@nest-boot/hash 7.0.2 → 7.2.0

package/dist/hash.module.d.ts

@@ -10,13 +10,17 @@ import { ASYNC_OPTIONS_TYPE, ConfigurableModuleClass, OPTIONS_TYPE } from "./has
  * @Module({
  *   imports: [
  *     HashModule.register({
- *       secret: 'your-secret-key',
- *       isGlobal: true,
+ *       secret: process.env.HASH_SECRET
  *     }),
  *   ],
  * })
  * export class AppModule {}
  * ```
+ *
+ * Generate a secure secret:
+ * ```bash
+ * node -e "console.log(require('crypto').randomBytes(32).toString('base64url'))"
+ * ```
  */
 export declare class HashModule extends ConfigurableModuleClass {
     /**

package/dist/hash.module.js

@@ -10,6 +10,7 @@ exports.HashModule = void 0;
 const common_1 = require("@nestjs/common");
 const hash_module_definition_1 = require("./hash.module-definition");
 const hash_service_1 = require("./hash.service");
+const estimate_entropy_1 = require("./utils/estimate-entropy");
 /**
  * Module that provides password hashing services using Argon2.
  *
@@ -20,13 +21,17 @@ const hash_service_1 = require("./hash.service");
  * @Module({
  *   imports: [
  *     HashModule.register({
- *       secret: 'your-secret-key',
- *       isGlobal: true,
+ *       secret: process.env.HASH_SECRET
  *     }),
  *   ],
  * })
  * export class AppModule {}
  * ```
+ *
+ * Generate a secure secret:
+ * ```bash
+ * node -e "console.log(require('crypto').randomBytes(32).toString('base64url'))"
+ * ```
  */
 let HashModule = class HashModule extends hash_module_definition_1.ConfigurableModuleClass {
     /**
@@ -49,6 +54,37 @@ let HashModule = class HashModule extends hash_module_definition_1.ConfigurableM
 exports.HashModule = HashModule;
 exports.HashModule = HashModule = __decorate([
     (0, common_1.Global)(),
-    (0, common_1.Module)({ providers: [hash_service_1.HashService], exports: [hash_service_1.HashService] })
+    (0, common_1.Module)({
+        providers: [
+            {
+                provide: hash_service_1.HashService,
+                inject: [{ token: hash_module_definition_1.MODULE_OPTIONS_TOKEN, optional: true }],
+                useFactory: (options) => {
+                    const secret = options.secret ?? process.env.HASH_SECRET ?? process.env.APP_SECRET;
+                    if (!secret) {
+                        throw new Error("Hash secret is required.\n" +
+                            "Set HASH_SECRET or APP_SECRET environment variable, or pass a secret option.\n" +
+                            "Generate a secure secret with:\n" +
+                            "  node -e \"console.log(require('crypto').randomBytes(32).toString('base64url'))\"");
+                    }
+                    if (secret.length < 32) {
+                        throw new Error("Hash secret must be at least 32 characters long.\n" +
+                            "Set HASH_SECRET or APP_SECRET environment variable, or pass a secret option.\n" +
+                            "Generate a secure secret with:\n" +
+                            "  node -e \"console.log(require('crypto').randomBytes(32).toString('base64url'))\"");
+                    }
+                    if ((0, estimate_entropy_1.estimateEntropy)(secret) < 120) {
+                        throw new Error("Hash secret appears low-entropy.\n" +
+                            "Use a randomly generated secret for production.\n" +
+                            "Generate a secure secret with:\n" +
+                            "  node -e \"console.log(require('crypto').randomBytes(32).toString('base64url'))\"");
+                    }
+                    hash_service_1.HashService.init(secret);
+                    return hash_service_1.HashService.instance;
+                },
+            },
+        ],
+        exports: [hash_service_1.HashService],
+    })
 ], HashModule);
 //# sourceMappingURL=hash.module.js.map

package/dist/hash.module.js.map

@@ -1 +1 @@
