@carecard/auth-util 1.0.0

package/dist/esm/strEncryptUtil.js

@@ -0,0 +1,97 @@
+// src/strEncryptUtil.ts
+import * as crypto from 'crypto';
+/**
+ * Derive a key using scrypt.
+ */
+export function createKey(key, keyLength = 32) {
+    // scryptSync returns a Buffer
+    return crypto.scryptSync(key, key, keyLength);
+}
+/* --------------------------------------------------
+ * Helpers
+ * -------------------------------------------------- */
+function getErrorCodeOrFallback(error) {
+    // Safely narrow 'unknown' to read 'code' when available
+    if (typeof error === 'object' &&
+        error !== null &&
+        'code' in error &&
+        typeof error.code === 'string') {
+        return error.code;
+    }
+    if (error instanceof Error) {
+        // You can return message or name; using name keeps it short
+        return `ERROR:${error.name}`;
+    }
+    return 'UNKNOWN_ERROR';
+}
+/* --------------------------------------------------
+ * Asymmetric Encryption (RSA or similar)
+ * -------------------------------------------------- */
+/**
+ * Encrypts text using a private key, returning an encoded cipher text string.
+ * On error, returns a code string if present, otherwise a fallback.
+ */
+export const encryptByPrivateKey = (encryptionConfigObj, textToEncrypt) => {
+    try {
+        const encrypted = crypto.privateEncrypt(encryptionConfigObj.privateKey, Buffer.from(textToEncrypt, 'utf8'));
+        return encrypted.toString(encryptionConfigObj.encryptedTextEncoding);
+    }
+    catch (error) {
+        return getErrorCodeOrFallback(error);
+    }
+};
+/**
+ * Decrypts text using a public key, returning a plain text string.
+ * On error, returns a code string if present, otherwise a fallback.
+ */
+export const decryptByPublicKey = (decryptionConfigObj, textToDecrypt) => {
+    try {
+        const decrypted = crypto.publicDecrypt(decryptionConfigObj.publicKey, Buffer.from(textToDecrypt, decryptionConfigObj.encryptedTextEncoding));
+        return decrypted.toString(decryptionConfigObj.plainTextEncoding);
+    }
+    catch (error) {
+        return getErrorCodeOrFallback(error);
+    }
+};
+/* --------------------------------------------------
+ * Symmetric Encryption (AES or similar)
+ * -------------------------------------------------- */
+/**
+ * Encrypts text using a symmetric algorithm and derived key, returning an encoded cipher string.
+ * On error, returns a code string if present, otherwise a fallback.
+ *
+ * NOTE: This uses a zero IV (Buffer.alloc(16, 0)) which is generally **not recommended** for production.
+ * Prefer a random IV per encryption and prepend/append it to the output for decryption.
+ */
+export const encryptByKey = (encryptConfigObj, textToEncrypt) => {
+    try {
+        const iv = Buffer.alloc(16, 0); // ⚠️ consider using a random IV for security
+        const key = createKey(encryptConfigObj.encryptionKey, encryptConfigObj.keyLength);
+        const cipher = crypto.createCipheriv(encryptConfigObj.cipherAlgorithm, key, iv);
+        let encrypted = cipher.update(textToEncrypt, encryptConfigObj.plainTextEncoding, encryptConfigObj.encryptedTextEncoding);
+        encrypted += cipher.final(encryptConfigObj.encryptedTextEncoding);
+        return encrypted;
+    }
+    catch (error) {
+        return getErrorCodeOrFallback(error);
+    }
+};
+/**
+ * Decrypts a cipher string using a symmetric algorithm and derived key,
+ * returning the plain text string. On error, returns a code string or fallback.
+ *
+ * NOTE: Must use the same IV that was used during encryption. Here it assumes a zero IV.
+ */
+export const decryptByKey = (encryptConfigObj, textToDecrypt) => {
+    try {
+        const iv = Buffer.alloc(16, 0); // ⚠️ must match the IV used in encryptByKey
+        const key = createKey(encryptConfigObj.encryptionKey, encryptConfigObj.keyLength);
+        const decipher = crypto.createDecipheriv(encryptConfigObj.cipherAlgorithm, key, iv);
+        let decrypted = decipher.update(textToDecrypt, encryptConfigObj.encryptedTextEncoding, encryptConfigObj.plainTextEncoding);
+        decrypted += decipher.final(encryptConfigObj.plainTextEncoding);
+        return decrypted;
+    }
+    catch (error) {
+        return getErrorCodeOrFallback(error);
+    }
+};

