@alexdevco/passport 1.0.3 → 1.0.5

package/dist/constants/algorithm.constants.d.ts

@@ -0,0 +1,4 @@
+export declare const JWTStrategy: {
+    readonly HS256: "HS256";
+    readonly RS256: "RS256";
+};

package/dist/constants/algorithm.constants.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JWTStrategy = void 0;
+exports.JWTStrategy = {
+    HS256: 'HS256',
+    RS256: 'RS256'
+};

package/dist/constants/index.d.ts

@@ -1 +1,2 @@
 export * from './passport.constants';
+export * from './algorithm.constants';

package/dist/constants/index.js

@@ -15,3 +15,4 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./passport.constants"), exports);
+__exportStar(require("./algorithm.constants"), exports);

package/dist/index.d.ts

@@ -1,3 +1,4 @@
 export * from './interfaces';
 export * from './passport.module';
 export * from './passport.service';
+export * from './constants';

package/dist/index.js

@@ -17,3 +17,4 @@ Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./interfaces"), exports);
 __exportStar(require("./passport.module"), exports);
 __exportStar(require("./passport.service"), exports);
+__exportStar(require("./constants"), exports);

package/dist/interfaces/ jwt.interface.d.ts

@@ -0,0 +1,5 @@
+import type { IPayload, IVerifyResult } from './token.interface';
+export interface IJWTStrategy {
+    generate(payload: IPayload): string;
+    verify(token: string): IVerifyResult;
+}

package/dist/interfaces/ jwt.interface.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/interfaces/passport-options.interface.d.ts

@@ -1,3 +1,5 @@
 export interface IPassportOptions {
     secretKey: string;
+    publicKey?: string;
+    strategy: string;
 }

package/dist/interfaces/token.interface.d.ts

@@ -1,8 +1,15 @@
-export interface ITokenPayload {
+export interface IPayload {
     sub: string | number;
+    name: string;
+    iat: number;
+    exp: number;
+}
+export interface IHeader {
+    alg: string;
+    typ: string;
 }
 export interface IVerifyResult {
     valid: boolean;
     reason?: string;
-    payload?: ITokenPayload;
+    payload?: IPayload;
 }

package/dist/passport.service.d.ts

@@ -1,13 +1,10 @@
-import { IPassportOptions, ITokenPayload, IVerifyResult } from './interfaces';
+import { IPassportOptions, IPayload, IVerifyResult } from './interfaces';
 export declare class PassportService {
     private readonly options;
     private readonly SECRET_KEY;
-    private static readonly HMAC_DOMAIN;
-    private static readonly INTERNAL_SEPARATOR;
+    private readonly PUBLIC_KEY;
+    private readonly strategy;
     constructor(options: IPassportOptions);
-    private now;
-    private serialize;
-    private computeHmac;
-    generate(payload: ITokenPayload, ttl: number): string;
+    generate(payload: IPayload): string;
     verify(token: string): IVerifyResult;
 }

