recommendedTypeChecked,
13 |   eslintPluginPrettierRecommended,
14 |   {
15 |     languageOptions: {
16 |       globals: {
17 |         ...globals.node,
18 |         ...globals.jest,
19 |       },
20 |       ecmaVersion: 5,
21 |       sourceType: 'module',
22 |       parserOptions: {
23 |         projectService: true,
24 |         tsconfigRootDir: import.meta.dirname,
25 |       },
26 |     },
27 |   },
28 |   {
29 |     rules: {
30 |       '@typescript-eslint/no-explicit-any': 'off',
31 |       '@typescript-eslint/no-unsafe-assignment': 'off',
32 |       '@typescript-eslint/no-unsafe-call': 'off',
33 |       '@typescript-eslint/no-unsafe-member-access': 'off',
34 |       '@typescript-eslint/no-unsafe-function-type': 'off',
35 |       '@typescript-eslint/no-unsafe-argument': 'off',
36 |       '@typescript-eslint/no-unsafe-return': 'off',
37 |       '@typescript-eslint/no-misused-promises': 'off',
38 |       '@typescript-eslint/ban-ts-comment': 'warn'
39 |     },
40 |   },
41 | );


--------------------------------------------------------------------------------
/index.d.ts:
--------------------------------------------------------------------------------
1 | export * from './dist';
2 | 


--------------------------------------------------------------------------------
/index.js:
--------------------------------------------------------------------------------
1 | "use strict";
2 | function __export(m) {
3 |     for (var p in m) if (!exports.hasOwnProperty(p)) exports[p] = m[p];
4 | }
5 | exports.__esModule = true;
6 | __export(require("./dist"));
7 | 


--------------------------------------------------------------------------------
/index.ts:
--------------------------------------------------------------------------------
1 | export * from './dist';
2 | 


--------------------------------------------------------------------------------
/jest.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "moduleFileExtensions": ["ts", "tsx", "js", "json"],
 3 |   "transform": {
 4 |     "^.+\\.tsx?$": "ts-jest"
 5 |   },
 6 |   "testRegex": "/lib/.*\\.(test|spec).(ts|tsx|js)$",
 7 |   "collectCoverageFrom": [
 8 |     "lib/**/*.{js,jsx,tsx,ts}",
 9 |     "!**/node_modules/**",
10 |     "!**/vendor/**"
11 |   ],
12 |   "coverageReporters": ["json", "lcov"]
13 | }
14 | 


--------------------------------------------------------------------------------
/lib/index.ts:
--------------------------------------------------------------------------------
 1 | export * from './interfaces';
 2 | export * from './jwt.errors';
 3 | export * from './jwt.module';
 4 | export * from './jwt.service';
 5 | export {
 6 |   TokenExpiredError,
 7 |   NotBeforeError,
 8 |   JsonWebTokenError
 9 | } from 'jsonwebtoken';
10 | 


--------------------------------------------------------------------------------
/lib/interfaces/index.ts:
--------------------------------------------------------------------------------
1 | export * from './jwt-module-options.interface';
2 | 


--------------------------------------------------------------------------------
/lib/interfaces/jwt-module-options.interface.ts:
--------------------------------------------------------------------------------
 1 | import { ModuleMetadata, Provider, Type } from '@nestjs/common';
 2 | import * as jwt from 'jsonwebtoken';
 3 | 
 4 | export enum JwtSecretRequestType {
 5 |   SIGN,
 6 |   VERIFY
 7 | }
 8 | 
 9 | /**
10 |  * @publicApi
11 |  */
12 | export interface JwtModuleOptions {
13 |   global?: boolean;
14 |   signOptions?: jwt.SignOptions;
15 |   secret?: string | Buffer;
16 |   publicKey?: string | Buffer;
17 |   privateKey?: jwt.Secret;
18 |   /**
19 |    * @deprecated
20 |    */
21 |   secretOrPrivateKey?: jwt.Secret;
22 |   secretOrKeyProvider?: (
23 |     requestType: JwtSecretRequestType,
24 |     tokenOrPayload: string | object | Buffer,
25 |     options?: jwt.VerifyOptions | jwt.SignOptions
26 |   ) => jwt.Secret | Promise<jwt.Secret>;
27 |   verifyOptions?: jwt.VerifyOptions;
28 | }
29 | 
30 | /**
31 |  * @publicApi
32 |  */
33 | export interface JwtOptionsFactory {
34 |   createJwtOptions(): Promise<JwtModuleOptions> | JwtModuleOptions;
35 | }
36 | 
37 | /**
38 |  * @publicApi
39 |  */
40 | export interface JwtModuleAsyncOptions extends Pick<ModuleMetadata, 'imports'> {
41 |   global?: boolean;
42 |   useExisting?: Type<JwtOptionsFactory>;
43 |   useClass?: Type<JwtOptionsFactory>;
44 |   useFactory?: (...args: any[]) => Promise<JwtModuleOptions> | JwtModuleOptions;
45 |   inject?: any[];
46 |   extraProviders?: Provider[];
47 | }
48 | 
49 | /**
50 |  * @publicApi
51 |  */
52 | export interface JwtSignOptions extends jwt.SignOptions {
53 |   secret?: string | Buffer;
54 |   privateKey?: jwt.Secret;
55 | }
56 | 
57 | /**
58 |  * @publicApi
59 |  */
60 | export interface JwtVerifyOptions extends jwt.VerifyOptions {
61 |   secret?: string | Buffer;
62 |   publicKey?: string | Buffer;
63 | }
64 | 
65 | export type GetSecretKeyResult = string | Buffer | jwt.Secret;
66 | 


