@naman_deep_singh/security 1.3.2 → 1.4.0

package/dist/cjs/core/jwt/jwtManager.js

@@ -15,285 +15,155 @@ class JWTManager {
         this.refreshSecret = config.refreshSecret;
         this.accessExpiry = config.accessExpiry || '15m';
         this.refreshExpiry = config.refreshExpiry || '7d';
-        this.cacheTTL = 5 * 60 * 1000; // 5 minutes default TTL
+        this.cacheTTL = 5 * 60 * 1000; // 5 minutes
         if (config.enableCaching) {
             this.cache = new js_extensions_1.LRUCache(config.maxCacheSize || 100);
         }
     }
-    /**
-     * Generate both access and refresh tokens
-     */
+    /** Generate both access and refresh tokens */
     async generateTokens(payload) {
         try {
             this.validatePayload(payload);
             const accessToken = await this.generateAccessToken(payload);
             const refreshToken = await this.generateRefreshToken(payload);
-            return {
-                accessToken,
-                refreshToken,
-            };
+            return { accessToken, refreshToken };
         }
         catch (error) {
-            if (error instanceof errors_utils_1.BadRequestError ||
-                error instanceof errors_utils_1.ValidationError) {
+            if (error instanceof errors_utils_1.BadRequestError || error instanceof errors_utils_1.ValidationError)
                 throw error;
-            }
-            throw new errors_utils_1.BadRequestError('Failed to generate tokens');
+            throw new errors_utils_1.BadRequestError({ message: 'Failed to generate tokens' }, error instanceof Error ? error : undefined);
         }
     }
-    /**
-     * Generate access token
-     */
+    /** Generate access token */
     async generateAccessToken(payload) {
         try {
             this.validatePayload(payload);
-            const token = (0, signToken_1.signToken)(payload, this.accessSecret, this.accessExpiry, {
-                algorithm: 'HS256',
-            });
+            const token = (0, signToken_1.signToken)(payload, this.accessSecret, this.accessExpiry, { algorithm: 'HS256' });
             return token;
         }
         catch (error) {
-            if (error instanceof errors_utils_1.BadRequestError ||
-                error instanceof errors_utils_1.ValidationError) {
+            if (error instanceof errors_utils_1.BadRequestError || error instanceof errors_utils_1.ValidationError)
                 throw error;
-            }
-            throw new errors_utils_1.BadRequestError('Failed to generate access token');
+            throw new errors_utils_1.BadRequestError({ message: 'Failed to generate access token' }, error instanceof Error ? error : undefined);
         }
     }
-    /**
-     * Generate refresh token
-     */
+    /** Generate refresh token */
     async generateRefreshToken(payload) {
         try {
             this.validatePayload(payload);
-            const token = (0, signToken_1.signToken)(payload, this.refreshSecret, this.refreshExpiry, {
-                algorithm: 'HS256',
-            });
+            const token = (0, signToken_1.signToken)(payload, this.refreshSecret, this.refreshExpiry, { algorithm: 'HS256' });
             return token;
         }
         catch (error) {
-            if (error instanceof errors_utils_1.BadRequestError ||
-                error instanceof errors_utils_1.ValidationError) {
+            if (error instanceof errors_utils_1.BadRequestError || error instanceof errors_utils_1.ValidationError)
                 throw error;
-            }
-            throw new errors_utils_1.BadRequestError('Failed to generate refresh token');
+            throw new errors_utils_1.BadRequestError({ message: 'Failed to generate refresh token' }, error instanceof Error ? error : undefined);
         }
     }
-    /**
-     * Verify access token
-     */
+    /** Verify access token */
     async verifyAccessToken(token) {
-        try {
-            if (!token || typeof token !== 'string') {
-                throw new errors_utils_1.ValidationError('Access token must be a non-empty string');
-            }
-            const cacheKey = `access_${token}`;
-            if (this.cache) {
-                const cached = this.cache.get(cacheKey);
-                if (cached && Date.now() - cached.timestamp <= this.cacheTTL) {
-                    if (!cached.valid) {
-                        throw new errors_utils_1.UnauthorizedError('Access token is invalid or expired');
-                    }
-                    return cached.payload;
-                }
-            }
-            const decoded = (0, verify_1.verifyToken)(token, this.accessSecret);
-            if (this.cache) {
-                this.cache.set(cacheKey, {
-                    valid: true,
-                    payload: decoded,
-                    timestamp: Date.now(),
-                });
-            }
