@naman_deep_singh/security 1.1.0 → 1.3.0

package/dist/cjs/core/crypto/cryptoManager.d.ts

@@ -0,0 +1,111 @@
+/**
+ * Configuration options for CryptoManager
+ */
+export interface CryptoManagerConfig {
+    defaultAlgorithm?: string;
+    defaultEncoding?: BufferEncoding;
+    hmacAlgorithm?: string;
+}
+/**
+ * CryptoManager - Class-based wrapper for all cryptographic operations
+ * Provides a consistent interface for encryption, decryption, HMAC generation, and secure random generation
+ */
+export declare class CryptoManager {
+    private config;
+    constructor(config?: CryptoManagerConfig);
+    /**
+     * Update configuration
+     */
+    updateConfig(config: Partial<CryptoManagerConfig>): void;
+    /**
+     * Get current configuration
+     */
+    getConfig(): Required<CryptoManagerConfig>;
+    /**
+     * Encrypt data using the default or specified algorithm
+     */
+    encrypt(plaintext: string, key: string, options?: {
+        algorithm?: string;
+        encoding?: BufferEncoding;
+        iv?: string;
+    }): string;
+    /**
+     * Decrypt data using the default or specified algorithm
+     */
+    decrypt(encryptedData: string, key: string, options?: {
+        algorithm?: string;
+        encoding?: BufferEncoding;
+        iv?: string;
+    }): string;
+    /**
+     * Generate HMAC signature
+     */
+    generateHmac(data: string, secret: string, options?: {
+        algorithm?: string;
+        encoding?: BufferEncoding;
+    }): string;
+    /**
+     * Generate cryptographically secure random bytes
+     */
+    generateSecureRandom(length: number, encoding?: BufferEncoding): string;
+    /**
+     * Verify HMAC signature
+     */
+    verifyHmac(data: string, secret: string, signature: string, options?: {
+        algorithm?: string;
+        encoding?: BufferEncoding;
+    }): boolean;
+    /**
+     * Create a key derivation function using PBKDF2
+     */
+    deriveKey(password: string, salt: string, iterations?: number, keyLength?: number): Promise<string>;
+    /**
+     * Hash data using SHA-256
+     */
+    sha256(data: string, encoding?: BufferEncoding): string;
+    /**
+     * Hash data using SHA-512
+     */
+    sha512(data: string, encoding?: BufferEncoding): string;
+    /**
+     * Generate a secure key pair for asymmetric encryption
+     */
+    generateKeyPair(options?: {
+        modulusLength?: number;
+        publicKeyEncoding?: {
+            type: string;
+            format: string;
+        };
+        privateKeyEncoding?: {
+            type: string;
+            format: string;
+        };
+    }): Promise<{
+        publicKey: string;
+        privateKey: string;
+    }>;
+    /**
+     * Encrypt data using RSA public key
+     */
+    rsaEncrypt(data: string, publicKey: string): Promise<string>;
+    /**
+     * Decrypt data using RSA private key
+     */
+    rsaDecrypt(encryptedData: string, privateKey: string): Promise<string>;
+    /**
+     * Create digital signature using RSA private key
+     */
+    rsaSign(data: string, privateKey: string, algorithm?: string): Promise<string>;
+    /**
+     * Verify digital signature using RSA public key
+     */
+    rsaVerify(data: string, signature: string, publicKey: string, algorithm?: string): Promise<boolean>;
+}
+/**
+ * Create a CryptoManager instance with default configuration
+ */
+export declare const createCryptoManager: (config?: CryptoManagerConfig) => CryptoManager;
+/**
+ * Default CryptoManager instance
+ */
+export declare const cryptoManager: CryptoManager;

