@carecard/auth-util 2.0.0 → 3.0.0

package/dist/cjs/strEncryptUtil.d.ts

@@ -1,46 +0,0 @@
-import * as crypto from 'crypto';
-/**
- * Derive a key using scrypt.
- */
-export declare function createKey(key: crypto.BinaryLike, keyLength?: number): Buffer;
-export interface EncryptionConfig {
-    privateKey: string | Buffer | crypto.KeyObject;
-    encryptedTextEncoding: BufferEncoding;
-}
-export interface DecryptionConfig {
-    publicKey: string | Buffer | crypto.KeyObject;
-    encryptedTextEncoding: BufferEncoding;
-    plainTextEncoding: BufferEncoding;
-}
-export interface SymmetricCryptoConfig {
-    cipherAlgorithm: string;
-    encryptionKey: crypto.BinaryLike;
-    keyLength: number;
-    plainTextEncoding: BufferEncoding;
-    encryptedTextEncoding: BufferEncoding;
-}
-/**
- * Encrypts text using a private key, returning an encoded cipher text string.
- * On error, returns a code string if present, otherwise a fallback.
- */
-export declare const encryptByPrivateKey: (encryptionConfigObj: EncryptionConfig, textToEncrypt: string) => string;
-/**
- * Decrypts text using a public key, returning a plain text string.
- * On error, returns a code string if present, otherwise a fallback.
- */
-export declare const decryptByPublicKey: (decryptionConfigObj: DecryptionConfig, textToDecrypt: string) => string;
-/**
- * Encrypts text using a symmetric algorithm and derived key, returning an encoded cipher string.
- * On error, returns a code string if present, otherwise a fallback.
- *
- * NOTE: This uses a zero IV (Buffer.alloc(16, 0)) which is generally **not recommended** for production.
- * Prefer a random IV per encryption and prepend/append it to the output for decryption.
- */
-export declare const encryptByKey: (encryptConfigObj: SymmetricCryptoConfig, textToEncrypt: string) => string;
-/**
- * Decrypts a cipher string using a symmetric algorithm and derived key,
- * returning the plain text string. On error, returns a code string or fallback.
- *
- * NOTE: Must use the same IV that was used during encryption. Here it assumes a zero IV.
- */
-export declare const decryptByKey: (encryptConfigObj: SymmetricCryptoConfig, textToDecrypt: string) => string;

