@naman_deep_singh/security 1.0.4 → 1.2.0

package/dist/cjs/core/jwt/generateTokens.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateTokens = void 0;
+exports.rotateRefreshToken = rotateRefreshToken;
+const signToken_1 = require("./signToken");
+const verify_1 = require("./verify");
+// Helper function to create branded tokens
+const createBrandedToken = (token, _brand) => {
+    return token;
+};
+const generateTokens = (payload, accessSecret, refreshSecret, accessExpiry = "15m", refreshExpiry = "7d") => {
+    const accessToken = (0, signToken_1.signToken)(payload, accessSecret, accessExpiry, { algorithm: "HS256" });
+    const refreshToken = (0, signToken_1.signToken)(payload, refreshSecret, refreshExpiry, { algorithm: "HS256" });
+    return {
+        accessToken: accessToken,
+        refreshToken: refreshToken,
+    };
+};
+exports.generateTokens = generateTokens;
+function rotateRefreshToken(oldToken, secret) {
+    const decoded = (0, verify_1.verifyToken)(oldToken, secret);
+    if (typeof decoded === "string") {
+        throw new Error("Invalid token payload — expected JWT payload object");
+    }
+    const payload = { ...decoded };
+    delete payload.iat;
+    delete payload.exp;
+    const newToken = (0, signToken_1.signToken)(payload, secret, "7d");
+    return newToken;
+}

package/dist/cjs/core/jwt/index.d.ts

@@ -0,0 +1,8 @@
+export * from "./decode";
+export * from "./extractToken";
+export * from "./generateTokens";
+export * from "./parseDuration";
+export * from "./signToken";
+export * from "./types";
+export * from "./validateToken";
+export * from "./verify";

package/dist/cjs/core/jwt/index.js

@@ -0,0 +1,24 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./decode"), exports);
+__exportStar(require("./extractToken"), exports);
+__exportStar(require("./generateTokens"), exports);
+__exportStar(require("./parseDuration"), exports);
+__exportStar(require("./signToken"), exports);
+__exportStar(require("./types"), exports);
+__exportStar(require("./validateToken"), exports);
+__exportStar(require("./verify"), exports);

package/dist/cjs/core/jwt/parseDuration.d.ts

@@ -0,0 +1 @@
+export declare function parseDuration(input: string | number): number;

package/dist/cjs/core/jwt/parseDuration.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseDuration = parseDuration;
+const TIME_UNITS = {
+    s: 1,
+    m: 60,
+    h: 3600,
+    d: 86400,
+    w: 604800
+};
+function parseDuration(input) {
+    if (typeof input === "number")
+        return input;
+    const regex = /(\d+)\s*(s|m|h|d|w)/gi;
+    let totalSeconds = 0;
+    let match;
+    while ((match = regex.exec(input)) !== null) {
+        const value = parseInt(match[1], 10);
+        const unit = match[2].toLowerCase();
+        if (!TIME_UNITS[unit]) {
+            throw new Error(`Invalid time unit: ${unit}`);
+        }
+        totalSeconds += value * TIME_UNITS[unit];
+    }
+    if (totalSeconds === 0) {
+        throw new Error(`Invalid expiry format: "${input}"`);
+    }
+    return totalSeconds;
+}

package/dist/cjs/core/jwt/signToken.d.ts

@@ -0,0 +1,2 @@
+import { Secret, SignOptions } from "jsonwebtoken";
+export declare const signToken: (payload: Record<string, unknown>, secret: Secret, expiresIn?: string | number, options?: SignOptions) => string;