package/dist/cjs/core/crypto/cryptoManager.js

@@ -0,0 +1,185 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cryptoManager = exports.createCryptoManager = exports.CryptoManager = void 0;
+const index_1 = require("./index");
+/**
+ * Default configuration
+ */
+const DEFAULT_CONFIG = {
+    defaultAlgorithm: 'aes-256-gcm',
+    defaultEncoding: 'utf8',
+    hmacAlgorithm: 'sha256'
+};
+/**
+ * CryptoManager - Class-based wrapper for all cryptographic operations
+ * Provides a consistent interface for encryption, decryption, HMAC generation, and secure random generation
+ */
+class CryptoManager {
+    constructor(config = {}) {
+        this.config = { ...DEFAULT_CONFIG, ...config };
+    }
+    /**
+     * Update configuration
+     */
+    updateConfig(config) {
+        this.config = { ...this.config, ...config };
+    }
+    /**
+     * Get current configuration
+     */
+    getConfig() {
+        return { ...this.config };
+    }
+    /**
+     * Encrypt data using the default or specified algorithm
+     */
+    encrypt(plaintext, key, options) {
+        // For now, use the basic encrypt function
+        // TODO: Enhance to support different algorithms and options
+        return (0, index_1.encrypt)(plaintext, key);
+    }
+    /**
+     * Decrypt data using the default or specified algorithm
+     */
+    decrypt(encryptedData, key, options) {
+        // For now, use the basic decrypt function
+        // TODO: Enhance to support different algorithms and options
+        return (0, index_1.decrypt)(encryptedData, key);
+    }
+    /**
+     * Generate HMAC signature
+     */
+    generateHmac(data, secret, options) {
+        // Use the basic HMAC sign function for now
+        // TODO: Add support for different algorithms
+        return (0, index_1.hmacSign)(data, secret);
+    }
+    /**
+     * Generate cryptographically secure random bytes
+     */
+    generateSecureRandom(length, encoding = 'hex') {
+        // Use the basic random token function
+        return (0, index_1.randomToken)(length);
+    }
+    /**
+     * Verify HMAC signature
+     */
+    verifyHmac(data, secret, signature, options) {
+        // Use the basic HMAC verify function
+        return (0, index_1.hmacVerify)(data, secret, signature);
+    }
+    /**
+     * Create a key derivation function using PBKDF2
+     */
+    deriveKey(password, salt, iterations = 100000, keyLength = 32) {
+        return new Promise((resolve, reject) => {
+            const crypto = require('crypto');
+            crypto.pbkdf2(password, salt, iterations, keyLength, 'sha256', (err, derivedKey) => {
+                if (err) {
+                    reject(err);
+                }
+                else {
+                    resolve(derivedKey.toString('hex'));
+                }
+            });
+        });
+    }
+    /**
+     * Hash data using SHA-256
+     */
+    sha256(data, encoding = 'hex') {
+        const crypto = require('crypto');
+        return crypto.createHash('sha256').update(data).digest(encoding);
+    }
+    /**
+     * Hash data using SHA-512
+     */
+    sha512(data, encoding = 'hex') {
+        const crypto = require('crypto');
+        return crypto.createHash('sha512').update(data).digest(encoding);
+    }
+    /**
+     * Generate a secure key pair for asymmetric encryption
+     */
+    generateKeyPair(options) {
+        return new Promise((resolve, reject) => {
+            const crypto = require('crypto');
+            const keyPair = crypto.generateKeyPairSync('rsa', {
+                modulusLength: options?.modulusLength || 2048,
+                publicKeyEncoding: options?.publicKeyEncoding || { type: 'spki', format: 'pem' },
+                privateKeyEncoding: options?.privateKeyEncoding || { type: 'pkcs8', format: 'pem' }
+            });
+            resolve(keyPair);
+        });
+    }
+    /**
+     * Encrypt data using RSA public key
+     */
+    rsaEncrypt(data, publicKey) {
+        return new Promise((resolve, reject) => {
+            const crypto = require('crypto');
+            const buffer = Buffer.from(data, 'utf8');
+            const encrypted = crypto.publicEncrypt(publicKey, buffer);
+            resolve(encrypted.toString('base64'));
+        });
+    }
+    /**
+     * Decrypt data using RSA private key
+     */
+    rsaDecrypt(encryptedData, privateKey) {
+        return new Promise((resolve, reject) => {
+            const crypto = require('crypto');
+            const buffer = Buffer.from(encryptedData, 'base64');
+            const decrypted = crypto.privateDecrypt(privateKey, buffer);
+            resolve(decrypted.toString('utf8'));
+        });
+    }
+    /**
+     * Create digital signature using RSA private key
+     */
+    rsaSign(data, privateKey, algorithm = 'sha256') {
+        return new Promise((resolve, reject) => {
+            const crypto = require('crypto');
+            const sign = crypto.createSign(algorithm);
+            sign.update(data);
+            sign.end();
+            try {
+                const signature = sign.sign(privateKey, 'base64');
+                resolve(signature);
+            }
+            catch (error) {
+                reject(error);
+            }
+        });
+    }
+    /**
+     * Verify digital signature using RSA public key
+     */
+    rsaVerify(data, signature, publicKey, algorithm = 'sha256') {
+        return new Promise((resolve, reject) => {
+            const crypto = require('crypto');
+            const verify = crypto.createVerify(algorithm);
+            verify.update(data);
+            verify.end();
+            try {
+                const isValid = verify.verify(publicKey, signature, 'base64');
+                resolve(isValid);
+            }
+            catch (error) {
+                reject(error);
+            }
+        });
+    }
+}
+exports.CryptoManager = CryptoManager;
+/**
+ * Create a CryptoManager instance with default configuration
+ */
+const createCryptoManager = (config) => {
+    return new CryptoManager(config);
+};
+exports.createCryptoManager = createCryptoManager;
+/**
+ * Default CryptoManager instance
+ */
+exports.cryptoManager = new CryptoManager();

