@etcsec-com/etc-collector 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example +60 -0
- package/.env.test.example +33 -0
- package/.github/workflows/ci.yml +83 -0
- package/.github/workflows/release.yml +246 -0
- package/.prettierrc.json +10 -0
- package/CHANGELOG.md +15 -0
- package/Dockerfile +57 -0
- package/LICENSE +190 -0
- package/README.md +194 -0
- package/dist/api/controllers/audit.controller.d.ts +21 -0
- package/dist/api/controllers/audit.controller.d.ts.map +1 -0
- package/dist/api/controllers/audit.controller.js +179 -0
- package/dist/api/controllers/audit.controller.js.map +1 -0
- package/dist/api/controllers/auth.controller.d.ts +16 -0
- package/dist/api/controllers/auth.controller.d.ts.map +1 -0
- package/dist/api/controllers/auth.controller.js +146 -0
- package/dist/api/controllers/auth.controller.js.map +1 -0
- package/dist/api/controllers/export.controller.d.ts +27 -0
- package/dist/api/controllers/export.controller.d.ts.map +1 -0
- package/dist/api/controllers/export.controller.js +80 -0
- package/dist/api/controllers/export.controller.js.map +1 -0
- package/dist/api/controllers/health.controller.d.ts +5 -0
- package/dist/api/controllers/health.controller.d.ts.map +1 -0
- package/dist/api/controllers/health.controller.js +16 -0
- package/dist/api/controllers/health.controller.js.map +1 -0
- package/dist/api/controllers/jobs.controller.d.ts +13 -0
- package/dist/api/controllers/jobs.controller.d.ts.map +1 -0
- package/dist/api/controllers/jobs.controller.js +125 -0
- package/dist/api/controllers/jobs.controller.js.map +1 -0
- package/dist/api/controllers/providers.controller.d.ts +15 -0
- package/dist/api/controllers/providers.controller.d.ts.map +1 -0
- package/dist/api/controllers/providers.controller.js +112 -0
- package/dist/api/controllers/providers.controller.js.map +1 -0
- package/dist/api/dto/AuditRequest.dto.d.ts +6 -0
- package/dist/api/dto/AuditRequest.dto.d.ts.map +1 -0
- package/dist/api/dto/AuditRequest.dto.js +3 -0
- package/dist/api/dto/AuditRequest.dto.js.map +1 -0
- package/dist/api/dto/AuditResponse.dto.d.ts +17 -0
- package/dist/api/dto/AuditResponse.dto.d.ts.map +1 -0
- package/dist/api/dto/AuditResponse.dto.js +3 -0
- package/dist/api/dto/AuditResponse.dto.js.map +1 -0
- package/dist/api/dto/TokenRequest.dto.d.ts +6 -0
- package/dist/api/dto/TokenRequest.dto.d.ts.map +1 -0
- package/dist/api/dto/TokenRequest.dto.js +3 -0
- package/dist/api/dto/TokenRequest.dto.js.map +1 -0
- package/dist/api/dto/TokenResponse.dto.d.ts +12 -0
- package/dist/api/dto/TokenResponse.dto.d.ts.map +1 -0
- package/dist/api/dto/TokenResponse.dto.js +3 -0
- package/dist/api/dto/TokenResponse.dto.js.map +1 -0
- package/dist/api/middlewares/authenticate.d.ts +12 -0
- package/dist/api/middlewares/authenticate.d.ts.map +1 -0
- package/dist/api/middlewares/authenticate.js +141 -0
- package/dist/api/middlewares/authenticate.js.map +1 -0
- package/dist/api/middlewares/errorHandler.d.ts +3 -0
- package/dist/api/middlewares/errorHandler.d.ts.map +1 -0
- package/dist/api/middlewares/errorHandler.js +30 -0
- package/dist/api/middlewares/errorHandler.js.map +1 -0
- package/dist/api/middlewares/rateLimit.d.ts +3 -0
- package/dist/api/middlewares/rateLimit.d.ts.map +1 -0
- package/dist/api/middlewares/rateLimit.js +34 -0
- package/dist/api/middlewares/rateLimit.js.map +1 -0
- package/dist/api/middlewares/validate.d.ts +4 -0
- package/dist/api/middlewares/validate.d.ts.map +1 -0
- package/dist/api/middlewares/validate.js +31 -0
- package/dist/api/middlewares/validate.js.map +1 -0
- package/dist/api/routes/audit.routes.d.ts +5 -0
- package/dist/api/routes/audit.routes.d.ts.map +1 -0
- package/dist/api/routes/audit.routes.js +24 -0
- package/dist/api/routes/audit.routes.js.map +1 -0
- package/dist/api/routes/auth.routes.d.ts +6 -0
- package/dist/api/routes/auth.routes.d.ts.map +1 -0
- package/dist/api/routes/auth.routes.js +22 -0
- package/dist/api/routes/auth.routes.js.map +1 -0
- package/dist/api/routes/export.routes.d.ts +5 -0
- package/dist/api/routes/export.routes.d.ts.map +1 -0
- package/dist/api/routes/export.routes.js +16 -0
- package/dist/api/routes/export.routes.js.map +1 -0
- package/dist/api/routes/health.routes.d.ts +4 -0
- package/dist/api/routes/health.routes.d.ts.map +1 -0
- package/dist/api/routes/health.routes.js +11 -0
- package/dist/api/routes/health.routes.js.map +1 -0
- package/dist/api/routes/index.d.ts +10 -0
- package/dist/api/routes/index.d.ts.map +1 -0
- package/dist/api/routes/index.js +20 -0
- package/dist/api/routes/index.js.map +1 -0
- package/dist/api/routes/providers.routes.d.ts +5 -0
- package/dist/api/routes/providers.routes.d.ts.map +1 -0
- package/dist/api/routes/providers.routes.js +13 -0
- package/dist/api/routes/providers.routes.js.map +1 -0
- package/dist/api/validators/audit.schemas.d.ts +60 -0
- package/dist/api/validators/audit.schemas.d.ts.map +1 -0
- package/dist/api/validators/audit.schemas.js +55 -0
- package/dist/api/validators/audit.schemas.js.map +1 -0
- package/dist/api/validators/auth.schemas.d.ts +17 -0
- package/dist/api/validators/auth.schemas.d.ts.map +1 -0
- package/dist/api/validators/auth.schemas.js +21 -0
- package/dist/api/validators/auth.schemas.js.map +1 -0
- package/dist/app.d.ts +3 -0
- package/dist/app.d.ts.map +1 -0
- package/dist/app.js +62 -0
- package/dist/app.js.map +1 -0
- package/dist/config/config.schema.d.ts +65 -0
- package/dist/config/config.schema.d.ts.map +1 -0
- package/dist/config/config.schema.js +95 -0
- package/dist/config/config.schema.js.map +1 -0
- package/dist/config/index.d.ts +4 -0
- package/dist/config/index.d.ts.map +1 -0
- package/dist/config/index.js +75 -0
- package/dist/config/index.js.map +1 -0
- package/dist/container.d.ts +47 -0
- package/dist/container.d.ts.map +1 -0
- package/dist/container.js +137 -0
- package/dist/container.js.map +1 -0
- package/dist/data/database.d.ts +13 -0
- package/dist/data/database.d.ts.map +1 -0
- package/dist/data/database.js +68 -0
- package/dist/data/database.js.map +1 -0
- package/dist/data/jobs/token-cleanup.job.d.ts +23 -0
- package/dist/data/jobs/token-cleanup.job.d.ts.map +1 -0
- package/dist/data/jobs/token-cleanup.job.js +96 -0
- package/dist/data/jobs/token-cleanup.job.js.map +1 -0
- package/dist/data/migrations/migration.runner.d.ts +13 -0
- package/dist/data/migrations/migration.runner.d.ts.map +1 -0
- package/dist/data/migrations/migration.runner.js +136 -0
- package/dist/data/migrations/migration.runner.js.map +1 -0
- package/dist/data/models/Token.model.d.ts +30 -0
- package/dist/data/models/Token.model.d.ts.map +1 -0
- package/dist/data/models/Token.model.js +3 -0
- package/dist/data/models/Token.model.js.map +1 -0
- package/dist/data/repositories/token.repository.d.ts +16 -0
- package/dist/data/repositories/token.repository.d.ts.map +1 -0
- package/dist/data/repositories/token.repository.js +97 -0
