@1auth/authn 0.0.0-beta.1 → 0.0.0-beta.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +44 -0
  2. package/index.js +16 -40
  3. package/package.json +16 -10
  4. package/table/dynamodb.js +151 -0
  5. package/table/sql.js +46 -0
package/README.md ADDED
@@ -0,0 +1,44 @@
1
+ <div align="center">
2
+ <h1>@1auth/authn</h1>
3
+ <!--<img alt="1auth logo" src="https://raw.githubusercontent.com/willfarrell/1auth/main/docs/img/logo.svg"/>-->
4
+ <p><strong>Core authentication module with multi-factor authentication support</strong></p>
5
+ <p>
6
+ <a href="https://github.com/willfarrell/1auth/actions/workflows/test-unit.yml"><img src="https://github.com/willfarrell/1auth/actions/workflows/test-unit.yml/badge.svg" alt="GitHub Actions unit test status"></a>
7
+ <a href="https://github.com/willfarrell/1auth/actions/workflows/test-dast.yml"><img src="https://github.com/willfarrell/1auth/actions/workflows/test-dast.yml/badge.svg" alt="GitHub Actions dast test status"></a>
8
+ <a href="https://github.com/willfarrell/1auth/actions/workflows/test-perf.yml"><img src="https://github.com/willfarrell/1auth/actions/workflows/test-perf.yml/badge.svg" alt="GitHub Actions perf test status"></a>
9
+ <a href="https://github.com/willfarrell/1auth/actions/workflows/test-sast.yml"><img src="https://github.com/willfarrell/1auth/actions/workflows/test-sast.yml/badge.svg" alt="GitHub Actions SAST test status"></a>
10
+ <a href="https://github.com/willfarrell/1auth/actions/workflows/test-lint.yml"><img src="https://github.com/willfarrell/1auth/actions/workflows/test-lint.yml/badge.svg" alt="GitHub Actions lint test status"></a>
11
+ <br/>
12
+ <a href="https://www.npmjs.com/package/@1auth/authn"><img alt="npm version" src="https://img.shields.io/npm/v/@1auth/authn.svg"></a>
13
+ <a href="https://packagephobia.com/result?p=@1auth/authn"><img src="https://packagephobia.com/badge?p=@1auth/authn" alt="npm install size"></a>
14
+ <a href="https://www.npmjs.com/package/@1auth/authn">
15
+ <img alt="npm weekly downloads" src="https://img.shields.io/npm/dw/@1auth/authn.svg"></a>
16
+ <a href="https://www.npmjs.com/package/@1auth/authn#provenance">
17
+ <img alt="npm provenance" src="https://img.shields.io/badge/provenance-Yes-brightgreen"></a>
18
+ <br/>
19
+ <a href="https://scorecard.dev/viewer/?uri=github.com/willfarrell/1auth"><img src="https://api.scorecard.dev/projects/github.com/willfarrell/1auth/badge" alt="Open Source Security Foundation (OpenSSF) Scorecard"></a>
20
+ <a href="https://slsa.dev"><img src="https://slsa.dev/images/gh-badge-level3.svg" alt="SLSA 3"></a>
21
+ <a href="https://github.com/willfarrell/1auth/blob/main/docs/CODE_OF_CONDUCT.md"><img src="https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg"></a>
22
+ <a href="https://biomejs.dev"><img alt="Checked with Biome" src="https://img.shields.io/badge/Checked_with-Biome-60a5fa?style=flat&logo=biome"></a>
23
+ <a href="https://conventionalcommits.org"><img alt="Conventional Commits" src="https://img.shields.io/badge/Conventional%20Commits-1.0.0-%23FE5196?logo=conventionalcommits&logoColor=white"></a>
24
+ </p>
25
+ <p>You can read the documentation at: <a href="https://1auth.js.org">https://1auth.js.org</a></p>
26
+ </div>
27
+
28
+ ## Install
29
+
30
+ ```bash
31
+ npm install @1auth/authn
32
+ ```
33
+
34
+ ## Documentation and examples
35
+
36
+ For documentation and examples, refer to the main [1auth monorepo on GitHub](https://github.com/willfarrell/1auth) or the [1auth website](https://1auth.js.org).
37
+
38
+ ## Contributing
39
+
40
+ Everyone is very welcome to contribute to this repository. Feel free to [raise issues](https://github.com/willfarrell/1auth/issues) or to [submit Pull Requests](https://github.com/willfarrell/1auth/pulls).
41
+
42
+ ## License
43
+
44
+ Licensed under [MIT License](LICENSE). Copyright (c) 2020-2026 [will Farrell](https://github.com/willfarrell) and [contributors](https://github.com/willfarrell/1auth/graphs/contributors).
package/index.js CHANGED
@@ -3,6 +3,7 @@
3
3
  import { setTimeout } from "node:timers/promises";
4
4
  import {
5
5
  makeRandomConfigObject,
6
+ nowInSeconds,
6
7
  symmetricDecryptFields,
7
8
  symmetricEncryptFields,
8
9
  symmetricGenerateEncryptionKey,
@@ -35,19 +36,9 @@ export default (opt = {}) => {
35
36
  };
36
37
  export const getOptions = () => options;
37
38
 
