@hazeljs/auth 0.2.0-beta.1

package/README.md

@@ -0,0 +1,483 @@
+# @hazeljs/auth
+
+**Authentication and JWT Module for HazelJS**
+
+Secure your HazelJS applications with JWT-based authentication, guards, and decorators.
+
+[![npm version](https://img.shields.io/npm/v/@hazeljs/auth.svg)](https://www.npmjs.com/package/@hazeljs/auth)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+## Features
+
+- 🔐 **JWT Authentication** - Secure token-based authentication
+- 🛡️ **Auth Guards** - Protect routes with decorators
+- 👤 **User Extraction** - Get current user from request
+- 🔑 **Token Management** - Generate, verify, and refresh tokens
+- ⏰ **Token Expiration** - Configurable expiration times
+- 🎯 **Role-Based Access** - Role and permission guards
+- 🔄 **Refresh Tokens** - Long-lived refresh token support
+- 📊 **Token Blacklisting** - Revoke tokens when needed
+
+## Installation
+
+```bash
+npm install @hazeljs/auth
+```
+
+## Quick Start
+
+### 1. Configure Auth Module
+
+```typescript
+import { HazelModule } from '@hazeljs/core';
+import { AuthModule } from '@hazeljs/auth';
+
+@HazelModule({
+  imports: [
+    AuthModule.forRoot({
+      secret: process.env.JWT_SECRET || 'your-secret-key',
+      expiresIn: '1h',
+      refreshExpiresIn: '7d',
+    }),
+  ],
+})
+export class AppModule {}
+```
+
+### 2. Create Auth Service
+
+```typescript
+import { Injectable } from '@hazeljs/core';
+import { AuthService } from '@hazeljs/auth';
+
+@Injectable()
+export class UserAuthService {
+  constructor(private authService: AuthService) {}
+
+  async login(email: string, password: string) {
+    // Validate credentials
+    const user = await this.validateUser(email, password);
+    
+    if (!user) {
+      throw new Error('Invalid credentials');
+    }
+
+    // Generate tokens
+    const accessToken = await this.authService.generateToken({
+      sub: user.id,
+      email: user.email,
+      roles: user.roles,
+    });
+
+    const refreshToken = await this.authService.generateRefreshToken({
+      sub: user.id,
+    });
+
+    return {
+      accessToken,
+      refreshToken,
+      user,
+    };
+  }
+
+  async validateUser(email: string, password: string) {
+    // Your user validation logic
+    const user = await this.userService.findByEmail(email);
+    
+    if (user && await this.comparePasswords(password, user.password)) {
+      return user;
+    }
+    
+    return null;
+  }
+}
+```
+
+### 3. Protect Routes with Guards
+
+```typescript
+import { Controller, Get, Post, Body } from '@hazeljs/core';
+import { UseGuard, AuthGuard, CurrentUser } from '@hazeljs/auth';
+
+@Controller('/api')
+export class ApiController {
+  @Post('/login')
+  async login(@Body() credentials: LoginDto) {
+    return this.authService.login(credentials.email, credentials.password);
+  }
+
+  @Get('/profile')
+  @UseGuard(AuthGuard)
+  getProfile(@CurrentUser() user: any) {
+    return { user };
+  }
+
+  @Get('/admin')
+  @UseGuard(AuthGuard)
+  @UseGuard(RoleGuard(['admin']))
+  getAdminData(@CurrentUser() user: any) {
+    return { message: 'Admin only data', user };
+  }
+}
+```
+
+## Authentication Flow
+
+### Login
+
+```typescript
+@Post('/auth/login')
+async login(@Body() loginDto: LoginDto) {
+  const user = await this.authService.validateUser(
+    loginDto.email,
+    loginDto.password
+  );
+
+  if (!user) {
+    throw new UnauthorizedException('Invalid credentials');
+  }
+
+  const payload = {
+    sub: user.id,