-{"version":3,"file":"hash.module.js","sourceRoot":"","sources":["../src/hash.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAoE;AAEpE,qEAIkC;AAClC,iDAA6C;AAE7C;;;;;;;;;;;;;;;;;GAiBG;AAGI,IAAM,UAAU,GAAhB,MAAM,UAAW,SAAQ,gDAAuB;IACrD;;;;OAIG;IACH,MAAM,CAAU,QAAQ,CAAC,OAA4B;QACnD,OAAO,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACjC,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAU,aAAa,CAC3B,OAAkC;QAElC,OAAO,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;CACF,CAAA;AApBY,gCAAU;qBAAV,UAAU;IAFtB,IAAA,eAAM,GAAE;IACR,IAAA,eAAM,EAAC,EAAE,SAAS,EAAE,CAAC,0BAAW,CAAC,EAAE,OAAO,EAAE,CAAC,0BAAW,CAAC,EAAE,CAAC;GAChD,UAAU,CAoBtB"}
+{"version":3,"file":"hash.module.js","sourceRoot":"","sources":["../src/hash.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAoE;AAEpE,qEAKkC;AAClC,iDAA6C;AAE7C,+DAA2D;AAE3D;;;;;;;;;;;;;;;;;;;;;GAqBG;AA8CI,IAAM,UAAU,GAAhB,MAAM,UAAW,SAAQ,gDAAuB;IACrD;;;;OAIG;IACH,MAAM,CAAU,QAAQ,CAAC,OAA4B;QACnD,OAAO,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACjC,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAU,aAAa,CAC3B,OAAkC;QAElC,OAAO,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;CACF,CAAA;AApBY,gCAAU;qBAAV,UAAU;IA7CtB,IAAA,eAAM,GAAE;IACR,IAAA,eAAM,EAAC;QACN,SAAS,EAAE;YACT;gBACE,OAAO,EAAE,0BAAW;gBACpB,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,6CAAoB,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;gBACzD,UAAU,EAAE,CAAC,OAA0B,EAAE,EAAE;oBACzC,MAAM,MAAM,GACV,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;oBAEtE,IAAI,CAAC,MAAM,EAAE,CAAC;wBACZ,MAAM,IAAI,KAAK,CACb,4BAA4B;4BAC1B,gFAAgF;4BAChF,kCAAkC;4BAClC,oFAAoF,CACvF,CAAC;oBACJ,CAAC;oBAED,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;wBACvB,MAAM,IAAI,KAAK,CACb,oDAAoD;4BAClD,gFAAgF;4BAChF,kCAAkC;4BAClC,oFAAoF,CACvF,CAAC;oBACJ,CAAC;oBAED,IAAI,IAAA,kCAAe,EAAC,MAAM,CAAC,GAAG,GAAG,EAAE,CAAC;wBAClC,MAAM,IAAI,KAAK,CACb,oCAAoC;4BAClC,mDAAmD;4BACnD,kCAAkC;4BAClC,oFAAoF,CACvF,CAAC;oBACJ,CAAC;oBAED,0BAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBAEzB,OAAO,0BAAW,CAAC,QAAQ,CAAC;gBAC9B,CAAC;aACF;SACF;QACD,OAAO,EAAE,CAAC,0BAAW,CAAC;KACvB,CAAC;GACW,UAAU,CAoBtB"}

package/dist/hash.module.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/hash.module.spec.js

@@ -0,0 +1,76 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const testing_1 = require("@nestjs/testing");
+const _1 = require(".");
+const TEST_SECRET = "myTestSecretThatIsAtLeast32Chars!";
+describe("HashModule", () => {
+    const originalEnv = process.env;
+    beforeEach(() => {
+        // Reset static instance before each test
+        _1.HashService._instance = undefined;
+        // Reset environment variables
+        process.env = { ...originalEnv };
+        delete process.env.HASH_SECRET;
+        delete process.env.APP_SECRET;
+    });
+    afterAll(() => {
+        process.env = originalEnv;
+    });
+    describe("register", () => {
+        it("should throw error when secret is missing", async () => {
+            await expect(testing_1.Test.createTestingModule({
+                imports: [_1.HashModule.register({})],
+            }).compile()).rejects.toThrow("Hash secret is required.");
+        });
+        it("should use HASH_SECRET env when no secret provided", async () => {
+            process.env.HASH_SECRET = TEST_SECRET;
+            const moduleRef = await testing_1.Test.createTestingModule({
+                imports: [_1.HashModule.register({})],
+            }).compile();
+            const hashService = moduleRef.get(_1.HashService);
+            expect(hashService).toBeDefined();
+            const hashed = await hashService.hash("password");
+            expect(hashed).toContain("$argon2");
+        });
+        it("should use APP_SECRET env when no secret or HASH_SECRET provided", async () => {
+            process.env.APP_SECRET = TEST_SECRET;
+            const moduleRef = await testing_1.Test.createTestingModule({
+                imports: [_1.HashModule.register({})],