- package/dist/data/repositories/token.repository.js.map +1 -0
- package/dist/providers/azure/auth.provider.d.ts +5 -0
- package/dist/providers/azure/auth.provider.d.ts.map +1 -0
- package/dist/providers/azure/auth.provider.js +13 -0
- package/dist/providers/azure/auth.provider.js.map +1 -0
- package/dist/providers/azure/azure-errors.d.ts +40 -0
- package/dist/providers/azure/azure-errors.d.ts.map +1 -0
- package/dist/providers/azure/azure-errors.js +121 -0
- package/dist/providers/azure/azure-errors.js.map +1 -0
- package/dist/providers/azure/azure-retry.d.ts +41 -0
- package/dist/providers/azure/azure-retry.d.ts.map +1 -0
- package/dist/providers/azure/azure-retry.js +85 -0
- package/dist/providers/azure/azure-retry.js.map +1 -0
- package/dist/providers/azure/graph-client.d.ts +26 -0
- package/dist/providers/azure/graph-client.d.ts.map +1 -0
- package/dist/providers/azure/graph-client.js +146 -0
- package/dist/providers/azure/graph-client.js.map +1 -0
- package/dist/providers/azure/graph.provider.d.ts +23 -0
- package/dist/providers/azure/graph.provider.d.ts.map +1 -0
- package/dist/providers/azure/graph.provider.js +161 -0
- package/dist/providers/azure/graph.provider.js.map +1 -0
- package/dist/providers/azure/queries/app.queries.d.ts +6 -0
- package/dist/providers/azure/queries/app.queries.d.ts.map +1 -0
- package/dist/providers/azure/queries/app.queries.js +9 -0
- package/dist/providers/azure/queries/app.queries.js.map +1 -0
- package/dist/providers/azure/queries/policy.queries.d.ts +6 -0
- package/dist/providers/azure/queries/policy.queries.d.ts.map +1 -0
- package/dist/providers/azure/queries/policy.queries.js +9 -0
- package/dist/providers/azure/queries/policy.queries.js.map +1 -0
- package/dist/providers/azure/queries/user.queries.d.ts +7 -0
- package/dist/providers/azure/queries/user.queries.d.ts.map +1 -0
- package/dist/providers/azure/queries/user.queries.js +10 -0
- package/dist/providers/azure/queries/user.queries.js.map +1 -0
- package/dist/providers/interfaces/IGraphProvider.d.ts +31 -0
- package/dist/providers/interfaces/IGraphProvider.d.ts.map +1 -0
- package/dist/providers/interfaces/IGraphProvider.js +3 -0
- package/dist/providers/interfaces/IGraphProvider.js.map +1 -0
- package/dist/providers/interfaces/ILDAPProvider.d.ts +37 -0
- package/dist/providers/interfaces/ILDAPProvider.d.ts.map +1 -0
- package/dist/providers/interfaces/ILDAPProvider.js +3 -0
- package/dist/providers/interfaces/ILDAPProvider.js.map +1 -0
- package/dist/providers/ldap/acl-parser.d.ts +8 -0
- package/dist/providers/ldap/acl-parser.d.ts.map +1 -0
- package/dist/providers/ldap/acl-parser.js +157 -0
- package/dist/providers/ldap/acl-parser.js.map +1 -0
- package/dist/providers/ldap/ad-mappers.d.ts +8 -0
- package/dist/providers/ldap/ad-mappers.d.ts.map +1 -0
- package/dist/providers/ldap/ad-mappers.js +162 -0
- package/dist/providers/ldap/ad-mappers.js.map +1 -0
- package/dist/providers/ldap/ldap-client.d.ts +33 -0
- package/dist/providers/ldap/ldap-client.d.ts.map +1 -0
- package/dist/providers/ldap/ldap-client.js +195 -0
- package/dist/providers/ldap/ldap-client.js.map +1 -0
- package/dist/providers/ldap/ldap-errors.d.ts +48 -0
- package/dist/providers/ldap/ldap-errors.d.ts.map +1 -0
- package/dist/providers/ldap/ldap-errors.js +120 -0
- package/dist/providers/ldap/ldap-errors.js.map +1 -0
- package/dist/providers/ldap/ldap-retry.d.ts +14 -0
- package/dist/providers/ldap/ldap-retry.d.ts.map +1 -0
- package/dist/providers/ldap/ldap-retry.js +102 -0
- package/dist/providers/ldap/ldap-retry.js.map +1 -0
- package/dist/providers/ldap/ldap-sanitizer.d.ts +12 -0
- package/dist/providers/ldap/ldap-sanitizer.d.ts.map +1 -0
- package/dist/providers/ldap/ldap-sanitizer.js +104 -0
- package/dist/providers/ldap/ldap-sanitizer.js.map +1 -0
- package/dist/providers/ldap/ldap.provider.d.ts +21 -0
- package/dist/providers/ldap/ldap.provider.d.ts.map +1 -0
- package/dist/providers/ldap/ldap.provider.js +165 -0
- package/dist/providers/ldap/ldap.provider.js.map +1 -0
- package/dist/providers/ldap/queries/computer.queries.d.ts +6 -0
- package/dist/providers/ldap/queries/computer.queries.d.ts.map +1 -0
- package/dist/providers/ldap/queries/computer.queries.js +9 -0
- package/dist/providers/ldap/queries/computer.queries.js.map +1 -0
- package/dist/providers/ldap/queries/group.queries.d.ts +6 -0
- package/dist/providers/ldap/queries/group.queries.d.ts.map +1 -0
- package/dist/providers/ldap/queries/group.queries.js +9 -0
- package/dist/providers/ldap/queries/group.queries.js.map +1 -0
- package/dist/providers/ldap/queries/user.queries.d.ts +7 -0
- package/dist/providers/ldap/queries/user.queries.d.ts.map +1 -0
- package/dist/providers/ldap/queries/user.queries.js +10 -0
- package/dist/providers/ldap/queries/user.queries.js.map +1 -0
- package/dist/providers/smb/smb.provider.d.ts +68 -0
- package/dist/providers/smb/smb.provider.d.ts.map +1 -0
- package/dist/providers/smb/smb.provider.js +382 -0
- package/dist/providers/smb/smb.provider.js.map +1 -0
- package/dist/server.d.ts +2 -0
- package/dist/server.d.ts.map +1 -0
- package/dist/server.js +44 -0
- package/dist/server.js.map +1 -0
- package/dist/services/audit/ad-audit.service.d.ts +70 -0
- package/dist/services/audit/ad-audit.service.d.ts.map +1 -0
- package/dist/services/audit/ad-audit.service.js +1019 -0
- package/dist/services/audit/ad-audit.service.js.map +1 -0
- package/dist/services/audit/attack-graph.service.d.ts +62 -0
- package/dist/services/audit/attack-graph.service.d.ts.map +1 -0
- package/dist/services/audit/attack-graph.service.js +702 -0
- package/dist/services/audit/attack-graph.service.js.map +1 -0
- package/dist/services/audit/audit.service.d.ts +4 -0
- package/dist/services/audit/audit.service.d.ts.map +1 -0
- package/dist/services/audit/audit.service.js +10 -0
- package/dist/services/audit/audit.service.js.map +1 -0
- package/dist/services/audit/azure-audit.service.d.ts +37 -0
- package/dist/services/audit/azure-audit.service.d.ts.map +1 -0
- package/dist/services/audit/azure-audit.service.js +153 -0
- package/dist/services/audit/azure-audit.service.js.map +1 -0
- package/dist/services/audit/detectors/ad/accounts.detector.d.ts +37 -0
- package/dist/services/audit/detectors/ad/accounts.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/accounts.detector.js +881 -0
- package/dist/services/audit/detectors/ad/accounts.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/adcs.detector.d.ts +21 -0
- package/dist/services/audit/detectors/ad/adcs.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/adcs.detector.js +227 -0
- package/dist/services/audit/detectors/ad/adcs.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/advanced.detector.d.ts +63 -0
- package/dist/services/audit/detectors/ad/advanced.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/advanced.detector.js +867 -0
- package/dist/services/audit/detectors/ad/advanced.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts +16 -0