-            return decoded;
-        }
-        catch (error) {
-            if (error instanceof errors_utils_1.ValidationError ||
-                error instanceof errors_utils_1.UnauthorizedError) {
-                throw error;
-            }
-            if (error instanceof Error && error.name === 'TokenExpiredError') {
-                throw new errors_utils_1.UnauthorizedError('Access token has expired');
-            }
-            if (error instanceof Error && error.name === 'JsonWebTokenError') {
-                throw new errors_utils_1.UnauthorizedError('Access token is invalid');
-            }
-            throw new errors_utils_1.UnauthorizedError('Failed to verify access token');
-        }
+        return this.verifyTokenWithCache(token, this.accessSecret, 'access');
     }
-    /**
-     * Verify refresh token
-     */
+    /** Verify refresh token */
     async verifyRefreshToken(token) {
-        try {
-            if (!token || typeof token !== 'string') {
-                throw new errors_utils_1.ValidationError('Refresh token must be a non-empty string');
-            }
-            const cacheKey = `refresh_${token}`;
-            if (this.cache) {
-                const cached = this.cache.get(cacheKey);
-                if (cached) {
-                    if (!cached.valid) {
-                        throw new errors_utils_1.UnauthorizedError('Refresh token is invalid or expired');
-                    }
-                    return cached.payload;
-                }
-            }
-            const decoded = (0, verify_1.verifyToken)(token, this.refreshSecret);
-            if (this.cache) {
-                this.cache.set(cacheKey, { valid: true, payload: decoded, timestamp: Date.now() });
-            }
-            return decoded;
-        }
-        catch (error) {
-            if (error instanceof errors_utils_1.ValidationError ||
-                error instanceof errors_utils_1.UnauthorizedError) {
-                throw error;
-            }
-            if (error instanceof Error && error.name === 'TokenExpiredError') {
-                throw new errors_utils_1.UnauthorizedError('Refresh token has expired');
-            }
-            if (error instanceof Error && error.name === 'JsonWebTokenError') {
-                throw new errors_utils_1.UnauthorizedError('Refresh token is invalid');
-            }
-            throw new errors_utils_1.UnauthorizedError('Failed to verify refresh token');
-        }
+        return this.verifyTokenWithCache(token, this.refreshSecret, 'refresh');
     }
-    /**
-     * Decode token without verification
-     */
+    /** Decode token without verification */
     decodeToken(token, complete = false) {
-        try {
-            if (!token || typeof token !== 'string') {
-                throw new errors_utils_1.ValidationError('Token must be a non-empty string');
-            }
-            return jsonwebtoken_1.default.decode(token, { complete });
-        }
-        catch (error) {
-            if (error instanceof errors_utils_1.ValidationError) {
-                throw error;
-            }
+        if (!token || typeof token !== 'string')
             return null;
-        }
+        return jsonwebtoken_1.default.decode(token, { complete });
     }
-    /**
-     * Extract token from Authorization header
-     */
+    /** Extract token from Authorization header */
     extractTokenFromHeader(authHeader) {
-        try {
-            if (!authHeader || typeof authHeader !== 'string') {
-                return null;
-            }
-            const parts = authHeader.split(' ');
-            if (parts.length !== 2 || parts[0] !== 'Bearer') {
-                return null;
-            }
-            return parts[1];
-        }
-        catch {
+        if (!authHeader || typeof authHeader !== 'string')
             return null;
-        }
+        const parts = authHeader.split(' ');
+        if (parts.length !== 2 || parts[0] !== 'Bearer')
+            return null;
+        return parts[1];
     }
-    /**
-     * Validate token without throwing exceptions
-     */
-    validateToken(token, secret, options = {}) {
-        try {
-            if (!token || typeof token !== 'string') {
-                return false;
-            }
-            const result = (0, verify_1.safeVerifyToken)(token, secret);
-            return result.valid;
-        }
-        catch {
+    /** Validate token without throwing exceptions */
+    validateToken(token, secret) {
+        if (!token || typeof token !== 'string')
             return false;
-        }
+        return (0, verify_1.safeVerifyToken)(token, secret).valid;
     }
-    /**
-     * Rotate refresh token
-     */
+    /** Rotate refresh token */
     async rotateRefreshToken(oldToken) {
-        try {
-            if (!oldToken || typeof oldToken !== 'string') {