--------------------------------------------------------------------------------
/lib/jwt.constants.ts:
--------------------------------------------------------------------------------
1 | export const JWT_MODULE_OPTIONS = 'JWT_MODULE_OPTIONS';
2 | 


--------------------------------------------------------------------------------
/lib/jwt.errors.ts:
--------------------------------------------------------------------------------
1 | export class WrongSecretProviderError extends Error {}
2 | 


--------------------------------------------------------------------------------
/lib/jwt.module.ts:
--------------------------------------------------------------------------------
 1 | import { DynamicModule, Module, Provider } from '@nestjs/common';
 2 | import {
 3 |   JwtModuleAsyncOptions,
 4 |   JwtModuleOptions,
 5 |   JwtOptionsFactory
 6 | } from './interfaces/jwt-module-options.interface';
 7 | import { JWT_MODULE_OPTIONS } from './jwt.constants';
 8 | import { createJwtProvider } from './jwt.providers';
 9 | import { JwtService } from './jwt.service';
10 | 
11 | /**
12 |  * @publicApi
13 |  */
14 | @Module({
15 |   providers: [JwtService],
16 |   exports: [JwtService]
17 | })
18 | export class JwtModule {
19 |   static register(options: JwtModuleOptions): DynamicModule {
20 |     return {
21 |       module: JwtModule,
22 |       global: options.global,
23 |       providers: createJwtProvider(options)
24 |     };
25 |   }
26 | 
27 |   static registerAsync(options: JwtModuleAsyncOptions): DynamicModule {
28 |     return {
29 |       module: JwtModule,
30 |       global: options.global,
31 |       imports: options.imports || [],
32 |       providers: [
33 |         ...this.createAsyncProviders(options),
34 |         ...(options.extraProviders ?? [])
35 |       ]
36 |     };
37 |   }
38 | 
39 |   private static createAsyncProviders(
40 |     options: JwtModuleAsyncOptions
41 |   ): Provider[] {
42 |     if (options.useExisting || options.useFactory) {
43 |       return [this.createAsyncOptionsProvider(options)];
44 |     }
45 |     return [
46 |       this.createAsyncOptionsProvider(options),
47 |       {
48 |         provide: options.useClass,
49 |         useClass: options.useClass
50 |       }
51 |     ];
52 |   }
53 | 
54 |   private static createAsyncOptionsProvider(
55 |     options: JwtModuleAsyncOptions
56 |   ): Provider {
57 |     if (options.useFactory) {
58 |       return {
59 |         provide: JWT_MODULE_OPTIONS,
60 |         useFactory: options.useFactory,
61 |         inject: options.inject || []
62 |       };
63 |     }
64 |     return {
65 |       provide: JWT_MODULE_OPTIONS,
66 |       useFactory: async (optionsFactory: JwtOptionsFactory) =>
67 |         await optionsFactory.createJwtOptions(),
68 |       inject: [options.useExisting || options.useClass]
69 |     };
70 |   }
71 | }
72 | 


--------------------------------------------------------------------------------
/lib/jwt.providers.ts:
--------------------------------------------------------------------------------
 1 | import { JwtModuleOptions } from './interfaces/jwt-module-options.interface';
 2 | import { JWT_MODULE_OPTIONS } from './jwt.constants';
 3 | 
 4 | /**
 5 |  * @publicApi
 6 |  */
 7 | export function createJwtProvider(options: JwtModuleOptions): any[] {
 8 |   return [{ provide: JWT_MODULE_OPTIONS, useValue: options || {} }];
 9 | }
10 | 


