npm - @plyaz/auth - Versions diffs - 1.0.0 → 1.0.2 - Mend

@plyaz/auth 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (99) hide show

package/commits.txt +3 -3
package/dist/common/index.cjs +3 -1
package/dist/common/index.cjs.map +1 -1
package/dist/common/index.mjs +3 -1
package/dist/common/index.mjs.map +1 -1
package/dist/index.cjs +424 -154
package/dist/index.cjs.map +1 -1
package/dist/index.mjs +421 -152
package/dist/index.mjs.map +1 -1
package/package.json +2 -1
package/release_message.txt +28 -0
package/src/adapters/auth-adapter-factory.ts +4 -3
package/src/adapters/auth-adapter.mapper.ts +2 -2
package/src/adapters/base-auth.adapter.ts +17 -9
package/src/adapters/clerk/clerk.adapter.ts +9 -12
package/src/adapters/custom/custom.adapter.ts +19 -10
package/src/adapters/index.ts +0 -1
package/src/adapters/next-auth/authOptions.ts +20 -16
package/src/adapters/next-auth/next-auth.adapter.ts +13 -15
package/src/api/client.ts +4 -6
package/src/audit/audit.logger.ts +19 -10
package/src/client/components/ProtectedRoute.tsx +15 -11
package/src/client/hooks/useAuth.ts +23 -21
package/src/client/hooks/useConnectedAccounts.ts +57 -45
package/src/client/hooks/usePermissions.ts +1 -1
package/src/client/hooks/useRBAC.ts +6 -6
package/src/client/hooks/useSession.ts +5 -5
package/src/client/providers/AuthProvider.tsx +23 -17
package/src/client/store/auth.store.ts +71 -62
package/src/client/utils/storage.ts +45 -18
package/src/common/constants/oauth-providers.ts +10 -7
package/src/common/errors/auth.errors.ts +4 -4
package/src/common/errors/specific-auth-errors.ts +5 -9
package/src/common/regex/index.ts +6 -4
package/src/common/types/auth.types.ts +47 -38
package/src/common/types/index.ts +12 -6
package/src/common/utils/index.ts +15 -11
package/src/core/blacklist/token.blacklist.ts +13 -7
package/src/core/index.ts +2 -2
package/src/core/jwt/jwt.manager.ts +47 -22
package/src/core/session/session.manager.ts +17 -14
package/src/db/repositories/connected-account.repository.ts +120 -78
package/src/db/repositories/role.repository.ts +41 -26
package/src/db/repositories/session.repository.ts +9 -10
package/src/db/repositories/user.repository.ts +105 -91
package/src/flows/index.ts +2 -2
package/src/flows/sign-in.flow.ts +28 -14
package/src/flows/sign-up.flow.ts +31 -20
package/src/index.ts +36 -37
package/src/libs/clerk.helper.ts +6 -7
package/src/libs/supabase.helper.ts +79 -61
package/src/libs/supabaseClient.ts +3 -3
package/src/providers/base/auth-provider.interface.ts +13 -11
package/src/providers/base/index.ts +1 -1
package/src/providers/index.ts +1 -1
package/src/providers/oauth/facebook.provider.ts +63 -39
package/src/providers/oauth/github.provider.ts +14 -10
package/src/providers/oauth/google.provider.ts +39 -28
package/src/providers/oauth/index.ts +1 -1
package/src/rbac/dynamic-roles.ts +88 -54
package/src/rbac/index.ts +4 -4
package/src/rbac/permission-checker.ts +147 -75
package/src/rbac/role-hierarchy.ts +8 -8
package/src/rbac/role.manager.ts +11 -8
package/src/security/csrf/csrf.protection.ts +9 -7
package/src/security/index.ts +2 -2
package/src/security/rate-limiting/auth/auth.controller.ts +2 -4
package/src/security/rate-limiting/auth/rate-limiting.interface.ts +26 -6
package/src/security/rate-limiting/auth.module.ts +1 -2
package/src/server/auth.module.ts +55 -52
package/src/server/decorators/auth.decorator.ts +9 -11
package/src/server/decorators/auth.decorators.ts +8 -9
package/src/server/decorators/current-user.decorator.ts +6 -6
package/src/server/decorators/permission.decorator.ts +17 -9
package/src/server/guards/auth.guard.ts +21 -16
package/src/server/guards/custom-throttler.guard.ts +4 -9
package/src/server/guards/permissions.guard.ts +32 -23
package/src/server/guards/roles.guard.ts +14 -12
package/src/server/middleware/auth.middleware.ts +4 -4
package/src/server/middleware/session.middleware.ts +4 -4
package/src/server/services/account.service.ts +96 -48
package/src/server/services/auth.service.ts +57 -28
package/src/server/services/brute-force.service.ts +24 -19
package/src/server/services/index.ts +1 -1
package/src/server/services/rate-limiter.service.ts +9 -4
package/src/server/services/session.service.ts +84 -48
package/src/server/services/token.service.ts +71 -51
package/src/session/cookie-store.ts +47 -34
package/src/session/enhanced-session-manager.ts +69 -48
package/src/session/index.ts +5 -5
package/src/session/memory-store.ts +37 -30
package/src/session/redis-store.ts +105 -72
package/src/strategies/oauth.strategy.ts +10 -9
package/src/strategies/traditional-auth.strategy.ts +41 -29
package/src/tokens/index.ts +4 -4
package/src/tokens/refresh-token-manager.ts +70 -55
package/src/tokens/token-validator.ts +109 -53
package/vitest.setup.d.ts +2 -2
package/vitest.setup.ts +1 -1

