@igxjs/node-components 1.0.11 → 1.0.12

package/README.md

@@ -13,6 +13,7 @@ npm install @igxjs/node-components
 | Component | Description | Documentation |
 |-----------|-------------|---------------|
 | **SessionManager** | SSO session management with Redis/memory storage, supporting both session and token-based authentication | [View docs](./docs/session-manager.md) |
+| **Logger** | High-performance logging utility with zero dependencies and smart color detection | [View docs](./docs/logger.md) |
 | **FlexRouter** | Flexible routing with context paths and middleware | [View docs](./docs/flex-router.md) |
 | **RedisManager** | Redis connection management with TLS support | [View docs](./docs/redis-manager.md) |
 | **JWT Manager** | Secure JWT encryption/decryption with JWE | [View docs](./docs/jwt-manager.md) |
@@ -76,10 +77,11 @@ flexRouter.mount(app, '');
 ```javascript
 import { JwtManager } from '@igxjs/node-components';
 
-const jwt = new JwtManager({ expirationTime: '1h' });
+// Constructor uses UPPERCASE naming with JWT_ prefix
+const jwt = new JwtManager({ SESSION_AGE: 64800000 });
 const SECRET = process.env.JWT_SECRET;
 
-// Create token
+// Create token (encrypt method uses camelCase for per-call options)
 const token = await jwt.encrypt({ userId: '123', email: 'user@example.com' }, SECRET);
 
 // Verify token
@@ -143,7 +145,6 @@ Uses JWT bearer tokens instead of session cookies. When a user authenticates via
 - `SSO_FAILURE_URL`: Redirect URL after failed SSO login  
 - `JWT_ALGORITHM`: JWT algorithm (default: `'dir'`)
 - `JWT_ENCRYPTION`: Encryption algorithm (default: `'A256GCM'`)
-- `JWT_EXPIRATION_TIME`: Token expiration time (default: `'10m'`)
 - `JWT_CLOCK_TOLERANCE`: Clock skew tolerance in seconds (default: 30)
 
 **Auth Methods:**
@@ -154,23 +155,23 @@ Uses JWT bearer tokens instead of session cookies. When a user authenticates via
 
 **Token Storage (Client-Side):**
 
-When using token-based authentication, the client-side HTML page stores the token in `localStorage`:
-
-```html
-<script>
-  // Store auth data in localStorage
-  localStorage.setItem('authToken', ${JSON.stringify(token)});
-  localStorage.setItem('tokenExpiry', ${Date.now() + sessionAge});
-  localStorage.setItem('user', ${JSON.stringify({
-    email: user.email,
-    name: user.name,
-  })});
-  
-  // Redirect to original destination
-  window.location.replace(redirectUrl);
-</script>
+When using token-based authentication, the SSO callback returns an HTML page that stores the token in `localStorage` and redirects the user:
+
+```javascript
+// The token is automatically stored in localStorage by the callback HTML page
+// Default keys (customizable via SESSION_KEY and SESSION_EXPIRY_KEY config):
+localStorage.getItem('session_token');        // JWT token
+localStorage.getItem('session_expires_at');   // Expiry timestamp
+
+// Making authenticated requests from the client:
+const token = localStorage.getItem('session_token');
+fetch('/api/protected', {
+  headers: { 'Authorization': `Bearer ${token}` }
+});
 ```
 
+**Note:** The actual localStorage keys used are determined by the `SESSION_KEY` and `SESSION_EXPIRY_KEY` configuration options (defaults shown above).
+
 ## SessionManager Configuration Options
 
 | Option | Type | Default | Description |
@@ -189,7 +190,6 @@ When using token-based authentication, the client-side HTML page stores the toke
 | `REDIS_CERT_PATH` | string | - | Path to Redis TLS certificate |
 | `JWT_ALGORITHM` | string | `'dir'` | JWT signing algorithm |
 | `JWT_ENCRYPTION` | string | `'A256GCM'` | JWE encryption algorithm |
-| `JWT_EXPIRATION_TIME` | string | `'10m'` | Token expiration duration |
 | `JWT_CLOCK_TOLERANCE` | number | 30 | Clock skew tolerance in seconds |
 | `JWT_SECRET_HASH_ALGORITHM` | string | `'SHA-256'` | Algorithm for hashing secrets |
 | `JWT_ISSUER` | string | - | JWT issuer identifier |

