npm - @naman_deep_singh/security - Versions diffs - 1.3.2 → 1.4.0 - Mend

@naman_deep_singh/security 1.3.2 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (52) hide show

package/README.md +153 -355
package/dist/cjs/core/crypto/cryptoManager.d.ts +5 -5
package/dist/cjs/core/crypto/cryptoManager.js +42 -25
package/dist/cjs/core/jwt/decode.js +4 -1
package/dist/cjs/core/jwt/generateTokens.d.ts +1 -1
package/dist/cjs/core/jwt/generateTokens.js +7 -4
package/dist/cjs/core/jwt/jwtManager.d.ts +19 -43
package/dist/cjs/core/jwt/jwtManager.js +72 -202
package/dist/cjs/core/jwt/parseDuration.js +3 -2
package/dist/cjs/core/jwt/signToken.js +2 -1
package/dist/cjs/core/jwt/validateToken.d.ts +10 -7
package/dist/cjs/core/jwt/validateToken.js +14 -11
package/dist/cjs/core/jwt/verify.d.ts +9 -10
package/dist/cjs/core/jwt/verify.js +57 -14
package/dist/cjs/core/password/hash.js +4 -4
package/dist/cjs/core/password/passwordManager.d.ts +2 -2
package/dist/cjs/core/password/passwordManager.js +43 -82
package/dist/cjs/core/password/strength.js +5 -5
package/dist/cjs/core/password/utils.d.ts +12 -0
package/dist/cjs/core/password/utils.js +16 -1
package/dist/cjs/core/password/verify.js +5 -5
package/dist/cjs/index.d.ts +2 -7
package/dist/esm/core/crypto/cryptoManager.d.ts +5 -5
package/dist/esm/core/crypto/cryptoManager.js +42 -25
package/dist/esm/core/jwt/decode.js +4 -1
package/dist/esm/core/jwt/generateTokens.d.ts +1 -1
package/dist/esm/core/jwt/generateTokens.js +7 -4
package/dist/esm/core/jwt/jwtManager.d.ts +19 -43
package/dist/esm/core/jwt/jwtManager.js +73 -203
package/dist/esm/core/jwt/parseDuration.js +3 -2
package/dist/esm/core/jwt/signToken.js +2 -1
package/dist/esm/core/jwt/validateToken.d.ts +10 -7
package/dist/esm/core/jwt/validateToken.js +14 -11
package/dist/esm/core/jwt/verify.d.ts +9 -10
package/dist/esm/core/jwt/verify.js +55 -12
package/dist/esm/core/password/hash.js +4 -4
package/dist/esm/core/password/passwordManager.d.ts +2 -2
package/dist/esm/core/password/passwordManager.js +43 -82
package/dist/esm/core/password/strength.js +5 -5
package/dist/esm/core/password/utils.d.ts +12 -0
package/dist/esm/core/password/utils.js +16 -1
package/dist/esm/core/password/verify.js +5 -5
package/dist/esm/index.d.ts +2 -7
package/dist/types/core/crypto/cryptoManager.d.ts +5 -5
package/dist/types/core/jwt/generateTokens.d.ts +1 -1
package/dist/types/core/jwt/jwtManager.d.ts +19 -43
package/dist/types/core/jwt/validateToken.d.ts +10 -7
package/dist/types/core/jwt/verify.d.ts +9 -10
package/dist/types/core/password/passwordManager.d.ts +2 -2
package/dist/types/core/password/utils.d.ts +12 -0
package/dist/types/index.d.ts +2 -7
package/package.json +2 -2