package/dist/cjs/core/jwt/signToken.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.signToken = void 0;
+const jsonwebtoken_1 = require("jsonwebtoken");
+const parseDuration_1 = require("./parseDuration");
+function getExpiryTimestamp(seconds) {
+    return Math.floor(Date.now() / 1000) + seconds;
+}
+const signToken = (payload, secret, expiresIn = "1h", options = {}) => {
+    const seconds = (0, parseDuration_1.parseDuration)(expiresIn);
+    if (!seconds || seconds < 10) {
+        throw new Error("Token expiry too small");
+    }
+    const tokenPayload = {
+        ...payload
+    };
+    if (!("exp" in payload))
+        tokenPayload.exp = getExpiryTimestamp(seconds);
+    if (!("iat" in payload))
+        tokenPayload.iat = Math.floor(Date.now() / 1000);
+    return (0, jsonwebtoken_1.sign)(tokenPayload, secret, {
+        algorithm: "HS256",
+        ...options
+    });
+};
+exports.signToken = signToken;

package/dist/cjs/core/jwt/types.d.ts

@@ -0,0 +1,22 @@
+import { JwtPayload } from "jsonwebtoken";
+export interface AccessTokenBrand {
+    readonly access: unique symbol;
+}
+export interface RefreshTokenBrand {
+    readonly refresh: unique symbol;
+}
+export type AccessToken = string & AccessTokenBrand;
+export type RefreshToken = string & RefreshTokenBrand;
+export interface TokenPair {
+    accessToken: AccessToken;
+    refreshToken: RefreshToken;
+}
+export interface VerificationResult<T = JwtPayload> {
+    valid: boolean;
+    payload?: T | string;
+    error?: Error;
+}
+export interface TokenValidationOptions {
+    ignoreExpiration?: boolean;
+    ignoreIssuedAt?: boolean;
+}

package/dist/cjs/core/jwt/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/cjs/core/jwt/validateToken.d.ts

@@ -0,0 +1,13 @@
+import { JwtPayload } from "node_modules/@types/jsonwebtoken";
+export interface TokenRequirements {
+    requiredFields?: string[];
+    forbiddenFields?: string[];
+    validateTypes?: Record<string, "string" | "number" | "boolean">;
+}
+export declare function validateTokenPayload(payload: Record<string, unknown>, rules?: TokenRequirements): {
+    valid: true;
+} | {
+    valid: false;
+    error: string;
+};
+export declare function isTokenExpired(payload: JwtPayload): boolean;

package/dist/cjs/core/jwt/validateToken.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateTokenPayload = validateTokenPayload;
+exports.isTokenExpired = isTokenExpired;
+function validateTokenPayload(payload, rules = {
+    requiredFields: ["exp", "iat"]
+}) {
+    const { requiredFields = [], forbiddenFields = [], validateTypes = {} } = rules;
+    // 1. Required fields
+    for (const field of requiredFields) {
+        if (!(field in payload)) {
+            return { valid: false, error: `Missing required field: ${field}` };
+        }
+    }
+    // 2. Forbidden fields
+    for (const field of forbiddenFields) {
+        if (field in payload) {
+            return { valid: false, error: `Forbidden field in token: ${field}` };
+        }
+    }
+    // 3. Type validation
+    for (const key in validateTypes) {
+        const expectedType = validateTypes[key];
+        if (key in payload && typeof payload[key] !== expectedType) {
+            return {
+                valid: false,
+                error: `Invalid type for ${key}. Expected ${expectedType}.`
+            };
+        }
+    }
+    return { valid: true };
+}
+function isTokenExpired(payload) {
+    if (!payload.exp)
+        return true;
+    return Date.now() >= payload.exp * 1000;
+}

package/dist/cjs/core/jwt/verify.d.ts

@@ -0,0 +1,18 @@
+import jwt, { Secret, JwtPayload } from "jsonwebtoken";
+import { VerificationResult } from "./types";
+/**
+ * Verify token (throws if invalid or expired)
+ */
+export declare const verifyToken: (token: string, secret: Secret) => string | JwtPayload;
+/**
+ * Safe verify — never throws, returns structured result
+ */
+export declare const safeVerifyToken: (token: string, secret: Secret) => VerificationResult;
+/**
+ * Verify token with validation options
+ */
+export declare const verifyTokenWithOptions: (token: string, secret: Secret, options?: jwt.VerifyOptions) => string | JwtPayload;
+/**
+ * Safe verify with validation options
+ */
+export declare const safeVerifyTokenWithOptions: (token: string, secret: Secret, options?: jwt.VerifyOptions) => VerificationResult;

