@jmlq/auth 0.0.1-alpha.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +306 -0
- package/dist/examples/bcrypt-password-hasher.example.d.ts +3 -0
- package/dist/examples/bcrypt-password-hasher.example.js +78 -0
- package/dist/examples/entity-object.example.d.ts +39 -0
- package/dist/examples/entity-object.example.js +411 -0
- package/dist/examples/factory-auth-service-example.d.ts +3 -0
- package/dist/examples/factory-auth-service-example.js +84 -0
- package/dist/examples/index.example.d.ts +12 -0
- package/dist/examples/index.example.js +171 -0
- package/dist/examples/jwt-algoritm.example.d.ts +47 -0
- package/dist/examples/jwt-algoritm.example.js +447 -0
- package/dist/examples/jwt-token-generator.example.d.ts +6 -0
- package/dist/examples/jwt-token-generator.example.js +49 -0
- package/dist/examples/jwt-verifier.example.d.ts +3 -0
- package/dist/examples/jwt-verifier.example.js +80 -0
- package/dist/examples/password-policy.example.d.ts +7 -0
- package/dist/examples/password-policy.example.js +57 -0
- package/dist/examples/service-jwt-token.example.d.ts +3 -0
- package/dist/examples/service-jwt-token.example.js +154 -0
- package/dist/examples/service-token-session.example.d.ts +3 -0
- package/dist/examples/service-token-session.example.js +139 -0
- package/dist/examples/use-case-login-with-password.example.d.ts +6 -0
- package/dist/examples/use-case-login-with-password.example.js +105 -0
- package/dist/examples/use-case-logout.example.d.ts +7 -0
- package/dist/examples/use-case-logout.example.js +134 -0
- package/dist/examples/use-case-refresh-token.example.d.ts +11 -0
- package/dist/examples/use-case-refresh-token.example.js +164 -0
- package/dist/examples/use-case-register-user.example.d.ts +9 -0
- package/dist/examples/use-case-register-user.example.js +110 -0
- package/dist/index.d.ts +1 -0
- package/dist/index.js +17 -0
- package/dist/src/application/dtos/index.d.ts +4 -0
- package/dist/src/application/dtos/index.js +20 -0
- package/dist/src/application/dtos/login.dto.d.ts +9 -0
- package/dist/src/application/dtos/login.dto.js +2 -0
- package/dist/src/application/dtos/logout.dto.d.ts +7 -0
- package/dist/src/application/dtos/logout.dto.js +2 -0
- package/dist/src/application/dtos/refresh-token.dto.d.ts +7 -0
- package/dist/src/application/dtos/refresh-token.dto.js +2 -0
- package/dist/src/application/dtos/register-user.dto.d.ts +16 -0
- package/dist/src/application/dtos/register-user.dto.js +2 -0
- package/dist/src/application/factories/auth-service.factory.d.ts +5 -0
- package/dist/src/application/factories/auth-service.factory.js +51 -0
- package/dist/src/application/factories/index.d.ts +1 -0
- package/dist/src/application/factories/index.js +17 -0
- package/dist/src/application/index.d.ts +3 -0
- package/dist/src/application/index.js +19 -0
- package/dist/src/application/use-cases/index.d.ts +4 -0
- package/dist/src/application/use-cases/index.js +20 -0
- package/dist/src/application/use-cases/login-with-password.use-case.d.ts +9 -0
- package/dist/src/application/use-cases/login-with-password.use-case.js +36 -0
- package/dist/src/application/use-cases/logout.use-case.d.ts +7 -0
- package/dist/src/application/use-cases/logout.use-case.js +22 -0
- package/dist/src/application/use-cases/refresh-token.use-case.d.ts +7 -0
- package/dist/src/application/use-cases/refresh-token.use-case.js +23 -0
- package/dist/src/application/use-cases/register-user.use-case.d.ts +10 -0
- package/dist/src/application/use-cases/register-user.use-case.js +37 -0
- package/dist/src/domain/entities/credential.entity.d.ts +78 -0
- package/dist/src/domain/entities/credential.entity.js +92 -0
- package/dist/src/domain/entities/index.d.ts +2 -0
- package/dist/src/domain/entities/index.js +18 -0
- package/dist/src/domain/entities/user.entity.d.ts +97 -0
- package/dist/src/domain/entities/user.entity.js +116 -0
- package/dist/src/domain/errors/auth-domain-error.d.ts +82 -0
- package/dist/src/domain/errors/auth-domain-error.js +112 -0
- package/dist/src/domain/errors/auth.errors.d.ts +56 -0
- package/dist/src/domain/errors/auth.errors.js +76 -0
- package/dist/src/domain/errors/identity.errors.d.ts +34 -0
- package/dist/src/domain/errors/identity.errors.js +82 -0
- package/dist/src/domain/errors/index.d.ts +2 -0
- package/dist/src/domain/errors/index.js +18 -0
- package/dist/src/domain/index.d.ts +6 -0
- package/dist/src/domain/index.js +22 -0
- package/dist/src/domain/object-values/email.d.ts +37 -0
- package/dist/src/domain/object-values/email.js +56 -0
- package/dist/src/domain/object-values/hashed-password.d.ts +28 -0
- package/dist/src/domain/object-values/hashed-password.js +73 -0
- package/dist/src/domain/object-values/id.d.ts +8 -0
- package/dist/src/domain/object-values/id.js +28 -0
- package/dist/src/domain/object-values/index.d.ts +5 -0
- package/dist/src/domain/object-values/index.js +13 -0
- package/dist/src/domain/object-values/permission.d.ts +15 -0
- package/dist/src/domain/object-values/permission.js +57 -0
- package/dist/src/domain/object-values/role.d.ts +25 -0
- package/dist/src/domain/object-values/role.js +108 -0
- package/dist/src/domain/ports/auth/password-hasher.d.ts +7 -0
- package/dist/src/domain/ports/auth/password-hasher.js +2 -0
- package/dist/src/domain/ports/auth/password-policy-config.port.d.ts +0 -0
- package/dist/src/domain/ports/auth/password-policy-config.port.js +10 -0
- package/dist/src/domain/ports/auth/password-policy.port.d.ts +10 -0
- package/dist/src/domain/ports/auth/password-policy.port.js +2 -0
- package/dist/src/domain/ports/config/auth-config.port.d.ts +19 -0
- package/dist/src/domain/ports/config/auth-config.port.js +3 -0
- package/dist/src/domain/ports/index.d.ts +9 -0
- package/dist/src/domain/ports/index.js +25 -0
- package/dist/src/domain/ports/jwt/factory/signature-strategy-factory.port.d.ts +14 -0
- package/dist/src/domain/ports/jwt/factory/signature-strategy-factory.port.js +2 -0
- package/dist/src/domain/ports/jwt/payload/jwt-payload.port.d.ts +12 -0
- package/dist/src/domain/ports/jwt/payload/jwt-payload.port.js +2 -0
- package/dist/src/domain/ports/jwt/signature-strategy-factory.port.d.ts +14 -0
- package/dist/src/domain/ports/jwt/signature-strategy-factory.port.js +2 -0
- package/dist/src/domain/ports/jwt/signature-strategy.d.ts +30 -0
