@lindorm/aegis 0.1.0

package/dist/utils/private/jwt-verify.js

@@ -0,0 +1,109 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._createJwtVerify = void 0;
+const date_1 = require("@lindorm/date");
+const is_1 = require("@lindorm/is");
+const create_hash_1 = require("./create-hash");
+const _mapVerify = (key) => {
+    switch (key) {
+        case "accessToken":
+            return "at_hash";
+        case "adjustedAccessLevel":
+            return "aal";
+        case "audience":
+            return "aud";
+        case "authCode":
+            return "c_hash";
+        case "authContextClass":
+            return "acr";
+        case "authFactor":
+            return "afr";
+        case "authMethods":
+            return "amr";
+        case "authorizedParty":
+            return "azp";
+        case "authState":
+            return "s_hash";
+        case "authTime":
+            return "auth_time";
+        case "clientId":
+            return "cid";
+        case "grantType":
+            return "gty";
+        case "issuer":
+            return "iss";
+        case "levelOfAssurance":
+            return "loa";
+        case "nonce":
+            return "nonce";
+        case "permissions":
+            return "per";
+        case "roles":
+            return "rls";
+        case "scope":
+            return "scp";
+        case "sessionHint":
+            return "sih";
+        case "subject":
+            return "sub";
+        case "subjectHint":
+            return "suh";
+        case "tenantId":
+            return "tid";
+        case "tokenType":
+            return "token_type";
+        default:
+            throw new Error(`Unsupported key: ${key}`);
+    }
+};
+const _createJwtVerify = (algorithm, verify, clockTolerance) => {
+    const ops = {
+        iat: {
+            $or: [{ $exists: false }, { $beforeOrEq: (0, date_1.addSeconds)(new Date(), clockTolerance) }],
+        },
+        nbf: {
+            $or: [{ $exists: false }, { $beforeOrEq: (0, date_1.addSeconds)(new Date(), clockTolerance) }],
+        },
+        exp: {
+            $or: [{ $exists: false }, { $afterOrEq: (0, date_1.subSeconds)(new Date(), clockTolerance) }],
+        },
+        auth_time: {
+            $or: [{ $exists: false }, { $beforeOrEq: (0, date_1.addSeconds)(new Date(), clockTolerance) }],
+        },
+    };
+    for (const [key, value] of Object.entries(verify)) {
+        const mapped = _mapVerify(key);
+        if (mapped === "at_hash" && (0, is_1.isString)(value)) {
+            ops[mapped] = { $eq: (0, create_hash_1._createAccessTokenHash)(algorithm, value) };
+            continue;
+        }
+        if (mapped === "c_hash" && (0, is_1.isString)(value)) {
+            ops[mapped] = { $eq: (0, create_hash_1._createCodeHash)(algorithm, value) };
+            continue;
+        }
+        if (mapped === "s_hash" && (0, is_1.isString)(value)) {
+            ops[mapped] = { $eq: (0, create_hash_1._createStateHash)(algorithm, value) };
+            continue;
+        }
+        if ((0, is_1.isArray)(value)) {
+            ops[mapped] = { $all: value };
+            continue;
+        }
+        if ((0, is_1.isNumber)(value)) {
+            ops[mapped] = { $eq: value };
+            continue;
+        }
+        if ((0, is_1.isString)(value)) {
+            ops[mapped] = { $eq: value };
+            continue;
+        }
+        if ((0, is_1.isObject)(value)) {
+            ops[mapped] = value;
+            continue;
+        }
+        throw new Error(`Unsupported value: ${value} for key: ${key}`);
+    }
+    return ops;
+};
+exports._createJwtVerify = _createJwtVerify;
+//# sourceMappingURL=jwt-verify.js.map