package/dist/cjs/core/jwt/verify.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.safeVerifyTokenWithOptions = exports.verifyTokenWithOptions = exports.safeVerifyToken = exports.verifyToken = void 0;
+const jsonwebtoken_1 = require("jsonwebtoken");
+/**
+ * Verify token (throws if invalid or expired)
+ */
+const verifyToken = (token, secret) => {
+    return (0, jsonwebtoken_1.verify)(token, secret);
+};
+exports.verifyToken = verifyToken;
+/**
+ * Safe verify — never throws, returns structured result
+ */
+const safeVerifyToken = (token, secret) => {
+    try {
+        const decoded = (0, jsonwebtoken_1.verify)(token, secret);
+        return { valid: true, payload: decoded };
+    }
+    catch (error) {
+        return { valid: false, error: error };
+    }
+};
+exports.safeVerifyToken = safeVerifyToken;
+/**
+ * Verify token with validation options
+ */
+const verifyTokenWithOptions = (token, secret, options = {}) => {
+    return (0, jsonwebtoken_1.verify)(token, secret, options);
+};
+exports.verifyTokenWithOptions = verifyTokenWithOptions;
+/**
+ * Safe verify with validation options
+ */
+const safeVerifyTokenWithOptions = (token, secret, options = {}) => {
+    try {
+        const decoded = (0, jsonwebtoken_1.verify)(token, secret, options);
+        return { valid: true, payload: decoded };
+    }
+    catch (error) {
+        return { valid: false, error: error };
+    }
+};
+exports.safeVerifyTokenWithOptions = safeVerifyTokenWithOptions;

package/dist/cjs/core/password/hash.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Hash a password asynchronously using bcrypt.
+ */
+export declare const hashPassword: (password: string, saltRounds?: number) => Promise<string>;
+export declare function hashPasswordWithPepper(password: string, pepper: string): Promise<string>;
+/**
+ * Hash a password synchronously using bcrypt.
+ */
+export declare const hashPasswordSync: (password: string, saltRounds?: number) => string;
+export declare function hashPasswordWithPepperSync(password: string, pepper: string): string;

package/dist/cjs/core/password/hash.js

@@ -0,0 +1,45 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hashPasswordSync = exports.hashPassword = void 0;
+exports.hashPasswordWithPepper = hashPasswordWithPepper;
+exports.hashPasswordWithPepperSync = hashPasswordWithPepperSync;
+const bcryptjs_1 = __importDefault(require("bcryptjs"));
+const utils_1 = require("./utils");
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
+/**
+ * Hash a password asynchronously using bcrypt.
+ */
+const hashPassword = async (password, saltRounds = 10) => {
+    try {
+        (0, utils_1.ensureValidPassword)(password);
+        const salt = await bcryptjs_1.default.genSalt(saltRounds);
+        return bcryptjs_1.default.hash(password, salt);
+    }
+    catch (err) {
+        throw new errors_utils_1.InternalServerError('Password hashing failed');
+    }
+};
+exports.hashPassword = hashPassword;
+function hashPasswordWithPepper(password, pepper) {
+    return (0, exports.hashPassword)(password + pepper);
+}
+/**
+ * Hash a password synchronously using bcrypt.
+ */
+const hashPasswordSync = (password, saltRounds = 10) => {
+    try {
+        (0, utils_1.ensureValidPassword)(password);
+        const salt = bcryptjs_1.default.genSaltSync(saltRounds);
+        return bcryptjs_1.default.hashSync(password, salt);
+    }
+    catch (error) {
+        throw new errors_utils_1.InternalServerError('Password hashing failed');
+    }
+};
+exports.hashPasswordSync = hashPasswordSync;
+function hashPasswordWithPepperSync(password, pepper) {
+    return (0, exports.hashPasswordSync)(password + pepper);
+}

package/dist/cjs/core/password/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./hash";
+export * from "./strength";
+export * from "./verify";