package/dist/cjs/stringUtilAuth.cjs

@@ -1,107 +0,0 @@
-'use strict';
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.urlSafeBase64ToObject = exports.objectToBase64UrlSafeString = exports.dotConnectedStringToHeaderPayloadSignature = exports.dollarSignConnectedStringToAlgorithmHashSalt = exports.base64ToAscii = exports.asciiToBase64 = exports.reverseStringUrlSafe = exports.makeStringUrlSafe = exports.adjustBase64Padding = void 0;
-/**
- * For incoming jwt token validation, splitting and parsing.
- * For outgoing jwt token assembling to jwt, make it url safe.
- */
-/**
- * Adjusts padding of base64String
- * @param base64String
- * @return {*}
- */
-const adjustBase64Padding = (base64String) => {
-    while (base64String.length % 4)
-        base64String += '=';
-    return base64String;
-};
-exports.adjustBase64Padding = adjustBase64Padding;
-/**
- * Removes /, + and = from the string
- * @returns {string}
- */
-const makeStringUrlSafe = (urlUnsafeString = '') => {
-    return urlUnsafeString.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-};
-exports.makeStringUrlSafe = makeStringUrlSafe;
-/**
- * Put back /, + and = into the string
- * @returns {string}
- */
-const reverseStringUrlSafe = (urlSafeString = '') => {
-    let myString = urlSafeString.replace(/-/g, '+').replace(/_/g, '/');
-    return (0, exports.adjustBase64Padding)(myString);
-};
-exports.reverseStringUrlSafe = reverseStringUrlSafe;
-/**
- * Encode string to base64 string
- * @param unCodedString
- * @returns {string}
- */
-const asciiToBase64 = (unCodedString) => {
-    return Buffer.from(unCodedString).toString('base64');
-};
-exports.asciiToBase64 = asciiToBase64;
-/** Decode string from base64
- * @param codedString
- * @returns {string}
- */
-const base64ToAscii = (codedString) => {
-    return Buffer.from(codedString, 'base64').toString('ascii');
-};
-exports.base64ToAscii = base64ToAscii;
-/**
- * Decompose $ connected string and return an object
- * return null if error
- * @param passwordHash
- */
-const dollarSignConnectedStringToAlgorithmHashSalt = (passwordHash) => {
-    const splitStringArray = passwordHash.split('$');
-    if (splitStringArray.length !== 6)
-        return null;
-    return {
-        version: splitStringArray[1],
-        alg: splitStringArray[2],
-        hash: splitStringArray[3],
-        salt: splitStringArray[4],
-    };
-};
-exports.dollarSignConnectedStringToAlgorithmHashSalt = dollarSignConnectedStringToAlgorithmHashSalt;
-/**
- * Decompose . connected string and return an object with
- * {header: 'string', payload: 'string', signature: 'string'}
- * return null if error
- */
-const dotConnectedStringToHeaderPayloadSignature = (jwt) => {
-    const splitJWT = jwt.split('.');
-    if (splitJWT.length !== 3)
-        return null;
-    return {
-        header: splitJWT[0],
-        payload: splitJWT[1],
-        signature: splitJWT[2],
-    };
-};
-exports.dotConnectedStringToHeaderPayloadSignature = dotConnectedStringToHeaderPayloadSignature;
-/**
- * Turns object into url safe string
- * @param object
- * @return {string}
- */
-const objectToBase64UrlSafeString = (object) => {
-    let stringAscii = JSON.stringify(object);
-    let base64String = (0, exports.asciiToBase64)(stringAscii);
-    return (0, exports.makeStringUrlSafe)(base64String);
-};
-exports.objectToBase64UrlSafeString = objectToBase64UrlSafeString;
-/**
- * Turns base64 into object
- * @param urlSafeBase64String
- * @return {any}
- */
-const urlSafeBase64ToObject = (urlSafeBase64String) => {
-    let base64String = (0, exports.reverseStringUrlSafe)(urlSafeBase64String);
-    let stringAscii = (0, exports.base64ToAscii)(base64String);
-    return JSON.parse(stringAscii);
-};
-exports.urlSafeBase64ToObject = urlSafeBase64ToObject;

package/dist/cjs/stringUtilAuth.d.ts

@@ -1,64 +0,0 @@
-/**
- * For incoming jwt token validation, splitting and parsing.
- * For outgoing jwt token assembling to jwt, make it url safe.
- */
-/**
- * Adjusts padding of base64String
- * @param base64String
- * @return {*}
- */
-export declare const adjustBase64Padding: (base64String: string) => string;
-/**
- * Removes /, + and = from the string
- * @returns {string}
- */
-export declare const makeStringUrlSafe: (urlUnsafeString?: string) => string;
-/**
- * Put back /, + and = into the string
- * @returns {string}
- */
-export declare const reverseStringUrlSafe: (urlSafeString?: string) => string;
-/**
- * Encode string to base64 string
- * @param unCodedString
- * @returns {string}
- */
-export declare const asciiToBase64: (unCodedString: string) => string;
-/** Decode string from base64
- * @param codedString
- * @returns {string}
- */
-export declare const base64ToAscii: (codedString: string) => string;
-/**
- * Decompose $ connected string and return an object
- * return null if error
- * @param passwordHash
- */
-export declare const dollarSignConnectedStringToAlgorithmHashSalt: (passwordHash: string) => {
-    version: string;
-    alg: string;
-    hash: string;
-    salt: string;
-} | null;
-/**
- * Decompose . connected string and return an object with
- * {header: 'string', payload: 'string', signature: 'string'}
- * return null if error
- */
-export declare const dotConnectedStringToHeaderPayloadSignature: (jwt: string) => {
-    header: string;
-    payload: string;
-    signature: string;
-} | null;
-/**
- * Turns object into url safe string
- * @param object
- * @return {string}
- */
-export declare const objectToBase64UrlSafeString: (object: any) => string;
-/**
- * Turns base64 into object
- * @param urlSafeBase64String
- * @return {any}
- */
-export declare const urlSafeBase64ToObject: (urlSafeBase64String: string) => any;