package/dist/utils/private/jwt-verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-verify.js","sourceRoot":"","sources":["../../../src/utils/private/jwt-verify.ts"],"names":[],"mappings":";;;AAAA,wCAAuD;AACvD,oCAAoE;AAIpE,+CAA0F;AAE1F,MAAM,UAAU,GAAG,CAAC,GAA2B,EAAmB,EAAE;IAClE,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,aAAa;YAChB,OAAO,SAAS,CAAC;QACnB,KAAK,qBAAqB;YACxB,OAAO,KAAK,CAAC;QACf,KAAK,UAAU;YACb,OAAO,KAAK,CAAC;QACf,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC;QAClB,KAAK,kBAAkB;YACrB,OAAO,KAAK,CAAC;QACf,KAAK,YAAY;YACf,OAAO,KAAK,CAAC;QACf,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC;QACf,KAAK,iBAAiB;YACpB,OAAO,KAAK,CAAC;QACf,KAAK,WAAW;YACd,OAAO,QAAQ,CAAC;QAClB,KAAK,UAAU;YACb,OAAO,WAAW,CAAC;QACrB,KAAK,UAAU;YACb,OAAO,KAAK,CAAC;QACf,KAAK,WAAW;YACd,OAAO,KAAK,CAAC;QACf,KAAK,QAAQ;YACX,OAAO,KAAK,CAAC;QACf,KAAK,kBAAkB;YACrB,OAAO,KAAK,CAAC;QACf,KAAK,OAAO;YACV,OAAO,OAAO,CAAC;QACjB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC;QACf,KAAK,OAAO;YACV,OAAO,KAAK,CAAC;QACf,KAAK,OAAO;YACV,OAAO,KAAK,CAAC;QACf,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC;QACf,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC;QACf,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC;QACf,KAAK,UAAU;YACb,OAAO,KAAK,CAAC;QACf,KAAK,WAAW;YACd,OAAO,YAAY,CAAC;QACtB;YACE,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAG,EAAE,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC,CAAC;AAEK,MAAM,gBAAgB,GAAG,CAC9B,SAA2B,EAC3B,MAAwB,EACxB,cAAsB,EACL,EAAE;IACnB,MAAM,GAAG,GAAgD;QACvD,GAAG,EAAE;YACH,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,WAAW,EAAE,IAAA,iBAAU,EAAC,IAAI,IAAI,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC;SACnF;QACD,GAAG,EAAE;YACH,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,WAAW,EAAE,IAAA,iBAAU,EAAC,IAAI,IAAI,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC;SACnF;QACD,GAAG,EAAE;YACH,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,IAAA,iBAAU,EAAC,IAAI,IAAI,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC;SAClF;QACD,SAAS,EAAE;YACT,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,WAAW,EAAE,IAAA,iBAAU,EAAC,IAAI,IAAI,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC;SACnF;KACF,CAAC;IAEF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAClD,MAAM,MAAM,GAAG,UAAU,CAAC,GAA6B,CAAC,CAAC;QAEzD,IAAI,MAAM,KAAK,SAAS,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YAC5C,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,IAAA,oCAAsB,EAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YAChE,SAAS;QACX,CAAC;QACD,IAAI,MAAM,KAAK,QAAQ,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,IAAA,6BAAe,EAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YACzD,SAAS;QACX,CAAC;QACD,IAAI,MAAM,KAAK,QAAQ,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,IAAA,8BAAgB,EAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YAC1D,SAAS;QACX,CAAC;QACD,IAAI,IAAA,YAAO,EAAS,KAAK,CAAC,EAAE,CAAC;YAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;YAC9B,SAAS;QACX,CAAC;QACD,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACpB,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;YAC7B,SAAS;QACX,CAAC;QACD,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACpB,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;YAC7B,SAAS;QACX,CAAC;QACD,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACpB,GAAG,CAAC,MAAM,CAAC,GAAG,KAAkB,CAAC;YACjC,SAAS;QACX,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,sBAAsB,KAAK,aAAa,GAAG,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAxDW,QAAA,gBAAgB,oBAwD3B"}

package/dist/utils/private/token-header.d.ts

@@ -0,0 +1,5 @@
+import { DecodedTokenHeader, ParsedTokenHeader, TokenHeaderSignOptions } from "../../types";
+export declare const _encodeTokenHeader: (header: TokenHeaderSignOptions) => string;
+export declare const _decodeTokenHeader: (header: string) => DecodedTokenHeader;
+export declare const _parseTokenHeader: <T extends ParsedTokenHeader = ParsedTokenHeader>(decoded: DecodedTokenHeader) => T;
+//# sourceMappingURL=token-header.d.ts.map

package/dist/utils/private/token-header.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-header.d.ts","sourceRoot":"","sources":["../../../src/utils/private/token-header.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EAGjB,sBAAsB,EAEvB,MAAM,aAAa,CAAC;AAgCrB,eAAO,MAAM,kBAAkB,WAAY,sBAAsB,KAAG,MA+EnE,CAAC;AAEF,eAAO,MAAM,kBAAkB,WAAY,MAAM,KAAG,kBAkBnD,CAAC;AAEF,eAAO,MAAM,iBAAiB,6DACnB,kBAAkB,KAC1B,CA8DF,CAAC"}