+    email: user.email,
+    roles: user.roles,
+  };
+
+  return {
+    accessToken: await this.authService.generateToken(payload),
+    refreshToken: await this.authService.generateRefreshToken(payload),
+  };
+}
+```
+
+### Refresh Token
+
+```typescript
+@Post('/auth/refresh')
+async refresh(@Body() refreshDto: RefreshDto) {
+  const payload = await this.authService.verifyRefreshToken(
+    refreshDto.refreshToken
+  );
+
+  return {
+    accessToken: await this.authService.generateToken({
+      sub: payload.sub,
+      email: payload.email,
+      roles: payload.roles,
+    }),
+  };
+}
+```
+
+### Logout
+
+```typescript
+@Post('/auth/logout')
+@UseGuard(AuthGuard)
+async logout(@CurrentUser() user: any, @Headers('authorization') token: string) {
+  // Extract token from "Bearer <token>"
+  const jwt = token.split(' ')[1];
+  
+  // Blacklist the token
+  await this.authService.blacklistToken(jwt);
+  
+  return { message: 'Logged out successfully' };
+}
+```
+
+## Guards
+
+### Auth Guard
+
+```typescript
+import { AuthGuard } from '@hazeljs/auth';
+
+@Controller('/protected')
+export class ProtectedController {
+  @Get()
+  @UseGuard(AuthGuard)
+  getData(@CurrentUser() user: any) {
+    return { data: 'protected', user };
+  }
+}
+```
+
+### Role Guard
+
+```typescript
+import { RoleGuard } from '@hazeljs/auth';
+
+@Controller('/admin')
+export class AdminController {
+  @Get('/users')
+  @UseGuard(AuthGuard)
+  @UseGuard(RoleGuard(['admin']))
+  getAllUsers() {
+    return { users: [] };
+  }
+
+  @Get('/settings')
+  @UseGuard(AuthGuard)
+  @UseGuard(RoleGuard(['admin', 'superadmin']))
+  getSettings() {
+    return { settings: {} };
+  }
+}
+```
+
+### Permission Guard
+
+```typescript
+import { PermissionGuard } from '@hazeljs/auth';
+
+@Controller('/posts')
+export class PostController {
+  @Post()
+  @UseGuard(AuthGuard)
+  @UseGuard(PermissionGuard(['posts:create']))
+  createPost(@Body() createPostDto: CreatePostDto) {
+    return this.postService.create(createPostDto);
+  }
+
+  @Delete('/:id')
+  @UseGuard(AuthGuard)
+  @UseGuard(PermissionGuard(['posts:delete']))
+  deletePost(@Param('id') id: string) {
+    return this.postService.delete(id);
+  }
+}
+```
+
+## Decorators
+
+### @CurrentUser()
+
+Extract the authenticated user from the request:
+
+```typescript
+@Get('/me')
+@UseGuard(AuthGuard)
+getMe(@CurrentUser() user: any) {
+  return user;
+}
+
+// With specific property
+@Get('/email')
+@UseGuard(AuthGuard)
+getEmail(@CurrentUser('email') email: string) {
+  return { email };
+}
+```
+
+### @Public()
+
+Mark routes as public (skip authentication):
+
+```typescript
+import { Public } from '@hazeljs/auth';
+
+@Controller('/api')
+@UseGuard(AuthGuard) // Applied to all routes
+export class ApiController {
+  @Get('/public')
+  @Public() // This route skips authentication
+  getPublicData() {
+    return { data: 'public' };
+  }
+
+  @Get('/private')
+  getPrivateData(@CurrentUser() user: any) {
+    return { data: 'private', user };
+  }
+}
+```
+
+### @Roles()
+
+Shorthand for role-based access:
+
+```typescript
+import { Roles } from '@hazeljs/auth';
+
+@Controller('/admin')
+export class AdminController {
+  @Get('/dashboard')
+  @Roles('admin', 'superadmin')
+  getDashboard() {
+    return { dashboard: 'data' };
+  }
+}
+```
+
+## Token Management
+
+### Generate Token
+
+```typescript
+const token = await authService.generateToken({
+  sub: user.id,
+  email: user.email,
+  roles: ['user'],
