@1auth/authn 0.0.0-beta.0 → 0.0.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +44 -0
  2. package/index.js +18 -40
  3. package/package.json +16 -10
  4. package/table/dynamodb.js +151 -0
  5. package/table/sql.js +46 -0
package/README.md ADDED
@@ -0,0 +1,44 @@
1
+ <div align="center">
2
+ <h1>@1auth/authn</h1>
3
+ <!--<img alt="1auth logo" src="https://raw.githubusercontent.com/willfarrell/1auth/main/docs/img/logo.svg"/>-->
4
+ <p><strong>Core authentication module with multi-factor authentication support</strong></p>
5
+ <p>
6
+ <a href="https://github.com/willfarrell/1auth/actions/workflows/test-unit.yml"><img src="https://github.com/willfarrell/1auth/actions/workflows/test-unit.yml/badge.svg" alt="GitHub Actions unit test status"></a>
7
+ <a href="https://github.com/willfarrell/1auth/actions/workflows/test-dast.yml"><img src="https://github.com/willfarrell/1auth/actions/workflows/test-dast.yml/badge.svg" alt="GitHub Actions dast test status"></a>
8
+ <a href="https://github.com/willfarrell/1auth/actions/workflows/test-perf.yml"><img src="https://github.com/willfarrell/1auth/actions/workflows/test-perf.yml/badge.svg" alt="GitHub Actions perf test status"></a>
9
+ <a href="https://github.com/willfarrell/1auth/actions/workflows/test-sast.yml"><img src="https://github.com/willfarrell/1auth/actions/workflows/test-sast.yml/badge.svg" alt="GitHub Actions SAST test status"></a>
10
+ <a href="https://github.com/willfarrell/1auth/actions/workflows/test-lint.yml"><img src="https://github.com/willfarrell/1auth/actions/workflows/test-lint.yml/badge.svg" alt="GitHub Actions lint test status"></a>
11
+ <br/>
12
+ <a href="https://www.npmjs.com/package/@1auth/authn"><img alt="npm version" src="https://img.shields.io/npm/v/@1auth/authn.svg"></a>
13
+ <a href="https://packagephobia.com/result?p=@1auth/authn"><img src="https://packagephobia.com/badge?p=@1auth/authn" alt="npm install size"></a>
14
+ <a href="https://www.npmjs.com/package/@1auth/authn">
15
+ <img alt="npm weekly downloads" src="https://img.shields.io/npm/dw/@1auth/authn.svg"></a>
16
+ <a href="https://www.npmjs.com/package/@1auth/authn#provenance">
17
+ <img alt="npm provenance" src="https://img.shields.io/badge/provenance-Yes-brightgreen"></a>
18
+ <br/>
19
+ <a href="https://scorecard.dev/viewer/?uri=github.com/willfarrell/1auth"><img src="https://api.scorecard.dev/projects/github.com/willfarrell/1auth/badge" alt="Open Source Security Foundation (OpenSSF) Scorecard"></a>
20
+ <a href="https://slsa.dev"><img src="https://slsa.dev/images/gh-badge-level3.svg" alt="SLSA 3"></a>
21
+ <a href="https://github.com/willfarrell/1auth/blob/main/docs/CODE_OF_CONDUCT.md"><img src="https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg"></a>
22
+ <a href="https://biomejs.dev"><img alt="Checked with Biome" src="https://img.shields.io/badge/Checked_with-Biome-60a5fa?style=flat&logo=biome"></a>
23
+ <a href="https://conventionalcommits.org"><img alt="Conventional Commits" src="https://img.shields.io/badge/Conventional%20Commits-1.0.0-%23FE5196?logo=conventionalcommits&logoColor=white"></a>
24
+ </p>
25
+ <p>You can read the documentation at: <a href="https://1auth.js.org">https://1auth.js.org</a></p>
26
+ </div>
27
+
28
+ ## Install
29
+
30
+ ```bash
31
+ npm install @1auth/authn
32
+ ```
33
+
34
+ ## Documentation and examples
35
+
36
+ For documentation and examples, refer to the main [1auth monorepo on GitHub](https://github.com/willfarrell/1auth) or the [1auth website](https://1auth.js.org).
37
+
38
+ ## Contributing
39
+
40
+ Everyone is very welcome to contribute to this repository. Feel free to [raise issues](https://github.com/willfarrell/1auth/issues) or to [submit Pull Requests](https://github.com/willfarrell/1auth/pulls).
41
+
42
+ ## License
43
+
44
+ Licensed under [MIT License](LICENSE). Copyright (c) 2020-2026 [will Farrell](https://github.com/willfarrell) and [contributors](https://github.com/willfarrell/1auth/graphs/contributors).
package/index.js CHANGED
@@ -1,6 +1,9 @@
1
+ // Copyright 2003 - 2026 will Farrell, and 1Auth contributors.
2
+ // SPDX-License-Identifier: MIT
1
3
  import { setTimeout } from "node:timers/promises";
2
4
  import {
3
5
  makeRandomConfigObject,
6
+ nowInSeconds,
4
7
  symmetricDecryptFields,
5
8
  symmetricEncryptFields,
6
9
  symmetricGenerateEncryptionKey,
@@ -33,19 +36,9 @@ export default (opt = {}) => {
33
36
  };
34
37
  export const getOptions = () => options;
35
38
 
