@aura-stack/jose 0.1.0-rc.1 → 0.2.0

package/dist/assert.cjs

@@ -0,0 +1,69 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/assert.ts
+var assert_exports = {};
+__export(assert_exports, {
+  isAuraJoseError: () => isAuraJoseError,
+  isFalsy: () => isFalsy,
+  isInvalidPayload: () => isInvalidPayload,
+  isInvalidSecretError: () => isInvalidSecretError,
+  isObject: () => isObject
+});
+module.exports = __toCommonJS(assert_exports);
+
+// src/errors.ts
+var AuraJoseError = class extends Error {
+  static code = "ERR_AURA_JOSE_ERROR";
+  code;
+  constructor(message, options) {
+    super(message, options);
+    this.name = new.target.name;
+    this.code = new.target.code;
+    Error.captureStackTrace(this, new.target);
+  }
+};
+var InvalidSecretError = class extends AuraJoseError {
+  static code = "ERR_INVALID_SECRET";
+};
+
+// src/assert.ts
+var isAuraJoseError = (error) => {
+  return error instanceof AuraJoseError;
+};
+var isInvalidSecretError = (error) => {
+  return error instanceof InvalidSecretError;
+};
+var isFalsy = (value) => {
+  return value === null || value === void 0 || value === false || value === 0 || value === "" || Number.isNaN(value);
+};
+var isObject = (value) => {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+};
+var isInvalidPayload = (payload) => {
+  return isFalsy(payload) || !isObject(payload) || typeof payload === "object" && payload !== null && !Array.isArray(payload) && Object.keys(payload).length === 0;
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  isAuraJoseError,
+  isFalsy,
+  isInvalidPayload,
+  isInvalidSecretError,
+  isObject
+});

package/dist/assert.d.ts

@@ -0,0 +1,9 @@
+import { AuraJoseError, InvalidSecretError } from './errors.js';
+
+declare const isAuraJoseError: (error: unknown) => error is AuraJoseError;
+declare const isInvalidSecretError: (error: unknown) => error is InvalidSecretError;
+declare const isFalsy: (value: unknown) => boolean;
+declare const isObject: (value: unknown) => value is Record<string, unknown>;
+declare const isInvalidPayload: (payload: unknown) => boolean;
+
+export { isAuraJoseError, isFalsy, isInvalidPayload, isInvalidSecretError, isObject };

package/dist/assert.js

@@ -0,0 +1,15 @@
+import {
+  isAuraJoseError,
+  isFalsy,
+  isInvalidPayload,
+  isInvalidSecretError,
+  isObject
+} from "./chunk-ZHFHDRQH.js";
+import "./chunk-BMXFAB6Q.js";
+export {
+  isAuraJoseError,
+  isFalsy,
+  isInvalidPayload,
+  isInvalidSecretError,
+  isObject
+};

package/dist/chunk-BMXFAB6Q.js

@@ -0,0 +1,47 @@
+// src/errors.ts
+var AuraJoseError = class extends Error {
+  static code = "ERR_AURA_JOSE_ERROR";
+  code;
+  constructor(message, options) {
+    super(message, options);
+    this.name = new.target.name;
+    this.code = new.target.code;
+    Error.captureStackTrace(this, new.target);
+  }
+};
+var JWTEncodingError = class extends AuraJoseError {
+  static code = "ERR_JWT_ENCODING";
+};
+var JWTDecodingError = class extends AuraJoseError {
+  static code = "ERR_JWT_DECODING";
+};
+var InvalidPayloadError = class extends AuraJoseError {
+  static code = "ERR_INVALID_PAYLOAD";
+};
+var JWSVerificationError = class extends AuraJoseError {
+  static code = "ERR_JWS_VERIFICATION";
+};
+var JWSSigningError = class extends AuraJoseError {
+  static code = "ERR_JWS_SIGNING";
+};
+var JWEDecryptionError = class extends AuraJoseError {
+  static code = "ERR_JWE_DECRYPTION";
+};
+var JWEEncryptionError = class extends AuraJoseError {
+  static code = "ERR_JWE_ENCRYPTION";
+};
+var InvalidSecretError = class extends AuraJoseError {
+  static code = "ERR_INVALID_SECRET";
+};
+
+export {
+  AuraJoseError,
+  JWTEncodingError,
+  JWTDecodingError,
+  InvalidPayloadError,
+  JWSVerificationError,
+  JWSSigningError,
+  JWEDecryptionError,
+  JWEEncryptionError,
+  InvalidSecretError
+};