package/dist/esm/cryptoUtilAuth.d.ts

@@ -1,48 +0,0 @@
-/**
- * Signs a token returns signature string
- * @param token
- * @param privateKey
- * @param signingAlgorithm
- * @returns {string}
- */
-export declare const createBase64SignatureOfToken: (token: string | undefined, privateKey: string, signingAlgorithm: string) => string;
-/**
- * Verifies the signature returns true or false
- * @param token
- * @param signature
- * @param publicKey
- * @param signingAlgorithm
- * @returns {boolean}
- */
-export declare const verifyBase64SignatureOfToken: (token: string | undefined, signature: string, publicKey: string, signingAlgorithm: string) => boolean;
-/**
- * Creates the hash of given string
- * @param string
- * @param secret
- * @param algorithm
- * @returns {string}
- */
-export declare const createHmacBase64: (string: string | undefined, secret: string, algorithm: string) => string;
-/**
- * Create random salt
- * @returns {string}
- */
-export declare const createSaltBase64: () => string;
-/**
- * Encrypt given string
- * @param string
- * @param salt
- * @param secret
- * @param algorithm
- * @returns {string}
- */
-export declare const encryptStringAsciiToBase64: (string: string, salt: string, secret: string, algorithm: string) => string;
-/**
- * Decrypts given string
- * @param encryptedString
- * @param salt
- * @param secret
- * @param algorithm
- * @returns {string}
- */
-export declare const decryptStringBase64ToAscii: (encryptedString: string, salt: string, secret: string, algorithm: string) => string;

package/dist/esm/cryptoUtilAuth.js

@@ -1,82 +0,0 @@
-import * as crypto from 'crypto';
-/**
- * Signs a token returns signature string
- * @param token
- * @param privateKey
- * @param signingAlgorithm
- * @returns {string}
- */
-export const createBase64SignatureOfToken = function (token = '', privateKey, signingAlgorithm) {
-    const sign = crypto.createSign(signingAlgorithm);
-    sign.write(token);
-    sign.end();
-    return sign.sign(privateKey, 'base64');
-};
-/**
- * Verifies the signature returns true or false
- * @param token
- * @param signature
- * @param publicKey
- * @param signingAlgorithm
- * @returns {boolean}
- */
-export const verifyBase64SignatureOfToken = function (token = '', signature, publicKey, signingAlgorithm) {
-    const verify = crypto.createVerify(signingAlgorithm);
-    verify.update(token);
-    verify.end();
-    return verify.verify(publicKey, signature, 'base64');
-};
-/**
- * Creates the hash of given string
- * @param string
- * @param secret
- * @param algorithm
- * @returns {string}
- */
-export const createHmacBase64 = function (string = '', secret, algorithm) {
-    const hmac = crypto.createHmac(algorithm, secret);
-    hmac.update(string);
-    return hmac.digest('base64');
-};
-/**
- * Create random salt
- * @returns {string}
- */
-export const createSaltBase64 = () => {
-    const date = new Date().valueOf();
-    const hmac = crypto.createHmac('SHA256', date.toString());
-    hmac.update(date.toString());
-    return hmac.digest('base64');
-};
-/**
- * Encrypt given string
- * @param string
- * @param salt
- * @param secret
- * @param algorithm
- * @returns {string}
- */
-export const encryptStringAsciiToBase64 = (string, salt, secret, algorithm) => {
-    const key = crypto.scryptSync(secret, salt, 24);
-    const iv = Buffer.alloc(16, 0);
-    const cipher = crypto.createCipheriv(algorithm, key, iv);
-    let encrypted = cipher.update(string, 'ascii', 'base64');
-    encrypted += cipher.final('base64');
-    return encrypted;
-};
-/**
- * Decrypts given string
- * @param encryptedString
- * @param salt
- * @param secret
- * @param algorithm
- * @returns {string}
- */
-export const decryptStringBase64ToAscii = (encryptedString, salt, secret, algorithm) => {
-    const key = crypto.scryptSync(secret, salt, 24);
-    const iv = Buffer.alloc(16, 0);
-    const decipher = crypto.createDecipheriv(algorithm, key, iv);
-    let decrypted = decipher.update(encryptedString, 'base64', 'ascii');
-    decrypted += decipher.final('ascii');
-    return decrypted;
-};

