@naman_deep_singh/security 1.6.0 → 1.7.0

package/dist/esm/core/crypto/cryptoManager.d.ts

@@ -1,111 +0,0 @@
-/**
- * Configuration options for CryptoManager
- */
-export interface CryptoManagerConfig {
-    defaultAlgorithm?: string;
-    defaultEncoding?: BufferEncoding;
-    hmacAlgorithm?: string;
-}
-/**
- * CryptoManager - Class-based wrapper for all cryptographic operations
- * Provides a consistent interface for encryption, decryption, HMAC generation, and secure random generation
- */
-export declare class CryptoManager {
-    private config;
-    constructor(config?: CryptoManagerConfig);
-    /**
-     * Update configuration
-     */
-    updateConfig(config: Partial<CryptoManagerConfig>): void;
-    /**
-     * Get current configuration
-     */
-    getConfig(): Required<CryptoManagerConfig>;
-    /**
-     * Encrypt data using the default or specified algorithm
-     */
-    encrypt(plaintext: string, key: string, _options?: {
-        algorithm?: string;
-        encoding?: BufferEncoding;
-        iv?: string;
-    }): string;
-    /**
-     * Decrypt data using the default or specified algorithm
-     */
-    decrypt(encryptedData: string, key: string, _options?: {
-        algorithm?: string;
-        encoding?: BufferEncoding;
-        iv?: string;
-    }): string;
-    /**
-     * Generate HMAC signature
-     */
-    generateHmac(data: string, secret: string, _options?: {
-        algorithm?: string;
-        encoding?: BufferEncoding;
-    }): string;
-    /**
-     * Generate cryptographically secure random bytes
-     */
-    generateSecureRandom(length: number, _encoding?: BufferEncoding): string;
-    /**
-     * Verify HMAC signature
-     */
-    verifyHmac(data: string, secret: string, signature: string, _options?: {
-        algorithm?: string;
-        encoding?: BufferEncoding;
-    }): boolean;
-    /**
-     * Create a key derivation function using PBKDF2
-     */
-    deriveKey(password: string, salt: string, iterations?: number, keyLength?: number): Promise<string>;
-    /**
-     * Hash data using SHA-256
-     */
-    sha256(data: string, encoding?: BufferEncoding): string;
-    /**
-     * Hash data using SHA-512
-     */
-    sha512(data: string, encoding?: BufferEncoding): string;
-    /**
-     * Generate a secure key pair for asymmetric encryption
-     */
-    generateKeyPair(options?: {
-        modulusLength?: number;
-        publicKeyEncoding?: {
-            type: string;
-            format: string;
-        };
-        privateKeyEncoding?: {
-            type: string;
-            format: string;
-        };
-    }): Promise<{
-        publicKey: string;
-        privateKey: string;
-    }>;
-    /**
-     * Encrypt data using RSA public key
-     */
-    rsaEncrypt(data: string, publicKey: string): Promise<string>;
-    /**
-     * Decrypt data using RSA private key
-     */
-    rsaDecrypt(encryptedData: string, privateKey: string): Promise<string>;
-    /**
-     * Create digital signature using RSA private key
-     */
-    rsaSign(data: string, privateKey: string, algorithm?: string): Promise<string>;
-    /**
-     * Verify digital signature using RSA public key
-     */
-    rsaVerify(data: string, signature: string, publicKey: string, algorithm?: string): Promise<boolean>;
-}
-/**
- * Create a CryptoManager instance with default configuration
- */
-export declare const createCryptoManager: (config?: CryptoManagerConfig) => CryptoManager;
-/**
- * Default CryptoManager instance
- */
-export declare const cryptoManager: CryptoManager;