package/components/assets/template.html

@@ -0,0 +1,111 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <title>Sign in IBM Garage</title>
+    <meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no,viewport-fit=cover,minimum-scale=1,maximum-scale=1,user-scalable=no">
+    <meta name="robots" content="noindex, nofollow" />
+    <style>
+      :root {
+        --foreground-color-primary: #444;
+        --font-size: 0.8rem;
+        --background-color-primary: #f1f1f199;
+        --gap-global: 0.4rem;
+      }
+      @media (prefers-color-scheme: dark) {
+        :root {
+          --background-color-primary: black;
+          --foreground-color-primary: #bbb;
+        }
+      }
+      html, body {
+        padding: 0px;
+        margin: 0px auto;
+        height: 100%;
+        width: 100%;
+      }
+      body {
+        background-image: radial-gradient(circle at 20% 80%, rgba(255, 140, 140, 0.5), transparent 42%),
+          radial-gradient(circle at 80% 20%, rgba(140, 200, 255, 0.55), transparent 42%),
+          radial-gradient(circle at 40% 40%, rgba(255, 230, 140, 0.45), transparent 32%),
+          linear-gradient(135deg, rgba(160, 120, 240, 0.95), rgba(120, 160, 240, 0.95));
+        background-size: cover;
+        background-repeat: no-repeat;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        font-family: Verdana, Helvetica, Arial, sans-serif;
+        font-size: var(--font-size);
+        color: var(--foreground-color-primary);
+        flex-flow: column;
+        position: relative;
+        z-index: 10;
+        overflow: hidden;
+      }
+      body::before {
+        background: var(--background-color-primary);
+        content: "";
+        position: absolute;
+        top: 0;
+        left: 0;
+        right: 0;
+        bottom: 0;
+        z-index: -1;
+        backdrop-filter: blur(10px);
+        -webkit-backdrop-filter: blur(10px);
+      }
+      .wrapper {
+        width: 100%;
+        display: flex;
+        align-items: center;
+        justify-content: space-between;
+        box-sizing: border-box;
+        row-gap: var(--gap-global);
+        flex-direction: column;
+        padding: var(--gap-global);
+      }
+      .wrapper #failure {
+        display: none;
+      }
+    </style>
+  </head>
+<body>
+  <hr />
+  <div class="wrapper">
+    <div id="success">Redirecting... <a href="{{SSO_SUCCESS_URL}}" target="_blank" style="color: blue; text-decoration: underline;">(click here if not redirected)</a></div>
+    <div id="failure">
+      <p>Authentication failed. Please try again.</p>
+      <a href="{{SSO_FAILURE_URL}}">Return to login</a>
+    </div>
+  </div>
+  <script>
+  (function() {
+    let success = true;
+
+    // Check localStorage support first
+    if (typeof localStorage !== 'object' || typeof localStorage.setItem !== 'function') {
+      console.warn('localStorage not supported, falling back to session cookie');
+      success = false;
+    }
+
+    try {
+      // Try localStorage first
+      if (localStorage.setItem) {
+        localStorage.setItem('{{SESSION_DATA_KEY}}', '{{SESSION_DATA_VALUE}}');
+        localStorage.setItem('{{SESSION_EXPIRY_KEY}}', '{{SESSION_EXPIRY_VALUE}}');
+      }
+
+      // Fall back to simple navigation
+      location.href = '{{SSO_SUCCESS_URL}}';
+    } catch (e) {
+      console.error('Redirect failed:', e);
+      success = false;
+    }
+
+    if (!success) {
+      document.getElementById('success').style.display = 'none';
+      document.getElementById('failure').style.display = 'block';
+    }
+  })();
+  </script>
+</body>
+</html>

package/components/http-handlers.js

@@ -1,20 +1,11 @@
 import { STATUS_CODES } from 'node:http';
+import { Logger } from './logger.js';
 
-export const httpMessages = {
-  OK: 'OK',
-  CREATED: 'Created',
-  NO_CONTENT: 'No Content',
-  BAD_REQUEST: 'Bad Request',
-  UNAUTHORIZED: 'Unauthorized',
-  FORBIDDEN: 'Forbidden',
-  NOT_FOUND: 'Not Found',
-  NOT_ACCEPTABLE: 'Not Acceptable',
-  CONFLICT: 'Conflict',
-  LOCKED: 'Locked',
-  SYSTEM_FAILURE: 'System Error',
-  NOT_IMPLEMENTED: 'Not Implemented',
-};
+const logger = Logger.getInstance('httpError');
 
+/**
+ * HTTP status codes
+ */
 export const httpCodes = {
   OK: 200,
   CREATED: 201,
@@ -30,23 +21,45 @@ export const httpCodes = {
   NOT_IMPLEMENTED: 501,
 };
 
+/**
+ * HTTP status messages
+ */
+export const httpMessages = {
+  OK: 'OK',
+  CREATED: 'Created',
+  NO_CONTENT: 'No Content',
+  BAD_REQUEST: 'Bad Request',
+  UNAUTHORIZED: 'Unauthorized',
+  FORBIDDEN: 'Forbidden',
+  NOT_FOUND: 'Not Found',
+  NOT_ACCEPTABLE: 'Not Acceptable',
+  CONFLICT: 'Conflict',
+  LOCKED: 'Locked',
+  SYSTEM_FAILURE: 'Internal Server Error',
+  NOT_IMPLEMENTED: 'Not Implemented',
+};
+
+/**
+ * Custom Error class
+ */
 export class CustomError extends Error {
-  /** @type {number} */
-  code;
-  /** @type {object} */
-  data;
-  /** @type {object} */
-  error;
   /**
-   * Construct a custom error
-   * @param {number} code Error code
-   * @param {string} message Message
+   * @param {number} code HTTP status code
+   * @param {string} message Error message
+   * @param {Error} [error] Original error object
+   * @param {object} [data] Additional error data
    */
-  constructor(code, message, error = {}, data = {}) {
+  constructor(code, message, error, data) {
     super(message);
+    this.name = 'CustomError';
     this.code = code;
     this.error = error;
     this.data = data;
+
+    // Maintains proper stack trace for where our error was thrown (only available on V8)
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, CustomError);
+    }
   }
 }
 
@@ -85,21 +98,21 @@ export const httpErrorHandler = (err, req, res, next) => {
   res.status(responseBody.status).json(responseBody);
 
   // Log error details
-  console.error('### ERROR ###');
-  console.error(`${req.method} ${req.path}`);
+  logger.error('### ERROR ###');
+  logger.error(`${req.method} ${req.path}`);
 
   // Log based on error type
   if ([httpCodes.UNAUTHORIZED, httpCodes.FORBIDDEN, httpCodes.NOT_FOUND].includes(err.code)) {
-    console.error('>>> Auth Error:', err.message);
+    logger.error('>>> Auth Error:', err.message);
   } else {
-    console.error('>>> Name:', err.name);
-    console.error('>>> Message:', err.message);
+    logger.error('>>> Name:', err.name);
+    logger.error('>>> Message:', err.message);
     if (err.stack) {
-      console.error('>>> Stack:', err.stack);
+      logger.error('>>> Stack:', err.stack);
     }
   }
 
-  console.error('### /ERROR ###');
+  logger.error('### /ERROR ###');
 };
 
 /**
@@ -177,7 +190,7 @@ export const httpHelper = {
    * @returns {CustomError} Returns CustomError instance
    */
   handleAxiosError(error, defaultMessage = 'An error occurred') {
-    console.warn(`### TRY ERROR: ${defaultMessage} ###`);
+    logger.warn(`### TRY ERROR: ${defaultMessage} ###`);
     // Extract error details
     const errorCode = _getErrorCode(error);
     const errorMessage = _getErrorMessage(error, defaultMessage);
@@ -196,4 +209,4 @@ export const httpHelper = {
  */
 export const httpError = (code, message, error, data) => {
   return new CustomError(code, message, error, data);
-};
+};

package/components/jwt.js

@@ -13,7 +13,7 @@ export class JwtManager {
   /** @type {string} Encryption method */
   encryption;
   
