npm - @esengine/server - Versions diffs - 1.1.4 → 1.2.0 - Mend

@esengine/server 1.1.4 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/dist/Room-BnKpl5Sj.d.ts +237 -0
package/dist/auth/index.d.ts +711 -0
package/dist/auth/index.js +707 -0
package/dist/auth/index.js.map +1 -0
package/dist/auth/testing/index.d.ts +153 -0
package/dist/auth/testing/index.js +165 -0
package/dist/auth/testing/index.js.map +1 -0
package/dist/chunk-7C6JZO4O.js +744 -0
package/dist/chunk-7C6JZO4O.js.map +1 -0
package/dist/chunk-T626JPC7.js +8 -0
package/dist/chunk-T626JPC7.js.map +1 -0
package/dist/index-DgaJIm6-.d.ts +170 -0
package/dist/index.d.ts +4 -403
package/dist/index.js +3 -745
package/dist/index.js.map +1 -1
package/dist/testing/index.d.ts +386 -0
package/dist/testing/index.js +629 -0
package/dist/testing/index.js.map +1 -0
package/dist/types-BmO5ykKp.d.ts +311 -0
package/package.json +26 -3

package/dist/auth/index.js ADDED Viewed

@@ -0,0 +1,707 @@
+import { __name, __publicField } from '../chunk-T626JPC7.js';
+import * as jwt from 'jsonwebtoken';
+import { randomBytes } from 'crypto';
+// src/auth/context.ts
+var defaultUserExtractor = {
+  getId(user) {
+    if (user && typeof user === "object") {
+      const u = user;
+      if (typeof u.id === "string") return u.id;
+      if (typeof u.id === "number") return String(u.id);
+      if (typeof u.userId === "string") return u.userId;
+      if (typeof u.userId === "number") return String(u.userId);
+      if (typeof u.sub === "string") return u.sub;
+    }
+    return "";
+  },
+  getRoles(user) {
+    if (user && typeof user === "object") {
+      const u = user;
+      if (Array.isArray(u.roles)) {
+        return u.roles.filter((r) => typeof r === "string");
+      }
+      if (typeof u.role === "string") {
+        return [
+          u.role
+        ];
+      }
+    }
+    return [];
+  }
+};
+var _AuthContext = class _AuthContext {
+  constructor(extractor) {
+    __publicField(this, "_isAuthenticated", false);
+    __publicField(this, "_user", null);
+    __publicField(this, "_userId", null);
+    __publicField(this, "_roles", []);
+    __publicField(this, "_authenticatedAt", null);
+    __publicField(this, "_expiresAt", null);
+    __publicField(this, "_extractor");
+    this._extractor = extractor ?? defaultUserExtractor;
+  }
+  /**
+   * @zh 是否已认证
+   * @en Whether authenticated
+   */
+  get isAuthenticated() {
+    if (this._expiresAt && Date.now() > this._expiresAt) {
+      return false;
+    }
+    return this._isAuthenticated;
+  }
+  /**
+   * @zh 用户信息
+   * @en User information
+   */
+  get user() {
+    return this._user;
+  }
+  /**
+   * @zh 用户 ID
+   * @en User ID
+   */
+  get userId() {
+    return this._userId;
+  }
+  /**
+   * @zh 用户角色
+   * @en User roles
+   */
+  get roles() {
+    return this._roles;
+  }
+  /**
+   * @zh 认证时间
+   * @en Authentication timestamp
+   */
+  get authenticatedAt() {
+    return this._authenticatedAt;
+  }
+  /**
+   * @zh 令牌过期时间
+   * @en Token expiration time
+   */
+  get expiresAt() {
+    return this._expiresAt;
+  }
+  /**
+   * @zh 检查是否有指定角色
+   * @en Check if has specified role
+   */
+  hasRole(role) {
+    return this._roles.includes(role);
+  }
+  /**
+   * @zh 检查是否有任一指定角色
+   * @en Check if has any of specified roles
+   */
+  hasAnyRole(roles) {
+    return roles.some((role) => this._roles.includes(role));
+  }
+  /**
+   * @zh 检查是否有所有指定角色
+   * @en Check if has all specified roles
+   */
+  hasAllRoles(roles) {
+    return roles.every((role) => this._roles.includes(role));
