@naman_deep_singh/security 1.5.1 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/dist/cjs/core/crypto/CryptoManger.js +107 -0
- package/dist/cjs/core/crypto/index.js +13 -26
- package/dist/cjs/core/index.js +44 -0
- package/dist/cjs/core/jwt/{jwtManager.js → JWTManager.js} +22 -22
- package/dist/cjs/core/jwt/decode.js +2 -3
- package/dist/cjs/core/jwt/generateTokens.js +8 -8
- package/dist/cjs/core/jwt/index.js +23 -22
- package/dist/cjs/core/jwt/parseDuration.js +3 -3
- package/dist/cjs/core/jwt/signToken.js +4 -4
- package/dist/cjs/core/jwt/validateToken.js +4 -4
- package/dist/cjs/core/jwt/verify.js +13 -13
- package/dist/cjs/core/password/{passwordManager.js → PasswordManager.js} +8 -8
- package/dist/cjs/core/password/hash.js +6 -6
- package/dist/cjs/core/password/index.js +20 -17
- package/dist/cjs/core/password/strength.js +7 -7
- package/dist/cjs/core/password/utils.js +2 -2
- package/dist/cjs/core/password/verify.js +5 -5
- package/dist/cjs/index.js +4 -40
- package/dist/cjs/interfaces/index.js +2 -0
- package/dist/esm/core/crypto/CryptoManger.js +100 -0
- package/dist/esm/core/crypto/index.js +5 -5
- package/dist/esm/core/index.js +6 -0
- package/dist/esm/core/jwt/{jwtManager.js → JWTManager.js} +4 -4
- package/dist/esm/core/jwt/decode.js +1 -2
- package/dist/esm/core/jwt/generateTokens.js +3 -3
- package/dist/esm/core/jwt/index.js +8 -8
- package/dist/esm/core/jwt/parseDuration.js +1 -1
- package/dist/esm/core/jwt/signToken.js +2 -2
- package/dist/esm/core/jwt/validateToken.js +1 -1
- package/dist/esm/core/jwt/verify.js +1 -1
- package/dist/esm/core/password/{passwordManager.js → PasswordManager.js} +2 -2
- package/dist/esm/core/password/hash.js +4 -4
- package/dist/esm/core/password/index.js +5 -3
- package/dist/esm/core/password/strength.js +1 -1
- package/dist/esm/core/password/utils.js +1 -1
- package/dist/esm/core/password/verify.js +1 -1
- package/dist/esm/index.js +4 -13
- package/dist/esm/interfaces/index.js +1 -0
- package/dist/types/core/crypto/CryptoManger.d.ts +36 -0
- package/dist/types/core/crypto/index.d.ts +5 -5
- package/dist/types/core/index.d.ts +3 -0
- package/dist/{esm/core/jwt/jwtManager.d.ts → types/core/jwt/JWTManager.d.ts} +1 -1
- package/dist/types/core/jwt/generateTokens.d.ts +1 -1
- package/dist/types/core/jwt/index.d.ts +9 -8
- package/dist/types/core/jwt/verify.d.ts +1 -1
- package/dist/types/core/password/{passwordManager.d.ts → PasswordManager.d.ts} +1 -1
- package/dist/types/core/password/index.d.ts +6 -3
- package/dist/types/core/password/strength.d.ts +1 -1
- package/dist/types/index.d.ts +1 -40
- package/dist/types/interfaces/index.d.ts +2 -0
- package/package.json +33 -4
- package/dist/cjs/core/crypto/cryptoManager.d.ts +0 -111
- package/dist/cjs/core/crypto/cryptoManager.js +0 -208
- package/dist/cjs/core/crypto/decrypt.d.ts +0 -1
- package/dist/cjs/core/crypto/encrypt.d.ts +0 -1
- package/dist/cjs/core/crypto/hmac.d.ts +0 -8
- package/dist/cjs/core/crypto/index.d.ts +0 -5
- package/dist/cjs/core/crypto/random.d.ts +0 -8
- package/dist/cjs/core/jwt/decode.d.ts +0 -12
- package/dist/cjs/core/jwt/extractToken.d.ts +0 -11
- package/dist/cjs/core/jwt/generateTokens.d.ts +0 -4
- package/dist/cjs/core/jwt/index.d.ts +0 -8
- package/dist/cjs/core/jwt/jwtManager.d.ts +0 -43
- package/dist/cjs/core/jwt/parseDuration.d.ts +0 -1
- package/dist/cjs/core/jwt/signToken.d.ts +0 -2
- package/dist/cjs/core/jwt/types.d.ts +0 -22
- package/dist/cjs/core/jwt/validateToken.d.ts +0 -16
- package/dist/cjs/core/jwt/verify.d.ts +0 -18
- package/dist/cjs/core/password/hash.d.ts +0 -10
- package/dist/cjs/core/password/index.d.ts +0 -3
- package/dist/cjs/core/password/passwordManager.d.ts +0 -29
- package/dist/cjs/core/password/strength.d.ts +0 -2
- package/dist/cjs/core/password/types.d.ts +0 -7
- package/dist/cjs/core/password/utils.d.ts +0 -16
- package/dist/cjs/core/password/verify.d.ts +0 -10
- package/dist/cjs/index.d.ts +0 -40
- package/dist/cjs/interfaces/jwt.interface.d.ts +0 -47
- package/dist/cjs/interfaces/password.interface.d.ts +0 -60
- package/dist/esm/core/crypto/cryptoManager.d.ts +0 -111
