npm - @carecard/auth-util - Versions diffs - 1.0.0 → 2.0.0 - Mend

@carecard/auth-util 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/coverage/clover.xml +179 -0
package/coverage/coverage-final.json +8 -0
package/coverage/lcov-report/base.css +224 -0
package/coverage/lcov-report/block-navigation.js +87 -0
package/coverage/lcov-report/cryptoUtilAuth.ts.html +418 -0
package/coverage/lcov-report/favicon.png +0 -0
package/coverage/lcov-report/index.html +206 -0
package/coverage/lcov-report/index.ts.html +103 -0
package/coverage/lcov-report/jwtUtilAuth.ts.html +340 -0
package/coverage/lcov-report/keyGen.ts.html +127 -0
package/coverage/lcov-report/prettify.css +1 -0
package/coverage/lcov-report/prettify.js +2 -0
package/coverage/lcov-report/pwdUtilAuth.ts.html +319 -0
package/coverage/lcov-report/sort-arrow-sprite.png +0 -0
package/coverage/lcov-report/sorter.js +210 -0
package/coverage/lcov-report/strEncryptUtil.ts.html +562 -0
package/coverage/lcov-report/stringUtilAuth.ts.html +391 -0
package/coverage/lcov.info +298 -0
package/index.js +29 -0
package/lib/cryptoUtilAuth.js +100 -0
package/lib/jwtUtilAuth.js +81 -0
package/lib/keyGen.js +21 -0
package/lib/pwdUtilAuth.js +71 -0
package/lib/strEncryptUtil.js +113 -0
package/lib/stringUtilAuth.js +119 -0
package/package.json +10 -42

package/index.js ADDED Viewed

@@ -0,0 +1,29 @@
+const pwdUtilAuth = require( './lib/pwdUtilAuth' );
+const jwtUtilAuth = require( './lib/jwtUtilAuth' );
+const strEncryptUtil = require( './lib/strEncryptUtil' );
+const keyGen = require( './lib/keyGen' );
+module.exports = {
+    jwtUtilAuth: {
+        createSignedJwtFromObject: jwtUtilAuth.createSignedJwtFromObject,
+        verifyJwtSignature: jwtUtilAuth.verifyJwtSignature,
+        getHeaderPayloadFromJwt: jwtUtilAuth.getHeaderPayloadFromJwt
+    },
+    pwdUtilAuth: {
+        createPasswordHashWithRandomSalt: pwdUtilAuth.createPasswordHashWithRandomSalt,
+        createPasswordHashBasedOnSavedAlgorithmSalt: pwdUtilAuth.createPasswordHashBasedOnSavedAlgorithmSalt
+    },
+    strEncryptUtil: {
+        encryptByPrivateKey: strEncryptUtil.encryptByPrivateKey,
+        decryptByPublicKey: strEncryptUtil.decryptByPublicKey,
+        encryptByKey: strEncryptUtil.encryptByKey,
+        decryptByKey: strEncryptUtil.decryptByKey
+    },
+    createRsaKeys: keyGen.generateKeyPair,
+    stringUtilAuth: require( './lib/stringUtilAuth' ),
+};