36
- // export const exists = async (credentialOptions, sub, params) => {
37
- // const type = makeType(credentialOptions);
38
- // const list = await options.store.selectList(options.table, {
39
- // ...params,
40
- // sub,
41
- // type,
42
- // });
43
- // return list.length > 1;
44
- // };
45
-
46
39
  export const count = async (credentialOptions, sub) => {
47
40
  if (!sub || typeof sub !== "string") {
48
- throw new Error("401 Unauthorized", { cause: { sub, id } });
41
+ throw new Error("401 Unauthorized", { cause: { sub } });
49
42
  }
50
43
  const type = makeType(credentialOptions);
51
44
  const credentials = await options.store.selectList(
@@ -70,7 +63,7 @@ export const count = async (credentialOptions, sub) => {
70
63
 
71
64
  export const list = async (credentialOptions, sub, params, fields) => {
72
65
  if (!sub || typeof sub !== "string") {
73
- throw new Error("401 Unauthorized", { cause: { sub, id } });
66
+ throw new Error("401 Unauthorized", { cause: { sub } });
74
67
  }
75
68
  const type = makeType(credentialOptions);
76
69
  const items = await options.store.selectList(
@@ -82,14 +75,13 @@ export const list = async (credentialOptions, sub, params, fields) => {
82
75
  },
83
76
  fields,
84
77
  );
85
- // const now = nowInSeconds();
78
+ const now = nowInSeconds();
86
79
  const list = [];
87
80
  for (let i = items.length; i--; ) {
88
81
  const item = items[i];
89
- // TODO need filter for expire
90
- // if (credential.expire < now) {
91
- // continue;
92
- // }
82
+ if (item.expire && item.expire < now) {
83
+ continue;
84
+ }
93
85
  const { encryptionKey: encryptedKey } = item;
94
86
  item.encryptionKey = undefined;
95
87
  const decryptedItem = symmetricDecryptFields(
@@ -165,11 +157,7 @@ export const update = async (
165
157
  credentialOptions,
166
158
  { id, sub, encryptionKey, encryptedKey, value, ...values },
167
159
  ) => {
168
- // if (!sub || typeof sub !== "string") {
169
- // throw new Error("401 Unauthorized", { cause: { sub } });
170
- // }
171
160
  const now = nowInSeconds();
172
- // const type = makeType(credentialOptions);
173
161
 
174
162
  const encodedValue = await credentialOptions.encode(value);
175
163
 
@@ -179,7 +167,7 @@ export const update = async (
179
167
  options.encryptedFields,
180
168
  );
181
169
 
182
- return options.store.update(
170
+ return await options.store.update(
183
171
  options.table,
184
172
  { sub, id },
185
173
  {
@@ -190,7 +178,7 @@ export const update = async (
190
178
  };
191
179
 