--------------------------------------------------------------------------------
/lib/jwt.service.spec.ts:
--------------------------------------------------------------------------------
  1 | import { Test } from '@nestjs/testing';
  2 | import * as jwt from 'jsonwebtoken';
  3 | import {
  4 |   JwtModuleOptions,
  5 |   JwtSecretRequestType
  6 | } from './interfaces/jwt-module-options.interface';
  7 | import { JwtModule } from './jwt.module';
  8 | import { JwtService } from './jwt.service';
  9 | 
 10 | const setup = async (config: JwtModuleOptions) => {
 11 |   const module = await Test.createTestingModule({
 12 |     imports: [JwtModule.register(config)]
 13 |   }).compile();
 14 | 
 15 |   return module.get<JwtService>(JwtService);
 16 | };
 17 | 
 18 | const config = {
 19 |   secretOrKeyProvider: (requestType: JwtSecretRequestType) =>
 20 |     requestType === JwtSecretRequestType.SIGN ? 'sign_secret' : 'verify_secret',
 21 |   secret: 'default_secret',
 22 |   publicKey: 'public_key',
 23 |   privateKey: 'private_key'
 24 | };
 25 | 
 26 | describe('JwtService', () => {
 27 |   let verifySpy: jest.SpyInstance;
 28 |   let signSpy: jest.SpyInstance;
 29 |   const getRandomString = () => `${Date.now()}`;
 30 | 
 31 |   beforeEach(() => {
 32 |     signSpy = jest
 33 |       .spyOn(jwt, 'sign')
 34 |       .mockImplementation((token: string, secret, options, callback) => {
 35 |         const result = 'signed_' + token + '_by_' + (secret as string);
 36 |         return callback ? callback(null, result) : result;
 37 |       });
 38 | 
 39 |     verifySpy = jest
 40 |       .spyOn(jwt, 'verify')
 41 |       .mockImplementation((token, secret, options, callback) => {
 42 |         const result = 'verified_' + token + '_by_' + (secret as string);
 43 |         return callback ? callback(null, result as any) : result;
 44 |       });
 45 |   });
 46 | 
 47 |   afterEach(() => {
 48 |     verifySpy.mockRestore();
 49 |     signSpy.mockRestore();
 50 |   });
 51 | 
 52 |   describe('should use config.secretOrKeyProvider', () => {
 53 |     let jwtService: JwtService;
 54 |     const testPayload: string = getRandomString();
 55 | 
 56 |     beforeAll(async () => {
 57 |       jwtService = await setup(config);
 58 |     });
 59 | 
 60 |     it('signing should use config.secretOrKeyProvider', () => {
 61 |       expect(jwtService.sign(testPayload)).toBe(
 62 |         `signed_${testPayload}_by_sign_secret`
 63 |       );
 64 |     });
 65 | 
 66 |     it('signing (async) should use config.secretOrKeyProvider', async () => {
 67 |       await expect(jwtService.signAsync(testPayload)).resolves.toBe(
 68 |         `signed_${testPayload}_by_sign_secret`
 69 |       );
 70 |     });
 71 | 
 72 |     it('verifying should use config.secretOrKeyProvider', async () => {
 73 |       expect(await jwtService.verify(testPayload)).toBe(
 74 |         `verified_${testPayload}_by_verify_secret`
 75 |       );
 76 |     });
 77 | 
 78 |     it('verifying (async) should use config.secretOrKeyProvider', async () => {
 79 |       await expect(jwtService.verifyAsync(testPayload)).resolves.toBe(
 80 |         `verified_${testPayload}_by_verify_secret`
 81 |       );
 82 |     });
 83 |   });
 84 | 
 85 |   describe('should use config.secret', () => {
 86 |     let jwtService: JwtService;
 87 |     const testPayload: string = getRandomString();
 88 | 
 89 |     beforeAll(async () => {
 90 |       jwtService = await setup({ ...config, secretOrKeyProvider: undefined });
 91 |     });
 92 | 
 93 |     it('signing should use config.secret', () => {
 94 |       expect(jwtService.sign(testPayload)).toBe(
 95 |         `signed_${testPayload}_by_default_secret`
 96 |       );
 97 |     });
 98 | 
 99 |     it('signing (async) should use config.secret', async () => {
100 |       await expect(jwtService.signAsync(testPayload)).resolves.toBe(
101 |         `signed_${testPayload}_by_default_secret`
102 |       );
103 |     });
104 | 
105 |     it('verifying should use config.secret', async () => {
106 |       expect(await jwtService.verify(testPayload)).toBe(
107 |         `verified_${testPayload}_by_default_secret`
108 |       );
109 |     });
110 | 
111 |     it('verifying (async) should use config.secret', async () => {
112 |       await expect(jwtService.verifyAsync(testPayload)).resolves.toBe(
113 |         `verified_${testPayload}_by_default_secret`
114 |       );
115 |     });
116 |   });
117 | 
118 |   describe('should use config.privateKey and config.publicKey', () => {
119 |     let jwtService: JwtService;
120 |     const testPayload: string = getRandomString();
121 | 
122 |     beforeAll(async () => {
123 |       jwtService = await setup({
124 |         ...config,
125 |         secretOrKeyProvider: undefined,
126 |         secret: undefined
127 |       });
128 |     });
129 | 
130 |     it('signing should use config.privateKey', () => {