package/dist/cjs/core/password/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./hash"), exports);
+__exportStar(require("./strength"), exports);
+__exportStar(require("./verify"), exports);

package/dist/cjs/core/password/strength.d.ts

@@ -0,0 +1,2 @@
+import { PasswordStrengthOptions } from "./types";
+export declare const isPasswordStrong: (password: string, options?: PasswordStrengthOptions) => boolean;

package/dist/cjs/core/password/strength.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isPasswordStrong = void 0;
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
+const isPasswordStrong = (password, options = {}) => {
+    if (!password)
+        throw new errors_utils_1.BadRequestError('Invalid password provided');
+    const { minLength = 8, requireUppercase = true, requireLowercase = true, requireNumbers = true, requireSymbols = false, } = options;
+    if (password.length < minLength)
+        throw new errors_utils_1.ValidationError(`Password must be at least ${minLength} characters`);
+    if (requireUppercase && !/[A-Z]/.test(password))
+        throw new errors_utils_1.ValidationError("Password must include uppercase letters");
+    if (requireLowercase && !/[a-z]/.test(password))
+        throw new errors_utils_1.ValidationError("Password must include lowercase letters");
+    if (requireNumbers && !/[0-9]/.test(password))
+        throw new errors_utils_1.ValidationError("Password must include numbers");
+    if (requireSymbols && !/[^A-Za-z0-9]/.test(password))
+        throw new errors_utils_1.ValidationError("Password must include symbols");
+    return true;
+};
+exports.isPasswordStrong = isPasswordStrong;

package/dist/cjs/core/password/types.d.ts

@@ -0,0 +1,7 @@
+export interface PasswordStrengthOptions {
+    minLength?: number;
+    requireUppercase?: boolean;
+    requireLowercase?: boolean;
+    requireNumbers?: boolean;
+    requireSymbols?: boolean;
+}

package/dist/cjs/core/password/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/cjs/core/password/utils.d.ts

@@ -0,0 +1,4 @@
+export declare function ensureValidPassword(password: string): void;
+export declare function safeCompare(a: string, b: string): boolean;
+export declare function estimatePasswordEntropy(password: string): number;
+export declare function normalizePassword(password: string): string;

package/dist/cjs/core/password/utils.js

@@ -0,0 +1,38 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureValidPassword = ensureValidPassword;
+exports.safeCompare = safeCompare;
+exports.estimatePasswordEntropy = estimatePasswordEntropy;
+exports.normalizePassword = normalizePassword;
+const crypto_1 = __importDefault(require("crypto"));
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
+function ensureValidPassword(password) {
+    if (!password || typeof password !== "string") {
+        throw new errors_utils_1.BadRequestError('Invalid password provided');
+    }
+}
+function safeCompare(a, b) {
+    const bufA = Buffer.from(a);
+    const bufB = Buffer.from(b);
+    if (bufA.length !== bufB.length)
+        return false;
+    return crypto_1.default.timingSafeEqual(bufA, bufB);
+}
+function estimatePasswordEntropy(password) {
+    let pool = 0;
+    if (/[a-z]/.test(password))
+        pool += 26;
+    if (/[A-Z]/.test(password))
+        pool += 26;
+    if (/[0-9]/.test(password))
+        pool += 10;
+    if (/[^A-Za-z0-9]/.test(password))
+        pool += 32;
+    return password.length * Math.log2(pool);
+}
+function normalizePassword(password) {
+    return password.normalize("NFKC");
+}

package/dist/cjs/core/password/verify.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Compare a password with a stored hash asynchronously.
+ */
+export declare const verifyPassword: (password: string, hash: string) => Promise<boolean>;
+export declare function verifyPasswordWithPepper(password: string, pepper: string, hash: string): Promise<boolean>;
+/**
+ * Compare a password with a stored hash synchronously.
+ */
+export declare const verifyPasswordSync: (password: string, hash: string) => boolean;
+export declare function verifyPasswordWithPepperSync(password: string, pepper: string, hash: string): Promise<boolean>;

