@meridianjs/auth 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.js +3 -3
  2. package/dist/index.mjs +3 -3
  3. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -66,7 +66,7 @@ var AuthModuleService = class extends (0, import_framework_utils.MeridianService
66
66
  const password_hash = await import_bcrypt.default.hash(input.password, BCRYPT_ROUNDS);
67
67
  let role = input.role ?? "member";
68
68
  if (!input.role) {
69
- const userCount = await userService.countUsers();
69
+ const [, userCount] = await userService.listAndCountUsers({}, { limit: 1 });
70
70
  if (userCount === 0) role = "super-admin";
71
71
  }
72
72
  const user = await userService.createUser({
@@ -124,7 +124,7 @@ var AuthModuleService = class extends (0, import_framework_utils.MeridianService
124
124
  }
125
125
  /** Verify a JWT and return its decoded payload. Throws if invalid or expired. */
126
126
  verifyToken(token, secret) {
127
- return import_jsonwebtoken.default.verify(token, secret);
127
+ return import_jsonwebtoken.default.verify(token, secret, { algorithms: ["HS256"] });
128
128
  }
129
129
  /** Resolve permissions for a given app_role_id — gracefully degrades if module not loaded. */
130
130
  async resolvePermissions(appRoleId) {
@@ -166,7 +166,7 @@ function authenticateJWT(req, res, next) {
166
166
  return;
167
167
  }
168
168
  try {
169
- const payload = import_jsonwebtoken2.default.verify(token, config.projectConfig.jwtSecret);
169
+ const payload = import_jsonwebtoken2.default.verify(token, config.projectConfig.jwtSecret, { algorithms: ["HS256"] });
170
170
  if (payload.jti) {
171
171
  try {
172
172
  const scope = req.scope;
package/dist/index.mjs CHANGED
@@ -26,7 +26,7 @@ var AuthModuleService = class extends MeridianService({}) {
26
26
  const password_hash = await bcrypt.hash(input.password, BCRYPT_ROUNDS);
27
27
  let role = input.role ?? "member";
28
28
  if (!input.role) {
29
- const userCount = await userService.countUsers();
29
+ const [, userCount] = await userService.listAndCountUsers({}, { limit: 1 });
30
30
  if (userCount === 0) role = "super-admin";
31
31
  }
32
32
  const user = await userService.createUser({
@@ -84,7 +84,7 @@ var AuthModuleService = class extends MeridianService({}) {
84
84
  }
85
85
  /** Verify a JWT and return its decoded payload. Throws if invalid or expired. */
86
86
  verifyToken(token, secret) {
87
- return jwt.verify(token, secret);
87
+ return jwt.verify(token, secret, { algorithms: ["HS256"] });
88
88
  }
89
89
  /** Resolve permissions for a given app_role_id — gracefully degrades if module not loaded. */
90
90
  async resolvePermissions(appRoleId) {
@@ -126,7 +126,7 @@ function authenticateJWT(req, res, next) {
126
126
  return;
127
127
  }
128
128
  try {
129
- const payload = jwt2.verify(token, config.projectConfig.jwtSecret);
129
+ const payload = jwt2.verify(token, config.projectConfig.jwtSecret, { algorithms: ["HS256"] });
130
130
  if (payload.jti) {
131
131
  try {
132
132
  const scope = req.scope;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@meridianjs/auth",
3
- "version": "0.1.4",
3
+ "version": "0.1.5",
4
4
  "description": "Meridian auth module — JWT authentication and middleware",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",