192
180
  export const subject = async (username) => {
193
- return Promise.all(
181
+ return await Promise.all(
194
182
  options.usernameExists.map((exists) => {
195
183
  return exists(username);
196
184
  }),
@@ -254,7 +242,6 @@ export const authenticate = async (credentialOptions, username, secret) => {
254
242
  if (otp) {
255
243
  await expire(credentialOptions, sub, id, { lastused: now });
256
244
  } else {
257
- const now = nowInSeconds();
258
245
  await options.store.update(
259
246
  options.table,
260
247
  { id, sub },
@@ -290,7 +277,6 @@ export const verifySecret = async (_credentialOptions, sub, id) => {
290
277
  if (!id || typeof id !== "string") {
291
278
  throw new Error("404 Not Found", { cause: { sub, id } });
292
279
  }
293
- // const type = makeType(credentialOptions);
294
280
  const now = nowInSeconds();
295
281
  await options.store.update(
296
282
  options.table,
@@ -299,7 +285,6 @@ export const verifySecret = async (_credentialOptions, sub, id) => {
299
285
  );
300
286
  };
301
287
 
302
- // TODO add in sourceId as filter for messengers
303
288
  export const verify = async (credentialOptions, sub, input) => {
304
289
  const timeout = setTimeout(options.authenticationDuration);
305
290
  if (!sub || typeof sub !== "string") {
@@ -313,11 +298,12 @@ export const verify = async (credentialOptions, sub, input) => {
313
298
  }
314
299
 
315
300
  const type = makeType(credentialOptions);
301
+ const filters = { sub, type };
302
+ if (credentialOptions.sourceId) {
303
+ filters.sourceId = credentialOptions.sourceId;
304
+ }
316
305
 
317
- const credentials = await options.store.selectList(options.table, {
318
- sub,
319
- type,
320
- });
306
+ const credentials = await options.store.selectList(options.table, filters);
321
307
 
322
308
  const now = nowInSeconds();
323
309
  let valid;
@@ -325,7 +311,7 @@ export const verify = async (credentialOptions, sub, input) => {
325
311
  let skipExpiredCount = 0;
326
312
  for (credential of credentials) {
327
313
  // skip expired
328
- if (credential.expire < now) {
314
+ if (credential.expire && credential.expire < now) {
329
315
  skipExpiredCount += 1;
330
316
  continue;
331
317
  }
@@ -376,7 +362,6 @@ export const expire = async (_credentialOptions, sub, id, values = {}) => {
376
362
  if (!id || typeof id !== "string") {
377
363
  throw new Error("404 Not Found", { cause: { sub, id } });
378
364
  }
379
- // const type = makeType(credentialOptions);
380
365
  await options.store.update(
381
366
  options.table,
382
367
  { sub, id },
@@ -426,12 +411,5 @@ export const select = async (credentialOptions, sub, id) => {
426
411
  return decryptedItem;
427
412
  };
428
413
 
