@naman_deep_singh/security 1.2.0 → 1.3.1

package/dist/esm/core/crypto/cryptoManager.js

@@ -0,0 +1,186 @@
+import { decrypt as functionalDecrypt, encrypt as functionalEncrypt, hmacSign as functionalHmacSign, hmacVerify as functionalHmacVerify, randomToken as functionalRandomToken, } from './index';
+/**
+ * Default configuration
+ */
+const DEFAULT_CONFIG = {
+    defaultAlgorithm: 'aes-256-gcm',
+    defaultEncoding: 'utf8',
+    hmacAlgorithm: 'sha256',
+};
+/**
+ * CryptoManager - Class-based wrapper for all cryptographic operations
+ * Provides a consistent interface for encryption, decryption, HMAC generation, and secure random generation
+ */
+export class CryptoManager {
+    constructor(config = {}) {
+        this.config = { ...DEFAULT_CONFIG, ...config };
+    }
+    /**
+     * Update configuration
+     */
+    updateConfig(config) {
+        this.config = { ...this.config, ...config };
+    }
+    /**
+     * Get current configuration
+     */
+    getConfig() {
+        return { ...this.config };
+    }
+    /**
+     * Encrypt data using the default or specified algorithm
+     */
+    encrypt(plaintext, key, options) {
+        // For now, use the basic encrypt function
+        // TODO: Enhance to support different algorithms and options
+        return functionalEncrypt(plaintext, key);
+    }
+    /**
+     * Decrypt data using the default or specified algorithm
+     */
+    decrypt(encryptedData, key, options) {
+        // For now, use the basic decrypt function
+        // TODO: Enhance to support different algorithms and options
+        return functionalDecrypt(encryptedData, key);
+    }
+    /**
+     * Generate HMAC signature
+     */
+    generateHmac(data, secret, options) {
+        // Use the basic HMAC sign function for now
+        // TODO: Add support for different algorithms
+        return functionalHmacSign(data, secret);
+    }
+    /**
+     * Generate cryptographically secure random bytes
+     */
+    generateSecureRandom(length, encoding = 'hex') {
+        // Use the basic random token function
+        return functionalRandomToken(length);
+    }
+    /**
+     * Verify HMAC signature
+     */
+    verifyHmac(data, secret, signature, options) {
+        // Use the basic HMAC verify function
+        return functionalHmacVerify(data, secret, signature);
+    }
+    /**
+     * Create a key derivation function using PBKDF2
+     */
+    deriveKey(password, salt, iterations = 100000, keyLength = 32) {
+        return new Promise((resolve, reject) => {
+            const crypto = require('crypto');
+            crypto.pbkdf2(password, salt, iterations, keyLength, 'sha256', (err, derivedKey) => {
+                if (err) {
+                    reject(err);
+                }
+                else {
+                    resolve(derivedKey.toString('hex'));
+                }
+            });
+        });
+    }
+    /**
+     * Hash data using SHA-256
+     */
+    sha256(data, encoding = 'hex') {
+        const crypto = require('crypto');
+        return crypto.createHash('sha256').update(data).digest(encoding);
+    }
+    /**
+     * Hash data using SHA-512
+     */
+    sha512(data, encoding = 'hex') {
+        const crypto = require('crypto');
+        return crypto.createHash('sha512').update(data).digest(encoding);
+    }
+    /**
+     * Generate a secure key pair for asymmetric encryption
+     */
+    generateKeyPair(options) {
+        return new Promise((resolve, reject) => {
+            const crypto = require('crypto');
+            const keyPair = crypto.generateKeyPairSync('rsa', {
+                modulusLength: options?.modulusLength || 2048,
+                publicKeyEncoding: options?.publicKeyEncoding || {
+                    type: 'spki',
+                    format: 'pem',
+                },
+                privateKeyEncoding: options?.privateKeyEncoding || {
+                    type: 'pkcs8',
+                    format: 'pem',
+                },
+            });
+            resolve(keyPair);
+        });
+    }
+    /**
+     * Encrypt data using RSA public key
+     */
+    rsaEncrypt(data, publicKey) {
+        return new Promise((resolve, reject) => {
+            const crypto = require('crypto');
+            const buffer = Buffer.from(data, 'utf8');
+            const encrypted = crypto.publicEncrypt(publicKey, buffer);
+            resolve(encrypted.toString('base64'));
+        });
+    }
+    /**
+     * Decrypt data using RSA private key
+     */
+    rsaDecrypt(encryptedData, privateKey) {
+        return new Promise((resolve, reject) => {
+            const crypto = require('crypto');
+            const buffer = Buffer.from(encryptedData, 'base64');
+            const decrypted = crypto.privateDecrypt(privateKey, buffer);
+            resolve(decrypted.toString('utf8'));
+        });
+    }
+    /**
+     * Create digital signature using RSA private key
+     */
+    rsaSign(data, privateKey, algorithm = 'sha256') {
+        return new Promise((resolve, reject) => {
+            const crypto = require('crypto');
+            const sign = crypto.createSign(algorithm);
+            sign.update(data);
+            sign.end();
+            try {
+                const signature = sign.sign(privateKey, 'base64');
+                resolve(signature);
+            }
+            catch (error) {
+                reject(error);
+            }
+        });
+    }
+    /**
+     * Verify digital signature using RSA public key
+     */
+    rsaVerify(data, signature, publicKey, algorithm = 'sha256') {
+        return new Promise((resolve, reject) => {
+            const crypto = require('crypto');
+            const verify = crypto.createVerify(algorithm);
+            verify.update(data);
+            verify.end();
+            try {
+                const isValid = verify.verify(publicKey, signature, 'base64');
+                resolve(isValid);
+            }
+            catch (error) {
+                reject(error);
+            }
+        });
+    }
+}
+/**
+ * Create a CryptoManager instance with default configuration
+ */
+export const createCryptoManager = (config) => {
+    return new CryptoManager(config);
+};
+/**
+ * Default CryptoManager instance
+ */
+export const cryptoManager = new CryptoManager();