- package/dist/src/domain/ports/jwt/signature-strategy.js +4 -0
- package/dist/src/domain/ports/jwt/signature-strategy.port.d.ts +31 -0
- package/dist/src/domain/ports/jwt/signature-strategy.port.js +4 -0
- package/dist/src/domain/ports/jwt/strategy/signature-strategy.port.d.ts +31 -0
- package/dist/src/domain/ports/jwt/strategy/signature-strategy.port.js +4 -0
- package/dist/src/domain/ports/repository/credential.repository.d.ts +10 -0
- package/dist/src/domain/ports/repository/credential.repository.js +2 -0
- package/dist/src/domain/ports/repository/index.d.ts +2 -0
- package/dist/src/domain/ports/repository/index.js +18 -0
- package/dist/src/domain/ports/repository/user.repository.d.ts +13 -0
- package/dist/src/domain/ports/repository/user.repository.js +2 -0
- package/dist/src/domain/ports/token/token-session.port.d.ts +7 -0
- package/dist/src/domain/ports/token/token-session.port.js +2 -0
- package/dist/src/domain/ports/token/token.service.port.d.ts +9 -0
- package/dist/src/domain/ports/token/token.service.port.js +2 -0
- package/dist/src/domain/props/create-payload-props.port.d.ts +0 -0
- package/dist/src/domain/props/create-payload-props.port.js +8 -0
- package/dist/src/domain/props/entities/credential.props.d.ts +8 -0
- package/dist/src/domain/props/entities/credential.props.js +2 -0
- package/dist/src/domain/props/entities/index.d.ts +2 -0
- package/dist/src/domain/props/entities/index.js +18 -0
- package/dist/src/domain/props/entities/user.props.d.ts +10 -0
- package/dist/src/domain/props/entities/user.props.js +2 -0
- package/dist/src/domain/props/index.d.ts +2 -0
- package/dist/src/domain/props/index.js +18 -0
- package/dist/src/domain/props/jwt/create-payload.props.d.ts +9 -0
- package/dist/src/domain/props/jwt/create-payload.props.js +2 -0
- package/dist/src/domain/props/jwt/generate-access-token.props.d.ts +8 -0
- package/dist/src/domain/props/jwt/generate-access-token.props.js +2 -0
- package/dist/src/domain/props/jwt/generate-refresh-token.props.d.ts +8 -0
- package/dist/src/domain/props/jwt/generate-refresh-token.props.js +2 -0
- package/dist/src/domain/props/jwt/generate-token.props.d.ts +10 -0
- package/dist/src/domain/props/jwt/generate-token.props.js +2 -0
- package/dist/src/domain/props/jwt/index.d.ts +5 -0
- package/dist/src/domain/props/jwt/index.js +21 -0
- package/dist/src/domain/props/jwt/jwt-subject.d.ts +7 -0
- package/dist/src/domain/props/jwt/jwt-subject.js +2 -0
- package/dist/src/domain/props/jwt/jwt-user.d.ts +7 -0
- package/dist/src/domain/props/jwt/jwt-user.js +2 -0
- package/dist/src/domain/props/services/generate-access-token.props.d.ts +8 -0
- package/dist/src/domain/props/services/generate-access-token.props.js +2 -0
- package/dist/src/domain/props/services/generate-refresh-token.props.d.ts +8 -0
- package/dist/src/domain/props/services/generate-refresh-token.props.js +2 -0
- package/dist/src/domain/props/services/index.d.ts +2 -0
- package/dist/src/domain/props/services/index.js +18 -0
- package/dist/src/domain/services/index.d.ts +1 -0
- package/dist/src/domain/services/index.js +17 -0
- package/dist/src/domain/services/password-policy.service.d.ts +8 -0
- package/dist/src/domain/services/password-policy.service.js +29 -0
- package/dist/src/domain/services/token.service.port.d.ts +9 -0
- package/dist/src/domain/services/token.service.port.js +2 -0
- package/dist/src/index.d.ts +78 -0
- package/dist/src/index.js +94 -0
- package/dist/src/infrastructure/index.d.ts +5 -0
- package/dist/src/infrastructure/index.js +21 -0
- package/dist/src/infrastructure/jwt/factory/index.d.ts +1 -0
- package/dist/src/infrastructure/jwt/factory/index.js +17 -0
- package/dist/src/infrastructure/jwt/factory/signature-strategy.factory.d.ts +21 -0
- package/dist/src/infrastructure/jwt/factory/signature-strategy.factory.js +61 -0
- package/dist/src/infrastructure/jwt/index.d.ts +3 -0
- package/dist/src/infrastructure/jwt/index.js +19 -0
- package/dist/src/infrastructure/jwt/signature-strategy.factory.d.ts +21 -0
- package/dist/src/infrastructure/jwt/signature-strategy.factory.js +61 -0
- package/dist/src/infrastructure/jwt/strategies/ecdsa-signature-strategy.d.ts +47 -0
- package/dist/src/infrastructure/jwt/strategies/ecdsa-signature-strategy.js +124 -0
- package/dist/src/infrastructure/jwt/strategies/ecdsa-signature.strategy.d.ts +47 -0
- package/dist/src/infrastructure/jwt/strategies/ecdsa-signature.strategy.js +124 -0
- package/dist/src/infrastructure/jwt/strategies/hmac-signature-strategy.d.ts +54 -0
- package/dist/src/infrastructure/jwt/strategies/hmac-signature-strategy.js +129 -0
- package/dist/src/infrastructure/jwt/strategies/hmac-signature.strategy.d.ts +54 -0
- package/dist/src/infrastructure/jwt/strategies/hmac-signature.strategy.js +129 -0
- package/dist/src/infrastructure/jwt/strategies/index.d.ts +3 -0
- package/dist/src/infrastructure/jwt/strategies/index.js +19 -0
- package/dist/src/infrastructure/jwt/strategies/rsa-signature-strategy.d.ts +47 -0
- package/dist/src/infrastructure/jwt/strategies/rsa-signature-strategy.js +124 -0
- package/dist/src/infrastructure/jwt/strategies/rsa-signature.strategy.d.ts +47 -0
- package/dist/src/infrastructure/jwt/strategies/rsa-signature.strategy.js +124 -0
- package/dist/src/infrastructure/jwt/token/actions/jwt-token-generator.d.ts +57 -0
- package/dist/src/infrastructure/jwt/token/actions/jwt-token-generator.js +123 -0
- package/dist/src/infrastructure/jwt/token/actions/jwt-token-verifier.d.ts +59 -0
- package/dist/src/infrastructure/jwt/token/actions/jwt-token-verifier.js +100 -0
- package/dist/src/infrastructure/jwt/token/index.d.ts +5 -0
- package/dist/src/infrastructure/jwt/token/index.js +21 -0
- package/dist/src/infrastructure/jwt/token/jwt-signer.d.ts +33 -0
- package/dist/src/infrastructure/jwt/token/jwt-signer.js +46 -0
- package/dist/src/infrastructure/jwt/token/jwt-token-parser.d.ts +29 -0
- package/dist/src/infrastructure/jwt/token/jwt-token-parser.js +57 -0
- package/dist/src/infrastructure/jwt/token/jwt-token-validator.d.ts +32 -0
- package/dist/src/infrastructure/jwt/token/jwt-token-validator.js +77 -0
- package/dist/src/infrastructure/jwt/token/tools/jwt-signer.d.ts +33 -0
- package/dist/src/infrastructure/jwt/token/tools/jwt-signer.js +46 -0
- package/dist/src/infrastructure/jwt/token/tools/jwt-token-parser.d.ts +30 -0
