@adonisjs/core 6.15.2 → 6.16.0

package/build/commands/test.js

@@ -80,6 +80,7 @@ export default class Test extends BaseCommand {
      * Runs tests
      */
     async run() {
+        process.env.NODE_ENV = 'test';
         const assembler = await importAssembler(this.app);
         if (!assembler) {
             this.#logMissingDevelopmentDependency('@adonisjs/assembler');
@@ -108,6 +109,9 @@ export default class Test extends BaseCommand {
                     files: suite.files,
                 };
             }),
+            env: {
+                NODE_ENV: 'test',
+            },
             metaFiles: this.app.rcFile.metaFiles,
         });
         /**

package/build/src/helpers/main.d.ts

@@ -1,4 +1,5 @@
 export { parseImports } from 'parse-imports';
 export { createId as cuid, isCuid } from '@paralleldrive/cuid2';
 export { slash, base64, compose, Secret, joinToURL, fsReadAll, safeEqual, getDirname, getFilename, fsImportAll, MessageBuilder, } from '@poppinss/utils';
+export { VerificationToken } from './verification_token.js';
 export { parseBindingReference } from './parse_binding_reference.js';

package/build/src/helpers/main.js

@@ -9,4 +9,5 @@
 export { parseImports } from 'parse-imports';
 export { createId as cuid, isCuid } from '@paralleldrive/cuid2';
 export { slash, base64, compose, Secret, joinToURL, fsReadAll, safeEqual, getDirname, getFilename, fsImportAll, MessageBuilder, } from '@poppinss/utils';
+export { VerificationToken } from './verification_token.js';
 export { parseBindingReference } from './parse_binding_reference.js';

package/build/src/helpers/verification_token.d.ts

@@ -0,0 +1,79 @@
+import { Secret } from '@poppinss/utils';
+/**
+ * Verification token class can be used to create tokens publicly
+ * shareable tokens while storing the token hash within the database.
+ *
+ * This class is used by the Auth and the Persona packages to manage
+ * tokens
+ */
+export declare abstract class VerificationToken {
+    /**
+     * Decodes a publicly shared token and return the series
+     * and the token value from it.
+     *
+     * Returns null when unable to decode the token because of
+     * invalid format or encoding.
+     */
+    static decode(value: string): null | {
+        identifier: string;
+        secret: Secret<string>;
+    };
+    /**
+     * Creates a transient token that can be shared with the persistence
+     * layer.
+     */
+    static createTransientToken(userId: string | number | BigInt, size: number, expiresIn: string | number): {
+        secret: Secret<string>;
+        hash: string;
+        userId: string | number | BigInt;
+        expiresAt: Date;
+    };
+    /**
+     * Creates a secret opaque token and its hash.
+     */
+    static seed(size: number): {
+        secret: Secret<string>;
+        hash: string;
+    };
+    /**
+     * Identifer is a unique sequence to identify the
+     * token within database. It should be the
+     * primary/unique key
+     */
+    identifier: string | number | BigInt;
+    /**
+     * Reference to the user id for whom the token
+     * is generated.
+     */
+    tokenableId: string | number | BigInt;
+    /**
+     * Hash is computed from the seed to later verify the validity
+     * of seed
+     */
+    hash: string;
+    /**
+     * Timestamp at which the token will expire
+     */
+    expiresAt: Date;
+    /**
+     * The value is a public representation of a token. It is created
+     * by combining the "identifier"."secret" via the "computeValue"
+     * method
+     */
+    value?: Secret<string>;
+    /**
+     * Compute the value property using the given secret. You can
+     * get secret via the static "createTransientToken" method.
+     */
+    protected computeValue(secret: Secret<string>): void;
+    /**
+     * Check if the token has been expired. Verifies
+     * the "expiresAt" timestamp with the current
+     * date.
+     */
+    isExpired(): boolean;
+    /**
+     * Verifies the value of a token against the pre-defined hash
+     */
+    verify(secret: Secret<string>): boolean;
+}