package/src/core/blacklist/token.blacklist.ts CHANGED Viewed

@@ -12,7 +12,7 @@ export class TokenBlacklist {
   async add(tokenId: string, expiresAt: number): Promise<void> {
     const ttl = Math.max(0, expiresAt - Date.now());
     this.blacklistedTokens.set(tokenId, Date.now() + ttl);
     // Auto-cleanup expired tokens
     globalThis.setTimeout(() => {
       this.blacklistedTokens.delete(tokenId);
@@ -26,26 +26,32 @@ export class TokenBlacklist {
   async isBlacklisted(tokenId: string): Promise<boolean> {
     const expiry = this.blacklistedTokens.get(tokenId);
     if (!expiry) return false;
     if (expiry < Date.now()) {
       this.blacklistedTokens.delete(tokenId);
       return false;
     }
     return true;
   }
-  async blacklistAllUserTokens(userId: string, issuedBefore: number): Promise<void> {
+  async blacklistAllUserTokens(
+    userId: string,
+    issuedBefore: number,
+  ): Promise<void> {
     // In production, this would use Redis with a user-specific key
     // For now, we'll use a simple approach
     const userKey = `user:${userId}:blacklist_before`;
     this.blacklistedTokens.set(userKey, issuedBefore);
   }
-  async isUserTokenBlacklisted(userId: string, tokenIssuedAt: number): Promise<boolean> {
+  async isUserTokenBlacklisted(
+    userId: string,
+    tokenIssuedAt: number,
+  ): Promise<boolean> {
     const userKey = `user:${userId}:blacklist_before`;
     const blacklistBefore = this.blacklistedTokens.get(userKey);
     return blacklistBefore ? tokenIssuedAt < blacklistBefore : false;
   }
@@ -57,4 +63,4 @@ export class TokenBlacklist {
       }
     });
   }
-}
+}

package/src/core/index.ts CHANGED Viewed

@@ -1,2 +1,2 @@
-export * from './jwt/jwt.manager';
-export * from './session/session.manager';
+export * from "./jwt/jwt.manager";
+export * from "./session/session.manager";