- package/dist/src/infrastructure/jwt/token/tools/jwt-token-parser.js +57 -0
- package/dist/src/infrastructure/jwt/token/tools/jwt-token-validator.d.ts +32 -0
- package/dist/src/infrastructure/jwt/token/tools/jwt-token-validator.js +77 -0
- package/dist/src/infrastructure/repositories/index.d.ts +1 -0
- package/dist/src/infrastructure/repositories/index.js +17 -0
- package/dist/src/infrastructure/repositories/test/in-memory-credential.repository.d.ts +12 -0
- package/dist/src/infrastructure/repositories/test/in-memory-credential.repository.js +68 -0
- package/dist/src/infrastructure/repositories/test/in-memory-token-session.repository.d.ts +67 -0
- package/dist/src/infrastructure/repositories/test/in-memory-token-session.repository.js +128 -0
- package/dist/src/infrastructure/repositories/test/in-memory-user.repository.d.ts +11 -0
- package/dist/src/infrastructure/repositories/test/in-memory-user.repository.js +49 -0
- package/dist/src/infrastructure/repositories/test/index.d.ts +2 -0
- package/dist/src/infrastructure/repositories/test/index.js +18 -0
- package/dist/src/infrastructure/security/bcrypt-password-hasher.d.ts +6 -0
- package/dist/src/infrastructure/security/bcrypt-password-hasher.js +19 -0
- package/dist/src/infrastructure/security/index.d.ts +1 -0
- package/dist/src/infrastructure/security/index.js +17 -0
- package/dist/src/infrastructure/services/default-token-session.service.d.ts +18 -0
- package/dist/src/infrastructure/services/default-token-session.service.js +88 -0
- package/dist/src/infrastructure/services/index.d.ts +2 -0
- package/dist/src/infrastructure/services/index.js +18 -0
- package/dist/src/infrastructure/services/jwt-token.service.d.ts +15 -0
- package/dist/src/infrastructure/services/jwt-token.service.js +44 -0
- package/dist/src/infrastructure/services/simple-jwt-token.service.d.ts +15 -0
- package/dist/src/infrastructure/services/simple-jwt-token.service.js +46 -0
- package/dist/src/infrastructure/services/token-session.service.d.ts +24 -0
- package/dist/src/infrastructure/services/token-session.service.js +131 -0
- package/dist/src/infrastructure/types/auth-service-container.d.ts +14 -0
- package/dist/src/infrastructure/types/auth-service-container.js +2 -0
- package/dist/src/infrastructure/types/index.d.ts +1 -0
- package/dist/src/infrastructure/types/index.js +17 -0
- package/dist/src/shared/constants/index.d.ts +1 -0
- package/dist/src/shared/constants/index.js +17 -0
- package/dist/src/shared/constants/jwt-algorithms.d.ts +17 -0
- package/dist/src/shared/constants/jwt-algorithms.js +23 -0
- package/dist/src/shared/encoders/base64-url-encoder.d.ts +29 -0
- package/dist/src/shared/encoders/base64-url-encoder.js +45 -0
- package/dist/src/shared/encoders/index.d.ts +1 -0
- package/dist/src/shared/encoders/index.js +17 -0
- package/dist/src/shared/index.d.ts +4 -0
- package/dist/src/shared/index.js +20 -0
- package/dist/src/shared/types/index.d.ts +1 -0
- package/dist/src/shared/types/index.js +17 -0
- package/dist/src/shared/types/jwt.d.ts +25 -0
- package/dist/src/shared/types/jwt.js +2 -0
- package/dist/src/shared/types/jwt.types.d.ts +39 -0
- package/dist/src/shared/types/jwt.types.js +2 -0
- package/dist/src/shared/utils/index.d.ts +1 -0
- package/dist/src/shared/utils/index.js +17 -0
- package/dist/src/shared/utils/time-parser.d.ts +28 -0
- package/dist/src/shared/utils/time-parser.js +76 -0
- package/dist/tests/application/factory/auth-service-factory.spec.d.ts +1 -0
- package/dist/tests/application/factory/auth-service-factory.spec.js +97 -0
- package/dist/tests/application/use-cases/login-with-password.integration.spec.d.ts +1 -0
- package/dist/tests/application/use-cases/login-with-password.integration.spec.js +140 -0
- package/dist/tests/application/use-cases/logout-use-case.spec.d.ts +1 -0
- package/dist/tests/application/use-cases/logout-use-case.spec.js +40 -0
- package/dist/tests/application/use-cases/refresh-token-use-case.spec.d.ts +1 -0
- package/dist/tests/application/use-cases/refresh-token-use-case.spec.js +116 -0
- package/dist/tests/application/use-cases/register-user.usecase.spec.d.ts +1 -0
- package/dist/tests/application/use-cases/register-user.usecase.spec.js +151 -0
- package/dist/tests/domain/entities/credential.spec.d.ts +1 -0
- package/dist/tests/domain/entities/credential.spec.js +93 -0
- package/dist/tests/domain/entities/user.spec.d.ts +1 -0
- package/dist/tests/domain/entities/user.spec.js +93 -0
- package/dist/tests/domain/object-values/email.spec.d.ts +1 -0
- package/dist/tests/domain/object-values/email.spec.js +77 -0
- package/dist/tests/domain/object-values/hashed-password.spec.d.ts +1 -0
- package/dist/tests/domain/object-values/hashed-password.spec.js +54 -0
- package/dist/tests/domain/object-values/id.spec.d.ts +1 -0
- package/dist/tests/domain/object-values/id.spec.js +48 -0
- package/dist/tests/domain/object-values/permission.spec.d.ts +1 -0
- package/dist/tests/domain/object-values/permission.spec.js +75 -0
- package/dist/tests/domain/object-values/role.spec.d.ts +1 -0
- package/dist/tests/domain/object-values/role.spec.js +139 -0
- package/dist/tests/domain/services/default-password-policy.spec.d.ts +1 -0
- package/dist/tests/domain/services/default-password-policy.spec.js +69 -0
- package/dist/tests/doman/entities/credential.spec.d.ts +1 -0
- package/dist/tests/doman/entities/credential.spec.js +93 -0
- package/dist/tests/doman/entities/user.spec.d.ts +1 -0
- package/dist/tests/doman/entities/user.spec.js +93 -0
- package/dist/tests/doman/object-values/email.spec.d.ts +1 -0
- package/dist/tests/doman/object-values/email.spec.js +77 -0
- package/dist/tests/doman/object-values/hashed-password.spec.d.ts +1 -0
- package/dist/tests/doman/object-values/hashed-password.spec.js +54 -0
- package/dist/tests/doman/object-values/id.spec.d.ts +1 -0
- package/dist/tests/doman/object-values/id.spec.js +48 -0
- package/dist/tests/doman/object-values/permission.spec.d.ts +1 -0
- package/dist/tests/doman/object-values/permission.spec.js +75 -0
- package/dist/tests/doman/object-values/role.spec.d.ts +1 -0
- package/dist/tests/doman/object-values/role.spec.js +139 -0
- package/dist/tests/helpers/make-jwt-subject.d.ts +7 -0
- package/dist/tests/helpers/make-jwt-subject.js +16 -0
