Auth Token Übersendung eingebaut

bizmatch-server/src/jwt.strategy.ts

@@ -0,0 +1,36 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { passportJwtSecret } from 'jwks-rsa';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+
+@Injectable()
+export class JwtStrategy extends PassportStrategy(Strategy) {
+  constructor() {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ignoreExpiration: false,
+      secretOrKeyProvider: passportJwtSecret({
+        cache: true,
+        rateLimit: true,
+        jwksRequestsPerMinute: 5,
+        jwksUri: 'https://auth.bizmatch.net/realms/dev/protocol/openid-connect/certs',
+      }),
+      audience: 'account', // Keycloak Client ID
+      issuer: 'https://auth.bizmatch.net/realms/dev',
+      algorithms: ['RS256'],
+    });
+  }
+
+  async validate(payload: any) {
+    console.log('JWT Payload:', payload); // Debugging: JWT Payload anzeigen
+    if (!payload) {
+      console.error('Invalid payload');
+      throw new UnauthorizedException();
+    }
+    if (!payload.sub || !payload.preferred_username) {
+      console.error('Missing required claims');
+      throw new UnauthorizedException();
+    }
+    return { userId: payload.sub, username: payload.preferred_username, roles: payload.realm_access?.roles };
+  }
+}