+            }).compile();
+            const hashService = moduleRef.get(_1.HashService);
+            expect(hashService).toBeDefined();
+            const hashed = await hashService.hash("password");
+            expect(hashed).toContain("$argon2");
+        });
+        it("should throw error when secret is too short", async () => {
+            await expect(testing_1.Test.createTestingModule({
+                imports: [_1.HashModule.register({ secret: "short" })],
+            }).compile()).rejects.toThrow("Hash secret must be at least 32 characters long.");
+        });
+        it("should throw error when secret has low entropy", async () => {
+            // A secret that is 32 chars but low entropy (all same character)
+            const lowEntropySecret = "a".repeat(32);
+            await expect(testing_1.Test.createTestingModule({
+                imports: [_1.HashModule.register({ secret: lowEntropySecret })],
+            }).compile()).rejects.toThrow("Hash secret appears low-entropy.");
+        });
+    });
+    describe("registerAsync", () => {
+        it("should register module with async factory", async () => {
+            const moduleRef = await testing_1.Test.createTestingModule({
+                imports: [
+                    _1.HashModule.registerAsync({
+                        useFactory: () => ({
+                            secret: TEST_SECRET,
+                        }),
+                    }),
+                ],
+            }).compile();
+            const hashService = moduleRef.get(_1.HashService);
+            expect(hashService).toBeDefined();
+            const hashed = await hashService.hash("password");
+            expect(hashed).toContain("$argon2");
+        });
+    });
+});
+//# sourceMappingURL=hash.module.spec.js.map

package/dist/hash.module.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash.module.spec.js","sourceRoot":"","sources":["../src/hash.module.spec.ts"],"names":[],"mappings":";;AAAA,6CAAuC;AAEvC,wBAA4C;AAE5C,MAAM,WAAW,GAAG,mCAAmC,CAAC;AAExD,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IAC1B,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC;IAEhC,UAAU,CAAC,GAAG,EAAE;QACd,yCAAyC;QACxC,cAAmD,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3E,8BAA8B;QAC9B,OAAO,CAAC,GAAG,GAAG,EAAE,GAAG,WAAW,EAAE,CAAC;QACjC,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;QAC/B,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,GAAG,EAAE;QACZ,OAAO,CAAC,GAAG,GAAG,WAAW,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,UAAU,EAAE,GAAG,EAAE;QACxB,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;YACzD,MAAM,MAAM,CACV,cAAI,CAAC,mBAAmB,CAAC;gBACvB,OAAO,EAAE,CAAC,aAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;aACnC,CAAC,CAAC,OAAO,EAAE,CACb,CAAC,OAAO,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;YAClE,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,WAAW,CAAC;YAEtC,MAAM,SAAS,GAAG,MAAM,cAAI,CAAC,mBAAmB,CAAC;gBAC/C,OAAO,EAAE,CAAC,aAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;aACnC,CAAC,CAAC,OAAO,EAAE,CAAC;YAEb,MAAM,WAAW,GAAG,SAAS,CAAC,GAAG,CAAc,cAAW,CAAC,CAAC;YAE5D,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;YAElC,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;YAChF,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,WAAW,CAAC;YAErC,MAAM,SAAS,GAAG,MAAM,cAAI,CAAC,mBAAmB,CAAC;gBAC/C,OAAO,EAAE,CAAC,aAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;aACnC,CAAC,CAAC,OAAO,EAAE,CAAC;YAEb,MAAM,WAAW,GAAG,SAAS,CAAC,GAAG,CAAc,cAAW,CAAC,CAAC;YAE5D,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;YAElC,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;YAC3D,MAAM,MAAM,CACV,cAAI,CAAC,mBAAmB,CAAC;gBACvB,OAAO,EAAE,CAAC,aAAU,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;aACpD,CAAC,CAAC,OAAO,EAAE,CACb,CAAC,OAAO,CAAC,OAAO,CAAC,kDAAkD,CAAC,CAAC;QACxE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;YAC9D,iEAAiE;YACjE,MAAM,gBAAgB,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAExC,MAAM,MAAM,CACV,cAAI,CAAC,mBAAmB,CAAC;gBACvB,OAAO,EAAE,CAAC,aAAU,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC;aAC7D,CAAC,CAAC,OAAO,EAAE,CACb,CAAC,OAAO,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;QAC7B,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;YACzD,MAAM,SAAS,GAAG,MAAM,cAAI,CAAC,mBAAmB,CAAC;gBAC/C,OAAO,EAAE;oBACP,aAAU,CAAC,aAAa,CAAC;wBACvB,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;4BACjB,MAAM,EAAE,WAAW;yBACpB,CAAC;qBACH,CAAC;iBACH;aACF,CAAC,CAAC,OAAO,EAAE,CAAC;YAEb,MAAM,WAAW,GAAG,SAAS,CAAC,GAAG,CAAc,cAAW,CAAC,CAAC;YAE5D,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;YAElC,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/hash.service.d.ts

@@ -1,4 +1,3 @@
-import { HashModuleOptions } from "./hash-module-options.interface";
 /**
  * Service that provides password hashing and verification using Argon2 algorithm.
  *
@@ -6,34 +5,97 @@ import { HashModuleOptions } from "./hash-module-options.interface";
  * ```typescript
  * import { HashService } from '@nest-boot/hash';
  *
- * @Injectable()
- * export class AuthService {
- *   constructor(private readonly hashService: HashService) {}
+ * // Initialize at application startup
+ * HashService.init(process.env.HASH_SECRET);
  *
- *   async hashPassword(password: string): Promise<string> {
- *     return this.hashService.create(password);
- *   }
- *
- *   async verifyPassword(hash: string, password: string): Promise<boolean> {
- *     return this.hashService.verify(hash, password);
- *   }
- * }
+ * // Use static methods
+ * const hashed = await HashService.hash(password);
+ * const isValid = await HashService.verify(hashed, password);
  * ```
  */
 export declare class HashService {
+    private static _instance?;
+    /**
+     * Gets the static HashService instance.
+     * @throws Error if HashService has not been initialized via `init()`
+     * @returns The HashService instance
+     */
+    static get instance(): HashService;
+    /**
+     * Initializes the static HashService instance with the given secret.
+     * Call this method at application startup to configure the default secret.
+     *
+     * @param secret - The secret key to use for hashing
+     *
+     * @example
+     * ```typescript
+     * // In your application bootstrap
+     * HashService.init(process.env.HASH_SECRET);
+     * ```
+     */
+    static init(secret?: string): void;
+    /**
+     * Creates a hash from the given value using the static instance.
+     * @param value - The value to hash (password or other sensitive data)
+     * @param secret - Optional secret key to use instead of the default
+     * @returns The hashed string
+     * @throws Error if HashService has not been initialized via `init()`
+     */
+    static hash(value: string | Buffer, secret?: string): Promise<string>;
+    /**
+     * Creates a hash synchronously from the given value using the static instance.
+     * @param value - The value to hash (password or other sensitive data)
+     * @param secret - Optional secret key to use instead of the default
+     * @returns The hashed string
+     * @throws Error if HashService has not been initialized via `init()`
+     */
+    static hashSync(value: string | Buffer, secret?: string): string;
+    /**
+     * Verifies a value against a hash using the static instance.
+     * @param hashed - The hash to verify against
+     * @param value - The value to verify
+     * @param secret - Optional secret key to use instead of the default
+     * @returns True if the value matches the hash, false otherwise
+     * @throws Error if HashService has not been initialized via `init()`
+     */
+    static verify(hashed: string | Buffer, value: string | Buffer, secret?: string): Promise<boolean>;
+    /**
+     * Verifies a value against a hash synchronously using the static instance.
