@hemia/jwt-manager 0.0.1 → 0.0.2

package/dist/hemia-jwt-manager.esm.js

@@ -23,7 +23,7 @@ var safeBuffer = {exports: {}};
 
 /*! safe-buffer. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> */
 
-(function (module, exports) {
+(function (module, exports$1) {
 	/* eslint-disable node/no-deprecated-api */
 	var buffer = require$$0;
 	var Buffer = buffer.Buffer;
@@ -38,8 +38,8 @@ var safeBuffer = {exports: {}};
 	  module.exports = buffer;
 	} else {
 	  // Copy properties from require('buffer')
-	  copyProps(buffer, exports);
-	  exports.Buffer = SafeBuffer;
+	  copyProps(buffer, exports$1);
+	  exports$1.Buffer = SafeBuffer;
 	}
 
 	function SafeBuffer (arg, encodingOrOffset, length) {
@@ -660,7 +660,7 @@ var jwa$2 = function jwa(algorithm) {
     es: createECDSAVerifer,
     none: createNoneVerifier,
   };
-  var match = algorithm.match(/^(RS|PS|ES|HS)(256|384|512)$|^(none)$/i);
+  var match = algorithm.match(/^(RS|PS|ES|HS)(256|384|512)$|^(none)$/);
   if (!match)
     throw typeError(MSG_INVALID_ALGORITHM, algorithm);
   var algo = (match[1] || match[3]).toLowerCase();
@@ -721,7 +721,12 @@ function jwsSign(opts) {
 }
 
 function SignStream$1(opts) {
-  var secret = opts.secret||opts.privateKey||opts.key;
+  var secret = opts.secret;
+  secret = secret == null ? opts.privateKey : secret;
+  secret = secret == null ? opts.key : secret;
+  if (/^hs/i.test(opts.header.alg) === true && secret == null) {
+    throw new TypeError('secret must be a string or buffer or a KeyObject')
+  }
   var secretStream = new DataStream$1(secret);
   this.readable = true;
   this.header = opts.header;
@@ -846,7 +851,12 @@ function jwsDecode(jwsSig, opts) {
 
 function VerifyStream$1(opts) {
   opts = opts || {};
-  var secretOrKey = opts.secret||opts.publicKey||opts.key;
+  var secretOrKey = opts.secret;
+  secretOrKey = secretOrKey == null ? opts.publicKey : secretOrKey;
+  secretOrKey = secretOrKey == null ? opts.key : secretOrKey;
+  if (/^hs/i.test(opts.algorithm) === true && secretOrKey == null) {
+    throw new TypeError('secret must be a string or buffer or a KeyObject')
+  }
   var secretStream = new DataStream(secretOrKey);
   this.readable = true;
   this.algorithm = opts.algorithm;
@@ -1214,7 +1224,7 @@ const debug$1 = (
 
 var debug_1 = debug$1;
 
-(function (module, exports) {
+(function (module, exports$1) {
 
 	const {
 	  MAX_SAFE_COMPONENT_LENGTH,
@@ -1222,14 +1232,14 @@ var debug_1 = debug$1;
 	  MAX_LENGTH,
 	} = constants$1;
 	const debug = debug_1;
-	exports = module.exports = {};
+	exports$1 = module.exports = {};
 
 	// The actual regexps go on exports.re
-	const re = exports.re = [];
-	const safeRe = exports.safeRe = [];
-	const src = exports.src = [];
-	const safeSrc = exports.safeSrc = [];
-	const t = exports.t = {};
+	const re = exports$1.re = [];
+	const safeRe = exports$1.safeRe = [];
+	const src = exports$1.src = [];
+	const safeSrc = exports$1.safeSrc = [];
+	const t = exports$1.t = {};
 	let R = 0;
 
 	const LETTERDASHNUMBER = '[a-zA-Z0-9-]';
@@ -1393,7 +1403,7 @@ var debug_1 = debug$1;
 	createToken('LONETILDE', '(?:~>?)');
 
 	createToken('TILDETRIM', `(\\s*)${src[t.LONETILDE]}\\s+`, true);
-	exports.tildeTrimReplace = '$1~';
+	exports$1.tildeTrimReplace = '$1~';
 