package/dist/chunk-GXM4P5MQ.js

@@ -0,0 +1,31 @@
+import {
+  isObject
+} from "./chunk-ZHFHDRQH.js";
+import {
+  InvalidSecretError
+} from "./chunk-BMXFAB6Q.js";
+
+// src/secret.ts
+var createSecret = (secret) => {
+  if (secret === void 0) throw new InvalidSecretError("Secret is required");
+  if (typeof secret === "string") {
+    if (new TextEncoder().encode(secret).byteLength < 32) {
+      throw new InvalidSecretError("Secret string must be at least 32 characters long");
+    }
+    return new Uint8Array(Buffer.from(secret, "utf-8"));
+  }
+  return secret;
+};
+var getSecrets = (secret) => {
+  const jwsSecret = isObject(secret) && "jws" in secret ? secret.jws : secret;
+  const jweSecret = isObject(secret) && "jwe" in secret ? secret.jwe : secret;
+  return {
+    jwsSecret,
+    jweSecret
+  };
+};
+
+export {
+  createSecret,
+  getSecrets
+};

package/dist/{chunk-ODRHALUH.js → chunk-K5BQTFSO.js}

@@ -1,6 +1,6 @@
 import {
   createSecret
-} from "./chunk-M4WAOCIJ.js";
+} from "./chunk-GXM4P5MQ.js";
 
 // src/deriveKey.ts
 import { hkdfSync } from "crypto";

package/dist/chunk-VPFE27PW.js

@@ -0,0 +1,58 @@
+import {
+  createSecret
+} from "./chunk-GXM4P5MQ.js";
+import {
+  isAuraJoseError,
+  isFalsy
+} from "./chunk-ZHFHDRQH.js";
+import {
+  InvalidPayloadError,
+  JWEDecryptionError,
+  JWEEncryptionError
+} from "./chunk-BMXFAB6Q.js";
+
+// src/encrypt.ts
+import crypto from "crypto";
+import { EncryptJWT, jwtDecrypt } from "jose";
+var encryptJWE = async (payload, secret, options) => {
+  try {
+    if (isFalsy(payload)) {
+      throw new InvalidPayloadError("The payload must be a non-empty string");
+    }
+    const secretKey = createSecret(secret);
+    const jti = crypto.randomBytes(32).toString("base64url");
+    return new EncryptJWT({ payload }).setProtectedHeader({ alg: "dir", enc: "A256GCM", typ: "JWT", cty: "JWT" }).setIssuedAt().setNotBefore(options?.nbf ?? "0s").setExpirationTime(options?.exp ?? "15d").setJti(jti).encrypt(secretKey);
+  } catch (error) {
+    if (isAuraJoseError(error)) {
+      throw error;
+    }
+    throw new JWEEncryptionError("JWE encryption failed", { cause: error });
+  }
+};
+var decryptJWE = async (token, secret, options) => {
+  try {
+    if (isFalsy(token)) {
+      throw new InvalidPayloadError("The token must be a non-empty string");
+    }
+    const secretKey = createSecret(secret);
+    const { payload } = await jwtDecrypt(token, secretKey, options);
+    return payload.payload;
+  } catch (error) {
+    if (isAuraJoseError(error)) {
+      throw error;
+    }
+    throw new JWEDecryptionError("JWE decryption verification failed", { cause: error });
+  }
+};
+var createJWE = (secret) => {
+  return {
+    encryptJWE: (payload, options) => encryptJWE(payload, secret, options),
+    decryptJWE: (payload, options) => decryptJWE(payload, secret, options)
+  };
+};
+
+export {
+  encryptJWE,
+  decryptJWE,
+  createJWE
+};