+     * @param hashed - The hash to verify against
+     * @param value - The value to verify
+     * @param secret - Optional secret key to use instead of the default
+     * @returns True if the value matches the hash, false otherwise
+     * @throws Error if HashService has not been initialized via `init()`
+     */
+    static verifySync(hashed: string | Buffer, value: string | Buffer, secret?: string): boolean;
     private readonly secret?;
     /**
      * Creates an instance of HashService.
-     * @param options - Configuration options for the hash service
+     * @param secret - Optional secret key to use for hashing
      */
-    constructor(options?: HashModuleOptions);
+    constructor(secret?: string);
     /**
      * Creates a hash from the given value using Argon2.
      * @param value - The value to hash (password or other sensitive data)
      * @param secret - Optional secret key to use instead of the default
      * @returns The hashed string
+     * @deprecated Use `hash` instead
      */
     create(value: string | Buffer, secret?: string): Promise<string>;
+    /**
+     * Creates a hash from the given value using Argon2.
+     * @param value - The value to hash (password or other sensitive data)
+     * @param secret - Optional secret key to use instead of the default
+     * @returns The hashed string
+     */
+    hash(value: string | Buffer, secret?: string): Promise<string>;
+    /**
+     * Creates a hash synchronously from the given value using Argon2.
+     * @param value - The value to hash (password or other sensitive data)
+     * @param secret - Optional secret key to use instead of the default
+     * @returns The hashed string
+     */
+    hashSync(value: string | Buffer, secret?: string): string;
     /**
      * Verifies a value against a hash.
      * @param hashed - The hash to verify against
@@ -42,4 +104,12 @@ export declare class HashService {
      * @returns True if the value matches the hash, false otherwise
      */
     verify(hashed: string | Buffer, value: string | Buffer, secret?: string): Promise<boolean>;
+    /**
+     * Verifies a value against a hash synchronously.
+     * @param hashed - The hash to verify against
+     * @param value - The value to verify
+     * @param secret - Optional secret key to use instead of the default
+     * @returns True if the value matches the hash, false otherwise
+     */
+    verifySync(hashed: string | Buffer, value: string | Buffer, secret?: string): boolean;
 }

package/dist/hash.service.js

@@ -1,21 +1,7 @@
 "use strict";
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-var __metadata = (this && this.__metadata) || function (k, v) {
-    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
-};
-var __param = (this && this.__param) || function (paramIndex, decorator) {
-    return function (target, key) { decorator(target, key, paramIndex); }
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.HashService = void 0;
-const common_1 = require("@nestjs/common");
 const argon2_1 = require("@node-rs/argon2");
-const hash_module_definition_1 = require("./hash.module-definition");
 /**
  * Service that provides password hashing and verification using Argon2 algorithm.
  *
@@ -23,42 +9,122 @@ const hash_module_definition_1 = require("./hash.module-definition");
  * ```typescript
  * import { HashService } from '@nest-boot/hash';
  *
- * @Injectable()
- * export class AuthService {
- *   constructor(private readonly hashService: HashService) {}
+ * // Initialize at application startup
+ * HashService.init(process.env.HASH_SECRET);
  *
- *   async hashPassword(password: string): Promise<string> {
- *     return this.hashService.create(password);
- *   }
- *
- *   async verifyPassword(hash: string, password: string): Promise<boolean> {
- *     return this.hashService.verify(hash, password);
- *   }
- * }
+ * // Use static methods
+ * const hashed = await HashService.hash(password);
+ * const isValid = await HashService.verify(hashed, password);
  * ```
  */
-let HashService = class HashService {
+class HashService {
     /**
-     * Creates an instance of HashService.
-     * @param options - Configuration options for the hash service
+     * Gets the static HashService instance.
+     * @throws Error if HashService has not been initialized via `init()`
+     * @returns The HashService instance
      */
-    constructor(options = {}) {
-        const secret = options.secret ?? process.env.HASH_SECRET ?? process.env.APP_SECRET;
-        if (secret) {
-            this.secret = Buffer.from(secret);
+    static get instance() {
+        if (!this._instance) {
+            throw new Error("HashService not initialized");
         }
+        return this._instance;
+    }
+    /**
+     * Initializes the static HashService instance with the given secret.