38
- // export const exists = async (credentialOptions, sub, params) => {
39
- // const type = makeType(credentialOptions);
40
- // const list = await options.store.selectList(options.table, {
41
- // ...params,
42
- // sub,
43
- // type,
44
- // });
45
- // return list.length > 1;
46
- // };
47
-
48
39
  export const count = async (credentialOptions, sub) => {
49
40
  if (!sub || typeof sub !== "string") {
50
- throw new Error("401 Unauthorized", { cause: { sub, id } });
41
+ throw new Error("401 Unauthorized", { cause: { sub } });
51
42
  }
52
43
  const type = makeType(credentialOptions);
53
44
  const credentials = await options.store.selectList(
@@ -72,7 +63,7 @@ export const count = async (credentialOptions, sub) => {
72
63
 
73
64
  export const list = async (credentialOptions, sub, params, fields) => {
74
65
  if (!sub || typeof sub !== "string") {
75
- throw new Error("401 Unauthorized", { cause: { sub, id } });
66
+ throw new Error("401 Unauthorized", { cause: { sub } });
76
67
  }
77
68
  const type = makeType(credentialOptions);
78
69
  const items = await options.store.selectList(
@@ -84,14 +75,13 @@ export const list = async (credentialOptions, sub, params, fields) => {
84
75
  },
85
76
  fields,
86
77
  );
87
- // const now = nowInSeconds();
78
+ const now = nowInSeconds();
88
79
  const list = [];
89
80
  for (let i = items.length; i--; ) {
90
81
  const item = items[i];
91
- // TODO need filter for expire
92
- // if (credential.expire < now) {
93
- // continue;
94
- // }
82
+ if (item.expire && item.expire < now) {
83
+ continue;
84
+ }
95
85
  const { encryptionKey: encryptedKey } = item;
96
86
  item.encryptionKey = undefined;
97
87
  const decryptedItem = symmetricDecryptFields(
@@ -167,11 +157,7 @@ export const update = async (
167
157
  credentialOptions,
168
158
  { id, sub, encryptionKey, encryptedKey, value, ...values },
169
159
  ) => {
170
- // if (!sub || typeof sub !== "string") {
171
- // throw new Error("401 Unauthorized", { cause: { sub } });
172
- // }
173
160
  const now = nowInSeconds();
174
- // const type = makeType(credentialOptions);
175
161
 
176
162
  const encodedValue = await credentialOptions.encode(value);
177
163
 
@@ -181,7 +167,7 @@ export const update = async (
181
167
  options.encryptedFields,
182
168
  );
183
169
 
184
- return options.store.update(
170
+ return await options.store.update(
185
171
  options.table,
186
172
  { sub, id },
187
173
  {
@@ -192,7 +178,7 @@ export const update = async (
192
178
  };
193
179
 
