@plyaz/auth 1.0.0 → 1.0.2

package/src/session/cookie-store.ts

@@ -1,30 +1,34 @@
 /**
  * @fileoverview Cookie-based session store for @plyaz/auth
  * @module @plyaz/auth/session/cookie-store
- * 
+ *
  * @description
  * Implements session storage using HTTP cookies. Provides stateless session
  * management by storing session data directly in encrypted cookies.
  * Suitable for applications that don't require server-side session storage
  * or need to minimize server memory usage.
- * 
+ *
  * @example
  * ```typescript
  * import { CookieStore } from '@plyaz/auth';
- * 
+ *
  * const store = new CookieStore({
  *   secretKey: 'your-secret-key',
  *   cookieName: 'session',
  *   secure: true
  * });
- * 
+ *
  * await store.set('session_123', sessionData, 3600);
  * ```
  */
 
-import { NUMERIX } from '@plyaz/config';
-import type { SessionData, SessionStore, SessionStoreConfig } from '@plyaz/types';
-import {  createCipher, createDecipher } from 'crypto';
+import { NUMERIX } from "@plyaz/config";
+import type {
+  SessionData,
+  SessionStore,
+  SessionStoreConfig,
+} from "@plyaz/types";
+import { createCipher, createDecipher } from "crypto";
 
 /**
  * Cookie store configuration
@@ -43,7 +47,7 @@ export interface CookieStoreConfig extends Partial<SessionStoreConfig> {
   /** HttpOnly flag */
   httpOnly?: boolean;
   /** SameSite policy */
-  sameSite?: 'strict' | 'lax' | 'none';
+  sameSite?: "strict" | "lax" | "none";
 }
 
 /**
@@ -59,13 +63,13 @@ export class CookieStore implements SessionStore {
       defaultTTL: 3600,
       maxSessionsPerUser: 5,
       cleanupInterval: 300,
-      keyPrefix: 'session:',
-      domain: '',
-      path: '/',
+      keyPrefix: "session:",
+      domain: "",
+      path: "/",
       secure: true,
       httpOnly: true,
-      sameSite: 'lax',
-      ...config
+      sameSite: "lax",
+      ...config,
     };
   }
 
@@ -75,12 +79,16 @@ export class CookieStore implements SessionStore {
    * @param data - Session data to store
    * @param ttlSeconds - Time to live in seconds
    */
-  async set(sessionId: string, data: SessionData, ttlSeconds: number): Promise<void> {
+  async set(
+    sessionId: string,
+    data: SessionData,
+    ttlSeconds: number,
+  ): Promise<void> {
     // Store in memory for this implementation
     // In real implementation, this would set HTTP cookie
     this.sessions.set(sessionId, {
       ...data,
-      expiresAt: new Date(Date.now() + ttlSeconds * NUMERIX.THOUSAND)
+      expiresAt: new Date(Date.now() + ttlSeconds * NUMERIX.THOUSAND),
     });
 
     // Simulate cookie setting
@@ -94,7 +102,7 @@ export class CookieStore implements SessionStore {
    */
   async get(sessionId: string): Promise<SessionData | null> {
     const data = this.sessions.get(sessionId);
-    
+
     if (!data) {
       return null;
     }
@@ -125,14 +133,14 @@ export class CookieStore implements SessionStore {
    */
   async deleteByUserId(userId: string): Promise<number> {
     let deletedCount = 0;
-    
+
     for (const [sessionId, data] of this.sessions.entries()) {
       if (data.userId === userId) {
         await this.delete(sessionId);
         deletedCount++;
       }
     }
-    
+
     return deletedCount;
   }
 
@@ -165,13 +173,13 @@ export class CookieStore implements SessionStore {
    */
   async getByUserId(userId: string): Promise<SessionData[]> {
     const userSessions: SessionData[] = [];
-    
+
     for (const data of this.sessions.values()) {
       if (data.userId === userId && data.expiresAt > new Date()) {
         userSessions.push(data);
       }
     }
-    
+
     return userSessions;
   }
 
@@ -182,14 +190,14 @@ export class CookieStore implements SessionStore {
   async cleanup(): Promise<number> {
     let cleanedCount = 0;
     const now = new Date();
-    
+
     for (const [sessionId, data] of this.sessions.entries()) {
       if (data.expiresAt < now) {
         await this.delete(sessionId);
         cleanedCount++;
       }
     }
-    
+
     return cleanedCount;
   }
 
