@odysseon/whoami-core 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/security/jose-token-signer.adapter.d.ts +15 -0
- package/dist/adapters/security/jose-token-signer.adapter.d.ts.map +1 -0
- package/dist/adapters/security/jose-token-signer.adapter.js +54 -0
- package/dist/adapters/security/jose-token-signer.adapter.js.map +1 -0
- package/dist/adapters/security/webcrypto-token-hasher.adapter.d.ts +6 -0
- package/dist/adapters/security/webcrypto-token-hasher.adapter.d.ts.map +1 -0
- package/dist/adapters/security/webcrypto-token-hasher.adapter.js +26 -0
- package/dist/adapters/security/webcrypto-token-hasher.adapter.js.map +1 -0
- package/dist/core/whoami.service.d.ts +28 -0
- package/dist/core/whoami.service.d.ts.map +1 -0
- package/dist/core/whoami.service.js +113 -0
- package/dist/core/whoami.service.js.map +1 -0
- package/dist/errors/whoami-error.d.ts +6 -0
- package/dist/errors/whoami-error.d.ts.map +1 -0
- package/dist/errors/whoami-error.js +12 -0
- package/dist/errors/whoami-error.js.map +1 -0
- package/dist/index.d.ts +21 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +6 -0
- package/dist/index.js.map +1 -0
- package/dist/interfaces/models/jwt-payload.interface.d.ts +10 -0
- package/dist/interfaces/models/jwt-payload.interface.d.ts.map +1 -0
- package/dist/interfaces/models/jwt-payload.interface.js +2 -0
- package/dist/interfaces/models/jwt-payload.interface.js.map +1 -0
- package/dist/interfaces/models/refresh-token.interface.d.ts +9 -0
- package/dist/interfaces/models/refresh-token.interface.d.ts.map +1 -0
- package/dist/interfaces/models/refresh-token.interface.js +2 -0
- package/dist/interfaces/models/refresh-token.interface.js.map +1 -0
- package/dist/interfaces/models/user.interface.d.ts +10 -0
- package/dist/interfaces/models/user.interface.d.ts.map +1 -0
- package/dist/interfaces/models/user.interface.js +2 -0
- package/dist/interfaces/models/user.interface.js.map +1 -0
- package/dist/interfaces/operation-contracts/auth-tokens.interface.d.ts +5 -0
- package/dist/interfaces/operation-contracts/auth-tokens.interface.d.ts.map +1 -0
- package/dist/interfaces/operation-contracts/auth-tokens.interface.js +2 -0
- package/dist/interfaces/operation-contracts/auth-tokens.interface.js.map +1 -0
- package/dist/interfaces/operation-contracts/login-credentials.interface.d.ts +5 -0
- package/dist/interfaces/operation-contracts/login-credentials.interface.d.ts.map +1 -0
- package/dist/interfaces/operation-contracts/login-credentials.interface.js +2 -0
- package/dist/interfaces/operation-contracts/login-credentials.interface.js.map +1 -0
- package/dist/interfaces/operation-contracts/register-data.interface.d.ts +5 -0
- package/dist/interfaces/operation-contracts/register-data.interface.d.ts.map +1 -0
- package/dist/interfaces/operation-contracts/register-data.interface.js +2 -0
- package/dist/interfaces/operation-contracts/register-data.interface.js.map +1 -0
- package/dist/interfaces/ports/repositories/refresh-token-repository.port.d.ts +8 -0
- package/dist/interfaces/ports/repositories/refresh-token-repository.port.d.ts.map +1 -0
- package/dist/interfaces/ports/repositories/refresh-token-repository.port.js +2 -0
- package/dist/interfaces/ports/repositories/refresh-token-repository.port.js.map +1 -0
- package/dist/interfaces/ports/repositories/user-repository.port.d.ts +12 -0
- package/dist/interfaces/ports/repositories/user-repository.port.d.ts.map +1 -0
- package/dist/interfaces/ports/repositories/user-repository.port.js +2 -0
- package/dist/interfaces/ports/repositories/user-repository.port.js.map +1 -0
- package/dist/interfaces/ports/security/deterministic-token-hasher.port.d.ts +5 -0
- package/dist/interfaces/ports/security/deterministic-token-hasher.port.d.ts.map +1 -0
- package/dist/interfaces/ports/security/deterministic-token-hasher.port.js +2 -0
- package/dist/interfaces/ports/security/deterministic-token-hasher.port.js.map +1 -0
- package/dist/interfaces/ports/security/password-hasher.port.d.ts +5 -0
- package/dist/interfaces/ports/security/password-hasher.port.d.ts.map +1 -0
- package/dist/interfaces/ports/security/password-hasher.port.js +2 -0
- package/dist/interfaces/ports/security/password-hasher.port.js.map +1 -0
- package/dist/interfaces/ports/security/token-hasher.port.d.ts +5 -0
- package/dist/interfaces/ports/security/token-hasher.port.d.ts.map +1 -0
- package/dist/interfaces/ports/security/token-hasher.port.js +2 -0
- package/dist/interfaces/ports/security/token-hasher.port.js.map +1 -0
- package/dist/interfaces/ports/security/token-signer.port.d.ts +6 -0
- package/dist/interfaces/ports/security/token-signer.port.d.ts.map +1 -0
- package/dist/interfaces/ports/security/token-signer.port.js +2 -0
- package/dist/interfaces/ports/security/token-signer.port.js.map +1 -0
- package/dist/interfaces/ports/utilities/logger.port.d.ts +7 -0
- package/dist/interfaces/ports/utilities/logger.port.d.ts.map +1 -0
- package/dist/interfaces/ports/utilities/logger.port.js +2 -0
- package/dist/interfaces/ports/utilities/logger.port.js.map +1 -0
- package/dist/interfaces/ports/utilities/token-extractor.port.d.ts +4 -0
- package/dist/interfaces/ports/utilities/token-extractor.port.d.ts.map +1 -0
- package/dist/interfaces/ports/utilities/token-extractor.port.js +2 -0
- package/dist/interfaces/ports/utilities/token-extractor.port.js.map +1 -0