- package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/attack-paths.detector.js +369 -0
- package/dist/services/audit/detectors/ad/attack-paths.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/compliance.detector.d.ts +28 -0
- package/dist/services/audit/detectors/ad/compliance.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/compliance.detector.js +896 -0
- package/dist/services/audit/detectors/ad/compliance.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/computers.detector.d.ts +30 -0
- package/dist/services/audit/detectors/ad/computers.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/computers.detector.js +799 -0
- package/dist/services/audit/detectors/ad/computers.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/gpo.detector.d.ts +17 -0
- package/dist/services/audit/detectors/ad/gpo.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/gpo.detector.js +257 -0
- package/dist/services/audit/detectors/ad/gpo.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/groups.detector.d.ts +19 -0
- package/dist/services/audit/detectors/ad/groups.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/groups.detector.js +488 -0
- package/dist/services/audit/detectors/ad/groups.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/index.d.ts +15 -0
- package/dist/services/audit/detectors/ad/index.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/index.js +51 -0
- package/dist/services/audit/detectors/ad/index.js.map +1 -0
- package/dist/services/audit/detectors/ad/kerberos.detector.d.ts +17 -0
- package/dist/services/audit/detectors/ad/kerberos.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/kerberos.detector.js +293 -0
- package/dist/services/audit/detectors/ad/kerberos.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/monitoring.detector.d.ts +23 -0
- package/dist/services/audit/detectors/ad/monitoring.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/monitoring.detector.js +328 -0
- package/dist/services/audit/detectors/ad/monitoring.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/network.detector.d.ts +39 -0
- package/dist/services/audit/detectors/ad/network.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/network.detector.js +257 -0
- package/dist/services/audit/detectors/ad/network.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/password.detector.d.ts +14 -0
- package/dist/services/audit/detectors/ad/password.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/password.detector.js +235 -0
- package/dist/services/audit/detectors/ad/password.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/permissions.detector.d.ts +20 -0
- package/dist/services/audit/detectors/ad/permissions.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/permissions.detector.js +392 -0
- package/dist/services/audit/detectors/ad/permissions.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/trusts.detector.d.ts +11 -0
- package/dist/services/audit/detectors/ad/trusts.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/trusts.detector.js +186 -0
- package/dist/services/audit/detectors/ad/trusts.detector.js.map +1 -0
- package/dist/services/audit/detectors/azure/app-security.detector.d.ts +11 -0
- package/dist/services/audit/detectors/azure/app-security.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/azure/app-security.detector.js +184 -0
- package/dist/services/audit/detectors/azure/app-security.detector.js.map +1 -0
- package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts +10 -0
- package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/azure/conditional-access.detector.js +130 -0
- package/dist/services/audit/detectors/azure/conditional-access.detector.js.map +1 -0
- package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts +8 -0
- package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/azure/privilege-security.detector.js +113 -0
- package/dist/services/audit/detectors/azure/privilege-security.detector.js.map +1 -0
- package/dist/services/audit/detectors/azure/user-security.detector.d.ts +14 -0
- package/dist/services/audit/detectors/azure/user-security.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/azure/user-security.detector.js +198 -0
- package/dist/services/audit/detectors/azure/user-security.detector.js.map +1 -0
- package/dist/services/audit/detectors/index.d.ts +2 -0
- package/dist/services/audit/detectors/index.d.ts.map +1 -0
- package/dist/services/audit/detectors/index.js +38 -0
- package/dist/services/audit/detectors/index.js.map +1 -0
- package/dist/services/audit/response-formatter.d.ts +176 -0
- package/dist/services/audit/response-formatter.d.ts.map +1 -0
- package/dist/services/audit/response-formatter.js +240 -0
- package/dist/services/audit/response-formatter.js.map +1 -0
- package/dist/services/audit/scoring.service.d.ts +15 -0
- package/dist/services/audit/scoring.service.d.ts.map +1 -0
- package/dist/services/audit/scoring.service.js +139 -0
- package/dist/services/audit/scoring.service.js.map +1 -0
- package/dist/services/auth/crypto.service.d.ts +19 -0
- package/dist/services/auth/crypto.service.d.ts.map +1 -0
- package/dist/services/auth/crypto.service.js +135 -0
- package/dist/services/auth/crypto.service.js.map +1 -0
- package/dist/services/auth/errors.d.ts +19 -0
- package/dist/services/auth/errors.d.ts.map +1 -0
- package/dist/services/auth/errors.js +46 -0
- package/dist/services/auth/errors.js.map +1 -0
- package/dist/services/auth/token.service.d.ts +41 -0
- package/dist/services/auth/token.service.d.ts.map +1 -0
- package/dist/services/auth/token.service.js +208 -0
- package/dist/services/auth/token.service.js.map +1 -0
- package/dist/services/config/config.service.d.ts +6 -0
- package/dist/services/config/config.service.d.ts.map +1 -0
- package/dist/services/config/config.service.js +64 -0
- package/dist/services/config/config.service.js.map +1 -0
- package/dist/services/export/export.service.d.ts +28 -0
- package/dist/services/export/export.service.d.ts.map +1 -0
- package/dist/services/export/export.service.js +28 -0
- package/dist/services/export/export.service.js.map +1 -0
- package/dist/services/export/formatters/csv.formatter.d.ts +8 -0
- package/dist/services/export/formatters/csv.formatter.d.ts.map +1 -0
- package/dist/services/export/formatters/csv.formatter.js +46 -0
- package/dist/services/export/formatters/csv.formatter.js.map +1 -0
- package/dist/services/export/formatters/json.formatter.d.ts +40 -0
- package/dist/services/export/formatters/json.formatter.d.ts.map +1 -0
- package/dist/services/export/formatters/json.formatter.js +58 -0
- package/dist/services/export/formatters/json.formatter.js.map +1 -0
- package/dist/services/jobs/azure-job-runner.d.ts +38 -0
- package/dist/services/jobs/azure-job-runner.d.ts.map +1 -0
- package/dist/services/jobs/azure-job-runner.js +199 -0
- package/dist/services/jobs/azure-job-runner.js.map +1 -0