package/dist/utils/private/token-header.js

@@ -0,0 +1,193 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._parseTokenHeader = exports._decodeTokenHeader = exports._encodeTokenHeader = void 0;
+const b64_1 = require("@lindorm/b64");
+const is_1 = require("@lindorm/is");
+const utils_1 = require("@lindorm/utils");
+const ALGS = [
+    "A128KW",
+    "A192KW",
+    "A256KW",
+    "dir",
+    "ECDH-ES",
+    "ECDH-ES+A128KW",
+    "ECDH-ES+A192KW",
+    "ECDH-ES+A256KW",
+    "EdDSA",
+    "ES256",
+    "ES384",
+    "ES512",
+    "HS256",
+    "HS384",
+    "HS512",
+    "PBES2-HS256+A128KW",
+    "PBES2-HS384+A192KW",
+    "PBES2-HS512+A256KW",
+    "RS256",
+    "RS384",
+    "RS512",
+    "RSA-OAEP",
+    "RSA-OAEP-256",
+    "RSA-OAEP-384",
+    "RSA-OAEP-512",
+];
+const TYPES = ["JWE", "JWS", "JWT"];
+const _encodeTokenHeader = (header) => {
+    if (!header.algorithm) {
+        throw new Error("Algorithm is required");
+    }
+    if (!ALGS.includes(header.algorithm)) {
+        throw new Error(`Invalid algorithm: ${header.algorithm}`);
+    }
+    if (!header.headerType) {
+        throw new Error("Header type is required");
+    }
+    if (!TYPES.includes(header.headerType)) {
+        throw new Error(`Invalid header type: ${header.headerType}`);
+    }
+    if (!header.keyId) {
+        throw new Error("Key ID is required");
+    }
+    const crit = header.critical
+        ?.map((key) => {
+        switch (key) {
+            case "algorithm":
+                return "alg";
+            case "contentType":
+                return "cty";
+            case "encryption":
+                return "enc";
+            case "headerType":
+                return "typ";
+            case "hkdfSalt":
+                return "hkdf_salt";
+            case "jwk":
+                return "jwk";
+            case "jwksUri":
+                return "jku";
+            case "keyId":
+                return "kid";
+            case "objectId":
+                return "oid";
+            case "pbkdfIterations":
+                return "p2c";
+            case "pbkdfSalt":
+                return "p2s";
+            case "publicEncryptionJwk":
+                return "epk";
+            case "x5c":
+                return "x5c";
+            case "x5t":
+                return "x5t";
+            case "x5u":
+                return "x5u";
+            case "x5tS256":
+                return "x5t#S256";
+            default:
+                return undefined;
+        }
+    })
+        .filter(is_1.isString);
+    const claims = (0, utils_1.removeUndefined)({
+        alg: header.algorithm,
+        crit,
+        cty: header.contentType,
+        enc: (0, is_1.isString)(header.encryption) ? header.encryption : undefined,
+        epk: (0, is_1.isObject)(header.publicEncryptionJwk) ? header.publicEncryptionJwk : undefined,
+        hkdf_salt: (0, is_1.isString)(header.hkdfSalt) ? header.hkdfSalt : undefined,
+        jku: (0, is_1.isUrlLike)(header.jwksUri) ? header.jwksUri : undefined,
+        jwk: (0, is_1.isObject)(header.jwk) ? header.jwk : undefined,
+        kid: header.keyId,
+        oid: (0, is_1.isString)(header.objectId) ? header.objectId : undefined,
+        p2c: (0, is_1.isFinite)(header.pbkdfIterations) ? header.pbkdfIterations : undefined,
+        p2s: (0, is_1.isString)(header.pbkdfSalt) ? header.pbkdfSalt : undefined,
+        typ: header.headerType,
+        x5c: (0, is_1.isString)(header.x5c) ? header.x5c : undefined,
+        x5t: (0, is_1.isString)(header.x5t) ? header.x5t : undefined,
+        x5u: (0, is_1.isString)(header.x5u) ? header.x5u : undefined,
+        "x5t#S256": (0, is_1.isString)(header.x5tS256) ? header.x5tS256 : undefined,
+    });
+    return b64_1.B64.encode(JSON.stringify(claims), "base64url");
+};
+exports._encodeTokenHeader = _encodeTokenHeader;
+const _decodeTokenHeader = (header) => {
+    const string = b64_1.B64.toString(header);
+    const json = JSON.parse(string);
+    if (!json.alg) {
+        throw new Error("Missing token header: alg");
+    }
+    if (!ALGS.includes(json.alg)) {
+        throw new Error(`Invalid token header: alg: ${json.alg}`);
+    }
+    if (!json.typ) {
+        throw new Error("Missing token header: typ");
+    }
+    if (!TYPES.includes(json.typ)) {
+        throw new Error(`Invalid token header: typ: ${json.typ}`);
+    }
+    return json;
+};
+exports._decodeTokenHeader = _decodeTokenHeader;
+const _parseTokenHeader = (decoded) => {
+    const critical = decoded.crit
+        ?.map((key) => {
+        switch (key) {
+            case "alg":
+                return "algorithm";
+            case "cty":
+                return "contentType";
+            case "enc":
+                return "encryption";
+            case "epk":
+                return "publicEncryptionJwk";
+            case "hkdf_salt":
+                return "hkdfSalt";
+            case "jku":
+                return "jwksUri";
+            case "jwk":
+                return "jwk";
+            case "kid":
+                return "keyId";
+            case "oid":
+                return "objectId";
+            case "p2c":
+                return "pbkdfIterations";
+            case "p2s":
+                return "pbkdfSalt";
+            case "typ":
+                return "headerType";
+            case "x5c":
+                return "x5c";
+            case "x5t":
+                return "x5t";
+            case "x5u":
+                return "x5u";
+            case "x5t#S256":
+                return "x5tS256";
+            default:
+                return undefined;
+        }
+    })
+        .filter(is_1.isString) ?? [];
+    return (0, utils_1.removeUndefined)({
+        algorithm: decoded.alg,
+        contentType: decoded.cty,
+        critical,
+        encryption: decoded.enc,
+        headerType: decoded.typ,
+        hkdfSalt: decoded.hkdf_salt,
+        jwk: decoded.jwk,
+        jwksUri: decoded.jku,
+        keyId: decoded.kid,
+        objectId: decoded.oid,
+        pbkdfIterations: decoded.p2c,
+        pbkdfSalt: decoded.p2s,
+        publicEncryptionJwk: decoded.epk,
+        x5c: decoded.x5c,
+        x5t: decoded.x5t,
+        x5u: decoded.x5u,
+        x5tS256: decoded["x5t#S256"],
+    });
+};
+exports._parseTokenHeader = _parseTokenHeader;
+//# sourceMappingURL=token-header.js.map