package/dist/esm/core/crypto/decrypt.js

@@ -1,14 +1,14 @@
-import crypto from "crypto";
-const ALGO = "AES-256-GCM";
+import crypto from 'crypto';
+const ALGO = 'AES-256-GCM';
 export const decrypt = (data, secret) => {
-    const [ivHex, encryptedHex] = data.split(":");
-    const iv = Buffer.from(ivHex, "hex");
-    const encrypted = Buffer.from(encryptedHex, "hex");
-    const key = crypto.createHash("sha256").update(secret).digest();
+    const [ivHex, encryptedHex] = data.split(':');
+    const iv = Buffer.from(ivHex, 'hex');
+    const encrypted = Buffer.from(encryptedHex, 'hex');
+    const key = crypto.createHash('sha256').update(secret).digest();
     const decipher = crypto.createDecipheriv(ALGO, key, iv);
     const decrypted = Buffer.concat([
         decipher.update(encrypted),
         decipher.final(),
     ]);
-    return decrypted.toString("utf8");
+    return decrypted.toString('utf8');
 };

package/dist/esm/core/crypto/encrypt.js

@@ -1,9 +1,9 @@
-import crypto from "crypto";
-const ALGO = "AES-256-GCM";
+import crypto from 'crypto';
+const ALGO = 'AES-256-GCM';
 export const encrypt = (text, secret) => {
-    const key = crypto.createHash("sha256").update(secret).digest();
+    const key = crypto.createHash('sha256').update(secret).digest();
     const iv = crypto.randomBytes(16);
     const cipher = crypto.createCipheriv(ALGO, key, iv);
-    const encrypted = Buffer.concat([cipher.update(text, "utf8"), cipher.final()]);
-    return `${iv.toString("hex")}:${encrypted.toString("hex")}`;
+    const encrypted = Buffer.concat([cipher.update(text, 'utf8'), cipher.final()]);
+    return `${iv.toString('hex')}:${encrypted.toString('hex')}`;
 };

package/dist/esm/core/crypto/hmac.js

@@ -1,9 +1,9 @@
-import crypto from "crypto";
+import crypto from 'crypto';
 /**
  * Sign message using HMAC SHA-256
  */
 export const hmacSign = (message, secret) => {
-    return crypto.createHmac("sha256", secret).update(message).digest("hex");
+    return crypto.createHmac('sha256', secret).update(message).digest('hex');
 };
 /**
  * Verify HMAC signature

package/dist/esm/core/crypto/index.d.ts

@@ -1,4 +1,5 @@
-export * from "./decrypt";
-export * from "./encrypt";
-export * from "./hmac";
-export * from "./random";
+export { decrypt } from './decrypt';
+export { encrypt } from './encrypt';
+export { hmacSign, hmacVerify } from './hmac';
+export { randomToken, generateStrongPassword } from './random';
+export * from './cryptoManager';

