@auditauth/node 0.2.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +135 -0
  2. package/dist/index.d.ts +17 -0
  3. package/dist/index.js +27 -0
  4. package/dist/types.d.ts +9 -0
  5. package/dist/types.js +1 -0
  6. package/package.json +52 -0
package/README.md ADDED
@@ -0,0 +1,135 @@
1
+ # @auditauth/node
2
+
3
+ `@auditauth/node` is the AuditAuth SDK for Node.js backends. It verifies
4
+ AuditAuth access tokens with the AuditAuth public key and validates issuer and
5
+ audience claims for your application.
6
+
7
+ ## Install
8
+
9
+ Install the package in your Node.js service.
10
+
11
+ ```bash
12
+ npm install @auditauth/node
13
+ ```
14
+
15
+ ## Verify a bearer token
16
+
17
+ Use `verifyAccessToken()` when you already have a raw JWT string.
18
+
19
+ ```ts
20
+ import { verifyAccessToken } from '@auditauth/node'
21
+
22
+ const payload = await verifyAccessToken({
23
+ token: accessToken,
24
+ appId: process.env.AUDITAUTH_APP_ID!,
25
+ })
26
+
27
+ console.log(payload.sub)
28
+ console.log(payload.email)
29
+ ```
30
+
31
+ The SDK validates:
32
+
33
+ - Signature (`RS256`)
34
+ - Issuer (`iss`) against AuditAuth settings
35
+ - Audience (`aud`) against the `appId` you pass
36
+
37
+ ## Verify an incoming HTTP request
38
+
39
+ Use `verifyRequest()` to extract and validate the `Authorization` header in one
40
+ step.
41
+
42
+ ```ts
43
+ import { verifyRequest } from '@auditauth/node'
44
+
45
+ export async function handler(request: Request) {
46
+ const session = await verifyRequest({
47
+ request,
48
+ appId: process.env.AUDITAUTH_APP_ID!,
49
+ })
50
+
51
+ return Response.json({
52
+ userId: session.sub,
53
+ email: session.email,
54
+ })
55
+ }
56
+ ```
57
+
58
+ `verifyRequest()` accepts these request shapes:
59
+
60
+ - `Request`
61
+ - `{ headers: Headers }`
62
+ - `{ headers: Record<string, string> }`
63
+
64
+ This makes it compatible with native Fetch handlers and common Node.js server
65
+ adapters.
66
+
67
+ ## Express middleware example
68
+
69
+ Use `verifyRequest()` in middleware to protect private routes.
70
+
71
+ ```ts
72
+ import express from 'express'
73
+ import { verifyRequest } from '@auditauth/node'
74
+
75
+ const app = express()
76
+
77
+ app.get('/private', async (req, res) => {
78
+ try {
79
+ const session = await verifyRequest({
80
+ request: { headers: req.headers as Record<string, string> },
81
+ appId: process.env.AUDITAUTH_APP_ID!,
82
+ })
83
+
84
+ res.json({ accountId: session.account_id, email: session.email })
85
+ } catch {
86
+ res.status(401).json({ error: 'Unauthorized' })
87
+ }
88
+ })
89
+ ```
90
+
91
+ ## Token payload type
92
+
93
+ The SDK returns `AuditAuthTokenPayload`, which extends `JWTPayload` and
94
+ includes these AuditAuth claims:
95
+
96
+ - `sub: string`
97
+ - `email: string`
98
+ - `aud: string`
99
+ - `account_id: string`
100
+ - `app_id: string`
101
+
102
+ ## API reference
103
+
104
+ Exports from `@auditauth/node`:
105
+
106
+ - `verifyAccessToken(input): Promise<AuditAuthTokenPayload>`
107
+ - `verifyRequest(input): Promise<AuditAuthTokenPayload>`
108
+ - `AuditAuthTokenPayload` (type)
109
+ - `VerifyAccessTokenPayload` (type)
110
+ - `VerifyRequestParams` (type)
111
+
112
+ ## Errors
113
+
114
+ Verification throws an error when:
115
+
116
+ - The token is missing.
117
+ - The `Authorization` header is missing or not `Bearer <token>`.
118
+ - The JWT signature is invalid.
119
+ - `iss` or `aud` claims do not match expected values.
120
+
121
+ Handle these errors in your framework and return `401 Unauthorized` for failed
122
+ authentication.
123
+
124
+ ## Compatibility
125
+
126
+ This package requires Node.js `>=18.18.0`.