package/dist/utils/private/token-header.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-header.js","sourceRoot":"","sources":["../../../src/utils/private/token-header.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AACnC,oCAAsE;AACtE,0CAAiD;AAUjD,MAAM,IAAI,GAAgC;IACxC,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,KAAK;IACL,SAAS;IACT,gBAAgB;IAChB,gBAAgB;IAChB,gBAAgB;IAChB,OAAO;IACP,OAAO;IACP,OAAO;IACP,OAAO;IACP,OAAO;IACP,OAAO;IACP,OAAO;IACP,oBAAoB;IACpB,oBAAoB;IACpB,oBAAoB;IACpB,OAAO;IACP,OAAO;IACP,OAAO;IACP,UAAU;IACV,cAAc;IACd,cAAc;IACd,cAAc;CACN,CAAC;AAEX,MAAM,KAAK,GAA2B,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAU,CAAC;AAE9D,MAAM,kBAAkB,GAAG,CAAC,MAA8B,EAAU,EAAE;IAC3E,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,sBAAsB,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,wBAAwB,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ;QAC1B,EAAE,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACZ,QAAQ,GAAG,EAAE,CAAC;YACZ,KAAK,WAAW;gBACd,OAAO,KAAK,CAAC;YACf,KAAK,aAAa;gBAChB,OAAO,KAAK,CAAC;YACf,KAAK,YAAY;gBACf,OAAO,KAAK,CAAC;YACf,KAAK,YAAY;gBACf,OAAO,KAAK,CAAC;YACf,KAAK,UAAU;gBACb,OAAO,WAAW,CAAC;YACrB,KAAK,KAAK;gBACR,OAAO,KAAK,CAAC;YACf,KAAK,SAAS;gBACZ,OAAO,KAAK,CAAC;YACf,KAAK,OAAO;gBACV,OAAO,KAAK,CAAC;YACf,KAAK,UAAU;gBACb,OAAO,KAAK,CAAC;YACf,KAAK,iBAAiB;gBACpB,OAAO,KAAK,CAAC;YACf,KAAK,WAAW;gBACd,OAAO,KAAK,CAAC;YACf,KAAK,qBAAqB;gBACxB,OAAO,KAAK,CAAC;YACf,KAAK,KAAK;gBACR,OAAO,KAAK,CAAC;YACf,KAAK,KAAK;gBACR,OAAO,KAAK,CAAC;YACf,KAAK,KAAK;gBACR,OAAO,KAAK,CAAC;YACf,KAAK,SAAS;gBACZ,OAAO,UAAU,CAAC;YACpB;gBACE,OAAO,SAAS,CAAC;QACrB,CAAC;IACH,CAAC,CAAC;SACD,MAAM,CAAC,aAAQ,CAA8B,CAAC;IAEjD,MAAM,MAAM,GAAsB,IAAA,uBAAe,EAAC;QAChD,GAAG,EAAE,MAAM,CAAC,SAAS;QACrB,IAAI;QACJ,GAAG,EAAE,MAAM,CAAC,WAAW;QACvB,GAAG,EAAE,IAAA,aAAQ,EAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QAChE,GAAG,EAAE,IAAA,aAAQ,EAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;QAClF,SAAS,EAAE,IAAA,aAAQ,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAClE,GAAG,EAAE,IAAA,cAAS,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;QAC3D,GAAG,EAAE,IAAA,aAAQ,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QAClD,GAAG,EAAE,MAAM,CAAC,KAAK;QACjB,GAAG,EAAE,IAAA,aAAQ,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAC5D,GAAG,EAAE,IAAA,aAAQ,EAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;QAC1E,GAAG,EAAE,IAAA,aAAQ,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAC9D,GAAG,EAAE,MAAM,CAAC,UAAU;QACtB,GAAG,EAAE,IAAA,aAAQ,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QAClD,GAAG,EAAE,IAAA,aAAQ,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QAClD,GAAG,EAAE,IAAA,aAAQ,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QAClD,UAAU,EAAE,IAAA,aAAQ,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;KAClE,CAAC,CAAC;IAEH,OAAO,SAAG,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,WAAW,CAAC,CAAC;AACzD,CAAC,CAAC;AA/EW,QAAA,kBAAkB,sBA+E7B;AAEK,MAAM,kBAAkB,GAAG,CAAC,MAAc,EAAsB,EAAE;IACvE,MAAM,MAAM,GAAG,SAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA+B,CAAC;IAE9D,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO,IAA0B,CAAC;AACpC,CAAC,CAAC;AAlBW,QAAA,kBAAkB,sBAkB7B;AAEK,MAAM,iBAAiB,GAAG,CAC/B,OAA2B,EACxB,EAAE;IACL,MAAM,QAAQ,GACX,OAAO,CAAC,IAAI;QACX,EAAE,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACZ,QAAQ,GAAG,EAAE,CAAC;YACZ,KAAK,KAAK;gBACR,OAAO,WAAW,CAAC;YACrB,KAAK,KAAK;gBACR,OAAO,aAAa,CAAC;YACvB,KAAK,KAAK;gBACR,OAAO,YAAY,CAAC;YACtB,KAAK,KAAK;gBACR,OAAO,qBAAqB,CAAC;YAC/B,KAAK,WAAW;gBACd,OAAO,UAAU,CAAC;YACpB,KAAK,KAAK;gBACR,OAAO,SAAS,CAAC;YACnB,KAAK,KAAK;gBACR,OAAO,KAAK,CAAC;YACf,KAAK,KAAK;gBACR,OAAO,OAAO,CAAC;YACjB,KAAK,KAAK;gBACR,OAAO,UAAU,CAAC;YACpB,KAAK,KAAK;gBACR,OAAO,iBAAiB,CAAC;YAC3B,KAAK,KAAK;gBACR,OAAO,WAAW,CAAC;YACrB,KAAK,KAAK;gBACR,OAAO,YAAY,CAAC;YACtB,KAAK,KAAK;gBACR,OAAO,KAAK,CAAC;YACf,KAAK,KAAK;gBACR,OAAO,KAAK,CAAC;YACf,KAAK,KAAK;gBACR,OAAO,KAAK,CAAC;YACf,KAAK,UAAU;gBACb,OAAO,SAAS,CAAC;YACnB;gBACE,OAAO,SAAS,CAAC;QACrB,CAAC;IACH,CAAC,CAAC;SACD,MAAM,CAAC,aAAQ,CAAmC,IAAI,EAAE,CAAC;IAE9D,OAAO,IAAA,uBAAe,EAAC;QACrB,SAAS,EAAE,OAAO,CAAC,GAAG;QACtB,WAAW,EAAE,OAAO,CAAC,GAAG;QACxB,QAAQ;QACR,UAAU,EAAE,OAAO,CAAC,GAAG;QACvB,UAAU,EAAE,OAAO,CAAC,GAAG;QACvB,QAAQ,EAAE,OAAO,CAAC,SAAS;QAC3B,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,OAAO,EAAE,OAAO,CAAC,GAAG;QACpB,KAAK,EAAE,OAAO,CAAC,GAAG;QAClB,QAAQ,EAAE,OAAO,CAAC,GAAG;QACrB,eAAe,EAAE,OAAO,CAAC,GAAG;QAC5B,SAAS,EAAE,OAAO,CAAC,GAAG;QACtB,mBAAmB,EAAE,OAAO,CAAC,GAAG;QAChC,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC;KAC7B,CAAM,CAAC;AACV,CAAC,CAAC;AAhEW,QAAA,iBAAiB,qBAgE5B"}

