@jmlq/auth 0.0.1-alpha.24 → 0.0.1-alpha.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +1 -0
- package/dist/index.js +1 -0
- package/dist/shared/index.d.ts +1 -0
- package/dist/shared/index.js +1 -0
- package/dist/shared/jwt-plugin/index.d.ts +6 -0
- package/dist/shared/jwt-plugin/index.js +22 -0
- package/dist/shared/jwt-plugin/is-retryable-auth-code.d.ts +8 -0
- package/dist/shared/jwt-plugin/is-retryable-auth-code.js +15 -0
- package/dist/shared/jwt-plugin/normalize-clock-skew-seconds.d.ts +14 -0
- package/dist/shared/jwt-plugin/normalize-clock-skew-seconds.js +23 -0
- package/dist/shared/jwt-plugin/normalize-default-expires-in.d.ts +16 -0
- package/dist/shared/jwt-plugin/normalize-default-expires-in.js +36 -0
- package/dist/shared/jwt-plugin/read-custom-claims.d.ts +12 -0
- package/dist/shared/jwt-plugin/read-custom-claims.js +21 -0
- package/dist/shared/jwt-plugin/read-expires-in.d.ts +12 -0
- package/dist/shared/jwt-plugin/read-expires-in.js +20 -0
- package/dist/shared/jwt-plugin/resolve-expires-in.d.ts +14 -0
- package/dist/shared/jwt-plugin/resolve-expires-in.js +31 -0
- package/package.json +1 -1
package/dist/index.d.ts
CHANGED
package/dist/index.js
CHANGED
package/dist/shared/index.d.ts
CHANGED
package/dist/shared/index.js
CHANGED
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./normalize-clock-skew-seconds"), exports);
|
|
18
|
+
__exportStar(require("./normalize-default-expires-in"), exports);
|
|
19
|
+
__exportStar(require("./read-expires-in"), exports);
|
|
20
|
+
__exportStar(require("./read-custom-claims"), exports);
|
|
21
|
+
__exportStar(require("./resolve-expires-in"), exports);
|
|
22
|
+
__exportStar(require("./is-retryable-auth-code"), exports);
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import type { AuthErrorCode } from "../../domain/errors";
|
|
2
|
+
/**
|
|
3
|
+
* Determina si un error del core (por código) es "retryable".
|
|
4
|
+
*
|
|
5
|
+
* Responsabilidad única:
|
|
6
|
+
* - Decidir reintento SOLO por `code` (sin jose, sin message, sin heurísticas).
|
|
7
|
+
*/
|
|
8
|
+
export declare function isRetryableAuthCode(code: AuthErrorCode): boolean;
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.isRetryableAuthCode = isRetryableAuthCode;
|
|
4
|
+
/**
|
|
5
|
+
* Determina si un error del core (por código) es "retryable".
|
|
6
|
+
*
|
|
7
|
+
* Responsabilidad única:
|
|
8
|
+
* - Decidir reintento SOLO por `code` (sin jose, sin message, sin heurísticas).
|
|
9
|
+
*/
|
|
10
|
+
function isRetryableAuthCode(code) {
|
|
11
|
+
return (code === "SIGNATURE_INVALID" ||
|
|
12
|
+
code === "ALGORITHM_UNSUPPORTED" ||
|
|
13
|
+
code === "KEY_MISMATCH" ||
|
|
14
|
+
code === "KEY_NOT_FOUND");
|
|
15
|
+
}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Normaliza clockSkewSeconds (en segundos).
|
|
3
|
+
*
|
|
4
|
+
* Responsabilidad única:
|
|
5
|
+
* - Aceptar únicamente números válidos
|
|
6
|
+
* - Convertir a entero (floor)
|
|
7
|
+
* - Asegurar >= 0
|
|
8
|
+
*
|
|
9
|
+
* Reglas:
|
|
10
|
+
* - no number / NaN => undefined
|
|
11
|
+
* - < 0 => 0
|
|
12
|
+
* - >== 0 => floor(value)
|
|
13
|
+
*/
|
|
14
|
+
export declare function normalizeClockSkewSeconds(value: number | undefined): number | undefined;
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.normalizeClockSkewSeconds = normalizeClockSkewSeconds;
|
|
4
|
+
/**
|
|
5
|
+
* Normaliza clockSkewSeconds (en segundos).