- package/package.json +34 -0
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import type { ITokenSigner } from "../../interfaces/ports/security/token-signer.port.js";
|
|
2
|
+
import type { IJwtPayload } from "../../interfaces/models/jwt-payload.interface.js";
|
|
3
|
+
export interface JoseSignerConfig {
|
|
4
|
+
secret: string;
|
|
5
|
+
issuer?: string;
|
|
6
|
+
audience?: string;
|
|
7
|
+
}
|
|
8
|
+
export declare class JoseTokenSigner implements ITokenSigner {
|
|
9
|
+
private readonly config;
|
|
10
|
+
private readonly encodedSecret;
|
|
11
|
+
constructor(config: JoseSignerConfig);
|
|
12
|
+
sign(payload: IJwtPayload, expiresInSeconds: number): Promise<string>;
|
|
13
|
+
verify(token: string): Promise<IJwtPayload>;
|
|
14
|
+
}
|
|
15
|
+
//# sourceMappingURL=jose-token-signer.adapter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jose-token-signer.adapter.d.ts","sourceRoot":"","sources":["../../../src/adapters/security/jose-token-signer.adapter.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,sDAAsD,CAAC;AACzF,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kDAAkD,CAAC;AAGpF,MAAM,WAAW,gBAAgB;IAE/B,MAAM,EAAE,MAAM,CAAC;IAEf,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,eAAgB,YAAW,YAAY;IAGtC,OAAO,CAAC,QAAQ,CAAC,MAAM;IAFnC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAa;gBAEd,MAAM,EAAE,gBAAgB;IAUxC,IAAI,CACf,OAAO,EAAE,WAAW,EACpB,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC,MAAM,CAAC;IAkBL,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;CAiDzD"}
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
import { SignJWT, jwtVerify, errors } from "jose";
|
|
2
|
+
import { WhoamiError } from "../../errors/whoami-error.js";
|
|
3
|
+
export class JoseTokenSigner {
|
|
4
|
+
config;
|
|
5
|
+
encodedSecret;
|
|
6
|
+
constructor(config) {
|
|
7
|
+
this.config = config;
|
|
8
|
+
if (!config.secret || config.secret.length < 32) {
|
|
9
|
+
throw new Error("JoseTokenSigner requires a secret of at least 32 characters for adequate security.");
|
|
10
|
+
}
|
|
11
|
+
this.encodedSecret = new TextEncoder().encode(config.secret);
|
|
12
|
+
}
|
|
13
|
+
async sign(payload, expiresInSeconds) {
|
|
14
|
+
let jwt = new SignJWT(payload)
|
|
15
|
+
.setProtectedHeader({ alg: "HS256", typ: "JWT" })
|
|
16
|
+
.setIssuedAt()
|
|
17
|
+
.setExpirationTime(`${expiresInSeconds}s`);
|
|
18
|
+
if (this.config.issuer) {
|
|
19
|
+
jwt = jwt.setIssuer(this.config.issuer);
|
|
20
|
+
}
|
|
21
|
+
if (this.config.audience) {
|
|
22
|
+
jwt = jwt.setAudience(this.config.audience);
|
|
23
|
+
}
|
|
24
|
+
return await jwt.sign(this.encodedSecret);
|
|
25
|
+
}
|
|
26
|
+
async verify(token) {
|
|
27
|
+
try {
|
|
28
|
+
const { payload } = await jwtVerify(token, this.encodedSecret, {
|
|
29
|
+
issuer: this.config.issuer,
|
|
30
|
+
audience: this.config.audience,
|
|
31
|
+
});
|
|
32
|
+
if (typeof payload.sub !== "string" || payload.sub.trim().length === 0) {
|
|
33
|
+
throw new WhoamiError("TOKEN_MALFORMED", "Token payload is missing a valid subject (sub) claim.");
|
|
34
|
+
}
|
|
35
|
+
return payload;
|
|
36
|
+
}
|
|
37
|
+
catch (error) {
|
|
38
|
+
if (error instanceof WhoamiError) {
|
|
39
|
+
throw error;
|
|
40
|
+
}
|
|
41
|
+
if (error instanceof errors.JWTExpired) {
|
|
42
|
+
throw new WhoamiError("TOKEN_EXPIRED", "The provided access token has expired.");
|
|
43
|
+
}
|
|
44
|
+
if (error instanceof errors.JWTInvalid ||
|
|
45
|
+
error instanceof errors.JWSInvalid ||
|
|
46
|
+
error instanceof errors.JWSSignatureVerificationFailed ||
|
|
47
|
+
error instanceof errors.JWTClaimValidationFailed) {
|
|
48
|
+
throw new WhoamiError("TOKEN_MALFORMED", "The provided token is malformed, tampered with, or invalid.");
|
|
49
|
+
}
|
|
50
|
+
throw new WhoamiError("TOKEN_MALFORMED", "Failed to verify token.");
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
//# sourceMappingURL=jose-token-signer.adapter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jose-token-signer.adapter.js","sourceRoot":"","sources":["../../../src/adapters/security/jose-token-signer.adapter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAGlD,OAAO,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAW3D,MAAM,OAAO,eAAe;IAGG;IAFZ,aAAa,CAAa;IAE3C,YAA6B,MAAwB;QAAxB,WAAM,GAAN,MAAM,CAAkB;QACnD,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CACb,oFAAoF,CACrF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,aAAa,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/D,CAAC;IAEM,KAAK,CAAC,IAAI,CACf,OAAoB,EACpB,gBAAwB;QAIxB,IAAI,GAAG,GAAG,IAAI,OAAO,CAAC,OAAkC,CAAC;aACtD,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;aAChD,WAAW,EAAE;aACb,iBAAiB,CAAC,GAAG,gBAAgB,GAAG,CAAC,CAAC;QAE7C,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACvB,GAAG,GAAG,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACzB,GAAG,GAAG,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC5C,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,KAAa;QAC/B,IAAI,CAAC;YACH,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,aAAa,EAAE;gBAC7D,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;gBAC1B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;aAC/B,CAAC,CAAC;YAKH,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvE,MAAM,IAAI,WAAW,CACnB,iBAAiB,EACjB,uDAAuD,CACxD,CAAC;YACJ,CAAC;YAED,OAAO,OAAiC,CAAC;QAC3C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAEf,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;gBACjC,MAAM,KAAK,CAAC;YACd,CAAC;YAKD,IAAI,KAAK,YAAY,MAAM,CAAC,UAAU,EAAE,CAAC;gBACvC,MAAM,IAAI,WAAW,CACnB,eAAe,EACf,wCAAwC,CACzC,CAAC;YACJ,CAAC;YAED,IACE,KAAK,YAAY,MAAM,CAAC,UAAU;gBAClC,KAAK,YAAY,MAAM,CAAC,UAAU;gBAClC,KAAK,YAAY,MAAM,CAAC,8BAA8B;gBACtD,KAAK,YAAY,MAAM,CAAC,wBAAwB,EAChD,CAAC;gBACD,MAAM,IAAI,WAAW,CACnB,iBAAiB,EACjB,6DAA6D,CAC9D,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,WAAW,CAAC,iBAAiB,EAAE,yBAAyB,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import type { IDeterministicTokenHasher } from "../../interfaces/ports/security/deterministic-token-hasher.port.js";