429
- // TODO manage onboard state
430
-
431
- // TODO save notification settings
432
-
433
- // TODO authorize management?
434
-
435
- const makeType = (credentialOptions) =>
414
+ export const makeType = (credentialOptions) =>
436
415
  `${credentialOptions.id}-${credentialOptions.type}`;
437
- const nowInSeconds = () => Math.floor(Date.now() / 1000);
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@1auth/authn",
3
- "version": "0.0.0-beta.0",
4
- "description": "",
3
+ "version": "0.0.0-beta.2",
4
+ "description": "Core authentication module with multi-factor authentication support",
5
5
  "type": "module",
6
6
  "engines": {
7
7
  "node": ">=24"
@@ -12,18 +12,18 @@
12
12
  },
13
13
  "main": "./index.js",
14
14
  "module": "./index.js",
15
+ "sideEffects": false,
15
16
  "exports": {
16
17
  ".": {
17
- "import": {
18
- "types": "./index.d.ts",
19
- "default": "./index.js"
20
- }
18
+ "import": "./index.js"
19
+ },
20
+ "./table/*": {
21
+ "import": "./table/*"
21
22
  }
22
23
  },
23
- "types": "index.d.ts",
24
24
  "files": [
25
25
  "index.js",
26
- "index.d.ts"
26
+ "table"
27
27
  ],
28
28
  "scripts": {
29
29
  "test": "npm run test:unit",
@@ -34,7 +34,13 @@
34
34
  "type": "github",
35
35
  "url": "https://github.com/sponsors/willfarrell"
36
36
  },
37
- "keywords": [],
37
+ "keywords": [
38
+ "1auth",
39
+ "OWASP",
40
+ "ASVS",
41
+ "authentication",
42
+ "credentials"
43
+ ],
38
44
  "author": {
39
45
  "name": "1auth contributors",
40
46
  "url": "https://github.com/willfarrell/1auth/graphs/contributors"
@@ -50,6 +56,6 @@
50
56
  "homepage": "https://github.com/willfarrell/1auth",
51
57
  "gitHead": "7a6c0fbb8ab71d6a2171e678697de9f237568431",
52
58
  "dependencies": {
53
- "@1auth/crypto": "0.0.0-beta.0"
59
+ "@1auth/crypto": "0.0.0-beta.2"
54
60
  }
55
61
  }
package/table/dynamodb.js ADDED
@@ -0,0 +1,151 @@
1
+ // Copyright 2003 - 2026 will Farrell, and 1Auth contributors.
2
+ // SPDX-License-Identifier: MIT
3
+ import {
4
+ CreateTableCommand,
5
+ DeleteTableCommand,
6
+ } from "@aws-sdk/client-dynamodb";
7
+
8
+ export const name = "authentications";
9
+ export const timeToLiveKey = "remove";
10
+
11
+ export const create = async (client, table = name) => {
12
+ try {
13
+ await client.send(
14
+ new CreateTableCommand({
15
+ TableName: table,
16
+ AttributeDefinitions: [
17
+ {
18
+ AttributeName: "id",
19
+ AttributeType: "S",
20
+ },
21
+ {
22
+ AttributeName: "sub",
23
+ AttributeType: "S",
24
+ },
25
+ {
26
+ AttributeName: "type",
27
+ AttributeType: "S",
28
+ },
29
+ {
30
+ AttributeName: "digest",
31
+ AttributeType: "S",
32
+ },
33
+ {
34
+ AttributeName: "expire",
35
+ AttributeType: "N",
36
+ },
37
+ ],
38
+ KeySchema: [
39
+ {
40
+ AttributeName: "sub",
41
+ KeyType: "HASH",
42
+ },
43
+ {
44
+ AttributeName: "id",
45
+ KeyType: "RANGE",
46
+ },
47
+ ],
48
+ GlobalSecondaryIndexes: [
49
+ {
50
+ IndexName: "sub",
51
+ KeySchema: [
52
+ {
53
+ AttributeName: "sub",
54
+ KeyType: "HASH",
55
+ },
56
+ {
57
+ AttributeName: "type",
58
+ KeyType: "RANGE",
59
+ },
60
+ ],
61
+ Projection: {
62
+ ProjectionType: "INCLUDE",
63
+ NonKeyAttributes: [
64
+ "id",
65
+ "encryptionKey",
66
+ "value",
67
+ "digest",