194
180
  export const subject = async (username) => {
195
- return Promise.all(
181
+ return await Promise.all(
196
182
  options.usernameExists.map((exists) => {
197
183
  return exists(username);
198
184
  }),
@@ -256,7 +242,6 @@ export const authenticate = async (credentialOptions, username, secret) => {
256
242
  if (otp) {
257
243
  await expire(credentialOptions, sub, id, { lastused: now });
258
244
  } else {
259
- const now = nowInSeconds();
260
245
  await options.store.update(
261
246
  options.table,
262
247
  { id, sub },
@@ -292,7 +277,6 @@ export const verifySecret = async (_credentialOptions, sub, id) => {
292
277
  if (!id || typeof id !== "string") {
293
278
  throw new Error("404 Not Found", { cause: { sub, id } });
294
279
  }
295
- // const type = makeType(credentialOptions);
296
280
  const now = nowInSeconds();
297
281
  await options.store.update(
298
282
  options.table,
@@ -301,7 +285,6 @@ export const verifySecret = async (_credentialOptions, sub, id) => {
301
285
  );
302
286
  };
303
287
 
304
- // TODO add in sourceId as filter for messengers
305
288
  export const verify = async (credentialOptions, sub, input) => {
306
289
  const timeout = setTimeout(options.authenticationDuration);
307
290
  if (!sub || typeof sub !== "string") {
@@ -315,11 +298,12 @@ export const verify = async (credentialOptions, sub, input) => {
315
298
  }
316
299
 
317
300
  const type = makeType(credentialOptions);
301
+ const filters = { sub, type };
302
+ if (credentialOptions.sourceId) {
303
+ filters.sourceId = credentialOptions.sourceId;
304
+ }
318
305
 
319
- const credentials = await options.store.selectList(options.table, {
320
- sub,
321
- type,
322
- });
306
+ const credentials = await options.store.selectList(options.table, filters);
323
307
 
324
308
  const now = nowInSeconds();
325
309
  let valid;
@@ -327,7 +311,7 @@ export const verify = async (credentialOptions, sub, input) => {
327
311
  let skipExpiredCount = 0;
328
312
  for (credential of credentials) {
329
313
  // skip expired
330
- if (credential.expire < now) {
314
+ if (credential.expire && credential.expire < now) {
331
315
  skipExpiredCount += 1;
332
316
  continue;
333
317
  }
@@ -378,7 +362,6 @@ export const expire = async (_credentialOptions, sub, id, values = {}) => {
378
362
  if (!id || typeof id !== "string") {
379
363
  throw new Error("404 Not Found", { cause: { sub, id } });
380
364
  }
381
- // const type = makeType(credentialOptions);
382
365
  await options.store.update(
383
366
  options.table,
384
367
  { sub, id },
@@ -428,12 +411,5 @@ export const select = async (credentialOptions, sub, id) => {
428
411
  return decryptedItem;
429
412
  };
430
413
 
