@bantis/local-cipher 2.1.0 → 2.3.0

package/dist/angular.js

@@ -23,6 +23,9 @@ const DEFAULT_CONFIG = {
         compressionThreshold: 1024,
         autoCleanup: true,
         cleanupInterval: 60000,
+        enableCache: true,
+        verifyIntegrityOnRead: false,
+        storageEngine: typeof window !== 'undefined' ? window.localStorage : {},
     },
     debug: {
         enabled: false,
@@ -50,6 +53,8 @@ class EncryptionHelper {
         this.baseKey = '';
         this.baseKeyPromise = null;
         this.keyVersion = 1;
+        // Cache para optimización de rendimiento
+        this.keyNameCache = new Map();
         this.config = { ...DEFAULT_CONFIG.encryption, ...config };
         // Load key version from storage
         const storedVersion = localStorage.getItem(EncryptionHelper.KEY_VERSION_KEY);
@@ -112,7 +117,7 @@ class EncryptionHelper {
         // Derivar la clave AES-GCM
         return crypto.subtle.deriveKey({
             name: 'PBKDF2',
-            salt,
+            salt: salt,
             iterations: this.config.iterations,
             hash: EncryptionHelper.HASH_ALGORITHM,
         }, keyMaterial, {
@@ -219,10 +224,16 @@ class EncryptionHelper {
      * @returns Nombre encriptado con prefijo __enc_
      */
     async encryptKey(keyName) {
+        // Optimización: devolver desde cache si existe
+        if (this.keyNameCache.has(keyName)) {
+            return this.keyNameCache.get(keyName);
+        }
         const baseKey = await this.generateBaseKey();
         const combined = keyName + baseKey;
         const hash = await this.hashString(combined);
-        return `__enc_${hash.substring(0, 16)}`;
+        const encryptedKey = `__enc_${hash.substring(0, 16)}`;
+        this.keyNameCache.set(keyName, encryptedKey);
+        return encryptedKey;
     }
     /**
      * Limpia todos los datos encriptados del localStorage
@@ -240,10 +251,11 @@ class EncryptionHelper {
         keysToRemove.forEach(key => localStorage.removeItem(key));
         // Eliminar salt
         localStorage.removeItem(EncryptionHelper.SALT_STORAGE_KEY);
-        // Resetear clave en memoria
+        // Resetear clave en memoria y cache
         this.key = null;
         this.baseKey = '';
         this.baseKeyPromise = null;
+        this.keyNameCache.clear();
     }
     /**
      * Verifica si el navegador soporta Web Crypto API
@@ -394,7 +406,7 @@ class Logger {
             return false;
         return Logger.LOG_LEVELS[level] <= Logger.LOG_LEVELS[this.logLevel];
     }
-    formatMessage(level, message, ...args) {
+    formatMessage(level, message) {
         const timestamp = new Date().toISOString();
         return `[${this.prefix}] [${level.toUpperCase()}] ${timestamp} - ${message}`;
     }
@@ -547,17 +559,37 @@ class NamespacedStorage {
         this.storage = storage;
         this.prefix = `__ns_${namespace}__`;
     }
+    async getIndex() {
+        const indexValue = await this.storage.getItem(`${this.prefix}__index__`);
+        return indexValue ? JSON.parse(indexValue) : [];
+    }
+    async saveToIndex(key) {
+        const index = await this.getIndex();
+        if (!index.includes(key)) {
+            index.push(key);
+            await this.storage.setItem(`${this.prefix}__index__`, JSON.stringify(index));
+        }
+    }
+    async removeFromIndex(key) {
+        const index = await this.getIndex();
+        const newIndex = index.filter(k => k !== key);
+        if (newIndex.length !== index.length) {
+            await this.storage.setItem(`${this.prefix}__index__`, JSON.stringify(newIndex));
+        }
+    }
     /**
      * Set item in this namespace
      */
     async setItem(key, value) {
-        return this.storage.setItem(`${this.prefix}${key}`, value);
+        await this.storage.setItem(`${this.prefix}${key}`, value);
+        await this.saveToIndex(key);
     }
     /**
      * Set item with expiry in this namespace
      */
     async setItemWithExpiry(key, value, options) {
-        return this.storage.setItemWithExpiry(`${this.prefix}${key}`, value, options);
+        await this.storage.setItemWithExpiry(`${this.prefix}${key}`, value, options);
+        await this.saveToIndex(key);
     }
     /**
      * Get item from this namespace
@@ -569,7 +601,8 @@ class NamespacedStorage {
      * Remove item from this namespace
      */
     async removeItem(key) {
-        return this.storage.removeItem(`${this.prefix}${key}`);
