@onlineapps/service-validator-core 1.0.8 → 1.0.10

package/package.json

@@ -1,10 +1,13 @@
 {
   "name": "@onlineapps/service-validator-core",
-  "version": "1.0.8",
+  "version": "1.0.10",
   "description": "Core validation logic for microservices",
   "main": "src/index.js",
   "scripts": {
     "test": "jest",
+    "test:unit": "jest tests/unit",
+    "test:component": "jest tests/component",
+    "test:integration": "jest tests/integration",
     "test:coverage": "jest --coverage",
     "lint": "eslint src/"
   },
@@ -17,6 +20,7 @@
   "license": "MIT",
   "dependencies": {
     "ajv": "^8.12.0",
+    "@onlineapps/runtime-config": "1.0.2",
     "jsonwebtoken": "^9.0.2",
     "uuid": "^9.0.1"
   },

package/src/config.js

@@ -0,0 +1,30 @@
+'use strict';
+
+/**
+ * Runtime configuration schema for @onlineapps/service-validator-core.
+ *
+ * Priority:
+ * 1) Explicit config
+ * 2) ENV
+ * 3) Module-owned defaults
+ *
+ * IMPORTANT:
+ * - Token secret is required (NO FALLBACKS).
+ */
+
+const { createRuntimeConfig } = require('@onlineapps/runtime-config');
+const DEFAULTS = require('./defaults');
+
+const runtimeCfg = createRuntimeConfig({
+  defaults: DEFAULTS,
+  schema: {
+    tokenSecret: { env: 'VALIDATION_TOKEN_SECRET', required: true },
+    tokenExpiresIn: { env: 'VALIDATION_TOKEN_EXPIRES_IN', defaultKey: 'tokenExpiresIn' },
+    tokenAlgorithm: { env: 'VALIDATION_TOKEN_ALGORITHM', defaultKey: 'tokenAlgorithm' },
+    tokenIssuer: { env: 'VALIDATION_TOKEN_ISSUER', defaultKey: 'tokenIssuer' },
+  }
+});
+
+module.exports = runtimeCfg;
+
+

package/src/defaults.js

@@ -0,0 +1,17 @@
+'use strict';
+
+/**
+ * Module-owned defaults for @onlineapps/service-validator-core.
+ *
+ * Ownership rule:
+ * - This module owns token behavior defaults (expiry, algorithm, issuer).
+ * - Secret is NOT defaulted (must be provided via explicit config or ENV).
+ */
+
+module.exports = {
+  tokenExpiresIn: '24h',
+  tokenAlgorithm: 'HS256',
+  tokenIssuer: 'validation-core',
+};
+
+

package/src/index.js

@@ -30,7 +30,7 @@ class ValidationCore {
       health: new HealthValidator()
     };
 
-    this.tokenManager = new TokenManager();
+    this.tokenManager = new TokenManager(this.config.token || {});
     this.certificateManager = new CertificateManager();
     this.proofVerifier = new ValidationProofVerifier({
       maxProofAge: config.maxProofAge,

package/src/security/tokenManager.js

@@ -1,22 +1,27 @@
 const jwt = require('jsonwebtoken');
 const crypto = require('crypto');
 const FingerprintUtils = require('../utils/FingerprintUtils');
+const runtimeCfg = require('../config');
 
 class TokenManager {
   constructor(config = {}) {
-    this.secret = config.secret || process.env.VALIDATION_TOKEN_SECRET || this.generateSecret();
-    this.expiresIn = config.expiresIn || '24h';
-    this.algorithm = config.algorithm || 'HS256';
-    this.issuer = config.issuer || 'validation-core';
-    this.usedTokens = new Set(); // Track used tokens for single-use enforcement
-  }
+    let resolved;
+    try {
+      resolved = runtimeCfg.resolve({
+        tokenSecret: config.secret,
+        tokenExpiresIn: config.expiresIn,
+        tokenAlgorithm: config.algorithm,
+        tokenIssuer: config.issuer,
+      });
+    } catch (err) {
+      throw new Error('[TokenManager] Missing configuration - tokenSecret is required (set VALIDATION_TOKEN_SECRET env or pass config.secret)');
+    }
 