package/dist/esm/stringUtilAuth.d.ts

@@ -0,0 +1,64 @@
+/**
+ * For incoming jwt token validation, splitting and parsing.
+ * For outgoing jwt token assembling to jwt, make it url safe.
+ */
+/**
+ * Adjusts padding of base64String
+ * @param base64String
+ * @return {*}
+ */
+export declare const adjustBase64Padding: (base64String: string) => string;
+/**
+ * Removes /, + and = from the string
+ * @returns {string}
+ */
+export declare const makeStringUrlSafe: (urlUnsafeString?: string) => string;
+/**
+ * Put back /, + and = into the string
+ * @returns {string}
+ */
+export declare const reverseStringUrlSafe: (urlSafeString?: string) => string;
+/**
+ * Encode string to base64 string
+ * @param unCodedString
+ * @returns {string}
+ */
+export declare const asciiToBase64: (unCodedString: string) => string;
+/** Decode string from base64
+ * @param codedString
+ * @returns {string}
+ */
+export declare const base64ToAscii: (codedString: string) => string;
+/**
+ * Decompose $ connected string and return an object
+ * return null if error
+ * @param passwordHash
+ */
+export declare const dollarSignConnectedStringToAlgorithmHashSalt: (passwordHash: string) => {
+    version: string;
+    alg: string;
+    hash: string;
+    salt: string;
+} | null;
+/**
+ * Decompose . connected string and return an object with
+ * {header: 'string', payload: 'string', signature: 'string'}
+ * return null if error
+ */
+export declare const dotConnectedStringToHeaderPayloadSignature: (jwt: string) => {
+    header: string;
+    payload: string;
+    signature: string;
+} | null;
+/**
+ * Turns object into url safe string
+ * @param object
+ * @return {string}
+ */
+export declare const objectToBase64UrlSafeString: (object: any) => string;
+/**
+ * Turns base64 into object
+ * @param urlSafeBase64String
+ * @return {any}
+ */
+export declare const urlSafeBase64ToObject: (urlSafeBase64String: string) => any;

package/dist/esm/stringUtilAuth.js

@@ -0,0 +1,96 @@
+'use strict';
+/**
+ * For incoming jwt token validation, splitting and parsing.
+ * For outgoing jwt token assembling to jwt, make it url safe.
+ */
+/**
+ * Adjusts padding of base64String
+ * @param base64String
+ * @return {*}
+ */
+export const adjustBase64Padding = (base64String) => {
+    while (base64String.length % 4)
+        base64String += '=';
+    return base64String;
+};
+/**
+ * Removes /, + and = from the string
+ * @returns {string}
+ */
+export const makeStringUrlSafe = (urlUnsafeString = '') => {
+    return urlUnsafeString.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+};
+/**
+ * Put back /, + and = into the string
+ * @returns {string}
+ */
+export const reverseStringUrlSafe = (urlSafeString = '') => {
+    let myString = urlSafeString.replace(/-/g, '+').replace(/_/g, '/');
+    return adjustBase64Padding(myString);
+};
+/**
+ * Encode string to base64 string
+ * @param unCodedString
+ * @returns {string}
+ */
+export const asciiToBase64 = (unCodedString) => {
+    return Buffer.from(unCodedString).toString('base64');
+};
+/** Decode string from base64
+ * @param codedString
+ * @returns {string}
+ */
+export const base64ToAscii = (codedString) => {
+    return Buffer.from(codedString, 'base64').toString('ascii');
+};
+/**
+ * Decompose $ connected string and return an object
+ * return null if error
+ * @param passwordHash
+ */
+export const dollarSignConnectedStringToAlgorithmHashSalt = (passwordHash) => {
+    const splitStringArray = passwordHash.split('$');
+    if (splitStringArray.length !== 6)
+        return null;
+    return {
+        version: splitStringArray[1],
+        alg: splitStringArray[2],
+        hash: splitStringArray[3],
+        salt: splitStringArray[4],
+    };
+};
+/**
+ * Decompose . connected string and return an object with
+ * {header: 'string', payload: 'string', signature: 'string'}
+ * return null if error
+ */
+export const dotConnectedStringToHeaderPayloadSignature = (jwt) => {
+    const splitJWT = jwt.split('.');
+    if (splitJWT.length !== 3)
+        return null;
+    return {
+        header: splitJWT[0],
+        payload: splitJWT[1],
+        signature: splitJWT[2],
+    };
+};
+/**
+ * Turns object into url safe string
+ * @param object
+ * @return {string}
+ */
+export const objectToBase64UrlSafeString = (object) => {
+    let stringAscii = JSON.stringify(object);
+    let base64String = asciiToBase64(stringAscii);
+    return makeStringUrlSafe(base64String);
+};
+/**
+ * Turns base64 into object
+ * @param urlSafeBase64String
+ * @return {any}
+ */
+export const urlSafeBase64ToObject = (urlSafeBase64String) => {
+    let base64String = reverseStringUrlSafe(urlSafeBase64String);
+    let stringAscii = base64ToAscii(base64String);
+    return JSON.parse(stringAscii);
+};