- package/dist/tests/helpers/make-jwt-user.d.ts +7 -0
- package/dist/tests/helpers/make-jwt-user.js +16 -0
- package/dist/tests/helpers/make-user.d.ts +2 -0
- package/dist/tests/helpers/make-user.js +15 -0
- package/dist/tests/infrastructure/jwt/signature-strategy-factory.spec.d.ts +1 -0
- package/dist/tests/infrastructure/jwt/signature-strategy-factory.spec.js +127 -0
- package/dist/tests/infrastructure/jwt/strategies/ecdsa-signature-strategy.spec.d.ts +1 -0
- package/dist/tests/infrastructure/jwt/strategies/ecdsa-signature-strategy.spec.js +157 -0
- package/dist/tests/infrastructure/jwt/strategies/hmac-signature-strategy.spec.d.ts +1 -0
- package/dist/tests/infrastructure/jwt/strategies/hmac-signature-strategy.spec.js +150 -0
- package/dist/tests/infrastructure/jwt/strategies/rsa-signature-strategy..spec.d.ts +1 -0
- package/dist/tests/infrastructure/jwt/strategies/rsa-signature-strategy..spec.js +156 -0
- package/dist/tests/infrastructure/jwt/token/actions/jwt-token-generator.spec.d.ts +1 -0
- package/dist/tests/infrastructure/jwt/token/actions/jwt-token-generator.spec.js +179 -0
- package/dist/tests/infrastructure/jwt/token/actions/jwt-token-verifier.spec.d.ts +1 -0
- package/dist/tests/infrastructure/jwt/token/actions/jwt-token-verifier.spec.js +142 -0
- package/dist/tests/infrastructure/jwt/token/jwt-signer.spec.d.ts +1 -0
- package/dist/tests/infrastructure/jwt/token/jwt-signer.spec.js +125 -0
- package/dist/tests/infrastructure/jwt/token/jwt-token-parser.spec.d.ts +1 -0
- package/dist/tests/infrastructure/jwt/token/jwt-token-parser.spec.js +116 -0
- package/dist/tests/infrastructure/jwt/token/jwt-token-validator.spec.d.ts +1 -0
- package/dist/tests/infrastructure/jwt/token/jwt-token-validator.spec.js +88 -0
- package/dist/tests/infrastructure/jwt/token/tools/jwt-signer.spec.d.ts +1 -0
- package/dist/tests/infrastructure/jwt/token/tools/jwt-signer.spec.js +126 -0
- package/dist/tests/infrastructure/jwt/token/tools/jwt-token-parser.spec.d.ts +1 -0
- package/dist/tests/infrastructure/jwt/token/tools/jwt-token-parser.spec.js +116 -0
- package/dist/tests/infrastructure/jwt/token/tools/jwt-token-validator.spec.d.ts +1 -0
- package/dist/tests/infrastructure/jwt/token/tools/jwt-token-validator.spec.js +88 -0
- package/dist/tests/infrastructure/security/security/bcrypt-password-hasher.spec.d.ts +1 -0
- package/dist/tests/infrastructure/security/security/bcrypt-password-hasher.spec.js +37 -0
- package/dist/tests/infrastructure/services/jwt-token-service.spec.d.ts +1 -0
- package/dist/tests/infrastructure/services/jwt-token-service.spec.js +145 -0
- package/dist/tests/infrastructure/services/token-session.service.spec.d.ts +1 -0
- package/dist/tests/infrastructure/services/token-session.service.spec.js +269 -0
- package/dist/tests/shared/constants/jwt-algorithms.spec.d.ts +1 -0
- package/dist/tests/shared/constants/jwt-algorithms.spec.js +27 -0
- package/dist/tests/shared/encoders/base64-url-encoder.spec.d.ts +1 -0
- package/dist/tests/shared/encoders/base64-url-encoder.spec.js +70 -0
- package/dist/tests/shared/utils/time-parser.spec.d.ts +1 -0
- package/dist/tests/shared/utils/time-parser.spec.js +80 -0
- package/dist/utils/index.d.ts +1 -0
- package/dist/utils/index.js +17 -0
- package/dist/utils/time-parser.d.ts +28 -0
- package/dist/utils/time-parser.js +76 -0
- package/package.json +48 -0
|
@@ -0,0 +1,129 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.HmacSignatureStrategy = void 0;
|
|
37
|
+
const crypto = __importStar(require("crypto"));
|
|
38
|
+
const shared_1 = require("../../../shared");
|
|
39
|
+
/**
|
|
40
|
+
*Esta clase implementa la estrategia de firma digital usando HMAC (Hash-based Message Authentication Code) para JWT.
|
|
41
|
+
*Maneja la firma y verificación de tokens JWT usando algoritmos HMAC con funciones hash SHA, que utilizan una clave secreta compartida.
|
|
42
|
+
*/
|
|
43
|
+
class HmacSignatureStrategy {
|
|
44
|
+
/**
|
|
45
|
+
* Crea una nueva instancia de HmacSignatureStrategy
|
|
46
|
+
* @param algorithm El algoritmo HMAC a usar (por ejemplo, 'HS256')
|
|
47
|
+
* @param encoder El codificador Base64 URL-safe a usar
|
|
48
|
+
*/
|
|
49
|
+
constructor(algorithm, encoder) {
|
|
50
|
+
this.algorithm = algorithm;
|
|
51
|
+
this.encoder = encoder;
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* Firma digitalmente los datos usando la clave secreta HMAC
|
|
55
|
+
* @param data Los datos a firmar (normalmente el header + payload del JWT)
|
|
56
|
+
* @param secret La clave secreta para firmar
|
|
57
|
+
* @returns La firma digital como string codificado
|
|
58
|
+
*/
|
|
59
|
+
sign(data, secret) {
|
|
60
|
+
// Obtiene el algoritmo hash correspondiente (sha256, sha384, sha512)
|
|
61
|
+
const hashAlgorithm = this.getHashAlgorithm();
|
|
62
|
+
// Crea un HMAC usando el algoritmo hash y la clave secreta
|
|
63
|
+
const base64 = crypto
|
|
64
|
+
.createHmac(hashAlgorithm, secret)
|
|
65
|
+
.update(data)
|
|
66
|
+
.digest("base64");
|
|
67
|
+
// Codifica en Base64URL para JWT
|
|
68
|
+
return this.encoder.encode(base64);
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Verifica si una firma es válida para los datos dados usando la clave secreta HMAC
|
|
72
|
+
* @param data Los datos a firmar (normalmente el header + payload del JWT)
|
|
73
|
+
* @param signature La firma digital a verificar
|
|
74
|
+
* @param secret La clave secreta para verificar
|
|
75
|
+
* @returns true si la firma es válida, false si no
|
|
76
|
+
*/
|
|
77
|
+
verify(data, signature, secret) {
|
|
78
|
+
try {
|
|
79
|
+
// Genera la firma esperada usando los mismos datos y clave
|
|
80
|
+
const expectedSignature = this.sign(data, secret);
|
|
81
|
+
// Compara de forma segura para evitar timing attacks
|
|
82
|
+
return this.secureCompare(signature, expectedSignature);
|
|
83
|
+
}
|
|
84
|
+
catch (error) {
|
|
85
|
+
return false;
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
/**
|
|
89
|
+
* Retorna el algoritmo que soporta esta estrategia específica.
|
|
90
|
+
* @returns El nombre del algoritmo soportado
|
|
91
|
+
*/
|
|
92
|
+
getSupportedAlgorithm() {
|
|
93
|
+
return this.algorithm;
|
|
94
|
+
}
|
|
95
|
+
/**
|
|
96
|
+
* Convierte el algoritmo JWT HMAC (como 'HS256') al algoritmo hash correspondiente que entiende Node.js crypto (como 'sha256').