@@ -210,9 +218,9 @@ export class CookieStore implements SessionStore {
    * @private
    */
   private encrypt(data: string): string {
-    const cipher = createCipher('aes-256-cbc', this.config.secretKey);
-    let encrypted = cipher.update(data, 'utf8', 'hex');
-    encrypted += cipher.final('hex');
+    const cipher = createCipher("aes-256-cbc", this.config.secretKey);
+    let encrypted = cipher.update(data, "utf8", "hex");
+    encrypted += cipher.final("hex");
     return encrypted;
   }
 
@@ -223,9 +231,9 @@ export class CookieStore implements SessionStore {
    * @private
    */
   private decrypt(encryptedData: string): string {
-    const decipher = createDecipher('aes-256-cbc', this.config.secretKey);
-    let decrypted = decipher.update(encryptedData, 'hex', 'utf8');
-    decrypted += decipher.final('utf8');
+    const decipher = createDecipher("aes-256-cbc", this.config.secretKey);
+    let decrypted = decipher.update(encryptedData, "hex", "utf8");
+    decrypted += decipher.final("utf8");
     return decrypted;
   }
 
@@ -236,10 +244,16 @@ export class CookieStore implements SessionStore {
    * @param ttlSeconds - Time to live in seconds
    * @private
    */
-  private setCookie(sessionId: string, data: SessionData, ttlSeconds: number): void {
+  private setCookie(
+    sessionId: string,
+    data: SessionData,
+    ttlSeconds: number,
+  ): void {
     // Mock implementation - in real app this would use response.cookie()
     const encryptedData = this.encrypt(JSON.stringify(data));
-    globalThis.console.log(`Setting cookie: ${this.config.cookieName}=${encryptedData}; Max-Age=${ttlSeconds}`);
+    globalThis.console.log(
+      `Setting cookie: ${this.config.cookieName}=${encryptedData}; Max-Age=${ttlSeconds}`,
+    );
   }
 
   /**
@@ -247,9 +261,8 @@ export class CookieStore implements SessionStore {
    * @param sessionId - Session identifier
    * @private
    */
-  private clearCookie(sessionId:string): void {
-    globalThis.console.log('session_id',sessionId)
+  private clearCookie(sessionId: string): void {
+    globalThis.console.log("session_id", sessionId);
     // Mock implementation - in real app this would use response.clearCookie()
-  
   }
-}
+}

package/src/session/enhanced-session-manager.ts

@@ -1,32 +1,31 @@
 /**
  * @fileoverview Enhanced session manager for @plyaz/auth
  * @module @plyaz/auth/session/enhanced-session-manager
- * 
+ *
  * @description
  * Enhanced session manager that implements all documented session management
  * methods. Provides comprehensive session lifecycle management including
  * CSRF token generation, concurrent session detection, and session validation.
  * Uses pluggable session stores for flexible storage backends.
- * 
+ *
  * @example
  * ```typescript
  * import { EnhancedSessionManager, MemoryStore } from '@plyaz/auth';
- * 
+ *
  * const sessionManager = new EnhancedSessionManager({
  *   store: new MemoryStore(),
  *   sessionTTL: 3600,
  *   maxConcurrentSessions: 5
  * });
- * 
+ *
  * const session = await sessionManager.createSession(userContext, sessionData);
  * ```
  */
 
-
-import type { Session, SessionData, SessionStore } from '@plyaz/types';
-import { randomBytes } from 'crypto';
-import { CSRFProtection } from '../security';
-import { NUMERIX } from '@plyaz/config';
+import type { Session, SessionData, SessionStore } from "@plyaz/types";
+import { randomBytes } from "crypto";
+import { CSRFProtection } from "../security";
+import { NUMERIX } from "@plyaz/config";
 
 /**
  * User context for session creation
@@ -85,7 +84,9 @@ export class EnhancedSessionManager {
   private readonly store: SessionStore;
   private readonly csrfProtection: CSRFProtection;
 