+  }
+  /**
+   * @zh 设置认证结果
+   * @en Set authentication result
+   */
+  setAuthenticated(result) {
+    if (result.success && result.user) {
+      this._isAuthenticated = true;
+      this._user = result.user;
+      this._userId = this._extractor.getId(result.user);
+      this._roles = this._extractor.getRoles(result.user);
+      this._authenticatedAt = Date.now();
+      this._expiresAt = result.expiresAt ?? null;
+    } else {
+      this.clear();
+    }
+  }
+  /**
+   * @zh 清除认证状态
+   * @en Clear authentication state
+   */
+  clear() {
+    this._isAuthenticated = false;
+    this._user = null;
+    this._userId = null;
+    this._roles = [];
+    this._authenticatedAt = null;
+    this._expiresAt = null;
+  }
+};
+__name(_AuthContext, "AuthContext");
+var AuthContext = _AuthContext;
+function createGuestContext() {
+  return new AuthContext();
+}
+__name(createGuestContext, "createGuestContext");
+function createAuthContext(result, extractor) {
+  const context = new AuthContext(extractor);
+  context.setAuthenticated(result);
+  return context;
+}
+__name(createAuthContext, "createAuthContext");
+var _JwtAuthProvider = class _JwtAuthProvider {
+  constructor(config) {
+    __publicField(this, "name", "jwt");
+    __publicField(this, "_config");
+    this._config = {
+      algorithm: "HS256",
+      expiresIn: 3600,
+      ...config
+    };
+  }
+  /**
+   * @zh 验证令牌
+   * @en Verify token
+   */
+  async verify(token) {
+    if (!token) {
+      return {
+        success: false,
+        error: "Token is required",
+        errorCode: "INVALID_TOKEN"
+      };
+    }
+    try {
+      const verifyOptions = {
+        algorithms: [
+          this._config.algorithm
+        ]
+      };
+      if (this._config.issuer) {
+        verifyOptions.issuer = this._config.issuer;
+      }
+      if (this._config.audience) {
+        verifyOptions.audience = this._config.audience;
+      }
+      const payload = jwt.verify(token, this._config.secret, verifyOptions);
+      let user = null;
+      if (this._config.getUser) {
+        user = await this._config.getUser(payload);
+        if (!user) {
+          return {
+            success: false,
+            error: "User not found",
+            errorCode: "USER_NOT_FOUND"
+          };
+        }
+      } else {
+        user = payload;
+      }
+      return {
+        success: true,
+        user,
+        token,
+        expiresAt: payload.exp ? payload.exp * 1e3 : void 0
+      };
+    } catch (error) {
+      const err = error;
+      if (err.name === "TokenExpiredError") {
+        return {
+          success: false,
+          error: "Token has expired",
+          errorCode: "EXPIRED_TOKEN"
+        };
+      }
+      return {
+        success: false,
+        error: err.message || "Invalid token",
+        errorCode: "INVALID_TOKEN"
+      };
+    }
+  }
+  /**
+   * @zh 刷新令牌
+   * @en Refresh token
+   */
+  async refresh(token) {
+    const result = await this.verify(token);
+    if (!result.success || !result.user) {
+      return result;
+    }
+    const payload = jwt.decode(token);
+    const { iat, exp, nbf, ...restPayload } = payload;
+    const newToken = this.sign(restPayload);
+    return {
+      success: true,
+      user: result.user,
+      token: newToken,
+      expiresAt: Date.now() + this._config.expiresIn * 1e3
+    };
+  }
+  /**
+   * @zh 生成令牌
+   * @en Generate token
+   */
+  sign(payload) {
+    const signOptions = {
+      algorithm: this._config.algorithm,
+      expiresIn: this._config.expiresIn
