@dimgit9/passport 1.0.0

package/.github/workflows/publish.yml

@@ -0,0 +1,30 @@
+name: Publish
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          registry-url: "https://registry.npmjs.org"
+
+      - name: Install deps
+        run: npm install --frozen-lockfile
+
+      - name: Build
+        run: npm run build
+
+      - name: Publish Package
+        run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/lib/constants/passport.contants.ts

@@ -0,0 +1 @@
+export const PASSPORT_OPTIONS_KEY = Symbol("PassportOptions")

package/lib/index.ts

@@ -0,0 +1,4 @@
+export * from "./interfaces"
+
+export * from "./passport.module"
+export * from "./passport.service"

package/lib/interfaces/index.ts

@@ -0,0 +1,3 @@
+export * from "./passport-async-options.interface"
+export * from "./passport-options.interface"
+export * from "./token.interface"

package/lib/interfaces/passport-async-options.interface.ts

@@ -0,0 +1,7 @@
+import { FactoryProvider, ModuleMetadata } from "@nestjs/common"
+import { PassportOptions } from "./passport-options.interface"
+
+export interface PassportAsyncOptions extends Pick<ModuleMetadata, "imports"> {
+  useFactory: (...args: any[]) => Promise<PassportOptions> | PassportOptions
+  inject?: FactoryProvider["inject"]
+}

package/lib/interfaces/passport-options.interface.ts

@@ -0,0 +1,4 @@
+export interface PassportOptions {
+    secretKey: string
+}
+

package/lib/interfaces/token.interface.ts

@@ -0,0 +1,9 @@
+export interface TokenPayload {
+  sub: string | number
+}
+
+export interface VerifyResult {
+  valid: boolean
+  reason?: string
+  userId?: string
+}

package/lib/passport.module.ts

@@ -0,0 +1,33 @@
+import { DynamicModule, Global, Module } from "@nestjs/common"
+import { PassportAsyncOptions, PassportOptions } from "./interfaces"
+import {
+  createPassportAsyncOptionsProvider,
+  createPassportOptionsProvider,
+} from "./passport.providers"
+import { PassportService } from "./passport.service"
+import { PASSPORT_OPTIONS_KEY } from "./constants/passport.contants"
+
+@Global()
+@Module({})
+export class PassportModule {
+  static register(options: PassportOptions): DynamicModule {
+    const optionsProvider = createPassportOptionsProvider(options)
+
+    return {
+      module: PassportModule,
+      providers: [optionsProvider, PassportService],
+      exports: [PassportService, PASSPORT_OPTIONS_KEY],
+    }
+  }
+
+  static registerAsync(options: PassportAsyncOptions): DynamicModule {
+    const optionsProvider = createPassportAsyncOptionsProvider(options)
+
+    return {
+      module: PassportModule,
+      imports: options.imports ?? [],
+      providers: [optionsProvider, PassportService],
+      exports: [PassportService, PASSPORT_OPTIONS_KEY],
+    }
+  }
+}

package/lib/passport.providers.ts

@@ -0,0 +1,32 @@
+import { type Provider } from "@nestjs/common"
+import { PassportAsyncOptions, type PassportOptions } from "./interfaces"
+import { PASSPORT_OPTIONS_KEY } from "./constants/passport.contants"
+
+export function createPassportOptionsProvider(
+  options: PassportOptions,
+): Provider {
+  return {
+    provide: PASSPORT_OPTIONS_KEY,
+    useValue: Object.freeze({ ...options }),
+  }
+}
+
+export function createPassportAsyncOptionsProvider(
+  options: PassportAsyncOptions,
+): Provider {
+  return {
+    provide: PASSPORT_OPTIONS_KEY,
+    useFactory: async (...args: any[]) => {
+      const resolved = await options.useFactory!(...args)
+
+      if (!resolved || typeof resolved.secretKey != "string") {
+        throw new Error(
+          '[PassportModule]: "secretKey" is required and must be a string',
+        )
+      }
+
+      return Object.freeze({ ...options })
+    },
+    inject: options.inject ?? [],
+  }
+}