-  /** @type {string} Token expiration time */
+  /** @type {number} Token expiration time */
   expirationTime;
   
   /** @type {number} Clock tolerance in seconds */
@@ -37,7 +37,7 @@ export class JwtManager {
    * @typedef {Object} JwtManagerOptions JwtManager configuration options
    * @property {string} [JWT_ALGORITHM='dir'] JWE algorithm (default: 'dir')
    * @property {string} [JWT_ENCRYPTION='A256GCM'] Encryption method (default: 'A256GCM')
-   * @property {string} [JWT_EXPIRATION_TIME='10m'] Token expiration time (default: '10m')
+   * @property {number} [SESSION_AGE=64800000] Token expiration time in milliseconds (default: 64800000 = 18 hours)
    * @property {string} [JWT_SECRET_HASH_ALGORITHM='SHA-256'] Hash algorithm (default: 'SHA-256')
    * @property {string?} [JWT_ISSUER] Optional JWT issuer claim
    * @property {string?} [JWT_AUDIENCE] Optional JWT audience claim
@@ -48,7 +48,8 @@ export class JwtManager {
   constructor(options = {}) {
     this.algorithm = options.JWT_ALGORITHM || 'dir';
     this.encryption = options.JWT_ENCRYPTION || 'A256GCM';
-    this.expirationTime = options.JWT_EXPIRATION_TIME || '10m';
+    // SESSION_AGE is in milliseconds, convert to seconds for expirationTime
+    this.expirationTime = Math.floor((options.SESSION_AGE || 64800000) / 1000);
     this.secretHashAlgorithm = options.JWT_SECRET_HASH_ALGORITHM || 'SHA-256';
     this.issuer = options.JWT_ISSUER;
     this.audience = options.JWT_AUDIENCE;
@@ -62,7 +63,7 @@ export class JwtManager {
    * @typedef {Object} JwtEncryptOptions Encryption method options
    * @property {string} [algorithm='dir'] JWE algorithm (overrides instance JWT_ALGORITHM)
    * @property {string} [encryption='A256GCM'] Encryption method (overrides instance JWT_ENCRYPTION)
-   * @property {string} [expirationTime='10m'] Token expiration time (overrides instance JWT_EXPIRATION_TIME)
+   * @property {number} [expirationTime] Token expiration time in seconds (overrides instance expirationTime derived from SESSION_AGE)
    * @property {string} [secretHashAlgorithm='SHA-256'] Hash algorithm for secret derivation (overrides instance JWT_SECRET_HASH_ALGORITHM)
    * @property {string?} [issuer] Optional JWT issuer claim (overrides instance JWT_ISSUER)
    * @property {string?} [audience] Optional JWT audience claim (overrides instance JWT_AUDIENCE)
@@ -93,10 +94,11 @@ export class JwtManager {
     const jwt = new EncryptJWT(data)
       .setProtectedHeader({
         alg: algorithm,
-        enc: encryption
+        enc: encryption,
+        typ: 'JWT',
       })
       .setIssuedAt()
-      .setExpirationTime(expirationTime);
+      .setExpirationTime(`${expirationTime}s`); // Pass as string with 's' suffix for seconds
 
     // Add optional claims if provided
     if (issuer) jwt.setIssuer(issuer);

package/components/logger.js

@@ -0,0 +1,131 @@
+/**
+ * Logger utility for node-components
+ * Provides configurable logging with enable/disable functionality
+ * Uses singleton pattern to manage logger instances per component
+ * 
+ * @example
+ * import { Logger } from './logger.js';
+ * 
+ * // Recommended: Get logger instance (singleton pattern)
+ * const logger = Logger.getInstance('ComponentName');
+ * 
+ * // With explicit enable/disable
+ * const logger = Logger.getInstance('ComponentName', true);  // Always enabled
+ * const logger = Logger.getInstance('ComponentName', false); // Always disabled
+ * 
+ * // Backward compatibility: Constructor still works
+ * const logger = new Logger('ComponentName');
+ * 
+ * // Use logger
+ * logger.info('Operation completed');
+ * logger.error('Error occurred', error);
+ */
+export class Logger {
+  /** @type {Map<string, Logger>} */
+  static #instances = new Map();
+  
+  /** @type {boolean} - Global flag to enable/disable colors */
+  static #colorsEnabled = true;
+  
+  /** ANSI color codes for different log levels */
+  static #colors = {
+    reset: '\x1b[0m',
+    dim: '\x1b[2m',      // debug - dim/gray
+    cyan: '\x1b[36m',    // info - cyan
+    yellow: '\x1b[33m',  // warn - yellow
+    red: '\x1b[31m',     // error - red
+  };
+  
+  /** @type {boolean} */
+  #enabled;
+  /** @type {string} */
+  #prefix;
+  /** @type {boolean} */
+  #useColors;
+
+  /**
+   * Get or create a Logger instance (singleton pattern)
+   * @param {string} componentName Component name for log prefix
+   * @param {boolean} [enableLogging] Enable/disable logging. Defaults to NODE_ENV !== 'production'
+   * @returns {Logger} Logger instance
+   */
+  static getInstance(componentName, enableLogging) {
+    const key = `${componentName}:${enableLogging ?? 'default'}`;
+    
+    if (!Logger.#instances.has(key)) {
+      Logger.#instances.set(key, new Logger(componentName, enableLogging));
+    }
+    
+    return Logger.#instances.get(key);
+  }
+
+  /**
+   * Clear all logger instances (useful for testing)
+   */
+  static clearInstances() {
+    Logger.#instances.clear();
+  }
+
+  /**
+   * Disable colors globally for all logger instances
+   */
+  static disableColors() {
+    Logger.#colorsEnabled = false;
+  }
+
+  /**
+   * Enable colors globally for all logger instances
+   */
+  static enableColors() {
+    Logger.#colorsEnabled = true;
+  }
+
+  /**
+   * Create a new Logger instance
+   * @param {string} componentName Component name for log prefix
+   * @param {boolean} [enableLogging] Enable/disable logging. Defaults to NODE_ENV !== 'production'
+   */
+  constructor(componentName, enableLogging) {
+    // If enableLogging is explicitly set (true/false), use it
+    // Otherwise, default to enabled in development, disabled in production
+    this.#enabled = enableLogging ?? (process.env.NODE_ENV !== 'production');
+    this.#prefix = `[${componentName}]`;
+    
+    // Determine if colors should be used:
+    // - Colors are globally enabled
+    // - Output is a terminal (TTY)
+    // - NO_COLOR environment variable is not set
+    this.#useColors = Logger.#colorsEnabled && 
+                     process.stdout.isTTY && 
+                     !process.env.NO_COLOR;
+    
+    // Assign methods based on enabled flag to eliminate runtime checks
+    // This improves performance by avoiding conditional checks on every log call
+    if (this.#enabled) {
+      const colors = Logger.#colors;
+      
+      if (this.#useColors) {
+        // Logging enabled with colors: colorize the prefix
+        this.debug = (...args) => console.debug(colors.dim + this.#prefix + colors.reset, ...args);
+        this.info = (...args) => console.info(colors.cyan + this.#prefix + colors.reset, ...args);
+        this.warn = (...args) => console.warn(colors.yellow + this.#prefix + colors.reset, ...args);
+        this.error = (...args) => console.error(colors.red + this.#prefix + colors.reset, ...args);
+        this.log = (...args) => console.log(this.#prefix, ...args);
+      } else {
+        // Logging enabled without colors: plain text
+        this.debug = (...args) => console.debug(this.#prefix, ...args);
+        this.info = (...args) => console.info(this.#prefix, ...args);
+        this.warn = (...args) => console.warn(this.#prefix, ...args);
+        this.error = (...args) => console.error(this.#prefix, ...args);
+        this.log = (...args) => console.log(this.#prefix, ...args);
+      }
+    } else {
+      // Logging disabled: assign no-op functions that do nothing
+      this.debug = () => {};
+      this.info = () => {};
+      this.warn = () => {};
+      this.error = () => {};
+      this.log = () => {};
+    }
+  }
+}