package/dist/chunk-ZHDED44B.js

@@ -0,0 +1,59 @@
+import {
+  createSecret
+} from "./chunk-GXM4P5MQ.js";
+import {
+  isAuraJoseError,
+  isFalsy,
+  isInvalidPayload
+} from "./chunk-ZHFHDRQH.js";
+import {
+  InvalidPayloadError,
+  JWSSigningError,
+  JWSVerificationError
+} from "./chunk-BMXFAB6Q.js";
+
+// src/sign.ts
+import crypto from "crypto";
+import { jwtVerify, SignJWT } from "jose";
+var signJWS = async (payload, secret) => {
+  try {
+    if (isInvalidPayload(payload)) {
+      throw new InvalidPayloadError("The payload must be a non-empty object");
+    }
+    const secretKey = createSecret(secret);
+    const jti = crypto.randomBytes(32).toString("base64url");
+    return new SignJWT(payload).setProtectedHeader({ alg: "HS256", typ: "JWT" }).setIssuedAt().setNotBefore(payload.nbf ?? "0s").setExpirationTime(payload.exp ?? "15d").setJti(jti).sign(secretKey);
+  } catch (error) {
+    if (isAuraJoseError(error)) {
+      throw error;
+    }
+    throw new JWSSigningError("JWS signing failed", { cause: error });
+  }
+};
+var verifyJWS = async (token, secret, options) => {
+  try {
+    if (isFalsy(token)) {
+      throw new InvalidPayloadError("The token must be a non-empty string");
+    }
+    const secretKey = createSecret(secret);
+    const { payload } = await jwtVerify(token, secretKey, options);
+    return payload;
+  } catch (error) {
+    if (isAuraJoseError(error)) {
+      throw error;
+    }
+    throw new JWSVerificationError("JWS signature verification failed", { cause: error });
+  }
+};
+var createJWS = (secret) => {
+  return {
+    signJWS: (payload) => signJWS(payload, secret),
+    verifyJWS: (payload, options) => verifyJWS(payload, secret, options)
+  };
+};
+
+export {
+  signJWS,
+  verifyJWS,
+  createJWS
+};

package/dist/chunk-ZHFHDRQH.js

@@ -0,0 +1,29 @@
+import {
+  AuraJoseError,
+  InvalidSecretError
+} from "./chunk-BMXFAB6Q.js";
+
+// src/assert.ts
+var isAuraJoseError = (error) => {
+  return error instanceof AuraJoseError;
+};
+var isInvalidSecretError = (error) => {
+  return error instanceof InvalidSecretError;
+};
+var isFalsy = (value) => {
+  return value === null || value === void 0 || value === false || value === 0 || value === "" || Number.isNaN(value);
+};
+var isObject = (value) => {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+};
+var isInvalidPayload = (payload) => {
+  return isFalsy(payload) || !isObject(payload) || typeof payload === "object" && payload !== null && !Array.isArray(payload) && Object.keys(payload).length === 0;
+};
+
+export {
+  isAuraJoseError,
+  isInvalidSecretError,
+  isFalsy,
+  isObject,
+  isInvalidPayload
+};

package/dist/deriveKey.cjs

@@ -26,12 +26,27 @@ __export(deriveKey_exports, {
 module.exports = __toCommonJS(deriveKey_exports);
 var import_node_crypto = require("crypto");
 
+// src/errors.ts
+var AuraJoseError = class extends Error {
+  static code = "ERR_AURA_JOSE_ERROR";
+  code;
+  constructor(message, options) {
+    super(message, options);
+    this.name = new.target.name;
+    this.code = new.target.code;
+    Error.captureStackTrace(this, new.target);
+  }
+};
+var InvalidSecretError = class extends AuraJoseError {
+  static code = "ERR_INVALID_SECRET";
+};
+
 // src/secret.ts
 var createSecret = (secret) => {
-  if (secret === void 0) throw new Error("Secret is required");
+  if (secret === void 0) throw new InvalidSecretError("Secret is required");
   if (typeof secret === "string") {
     if (new TextEncoder().encode(secret).byteLength < 32) {
-      throw new Error("Secret string must be at least 32 characters long");
+      throw new InvalidSecretError("Secret string must be at least 32 characters long");
     }
     return new Uint8Array(Buffer.from(secret, "utf-8"));
   }

package/dist/deriveKey.js

@@ -1,8 +1,10 @@
 import {
   createDeriveKey,
   deriveKey
-} from "./chunk-ODRHALUH.js";
-import "./chunk-M4WAOCIJ.js";
+} from "./chunk-K5BQTFSO.js";
+import "./chunk-GXM4P5MQ.js";
+import "./chunk-ZHFHDRQH.js";
+import "./chunk-BMXFAB6Q.js";
 export {
   createDeriveKey,
   deriveKey

package/dist/encrypt.cjs

@@ -38,12 +38,44 @@ module.exports = __toCommonJS(encrypt_exports);
 var import_node_crypto = __toESM(require("crypto"), 1);
 var import_jose = require("jose");
 