|
|
6
|
+
*
|
|
7
|
+
* Responsabilidad única:
|
|
8
|
+
* - Aceptar únicamente números válidos
|
|
9
|
+
* - Convertir a entero (floor)
|
|
10
|
+
* - Asegurar >= 0
|
|
11
|
+
*
|
|
12
|
+
* Reglas:
|
|
13
|
+
* - no number / NaN => undefined
|
|
14
|
+
* - < 0 => 0
|
|
15
|
+
* - >== 0 => floor(value)
|
|
16
|
+
*/
|
|
17
|
+
function normalizeClockSkewSeconds(value) {
|
|
18
|
+
if (typeof value !== "number" || Number.isNaN(value))
|
|
19
|
+
return undefined;
|
|
20
|
+
if (value < 0)
|
|
21
|
+
return 0;
|
|
22
|
+
return Math.floor(value);
|
|
23
|
+
}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Normaliza defaults de expiración usados por plugins JWT.
|
|
3
|
+
*
|
|
4
|
+
* Responsabilidad única:
|
|
5
|
+
* - Aceptar un shape compatible con { accessToken?, refreshToken? }
|
|
6
|
+
* - Trim de strings
|
|
7
|
+
* - Vacío => omitido
|
|
8
|
+
* - Si queda vacío => undefined
|
|
9
|
+
*
|
|
10
|
+
* Importante:
|
|
11
|
+
* - No depende de types de plugins para evitar acoplamiento.
|
|
12
|
+
*/
|
|
13
|
+
export declare function normalizeDefaultExpiresIn<T extends {
|
|
14
|
+
accessToken?: string;
|
|
15
|
+
refreshToken?: string;
|
|
16
|
+
}>(value: T | undefined): T | undefined;
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.normalizeDefaultExpiresIn = normalizeDefaultExpiresIn;
|
|
4
|
+
/**
|
|
5
|
+
* Normaliza defaults de expiración usados por plugins JWT.
|
|
6
|
+
*
|
|
7
|
+
* Responsabilidad única:
|
|
8
|
+
* - Aceptar un shape compatible con { accessToken?, refreshToken? }
|
|
9
|
+
* - Trim de strings
|
|
10
|
+
* - Vacío => omitido
|
|
11
|
+
* - Si queda vacío => undefined
|
|
12
|
+
*
|
|
13
|
+
* Importante:
|
|
14
|
+
* - No depende de types de plugins para evitar acoplamiento.
|
|
15
|
+
*/
|
|
16
|
+
function normalizeDefaultExpiresIn(value) {
|
|
17
|
+
if (!value)
|
|
18
|
+
return undefined;
|
|
19
|
+
const out = {};
|
|
20
|
+
const accessToken = normalizeOptionalNonEmptyString(value.accessToken);
|
|
21
|
+
if (accessToken)
|
|
22
|
+
out.accessToken = accessToken;
|
|
23
|
+
const refreshToken = normalizeOptionalNonEmptyString(value.refreshToken);
|
|
24
|
+
if (refreshToken)
|
|
25
|
+
out.refreshToken = refreshToken;
|
|
26
|
+
return Object.keys(out).length > 0 ? out : undefined;
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
29
|
+
* Helper local (mínimo) para evitar dependencia circular en exports del core.
|
|
30
|
+
*/
|
|
31
|
+
function normalizeOptionalNonEmptyString(value) {
|
|
32
|
+
if (typeof value !== "string")
|
|
33
|
+
return undefined;
|
|
34
|
+
const v = value.trim();
|
|
35
|
+
return v.length > 0 ? v : undefined;
|
|
36
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Lee `customClaims` desde unknown.
|
|
3
|
+
*
|
|
4
|
+
* Responsabilidad única:
|
|
5
|
+
* - Aceptar únicamente un objeto plano serializable (Record<string, unknown>)
|
|
6
|
+
*
|
|
7
|
+
* Reglas:
|
|
8
|
+
* - undefined/null => undefined
|
|
9
|
+
* - arrays => undefined
|
|
10
|
+
* - objetos => Record<string, unknown>
|
|
11
|
+
*/
|
|
12
|
+
export declare function readCustomClaims(value: unknown): Record<string, unknown> | undefined;
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.readCustomClaims = readCustomClaims;
|
|
4
|
+
/**
|
|
5
|
+
* Lee `customClaims` desde unknown.