package/dist/esm/index.d.ts

@@ -1,6 +0,0 @@
-export * from './cryptoUtilAuth';
-export * from './jwtUtilAuth';
-export * from './keyGen';
-export * from './pwdUtilAuth';
-export * from './strEncryptUtil';
-export * from './stringUtilAuth';

package/dist/esm/index.js

@@ -1,6 +0,0 @@
-export * from './cryptoUtilAuth';
-export * from './jwtUtilAuth';
-export * from './keyGen';
-export * from './pwdUtilAuth';
-export * from './strEncryptUtil';
-export * from './stringUtilAuth';

package/dist/esm/jwtUtilAuth.d.ts

@@ -1,35 +0,0 @@
-/**
- * User supplied header, payload and signature create jwt.
- * @returns {string|null}
- * @param headerBase64
- * @param payloadBase64
- * @param signatureBase64
- */
-export declare const _assembleJwt: (headerBase64: string, payloadBase64: string, signatureBase64: string) => string;
-/**
- * User supplied header, payload and signature create jwt.
- * @returns {{payload: *, signature: *, header: *}}
- * @param jwt
- */
-export declare const _splitJwtInToHeaderPayloadSignature: (jwt: string) => any;
-/**
- * Creates Url safe jwt
- * @param headerObject
- * @param payloadObject
- * @param privateKey
- * @return {string|null}
- */
-export declare const createSignedJwtFromObject: (headerObject: any, payloadObject: any, privateKey: string) => any;
-/**
- * Verify signature of jwt
- * @param jwt
- * @param publicKey
- * @return {boolean}
- */
-export declare const verifyJwtSignature: (jwt: string, publicKey: string) => boolean;
-/**
- * Returns header and payload object for jwt.
- * @param jwt
- * @return {{payload: any, header: any}}
- */
-export declare const getHeaderPayloadFromJwt: (jwt: string) => any;

package/dist/esm/jwtUtilAuth.js

@@ -1,69 +0,0 @@
-import * as stringUtilAuth from './stringUtilAuth';
-import * as cryptoUtilAuth from './cryptoUtilAuth';
-/**
- * User supplied header, payload and signature create jwt.
- * @returns {string|null}
- * @param headerBase64
- * @param payloadBase64
- * @param signatureBase64
- */
-export const _assembleJwt = (headerBase64, payloadBase64, signatureBase64) => {
-    return headerBase64 + '.' + payloadBase64 + '.' + signatureBase64;
-};
-/**
- * User supplied header, payload and signature create jwt.
- * @returns {{payload: *, signature: *, header: *}}
- * @param jwt
- */
-export const _splitJwtInToHeaderPayloadSignature = (jwt) => {
-    return stringUtilAuth.dotConnectedStringToHeaderPayloadSignature(jwt);
-};
-/**
- * Creates Url safe jwt
- * @param headerObject
- * @param payloadObject
- * @param privateKey
- * @return {string|null}
- */
-export const createSignedJwtFromObject = (headerObject, payloadObject, privateKey) => {
-    try {
-        const algorithm = headerObject.alg;
-        const headerBase64UrlSafe = stringUtilAuth.objectToBase64UrlSafeString(headerObject);
-        const payloadBase64UrlSafe = stringUtilAuth.objectToBase64UrlSafeString(payloadObject);
-        const token = headerBase64UrlSafe + '.' + payloadBase64UrlSafe;
-        const signature = cryptoUtilAuth.createBase64SignatureOfToken(token, privateKey, algorithm);
-        const urlSafeSignature = stringUtilAuth.makeStringUrlSafe(signature);
-        return _assembleJwt(headerBase64UrlSafe, payloadBase64UrlSafe, urlSafeSignature);
-    }
-    catch (error) {
-        return null;
-    }
-};
-/**
- * Verify signature of jwt
- * @param jwt
- * @param publicKey
- * @return {boolean}
- */
-export const verifyJwtSignature = (jwt, publicKey) => {
-    try {
-        const { header, payload, signature } = _splitJwtInToHeaderPayloadSignature(jwt);
-        const token = header + '.' + payload;
-        const headerObject = stringUtilAuth.urlSafeBase64ToObject(header);
-        return cryptoUtilAuth.verifyBase64SignatureOfToken(token, signature, publicKey, headerObject.alg);
-    }
-    catch (error) {
-        return false;
-    }
-};
-/**
- * Returns header and payload object for jwt.
- * @param jwt
- * @return {{payload: any, header: any}}
- */
-export const getHeaderPayloadFromJwt = (jwt) => {
-    const { header, payload } = _splitJwtInToHeaderPayloadSignature(jwt);
-    let headerAscii = stringUtilAuth.base64ToAscii(header);
-    let payloadAscii = stringUtilAuth.base64ToAscii(payload);
-    return { header: JSON.parse(headerAscii), payload: JSON.parse(payloadAscii) };
-};