package/dist/esm/core/crypto/index.js

@@ -1,4 +1,5 @@
-export * from "./decrypt";
-export * from "./encrypt";
-export * from "./hmac";
-export * from "./random";
+export { decrypt } from './decrypt';
+export { encrypt } from './encrypt';
+export { hmacSign, hmacVerify } from './hmac';
+export { randomToken, generateStrongPassword } from './random';
+export * from './cryptoManager';

package/dist/esm/core/crypto/random.js

@@ -1,13 +1,13 @@
-import crypto from "crypto";
+import crypto from 'crypto';
 /**
  * Generate cryptographically secure random string
  */
 export const randomToken = (length = 32) => {
-    return crypto.randomBytes(length).toString("hex");
+    return crypto.randomBytes(length).toString('hex');
 };
 /**
  * Generate a strong random password
  */
 export const generateStrongPassword = (length = 16) => {
-    return crypto.randomBytes(length).toString("hex").slice(0, length);
+    return crypto.randomBytes(length).toString('hex').slice(0, length);
 };

package/dist/esm/core/jwt/decode.d.ts

@@ -1,4 +1,4 @@
-import { JwtPayload } from "jsonwebtoken";
+import { type JwtPayload } from 'jsonwebtoken';
 /**
  * Flexible decode
  * Returns: null | string | JwtPayload

package/dist/esm/core/jwt/decode.js

@@ -1,5 +1,5 @@
 // src/jwt/decodeToken.ts
-import { decode } from "jsonwebtoken";
+import { decode } from 'jsonwebtoken';
 /**
  * Flexible decode
  * Returns: null | string | JwtPayload
@@ -14,8 +14,8 @@ export function decodeToken(token) {
  */
 export function decodeTokenStrict(token) {
     const decoded = decode(token);
-    if (!decoded || typeof decoded === "string") {
-        throw new Error("Invalid JWT payload structure");
+    if (!decoded || typeof decoded === 'string') {
+        throw new Error('Invalid JWT payload structure');
     }
     return decoded;
 }

package/dist/esm/core/jwt/extractToken.js

@@ -5,16 +5,16 @@ export function extractToken(sources) {
     const { header, cookies, query, body, wsMessage } = sources;
     // 1. Authorization: Bearer <token>
     if (header) {
-        const parts = header.split(" ");
-        if (parts.length === 2 && parts[0] === "Bearer")
+        const parts = header.split(' ');
+        if (parts.length === 2 && parts[0] === 'Bearer')
             return parts[1];
     }
     // 2. Cookies: token / accessToken
     if (cookies) {
-        if (cookies["token"])
-            return cookies["token"];
-        if (cookies["accessToken"])
-            return cookies["accessToken"];
+        if (cookies['token'])
+            return cookies['token'];
+        if (cookies['accessToken'])
+            return cookies['accessToken'];
     }
     // 3. Query params: ?token=xxx
     if (query?.token)
@@ -27,7 +27,7 @@ export function extractToken(sources) {
         try {
             let msg = wsMessage;
             // If it's a JSON string → parse safely
-            if (typeof wsMessage === "string") {
+            if (typeof wsMessage === 'string') {
                 msg = JSON.parse(wsMessage);
             }
             // Ensure msg is an object before property access

package/dist/esm/core/jwt/generateTokens.d.ts

@@ -1,4 +1,4 @@
-import { Secret } from "jsonwebtoken";
-import { RefreshToken, TokenPair } from "./types";
+import { type Secret } from 'jsonwebtoken';
+import type { RefreshToken, TokenPair } from './types';
 export declare const generateTokens: (payload: Record<string, unknown>, accessSecret: Secret, refreshSecret: Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => TokenPair;
 export declare function rotateRefreshToken(oldToken: string, secret: Secret): RefreshToken;