-  constructor(config: Partial<EnhancedSessionManagerConfig> & { store: SessionStore }) {
+  constructor(
+    config: Partial<EnhancedSessionManagerConfig> & { store: SessionStore },
+  ) {
     this.config = {
       sessionTTL: 3600,
       maxConcurrentSessions: 5,
@@ -93,7 +94,7 @@ export class EnhancedSessionManager {
       csrfTTL: 3600,
       enableRefresh: true,
       refreshThreshold: 300, // 5 minutes
-      ...config
+      ...config,
     };
 
     this.store = config.store;
@@ -107,17 +108,22 @@ export class EnhancedSessionManager {
    * @param sessionData - Session creation data
    * @returns Created session
    */
-  async createSession(userContext: UserContext, sessionData: SessionCreationData = {}): Promise<Session> {
+  async createSession(
+    userContext: UserContext,
+    sessionData: SessionCreationData = {},
+  ): Promise<Session> {
     // Generate unique session ID
     const sessionId = this.generateSessionId();
-    
+
     // Enforce session limits
     await this.enforceSessionLimits(userContext.userId);
 
     // Create session data
     const now = new Date();
-    const expiresAt = new Date(now.getTime() + this.config.sessionTTL * NUMERIX.THOUSAND);
-    
+    const expiresAt = new Date(
+      now.getTime() + this.config.sessionTTL * NUMERIX.THOUSAND,
+    );
+
     const session: SessionData = {
       id: sessionId,
       userId: userContext.userId,
@@ -130,8 +136,8 @@ export class EnhancedSessionManager {
         ...sessionData.metadata,
         deviceInfo: sessionData.deviceInfo,
         userRoles: userContext.roles,
-        userEmail: userContext.email
-      }
+        userEmail: userContext.email,
+      },
     };
 
     // Store session
@@ -146,7 +152,7 @@ export class EnhancedSessionManager {
     return {
       id: sessionId,
       userId: userContext.userId,
-      provider: 'enhanced-session-manager',
+      provider: "enhanced-session-manager",
       providerSessionId: sessionId,
       expiresAt,
       createdAt: now,
@@ -155,8 +161,8 @@ export class EnhancedSessionManager {
       userAgent: sessionData.userAgent,
       metadata: {
         ...session.metadata,
-        csrfToken
-      }
+        csrfToken,
+      },
     };
   }
 
@@ -167,7 +173,7 @@ export class EnhancedSessionManager {
    */
   async getSession(sessionId: string): Promise<Session | null> {
     const sessionData = await this.store.get(sessionId);
-    
+
     if (!sessionData) {
       return null;
     }
@@ -181,25 +187,33 @@ export class EnhancedSessionManager {
    * @param updates - Partial session updates
    * @returns Updated session
    */
-  async updateSession(sessionId: string, updates: Partial<SessionData>): Promise<Session> {
+  async updateSession(
+    sessionId: string,
+    updates: Partial<SessionData>,
+  ): Promise<Session> {
     const existingSession = await this.store.get(sessionId);
-    
+
     if (!existingSession) {
-      throw new Error('Session not found');
+      throw new Error("Session not found");
     }
 
     // Merge updates
     const updatedSession: SessionData = {
       ...existingSession,
       ...updates,
-      lastActivityAt: new Date()
+      lastActivityAt: new Date(),
     };
 
     // Calculate remaining TTL
-    const remainingTTL = Math.max(0, Math.floor((updatedSession.expiresAt.getTime() - Date.now()) / NUMERIX.THOUSAND));
-    
+    const remainingTTL = Math.max(
+      0,
+      Math.floor(
+        (updatedSession.expiresAt.getTime() - Date.now()) / NUMERIX.THOUSAND,
+      ),
+    );
+
     if (remainingTTL <= 0) {
-      throw new Error('Session has expired');
+      throw new Error("Session has expired");
     }
 
     // Store updated session
@@ -214,7 +228,7 @@ export class EnhancedSessionManager {
    */
   async deleteSession(sessionId: string): Promise<void> {
     await this.store.delete(sessionId);
-    
+
     // Remove CSRF token if enabled
     if (this.config.enableCSRF) {
       this.csrfProtection.removeToken(sessionId);
@@ -228,19 +242,21 @@ export class EnhancedSessionManager {
    */
   async refreshSession(sessionId: string): Promise<Session> {
     const sessionData = await this.store.get(sessionId);
-    
+
     if (!sessionData) {
-      throw new Error('Session not found');
+      throw new Error("Session not found");
     }
 