|
|
2
|
+
export declare class WebCryptoTokenHasher implements IDeterministicTokenHasher {
|
|
3
|
+
hash(token: string): Promise<string>;
|
|
4
|
+
verify(hash: string, token: string): Promise<boolean>;
|
|
5
|
+
}
|
|
6
|
+
//# sourceMappingURL=webcrypto-token-hasher.adapter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"webcrypto-token-hasher.adapter.d.ts","sourceRoot":"","sources":["../../../src/adapters/security/webcrypto-token-hasher.adapter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,oEAAoE,CAAC;AAEpH,qBAAa,oBAAqB,YAAW,yBAAyB;IACvD,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAcpC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAqBnE"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
export class WebCryptoTokenHasher {
|
|
2
|
+
async hash(token) {
|
|
3
|
+
if (!token) {
|
|
4
|
+
throw new Error("Cannot hash an empty token.");
|
|
5
|
+
}
|
|
6
|
+
const data = new TextEncoder().encode(token);
|
|
7
|
+
const hashBuffer = await globalThis.crypto.subtle.digest("SHA-256", data);
|
|
8
|
+
const hashArray = Array.from(new Uint8Array(hashBuffer));
|
|
9
|
+
return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
|
|
10
|
+
}
|
|
11
|
+
async verify(hash, token) {
|
|
12
|
+
if (!hash ||
|
|
13
|
+
hash.length !== 64 ||
|
|
14
|
+
!/^[0-9a-fA-F]{64}$/.test(hash) ||
|
|
15
|
+
!token) {
|
|
16
|
+
return false;
|
|
17
|
+
}
|
|
18
|
+
const computedHash = await this.hash(token);
|
|
19
|
+
let mismatch = 0;
|
|
20
|
+
for (let i = 0; i < 64; i++) {
|
|
21
|
+
mismatch |= hash.charCodeAt(i) ^ computedHash.charCodeAt(i);
|
|
22
|
+
}
|
|
23
|
+
return mismatch === 0;
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
//# sourceMappingURL=webcrypto-token-hasher.adapter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"webcrypto-token-hasher.adapter.js","sourceRoot":"","sources":["../../../src/adapters/security/webcrypto-token-hasher.adapter.ts"],"names":[],"mappings":"AAEA,MAAM,OAAO,oBAAoB;IACxB,KAAK,CAAC,IAAI,CAAC,KAAa;QAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE7C,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAG1E,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;QACzD,OAAO,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxE,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,IAAY,EAAE,KAAa;QAE7C,IACE,CAAC,IAAI;YACL,IAAI,CAAC,MAAM,KAAK,EAAE;YAClB,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC;YAC/B,CAAC,KAAK,EACN,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAG5C,IAAI,QAAQ,GAAG,CAAC,CAAC;QACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,QAAQ,KAAK,CAAC,CAAC;IACxB,CAAC;CACF"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import type { IEmailUserRepository } from "../interfaces/ports/repositories/user-repository.port.js";
|
|
2
|
+
import type { IRefreshTokenRepository } from "../interfaces/ports/repositories/refresh-token-repository.port.js";
|
|
3
|
+
import type { IPasswordHasher } from "../interfaces/ports/security/password-hasher.port.js";
|
|
4
|
+
import type { ITokenSigner } from "../interfaces/ports/security/token-signer.port.js";
|
|
5
|
+
import type { ILogger } from "../interfaces/ports/utilities/logger.port.js";
|
|
6
|
+
import type { IUserWithEmail } from "../interfaces/models/user.interface.js";
|
|
7
|
+
import type { IJwtPayload } from "../interfaces/models/jwt-payload.interface.js";
|
|
8
|
+
import type { IAuthTokens } from "../interfaces/operation-contracts/auth-tokens.interface.js";
|
|
9
|
+
import type { IEmailPasswordCredentials } from "../interfaces/operation-contracts/login-credentials.interface.js";
|
|
10
|
+
import type { IRegisterWithEmailData } from "../interfaces/operation-contracts/register-data.interface.js";
|
|
11
|
+
import { IDeterministicTokenHasher } from "../interfaces/ports/security/deterministic-token-hasher.port.js";
|
|
12
|
+
export interface WhoamiServiceDependencies {
|
|
13
|
+
userRepository: IEmailUserRepository;
|
|
14
|
+
refreshTokenRepository: IRefreshTokenRepository;
|
|
15
|
+
passwordHasher: IPasswordHasher;
|
|
16
|
+
tokenHasher: IDeterministicTokenHasher;
|
|
17
|
+
tokenSigner: ITokenSigner;
|
|
18
|
+
logger: ILogger;
|
|
19
|
+
}
|
|
20
|
+
export declare class WhoamiService {
|
|
21
|
+
private readonly deps;
|
|
22
|
+
constructor(deps: WhoamiServiceDependencies);
|
|
23
|
+
registerWithEmail(data: IRegisterWithEmailData): Promise<IUserWithEmail>;
|
|
24
|
+
loginWithEmail(credentials: IEmailPasswordCredentials): Promise<IAuthTokens>;
|
|
25
|
+
refreshTokens(rawRefreshTokenString: string): Promise<IAuthTokens>;
|
|
26
|
+
verifyAccessToken(accessToken: string): Promise<IJwtPayload>;