package/components/redis.js

@@ -1,8 +1,12 @@
 import fs from 'node:fs';
 
 import { createClient } from '@redis/client';
+import { Logger } from './logger.js';
 
 export class RedisManager {
+  /** @type {Logger} */
+  #logger = Logger.getInstance('RedisManager');
+
   /** @type {import('@redis/client').RedisClientType} */
   #client = null;
   /**
@@ -22,21 +26,23 @@ export class RedisManager {
           options.socket.ca = caCert;
         }
         this.#client = createClient(options);
+        this.#logger.info('### REDIS CONNECTING ###');
         this.#client.on('ready', () => {
-          console.info('### REDIS READY ###');
+          this.#logger.info('### REDIS READY ###');
         });
         this.#client.on('reconnecting', (_res) => {
-          console.warn('### REDIS RECONNECTING ###');
+          this.#logger.warn('### REDIS RECONNECTING ###');
         });
         this.#client.on('error', (error) => {
-          console.error(`### REDIS ERROR: ${error.message} ###`);
+          this.#logger.error(`### REDIS ERROR: ${error.message} ###`);
         });
         await this.#client.connect();
+        this.#logger.info('### REDIS CONNECTED SUCCESSFULLY ###');
         return true;
       }
       catch (error) {
-        console.error('### REDIS CONNECT ERROR ###');
-        console.error(error);
+        this.#logger.error('### REDIS CONNECT ERROR ###', error);
+        return false;
       }
     }
     return false;
@@ -60,8 +66,8 @@ export class RedisManager {
         const pongMessage = await this.#client.ping();
         return 'PONG' === pongMessage;
       } catch (error) {
-        console.error(`### REDIS PING ERROR ###`);
-        console.error(error);
+        this.#logger.error(`### REDIS PING ERROR: ${error.message} ###`);
+        return false;
       }
     return false;
   }
@@ -70,7 +76,9 @@ export class RedisManager {
    * Disconnect with Redis
    * @returns {Promise<void>} Returns nothing
    */
-  disConnect() {
-    return this.#client.quit();
+  async disconnect() {
+    this.#logger.info('### REDIS DISCONNECTING ###');
+    await this.#client.quit();
+    this.#logger.info('### REDIS DISCONNECTED ###');
   }
-}
+}

package/components/session.js

@@ -1,4 +1,8 @@
+import fs from 'node:fs';
+import path from 'node:path';
 import crypto from 'node:crypto';
+import { fileURLToPath } from 'node:url';
+
 import axios from 'axios';
 import session from 'express-session';
 import memStore from 'memorystore';
@@ -7,6 +11,10 @@ import { RedisStore } from 'connect-redis';
 import { CustomError, httpCodes, httpHelper, httpMessages } from './http-handlers.js';
 import { JwtManager } from './jwt.js';
 import { RedisManager } from './redis.js';
+import { Logger } from './logger.js';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
 
 /**
  * Session authentication mode constants
@@ -21,9 +29,8 @@ export const SessionMode = {
  */
 export class SessionConfig {
   /** 
-   * @type {string} 
-   * Authentication mode for protected routes
-   * Supported values: SessionMode.SESSION | SessionMode.TOKEN
+   * @type {string} Authentication mode for protected routes
+   * - Supported values: SessionMode.SESSION | SessionMode.TOKEN
    * @default SessionMode.SESSION
    */
   SESSION_MODE;
@@ -38,35 +45,69 @@ export class SessionConfig {
   /** @type {string} */
   SSO_FAILURE_URL;
 