+        await this.storage.removeItem(`${this.prefix}${key}`);
+        await this.removeFromIndex(key);
     }
     /**
      * Check if item exists in this namespace
@@ -581,29 +614,17 @@ class NamespacedStorage {
      * Clear all items in this namespace
      */
     async clearNamespace() {
-        const keysToRemove = [];
-        for (let i = 0; i < localStorage.length; i++) {
-            const key = localStorage.key(i);
-            if (key && key.includes(this.prefix)) {
-                keysToRemove.push(key.replace(this.prefix, ''));
-            }
-        }
+        const keysToRemove = await this.getIndex();
         for (const key of keysToRemove) {
-            await this.removeItem(key);
+            await this.storage.removeItem(`${this.prefix}${key}`);
         }
+        await this.storage.removeItem(`${this.prefix}__index__`);
     }
     /**
      * Get all keys in this namespace
      */
     async keys() {
-        const keys = [];
-        for (let i = 0; i < localStorage.length; i++) {
-            const key = localStorage.key(i);
-            if (key && key.includes(this.prefix)) {
-                keys.push(key.replace(this.prefix, ''));
-            }
-        }
-        return keys;
+        return this.getIndex();
     }
 }
 
@@ -626,7 +647,6 @@ async function compress(data) {
         return encoder.encode(data);
     }
     try {
-        const encoder = new TextEncoder();
         const stream = new Blob([data]).stream();
         const compressedStream = stream.pipeThrough(new CompressionStream('gzip'));
         const compressedBlob = await new Response(compressedStream).blob();
@@ -675,6 +695,7 @@ function shouldCompress(data, threshold = 1024) {
 class SecureStorage {
     constructor(config) {
         this.cleanupInterval = null;
+        this.memoryCache = new Map();
         // Merge config with defaults
         this.config = {
             encryption: { ...DEFAULT_CONFIG.encryption, ...config?.encryption },
@@ -756,8 +777,12 @@ class SecureStorage {
             const encryptedKey = await this.encryptionHelper.encryptKey(key);
             // Encrypt the value
             const encryptedValue = await this.encryptionHelper.encrypt(serialized);
-            // Store in localStorage
-            localStorage.setItem(encryptedKey, encryptedValue);
+            // Store in storage
+            this.config.storage.storageEngine.setItem(encryptedKey, encryptedValue);
+            // Update cache
+            if (this.config.storage.enableCache) {
+                this.memoryCache.set(key, { value });
+            }
             this.logger.verbose(`Stored key: ${key}, compressed: ${compressed}, size: ${encryptedValue.length}`);
             this.eventEmitter.emit('encrypted', { key, metadata: { compressed, size: encryptedValue.length } });
             this.logger.timeEnd(`setItem:${key}`);
@@ -765,7 +790,7 @@ class SecureStorage {
         catch (error) {
             this.logger.error(`Error al guardar dato encriptado para ${key}:`, error);
             this.eventEmitter.emit('error', { key, error: error });
-            localStorage.setItem(key, value);
+            this.config.storage.storageEngine.setItem(key, value);
         }
     }
     /**
@@ -818,8 +843,12 @@ class SecureStorage {
             const encryptedKey = await this.encryptionHelper.encryptKey(key);
             // Encrypt the value
             const encryptedValue = await this.encryptionHelper.encrypt(serialized);
-            // Store in localStorage
-            localStorage.setItem(encryptedKey, encryptedValue);
+            // Store in storage
+            this.config.storage.storageEngine.setItem(encryptedKey, encryptedValue);
+            // Update cache
+            if (this.config.storage.enableCache) {
+                this.memoryCache.set(key, { value, expiresAt });
+            }
             this.logger.verbose(`Stored key with expiry: ${key}, expiresAt: ${expiresAt}`);
             this.eventEmitter.emit('encrypted', { key, metadata: { compressed, expiresAt } });
             this.logger.timeEnd(`setItemWithExpiry:${key}`);
@@ -836,16 +865,31 @@ class SecureStorage {
     async getItem(key) {
         this.logger.time(`getItem:${key}`);
         if (!EncryptionHelper.isSupported()) {
-            return localStorage.getItem(key);
+            return this.config.storage.storageEngine.getItem(key);