|
|
27
|
+
}
|
|
28
|
+
//# sourceMappingURL=whoami.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"whoami.service.d.ts","sourceRoot":"","sources":["../../src/core/whoami.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,0DAA0D,CAAC;AACrG,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,mEAAmE,CAAC;AACjH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sDAAsD,CAAC;AAC5F,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mDAAmD,CAAC;AACtF,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,8CAA8C,CAAC;AAE5E,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wCAAwC,CAAC;AAC7E,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,+CAA+C,CAAC;AACjF,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4DAA4D,CAAC;AAC9F,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,kEAAkE,CAAC;AAClH,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8DAA8D,CAAC;AAG3G,OAAO,EAAE,yBAAyB,EAAE,MAAM,iEAAiE,CAAC;AAK5G,MAAM,WAAW,yBAAyB;IACxC,cAAc,EAAE,oBAAoB,CAAC;IACrC,sBAAsB,EAAE,uBAAuB,CAAC;IAChD,cAAc,EAAE,eAAe,CAAC;IAChC,WAAW,EAAE,yBAAyB,CAAC;IACvC,WAAW,EAAE,YAAY,CAAC;IAC1B,MAAM,EAAE,OAAO,CAAC;CACjB;AAED,qBAAa,aAAa;IACZ,OAAO,CAAC,QAAQ,CAAC,IAAI;gBAAJ,IAAI,EAAE,yBAAyB;IAE/C,iBAAiB,CAC5B,IAAI,EAAE,sBAAsB,GAC3B,OAAO,CAAC,cAAc,CAAC;IA8Bb,cAAc,CACzB,WAAW,EAAE,yBAAyB,GACrC,OAAO,CAAC,WAAW,CAAC;IAsDV,aAAa,CACxB,qBAAqB,EAAE,MAAM,GAC5B,OAAO,CAAC,WAAW,CAAC;IAmGV,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;CAK1E"}
|
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
import { WhoamiError } from "../errors/whoami-error.js";
|
|
2
|
+
export class WhoamiService {
|
|
3
|
+
deps;
|
|
4
|
+
constructor(deps) {
|
|
5
|
+
this.deps = deps;
|
|
6
|
+
}
|
|
7
|
+
async registerWithEmail(data) {
|
|
8
|
+
const existingUser = await this.deps.userRepository.findByEmail(data.email);
|
|
9
|
+
if (existingUser) {
|
|
10
|
+
this.deps.logger.warn("Registration attempt with existing email", {
|
|
11
|
+
email: data.email,
|
|
12
|
+
});
|
|
13
|
+
throw new WhoamiError("USER_ALREADY_EXISTS", "An identity with this email already exists.");
|
|
14
|
+
}
|
|
15
|
+
const passwordHash = await this.deps.passwordHasher.hash(data.password);
|
|
16
|
+
const newUser = await this.deps.userRepository.create({
|
|
17
|
+
email: data.email,
|
|
18
|
+
passwordHash,
|
|
19
|
+
});
|
|
20
|
+
this.deps.logger.info("New identity registered via email", {
|
|
21
|
+
userId: newUser.id,
|
|
22
|
+
});
|
|
23
|
+
return newUser;
|
|
24
|
+
}
|
|
25
|
+
async loginWithEmail(credentials) {
|
|
26
|
+
const genericError = new WhoamiError("INVALID_CREDENTIALS", "Invalid email or password.");
|
|
27
|
+
const user = await this.deps.userRepository.findByEmail(credentials.email);
|
|
28
|
+
if (!user) {
|
|
29
|
+
this.deps.logger.warn("Failed login attempt: User not found", {
|
|
30
|
+
email: credentials.email,
|
|
31
|
+
});
|
|
32
|
+
throw genericError;
|
|
33
|
+
}
|
|
34
|
+
const isValidPassword = await this.deps.passwordHasher.verify(user.passwordHash, credentials.password);
|
|
35
|
+
if (!isValidPassword) {
|
|
36
|
+
this.deps.logger.warn("Failed login attempt: Invalid password", {
|
|
37
|
+
userId: user.id,
|
|
38
|
+
});
|
|
39
|
+
throw genericError;
|
|
40
|
+
}
|
|
41
|
+
const accessToken = await this.deps.tokenSigner.sign({ sub: user.id }, 900);
|
|
42
|
+
const rawRefreshToken = crypto.randomUUID();
|
|
43
|
+
const hashedRefreshToken = await this.deps.tokenHasher.hash(rawRefreshToken);
|
|
44
|
+
const expirationDate = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000);
|
|
45
|
+
await this.deps.refreshTokenRepository.store({
|
|
46
|
+
userId: user.id,
|
|
47
|
+
tokenHash: hashedRefreshToken,
|
|
48
|
+
expiresAt: expirationDate,
|
|
49
|
+
isRevoked: false,
|
|
50
|
+
});
|
|
51
|
+
this.deps.logger.info("Successful login", { userId: user.id });
|
|
52
|
+
return {
|
|
53
|
+
accessToken,
|
|
54
|
+
refreshToken: rawRefreshToken,
|
|
55
|
+
};
|
|
56
|
+
}
|
|
57
|
+
async refreshTokens(rawRefreshTokenString) {
|
|
58
|
+
if (!rawRefreshTokenString || rawRefreshTokenString.trim() === "") {
|
|
59
|
+
this.deps.logger.warn("Token refresh failed: Empty token provided");
|
|
60
|
+
throw new WhoamiError("INVALID_CREDENTIALS", "Invalid or expired refresh token.");
|
|
61
|
+
}
|
|
62
|
+
const oldTokenHash = await this.deps.tokenHasher.hash(rawRefreshTokenString);
|
|
63
|
+
const tokenRecord = await this.deps.refreshTokenRepository.findByHash(oldTokenHash);
|
|
64
|
+
if (!tokenRecord) {
|
|
65
|
+
this.deps.logger.warn("Token refresh failed: Token not found");
|
|
66
|
+
throw new WhoamiError("INVALID_CREDENTIALS", "Invalid or expired refresh token.");
|
|
67
|
+
}
|
|
68
|
+
if (tokenRecord.isRevoked) {
|
|
69
|
+
this.deps.logger.error("SECURITY ALERT: Attempted use of revoked refresh token", undefined, {
|
|
70
|
+
userId: tokenRecord.userId,
|
|
71
|
+
});
|
|
72
|
+
await this.deps.refreshTokenRepository.revokeAllForUser(tokenRecord.userId);
|
|
73
|
+
throw new WhoamiError("INVALID_CREDENTIALS", "Token has been revoked.");
|
|
74
|
+
}
|
|
75
|
+
if (tokenRecord.expiresAt < new Date()) {
|
|
76
|
+
this.deps.logger.warn("Token refresh failed: Token expired", {
|
|
77
|
+
userId: tokenRecord.userId,
|
|
78
|
+
});
|
|
79
|
+
throw new WhoamiError("TOKEN_EXPIRED", "Refresh token has expired.");
|
|