package/dist/esm/core/crypto/cryptoManager.js

@@ -1,203 +0,0 @@
-import { CryptoIntegrityError } from '@naman_deep_singh/errors';
-import { decrypt as functionalDecrypt, encrypt as functionalEncrypt, hmacSign as functionalHmacSign, hmacVerify as functionalHmacVerify, randomToken as functionalRandomToken, } from './index';
-/**
- * Default configuration
- */
-const DEFAULT_CONFIG = {
-    defaultAlgorithm: 'aes-256-gcm',
-    defaultEncoding: 'utf8',
-    hmacAlgorithm: 'sha256',
-};
-/**
- * CryptoManager - Class-based wrapper for all cryptographic operations
- * Provides a consistent interface for encryption, decryption, HMAC generation, and secure random generation
- */
-export class CryptoManager {
-    constructor(config = {}) {
-        this.config = { ...DEFAULT_CONFIG, ...config };
-    }
-    /**
-     * Update configuration
-     */
-    updateConfig(config) {
-        this.config = { ...this.config, ...config };
-    }
-    /**
-     * Get current configuration
-     */
-    getConfig() {
-        return { ...this.config };
-    }
-    /**
-     * Encrypt data using the default or specified algorithm
-     */
-    encrypt(plaintext, key, _options) {
-        try {
-            return functionalEncrypt(plaintext, key);
-        }
-        catch (error) {
-            throw new CryptoIntegrityError({
-                reason: 'Encryption failed',
-            }, error instanceof Error ? error : undefined);
-        }
-    }
-    /**
-     * Decrypt data using the default or specified algorithm
-     */
-    decrypt(encryptedData, key, _options) {
-        try {
-            return functionalDecrypt(encryptedData, key);
-        }
-        catch (error) {
-            throw new CryptoIntegrityError({
-                reason: 'Decryption failed',
-            }, error instanceof Error ? error : undefined);
-        }
-    }
-    /**
-     * Generate HMAC signature
-     */
-    generateHmac(data, secret, _options) {
-        // Use the basic HMAC sign function for now
-        // TODO: Add support for different algorithms
-        return functionalHmacSign(data, secret);
-    }
-    /**
-     * Generate cryptographically secure random bytes
-     */
-    generateSecureRandom(length, _encoding = 'hex') {
-        // Use the basic random token function
-        return functionalRandomToken(length);
-    }
-    /**
-     * Verify HMAC signature
-     */
-    verifyHmac(data, secret, signature, _options) {
-        // Use the basic HMAC verify function
-        return functionalHmacVerify(data, secret, signature);
-    }
-    /**
-     * Create a key derivation function using PBKDF2
-     */
-    deriveKey(password, salt, iterations = 100000, keyLength = 32) {
-        return new Promise((resolve, reject) => {
-            const crypto = require('crypto');
-            crypto.pbkdf2(password, salt, iterations, keyLength, 'sha256', (error, derivedKey) => {
-                if (error) {
-                    reject(new CryptoIntegrityError({
-                        reason: 'Key derivation failed',
-                    }, error instanceof Error ? error : undefined));
-                }
-                else {
-                    resolve(derivedKey.toString('hex'));
-                }
-            });
-        });
-    }
-    /**
-     * Hash data using SHA-256
-     */
-    sha256(data, encoding = 'hex') {
-        const crypto = require('crypto');
-        return crypto.createHash('sha256').update(data).digest(encoding);
-    }
-    /**
-     * Hash data using SHA-512
-     */
-    sha512(data, encoding = 'hex') {
-        const crypto = require('crypto');
-        return crypto.createHash('sha512').update(data).digest(encoding);
-    }
-    /**
-     * Generate a secure key pair for asymmetric encryption
-     */
-    generateKeyPair(options) {
-        return new Promise((resolve, _reject) => {
-            const crypto = require('crypto');
-            const keyPair = crypto.generateKeyPairSync('rsa', {
-                modulusLength: options?.modulusLength || 2048,
-                publicKeyEncoding: options?.publicKeyEncoding || {
-                    type: 'spki',
-                    format: 'pem',
-                },
-                privateKeyEncoding: options?.privateKeyEncoding || {
-                    type: 'pkcs8',
-                    format: 'pem',
-                },
-            });
-            resolve(keyPair);
-        });
-    }
-    /**
-     * Encrypt data using RSA public key
-     */
-    rsaEncrypt(data, publicKey) {
-        return new Promise((resolve, _reject) => {
-            const crypto = require('crypto');
-            const buffer = Buffer.from(data, 'utf8');
-            const encrypted = crypto.publicEncrypt(publicKey, buffer);
-            resolve(encrypted.toString('base64'));
-        });
-    }
-    /**
-     * Decrypt data using RSA private key
-     */
-    rsaDecrypt(encryptedData, privateKey) {
-        return new Promise((resolve, _reject) => {
-            const crypto = require('crypto');
-            const buffer = Buffer.from(encryptedData, 'base64');
-            const decrypted = crypto.privateDecrypt(privateKey, buffer);
-            resolve(decrypted.toString('utf8'));
-        });
-    }
-    /**
-     * Create digital signature using RSA private key
-     */
-    rsaSign(data, privateKey, algorithm = 'sha256') {
-        return new Promise((resolve, reject) => {
-            const crypto = require('crypto');
-            try {
-                const sign = crypto.createSign(algorithm);
-                sign.update(data);
-                sign.end();
-                const signature = sign.sign(privateKey, 'base64');
-                resolve(signature);
-            }
-            catch (error) {
-                reject(new CryptoIntegrityError({
-                    reason: 'RSA signing failed',
-                }, error instanceof Error ? error : undefined));
-            }
-        });
-    }
-    /**
-     * Verify digital signature using RSA public key
-     */
-    rsaVerify(data, signature, publicKey, algorithm = 'sha256') {
-        return new Promise((resolve, reject) => {
-            const crypto = require('crypto');
-            try {
-                const verify = crypto.createVerify(algorithm);
-                verify.update(data);
-                verify.end();
-                const isValid = verify.verify(publicKey, signature, 'base64');
-                resolve(isValid);
-            }
-            catch (error) {
-                reject(new CryptoIntegrityError({
-                    reason: 'RSA verification failed',
-                }, error instanceof Error ? error : undefined));
-            }
-        });
-    }
-}
-/**
- * Create a CryptoManager instance with default configuration
- */
-export const createCryptoManager = (config) => {
-    return new CryptoManager(config);
-};
-/**
- * Default CryptoManager instance
- */
-export const cryptoManager = new CryptoManager();