-  /** @type {number} */
+  /** @type {number} Session age in milliseconds */
   SESSION_AGE;
-  /** @type {string} */
+  /**
+   * @type {string} Session cookie path
+   * @default '/'
+   */
   SESSION_COOKIE_PATH;
-  /** @type {string} */
+  /** @type {string} Session secret */
   SESSION_SECRET;
-  /** @type {string} */
+  /** 
+   * @type {string} 
+   * @default 'ibmid:'
+   */
   SESSION_PREFIX;
-
-  /** @type {string} */
+  /** 
+   * @type {string} Session key
+   * - In the `SessionMode.SESSION` mode, this is the key used to store the user in the session.
+   * - In the `SessionMode.TOKEN` mode, this is the key of localStorage where the user is stored.
+   * @default 'session_token'
+   */
+  SESSION_KEY;
+  /** 
+   * @type {string} Session expiry key
+   * - In the `SessionMode.TOKEN` mode, this is the key of localStorage where the session expiry timestamp is stored.
+   * @default 'session_expires_at'
+   */
+  SESSION_EXPIRY_KEY;
+  /**
+   * @type {string} Path to custom HTML template for TOKEN mode callback
+   * - Used to customize the redirect page that stores JWT token and expiry in localStorage
+   * - Supports placeholders: {{SESSION_DATA_KEY}}, {{SESSION_DATA_VALUE}}, {{SESSION_EXPIRY_KEY}}, {{SESSION_EXPIRY_VALUE}}, {{SSO_SUCCESS_URL}}, {{SSO_FAILURE_URL}}
+   * - If not provided, uses default template
+   */
+  TOKEN_STORAGE_TEMPLATE_PATH;
+  /** @type {string} Redis URL */
   REDIS_URL;
-  /** @type {string} */
+  /** @type {string} Redis certificate path */
   REDIS_CERT_PATH;
-
-  /** @type {string} */
+  /**
+   * @type {string} Algorithm used to encrypt the JWT
+   * @default 'dir'
+   */
   JWT_ALGORITHM;
-  /** @type {string} */
+  /**
+   * @type {string} Encryption algorithm used to encrypt the JWT
+   * @default 'A256GCM'
+   */
   JWT_ENCRYPTION;
-  /** @type {string} */
-  JWT_EXPIRATION_TIME;
-  /** @type {number} */
+  /**
+   * @type {number} Clock tolerance in seconds
+   * @default 30
+   */
   JWT_CLOCK_TOLERANCE;
-  /** @type {string} */
+  /**
+   * @type {string} Hash algorithm used to hash the JWT secret
+   * @default 'SHA-256'
+   */
   JWT_SECRET_HASH_ALGORITHM;
-  /** @type {string} */
+  /** @type {string?} JWT issuer claim */
   JWT_ISSUER;
-  /** @type {string} */
+  /** @type {string?} JWT audience claim */
   JWT_AUDIENCE;
-  /** @type {string} */
+  /** @type {string?} JWT subject claim */
   JWT_SUBJECT;
 }
 
@@ -81,6 +122,8 @@ export class SessionManager {
   #idpRequest = null;
   /** @type {import('./jwt.js').JwtManager} */
   #jwtManager = null;
+  /** @type {import('./logger.js').Logger} */
+  #logger = Logger.getInstance('SessionManager');
 
   /**
    * Create a new session manager
@@ -95,6 +138,10 @@ export class SessionManager {
       SESSION_COOKIE_PATH: config.SESSION_COOKIE_PATH || '/',
       SESSION_SECRET: config.SESSION_SECRET,
       SESSION_PREFIX: config.SESSION_PREFIX || 'ibmid:',
+      SESSION_KEY: config.SESSION_KEY || 'session_token',
+      SESSION_EXPIRY_KEY: config.SESSION_EXPIRY_KEY || 'session_expires_at',
+      TOKEN_STORAGE_TEMPLATE_PATH: config.TOKEN_STORAGE_TEMPLATE_PATH,
+
       // Identity Provider
       SSO_ENDPOINT_URL: config.SSO_ENDPOINT_URL,
       SSO_CLIENT_ID: config.SSO_CLIENT_ID,
@@ -104,10 +151,10 @@ export class SessionManager {
       // Redis
       REDIS_URL: config.REDIS_URL,
       REDIS_CERT_PATH: config.REDIS_CERT_PATH,
+
       // JWT Manager
       JWT_ALGORITHM: config.JWT_ALGORITHM || 'dir',
       JWT_ENCRYPTION: config.JWT_ENCRYPTION || 'A256GCM',
-      JWT_EXPIRATION_TIME: config.JWT_EXPIRATION_TIME || '10m',
       JWT_CLOCK_TOLERANCE: config.JWT_CLOCK_TOLERANCE ?? 30,
       JWT_SECRET_HASH_ALGORITHM: config.JWT_SECRET_HASH_ALGORITHM || 'SHA-256',
       JWT_ISSUER: config.JWT_ISSUER,
@@ -155,18 +202,18 @@ export class SessionManager {
    * @returns {string} Returns the session key
    */
   #getSessionKey() {
-    return 'user';
+    return this.#config.SESSION_KEY;
   }
 
   /**
    * Get Redis key for token storage
    * @param {string} email User email
-   * @param {string} tokenId Token ID
+   * @param {string} tid Token ID
    * @returns {string} Returns the Redis key for token storage
    * @private
    */
-  #getTokenRedisKey(email, tokenId) {
-    return `${this.#config.SESSION_PREFIX}token:${email}:${tokenId}`;
+  #getTokenRedisKey(email, tid) {
+    return `${this.#config.SESSION_KEY}:t:${email}:${tid}`;
   }
 
   /**
@@ -176,7 +223,7 @@ export class SessionManager {
    * @private
    */
   #getTokenRedisPattern(email) {
-    return `${this.#config.SESSION_PREFIX}token:${email}:*`;
+    return `${this.#config.SESSION_KEY}:t:${email}:*`;
   }
 
