@plyaz/auth 1.0.0 → 1.0.2

package/src/tokens/token-validator.ts

@@ -2,30 +2,30 @@
 /**
  * @fileoverview Token validator for @plyaz/auth
  * @module @plyaz/auth/tokens/token-validator
- * 
+ *
  * @description
  * Provides comprehensive JWT token validation including signature verification,
  * expiration checks, blacklist validation, and issuer/audience verification.
  * Used by guards and middleware to validate incoming authentication tokens.
- * 
+ *
  * @example
  * ```typescript
  * import { TokenValidator } from '@plyaz/auth';
- * 
+ *
  * const validator = new TokenValidator({
  *   publicKey: 'your-public-key',
  *   issuer: 'plyaz.com',
  *   audience: 'plyaz-api'
  * });
- * 
+ *
  * const payload = await validator.validateToken(token);
  * ```
  */
 
-import type { JwtPayload, Algorithm } from 'jsonwebtoken';
-import { verify } from 'jsonwebtoken';
-import { TokenBlacklist } from '../core/blacklist/token.blacklist';
-import { Buffer } from 'buffer';
+import type { JwtPayload, Algorithm } from "jsonwebtoken";
+import { verify } from "jsonwebtoken";
+import { TokenBlacklist } from "../core/blacklist/token.blacklist";
+import { Buffer } from "buffer";
 
 /**
  * Token validation configuration
@@ -58,7 +58,7 @@ export interface ValidatedTokenPayload extends JwtPayload {
   /** User permissions */
   permissions?: string[];
   /** Token type */
-  type?: 'access' | 'refresh';
+  type?: "access" | "refresh";
 }
 
 /**
@@ -87,14 +87,17 @@ export class TokenValidator {
 
   constructor(config: TokenValidatorConfig) {
     this.config = {
-      algorithm: 'RS256',
+      algorithm: "RS256",
       clockTolerance: 30,
       enableBlacklist: true,
-      ...config
+      ...config,
     };
 
     if (this.config.enableBlacklist) {
-      this.blacklist = new TokenBlacklist({ keyPrefix: 'token:', defaultTTL: 3600 });
+      this.blacklist = new TokenBlacklist({
+        keyPrefix: "token:",
+        defaultTTL: 3600,
+      });
     }
   }
 
@@ -106,13 +109,19 @@ export class TokenValidator {
   async validateToken(token: string): Promise<TokenValidationResult> {
     try {
       // Basic format check
-      if (!token || typeof token !== 'string') {
-        return this.createErrorResult('INVALID_FORMAT', 'Token format is invalid');
+      if (!token || typeof token !== "string") {
+        return this.createErrorResult(
+          "INVALID_FORMAT",
+          "Token format is invalid",
+        );
       }
 
       // Check if token is blacklisted
-      if (this.blacklist && await this.blacklist.isBlacklisted(token)) {
-        return this.createErrorResult('TOKEN_REVOKED', 'Token has been revoked');
+      if (this.blacklist && (await this.blacklist.isBlacklisted(token))) {
+        return this.createErrorResult(
+          "TOKEN_REVOKED",
+          "Token has been revoked",
+        );
       }
 
       // Verify JWT signature and claims
@@ -120,7 +129,7 @@ export class TokenValidator {
         issuer: this.config.issuer,
         audience: this.config.audience,
         algorithms: [this.config.algorithm as Algorithm],
-        clockTolerance: this.config.clockTolerance
+        clockTolerance: this.config.clockTolerance,
       }) as ValidatedTokenPayload;
 
       // Additional payload validation
@@ -131,9 +140,8 @@ export class TokenValidator {
 
       return {
         valid: true,
-        payload
+        payload,
       };
-
     } catch (error) {
       return this.handleVerificationError(error as Error);
     }
@@ -146,11 +154,18 @@ export class TokenValidator {
    */
   async validateAccessToken(token: string): Promise<TokenValidationResult> {
     const result = await this.validateToken(token);
-    
-    if (result.valid && result.payload?.type && result.payload.type !== 'access') {
-      return this.createErrorResult('INVALID_TOKEN_TYPE', 'Expected access token');
+
+    if (
+      result.valid &&
+      result.payload?.type &&
+      result.payload.type !== "access"
+    ) {
+      return this.createErrorResult(
+        "INVALID_TOKEN_TYPE",
+        "Expected access token",
+      );
     }
-    
+
     return result;
   }
 
@@ -161,11 +176,18 @@ export class TokenValidator {
    */
   async validateRefreshToken(token: string): Promise<TokenValidationResult> {
     const result = await this.validateToken(token);
-    
-    if (result.valid && result.payload?.type && result.payload.type !== 'refresh') {
-      return this.createErrorResult('INVALID_TOKEN_TYPE', 'Expected refresh token');
+
+    if (
+      result.valid &&
+      result.payload?.type &&
+      result.payload.type !== "refresh"
+    ) {
+      return this.createErrorResult(
+        "INVALID_TOKEN_TYPE",
+        "Expected refresh token",
+      );
     }
-    
+
     return result;
   }
 
@@ -176,12 +198,12 @@ export class TokenValidator {
    */
   extractPayload(token: string): ValidatedTokenPayload | null {
     try {
-      const parts = token.split('.');
+      const parts = token.split(".");
       if (parts.length !== 3) {
         return null;
       }
 