package/dist/passport.service.js

@@ -11,62 +11,31 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 var __param = (this && this.__param) || function (paramIndex, decorator) {
     return function (target, key) { decorator(target, key, paramIndex); }
 };
-var PassportService_1;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PassportService = void 0;
 const common_1 = require("@nestjs/common");
-const crypto_1 = require("crypto");
 const constants_1 = require("./constants");
 const utils_1 = require("./utils");
 let PassportService = class PassportService {
-    static { PassportService_1 = this; }
     options;
     SECRET_KEY;
-    static HMAC_DOMAIN = 'PassportTokenAuth/v1';
-    static INTERNAL_SEPARATOR = '|';
+    PUBLIC_KEY;
+    strategy;
     constructor(options) {
         this.options = options;
         this.SECRET_KEY = options.secretKey;
+        this.PUBLIC_KEY = options.publicKey;
+        this.strategy = (0, utils_1.getStrategy)(options.strategy, this.SECRET_KEY, this.PUBLIC_KEY);
     }
-    now() {
-        return Math.floor(Date.now() / 1000);
-    }
-    serialize(user, iat, exp) {
-        return [PassportService_1.HMAC_DOMAIN, user, iat, exp].join(PassportService_1.INTERNAL_SEPARATOR);
-    }
-    computeHmac(data) {
-        return (0, crypto_1.createHmac)('sha256', this.SECRET_KEY).update(data).digest('hex');
-    }
-    generate(payload, ttl) {
-        const issuedAt = this.now();
-        const expiresAt = issuedAt + ttl;
-        const userPart = (0, utils_1.base64UrlEncode)(JSON.stringify(payload));
-        const iatPart = (0, utils_1.base64UrlEncode)(String(issuedAt));
-        const expPart = (0, utils_1.base64UrlEncode)(String(expiresAt));
-        const serialized = this.serialize(userPart, iatPart, expPart);
-        const mac = this.computeHmac(serialized);
-        return [userPart, iatPart, expPart, mac].join('.');
+    generate(payload) {
+        return this.strategy.generate(payload);
     }
     verify(token) {
-        const parts = token.split('.');
-        if (parts.length !== 4)
-            return { valid: false, reason: 'Invalid format' };
-        const [userPart, iatPart, expPart, mac] = parts;
-        const serialized = this.serialize(userPart, iatPart, expPart);
-        const expectedMac = this.computeHmac(serialized);
-        if (!(0, utils_1.constantTimeEqual)(expectedMac, mac))
-            return { valid: false, reason: 'Invalid signature' };
-        const expNumber = Number((0, utils_1.base64UrlDecode)(expPart));
-        if (!Number.isFinite(expNumber))
-            return { valid: false, reason: 'Error' };
-        if (this.now() > expNumber)
-            return { valid: false, reason: 'Expired' };
-        const payload = JSON.parse((0, utils_1.base64UrlDecode)(userPart));
-        return { valid: true, payload };
+        return this.strategy.verify(token);
     }
 };
 exports.PassportService = PassportService;
-exports.PassportService = PassportService = PassportService_1 = __decorate([
+exports.PassportService = PassportService = __decorate([
     (0, common_1.Injectable)(),
     __param(0, (0, common_1.Inject)(constants_1.PASSPORT_OPTIONS)),
     __metadata("design:paramtypes", [Object])

package/dist/strategies/hs256.strategy.d.ts

@@ -0,0 +1,12 @@
+import { IPayload, IVerifyResult } from '../interfaces';
+import { IJWTStrategy } from '../interfaces/ jwt.interface';
+export declare class HS256Strategy implements IJWTStrategy {
+    private readonly SECRET_KEY;
+    private static readonly INTERNAL_SEPARATOR;
+    private static readonly JWT_ALG;
+    private static readonly PARTS_LENGTH;
+    constructor(secret: string);
+    generate(payload: IPayload): string;
+    verify(token: string): IVerifyResult;
+    private computeHmac;
+}

package/dist/strategies/hs256.strategy.js

@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HS256Strategy = void 0;
+const crypto_1 = require("crypto");
+const utils_1 = require("../utils");
+class HS256Strategy {
+    SECRET_KEY;
+    static INTERNAL_SEPARATOR = '.';
+    static JWT_ALG = 'HS256';
+    static PARTS_LENGTH = 3;
+    constructor(secret) {
+        this.SECRET_KEY = secret;
+    }
+    generate(payload) {
+        const header = { alg: HS256Strategy.JWT_ALG, typ: 'JWT' };
+        const headerB64 = (0, utils_1.base64UrlEncode)(JSON.stringify(header));
+        const payloadB64 = (0, utils_1.base64UrlEncode)(JSON.stringify(payload));
+        const serialized = (0, utils_1.serialize)([headerB64, payloadB64], HS256Strategy.INTERNAL_SEPARATOR);
+        const mac = this.computeHmac(serialized);
+        return (0, utils_1.serialize)([serialized, mac], HS256Strategy.INTERNAL_SEPARATOR);
+    }
+    verify(token) {
+        const parts = token.split(HS256Strategy.INTERNAL_SEPARATOR);
+        if (parts.length !== HS256Strategy.PARTS_LENGTH) {
+            return { valid: false, reason: 'Invalid format' };
+        }
+        const [headerB64, payloadB64, mac] = parts;
+        const serialized = (0, utils_1.serialize)([headerB64, payloadB64], HS256Strategy.INTERNAL_SEPARATOR);
+        const expectedMac = this.computeHmac(serialized);
+        if (!(0, utils_1.constantTimeEqual)(expectedMac, mac)) {
+            return { valid: false, reason: 'Invalid signature' };
+        }
+        const parsed = JSON.parse((0, utils_1.base64UrlDecode)(payloadB64));
+        if (!(0, utils_1.isPayload)(parsed))
+            return { valid: false, reason: 'Invalid payload stucture' };
+        const payload = parsed;
+        if (!Number.isFinite(payload.exp))
+            return { valid: false, reason: 'Expired error format' };
+        if ((0, utils_1.now)() > payload.exp)
+            return { valid: false, reason: 'Token is expired' };
+        return { valid: true, payload };
+    }
+    computeHmac(data) {
+        return (0, crypto_1.createHmac)('sha256', this.SECRET_KEY).update(data).digest('hex');
+    }
+}
+exports.HS256Strategy = HS256Strategy;