         }
         try {
+            // Check memory cache first
+            if (this.config.storage.enableCache && this.memoryCache.has(key)) {
+                const cached = this.memoryCache.get(key);
+                if (cached.expiresAt && cached.expiresAt < Date.now()) {
+                    this.logger.info(`Key expired in cache: ${key}`);
+                    await this.removeItem(key);
+                    this.eventEmitter.emit('expired', { key });
+                    this.logger.timeEnd(`getItem:${key}`);
+                    return null;
+                }
+                this.logger.debug(`Retrieved from cache: ${key}`);
+                this.eventEmitter.emit('decrypted', { key });
+                this.logger.timeEnd(`getItem:${key}`);
+                return cached.value;
+            }
             // Encrypt the key
             const encryptedKey = await this.encryptionHelper.encryptKey(key);
             // Get encrypted value
-            let encryptedValue = localStorage.getItem(encryptedKey);
+            let encryptedValue = this.config.storage.storageEngine.getItem(encryptedKey);
             // Backward compatibility: try with plain key
             if (!encryptedValue) {
-                encryptedValue = localStorage.getItem(key);
+                encryptedValue = this.config.storage.storageEngine.getItem(key);
                 if (!encryptedValue) {
                     this.logger.timeEnd(`getItem:${key}`);
                     return null;
@@ -881,8 +925,8 @@ class SecureStorage {
                 this.logger.timeEnd(`getItem:${key}`);
                 return null;
             }
-            // Verify integrity if checksum exists
-            if (storedValue.checksum) {
+            // Verify integrity if checksum exists and configured
+            if (storedValue.checksum && this.config.storage.verifyIntegrityOnRead) {
                 const calculatedChecksum = await this.calculateChecksum(storedValue.value);
                 if (calculatedChecksum !== storedValue.checksum) {
                     this.logger.warn(`Integrity check failed for key: ${key}`);
@@ -900,6 +944,9 @@ class SecureStorage {
                 finalValue = await decompress(new Uint8Array(compressedData));
                 this.eventEmitter.emit('decompressed', { key });
             }
+            if (this.config.storage.enableCache) {
+                this.memoryCache.set(key, { value: finalValue, expiresAt: storedValue.expiresAt });
+            }
             this.eventEmitter.emit('decrypted', { key });
             this.logger.timeEnd(`getItem:${key}`);
             return finalValue;
@@ -908,7 +955,7 @@ class SecureStorage {
             this.logger.error(`Error al recuperar dato encriptado para ${key}:`, error);
             this.eventEmitter.emit('error', { key, error: error });
             // Fallback: try plain key
-            const fallback = localStorage.getItem(key);
+            const fallback = this.config.storage.storageEngine.getItem(key);
             this.logger.timeEnd(`getItem:${key}`);
             return fallback;
         }
@@ -918,19 +965,20 @@ class SecureStorage {
      */
     async removeItem(key) {
         if (!EncryptionHelper.isSupported()) {
-            localStorage.removeItem(key);
+            this.config.storage.storageEngine.removeItem(key);
             return;
         }
         try {
             const encryptedKey = await this.encryptionHelper.encryptKey(key);
-            localStorage.removeItem(encryptedKey);
-            localStorage.removeItem(key); // Remove both versions
+            this.config.storage.storageEngine.removeItem(encryptedKey);
+            this.config.storage.storageEngine.removeItem(key); // Remove both versions
+            this.memoryCache.delete(key);
             this.eventEmitter.emit('deleted', { key });
             this.logger.info(`Removed key: ${key}`);
         }
         catch (error) {
             this.logger.error(`Error al eliminar dato para ${key}:`, error);
-            localStorage.removeItem(key);
+            this.config.storage.storageEngine.removeItem(key);
         }
     }
     /**
@@ -945,6 +993,7 @@ class SecureStorage {
      */
     clear() {
         this.encryptionHelper.clearEncryptedData();
+        this.memoryCache.clear();
         this.eventEmitter.emit('cleared', {});
         this.logger.info('All encrypted data cleared');