package/dist/esm/core/crypto/decrypt.d.ts

@@ -1 +0,0 @@
-export declare const decrypt: (data: string, secret: string) => string;

package/dist/esm/core/crypto/encrypt.d.ts

@@ -1 +0,0 @@
-export declare const encrypt: (text: string, secret: string) => string;

package/dist/esm/core/crypto/hmac.d.ts

@@ -1,8 +0,0 @@
-/**
- * Sign message using HMAC SHA-256
- */
-export declare const hmacSign: (message: string, secret: string) => string;
-/**
- * Verify HMAC signature
- */
-export declare const hmacVerify: (message: string, secret: string, signature: string) => boolean;

package/dist/esm/core/crypto/index.d.ts

@@ -1,5 +0,0 @@
-export { decrypt } from './decrypt';
-export { encrypt } from './encrypt';
-export { hmacSign, hmacVerify } from './hmac';
-export { randomToken, generateStrongPassword } from './random';
-export * from './cryptoManager';

package/dist/esm/core/crypto/random.d.ts

@@ -1,8 +0,0 @@
-/**
- * Generate cryptographically secure random string
- */
-export declare const randomToken: (length?: number) => string;
-/**
- * Generate a strong random password
- */
-export declare const generateStrongPassword: (length?: number) => string;

package/dist/esm/core/jwt/decode.d.ts

@@ -1,12 +0,0 @@
-import { type JwtPayload } from 'jsonwebtoken';
-/**
- * Flexible decode
- * Returns: null | string | JwtPayload
- * Mirrors jsonwebtoken.decode()
- */
-export declare function decodeToken(token: string): null | string | JwtPayload;
-/**
- * Strict decode
- * Always returns JwtPayload or throws error
- */
-export declare function decodeTokenStrict(token: string): JwtPayload;

package/dist/esm/core/jwt/extractToken.d.ts

@@ -1,11 +0,0 @@
-export interface TokenSources {
-    header?: string | undefined | null;
-    cookies?: Record<string, string> | undefined;
-    query?: Record<string, string | undefined> | undefined;
-    body?: Record<string, unknown> | undefined;
-    wsMessage?: string | Record<string, unknown> | undefined;
-}
-/**
- * Universal token extractor
- */
-export declare function extractToken(sources: TokenSources): string | null;