package/dist/cjs/core/crypto/index.d.ts

@@ -1,4 +1,5 @@
-export * from "./decrypt";
-export * from "./encrypt";
-export * from "./hmac";
-export * from "./random";
+export { decrypt } from "./decrypt";
+export { encrypt } from "./encrypt";
+export { hmacSign, hmacVerify } from "./hmac";
+export { randomToken, generateStrongPassword } from "./random";
+export * from "./cryptoManager";

package/dist/cjs/core/crypto/index.js

@@ -14,7 +14,15 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./decrypt"), exports);
-__exportStar(require("./encrypt"), exports);
-__exportStar(require("./hmac"), exports);
-__exportStar(require("./random"), exports);
+exports.generateStrongPassword = exports.randomToken = exports.hmacVerify = exports.hmacSign = exports.encrypt = exports.decrypt = void 0;
+var decrypt_1 = require("./decrypt");
+Object.defineProperty(exports, "decrypt", { enumerable: true, get: function () { return decrypt_1.decrypt; } });
+var encrypt_1 = require("./encrypt");
+Object.defineProperty(exports, "encrypt", { enumerable: true, get: function () { return encrypt_1.encrypt; } });
+var hmac_1 = require("./hmac");
+Object.defineProperty(exports, "hmacSign", { enumerable: true, get: function () { return hmac_1.hmacSign; } });
+Object.defineProperty(exports, "hmacVerify", { enumerable: true, get: function () { return hmac_1.hmacVerify; } });
+var random_1 = require("./random");
+Object.defineProperty(exports, "randomToken", { enumerable: true, get: function () { return random_1.randomToken; } });
+Object.defineProperty(exports, "generateStrongPassword", { enumerable: true, get: function () { return random_1.generateStrongPassword; } });
+__exportStar(require("./cryptoManager"), exports);

package/dist/cjs/core/jwt/extractToken.d.ts

@@ -2,8 +2,8 @@ export interface TokenSources {
     header?: string | undefined | null;
     cookies?: Record<string, string> | undefined;
     query?: Record<string, string | undefined> | undefined;
-    body?: Record<string, any> | undefined;
-    wsMessage?: string | Record<string, any> | undefined;
+    body?: Record<string, unknown> | undefined;
+    wsMessage?: string | Record<string, unknown> | undefined;
 }
 /**
  * Universal token extractor

package/dist/cjs/core/jwt/extractToken.js

@@ -23,7 +23,7 @@ function extractToken(sources) {
     if (query?.token)
         return query.token;
     // 4. Body: { token: "" }
-    if (body?.token)
+    if (body?.token && typeof body.token === 'string')
         return body.token;
     // 5. WebSocket message extraction (NEW)
     if (wsMessage) {
@@ -33,12 +33,17 @@ function extractToken(sources) {
             if (typeof wsMessage === "string") {
                 msg = JSON.parse(wsMessage);
             }
-            // Direct token
-            if (typeof msg.token === "string")
-                return msg.token;
-            // Nested token: { auth: { token: "" } }
-            if (msg.auth && typeof msg.auth.token === "string") {
-                return msg.auth.token;
+            // Ensure msg is an object before property access
+            if (typeof msg === 'object' && msg !== null) {
+                const m = msg;
+                if (typeof m['token'] === 'string')
+                    return m['token'];
+                const auth = m['auth'];
+                if (typeof auth === 'object' && auth !== null) {
+                    const a = auth;
+                    if (typeof a['token'] === 'string')
+                        return a['token'];
+                }
             }
         }
         catch {

package/dist/cjs/core/jwt/generateTokens.d.ts

@@ -1,7 +1,4 @@
 import { Secret } from "jsonwebtoken";
-export interface TokenPair {
-    accessToken: string;
-    refreshToken: string;
-}
-export declare const generateTokens: (payload: object, accessSecret: Secret, refreshSecret: Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => TokenPair;
-export declare function rotateRefreshToken(oldToken: string, secret: Secret): string;
+import { RefreshToken, TokenPair } from "./types";
+export declare const generateTokens: (payload: Record<string, unknown>, accessSecret: Secret, refreshSecret: Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => TokenPair;
+export declare function rotateRefreshToken(oldToken: string, secret: Secret): RefreshToken;

