@authup/server-kit 1.0.0-beta.0

package/dist/index.cjs

@@ -0,0 +1,715 @@
+'use strict';
+
+var bcrypt = require('bcrypt');
+var node_crypto = require('node:crypto');
+var core = require('@authup/core');
+var path = require('node:path');
+var fs = require('node:fs');
+var jsonwebtoken = require('jsonwebtoken');
+var smob = require('smob');
+var redisExtension = require('redis-extension');
+var redisEmitter = require('@socket.io/redis-emitter');
+var http = require('node:http');
+var https = require('node:https');
+var proxyFromEnv = require('proxy-from-env');
+var nodemailer = require('nodemailer');
+
+async function compare(value, hashedValue) {
+    return bcrypt.compare(value, hashedValue);
+}
+
+async function hash(str, saltOrRounds = 10) {
+    return bcrypt.hash(str, saltOrRounds);
+}
+
+/*
+ * Copyright (c) 2022.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */ exports.KeyPairKind = void 0;
+(function(KeyPairKind) {
+    KeyPairKind["PRIVATE"] = "private";
+    KeyPairKind["PUBLIC"] = "public";
+})(exports.KeyPairKind || (exports.KeyPairKind = {}));
+
+function isKeyPair(data) {
+    return core.isObject(data) && typeof data.privateKey !== 'undefined' && typeof data.publicKey !== 'undefined';
+}
+function isKeyPairWithPublicKey(data) {
+    return core.isObject(data) && typeof data.publicKey !== 'undefined';
+}
+
+function extendKeyPairOptions(options) {
+    var _options;
+    options = options ?? {};
+    options.directory = options.directory || process.cwd();
+    options.directory = path.isAbsolute(options.directory) ? options.directory : path.resolve(process.cwd(), options.directory);
+    (_options = options).type ?? (_options.type = 'rsa');
+    if (options.type === 'rsa' || options.type === 'rsa-pss' || options.type === 'dsa') {
+        options.modulusLength = 2048;
+    }
+    if (!options.privateKeyEncoding) {
+        options.privateKeyEncoding = {
+            type: 'pkcs8',
+            format: 'pem'
+        };
+    }
+    if (!options.publicKeyEncoding) {
+        options.publicKeyEncoding = {
+            type: 'spki',
+            format: 'pem'
+        };
+    }
+    if (options.privateKeyEncoding.passphrase && !options.privateKeyEncoding.cipher) {
+        options.privateKeyEncoding.cipher = 'aes-256-cbc';
+    }
+    return options;
+}
+
+function buildKeyFileName(type, context) {
+    const options = extendKeyPairOptions(context);
+    const parts = [];
+    switch(type){
+        case exports.KeyPairKind.PRIVATE:
+            {
+                if (options.privateName) {
+                    parts.push(options.privateName);
+                } else {
+                    parts.push(type);
+                }
+                if (options.privateExtension) {
+                    if (options.privateExtension.startsWith('.')) {
+                        options.privateExtension = options.privateExtension.slice(1);
+                    }
+                    parts.push(options.privateExtension);
+                } else {
+                    parts.push('pem');
+                }
+                break;
+            }
+        case exports.KeyPairKind.PUBLIC:
+            {
+                if (options.publicName) {
+                    parts.push(options.publicName);
+                } else {
+                    parts.push(type);
+                }
+                if (options.publicExtension) {
+                    if (options.publicExtension.startsWith('.')) {
+                        options.publicExtension = options.publicExtension.slice(1);
+                    }
+                    parts.push(options.publicExtension);
+                } else {
+                    parts.push('pem');
+                }
+                break;
+            }
+    }
+    return parts.join('.');
+}
+
+function decryptRSAPrivateKey(context, key) {
+    const privateKey = node_crypto.createPrivateKey({
+        type: context.privateKeyEncoding.type,
+        format: context.privateKeyEncoding.format,
+        key,
+        passphrase: context.privateKeyEncoding.passphrase || context.passphrase
+    });
+    let content = privateKey.export({
+        type: context.privateKeyEncoding.type,
+        format: context.privateKeyEncoding.format
+    });
+    if (typeof content !== 'string') {
+        content = Buffer.from(content).toString('utf-8');
+    }
+    return content;
+}
+
+async function saveKeyPair(keyPair, context) {
+    context = extendKeyPairOptions(context);
+    await fs.promises.mkdir(context.directory, {
+        recursive: true
+    });
+    await Promise.all([
+        {
+            path: path.resolve(context.directory, buildKeyFileName(exports.KeyPairKind.PRIVATE, context)),
+            content: keyPair.privateKey
+        },
+        {
+            path: path.resolve(context.directory, buildKeyFileName(exports.KeyPairKind.PUBLIC, context)),
+            content: keyPair.publicKey
+        }
+    ].map((file)=>fs.promises.writeFile(file.path, file.content)));
+    return keyPair;
+}
+
+async function createKeyPair(context) {
+    const options = extendKeyPairOptions(context);