 	createToken('TILDE', `^${src[t.LONETILDE]}${src[t.XRANGEPLAIN]}$`);
 	createToken('TILDELOOSE', `^${src[t.LONETILDE]}${src[t.XRANGEPLAINLOOSE]}$`);
@@ -1403,7 +1413,7 @@ var debug_1 = debug$1;
 	createToken('LONECARET', '(?:\\^)');
 
 	createToken('CARETTRIM', `(\\s*)${src[t.LONECARET]}\\s+`, true);
-	exports.caretTrimReplace = '$1^';
+	exports$1.caretTrimReplace = '$1^';
 
 	createToken('CARET', `^${src[t.LONECARET]}${src[t.XRANGEPLAIN]}$`);
 	createToken('CARETLOOSE', `^${src[t.LONECARET]}${src[t.XRANGEPLAINLOOSE]}$`);
@@ -1416,7 +1426,7 @@ var debug_1 = debug$1;
 	// it modifies, so that `> 1.2.3` ==> `>1.2.3`
 	createToken('COMPARATORTRIM', `(\\s*)${src[t.GTLT]
 	}\\s*(${src[t.LOOSEPLAIN]}|${src[t.XRANGEPLAIN]})`, true);
-	exports.comparatorTrimReplace = '$1$2$3';
+	exports$1.comparatorTrimReplace = '$1$2$3';
 
 	// Something like `1.2.3 - 1.2.4`
 	// Note that these all use the loose form, because they'll be
@@ -1459,6 +1469,10 @@ var parseOptions_1 = parseOptions$1;
 
 const numeric = /^[0-9]+$/;
 const compareIdentifiers$1 = (a, b) => {
+  if (typeof a === 'number' && typeof b === 'number') {
+    return a === b ? 0 : a < b ? -1 : 1
+  }
+
   const anum = numeric.test(a);
   const bnum = numeric.test(b);
 
@@ -1592,11 +1606,25 @@ let SemVer$d = class SemVer {
       other = new SemVer(other, this.options);
     }
 
-    return (
-      compareIdentifiers(this.major, other.major) ||
-      compareIdentifiers(this.minor, other.minor) ||
-      compareIdentifiers(this.patch, other.patch)
-    )
+    if (this.major < other.major) {
+      return -1
+    }
+    if (this.major > other.major) {
+      return 1
+    }
+    if (this.minor < other.minor) {
+      return -1
+    }
+    if (this.minor > other.minor) {
+      return 1
+    }
+    if (this.patch < other.patch) {
+      return -1
+    }
+    if (this.patch > other.patch) {
+      return 1
+    }
+    return 0
   }
 
   comparePre (other) {
@@ -2408,6 +2436,7 @@ function requireRange () {
 	// already replaced the hyphen ranges
 	// turn into a set of JUST comparators.
 	const parseComparator = (comp, options) => {
+	  comp = comp.replace(re[t.BUILD], '');
 	  debug('comp', comp, options);
 	  comp = replaceCarets(comp, options);
 	  debug('caret', comp);
@@ -5795,20 +5824,78 @@ var jwt = /*@__PURE__*/getDefaultExportFromCjs(jsonwebtoken);
 