package/dist/esm/keyGen.d.ts

@@ -1,11 +0,0 @@
-export declare const generateKeyPair: (modulusLength?: number) => import("node:crypto").KeyPairExportResult<{
-    modulusLength: number;
-    publicKeyEncoding: {
-        type: "spki";
-        format: "pem";
-    };
-    privateKeyEncoding: {
-        type: "pkcs8";
-        format: "pem";
-    };
-}>;

package/dist/esm/keyGen.js

@@ -1,12 +0,0 @@
-import { generateKeyPairSync } from 'node:crypto';
-export const generateKeyPair = (modulusLength = 4096) => generateKeyPairSync('rsa', {
-    modulusLength: modulusLength,
-    publicKeyEncoding: {
-        type: 'spki',
-        format: 'pem',
-    },
-    privateKeyEncoding: {
-        type: 'pkcs8',
-        format: 'pem',
-    },
-});

package/dist/esm/pwdUtilAuth.d.ts

@@ -1,39 +0,0 @@
-/**
- * Just assemble password together
- * @param algorithmBase64
- * @param hashBase64
- * @param saltBase64
- * @return {string}
- */
-export declare const _assemblePasswordHash: (algorithmBase64: string, hashBase64: string, saltBase64: string) => string;
-/**
- * Break password into its parts does not reverse base64 encoding.
- * @param passwordHashStored
- * @return {{salt: *, version: *, alg: *, hash: *}}
- */
-export declare const _disassemblePasswordHash: (passwordHashStored: string) => any;
-/**
- * Creates password hash ready to be saved in database.
- * @param password
- * @param secret
- * @param salt
- * @param algorithm
- * @return {string}
- */
-export declare const _createPasswordHash: (password: string, secret: string, salt: string, algorithm: string) => string;
-/**
- * Automatically adds random salt.
- * @param password
- * @param secret
- * @param algorithm
- * @return {string}
- */
-export declare const createPasswordHashWithRandomSalt: (password: string, secret: string, algorithm: string) => string;
-/**
- * Creates hash based on saved hash in database.
- * @param password
- * @param savedPasswordHash
- * @param secret
- * @return {string}
- */
-export declare const createPasswordHashBasedOnSavedAlgorithmSalt: (password: string, savedPasswordHash: string, secret: string) => string;