|
|
97
|
+
* @returns El algoritmo hash correspondiente
|
|
98
|
+
* @throws Error si el algoritmo HMAC no es soportado
|
|
99
|
+
*/
|
|
100
|
+
getHashAlgorithm() {
|
|
101
|
+
const hashAlgorithm = HmacSignatureStrategy.ALGORITHM_MAP[this.algorithm];
|
|
102
|
+
if (!hashAlgorithm) {
|
|
103
|
+
throw new Error(`Unsupported HMAC algorithm: ${this.algorithm}`);
|
|
104
|
+
}
|
|
105
|
+
return hashAlgorithm;
|
|
106
|
+
}
|
|
107
|
+
/**
|
|
108
|
+
* Compara dos strings de forma segura para evitar timing attacks
|
|
109
|
+
* @param a El primer string a comparar
|
|
110
|
+
* @param b El segundo string a comparar
|
|
111
|
+
* @returns true si son iguales, false si no lo son
|
|
112
|
+
*/
|
|
113
|
+
secureCompare(a, b) {
|
|
114
|
+
if (a.length !== b.length) {
|
|
115
|
+
return false;
|
|
116
|
+
}
|
|
117
|
+
return crypto.timingSafeEqual(Buffer.from(a, "utf8"), Buffer.from(b, "utf8"));
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
exports.HmacSignatureStrategy = HmacSignatureStrategy;
|
|
121
|
+
/**
|
|
122
|
+
* Mapea los algoritmos JWT HMAC a los algoritmos hash de Node.js crypto.
|
|
123
|
+
* Por ejemplo, 'HS256' → 'sha256'
|
|
124
|
+
*/
|
|
125
|
+
HmacSignatureStrategy.ALGORITHM_MAP = {
|
|
126
|
+
[shared_1.algorithms.hmac.HS256]: "sha256",
|
|
127
|
+
[shared_1.algorithms.hmac.HS384]: "sha384",
|
|
128
|
+
[shared_1.algorithms.hmac.HS512]: "sha512",
|
|
129
|
+
};
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./ecdsa-signature.strategy"), exports);
|
|
18
|
+
__exportStar(require("./hmac-signature.strategy"), exports);
|
|
19
|
+
__exportStar(require("./rsa-signature.strategy"), exports);
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
import { SignatureStrategy } from "../../../domain/ports";
|
|
2
|
+
import { Base64UrlEncoder, RsaAlgorithm } from "../../../shared";
|
|
3
|
+
/**
|
|
4
|
+
*Esta clase implementa la estrategia de firma digital usando RSA (Rivest-Shamir-Adleman) para JWT.
|
|
5
|
+
*Maneja la firma y verificación de tokens JWT usando algoritmos RSA con funciones hash SHA, que utilizan claves asimétricas (privada para firmar, pública para verificar).
|
|
6
|
+
*/
|
|
7
|
+
export declare class RsaSignatureStrategy implements SignatureStrategy {
|
|
8
|
+
private readonly algorithm;
|
|
9
|
+
private readonly encoder;
|
|
10
|
+
/**
|
|
11
|
+
* Mapea los algoritmos JWT RSA a los algoritmos hash de Node.js crypto.
|
|
12
|
+
* Por ejemplo, 'RS256' → 'RSA-SHA256'
|
|
13
|
+
*/
|
|
14
|
+
private static readonly ALGORITHM_MAP;
|
|
15
|
+
/**
|
|
16
|
+
* Crea una nueva instancia de RsaSignatureStrategy
|
|
17
|
+
* @param algorithm El algoritmo RSA a usar (por ejemplo, 'RS256')
|
|
18
|
+
* @param encoder El codificador Base64 URL-safe a usar
|
|
19
|
+
*/
|
|
20
|
+
constructor(algorithm: RsaAlgorithm, encoder: Base64UrlEncoder);
|
|
21
|
+
/**
|
|
22
|
+
* Firma digitalmente los datos usando la clave privada RSA
|
|
23
|
+
* @param data Los datos a firmar (normalmente el header + payload del JWT)
|
|
24
|
+
* @param privateKey La clave privada para firmar
|
|
25
|
+
* @returns La firma digital como string codificado
|
|
26
|
+
*/
|
|
27
|
+
sign(data: string, privateKey: string): string;
|
|
28
|
+
/**
|
|
29
|
+
* Verifica si una firma es válida para los datos dados usando la clave pública RSA
|
|
30
|
+
* @param data Los datos a firmar (normalmente el header + payload del JWT)
|
|
31
|
+
* @param signature La firma digital a verificar
|
|
32
|
+
* @param publicKey La clave pública para verificar
|
|
33
|
+
* @returns true si la firma es válida, false si no
|
|
34
|
+
*/
|
|
35
|
+
verify(data: string, signature: string, publicKey: string): boolean;
|
|
36
|
+
/**
|
|
37
|
+
* Retorna el algoritmo que soporta esta estrategia específica.
|
|
38
|
+
* @returns El nombre del algoritmo soportado
|
|
39
|
+
*/
|
|
40
|
+
getSupportedAlgorithm(): string;
|
|
41
|
+
/**
|
|
42
|
+
* Convierte el algoritmo JWT RSA (como 'RS256') al algoritmo hash correspondiente que entiende Node.js crypto (como 'RSA-SHA256').
|
|
43
|
+
* @returns El algoritmo hash correspondiente
|
|
44
|
+
* @throws Error si el algoritmo RSA no es soportado
|
|
45
|
+
*/
|
|
46
|
+
private getHashAlgorithm;
|
|
47
|
+
}
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.RsaSignatureStrategy = void 0;
|
|
37
|
+
const crypto = __importStar(require("crypto"));
|
|
38
|
+
const shared_1 = require("../../../shared");
|
|
39
|
+
/**
|
|
40
|
+
*Esta clase implementa la estrategia de firma digital usando RSA (Rivest-Shamir-Adleman) para JWT.
|
|
41
|
+
*Maneja la firma y verificación de tokens JWT usando algoritmos RSA con funciones hash SHA, que utilizan claves asimétricas (privada para firmar, pública para verificar).