- package/dist/esm/core/crypto/cryptoManager.js +0 -203
- package/dist/esm/core/crypto/decrypt.d.ts +0 -1
- package/dist/esm/core/crypto/encrypt.d.ts +0 -1
- package/dist/esm/core/crypto/hmac.d.ts +0 -8
- package/dist/esm/core/crypto/index.d.ts +0 -5
- package/dist/esm/core/crypto/random.d.ts +0 -8
- package/dist/esm/core/jwt/decode.d.ts +0 -12
- package/dist/esm/core/jwt/extractToken.d.ts +0 -11
- package/dist/esm/core/jwt/generateTokens.d.ts +0 -4
- package/dist/esm/core/jwt/index.d.ts +0 -8
- package/dist/esm/core/jwt/parseDuration.d.ts +0 -1
- package/dist/esm/core/jwt/signToken.d.ts +0 -2
- package/dist/esm/core/jwt/types.d.ts +0 -22
- package/dist/esm/core/jwt/validateToken.d.ts +0 -16
- package/dist/esm/core/jwt/verify.d.ts +0 -18
- package/dist/esm/core/password/hash.d.ts +0 -10
- package/dist/esm/core/password/index.d.ts +0 -3
- package/dist/esm/core/password/passwordManager.d.ts +0 -29
- package/dist/esm/core/password/strength.d.ts +0 -2
- package/dist/esm/core/password/types.d.ts +0 -7
- package/dist/esm/core/password/utils.d.ts +0 -16
- package/dist/esm/core/password/verify.d.ts +0 -10
- package/dist/esm/index.d.ts +0 -40
- package/dist/esm/interfaces/jwt.interface.d.ts +0 -47
- package/dist/esm/interfaces/password.interface.d.ts +0 -60
- package/dist/types/core/crypto/cryptoManager.d.ts +0 -111
- package/dist/types/core/jwt/jwtManager.d.ts +0 -43
|
@@ -6,8 +6,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
6
6
|
exports.PasswordManager = void 0;
|
|
7
7
|
const crypto_1 = __importDefault(require("crypto"));
|
|
8
8
|
const bcryptjs_1 = __importDefault(require("bcryptjs"));
|
|
9
|
-
const
|
|
10
|
-
const
|
|
9
|
+
const errors_1 = require("@naman_deep_singh/errors");
|
|
10
|
+
const utils_js_1 = require("./utils.js");
|
|
11
11
|
class PasswordManager {
|
|
12
12
|
constructor(config = {}) {
|
|
13
13
|
this.defaultConfig = {
|
|
@@ -26,7 +26,7 @@ class PasswordManager {
|
|
|
26
26
|
*/
|
|
27
27
|
async hash(password, salt) {
|
|
28
28
|
try {
|
|
29
|
-
(0,
|
|
29
|
+
(0, utils_js_1.ensureValidPassword)(password);
|
|
30
30
|
this.validate(password);
|
|
31
31
|
const saltRounds = this.defaultConfig.saltRounds;
|
|
32
32
|
let finalSalt = salt;
|
|
@@ -37,11 +37,11 @@ class PasswordManager {
|
|
|
37
37
|
return { hash, salt: finalSalt };
|
|
38
38
|
}
|
|
39
39
|
catch (error) {
|
|
40
|
-
if (error instanceof
|
|
41
|
-
error instanceof
|
|
40
|
+
if (error instanceof errors_1.BadRequestError ||
|
|
41
|
+
error instanceof errors_1.ValidationError) {
|
|
42
42
|
throw error;
|
|
43
43
|
}
|
|
44
|
-
throw new
|
|
44
|
+
throw new errors_1.BadRequestError({ reason: 'Failed to hash password' }, error instanceof Error ? error : undefined);
|
|
45
45
|
}
|
|
46
46
|
}
|
|
47
47
|
/**
|
|
@@ -64,7 +64,7 @@ class PasswordManager {
|
|
|
64
64
|
generate(length = 16, options = {}) {
|
|
65
65
|
const config = { ...this.defaultConfig, ...options };
|
|
66
66
|
if (length < config.minLength || length > config.maxLength) {
|
|
67
|
-
throw new
|
|
67
|
+
throw new errors_1.ValidationError({
|
|
68
68
|
reason: `Password length must be between ${config.minLength} and ${config.maxLength}`,
|
|
69
69
|
});
|
|
70
70
|
}
|
|
@@ -127,7 +127,7 @@ class PasswordManager {
|
|
|
127
127
|
* Check password strength
|
|
128
128
|
*/
|
|
129
129
|
checkStrength(password) {
|
|
130
|
-
const entropy = (0,
|
|
130
|
+
const entropy = (0, utils_js_1.estimatePasswordEntropy)(password);
|
|
131
131
|
let score = 0;
|
|
132
132
|
const feedback = [];
|
|
133
133
|
const suggestions = [];
|
|
@@ -6,20 +6,20 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
6
6
|
exports.hashPasswordSync = exports.hashPassword = void 0;
|
|
7
7
|
exports.hashPasswordWithPepper = hashPasswordWithPepper;
|
|
8
8
|
exports.hashPasswordWithPepperSync = hashPasswordWithPepperSync;
|
|
9
|
-
const
|
|
9
|
+
const errors_1 = require("@naman_deep_singh/errors");
|
|
10
10
|
const bcryptjs_1 = __importDefault(require("bcryptjs"));
|
|
11
|
-
const
|
|
11
|
+
const utils_js_1 = require("./utils.js");
|
|
12
12
|
/**
|
|
13
13
|
* Hash a password asynchronously using bcrypt.