     }
@@ -955,21 +1004,28 @@ class SecureStorage {
         this.logger.info('Starting cleanup of expired items...');
         let cleanedCount = 0;
         const keysToCheck = [];
-        for (let i = 0; i < localStorage.length; i++) {
-            const key = localStorage.key(i);
+        for (let i = 0; i < this.config.storage.storageEngine.length; i++) {
+            const key = this.config.storage.storageEngine.key(i);
             if (key && key.startsWith('__enc_')) {
                 keysToCheck.push(key);
             }
         }
         for (const encryptedKey of keysToCheck) {
             try {
-                const encryptedValue = localStorage.getItem(encryptedKey);
+                const encryptedValue = this.config.storage.storageEngine.getItem(encryptedKey);
                 if (!encryptedValue)
                     continue;
                 const decrypted = await this.encryptionHelper.decrypt(encryptedValue);
                 const storedValue = JSON.parse(decrypted);
                 if (storedValue.expiresAt && storedValue.expiresAt < Date.now()) {
-                    localStorage.removeItem(encryptedKey);
+                    this.config.storage.storageEngine.removeItem(encryptedKey);
+                    // Encontrar la clave original en el cache y eliminarla
+                    for (const [cacheKey] of Array.from(this.memoryCache.entries())) {
+                        this.encryptionHelper.encryptKey(cacheKey).then(enc => {
+                            if (enc === encryptedKey)
+                                this.memoryCache.delete(cacheKey);
+                        });
+                    }
                     cleanedCount++;
                     this.eventEmitter.emit('expired', { key: encryptedKey });
                 }
@@ -987,7 +1043,7 @@ class SecureStorage {
     async verifyIntegrity(key) {
         try {
             const encryptedKey = await this.encryptionHelper.encryptKey(key);
-            const encryptedValue = localStorage.getItem(encryptedKey);
+            const encryptedValue = this.config.storage.storageEngine.getItem(encryptedKey);
             if (!encryptedValue)
                 return false;
             const decrypted = await this.encryptionHelper.decrypt(encryptedValue);
@@ -1010,7 +1066,7 @@ class SecureStorage {
     async getIntegrityInfo(key) {
         try {
             const encryptedKey = await this.encryptionHelper.encryptKey(key);
-            const encryptedValue = localStorage.getItem(encryptedKey);
+            const encryptedValue = this.config.storage.storageEngine.getItem(encryptedKey);
             if (!encryptedValue)
                 return null;
             const decrypted = await this.encryptionHelper.decrypt(encryptedValue);
@@ -1093,7 +1149,7 @@ class SecureStorage {
         this.logger.info(`Iniciando migración de ${keys.length} claves...`);
         for (const key of keys) {
             try {
-                const value = localStorage.getItem(key);
+                const value = this.config.storage.storageEngine.getItem(key);
                 if (value === null)
                     continue;
                 // Try to decrypt to check if already encrypted
@@ -1106,7 +1162,7 @@ class SecureStorage {
                     // Not encrypted, proceed with migration
                 }
                 await this.setItem(key, value);
-                localStorage.removeItem(key);
+                this.config.storage.storageEngine.removeItem(key);
                 this.logger.info(`✓ ${key} migrado exitosamente`);
             }
             catch (error) {
@@ -1120,8 +1176,8 @@ class SecureStorage {
      */
     getDebugInfo() {
         const allKeys = [];
-        for (let i = 0; i < localStorage.length; i++) {
-            const key = localStorage.key(i);
+        for (let i = 0; i < this.config.storage.storageEngine.length; i++) {
+            const key = this.config.storage.storageEngine.key(i);
             if (key)
                 allKeys.push(key);
         }
@@ -1155,10 +1211,199 @@ class SecureStorage {
         }
         this.removeAllListeners();
         this.logger.info('SecureStorage destroyed');
+        SecureStorage.instance = null;
     }
 }
 SecureStorage.instance = null;
 
+/**
+ * SecureCookie - API de alto nivel para almacenamiento en cookies cifradas
+ * Soporta opciones de cookies incluyendo domininios/subdominios y compresión.