package/dist/utils/private/token-type.d.ts

@@ -0,0 +1,3 @@
+import { TokenHeaderType } from "../../types";
+export declare const _decodeTokenType: (token: string) => TokenHeaderType;
+//# sourceMappingURL=token-type.d.ts.map

package/dist/utils/private/token-type.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-type.d.ts","sourceRoot":"","sources":["../../../src/utils/private/token-type.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAG9C,eAAO,MAAM,gBAAgB,UAAW,MAAM,KAAG,eAIhD,CAAC"}

package/dist/utils/private/token-type.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._decodeTokenType = void 0;
+const token_header_1 = require("./token-header");
+const _decodeTokenType = (token) => {
+    const [head] = token.split(".");
+    const header = (0, token_header_1._decodeTokenHeader)(head);
+    return header.typ;
+};
+exports._decodeTokenType = _decodeTokenType;
+//# sourceMappingURL=token-type.js.map

package/dist/utils/private/token-type.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-type.js","sourceRoot":"","sources":["../../../src/utils/private/token-type.ts"],"names":[],"mappings":";;;AACA,iDAAoD;AAE7C,MAAM,gBAAgB,GAAG,CAAC,KAAa,EAAmB,EAAE;IACjE,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,MAAM,GAAG,IAAA,iCAAkB,EAAC,IAAI,CAAC,CAAC;IACxC,OAAO,MAAM,CAAC,GAAG,CAAC;AACpB,CAAC,CAAC;AAJW,QAAA,gBAAgB,oBAI3B"}

package/dist/utils/private/validate-value.d.ts

@@ -0,0 +1,3 @@
+import { Operators } from "../../types";
+export declare const _validateValue: (value: any, operators: Operators) => boolean;
+//# sourceMappingURL=validate-value.d.ts.map

package/dist/utils/private/validate-value.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-value.d.ts","sourceRoot":"","sources":["../../../src/utils/private/validate-value.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,eAAO,MAAM,cAAc,UAAW,GAAG,aAAa,SAAS,KAAG,OA2HjE,CAAC"}