- package/dist/services/jobs/index.d.ts +4 -0
- package/dist/services/jobs/index.d.ts.map +1 -0
- package/dist/services/jobs/index.js +20 -0
- package/dist/services/jobs/index.js.map +1 -0
- package/dist/services/jobs/job-runner.d.ts +64 -0
- package/dist/services/jobs/job-runner.d.ts.map +1 -0
- package/dist/services/jobs/job-runner.js +952 -0
- package/dist/services/jobs/job-runner.js.map +1 -0
- package/dist/services/jobs/job-store.d.ts +27 -0
- package/dist/services/jobs/job-store.d.ts.map +1 -0
- package/dist/services/jobs/job-store.js +261 -0
- package/dist/services/jobs/job-store.js.map +1 -0
- package/dist/services/jobs/job.types.d.ts +67 -0
- package/dist/services/jobs/job.types.d.ts.map +1 -0
- package/dist/services/jobs/job.types.js +36 -0
- package/dist/services/jobs/job.types.js.map +1 -0
- package/dist/types/ad.types.d.ts +74 -0
- package/dist/types/ad.types.d.ts.map +1 -0
- package/dist/types/ad.types.js +3 -0
- package/dist/types/ad.types.js.map +1 -0
- package/dist/types/adcs.types.d.ts +58 -0
- package/dist/types/adcs.types.d.ts.map +1 -0
- package/dist/types/adcs.types.js +38 -0
- package/dist/types/adcs.types.js.map +1 -0
- package/dist/types/attack-graph.types.d.ts +135 -0
- package/dist/types/attack-graph.types.d.ts.map +1 -0
- package/dist/types/attack-graph.types.js +58 -0
- package/dist/types/attack-graph.types.js.map +1 -0
- package/dist/types/audit.types.d.ts +34 -0
- package/dist/types/audit.types.d.ts.map +1 -0
- package/dist/types/audit.types.js +3 -0
- package/dist/types/audit.types.js.map +1 -0
- package/dist/types/azure.types.d.ts +61 -0
- package/dist/types/azure.types.d.ts.map +1 -0
- package/dist/types/azure.types.js +3 -0
- package/dist/types/azure.types.js.map +1 -0
- package/dist/types/config.types.d.ts +63 -0
- package/dist/types/config.types.d.ts.map +1 -0
- package/dist/types/config.types.js +3 -0
- package/dist/types/config.types.js.map +1 -0
- package/dist/types/error.types.d.ts +33 -0
- package/dist/types/error.types.d.ts.map +1 -0
- package/dist/types/error.types.js +70 -0
- package/dist/types/error.types.js.map +1 -0
- package/dist/types/finding.types.d.ts +133 -0
- package/dist/types/finding.types.d.ts.map +1 -0
- package/dist/types/finding.types.js +3 -0
- package/dist/types/finding.types.js.map +1 -0
- package/dist/types/gpo.types.d.ts +39 -0
- package/dist/types/gpo.types.d.ts.map +1 -0
- package/dist/types/gpo.types.js +15 -0
- package/dist/types/gpo.types.js.map +1 -0
- package/dist/types/token.types.d.ts +26 -0
- package/dist/types/token.types.d.ts.map +1 -0
- package/dist/types/token.types.js +3 -0
- package/dist/types/token.types.js.map +1 -0
- package/dist/types/trust.types.d.ts +45 -0
- package/dist/types/trust.types.d.ts.map +1 -0
- package/dist/types/trust.types.js +71 -0
- package/dist/types/trust.types.js.map +1 -0
- package/dist/utils/entity-converter.d.ts +17 -0
- package/dist/utils/entity-converter.d.ts.map +1 -0
- package/dist/utils/entity-converter.js +285 -0
- package/dist/utils/entity-converter.js.map +1 -0
- package/dist/utils/graph.util.d.ts +66 -0
- package/dist/utils/graph.util.d.ts.map +1 -0
- package/dist/utils/graph.util.js +382 -0
- package/dist/utils/graph.util.js.map +1 -0
- package/dist/utils/logger.d.ts +7 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +86 -0
- package/dist/utils/logger.js.map +1 -0
- package/dist/utils/type-name-normalizer.d.ts +5 -0
- package/dist/utils/type-name-normalizer.d.ts.map +1 -0
- package/dist/utils/type-name-normalizer.js +218 -0
- package/dist/utils/type-name-normalizer.js.map +1 -0
- package/docker-compose.yml +26 -0
- package/docs/api/README.md +178 -0
- package/docs/api/openapi.yaml +1524 -0
- package/eslint.config.js +54 -0
- package/jest.config.js +38 -0
- package/package.json +97 -0
- package/scripts/fetch-ad-cert.sh +142 -0
- package/src/.gitkeep +0 -0
- package/src/api/.gitkeep +0 -0
- package/src/api/controllers/.gitkeep +0 -0
- package/src/api/controllers/audit.controller.ts +313 -0
- package/src/api/controllers/auth.controller.ts +258 -0
- package/src/api/controllers/export.controller.ts +153 -0
- package/src/api/controllers/health.controller.ts +16 -0
- package/src/api/controllers/jobs.controller.ts +187 -0
- package/src/api/controllers/providers.controller.ts +165 -0
- package/src/api/dto/.gitkeep +0 -0
- package/src/api/dto/AuditRequest.dto.ts +8 -0
- package/src/api/dto/AuditResponse.dto.ts +19 -0
- package/src/api/dto/TokenRequest.dto.ts +8 -0
- package/src/api/dto/TokenResponse.dto.ts +14 -0
- package/src/api/middlewares/.gitkeep +0 -0
- package/src/api/middlewares/authenticate.ts +203 -0
- package/src/api/middlewares/errorHandler.ts +54 -0
- package/src/api/middlewares/rateLimit.ts +35 -0
- package/src/api/middlewares/validate.ts +32 -0
- package/src/api/routes/.gitkeep +0 -0
- package/src/api/routes/audit.routes.ts +77 -0
- package/src/api/routes/auth.routes.ts +71 -0
- package/src/api/routes/export.routes.ts +34 -0
- package/src/api/routes/health.routes.ts +14 -0
- package/src/api/routes/index.ts +40 -0
- package/src/api/routes/providers.routes.ts +24 -0
- package/src/api/validators/.gitkeep +0 -0
- package/src/api/validators/audit.schemas.ts +59 -0
- package/src/api/validators/auth.schemas.ts +59 -0
- package/src/app.ts +87 -0
- package/src/config/.gitkeep +0 -0
- package/src/config/config.schema.ts +108 -0
- package/src/config/index.ts +82 -0
- package/src/container.ts +221 -0
- package/src/data/.gitkeep +0 -0
- package/src/data/database.ts +78 -0
- package/src/data/jobs/token-cleanup.job.ts +166 -0
- package/src/data/migrations/.gitkeep +0 -0
- package/src/data/migrations/001_initial_schema.sql +47 -0
- package/src/data/migrations/migration.runner.ts +125 -0
- package/src/data/models/.gitkeep +0 -0
- package/src/data/models/Token.model.ts +35 -0
- package/src/data/repositories/.gitkeep +0 -0
- package/src/data/repositories/token.repository.ts +160 -0
- package/src/providers/.gitkeep +0 -0
- package/src/providers/azure/.gitkeep +0 -0
- package/src/providers/azure/auth.provider.ts +14 -0
- package/src/providers/azure/azure-errors.ts +189 -0
- package/src/providers/azure/azure-retry.ts +168 -0
- package/src/providers/azure/graph-client.ts +315 -0
- package/src/providers/azure/graph.provider.ts +294 -0
- package/src/providers/azure/queries/app.queries.ts +9 -0
- package/src/providers/azure/queries/policy.queries.ts +9 -0
- package/src/providers/azure/queries/user.queries.ts +10 -0
- package/src/providers/interfaces/.gitkeep +0 -0
- package/src/providers/interfaces/IGraphProvider.ts +117 -0
- package/src/providers/interfaces/ILDAPProvider.ts +142 -0
- package/src/providers/ldap/.gitkeep +0 -0
- package/src/providers/ldap/acl-parser.ts +231 -0
- package/src/providers/ldap/ad-mappers.ts +280 -0
- package/src/providers/ldap/ldap-client.ts +259 -0
- package/src/providers/ldap/ldap-errors.ts +188 -0
- package/src/providers/ldap/ldap-retry.ts +267 -0