-  /**
-   * Generate a secure secret if none provided
-   * @returns {string} Generated secret
-   */
-  generateSecret() {
-    return crypto.randomBytes(64).toString('hex');
+    this.secret = resolved.tokenSecret;
+    this.expiresIn = resolved.tokenExpiresIn;
+    this.algorithm = resolved.tokenAlgorithm;
+    this.issuer = resolved.tokenIssuer;
+    this.usedTokens = new Set(); // Track used tokens for single-use enforcement
   }
 
   /**

package/src/utils/FingerprintUtils.js

@@ -39,9 +39,22 @@ class FingerprintUtils {
     } else if (typeof data === 'string') {
       input = data;
     } else if (typeof data === 'object' && data !== null) {
-      // Serialize object with optional key sorting
-      const keys = sortKeys ? Object.keys(data).sort() : Object.keys(data);
-      input = JSON.stringify(data, keys);
+      // Deep sort object keys for deterministic fingerprinting
+      const deepSort = (obj) => {
+        if (Array.isArray(obj)) {
+          return obj.map(deepSort);
+        }
+        if (obj !== null && typeof obj === 'object') {
+          return Object.keys(obj)
+            .sort()
+            .reduce((acc, key) => {
+              acc[key] = deepSort(obj[key]);
+              return acc;
+            }, {});
+        }
+        return obj;
+      };
+      input = JSON.stringify(deepSort(data));
     } else {
       // Primitives (number, boolean, null, undefined)
       input = String(data);

package/tests/component/validation-flow.test.js

@@ -2,10 +2,20 @@ const ValidationCore = require('../../src/index');
 
 describe('Validation Flow Component Tests @component', () => {
   let validationCore;
+  let oldSecret;
 
   beforeEach(() => {
+    oldSecret = process.env.VALIDATION_TOKEN_SECRET;
+    process.env.VALIDATION_TOKEN_SECRET = 'test-validation-secret';
     validationCore = new ValidationCore();
   });
+  afterEach(() => {
+    if (oldSecret === undefined) {
+      delete process.env.VALIDATION_TOKEN_SECRET;
+    } else {
+      process.env.VALIDATION_TOKEN_SECRET = oldSecret;
+    }
+  });
 
   describe('Complete validation workflow', () => {
     it('should perform full validation and generate token', async () => {

package/tests/integration/real-validation.test.js

@@ -4,10 +4,20 @@ const path = require('path');
 
 describe('ValidationCore Integration Tests @integration', () => {
   let validationCore;
+  let oldSecret;
 
   beforeEach(() => {
+    oldSecret = process.env.VALIDATION_TOKEN_SECRET;
+    process.env.VALIDATION_TOKEN_SECRET = 'test-validation-secret';
     validationCore = new ValidationCore();
   });
+  afterEach(() => {
+    if (oldSecret === undefined) {
+      delete process.env.VALIDATION_TOKEN_SECRET;
+    } else {
+      process.env.VALIDATION_TOKEN_SECRET = oldSecret;
+    }
+  });
 
   describe('Real service validation', () => {
     it('should validate a complete service configuration', async () => {
@@ -20,7 +30,7 @@ describe('ValidationCore Integration Tests @integration', () => {
             description: 'Simple hello/goodbye service'
           },
           servers: [
-            { url: 'http://localhost:3000', description: 'Local development' }
+            { url: 'http://127.0.0.1:3000', description: 'Local development' }
           ],
           paths: {
             '/health': {

package/tests/unit/ValidationCore.test.js

@@ -2,10 +2,20 @@ const ValidationCore = require('../../src/index');
 
 describe('ValidationCore Unit Tests @unit', () => {
   let validationCore;
+  let oldSecret;
 
   beforeEach(() => {
+    oldSecret = process.env.VALIDATION_TOKEN_SECRET;
+    process.env.VALIDATION_TOKEN_SECRET = 'test-validation-secret';
     validationCore = new ValidationCore();
   });
+  afterEach(() => {
+    if (oldSecret === undefined) {
+      delete process.env.VALIDATION_TOKEN_SECRET;
+    } else {
+      process.env.VALIDATION_TOKEN_SECRET = oldSecret;
+    }
+  });
 
   describe('constructor', () => {
     it('should initialize with default config', () => {