+     * Call this method at application startup to configure the default secret.
+     *
+     * @param secret - The secret key to use for hashing
+     *
+     * @example
+     * ```typescript
+     * // In your application bootstrap
+     * HashService.init(process.env.HASH_SECRET);
+     * ```
+     */
+    static init(secret) {
+        this._instance = new HashService(secret);
+    }
+    /**
+     * Creates a hash from the given value using the static instance.
+     * @param value - The value to hash (password or other sensitive data)
+     * @param secret - Optional secret key to use instead of the default
+     * @returns The hashed string
+     * @throws Error if HashService has not been initialized via `init()`
+     */
+    static hash(value, secret) {
+        return this.instance.hash(value, secret);
+    }
+    /**
+     * Creates a hash synchronously from the given value using the static instance.
+     * @param value - The value to hash (password or other sensitive data)
+     * @param secret - Optional secret key to use instead of the default
+     * @returns The hashed string
+     * @throws Error if HashService has not been initialized via `init()`
+     */
+    static hashSync(value, secret) {
+        return this.instance.hashSync(value, secret);
+    }
+    /**
+     * Verifies a value against a hash using the static instance.
+     * @param hashed - The hash to verify against
+     * @param value - The value to verify
+     * @param secret - Optional secret key to use instead of the default
+     * @returns True if the value matches the hash, false otherwise
+     * @throws Error if HashService has not been initialized via `init()`
+     */
+    static verify(hashed, value, secret) {
+        return this.instance.verify(hashed, value, secret);
+    }
+    /**
+     * Verifies a value against a hash synchronously using the static instance.
+     * @param hashed - The hash to verify against
+     * @param value - The value to verify
+     * @param secret - Optional secret key to use instead of the default
+     * @returns True if the value matches the hash, false otherwise
+     * @throws Error if HashService has not been initialized via `init()`
+     */
+    static verifySync(hashed, value, secret) {
+        return this.instance.verifySync(hashed, value, secret);
+    }
+    /**
+     * Creates an instance of HashService.
+     * @param secret - Optional secret key to use for hashing
+     */
+    constructor(secret) {
+        this.secret = secret ? Buffer.from(secret) : undefined;
     }
     /**
      * Creates a hash from the given value using Argon2.
      * @param value - The value to hash (password or other sensitive data)
      * @param secret - Optional secret key to use instead of the default
      * @returns The hashed string
+     * @deprecated Use `hash` instead
      */
     async create(value, secret) {
+        return await this.hash(value, secret);
+    }
+    /**
+     * Creates a hash from the given value using Argon2.
+     * @param value - The value to hash (password or other sensitive data)
+     * @param secret - Optional secret key to use instead of the default
+     * @returns The hashed string
+     */
+    async hash(value, secret) {
         return await (0, argon2_1.hash)(value, {
             secret: typeof secret !== "undefined" ? Buffer.from(secret) : this.secret,
         });
     }
+    /**
+     * Creates a hash synchronously from the given value using Argon2.
+     * @param value - The value to hash (password or other sensitive data)
+     * @param secret - Optional secret key to use instead of the default
+     * @returns The hashed string
+     */
+    hashSync(value, secret) {
+        return (0, argon2_1.hashSync)(value, {
+            secret: typeof secret !== "undefined" ? Buffer.from(secret) : this.secret,
+        });
+    }
     /**
      * Verifies a value against a hash.
      * @param hashed - The hash to verify against
@@ -71,12 +137,18 @@ let HashService = class HashService {
             secret: typeof secret !== "undefined" ? Buffer.from(secret) : this.secret,
         });
     }
-};
+    /**
+     * Verifies a value against a hash synchronously.