|
|
14
14
|
*/
|
|
15
15
|
const hashPassword = async (password, saltRounds = 10) => {
|
|
16
16
|
try {
|
|
17
|
-
(0,
|
|
17
|
+
(0, utils_js_1.ensureValidPassword)(password);
|
|
18
18
|
const salt = await bcryptjs_1.default.genSalt(saltRounds);
|
|
19
19
|
return bcryptjs_1.default.hash(password, salt);
|
|
20
20
|
}
|
|
21
21
|
catch (error) {
|
|
22
|
-
throw new
|
|
22
|
+
throw new errors_1.InternalServerError(undefined, { reason: 'Password hashing failed' }, error instanceof Error ? error : undefined);
|
|
23
23
|
}
|
|
24
24
|
};
|
|
25
25
|
exports.hashPassword = hashPassword;
|
|
@@ -31,12 +31,12 @@ function hashPasswordWithPepper(password, pepper) {
|
|
|
31
31
|
*/
|
|
32
32
|
const hashPasswordSync = (password, saltRounds = 10) => {
|
|
33
33
|
try {
|
|
34
|
-
(0,
|
|
34
|
+
(0, utils_js_1.ensureValidPassword)(password);
|
|
35
35
|
const salt = bcryptjs_1.default.genSaltSync(saltRounds);
|
|
36
36
|
return bcryptjs_1.default.hashSync(password, salt);
|
|
37
37
|
}
|
|
38
38
|
catch (error) {
|
|
39
|
-
throw new
|
|
39
|
+
throw new errors_1.InternalServerError(undefined, { reason: 'Password hashing failed' }, error instanceof Error ? error : undefined);
|
|
40
40
|
}
|
|
41
41
|
};
|
|
42
42
|
exports.hashPasswordSync = hashPasswordSync;
|
|
@@ -1,19 +1,22 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
-
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
-
};
|
|
16
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
3
|
+
exports.normalizePassword = exports.estimatePasswordEntropy = exports.safeCompare = exports.ensureValidPassword = exports.PasswordManager = exports.verifyPasswordWithPepperSync = exports.verifyPasswordSync = exports.verifyPasswordWithPepper = exports.verifyPassword = exports.isPasswordStrong = exports.hashPasswordWithPepperSync = exports.hashPasswordSync = exports.hashPasswordWithPepper = exports.hashPassword = void 0;
|
|
4
|
+
var hash_js_1 = require("./hash.js");
|
|
5
|
+
Object.defineProperty(exports, "hashPassword", { enumerable: true, get: function () { return hash_js_1.hashPassword; } });
|
|
6
|
+
Object.defineProperty(exports, "hashPasswordWithPepper", { enumerable: true, get: function () { return hash_js_1.hashPasswordWithPepper; } });
|
|
7
|
+
Object.defineProperty(exports, "hashPasswordSync", { enumerable: true, get: function () { return hash_js_1.hashPasswordSync; } });
|
|
8
|
+
Object.defineProperty(exports, "hashPasswordWithPepperSync", { enumerable: true, get: function () { return hash_js_1.hashPasswordWithPepperSync; } });
|
|
9
|
+
var strength_js_1 = require("./strength.js");
|
|
10
|
+
Object.defineProperty(exports, "isPasswordStrong", { enumerable: true, get: function () { return strength_js_1.isPasswordStrong; } });
|
|
11
|
+
var verify_js_1 = require("./verify.js");
|
|
12
|
+
Object.defineProperty(exports, "verifyPassword", { enumerable: true, get: function () { return verify_js_1.verifyPassword; } });
|
|
13
|
+
Object.defineProperty(exports, "verifyPasswordWithPepper", { enumerable: true, get: function () { return verify_js_1.verifyPasswordWithPepper; } });
|
|
14
|
+
Object.defineProperty(exports, "verifyPasswordSync", { enumerable: true, get: function () { return verify_js_1.verifyPasswordSync; } });
|
|
15
|
+
Object.defineProperty(exports, "verifyPasswordWithPepperSync", { enumerable: true, get: function () { return verify_js_1.verifyPasswordWithPepperSync; } });
|
|
16
|
+
var PasswordManager_js_1 = require("./PasswordManager.js");
|
|
17
|
+