131 |       expect(jwtService.sign(testPayload)).toBe(
132 |         `signed_${testPayload}_by_private_key`
133 |       );
134 |     });
135 | 
136 |     it('signing (async) should use config.privateKey', async () => {
137 |       await expect(jwtService.signAsync(testPayload)).resolves.toBe(
138 |         `signed_${testPayload}_by_private_key`
139 |       );
140 |     });
141 | 
142 |     it('verifying should use config.publicKey', async () => {
143 |       expect(await jwtService.verify(testPayload)).toBe(
144 |         `verified_${testPayload}_by_public_key`
145 |       );
146 |     });
147 | 
148 |     it('verifying (async) should use config.publicKey', async () => {
149 |       await expect(jwtService.verifyAsync(testPayload)).resolves.toBe(
150 |         `verified_${testPayload}_by_public_key`
151 |       );
152 |     });
153 |   });
154 | 
155 |   describe('should use config.secretOrPrivateKey but warn about deprecation', () => {
156 |     let jwtService: JwtService;
157 |     let consoleWarnSpy: jest.SpyInstance;
158 |     const testPayload: string = getRandomString();
159 | 
160 |     beforeAll(async () => {
161 |       jwtService = await setup({
162 |         ...config,
163 |         secretOrPrivateKey: 'deprecated_key'
164 |       });
165 |       consoleWarnSpy = jest.spyOn(jwtService['logger'], 'warn');
166 |     });
167 | 
168 |     it('signing should use deprecated secretOrPrivateKey', () => {
169 |       expect(jwtService.sign(testPayload)).toBe(
170 |         `signed_${testPayload}_by_deprecated_key`
171 |       );
172 |       expect(consoleWarnSpy).toHaveBeenCalledTimes(1);
173 |     });
174 | 
175 |     it('signing (async) should use deprecated secretOrPrivateKey', async () => {
176 |       await expect(jwtService.signAsync(testPayload)).resolves.toBe(
177 |         `signed_${testPayload}_by_deprecated_key`
178 |       );
179 |       expect(consoleWarnSpy).toHaveBeenCalledTimes(1);
180 |     });
181 | 
182 |     it('verifying should use deprecated secretOrPrivateKey', async () => {
183 |       expect(await jwtService.verify(testPayload)).toBe(
184 |         `verified_${testPayload}_by_deprecated_key`
185 |       );
186 |       expect(consoleWarnSpy).toHaveBeenCalledTimes(1);
187 |     });
188 | 
189 |     it('verifying (async) should use deprecated secretOrPrivateKey', async () => {
190 |       await expect(jwtService.verifyAsync(testPayload)).resolves.toBe(
191 |         `verified_${testPayload}_by_deprecated_key`
192 |       );
193 |       expect(consoleWarnSpy).toHaveBeenCalledTimes(1);
194 |     });
195 | 
196 |     afterEach(() => {
197 |       consoleWarnSpy.mockClear();
198 |     });
199 |   });
200 | 
201 |   describe('should allow buffers for secrets', () => {
202 |     let jwtService: JwtService;
203 |     let secretB64: Buffer;
204 |     const testPayload = { foo: 'bar' };
205 | 
206 |     beforeEach(async () => {
207 |       secretB64 = Buffer.from('ThisIsARandomSecret', 'base64');
208 |       jwtService = await setup({ secret: secretB64 });
209 |       verifySpy.mockRestore();
210 |       signSpy.mockRestore();
211 |     });
212 | 
213 |     it('verifying should use base64 buffer key', () => {
214 |       const token = jwt.sign(testPayload, secretB64);
215 | 
216 |       expect(jwtService.verify(token)).toHaveProperty('foo', 'bar');
217 |     });
218 | 
219 |     it('verifying (async) should use base64 buffer key', async () => {
220 |       const token = jwt.sign(testPayload, secretB64);
221 | 
222 |       await expect(jwtService.verifyAsync(token)).resolves.toHaveProperty(
223 |         'foo',
224 |         'bar'
225 |       );
226 |     });
227 |   });
228 | 
229 |   describe('should use secret key from options', () => {
230 |     let jwtService: JwtService;
231 |     const testPayload: string = getRandomString();
232 | 
233 |     beforeAll(async () => {
234 |       jwtService = await setup({
235 |         ...config,
236 |         secretOrKeyProvider: undefined
237 |       });
238 |     });
239 | 
240 |     const secret = 'custom_secret';
241 | 
242 |     it('signing should use secret key from options', () => {
243 |       expect(jwtService.sign(testPayload, { secret })).toBe(
244 |         `signed_${testPayload}_by_custom_secret`
245 |       );
246 |     });
247 | 
248 |     it('signing (async) should use secret key from options', async () => {
249 |       await expect(jwtService.signAsync(testPayload, { secret })).resolves.toBe(
250 |         `signed_${testPayload}_by_custom_secret`
251 |       );
252 |     });
253 | 
254 |     it('verifying should use secret key from options', async () => {
255 |       expect(await jwtService.verify(testPayload, { secret })).toBe(
256 |         `verified_${testPayload}_by_custom_secret`
257 |       );
258 |     });
259 | 
260 |     it('verifying (async) should use secret key from options', async () => {