-                throw new errors_utils_1.ValidationError('Old refresh token must be a non-empty string');
-            }
-            const decoded = await this.verifyRefreshToken(oldToken);
-            if (typeof decoded === 'string') {
-                throw new errors_utils_1.ValidationError('Invalid token payload — expected JWT payload object');
-            }
-            // Create new payload without issued/expired timestamps
-            const payload = { ...decoded };
-            delete payload.iat;
-            delete payload.exp;
-            // Generate new refresh token
-            const newToken = (0, signToken_1.signToken)(payload, this.refreshSecret, this.refreshExpiry);
-            return newToken;
-        }
-        catch (error) {
-            if (error instanceof errors_utils_1.ValidationError ||
-                error instanceof errors_utils_1.UnauthorizedError) {
-                throw error;
-            }
-            throw new errors_utils_1.BadRequestError('Failed to rotate refresh token');
-        }
+        if (!oldToken || typeof oldToken !== 'string') {
+            throw new errors_utils_1.ValidationError({ message: 'Old refresh token must be a non-empty string' });
+        }
+        const decoded = await this.verifyRefreshToken(oldToken);
+        const payload = { ...decoded };
+        delete payload.iat;
+        delete payload.exp;
+        const newToken = (0, signToken_1.signToken)(payload, this.refreshSecret, this.refreshExpiry);
+        return newToken;
     }
-    /**
-     * Check if token is expired
-     */
+    /** Check if token is expired */
     isTokenExpired(token) {
         try {
             const decoded = this.decodeToken(token);
-            if (!decoded || !decoded.exp) {
+            if (!decoded || !decoded.exp)
                 return true;
-            }
-            const currentTime = Math.floor(Date.now() / 1000);
-            return decoded.exp < currentTime;
+            return decoded.exp < Math.floor(Date.now() / 1000);
         }
         catch {
             return true;
         }
     }
-    /**
-     * Get token expiration date
-     */
+    /** Get token expiration date */
     getTokenExpiration(token) {
         try {
             const decoded = this.decodeToken(token);
-            if (!decoded || !decoded.exp) {
+            if (!decoded || !decoded.exp)
                 return null;
-            }
             return new Date(decoded.exp * 1000);
         }
         catch {
             return null;
         }
     }
-    /**
-     * Clear token cache
-     */
+    /** Clear token cache */
     clearCache() {
         this.cache?.clear();
     }
-    /**
-     * Get cache statistics
-     */
+    /** Get cache statistics */
     getCacheStats() {
         if (!this.cache)
             return null;
-        // Note: LRUCache doesn't expose internal size, so we return maxSize only
-        return {
-            size: -1, // Size not available from LRUCache
-            maxSize: this.cache.maxSize,
-        };
+        return { size: -1, maxSize: this.cache.maxSize };
     }
-    // Private helper methods
+    /** Private helper methods */
     validatePayload(payload) {
         if (!payload || typeof payload !== 'object') {
-            throw new errors_utils_1.ValidationError('Payload must be a non-null object');
+            throw new errors_utils_1.ValidationError({ message: 'Payload must be a non-null object' });
         }
         if (Object.keys(payload).length === 0) {
-            throw new errors_utils_1.ValidationError('Payload cannot be empty');
+            throw new errors_utils_1.ValidationError({ message: 'Payload cannot be empty' });
         }
     }
+    async verifyTokenWithCache(token, secret, type) {
+        if (!token || typeof token !== 'string') {
+            throw new errors_utils_1.ValidationError({ message: `${type} token must be a non-empty string` });
+        }
+        const cacheKey = `${type}_${token}`;
+        if (this.cache) {
+            const cached = this.cache.get(cacheKey);
+            if (cached && Date.now() - cached.timestamp <= this.cacheTTL) {
+                if (!cached.valid)
+                    throw new errors_utils_1.UnauthorizedError({ message: `${type} token is invalid or expired` });
+                return cached.payload;
+            }
+        }
+        const { valid, payload, error } = (0, verify_1.safeVerifyToken)(token, secret);
+        if (!valid || !payload || typeof payload === 'string') {
+            this.cache?.set(cacheKey, { valid: false, payload: {}, timestamp: Date.now() });
+            throw new errors_utils_1.UnauthorizedError({ message: `${type} token is invalid or expired`, cause: error });
+        }
+        this.cache?.set(cacheKey, { valid: true, payload, timestamp: Date.now() });
+        return payload;
+    }
 }
 exports.JWTManager = JWTManager;