package/dist/cjs/core/password/verify.js

@@ -0,0 +1,46 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyPasswordSync = exports.verifyPassword = void 0;
+exports.verifyPasswordWithPepper = verifyPasswordWithPepper;
+exports.verifyPasswordWithPepperSync = verifyPasswordWithPepperSync;
+const bcryptjs_1 = __importDefault(require("bcryptjs"));
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
+/**
+ * Compare a password with a stored hash asynchronously.
+ */
+const verifyPassword = async (password, hash) => {
+    try {
+        const result = await bcryptjs_1.default.compare(password, hash);
+        if (!result)
+            throw new errors_utils_1.UnauthorizedError('Password verification failed');
+        return result;
+    }
+    catch {
+        throw new errors_utils_1.UnauthorizedError('Password verification failed');
+    }
+};
+exports.verifyPassword = verifyPassword;
+async function verifyPasswordWithPepper(password, pepper, hash) {
+    return (0, exports.verifyPassword)(password + pepper, hash);
+}
+/**
+ * Compare a password with a stored hash synchronously.
+ */
+const verifyPasswordSync = (password, hash) => {
+    try {
+        const result = bcryptjs_1.default.compareSync(password, hash);
+        if (!result)
+            throw new errors_utils_1.UnauthorizedError('Password verification failed');
+        return result;
+    }
+    catch (error) {
+        throw new errors_utils_1.UnauthorizedError('Password verification failed');
+    }
+};
+exports.verifyPasswordSync = verifyPasswordSync;
+async function verifyPasswordWithPepperSync(password, pepper, hash) {
+    return (0, exports.verifyPasswordSync)(password + pepper, hash);
+}

package/dist/cjs/index.d.ts

@@ -0,0 +1,41 @@
+export * from "./core/password";
+export * from "./core/jwt";
+export * from "./core/crypto";
+export { BadRequestError, UnauthorizedError, ValidationError, InternalServerError } from "@naman_deep_singh/errors-utils";
+import * as JWTUtils from "./core/jwt";
+declare const _default: {
+    decrypt: (data: string, secret: string) => string;
+    encrypt: (text: string, secret: string) => string;
+    hmacSign: (message: string, secret: string) => string;
+    hmacVerify: (message: string, secret: string, signature: string) => boolean;
+    randomToken: (length?: number) => string;
+    generateStrongPassword: (length?: number) => string;
+    decodeToken(token: string): null | string | import("node_modules/@types/jsonwebtoken").JwtPayload;
+    decodeTokenStrict(token: string): import("node_modules/@types/jsonwebtoken").JwtPayload;
+    extractToken(sources: JWTUtils.TokenSources): string | null;
+    rotateRefreshToken(oldToken: string, secret: import("node_modules/@types/jsonwebtoken").Secret): JWTUtils.RefreshToken;
+    generateTokens: (payload: Record<string, unknown>, accessSecret: import("node_modules/@types/jsonwebtoken").Secret, refreshSecret: import("node_modules/@types/jsonwebtoken").Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => JWTUtils.TokenPair;
+    parseDuration(input: string | number): number;
+    signToken: (payload: Record<string, unknown>, secret: import("node_modules/@types/jsonwebtoken").Secret, expiresIn?: string | number, options?: import("node_modules/@types/jsonwebtoken").SignOptions) => string;
+    validateTokenPayload(payload: Record<string, unknown>, rules?: JWTUtils.TokenRequirements): {
+        valid: true;
+    } | {
+        valid: false;
+        error: string;
+    };
+    isTokenExpired(payload: import("node_modules/@types/jsonwebtoken").JwtPayload): boolean;
+    verifyToken: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret) => string | import("node_modules/@types/jsonwebtoken").JwtPayload;
+    safeVerifyToken: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret) => JWTUtils.VerificationResult;
+    verifyTokenWithOptions: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret, options?: import("node_modules/@types/jsonwebtoken").VerifyOptions) => string | import("node_modules/@types/jsonwebtoken").JwtPayload;
+    safeVerifyTokenWithOptions: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret, options?: import("node_modules/@types/jsonwebtoken").VerifyOptions) => JWTUtils.VerificationResult;
+    hashPasswordWithPepper(password: string, pepper: string): Promise<string>;
+    hashPasswordWithPepperSync(password: string, pepper: string): string;
+    hashPassword: (password: string, saltRounds?: number) => Promise<string>;
+    hashPasswordSync: (password: string, saltRounds?: number) => string;
+    isPasswordStrong: (password: string, options?: import("./core/password/types").PasswordStrengthOptions) => boolean;
+    verifyPasswordWithPepper(password: string, pepper: string, hash: string): Promise<boolean>;
+    verifyPasswordWithPepperSync(password: string, pepper: string, hash: string): Promise<boolean>;
+    verifyPassword: (password: string, hash: string) => Promise<boolean>;
+    verifyPasswordSync: (password: string, hash: string) => boolean;
+};
+export default _default;