+     * @param hashed - The hash to verify against
+     * @param value - The value to verify
+     * @param secret - Optional secret key to use instead of the default
+     * @returns True if the value matches the hash, false otherwise
+     */
+    verifySync(hashed, value, secret) {
+        return (0, argon2_1.verifySync)(hashed, value, {
+            secret: typeof secret !== "undefined" ? Buffer.from(secret) : this.secret,
+        });
+    }
+}
 exports.HashService = HashService;
-exports.HashService = HashService = __decorate([
-    (0, common_1.Injectable)(),
-    __param(0, (0, common_1.Optional)()),
-    __param(0, (0, common_1.Inject)(hash_module_definition_1.MODULE_OPTIONS_TOKEN)),
-    __metadata("design:paramtypes", [Object])
-], HashService);
 //# sourceMappingURL=hash.service.js.map

package/dist/hash.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"hash.service.js","sourceRoot":"","sources":["../src/hash.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAA8D;AAC9D,4CAA+C;AAE/C,qEAAgE;AAGhE;;;;;;;;;;;;;;;;;;;;GAoBG;AAEI,IAAM,WAAW,GAAjB,MAAM,WAAW;IAGtB;;;OAGG;IACH,YAGE,UAA6B,EAAE;QAE/B,MAAM,MAAM,GACV,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;QAEtE,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,MAAM,CAAC,KAAsB,EAAE,MAAe;QAClD,OAAO,MAAM,IAAA,aAAI,EAAC,KAAK,EAAE;YACvB,MAAM,EAAE,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM;SAC1E,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,MAAM,CACV,MAAuB,EACvB,KAAsB,EACtB,MAAe;QAEf,OAAO,MAAM,IAAA,eAAM,EAAC,MAAM,EAAE,KAAK,EAAE;YACjC,MAAM,EAAE,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM;SAC1E,CAAC,CAAC;IACL,CAAC;CACF,CAAA;AAhDY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAU,GAAE;IASR,WAAA,IAAA,iBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,eAAM,EAAC,6CAAoB,CAAC,CAAA;;GATpB,WAAW,CAgDvB"}
+{"version":3,"file":"hash.service.js","sourceRoot":"","sources":["../src/hash.service.ts"],"names":[],"mappings":";;;AAAA,4CAAqE;AAErE;;;;;;;;;;;;;;GAcG;AAEH,MAAa,WAAW;IAGtB;;;;OAIG;IACH,MAAM,KAAK,QAAQ;QACjB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QAED,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,IAAI,CAAC,MAAe;QACzB,IAAI,CAAC,SAAS,GAAG,IAAI,WAAW,CAAC,MAAM,CAAC,CAAC;IAC3C,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,IAAI,CAAC,KAAsB,EAAE,MAAe;QACjD,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC3C,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,CAAC,KAAsB,EAAE,MAAe;QACrD,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC/C,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,MAAM,CACX,MAAuB,EACvB,KAAsB,EACtB,MAAe;QAEf,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IACrD,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,UAAU,CACf,MAAuB,EACvB,KAAsB,EACtB,MAAe;QAEf,OAAO,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IACzD,CAAC;IAID;;;OAGG;IACH,YAAY,MAAe;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACzD,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,MAAM,CAAC,KAAsB,EAAE,MAAe;QAClD,OAAO,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,IAAI,CAAC,KAAsB,EAAE,MAAe;QAChD,OAAO,MAAM,IAAA,aAAI,EAAC,KAAK,EAAE;YACvB,MAAM,EAAE,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM;SAC1E,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,QAAQ,CAAC,KAAsB,EAAE,MAAe;QAC9C,OAAO,IAAA,iBAAQ,EAAC,KAAK,EAAE;YACrB,MAAM,EAAE,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM;SAC1E,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,MAAM,CACV,MAAuB,EACvB,KAAsB,EACtB,MAAe;QAEf,OAAO,MAAM,IAAA,eAAM,EAAC,MAAM,EAAE,KAAK,EAAE;YACjC,MAAM,EAAE,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM;SAC1E,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,UAAU,CACR,MAAuB,EACvB,KAAsB,EACtB,MAAe;QAEf,OAAO,IAAA,mBAAU,EAAC,MAAM,EAAE,KAAK,EAAE;YAC/B,MAAM,EAAE,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM;SAC1E,CAAC,CAAC;IACL,CAAC;CACF;AApKD,kCAoKC"}