+    };
+    if (this._config.issuer) {
+      signOptions.issuer = this._config.issuer;
+    }
+    if (this._config.audience) {
+      signOptions.audience = this._config.audience;
+    }
+    return jwt.sign(payload, this._config.secret, signOptions);
+  }
+  /**
+   * @zh 解码令牌（不验证）
+   * @en Decode token (without verification)
+   */
+  decode(token) {
+    return jwt.decode(token);
+  }
+};
+__name(_JwtAuthProvider, "JwtAuthProvider");
+var JwtAuthProvider = _JwtAuthProvider;
+function createJwtAuthProvider(config) {
+  return new JwtAuthProvider(config);
+}
+__name(createJwtAuthProvider, "createJwtAuthProvider");
+var _SessionAuthProvider = class _SessionAuthProvider {
+  constructor(config) {
+    __publicField(this, "name", "session");
+    __publicField(this, "_config");
+    this._config = {
+      sessionTTL: 864e5,
+      prefix: "session:",
+      autoRenew: true,
+      ...config
+    };
+  }
+  /**
+   * @zh 获取存储键
+   * @en Get storage key
+   */
+  _getKey(sessionId) {
+    return `${this._config.prefix}${sessionId}`;
+  }
+  /**
+   * @zh 验证 Session
+   * @en Verify session
+   */
+  async verify(sessionId) {
+    if (!sessionId) {
+      return {
+        success: false,
+        error: "Session ID is required",
+        errorCode: "INVALID_TOKEN"
+      };
+    }
+    const key = this._getKey(sessionId);
+    const session = await this._config.storage.get(key);
+    if (!session) {
+      return {
+        success: false,
+        error: "Session not found or expired",
+        errorCode: "EXPIRED_TOKEN"
+      };
+    }
+    if (this._config.validateUser) {
+      const isValid = await this._config.validateUser(session.user);
+      if (!isValid) {
+        return {
+          success: false,
+          error: "User validation failed",
+          errorCode: "ACCOUNT_DISABLED"
+        };
+      }
+    }
+    if (this._config.autoRenew) {
+      session.lastActiveAt = Date.now();
+      await this._config.storage.set(key, session, this._config.sessionTTL);
+    }
+    return {
+      success: true,
+      user: session.user,
+      token: sessionId,
+      expiresAt: session.createdAt + this._config.sessionTTL
+    };
+  }
+  /**
+   * @zh 刷新 Session
+   * @en Refresh session
+   */
+  async refresh(sessionId) {
+    const result = await this.verify(sessionId);
+    if (!result.success) {
+      return result;
+    }
+    const key = this._getKey(sessionId);
+    const session = await this._config.storage.get(key);
+    if (session) {
+      session.lastActiveAt = Date.now();
+      await this._config.storage.set(key, session, this._config.sessionTTL);
+    }
+    return {
+      ...result,
+      expiresAt: Date.now() + this._config.sessionTTL
+    };
+  }
+  /**
+   * @zh 撤销 Session
+   * @en Revoke session
+   */
+  async revoke(sessionId) {
+    const key = this._getKey(sessionId);
+    return await this._config.storage.delete(key);
+  }
+  /**
+   * @zh 创建 Session
+   * @en Create session
+   */
+  async createSession(user, data) {
+    const sessionId = this._generateSessionId();
+    const key = this._getKey(sessionId);
+    const session = {
+      user,
+      createdAt: Date.now(),
+      lastActiveAt: Date.now(),
+      data
+    };
+    await this._config.storage.set(key, session, this._config.sessionTTL);
+    return sessionId;
+  }
+  /**
+   * @zh 获取 Session 数据
+   * @en Get session data
+   */
+  async getSession(sessionId) {
+    const key = this._getKey(sessionId);
+    return await this._config.storage.get(key);
+  }
+  /**