package/lib/cryptoUtilAuth.js ADDED Viewed

@@ -0,0 +1,100 @@
+const crypto = require( "crypto" );
+/**
+ * Signs a token returns signature string
+ * @param token
+ * @param privateKey
+ * @param signingAlgorithm
+ * @returns {string}
+ */
+const createBase64SignatureOfToken = function ( token = '', privateKey, signingAlgorithm ) {
+    const sign = crypto.createSign( signingAlgorithm );
+    sign.write( token );
+    sign.end();
+    return sign.sign( privateKey, 'base64' );
+};
+/**
+ * Verifies the signature returns true or false
+ * @param token
+ * @param signature
+ * @param publicKey
+ * @param signingAlgorithm
+ * @returns {boolean}
+ */
+const verifyBase64SignatureOfToken = function ( token = '', signature, publicKey, signingAlgorithm ) {
+    const verify = crypto.createVerify( signingAlgorithm );
+    verify.update( token );
+    verify.end();
+    return verify.verify( publicKey, signature, 'base64' );
+};
+/**
+ * Creates the hash of given string
+ * @param string
+ * @param secret
+ * @param algorithm
+ * @returns {string}
+ */
+const createHmacBase64 = function ( string = '', secret, algorithm ) {
+    const hmac = crypto.createHmac( algorithm, secret );
+    hmac.update( string );
+    return hmac.digest( 'base64' );
+};
+/**
+ * Create random salt
+ * @returns {string}
+ */
+const createSaltBase64 = () => {
+    const date = new Date().valueOf();
+    const hmac = crypto.createHmac( 'SHA256', date.toString() );
+    hmac.update( date.toString() );
+    return hmac.digest( 'base64' );
+};
+/**
+ * Encrypt given string
+ * @param string
+ * @param salt
+ * @param secret
+ * @param algorithm
+ * @returns {string}
+ */
+const encryptStringAsciiToBase64 = ( string, salt, secret, algorithm ) => {
+    const key = crypto.scryptSync( secret, salt, 24 );
+    const iv = Buffer.alloc( 16, 0 );
+    const cipher = crypto.createCipheriv( algorithm, key, iv );
+    let encrypted = cipher.update( string, 'ascii', 'base64' );
+    encrypted += cipher.final( 'base64' );
+    return encrypted;
+};
+/**
+ * Decrypts given string
+ * @param encryptedString
+ * @param salt
+ * @param secret
+ * @param algorithm
+ * @returns {string}
+ */
+const decryptStringBase64ToAscii = ( encryptedString, salt, secret, algorithm ) => {
+    const key = crypto.scryptSync( secret, salt, 24 );
+    const iv = Buffer.alloc( 16, 0 );
+    const decipher = crypto.createDecipheriv( algorithm, key, iv );
+    let decrypted = decipher.update( encryptedString, 'base64', 'ascii' );
+    decrypted += decipher.final( 'ascii' );
+    return decrypted;
+};
+module.exports = {
+    createBase64SignatureOfToken,
+    verifyBase64SignatureOfToken,
+    createHmacBase64,
+    createSaltBase64,
+    encryptStringAsciiToBase64,
+    decryptStringBase64ToAscii
+};

package/lib/jwtUtilAuth.js ADDED Viewed

@@ -0,0 +1,81 @@
+const stringUtilAuth = require( './stringUtilAuth' );
+const cryptoUtilAuth = require( './cryptoUtilAuth' );
+/**
+ * User supplied header, payload and signature create jwt.
+ * @returns {string|null}
+ * @param headerBase64
+ * @param payloadBase64
+ * @param signatureBase64
+ */
+const _assembleJwt = ( headerBase64, payloadBase64, signatureBase64 ) => {
+    return headerBase64 + "." + payloadBase64 + "." + signatureBase64;
+};
+/**
+ * User supplied header, payload and signature create jwt.
+ * @returns {{payload: *, signature: *, header: *}}
+ * @param jwt
+ */
+const _splitJwtInToHeaderPayloadSignature = ( jwt ) => {
+    return stringUtilAuth.dotConnectedStringToHeaderPayloadSignature( jwt );
+};
+/**
+ * Creates Url safe jwt
+ * @param headerObject
+ * @param payloadObject
+ * @param privateKey
+ * @return {string|null}
+ */
+const createSignedJwtFromObject = ( headerObject, payloadObject, privateKey ) => {
+    try {
+        const algorithm = headerObject.alg;
+        const headerBase64UrlSafe = stringUtilAuth.objectToBase64UrlSafeString( headerObject );
+        const payloadBase64UrlSafe = stringUtilAuth.objectToBase64UrlSafeString( payloadObject );
+        const token = headerBase64UrlSafe + "." + payloadBase64UrlSafe;
+        const signature = cryptoUtilAuth.createBase64SignatureOfToken( token, privateKey, algorithm );
+        const urlSafeSignature = stringUtilAuth.makeStringUrlSafe( signature );
+        return _assembleJwt( headerBase64UrlSafe, payloadBase64UrlSafe, urlSafeSignature );
+    } catch ( error ) {
+        return null;
+    }
+};
+/**
+ * Verify signature of jwt
+ * @param jwt
+ * @param publicKey
+ * @return {boolean}
+ */
+const verifyJwtSignature = ( jwt, publicKey ) => {
+    try {
+        const { header, payload, signature } = _splitJwtInToHeaderPayloadSignature( jwt );
+        const token = header + "." + payload;
+        const headerObject = stringUtilAuth.urlSafeBase64ToObject( header );
+        return cryptoUtilAuth.verifyBase64SignatureOfToken( token, signature, publicKey, headerObject.alg )
+    } catch ( error ) {
+        return false;
+    }
+};
+/**
+ * Returns header and payload object for jwt.
+ * @param jwt
+ * @return {{payload: any, header: any}}
+ */
+const getHeaderPayloadFromJwt = jwt => {
+    const { header, payload, signature } = _splitJwtInToHeaderPayloadSignature( jwt );
+    let headerAscii = stringUtilAuth.base64ToAscii( header );
+    let payloadAscii = stringUtilAuth.base64ToAscii( payload );
+    return { header: JSON.parse( headerAscii ), payload: JSON.parse( payloadAscii ) }
+};
+module.exports = {
+    _assembleJwt,
+    _splitJwtInToHeaderPayloadSignature,
+    createSignedJwtFromObject,
+    verifyJwtSignature,
+    getHeaderPayloadFromJwt
+};