package/dist/strategies/index.d.ts

@@ -0,0 +1,2 @@
+export * from './hs256.strategy';
+export * from './rs256.strategy';

package/dist/strategies/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./hs256.strategy"), exports);
+__exportStar(require("./rs256.strategy"), exports);

package/dist/strategies/rs256.strategy.d.ts

@@ -0,0 +1,13 @@
+import { IPayload, IVerifyResult } from '../interfaces';
+import { IJWTStrategy } from '../interfaces/ jwt.interface';
+export declare class RS256Strategy implements IJWTStrategy {
+    private readonly SECRET_KEY;
+    private readonly PUBLIC_KEY;
+    private static readonly INTERNAL_SEPARATOR;
+    private static readonly JWT_ALG;
+    private static readonly PARTS_LENGTH;
+    constructor(secretKey: string, publicKey: string);
+    generate(payload: IPayload): string;
+    verify(token: string): IVerifyResult;
+    private computeRSA;
+}

package/dist/strategies/rs256.strategy.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RS256Strategy = void 0;
+const crypto_1 = require("crypto");
+const utils_1 = require("../utils");
+class RS256Strategy {
+    SECRET_KEY;
+    PUBLIC_KEY;
+    static INTERNAL_SEPARATOR = '.';
+    static JWT_ALG = 'RSA-SHA256';
+    static PARTS_LENGTH = 3;
+    constructor(secretKey, publicKey) {
+        this.SECRET_KEY = secretKey;
+        this.PUBLIC_KEY = publicKey;
+    }
+    generate(payload) {
+        const header = { alg: RS256Strategy.JWT_ALG, typ: 'JWT' };
+        const headerB64 = (0, utils_1.base64UrlEncode)(JSON.stringify(header));
+        const payloadB64 = (0, utils_1.base64UrlEncode)(JSON.stringify(payload));
+        const serialized = (0, utils_1.serialize)([headerB64, payloadB64], RS256Strategy.INTERNAL_SEPARATOR);
+        const mac = this.computeRSA(serialized);
+        return (0, utils_1.serialize)([serialized, mac], RS256Strategy.INTERNAL_SEPARATOR);
+    }
+    verify(token) {
+        const parts = token.split(RS256Strategy.INTERNAL_SEPARATOR);
+        if (parts.length !== RS256Strategy.PARTS_LENGTH)
+            return { valid: false, reason: 'Invalid format' };
+        const [header64, payload64, mac] = parts;
+        const serialized = (0, utils_1.serialize)([header64, payload64], RS256Strategy.INTERNAL_SEPARATOR);
+        const expectedMac = this.computeRSA(serialized);
+        const verify = (0, crypto_1.createVerify)(RS256Strategy.JWT_ALG).update(serialized);
+        if (!verify.verify(this.PUBLIC_KEY, expectedMac))
+            return { valid: false, reason: 'Invalid signature' };
+        const parsed = JSON.parse((0, utils_1.base64UrlDecode)(payload64));
+        if (!(0, utils_1.isPayload)(parsed))
+            return { valid: false, reason: 'Invalid payload stucture' };
+        const payload = parsed;
+        if (!Number.isFinite(payload.exp))
+            return { valid: false, reason: 'Expired error format' };
+        if ((0, utils_1.now)() > payload.exp)
+            return { valid: false, reason: 'Token is expired' };
+        return { valid: true, payload };
+    }
+    computeRSA(data) {
+        const sign = (0, crypto_1.createSign)(RS256Strategy.JWT_ALG)
+            .update(data)
+            .sign(this.SECRET_KEY);
+        return (0, utils_1.base64UrlEncode)(sign);
+    }
+}
+exports.RS256Strategy = RS256Strategy;