|
|
6
|
+
*
|
|
7
|
+
* Responsabilidad única:
|
|
8
|
+
* - Aceptar únicamente un objeto plano serializable (Record<string, unknown>)
|
|
9
|
+
*
|
|
10
|
+
* Reglas:
|
|
11
|
+
* - undefined/null => undefined
|
|
12
|
+
* - arrays => undefined
|
|
13
|
+
* - objetos => Record<string, unknown>
|
|
14
|
+
*/
|
|
15
|
+
function readCustomClaims(value) {
|
|
16
|
+
if (!value || typeof value !== "object")
|
|
17
|
+
return undefined;
|
|
18
|
+
if (Array.isArray(value))
|
|
19
|
+
return undefined;
|
|
20
|
+
return value;
|
|
21
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Lee `expiresIn` desde unknown.
|
|
3
|
+
*
|
|
4
|
+
* Responsabilidad única:
|
|
5
|
+
* - Normalizar un valor desconocido a `string | undefined`
|
|
6
|
+
*
|
|
7
|
+
* Reglas:
|
|
8
|
+
* - no string => undefined
|
|
9
|
+
* - string vacío => undefined
|
|
10
|
+
* - string con espacios => trim()
|
|
11
|
+
*/
|
|
12
|
+
export declare function readExpiresIn(value: unknown): string | undefined;
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.readExpiresIn = readExpiresIn;
|
|
4
|
+
/**
|
|
5
|
+
* Lee `expiresIn` desde unknown.
|
|
6
|
+
*
|
|
7
|
+
* Responsabilidad única:
|
|
8
|
+
* - Normalizar un valor desconocido a `string | undefined`
|
|
9
|
+
*
|
|
10
|
+
* Reglas:
|
|
11
|
+
* - no string => undefined
|
|
12
|
+
* - string vacío => undefined
|
|
13
|
+
* - string con espacios => trim()
|
|
14
|
+
*/
|
|
15
|
+
function readExpiresIn(value) {
|
|
16
|
+
if (typeof value !== "string")
|
|
17
|
+
return undefined;
|
|
18
|
+
const trimmed = value.trim();
|
|
19
|
+
return trimmed.length > 0 ? trimmed : undefined;
|
|
20
|
+
}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Resuelve `expiresIn` para generación de tokens (regla canónica para plugins).
|
|
3
|
+
*
|
|
4
|
+
* Responsabilidad única:
|
|
5
|
+
* - Aplicar precedencia:
|
|
6
|
+
* 1) expiresIn provisto por props
|
|
7
|
+
* 2) defaultExpiresIn del plugin por tokenKind
|
|
8
|
+
* - Si ninguno existe: lanzar InvalidJwtPayloadError (error canónico del core)
|
|
9
|
+
*/
|
|
10
|
+
export declare function resolveExpiresIn(args: {
|
|
11
|
+
expiresInFromProps?: string;
|
|
12
|
+
defaultExpiresIn?: string;
|
|
13
|
+
operation: "generateAccessToken" | "generateRefreshToken";
|
|
14
|
+
}): string;
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.resolveExpiresIn = resolveExpiresIn;
|
|
4
|
+
const errors_1 = require("../../domain/errors");
|
|
5
|
+
/**
|
|
6
|
+
* Resuelve `expiresIn` para generación de tokens (regla canónica para plugins).
|
|
7
|
+
*
|
|
8
|
+
* Responsabilidad única:
|
|
9
|
+
* - Aplicar precedencia:
|
|
10
|
+
* 1) expiresIn provisto por props
|
|
11
|
+
* 2) defaultExpiresIn del plugin por tokenKind
|
|
12
|
+
* - Si ninguno existe: lanzar InvalidJwtPayloadError (error canónico del core)
|
|
13
|
+
*/
|
|
14
|
+
function resolveExpiresIn(args) {
|
|
15
|
+
const fromProps = normalizeOptionalNonEmptyString(args.expiresInFromProps);
|
|
16
|
+
if (fromProps)
|
|
17
|
+
return fromProps;
|
|
18
|
+
const fromDefault = normalizeOptionalNonEmptyString(args.defaultExpiresIn);
|
|
19
|
+
if (fromDefault)
|
|
20
|
+
return fromDefault;
|
|
21
|
+
throw new errors_1.InvalidJwtPayloadError("expiresIn is required", {
|
|
22
|
+
field: "expiresIn",
|
|
23
|
+
operation: args.operation,
|
|
24
|
+
});
|
|
25
|
+
}
|
|
26
|
+
function normalizeOptionalNonEmptyString(value) {
|
|
27
|
+
if (typeof value !== "string")
|
|
28
|
+
return undefined;
|
|
29
|
+
const v = value.trim();
|
|
30
|
+
return v.length > 0 ? v : undefined;
|
|
31
|
+
}
|