package/lib/keyGen.js ADDED Viewed

@@ -0,0 +1,21 @@
+const {
+    generateKeyPairSync,
+} = require( 'node:crypto' );
+const generateKeyPair = ( modulusLength = 4096 ) => ( generateKeyPairSync( 'rsa', {
+    modulusLength: modulusLength,
+    publicKeyEncoding: {
+        type: 'spki',
+        format: 'pem',
+    },
+    privateKeyEncoding: {
+        type: 'pkcs8',
+        format: 'pem',
+    },
+} ) );
+module.exports = {
+    generateKeyPair
+};

package/lib/pwdUtilAuth.js ADDED Viewed

@@ -0,0 +1,71 @@
+const cryptoUtilAuth = require( './cryptoUtilAuth' );
+const stringUtilAuth = require( './stringUtilAuth' );
+/**
+ * Just assemble password together
+ * @param algorithmBase64
+ * @param hashBase64
+ * @param saltBase64
+ * @return {string}
+ */
+const _assemblePasswordHash = ( algorithmBase64, hashBase64, saltBase64 ) => {
+    return "$1$" + algorithmBase64 + "$" + hashBase64 + "$" + saltBase64 + "$";
+};
+/**
+ * Break password into its parts does not reverse base64 encoding.
+ * @param passwordHashStored
+ * @return {{salt: *, version: *, alg: *, hash: *}}
+ */
+const _disassemblePasswordHash = passwordHashStored => {
+    return stringUtilAuth.dollarSignConnectedStringToAlgorithmHashSalt( passwordHashStored );
+};
+/**
+ * Creates password hash ready to be saved in database.
+ * @param password
+ * @param secret
+ * @param salt
+ * @param algorithm
+ * @return {string}
+ */
+const _createPasswordHash = ( password, secret, salt, algorithm ) => {
+    const algorithmBase64 = stringUtilAuth.asciiToBase64( algorithm );
+    const hashBase64 = cryptoUtilAuth.createHmacBase64( password, secret, algorithm );
+    return _assemblePasswordHash( algorithmBase64, hashBase64, salt );
+};
+/**
+ * Automatically adds random salt.
+ * @param password
+ * @param secret
+ * @param algorithm
+ * @return {string}
+ */
+const createPasswordHashWithRandomSalt = ( password, secret, algorithm ) => {
+    const salt = cryptoUtilAuth.createSaltBase64();
+    return _createPasswordHash( password, secret, salt, algorithm );
+};
+/**
+ * Creates hash based on saved hash in database.
+ * @param password
+ * @param savedPasswordHash
+ * @param secret
+ * @return {string}
+ */
+const createPasswordHashBasedOnSavedAlgorithmSalt = ( password, savedPasswordHash, secret ) => {
+    const { version, alg, hash, salt } = _disassemblePasswordHash( savedPasswordHash );
+    const algorithm = stringUtilAuth.base64ToAscii( alg );
+    return _createPasswordHash( password, secret, salt, algorithm );
+};
+module.exports = {
+    _assemblePasswordHash,
+    _disassemblePasswordHash,
+    _createPasswordHash,
+    createPasswordHashWithRandomSalt,
+    createPasswordHashBasedOnSavedAlgorithmSalt
+}

