diff --git a/services/iam-service/src/main.ts b/services/iam-service/src/main.ts index c8c312d0..10211785 100644 --- a/services/iam-service/src/main.ts +++ b/services/iam-service/src/main.ts @@ -3,7 +3,7 @@ import { initTracing } from '@goodgo/tracing'; import cookieParser from 'cookie-parser'; import cors from 'cors'; import express from 'express'; -import rateLimit from 'express-rate-limit'; +import { rateLimit } from 'express-rate-limit'; import helmet from 'helmet'; import { RedisStore } from 'rate-limit-redis'; diff --git a/services/iam-service/src/modules/token/jwt.service.ts b/services/iam-service/src/modules/token/jwt.service.ts index 4e1399e9..1a775622 100644 --- a/services/iam-service/src/modules/token/jwt.service.ts +++ b/services/iam-service/src/modules/token/jwt.service.ts @@ -1,5 +1,5 @@ import { logger } from '@goodgo/logger'; -import jwt from 'jsonwebtoken'; +import { sign, verify, decode, SignOptions } from 'jsonwebtoken'; import { v4 as uuidv4 } from 'uuid'; import { jwtConfig } from '../../config/jwt.config'; @@ -38,14 +38,14 @@ export class JWTService { * VI: Tạo access token (sống ngắn, 15 phút) */ generateAccessToken(payload: { sub: string; email: string; roles?: string[]; permissions?: string[] }): string { - return jwt.sign( + return sign( payload, jwtConfig.secret, { expiresIn: jwtConfig.expiresIn, issuer: jwtConfig.issuer, audience: jwtConfig.audience, - } as jwt.SignOptions + } as SignOptions ); } @@ -54,7 +54,7 @@ export class JWTService { * VI: Tạo refresh token (sống dài, 7 ngày) */ generateRefreshToken(userId: string, tokenId?: string): string { - return jwt.sign( + return sign( { sub: userId, tokenId: tokenId || uuidv4(), @@ -64,7 +64,7 @@ export class JWTService { { expiresIn: jwtConfig.refreshExpiresIn, issuer: jwtConfig.issuer, - } as jwt.SignOptions + } as SignOptions ); } @@ -80,7 +80,7 @@ export class JWTService { picture?: string; updated_at?: Date; }): string { - return jwt.sign( + return sign( { ...payload, iss: jwtConfig.issuer, @@ -90,7 +90,7 @@ export class JWTService { jwtConfig.idSecret, { expiresIn: jwtConfig.idExpiresIn, - } as jwt.SignOptions + } as SignOptions ); } @@ -168,7 +168,7 @@ export class JWTService { } // Verify JWT - const decoded = jwt.verify(token, jwtConfig.secret, { + const decoded = verify(token, jwtConfig.secret, { issuer: jwtConfig.issuer, audience: jwtConfig.audience, }) as JWTPayload; @@ -186,7 +186,7 @@ export class JWTService { */ verifyRefreshToken(token: string): { sub: string; tokenId: string } { try { - const decoded = jwt.verify(token, jwtConfig.refreshSecret, { + const decoded = verify(token, jwtConfig.refreshSecret, { issuer: jwtConfig.issuer, }) as { sub: string; tokenId: string; type: string }; @@ -210,7 +210,7 @@ export class JWTService { */ verifyIdToken(token: string, expectedAudience: string): any { try { - const decoded = jwt.verify(token, jwtConfig.idSecret, { + const decoded = verify(token, jwtConfig.idSecret, { issuer: jwtConfig.issuer, audience: expectedAudience, }); @@ -227,7 +227,7 @@ export class JWTService { * VI: Giải mã token không xác thực (để debug) */ decodeToken(token: string): any { - return jwt.decode(token); + return decode(token); } /** diff --git a/services/iam-service/src/utils/helpers.ts b/services/iam-service/src/utils/helpers.ts index d14a3e3d..beb9457b 100644 --- a/services/iam-service/src/utils/helpers.ts +++ b/services/iam-service/src/utils/helpers.ts @@ -1,6 +1,6 @@ import crypto from 'crypto'; -import DOMPurify from 'dompurify'; +import { default as DOMPurify } from 'dompurify'; import { Request } from 'express'; import { JSDOM } from 'jsdom'; @@ -65,15 +65,15 @@ export function sanitizeInput(input: string): string { */ export function getClientIP(req: Request): string { const forwardedFor = req.headers['x-forwarded-for']; - const forwardedIp = Array.isArray(forwardedFor) - ? forwardedFor[0] - : typeof forwardedFor === 'string' - ? forwardedFor.split(',')[0] + const forwardedIp = Array.isArray(forwardedFor) + ? forwardedFor[0] + : typeof forwardedFor === 'string' + ? forwardedFor.split(',')[0] : undefined; return ( forwardedIp || - (Array.isArray(req.headers['x-real-ip']) - ? req.headers['x-real-ip'][0] + (Array.isArray(req.headers['x-real-ip']) + ? req.headers['x-real-ip'][0] : req.headers['x-real-ip']) || req.ip || req.socket.remoteAddress ||