+    const keyPair = await new Promise((resolve, reject)=>{
+        const callback = (err, publicKey, privateKey)=>{
+            if (err) reject(err);
+            resolve({
+                privateKey,
+                publicKey
+            });
+        };
+        switch(options.type){
+            case 'dsa':
+                node_crypto.generateKeyPair(options.type, options, callback);
+                break;
+            case 'ec':
+                node_crypto.generateKeyPair(options.type, options, callback);
+                break;
+            case 'rsa':
+                node_crypto.generateKeyPair(options.type, options, callback);
+                break;
+            case 'rsa-pss':
+                node_crypto.generateKeyPair(options.type, options, callback);
+                break;
+        }
+    });
+    if (options.save) {
+        await saveKeyPair(keyPair, options);
+    }
+    if (options.passphrase || options.privateKeyEncoding.passphrase) {
+        keyPair.privateKey = decryptRSAPrivateKey(options, keyPair.privateKey);
+    }
+    return keyPair;
+}
+
+async function deleteKeyPair(context) {
+    const options = extendKeyPairOptions(context);
+    const privateKeyPath = path.resolve(options.directory, buildKeyFileName(exports.KeyPairKind.PRIVATE, options));
+    const publicKeyPath = path.resolve(options.directory, buildKeyFileName(exports.KeyPairKind.PUBLIC, options));
+    try {
+        await Promise.all([
+            privateKeyPath,
+            publicKeyPath
+        ].map((filePath)=>fs.promises.stat(filePath)));
+    } catch (e) {
+        return;
+    }
+    await Promise.all([
+        privateKeyPath,
+        publicKeyPath
+    ].map((filePath)=>fs.promises.rm(filePath)));
+}
+
+async function loadKeyPair(context) {
+    const options = extendKeyPairOptions(context);
+    const privateKeyPath = path.resolve(options.directory, buildKeyFileName(exports.KeyPairKind.PRIVATE, options));
+    try {
+        await fs.promises.stat(privateKeyPath);
+    } catch (e) {
+        return undefined;
+    }
+    const privateKeyBuffer = await fs.promises.readFile(privateKeyPath);
+    let privateKey = privateKeyBuffer.toString();
+    if (options.passphrase || options.privateKeyEncoding.passphrase) {
+        privateKey = decryptRSAPrivateKey(options, privateKey);
+    }
+    const publicKeyPath = path.resolve(options.directory, buildKeyFileName(exports.KeyPairKind.PUBLIC, options));
+    let publicKey;
+    try {
+        await fs.promises.stat(publicKeyPath);
+        const publicKeyBuffer = await fs.promises.readFile(publicKeyPath);
+        publicKey = publicKeyBuffer.toString();
+    } catch (e) {
+        const publicKeyObject = node_crypto.createPublicKey({
+            key: privateKey,
+            format: options.privateKeyEncoding.format,
+            type: options.publicKeyEncoding.type
+        });
+        const stringOrBuffer = publicKeyObject.export({
+            format: options.publicKeyEncoding.format,
+            type: options.publicKeyEncoding.type
+        });
+        if (typeof stringOrBuffer !== 'string') {
+            publicKey = stringOrBuffer.toString();
+        } else {
+            publicKey = stringOrBuffer;
+        }
+        if (options.save) {
+            await saveKeyPair({
+                privateKey,
+                publicKey
+            }, options);
+        }
+    }
+    return {
+        privateKey,
+        publicKey
+    };
+}
+
+const keyPairCache = {};
+async function useKeyPair(value) {
+    let options;
+    if (typeof value === 'string') {
+        options = extendKeyPairOptions({
+            privateName: value
+        });
+    } else {
+        options = extendKeyPairOptions(value || {});
+    }
+    if (Object.prototype.hasOwnProperty.call(keyPairCache, options.privateName)) {
+        return keyPairCache[options.privateName];
+    }
+    let keyPair = await loadKeyPair(options);
+    if (typeof keyPair === 'undefined') {
+        keyPair = await createKeyPair(options);
+    }
+    keyPairCache[options.privateName] = keyPair;
+    return keyPair;
+}
+
+function createErrorForJWTError(e) {
+    if (smob.isObject(e) && typeof e.name === 'string') {
+        switch(e.name){
+            case 'TokenExpiredError':
+                {
+                    return core.TokenError.expired();
+                }
+            case 'NotBeforeError':
+                {
+                    if (typeof e.date === 'string' || e.date instanceof Date) {
+                        return core.TokenError.notActiveBefore(e.date);
+                    }
+                    break;
+                }
+            case 'JsonWebTokenError':
+                {
+                    if (typeof e.message === 'string') {
+                        return core.TokenError.payloadInvalid(e.message);
+                    }
+                    break;
+                }
+        }
+    }
+    return new core.TokenError({
+        cause: e,
+        logMessage: true,
+        message: 'The JWT error could not be determined.'
