94 lines
2.5 KiB
TypeScript
94 lines
2.5 KiB
TypeScript
import { Module } from '@nestjs/common';
|
|
import { ConfigModule, ConfigService } from '@nestjs/config';
|
|
import { APP_GUARD } from '@nestjs/core';
|
|
import {
|
|
AuthGuard,
|
|
KeycloakConnectConfig,
|
|
KeycloakConnectModule,
|
|
ResourceGuard,
|
|
RoleGuard,
|
|
TokenValidation,
|
|
} from 'nest-keycloak-connect';
|
|
import { HttpModule } from '@nestjs/axios';
|
|
import { TerminusModule } from '@nestjs/terminus';
|
|
|
|
import keycloakConfig, { keycloakConfigValidationSchema } from './config/keycloak.config';
|
|
import { AuthModule } from './auth/auth.module';
|
|
import { HubUsersModule } from './hub-users/hub-users.module';
|
|
import { StartupService } from './auth/services/startup.service';
|
|
|
|
@Module({
|
|
imports: [
|
|
// Configuration Module
|
|
ConfigModule.forRoot({
|
|
isGlobal: true,
|
|
load: [keycloakConfig],
|
|
validationSchema: keycloakConfigValidationSchema,
|
|
validationOptions: {
|
|
allowUnknown: false,
|
|
abortEarly: true,
|
|
},
|
|
}),
|
|
|
|
// Keycloak Connect Module (Async configuration)
|
|
KeycloakConnectModule.registerAsync({
|
|
imports: [ConfigModule],
|
|
inject: [ConfigService],
|
|
useFactory: (configService: ConfigService): KeycloakConnectConfig => {
|
|
const keycloakConfig = configService.get('keycloak');
|
|
|
|
return {
|
|
authServerUrl: keycloakConfig.serverUrl,
|
|
realm: keycloakConfig.realm,
|
|
clientId: keycloakConfig.authClientId,
|
|
secret: keycloakConfig.authClientSecret,
|
|
useNestLogger: true,
|
|
|
|
/**
|
|
* Validation OFFLINE :
|
|
* Le token JWT est validé localement (RS256 signature)
|
|
* Aucun appel réseau vers Keycloak pour introspection.
|
|
*/
|
|
tokenValidation: TokenValidation.OFFLINE,
|
|
|
|
// Optional: Add more Keycloak options as needed
|
|
// publicClient: false,
|
|
// verifyTokenAudience: true,
|
|
// confidentialPort: 0,
|
|
};
|
|
},
|
|
}),
|
|
|
|
// HTTP and Health Modules
|
|
HttpModule.register({
|
|
timeout: 5000,
|
|
maxRedirects: 5,
|
|
}),
|
|
TerminusModule,
|
|
|
|
// Feature Modules
|
|
AuthModule,
|
|
HubUsersModule,
|
|
|
|
],
|
|
providers: [
|
|
StartupService,
|
|
// Global Authentication Guard
|
|
{
|
|
provide: APP_GUARD,
|
|
useClass: AuthGuard,
|
|
},
|
|
// Global Resource Guard
|
|
{
|
|
provide: APP_GUARD,
|
|
useClass: ResourceGuard,
|
|
},
|
|
// Global Role Guard
|
|
{
|
|
provide: APP_GUARD,
|
|
useClass: RoleGuard,
|
|
},
|
|
],
|
|
})
|
|
export class AppModule {}
|