+ */
+class SecureCookie {
+    constructor(config) {
+        this.config = {
+            encryption: { ...DEFAULT_CONFIG.encryption, ...config?.encryption },
+            cookieOptions: { path: '/', ...config?.cookieOptions },
+            compression: config?.compression ?? true,
+            debug: { ...DEFAULT_CONFIG.debug, ...config?.debug }
+        };
+        this.logger = new Logger(this.config.debug);
+        this.encryptionHelper = new EncryptionHelper(this.config.encryption);
+        this.logger.info('SecureCookie initialized', this.config);
+    }
+    /**
+     * Obtiene la instancia singleton de SecureCookie
+     */
+    static getInstance(config) {
+        if (!SecureCookie.instance) {
+            SecureCookie.instance = new SecureCookie(config);
+        }
+        return SecureCookie.instance;
+    }
+    /**
+     * Serializa las opciones de cookie en un string
+     */
+    serializeOptions(options) {
+        let cookieString = '';
+        if (options.expires) {
+            cookieString += `; expires=${options.expires.toUTCString()}`;
+        }
+        if (options.maxAge) {
+            cookieString += `; max-age=${options.maxAge}`;
+        }
+        if (options.domain) {
+            cookieString += `; domain=${options.domain}`;
+        }
+        if (options.path) {
+            cookieString += `; path=${options.path}`;
+        }
+        if (options.secure) {
+            cookieString += `; secure`;
+        }
+        if (options.sameSite) {
+            cookieString += `; samesite=${options.sameSite}`;
+        }
+        return cookieString;
+    }
+    /**
+     * Guarda un valor encriptado en una cookie
+     */
+    async set(name, value, options) {
+        this.logger.time(`cookie:set:${name}`);
+        if (!EncryptionHelper.isSupported()) {
+            this.logger.warn('Web Crypto API no soportada, guardando cookie sin cifrar');
+            const mergedOptions = { ...this.config.cookieOptions, ...options };
+            document.cookie = `${encodeURIComponent(name)}=${encodeURIComponent(value)}${this.serializeOptions(mergedOptions)}`;
+            return;
+        }
+        try {
+            // Check compression (aggressively compress cookies to save space since max is ~4KB)
+            const shouldCompressData = this.config.compression && shouldCompress(value, 200);
+            let processedValue = value;
+            let metadataPrefix = 'P_'; // P_ = Plain
+            if (shouldCompressData) {
+                this.logger.debug(`Compressing cookie value for: ${name}`);
+                const compressedData = await compress(value);
+                processedValue = this.encryptionHelper['arrayBufferToBase64'](compressedData.buffer);
+                metadataPrefix = 'C_'; // C_ = Compressed
+            }
+            // Encrypt key name
+            const encryptedKey = await this.encryptionHelper.encryptKey(name);
+            // Serialize and Encrypt Value
+            // Adding metadata prefix to avoid bloating value with massive StoredValue JSON headers
+            const encryptedData = await this.encryptionHelper.encrypt(processedValue);
+            const finalValue = metadataPrefix + encryptedData;
+            // Prepare Cookie string
+            const mergedOptions = { ...this.config.cookieOptions, ...options };
+            const cookieOptionsStr = this.serializeOptions(mergedOptions);
+            const cookieString = `${encodeURIComponent(encryptedKey)}=${encodeURIComponent(finalValue)}${cookieOptionsStr}`;
+            // Verificación de tamaño de cookie
+            if (cookieString.length > 4096) {
+                this.logger.warn(`Cookie '${name}' es muy grande (${cookieString.length} bytes). Puede ser rechazada por el navegador.`);
+            }
+            document.cookie = cookieString;
+            this.logger.verbose(`Stored cookie: ${name}`);
+            this.logger.timeEnd(`cookie:set:${name}`);
+        }
+        catch (error) {
+            this.logger.error(`Error al guardar cookie encriptada para ${name}:`, error);
+            // Fallback sin cifrar como último recurso
+            const mergedOptions = { ...this.config.cookieOptions, ...options };
+            document.cookie = `${encodeURIComponent(name)}=${encodeURIComponent(value)}${this.serializeOptions(mergedOptions)}`;
+        }
+    }
+    /**
+     * Pide una cookie por nombre
+     * Retorna el string o null si no existe
+     */
+    getRawCookie(name) {
+        const nameEQ = encodeURIComponent(name) + '=';
+        const ca = document.cookie.split(';');
+        for (let i = 0; i < ca.length; i++) {
+            let c = ca[i];
+            while (c.charAt(0) === ' ')
+                c = c.substring(1, c.length);
+            if (c.indexOf(nameEQ) === 0)
+                return decodeURIComponent(c.substring(nameEQ.length, c.length));
+        }
+        return null;
+    }
+    /**
+     * Recupera y desencripta un valor de cookie
+     */
+    async get(name) {
+        this.logger.time(`cookie:get:${name}`);
+        if (!EncryptionHelper.isSupported()) {
+            return this.getRawCookie(name);
+        }
+        try {
+            // Find encrypted key
+            const encryptedKey = await this.encryptionHelper.encryptKey(name);
+            let rawValue = this.getRawCookie(encryptedKey);
+            if (!rawValue) {
+                // Backward compatibility just in case fallback was used