package/dist/cjs/core/crypto/cryptoManager.d.ts CHANGED Viewed

@@ -24,7 +24,7 @@ export declare class CryptoManager {
     /**
      * Encrypt data using the default or specified algorithm
      */
-    encrypt(plaintext: string, key: string, options?: {
+    encrypt(plaintext: string, key: string, _options?: {
         algorithm?: string;
         encoding?: BufferEncoding;
         iv?: string;
@@ -32,7 +32,7 @@ export declare class CryptoManager {
     /**
      * Decrypt data using the default or specified algorithm
      */
-    decrypt(encryptedData: string, key: string, options?: {
+    decrypt(encryptedData: string, key: string, _options?: {
         algorithm?: string;
         encoding?: BufferEncoding;
         iv?: string;
@@ -40,18 +40,18 @@ export declare class CryptoManager {
     /**
      * Generate HMAC signature
      */
-    generateHmac(data: string, secret: string, options?: {
+    generateHmac(data: string, secret: string, _options?: {
         algorithm?: string;
         encoding?: BufferEncoding;
     }): string;
     /**
      * Generate cryptographically secure random bytes
      */
-    generateSecureRandom(length: number, encoding?: BufferEncoding): string;
+    generateSecureRandom(length: number, _encoding?: BufferEncoding): string;
     /**
      * Verify HMAC signature
      */
-    verifyHmac(data: string, secret: string, signature: string, options?: {
+    verifyHmac(data: string, secret: string, signature: string, _options?: {
         algorithm?: string;
         encoding?: BufferEncoding;
     }): boolean;

package/dist/cjs/core/crypto/cryptoManager.js CHANGED Viewed

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.cryptoManager = exports.createCryptoManager = exports.CryptoManager = void 0;
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
 const index_1 = require("./index");
 /**
  * Default configuration
@@ -33,23 +34,33 @@ class CryptoManager {
     /**
      * Encrypt data using the default or specified algorithm
      */
-    encrypt(plaintext, key, options) {
-        // For now, use the basic encrypt function
-        // TODO: Enhance to support different algorithms and options
-        return (0, index_1.encrypt)(plaintext, key);
+    encrypt(plaintext, key, _options) {
+        try {
+            return (0, index_1.encrypt)(plaintext, key);
+        }
+        catch (err) {
+            throw new errors_utils_1.InternalServerError(undefined, {
+                message: 'Encryption failed',
+            }, err instanceof Error ? err : undefined);
+        }
     }
     /**
      * Decrypt data using the default or specified algorithm
      */
-    decrypt(encryptedData, key, options) {
-        // For now, use the basic decrypt function
-        // TODO: Enhance to support different algorithms and options
-        return (0, index_1.decrypt)(encryptedData, key);
+    decrypt(encryptedData, key, _options) {
+        try {
+            return (0, index_1.decrypt)(encryptedData, key);
+        }
+        catch (err) {
+            throw new errors_utils_1.InternalServerError(undefined, {
+                message: 'Decryption failed',
+            }, err instanceof Error ? err : undefined);
+        }
     }
     /**
      * Generate HMAC signature
      */
-    generateHmac(data, secret, options) {
+    generateHmac(data, secret, _options) {
         // Use the basic HMAC sign function for now
         // TODO: Add support for different algorithms
         return (0, index_1.hmacSign)(data, secret);
@@ -57,14 +68,14 @@ class CryptoManager {
     /**
      * Generate cryptographically secure random bytes
      */
-    generateSecureRandom(length, encoding = 'hex') {
+    generateSecureRandom(length, _encoding = 'hex') {
         // Use the basic random token function
         return (0, index_1.randomToken)(length);
     }
     /**
      * Verify HMAC signature