|
|
42
|
+
*/
|
|
43
|
+
class RsaSignatureStrategy {
|
|
44
|
+
/**
|
|
45
|
+
* Crea una nueva instancia de RsaSignatureStrategy
|
|
46
|
+
* @param algorithm El algoritmo RSA a usar (por ejemplo, 'RS256')
|
|
47
|
+
* @param encoder El codificador Base64 URL-safe a usar
|
|
48
|
+
*/
|
|
49
|
+
constructor(algorithm, encoder) {
|
|
50
|
+
this.algorithm = algorithm;
|
|
51
|
+
this.encoder = encoder;
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* Firma digitalmente los datos usando la clave privada RSA
|
|
55
|
+
* @param data Los datos a firmar (normalmente el header + payload del JWT)
|
|
56
|
+
* @param privateKey La clave privada para firmar
|
|
57
|
+
* @returns La firma digital como string codificado
|
|
58
|
+
*/
|
|
59
|
+
sign(data, privateKey) {
|
|
60
|
+
// Obtiene el algoritmo hash correspondiente (RSA-SHA256, RSA-SHA384, RSA-SHA512)
|
|
61
|
+
const hashAlgorithm = this.getHashAlgorithm();
|
|
62
|
+
// Crea un firmador
|
|
63
|
+
const sign = crypto.createSign(hashAlgorithm);
|
|
64
|
+
// Alimenta los datos al firmador
|
|
65
|
+
sign.update(data);
|
|
66
|
+
// Genera la firma usando la clave privada RSA
|
|
67
|
+
const signature = sign.sign(privateKey, "base64");
|
|
68
|
+
// Codifica en Base64URL para JWT
|
|
69
|
+
return this.encoder.encode(signature);
|
|
70
|
+
}
|
|
71
|
+
/**
|
|
72
|
+
* Verifica si una firma es válida para los datos dados usando la clave pública RSA
|
|
73
|
+
* @param data Los datos a firmar (normalmente el header + payload del JWT)
|
|
74
|
+
* @param signature La firma digital a verificar
|
|
75
|
+
* @param publicKey La clave pública para verificar
|
|
76
|
+
* @returns true si la firma es válida, false si no
|
|
77
|
+
*/
|
|
78
|
+
verify(data, signature, publicKey) {
|
|
79
|
+
try {
|
|
80
|
+
// Decodifica la firma desde Base64URL
|
|
81
|
+
const hashAlgorithm = this.getHashAlgorithm();
|
|
82
|
+
// Crea un verificador
|
|
83
|
+
const verify = crypto.createVerify(hashAlgorithm);
|
|
84
|
+
// Alimenta los datos originales
|
|
85
|
+
verify.update(data);
|
|
86
|
+
// Verifica usando la clave pública RSA
|
|
87
|
+
const decodedSignature = this.encoder.decode(signature);
|
|
88
|
+
// Retorna true si válida, false si no
|
|
89
|
+
return verify.verify(publicKey, decodedSignature, "base64");
|
|
90
|
+
}
|
|
91
|
+
catch (error) {
|
|
92
|
+
return false;
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
/**
|
|
96
|
+
* Retorna el algoritmo que soporta esta estrategia específica.
|
|
97
|
+
* @returns El nombre del algoritmo soportado
|
|
98
|
+
*/
|
|
99
|
+
getSupportedAlgorithm() {
|
|
100
|
+
return this.algorithm;
|
|
101
|
+
}
|
|
102
|
+
/**
|
|
103
|
+
* Convierte el algoritmo JWT RSA (como 'RS256') al algoritmo hash correspondiente que entiende Node.js crypto (como 'RSA-SHA256').
|
|
104
|
+
* @returns El algoritmo hash correspondiente
|
|
105
|
+
* @throws Error si el algoritmo RSA no es soportado
|
|
106
|
+
*/
|
|
107
|
+
getHashAlgorithm() {
|
|
108
|
+
const hashAlgorithm = RsaSignatureStrategy.ALGORITHM_MAP[this.algorithm];
|
|
109
|
+
if (!hashAlgorithm) {
|
|
110
|
+
throw new Error(`Unsupported RSA algorithm: ${this.algorithm}`);
|
|
111
|
+
}
|
|
112
|
+
return hashAlgorithm;
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
exports.RsaSignatureStrategy = RsaSignatureStrategy;
|
|
116
|
+
/**
|
|
117
|
+
* Mapea los algoritmos JWT RSA a los algoritmos hash de Node.js crypto.
|
|
118
|
+
* Por ejemplo, 'RS256' → 'RSA-SHA256'
|
|
119
|
+
*/
|
|
120
|
+
RsaSignatureStrategy.ALGORITHM_MAP = {
|
|
121
|
+
[shared_1.algorithms.rsa.RS256]: "RSA-SHA256",
|
|
122
|
+
[shared_1.algorithms.rsa.RS384]: "RSA-SHA384",
|
|
123
|
+
[shared_1.algorithms.rsa.RS512]: "RSA-SHA512",
|
|
124
|
+
};
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
import { ISignatureStrategy } from "../../../domain/ports";
|
|
2
|
+
import { Base64UrlEncoder, RsaAlgorithm, AlgorithmName } from "../../../shared";
|
|
3
|
+
/**
|
|
4
|
+
*Esta clase implementa la estrategia de firma digital usando RSA (Rivest-Shamir-Adleman) para JWT.
|
|
5
|
+
*Maneja la firma y verificación de tokens JWT usando algoritmos RSA con funciones hash SHA, que utilizan claves asimétricas (privada para firmar, pública para verificar).
|
|
6
|
+
*/
|
|
7
|
+
export declare class RsaSignatureStrategy implements ISignatureStrategy {
|
|
8
|
+
private readonly algorithm;
|
|
9
|
+
private readonly encoder;
|
|
10
|
+
/**
|
|
11
|
+
* Mapea los algoritmos JWT RSA a los algoritmos hash de Node.js crypto.
|
|
12
|
+
* Por ejemplo, 'RS256' → 'RSA-SHA256'
|
|
13
|
+
*/
|
|
14
|
+
private static readonly ALGORITHM_MAP;
|
|
15
|
+
/**
|
|
16
|
+
* Crea una nueva instancia de RsaSignatureStrategy
|
|
17
|
+
* @param algorithm El algoritmo RSA a usar (por ejemplo, 'RS256')
|
|
18
|
+
* @param encoder El codificador Base64 URL-safe a usar
|
|
19
|
+
*/
|
|
20
|
+
constructor(algorithm: RsaAlgorithm, encoder: Base64UrlEncoder);
|
|
21
|
+
/**
|
|
22
|
+
* Firma digitalmente los datos usando la clave privada RSA
|
|
23
|
+
* @param data Los datos a firmar (normalmente el header + payload del JWT)
|
|
24
|
+
* @param privateKey La clave privada para firmar
|
|
25
|
+
* @returns La firma digital como string codificado
|
|
26
|
+
*/
|
|
27
|
+
sign(data: string, privateKey: string): string;
|
|
28
|
+
/**
|
|
29
|
+
* Verifica si una firma es válida para los datos dados usando la clave pública RSA
|
|
30
|
+
* @param data Los datos a firmar (normalmente el header + payload del JWT)
|
|
31
|
+
* @param signature La firma digital a verificar
|
|
32
|
+
* @param publicKey La clave pública para verificar
|
|
33
|
+
* @returns true si la firma es válida, false si no
|
|
34
|
+
*/
|
|
35
|
+
verify(data: string, signature: string, publicKey: string): boolean;
|
|
36
|
+
/**
|
|
37
|
+
* Retorna el algoritmo que soporta esta estrategia específica.
|
|
38
|
+
* @returns El nombre del algoritmo soportado
|
|
39
|
+
*/
|
|
40
|
+
getSupportedAlgorithm(): AlgorithmName;
|
|
41
|
+
/**
|
|
42
|
+
* Convierte el algoritmo JWT RSA (como 'RS256') al algoritmo hash correspondiente que entiende Node.js crypto (como 'RSA-SHA256').
|
|
43
|
+
* @returns El algoritmo hash correspondiente
|
|
44
|
+
* @throws Error si el algoritmo RSA no es soportado
|
|
45
|
+
*/
|
|
46
|
+
private getHashAlgorithm;
|
|
47
|
+
}
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.RsaSignatureStrategy = void 0;
|
|
37
|
+
const crypto = __importStar(require("crypto"));
|
|
38
|
+
const shared_1 = require("../../../shared");
|
|
39
|
+
/**
|
|
40
|
+
*Esta clase implementa la estrategia de firma digital usando RSA (Rivest-Shamir-Adleman) para JWT.
|
|
41
|
+
*Maneja la firma y verificación de tokens JWT usando algoritmos RSA con funciones hash SHA, que utilizan claves asimétricas (privada para firmar, pública para verificar).