+                rawValue = this.getRawCookie(name);
+                if (!rawValue) {
+                    this.logger.timeEnd(`cookie:get:${name}`);
+                    return null;
+                }
+            }
+            // Check if it has our metadata prefixes
+            if (!rawValue.startsWith('P_') && !rawValue.startsWith('C_')) {
+                // Podría ser un fallback plano
+                this.logger.timeEnd(`cookie:get:${name}`);
+                return rawValue; // Asumimos que es plano
+            }
+            const isCompressed = rawValue.startsWith('C_');
+            const encryptedData = rawValue.substring(2);
+            // Decrypt
+            const decryptedString = await this.encryptionHelper.decrypt(encryptedData);
+            // Decompress if needed
+            let finalValue = decryptedString;
+            if (isCompressed) {
+                const compressedBuffer = this.encryptionHelper['base64ToArrayBuffer'](decryptedString);
+                finalValue = await decompress(new Uint8Array(compressedBuffer));
+            }
+            this.logger.timeEnd(`cookie:get:${name}`);
+            return finalValue;
+        }
+        catch (error) {
+            this.logger.error(`Error al recuperar cookie encriptada para ${name}:`, error);
+            // Fallback
+            return this.getRawCookie(name);
+        }
+    }
+    /**
+     * Elimina una cookie
+     */
+    async remove(name, options) {
+        const mergedOptions = { ...this.config.cookieOptions, ...options };
+        // Expirar la cookie configurándole una fecha del pasado
+        const expireOptions = {
+            ...mergedOptions,
+            expires: new Date(0),
+            maxAge: 0
+        };
+        if (!EncryptionHelper.isSupported()) {
+            document.cookie = `${encodeURIComponent(name)}=${this.serializeOptions(expireOptions)}`;
+            return;
+        }
+        const encryptedKey = await this.encryptionHelper.encryptKey(name);
+        // Remove encrypted cookie
+        document.cookie = `${encodeURIComponent(encryptedKey)}=${this.serializeOptions(expireOptions)}`;
+        // Also remove plain version just in case
+        document.cookie = `${encodeURIComponent(name)}=${this.serializeOptions(expireOptions)}`;
+    }
+    /**
+     * Limpia la instancia actual (útil para testing o refresco)
+     */
+    destroy() {
+        SecureCookie.instance = null;
+    }
+}
+SecureCookie.instance = null;
+
 const secureStorage$1 = SecureStorage.getInstance();
 /**
  * Función de debug para verificar el estado del sistema de encriptación
@@ -1211,6 +1456,202 @@ async function forceMigration(customKeys) {
     await debugEncryptionState();
 }
 
+/**
+ * PlainStorage - Una interfaz consistente con SecureStorage pero sin cifrado.
+ * Envuelve localStorage o sessionStorage con serialización JSON.
+ */
+class PlainStorage {
+    constructor(storageEngine = typeof window !== 'undefined' ? window.localStorage : {}) {
+        this.storage = storageEngine;
+        this.logger = new Logger({ prefix: 'PlainStorage' });
+    }
+    async set(key, value) {
+        try {
+            const serialized = typeof value === 'string' ? value : JSON.stringify(value);
+            this.storage.setItem(key, serialized);
+        }
+        catch (error) {
+            this.logger.error(`Error saving unencrypted item ${key}:`, error);
+        }
+    }
+    async get(key) {
+        try {
+            const value = this.storage.getItem(key);
+            if (value === null)
+                return null;
+            try {
+                return JSON.parse(value);
+            }
+            catch {
+                return value; // Fallback for plain strings
+            }
+        }
+        catch (error) {
+            this.logger.error(`Error reading unencrypted item ${key}:`, error);
+            return null;
+        }
+    }
+    async remove(key) {
+        this.storage.removeItem(key);
+    }
+    clear() {
+        this.storage.clear();
+    }
+}
+
+/**
+ * Crea una instancia de almacenamiento encriptado.
+ * @param engine 'localStorage' o 'sessionStorage'
+ * @param secretKey Llave secreta opcional para derivación de claves
+ * @param config Configuración adicional opcional
+ * @returns Instancia de SecureStorage
+ */
+function createEncryptedStorage(engine = 'localStorage', secretKey, config) {
+    const defaultEngine = typeof window !== 'undefined'
+        ? (engine === 'sessionStorage' ? window.sessionStorage : window.localStorage)
+        : {};
+    const mergedConfig = {
+        ...config,
+        encryption: {
+            ...config?.encryption,
+            ...(secretKey ? { appIdentifier: secretKey } : {})
+        },
+        storage: {
+            ...config?.storage,
+            storageEngine: defaultEngine
+        }
+    };
+    return SecureStorage.getInstance(mergedConfig);
+}
+/**
+ * Crea una instancia de almacenamiento plano (sin cifrar).
+ * @param engine 'localStorage' o 'sessionStorage'
+ * @returns Instancia de PlainStorage
+ */
+function createPlainStorage(engine = 'localStorage') {
+    const defaultEngine = typeof window !== 'undefined'
+        ? (engine === 'sessionStorage' ? window.sessionStorage : window.localStorage)
+        : {};
+    return new PlainStorage(defaultEngine);
+}
+
+/**
+ * PlainCookie - Una interfaz consistente con SecureCookie pero sin cifrado.