      */
-    verifyHmac(data, secret, signature, options) {
+    verifyHmac(data, secret, signature, _options) {
         // Use the basic HMAC verify function
         return (0, index_1.hmacVerify)(data, secret, signature);
     }
@@ -76,7 +87,9 @@ class CryptoManager {
             const crypto = require('crypto');
             crypto.pbkdf2(password, salt, iterations, keyLength, 'sha256', (err, derivedKey) => {
                 if (err) {
-                    reject(err);
+                    reject(new errors_utils_1.InternalServerError(undefined, {
+                        message: 'Key derivation failed',
+                    }, err instanceof Error ? err : undefined));
                 }
                 else {
                     resolve(derivedKey.toString('hex'));
@@ -102,7 +115,7 @@ class CryptoManager {
      * Generate a secure key pair for asymmetric encryption
      */
     generateKeyPair(options) {
-        return new Promise((resolve, reject) => {
+        return new Promise((resolve, _reject) => {
             const crypto = require('crypto');
             const keyPair = crypto.generateKeyPairSync('rsa', {
                 modulusLength: options?.modulusLength || 2048,
@@ -122,7 +135,7 @@ class CryptoManager {
      * Encrypt data using RSA public key
      */
     rsaEncrypt(data, publicKey) {
-        return new Promise((resolve, reject) => {
+        return new Promise((resolve, _reject) => {
             const crypto = require('crypto');
             const buffer = Buffer.from(data, 'utf8');
             const encrypted = crypto.publicEncrypt(publicKey, buffer);
@@ -133,7 +146,7 @@ class CryptoManager {
      * Decrypt data using RSA private key
      */
     rsaDecrypt(encryptedData, privateKey) {
-        return new Promise((resolve, reject) => {
+        return new Promise((resolve, _reject) => {
             const crypto = require('crypto');
             const buffer = Buffer.from(encryptedData, 'base64');
             const decrypted = crypto.privateDecrypt(privateKey, buffer);
@@ -146,15 +159,17 @@ class CryptoManager {
     rsaSign(data, privateKey, algorithm = 'sha256') {
         return new Promise((resolve, reject) => {
             const crypto = require('crypto');
-            const sign = crypto.createSign(algorithm);
-            sign.update(data);
-            sign.end();
             try {
+                const sign = crypto.createSign(algorithm);
+                sign.update(data);
+                sign.end();
                 const signature = sign.sign(privateKey, 'base64');
                 resolve(signature);
             }
-            catch (error) {
-                reject(error);
+            catch (err) {
+                reject(new errors_utils_1.InternalServerError(undefined, {
+                    message: 'RSA signing failed',
+                }, err instanceof Error ? err : undefined));
             }
         });
     }
@@ -164,15 +179,17 @@ class CryptoManager {
     rsaVerify(data, signature, publicKey, algorithm = 'sha256') {
         return new Promise((resolve, reject) => {
             const crypto = require('crypto');
-            const verify = crypto.createVerify(algorithm);
-            verify.update(data);
-            verify.end();
             try {
+                const verify = crypto.createVerify(algorithm);
+                verify.update(data);
+                verify.end();
                 const isValid = verify.verify(publicKey, signature, 'base64');
                 resolve(isValid);
             }
-            catch (error) {
-                reject(error);
+            catch (err) {
+                reject(new errors_utils_1.InternalServerError(undefined, {
+                    message: 'RSA verification failed',
+                }, err instanceof Error ? err : undefined));
             }
         });
     }