+  customClaim: 'value',
+});
+```
+
+### Verify Token
+
+```typescript
+try {
+  const payload = await authService.verifyToken(token);
+  console.log(payload.sub); // user.id
+  console.log(payload.email);
+} catch (error) {
+  console.error('Invalid token:', error.message);
+}
+```
+
+### Decode Token (without verification)
+
+```typescript
+const payload = authService.decodeToken(token);
+console.log(payload);
+```
+
+### Blacklist Token
+
+```typescript
+await authService.blacklistToken(token);
+
+// Check if blacklisted
+const isBlacklisted = await authService.isTokenBlacklisted(token);
+```
+
+## Configuration
+
+### Module Configuration
+
+```typescript
+AuthModule.forRoot({
+  // JWT secret key
+  secret: process.env.JWT_SECRET,
+  
+  // Access token expiration
+  expiresIn: '15m',
+  
+  // Refresh token expiration
+  refreshExpiresIn: '7d',
+  
+  // Token issuer
+  issuer: 'hazeljs-app',
+  
+  // Token audience
+  audience: 'hazeljs-users',
+  
+  // Algorithm
+  algorithm: 'HS256',
+  
+  // Token blacklist (requires Redis)
+  blacklist: {
+    enabled: true,
+    redis: redisClient,
+  },
+})
+```
+
+### Environment Variables
+
+```env
+JWT_SECRET=your-super-secret-key-change-in-production
+JWT_EXPIRES_IN=1h
+JWT_REFRESH_EXPIRES_IN=7d
+```
+
+## Password Hashing
+
+```typescript
+import { hash, compare } from '@hazeljs/auth';
+
+// Hash password
+const hashedPassword = await hash('user-password', 10);
+
+// Compare password
+const isValid = await compare('user-password', hashedPassword);
+```
+
+## Custom Guards
+
+```typescript
+import { Guard, GuardContext } from '@hazeljs/core';
+import { Injectable } from '@hazeljs/core';
+
+@Injectable()
+export class CustomAuthGuard implements Guard {
+  async canActivate(context: GuardContext): Promise<boolean> {
+    const request = context.request;
+    const token = request.headers.authorization?.split(' ')[1];
+    
+    if (!token) {
+      return false;
+    }
+
+    try {
+      const payload = await this.authService.verifyToken(token);
+      request.user = payload;
+      return true;
+    } catch {
+      return false;
+    }
+  }
+}
+```
+
+## API Reference
+
+### AuthService
+
+```typescript
+class AuthService {
+  generateToken(payload: any, options?: SignOptions): Promise<string>;
+  generateRefreshToken(payload: any): Promise<string>;
+  verifyToken(token: string): Promise<any>;
+  verifyRefreshToken(token: string): Promise<any>;
+  decodeToken(token: string): any;
+  blacklistToken(token: string): Promise<void>;
+  isTokenBlacklisted(token: string): Promise<boolean>;
+}
+```
+
+### Guards
+
+- `AuthGuard` - Validates JWT token
+- `RoleGuard(roles: string[])` - Checks user roles
+- `PermissionGuard(permissions: string[])` - Checks user permissions
+
+### Decorators
+
+- `@CurrentUser(property?: string)` - Extract user from request
+- `@Public()` - Skip authentication
+- `@Roles(...roles: string[])` - Require specific roles
+
+## Examples
+
+See the [examples](../../example/src/auth) directory for complete working examples.
+
+## Testing
+
+```bash
+npm test
+```
+
+## Contributing
+
+Contributions are welcome! Please read our [Contributing Guide](../../CONTRIBUTING.md) for details.
+
+## License
+
+MIT © [HazelJS](https://hazeljs.com)
+
+## Links
+
+- [Documentation](https://hazeljs.com/docs/packages/auth)
+- [GitHub](https://github.com/hazel-js/hazeljs)
+- [Issues](https://github.com/hazeljs/hazel-js/issues)
+- [Discord](https://discord.gg/hazeljs)