431
- // TODO manage onboard state
432
-
433
- // TODO save notification settings
434
-
435
- // TODO authorize management?
436
-
437
- const makeType = (credentialOptions) =>
414
+ export const makeType = (credentialOptions) =>
438
415
  `${credentialOptions.id}-${credentialOptions.type}`;
439
- const nowInSeconds = () => Math.floor(Date.now() / 1000);
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@1auth/authn",
3
- "version": "0.0.0-beta.1",
4
- "description": "",
3
+ "version": "0.0.0-beta.3",
4
+ "description": "Core authentication module with multi-factor authentication support",
5
5
  "type": "module",
6
6
  "engines": {
7
7
  "node": ">=24"
@@ -12,18 +12,18 @@
12
12
  },
13
13
  "main": "./index.js",
14
14
  "module": "./index.js",
15
+ "sideEffects": false,
15
16
  "exports": {
16
17
  ".": {
17
- "import": {
18
- "types": "./index.d.ts",
19
- "default": "./index.js"
20
- }
18
+ "import": "./index.js"
19
+ },
20
+ "./table/*": {
21
+ "import": "./table/*"
21
22
  }
22
23
  },
23
- "types": "index.d.ts",
24
24
  "files": [
25
25
  "index.js",
26
- "index.d.ts"
26
+ "table"
27
27
  ],
28
28
  "scripts": {
29
29
  "test": "npm run test:unit",
@@ -34,7 +34,13 @@
34
34
  "type": "github",
35
35
  "url": "https://github.com/sponsors/willfarrell"
36
36
  },
37
- "keywords": [],
37
+ "keywords": [
38
+ "1auth",
39
+ "OWASP",
40
+ "ASVS",
41
+ "authentication",
42
+ "credentials"
43
+ ],
38
44
  "author": {
39
45
  "name": "1auth contributors",
40
46
  "url": "https://github.com/willfarrell/1auth/graphs/contributors"
@@ -50,6 +56,6 @@
50
56
  "homepage": "https://github.com/willfarrell/1auth",
51
57
  "gitHead": "7a6c0fbb8ab71d6a2171e678697de9f237568431",
52
58
  "dependencies": {
53
- "@1auth/crypto": "0.0.0-beta.1"
59
+ "@1auth/crypto": "0.0.0-beta.3"
54
60
  }
55
61
  }
package/table/dynamodb.js ADDED
@@ -0,0 +1,151 @@
1
+ // Copyright 2003 - 2026 will Farrell, and 1Auth contributors.
2
+ // SPDX-License-Identifier: MIT
3
+ import {
4
+ CreateTableCommand,
5
+ DeleteTableCommand,
6
+ } from "@aws-sdk/client-dynamodb";
7
+
8
+ export const name = "authentications";
9
+ export const timeToLiveKey = "remove";
10
+
11
+ export const create = async (client, table = name) => {
12
+ try {
13
+ await client.send(
14
+ new CreateTableCommand({
15
+ TableName: table,
16
+ AttributeDefinitions: [
17
+ {
18
+ AttributeName: "id",
19
+ AttributeType: "S",
20
+ },
21
+ {
22
+ AttributeName: "sub",
23
+ AttributeType: "S",
24
+ },
25
+ {
26
+ AttributeName: "type",
27
+ AttributeType: "S",
28
+ },
29
+ {
30
+ AttributeName: "digest",
31
+ AttributeType: "S",
32
+ },
33
+ {
34
+ AttributeName: "expire",
35
+ AttributeType: "N",
36
+ },
37
+ ],
38
+ KeySchema: [
39
+ {
40
+ AttributeName: "sub",
41
+ KeyType: "HASH",
42
+ },
43
+ {
44
+ AttributeName: "id",
45
+ KeyType: "RANGE",
46
+ },
47
+ ],
48
+ GlobalSecondaryIndexes: [
49
+ {
50
+ IndexName: "sub",
51
+ KeySchema: [
52
+ {
53
+ AttributeName: "sub",
54
+ KeyType: "HASH",
55
+ },
56
+ {
57
+ AttributeName: "type",
58
+ KeyType: "RANGE",
59
+ },
60
+ ],
61
+ Projection: {
62
+ ProjectionType: "INCLUDE",
63
+ NonKeyAttributes: [
64
+ "id",
65
+ "encryptionKey",
66
+ "value",
67
+ "digest",