- package/src/providers/ldap/ldap-sanitizer.ts +273 -0
- package/src/providers/ldap/ldap.provider.ts +293 -0
- package/src/providers/ldap/queries/computer.queries.ts +9 -0
- package/src/providers/ldap/queries/group.queries.ts +9 -0
- package/src/providers/ldap/queries/user.queries.ts +10 -0
- package/src/providers/smb/smb.provider.ts +653 -0
- package/src/server.ts +60 -0
- package/src/services/.gitkeep +0 -0
- package/src/services/audit/.gitkeep +0 -0
- package/src/services/audit/ad-audit.service.ts +1481 -0
- package/src/services/audit/attack-graph.service.ts +1104 -0
- package/src/services/audit/audit.service.ts +12 -0
- package/src/services/audit/azure-audit.service.ts +286 -0
- package/src/services/audit/detectors/ad/accounts.detector.ts +1232 -0
- package/src/services/audit/detectors/ad/adcs.detector.ts +449 -0
- package/src/services/audit/detectors/ad/advanced.detector.ts +1270 -0
- package/src/services/audit/detectors/ad/attack-paths.detector.ts +600 -0
- package/src/services/audit/detectors/ad/compliance.detector.ts +1421 -0
- package/src/services/audit/detectors/ad/computers.detector.ts +1188 -0
- package/src/services/audit/detectors/ad/gpo.detector.ts +485 -0
- package/src/services/audit/detectors/ad/groups.detector.ts +685 -0
- package/src/services/audit/detectors/ad/index.ts +84 -0
- package/src/services/audit/detectors/ad/kerberos.detector.ts +424 -0
- package/src/services/audit/detectors/ad/monitoring.detector.ts +501 -0
- package/src/services/audit/detectors/ad/network.detector.ts +538 -0
- package/src/services/audit/detectors/ad/password.detector.ts +324 -0
- package/src/services/audit/detectors/ad/permissions.detector.ts +637 -0
- package/src/services/audit/detectors/ad/trusts.detector.ts +315 -0
- package/src/services/audit/detectors/azure/app-security.detector.ts +246 -0
- package/src/services/audit/detectors/azure/conditional-access.detector.ts +186 -0
- package/src/services/audit/detectors/azure/privilege-security.detector.ts +176 -0
- package/src/services/audit/detectors/azure/user-security.detector.ts +280 -0
- package/src/services/audit/detectors/index.ts +18 -0
- package/src/services/audit/response-formatter.ts +604 -0
- package/src/services/audit/scoring.service.ts +234 -0
- package/src/services/auth/.gitkeep +0 -0
- package/src/services/auth/crypto.service.ts +230 -0
- package/src/services/auth/errors.ts +47 -0
- package/src/services/auth/token.service.ts +420 -0
- package/src/services/config/.gitkeep +0 -0
- package/src/services/config/config.service.ts +75 -0
- package/src/services/export/.gitkeep +0 -0
- package/src/services/export/export.service.ts +99 -0
- package/src/services/export/formatters/csv.formatter.ts +124 -0
- package/src/services/export/formatters/json.formatter.ts +160 -0
- package/src/services/jobs/azure-job-runner.ts +312 -0
- package/src/services/jobs/index.ts +9 -0
- package/src/services/jobs/job-runner.ts +1280 -0
- package/src/services/jobs/job-store.ts +384 -0
- package/src/services/jobs/job.types.ts +182 -0
- package/src/types/.gitkeep +0 -0
- package/src/types/ad.types.ts +91 -0
- package/src/types/adcs.types.ts +107 -0
- package/src/types/attack-graph.types.ts +260 -0
- package/src/types/audit.types.ts +42 -0
- package/src/types/azure.types.ts +68 -0
- package/src/types/config.types.ts +79 -0
- package/src/types/error.types.ts +69 -0
- package/src/types/finding.types.ts +284 -0
- package/src/types/gpo.types.ts +72 -0
- package/src/types/smb2.d.ts +73 -0
- package/src/types/token.types.ts +32 -0
- package/src/types/trust.types.ts +140 -0
- package/src/utils/.gitkeep +0 -0
- package/src/utils/entity-converter.ts +453 -0
- package/src/utils/graph.util.ts +609 -0
- package/src/utils/logger.ts +111 -0
- package/src/utils/type-name-normalizer.ts +302 -0
- package/tests/.gitkeep +0 -0
- package/tests/e2e/.gitkeep +0 -0
- package/tests/fixtures/.gitkeep +0 -0
- package/tests/integration/.gitkeep +0 -0
- package/tests/integration/README.md +156 -0
- package/tests/integration/ad-audit.integration.test.ts +216 -0
- package/tests/integration/api/.gitkeep +0 -0
- package/tests/integration/api/endpoints.integration.test.ts +431 -0
- package/tests/integration/auth/jwt-authentication.integration.test.ts +358 -0
- package/tests/integration/providers/.gitkeep +0 -0
- package/tests/integration/providers/azure-basic.integration.test.ts +167 -0
- package/tests/integration/providers/ldap-basic.integration.test.ts +152 -0
- package/tests/integration/providers/ldap-connectivity.test.ts +44 -0
- package/tests/integration/providers/ldap-provider.integration.test.ts +347 -0
- package/tests/mocks/.gitkeep +0 -0
- package/tests/setup.ts +16 -0
- package/tests/unit/.gitkeep +0 -0
- package/tests/unit/api/middlewares/authenticate.test.ts +446 -0
- package/tests/unit/providers/.gitkeep +0 -0
- package/tests/unit/providers/azure/azure-errors.test.ts +193 -0
- package/tests/unit/providers/azure/azure-retry.test.ts +254 -0
- package/tests/unit/providers/azure/graph-provider.test.ts +313 -0
- package/tests/unit/providers/ldap/ad-mappers.test.ts +392 -0
- package/tests/unit/providers/ldap/ldap-provider.test.ts +376 -0
- package/tests/unit/providers/ldap/ldap-retry.test.ts +377 -0
- package/tests/unit/providers/ldap/ldap-sanitizer.test.ts +301 -0
- package/tests/unit/sample.test.ts +19 -0
- package/tests/unit/services/.gitkeep +0 -0
- package/tests/unit/services/audit/detectors/ad/accounts.detector.test.ts +393 -0
- package/tests/unit/services/audit/detectors/ad/advanced.detector.test.ts +380 -0
- package/tests/unit/services/audit/detectors/ad/computers.detector.test.ts +440 -0
- package/tests/unit/services/audit/detectors/ad/groups.detector.test.ts +276 -0
- package/tests/unit/services/audit/detectors/ad/kerberos.detector.test.ts +215 -0
- package/tests/unit/services/audit/detectors/ad/password.detector.test.ts +226 -0
- package/tests/unit/services/audit/detectors/ad/permissions.detector.test.ts +244 -0
- package/tests/unit/services/audit/detectors/azure/app-security.detector.test.ts +349 -0
- package/tests/unit/services/audit/detectors/azure/conditional-access.detector.test.ts +374 -0
- package/tests/unit/services/audit/detectors/azure/privilege-security.detector.test.ts +374 -0
- package/tests/unit/services/audit/detectors/azure/user-security.detector.test.ts +297 -0
- package/tests/unit/services/auth/crypto.service.test.ts +296 -0
- package/tests/unit/services/auth/token.service.test.ts +579 -0
- package/tests/unit/services/export/export.service.test.ts +241 -0
- package/tests/unit/services/export/formatters/csv.formatter.test.ts +270 -0
- package/tests/unit/services/export/formatters/json.formatter.test.ts +258 -0
- package/tests/unit/utils/.gitkeep +0 -0
- package/tsconfig.json +50 -0
|
@@ -0,0 +1,579 @@
|
|
|
1
|
+
import { TokenService, GenerateTokenRequest, TokenPayload } from '../../../../src/services/auth/token.service';
|
|