+   * @zh 更新 Session 数据
+   * @en Update session data
+   */
+  async updateSession(sessionId, data) {
+    const key = this._getKey(sessionId);
+    const session = await this._config.storage.get(key);
+    if (!session) {
+      return false;
+    }
+    session.data = {
+      ...session.data,
+      ...data
+    };
+    session.lastActiveAt = Date.now();
+    await this._config.storage.set(key, session, this._config.sessionTTL);
+    return true;
+  }
+  /**
+   * @zh 生成 Session ID（使用加密安全的随机数）
+   * @en Generate session ID (using cryptographically secure random)
+   */
+  _generateSessionId() {
+    return randomBytes(32).toString("hex");
+  }
+};
+__name(_SessionAuthProvider, "SessionAuthProvider");
+var SessionAuthProvider = _SessionAuthProvider;
+function createSessionAuthProvider(config) {
+  return new SessionAuthProvider(config);
+}
+__name(createSessionAuthProvider, "createSessionAuthProvider");
+// src/auth/mixin/withAuth.ts
+var AUTH_CONTEXT_KEY = /* @__PURE__ */ Symbol("authContext");
+function getAuthContext(conn) {
+  const data = conn.data;
+  return data[AUTH_CONTEXT_KEY] ?? null;
+}
+__name(getAuthContext, "getAuthContext");
+function setAuthContext(conn, context) {
+  const data = conn.data;
+  data[AUTH_CONTEXT_KEY] = context;
+}
+__name(setAuthContext, "setAuthContext");
+function withAuth(server, config) {
+  const { provider, extractCredentials, autoAuthOnConnect = true, disconnectOnAuthFailure = false, onAuthSuccess, onAuthFailure } = config;
+  const originalConnections = server.connections;
+  const connectionAuthMap = /* @__PURE__ */ new WeakMap();
+  const authServer = {
+    ...server,
+    get authProvider() {
+      return provider;
+    },
+    async authenticate(conn, credentials) {
+      const result = await provider.verify(credentials);
+      let authContext = connectionAuthMap.get(conn);
+      if (!authContext) {
+        authContext = new AuthContext();
+        connectionAuthMap.set(conn, authContext);
+        setAuthContext(conn, authContext);
+      }
+      if (result.success) {
+        authContext.setAuthenticated(result);
+        await onAuthSuccess?.(conn, result.user);
+      } else {
+        authContext.clear();
+        await onAuthFailure?.(conn, result);
+      }
+      return result;
+    },
+    getAuthContext(conn) {
+      return connectionAuthMap.get(conn) ?? null;
+    },
+    get connections() {
+      return originalConnections;
+    }
+  };
+  const originalOnConnect = server._onConnect;
+  server._onConnect = async (conn, req) => {
+    const authContext = new AuthContext();
+    connectionAuthMap.set(conn, authContext);
+    setAuthContext(conn, authContext);
+    if (autoAuthOnConnect && extractCredentials && req) {
+      try {
+        const connReq = req;
+        const credentials = await extractCredentials(connReq);
+        if (credentials) {
+          const result = await provider.verify(credentials);
+          if (result.success) {
+            authContext.setAuthenticated(result);
+            await onAuthSuccess?.(conn, result.user);
+          } else {
+            await onAuthFailure?.(conn, result);
+            if (disconnectOnAuthFailure) {
+              conn.close?.();
+              return;
+            }
+          }
+        }
+      } catch (error) {
+        console.error("[Auth] Error during auto-authentication:", error);
+      }
+    }
+    if (originalOnConnect) {
+      await originalOnConnect(conn, req);
+    }
+  };
+  const originalOnDisconnect = server._onDisconnect;
