@naman_deep_singh/security 1.5.1 → 1.7.0

package/dist/esm/core/jwt/types.d.ts

@@ -1,22 +0,0 @@
-import type { JwtPayload } from 'jsonwebtoken';
-export interface AccessTokenBrand {
-    readonly access: unique symbol;
-}
-export interface RefreshTokenBrand {
-    readonly refresh: unique symbol;
-}
-export type AccessToken = string & AccessTokenBrand;
-export type RefreshToken = string & RefreshTokenBrand;
-export interface TokenPair {
-    accessToken: AccessToken;
-    refreshToken: RefreshToken;
-}
-export interface VerificationResult<T = JwtPayload> {
-    valid: boolean;
-    payload?: T | string;
-    error?: Error;
-}
-export interface TokenValidationOptions {
-    ignoreExpiration?: boolean;
-    ignoreIssuedAt?: boolean;
-}

package/dist/esm/core/jwt/validateToken.d.ts

@@ -1,16 +0,0 @@
-import type { JwtPayload } from 'jsonwebtoken';
-export interface TokenRequirements {
-    requiredFields?: string[];
-    forbiddenFields?: string[];
-    validateTypes?: Record<string, 'string' | 'number' | 'boolean'>;
-}
-/**
- * Validates a JWT payload according to the provided rules.
- * Throws ValidationError if validation fails.
- */
-export declare function validateTokenPayload(payload: Record<string, unknown>, rules?: TokenRequirements): void;
-/**
- * Checks if a JWT payload is expired.
- * Returns true if expired or missing 'exp'.
- */
-export declare function isTokenExpired(payload: JwtPayload): boolean;

package/dist/esm/core/jwt/verify.d.ts

@@ -1,18 +0,0 @@
-import { type JwtPayload, type Secret, type VerifyOptions } from 'jsonwebtoken';
-import type { VerificationResult } from './types';
-/**
- * Verify token (throws UnauthorizedError if invalid or expired)
- */
-export declare const verifyToken: (token: string, secret: Secret) => string | JwtPayload;
-/**
- * Verify token with options
- */
-export declare const verifyTokenWithOptions: (token: string, secret: Secret, options?: VerifyOptions) => string | JwtPayload;
-/**
- * Safe verify — never throws, returns structured result with UnauthorizedError on failure
- */
-export declare const safeVerifyToken: (token: string, secret: Secret) => VerificationResult;
-/**
- * Safe verify with options — never throws, returns structured result with UnauthorizedError on failure
- */
-export declare const safeVerifyTokenWithOptions: (token: string, secret: Secret, options?: VerifyOptions) => VerificationResult;

package/dist/esm/core/password/hash.d.ts

@@ -1,10 +0,0 @@
-/**
- * Hash a password asynchronously using bcrypt.
- */
-export declare const hashPassword: (password: string, saltRounds?: number) => Promise<string>;
-export declare function hashPasswordWithPepper(password: string, pepper: string): Promise<string>;
-/**
- * Hash a password synchronously using bcrypt.
- */
-export declare const hashPasswordSync: (password: string, saltRounds?: number) => string;
-export declare function hashPasswordWithPepperSync(password: string, pepper: string): string;

package/dist/esm/core/password/index.d.ts

@@ -1,3 +0,0 @@
-export * from './hash';
-export * from './strength';
-export * from './verify';

package/dist/esm/core/password/passwordManager.d.ts

@@ -1,29 +0,0 @@
-import type { HashedPassword, IPasswordManager, PasswordConfig, PasswordStrength, PasswordValidationResult } from '../../interfaces/password.interface';
-export declare class PasswordManager implements IPasswordManager {
-    private defaultConfig;
-    constructor(config?: PasswordConfig);
-    /**
-     * Hash a password asynchronously using bcrypt
-     */
-    hash(password: string, salt?: string): Promise<HashedPassword>;
-    /**
-     * Verify password against hash and salt
-     */
-    verify(password: string, hash: string, salt: string): Promise<boolean>;
-    /**
-     * Generate a random password
-     */
-    generate(length?: number, options?: PasswordConfig): string;
-    /**
-     * Validate password against configuration
-     */
-    validate(password: string, config?: PasswordConfig): PasswordValidationResult;
-    /**
-     * Check password strength
-     */
-    checkStrength(password: string): PasswordStrength;
-    /**
-     * Check if password hash needs upgrade (saltRounds change)
-     */
-    needsUpgrade(_hash: string, _currentConfig: PasswordConfig): boolean;
-}

package/dist/esm/core/password/strength.d.ts

@@ -1,2 +0,0 @@
-import type { PasswordStrengthOptions } from './types';
-export declare const isPasswordStrong: (password: string, options?: PasswordStrengthOptions) => boolean;