package/dist/esm/pwdUtilAuth.js

@@ -1,56 +0,0 @@
-import * as cryptoUtilAuth from './cryptoUtilAuth';
-import * as stringUtilAuth from './stringUtilAuth';
-/**
- * Just assemble password together
- * @param algorithmBase64
- * @param hashBase64
- * @param saltBase64
- * @return {string}
- */
-export const _assemblePasswordHash = (algorithmBase64, hashBase64, saltBase64) => {
-    return '$1$' + algorithmBase64 + '$' + hashBase64 + '$' + saltBase64 + '$';
-};
-/**
- * Break password into its parts does not reverse base64 encoding.
- * @param passwordHashStored
- * @return {{salt: *, version: *, alg: *, hash: *}}
- */
-export const _disassemblePasswordHash = (passwordHashStored) => {
-    return stringUtilAuth.dollarSignConnectedStringToAlgorithmHashSalt(passwordHashStored);
-};
-/**
- * Creates password hash ready to be saved in database.
- * @param password
- * @param secret
- * @param salt
- * @param algorithm
- * @return {string}
- */
-export const _createPasswordHash = (password, secret, salt, algorithm) => {
-    const algorithmBase64 = stringUtilAuth.asciiToBase64(algorithm);
-    const hashBase64 = cryptoUtilAuth.createHmacBase64(password, secret, algorithm);
-    return _assemblePasswordHash(algorithmBase64, hashBase64, salt);
-};
-/**
- * Automatically adds random salt.
- * @param password
- * @param secret
- * @param algorithm
- * @return {string}
- */
-export const createPasswordHashWithRandomSalt = (password, secret, algorithm) => {
-    const salt = cryptoUtilAuth.createSaltBase64();
-    return _createPasswordHash(password, secret, salt, algorithm);
-};
-/**
- * Creates hash based on saved hash in database.
- * @param password
- * @param savedPasswordHash
- * @param secret
- * @return {string}
- */
-export const createPasswordHashBasedOnSavedAlgorithmSalt = (password, savedPasswordHash, secret) => {
-    const { alg, salt } = _disassemblePasswordHash(savedPasswordHash);
-    const algorithm = stringUtilAuth.base64ToAscii(alg);
-    return _createPasswordHash(password, secret, salt, algorithm);
-};

package/dist/esm/strEncryptUtil.d.ts

@@ -1,46 +0,0 @@
-import * as crypto from 'crypto';
-/**
- * Derive a key using scrypt.
- */
-export declare function createKey(key: crypto.BinaryLike, keyLength?: number): Buffer;
-export interface EncryptionConfig {
-    privateKey: string | Buffer | crypto.KeyObject;
-    encryptedTextEncoding: BufferEncoding;
-}
-export interface DecryptionConfig {
-    publicKey: string | Buffer | crypto.KeyObject;
-    encryptedTextEncoding: BufferEncoding;
-    plainTextEncoding: BufferEncoding;
-}
-export interface SymmetricCryptoConfig {
-    cipherAlgorithm: string;
-    encryptionKey: crypto.BinaryLike;
-    keyLength: number;
-    plainTextEncoding: BufferEncoding;
-    encryptedTextEncoding: BufferEncoding;
-}
-/**
- * Encrypts text using a private key, returning an encoded cipher text string.
- * On error, returns a code string if present, otherwise a fallback.
- */
-export declare const encryptByPrivateKey: (encryptionConfigObj: EncryptionConfig, textToEncrypt: string) => string;
-/**
- * Decrypts text using a public key, returning a plain text string.
- * On error, returns a code string if present, otherwise a fallback.
- */
-export declare const decryptByPublicKey: (decryptionConfigObj: DecryptionConfig, textToDecrypt: string) => string;
-/**
- * Encrypts text using a symmetric algorithm and derived key, returning an encoded cipher string.
- * On error, returns a code string if present, otherwise a fallback.
- *
- * NOTE: This uses a zero IV (Buffer.alloc(16, 0)) which is generally **not recommended** for production.
- * Prefer a random IV per encryption and prepend/append it to the output for decryption.
- */
-export declare const encryptByKey: (encryptConfigObj: SymmetricCryptoConfig, textToEncrypt: string) => string;
-/**
- * Decrypts a cipher string using a symmetric algorithm and derived key,
- * returning the plain text string. On error, returns a code string or fallback.
- *
- * NOTE: Must use the same IV that was used during encryption. Here it assumes a zero IV.
- */
-export declare const decryptByKey: (encryptConfigObj: SymmetricCryptoConfig, textToDecrypt: string) => string;