261 |       await expect(
262 |         jwtService.verifyAsync(testPayload, { secret })
263 |       ).resolves.toBe(`verified_${testPayload}_by_custom_secret`);
264 |     });
265 |   });
266 | 
267 |   describe('should use private/public key from options', () => {
268 |     let jwtService: JwtService;
269 |     const testPayload: string = getRandomString();
270 | 
271 |     beforeAll(async () => {
272 |       jwtService = await setup({
273 |         ...config,
274 |         secretOrKeyProvider: undefined,
275 |         secret: undefined
276 |       });
277 |     });
278 | 
279 |     const privateKey = 'customPrivateKey';
280 |     const publicKey = 'customPublicKey';
281 | 
282 |     it('signing should use private key from options', () => {
283 |       expect(jwtService.sign(testPayload, { privateKey })).toBe(
284 |         `signed_${testPayload}_by_customPrivateKey`
285 |       );
286 |     });
287 | 
288 |     it('signing (async) should use private key from options', async () => {
289 |       await expect(
290 |         jwtService.signAsync(testPayload, { privateKey })
291 |       ).resolves.toBe(`signed_${testPayload}_by_customPrivateKey`);
292 |     });
293 | 
294 |     it('verifying should use public key from options', async () => {
295 |       expect(await jwtService.verify(testPayload, { publicKey })).toBe(
296 |         `verified_${testPayload}_by_customPublicKey`
297 |       );
298 |     });
299 | 
300 |     it('verifying (async) should use public key from options', async () => {
301 |       await expect(
302 |         jwtService.verifyAsync(testPayload, { publicKey })
303 |       ).resolves.toBe(`verified_${testPayload}_by_customPublicKey`);
304 |     });
305 |   });
306 | 
307 |   describe('should not use invalid sign options', () => {
308 |     let jwtService: JwtService;
309 |     const testPayloadStr: string = getRandomString();
310 | 
311 |     beforeAll(async () => {
312 |       jwtService = await setup({ secretOrKeyProvider: undefined });
313 |     });
314 | 
315 |     it('should not "sign" expect errors with a "payload" string and "secret"', () => {
316 |       // @ts-expect-no-error
317 |       expect(() => jwtService.sign(testPayloadStr, { secret: 'secret' }));
318 |     });
319 | 
320 |     it('should not "signAsync" expect errors with a "payload" string and "privateKey"', () => {
321 |       // @ts-expect-no-error
322 |       expect(() =>
323 |         jwtService.signAsync(testPayloadStr, { privateKey: 'privateKey' })
324 |       );
325 |     });
326 |   });
327 | 
328 |   describe('should use invalid sign options', () => {
329 |     const signOptions: jwt.SignOptions = {
330 |       expiresIn: '1d'
331 |     };
332 | 
333 |     let jwtService: JwtService;
334 |     const testPayloadStr: string = getRandomString();
335 |     const testPayloadObj: object = {};
336 | 
337 |     beforeAll(async () => {
338 |       jwtService = await setup({ signOptions, secretOrKeyProvider: undefined });
339 |     });
340 | 
341 |     it('should "sign" expect errors with a "payload" string with "expiresIn"', () => {
342 |       expect(() =>
343 |         // @ts-expect-error
344 |         jwtService.sign(testPayloadStr, { expiresIn: 60 })
345 |       ).toThrowError(
346 |         'Payload as string is not allowed with the following sign options: expiresIn'
347 |       );
348 |     });
349 | 
350 |     it('should "signAsync" expect errors with a "payload" string with "notBefore"', () => {
351 |       expect(() =>
352 |         // @ts-expect-error
353 |         jwtService.signAsync(testPayloadStr, { notBefore: 60 })
354 |       ).toThrowError(
355 |         'Payload as string is not allowed with the following sign options: expiresIn, notBefore'
356 |       );
357 |     });
358 | 
359 |     it('should not "sign" expect errors with a "payload" object with "notBefore" ', () => {
360 |       // @ts-expect-no-error
361 |       expect(() => jwtService.sign(testPayloadObj, { notBefore: 60 }));
362 |     });
363 | 
364 |     it('should not "signAsync" expect errors with a "payload" object with "notBefore" ', () => {
365 |       // @ts-expect-no-error
366 |       expect(() => jwtService.signAsync(testPayloadObj, { notBefore: 60 }));
367 |     });
368 | 
369 |     it('should "sign" expect errors using "payload" string with already defined invalid sign options', () => {
370 |       expect(() => jwtService.sign(testPayloadStr)).toThrowError(
371 |         'Payload as string is not allowed with the following sign options: expiresIn'
372 |       );
373 |     });
374 | 
375 |     it('should "signAsync" expect errors using "payload" string with already defined invalid sign options', () => {
376 |       expect(() => jwtService.signAsync(testPayloadStr)).toThrowError(
377 |         'Payload as string is not allowed with the following sign options: expiresIn'
378 |       );
379 |     });
380 |   });
381 | });
382 | 