package/dist/cjs/core/jwt/decode.js CHANGED Viewed

@@ -4,6 +4,7 @@ exports.decodeToken = decodeToken;
 exports.decodeTokenStrict = decodeTokenStrict;
 // src/jwt/decodeToken.ts
 const jsonwebtoken_1 = require("jsonwebtoken");
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
 /**
  * Flexible decode
  * Returns: null | string | JwtPayload
@@ -19,7 +20,9 @@ function decodeToken(token) {
 function decodeTokenStrict(token) {
     const decoded = (0, jsonwebtoken_1.decode)(token);
     if (!decoded || typeof decoded === 'string') {
-        throw new Error('Invalid JWT payload structure');
+        throw new errors_utils_1.BadRequestError({
+            message: 'Invalid JWT payload structure',
+        });
     }
     return decoded;
 }

package/dist/cjs/core/jwt/generateTokens.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { type Secret } from 'jsonwebtoken';
+import type { Secret } from 'jsonwebtoken';
 import type { RefreshToken, TokenPair } from './types';
 export declare const generateTokens: (payload: Record<string, unknown>, accessSecret: Secret, refreshSecret: Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => TokenPair;
 export declare function rotateRefreshToken(oldToken: string, secret: Secret): RefreshToken;

package/dist/cjs/core/jwt/generateTokens.js CHANGED Viewed

@@ -4,10 +4,11 @@ exports.generateTokens = void 0;
 exports.rotateRefreshToken = rotateRefreshToken;
 const signToken_1 = require("./signToken");
 const verify_1 = require("./verify");
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
 // Helper function to create branded tokens
-const createBrandedToken = (token, _brand) => {
-    return token;
-};
+/* const createBrandedToken = <T extends string>(token: string, _brand: T): T => {
+    return token as T
+} */
 const generateTokens = (payload, accessSecret, refreshSecret, accessExpiry = '15m', refreshExpiry = '7d') => {
     const accessToken = (0, signToken_1.signToken)(payload, accessSecret, accessExpiry, {
         algorithm: 'HS256',
@@ -24,7 +25,9 @@ exports.generateTokens = generateTokens;
 function rotateRefreshToken(oldToken, secret) {
     const decoded = (0, verify_1.verifyToken)(oldToken, secret);
     if (typeof decoded === 'string') {
-        throw new Error('Invalid token payload — expected JWT payload object');
+        throw new errors_utils_1.TokenMalformedError({
+            message: 'Invalid token payload — expected JWT payload object',
+        });
     }
     const payload = { ...decoded };
     delete payload.iat;

package/dist/cjs/core/jwt/jwtManager.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { type JwtPayload, type Secret } from 'jsonwebtoken';
-import type { AccessToken, ITokenManager, JWTConfig, RefreshToken, TokenPair, TokenValidationOptions } from '../../interfaces/jwt.interface';
+import type { AccessToken, ITokenManager, JWTConfig, RefreshToken, TokenPair } from '../../interfaces/jwt.interface';
 export declare class JWTManager implements ITokenManager {
     private accessSecret;
     private refreshSecret;
@@ -8,60 +8,36 @@ export declare class JWTManager implements ITokenManager {
     private cache?;
     private cacheTTL;
     constructor(config: JWTConfig);
-    /**
-     * Generate both access and refresh tokens
-     */
+    /** Generate both access and refresh tokens */
     generateTokens(payload: Record<string, unknown>): Promise<TokenPair>;
-    /**
-     * Generate access token
-     */
+    /** Generate access token */
     generateAccessToken(payload: Record<string, unknown>): Promise<AccessToken>;
-    /**
-     * Generate refresh token
-     */
+    /** Generate refresh token */
     generateRefreshToken(payload: Record<string, unknown>): Promise<RefreshToken>;
-    /**
-     * Verify access token
-     */
-    verifyAccessToken(token: string): Promise<JwtPayload | string>;
-    /**
-     * Verify refresh token
-     */
-    verifyRefreshToken(token: string): Promise<JwtPayload | string>;
-    /**
-     * Decode token without verification
-     */
+    /** Verify access token */
+    verifyAccessToken(token: string): Promise<JwtPayload>;
+    /** Verify refresh token */
+    verifyRefreshToken(token: string): Promise<JwtPayload>;
+    /** Decode token without verification */
     decodeToken(token: string, complete?: boolean): JwtPayload | string | null;
-    /**
-     * Extract token from Authorization header
-     */
+    /** Extract token from Authorization header */
     extractTokenFromHeader(authHeader: string): string | null;
-    /**
-     * Validate token without throwing exceptions
-     */
-    validateToken(token: string, secret: Secret, options?: TokenValidationOptions): boolean;
-    /**
-     * Rotate refresh token
-     */
+    /** Validate token without throwing exceptions */
+    validateToken(token: string, secret: Secret): boolean;
+    /** Rotate refresh token */
     rotateRefreshToken(oldToken: string): Promise<RefreshToken>;
-    /**
-     * Check if token is expired
-     */
+    /** Check if token is expired */
     isTokenExpired(token: string): boolean;
-    /**
-     * Get token expiration date
-     */
+    /** Get token expiration date */
     getTokenExpiration(token: string): Date | null;
-    /**
-     * Clear token cache
-     */
+    /** Clear token cache */
     clearCache(): void;
-    /**
-     * Get cache statistics
-     */
+    /** Get cache statistics */
     getCacheStats(): {
         size: number;
         maxSize: number;
     } | null;
+    /** Private helper methods */
     private validatePayload;
+    private verifyTokenWithCache;
 }