|
|
42
|
+
*/
|
|
43
|
+
class RsaSignatureStrategy {
|
|
44
|
+
/**
|
|
45
|
+
* Crea una nueva instancia de RsaSignatureStrategy
|
|
46
|
+
* @param algorithm El algoritmo RSA a usar (por ejemplo, 'RS256')
|
|
47
|
+
* @param encoder El codificador Base64 URL-safe a usar
|
|
48
|
+
*/
|
|
49
|
+
constructor(algorithm, encoder) {
|
|
50
|
+
this.algorithm = algorithm;
|
|
51
|
+
this.encoder = encoder;
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* Firma digitalmente los datos usando la clave privada RSA
|
|
55
|
+
* @param data Los datos a firmar (normalmente el header + payload del JWT)
|
|
56
|
+
* @param privateKey La clave privada para firmar
|
|
57
|
+
* @returns La firma digital como string codificado
|
|
58
|
+
*/
|
|
59
|
+
sign(data, privateKey) {
|
|
60
|
+
// Obtiene el algoritmo hash correspondiente (RSA-SHA256, RSA-SHA384, RSA-SHA512)
|
|
61
|
+
const hashAlgorithm = this.getHashAlgorithm();
|
|
62
|
+
// Crea un firmador
|
|
63
|
+
const sign = crypto.createSign(hashAlgorithm);
|
|
64
|
+
// Alimenta los datos al firmador
|
|
65
|
+
sign.update(data);
|
|
66
|
+
// Genera la firma usando la clave privada RSA
|
|
67
|
+
const signature = sign.sign(privateKey, "base64");
|
|
68
|
+
// Codifica en Base64URL para JWT
|
|
69
|
+
return this.encoder.encode(signature);
|
|
70
|
+
}
|
|
71
|
+
/**
|
|
72
|
+
* Verifica si una firma es válida para los datos dados usando la clave pública RSA
|
|
73
|
+
* @param data Los datos a firmar (normalmente el header + payload del JWT)
|
|
74
|
+
* @param signature La firma digital a verificar
|
|
75
|
+
* @param publicKey La clave pública para verificar
|
|
76
|
+
* @returns true si la firma es válida, false si no
|
|
77
|
+
*/
|
|
78
|
+
verify(data, signature, publicKey) {
|
|
79
|
+
try {
|
|
80
|
+
// Decodifica la firma desde Base64URL
|
|
81
|
+
const hashAlgorithm = this.getHashAlgorithm();
|
|
82
|
+
// Crea un verificador
|
|
83
|
+
const verify = crypto.createVerify(hashAlgorithm);
|
|
84
|
+
// Alimenta los datos originales
|
|
85
|
+
verify.update(data);
|
|
86
|
+
// Verifica usando la clave pública RSA
|
|
87
|
+
const decodedSignature = this.encoder.decode(signature);
|
|
88
|
+
// Retorna true si válida, false si no
|
|
89
|
+
return verify.verify(publicKey, decodedSignature, "base64");
|
|
90
|
+
}
|
|
91
|
+
catch (error) {
|
|
92
|
+
return false;
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
/**
|
|
96
|
+
* Retorna el algoritmo que soporta esta estrategia específica.
|
|
97
|
+
* @returns El nombre del algoritmo soportado
|
|
98
|
+
*/
|
|
99
|
+
getSupportedAlgorithm() {
|
|
100
|
+
return this.algorithm;
|
|
101
|
+
}
|
|
102
|
+
/**
|
|
103
|
+
* Convierte el algoritmo JWT RSA (como 'RS256') al algoritmo hash correspondiente que entiende Node.js crypto (como 'RSA-SHA256').
|
|
104
|
+
* @returns El algoritmo hash correspondiente
|
|
105
|
+
* @throws Error si el algoritmo RSA no es soportado
|
|
106
|
+
*/
|
|
107
|
+
getHashAlgorithm() {
|
|
108
|
+
const hashAlgorithm = RsaSignatureStrategy.ALGORITHM_MAP[this.algorithm];
|
|
109
|
+
if (!hashAlgorithm) {
|
|
110
|
+
throw new Error(`Unsupported RSA algorithm: ${this.algorithm}`);
|
|
111
|
+
}
|
|
112
|
+
return hashAlgorithm;
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
exports.RsaSignatureStrategy = RsaSignatureStrategy;
|
|
116
|
+
/**
|
|
117
|
+
* Mapea los algoritmos JWT RSA a los algoritmos hash de Node.js crypto.
|
|
118
|
+
* Por ejemplo, 'RS256' → 'RSA-SHA256'
|
|
119
|
+
*/
|
|
120
|
+
RsaSignatureStrategy.ALGORITHM_MAP = {
|
|
121
|
+
[shared_1.algorithms.rsa.RS256]: "RSA-SHA256",
|
|
122
|
+
[shared_1.algorithms.rsa.RS384]: "RSA-SHA384",
|
|
123
|
+
[shared_1.algorithms.rsa.RS512]: "RSA-SHA512",
|
|
124
|
+
};
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
import { JwtSigner } from "..";
|
|
2
|
+
import { IGenerateAccessTokenProps, IGenerateRefreshTokenProps } from "../../../../domain/props";
|
|
3
|
+
import { Base64UrlEncoder } from "../../../../shared";
|
|
4
|
+
/**
|
|
5
|
+
*Crea tokens JWT válidos (tanto de acceso como de refresco)
|
|
6
|
+
*a partir de un usuario y una configuración.
|
|
7
|
+
*/
|
|
8
|
+
export declare class JwtTokenGenerator {
|
|
9
|
+
private readonly encoder;
|
|
10
|
+
private readonly signer;
|
|
11
|
+
/**
|
|
12
|
+
* Crea una nueva instancia de JwtTokenGenerator
|
|
13
|
+
* @param encoder El codificador Base64 URL-safe a usar
|
|
14
|
+
* @param signer El firmador JWT a usar
|
|
15
|
+
*/
|
|
16
|
+
constructor(encoder: Base64UrlEncoder, signer: JwtSigner);
|
|
17
|
+
/**
|
|
18
|
+
* Genera un access token con accessTokenSecret
|
|
19
|
+
* @param props Las propiedades necesarias para generar el access token
|
|
20
|
+
* @returns El token JWT generado como string
|
|
21
|
+
*/
|
|
22
|
+
generateAccessToken(props: IGenerateAccessTokenProps): string;
|
|
23
|
+
/**
|
|
24
|
+
* Genera un access token con refreshTokenSecret
|
|
25
|
+
* @param props Las propiedades necesarias para generar el refresh token
|
|
26
|
+
* @returns El token JWT generado como string
|
|
27
|
+
*/
|
|
28
|
+
generateRefreshToken(props: IGenerateRefreshTokenProps): string;
|
|
29
|
+
/**
|
|
30
|
+
* Genera un token JWT completo (header.payload.signature)
|
|
31
|
+
* @param user El usuario para quien se genera el token
|
|
32
|
+
* @param props Las propiedades necesarias para generar el token
|
|
33
|
+
* @returns El token JWT generado como string
|
|
34
|
+
*/
|
|
35
|
+
private generateToken;
|
|
36
|
+
/**
|
|
37
|
+
* Crea el payload del token JWT
|
|
38
|
+
* @param props Las propiedades necesarias para crear el payload
|
|
39
|
+
* @returns El payload del token JWT como objeto
|
|
40
|
+
*/
|
|
41
|
+
private createPayload;
|
|
42
|
+
/**
|
|
43
|
+
* Define la cabecera del token JWT
|
|
44
|
+
* @param config La configuración del servicio JWT
|
|
45
|
+
* @returns El header del token JWT como objeto
|
|
46
|
+
*/
|
|
47
|
+
private createHeader;
|
|
48
|
+
/**
|
|
49
|
+
* Codifica el header y el payload en Base64URL.