80
|
+
}
|
|
81
|
+
const user = await this.deps.userRepository.findById(tokenRecord.userId);
|
|
82
|
+
if (!user) {
|
|
83
|
+
this.deps.logger.warn("Token refresh failed: User no longer exists", {
|
|
84
|
+
userId: tokenRecord.userId,
|
|
85
|
+
});
|
|
86
|
+
throw new WhoamiError("USER_NOT_FOUND", "User no longer exists.");
|
|
87
|
+
}
|
|
88
|
+
const newAccessToken = await this.deps.tokenSigner.sign({ sub: user.id }, 900);
|
|
89
|
+
const newRawRefreshToken = crypto.randomUUID();
|
|
90
|
+
const newHashedRefreshToken = await this.deps.tokenHasher.hash(newRawRefreshToken);
|
|
91
|
+
const expirationDate = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000);
|
|
92
|
+
const rotated = await this.deps.refreshTokenRepository.rotate(oldTokenHash, {
|
|
93
|
+
userId: user.id,
|
|
94
|
+
tokenHash: newHashedRefreshToken,
|
|
95
|
+
expiresAt: expirationDate,
|
|
96
|
+
isRevoked: false,
|
|
97
|
+
});
|
|
98
|
+
if (!rotated) {
|
|
99
|
+
this.deps.logger.error("SECURITY ALERT: Token reuse detected during atomic rotation", undefined, { userId: user.id });
|
|
100
|
+
await this.deps.refreshTokenRepository.revokeAllForUser(user.id);
|
|
101
|
+
throw new WhoamiError("INVALID_CREDENTIALS", "Token reuse detected.");
|
|
102
|
+
}
|
|
103
|
+
this.deps.logger.info("Tokens rotated successfully", { userId: user.id });
|
|
104
|
+
return {
|
|
105
|
+
accessToken: newAccessToken,
|
|
106
|
+
refreshToken: newRawRefreshToken,
|
|
107
|
+
};
|
|
108
|
+
}
|
|
109
|
+
async verifyAccessToken(accessToken) {
|
|
110
|
+
return await this.deps.tokenSigner.verify(accessToken);
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
//# sourceMappingURL=whoami.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"whoami.service.js","sourceRoot":"","sources":["../../src/core/whoami.service.ts"],"names":[],"mappings":"AAYA,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAexD,MAAM,OAAO,aAAa;IACK;IAA7B,YAA6B,IAA+B;QAA/B,SAAI,GAAJ,IAAI,CAA2B;IAAG,CAAC;IAEzD,KAAK,CAAC,iBAAiB,CAC5B,IAA4B;QAG5B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5E,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0CAA0C,EAAE;gBAChE,KAAK,EAAE,IAAI,CAAC,KAAK;aAClB,CAAC,CAAC;YACH,MAAM,IAAI,WAAW,CACnB,qBAAqB,EACrB,6CAA6C,CAC9C,CAAC;QACJ,CAAC;QAGD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAGxE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC;YACpD,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,YAAY;SACb,CAAC,CAAC;QAGH,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE;YACzD,MAAM,EAAE,OAAO,CAAC,EAAE;SACnB,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAEM,KAAK,CAAC,cAAc,CACzB,WAAsC;QAEtC,MAAM,YAAY,GAAG,IAAI,WAAW,CAClC,qBAAqB,EACrB,4BAA4B,CAC7B,CAAC;QAGF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAC3E,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,EAAE;gBAC5D,KAAK,EAAE,WAAW,CAAC,KAAK;aACzB,CAAC,CAAC;YACH,MAAM,YAAY,CAAC;QACrB,CAAC;QAGD,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAC3D,IAAI,CAAC,YAAY,EACjB,WAAW,CAAC,QAAQ,CACrB,CAAC;QACF,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wCAAwC,EAAE;gBAC9D,MAAM,EAAE,IAAI,CAAC,EAAE;aAChB,CAAC,CAAC;YACH,MAAM,YAAY,CAAC;QACrB,CAAC;QAGD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;QAG5E,MAAM,eAAe,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAC5C,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAEpD,MAAM,cAAc,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAGtE,MAAM,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC;YAC3C,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,SAAS,EAAE,kBAAkB;YAC7B,SAAS,EAAE,cAAc;YACzB,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAG/D,OAAO;YACL,WAAW;YACX,YAAY,EAAE,eAAe;SAC9B,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,aAAa,CACxB,qBAA6B;QAG7B,IAAI,CAAC,qBAAqB,IAAI,qBAAqB,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAClE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;YACpE,MAAM,IAAI,WAAW,CACnB,qBAAqB,EACrB,mCAAmC,CACpC,CAAC;QACJ,CAAC;QAGD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CACnD,qBAAqB,CACtB,CAAC;QAGF,MAAM,WAAW,GACf,MAAM,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QAClE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;YAC/D,MAAM,IAAI,WAAW,CACnB,qBAAqB,EACrB,mCAAmC,CACpC,CAAC;QACJ,CAAC;QAGD,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;YAC1B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CACpB,wDAAwD,EACxD,SAAS,EACT;gBACE,MAAM,EAAE,WAAW,CAAC,MAAM;aAC3B,CACF,CAAC;YACF,MAAM,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,gBAAgB,CACrD,WAAW,CAAC,MAAM,CACnB,CAAC;YACF,MAAM,IAAI,WAAW,CAAC,qBAAqB,EAAE,yBAAyB,CAAC,CAAC;QAC1E,CAAC;QAGD,IAAI,WAAW,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YACvC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE;gBAC3D,MAAM,EAAE,WAAW,CAAC,MAAM;aAC3B,CAAC,CAAC;YACH,MAAM,IAAI,WAAW,CAAC,eAAe,EAAE,4BAA4B,CAAC,CAAC;QACvE,CAAC;QAGD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACzE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6CAA6C,EAAE;gBACnE,MAAM,EAAE,WAAW,CAAC,MAAM;aAC3B,CAAC,CAAC;YACH,MAAM,IAAI,WAAW,CAAC,gBAAgB,EAAE,wBAAwB,CAAC,CAAC;QACpE,CAAC;QAGD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CACrD,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,EAChB,GAAG,CACJ,CAAC;QACF,MAAM,kBAAkB,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAC/C,MAAM,qBAAqB,GACzB,MAAM,