package/dist/cjs/index.js

@@ -0,0 +1,56 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InternalServerError = exports.ValidationError = exports.UnauthorizedError = exports.BadRequestError = void 0;
+__exportStar(require("./core/password"), exports);
+__exportStar(require("./core/jwt"), exports);
+__exportStar(require("./core/crypto"), exports);
+// Re-export common errors for convenience
+var errors_utils_1 = require("@naman_deep_singh/errors-utils");
+Object.defineProperty(exports, "BadRequestError", { enumerable: true, get: function () { return errors_utils_1.BadRequestError; } });
+Object.defineProperty(exports, "UnauthorizedError", { enumerable: true, get: function () { return errors_utils_1.UnauthorizedError; } });
+Object.defineProperty(exports, "ValidationError", { enumerable: true, get: function () { return errors_utils_1.ValidationError; } });
+Object.defineProperty(exports, "InternalServerError", { enumerable: true, get: function () { return errors_utils_1.InternalServerError; } });
+const PasswordUtils = __importStar(require("./core/password"));
+const JWTUtils = __importStar(require("./core/jwt"));
+const CryptoUtils = __importStar(require("./core/crypto"));
+exports.default = {
+    ...PasswordUtils,
+    ...JWTUtils,
+    ...CryptoUtils,
+};

package/dist/esm/core/crypto/decrypt.d.ts

@@ -0,0 +1 @@
+export declare const decrypt: (data: string, secret: string) => string;

package/dist/esm/core/crypto/decrypt.js

@@ -0,0 +1,14 @@
+import crypto from "crypto";
+const ALGO = "AES-256-GCM";
+export const decrypt = (data, secret) => {
+    const [ivHex, encryptedHex] = data.split(":");
+    const iv = Buffer.from(ivHex, "hex");
+    const encrypted = Buffer.from(encryptedHex, "hex");
+    const key = crypto.createHash("sha256").update(secret).digest();
+    const decipher = crypto.createDecipheriv(ALGO, key, iv);
+    const decrypted = Buffer.concat([
+        decipher.update(encrypted),
+        decipher.final(),
+    ]);
+    return decrypted.toString("utf8");
+};

package/dist/esm/core/crypto/encrypt.d.ts

@@ -0,0 +1 @@
+export declare const encrypt: (text: string, secret: string) => string;

package/dist/esm/core/crypto/encrypt.js

@@ -0,0 +1,9 @@
+import crypto from "crypto";
+const ALGO = "AES-256-GCM";
+export const encrypt = (text, secret) => {
+    const key = crypto.createHash("sha256").update(secret).digest();
+    const iv = crypto.randomBytes(16);
+    const cipher = crypto.createCipheriv(ALGO, key, iv);
+    const encrypted = Buffer.concat([cipher.update(text, "utf8"), cipher.final()]);
+    return `${iv.toString("hex")}:${encrypted.toString("hex")}`;
+};

package/dist/esm/core/crypto/hmac.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Sign message using HMAC SHA-256
+ */
+export declare const hmacSign: (message: string, secret: string) => string;
+/**
+ * Verify HMAC signature
+ */
+export declare const hmacVerify: (message: string, secret: string, signature: string) => boolean;