package/dist/utils/private/validate-value.js

@@ -0,0 +1,91 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._validateValue = void 0;
+const date_1 = require("@lindorm/date");
+const is_1 = require("@lindorm/is");
+const _validateValue = (value, operators) => {
+    if (operators.$exists === true && !value) {
+        return false;
+    }
+    if (operators.$exists === false && value) {
+        return false;
+    }
+    if (operators.$eq) {
+        if ((0, is_1.isDate)(value) && !(0, date_1.isEqual)(value, operators.$eq)) {
+            return false;
+        }
+        else if (value !== operators.$eq) {
+            return false;
+        }
+    }
+    if (operators.$ne) {
+        if ((0, is_1.isDate)(value) && (0, date_1.isEqual)(value, operators.$ne)) {
+            return false;
+        }
+        else if (value === operators.$ne) {
+            return false;
+        }
+    }
+    if (operators.$in && !operators.$in.includes(value)) {
+        return false;
+    }
+    if (operators.$nin && operators.$nin.includes(value)) {
+        return false;
+    }
+    if (operators.$has && (!(0, is_1.isArray)(value) || !value.includes(operators.$has))) {
+        return false;
+    }
+    if (operators.$not && (!(0, is_1.isArray)(value) || value.includes(operators.$not))) {
+        return false;
+    }
+    if (operators.$all &&
+        (!(0, is_1.isArray)(value) || !operators.$all.every((v) => value.includes(v)))) {
+        return false;
+    }
+    if (operators.$any &&
+        (!(0, is_1.isArray)(value) || !operators.$any.some((v) => value.includes(v)))) {
+        return false;
+    }
+    if (operators.$none &&
+        (!(0, is_1.isArray)(value) || operators.$none.some((v) => value.includes(v)))) {
+        return false;
+    }
+    if (operators.$before && (!(0, is_1.isDate)(value) || !(0, date_1.isBefore)(value, operators.$before))) {
+        return false;
+    }
+    if (operators.$beforeOrEq &&
+        (!(0, is_1.isDate)(value) || (0, date_1.isAfter)(value, operators.$beforeOrEq))) {
+        return false;
+    }
+    if (operators.$after && (!(0, is_1.isDate)(value) || !(0, date_1.isAfter)(value, operators.$after))) {
+        return false;
+    }
+    if (operators.$afterOrEq && (!(0, is_1.isDate)(value) || (0, date_1.isBefore)(value, operators.$afterOrEq))) {
+        return false;
+    }
+    if (operators.$gt && (!(0, is_1.isNumber)(value) || operators.$gt >= value)) {
+        return false;
+    }
+    if (operators.$gte && (!(0, is_1.isNumber)(value) || operators.$gte > value)) {
+        return false;
+    }
+    if (operators.$lt && (!(0, is_1.isNumber)(value) || operators.$lt <= value)) {
+        return false;
+    }
+    if (operators.$lte && (!(0, is_1.isNumber)(value) || operators.$lte < value)) {
+        return false;
+    }
+    if (operators.$regex &&
+        (!(0, is_1.isString)(value) || !new RegExp(operators.$regex).test(value))) {
+        return false;
+    }
+    if (operators.$and && !operators.$and.every((op) => (0, exports._validateValue)(value, op))) {
+        return false;
+    }
+    if (operators.$or && !operators.$or.some((op) => (0, exports._validateValue)(value, op))) {
+        return false;
+    }
+    return true;
+};
+exports._validateValue = _validateValue;
+//# sourceMappingURL=validate-value.js.map

package/dist/utils/private/validate-value.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-value.js","sourceRoot":"","sources":["../../../src/utils/private/validate-value.ts"],"names":[],"mappings":";;;AAAA,wCAA2D;AAC3D,oCAAkE;AAG3D,MAAM,cAAc,GAAG,CAAC,KAAU,EAAE,SAAoB,EAAW,EAAE;IAC1E,IAAI,SAAS,CAAC,OAAO,KAAK,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACzC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,SAAS,CAAC,OAAO,KAAK,KAAK,IAAI,KAAK,EAAE,CAAC;QACzC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,SAAS,CAAC,GAAG,EAAE,CAAC;QAClB,IAAI,IAAA,WAAM,EAAC,KAAK,CAAC,IAAI,CAAC,IAAA,cAAO,EAAC,KAAK,EAAE,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YACpD,OAAO,KAAK,CAAC;QACf,CAAC;aAAM,IAAI,KAAK,KAAK,SAAS,CAAC,GAAG,EAAE,CAAC;YACnC,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,IAAI,SAAS,CAAC,GAAG,EAAE,CAAC;QAClB,IAAI,IAAA,WAAM,EAAC,KAAK,CAAC,IAAI,IAAA,cAAO,EAAC,KAAK,EAAE,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YACnD,OAAO,KAAK,CAAC;QACf,CAAC;aAAM,IAAI,KAAK,KAAK,SAAS,CAAC,GAAG,EAAE,CAAC;YACnC,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,IAAI,SAAS,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACpD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,SAAS,CAAC,IAAI,IAAI,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACrD,OAAO,KAAK,CAAC;IACf,CAAC;IAID,IAAI,SAAS,CAAC,IAAI,IAAI,CAAC,CAAC,IAAA,YAAO,EAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QAC3E,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,SAAS,CAAC,IAAI,IAAI,CAAC,CAAC,IAAA,YAAO,EAAC,KAAK,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QAC1E,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IACE,SAAS,CAAC,IAAI;QACd,CAAC,CAAC,IAAA,YAAO,EAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EACpE,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IACE,SAAS,CAAC,IAAI;QACd,CAAC,CAAC,IAAA,YAAO,EAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EACnE,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IACE,SAAS,CAAC,KAAK;QACf,CAAC,CAAC,IAAA,YAAO,EAAC,KAAK,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EACnE,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAID,IAAI,SAAS,CAAC,OAAO,IAAI,CAAC,CAAC,IAAA,WAAM,EAAC,KAAK,CAAC,IAAI,CAAC,IAAA,eAAQ,EAAC,KAAK,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;QACjF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IACE,SAAS,CAAC,WAAW;QACrB,CAAC,CAAC,IAAA,WAAM,EAAC,KAAK,CAAC,IAAI,IAAA,cAAO,EAAC,KAAK,EAAE,SAAS,CAAC,WAAW,CAAC,CAAC,EACzD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC,CAAC,IAAA,WAAM,EAAC,KAAK,CAAC,IAAI,CAAC,IAAA,cAAO,EAAC,KAAK,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;QAC9E,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,SAAS,CAAC,UAAU,IAAI,CAAC,CAAC,IAAA,WAAM,EAAC,KAAK,CAAC,IAAI,IAAA,eAAQ,EAAC,KAAK,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;QACtF,OAAO,KAAK,CAAC;IACf,CAAC;IAID,IAAI,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,IAAA,aAAQ,EAAC,KAAK,CAAC,IAAI,SAAS,CAAC,GAAG,IAAI,KAAK,CAAC,EAAE,CAAC;QAClE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,SAAS,CAAC,IAAI,IAAI,CAAC,CAAC,IAAA,aAAQ,EAAC,KAAK,CAAC,IAAI,SAAS,CAAC,IAAI,GAAG,KAAK,CAAC,EAAE,CAAC;QACnE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,IAAA,aAAQ,EAAC,KAAK,CAAC,IAAI,SAAS,CAAC,GAAG,IAAI,KAAK,CAAC,EAAE,CAAC;QAClE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,SAAS,CAAC,IAAI,IAAI,CAAC,CAAC,IAAA,aAAQ,EAAC,KAAK,CAAC,IAAI,SAAS,CAAC,IAAI,GAAG,KAAK,CAAC,EAAE,CAAC;QACnE,OAAO,KAAK,CAAC;IACf,CAAC;IAID,IACE,SAAS,CAAC,MAAM;QAChB,CAAC,CAAC,IAAA,aAAQ,EAAC,KAAK,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAC/D,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAID,IAAI,SAAS,CAAC,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,IAAA,sBAAc,EAAC,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;QAC/E,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,SAAS,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,IAAA,sBAAc,EAAC,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;QAC5E,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AA3HW,QAAA,cAAc,kBA2HzB"}