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAEvD,MAAM,cAAc,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAGtE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAC3D,YAAY,EACZ;YACE,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,SAAS,EAAE,qBAAqB;YAChC,SAAS,EAAE,cAAc;YACzB,SAAS,EAAE,KAAK;SACjB,CACF,CAAC;QAGF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CACpB,6DAA6D,EAC7D,SAAS,EACT,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CACpB,CAAC;YACF,MAAM,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjE,MAAM,IAAI,WAAW,CAAC,qBAAqB,EAAE,uBAAuB,CAAC,CAAC;QACxE,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAE1E,OAAO;YACL,WAAW,EAAE,cAAc;YAC3B,YAAY,EAAE,kBAAkB;SACjC,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,iBAAiB,CAAC,WAAmB;QAGhD,OAAO,MAAM,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACzD,CAAC;CACF"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export type WhoamiErrorCode = "USER_NOT_FOUND" | "USER_ALREADY_EXISTS" | "INVALID_CREDENTIALS" | "TOKEN_EXPIRED" | "TOKEN_MALFORMED" | "TOKEN_REUSED" | "MISSING_TOKEN" | "UNSUPPORTED_AUTH_METHOD";
|
|
2
|
+
export declare class WhoamiError extends Error {
|
|
3
|
+
readonly code: WhoamiErrorCode;
|
|
4
|
+
constructor(code: WhoamiErrorCode, message: string);
|
|
5
|
+
}
|
|
6
|
+
//# sourceMappingURL=whoami-error.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"whoami-error.d.ts","sourceRoot":"","sources":["../../src/errors/whoami-error.ts"],"names":[],"mappings":"AAIA,MAAM,MAAM,eAAe,GACvB,gBAAgB,GAChB,qBAAqB,GACrB,qBAAqB,GACrB,eAAe,GACf,iBAAiB,GACjB,cAAc,GACd,eAAe,GACf,yBAAyB,CAAC;AAE9B,qBAAa,WAAY,SAAQ,KAAK;IACpC,SAAgB,IAAI,EAAE,eAAe,CAAC;gBAE1B,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM;CAUnD"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
export class WhoamiError extends Error {
|
|
2
|
+
code;
|
|
3
|
+
constructor(code, message) {
|
|
4
|
+
super(message);
|
|
5
|
+
this.name = "WhoamiError";
|
|
6
|
+
this.code = code;
|
|
7
|
+
if (Error.captureStackTrace) {
|
|
8
|
+
Error.captureStackTrace(this, WhoamiError);
|
|
9
|
+
}
|
|
10
|
+
}
|
|
11
|
+
}
|
|
12
|
+
//# sourceMappingURL=whoami-error.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"whoami-error.js","sourceRoot":"","sources":["../../src/errors/whoami-error.ts"],"names":[],"mappings":"AAcA,MAAM,OAAO,WAAY,SAAQ,KAAK;IACpB,IAAI,CAAkB;IAEtC,YAAY,IAAqB,EAAE,OAAe;QAChD,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;QAC1B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QAGjB,IAAI,KAAK,CAAC,iBAAiB,EAAE,CAAC;YAC5B,KAAK,CAAC,iBAAiB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;CACF"}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
export declare const VERSION = "0.1.0";
|
|
2
|
+
export * from "./errors/whoami-error.js";
|
|
3
|
+
export type * from "./interfaces/models/user.interface.js";
|
|
4
|
+
export type * from "./interfaces/models/refresh-token.interface.js";
|
|
5
|
+
export type * from "./interfaces/models/jwt-payload.interface.js";
|
|
6
|
+
export type * from "./interfaces/ports/security/password-hasher.port.js";
|
|
7
|
+
export type * from "./interfaces/ports/security/deterministic-token-hasher.port.js";
|
|
8
|
+
export type * from "./interfaces/ports/security/token-signer.port.js";
|
|
9
|
+
export type * from "./interfaces/ports/repositories/user-repository.port.js";
|
|
10
|
+
export type * from "./interfaces/ports/repositories/refresh-token-repository.port.js";
|
|
11
|
+
export type * from "./interfaces/ports/utilities/token-extractor.port.js";
|
|
12
|
+
export type * from "./interfaces/ports/utilities/logger.port.js";
|
|
13
|
+
export type * from "./interfaces/operation-contracts/auth-tokens.interface.js";
|
|
14
|
+
export type * from "./interfaces/operation-contracts/login-credentials.interface.js";
|
|
15
|
+
export type * from "./interfaces/operation-contracts/register-data.interface.js";
|
|
16
|
+
export { WhoamiService } from "./core/whoami.service.js";
|
|
17
|
+
export type { WhoamiServiceDependencies } from "./core/whoami.service.js";
|
|
18
|
+
export { JoseTokenSigner } from "./adapters/security/jose-token-signer.adapter.js";
|
|
19
|
+
export type { JoseSignerConfig } from "./adapters/security/jose-token-signer.adapter.js";
|
|
20
|
+
export { WebCryptoTokenHasher } from "./adapters/security/webcrypto-token-hasher.adapter.js";
|
|
21
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,OAAO,UAAU,CAAC;AAE/B,cAAc,0BAA0B,CAAC;AAGzC,mBAAmB,uCAAuC,CAAC;AAC3D,mBAAmB,gDAAgD,CAAC;AACpE,mBAAmB,8CAA8C,CAAC;AAGlE,mBAAmB,qDAAqD,CAAC;AACzE,mBAAmB,gEAAgE,CAAC;AACpF,mBAAmB,kDAAkD,CAAC;AAGtE,mBAAmB,yDAAyD,CAAC;AAC7E,mBAAmB,kEAAkE,CAAC;AAGtF,mBAAmB,sDAAsD,CAAC;AAC1E,mBAAmB,6CAA6C,CAAC;AAGjE,mBAAmB,2DAA2D,CAAC;AAC/E,mBAAmB,iEAAiE,CAAC;AACrF,mBAAmB,6DAA6D,CAAC;AAGjF,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,YAAY,EAAE,yBAAyB,EAAE,MAAM,0BAA0B,CAAC;AAG1E,OAAO,EAAE,eAAe,EAAE,MAAM,kDAAkD,CAAC;AACnF,YAAY,EAAE,gBAAgB,EAAE,MAAM,kDAAkD,CAAC;AACzF,OAAO,EAAE,oBAAoB,EAAE,MAAM,uDAAuD,CAAC"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export const VERSION = "0.1.0";
|
|
2
|
+
export * from "./errors/whoami-error.js";
|
|
3
|
+
export { WhoamiService } from "./core/whoami.service.js";
|
|
4
|
+
export { JoseTokenSigner } from "./adapters/security/jose-token-signer.adapter.js";
|
|
5
|
+
