npm - @anysoftinc/anydb-sdk - Versions diffs - 0.4.0 → 0.5.0 - Mend

@anysoftinc/anydb-sdk 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -214,6 +214,36 @@ export default NextAuth({
 });
 ```
+## Auth Helpers (Server-side)
+Issue AnyDB-compatible HS256 tokens and normalize subjects consistently across apps:
+```ts
+import { createServiceTokenProvider, signFromSessionClaims } from "@anysoftinc/anydb-sdk/auth";
+// 1) Service token provider (e.g., for adapters/bootstrap)
+const getServiceToken = createServiceTokenProvider({
+  secret: process.env.JWT_SECRET!,
+  storageAlias: "dev",
+  dbName: "app",
+  iss: "my-app-service",
+  ttlSeconds: 3600,
+});
+// Use with DatomicClient
+// new DatomicClient({ baseUrl, getAuthToken: getServiceToken })
+// 2) Per-user token from NextAuth claims (re-signs JWS for AnyDB)
+const token = signFromSessionClaims({
+  claims: nextAuthClaims, // from next-auth/jwt getToken()
+  secret: process.env.JWT_SECRET!,
+  storageAlias: "dev",
+  dbName: "app",
+  iss: "my-app-auth",
+  ttlSeconds: 900,
+});
+```
 ## Error Handling
 The SDK provides detailed error information:

package/dist/auth.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+export interface SignAnyDBTokenOptions {
+    secret: string;
+    sub: string;
+    aud: string;
+    iss?: string;
+    ttlSeconds?: number;
+    iat?: number;
+}
+export declare function signAnyDBToken(opts: SignAnyDBTokenOptions): string;
+export interface ServiceTokenProviderOptions {
+    secret: string;
+    storageAlias: string;
+    dbName: string;
+    iss?: string;
+    ttlSeconds?: number;
+    sub?: string;
+}
+export declare function createServiceTokenProvider(opts: ServiceTokenProviderOptions): () => string;
+export interface SignFromSessionClaimsOptions {
+    claims: Record<string, any>;
+    secret: string;
+    storageAlias: string;
+    dbName: string;
+    iss?: string;
+    ttlSeconds?: number;
+}
+export declare function signFromSessionClaims(opts: SignFromSessionClaimsOptions): string;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAsBA,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,qBAAqB,GAAG,MAAM,CAgBlE;AAKD,MAAM,WAAW,2BAA2B;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,wBAAgB,0BAA0B,CACxC,IAAI,EAAE,2BAA2B,GAChC,MAAM,MAAM,CAQd;AAED,MAAM,WAAW,4BAA4B;IAC3C,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,qBAAqB,CACnC,IAAI,EAAE,4BAA4B,GACjC,MAAM,CAUR"}

package/dist/auth.js ADDED Viewed

@@ -0,0 +1,52 @@
+// Auth utilities for issuing AnyDB-compatible JWS tokens and normalizing subjects
+// Server-only: depends on Node's crypto for HMAC-SHA256
+import { createHmac } from "crypto";
+function base64url(input) {
+    const buf = Buffer.isBuffer(input) ? input : Buffer.from(input);
+    return buf
+        .toString("base64")
+        .replace(/=/g, "")
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_");
+}
+function hmacSha256(data, secret) {
+    return createHmac("sha256", secret).update(data).digest();
+}
+function nowSeconds() {
+    return Math.floor(Date.now() / 1000);
+}
+export function signAnyDBToken(opts) {
+    const iat = opts.iat ?? nowSeconds();
+    const exp = iat + (opts.ttlSeconds ?? 15 * 60);
+    const header = { alg: "HS256", typ: "JWT" };
+    const payload = {
+        sub: opts.sub,
+        aud: opts.aud,
+        iss: opts.iss || "anydb-sdk",
+        iat,
+        exp,
+    };
+    const hB64 = base64url(JSON.stringify(header));
+    const pB64 = base64url(JSON.stringify(payload));
+    const signingInput = `${hB64}.${pB64}`;
+    const sig = base64url(hmacSha256(signingInput, opts.secret));
+    return `${signingInput}.${sig}`;
+}
+export function createServiceTokenProvider(opts) {
+    const iss = opts.iss || "anydb-sdk-service";
+    const ttl = opts.ttlSeconds ?? 60 * 60;
+    const aud = `${opts.storageAlias}/${opts.dbName}`;
+    const sub = opts.sub || "[:db/ident :anydb.system.v1/subject]";
+    return () => signAnyDBToken({ secret: opts.secret, sub, aud, iss, ttlSeconds: ttl });
+}
+export function signFromSessionClaims(opts) {
+    const iss = opts.iss || "anydb-sdk-auth";
+    const ttl = opts.ttlSeconds ?? 15 * 60;
+    const aud = `${opts.storageAlias}/${opts.dbName}`;
+    const rawSub = opts.claims?.sub;
+    if (typeof rawSub !== "string" || !rawSub.trim()) {
+        throw new Error("Invalid session: missing or invalid 'sub' in claims");
+    }
+    const sub = rawSub;
+    return signAnyDBToken({ secret: opts.secret, sub, aud, iss, ttlSeconds: ttl });
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@anysoftinc/anydb-sdk",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "description": "AnyDB TypeScript SDK for querying and transacting with Datomic databases",
   "main": "dist/client.js",
   "types": "dist/client.d.ts",
@@ -15,6 +15,11 @@
       "require": "./dist/client.js",
       "types": "./dist/client.d.ts"
     },
+    "./auth": {
+      "import": "./dist/auth.js",
+      "require": "./dist/auth.js",
+      "types": "./dist/auth.d.ts"
+    },
     "./nextauth-adapter": {
       "import": "./dist/nextauth-adapter.js",
       "require": "./dist/nextauth-adapter.js",