package/dist/utils/private/validate.d.ts

@@ -0,0 +1,4 @@
+import { Dict } from "@lindorm/types";
+import { Operators } from "../../types";
+export declare const _validate: <C extends Dict = Dict>(dict: C, operators: Dict<Operators>) => void;
+//# sourceMappingURL=validate.d.ts.map

package/dist/utils/private/validate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../../src/utils/private/validate.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxC,eAAO,MAAM,SAAS,gCACd,CAAC,aACI,KAAK,SAAS,CAAC,KACzB,IAcF,CAAC"}

package/dist/utils/private/validate.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._validate = void 0;
+const errors_1 = require("@lindorm/errors");
+const validate_value_1 = require("./validate-value");
+const _validate = (dict, operators) => {
+    const invalid = [];
+    for (const [key, ops] of Object.entries(operators)) {
+        const value = dict[key];
+        if ((0, validate_value_1._validateValue)(value, ops))
+            continue;
+        invalid.push({ key, value, ops });
+    }
+    if (invalid.length) {
+        throw new errors_1.LindormError("Invalid token", { data: { invalid } });
+    }
+};
+exports._validate = _validate;
+//# sourceMappingURL=validate.js.map

package/dist/utils/private/validate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../../src/utils/private/validate.ts"],"names":[],"mappings":";;;AAAA,4CAA+C;AAG/C,qDAAkD;AAE3C,MAAM,SAAS,GAAG,CACvB,IAAO,EACP,SAA0B,EACpB,EAAE;IACR,MAAM,OAAO,GAAuD,EAAE,CAAC;IAEvE,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACnD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QAExB,IAAI,IAAA,+BAAc,EAAC,KAAK,EAAE,GAAG,CAAC;YAAE,SAAS;QAEzC,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;IACpC,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,IAAI,qBAAY,CAAC,eAAe,EAAE,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;IACjE,CAAC;AACH,CAAC,CAAC;AAjBW,QAAA,SAAS,aAiBpB"}

package/dist/utils/private/verify-token-signature.d.ts

@@ -0,0 +1,3 @@
+import { IKryptos } from "@lindorm/kryptos";
+export declare const _verifyTokenSignature: (kryptos: IKryptos, token: string) => boolean;
+//# sourceMappingURL=verify-token-signature.d.ts.map

package/dist/utils/private/verify-token-signature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-token-signature.d.ts","sourceRoot":"","sources":["../../../src/utils/private/verify-token-signature.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AA0B5C,eAAO,MAAM,qBAAqB,YAAa,QAAQ,SAAS,MAAM,KAAG,OAoBxE,CAAC"}