package/dist/auth.guard.d.ts

@@ -0,0 +1,15 @@
+import { RequestContext } from '@hazeljs/core';
+import { AuthService } from './auth.service';
+export interface AuthGuardOptions {
+    roles?: string[];
+}
+export interface IAuthGuard {
+    canActivate(context: RequestContext, options?: AuthGuardOptions): Promise<boolean>;
+}
+export declare class AuthGuard implements IAuthGuard {
+    private authService;
+    constructor(authService: AuthService);
+    canActivate(context: RequestContext, options?: AuthGuardOptions): Promise<boolean>;
+}
+export declare function Auth(options?: AuthGuardOptions): (target: unknown, propertyKey: string, descriptor: PropertyDescriptor) => PropertyDescriptor;
+//# sourceMappingURL=auth.guard.d.ts.map

package/dist/auth.guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.guard.d.ts","sourceRoot":"","sources":["../src/auth.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAK/C,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAE7C,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,WAAW,CAAC,OAAO,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACpF;AAMD,qBACa,SAAU,YAAW,UAAU;IAC9B,OAAO,CAAC,WAAW;gBAAX,WAAW,EAAE,WAAW;IAEtC,WAAW,CAAC,OAAO,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CA4CzF;AAGD,wBAAgB,IAAI,CAAC,OAAO,CAAC,EAAE,gBAAgB,IAE3C,QAAQ,OAAO,EACf,aAAa,MAAM,EACnB,YAAY,kBAAkB,KAC7B,kBAAkB,CA2BtB"}

package/dist/auth.guard.js

@@ -0,0 +1,96 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthGuard = void 0;
+exports.Auth = Auth;
+const core_1 = require("@hazeljs/core");
+const core_2 = __importDefault(require("@hazeljs/core"));
+const core_3 = require("@hazeljs/core");
+const auth_service_1 = require("./auth.service");
+let AuthGuard = class AuthGuard {
+    constructor(authService) {
+        this.authService = authService;
+    }
+    async canActivate(context, options) {
+        const authHeader = context.headers['authorization'];
+        if (!authHeader) {
+            const error = new Error('No authorization header');
+            error.status = 400;
+            throw error;
+        }
+        const token = authHeader.split(' ')[1];
+        if (!token) {
+            const error = new Error('Invalid authorization header format');
+            error.status = 400;
+            throw error;
+        }
+        try {
+            const user = await this.authService.verifyToken(token);
+            if (!user) {
+                const error = new Error('Invalid token');
+                error.status = 401;
+                throw error;
+            }
+            // Check roles if specified
+            if (options?.roles && !options.roles.includes(user.role)) {
+                const error = new Error('Insufficient permissions');
+                error.status = 403;
+                throw error;
+            }
+            // Attach user to context
+            context.user = user;
+            return true;
+        }
+        catch (error) {
+            const authError = error;
+            core_2.default.error(`[${context.method}] ${context.url} - ${authError.message} (status: ${authError.status || 500})`);
+            if (process.env.NODE_ENV === 'development' && authError.stack) {
+                core_2.default.debug(authError.stack);
+            }
+            throw authError;
+        }
+    }
+};
+exports.AuthGuard = AuthGuard;
+exports.AuthGuard = AuthGuard = __decorate([
+    (0, core_1.Injectable)(),
+    __metadata("design:paramtypes", [auth_service_1.AuthService])
+], AuthGuard);
+// Decorator factory for protecting routes
+function Auth(options) {
+    return function (target, propertyKey, descriptor) {
+        const originalMethod = descriptor.value;
+        descriptor.value = async function (context) {
+            try {
+                // Get the auth guard instance from the container
+                const container = core_3.Container.getInstance();
+                const guard = container.resolve(AuthGuard);
+                if (!guard) {
+                    throw new Error('AuthGuard not found. Make sure to provide an AuthGuard implementation.');
+                }
+                await guard.canActivate(context, options);
+                return originalMethod.call(this, context);
+            }
+            catch (error) {
+                const authError = error;
+                core_2.default.error(`[${context.method}] ${context.url} - ${authError.message} (status: ${authError.status || 500})`);
+                if (process.env.NODE_ENV === 'development' && authError.stack) {
+                    core_2.default.debug(authError.stack);
+                }
+                throw authError;
+            }
+        };
+        return descriptor;
+    };
+}

package/dist/auth.service.d.ts

@@ -0,0 +1,13 @@
+import { JwtService } from './jwt/jwt.service';
+export interface AuthUser {
+    id: string;
+    username?: string;
+    role: string;
+    [key: string]: unknown;
+}
+export declare class AuthService {
+    private readonly jwtService;
+    constructor(jwtService: JwtService);
+    verifyToken(token: string): Promise<AuthUser | null>;
+}
+//# sourceMappingURL=auth.service.d.ts.map