Object.defineProperty(exports, "PasswordManager", { enumerable: true, get: function () { return PasswordManager_js_1.PasswordManager; } });
|
|
18
|
+
var utils_js_1 = require("./utils.js");
|
|
19
|
+
Object.defineProperty(exports, "ensureValidPassword", { enumerable: true, get: function () { return utils_js_1.ensureValidPassword; } });
|
|
20
|
+
Object.defineProperty(exports, "safeCompare", { enumerable: true, get: function () { return utils_js_1.safeCompare; } });
|
|
21
|
+
Object.defineProperty(exports, "estimatePasswordEntropy", { enumerable: true, get: function () { return utils_js_1.estimatePasswordEntropy; } });
|
|
22
|
+
Object.defineProperty(exports, "normalizePassword", { enumerable: true, get: function () { return utils_js_1.normalizePassword; } });
|
|
@@ -1,27 +1,27 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.isPasswordStrong = void 0;
|
|
4
|
-
const
|
|
4
|
+
const errors_1 = require("@naman_deep_singh/errors");
|
|
5
5
|
const isPasswordStrong = (password, options = {}) => {
|
|
6
6
|
if (!password)
|
|
7
|
-
throw new
|
|
7
|
+
throw new errors_1.BadRequestError({ reason: 'Invalid password provided' });
|
|
8
8
|
const { minLength = 8, requireUppercase = true, requireLowercase = true, requireNumbers = true, requireSymbols = false, } = options;
|
|
9
9
|
if (password.length < minLength)
|
|
10
|
-
throw new
|
|
10
|
+
throw new errors_1.ValidationError({
|
|
11
11
|
reason: `Password must be at least ${minLength} characters long`,
|
|
12
12
|
});
|
|
13
13
|
if (requireUppercase && !/[A-Z]/.test(password))
|
|
14
|
-
throw new
|
|
14
|
+
throw new errors_1.ValidationError({
|
|
15
15
|
reason: 'Password must include uppercase letters',
|
|
16
16
|
});
|
|
17
17
|
if (requireLowercase && !/[a-z]/.test(password))
|
|
18
|
-
throw new
|
|
18
|
+
throw new errors_1.ValidationError({
|
|
19
19
|
reason: 'Password must include lowercase letters',
|
|
20
20
|
});
|
|
21
21
|
if (requireNumbers && !/[0-9]/.test(password))
|
|
22
|
-
throw new
|
|
22
|
+
throw new errors_1.ValidationError({ reason: 'Password must include numbers' });
|
|
23
23
|
if (requireSymbols && !/[^A-Za-z0-9]/.test(password))
|
|
24
|
-
throw new
|
|
24
|
+
throw new errors_1.ValidationError({ reason: 'Password must include symbols' });
|
|
25
25
|
return true;
|
|
26
26
|
};
|
|
27
27
|
exports.isPasswordStrong = isPasswordStrong;
|
|
@@ -8,13 +8,13 @@ exports.safeCompare = safeCompare;
|
|
|
8
8
|
exports.estimatePasswordEntropy = estimatePasswordEntropy;
|
|
9
9
|
exports.normalizePassword = normalizePassword;
|
|
10
10
|
const crypto_1 = __importDefault(require("crypto"));
|
|
11
|
-
const
|
|
11
|
+
const errors_1 = require("@naman_deep_singh/errors");
|
|
12
12
|
/**
|
|
13
13
|
* Ensure password is a valid non-empty string
|
|
14
14
|
*/
|
|
15
15
|
function ensureValidPassword(password) {
|
|
16
16
|
if (!password || typeof password !== 'string') {
|
|
17
|
-
throw new
|
|
17
|
+
throw new errors_1.BadRequestError({ reason: 'Invalid password provided' });
|
|
18
18
|
}
|
|
19
19
|
}
|
|
20
20
|
/**
|
|
@@ -6,7 +6,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
6
6
|
exports.verifyPasswordSync = exports.verifyPassword = void 0;
|
|
7
7
|
exports.verifyPasswordWithPepper = verifyPasswordWithPepper;
|
|
8
8
|
exports.verifyPasswordWithPepperSync = verifyPasswordWithPepperSync;
|
|
9
|
-
const
|
|
9
|
+
const errors_1 = require("@naman_deep_singh/errors");
|
|
10
10
|
const bcryptjs_1 = __importDefault(require("bcryptjs"));
|
|
11
11
|
/**
|
|
12
12
|
* Compare a password with a stored hash asynchronously.