export { WebCryptoTokenHasher } from "./adapters/security/webcrypto-token-hasher.adapter.js";
|
|
6
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,OAAO,GAAG,OAAO,CAAC;AAE/B,cAAc,0BAA0B,CAAC;AA0BzC,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAIzD,OAAO,EAAE,eAAe,EAAE,MAAM,kDAAkD,CAAC;AAEnF,OAAO,EAAE,oBAAoB,EAAE,MAAM,uDAAuD,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt-payload.interface.d.ts","sourceRoot":"","sources":["../../../src/interfaces/models/jwt-payload.interface.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAGxB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt-payload.interface.js","sourceRoot":"","sources":["../../../src/interfaces/models/jwt-payload.interface.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"refresh-token.interface.d.ts","sourceRoot":"","sources":["../../../src/interfaces/models/refresh-token.interface.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,MAAM,kBAAkB,GAAG,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"refresh-token.interface.js","sourceRoot":"","sources":["../../../src/interfaces/models/refresh-token.interface.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"user.interface.d.ts","sourceRoot":"","sources":["../../../src/interfaces/models/user.interface.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,KAAK;IACpB,EAAE,EAAE,MAAM,CAAC;CACZ;AAMD,MAAM,WAAW,cAAe,SAAQ,KAAK;IAC3C,KAAK,EAAE,MAAM,CAAC;CACf;AAMD,MAAM,WAAW,iBAAkB,SAAQ,cAAc;IACvD,YAAY,EAAE,MAAM,CAAC;CACtB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"user.interface.js","sourceRoot":"","sources":["../../../src/interfaces/models/user.interface.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-tokens.interface.d.ts","sourceRoot":"","sources":["../../../src/interfaces/operation-contracts/auth-tokens.interface.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACtB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-tokens.interface.js","sourceRoot":"","sources":["../../../src/interfaces/operation-contracts/auth-tokens.interface.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"login-credentials.interface.d.ts","sourceRoot":"","sources":["../../../src/interfaces/operation-contracts/login-credentials.interface.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,yBAAyB;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CAClB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"login-credentials.interface.js","sourceRoot":"","sources":["../../../src/interfaces/operation-contracts/login-credentials.interface.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"register-data.interface.d.ts","sourceRoot":"","sources":["../../../src/interfaces/operation-contracts/register-data.interface.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CAClB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"register-data.interface.js","sourceRoot":"","sources":["../../../src/interfaces/operation-contracts/register-data.interface.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import type { IRefreshToken, IStoreRefreshToken } from "../../models/refresh-token.interface.js";
|
|
2
|
+
export interface IRefreshTokenRepository {
|
|
3
|
+
store(token: IStoreRefreshToken): Promise<void>;
|
|
4
|
+
findByHash(tokenHash: string): Promise<IRefreshToken | null>;
|
|
5
|
+
rotate(oldTokenHash: string, newData: IStoreRefreshToken): Promise<boolean>;
|
|
6
|
+
revokeAllForUser(userId: string): Promise<void>;
|
|
7
|
+
}
|
|
8
|
+
//# sourceMappingURL=refresh-token-repository.port.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"refresh-token-repository.port.d.ts","sourceRoot":"","sources":["../../../../src/interfaces/ports/repositories/refresh-token-repository.port.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,aAAa,EACb,kBAAkB,EACnB,MAAM,yCAAyC,CAAC;AAEjD,MAAM,WAAW,uBAAuB;IAItC,KAAK,CAAC,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAMhD,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IAQ7D,MAAM,CAAC,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAE5E,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjD"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"refresh-token-repository.port.js","sourceRoot":"","sources":["../../../../src/interfaces/ports/repositories/refresh-token-repository.port.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IUser, IUserWithEmail, IUserWithPassword } from "../../models/user.interface.js";
|
|
2
|
+
export interface IUserRepository {
|
|
3
|
+
findById(id: string): Promise<IUser | null>;
|
|
4
|
+
}
|
|
5
|
+
export interface IEmailUserRepository extends IUserRepository {
|
|
6
|
+
findByEmail(email: string): Promise<IUserWithPassword | null>;
|
|
7
|
+
create(data: {
|
|
8
|
+
email: string;
|
|
9
|
+
passwordHash: string;
|
|
10
|
+
}): Promise<IUserWithEmail>;
|
|
11
|
+
}
|
|
12
|
+