+// src/errors.ts
+var AuraJoseError = class extends Error {
+  static code = "ERR_AURA_JOSE_ERROR";
+  code;
+  constructor(message, options) {
+    super(message, options);
+    this.name = new.target.name;
+    this.code = new.target.code;
+    Error.captureStackTrace(this, new.target);
+  }
+};
+var InvalidPayloadError = class extends AuraJoseError {
+  static code = "ERR_INVALID_PAYLOAD";
+};
+var JWEDecryptionError = class extends AuraJoseError {
+  static code = "ERR_JWE_DECRYPTION";
+};
+var JWEEncryptionError = class extends AuraJoseError {
+  static code = "ERR_JWE_ENCRYPTION";
+};
+var InvalidSecretError = class extends AuraJoseError {
+  static code = "ERR_INVALID_SECRET";
+};
+
+// src/assert.ts
+var isAuraJoseError = (error) => {
+  return error instanceof AuraJoseError;
+};
+var isFalsy = (value) => {
+  return value === null || value === void 0 || value === false || value === 0 || value === "" || Number.isNaN(value);
+};
+
 // src/secret.ts
 var createSecret = (secret) => {
-  if (secret === void 0) throw new Error("Secret is required");
+  if (secret === void 0) throw new InvalidSecretError("Secret is required");
   if (typeof secret === "string") {
     if (new TextEncoder().encode(secret).byteLength < 32) {
-      throw new Error("Secret string must be at least 32 characters long");
+      throw new InvalidSecretError("Secret string must be at least 32 characters long");
     }
     return new Uint8Array(Buffer.from(secret, "utf-8"));
   }
@@ -51,24 +83,40 @@ var createSecret = (secret) => {
 };
 
 // src/encrypt.ts
-var encryptJWE = async (payload, secret) => {
-  const secretKey = createSecret(secret);
-  const jti = import_node_crypto.default.randomBytes(32).toString("base64");
-  return new import_jose.EncryptJWT({ token: payload }).setProtectedHeader({ alg: "dir", enc: "A256GCM", typ: "JWT", cty: "JWT" }).setIssuedAt().setNotBefore("0s").setExpirationTime("15d").setJti(jti).encrypt(secretKey);
+var encryptJWE = async (payload, secret, options) => {
+  try {
+    if (isFalsy(payload)) {
+      throw new InvalidPayloadError("The payload must be a non-empty string");
+    }
+    const secretKey = createSecret(secret);
+    const jti = import_node_crypto.default.randomBytes(32).toString("base64url");
+    return new import_jose.EncryptJWT({ payload }).setProtectedHeader({ alg: "dir", enc: "A256GCM", typ: "JWT", cty: "JWT" }).setIssuedAt().setNotBefore(options?.nbf ?? "0s").setExpirationTime(options?.exp ?? "15d").setJti(jti).encrypt(secretKey);
+  } catch (error) {
+    if (isAuraJoseError(error)) {
+      throw error;
+    }
+    throw new JWEEncryptionError("JWE encryption failed", { cause: error });
+  }
 };
-var decryptJWE = async (token, secret) => {
+var decryptJWE = async (token, secret, options) => {
   try {
+    if (isFalsy(token)) {
+      throw new InvalidPayloadError("The token must be a non-empty string");
+    }
     const secretKey = createSecret(secret);
-    const { payload } = await (0, import_jose.jwtDecrypt)(token, secretKey);
-    return payload.token;
+    const { payload } = await (0, import_jose.jwtDecrypt)(token, secretKey, options);
+    return payload.payload;
   } catch (error) {
-    throw new Error("Invalid JWE", { cause: error });
+    if (isAuraJoseError(error)) {
+      throw error;
+    }
+    throw new JWEDecryptionError("JWE decryption verification failed", { cause: error });
   }
 };
 var createJWE = (secret) => {
   return {
-    encryptJWE: (payload) => encryptJWE(payload, secret),
-    decryptJWE: (payload) => decryptJWE(payload, secret)
+    encryptJWE: (payload, options) => encryptJWE(payload, secret, options),
+    decryptJWE: (payload, options) => decryptJWE(payload, secret, options)
   };
 };
 // Annotate the CommonJS export names for ESM import in node:

package/dist/encrypt.d.ts

@@ -1,3 +1,3 @@
-export { EncryptedPayload, createJWE, decryptJWE, encryptJWE } from './index.js';
+export { JWTDecryptOptions } from 'jose';
+export { EncryptOptions, EncryptedPayload, createJWE, decryptJWE, encryptJWE } from './index.js';
 import 'node:crypto';
-import 'jose';