package/dist/esm/core/jwt/generateTokens.d.ts

@@ -1,4 +0,0 @@
-import type { Secret } from 'jsonwebtoken';
-import type { RefreshToken, TokenPair } from './types';
-export declare const generateTokens: (payload: Record<string, unknown>, accessSecret: Secret, refreshSecret: Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => TokenPair;
-export declare function rotateRefreshToken(oldToken: string, secret: Secret): RefreshToken;

package/dist/esm/core/jwt/index.d.ts

@@ -1,8 +0,0 @@
-export * from './decode';
-export * from './extractToken';
-export * from './generateTokens';
-export * from './parseDuration';
-export * from './signToken';
-export * from './types';
-export * from './validateToken';
-export * from './verify';

package/dist/esm/core/jwt/parseDuration.d.ts

@@ -1 +0,0 @@
-export declare function parseDuration(input: string | number): number;

package/dist/esm/core/jwt/signToken.d.ts

@@ -1,2 +0,0 @@
-import { type Secret, type SignOptions } from 'jsonwebtoken';
-export declare const signToken: (payload: Record<string, unknown>, secret: Secret, expiresIn?: string | number, options?: SignOptions) => string;

package/dist/esm/core/jwt/types.d.ts

@@ -1,22 +0,0 @@
-import type { JwtPayload } from 'jsonwebtoken';
-export interface AccessTokenBrand {
-    readonly access: unique symbol;
-}
-export interface RefreshTokenBrand {
-    readonly refresh: unique symbol;
-}
-export type AccessToken = string & AccessTokenBrand;
-export type RefreshToken = string & RefreshTokenBrand;
-export interface TokenPair {
-    accessToken: AccessToken;
-    refreshToken: RefreshToken;
-}
-export interface VerificationResult<T = JwtPayload> {
-    valid: boolean;
-    payload?: T | string;
-    error?: Error;
-}
-export interface TokenValidationOptions {
-    ignoreExpiration?: boolean;
-    ignoreIssuedAt?: boolean;
-}

package/dist/esm/core/jwt/validateToken.d.ts

@@ -1,16 +0,0 @@
-import type { JwtPayload } from 'jsonwebtoken';
-export interface TokenRequirements {
-    requiredFields?: string[];
-    forbiddenFields?: string[];
-    validateTypes?: Record<string, 'string' | 'number' | 'boolean'>;
-}
-/**
- * Validates a JWT payload according to the provided rules.
- * Throws ValidationError if validation fails.
- */
-export declare function validateTokenPayload(payload: Record<string, unknown>, rules?: TokenRequirements): void;
-/**
- * Checks if a JWT payload is expired.
- * Returns true if expired or missing 'exp'.
- */
-export declare function isTokenExpired(payload: JwtPayload): boolean;

package/dist/esm/core/jwt/verify.d.ts

@@ -1,18 +0,0 @@
-import { type JwtPayload, type Secret, type VerifyOptions } from 'jsonwebtoken';
-import type { VerificationResult } from './types';
-/**
- * Verify token (throws UnauthorizedError if invalid or expired)
- */
-export declare const verifyToken: (token: string, secret: Secret) => string | JwtPayload;
-/**
- * Verify token with options
- */
-export declare const verifyTokenWithOptions: (token: string, secret: Secret, options?: VerifyOptions) => string | JwtPayload;
-/**
- * Safe verify — never throws, returns structured result with UnauthorizedError on failure
- */
-export declare const safeVerifyToken: (token: string, secret: Secret) => VerificationResult;
-/**
- * Safe verify with options — never throws, returns structured result with UnauthorizedError on failure
- */
-export declare const safeVerifyTokenWithOptions: (token: string, secret: Secret, options?: VerifyOptions) => VerificationResult;

package/dist/esm/core/password/hash.d.ts

@@ -1,10 +0,0 @@
-/**
- * Hash a password asynchronously using bcrypt.
- */
-export declare const hashPassword: (password: string, saltRounds?: number) => Promise<string>;
-export declare function hashPasswordWithPepper(password: string, pepper: string): Promise<string>;
-/**
- * Hash a password synchronously using bcrypt.
- */
-export declare const hashPasswordSync: (password: string, saltRounds?: number) => string;
-export declare function hashPasswordWithPepperSync(password: string, pepper: string): string;

package/dist/esm/core/password/index.d.ts

@@ -1,3 +0,0 @@
-export * from './hash';
-export * from './strength';
-export * from './verify';