127
+
128
+ ## Resources
129
+
130
+ - Repository: https://github.com/nimibyte/auditauth-sdk
131
+ - Documentation: https://docs.auditauth.com
132
+
133
+ ## License
134
+
135
+ MIT
package/dist/index.d.ts ADDED
@@ -0,0 +1,17 @@
1
+ import { AuditAuthTokenPayload } from './types';
2
+ type VerifyAccessTokenPayload = {
3
+ token: string;
4
+ appId: string;
5
+ };
6
+ declare const verifyAccessToken: ({ token, appId }: VerifyAccessTokenPayload) => Promise<AuditAuthTokenPayload>;
7
+ type VerifyRequestParams = {
8
+ request: Request | {
9
+ headers: Headers;
10
+ } | {
11
+ headers: Record<string, string>;
12
+ };
13
+ appId: string;
14
+ };
15
+ declare const verifyRequest: ({ request, appId }: VerifyRequestParams) => Promise<AuditAuthTokenPayload>;
16
+ export { verifyAccessToken, verifyRequest };
17
+ export type { VerifyRequestParams, VerifyAccessTokenPayload, AuditAuthTokenPayload };
package/dist/index.js ADDED
@@ -0,0 +1,27 @@
1
+ import { importSPKI, jwtVerify } from 'jose';
2
+ import { CORE_SETTINGS } from '@auditauth/core';
3
+ let cachedKey = null;
4
+ const verifyAccessToken = async ({ token, appId }) => {
5
+ if (!token) {
6
+ throw new Error('Missing token');
7
+ }
8
+ if (!cachedKey) {
9
+ cachedKey = await importSPKI(CORE_SETTINGS.jwt_public_key, 'RS256');
10
+ }
11
+ const { payload } = await jwtVerify(token, cachedKey, {
12
+ issuer: CORE_SETTINGS.jwt_issuer,
13
+ audience: appId,
14
+ });
15
+ return payload;
16
+ };
17
+ const verifyRequest = async ({ request, appId }) => {
18
+ const authHeader = request.headers instanceof Headers
19
+ ? request.headers.get('authorization')
20
+ : request.headers['authorization'] || request.headers['Authorization'];
21
+ if (!authHeader || !authHeader?.startsWith('Bearer ')) {
22
+ throw new Error('Missing or invalid Authorization header');
23
+ }
24
+ const token = authHeader.replace('Bearer ', '').trim();
25
+ return verifyAccessToken({ token, appId });
26
+ };
27
+ export { verifyAccessToken, verifyRequest };
package/dist/types.d.ts ADDED
@@ -0,0 +1,9 @@
1
+ import { JWTPayload } from "jose";
2
+ type AuditAuthTokenPayload = JWTPayload & {
3
+ sub: string;
4
+ email: string;
5
+ aud: string;
6
+ account_id: string;
7
+ app_id: string;
8
+ };
9
+ export type { AuditAuthTokenPayload };
package/dist/types.js ADDED
@@ -0,0 +1 @@
1
+ export {};
package/package.json ADDED
@@ -0,0 +1,52 @@
1
+ {
2
+ "name": "@auditauth/node",
3
+ "version": "0.2.0-beta.1",
4
+ "description": "AuditAuth Node SDK - JWT verification",
5
+ "license": "MIT",
6
+ "author": "Nimibyte",
7
+ "engines": {
8
+ "node": ">=18.18.0"
9
+ },
10
+ "repository": {
11
+ "type": "git",
12
+ "url": "https://github.com/nimibyte/auditauth-sdk.git"
13
+ },
14
+ "homepage": "https://docs.auditauth.com",
15
+ "bugs": {
16
+ "url": "https://github.com/nimibyte/auditauth-sdk/issues"
17
+ },
18
+ "keywords": [
19
+ "authentication",
20
+ "auth",
21
+ "oauth",
22
+ "identity",
23
+ "jwt",
24
+ "security",
25
+ "auditauth"
26
+ ],
27
+ "module": "dist/index.js",
28
+ "type": "module",
29
+ "main": "dist/index.js",
30
+ "types": "dist/index.d.ts",
31
+ "files": ["dist"],
32
+ "sideEffects": false,
33
+ "exports": {
34
+ ".": {
35
+ "types": "./dist/index.d.ts",
36
+ "default": "./dist/index.js"
37
+ }
38
+ },
39
+ "scripts": {
40
+ "build": "tsc -p tsconfig.build.json",
41
+ "dev": "tsc -p tsconfig.build.json --watch",
42
+ "clean": "rm -rf dist"
43
+ },
44
+ "dependencies": {
45
+ "jose": "^5.2.0",
46
+ "@auditauth/core": "^0.2.0-beta.1"
47
+ },
48
+ "devDependencies": {
49
+ "@types/node": "^20.11.30",
50
+ "typescript": "^5.4.0"
51
+ }
52
+ }