   /**
@@ -189,36 +236,32 @@ export class SessionManager {
 
   /**
    * Generate and store JWT token in Redis
+   * - JWT payload contains only { email, tid } for minimal size
+   * - Full user data is stored in Redis as single source of truth
    * @param {object} user User object
    * @returns {Promise<string>} Returns the generated JWT token
    * @private
    */
   async #generateAndStoreToken(user) {
     // Generate unique token ID for this device/session
-    const tokenId = crypto.randomUUID();
-    
-    // Create JWT token with email and tokenId
+    const tid = crypto.randomUUID();
+    const ttlSeconds = Math.floor(this.#config.SESSION_AGE / 1000);
+    // Create JWT token with only email and tid (minimal payload)
     const token = await this.#jwtManager.encrypt(
-      { 
-        email: user.email, 
-        tokenId 
-      },
+      { email: user.email, tid },
       this.#config.SESSION_SECRET,
-      { expirationTime: this.#config.JWT_EXPIRATION_TIME }
+      { expirationTime: ttlSeconds }
     );
-    
+
     // Store user data in Redis with TTL
-    const redisKey = this.#getTokenRedisKey(user.email, tokenId);
-    const ttlSeconds = Math.floor(this.#config.SESSION_AGE / 1000);
-    
+    const redisKey = this.#getTokenRedisKey(user.email, tid);
+
     await this.#redisManager.getClient().setEx(
       redisKey,
       ttlSeconds,
       JSON.stringify(user)
     );
-    
-    console.debug(`### TOKEN GENERATED: ${user.email} ###`);
-    
+    this.#logger.debug(`### TOKEN GENERATED: ${user.email} ###`);
     return token;
   }
 
@@ -247,14 +290,14 @@ export class SessionManager {
         this.#config.SESSION_SECRET
       );
 
-      // Extract email and tokenId
-      const { email, tokenId } = payload;
-      if (!email || !tokenId) {
+      // Extract email and token ID
+      const { email, tid } = payload;
+      if (!email || !tid) {
         throw new CustomError(httpCodes.UNAUTHORIZED, 'Invalid token payload');
       }
 
       // Lookup user in Redis
-      const redisKey = this.#getTokenRedisKey(email, tokenId);
+      const redisKey = this.#getTokenRedisKey(email, tid);
       const userData = await this.#redisManager.getClient().get(redisKey);
 
       if (!userData) {
@@ -275,7 +318,7 @@ export class SessionManager {
 
     } catch (error) {
       if (isDebugging) {
-        console.warn('### TOKEN VERIFICATION FAILED (debugging mode) ###', error.message);
+        this.#logger.warn('### TOKEN VERIFICATION FAILED (debugging mode) ###', error.message);
         return next();
       }
 
@@ -331,11 +374,11 @@ export class SessionManager {
         throw new CustomError(httpCodes.UNAUTHORIZED, 'User not authenticated');
       }
 
-      // Extract tokenId from current token
+      // Extract Token ID from current token
       const authHeader = req.headers.authorization;
       const token = authHeader?.substring(7);
       const { payload } = await this.#jwtManager.decrypt(token, this.#config.SESSION_SECRET);
-      const oldTokenId = payload.tokenId;
+      const { tid: oldTokenId } = payload;
 
       // Check refresh lock
       if (this.hasLock(email)) {
@@ -376,7 +419,7 @@ export class SessionManager {
       const oldRedisKey = this.#getTokenRedisKey(email, oldTokenId);
       await this.#redisManager.getClient().del(oldRedisKey);
 
-      console.debug('### TOKEN REFRESHED SUCCESSFULLY ###');
+      this.#logger.debug('### TOKEN REFRESHED SUCCESSFULLY ###');
 
       // Return new token
       return res.json({
@@ -450,7 +493,7 @@ export class SessionManager {
         await this.#redisManager.getClient().del(keys);
       }
 
-      console.info(`### ALL TOKENS LOGGED OUT: ${email} (${keys.length} tokens) ###`);
+      this.#logger.info(`### ALL TOKENS LOGGED OUT: ${email} (${keys.length} tokens) ###`);
 
       if (isRedirect) {
         return res.redirect(this.#config.SSO_SUCCESS_URL);
@@ -461,7 +504,7 @@ export class SessionManager {
         redirect_url: this.#config.SSO_SUCCESS_URL
       });
     } catch (error) {
-      console.error('### LOGOUT ALL TOKENS ERROR ###', error);
+      this.#logger.error('### LOGOUT ALL TOKENS ERROR ###', error);
       if (isRedirect) {
         return res.redirect(this.#config.SSO_FAILURE_URL);
       }
@@ -487,7 +530,7 @@ export class SessionManager {
     }
 
     try {
-      // Extract tokenId from current token
+      // Extract Token ID from current token
       const authHeader = req.headers.authorization;
       const token = authHeader?.substring(7);
 
@@ -496,13 +539,17 @@ export class SessionManager {
       }
 
       const { payload } = await this.#jwtManager.decrypt(token, this.#config.SESSION_SECRET);
-      const { email, tokenId } = payload;
+      const { email, tid } = payload;
+
+      if (!email || !tid) {
+        throw new CustomError(httpCodes.BAD_REQUEST, 'Invalid token payload');
+      }
 
       // Remove token from Redis
-      const redisKey = this.#getTokenRedisKey(email, tokenId);
+      const redisKey = this.#getTokenRedisKey(email, tid);
       await this.#redisManager.getClient().del(redisKey);
 
-      console.info('### TOKEN LOGOUT SUCCESSFULLY ###');
+      this.#logger.info('### TOKEN LOGOUT SUCCESSFULLY ###');
 
       if (isRedirect) {
         return res.redirect(this.#config.SSO_SUCCESS_URL);
@@ -513,7 +560,7 @@ export class SessionManager {
       });
 