package/dist/cjs/core/jwt/parseDuration.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.parseDuration = parseDuration;
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
 const TIME_UNITS = {
     s: 1,
     m: 60,
@@ -18,12 +19,12 @@ function parseDuration(input) {
         const value = Number.parseInt(match[1], 10);
         const unit = match[2].toLowerCase();
         if (!TIME_UNITS[unit]) {
-            throw new Error(`Invalid time unit: ${unit}`);
+            throw new errors_utils_1.ValidationError({ message: `Invalid time unit: ${unit}` });
         }
         totalSeconds += value * TIME_UNITS[unit];
     }
     if (totalSeconds === 0) {
-        throw new Error(`Invalid expiry format: "${input}"`);
+        throw new errors_utils_1.ValidationError({ message: `Invalid expiry format: "${input}"` });
     }
     return totalSeconds;
 }

package/dist/cjs/core/jwt/signToken.js

@@ -3,13 +3,14 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.signToken = void 0;
 const jsonwebtoken_1 = require("jsonwebtoken");
 const parseDuration_1 = require("./parseDuration");
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
 function getExpiryTimestamp(seconds) {
     return Math.floor(Date.now() / 1000) + seconds;
 }
 const signToken = (payload, secret, expiresIn = '1h', options = {}) => {
     const seconds = (0, parseDuration_1.parseDuration)(expiresIn);
     if (!seconds || seconds < 10) {
-        throw new Error('Token expiry too small');
+        throw new errors_utils_1.ValidationError({ message: 'Token expiry too small' });
     }
     const tokenPayload = {
         ...payload,

package/dist/cjs/core/jwt/validateToken.d.ts

@@ -1,13 +1,16 @@
-import type { JwtPayload } from 'node_modules/@types/jsonwebtoken';
+import type { JwtPayload } from 'jsonwebtoken';
 export interface TokenRequirements {
     requiredFields?: string[];
     forbiddenFields?: string[];
     validateTypes?: Record<string, 'string' | 'number' | 'boolean'>;
 }
-export declare function validateTokenPayload(payload: Record<string, unknown>, rules?: TokenRequirements): {
-    valid: true;
-} | {
-    valid: false;
-    error: string;
-};
+/**
+ * Validates a JWT payload according to the provided rules.
+ * Throws ValidationError if validation fails.
+ */
+export declare function validateTokenPayload(payload: Record<string, unknown>, rules?: TokenRequirements): void;
+/**
+ * Checks if a JWT payload is expired.
+ * Returns true if expired or missing 'exp'.
+ */
 export declare function isTokenExpired(payload: JwtPayload): boolean;

package/dist/cjs/core/jwt/validateToken.js

@@ -2,34 +2,37 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.validateTokenPayload = validateTokenPayload;
 exports.isTokenExpired = isTokenExpired;
-function validateTokenPayload(payload, rules = {
-    requiredFields: ['exp', 'iat'],
-}) {
-    const { requiredFields = [], forbiddenFields = [], validateTypes = {}, } = rules;
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
+/**
+ * Validates a JWT payload according to the provided rules.
+ * Throws ValidationError if validation fails.
+ */
+function validateTokenPayload(payload, rules = { requiredFields: ['exp', 'iat'] }) {
+    const { requiredFields = [], forbiddenFields = [], validateTypes = {} } = rules;
     // 1. Required fields
     for (const field of requiredFields) {
         if (!(field in payload)) {
-            return { valid: false, error: `Missing required field: ${field}` };
+            throw new errors_utils_1.ValidationError(`Missing required field: ${field}`);
         }
     }
     // 2. Forbidden fields
     for (const field of forbiddenFields) {
         if (field in payload) {
-            return { valid: false, error: `Forbidden field in token: ${field}` };
+            throw new errors_utils_1.ValidationError(`Forbidden field in token: ${field}`);
         }
     }
     // 3. Type validation
     for (const key in validateTypes) {
         const expectedType = validateTypes[key];
         if (key in payload && typeof payload[key] !== expectedType) {
-            return {
-                valid: false,
-                error: `Invalid type for ${key}. Expected ${expectedType}.`,
-            };
+            throw new errors_utils_1.ValidationError(`Invalid type for ${key}. Expected ${expectedType}, got ${typeof payload[key]}`);
         }
     }
-    return { valid: true };
 }
+/**
+ * Checks if a JWT payload is expired.
+ * Returns true if expired or missing 'exp'.
+ */
 function isTokenExpired(payload) {
     if (!payload.exp)
         return true;