|
|
@@ -15,11 +15,11 @@ const verifyPassword = async (password, hash) => {
|
|
|
15
15
|
try {
|
|
16
16
|
const result = await bcryptjs_1.default.compare(password, hash);
|
|
17
17
|
if (!result)
|
|
18
|
-
throw new
|
|
18
|
+
throw new errors_1.UnauthorizedError({ reason: 'Password verification failed' });
|
|
19
19
|
return result;
|
|
20
20
|
}
|
|
21
21
|
catch {
|
|
22
|
-
throw new
|
|
22
|
+
throw new errors_1.UnauthorizedError({ reason: 'Password verification failed' });
|
|
23
23
|
}
|
|
24
24
|
};
|
|
25
25
|
exports.verifyPassword = verifyPassword;
|
|
@@ -33,11 +33,11 @@ const verifyPasswordSync = (password, hash) => {
|
|
|
33
33
|
try {
|
|
34
34
|
const result = bcryptjs_1.default.compareSync(password, hash);
|
|
35
35
|
if (!result)
|
|
36
|
-
throw new
|
|
36
|
+
throw new errors_1.UnauthorizedError({ reason: 'Password verification failed' });
|
|
37
37
|
return result;
|
|
38
38
|
}
|
|
39
39
|
catch (_error) {
|
|
40
|
-
throw new
|
|
40
|
+
throw new errors_1.UnauthorizedError({ reason: 'Password verification failed' });
|
|
41
41
|
}
|
|
42
42
|
};
|
|
43
43
|
exports.verifyPasswordSync = verifyPasswordSync;
|
package/dist/cjs/index.js
CHANGED
|
@@ -10,47 +10,11 @@ var __createBinding = (this && this.__createBinding) || (Object.create ? (functi
|
|
|
10
10
|
if (k2 === undefined) k2 = k;
|
|
11
11
|
o[k2] = m[k];
|
|
12
12
|
}));
|
|
13
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
-
}) : function(o, v) {
|
|
16
|
-
o["default"] = v;
|
|
17
|
-
});
|
|
18
13
|
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
19
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
20
15
|
};
|
|
21
|
-
var __importStar = (this && this.__importStar) || (function () {
|
|
22
|
-
var ownKeys = function(o) {
|
|
23
|
-
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
24
|
-
var ar = [];
|
|
25
|
-
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
26
|
-
return ar;
|
|
27
|
-
};
|
|
28
|
-
return ownKeys(o);
|
|
29
|
-
};
|
|
30
|
-
return function (mod) {
|
|
31
|
-
if (mod && mod.__esModule) return mod;
|
|
32
|
-
var result = {};
|
|
33
|
-
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
34
|
-
__setModuleDefault(result, mod);
|
|
35
|
-
return result;
|
|
36
|
-
};
|
|
37
|
-
})();
|
|
38
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
39
|
-
|
|
40
|
-
__exportStar(require("./core/
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
// Re-export common errors for convenience
|
|
44
|
-
var errors_utils_1 = require("@naman_deep_singh/errors-utils");
|
|
45
|
-
Object.defineProperty(exports, "BadRequestError", { enumerable: true, get: function () { return errors_utils_1.BadRequestError; } });
|
|
46
|
-
Object.defineProperty(exports, "UnauthorizedError", { enumerable: true, get: function () { return errors_utils_1.UnauthorizedError; } });
|
|
47
|
-
Object.defineProperty(exports, "ValidationError", { enumerable: true, get: function () { return errors_utils_1.ValidationError; } });
|
|
48
|
-
Object.defineProperty(exports, "InternalServerError", { enumerable: true, get: function () { return errors_utils_1.InternalServerError; } });
|
|
49
|
-
const CryptoUtils = __importStar(require("./core/crypto"));
|
|
50
|
-
const JWTUtils = __importStar(require("./core/jwt"));
|
|
51
|
-
const PasswordUtils = __importStar(require("./core/password"));
|
|
52
|
-
exports.default = {
|
|
53
|
-
...PasswordUtils,
|
|
54
|
-
...JWTUtils,
|
|
55
|
-
...CryptoUtils,
|
|
56
|
-
};
|
|
17
|
+
// Core modules
|
|
18
|
+
__exportStar(require("./core/index.js"), exports);
|
|
19
|
+
// Public interfaces
|
|
20
|
+
// export * from './interfaces/index.js'
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
import crypto from 'crypto';
|
|
2
|
+
import { BadRequestError } from '@naman_deep_singh/errors';
|
|
3
|
+
import { decrypt } from './decrypt.js';
|
|
4
|
+
import { encrypt } from './encrypt.js';
|
|
5
|
+
import { hmacSign, hmacVerify } from './hmac.js';
|
|
6
|
+
/**
|
|
7
|
+
* High-level cryptography manager
|
|
8
|
+
* Wraps encryption, decryption, HMAC, and random utilities