 class Mixin {
     createBasicToken(payload, secret, expiresIn, options) {
-        const finalOptions = Object.assign(Object.assign({}, (options || {})), { expiresIn });
+        const finalOptions = Object.assign(Object.assign({}, (options || {})), { expiresIn, issuer: (options === null || options === void 0 ? void 0 : options.issuer) || process.env.JWT_ISSUER || 'hemia-app', audience: (options === null || options === void 0 ? void 0 : options.audience) || process.env.JWT_AUDIENCE || 'hemia-api', algorithm: (options === null || options === void 0 ? void 0 : options.algorithm) || 'HS256' });
         return jwt.sign(payload, secret, finalOptions);
     }
-    validateTokenBase(token, secretKey) {
+    validateTokenBase(token, secretKey, options) {
         try {
-            return jwt.verify(token, secretKey);
+            const verifyOptions = Object.assign(Object.assign({}, options), { algorithms: ['HS256', 'RS256'], issuer: (options === null || options === void 0 ? void 0 : options.issuer) || process.env.JWT_ISSUER, audience: (options === null || options === void 0 ? void 0 : options.audience) || process.env.JWT_AUDIENCE, clockTolerance: 30 });
+            return jwt.verify(token, secretKey, verifyOptions);
         }
         catch (error) {
-            console.error('Token inválido:', error);
+            if (error instanceof jwt.TokenExpiredError) {
+                console.error('Token expirado:', error.expiredAt);
+            }
+            else if (error instanceof jwt.JsonWebTokenError) {
+                console.error('Token inválido:', error.message);
+            }
+            else if (error instanceof jwt.NotBeforeError) {
+                console.error('Token no válido aún:', error.date);
+            }
+            else {
+                console.error('Error de validación:', error);
+            }
             return null;
         }
     }
-    decodeToken(token) {
-        return jwt.decode(token);
+    validateTokenDetailed(token, secretKey, options) {
+        try {
+            const verifyOptions = Object.assign(Object.assign({}, options), { algorithms: ['HS256', 'RS256'], issuer: (options === null || options === void 0 ? void 0 : options.issuer) || process.env.JWT_ISSUER, audience: (options === null || options === void 0 ? void 0 : options.audience) || process.env.JWT_AUDIENCE, clockTolerance: 30 });
+            const payload = jwt.verify(token, secretKey, verifyOptions);
+            return {
+                valid: true,
+                payload
+            };
+        }
+        catch (error) {
+            if (error instanceof jwt.TokenExpiredError) {
+                return {
+                    valid: false,
+                    error: `Token expirado en: ${error.expiredAt}`,
+                    errorType: 'expired'
+                };
+            }
+            else if (error instanceof jwt.JsonWebTokenError) {
+                return {
+                    valid: false,
+                    error: error.message,
+                    errorType: error.message.includes('signature') ? 'signature_invalid' : 'invalid'
+                };
+            }
+            else if (error instanceof jwt.NotBeforeError) {
+                return {
+                    valid: false,
+                    error: `Token no válido hasta: ${error.date}`,
+                    errorType: 'not_before'
+                };
+            }
+            else {
+                return {
+                    valid: false,
+                    error: 'Error desconocido al validar token',
+                    errorType: 'malformed'
+                };
+            }
+        }
+    }
+    decodeToken(token, complete = false) {
+        try {
+            return jwt.decode(token, { complete });
+        }
+        catch (error) {
+            console.error('Error al decodificar token:', error);
+            return null;
+        }
     }
 }
 