     } catch (error) {
-      console.error('### TOKEN LOGOUT ERROR ###', error);
+      this.#logger.error('### TOKEN LOGOUT ERROR ###', error);
       if (isRedirect) {
         return res.redirect(this.#config.SSO_FAILURE_URL);
       }
@@ -535,16 +582,16 @@ export class SessionManager {
     try {
       res.clearCookie('connect.sid');
     } catch (error) {
-      console.error('### CLEAR COOKIE ERROR ###');
-      console.error(error);
+      this.#logger.error('### CLEAR COOKIE ERROR ###');
+      this.#logger.error(error);
     }
     return req.session.destroy((sessionError) => {
       if (sessionError) {
-        console.error('### SESSION DESTROY CALLBACK ERROR ###');
-        console.error(sessionError);
+        this.#logger.error('### SESSION DESTROY CALLBACK ERROR ###');
+        this.#logger.error(sessionError);
         return callback(sessionError);
       }
-      console.info('### SESSION LOGOUT SUCCESSFULLY ###');
+      this.#logger.info('### SESSION LOGOUT SUCCESSFULLY ###');
       return callback(null);
     });
   }
@@ -573,7 +620,7 @@ export class SessionManager {
    */
   #redisSession() {
     // Redis Session
-    console.log('### Using Redis as the Session Store ###');
+    this.#logger.log('### Using Redis as the Session Store ###');
     return session({
       cookie: { maxAge: this.#config.SESSION_AGE, path: this.#config.SESSION_COOKIE_PATH, sameSite: false },
       store: new RedisStore({ client: this.#redisManager.getClient(), prefix: this.#config.SESSION_PREFIX, disableTouch: true }),
@@ -588,7 +635,7 @@ export class SessionManager {
    */
   #memorySession() {
     // Memory Session
-    console.log('### Using Memory as the Session Store ###');
+    this.#logger.log('### Using Memory as the Session Store ###');
     const MemoryStore = memStore(session);
     return session({
       cookie: { maxAge: this.#config.SESSION_AGE, path: this.#config.SESSION_COOKIE_PATH, sameSite: false },
@@ -675,13 +722,13 @@ export class SessionManager {
     /** @type {{ payload: { user: import('../models/types/user').UserModel, redirect_url: string } }} */
     const { payload } = await this.#jwtManager.decrypt(jwt, this.#config.SSO_CLIENT_SECRET);
     if (payload?.user) {
-      console.debug('### CALLBACK USER ###');
+      this.#logger.debug('### CALLBACK USER ###');
       request.session[this.#getSessionKey()] = initUser(payload.user);
       return new Promise((resolve, reject) => {
         request.session.touch().save((err) => {
           if (err) {
-            console.error('### SESSION SAVE ERROR ###');
-            console.error(err);
+            this.#logger.error('### SESSION SAVE ERROR ###');
+            this.#logger.error(err);
             return reject(new CustomError(httpCodes.SYSTEM_FAILURE,  'Session failed to save', err));
           }
           return resolve(payload);
@@ -711,7 +758,9 @@ export class SessionManager {
           throw new CustomError(httpCodes.BAD_REQUEST, 'Invalid JWT payload');
         }
 
+        /** @type {import('../index.js').SessionUser} */
         const user = initUser(payload.user);
+        /** @type {string} */
         const redirectUrl = payload.redirect_url || this.#config.SSO_SUCCESS_URL;
 
         // Check SESSION_MODE to determine response type
@@ -719,57 +768,26 @@ export class SessionManager {
           // Token-based: Generate token and return HTML page that stores it
           const token = await this.#generateAndStoreToken(user);
 
-          console.debug('### CALLBACK TOKEN GENERATED ###');
+          this.#logger.debug('### CALLBACK TOKEN GENERATED ###');
 
+          const templatePath = this.#config.TOKEN_STORAGE_TEMPLATE_PATH || path.resolve(__dirname, 'assets', 'template.html');
           // Return HTML page that stores token in localStorage and redirects
-          return res.send(`
-            <!DOCTYPE html>
-            <html>
-            <head>
-              <meta charset="UTF-8">
-              <title>Authentication Complete</title>
-              <script>
-                (function() {
-                  try {
-                    // Store auth data in localStorage
-                    localStorage.setItem('authToken', ${JSON.stringify(token)});
-                    localStorage.setItem('tokenExpiry', ${Date.now() + this.#config.SESSION_AGE});
-                    localStorage.setItem('user', ${JSON.stringify({
-                      email: user.email,
-                      name: user.name,
-                    })});
-                    
-                    // Redirect to original destination
-                    window.location.replace(${JSON.stringify(redirectUrl)});
-                  } catch (error) {
-                    console.error('Failed to store authentication:', error);
-                    document.getElementById('error').style.display = 'block';
-                  }
-                })();
-              </script>
-              <style>
-                body { font-family: system-ui, sans-serif; text-align: center; padding: 50px; }
-                #error { display: none; color: #d32f2f; margin-top: 20px; }
-              </style>
-            </head>
-            <body>
-              <p>Completing authentication...</p>
-              <div id="error">
-                <p>Authentication failed. Please try again.</p>
-                <a href="${this.#config.SSO_FAILURE_URL}">Return to login</a>
-              </div>
-            </body>
-            </html>
-          `);
-        }
-        else {
-          // Session-based: Save to session and redirect
-          await this.#saveSession(req, jwt, initUser);
-          return res.redirect(redirectUrl);
+          const template = fs.readFileSync(templatePath, 'utf8');
+          const html = template
+            .replaceAll('{{SESSION_DATA_KEY}}', this.#config.SESSION_KEY)
+            .replaceAll('{{SESSION_DATA_VALUE}}', token)
+            .replaceAll('{{SESSION_EXPIRY_KEY}}', this.#config.SESSION_EXPIRY_KEY)
+            .replaceAll('{{SESSION_EXPIRY_VALUE}}', user.attributes.expires_at)
+            .replaceAll('{{SSO_SUCCESS_URL}}', redirectUrl)
+            .replaceAll('{{SSO_FAILURE_URL}}', this.#config.SSO_FAILURE_URL);
+          return res.send(html);
         }
+        // Session-based: Save to session and redirect
+        await this.#saveSession(req, jwt, initUser);
+        return res.redirect(redirectUrl);
       }
       catch (error) {
-        console.error('### CALLBACK ERROR ###', error);
+        this.#logger.error('### CALLBACK ERROR ###', error);
         return res.redirect(this.#config.SSO_FAILURE_URL.concat('?message=').concat(encodeURIComponent(error.message)));
       }
     };
@@ -832,8 +850,8 @@ export class SessionManager {
       // Session-based authentication is already single-instance per cookie
       return this.#logoutSession(req, res, (error) => {
         if (error) {
-          console.error('### LOGOUT CALLBACK ERROR ###');
-          console.error(error);
+          this.#logger.error('### LOGOUT CALLBACK ERROR ###');
+          this.#logger.error(error);
           if (isRedirect) {
             return res.redirect(this.#config.SSO_FAILURE_URL);
           }

package/index.d.ts

@@ -7,6 +7,70 @@ import { Application, RequestHandler, Request, Response, NextFunction, Router }
 
 export { JWTPayload } from 'jose';
 