package/dist/utils/private/verify-token-signature.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._verifyTokenSignature = void 0;
+const ec_1 = require("@lindorm/ec");
+const oct_1 = require("@lindorm/oct");
+const okp_1 = require("@lindorm/okp");
+const rsa_1 = require("@lindorm/rsa");
+const errors_1 = require("../../errors");
+const _verifyEc = (kryptos, data, signature) => {
+    const kit = new ec_1.EcKit({ kryptos, format: "raw" });
+    return kit.verify(data, signature);
+};
+const _verifyOct = (kryptos, data, signature) => {
+    const kit = new oct_1.OctKit({ kryptos, format: "base64url" });
+    return kit.verify(data, signature);
+};
+const _verifyOkp = (kryptos, data, signature) => {
+    const kit = new okp_1.OkpKit({ kryptos, format: "base64url" });
+    return kit.verify(data, signature);
+};
+const _verifyRsa = (kryptos, data, signature) => {
+    const kit = new rsa_1.RsaKit({ kryptos, format: "base64url" });
+    return kit.verify(data, signature);
+};
+const _verifyTokenSignature = (kryptos, token) => {
+    const [header, payload, signature] = token.split(".");
+    const data = `${header}.${payload}`;
+    switch (kryptos.type) {
+        case "EC":
+            return _verifyEc(kryptos, data, signature);
+        case "oct":
+            return _verifyOct(kryptos, data, signature);
+        case "OKP":
+            return _verifyOkp(kryptos, data, signature);
+        case "RSA":
+            return _verifyRsa(kryptos, data, signature);
+        default:
+            throw new errors_1.JwtError("Unsupported algorithm");
+    }
+};
+exports._verifyTokenSignature = _verifyTokenSignature;
+//# sourceMappingURL=verify-token-signature.js.map

package/dist/utils/private/verify-token-signature.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-token-signature.js","sourceRoot":"","sources":["../../../src/utils/private/verify-token-signature.ts"],"names":[],"mappings":";;;AAAA,oCAAoC;AAEpC,sCAAsC;AACtC,sCAAsC;AACtC,sCAAsC;AACtC,yCAAwC;AAExC,MAAM,SAAS,GAAG,CAAC,OAAiB,EAAE,IAAY,EAAE,SAAiB,EAAW,EAAE;IAChF,MAAM,GAAG,GAAG,IAAI,UAAK,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IAClD,OAAO,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;AACrC,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,OAAiB,EAAE,IAAY,EAAE,SAAiB,EAAW,EAAE;IACjF,MAAM,GAAG,GAAG,IAAI,YAAM,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;IACzD,OAAO,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;AACrC,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,OAAiB,EAAE,IAAY,EAAE,SAAiB,EAAW,EAAE;IACjF,MAAM,GAAG,GAAG,IAAI,YAAM,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;IACzD,OAAO,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;AACrC,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,OAAiB,EAAE,IAAY,EAAE,SAAiB,EAAW,EAAE;IACjF,MAAM,GAAG,GAAG,IAAI,YAAM,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;IACzD,OAAO,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;AACrC,CAAC,CAAC;AAEK,MAAM,qBAAqB,GAAG,CAAC,OAAiB,EAAE,KAAa,EAAW,EAAE;IACjF,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACtD,MAAM,IAAI,GAAG,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC;IAEpC,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC;QACrB,KAAK,IAAI;YACP,OAAO,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;QAE7C,KAAK,KAAK;YACR,OAAO,UAAU,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;QAE9C,KAAK,KAAK;YACR,OAAO,UAAU,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;QAE9C,KAAK,KAAK;YACR,OAAO,UAAU,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;QAE9C;YACE,MAAM,IAAI,iBAAQ,CAAC,uBAAuB,CAAC,CAAC;IAChD,CAAC;AACH,CAAC,CAAC;AApBW,QAAA,qBAAqB,yBAoBhC"}

package/package.json

@@ -0,0 +1,49 @@
+{
+  "name": "@lindorm/aegis",
+  "version": "0.1.0",
+  "license": "AGPL-3.0-or-later",
+  "author": "Jonn Nilsson",
+  "repository": {
+    "url": "https://github.com/lindorm-io/monorepo",
+    "directory": "packages/aegis"
+  },
+  "bugs": "https://github.com/lindorm-io/monorepo/issues",
+  "publishConfig": {
+    "access": "public"
+  },
+  "main": "dist/index.js",
+  "typings": "dist/index.d.ts",
+  "scripts": {
+    "build": "rimraf dist && tsc -b ./tsconfig.build.json",
+    "example": "ts-node example",
+    "integration": "compd --file docker-compose.yml jest --config jest.config.integration.js --watch --",
+    "test:ci": "npm run test:unit",
+    "test:integration": "jest --config jest.config.integration.js --",
+    "test:unit": "jest --config jest.config.js --",
+    "test": "jest --watch --",
+    "typecheck:ci": "tsc",
+    "typecheck": "tsc --watch",
+    "update": "ncu -u"
+  },
+  "dependencies": {
+    "@lindorm/aes": "^0.2.0",
+    "@lindorm/b64": "^0.1.2",
+    "@lindorm/conduit": "^0.1.3",
+    "@lindorm/date": "^0.1.3",
+    "@lindorm/ec": "^0.1.1",
+    "@lindorm/errors": "^0.1.5",
+    "@lindorm/is": "^0.1.5",
+    "@lindorm/kryptos": "^0.3.0",
+    "@lindorm/oct": "^0.1.1",
+    "@lindorm/okp": "^0.1.1",
+    "@lindorm/rsa": "^0.1.2",
+    "@lindorm/utils": "^0.1.4"
+  },
+  "devDependencies": {
+    "@lindorm/logger": "^0.1.4",
+    "@lindorm/types": "^0.1.4",
+    "@types/jsonwebtoken": "^9.0.6",
+    "jsonwebtoken": "^9.0.2"
+  },
+  "gitHead": "677a485cb48b37f891f25a46f417b033cbfec9e2"
+}