@@ -5816,30 +5903,133 @@ class JwtManager extends Mixin {
     constructor() {
         super();
         this._secretKey = '';
+        this._issuer = '';
+        this._audience = '';
         this._secretKey = process.env.JWT_SECRET || jwtConfig.cleanCredentialSecret;
+        this._issuer = process.env.JWT_ISSUER || 'hemia-app';
+        this._audience = process.env.JWT_AUDIENCE || 'hemia-api';
         if (!this._secretKey) {
             throw new Error("JWT secret key is required.");
         }
     }
+    createToken(payload, expiresIn, options) {
+        return this.createBasicToken(payload, this._secretKey, expiresIn || jwtConfig.expiresIn, Object.assign(Object.assign({}, options), { issuer: (options === null || options === void 0 ? void 0 : options.issuer) || this._issuer, audience: (options === null || options === void 0 ? void 0 : options.audience) || this._audience }));
+    }
+    createTokenWithSecret(payload, secretKey, expiresIn, options) {
+        return this.createBasicToken(payload, secretKey, expiresIn || jwtConfig.expiresIn, Object.assign(Object.assign({}, options), { issuer: (options === null || options === void 0 ? void 0 : options.issuer) || this._issuer, audience: (options === null || options === void 0 ? void 0 : options.audience) || this._audience }));
+    }
+    createCleanCredentialsToken(operative = Operatives.CATALOG, expiresIn) {
+        const payload = { accessType: operative };
+        return this.createBasicToken(payload, this._secretKey, expiresIn || jwtConfig.expiresIn);
+    }
     getTokenWithoutKey(payload, expiresIn, options) {
-        return this.createBasicToken(payload, this._secretKey, expiresIn || jwtConfig.expiresIn, options);
+        return this.createToken(payload, expiresIn, options);
     }
     getTokenWithKey(payload, secretKey, expiresIn, options) {
-        return this.createBasicToken(payload, secretKey, expiresIn || jwtConfig.expiresIn, options);
+        return this.createTokenWithSecret(payload, secretKey, expiresIn, options);
     }
     getTokenCleanCredentials(operative = Operatives.CATALOG, expiresIn) {
-        const payload = { accessType: operative };
-        return this.createBasicToken(payload, this._secretKey, expiresIn || jwtConfig.expiresIn);
+        return this.createCleanCredentialsToken(operative, expiresIn);
     }
-    validateToken(token, secretKey) {
-        return this.validateTokenBase(token, secretKey || this._secretKey);
+    createIdToken(claims, expiresIn) {
+        if (!claims.sub) {
+            throw new Error('sub (subject) claim is required for ID tokens');
+        }
+        const payload = Object.assign(Object.assign({}, claims), { iss: this._issuer, aud: this._audience, iat: Math.floor(Date.now() / 1000) });
+        return this.createBasicToken(payload, this._secretKey, expiresIn || jwtConfig.expiresIn, { issuer: this._issuer, audience: this._audience });
     }
-    decode(token) {
-        return this.decodeToken(token);
+    createAccessToken(sub, scopes, expiresIn) {
+        const payload = {
+            sub,
+            scope: scopes.join(' '),
+            iss: this._issuer,
+            aud: this._audience,
+            iat: Math.floor(Date.now() / 1000),
+        };
+        return this.createBasicToken(payload, this._secretKey, expiresIn || '15m', { issuer: this._issuer, audience: this._audience });
+    }
+    createRefreshToken(sub, expiresIn) {
+        const payload = {
+            sub,
+            type: 'refresh',
+            iss: this._issuer,
+            aud: this._audience,
+            iat: Math.floor(Date.now() / 1000),
+        };
+        return this.createBasicToken(payload, this._secretKey, expiresIn || '30d', {
+            issuer: this._issuer,
+            audience: this._audience,
+            jwtid: this.generateJti()
+        });
+    }
+    verify(token, secretKey, options) {
+        return this.validateTokenBase(token, secretKey || this._secretKey, Object.assign(Object.assign({}, options), { issuer: (options === null || options === void 0 ? void 0 : options.issuer) || this._issuer, audience: (options === null || options === void 0 ? void 0 : options.audience) || this._audience }));
+    }
+    verifyDetailed(token, secretKey, options) {
+        return super.validateTokenDetailed(token, secretKey || this._secretKey, Object.assign(Object.assign({}, options), { issuer: (options === null || options === void 0 ? void 0 : options.issuer) || this._issuer, audience: (options === null || options === void 0 ? void 0 : options.audience) || this._audience }));
+    }
+    validateToken(token, secretKey, options) {
+        return this.verify(token, secretKey, options);
+    }
+    validateTokenDetailed(token, secretKey, options) {
+        return this.verifyDetailed(token, secretKey, options);
+    }
+    decode(token, complete = false) {
+        return this.decodeToken(token, complete);
+    }
+    getClaims(token) {
+        const decoded = this.decodeToken(token);
+        if (!decoded)
+            return null;
+        const { sub, name, given_name, family_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at, email, email_verified, phone_number, phone_number_verified, address } = decoded;
+        return {
+            sub,
+            name,
+            given_name,
+            family_name,
+            middle_name,
+            nickname,
+            preferred_username,
+            profile,
+            picture,
+            website,
+            gender,
+            birthdate,
+            zoneinfo,
+            locale,
+            updated_at,
+            email,
+            email_verified,
+            phone_number,
+            phone_number_verified,
+            address
+        };
+    }
+    getStandardClaims(token) {
+        return this.getClaims(token);
+    }
+    hasScope(token, requiredScope) {
+        const payload = this.verify(token);
+        if (!payload || !payload.scope)
+            return false;
+        const scopes = typeof payload.scope === 'string'
+            ? payload.scope.split(' ')
+            : [];
+        return scopes.includes(requiredScope);
+    }
+    generateJti() {
+        return `${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
     }
     getJwtKey() {
         return this._secretKey;
     }
 }
 
-export { JwtManager, Operatives };
+var TokenType;
+(function (TokenType) {
+    TokenType["ID_TOKEN"] = "id_token";
+    TokenType["ACCESS_TOKEN"] = "access_token";
+    TokenType["REFRESH_TOKEN"] = "refresh_token";
+})(TokenType || (TokenType = {}));
+
+export { JwtManager, Operatives, TokenType };