package/dist/cjs/core/jwt/verify.d.ts

@@ -1,19 +1,18 @@
-import type jwt from 'jsonwebtoken';
-import { type JwtPayload, type Secret } from 'jsonwebtoken';
-import type { VerificationResult } from './types';
+import { type JwtPayload, type Secret, VerifyOptions } from 'jsonwebtoken';
+import { VerificationResult } from './types';
 /**
- * Verify token (throws if invalid or expired)
+ * Verify token (throws UnauthorizedError if invalid or expired)
  */
 export declare const verifyToken: (token: string, secret: Secret) => string | JwtPayload;
 /**
- * Safe verify — never throws, returns structured result
+ * Verify token with options
  */
-export declare const safeVerifyToken: (token: string, secret: Secret) => VerificationResult;
+export declare const verifyTokenWithOptions: (token: string, secret: Secret, options?: VerifyOptions) => string | JwtPayload;
 /**
- * Verify token with validation options
+ * Safe verify — never throws, returns structured result with UnauthorizedError on failure
  */
-export declare const verifyTokenWithOptions: (token: string, secret: Secret, options?: jwt.VerifyOptions) => string | JwtPayload;
+export declare const safeVerifyToken: (token: string, secret: Secret) => VerificationResult;
 /**
- * Safe verify with validation options
+ * Safe verify with options — never throws, returns structured result with UnauthorizedError on failure
  */
-export declare const safeVerifyTokenWithOptions: (token: string, secret: Secret, options?: jwt.VerifyOptions) => VerificationResult;
+export declare const safeVerifyTokenWithOptions: (token: string, secret: Secret, options?: VerifyOptions) => VerificationResult;