+    });
+}
+
+function decodeToken(token, options) {
+    options ?? (options = {});
+    let output;
+    try {
+        output = jsonwebtoken.decode(token, {
+            ...options
+        });
+    } catch (e) {
+        throw createErrorForJWTError(e);
+    }
+    if (output === null) {
+        throw core.TokenError.payloadInvalid('The token could not be decoded.');
+    }
+    return output;
+}
+
+async function signToken(payload, context) {
+    context.expiresIn = context.expiresIn || 3600;
+    switch(context.type){
+        case core.KeyType.RSA:
+        case core.KeyType.EC:
+            {
+                const { type, keyPair, ...options } = context;
+                const { privateKey } = isKeyPair(keyPair) ? keyPair : await useKeyPair(keyPair);
+                if (type === core.KeyType.RSA) {
+                    options.algorithm = options.algorithm || 'RS256';
+                } else {
+                    options.algorithm = options.algorithm || 'ES256';
+                }
+                return jsonwebtoken.sign(payload, privateKey, options);
+            }
+        case core.KeyType.OCT:
+            {
+                const { type, secret, ...options } = context;
+                options.algorithm = options.algorithm || 'HS256';
+                return jsonwebtoken.sign(payload, secret, options);
+            }
+    }
+    throw new core.TokenError();
+}
+
+async function verifyToken(token, context) {
+    let promise;
+    let output;
+    try {
+        switch(context.type){
+            case core.KeyType.RSA:
+            case core.KeyType.EC:
+                {
+                    const { type, keyPair, ...options } = context;
+                    const { publicKey } = isKeyPairWithPublicKey(keyPair) ? keyPair : await useKeyPair(keyPair);
+                    if (type === core.KeyType.RSA) {
+                        options.algorithms = options.algorithms || [
+                            'RS256',
+                            'RS384',
+                            'RS512',
+                            'PS256',
+                            'PS384',
+                            'PS512'
+                        ];
+                    } else {
+                        options.algorithms = options.algorithms || [
+                            'ES256',
+                            'ES384',
+                            'ES512'
+                        ];
+                    }
+                    promise = new Promise((resolve, reject)=>{
+                        jsonwebtoken.verify(token, publicKey, options, (err, decoded)=>{
+                            if (err) {
+                                reject(err);
+                                return;
+                            }
+                            resolve(decoded);
+                        });
+                    });
+                    break;
+                }
+            case core.KeyType.OCT:
+                {
+                    const { type, secret, ...options } = context;
+                    options.algorithms = options.algorithms || [
+                        'HS256',
+                        'HS384',
+                        'HS512'
+                    ];
+                    promise = new Promise((resolve, reject)=>{
+                        jsonwebtoken.verify(token, secret, options, (err, decoded)=>{
+                            if (err) {
+                                reject(err);
+                                return;
+                            }
+                            resolve(decoded);
+                        });
+                    });
+                }
+        }
+        output = await promise;
+    } catch (e) {
+        throw createErrorForJWTError(e);
+    }
+    if (typeof output === 'undefined') {
+        throw new core.TokenError({
+            message: 'Invalid type.'