+// Logger class for configurable logging
+export class Logger {
+  /**
+   * Get or create a Logger instance (singleton pattern)
+   * @param componentName Component name for log prefix
+   * @param enableLogging Enable/disable logging (defaults to NODE_ENV !== 'production')
+   * @returns Logger instance
+   */
+  static getInstance(componentName: string, enableLogging?: boolean): Logger;
+
+  /**
+   * Clear all logger instances (useful for testing)
+   */
+  static clearInstances(): void;
+
+  /**
+   * Disable colors globally for all logger instances
+   */
+  static disableColors(): void;
+
+  /**
+   * Enable colors globally for all logger instances
+   */
+  static enableColors(): void;
+
+  /**
+   * Create a new Logger instance (backward compatibility)
+   * Note: Use Logger.getInstance() for singleton pattern
+   * @param componentName Component name for log prefix
+   * @param enableLogging Enable/disable logging (defaults to NODE_ENV !== 'production')
+   */
+  constructor(componentName: string, enableLogging?: boolean);
+
+  /**
+   * Log debug message
+   * @param args Arguments to log
+   */
+  debug(...args: any[]): void;
+
+  /**
+   * Log info message
+   * @param args Arguments to log
+   */
+  info(...args: any[]): void;
+
+  /**
+   * Log warning message
+   * @param args Arguments to log
+   */
+  warn(...args: any[]): void;
+
+  /**
+   * Log error message
+   * @param args Arguments to log
+   */
+  error(...args: any[]): void;
+
+  /**
+   * Log general message
+   * @param args Arguments to log
+   */
+  log(...args: any[]): void;
+}
+
 // Session Mode constants
 export const SessionMode: {
   SESSION: string;
@@ -29,13 +93,15 @@ export interface SessionConfig {
   SESSION_COOKIE_PATH?: string;
   SESSION_SECRET?: string;
   SESSION_PREFIX?: string;
+  SESSION_KEY?: string;
+  SESSION_EXPIRY_KEY?: string;
+  TOKEN_STORAGE_TEMPLATE_PATH?: string;
 
   REDIS_URL?: string;
   REDIS_CERT_PATH?: string;
 
   JWT_ALGORITHM?: string;
   JWT_ENCRYPTION?: string;
-  JWT_EXPIRATION_TIME?: string;
   JWT_CLOCK_TOLERANCE?: number;
   JWT_SECRET_HASH_ALGORITHM?: string;
   JWT_ISSUER?: string;
@@ -241,32 +307,29 @@ export class RedisManager {
    * Disconnect from Redis
    * @returns Returns nothing
    */
-  disConnect(): Promise<void>;
+  disconnect(): Promise<void>;
 }
 
 // JWT Manager Configuration - uses strict UPPERCASE naming convention with JWT_ prefix for all property names
 export interface JwtManagerOptions {
   /** JWE algorithm (default: 'dir') */
   JWT_ALGORITHM?: string;
-  
+
   /** JWE encryption method (default: 'A256GCM') */
   JWT_ENCRYPTION?: string;
-  
-  /** Token expiration time (default: '10m') */
-  JWT_EXPIRATION_TIME?: string;
-  
+
   /** Clock tolerance in seconds for token validation (default: 30) */
   JWT_CLOCK_TOLERANCE?: number;
-  
+
   /** Hash algorithm for secret derivation (default: 'SHA-256') */
   JWT_SECRET_HASH_ALGORITHM?: string;
-  
+
   /** Optional JWT issuer claim */
   JWT_ISSUER?: string;
-  
+
   /** Optional JWT audience claim */
   JWT_AUDIENCE?: string;
-  
+
   /** Optional JWT subject claim */
   JWT_SUBJECT?: string;
 }
@@ -282,7 +345,7 @@ export interface JwtEncryptOptions {
   encryption?: string;
 
   /** Override default expiration time */
-  expirationTime?: string;
+  expirationTime?: number;
 
   /** Override default hash algorithm */
   secretHashAlgorithm?: string;
@@ -323,7 +386,7 @@ export type JwtDecryptResult = JWTDecryptResult<EncryptJWT>;
 export class JwtManager {
   algorithm: string;
   encryption: string;
-  expirationTime: string;
+  expirationTime: number;
   clockTolerance: number;
   secretHashAlgorithm: string;
   issuer?: string;

package/index.js

@@ -3,3 +3,4 @@ export { httpCodes, httpMessages, httpErrorHandler, httpNotFoundHandler, CustomE
 export { RedisManager } from './components/redis.js';
 export { FlexRouter } from './components/router.js';
 export { JwtManager } from './components/jwt.js';
+export { Logger } from './components/logger.js';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@igxjs/node-components",
-  "version": "1.0.11",
+  "version": "1.0.12",
   "description": "Node components for igxjs",
   "main": "index.js",
   "type": "module",
@@ -26,14 +26,14 @@
     "axios": "^1.13.6",
     "connect-redis": "^9.0.0",
     "express-session": "^1.19.0",
-    "jose": "^6.2.0",
+    "jose": "^6.2.1",
     "memorystore": "^1.6.7"
   },
   "devDependencies": {
     "chai": "^6.2.2",
     "express": "^5.2.1",
     "mocha": "^12.0.0-beta-10",
-    "sinon": "^21.0.2",
+    "sinon": "^21.0.3",
     "supertest": "^7.0.0"
   },
   "files": [