|
|
9
|
+
*/
|
|
10
|
+
export class CryptoManager {
|
|
11
|
+
constructor(secret) {
|
|
12
|
+
if (!secret || typeof secret !== 'string' || secret.length < 16) {
|
|
13
|
+
throw new BadRequestError({
|
|
14
|
+
reason: 'CryptoManager secret must be a non-empty string (min 16 chars)',
|
|
15
|
+
});
|
|
16
|
+
}
|
|
17
|
+
this.secret = secret;
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* Encrypt data using AES-256-GCM
|
|
21
|
+
*/
|
|
22
|
+
encrypt(data) {
|
|
23
|
+
if (!data || typeof data !== 'string') {
|
|
24
|
+
throw new BadRequestError({
|
|
25
|
+
reason: 'Data to encrypt must be a non-empty string',
|
|
26
|
+
});
|
|
27
|
+
}
|
|
28
|
+
return encrypt(data, this.secret);
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
* Decrypt AES-256-GCM encrypted data
|
|
32
|
+
*/
|
|
33
|
+
decrypt(encrypted) {
|
|
34
|
+
if (!encrypted || typeof encrypted !== 'string') {
|
|
35
|
+
throw new BadRequestError({
|
|
36
|
+
reason: 'Encrypted value must be a non-empty string',
|
|
37
|
+
});
|
|
38
|
+
}
|
|
39
|
+
return decrypt(encrypted, this.secret);
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Create HMAC SHA-256 signature
|
|
43
|
+
*/
|
|
44
|
+
createHMAC(message) {
|
|
45
|
+
if (!message || typeof message !== 'string') {
|
|
46
|
+
throw new BadRequestError({
|
|
47
|
+
reason: 'Message must be a non-empty string',
|
|
48
|
+
});
|
|
49
|
+
}
|
|
50
|
+
return hmacSign(message, this.secret);
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* Verify HMAC SHA-256 signature
|
|
54
|
+
*/
|
|
55
|
+
verifyHMAC(message, signature) {
|
|
56
|
+
if (!message ||
|
|
57
|
+
typeof message !== 'string' ||
|
|
58
|
+
!signature ||
|
|
59
|
+
typeof signature !== 'string') {
|
|
60
|
+
return false;
|
|
61
|
+
}
|
|
62
|
+
return hmacVerify(message, this.secret, signature);
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* Generate cryptographically secure random bytes
|
|
66
|
+
*/
|
|
67
|
+
generateRandomBytes(length = 32) {
|
|
68
|
+
if (!Number.isInteger(length) || length <= 0) {
|
|
69
|
+
throw new BadRequestError({
|
|
70
|
+
reason: 'Random byte length must be a positive integer',
|
|
71
|
+
});
|
|
72
|
+
}
|
|
73
|
+
return crypto.randomBytes(length);
|
|
74
|
+
}
|
|
75
|
+
/**
|
|
76
|
+
* Generate secure random hex string
|
|
77
|
+
*/
|
|
78
|
+
generateRandomHex(length = 32) {
|
|
79
|
+
if (!Number.isInteger(length) || length <= 0) {
|
|
80
|
+
throw new BadRequestError({
|
|
81
|
+
reason: 'Random hex length must be a positive integer',
|
|
82
|
+
});
|
|
83
|
+
}
|
|
84
|
+
return crypto.randomBytes(length).toString('hex');
|
|
85
|
+
}
|
|
86
|
+
/**
|
|
87
|
+
* Generate secure random string (URL-safe base64)
|
|
88
|
+
*/
|
|
89
|
+
generateRandomString(length = 32) {
|
|
90
|
+
if (!Number.isInteger(length) || length <= 0) {
|
|
91
|
+
throw new BadRequestError({
|
|
92
|
+
reason: 'Random string length must be a positive integer',
|
|
93
|
+
});
|
|
94
|
+
}
|
|
95
|
+
return crypto
|
|
96
|
+
.randomBytes(Math.ceil((length * 3) / 4))
|
|
97
|
+
.toString('base64url')
|
|
98
|
+
.slice(0, length);
|
|
99
|
+
}
|
|
100
|
+
}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
export {
|
|
2
|
-
export { encrypt } from './encrypt';
|
|
3
|
-
export {
|
|
4
|
-
export {
|
|
5
|
-
export
|
|
1
|
+
export { CryptoManager } from './CryptoManger.js';
|
|
2
|
+
export { encrypt } from './encrypt.js';
|
|
3
|
+
export { decrypt } from './decrypt.js';
|
|
4
|
+
export { hmacSign, hmacVerify } from './hmac.js';
|
|
5
|
+
export { randomToken, generateStrongPassword } from './random.js';
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
// Re-export everything from crypto module
|
|
2
|
+
export { CryptoManager, encrypt, decrypt, hmacSign, hmacVerify, randomToken, generateStrongPassword, } from './crypto/index.js';
|
|
3
|
+
// Re-export everything from jwt module
|
|
4
|
+
export { decodeToken, decodeTokenStrict, extractToken, generateTokens, rotateRefreshToken, parseDuration, signToken, validateTokenPayload, isTokenExpired, verifyToken, verifyTokenWithOptions, safeVerifyToken, safeVerifyTokenWithOptions, JWTManager, } from './jwt/index.js';