--------------------------------------------------------------------------------
/lib/jwt.service.ts:
--------------------------------------------------------------------------------
  1 | import { Inject, Injectable, Logger, Optional } from '@nestjs/common';
  2 | import * as jwt from 'jsonwebtoken';
  3 | import {
  4 |   GetSecretKeyResult,
  5 |   JwtModuleOptions,
  6 |   JwtSecretRequestType,
  7 |   JwtSignOptions,
  8 |   JwtVerifyOptions
  9 | } from './interfaces';
 10 | import { JWT_MODULE_OPTIONS } from './jwt.constants';
 11 | import { WrongSecretProviderError } from './jwt.errors';
 12 | 
 13 | /**
 14 |  * @publicApi
 15 |  */
 16 | @Injectable()
 17 | export class JwtService {
 18 |   private readonly logger = new Logger('JwtService');
 19 | 
 20 |   constructor(
 21 |     @Optional()
 22 |     @Inject(JWT_MODULE_OPTIONS)
 23 |     private readonly options: JwtModuleOptions = {}
 24 |   ) {}
 25 | 
 26 |   sign(
 27 |     payload: string,
 28 |     options?: Omit<JwtSignOptions, keyof jwt.SignOptions>
 29 |   ): string;
 30 |   sign(payload: Buffer | object, options?: JwtSignOptions): string;
 31 |   sign(payload: string | Buffer | object, options?: JwtSignOptions): string {
 32 |     const signOptions = this.mergeJwtOptions(
 33 |       { ...options },
 34 |       'signOptions'
 35 |     ) as jwt.SignOptions;
 36 |     const secret = this.getSecretKey(
 37 |       payload,
 38 |       options,
 39 |       'privateKey',
 40 |       JwtSecretRequestType.SIGN
 41 |     );
 42 | 
 43 |     if (secret instanceof Promise) {
 44 |       secret.catch(() => {}); // suppress rejection from async provider
 45 |       this.logger.warn(
 46 |         'For async version of "secretOrKeyProvider", please use "signAsync".'
 47 |       );
 48 |       throw new WrongSecretProviderError();
 49 |     }
 50 | 
 51 |     const allowedSignOptKeys = ['secret', 'privateKey'];
 52 |     const signOptKeys = Object.keys(signOptions);
 53 |     if (
 54 |       typeof payload === 'string' &&
 55 |       signOptKeys.some((k) => !allowedSignOptKeys.includes(k))
 56 |     ) {
 57 |       throw new Error(
 58 |         'Payload as string is not allowed with the following sign options: ' +
 59 |           signOptKeys.join(', ')
 60 |       );
 61 |     }
 62 | 
 63 |     return jwt.sign(payload, secret, signOptions);
 64 |   }
 65 | 
 66 |   signAsync(
 67 |     payload: string,
 68 |     options?: Omit<JwtSignOptions, keyof jwt.SignOptions>
 69 |   ): Promise<string>;
 70 |   signAsync(
 71 |     payload: Buffer | object,
 72 |     options?: JwtSignOptions
 73 |   ): Promise<string>;
 74 |   signAsync(
 75 |     payload: string | Buffer | object,
 76 |     options?: JwtSignOptions
 77 |   ): Promise<string> {
 78 |     const signOptions = this.mergeJwtOptions(
 79 |       { ...options },
 80 |       'signOptions'
 81 |     ) as jwt.SignOptions;
 82 |     const secret = this.getSecretKey(
 83 |       payload,
 84 |       options,
 85 |       'privateKey',
 86 |       JwtSecretRequestType.SIGN
 87 |     );
 88 | 
 89 |     const allowedSignOptKeys = ['secret', 'privateKey'];
 90 |     const signOptKeys = Object.keys(signOptions);
 91 |     if (
 92 |       typeof payload === 'string' &&
 93 |       signOptKeys.some((k) => !allowedSignOptKeys.includes(k))
 94 |     ) {
 95 |       throw new Error(
 96 |         'Payload as string is not allowed with the following sign options: ' +
 97 |           signOptKeys.join(', ')
 98 |       );
 99 |     }
100 | 
101 |     return new Promise((resolve, reject) =>
102 |       Promise.resolve()
103 |         .then(() => secret)
104 |         .then((scrt: GetSecretKeyResult) => {
105 |           jwt.sign(payload, scrt, signOptions, (err, encoded) =>
106 |             err ? reject(err) : resolve(encoded)
107 |           );
108 |         })
109 |     );
110 |   }
111 | 
112 |   verify<T extends object = any>(token: string, options?: JwtVerifyOptions): T {
113 |     const verifyOptions = this.mergeJwtOptions({ ...options }, 'verifyOptions');
114 |     const secret = this.getSecretKey(
115 |       token,
116 |       options,
117 |       'publicKey',
118 |       JwtSecretRequestType.VERIFY
119 |     );
120 | 
121 |     if (secret instanceof Promise) {
122 |       secret.catch(() => {}); // suppress rejection from async provider
123 |       this.logger.warn(
124 |         'For async version of "secretOrKeyProvider", please use "verifyAsync".'
125 |       );
126 |       throw new WrongSecretProviderError();
127 |     }
128 | 
129 |     return jwt.verify(token, secret, verifyOptions) as T;
130 |   }
131 | 
132 |   verifyAsync<T extends object = any>(
133 |     token: string,
134 |     options?: JwtVerifyOptions
135 |   ): Promise<T> {
136 |     const verifyOptions = this.mergeJwtOptions({ ...options }, 'verifyOptions');
