import { Module } from '@nestjs/common'; import { JwtModule } from '@nestjs/jwt'; import { PassportModule } from '@nestjs/passport'; import { ConfigModule, ConfigService } from '@nestjs/config'; import { PrismaModule } from '@core/database/prisma/prisma.module'; import { LdapModule } from '../ldap/ldap.module'; import { EntraModule } from '../entra/entra.module'; import { AuthService } from './auth.service'; import { AuthController } from './auth.controller'; import { JwtStrategy } from './strategies/jwt.strategy'; import { JwtAuthGuard } from './guards/jwt-auth.guard'; import { PermissionsGuard } from './guards/permissions.guard'; import { RolesGuard } from './guards/roles.guard'; import { TokenService } from './services/token.service'; import { AuthCacheService } from './services/auth-cache.service'; import { MfaService } from './services/mfa.service'; import { SsoConfigService } from './sso/sso-config.service'; import { SsoOidcClientService } from './sso/sso-oidc-client.service'; @Module({ imports: [ PrismaModule, LdapModule, EntraModule, PassportModule.register({ defaultStrategy: 'jwt' }), JwtModule.registerAsync({ imports: [ConfigModule], inject: [ConfigService], useFactory: (configService: ConfigService) => { // 规则对齐:access token TTL = 30d(详见 docs/standards/09-iam-security.md §2.2) const accessTtl = configService.get('jwt.accessTtl') || '30d'; return { secret: configService.get('jwt.secret') || 'default-secret-key', signOptions: { expiresIn: accessTtl as any, }, }; }, }), ], controllers: [AuthController], providers: [ AuthService, JwtStrategy, JwtAuthGuard, PermissionsGuard, RolesGuard, TokenService, AuthCacheService, MfaService, SsoConfigService, SsoOidcClientService, ], exports: [ AuthService, JwtAuthGuard, PermissionsGuard, RolesGuard, AuthCacheService, TokenService, MfaService, SsoConfigService, SsoOidcClientService, ], }) export class AuthModule {}