68
+ "name",
69
+ "otp",
70
+ "sourceId",
71
+ "create",
72
+ "update",
73
+ "verify",
74
+ "expire",
75
+ "lastused",
76
+ ],
77
+ },
78
+ },
79
+ {
80
+ IndexName: "digest",
81
+ KeySchema: [
82
+ {
83
+ AttributeName: "digest",
84
+ KeyType: "HASH",
85
+ },
86
+ ],
87
+ Projection: {
88
+ ProjectionType: "INCLUDE",
89
+ NonKeyAttributes: [
90
+ "id",
91
+ "sub",
92
+ "encryptionKey",
93
+ "value",
94
+ "name",
95
+ "otp",
96
+ "sourceId",
97
+ "create",
98
+ "update",
99
+ "verify",
100
+ "expire",
101
+ "lastused",
102
+ ],
103
+ },
104
+ },
105
+ {
106
+ IndexName: "expire",
107
+ KeySchema: [
108
+ {
109
+ AttributeName: "type",
110
+ KeyType: "HASH",
111
+ },
112
+ {
113
+ AttributeName: "expire",
114
+ KeyType: "RANGE",
115
+ },
116
+ ],
117
+ Projection: {
118
+ ProjectionType: "INCLUDE",
119
+ NonKeyAttributes: ["sub"],
120
+ },
121
+ },
122
+ ],
123
+ TimeToLiveSpecification: {
124
+ Enabled: true,
125
+ AttributeName: timeToLiveKey,
126
+ },
127
+ BillingMode: "PAY_PER_REQUEST",
128
+ }),
129
+ );
130
+ } catch (e) {
131
+ if (e.message === "Cannot create preexisting table") {
132
+ await truncate(client, table);
133
+ } else {
134
+ console.error("ERROR create", e.message);
135
+ throw e;
136
+ }
137
+ }
138
+ };
139
+
140
+ export const truncate = async (client, table = name) => {
141
+ await drop(client, table);
142
+ await create(client, table);
143
+ };
144
+
145
+ export const drop = async (client, table = name) => {
146
+ await client.send(
147
+ new DeleteTableCommand({
148
+ TableName: table,
149
+ }),
150
+ );
151
+ };
package/table/sql.js ADDED
@@ -0,0 +1,46 @@
1
+ // Copyright 2003 - 2026 will Farrell, and 1Auth contributors.
2
+ // SPDX-License-Identifier: MIT
3
+ export const name = "authentications";
4
+ export const timeToLiveKey = "remove";
5
+ export const create = async (client, table = name) => {
6
+ const sql = `
7
+ CREATE TABLE IF NOT EXISTS ${table}
8
+ (
9
+ "id" VARCHAR(19) NOT NULL, -- prefix (authn_) + entropy (11)
10
+ "sub" VARCHAR(15) NOT NULL, -- prefix (sub_) + entropy (11)
11
+ "type" VARCHAR(32) NOT NULL,
12
+
13
+ "encryptionKey" VARCHAR(256) NOT NULL,
14
+ "value" VARCHAR(2048) DEFAULT NULL,
15
+ "digest" VARCHAR(73) DEFAULT NULL, -- of value
16
+
17
+ "name" VARCHAR(128) DEFAULT NULL,
18
+ "otp" BOOLEAN DEFAULT FALSE,
19
+ "sourceId" VARCHAR(32) DEFAULT NULL,
20
+ "lastused" TIMESTAMP WITH TIME ZONE DEFAULT NULL,
21
+
22
+ "create" TIMESTAMP WITH TIME ZONE DEFAULT NULL, -- postges: DEFAULT NOW(), sqlite: DEFAULT CURRENT_TIME,
23
+ "update" TIMESTAMP WITH TIME ZONE DEFAULT NULL, -- NOW()
24
+ "verify" TIMESTAMP WITH TIME ZONE DEFAULT NULL,
25
+ "expire" TIMESTAMP WITH TIME ZONE DEFAULT NULL,
26
+ "${timeToLiveKey}" TIMESTAMP WITH TIME ZONE DEFAULT NULL,
27
+
28
+ CONSTRAINT ${table}_pkey PRIMARY KEY ("id")
29
+ );
30
+ `;
31
+ return await client.query(sql);
32
+ };
33
+
34
+ export const truncate = async (client, table = name) => {
35
+ const sql = `
36
+ DELETE FROM ${table};
37
+ `;
38
+ return await client.query(sql);
39
+ };
40
+
41
+ export const drop = async (client, table = name) => {
42
+ const sql = `
43
+ DROP TABLE ${table};
44
+ `;
45
+ return await client.query(sql);
46
+ };