2
|
+
import { TokenRepository } from '../../../../src/data/repositories/token.repository';
|
|
3
|
+
import { CryptoService } from '../../../../src/services/auth/crypto.service';
|
|
4
|
+
import { Token } from '../../../../src/data/models/Token.model';
|
|
5
|
+
import {
|
|
6
|
+
TokenExpiredError,
|
|
7
|
+
TokenRevokedError,
|
|
8
|
+
UsageLimitExceededError,
|
|
9
|
+
TokenNotFoundError,
|
|
10
|
+
InvalidSignatureError,
|
|
11
|
+
} from '../../../../src/services/auth/errors';
|
|
12
|
+
import jwt from 'jsonwebtoken';
|
|
13
|
+
|
|
14
|
+
/**
|
|
15
|
+
* Unit Tests for TokenService
|
|
16
|
+
* Task 8: Write Unit Tests for Token Service (Story 1.4)
|
|
17
|
+
*/
|
|
18
|
+
|
|
19
|
+
// Mock logger first to avoid initialization errors
|
|
20
|
+
jest.mock('../../../../src/utils/logger', () => ({
|
|
21
|
+
logger: {
|
|
22
|
+
info: jest.fn(),
|
|
23
|
+
warn: jest.fn(),
|
|
24
|
+
error: jest.fn(),
|
|
25
|
+
debug: jest.fn(),
|
|
26
|
+
},
|
|
27
|
+
}));
|
|
28
|
+
|
|
29
|
+
// Mock uuid
|
|
30
|
+
jest.mock('uuid', () => ({
|
|
31
|
+
v4: jest.fn(() => 'mock-uuid-v4'),
|
|
32
|
+
}));
|
|
33
|
+
|
|
34
|
+
// Mock dependencies
|
|
35
|
+
jest.mock('../../../../src/data/repositories/token.repository');
|
|
36
|
+
jest.mock('../../../../src/services/auth/crypto.service');
|
|
37
|
+
jest.mock('jsonwebtoken');
|
|
38
|
+
|
|
39
|
+
describe('TokenService', () => {
|
|
40
|
+
let tokenService: TokenService;
|
|
41
|
+
let mockTokenRepo: jest.Mocked<TokenRepository>;
|
|
42
|
+
let mockCryptoService: jest.Mocked<CryptoService>;
|
|
43
|
+
|
|
44
|
+
const MOCK_PRIVATE_KEY = '-----BEGIN PRIVATE KEY-----\nMOCK_KEY\n-----END PRIVATE KEY-----';
|
|
45
|
+
const MOCK_PUBLIC_KEY = '-----BEGIN PUBLIC KEY-----\nMOCK_KEY\n-----END PUBLIC KEY-----';
|
|
46
|
+
const MOCK_JWT_TOKEN = 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.mock.signature';
|
|
47
|
+
|
|
48
|
+
beforeEach(() => {
|
|
49
|
+
// Clear all mocks
|
|
50
|
+
jest.clearAllMocks();
|
|
51
|
+
|
|
52
|
+
// Create mock instances
|
|
53
|
+
mockTokenRepo = new TokenRepository({} as any) as jest.Mocked<TokenRepository>;
|
|
54
|
+
mockCryptoService = new CryptoService('', '') as jest.Mocked<CryptoService>;
|
|
55
|
+
|
|
56
|
+
// Setup default mock behaviors
|
|
57
|
+
mockCryptoService.getPrivateKey.mockReturnValue(MOCK_PRIVATE_KEY);
|
|
58
|
+
mockCryptoService.getPublicKey.mockReturnValue(MOCK_PUBLIC_KEY);
|
|
59
|
+
|
|
60
|
+
// Create service with mocks
|
|
61
|
+
tokenService = new TokenService(mockTokenRepo, mockCryptoService);
|
|
62
|
+
});
|
|
63
|
+
|
|
64
|
+
describe('generate', () => {
|
|
65
|
+
it('should generate a valid JWT token with default options', async () => {
|
|
66
|
+
// Arrange
|
|
67
|
+
const options: GenerateTokenRequest = {
|
|
68
|
+
expiresIn: '1h',
|
|
69
|
+
maxUses: 0,
|
|
70
|
+
};
|
|
71
|
+
|
|
72
|
+
(jwt.sign as jest.Mock).mockReturnValue(MOCK_JWT_TOKEN);
|
|
73
|
+
|
|
74
|
+
mockTokenRepo.create.mockReturnValue({
|
|
75
|
+
id: 1,
|
|
76
|
+
jti: 'mock-jti',
|
|
77
|
+
public_key: MOCK_PUBLIC_KEY,
|
|
78
|
+
created_at: new Date().toISOString(),
|
|
79
|
+
expires_at: new Date(Date.now() + 3600000).toISOString(),
|
|
80
|
+
max_uses: 0,
|
|
81
|
+
used_count: 0,
|
|
82
|
+
revoked_at: null,
|
|
83
|
+
revoked_by: null,
|
|
84
|
+
revoked_reason: null,
|
|
85
|
+
metadata: null,
|
|
86
|
+
} as Token);
|
|
87
|
+
|
|
88
|
+
// Act
|
|
89
|
+
const token = await tokenService.generate(options);
|
|
90
|
+
|
|
91
|
+
// Assert
|
|
92
|
+
expect(token).toBe(MOCK_JWT_TOKEN);
|
|
93
|
+
expect(jwt.sign).toHaveBeenCalledWith(
|
|
94
|
+
expect.objectContaining({
|
|
95
|
+
iss: 'etc-collector',
|
|
96
|
+
sub: 'system',
|
|
97
|
+
service: 'etc-collector',
|
|
98
|
+
maxUses: 0,
|
|
99
|
+
}),
|
|
100
|
+
MOCK_PRIVATE_KEY,
|
|
101
|
+
{ algorithm: 'RS256' }
|
|
102
|
+
);
|
|
103
|
+
expect(mockTokenRepo.create).toHaveBeenCalledWith(
|
|
104
|
+
expect.objectContaining({
|
|
105
|
+
public_key: MOCK_PUBLIC_KEY,
|
|
106
|
+
max_uses: 0,
|
|
107
|
+
})
|
|
108
|
+
);
|
|
109
|
+
});
|
|
110
|
+
|
|
111
|
+
it('should generate token with custom maxUses', async () => {
|
|
112
|
+
// Arrange
|
|
113
|
+
const options: GenerateTokenRequest = {
|
|
114
|
+
expiresIn: '7d',
|
|
115
|
+
maxUses: 10,
|
|
116
|
+
};
|
|
117
|
+
|
|
118
|
+
(jwt.sign as jest.Mock).mockReturnValue(MOCK_JWT_TOKEN);
|
|
119
|
+
mockTokenRepo.create.mockReturnValue({} as Token);
|
|
120
|
+
|
|
121
|
+
// Act
|
|
122
|
+
await tokenService.generate(options);
|
|
123
|
+
|
|
124
|
+
// Assert
|
|
125
|
+
expect(jwt.sign).toHaveBeenCalledWith(
|
|
126
|
+
expect.objectContaining({
|
|
127
|
+
maxUses: 10,
|
|
128
|
+
}),
|
|
129
|
+
MOCK_PRIVATE_KEY,
|
|
130
|
+
{ algorithm: 'RS256' }
|
|
131
|
+
);
|
|
132
|
+
expect(mockTokenRepo.create).toHaveBeenCalledWith(
|
|
133
|
+
expect.objectContaining({
|
|
134
|
+
max_uses: 10,
|
|
135
|
+
})
|
|
136
|
+
);
|
|
137
|
+
});
|
|
138
|
+
|
|
139
|
+
it('should generate token with metadata', async () => {
|
|
140
|
+
// Arrange
|
|
141
|
+
const metadata = { purpose: 'audit', user: 'admin' };
|
|
142
|
+
const options: GenerateTokenRequest = {
|
|
143
|
+
expiresIn: '1h',
|
|
144
|
+
maxUses: 0,
|
|
145
|
+
metadata,
|
|
146
|
+
};
|
|
147
|
+
|
|
148
|
+
(jwt.sign as jest.Mock).mockReturnValue(MOCK_JWT_TOKEN);
|
|
149
|
+
mockTokenRepo.create.mockReturnValue({} as Token);
|
|
150
|
+
|
|
151
|
+
// Act
|
|
152
|
+
await tokenService.generate(options);
|
|
153
|
+
|
|
154
|
+
// Assert
|
|
155
|
+
expect(mockTokenRepo.create).toHaveBeenCalledWith(
|
|
156
|
+
expect.objectContaining({
|
|
157
|
+
metadata: JSON.stringify(metadata),
|
|
158
|
+
})
|
|
159
|
+
);
|
|
160
|
+
});
|
|
161
|
+
|
|
162
|
+
it('should parse expiry correctly: 60s → 60 seconds', async () => {
|
|
163
|
+
// Arrange
|
|
164
|
+
const options: GenerateTokenRequest = {
|
|
165
|
+
expiresIn: '60s',
|
|
166
|
+
maxUses: 0,
|
|
167
|
+
};
|
|
168
|
+
|
|
169
|
+
(jwt.sign as jest.Mock).mockReturnValue(MOCK_JWT_TOKEN);
|
|
170
|
+
mockTokenRepo.create.mockReturnValue({} as Token);
|
|
171
|
+
|
|
172
|
+
// Act
|
|
173
|
+
await tokenService.generate(options);
|
|
174
|
+
|
|
175
|
+
// Assert
|
|
176
|
+
const signCall = (jwt.sign as jest.Mock).mock.calls[0];
|
|
177
|
+
const payload = signCall[0] as TokenPayload;
|
|
178
|
+
expect(payload.exp - payload.iat).toBe(60);
|
|
179
|
+
});
|
|
180
|
+
|
|
181
|
+
it('should parse expiry correctly: 30m → 1800 seconds', async () => {
|
|
182
|
+
// Arrange
|
|
183
|
+
const options: GenerateTokenRequest = {
|
|
184
|
+
expiresIn: '30m',
|
|
185
|
+
maxUses: 0,
|
|
186
|
+
};
|
|
187
|
+
|
|
188
|
+
(jwt.sign as jest.Mock).mockReturnValue(MOCK_JWT_TOKEN);
|
|
189
|
+
mockTokenRepo.create.mockReturnValue({} as Token);
|
|
190
|
+
|
|
191
|
+
// Act
|
|
192
|
+
await tokenService.generate(options);
|
|
193
|
+
|
|
194
|
+
// Assert
|
|
195
|
+