package/build/src/helpers/verification_token.js

@@ -0,0 +1,98 @@
+/*
+ * @adonisjs/core
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+import { createHash } from 'node:crypto';
+import string from '@poppinss/utils/string';
+import { base64, safeEqual, Secret } from '@poppinss/utils';
+/**
+ * Verification token class can be used to create tokens publicly
+ * shareable tokens while storing the token hash within the database.
+ *
+ * This class is used by the Auth and the Persona packages to manage
+ * tokens
+ */
+export class VerificationToken {
+    /**
+     * Decodes a publicly shared token and return the series
+     * and the token value from it.
+     *
+     * Returns null when unable to decode the token because of
+     * invalid format or encoding.
+     */
+    static decode(value) {
+        /**
+         * Ensure value is a string and starts with the prefix.
+         */
+        if (typeof value !== 'string') {
+            return null;
+        }
+        /**
+         * Remove prefix from the rest of the token.
+         */
+        if (!value) {
+            return null;
+        }
+        const [identifier, ...tokenValue] = value.split('.');
+        if (!identifier || tokenValue.length === 0) {
+            return null;
+        }
+        const decodedIdentifier = base64.urlDecode(identifier);
+        const decodedSecret = base64.urlDecode(tokenValue.join('.'));
+        if (!decodedIdentifier || !decodedSecret) {
+            return null;
+        }
+        return {
+            identifier: decodedIdentifier,
+            secret: new Secret(decodedSecret),
+        };
+    }
+    /**
+     * Creates a transient token that can be shared with the persistence
+     * layer.
+     */
+    static createTransientToken(userId, size, expiresIn) {
+        const expiresAt = new Date();
+        expiresAt.setSeconds(expiresAt.getSeconds() + string.seconds.parse(expiresIn));
+        return {
+            userId,
+            expiresAt,
+            ...this.seed(size),
+        };
+    }
+    /**
+     * Creates a secret opaque token and its hash.
+     */
+    static seed(size) {
+        const seed = string.random(size);
+        const secret = new Secret(seed);
+        const hash = createHash('sha256').update(secret.release()).digest('hex');
+        return { secret, hash };
+    }
+    /**
+     * Compute the value property using the given secret. You can
+     * get secret via the static "createTransientToken" method.
+     */
+    computeValue(secret) {
+        this.value = new Secret(`${base64.urlEncode(String(this.identifier))}.${base64.urlEncode(secret.release())}`);
+    }
+    /**
+     * Check if the token has been expired. Verifies
+     * the "expiresAt" timestamp with the current
+     * date.
+     */
+    isExpired() {
+        return this.expiresAt < new Date();
+    }
+    /**
+     * Verifies the value of a token against the pre-defined hash
+     */
+    verify(secret) {
+        const newHash = createHash('sha256').update(secret.release()).digest('hex');
+        return safeEqual(this.hash, newHash);
+    }
+}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@adonisjs/core",
   "description": "Core of AdonisJS",
-  "version": "6.15.2",
+  "version": "6.16.0",
   "engines": {
     "node": ">=20.6.0"
   },
@@ -94,7 +94,7 @@
     "@japa/runner": "^3.1.4",
     "@japa/snapshot": "^2.0.6",
     "@release-it/conventional-changelog": "^9.0.3",
-    "@swc/core": "1.9.3",
+    "@swc/core": "1.10.0",
     "@types/node": "^22.10.1",
     "@types/pretty-hrtime": "^1.0.3",
     "@types/sinon": "^17.0.3",
@@ -113,11 +113,12 @@
     "get-port": "^7.1.0",
     "github-label-sync": "^2.3.1",
     "husky": "^9.1.7",
-    "prettier": "^3.4.1",
+    "prettier": "^3.4.2",
     "release-it": "^17.10.0",
     "sinon": "^19.0.2",
     "supertest": "^7.0.0",
     "test-console": "^2.0.0",
+    "timekeeper": "^2.3.1",
     "ts-node-maintained": "^10.9.4",
     "typescript": "^5.7.2"
   },