+        });
+    }
+    return output;
+}
+
+function transformDomainEventData(input) {
+    if (core.isObject(input)) {
+        const keys = Object.keys(input);
+        for(let i = 0; i < keys.length; i++){
+            const value = input[keys[i]];
+            if (value instanceof Date) {
+                input[keys[i]] = value.toISOString();
+            }
+        }
+    }
+    return input;
+}
+function buildDomainEventChannelName(input, id) {
+    if (typeof input === 'string') {
+        return input;
+    }
+    return input(id);
+}
+
+async function publishDomainRedisEvent(context, destinations) {
+    if (!redisExtension.hasClient() && !redisExtension.hasConfig()) {
+        return Promise.resolve();
+    }
+    context = transformDomainEventData(context);
+    const json = JSON.stringify(context);
+    const client = redisExtension.useClient();
+    const pipeline = client.pipeline();
+    for(let i = 0; i < destinations.length; i++){
+        const { namespace } = destinations[i];
+        const keyPrefix = namespace ? `${namespace}:` : '';
+        let key = keyPrefix + buildDomainEventChannelName(destinations[i].channel);
+        pipeline.publish(key, json);
+        if (context.event !== core.DomainEventName.CREATED && typeof destinations[i].channel === 'function') {
+            key = keyPrefix + buildDomainEventChannelName(destinations[i].channel, context.data.id);
+            pipeline.publish(key, json);
+        }
+    }
+    return pipeline.exec();
+}
+
+let instance$3;
+function useSocketEmitter() {
+    if (typeof instance$3 !== 'undefined') {
+        return instance$3;
+    }
+    instance$3 = new redisEmitter.Emitter(redisExtension.useClient());
+    return instance$3;
+}
+
+function publishDomainSocketEvent(context, destinations) {
+    if (!redisExtension.hasClient() && !redisExtension.hasConfig()) {
+        return;
+    }
+    context = transformDomainEventData(context);
+    for(let i = 0; i < destinations.length; i++){
+        let emitter = useSocketEmitter();
+        if (destinations[i].namespace) {
+            emitter = emitter.of(destinations[i].namespace);
+        }
+        let roomName = buildDomainEventChannelName(destinations[i].channel);
+        const fullEventName = core.buildDomainEventFullName(context.type, context.event);
+        emitter.in(roomName)// eslint-disable-next-line @typescript-eslint/ban-ts-comment
+        // @ts-ignore
+        .emit(fullEventName, {
+            ...context,
+            meta: {
+                roomName
+            }
+        });
+        if (context.event !== core.DomainEventName.CREATED && typeof destinations[i].channel === 'function') {
+            roomName = buildDomainEventChannelName(destinations[i].channel, context.data.id);
+            emitter.in(roomName)// eslint-disable-next-line @typescript-eslint/ban-ts-comment
+            // @ts-ignore
+            .emit(fullEventName, {
+                ...context,
+                meta: {
+                    roomName,
+                    roomId: context.data.id
+                }
+            });
+        }
+    }
+}
+
+async function publishDomainEvent(context, destinations) {
+    await publishDomainRedisEvent(context, destinations);
+    publishDomainSocketEvent(context, destinations);
+}
+
+/*
+ * Copyright (c) 2022.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */ class VoidLogger {
+    error() {
+        return this;
+    }
+    warn() {
+        return this;
+    }
+    info() {
+        return this;
+    }
+    http() {
+        return this;
+    }
+    verbose() {
+        return this;
+    }
+    debug() {
+        return this;
+    }
+}
+
+let instance$2;
+function useLogger() {
+    if (typeof instance$2 !== 'undefined') {
+        return instance$2;
+    }
+    instance$2 = new VoidLogger();
+    return instance$2;
+}
+function setLogger(logger) {
+    instance$2 = logger;
+}
+
+class ProxyClient {
+    /**
+     * Create a http agent for an url.
