add more logs
This commit is contained in:
LeoMortari
@@ -52,41 +52,70 @@ export class KeycloakJwtStrategy extends PassportStrategy(Strategy, 'jwt') {
|
||||
private readonly logger = new Logger(KeycloakJwtStrategy.name);
|
||||
|
||||
validate(payload: JwtPayload): JwtPayload {
|
||||
this.logger.debug(
|
||||
`JWT Payload received: ${JSON.stringify(payload, null, 2)}`,
|
||||
);
|
||||
try {
|
||||
// Basic JWT info
|
||||
this.logger.verbose('=== JWT Validation Start ===');
|
||||
|
||||
// Log important JWT claims
|
||||
this.logger.debug(`JWT Subject (sub): ${payload.sub}`);
|
||||
this.logger.debug(`JWT Issuer (iss): ${payload.iss}`);
|
||||
this.logger.debug(`JWT Audience (aud): ${JSON.stringify(payload.aud)}`);
|
||||
this.logger.debug(
|
||||
`JWT Expiration (exp): ${new Date(payload.exp * 1000).toISOString()}`,
|
||||
);
|
||||
this.logger.debug(
|
||||
`JWT Issued At (iat): ${new Date(payload.iat * 1000).toISOString()}`,
|
||||
);
|
||||
// Token metadata
|
||||
this.logger.verbose(`Subject (sub): ${payload.sub}`);
|
||||
this.logger.verbose(`Issuer (iss): ${payload.iss}`);
|
||||
this.logger.verbose(`Audience (aud): ${JSON.stringify(payload.aud)}`);
|
||||
this.logger.verbose(
|
||||
`Issued At (iat): ${new Date(payload.iat * 1000).toISOString()}`,
|
||||
);
|
||||
this.logger.verbose(
|
||||
`Expiration (exp): ${new Date(payload.exp * 1000).toISOString()}`,
|
||||
);
|
||||
|
||||
// Log user info
|
||||
this.logger.debug(`User email: ${payload.email}`);
|
||||
this.logger.debug(`Username: ${payload.preferred_username}`);
|
||||
// User info
|
||||
this.logger.verbose('--- User Info ---');
|
||||
this.logger.verbose(`Email: ${payload.email || 'N/A'}`);
|
||||
this.logger.verbose(`Username: ${payload.preferred_username || 'N/A'}`);
|
||||
this.logger.verbose(
|
||||
`Name: ${payload.given_name || ''} ${payload.family_name || ''}`.trim() ||
|
||||
'N/A',
|
||||
);
|
||||
|
||||
// Log roles
|
||||
this.logger.debug(
|
||||
`Realm access roles: ${JSON.stringify(payload.realm_access?.roles || [])}`,
|
||||
);
|
||||
// Realm roles
|
||||
this.logger.verbose('--- Realm Access ---');
|
||||
if (payload.realm_access?.roles?.length) {
|
||||
payload.realm_access.roles.forEach((role: string) => {
|
||||
this.logger.verbose(`- ${role}`);
|
||||
});
|
||||
} else {
|
||||
this.logger.verbose('No realm roles found');
|
||||
}
|
||||
|
||||
if (payload.resource_access) {
|
||||
this.logger.debug('Resource access:');
|
||||
Object.entries(payload.resource_access).forEach(([resource, data]) => {
|
||||
this.logger.debug(` ${resource}: ${JSON.stringify(data.roles || [])}`);
|
||||
});
|
||||
// Resource access
|
||||
this.logger.verbose('--- Resource Access ---');
|
||||
if (payload.resource_access) {
|
||||
Object.entries(payload.resource_access).forEach(([resource, data]) => {
|
||||
if (data?.roles?.length) {
|
||||
this.logger.verbose(`${resource} roles:`);
|
||||
data.roles.forEach((role: string) => {
|
||||
this.logger.verbose(` - ${role}`);
|
||||
});
|
||||
}
|
||||
});
|
||||
} else {
|
||||
this.logger.verbose('No resource access found');
|
||||
}
|
||||
|
||||
// Token expiration check
|
||||
const now = Math.floor(Date.now() / 1000);
|
||||
if (payload.exp < now) {
|
||||
const minutesAgo = Math.round((now - payload.exp) / 60);
|
||||
this.logger.warn(`Token expired ${minutesAgo} minutes ago`);
|
||||
throw new UnauthorizedException('Token expirado');
|
||||
}
|
||||
|
||||
this.logger.verbose('=== JWT Validation Successful ===');
|
||||
return payload;
|
||||
} catch (error: unknown) {
|
||||
const errorMessage = error instanceof Error ? error.stack : String(error);
|
||||
this.logger.error('JWT Validation Error:', errorMessage);
|
||||
throw error;
|
||||
}
|
||||
|
||||
if (payload.exp < Date.now() / 1000) {
|
||||
throw new UnauthorizedException('Token expirado');
|
||||
}
|
||||
|
||||
return payload;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user