package/lib/passport.service.ts

@@ -0,0 +1,94 @@
+import { createHmac } from "node:crypto"
+import { base64UrlDecode, base64UrlEncode, constantTimeEqual } from "./utils"
+import { Inject, Injectable } from "@nestjs/common"
+import { PASSPORT_OPTIONS_KEY } from "./constants/passport.contants"
+import { PassportOptions } from "./interfaces"
+
+// console.log("GENERATED TOKEN: ", generateToken("123", "user-123", 1))
+
+// console.log(
+//   "VERIFY TOKEN: ",
+//   verifyToken(
+//     "123",
+//     "dXNlci0xMjM.MTc3MTQ3MjI4OQ.MTc3MTQ3MjI5MA.3077b9755ab7f77d997120ba148bb129dcecc1a1fa3ee9def5cc93bc3128b590",
+//   ),
+// )
+
+@Injectable()
+export class PassportService {
+  private readonly SECRET_KEY: string
+
+  private static readonly HMAC_DOMAIN = "PassportTokenAuth/v1"
+  private static readonly INTERNAL_SEP = "|"
+
+  constructor(
+    @Inject(PASSPORT_OPTIONS_KEY) private readonly options: PassportOptions,
+  ) {
+    this.SECRET_KEY = options.secretKey
+  }
+
+  private now() {
+    return Math.floor(Date.now() / 1000)
+  }
+
+  private serialize(user: string, iat: string, exp: string) {
+    return [PassportService.HMAC_DOMAIN, user, iat, exp].join(
+      PassportService.INTERNAL_SEP,
+    )
+  }
+
+  private computeHmac(data: string) {
+    return createHmac("sha256", this.SECRET_KEY).update(data).digest("hex")
+  }
+
+  generate(userId: string, ttl: number) {
+    const issuedAt = this.now()
+    const expiresAt = issuedAt + ttl
+
+    const userPart = base64UrlEncode(userId)
+    const iatPart = base64UrlEncode(String(issuedAt))
+    const expPart = base64UrlEncode(String(expiresAt))
+
+    const serialized = this.serialize(userPart, iatPart, expPart)
+    const mac = this.computeHmac(serialized)
+
+    return `${userPart}.${iatPart}.${expPart}.${mac}`
+  }
+
+  verify(token: string) {
+    const parts = token.split(".")
+
+    if (parts.length != 4)
+      return {
+        valid: false,
+        reason: "Invalid format",
+      }
+
+    const [userPart, iatPart, expPart, mac] = parts
+
+    const serialized = this.serialize(userPart, iatPart, expPart)
+
+    const expectedMac = this.computeHmac(serialized)
+
+    if (!constantTimeEqual(expectedMac, mac))
+      return {
+        valid: false,
+        reason: "Invalid signature",
+      }
+
+    const expNum = Number(base64UrlDecode(expPart))
+
+    if (!Number.isFinite(expNum))
+      return {
+        valid: false,
+        reason: "Error",
+      }
+
+    if (this.now() > expNum) return { valid: false, reason: "Expired" }
+
+    return {
+      valid: true,
+      userId: base64UrlDecode(userPart),
+    }
+  }
+}

package/lib/utils/base64.ts

@@ -0,0 +1,17 @@
+export function base64UrlEncode(buf: Buffer | string) {
+  const b = typeof buf === "string" ? Buffer.from(buf) : buf
+
+  return b
+    .toString("base64")
+    .replace(/\+/g, "-")
+    .replace(/\//g, "_")
+    .replace(/=+$/, "")
+}
+
+export function base64UrlDecode(base: string) {
+  base = base.replace(/-/g, "+").replace(/_/g, "/")
+
+  while (base.length % 4) base += "="
+
+  return Buffer.from(base, "base64").toString()
+}

package/lib/utils/crypto.ts

@@ -0,0 +1,11 @@
+import { timingSafeEqual } from "node:crypto"
+
+export function constantTimeEqual(a: string, b: string) {
+  const bufA = Buffer.from(a)
+
+  const bufB = Buffer.from(b)
+
+  if (bufA.length !== bufB.length) return false
+
+  return timingSafeEqual(bufA, bufB)
+}

package/lib/utils/index.ts

@@ -0,0 +1,2 @@
+export * from "./base64"
+export * from "./crypto"

package/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "@dimgit9/passport",
+  "version": "1.0.0",
+  "description": "Lightweight authentication library",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "type": "commonjs",
+  "devDependencies": {
+    "@types/node": "^25.2.2",
+    "typescript": "^5.9.3"
+  },
+  "dependencies": {
+    "@nestjs/common": "^11.1.14",
+    "@nestjs/core": "^11.1.14",
+    "reflect-metadata": "^0.2.2",
+    "rx-js": "^0.0.0"
+  }
+}

package/tsconfig.build.json

@@ -0,0 +1,9 @@
+{
+    "extends": "./tsconfig.json",
+    "compilerOptions": {
+        "declaration": true,
+        "outDir": "./dist"
+    },
+    "include": ["lib/**/*"],
+    "exclude": ["node_modules", "dist", "test"]
+}

package/tsconfig.json

@@ -0,0 +1,13 @@
+{
+  "compilerOptions": {
+    "module": "commonjs",
+    "target": "es2024", 
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "experimentalDecorators": true,
+    "emitDecoratorMetadata": true,
+    "forceConsistentCasingInFileNames": true,
+    "strictNullChecks": false
+  }
+}