package/dist/utils/checks.d.ts

@@ -0,0 +1,3 @@
+import { IHeader, IPayload } from '../interfaces';
+export declare function isPayload(data: any): data is IPayload;
+export declare function isHeader(data: any): data is IHeader;

package/dist/utils/checks.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isPayload = isPayload;
+exports.isHeader = isHeader;
+function isPayload(data) {
+    return ((typeof data.sub === 'string' || typeof data.sub === 'number') &&
+        typeof data.name === 'string' &&
+        typeof data.iat === 'number' &&
+        typeof data.exp === 'number');
+}
+function isHeader(data) {
+    return typeof data.alg === 'string' && typeof data.typ === 'string';
+}

package/dist/utils/crypto.d.ts

@@ -1 +1,4 @@
+import { Verify } from 'crypto';
 export declare function constantTimeEqual(a: string, b: string): boolean;
+export declare function getVerifyRSA(data: string): Verify;
+export declare function serialize(arr: string[], separator: string): string;

package/dist/utils/crypto.js

@@ -1,6 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.constantTimeEqual = constantTimeEqual;
+exports.getVerifyRSA = getVerifyRSA;
+exports.serialize = serialize;
 const crypto_1 = require("crypto");
 function constantTimeEqual(a, b) {
     const bufA = Buffer.from(a);
@@ -9,3 +11,9 @@ function constantTimeEqual(a, b) {
         return false;
     return (0, crypto_1.timingSafeEqual)(bufA, bufB);
 }
+function getVerifyRSA(data) {
+    return (0, crypto_1.createVerify)('RSA-SHA256').update(data);
+}
+function serialize(arr, separator) {
+    return arr.join(separator);
+}

package/dist/utils/date.d.ts

@@ -0,0 +1 @@
+export declare function now(): number;

package/dist/utils/date.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.now = now;
+function now() {
+    return Math.floor(Date.now() / 1000);
+}

package/dist/utils/index.d.ts

@@ -1,2 +1,5 @@
 export * from './base64';
 export * from './crypto';
+export * from './jwt';
+export * from './date';
+export * from './checks';

package/dist/utils/index.js

@@ -16,3 +16,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./base64"), exports);
 __exportStar(require("./crypto"), exports);
+__exportStar(require("./jwt"), exports);
+__exportStar(require("./date"), exports);
+__exportStar(require("./checks"), exports);

package/dist/utils/jwt.d.ts

@@ -0,0 +1,6 @@
+import { IJWTStrategy } from '../interfaces/ jwt.interface';
+export declare function JwtDecode(token: string): {
+    header: any;
+    payload: any;
+};
+export declare function getStrategy(type: string, secretKey: string, publicKey: string | null): IJWTStrategy;

package/dist/utils/jwt.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtDecode = JwtDecode;
+exports.getStrategy = getStrategy;
+const constants_1 = require("../constants");
+const strategies_1 = require("../strategies");
+const base64_1 = require("./base64");
+function JwtDecode(token) {
+    const [header, payload] = token.split('.');
+    return {
+        header: JSON.parse((0, base64_1.base64UrlDecode)(header)),
+        payload: JSON.parse((0, base64_1.base64UrlDecode)(payload))
+    };
+}
+function getStrategy(type, secretKey, publicKey) {
+    switch (type) {
+        case constants_1.JWTStrategy.HS256:
+            return new strategies_1.HS256Strategy(secretKey);
+        case constants_1.JWTStrategy.RS256:
+            if (!publicKey)
+                throw new Error('For RS256 need Public key');
+            return new strategies_1.RS256Strategy(secretKey, publicKey);
+        default:
+            throw new Error('Undefined strategy');
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@alexdevco/passport",
-	"version": "1.0.3",
+	"version": "1.0.5",
 	"description": "Lightweight AlexDevCo authentication library",
 	"homepage": "https://github.com/alexdevcoru/passport#readme",
 	"bugs": {