137 |     const secret = this.getSecretKey(
138 |       token,
139 |       options,
140 |       'publicKey',
141 |       JwtSecretRequestType.VERIFY
142 |     );
143 | 
144 |     return new Promise((resolve, reject) =>
145 |       Promise.resolve()
146 |         .then(() => secret)
147 |         .then((scrt: GetSecretKeyResult) => {
148 |           jwt.verify(token, scrt, verifyOptions, (err, decoded) =>
149 |             err ? reject(err) : resolve(decoded as T)
150 |           );
151 |         })
152 |         .catch(reject)
153 |     );
154 |   }
155 | 
156 |   decode<T = any>(token: string, options?: jwt.DecodeOptions): T {
157 |     return jwt.decode(token, options) as T;
158 |   }
159 | 
160 |   private mergeJwtOptions(
161 |     options: JwtVerifyOptions | JwtSignOptions,
162 |     key: 'verifyOptions' | 'signOptions'
163 |   ): jwt.VerifyOptions | jwt.SignOptions {
164 |     delete options.secret;
165 |     if (key === 'signOptions') {
166 |       delete (options as JwtSignOptions).privateKey;
167 |     } else {
168 |       delete (options as JwtVerifyOptions).publicKey;
169 |     }
170 |     return options
171 |       ? {
172 |           ...(this.options[key] || {}),
173 |           ...options
174 |         }
175 |       : this.options[key];
176 |   }
177 | 
178 |   private overrideSecretFromOptions(secret: GetSecretKeyResult) {
179 |     if (this.options.secretOrPrivateKey) {
180 |       this.logger.warn(
181 |         `"secretOrPrivateKey" has been deprecated, please use the new explicit "secret" or use "secretOrKeyProvider" or "privateKey"/"publicKey" exclusively.`
182 |       );
183 |       secret = this.options.secretOrPrivateKey;
184 |     }
185 | 
186 |     return secret;
187 |   }
188 | 
189 |   private getSecretKey(
190 |     token: string | object | Buffer,
191 |     options: JwtVerifyOptions | JwtSignOptions,
192 |     key: 'publicKey' | 'privateKey',
193 |     secretRequestType: JwtSecretRequestType
194 |   ): GetSecretKeyResult | Promise<GetSecretKeyResult> {
195 |     const secret = this.options.secretOrKeyProvider
196 |       ? this.options.secretOrKeyProvider(secretRequestType, token, options)
197 |       : options?.secret ||
198 |         this.options.secret ||
199 |         (key === 'privateKey'
200 |           ? (options as JwtSignOptions)?.privateKey || this.options.privateKey
201 |           : (options as JwtVerifyOptions)?.publicKey ||
202 |             this.options.publicKey) ||
203 |         this.options[key];
204 | 
205 |     return secret instanceof Promise
206 |       ? secret.then((sec) => this.overrideSecretFromOptions(sec))
207 |       : this.overrideSecretFromOptions(secret);
208 |   }
209 | }
210 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "@nestjs/jwt",
 3 |   "version": "11.0.0",
 4 |   "description": "Nest - modern, fast, powerful node.js web framework (@jwt)",
 5 |   "author": "Kamil Mysliwiec",
 6 |   "license": "MIT",
 7 |   "scripts": {
 8 |     "format": "prettier --write \"**/*.ts\"",
 9 |     "lint": "eslint \"lib/**/*.ts\" --fix",
10 |     "test": "jest --config=jest.json",
11 |     "test:watch": "jest --config=jest.json --watch",
12 |     "test:coverage": "jest --config=jest.json --coverage --coverageDirectory=coverage",
13 |     "build": "rm -rf dist && tsc -p tsconfig.build.json",
14 |     "precommit": "lint-staged",
15 |     "prepublish:npm": "npm run build",
16 |     "publish:npm": "npm publish --access public",
17 |     "prerelease": "npm run build",
18 |     "release": "release-it",
19 |     "prepare": "husky"
20 |   },
21 |   "peerDependencies": {
22 |     "@nestjs/common": "^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0"
23 |   },
24 |   "devDependencies": {
25 |     "@commitlint/cli": "19.8.1",
26 |     "@commitlint/config-angular": "19.8.1",
27 |     "@eslint/eslintrc": "3.3.1",
28 |     "@eslint/js": "9.28.0",
29 |     "@nestjs/common": "11.1.2",
30 |     "@nestjs/core": "11.1.2",
31 |     "@nestjs/testing": "11.1.2",
32 |     "@types/jest": "29.5.14",
33 |     "@types/node": "22.15.29",
34 |     "eslint": "9.28.0",
35 |     "eslint-config-prettier": "10.1.5",
36 |     "eslint-plugin-prettier": "5.4.1",
37 |     "globals": "16.2.0",
38 |     "husky": "9.1.7",
39 |     "jest": "29.7.0",
40 |     "lint-staged": "16.1.0",
41 |     "prettier": "3.5.3",
42 |     "reflect-metadata": "0.2.2",
43 |     "release-it": "19.0.3",
44 |     "rxjs": "7.8.2",
45 |     "ts-jest": "29.3.4",
46 |     "typescript": "5.8.3",
47 |     "typescript-eslint": "8.33.1"
48 |   },
49 |   "dependencies": {
50 |     "@types/jsonwebtoken": "9.0.9",
51 |     "jsonwebtoken": "9.0.2"
52 |   },
53 |   "lint-staged": {
54 |     "**/*.{ts,json}": []
55 |   },
56 |   "repository": {
57 |     "type": "git",
58 |     "url": "https://github.com/nestjs/jwt"
59 |   }
60 | }
61 | 