package/dist/esm/core/password/types.d.ts

@@ -1,7 +0,0 @@
-export interface PasswordStrengthOptions {
-    minLength?: number;
-    requireUppercase?: boolean;
-    requireLowercase?: boolean;
-    requireNumbers?: boolean;
-    requireSymbols?: boolean;
-}

package/dist/esm/core/password/utils.d.ts

@@ -1,16 +0,0 @@
-/**
- * Ensure password is a valid non-empty string
- */
-export declare function ensureValidPassword(password: string): void;
-/**
- * Timing-safe comparison between two strings
- */
-export declare function safeCompare(a: string, b: string): boolean;
-/**
- * Estimate password entropy based on character pool
- */
-export declare function estimatePasswordEntropy(password: string): number;
-/**
- * Normalize password string to a consistent form
- */
-export declare function normalizePassword(password: string): string;

package/dist/esm/core/password/verify.d.ts

@@ -1,10 +0,0 @@
-/**
- * Compare a password with a stored hash asynchronously.
- */
-export declare const verifyPassword: (password: string, hash: string) => Promise<boolean>;
-export declare function verifyPasswordWithPepper(password: string, pepper: string, hash: string): Promise<boolean>;
-/**
- * Compare a password with a stored hash synchronously.
- */
-export declare const verifyPasswordSync: (password: string, hash: string) => boolean;
-export declare function verifyPasswordWithPepperSync(password: string, pepper: string, hash: string): Promise<boolean>;

package/dist/esm/index.d.ts

@@ -1,40 +0,0 @@
-export * from './core/password';
-export * from './core/jwt';
-export * from './core/crypto';
-export { BadRequestError, UnauthorizedError, ValidationError, InternalServerError, } from '@naman_deep_singh/errors-utils';
-import * as CryptoUtils from './core/crypto';
-import * as JWTUtils from './core/jwt';
-declare const _default: {
-    decrypt: (data: string, secret: string) => string;
-    encrypt: (text: string, secret: string) => string;
-    hmacSign: (message: string, secret: string) => string;
-    hmacVerify: (message: string, secret: string, signature: string) => boolean;
-    randomToken: (length?: number) => string;
-    generateStrongPassword: (length?: number) => string;
-    CryptoManager: typeof CryptoUtils.CryptoManager;
-    createCryptoManager: (config?: CryptoUtils.CryptoManagerConfig) => CryptoUtils.CryptoManager;
-    cryptoManager: CryptoUtils.CryptoManager;
-    decodeToken(token: string): null | string | import("node_modules/@types/jsonwebtoken").JwtPayload;
-    decodeTokenStrict(token: string): import("node_modules/@types/jsonwebtoken").JwtPayload;
-    extractToken(sources: JWTUtils.TokenSources): string | null;
-    rotateRefreshToken(oldToken: string, secret: import("node_modules/@types/jsonwebtoken").Secret): JWTUtils.RefreshToken;
-    generateTokens: (payload: Record<string, unknown>, accessSecret: import("node_modules/@types/jsonwebtoken").Secret, refreshSecret: import("node_modules/@types/jsonwebtoken").Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => JWTUtils.TokenPair;
-    parseDuration(input: string | number): number;
-    signToken: (payload: Record<string, unknown>, secret: import("node_modules/@types/jsonwebtoken").Secret, expiresIn?: string | number, options?: import("node_modules/@types/jsonwebtoken").SignOptions) => string;
-    validateTokenPayload(payload: Record<string, unknown>, rules?: JWTUtils.TokenRequirements): void;
-    isTokenExpired(payload: import("node_modules/@types/jsonwebtoken").JwtPayload): boolean;
-    verifyToken: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret) => string | import("node_modules/@types/jsonwebtoken").JwtPayload;
-    verifyTokenWithOptions: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret, options?: import("node_modules/@types/jsonwebtoken").VerifyOptions) => string | import("node_modules/@types/jsonwebtoken").JwtPayload;
-    safeVerifyToken: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret) => JWTUtils.VerificationResult;
-    safeVerifyTokenWithOptions: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret, options?: import("node_modules/@types/jsonwebtoken").VerifyOptions) => JWTUtils.VerificationResult;
-    hashPasswordWithPepper(password: string, pepper: string): Promise<string>;
-    hashPasswordWithPepperSync(password: string, pepper: string): string;
-    hashPassword: (password: string, saltRounds?: number) => Promise<string>;
-    hashPasswordSync: (password: string, saltRounds?: number) => string;
-    isPasswordStrong: (password: string, options?: import("./core/password/types").PasswordStrengthOptions) => boolean;
-    verifyPasswordWithPepper(password: string, pepper: string, hash: string): Promise<boolean>;
-    verifyPasswordWithPepperSync(password: string, pepper: string, hash: string): Promise<boolean>;
-    verifyPassword: (password: string, hash: string) => Promise<boolean>;
-    verifyPasswordSync: (password: string, hash: string) => boolean;
-};
-export default _default;