|
|
5
|
+
// Re-export everything from password module
|
|
6
|
+
export { hashPassword, hashPasswordWithPepper, hashPasswordSync, hashPasswordWithPepperSync, isPasswordStrong, verifyPassword, verifyPasswordWithPepper, verifyPasswordSync, verifyPasswordWithPepperSync, PasswordManager, ensureValidPassword, safeCompare, estimatePasswordEntropy, normalizePassword, } from './password/index.js';
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
+
import { BadRequestError, UnauthorizedError, ValidationError, } from '@naman_deep_singh/errors';
|
|
2
|
+
import { LRUCache } from '@naman_deep_singh/utils';
|
|
1
3
|
import jwt from 'jsonwebtoken';
|
|
2
|
-
import { signToken } from './signToken';
|
|
3
|
-
import { safeVerifyToken } from './verify';
|
|
4
|
-
import { BadRequestError, UnauthorizedError, ValidationError, } from '@naman_deep_singh/errors-utils';
|
|
5
|
-
import { LRUCache } from '@naman_deep_singh/js-extensions';
|
|
4
|
+
import { signToken } from './signToken.js';
|
|
5
|
+
import { safeVerifyToken } from './verify.js';
|
|
6
6
|
export class JWTManager {
|
|
7
7
|
constructor(config) {
|
|
8
8
|
this.accessSecret = config.accessSecret;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { TokenMalformedError } from '@naman_deep_singh/errors
|
|
2
|
-
import { signToken } from './signToken';
|
|
3
|
-
import { verifyToken } from './verify';
|
|
1
|
+
import { TokenMalformedError } from '@naman_deep_singh/errors';
|
|
2
|
+
import { signToken } from './signToken.js';
|
|
3
|
+
import { verifyToken } from './verify.js';
|
|
4
4
|
// Helper function to create branded tokens
|
|
5
5
|
/* const createBrandedToken = <T extends string>(token: string, _brand: T): T => {
|
|
6
6
|
return token as T
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
export
|
|
2
|
-
export
|
|
3
|
-
export
|
|
4
|
-
export
|
|
5
|
-
export
|
|
6
|
-
export
|
|
7
|
-
export
|
|
8
|
-
export
|
|
1
|
+
export { decodeToken, decodeTokenStrict } from './decode.js';
|
|
2
|
+
export { extractToken } from './extractToken.js';
|
|
3
|
+
export { generateTokens, rotateRefreshToken } from './generateTokens.js';
|
|
4
|
+
export { parseDuration } from './parseDuration.js';
|
|
5
|
+
export { signToken } from './signToken.js';
|
|
6
|
+
export { validateTokenPayload, isTokenExpired, } from './validateToken.js';
|
|
7
|
+
export { verifyToken, verifyTokenWithOptions, safeVerifyToken, safeVerifyTokenWithOptions, } from './verify.js';
|
|
8
|
+
export { JWTManager } from './JWTManager.js';
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { ValidationError } from '@naman_deep_singh/errors
|
|
1
|
+
import { ValidationError } from '@naman_deep_singh/errors';
|
|
2
2
|
import { sign } from 'jsonwebtoken';
|
|
3
|
-
import { parseDuration } from './parseDuration';
|
|
3
|
+
import { parseDuration } from './parseDuration.js';
|
|
4
4
|
function getExpiryTimestamp(seconds) {
|
|
5
5
|
return Math.floor(Date.now() / 1000) + seconds;
|
|
6
6
|
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import crypto from 'crypto';
|
|
2
2
|
import bcrypt from 'bcryptjs';
|
|
3
|
-
import { BadRequestError, ValidationError
|
|
4
|
-
import { ensureValidPassword, estimatePasswordEntropy } from './utils';
|
|
3
|
+
import { BadRequestError, ValidationError } from '@naman_deep_singh/errors';
|
|
4
|
+
import { ensureValidPassword, estimatePasswordEntropy } from './utils.js';
|
|
5
5
|
export class PasswordManager {
|
|
6
6
|
constructor(config = {}) {
|
|
7
7
|
this.defaultConfig = {
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { InternalServerError } from '@naman_deep_singh/errors
|
|
1
|
+
import { InternalServerError } from '@naman_deep_singh/errors';
|
|
2
2
|
import bcrypt from 'bcryptjs';
|
|
3
|
-
import { ensureValidPassword } from './utils';
|
|
3
|
+
import { ensureValidPassword } from './utils.js';
|
|
4
4
|
/**
|
|
5
5
|
* Hash a password asynchronously using bcrypt.