--------------------------------------------------------------------------------
/renovate.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "semanticCommits": true,
 3 |   "packageRules": [{
 4 |     "depTypeList": ["devDependencies"],
 5 |     "automerge": true
 6 |   }],
 7 |   "extends": [
 8 |     "config:base"
 9 |   ]
10 | }
11 | 


--------------------------------------------------------------------------------
/tsconfig.build.json:
--------------------------------------------------------------------------------
1 | {
2 |   "extends": "./tsconfig.json",
3 |   "exclude": ["node_modules", "**/*.spec.ts"]
4 | }
5 | 


--------------------------------------------------------------------------------
/tsconfig.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "compilerOptions": {
 3 |     "module": "commonjs",
 4 |     "declaration": true,
 5 |     "noImplicitAny": false,
 6 |     "removeComments": true,
 7 |     "noLib": false,
 8 |     "emitDecoratorMetadata": true,
 9 |     "experimentalDecorators": true,
10 |     "target": "ES2021",
11 |     "sourceMap": false,
12 |     "outDir": "./dist",
13 |     "rootDir": "./lib",
14 |     "skipLibCheck": true
15 |   },
16 |   "include": [
17 |     "lib/**/*",
18 |     "../index.ts"
19 |   ],
20 |   "exclude": [
21 |     "node_modules"
22 |   ]
23 | }


--------------------------------------------------------------------------------