@anteros/core 0.0.1-alpha.5 → 0.0.1-alpha.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +1 -1
  2. package/server/api.ts +11 -7
  3. package/server/hono.ts +10 -16
  4. package/utils/func.ts +18 -25
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@anteros/core",
3
3
  "module": "index.ts",
4
- "version": "0.0.1-alpha.5",
4
+ "version": "0.0.1-alpha.8",
5
5
  "type": "module",
6
6
  "description": "Anteros Core",
7
7
  "private": false,
package/server/api.ts CHANGED
@@ -69,6 +69,15 @@ async function checkFileAccess(
69
69
  throw new AppError('Access denied', { status: 401, code: 'ACCESS_DENIED' });
70
70
  }
71
71
 
72
+ // Boolean `true` → allow without requiring a token
73
+ if (typeof rule === 'boolean') {
74
+ if (!rule) {
75
+ throw new AppError(`${operation} not allowed`, { status: 401, code: 'ACCESS_DENIED' });
76
+ }
77
+ return;
78
+ }
79
+
80
+ // Function → requires a valid token
72
81
  const t = c.get('token');
73
82
  const accessToken = { value: t?.value ?? null, decoded: t?.decoded ?? null, provided: t?.provided ?? false, expired: t?.expired ?? false };
74
83
 
@@ -79,13 +88,8 @@ async function checkFileAccess(
79
88
  throw new AppError('Authentication required', { status: 401, code: 'AUTH_REQUIRED' });
80
89
  }
81
90
 
82
- let allowed: boolean;
83
- if (typeof rule === 'function') {
84
- const rest = new useRest({ internal: false, tenant_id });
85
- allowed = await rule({ rest, error: fn.error, jwt: func.jwt, token: accessToken });
86
- } else {
87
- allowed = rule;
88
- }
91
+ const rest = new useRest({ internal: false, tenant_id });
92
+ const allowed = await (rule as Function)({ rest, error: fn.error, jwt: func.jwt, token: accessToken });
89
93
  if (!allowed) {
90
94
  throw new AppError(`${operation} not allowed`, { status: 401, code: 'ACCESS_DENIED' });
91
95
  }
package/server/hono.ts CHANGED
@@ -129,22 +129,16 @@ function createApp(): Hono<{ Variables: HonoVariables }> {
129
129
  })
130
130
  const bearer = c.req.header('Authorization')?.replace('Bearer ', '');
131
131
  if (bearer) {
132
- let tokenData: { value: string | null; decoded: Record<string, unknown> | null; provided: boolean; expired: boolean };
133
- try {
134
- const { value, error } = await jwt.verify(bearer);
135
- const isValid = !error && value != null;
136
- const isExpired = !!error && error.toLowerCase().includes('exp');
137
-
138
- tokenData = {
139
- value: bearer,
140
- decoded: isValid ? (value as Record<string, unknown>) : null,
141
- provided: true,
142
- expired: isExpired || (value != null && typeof (value as any)?.exp === 'number' && (value as any).exp * 1000 < Date.now()),
143
- };
144
- } catch {
145
- // Malformed token — treat as invalid, don't crash
146
- tokenData = { value: null, decoded: null, provided: true, expired: true };
147
- }
132
+ const { value, error } = await jwt.verify(bearer);
133
+ const isValid = !error && value != null;
134
+ const isExpired = !!error && error.toLowerCase().includes('exp');
135
+
136
+ const tokenData = {
137
+ value: bearer,
138
+ decoded: isValid ? (value as Record<string, unknown>) : null,
139
+ provided: true,
140
+ expired: isExpired || (value != null && typeof (value as any)?.exp === 'number' && (value as any).exp * 1000 < Date.now()),
141
+ };
148
142
 
149
143
  requestCtxStorage.set('token', tokenData);
150
144
  c.set('token', tokenData);
package/utils/func.ts CHANGED
@@ -19,29 +19,22 @@ const jwt = {
19
19
  audience?: string | string[];
20
20
  subject?: string;
21
21
  }) => {
22
- try {
23
- let SECRET_ = cfg.server.jwt?.secret || Bun.env.JWT_SECRET
24
- if (!SECRET_) throw new Error('JWT_SECRET is not set');
25
- let EXPIRES_IN = cfg.server.jwt?.expiresIn || '1h'
26
-
27
- const secret = new TextEncoder().encode(SECRET_);
28
- const signer = new Jose.SignJWT(payload)
29
- .setProtectedHeader({ alg: 'HS256' })
30
- .setIssuedAt()
31
- .setExpirationTime(EXPIRES_IN || '1h')
32
-
33
- if (options?.issuer) signer.setIssuer(options.issuer)
34
- if (options?.audience) signer.setAudience(options.audience)
35
- if (options?.subject) signer.setSubject(options.subject)
36
-
37
- const token = await signer.sign(secret);
38
- return token;
39
- } catch (err: any) {
40
- throw new AppError(err?.message || 'Failed to sign token', {
41
- code: 'JWT_SIGN_ERROR',
42
- status: 500,
43
- });
44
- }
22
+ let SECRET_ = cfg.server.jwt?.secret || Bun.env.JWT_SECRET
23
+ if (!SECRET_) throw new Error('JWT_SECRET is not set');
24
+ let EXPIRES_IN = cfg.server.jwt?.expiresIn || '1h'
25
+
26
+ const secret = new TextEncoder().encode(SECRET_);
27
+ const signer = new Jose.SignJWT(payload)
28
+ .setProtectedHeader({ alg: 'HS256' })
29
+ .setIssuedAt()
30
+ .setExpirationTime(EXPIRES_IN || '1h')
31
+
32
+ if (options?.issuer) signer.setIssuer(options.issuer)
33
+ if (options?.audience) signer.setAudience(options.audience)
34
+ if (options?.subject) signer.setSubject(options.subject)
35
+
36
+ const token = await signer.sign(secret);
37
+ return token;
45
38
  },
46
39
  verify: async (token: string): Promise<{ value: Record<string, unknown> | null, error: string | null }> => {
47
40
  try {
@@ -54,10 +47,10 @@ const jwt = {
54
47
  value: payload,
55
48
  error: null
56
49
  }
57
- } catch (err: any) {
50
+ } catch (error) {
58
51
  return {
59
52
  value: null,
60
- error: err instanceof Error ? err.message : String(err)
53
+ error: error instanceof Error ? error.message : 'Invalid token'
61
54
  }
62
55
  }
63
56
  }