package/lib/strEncryptUtil.js ADDED Viewed

@@ -0,0 +1,113 @@
+const crypto = require( "crypto" );
+function createKey( key, keyLength = 32 ) {
+    return crypto.scryptSync( key, key, keyLength );
+}
+const encryptByPrivateKey = ( encryptionConfigObj, textToEncrypt ) => {
+    try {
+        const encrypted = crypto.privateEncrypt(
+            encryptionConfigObj.privateKey,
+            Buffer.from( textToEncrypt )
+        );
+        return encrypted.toString( encryptionConfigObj.encryptedTextEncoding );
+    } catch ( error ) {
+        return error.code;
+    }
+};
+const decryptByPublicKey = ( decryptionConfigObj, textToDecrypt ) => {
+    try {
+        const decrypted = crypto.publicDecrypt(
+            decryptionConfigObj.publicKey,
+            Buffer.from(
+                textToDecrypt,
+                decryptionConfigObj.encryptedTextEncoding
+            )
+        );
+        return decrypted.toString( decryptionConfigObj.plainTextEncoding );
+    } catch ( error ) {
+        return error.code;
+    }
+};
+const encryptByKey = ( encryptConfigObj = {}, textToEncrypt ) => {
+    try {
+        const iv = Buffer.alloc( 16, 0 );
+        const cipher = crypto.createCipheriv(
+            encryptConfigObj.cipherAlgorithm,
+            createKey(
+                encryptConfigObj.encryptionKey,
+                encryptConfigObj.keyLength
+            ),
+            iv
+        );
+        let encrypted = cipher.update(
+            textToEncrypt,
+            encryptConfigObj.plainTextEncoding,
+            encryptConfigObj.encryptedTextEncoding
+        );
+        encrypted += cipher.final( encryptConfigObj.encryptedTextEncoding );
+        return encrypted;
+    } catch ( error ) {
+        return error.code;
+    }
+};
+const decryptByKey = ( encryptConfigObj, textToDecrypt ) => {
+    try {
+        const iv = Buffer.alloc( 16, 0 );
+        const decipher = crypto.createDecipheriv(
+            encryptConfigObj.cipherAlgorithm,
+            createKey(
+                encryptConfigObj.encryptionKey,
+                encryptConfigObj.keyLength
+            ),
+            iv
+        );
+        let decrypted = decipher.update(
+            textToDecrypt,
+            encryptConfigObj.encryptedTextEncoding,
+            encryptConfigObj.plainTextEncoding
+        );
+        decrypted += decipher.final( encryptConfigObj.plainTextEncoding );
+        return decrypted;
+    } catch ( error ) {
+        return error.code;
+    }
+};
+module.exports = {
+    encryptByPrivateKey,
+    decryptByPublicKey,
+    encryptByKey,
+    decryptByKey
+}