const signCall = (jwt.sign as jest.Mock).mock.calls[0];
|
|
196
|
+
const payload = signCall[0] as TokenPayload;
|
|
197
|
+
expect(payload.exp - payload.iat).toBe(1800);
|
|
198
|
+
});
|
|
199
|
+
|
|
200
|
+
it('should parse expiry correctly: 1h → 3600 seconds', async () => {
|
|
201
|
+
// Arrange
|
|
202
|
+
const options: GenerateTokenRequest = {
|
|
203
|
+
expiresIn: '1h',
|
|
204
|
+
maxUses: 0,
|
|
205
|
+
};
|
|
206
|
+
|
|
207
|
+
(jwt.sign as jest.Mock).mockReturnValue(MOCK_JWT_TOKEN);
|
|
208
|
+
mockTokenRepo.create.mockReturnValue({} as Token);
|
|
209
|
+
|
|
210
|
+
// Act
|
|
211
|
+
await tokenService.generate(options);
|
|
212
|
+
|
|
213
|
+
// Assert
|
|
214
|
+
const signCall = (jwt.sign as jest.Mock).mock.calls[0];
|
|
215
|
+
const payload = signCall[0] as TokenPayload;
|
|
216
|
+
expect(payload.exp - payload.iat).toBe(3600);
|
|
217
|
+
});
|
|
218
|
+
|
|
219
|
+
it('should parse expiry correctly: 7d → 604800 seconds', async () => {
|
|
220
|
+
// Arrange
|
|
221
|
+
const options: GenerateTokenRequest = {
|
|
222
|
+
expiresIn: '7d',
|
|
223
|
+
maxUses: 0,
|
|
224
|
+
};
|
|
225
|
+
|
|
226
|
+
(jwt.sign as jest.Mock).mockReturnValue(MOCK_JWT_TOKEN);
|
|
227
|
+
mockTokenRepo.create.mockReturnValue({} as Token);
|
|
228
|
+
|
|
229
|
+
// Act
|
|
230
|
+
await tokenService.generate(options);
|
|
231
|
+
|
|
232
|
+
// Assert
|
|
233
|
+
const signCall = (jwt.sign as jest.Mock).mock.calls[0];
|
|
234
|
+
const payload = signCall[0] as TokenPayload;
|
|
235
|
+
expect(payload.exp - payload.iat).toBe(604800);
|
|
236
|
+
});
|
|
237
|
+
|
|
238
|
+
it('should throw error for invalid expiry format', async () => {
|
|
239
|
+
// Arrange
|
|
240
|
+
const options: GenerateTokenRequest = {
|
|
241
|
+
expiresIn: 'invalid',
|
|
242
|
+
maxUses: 0,
|
|
243
|
+
};
|
|
244
|
+
|
|
245
|
+
// Act & Assert
|
|
246
|
+
await expect(tokenService.generate(options)).rejects.toThrow(
|
|
247
|
+
'Invalid expiry format: invalid'
|
|
248
|
+
);
|
|
249
|
+
});
|
|
250
|
+
});
|
|
251
|
+
|
|
252
|
+
describe('validate', () => {
|
|
253
|
+
const mockPayload: TokenPayload = {
|
|
254
|
+
jti: 'test-jti',
|
|
255
|
+
iss: 'etc-collector',
|
|
256
|
+
sub: 'system',
|
|
257
|
+
iat: Math.floor(Date.now() / 1000),
|
|
258
|
+
exp: Math.floor(Date.now() / 1000) + 3600,
|
|
259
|
+
service: 'etc-collector',
|
|
260
|
+
maxUses: 10,
|
|
261
|
+
};
|
|
262
|
+
|
|
263
|
+
const mockTokenRecord: Token = {
|
|
264
|
+
id: 1,
|
|
265
|
+
jti: 'test-jti',
|
|
266
|
+
public_key: MOCK_PUBLIC_KEY,
|
|
267
|
+
created_at: new Date().toISOString(),
|
|
268
|
+
expires_at: new Date(Date.now() + 3600000).toISOString(),
|
|
269
|
+
max_uses: 10,
|
|
270
|
+
used_count: 5,
|
|
271
|
+
revoked_at: null,
|
|
272
|
+
revoked_by: null,
|
|
273
|
+
revoked_reason: null,
|
|
274
|
+
metadata: null,
|
|
275
|
+
};
|
|
276
|
+
|
|
277
|
+
it('should validate a valid token successfully', async () => {
|
|
278
|
+
// Arrange
|
|
279
|
+
(jwt.verify as jest.Mock).mockReturnValue(mockPayload);
|
|
280
|
+
mockTokenRepo.findByJti.mockReturnValue(mockTokenRecord);
|
|
281
|
+
|
|
282
|
+
// Act
|
|
283
|
+
const result = await tokenService.validate(MOCK_JWT_TOKEN);
|
|
284
|
+
|
|
285
|
+
// Assert
|
|
286
|
+
expect(result).toEqual(mockPayload);
|
|
287
|
+
expect(jwt.verify).toHaveBeenCalledWith(MOCK_JWT_TOKEN, MOCK_PUBLIC_KEY, {
|
|
288
|
+
algorithms: ['RS256'],
|
|
289
|
+
});
|
|
290
|
+
expect(mockTokenRepo.findByJti).toHaveBeenCalledWith('test-jti');
|
|
291
|
+
});
|
|
292
|
+
|
|
293
|
+
it('should throw TokenExpiredError for expired token', async () => {
|
|
294
|
+
// Arrange
|
|
295
|
+
(jwt.verify as jest.Mock).mockImplementation(() => {
|
|
296
|
+
const error = new jwt.TokenExpiredError('jwt expired', new Date());
|
|
297
|
+
throw error;
|
|
298
|
+
});
|
|
299
|
+
|
|
300
|
+
// Act & Assert
|
|
301
|
+
await expect(tokenService.validate(MOCK_JWT_TOKEN)).rejects.toThrow(TokenExpiredError);
|
|
302
|
+
});
|
|
303
|
+
|
|
304
|
+
it('should throw InvalidSignatureError for invalid signature', async () => {
|
|
305
|
+
// Arrange
|
|
306
|
+
(jwt.verify as jest.Mock).mockImplementation(() => {
|
|
307
|
+
const error = new jwt.JsonWebTokenError('invalid signature');
|
|
308
|
+
throw error;
|
|
309
|
+
});
|
|
310
|
+
|
|
311
|
+
// Act & Assert
|
|
312
|
+
await expect(tokenService.validate(MOCK_JWT_TOKEN)).rejects.toThrow(InvalidSignatureError);
|
|
313
|
+
});
|
|
314
|
+
|
|
315
|
+
it('should throw TokenNotFoundError if jti not in database', async () => {
|
|
316
|
+
// Arrange
|
|
317
|
+
(jwt.verify as jest.Mock).mockReturnValue(mockPayload);
|
|
318
|
+
mockTokenRepo.findByJti.mockReturnValue(null);
|
|
319
|
+
|
|
320
|
+
// Act & Assert
|
|
321
|
+
await expect(tokenService.validate(MOCK_JWT_TOKEN)).rejects.toThrow(TokenNotFoundError);
|
|
322
|
+
});
|
|
323
|
+
|
|
324
|
+
it('should throw TokenRevokedError for revoked token', async () => {
|
|
325
|
+
// Arrange
|
|
326
|
+
const revokedToken: Token = {
|
|
327
|
+
...mockTokenRecord,
|
|
328
|
+
revoked_at: new Date().toISOString(),
|
|
329
|
+
revoked_by: 'admin',
|
|
330
|
+
revoked_reason: 'Security breach',
|
|
331
|
+
};
|
|
332
|
+
|
|
333
|
+
(jwt.verify as jest.Mock).mockReturnValue(mockPayload);
|
|
334
|
+
mockTokenRepo.findByJti.mockReturnValue(revokedToken);
|
|
335
|
+
|
|
336
|
+
// Act & Assert
|
|
337
|
+
await expect(tokenService.validate(MOCK_JWT_TOKEN)).rejects.toThrow(TokenRevokedError);
|
|
338
|
+
});
|
|
339
|
+
|
|
340
|
+
it('should throw UsageLimitExceededError when quota exceeded', async () => {
|
|
341
|
+
// Arrange
|
|
342
|
+
const exhaustedToken: Token = {
|
|
343
|
+
...mockTokenRecord,
|
|
344
|
+
max_uses: 10,
|
|
345
|
+
used_count: 10,
|
|
346
|
+
};
|
|
347
|
+
|
|
348
|
+
(jwt.verify as jest.Mock).mockReturnValue(mockPayload);
|
|
349
|
+
mockTokenRepo.findByJti.mockReturnValue(exhaustedToken);
|
|
350
|
+
|
|
351
|
+
// Act & Assert
|
|
352
|
+
await expect(tokenService.validate(MOCK_JWT_TOKEN)).rejects.toThrow(
|
|
353
|
+
UsageLimitExceededError
|
|
354
|
+
);
|
|
355
|
+
});
|
|
356
|
+
|
|
357
|
+
it('should allow unlimited tokens (maxUses=0) regardless of usage', async () => {
|
|
358
|
+
// Arrange
|
|
359
|
+
const unlimitedToken: Token = {
|
|
360
|
+
...mockTokenRecord,
|
|
361
|
+
max_uses: 0,
|
|
362
|
+
used_count: 1000,
|
|
363
|
+
};
|
|
364
|
+
|
|
365
|
+
(jwt.verify as jest.Mock).mockReturnValue(mockPayload);
|
|
366
|
+
mockTokenRepo.findByJti.mockReturnValue(unlimitedToken);
|
|
367
|
+
|
|
368
|
+
// Act
|
|
369
|
+
const result = await tokenService.validate(MOCK_JWT_TOKEN);
|
|
370
|
+
|
|
371
|
+
// Assert
|
|
372
|
+
expect(result).toEqual(mockPayload);
|
|
373
|
+
});
|
|
374
|
+
|
|
375
|
+
it('should throw error for invalid issuer', async () => {
|
|
376
|
+
// Arrange
|
|
377
|
+
const invalidPayload = { ...mockPayload, iss: 'invalid-issuer' };
|
|
378
|
+