package/dist/auth.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../src/auth.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAc,MAAM,mBAAmB,CAAC;AAE3D,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,qBACa,WAAW;IACV,OAAO,CAAC,QAAQ,CAAC,UAAU;gBAAV,UAAU,EAAE,UAAU;IAE7C,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;CAa3D"}

package/dist/auth.service.js

@@ -0,0 +1,38 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthService = void 0;
+const core_1 = require("@hazeljs/core");
+const jwt_service_1 = require("./jwt/jwt.service");
+let AuthService = class AuthService {
+    constructor(jwtService) {
+        this.jwtService = jwtService;
+    }
+    async verifyToken(token) {
+        try {
+            const payload = this.jwtService.verify(token);
+            return {
+                id: payload.sub,
+                username: payload.username || payload.email,
+                role: payload.role || 'user',
+                ...payload,
+            };
+        }
+        catch {
+            return null;
+        }
+    }
+};
+exports.AuthService = AuthService;
+exports.AuthService = AuthService = __decorate([
+    (0, core_1.Injectable)(),
+    __metadata("design:paramtypes", [jwt_service_1.JwtService])
+], AuthService);

package/dist/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * @hazeljs/auth - Authentication module for HazelJS
+ */
+export { AuthGuard } from './auth.guard';
+export { AuthService } from './auth.service';
+export { JwtModule } from './jwt/jwt.module';
+export { JwtService } from './jwt/jwt.service';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/index.js

@@ -0,0 +1,14 @@
+"use strict";
+/**
+ * @hazeljs/auth - Authentication module for HazelJS
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtService = exports.JwtModule = exports.AuthService = exports.AuthGuard = void 0;
+var auth_guard_1 = require("./auth.guard");
+Object.defineProperty(exports, "AuthGuard", { enumerable: true, get: function () { return auth_guard_1.AuthGuard; } });
+var auth_service_1 = require("./auth.service");
+Object.defineProperty(exports, "AuthService", { enumerable: true, get: function () { return auth_service_1.AuthService; } });
+var jwt_module_1 = require("./jwt/jwt.module");
+Object.defineProperty(exports, "JwtModule", { enumerable: true, get: function () { return jwt_module_1.JwtModule; } });
+var jwt_service_1 = require("./jwt/jwt.service");
+Object.defineProperty(exports, "JwtService", { enumerable: true, get: function () { return jwt_service_1.JwtService; } });

package/dist/jwt/jwt.module.d.ts

@@ -0,0 +1,7 @@
+import { JwtServiceOptions } from './jwt.service';
+export interface JwtModuleOptions extends JwtServiceOptions {
+}
+export declare class JwtModule {
+    static forRoot(options?: JwtModuleOptions): typeof JwtModule;
+}
+//# sourceMappingURL=jwt.module.d.ts.map

package/dist/jwt/jwt.module.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.module.d.ts","sourceRoot":"","sources":["../../src/jwt/jwt.module.ts"],"names":[],"mappings":"AACA,OAAO,EAAc,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAE9D,MAAM,WAAW,gBAAiB,SAAQ,iBAAiB;CAAG;AAE9D,qBAIa,SAAS;IACpB,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,SAAS;CAM7D"}

package/dist/jwt/jwt.module.js

@@ -0,0 +1,27 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var JwtModule_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtModule = void 0;
+const core_1 = require("@hazeljs/core");
+const jwt_service_1 = require("./jwt.service");
+let JwtModule = JwtModule_1 = class JwtModule {
+    static forRoot(options) {
+        if (options) {
+            jwt_service_1.JwtService.configure(options);
+        }
+        return JwtModule_1;
+    }
+};
+exports.JwtModule = JwtModule;
+exports.JwtModule = JwtModule = JwtModule_1 = __decorate([
+    (0, core_1.HazelModule)({
+        providers: [jwt_service_1.JwtService],
+        exports: [jwt_service_1.JwtService],
+    })
+], JwtModule);