package/dist/esm/core/password/passwordManager.d.ts

@@ -1,29 +0,0 @@
-import type { HashedPassword, IPasswordManager, PasswordConfig, PasswordStrength, PasswordValidationResult } from '../../interfaces/password.interface';
-export declare class PasswordManager implements IPasswordManager {
-    private defaultConfig;
-    constructor(config?: PasswordConfig);
-    /**
-     * Hash a password asynchronously using bcrypt
-     */
-    hash(password: string, salt?: string): Promise<HashedPassword>;
-    /**
-     * Verify password against hash and salt
-     */
-    verify(password: string, hash: string, salt: string): Promise<boolean>;
-    /**
-     * Generate a random password
-     */
-    generate(length?: number, options?: PasswordConfig): string;
-    /**
-     * Validate password against configuration
-     */
-    validate(password: string, config?: PasswordConfig): PasswordValidationResult;
-    /**
-     * Check password strength
-     */
-    checkStrength(password: string): PasswordStrength;
-    /**
-     * Check if password hash needs upgrade (saltRounds change)
-     */
-    needsUpgrade(_hash: string, _currentConfig: PasswordConfig): boolean;
-}

package/dist/esm/core/password/strength.d.ts

@@ -1,2 +0,0 @@
-import type { PasswordStrengthOptions } from './types';
-export declare const isPasswordStrong: (password: string, options?: PasswordStrengthOptions) => boolean;

package/dist/esm/core/password/types.d.ts

@@ -1,7 +0,0 @@
-export interface PasswordStrengthOptions {
-    minLength?: number;
-    requireUppercase?: boolean;
-    requireLowercase?: boolean;
-    requireNumbers?: boolean;
-    requireSymbols?: boolean;
-}

package/dist/esm/core/password/utils.d.ts

@@ -1,16 +0,0 @@
-/**
- * Ensure password is a valid non-empty string
- */
-export declare function ensureValidPassword(password: string): void;
-/**
- * Timing-safe comparison between two strings
- */
-export declare function safeCompare(a: string, b: string): boolean;
-/**
- * Estimate password entropy based on character pool
- */
-export declare function estimatePasswordEntropy(password: string): number;
-/**
- * Normalize password string to a consistent form
- */
-export declare function normalizePassword(password: string): string;

package/dist/esm/core/password/verify.d.ts

@@ -1,10 +0,0 @@
-/**
- * Compare a password with a stored hash asynchronously.
- */
-export declare const verifyPassword: (password: string, hash: string) => Promise<boolean>;
-export declare function verifyPasswordWithPepper(password: string, pepper: string, hash: string): Promise<boolean>;
-/**
- * Compare a password with a stored hash synchronously.
- */
-export declare const verifyPasswordSync: (password: string, hash: string) => boolean;
-export declare function verifyPasswordWithPepperSync(password: string, pepper: string, hash: string): Promise<boolean>;