package/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "@carecard/auth-util",
+  "version": "1.0.0",
+  "private": false,
+  "description": "Auth utility functions",
+  "license": "ISC",
+  "author": "PK Singh",
+  "repository": {
+    "type": "git",
+    "url": "git+https:github.com/CareCard-ca/pkg-auth-util.git"
+  },
+  "keywords": [
+    "auth",
+    "utility",
+    "cryptology"
+  ],
+  "type": "module",
+  "publishConfig": {
+    "access": "public"
+  },
+  "main": "./dist/cjs/index.cjs",
+  "module": "./dist/esm/index.js",
+  "types": "./dist/esm/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/esm/index.js",
+      "require": "./dist/cjs/index.cjs",
+      "types": "./dist/esm/index.d.ts"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "npm run build:esm && npm run build:cjs",
+    "build:esm": "tsc -p tsconfig.esm.json",
+    "build:cjs": "tsc -p tsconfig.cjs.json && node ./scripts/rename-cjs.js",
+    "test": "NODE_NO_WARNINGS=1 jest --coverage",
+    "format": "prettier --write .",
+    "format:check": "prettier --check .",
+    "lint": "eslint",
+    "prepare": "husky"
+  },
+  "devDependencies": {
+    "@types/jest": "30.0.0",
+    "eslint": "9.39.2",
+    "husky": "9.1.7",
+    "jest": "30.2.0",
+    "prettier": "3.7.4",
+    "ts-jest": "29.4.6",
+    "typescript": "5.9.3",
+    "typescript-eslint": "8.50.1"
+  }
+}

package/readme.md

@@ -0,0 +1,51 @@
+# Auth utilities class
+
+## Main Functionality
+
+This is a collection of utility functions for use in authentication
+
+### Main functions
+
+```js
+const { jwtUtilAuth, pwdUtilAuth } = require( '@chatpta/auth-util' );
+```
+
+Create jwt
+
+```js
+const headerObject = {
+    alg: "SHA256", // Mendatory acceptable algorithm
+    ...
+};
+
+const payloadObject = {
+    ...
+};
+
+const jwt = jwtUtilAuth.createSignedJwtFromObject( headerObject, payloadObject, privateKey );
+```
+
+Verify jwt signature returns ```true``` or ```false```
+
+```js
+const isVerified = jwtUtilAuth.verifyJwtSignature( jwt, publicKey );
+```
+
+Get header and payload object from jwt.
+
+```js
+const { header, payload } = jwtUtilAuth.getHeaderPayloadFromJwt( jwt );
+```
+
+Create password hash to save in database
+
+```js
+const hash = pwdUtilAuth.createPasswordHashWithRandomSalt( password, secret, algorithm );
+```
+
+Create another password hash based on saved hash to compare.
+
+```js
+const hashForLogin = pwdUtilAuth.createPasswordHashBasedOnSavedAlgorithmSalt( passwordForLogin, savedPasswordHash, secret );
+```
+