package/dist/esm/interfaces/jwt.interface.d.ts

@@ -1,47 +0,0 @@
-import type { JwtPayload, Secret } from 'jsonwebtoken';
-export interface AccessToken extends String {
-    readonly __type: 'AccessToken';
-}
-export interface RefreshToken extends String {
-    readonly __type: 'RefreshToken';
-}
-export interface TokenPair {
-    accessToken: AccessToken;
-    refreshToken: RefreshToken;
-}
-export interface JWTConfig {
-    accessSecret: Secret;
-    refreshSecret: Secret;
-    accessExpiry?: string | number;
-    refreshExpiry?: string | number;
-    enableCaching?: boolean;
-    maxCacheSize?: number;
-}
-export interface TokenValidationOptions {
-    ignoreExpiration?: boolean;
-    ignoreNotBefore?: boolean;
-    audience?: string | string[];
-    issuer?: string;
-    algorithms?: string[];
-}
-export interface TokenGenerationOptions {
-    algorithm?: string;
-    expiresIn?: string | number;
-    audience?: string | string[];
-    issuer?: string;
-    subject?: string;
-    kid?: string;
-}
-export interface ITokenManager {
-    generateTokens(payload: Record<string, unknown>): Promise<TokenPair>;
-    generateAccessToken(payload: Record<string, unknown>): Promise<AccessToken>;
-    generateRefreshToken(payload: Record<string, unknown>): Promise<RefreshToken>;
-    verifyAccessToken(token: string): Promise<JwtPayload | string>;
-    verifyRefreshToken(token: string): Promise<JwtPayload | string>;
-    decodeToken(token: string, complete?: boolean): JwtPayload | string | null;
-    extractTokenFromHeader(authHeader: string): string | null;
-    validateToken(token: string, secret: Secret, options?: TokenValidationOptions): boolean;
-    rotateRefreshToken(oldToken: string): Promise<RefreshToken>;
-    isTokenExpired(token: string): boolean;
-    getTokenExpiration(token: string): Date | null;
-}

package/dist/esm/interfaces/password.interface.d.ts

@@ -1,60 +0,0 @@
-export interface PasswordConfig {
-    saltRounds?: number;
-    minLength?: number;
-    maxLength?: number;
-    requireUppercase?: boolean;
-    requireLowercase?: boolean;
-    requireNumbers?: boolean;
-    requireSpecialChars?: boolean;
-    customRules?: PasswordRule[];
-}
-export interface PasswordRule {
-    test: (password: string) => boolean;
-    message: string;
-}
-export interface PasswordStrength {
-    score: number;
-    label: 'very-weak' | 'weak' | 'fair' | 'good' | 'strong';
-    feedback: string[];
-    suggestions: string[];
-}
-export interface PasswordValidationResult {
-    isValid: boolean;
-    errors: string[];
-    strength: PasswordStrength;
-}
-export interface HashedPassword {
-    hash: string;
-    salt: string;
-}
-export interface IPasswordManager {
-    hash(password: string, salt?: string): Promise<HashedPassword>;
-    verify(password: string, hash: string, salt: string): Promise<boolean>;
-    generate(length?: number, options?: PasswordConfig): string;
-    validate(password: string, config?: PasswordConfig): PasswordValidationResult;
-    checkStrength(password: string): PasswordStrength;
-    needsUpgrade(hash: string, currentConfig: PasswordConfig): boolean;
-}
-export interface IPasswordStrengthChecker {
-    analyze(password: string): PasswordStrength;
-    checkLength(password: string): {
-        valid: boolean;
-        message: string;
-    };
-    checkComplexity(password: string, config: PasswordConfig): {
-        valid: boolean;
-        message: string;
-    }[];
-    checkCommonPasswords(password: string): {
-        valid: boolean;
-        message: string;
-    };
-    checkSequential(password: string): {
-        valid: boolean;
-        message: string;
-    };
-    checkRepetition(password: string): {
-        valid: boolean;
-        message: string;
-    };
-}