package/dist/esm/index.d.ts

@@ -1,40 +0,0 @@
-export * from './core/password';
-export * from './core/jwt';
-export * from './core/crypto';
-export { BadRequestError, UnauthorizedError, ValidationError, InternalServerError, } from '@naman_deep_singh/errors';
-import * as CryptoUtils from './core/crypto';
-import * as JWTUtils from './core/jwt';
-declare const _default: {
-    decrypt: (data: string, secret: string) => string;
-    encrypt: (text: string, secret: string) => string;
-    hmacSign: (message: string, secret: string) => string;
-    hmacVerify: (message: string, secret: string, signature: string) => boolean;
-    randomToken: (length?: number) => string;
-    generateStrongPassword: (length?: number) => string;
-    CryptoManager: typeof CryptoUtils.CryptoManager;
-    createCryptoManager: (config?: CryptoUtils.CryptoManagerConfig) => CryptoUtils.CryptoManager;
-    cryptoManager: CryptoUtils.CryptoManager;
-    decodeToken(token: string): null | string | import("node_modules/@types/jsonwebtoken").JwtPayload;
-    decodeTokenStrict(token: string): import("node_modules/@types/jsonwebtoken").JwtPayload;
-    extractToken(sources: JWTUtils.TokenSources): string | null;
-    rotateRefreshToken(oldToken: string, secret: import("node_modules/@types/jsonwebtoken").Secret): JWTUtils.RefreshToken;
-    generateTokens: (payload: Record<string, unknown>, accessSecret: import("node_modules/@types/jsonwebtoken").Secret, refreshSecret: import("node_modules/@types/jsonwebtoken").Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => JWTUtils.TokenPair;
-    parseDuration(input: string | number): number;
-    signToken: (payload: Record<string, unknown>, secret: import("node_modules/@types/jsonwebtoken").Secret, expiresIn?: string | number, options?: import("node_modules/@types/jsonwebtoken").SignOptions) => string;
-    validateTokenPayload(payload: Record<string, unknown>, rules?: JWTUtils.TokenRequirements): void;
-    isTokenExpired(payload: import("node_modules/@types/jsonwebtoken").JwtPayload): boolean;
-    verifyToken: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret) => string | import("node_modules/@types/jsonwebtoken").JwtPayload;
-    verifyTokenWithOptions: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret, options?: import("node_modules/@types/jsonwebtoken").VerifyOptions) => string | import("node_modules/@types/jsonwebtoken").JwtPayload;
-    safeVerifyToken: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret) => JWTUtils.VerificationResult;
-    safeVerifyTokenWithOptions: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret, options?: import("node_modules/@types/jsonwebtoken").VerifyOptions) => JWTUtils.VerificationResult;
-    hashPasswordWithPepper(password: string, pepper: string): Promise<string>;
-    hashPasswordWithPepperSync(password: string, pepper: string): string;
-    hashPassword: (password: string, saltRounds?: number) => Promise<string>;
-    hashPasswordSync: (password: string, saltRounds?: number) => string;
-    isPasswordStrong: (password: string, options?: import("./core/password/types").PasswordStrengthOptions) => boolean;
-    verifyPasswordWithPepper(password: string, pepper: string, hash: string): Promise<boolean>;
-    verifyPasswordWithPepperSync(password: string, pepper: string, hash: string): Promise<boolean>;
-    verifyPassword: (password: string, hash: string) => Promise<boolean>;
-    verifyPasswordSync: (password: string, hash: string) => boolean;
-};
-export default _default;

package/dist/esm/interfaces/jwt.interface.d.ts

@@ -1,47 +0,0 @@
-import type { JwtPayload, Secret } from 'jsonwebtoken';
-export interface AccessToken extends String {
-    readonly __type: 'AccessToken';
-}
-export interface RefreshToken extends String {
-    readonly __type: 'RefreshToken';
-}
-export interface TokenPair {
-    accessToken: AccessToken;
-    refreshToken: RefreshToken;
-}
-export interface JWTConfig {
-    accessSecret: Secret;
-    refreshSecret: Secret;
-    accessExpiry?: string | number;
-    refreshExpiry?: string | number;
-    enableCaching?: boolean;
-    maxCacheSize?: number;
-}
-export interface TokenValidationOptions {
-    ignoreExpiration?: boolean;
-    ignoreNotBefore?: boolean;
-    audience?: string | string[];
-    issuer?: string;
-    algorithms?: string[];
-}
-export interface TokenGenerationOptions {
-    algorithm?: string;
-    expiresIn?: string | number;
-    audience?: string | string[];
-    issuer?: string;
-    subject?: string;
-    kid?: string;
-}
-export interface ITokenManager {
-    generateTokens(payload: Record<string, unknown>): Promise<TokenPair>;
-    generateAccessToken(payload: Record<string, unknown>): Promise<AccessToken>;
-    generateRefreshToken(payload: Record<string, unknown>): Promise<RefreshToken>;
-    verifyAccessToken(token: string): Promise<JwtPayload | string>;
-    verifyRefreshToken(token: string): Promise<JwtPayload | string>;
-    decodeToken(token: string, complete?: boolean): JwtPayload | string | null;
-    extractTokenFromHeader(authHeader: string): string | null;
-    validateToken(token: string, secret: Secret, options?: TokenValidationOptions): boolean;
-    rotateRefreshToken(oldToken: string): Promise<RefreshToken>;
-    isTokenExpired(token: string): boolean;
-    getTokenExpiration(token: string): Date | null;
-}