package/dist/cjs/core/jwt/generateTokens.js

@@ -4,10 +4,16 @@ exports.generateTokens = void 0;
 exports.rotateRefreshToken = rotateRefreshToken;
 const signToken_1 = require("./signToken");
 const verify_1 = require("./verify");
+// Helper function to create branded tokens
+const createBrandedToken = (token, _brand) => {
+    return token;
+};
 const generateTokens = (payload, accessSecret, refreshSecret, accessExpiry = "15m", refreshExpiry = "7d") => {
+    const accessToken = (0, signToken_1.signToken)(payload, accessSecret, accessExpiry, { algorithm: "HS256" });
+    const refreshToken = (0, signToken_1.signToken)(payload, refreshSecret, refreshExpiry, { algorithm: "HS256" });
     return {
-        accessToken: (0, signToken_1.signToken)(payload, accessSecret, accessExpiry, { algorithm: "HS256" }),
-        refreshToken: (0, signToken_1.signToken)(payload, refreshSecret, refreshExpiry, { algorithm: "HS256" }),
+        accessToken: accessToken,
+        refreshToken: refreshToken,
     };
 };
 exports.generateTokens = generateTokens;
@@ -19,5 +25,6 @@ function rotateRefreshToken(oldToken, secret) {
     const payload = { ...decoded };
     delete payload.iat;
     delete payload.exp;
-    return (0, signToken_1.signToken)(payload, secret, "7d");
+    const newToken = (0, signToken_1.signToken)(payload, secret, "7d");
+    return newToken;
 }

package/dist/cjs/core/jwt/index.d.ts

@@ -3,5 +3,6 @@ export * from "./extractToken";
 export * from "./generateTokens";
 export * from "./parseDuration";
 export * from "./signToken";
+export * from "./types";
 export * from "./validateToken";
 export * from "./verify";

package/dist/cjs/core/jwt/index.js

@@ -19,5 +19,6 @@ __exportStar(require("./extractToken"), exports);
 __exportStar(require("./generateTokens"), exports);
 __exportStar(require("./parseDuration"), exports);
 __exportStar(require("./signToken"), exports);
+__exportStar(require("./types"), exports);
 __exportStar(require("./validateToken"), exports);
 __exportStar(require("./verify"), exports);

package/dist/cjs/core/jwt/jwtManager.d.ts

@@ -0,0 +1,66 @@
+import { JwtPayload, Secret } from "jsonwebtoken";
+import { ITokenManager, TokenPair, AccessToken, RefreshToken, JWTConfig, TokenValidationOptions } from "../../interfaces/jwt.interface";
+export declare class JWTManager implements ITokenManager {
+    private accessSecret;
+    private refreshSecret;
+    private accessExpiry;
+    private refreshExpiry;
+    private cache?;
+    constructor(config: JWTConfig);
+    /**
+     * Generate both access and refresh tokens
+     */
+    generateTokens(payload: Record<string, unknown>): Promise<TokenPair>;
+    /**
+     * Generate access token
+     */
+    generateAccessToken(payload: Record<string, unknown>): Promise<AccessToken>;
+    /**
+     * Generate refresh token
+     */
+    generateRefreshToken(payload: Record<string, unknown>): Promise<RefreshToken>;
+    /**
+     * Verify access token
+     */
+    verifyAccessToken(token: string): Promise<JwtPayload | string>;
+    /**
+     * Verify refresh token
+     */
+    verifyRefreshToken(token: string): Promise<JwtPayload | string>;
+    /**
+     * Decode token without verification
+     */
+    decodeToken(token: string, complete?: boolean): JwtPayload | string | null;
+    /**
+     * Extract token from Authorization header
+     */
+    extractTokenFromHeader(authHeader: string): string | null;
+    /**
+     * Validate token without throwing exceptions
+     */
+    validateToken(token: string, secret: Secret, options?: TokenValidationOptions): boolean;
+    /**
+     * Rotate refresh token
+     */
+    rotateRefreshToken(oldToken: string): Promise<RefreshToken>;
+    /**
+     * Check if token is expired
+     */
+    isTokenExpired(token: string): boolean;
+    /**
+     * Get token expiration date
+     */
+    getTokenExpiration(token: string): Date | null;
+    /**
+     * Clear token cache
+     */
+    clearCache(): void;
+    /**
+     * Get cache statistics
+     */
+    getCacheStats(): {
+        size: number;
+        maxSize: number;
+    } | null;
+    private validatePayload;
+}