|
|
6
6
|
*/
|
|
@@ -11,7 +11,7 @@ export const hashPassword = async (password, saltRounds = 10) => {
|
|
|
11
11
|
return bcrypt.hash(password, salt);
|
|
12
12
|
}
|
|
13
13
|
catch (error) {
|
|
14
|
-
throw new InternalServerError({ reason: 'Password hashing failed' }, error instanceof Error ? error : undefined);
|
|
14
|
+
throw new InternalServerError(undefined, { reason: 'Password hashing failed' }, error instanceof Error ? error : undefined);
|
|
15
15
|
}
|
|
16
16
|
};
|
|
17
17
|
export function hashPasswordWithPepper(password, pepper) {
|
|
@@ -27,7 +27,7 @@ export const hashPasswordSync = (password, saltRounds = 10) => {
|
|
|
27
27
|
return bcrypt.hashSync(password, salt);
|
|
28
28
|
}
|
|
29
29
|
catch (error) {
|
|
30
|
-
throw new InternalServerError({ reason: 'Password hashing failed' }, error instanceof Error ? error : undefined);
|
|
30
|
+
throw new InternalServerError(undefined, { reason: 'Password hashing failed' }, error instanceof Error ? error : undefined);
|
|
31
31
|
}
|
|
32
32
|
};
|
|
33
33
|
export function hashPasswordWithPepperSync(password, pepper) {
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
-
export
|
|
2
|
-
export
|
|
3
|
-
export
|
|
1
|
+
export { hashPassword, hashPasswordWithPepper, hashPasswordSync, hashPasswordWithPepperSync, } from './hash.js';
|
|
2
|
+
export { isPasswordStrong } from './strength.js';
|
|
3
|
+
export { verifyPassword, verifyPasswordWithPepper, verifyPasswordSync, verifyPasswordWithPepperSync, } from './verify.js';
|
|
4
|
+
export { PasswordManager } from './PasswordManager.js';
|
|
5
|
+
export { ensureValidPassword, safeCompare, estimatePasswordEntropy, normalizePassword, } from './utils.js';
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { BadRequestError, ValidationError
|
|
1
|
+
import { BadRequestError, ValidationError } from '@naman_deep_singh/errors';
|
|
2
2
|
export const isPasswordStrong = (password, options = {}) => {
|
|
3
3
|
if (!password)
|
|
4
4
|
throw new BadRequestError({ reason: 'Invalid password provided' });
|
package/dist/esm/index.js
CHANGED
|
@@ -1,13 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
export * from './core/
|
|
3
|
-
|
|
4
|
-
//
|
|
5
|
-
export { BadRequestError, UnauthorizedError, ValidationError, InternalServerError, } from '@naman_deep_singh/errors-utils';
|
|
6
|
-
import * as CryptoUtils from './core/crypto';
|
|
7
|
-
import * as JWTUtils from './core/jwt';
|
|
8
|
-
import * as PasswordUtils from './core/password';
|
|
9
|
-
export default {
|
|
10
|
-
...PasswordUtils,
|
|
11
|
-
...JWTUtils,
|
|
12
|
-
...CryptoUtils,
|
|
13
|
-
};
|
|
1
|
+
// Core modules
|
|
2
|
+
export * from './core/index.js';
|
|
3
|
+
// Public interfaces
|
|
4
|
+
// export * from './interfaces/index.js'
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* High-level cryptography manager
|
|
3
|
+
* Wraps encryption, decryption, HMAC, and random utilities
|
|
4
|
+
*/
|
|
5
|
+
export declare class CryptoManager {
|
|
6
|
+
private readonly secret;
|
|
7
|
+
constructor(secret: string);
|
|
8
|
+
/**
|
|
9
|
+
* Encrypt data using AES-256-GCM
|
|
10
|
+
*/
|
|
11
|
+
encrypt(data: string): string;
|
|
12
|
+
/**
|
|
13
|
+
* Decrypt AES-256-GCM encrypted data
|
|
14
|
+
*/
|
|
15
|
+
decrypt(encrypted: string): string;
|
|
16
|
+
/**
|
|
17
|
+
* Create HMAC SHA-256 signature
|
|
18
|
+
*/
|
|
19
|
+
createHMAC(message: string): string;
|
|
20
|
+
/**
|
|
21
|
+
* Verify HMAC SHA-256 signature
|
|
22
|
+
*/
|
|
23
|
+
verifyHMAC(message: string, signature: string): boolean;
|
|
24
|
+
/**
|
|
25
|
+
* Generate cryptographically secure random bytes
|
|
26
|
+
*/
|
|
27
|
+
generateRandomBytes(length?: number): Buffer;
|
|
28
|
+
/**
|
|
29
|
+
* Generate secure random hex string
|
|
30
|
+
*/
|
|
31
|
+
generateRandomHex(length?: number): string;
|
|
32
|
+
/**
|
|
33
|
+
* Generate secure random string (URL-safe base64)
|
|
34
|
+
*/
|
|
35
|
+
generateRandomString(length?: number): string;
|
|
36
|
+
}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
export {
|
|
2
|
-
export { encrypt } from './encrypt';
|
|
3
|
-
export {
|
|
4
|
-
export {
|
|
5
|
-
export
|
|
1
|
+
export { CryptoManager } from './CryptoManger.js';
|
|
2
|
+
export { encrypt } from './encrypt.js';
|
|
3
|
+
export { decrypt } from './decrypt.js';
|
|
4
|
+
export { hmacSign, hmacVerify } from './hmac.js';
|
|
5
|
+
export { randomToken, generateStrongPassword } from './random.js';
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
export { CryptoManager, encrypt, decrypt, hmacSign, hmacVerify, randomToken, generateStrongPassword, } from './crypto/index.js';
|
|
2
|
+
export { decodeToken, decodeTokenStrict, extractToken, generateTokens, rotateRefreshToken, parseDuration, signToken, validateTokenPayload, isTokenExpired, verifyToken, verifyTokenWithOptions, safeVerifyToken, safeVerifyTokenWithOptions, JWTManager, type TokenSources, type AccessToken, type RefreshToken, type TokenPair, type VerificationResult, type TokenValidationOptions, type TokenRequirements, } from './jwt/index.js';
|
|
3
|
+
export { hashPassword, hashPasswordWithPepper, hashPasswordSync, hashPasswordWithPepperSync, isPasswordStrong, verifyPassword, verifyPasswordWithPepper, verifyPasswordSync, verifyPasswordWithPepperSync, PasswordManager, type PasswordStrengthOptions, ensureValidPassword, safeCompare, estimatePasswordEntropy, normalizePassword, } from './password/index.js';
|