     // Extend expiry
     const now = new Date();
-    const newExpiresAt = new Date(now.getTime() + this.config.sessionTTL * NUMERIX.THOUSAND);
-    
+    const newExpiresAt = new Date(
+      now.getTime() + this.config.sessionTTL * NUMERIX.THOUSAND,
+    );
+
     const refreshedSession: SessionData = {
       ...sessionData,
       expiresAt: newExpiresAt,
-      lastActivityAt: now
+      lastActivityAt: now,
     };
 
     // Store refreshed session
@@ -256,7 +272,7 @@ export class EnhancedSessionManager {
    */
   async validateSession(sessionId: string): Promise<boolean> {
     const sessionData = await this.store.get(sessionId);
-    
+
     if (!sessionData) {
       return false;
     }
@@ -288,8 +304,10 @@ export class EnhancedSessionManager {
    */
   async detectConcurrentSessions(userId: string): Promise<Session[]> {
     const sessionDataArray = await this.store.getByUserId(userId);
-    
-    return sessionDataArray.map(sessionData => this.mapSessionDataToSession(sessionData));
+
+    return sessionDataArray.map((sessionData) =>
+      this.mapSessionDataToSession(sessionData),
+    );
   }
 
   /**
@@ -298,13 +316,16 @@ export class EnhancedSessionManager {
    */
   async enforceSessionLimits(userId: string): Promise<void> {
     const userSessions = await this.store.getByUserId(userId);
-    
+
     if (userSessions.length >= this.config.maxConcurrentSessions) {
       // Sort by last activity (oldest first)
-      userSessions.sort((a, b) => a.lastActivityAt.getTime() - b.lastActivityAt.getTime());
-      
+      userSessions.sort(
+        (a, b) => a.lastActivityAt.getTime() - b.lastActivityAt.getTime(),
+      );
+
       // Remove oldest sessions to make room
-      const sessionsToRemove = userSessions.length - this.config.maxConcurrentSessions + 1;
+      const sessionsToRemove =
+        userSessions.length - this.config.maxConcurrentSessions + 1;
       for (let i = 0; i < sessionsToRemove; i++) {
         await this.deleteSession(userSessions[i].id);
       }
@@ -318,7 +339,7 @@ export class EnhancedSessionManager {
    */
   async generateCsrfToken(sessionId: string): Promise<string> {
     if (!this.config.enableCSRF) {
-      throw new Error('CSRF protection is disabled');
+      throw new Error("CSRF protection is disabled");
     }
 
     return this.csrfProtection.generateToken(sessionId);
@@ -349,7 +370,7 @@ export class EnhancedSessionManager {
     }
 
     const sessionData = await this.store.get(sessionId);
-    
+
     if (!sessionData) {
       return false;
     }
@@ -369,7 +390,7 @@ export class EnhancedSessionManager {
     // This would require additional tracking in a real implementation
     return {
       totalSessions: 0, // Would need to scan all sessions
-      activeUsers: 0    // Would need to count unique user IDs
+      activeUsers: 0, // Would need to count unique user IDs
     };
   }
 
@@ -380,7 +401,7 @@ export class EnhancedSessionManager {
    */
   private generateSessionId(): string {
     const randomBytesNumber = 32;
-    return randomBytes(randomBytesNumber).toString('hex');
+    return randomBytes(randomBytesNumber).toString("hex");
   }
 
   /**
@@ -393,14 +414,14 @@ export class EnhancedSessionManager {
     return {
       id: sessionData.id,
       userId: sessionData.userId,
-      provider: 'enhanced-session-manager',
+      provider: "enhanced-session-manager",
       providerSessionId: sessionData.id,
       expiresAt: sessionData.expiresAt,
       createdAt: sessionData.createdAt,
       lastActivityAt: sessionData.lastActivityAt,
       ipAddress: sessionData.ipAddress,
       userAgent: sessionData.userAgent,
-      metadata: sessionData.metadata
+      metadata: sessionData.metadata,
     };
   }
-}
+}

package/src/session/index.ts

@@ -1,14 +1,14 @@
 /**
  * @fileoverview Session management barrel export for @plyaz/auth
  * @module @plyaz/auth/session
- * 
+ *
  * @description
  * Centralized export of all session management components including
  * session stores, interfaces, and the enhanced session manager.
  * Provides a single import point for all session-related functionality.
  */
 
-export * from './cookie-store';
-export * from './memory-store';
-export * from './redis-store';
-export * from './enhanced-session-manager';
+export * from "./cookie-store";
+export * from "./memory-store";
+export * from "./redis-store";
+export * from "./enhanced-session-manager";