+ */
+class PlainCookie {
+    constructor(defaultOptions) {
+        this.logger = new Logger({ prefix: 'PlainCookie' });
+        this.defaultOptions = { path: '/', ...defaultOptions };
+    }
+    serializeOptions(options) {
+        let cookieString = '';
+        if (options.expires)
+            cookieString += `; expires=${options.expires.toUTCString()}`;
+        if (options.maxAge)
+            cookieString += `; max-age=${options.maxAge}`;
+        if (options.domain)
+            cookieString += `; domain=${options.domain}`;
+        if (options.path)
+            cookieString += `; path=${options.path}`;
+        if (options.secure)
+            cookieString += `; secure`;
+        if (options.sameSite)
+            cookieString += `; samesite=${options.sameSite}`;
+        return cookieString;
+    }
+    async set(name, value, options) {
+        try {
+            const serialized = typeof value === 'string' ? value : JSON.stringify(value);
+            const mergedOptions = { ...this.defaultOptions, ...options };
+            document.cookie = `${encodeURIComponent(name)}=${encodeURIComponent(serialized)}${this.serializeOptions(mergedOptions)}`;
+        }
+        catch (error) {
+            this.logger.error(`Error saving unencrypted cookie ${name}:`, error);
+        }
+    }
+    async get(name) {
+        try {
+            const nameEQ = encodeURIComponent(name) + '=';
+            const ca = document.cookie.split(';');
+            for (let i = 0; i < ca.length; i++) {
+                let c = ca[i];
+                while (c.charAt(0) === ' ')
+                    c = c.substring(1, c.length);
+                if (c.indexOf(nameEQ) === 0) {
+                    const decoded = decodeURIComponent(c.substring(nameEQ.length, c.length));
+                    try {
+                        return JSON.parse(decoded);
+                    }
+                    catch {
+                        return decoded;
+                    }
+                }
+            }
+            return null;
+        }
+        catch (error) {
+            this.logger.error(`Error reading unencrypted cookie ${name}:`, error);
+            return null;
+        }
+    }
+    async remove(name, options) {
+        const mergedOptions = { ...this.defaultOptions, ...options };
+        document.cookie = `${encodeURIComponent(name)}=${this.serializeOptions({ ...mergedOptions, expires: new Date(0), maxAge: 0 })}`;
+    }
+    clearAll() {
+        const cookies = document.cookie.split(';');
+        for (let i = 0; i < cookies.length; i++) {
+            const cookie = cookies[i];
+            const eqPos = cookie.indexOf('=');
+            const name = eqPos > -1 ? cookie.substring(0, eqPos).trim() : cookie.trim();
+            this.remove(decodeURIComponent(name));
+        }
+    }
+}
+
+/**
+ * Crea una instancia de manejador de cookies encriptadas.
+ * @param secretKey Llave secreta opcional para derivación de claves
+ * @param domain Dominio opcional (incluir punto inicial para subdominios ej. '.dominio.com')
+ * @param config Configuración adicional opcional
+ * @returns Instancia de SecureCookie
+ */
+function createEncryptedCookieManager(secretKey, domain, config) {
+    const mergedConfig = {
+        ...config,
+        encryption: {
+            ...config?.encryption,
+            ...(secretKey ? { appIdentifier: secretKey } : {})
+        },
+        cookieOptions: {
+            ...config?.cookieOptions,
+            ...(domain ? { domain } : {})
+        }
+    };
+    return SecureCookie.getInstance(mergedConfig);
+}
+/**
+ * Crea una instancia de manejador de cookies plano (sin cifrar).
+ * @param defaultOptions Opciones por defecto para las cookies (ej. domain)
+ * @returns Instancia de PlainCookie
+ */
+function createPlainCookieManager(defaultOptions) {
+    return new PlainCookie(defaultOptions);
+}
+
+/**
+ * Instancia predeterminada de almacenamiento local (sin cifrar).
+ */
+const localStore = createPlainStorage('localStorage');
+/**
+ * Instancia predeterminada de almacenamiento de sesión (sin cifrar).
+ */
+const sessionStore = createPlainStorage('sessionStorage');
+/**
+ * Instancia predeterminada de gestor de cookies (sin cifrar).
+ */
+const cookies = createPlainCookieManager();
+
 /**
  * @bantis/local-cipher - Core Module
  * Framework-agnostic client-side encryption for browser storage
@@ -1220,8 +1661,9 @@ async function forceMigration(customKeys) {
  */
 // Core classes
 const secureStorage = SecureStorage.getInstance();
+const secureCookie = SecureCookie.getInstance();
 // Version
-const VERSION = '2.1.0';
+const VERSION = '2.2.0';
 
 /******************************************************************************
 Copyright (c) Microsoft Corporation.