package/dist/types/core/crypto/cryptoManager.d.ts

@@ -1,111 +0,0 @@
-/**
- * Configuration options for CryptoManager
- */
-export interface CryptoManagerConfig {
-    defaultAlgorithm?: string;
-    defaultEncoding?: BufferEncoding;
-    hmacAlgorithm?: string;
-}
-/**
- * CryptoManager - Class-based wrapper for all cryptographic operations
- * Provides a consistent interface for encryption, decryption, HMAC generation, and secure random generation
- */
-export declare class CryptoManager {
-    private config;
-    constructor(config?: CryptoManagerConfig);
-    /**
-     * Update configuration
-     */
-    updateConfig(config: Partial<CryptoManagerConfig>): void;
-    /**
-     * Get current configuration
-     */
-    getConfig(): Required<CryptoManagerConfig>;
-    /**
-     * Encrypt data using the default or specified algorithm
-     */
-    encrypt(plaintext: string, key: string, _options?: {
-        algorithm?: string;
-        encoding?: BufferEncoding;
-        iv?: string;
-    }): string;
-    /**
-     * Decrypt data using the default or specified algorithm
-     */
-    decrypt(encryptedData: string, key: string, _options?: {
-        algorithm?: string;
-        encoding?: BufferEncoding;
-        iv?: string;
-    }): string;
-    /**
-     * Generate HMAC signature
-     */
-    generateHmac(data: string, secret: string, _options?: {
-        algorithm?: string;
-        encoding?: BufferEncoding;
-    }): string;
-    /**
-     * Generate cryptographically secure random bytes
-     */
-    generateSecureRandom(length: number, _encoding?: BufferEncoding): string;
-    /**
-     * Verify HMAC signature
-     */
-    verifyHmac(data: string, secret: string, signature: string, _options?: {
-        algorithm?: string;
-        encoding?: BufferEncoding;
-    }): boolean;
-    /**
-     * Create a key derivation function using PBKDF2
-     */
-    deriveKey(password: string, salt: string, iterations?: number, keyLength?: number): Promise<string>;
-    /**
-     * Hash data using SHA-256
-     */
-    sha256(data: string, encoding?: BufferEncoding): string;
-    /**
-     * Hash data using SHA-512
-     */
-    sha512(data: string, encoding?: BufferEncoding): string;
-    /**
-     * Generate a secure key pair for asymmetric encryption
-     */
-    generateKeyPair(options?: {
-        modulusLength?: number;
-        publicKeyEncoding?: {
-            type: string;
-            format: string;
-        };
-        privateKeyEncoding?: {
-            type: string;
-            format: string;
-        };
-    }): Promise<{
-        publicKey: string;
-        privateKey: string;
-    }>;
-    /**
-     * Encrypt data using RSA public key
-     */
-    rsaEncrypt(data: string, publicKey: string): Promise<string>;
-    /**
-     * Decrypt data using RSA private key
-     */
-    rsaDecrypt(encryptedData: string, privateKey: string): Promise<string>;
-    /**
-     * Create digital signature using RSA private key
-     */
-    rsaSign(data: string, privateKey: string, algorithm?: string): Promise<string>;
-    /**
-     * Verify digital signature using RSA public key
-     */
-    rsaVerify(data: string, signature: string, publicKey: string, algorithm?: string): Promise<boolean>;
-}
-/**
- * Create a CryptoManager instance with default configuration
- */
-export declare const createCryptoManager: (config?: CryptoManagerConfig) => CryptoManager;
-/**
- * Default CryptoManager instance
- */
-export declare const cryptoManager: CryptoManager;

package/dist/types/core/jwt/jwtManager.d.ts

@@ -1,43 +0,0 @@
-import { type JwtPayload, type Secret } from 'jsonwebtoken';
-import type { AccessToken, ITokenManager, JWTConfig, RefreshToken, TokenPair } from '../../interfaces/jwt.interface';
-export declare class JWTManager implements ITokenManager {
-    private accessSecret;
-    private refreshSecret;
-    private accessExpiry;
-    private refreshExpiry;
-    private cache?;
-    private cacheTTL;
-    constructor(config: JWTConfig);
-    /** Generate both access and refresh tokens */
-    generateTokens(payload: Record<string, unknown>): Promise<TokenPair>;
-    /** Generate access token */
-    generateAccessToken(payload: Record<string, unknown>): Promise<AccessToken>;
-    /** Generate refresh token */
-    generateRefreshToken(payload: Record<string, unknown>): Promise<RefreshToken>;
-    /** Verify access token */
-    verifyAccessToken(token: string): Promise<JwtPayload>;
-    /** Verify refresh token */
-    verifyRefreshToken(token: string): Promise<JwtPayload>;
-    /** Decode token without verification */
-    decodeToken(token: string, complete?: boolean): JwtPayload | string | null;
-    /** Extract token from Authorization header */
-    extractTokenFromHeader(authHeader: string): string | null;
-    /** Validate token without throwing exceptions */
-    validateToken(token: string, secret: Secret): boolean;
-    /** Rotate refresh token */
-    rotateRefreshToken(oldToken: string): Promise<RefreshToken>;
-    /** Check if token is expired */
-    isTokenExpired(token: string): boolean;
-    /** Get token expiration date */
-    getTokenExpiration(token: string): Date | null;
-    /** Clear token cache */
-    clearCache(): void;
-    /** Get cache statistics */
-    getCacheStats(): {
-        size: number;
-        maxSize: number;
-    } | null;
-    /** Private helper methods */
-    private validatePayload;
-    private verifyTokenWithCache;
-}