package/dist/jwt/jwt.service.d.ts

@@ -0,0 +1,25 @@
+export interface JwtPayload {
+    sub: string;
+    [key: string]: unknown;
+}
+export interface JwtServiceOptions {
+    secret?: string;
+    expiresIn?: string | number;
+    issuer?: string;
+    audience?: string;
+}
+export declare class JwtService {
+    private readonly secret;
+    private readonly defaultExpiresIn;
+    private readonly issuer?;
+    private readonly audience?;
+    constructor();
+    private static moduleOptions;
+    static configure(options: JwtServiceOptions): void;
+    sign(payload: JwtPayload, options?: {
+        expiresIn?: string | number;
+    }): string;
+    verify(token: string): JwtPayload;
+    decode(token: string): JwtPayload | null;
+}
+//# sourceMappingURL=jwt.service.d.ts.map

package/dist/jwt/jwt.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.service.d.ts","sourceRoot":"","sources":["../../src/jwt/jwt.service.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,iBAAiB;IAChC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,qBACa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAkB;IACnD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAS;;IAgBnC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAyB;IAErD,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,iBAAiB,GAAG,IAAI;IAIlD,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE;QAAE,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,GAAG,MAAM;IAU5E,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU;IAQjC,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI;CAIzC"}

package/dist/jwt/jwt.service.js

@@ -0,0 +1,61 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var JwtService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtService = void 0;
+const core_1 = require("@hazeljs/core");
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+let JwtService = JwtService_1 = class JwtService {
+    constructor() {
+        const options = JwtService_1.moduleOptions;
+        this.secret = options.secret || process.env.JWT_SECRET || '';
+        this.defaultExpiresIn = options.expiresIn || process.env.JWT_EXPIRES_IN || '1h';
+        this.issuer = options.issuer || process.env.JWT_ISSUER;
+        this.audience = options.audience || process.env.JWT_AUDIENCE;
+        if (!this.secret) {
+            throw new Error('JWT secret is not configured. Set JWT_SECRET environment variable or pass secret via JwtModule.forRoot({ secret: "..." })');
+        }
+    }
+    static configure(options) {
+        JwtService_1.moduleOptions = options;
+    }
+    sign(payload, options) {
+        const signOptions = {
+            expiresIn: (options?.expiresIn || this.defaultExpiresIn),
+        };
+        if (this.issuer)
+            signOptions.issuer = this.issuer;
+        if (this.audience)
+            signOptions.audience = this.audience;
+        return jsonwebtoken_1.default.sign(payload, this.secret, signOptions);
+    }
+    verify(token) {
+        const verifyOptions = {};
+        if (this.issuer)
+            verifyOptions.issuer = this.issuer;
+        if (this.audience)
+            verifyOptions.audience = this.audience;
+        return jsonwebtoken_1.default.verify(token, this.secret, verifyOptions);
+    }
+    decode(token) {
+        const decoded = jsonwebtoken_1.default.decode(token);
+        return decoded;
+    }
+};
+exports.JwtService = JwtService;
+JwtService.moduleOptions = {};
+exports.JwtService = JwtService = JwtService_1 = __decorate([
+    (0, core_1.Injectable)(),
+    __metadata("design:paramtypes", [])
+], JwtService);

package/package.json

@@ -0,0 +1,48 @@
+{
+  "name": "@hazeljs/auth",
+  "version": "0.2.0-beta.1",
+  "description": "Authentication and JWT module for HazelJS framework",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "test": "jest --coverage --passWithNoTests",
+    "lint": "eslint \"src/**/*.ts\"",
+    "lint:fix": "eslint \"src/**/*.ts\" --fix",
+    "clean": "rm -rf dist"
+  },
+  "dependencies": {
+    "@hazeljs/core": "file:../core",
+    "jsonwebtoken": "^9.0.2"
+  },
+  "devDependencies": {
+    "@types/jsonwebtoken": "^9.0.9",
+    "@types/node": "^20.17.50",
+    "@typescript-eslint/eslint-plugin": "^8.18.2",
+    "@typescript-eslint/parser": "^8.18.2",
+    "eslint": "^8.56.0",
+    "jest": "^29.7.0",
+    "ts-jest": "^29.1.2",
+    "typescript": "^5.3.3"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/hazel-js/hazeljs.git",
+    "directory": "packages/auth"
+  },
+  "keywords": [
+    "hazeljs",
+    "auth",
+    "authentication",
+    "jwt",
+    "security"
+  ],
+  "author": "Muhammad Arslan <marslan@hazeljs.com>",
+  "license": "MIT"
+}