//# sourceMappingURL=user-repository.port.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"user-repository.port.d.ts","sourceRoot":"","sources":["../../../../src/interfaces/ports/repositories/user-repository.port.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,KAAK,EACL,cAAc,EACd,iBAAiB,EAClB,MAAM,gCAAgC,CAAC;AAKxC,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;CAC7C;AAMD,MAAM,WAAW,oBAAqB,SAAQ,eAAe;IAC3D,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAC;IAC9D,MAAM,CAAC,IAAI,EAAE;QACX,KAAK,EAAE,MAAM,CAAC;QACd,YAAY,EAAE,MAAM,CAAC;KACtB,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;CAC7B"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"user-repository.port.js","sourceRoot":"","sources":["../../../../src/interfaces/ports/repositories/user-repository.port.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"deterministic-token-hasher.port.d.ts","sourceRoot":"","sources":["../../../../src/interfaces/ports/security/deterministic-token-hasher.port.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,yBAAyB;IACxC,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACvD"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"deterministic-token-hasher.port.js","sourceRoot":"","sources":["../../../../src/interfaces/ports/security/deterministic-token-hasher.port.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"password-hasher.port.d.ts","sourceRoot":"","sources":["../../../../src/interfaces/ports/security/password-hasher.port.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,eAAe;IAC9B,IAAI,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC3D"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"password-hasher.port.js","sourceRoot":"","sources":["../../../../src/interfaces/ports/security/password-hasher.port.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-hasher.port.d.ts","sourceRoot":"","sources":["../../../../src/interfaces/ports/security/token-hasher.port.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,YAAY;IAC3B,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACvD"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-hasher.port.js","sourceRoot":"","sources":["../../../../src/interfaces/ports/security/token-hasher.port.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import type { IJwtPayload } from "../../models/jwt-payload.interface.js";
|
|
2
|
+
export interface ITokenSigner {
|
|
3
|
+
sign(payload: IJwtPayload, expiresInSeconds: number): Promise<string>;
|
|
4
|
+
verify(token: string): Promise<IJwtPayload>;
|
|
5
|
+
}
|
|
6
|
+
//# sourceMappingURL=token-signer.port.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-signer.port.d.ts","sourceRoot":"","sources":["../../../../src/interfaces/ports/security/token-signer.port.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uCAAuC,CAAC;AAEzE,MAAM,WAAW,YAAY;IAI3B,IAAI,CAAC,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAMtE,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;CAC7C"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-signer.port.js","sourceRoot":"","sources":["../../../../src/interfaces/ports/security/token-signer.port.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
export interface ILogger {
|
|
2
|
+
info(message: unknown, ...optionalParams: unknown[]): void;
|
|
3
|
+
warn(message: unknown, ...optionalParams: unknown[]): void;
|
|
4
|
+
error(message: unknown, ...optionalParams: unknown[]): void;
|
|
5
|
+
debug?(message: unknown, ...optionalParams: unknown[]): void;
|
|
6
|
+
}
|
|
7
|
+
//# sourceMappingURL=logger.port.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"logger.port.d.ts","sourceRoot":"","sources":["../../../../src/interfaces/ports/utilities/logger.port.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,OAAO;IACtB,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,cAAc,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAC3D,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,cAAc,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAG3D,KAAK,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,cAAc,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAE5D,KAAK,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,cAAc,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;CAC9D"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"logger.port.js","sourceRoot":"","sources":["../../../../src/interfaces/ports/utilities/logger.port.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-extractor.port.d.ts","sourceRoot":"","sources":["../../../../src/interfaces/ports/utilities/token-extractor.port.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,eAAe;IAM9B,OAAO,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC;CAC1C"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-extractor.port.js","sourceRoot":"","sources":["../../../../src/interfaces/ports/utilities/token-extractor.port.ts"],"names":[],"mappings":""}
|
package/package.json
ADDED
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@odysseon/whoami-core",
|
|
3
|
+
"version": "0.2.0",
|
|
4
|
+
"description": "Framework-agnostic identity and authentication core",
|
|
5
|
+
"files": [
|
|
6
|
+
"dist",
|
|
7
|
+
"README.md"
|
|
8
|
+
],
|
|
9
|
+
"type": "module",
|
|
10
|
+
"main": "./dist/index.js",
|
|
11
|
+
"types": "./dist/index.d.ts",
|
|
12
|
+
"exports": {
|
|
13
|
+
".": {
|
|
14
|
+
"import": {
|
|
15
|
+
"types": "./dist/index.d.ts",
|
|
16
|
+
"default": "./dist/index.js"
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
},
|
|
20
|
+
"publishConfig": {
|
|
21
|
+
"access": "public",
|
|
22
|
+
"provenance": true
|
|
23
|
+
},
|
|
24
|
+
"scripts": {
|
|
25
|
+
"build": "tsc -b tsconfig.build.json",
|
|
26
|
+
"lint": "eslint \"src/**/*.ts\""
|
|
27
|
+
},
|
|
28
|
+
"dependencies": {
|
|
29
|
+
"jose": "^6.2.2"
|
|
30
|
+
},
|
|
31
|
+
"devDependencies": {
|
|
32
|
+
"typescript": "^5.9.3"
|
|
33
|
+
}
|
|
34
|
+
}
|