package/dist/esm/core/jwt/generateTokens.js

@@ -1,12 +1,16 @@
-import { signToken } from "./signToken";
-import { verifyToken } from "./verify";
+import { signToken } from './signToken';
+import { verifyToken } from './verify';
 // Helper function to create branded tokens
 const createBrandedToken = (token, _brand) => {
     return token;
 };
-export const generateTokens = (payload, accessSecret, refreshSecret, accessExpiry = "15m", refreshExpiry = "7d") => {
-    const accessToken = signToken(payload, accessSecret, accessExpiry, { algorithm: "HS256" });
-    const refreshToken = signToken(payload, refreshSecret, refreshExpiry, { algorithm: "HS256" });
+export const generateTokens = (payload, accessSecret, refreshSecret, accessExpiry = '15m', refreshExpiry = '7d') => {
+    const accessToken = signToken(payload, accessSecret, accessExpiry, {
+        algorithm: 'HS256',
+    });
+    const refreshToken = signToken(payload, refreshSecret, refreshExpiry, {
+        algorithm: 'HS256',
+    });
     return {
         accessToken: accessToken,
         refreshToken: refreshToken,
@@ -14,12 +18,12 @@ export const generateTokens = (payload, accessSecret, refreshSecret, accessExpir
 };
 export function rotateRefreshToken(oldToken, secret) {
     const decoded = verifyToken(oldToken, secret);
-    if (typeof decoded === "string") {
-        throw new Error("Invalid token payload — expected JWT payload object");
+    if (typeof decoded === 'string') {
+        throw new Error('Invalid token payload — expected JWT payload object');
     }
     const payload = { ...decoded };
     delete payload.iat;
     delete payload.exp;
-    const newToken = signToken(payload, secret, "7d");
+    const newToken = signToken(payload, secret, '7d');
     return newToken;
 }

package/dist/esm/core/jwt/index.d.ts

@@ -1,8 +1,8 @@
-export * from "./decode";
-export * from "./extractToken";
-export * from "./generateTokens";
-export * from "./parseDuration";
-export * from "./signToken";
-export * from "./types";
-export * from "./validateToken";
-export * from "./verify";
+export * from './decode';
+export * from './extractToken';
+export * from './generateTokens';
+export * from './parseDuration';
+export * from './signToken';
+export * from './types';
+export * from './validateToken';
+export * from './verify';

package/dist/esm/core/jwt/index.js

@@ -1,8 +1,8 @@
-export * from "./decode";
-export * from "./extractToken";
-export * from "./generateTokens";
-export * from "./parseDuration";
-export * from "./signToken";
-export * from "./types";
-export * from "./validateToken";
-export * from "./verify";
+export * from './decode';
+export * from './extractToken';
+export * from './generateTokens';
+export * from './parseDuration';
+export * from './signToken';
+export * from './types';
+export * from './validateToken';
+export * from './verify';

package/dist/esm/core/jwt/jwtManager.d.ts

@@ -0,0 +1,67 @@
+import { type JwtPayload, type Secret } from 'jsonwebtoken';
+import type { AccessToken, ITokenManager, JWTConfig, RefreshToken, TokenPair, TokenValidationOptions } from '../../interfaces/jwt.interface';
+export declare class JWTManager implements ITokenManager {
+    private accessSecret;
+    private refreshSecret;
+    private accessExpiry;
+    private refreshExpiry;
+    private cache?;
+    private cacheTTL;
+    constructor(config: JWTConfig);
+    /**
+     * Generate both access and refresh tokens
+     */
+    generateTokens(payload: Record<string, unknown>): Promise<TokenPair>;
+    /**
+     * Generate access token
+     */
+    generateAccessToken(payload: Record<string, unknown>): Promise<AccessToken>;
+    /**
+     * Generate refresh token
+     */
+    generateRefreshToken(payload: Record<string, unknown>): Promise<RefreshToken>;
+    /**
+     * Verify access token
+     */
+    verifyAccessToken(token: string): Promise<JwtPayload | string>;
+    /**
+     * Verify refresh token
+     */
+    verifyRefreshToken(token: string): Promise<JwtPayload | string>;
+    /**
+     * Decode token without verification
+     */
+    decodeToken(token: string, complete?: boolean): JwtPayload | string | null;
+    /**
+     * Extract token from Authorization header
+     */
+    extractTokenFromHeader(authHeader: string): string | null;
+    /**
+     * Validate token without throwing exceptions
+     */
+    validateToken(token: string, secret: Secret, options?: TokenValidationOptions): boolean;
+    /**
+     * Rotate refresh token
+     */
+    rotateRefreshToken(oldToken: string): Promise<RefreshToken>;
+    /**
+     * Check if token is expired
+     */
+    isTokenExpired(token: string): boolean;
+    /**
+     * Get token expiration date
+     */
+    getTokenExpiration(token: string): Date | null;
+    /**
+     * Clear token cache
+     */
+    clearCache(): void;
+    /**
+     * Get cache statistics
+     */
+    getCacheStats(): {
+        size: number;
+        maxSize: number;
+    } | null;
+    private validatePayload;
+}