package/dist/encrypt.js

@@ -2,8 +2,10 @@ import {
   createJWE,
   decryptJWE,
   encryptJWE
-} from "./chunk-T7MMDRY3.js";
-import "./chunk-M4WAOCIJ.js";
+} from "./chunk-VPFE27PW.js";
+import "./chunk-GXM4P5MQ.js";
+import "./chunk-ZHFHDRQH.js";
+import "./chunk-BMXFAB6Q.js";
 export {
   createJWE,
   decryptJWE,

package/dist/errors.cjs

@@ -0,0 +1,79 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/errors.ts
+var errors_exports = {};
+__export(errors_exports, {
+  AuraJoseError: () => AuraJoseError,
+  InvalidPayloadError: () => InvalidPayloadError,
+  InvalidSecretError: () => InvalidSecretError,
+  JWEDecryptionError: () => JWEDecryptionError,
+  JWEEncryptionError: () => JWEEncryptionError,
+  JWSSigningError: () => JWSSigningError,
+  JWSVerificationError: () => JWSVerificationError,
+  JWTDecodingError: () => JWTDecodingError,
+  JWTEncodingError: () => JWTEncodingError
+});
+module.exports = __toCommonJS(errors_exports);
+var AuraJoseError = class extends Error {
+  static code = "ERR_AURA_JOSE_ERROR";
+  code;
+  constructor(message, options) {
+    super(message, options);
+    this.name = new.target.name;
+    this.code = new.target.code;
+    Error.captureStackTrace(this, new.target);
+  }
+};
+var JWTEncodingError = class extends AuraJoseError {
+  static code = "ERR_JWT_ENCODING";
+};
+var JWTDecodingError = class extends AuraJoseError {
+  static code = "ERR_JWT_DECODING";
+};
+var InvalidPayloadError = class extends AuraJoseError {
+  static code = "ERR_INVALID_PAYLOAD";
+};
+var JWSVerificationError = class extends AuraJoseError {
+  static code = "ERR_JWS_VERIFICATION";
+};
+var JWSSigningError = class extends AuraJoseError {
+  static code = "ERR_JWS_SIGNING";
+};
+var JWEDecryptionError = class extends AuraJoseError {
+  static code = "ERR_JWE_DECRYPTION";
+};
+var JWEEncryptionError = class extends AuraJoseError {
+  static code = "ERR_JWE_ENCRYPTION";
+};
+var InvalidSecretError = class extends AuraJoseError {
+  static code = "ERR_INVALID_SECRET";
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AuraJoseError,
+  InvalidPayloadError,
+  InvalidSecretError,
+  JWEDecryptionError,
+  JWEEncryptionError,
+  JWSSigningError,
+  JWSVerificationError,
+  JWTDecodingError,
+  JWTEncodingError
+});

package/dist/errors.d.ts

@@ -0,0 +1,34 @@
+/**
+ * @todo: add link attribute to docs when available
+ */
+declare class AuraJoseError extends Error {
+    static code: string;
+    readonly code: string;
+    constructor(message?: string, options?: ErrorOptions);
+}
+declare class JWTEncodingError extends AuraJoseError {
+    static code: string;
+}
+declare class JWTDecodingError extends AuraJoseError {
+    static code: string;
+}
+declare class InvalidPayloadError extends AuraJoseError {
+    static code: string;
+}
+declare class JWSVerificationError extends AuraJoseError {
+    static code: string;
+}
+declare class JWSSigningError extends AuraJoseError {
+    static code: string;
+}
+declare class JWEDecryptionError extends AuraJoseError {
+    static code: string;
+}
+declare class JWEEncryptionError extends AuraJoseError {
+    static code: string;
+}
+declare class InvalidSecretError extends AuraJoseError {
+    static code: string;
+}
+
+export { AuraJoseError, InvalidPayloadError, InvalidSecretError, JWEDecryptionError, JWEEncryptionError, JWSSigningError, JWSVerificationError, JWTDecodingError, JWTEncodingError };

package/dist/errors.js

@@ -0,0 +1,22 @@
+import {
+  AuraJoseError,
+  InvalidPayloadError,
+  InvalidSecretError,
+  JWEDecryptionError,
+  JWEEncryptionError,
+  JWSSigningError,
+  JWSVerificationError,
+  JWTDecodingError,
+  JWTEncodingError
+} from "./chunk-BMXFAB6Q.js";
+export {
+  AuraJoseError,
+  InvalidPayloadError,
+  InvalidSecretError,
+  JWEDecryptionError,
+  JWEEncryptionError,
+  JWSSigningError,
+  JWSVerificationError,
+  JWTDecodingError,
+  JWTEncodingError
+};