+  server._onDisconnect = async (conn) => {
+    connectionAuthMap.delete(conn);
+    if (originalOnDisconnect) {
+      await originalOnDisconnect(conn);
+    }
+  };
+  return authServer;
+}
+__name(withAuth, "withAuth");
+function requireAuthentication(conn, options) {
+  const auth = getAuthContext(conn);
+  if (!auth || !auth.isAuthenticated) {
+    throw new Error(options?.errorMessage ?? "Authentication required");
+  }
+  return auth;
+}
+__name(requireAuthentication, "requireAuthentication");
+function requireRole(conn, roles, options) {
+  const auth = requireAuthentication(conn);
+  const roleArray = Array.isArray(roles) ? roles : [
+    roles
+  ];
+  const mode = options?.mode ?? "any";
+  const hasRole = mode === "any" ? auth.hasAnyRole(roleArray) : auth.hasAllRoles(roleArray);
+  if (!hasRole) {
+    throw new Error(options?.errorMessage ?? "Insufficient permissions");
+  }
+  return auth;
+}
+__name(requireRole, "requireRole");
+// src/auth/mixin/withRoomAuth.ts
+var playerAuthContexts = /* @__PURE__ */ new WeakMap();
+function wrapPlayerWithAuth(player, authContext) {
+  playerAuthContexts.set(player, authContext);
+  Object.defineProperty(player, "auth", {
+    get: /* @__PURE__ */ __name(() => playerAuthContexts.get(player) ?? createGuestContext(), "get"),
+    enumerable: true,
+    configurable: false
+  });
+  Object.defineProperty(player, "user", {
+    get: /* @__PURE__ */ __name(() => playerAuthContexts.get(player)?.user ?? null, "get"),
+    enumerable: true,
+    configurable: false
+  });
+  return player;
+}
+__name(wrapPlayerWithAuth, "wrapPlayerWithAuth");
+function withRoomAuth(Base, config = {}) {
+  var _a;
+  const { requireAuth: requireAuth2 = true, allowedRoles = [], roleCheckMode = "any" } = config;
+  let AuthRoom = (_a = class extends Base {
+    constructor(...args) {
+      super(...args);
+      __publicField(this, "_originalOnJoin");
+      this._originalOnJoin = this.onJoin?.bind(this);
+      this.onJoin = this._authOnJoin.bind(this);
+    }
+    /**
+     * @zh 包装的 onJoin 方法
+     * @en Wrapped onJoin method
+     */
+    async _authOnJoin(player) {
+      const conn = player.connection ?? player._conn;
+      const authContext = conn ? getAuthContext(conn) ?? createGuestContext() : createGuestContext();
+      if (requireAuth2 && !authContext.isAuthenticated) {
+        console.warn(`[AuthRoom] Rejected unauthenticated player: ${player.id}`);
+        this.kick(player, "Authentication required");
+        return;
+      }
+      if (allowedRoles.length > 0) {
+        const hasRole = roleCheckMode === "any" ? authContext.hasAnyRole(allowedRoles) : authContext.hasAllRoles(allowedRoles);
+        if (!hasRole) {
+          console.warn(`[AuthRoom] Rejected player ${player.id}: insufficient roles`);
+          this.kick(player, "Insufficient permissions");
+          return;
+        }
+      }
+      const authPlayer = wrapPlayerWithAuth(player, authContext);
+      if (typeof this.onAuth === "function") {
+        try {
+          const allowed = await this.onAuth(authPlayer);
+          if (!allowed) {
+            console.warn(`[AuthRoom] Rejected player ${player.id}: onAuth returned false`);
+            this.kick(player, "Authentication rejected");
+            return;
+          }
+        } catch (error) {
+          console.error(`[AuthRoom] Error in onAuth for player ${player.id}:`, error);
+          this.kick(player, "Authentication error");
+          return;
+        }
+      }
+      if (this._originalOnJoin) {
+        await this._originalOnJoin(authPlayer);