|
|
50
|
+
* Luego genera la firma y ensambla el token completo.
|
|
51
|
+
* @param header El header del token JWT
|
|
52
|
+
* @param payload El payload del token JWT
|
|
53
|
+
* @param secret La clave secreta para firmar el token
|
|
54
|
+
* @returns El token JWT completo como string
|
|
55
|
+
*/
|
|
56
|
+
private assembleToken;
|
|
57
|
+
}
|
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.JwtTokenGenerator = void 0;
|
|
4
|
+
const shared_1 = require("../../../../shared");
|
|
5
|
+
/**
|
|
6
|
+
*Crea tokens JWT válidos (tanto de acceso como de refresco)
|
|
7
|
+
*a partir de un usuario y una configuración.
|
|
8
|
+
*/
|
|
9
|
+
class JwtTokenGenerator {
|
|
10
|
+
/**
|
|
11
|
+
* Crea una nueva instancia de JwtTokenGenerator
|
|
12
|
+
* @param encoder El codificador Base64 URL-safe a usar
|
|
13
|
+
* @param signer El firmador JWT a usar
|
|
14
|
+
*/
|
|
15
|
+
constructor(
|
|
16
|
+
// Base64UrlEncoder → codifica texto (header y payload) al formato Base64URL, estándar de JWT.
|
|
17
|
+
encoder,
|
|
18
|
+
// JwtSigner → genera la firma criptográfica (signature) con el secreto correspondiente
|
|
19
|
+
signer // // Algoritmo de firma a usar (HS256, RS256, ES256, etc.) // private readonly algorithm: AnyAlgorithm
|
|
20
|
+
) {
|
|
21
|
+
this.encoder = encoder;
|
|
22
|
+
this.signer = signer;
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* Genera un access token con accessTokenSecret
|
|
26
|
+
* @param props Las propiedades necesarias para generar el access token
|
|
27
|
+
* @returns El token JWT generado como string
|
|
28
|
+
*/
|
|
29
|
+
generateAccessToken(props) {
|
|
30
|
+
return this.generateToken({
|
|
31
|
+
user: props.user,
|
|
32
|
+
expiresIn: props.expiresIn,
|
|
33
|
+
defaultExpirationMs: props.config.accessTokenExpirationMs,
|
|
34
|
+
secret: props.config.accessTokenSecret,
|
|
35
|
+
config: props.config,
|
|
36
|
+
customClaims: props.customClaims,
|
|
37
|
+
});
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Genera un access token con refreshTokenSecret
|
|
41
|
+
* @param props Las propiedades necesarias para generar el refresh token
|
|
42
|
+
* @returns El token JWT generado como string
|
|
43
|
+
*/
|
|
44
|
+
generateRefreshToken(props) {
|
|
45
|
+
return this.generateToken({
|
|
46
|
+
user: props.user,
|
|
47
|
+
expiresIn: props.expiresIn,
|
|
48
|
+
defaultExpirationMs: props.config.refreshTokenExpirationMs,
|
|
49
|
+
secret: props.config.refreshTokenSecret,
|
|
50
|
+
config: props.config,
|
|
51
|
+
customClaims: props.customClaims,
|
|
52
|
+
});
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Genera un token JWT completo (header.payload.signature)
|
|
56
|
+
* @param user El usuario para quien se genera el token
|
|
57
|
+
* @param props Las propiedades necesarias para generar el token
|
|
58
|
+
* @returns El token JWT generado como string
|
|
59
|
+
*/
|
|
60
|
+
generateToken(props) {
|
|
61
|
+
const { secret, config } = props;
|
|
62
|
+
// Crea el payload (datos que lleva el token).
|
|
63
|
+
const payload = this.createPayload(props);
|
|
64
|
+
// Crea el header (metadatos sobre el algoritmo).
|
|
65
|
+
const header = this.createHeader(config);
|
|
66
|
+
// une todo y lo firma.
|
|
67
|
+
return this.assembleToken(header, payload, secret, props.config.algorithm);
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* Crea el payload del token JWT
|
|
71
|
+
* @param props Las propiedades necesarias para crear el payload
|
|
72
|
+
* @returns El payload del token JWT como objeto
|
|
73
|
+
*/
|
|
74
|
+
createPayload(props) {
|
|
75
|
+
const { user, expiresIn, defaultExpirationMs, customClaims } = props;
|
|
76
|
+
// Calcula el tiempo de expiración (exp) en milisegundos.
|
|
77
|
+
// Convierte el valor expiresIn (ej. "15m" o "1h") usando
|
|
78
|
+
// Si no se especifica, usa el valor por defecto del config
|
|
79
|
+
const expirationMs = expiresIn
|
|
80
|
+
? shared_1.TimeParser.parseToMilliseconds(expiresIn)
|
|
81
|
+
: defaultExpirationMs;
|
|
82
|
+
const now = Date.now();
|
|
83
|
+
const exp = now + expirationMs;
|
|
84
|
+
// Luego construye el payload
|
|
85
|
+
return {
|
|
86
|
+
sub: user.id,
|
|
87
|
+
roles: user.roles.map((r) => r),
|
|
88
|
+
customClaims: customClaims || {},
|
|
89
|
+
jti: crypto.randomUUID(), // ID único del token
|
|
90
|
+
iat: Math.floor(now / 1000),
|
|
91
|
+
exp: Math.floor(exp / 1000),
|
|
92
|
+
iss: props.config.issuer,
|
|
93
|
+
aud: props.config.audience,
|
|
94
|
+
};
|
|
95
|
+
}
|
|
96
|
+
/**
|
|
97
|
+
* Define la cabecera del token JWT
|
|
98
|
+
* @param config La configuración del servicio JWT
|
|
99
|
+
* @returns El header del token JWT como objeto
|
|
100
|
+
*/
|
|
101
|
+
createHeader(config) {
|
|
102
|
+
return {
|
|
103
|
+
alg: config.algorithm,
|
|
104
|
+
typ: "JWT",
|
|
105
|
+
};
|
|
106
|
+
}
|
|
107
|
+
/**
|
|
108
|
+
* Codifica el header y el payload en Base64URL.
|
|
109
|
+
* Luego genera la firma y ensambla el token completo.
|
|
110
|
+
* @param header El header del token JWT
|
|
111
|
+
* @param payload El payload del token JWT
|
|
112
|
+
* @param secret La clave secreta para firmar el token
|
|
113
|
+
* @returns El token JWT completo como string
|
|
114
|
+
*/
|
|
115
|
+
assembleToken(header, payload, secret, algorithm) {
|
|
116
|
+
const encodedHeader = this.encoder.encode(JSON.stringify(header));
|
|
117
|
+
const encodedPayload = this.encoder.encode(JSON.stringify(payload));
|
|
118
|
+
// Une las tres partes
|
|
119
|
+
const signature = this.signer.sign(`${encodedHeader}.${encodedPayload}`, secret, algorithm);
|
|
120
|
+
return `${encodedHeader}.${encodedPayload}.${signature}`;
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
exports.JwtTokenGenerator = JwtTokenGenerator;
|