(jwt.verify as jest.Mock).mockReturnValue(invalidPayload);
|
|
379
|
+
|
|
380
|
+
// Act & Assert
|
|
381
|
+
await expect(tokenService.validate(MOCK_JWT_TOKEN)).rejects.toThrow('Invalid token issuer');
|
|
382
|
+
});
|
|
383
|
+
});
|
|
384
|
+
|
|
385
|
+
describe('revoke', () => {
|
|
386
|
+
const mockTokenRecord: Token = {
|
|
387
|
+
id: 1,
|
|
388
|
+
jti: 'test-jti',
|
|
389
|
+
public_key: MOCK_PUBLIC_KEY,
|
|
390
|
+
created_at: new Date().toISOString(),
|
|
391
|
+
expires_at: new Date(Date.now() + 3600000).toISOString(),
|
|
392
|
+
max_uses: 10,
|
|
393
|
+
used_count: 5,
|
|
394
|
+
revoked_at: null,
|
|
395
|
+
revoked_by: null,
|
|
396
|
+
revoked_reason: null,
|
|
397
|
+
metadata: null,
|
|
398
|
+
};
|
|
399
|
+
|
|
400
|
+
it('should revoke a token successfully', async () => {
|
|
401
|
+
// Arrange
|
|
402
|
+
mockTokenRepo.findByJti.mockReturnValue(mockTokenRecord);
|
|
403
|
+
mockTokenRepo.revoke.mockReturnValue(undefined);
|
|
404
|
+
|
|
405
|
+
// Act
|
|
406
|
+
await tokenService.revoke('test-jti', 'admin', 'Security audit');
|
|
407
|
+
|
|
408
|
+
// Assert
|
|
409
|
+
expect(mockTokenRepo.findByJti).toHaveBeenCalledWith('test-jti');
|
|
410
|
+
expect(mockTokenRepo.revoke).toHaveBeenCalledWith('test-jti', 'admin', 'Security audit');
|
|
411
|
+
});
|
|
412
|
+
|
|
413
|
+
it('should throw TokenNotFoundError if token does not exist', async () => {
|
|
414
|
+
// Arrange
|
|
415
|
+
mockTokenRepo.findByJti.mockReturnValue(null);
|
|
416
|
+
|
|
417
|
+
// Act & Assert
|
|
418
|
+
await expect(tokenService.revoke('nonexistent', 'admin', 'Test')).rejects.toThrow(
|
|
419
|
+
TokenNotFoundError
|
|
420
|
+
);
|
|
421
|
+
});
|
|
422
|
+
|
|
423
|
+
it('should be idempotent (no error if already revoked)', async () => {
|
|
424
|
+
// Arrange
|
|
425
|
+
const revokedToken: Token = {
|
|
426
|
+
...mockTokenRecord,
|
|
427
|
+
revoked_at: new Date().toISOString(),
|
|
428
|
+
revoked_by: 'admin',
|
|
429
|
+
};
|
|
430
|
+
mockTokenRepo.findByJti.mockReturnValue(revokedToken);
|
|
431
|
+
|
|
432
|
+
// Act & Assert - should not throw
|
|
433
|
+
await expect(
|
|
434
|
+
tokenService.revoke('test-jti', 'admin', 'Test')
|
|
435
|
+
).resolves.not.toThrow();
|
|
436
|
+
expect(mockTokenRepo.revoke).not.toHaveBeenCalled();
|
|
437
|
+
});
|
|
438
|
+
});
|
|
439
|
+
|
|
440
|
+
describe('getInfo', () => {
|
|
441
|
+
it('should return token information', async () => {
|
|
442
|
+
// Arrange
|
|
443
|
+
const mockTokenRecord: Token = {
|
|
444
|
+
id: 1,
|
|
445
|
+
jti: 'test-jti',
|
|
446
|
+
public_key: MOCK_PUBLIC_KEY,
|
|
447
|
+
created_at: '2026-01-12T10:00:00Z',
|
|
448
|
+
expires_at: '2026-01-12T11:00:00Z',
|
|
449
|
+
max_uses: 10,
|
|
450
|
+
used_count: 3,
|
|
451
|
+
revoked_at: null,
|
|
452
|
+
revoked_by: null,
|
|
453
|
+
revoked_reason: null,
|
|
454
|
+
metadata: null,
|
|
455
|
+
};
|
|
456
|
+
|
|
457
|
+
mockTokenRepo.findByJti.mockReturnValue(mockTokenRecord);
|
|
458
|
+
|
|
459
|
+
// Act
|
|
460
|
+
const info = await tokenService.getInfo('test-jti');
|
|
461
|
+
|
|
462
|
+
// Assert
|
|
463
|
+
expect(info).toEqual({
|
|
464
|
+
jti: 'test-jti',
|
|
465
|
+
created_at: '2026-01-12T10:00:00Z',
|
|
466
|
+
expires_at: '2026-01-12T11:00:00Z',
|
|
467
|
+
max_uses: 10,
|
|
468
|
+
used_count: 3,
|
|
469
|
+
remaining_uses: 7,
|
|
470
|
+
revoked: false,
|
|
471
|
+
revoked_at: null,
|
|
472
|
+
revoked_reason: null,
|
|
473
|
+
});
|
|
474
|
+
});
|
|
475
|
+
|
|
476
|
+
it('should return -1 for remaining_uses when unlimited', async () => {
|
|
477
|
+
// Arrange
|
|
478
|
+
const unlimitedToken: Token = {
|
|
479
|
+
id: 1,
|
|
480
|
+
jti: 'test-jti',
|
|
481
|
+
public_key: MOCK_PUBLIC_KEY,
|
|
482
|
+
created_at: '2026-01-12T10:00:00Z',
|
|
483
|
+
expires_at: '2026-01-12T11:00:00Z',
|
|
484
|
+
max_uses: 0,
|
|
485
|
+
used_count: 100,
|
|
486
|
+
revoked_at: null,
|
|
487
|
+
revoked_by: null,
|
|
488
|
+
revoked_reason: null,
|
|
489
|
+
metadata: null,
|
|
490
|
+
};
|
|
491
|
+
|
|
492
|
+
mockTokenRepo.findByJti.mockReturnValue(unlimitedToken);
|
|
493
|
+
|
|
494
|
+
// Act
|
|
495
|
+
const info = await tokenService.getInfo('test-jti');
|
|
496
|
+
|
|
497
|
+
// Assert
|
|
498
|
+
expect(info.remaining_uses).toBe(-1);
|
|
499
|
+
});
|
|
500
|
+
|
|
501
|
+
it('should throw TokenNotFoundError if token does not exist', async () => {
|
|
502
|
+
// Arrange
|
|
503
|
+
mockTokenRepo.findByJti.mockReturnValue(null);
|
|
504
|
+
|
|
505
|
+
// Act & Assert
|
|
506
|
+
await expect(tokenService.getInfo('nonexistent')).rejects.toThrow(TokenNotFoundError);
|
|
507
|
+
});
|
|
508
|
+
});
|
|
509
|
+
|
|
510
|
+
describe('incrementUsage', () => {
|
|
511
|
+
it('should increment token usage count', async () => {
|
|
512
|
+
// Arrange
|
|
513
|
+
mockTokenRepo.incrementUsage.mockReturnValue(undefined);
|
|
514
|
+
|
|
515
|
+
// Act
|
|
516
|
+
await tokenService.incrementUsage('test-jti');
|
|
517
|
+
|
|
518
|
+
// Assert
|
|
519
|
+
expect(mockTokenRepo.incrementUsage).toHaveBeenCalledWith('test-jti');
|
|
520
|
+
});
|
|
521
|
+
});
|
|
522
|
+
|
|
523
|
+
describe('listAll', () => {
|
|
524
|
+
it('should return array of all tokens', async () => {
|
|
525
|
+
// Arrange
|
|
526
|
+
const mockTokens: Token[] = [
|
|
527
|
+
{
|
|
528
|
+
id: 1,
|
|
529
|
+
jti: 'jti-1',
|
|
530
|
+
public_key: MOCK_PUBLIC_KEY,
|
|
531
|
+
created_at: '2026-01-12T10:00:00Z',
|
|
532
|
+
expires_at: '2026-01-12T11:00:00Z',
|
|
533
|
+
max_uses: 10,
|
|
534
|
+
used_count: 3,
|
|
535
|
+
revoked_at: null,
|
|
536
|
+
revoked_by: null,
|
|
537
|
+
revoked_reason: null,
|
|
538
|
+
metadata: null,
|
|
539
|
+
},
|
|
540
|
+
{
|
|
541
|
+
id: 2,
|
|
542
|
+
jti: 'jti-2',
|
|
543
|
+
public_key: MOCK_PUBLIC_KEY,
|
|
544
|
+
created_at: '2026-01-12T09:00:00Z',
|
|
545
|
+
expires_at: '2026-01-12T10:00:00Z',
|
|
546
|
+
max_uses: 0,
|
|
547
|
+
used_count: 50,
|
|
548
|
+
revoked_at: null,
|
|
549
|
+
revoked_by: null,
|
|
550
|
+
revoked_reason: null,
|
|
551
|
+
metadata: null,
|
|
552
|
+
},
|
|
553
|
+
];
|
|
554
|
+
|
|
555
|
+
mockTokenRepo.findAll.mockReturnValue(mockTokens);
|
|
556
|
+
|
|
557
|
+
// Act
|
|
558
|
+
const result = await tokenService.listAll();
|
|
559
|
+
|
|
560
|
+
// Assert
|
|
561
|
+
expect(result).toHaveLength(2);
|
|
562
|
+
expect(result[0]!.jti).toBe('jti-1');
|
|
563
|
+
expect(result[0]!.remaining_uses).toBe(7);
|
|
564
|
+
expect(result[1]!.jti).toBe('jti-2');
|
|
565
|
+
expect(result[1]!.remaining_uses).toBe(-1); // Unlimited
|
|
566
|
+
});
|
|
567
|
+
|
|
568
|
+
it('should return empty array when no tokens', async () => {
|
|
569
|
+
// Arrange
|
|
570
|
+
mockTokenRepo.findAll.mockReturnValue([]);
|
|
571
|
+
|
|
572
|
+
// Act
|
|
573
|
+
const result = await tokenService.listAll();
|
|
574
|
+
|
|
575
|
+
// Assert
|
|
576
|
+
expect(result).toEqual([]);
|
|
577
|
+
});
|
|
578
|
+
});
|
|
579
|
+
});
|