+      }
+    }
+    /**
+     * @zh 获取带认证信息的玩家
+     * @en Get player with auth info
+     */
+    getAuthPlayer(id) {
+      const player = this.getPlayer(id);
+      return player;
+    }
+    /**
+     * @zh 获取所有带认证信息的玩家
+     * @en Get all players with auth info
+     */
+    getAuthPlayers() {
+      return this.players;
+    }
+    /**
+     * @zh 按角色获取玩家
+     * @en Get players by role
+     */
+    getPlayersByRole(role) {
+      return this.getAuthPlayers().filter((p) => p.auth?.hasRole(role));
+    }
+    /**
+     * @zh 按用户 ID 获取玩家
+     * @en Get player by user ID
+     */
+    getPlayerByUserId(userId) {
+      return this.getAuthPlayers().find((p) => p.auth?.userId === userId);
+    }
+  }, __name(_a, "AuthRoom"), _a);
+  return AuthRoom;
+}
+__name(withRoomAuth, "withRoomAuth");
+var _AuthRoomBase = class _AuthRoomBase {
+  constructor() {
+    /**
+     * @zh 认证配置（子类可覆盖）
+     * @en Auth config (can be overridden by subclass)
+     */
+    __publicField(this, "authConfig", {
+      requireAuth: true,
+      allowedRoles: [],
+      roleCheckMode: "any"
+    });
+  }
+  getAuthPlayer(id) {
+    return void 0;
+  }
+  getAuthPlayers() {
+    return [];
+  }
+  getPlayersByRole(role) {
+    return [];
+  }
+  getPlayerByUserId(userId) {
+    return void 0;
+  }
+};
+__name(_AuthRoomBase, "AuthRoomBase");
+var AuthRoomBase = _AuthRoomBase;
+// src/auth/decorators/requireAuth.ts
+var AUTH_METADATA_KEY = /* @__PURE__ */ Symbol("authMetadata");
+function getAuthMetadata(target, propertyKey) {
+  const metadata = target[AUTH_METADATA_KEY];
+  return metadata?.get(propertyKey);
+}
+__name(getAuthMetadata, "getAuthMetadata");
+function setAuthMetadata(target, propertyKey, metadata) {
+  if (!target[AUTH_METADATA_KEY]) {
+    target[AUTH_METADATA_KEY] = /* @__PURE__ */ new Map();
+  }
+  target[AUTH_METADATA_KEY].set(propertyKey, metadata);
+}
+__name(setAuthMetadata, "setAuthMetadata");
+function requireAuth(options) {
+  return function(target, propertyKey, descriptor) {
+    const key = String(propertyKey);
+    const existing = getAuthMetadata(target, key);
+    setAuthMetadata(target, key, {
+      ...existing,
+      requireAuth: true,
+      options
+    });
+    return descriptor;
+  };
+}
+__name(requireAuth, "requireAuth");
+// src/auth/decorators/requireRole.ts
+function setAuthMetadata2(target, propertyKey, metadata) {
+  if (!target[AUTH_METADATA_KEY]) {
+    target[AUTH_METADATA_KEY] = /* @__PURE__ */ new Map();
+  }
+  target[AUTH_METADATA_KEY].set(propertyKey, metadata);
+}
+__name(setAuthMetadata2, "setAuthMetadata");
+function requireRole2(roles, options) {
+  return function(target, propertyKey, descriptor) {
+    const key = String(propertyKey);
+    const existing = getAuthMetadata(target, key);
+    const roleArray = Array.isArray(roles) ? roles : [
+      roles
+    ];
+    setAuthMetadata2(target, key, {
+      ...existing,
+      requireAuth: true,
+      roles: roleArray,
+      roleMode: options?.mode ?? "any",
+      options
+    });
+    return descriptor;
+  };
+}
+__name(requireRole2, "requireRole");
+export { AUTH_METADATA_KEY, AuthContext, AuthRoomBase, JwtAuthProvider, SessionAuthProvider, createAuthContext, createGuestContext, createJwtAuthProvider, createSessionAuthProvider, defaultUserExtractor, getAuthContext, getAuthMetadata, requireAuth, requireAuthentication, requireRole2 as requireRole, requireRole as requireRoleCheck, setAuthContext, withAuth, withRoomAuth };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map