package/dist/cjs/core/jwt/verify.js

@@ -1,16 +1,46 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.safeVerifyTokenWithOptions = exports.verifyTokenWithOptions = exports.safeVerifyToken = exports.verifyToken = void 0;
+exports.safeVerifyTokenWithOptions = exports.safeVerifyToken = exports.verifyTokenWithOptions = exports.verifyToken = void 0;
 const jsonwebtoken_1 = require("jsonwebtoken");
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
 /**
- * Verify token (throws if invalid or expired)
+ * Verify token (throws UnauthorizedError if invalid or expired)
  */
 const verifyToken = (token, secret) => {
-    return (0, jsonwebtoken_1.verify)(token, secret);
+    try {
+        return (0, jsonwebtoken_1.verify)(token, secret);
+    }
+    catch (error) {
+        if (error.name === 'TokenExpiredError') {
+            throw new errors_utils_1.UnauthorizedError({ message: 'Token has expired' }, error);
+        }
+        if (error.name === 'JsonWebTokenError') {
+            throw new errors_utils_1.UnauthorizedError({ message: 'Invalid token' }, error);
+        }
+        throw new errors_utils_1.UnauthorizedError({ message: 'Failed to verify token' }, error);
+    }
 };
 exports.verifyToken = verifyToken;
 /**
- * Safe verify — never throws, returns structured result
+ * Verify token with options
+ */
+const verifyTokenWithOptions = (token, secret, options = {}) => {
+    try {
+        return (0, jsonwebtoken_1.verify)(token, secret, options);
+    }
+    catch (error) {
+        if (error.name === 'TokenExpiredError') {
+            throw new errors_utils_1.UnauthorizedError({ message: 'Token has expired' }, error);
+        }
+        if (error.name === 'JsonWebTokenError') {
+            throw new errors_utils_1.UnauthorizedError({ message: 'Invalid token' }, error);
+        }
+        throw new errors_utils_1.UnauthorizedError({ message: 'Failed to verify token' }, error);
+    }
+};
+exports.verifyTokenWithOptions = verifyTokenWithOptions;
+/**
+ * Safe verify — never throws, returns structured result with UnauthorizedError on failure
  */
 const safeVerifyToken = (token, secret) => {
     try {
@@ -18,19 +48,22 @@ const safeVerifyToken = (token, secret) => {
         return { valid: true, payload: decoded };
     }
     catch (error) {
-        return { valid: false, error: error };
+        let wrappedError;
+        if (error.name === 'TokenExpiredError') {
+            wrappedError = new errors_utils_1.UnauthorizedError({ message: 'Token has expired' }, error);
+        }
+        else if (error.name === 'JsonWebTokenError') {
+            wrappedError = new errors_utils_1.UnauthorizedError({ message: 'Invalid token' }, error);
+        }
+        else {
+            wrappedError = new errors_utils_1.UnauthorizedError({ message: 'Failed to verify token' }, error);
+        }
+        return { valid: false, error: wrappedError };
     }
 };
 exports.safeVerifyToken = safeVerifyToken;
 /**
- * Verify token with validation options
- */
-const verifyTokenWithOptions = (token, secret, options = {}) => {
-    return (0, jsonwebtoken_1.verify)(token, secret, options);
-};
-exports.verifyTokenWithOptions = verifyTokenWithOptions;
-/**
- * Safe verify with validation options
+ * Safe verify with options — never throws, returns structured result with UnauthorizedError on failure
  */
 const safeVerifyTokenWithOptions = (token, secret, options = {}) => {
     try {
@@ -38,7 +71,17 @@ const safeVerifyTokenWithOptions = (token, secret, options = {}) => {
         return { valid: true, payload: decoded };
     }
     catch (error) {
-        return { valid: false, error: error };
+        let wrappedError;
+        if (error.name === 'TokenExpiredError') {
+            wrappedError = new errors_utils_1.UnauthorizedError({ message: 'Token has expired' }, error);
+        }
+        else if (error.name === 'JsonWebTokenError') {
+            wrappedError = new errors_utils_1.UnauthorizedError({ message: 'Invalid token' }, error);
+        }
+        else {
+            wrappedError = new errors_utils_1.UnauthorizedError({ message: 'Failed to verify token' }, error);
+        }
+        return { valid: false, error: wrappedError };
     }
 };
 exports.safeVerifyTokenWithOptions = safeVerifyTokenWithOptions;

package/dist/cjs/core/password/hash.js

@@ -18,8 +18,8 @@ const hashPassword = async (password, saltRounds = 10) => {
         const salt = await bcryptjs_1.default.genSalt(saltRounds);
         return bcryptjs_1.default.hash(password, salt);
     }
-    catch (err) {
-        throw new errors_utils_1.InternalServerError('Password hashing failed');
+    catch (_err) {
+        throw new errors_utils_1.InternalServerError({ message: 'Password hashing failed' });
     }
 };
 exports.hashPassword = hashPassword;
@@ -35,8 +35,8 @@ const hashPasswordSync = (password, saltRounds = 10) => {
         const salt = bcryptjs_1.default.genSaltSync(saltRounds);
         return bcryptjs_1.default.hashSync(password, salt);
     }
-    catch (error) {
-        throw new errors_utils_1.InternalServerError('Password hashing failed');
+    catch (_error) {
+        throw new errors_utils_1.InternalServerError({ message: 'Password hashing failed' });
     }
 };
 exports.hashPasswordSync = hashPasswordSync;

package/dist/cjs/core/password/passwordManager.d.ts

@@ -23,7 +23,7 @@ export declare class PasswordManager implements IPasswordManager {
      */
     checkStrength(password: string): PasswordStrength;
     /**
-     * Check if password hash needs upgrade (different salt rounds)
+     * Check if password hash needs upgrade (saltRounds change)
      */
-    needsUpgrade(hash: string, currentConfig: PasswordConfig): boolean;
+    needsUpgrade(_hash: string, _currentConfig: PasswordConfig): boolean;
 }