-      const payload = JSON.parse(Buffer.from(parts[1], 'base64').toString());
+      const payload = JSON.parse(Buffer.from(parts[1], "base64").toString());
       return payload;
     } catch {
       return null;
@@ -195,7 +217,7 @@ export class TokenValidator {
    */
   isTokenExpired(token: string): boolean {
     const payload = this.extractPayload(token);
-    
+
     if (!payload?.exp) {
       return true;
     }
@@ -211,7 +233,7 @@ export class TokenValidator {
    */
   getTokenExpiration(token: string): Date | null {
     const payload = this.extractPayload(token);
-    
+
     if (!payload?.exp) {
       return null;
     }
@@ -226,14 +248,14 @@ export class TokenValidator {
    */
   getTimeUntilExpiration(token: string): number | null {
     const expiration = this.getTokenExpiration(token);
-    
+
     if (!expiration) {
       return null;
     }
 
     const now = Date.now();
     const timeUntilExpiry = expiration.getTime() - now;
-    
+
     return Math.max(0, Math.floor(timeUntilExpiry / 1000));
   }
 
@@ -243,28 +265,42 @@ export class TokenValidator {
    * @returns Error result if invalid, null if valid
    * @private
    */
-  private validatePayload(payload: ValidatedTokenPayload): TokenValidationResult | null {
+  private validatePayload(
+    payload: ValidatedTokenPayload,
+  ): TokenValidationResult | null {
     // Check required claims
     if (!payload.sub) {
-      return this.createErrorResult('MISSING_SUBJECT', 'Token missing subject claim');
+      return this.createErrorResult(
+        "MISSING_SUBJECT",
+        "Token missing subject claim",
+      );
     }
 
     if (!payload.iat) {
-      return this.createErrorResult('MISSING_ISSUED_AT', 'Token missing issued at claim');
+      return this.createErrorResult(
+        "MISSING_ISSUED_AT",
+        "Token missing issued at claim",
+      );
     }
 
     if (!payload.exp) {
-      return this.createErrorResult('MISSING_EXPIRATION', 'Token missing expiration claim');
+      return this.createErrorResult(
+        "MISSING_EXPIRATION",
+        "Token missing expiration claim",
+      );
     }
 
     // Validate issued at time (not in future)
     const now = Math.floor(Date.now() / 1000);
     if (payload.iat > now + this.config.clockTolerance) {
-      return this.createErrorResult('TOKEN_NOT_YET_VALID', 'Token issued in the future');
+      return this.createErrorResult(
+        "TOKEN_NOT_YET_VALID",
+        "Token issued in the future",
+      );
     }
 
     // Additional custom validations can be added here
-    
+
     return null;
   }
 
@@ -274,20 +310,36 @@ export class TokenValidator {
    * @returns Error result
    * @private
    */
-  private handleVerificationError(error : Error): TokenValidationResult {
-    if (error.name === 'TokenExpiredError') {
-      return this.createErrorResult('TOKEN_EXPIRED', 'Token has expired', error);
+  private handleVerificationError(error: Error): TokenValidationResult {
+    if (error.name === "TokenExpiredError") {
+      return this.createErrorResult(
+        "TOKEN_EXPIRED",
+        "Token has expired",
+        error,
+      );
     }
-    
-    if (error.name === 'JsonWebTokenError') {
-      return this.createErrorResult('INVALID_SIGNATURE', 'Token signature is invalid', error);
+
+    if (error.name === "JsonWebTokenError") {
+      return this.createErrorResult(
+        "INVALID_SIGNATURE",
+        "Token signature is invalid",
+        error,
+      );
     }
-    
-    if (error.name === 'NotBeforeError') {
-      return this.createErrorResult('TOKEN_NOT_YET_VALID', 'Token not yet valid', error);
+
+    if (error.name === "NotBeforeError") {
+      return this.createErrorResult(
+        "TOKEN_NOT_YET_VALID",
+        "Token not yet valid",
+        error,
+      );
     }
 
-    return this.createErrorResult('VALIDATION_FAILED', error.message ?? 'Token validation failed', error);
+    return this.createErrorResult(
+      "VALIDATION_FAILED",
+      error.message ?? "Token validation failed",
+      error,
+    );
   }
 
   /**
@@ -298,14 +350,18 @@ export class TokenValidator {
    * @returns Error result
    * @private
    */
-  private createErrorResult(code: string, message: string, details?: unknown): TokenValidationResult {
+  private createErrorResult(
+    code: string,
+    message: string,
+    details?: unknown,
+  ): TokenValidationResult {
     return {
       valid: false,
       error: {
         code,
         message,
-        details
-      }
+        details,
+      },
     };
   }
-}
+}

package/vitest.setup.d.ts

@@ -1,2 +1,2 @@
-import '@plyaz/devtools/configs/vitest.setup';
-//# sourceMappingURL=vitest.setup.d.ts.map
+import "@plyaz/devtools/configs/vitest.setup";
+//# sourceMappingURL=vitest.setup.d.ts.map

package/vitest.setup.ts

@@ -1 +1 @@
-import '@plyaz/devtools/configs/vitest.setup';
+import "@plyaz/devtools/configs/vitest.setup";