@@ -1476,7 +1918,7 @@ let SecureStorageService = (() => {
          * @returns Observable con el objeto parseado o null
          */
         getObject(key) {
-            return this.getItem(key).pipe(operators.map(value => value ? JSON.parse(value) : null), operators.catchError(() => rxjs.from([null])));
+            return this.getItem(key).pipe(operators.map((value) => value ? JSON.parse(value) : null), operators.catchError(() => rxjs.from([null])));
         }
         /**
          * Registra un listener para un tipo de evento específico
@@ -1500,7 +1942,7 @@ let SecureStorageService = (() => {
          * @returns Observable con eventos del tipo especificado
          */
         onEvent$(eventType) {
-            return this.events$.pipe(operators.map(event => event.type === eventType ? event : null), operators.map(event => event));
+            return this.events$.pipe(operators.map((event) => event.type === eventType ? event : null), operators.map((event) => event));
         }
     };
     __setFunctionName(_classThis, "SecureStorageService");
@@ -1514,6 +1956,50 @@ let SecureStorageService = (() => {
     return _classThis;
 })();
 
+let StorageService = (() => {
+    let _classDecorators = [core.Injectable({
+            providedIn: 'root'
+        })];
+    let _classDescriptor;
+    let _classExtraInitializers = [];
+    let _classThis;
+    _classThis = class {
+        constructor() {
+            /** Acceso directo a localStorage sin cifrar */
+            this.local = localStore;
+            /** Acceso directo a sessionStorage sin cifrar */
+            this.session = sessionStore;
+            /** Acceso directo a cookies sin cifrar */
+            this.cookies = cookies;
+        }
+        /**
+         * Crea una instancia de almacenamiento sincronizado y cifrado
+         * @param engine local o session storage
+         * @param secretKey Llave de cifrado
+         */
+        createEncryptedStorage(engine, secretKey) {
+            return createEncryptedStorage(engine, secretKey);
+        }
+        /**
+         * Crea un gestor de cookies cifradas
+         * @param secretKey Llave de cifrado
+         * @param domain Configuración de subdominios
+         */
+        createEncryptedCookieManager(secretKey, domain) {
+            return createEncryptedCookieManager(secretKey, domain);
+        }
+    };
+    __setFunctionName(_classThis, "StorageService");
+    (() => {
+        const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(null) : void 0;
+        __esDecorate(null, _classDescriptor = { value: _classThis }, _classDecorators, { kind: "class", name: _classThis.name, metadata: _metadata }, null, _classExtraInitializers);
+        _classThis = _classDescriptor.value;
+        if (_metadata) Object.defineProperty(_classThis, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
+        __runInitializers(_classThis, _classExtraInitializers);
+    })();
+    return _classThis;
+})();
+
 exports.DEFAULT_CONFIG = DEFAULT_CONFIG;
 exports.EncryptionHelper = EncryptionHelper;
 exports.EventEmitter = EventEmitter;
@@ -1521,15 +2007,27 @@ exports.KeyRotation = KeyRotation;
 exports.LIBRARY_VERSION = LIBRARY_VERSION;
 exports.Logger = Logger;
 exports.NamespacedStorage = NamespacedStorage;
+exports.PlainCookie = PlainCookie;
+exports.PlainStorage = PlainStorage;
 exports.STORAGE_VERSION = STORAGE_VERSION;
+exports.SecureCookie = SecureCookie;
 exports.SecureStorage = SecureStorage;
 exports.SecureStorageService = SecureStorageService;
+exports.StorageService = StorageService;
 exports.VERSION = VERSION;
 exports.compress = compress;
+exports.cookies = cookies;
+exports.createEncryptedCookieManager = createEncryptedCookieManager;
+exports.createEncryptedStorage = createEncryptedStorage;
+exports.createPlainCookieManager = createPlainCookieManager;
+exports.createPlainStorage = createPlainStorage;
 exports.debugEncryptionState = debugEncryptionState;
 exports.decompress = decompress;
 exports.forceMigration = forceMigration;
 exports.isCompressionSupported = isCompressionSupported;
+exports.localStore = localStore;
+exports.secureCookie = secureCookie;
 exports.secureStorage = secureStorage;
+exports.sessionStore = sessionStore;
 exports.shouldCompress = shouldCompress;
 //# sourceMappingURL=angular.js.map