package/lib/stringUtilAuth.js ADDED Viewed

@@ -0,0 +1,119 @@
+'use strict';
+/**
+ * For incoming jwt token validation, splitting and parsing.
+ * For outgoing jwt token assembling to jwt, make it url safe.
+ */
+/**
+ * Adjusts padding of base64String
+ * @param base64String
+ * @return {*}
+ */
+const adjustBase64Padding = base64String => {
+    while ( base64String.length % 4 ) base64String += '=';
+    return base64String;
+}
+/**
+ * Removes /, + and = from the string
+ * @returns {string}
+ */
+const makeStringUrlSafe = ( urlUnsafeString = '' ) => {
+    return urlUnsafeString
+        .replaceAll( '+', '-' )
+        .replaceAll( '/', '_' )
+        .replaceAll( '=', '' );
+};
+/**
+ * Put back /, + and = into the string
+ * @returns {string}
+ */
+const reverseStringUrlSafe = ( urlSafeString = '' ) => {
+    let myString = urlSafeString
+        .replaceAll( '-', '+' )
+        .replaceAll( '_', '/' );
+    return adjustBase64Padding( myString );
+};
+/**
+ * Encode string to base64 string
+ * @param unCodedString
+ * @returns {string}
+ */
+const asciiToBase64 = ( unCodedString ) => {
+    return Buffer.from( unCodedString ).toString( 'base64' );
+}
+/** Decode string from base64
+ * @param codedString
+ * @returns {string}
+ */
+const base64ToAscii = ( codedString ) => {
+    return Buffer.from( codedString, 'base64' ).toString( 'ascii' );
+}
+/**
+ * Decompose $ connected string and return an object
+ * return null if error
+ * @param passwordHash
+ */
+const dollarSignConnectedStringToAlgorithmHashSalt = ( passwordHash ) => {
+    const splitStringArray = passwordHash.split( '$' );
+    if ( splitStringArray.length !== 6 ) return null;
+    return {
+        version: splitStringArray[ 1 ],
+        alg: splitStringArray[ 2 ],
+        hash: splitStringArray[ 3 ],
+        salt: splitStringArray[ 4 ]
+    };
+}
+/**
+ * Decompose . connected string and return an object with
+ * {header: 'string', payload: 'string', signature: 'string'}
+ * return null if error
+ */
+const dotConnectedStringToHeaderPayloadSignature = ( jwt ) => {
+    const splitJWT = jwt.split( '.' );
+    if ( splitJWT.length !== 3 ) return null;
+    return {
+        header: splitJWT[ 0 ],
+        payload: splitJWT[ 1 ],
+        signature: splitJWT[ 2 ]
+    };
+}
+/**
+ * Turns object into url safe string
+ * @param object
+ * @return {string}
+ */
+const objectToBase64UrlSafeString = object => {
+    let stringAscii = JSON.stringify( object );
+    let base64String = asciiToBase64( stringAscii );
+    return makeStringUrlSafe( base64String );
+};
+/**
+ * Turns base64 into object
+ * @param urlSafeBase64String
+ * @return {any}
+ */
+const urlSafeBase64ToObject = urlSafeBase64String => {
+    let base64String = reverseStringUrlSafe( urlSafeBase64String );
+    let stringAscii = base64ToAscii( base64String );
+    return JSON.parse( stringAscii );
+};
+module.exports = {
+    makeStringUrlSafe,
+    reverseStringUrlSafe,
+    asciiToBase64,
+    base64ToAscii,
+    dollarSignConnectedStringToAlgorithmHashSalt,
+    dotConnectedStringToHeaderPayloadSignature,
+    objectToBase64UrlSafeString,
+    urlSafeBase64ToObject
+};

package/package.json CHANGED Viewed

@@ -1,54 +1,22 @@
 {
   "name": "@carecard/auth-util",
-  "version": "1.0.0",
-  "private": false,
+  "version": "2.0.0",
+  "repository": "https://github.com/CareCard-ca/pkg-auth-util.git",
   "description": "Auth utility functions",
-  "license": "ISC",
-  "author": "PK Singh",
-  "repository": {
-    "type": "git",
-    "url": "git+https:github.com/CareCard-ca/pkg-auth-util.git"
+  "main": "index.js",
+  "scripts": {
+    "test": "export NODE_ENV=test && mocha --watch --recursive"
   },
   "keywords": [
     "auth",
     "utility",
     "cryptology"
   ],
-  "type": "module",
-  "publishConfig": {
-    "access": "public"
-  },
-  "main": "./dist/cjs/index.cjs",
-  "module": "./dist/esm/index.js",
-  "types": "./dist/esm/index.d.ts",
-  "exports": {
-    ".": {
-      "import": "./dist/esm/index.js",
-      "require": "./dist/cjs/index.cjs",
-      "types": "./dist/esm/index.d.ts"
-    }
-  },
-  "files": [
-    "dist"
-  ],
-  "scripts": {
-    "build": "npm run build:esm && npm run build:cjs",
-    "build:esm": "tsc -p tsconfig.esm.json",
-    "build:cjs": "tsc -p tsconfig.cjs.json && node ./scripts/rename-cjs.js",
-    "test": "NODE_NO_WARNINGS=1 jest --coverage",
-    "format": "prettier --write .",
-    "format:check": "prettier --check .",
-    "lint": "eslint",
-    "prepare": "husky"
-  },
+  "author": "CareCard team",
+  "license": "ISC",
   "devDependencies": {
-    "@types/jest": "30.0.0",
-    "eslint": "9.39.2",
-    "husky": "9.1.7",
-    "jest": "30.2.0",
-    "prettier": "3.7.4",
-    "ts-jest": "29.4.6",
-    "typescript": "5.9.3",
-    "typescript-eslint": "8.50.1"
+    "mocha": "10.2.0"
+  },
+  "dependencies": {
   }
 }