68
+ "name",
69
+ "otp",
70
+ "sourceId",
71
+ "create",
72
+ "update",
73
+ "verify",
74
+ "expire",
75
+ "lastused",
76
+ ],
77
+ },
78
+ },
79
+ {
80
+ IndexName: "digest",
81
+ KeySchema: [
82
+ {
83
+ AttributeName: "digest",
84
+ KeyType: "HASH",
85
+ },
86
+ ],
87
+ Projection: {
88
+ ProjectionType: "INCLUDE",
89
+ NonKeyAttributes: [
90
+ "id",
91
+ "sub",
92
+ "encryptionKey",
93
+ "value",
94
+ "name",
95
+ "otp",
96
+ "sourceId",
97
+ "create",
98
+ "update",
99
+ "verify",
100
+ "expire",
101
+ "lastused",
102
+ ],
103
+ },
104
+ },
105
+ {
106
+ IndexName: "expire",
107
+ KeySchema: [
108
+ {
109
+ AttributeName: "type",
110
+ KeyType: "HASH",
111
+ },
112
+ {
113
+ AttributeName: "expire",
114
+ KeyType: "RANGE",
115
+ },
116
+ ],
117
+ Projection: {
118
+ ProjectionType: "INCLUDE",
119
+ NonKeyAttributes: ["sub"],
120
+ },
121
+ },
122
+ ],
123
+ TimeToLiveSpecification: {
124
+ Enabled: true,
125
+ AttributeName: timeToLiveKey,
126
+ },
127
+ BillingMode: "PAY_PER_REQUEST",
128
+ }),
129
+ );
130
+ } catch (e) {
131
+ if (e.message === "Cannot create preexisting table") {
132
+ await truncate(client, table);
133
+ } else {
134
+ console.error("ERROR create", e.message);
135
+ throw e;
136
+ }
137
+ }
138
+ };
139
+
140
+ export const truncate = async (client, table = name) => {
141
+ await drop(client, table);
142
+ await create(client, table);
143
+ };
144
+
145
+ export const drop = async (client, table = name) => {
146
+ await client.send(
147
+ new DeleteTableCommand({
148
+ TableName: table,
149
+ }),
150
+ );
151
+ };
package/table/sql.js ADDED
@@ -0,0 +1,46 @@
1
+ // Copyright 2003 - 2026 will Farrell, and 1Auth contributors.
2
+ // SPDX-License-Identifier: MIT
3
+ export const name = "authentications";
4
+ export const timeToLiveKey = "remove";
5
+ export const create = async (client, table = name) => {
6
+ const sql = `
7
+ CREATE TABLE IF NOT EXISTS ${table}
8
+ (
9
+ "id" VARCHAR(19) NOT NULL, -- prefix (authn_) + entropy (11)
10
+ "sub" VARCHAR(15) NOT NULL, -- prefix (sub_) + entropy (11)
11
+ "type" VARCHAR(32) NOT NULL,
12
+
13
+ "encryptionKey" VARCHAR(256) NOT NULL,
14
+ "value" VARCHAR(2048) DEFAULT NULL,
15
+ "digest" VARCHAR(73) DEFAULT NULL, -- of value
16
+
17
+ "name" VARCHAR(128) DEFAULT NULL,
18
+ "otp" BOOLEAN DEFAULT FALSE,
19
+ "sourceId" VARCHAR(32) DEFAULT NULL,
20
+ "lastused" TIMESTAMP WITH TIME ZONE DEFAULT NULL,
21
+
22
+ "create" TIMESTAMP WITH TIME ZONE DEFAULT NULL, -- postges: DEFAULT NOW(), sqlite: DEFAULT CURRENT_TIME,
23
+ "update" TIMESTAMP WITH TIME ZONE DEFAULT NULL, -- NOW()
24
+ "verify" TIMESTAMP WITH TIME ZONE DEFAULT NULL,
25
+ "expire" TIMESTAMP WITH TIME ZONE DEFAULT NULL,
26
+ "${timeToLiveKey}" TIMESTAMP WITH TIME ZONE DEFAULT NULL,
27
+
28
+ CONSTRAINT ${table}_pkey PRIMARY KEY ("id")
29
+ );
30
+ `;
31
+ return await client.query(sql);
32
+ };
33
+
34
+ export const truncate = async (client, table = name) => {
35
+ const sql = `
36
+ DELETE FROM ${table};
37
+ `;
38
+ return await client.query(sql);
39
+ };
40
+
41
+ export const drop = async (client, table = name) => {
42
+ const sql = `
43
+ DROP TABLE ${table};
44
+ `;
45
+ return await client.query(sql);
46
+ };