+     *
+     * @param input
+     */ async createAgent(input) {
+        return new Promise((resolve, reject)=>{
+            const headers = {};
+            if (this.options.user && this.options.password) {
+                headers['Proxy-Authorization'] = `Basic ${Buffer.from(`${this.options.user}:${this.options.password}`).toString('base64')}`;
+            }
+            const urlParsed = new URL(input);
+            const request = http.request({
+                host: this.options.host,
+                port: this.options.port,
+                method: 'CONNECT',
+                path: `${urlParsed.hostname}:443`,
+                headers
+            });
+            request.on('connect', (res, socket)=>{
+                if (res.statusCode >= 200 && res.statusCode < 300) {
+                    resolve(new https.Agent({
+                        socket,
+                        ...this.agentOptions
+                    }));
+                } else {
+                    reject(new Error('Could not connect to proxy!'));
+                }
+            });
+            request.on('error', (err)=>{
+                reject(err);
+            });
+            request.on('timeout', (err)=>{
+                reject(err);
+            });
+            request.end();
+        });
+    }
+    constructor(options, agentOptions){
+        this.options = options;
+        this.agentOptions = smob.merge(agentOptions || {}, {
+            keepAlive: false
+        });
+    }
+}
+
+async function buildHTTPClientConfigForProxy(url) {
+    const connectionString = proxyFromEnv.getProxyForUrl(url);
+    if (connectionString) {
+        const connectionDetails = core.parseProxyConnectionString(connectionString);
+        const proxyClient = new ProxyClient({
+            host: connectionDetails.host,
+            port: connectionDetails.port || 3128,
+            ...connectionDetails.auth.username ? {
+                user: connectionDetails.auth.username
+            } : {},
+            ...connectionDetails.auth.password ? {
+                password: connectionDetails.auth.password
+            } : {}
+        });
+        const agent = await proxyClient.createAgent(url);
+        return {
+            agent
+        };
+    }
+    return {};
+}
+
+/*
+ * Copyright (c) 2022.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */ let instance$1;
+function hasSmtpConfig() {
+    return !!instance$1;
+}
+function setSmtpConfig(value) {
+    instance$1 = value;
+}
+function useSmtpConfig() {
+    if (typeof instance$1 !== 'undefined') {
+        return instance$1;
+    }
+    instance$1 = {};
+    return instance$1;
+}
+
+function createSmtpClient(options) {
+    let transport;
+    options = options || {};
+    if (typeof options === 'string') {
+        transport = nodemailer.createTransport(options);
+    } else if (options.connectionString) {
+        transport = nodemailer.createTransport(options.connectionString);
+    } else {
+        let auth;
+        if (options.user && options.password) {
+            auth = {
+                type: 'login',
+                user: options.user,
+                pass: options.password
+            };
+        }
+        transport = nodemailer.createTransport({
+            host: options.host,
+            port: options.port,
+            auth,
+            secure: options.ssl,
+            opportunisticTLS: options.starttls,
+            tls: {
+                rejectUnauthorized: false
+            }
+        });
+    }
+    transport.on('error', (e)=>{
+        useLogger().error(e.message);
+    });
+    return transport;
+}
+
+let instance;
+async function useSMTPClient() {
+    if (typeof instance !== 'undefined') {
+        return instance;
+    }
+    let options;
+    if (process.env.NODE_ENV === 'test') {
+        const testAccount = await nodemailer.createTestAccount();
+        options = {
+            host: 'smtp.ethereal.email',
+            port: 587,
+            ssl: false,
+            user: testAccount.user,
+            password: testAccount.pass
+        };
+    } else {
+        options = useSmtpConfig();
+    }
+    instance = createSmtpClient(options);
+    return instance;
+}
+
+/*
+ * Copyright (c) 2022.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */ function hasOwnProperty(obj, prop) {
+    return Object.prototype.hasOwnProperty.call(obj, prop);
+}
+
+exports.ProxyClient = ProxyClient;
+exports.VoidLogger = VoidLogger;
+exports.buildHTTPClientConfigForProxy = buildHTTPClientConfigForProxy;
+exports.buildKeyFileName = buildKeyFileName;
+exports.compare = compare;
+exports.createKeyPair = createKeyPair;
+exports.createSmtpClient = createSmtpClient;
+exports.decodeToken = decodeToken;
+exports.decryptRSAPrivateKey = decryptRSAPrivateKey;
+exports.deleteKeyPair = deleteKeyPair;
+exports.extendKeyPairOptions = extendKeyPairOptions;
+exports.hasOwnProperty = hasOwnProperty;
+exports.hasSmtpConfig = hasSmtpConfig;
+exports.hash = hash;
+exports.isKeyPair = isKeyPair;
+exports.isKeyPairWithPublicKey = isKeyPairWithPublicKey;
+exports.loadKeyPair = loadKeyPair;
+exports.publishDomainEvent = publishDomainEvent;
+exports.publishDomainRedisEvent = publishDomainRedisEvent;
+exports.publishDomainSocketEvent = publishDomainSocketEvent;
+exports.saveKeyPair = saveKeyPair;
+exports.setLogger = setLogger;
+exports.setSmtpConfig = setSmtpConfig;
+exports.signToken = signToken;
+exports.useKeyPair = useKeyPair;
+exports.useLogger = useLogger;
+exports.useSMTPClient = useSMTPClient;
+exports.useSmtpConfig = useSmtpConfig;
+exports.useSocketEmitter = useSocketEmitter;
+exports.verifyToken = verifyToken;
+//# sourceMappingURL=index.cjs.map