package/src/core/jwt/jwt.manager.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { sign, verify, type JwtPayload, type SignOptions } from "jsonwebtoken";
-import type { AuthTokens } from '@plyaz/types';
+import type { AuthTokens } from "@plyaz/types";
 import { NUMERIX } from "@plyaz/config";
 // Define the token payload interface
@@ -12,7 +12,6 @@ export interface TokenPayload extends JwtPayload {
 // Define the StringValue type to match what jsonwebtoken expects
 type StringValue = `${number}s` | `${number}m` | `${number}h` | `${number}d`;
 export class JwtManager {
   private config: {
     privateKey: string;
@@ -24,7 +23,7 @@ export class JwtManager {
   constructor(
     config: typeof JwtManager.prototype.config,
-    algorithm: "RS256" | "HS256" | "ES256" | "HS512"
+    algorithm: "RS256" | "HS256" | "ES256" | "HS512",
   ) {
     this.config = config;
     this.algorithm = algorithm;
@@ -35,7 +34,7 @@ export class JwtManager {
   // -------------------
   private generateToken(
     payload: Omit<TokenPayload, "iss" | "aud" | "iat" | "exp">,
-    expiresIn: string | number = "1h"
+    expiresIn: string | number = "1h",
   ): string {
     const signOptions: SignOptions = {
       algorithm: this.algorithm,
@@ -50,20 +49,31 @@ export class JwtManager {
   generateTokens(
     user: { id: string },
     accessTokenExpiry: string | number = "1h",
-    refreshTokenExpiry: string | number = "7d"
+    refreshTokenExpiry: string | number = "7d",
   ): AuthTokens {
-    const accessToken = this.generateToken({ sub: user.id, type: "access" }, accessTokenExpiry);
-    const refreshToken = this.generateToken({ sub: user.id, type: "refresh" }, refreshTokenExpiry);
+    const accessToken = this.generateToken(
+      { sub: user.id, type: "access" },
+      accessTokenExpiry,
+    );
+    const refreshToken = this.generateToken(
+      { sub: user.id, type: "refresh" },
+      refreshTokenExpiry,
+    );
     // Calculate the actual expiration time in seconds
     let expiresIn: number;
-    if (typeof accessTokenExpiry === 'string') {
+    if (typeof accessTokenExpiry === "string") {
       // Parse time strings like "1h", "30m", etc.
       const match = accessTokenExpiry.match(/^(\d+)([smhd])$/);
       if (match) {
         const value = globalThis.parseInt(match[1], NUMERIX.TEN);
         const unit = match[2];
-        const multipliers: Record<string, number> = { s: 1, m: 60, h: 3600, d: 86400 };
+        const multipliers: Record<string, number> = {
+          s: 1,
+          m: 60,
+          h: 3600,
+          d: 86400,
+        };
         expiresIn = value * multipliers[unit];
       } else {
         expiresIn = NUMERIX.THIRTY_SIX_HUNDERD; // Default to 1 hour
@@ -72,48 +82,63 @@ export class JwtManager {
       expiresIn = accessTokenExpiry;
     }
-    return {
-      accessToken,
+    return {
+      accessToken,
       refreshToken,
       expiresIn,
-      tokenType: "Bearer"
+      tokenType: "Bearer",
     };
   }
   // Generate access token
-  generateAccessToken(userId: string, expiresIn: string | number = "1h"): string {
+  generateAccessToken(
+    userId: string,
+    expiresIn: string | number = "1h",
+  ): string {
     return this.generateToken({ sub: userId, type: "access" }, expiresIn);
   }
   // Generate refresh token
-  generateRefreshToken(userId: string, expiresIn: string | number = "7d"): string {
+  generateRefreshToken(
+    userId: string,
+    expiresIn: string | number = "7d",
+  ): string {
     return this.generateToken({ sub: userId, type: "refresh" }, expiresIn);
   }
   // Generate verification token (email confirmation)
-  generateVerificationToken(userId: string, expiresIn: string | number = "24h"): string {
+  generateVerificationToken(
+    userId: string,
+    expiresIn: string | number = "24h",
+  ): string {
     return this.generateToken({ sub: userId, type: "verification" }, expiresIn);
   }
   // -------------------
   // Token Verification
   // -------------------
-  private verifyToken(token: string, tokenType: "access" | "refresh" | "verification"): TokenPayload {
+  private verifyToken(
+    token: string,
+    tokenType: "access" | "refresh" | "verification",
+  ): TokenPayload {
     const decoded = verify(token, this.config.publicKey, {
       algorithms: [this.algorithm],
       issuer: this.config.issuer,
       audience: this.config.audience,
     });
-    if (typeof decoded === "string") throw new Error(`Invalid ${tokenType} token payload`);
+    if (typeof decoded === "string")
+      throw new Error(`Invalid ${tokenType} token payload`);
     const payload = decoded as JwtPayload;
     // Verify the token type
     if (payload.type !== tokenType) {
-      throw new Error(`Invalid token type. Expected ${tokenType}, got ${payload.type}`);
+      throw new Error(
+        `Invalid token type. Expected ${tokenType}, got ${payload.type}`,
+      );
     }
     return payload as TokenPayload;
   }
@@ -128,4 +153,4 @@ export class JwtManager {
   verifyVerificationToken(token: string): TokenPayload {
     return this.verifyToken(token, "verification");
   }
-}
+}

package/src/core/session/session.manager.ts CHANGED Viewed

@@ -1,22 +1,27 @@
-import type { Session, SessionRepository, SessionConfig, CreateSessionData } from '@plyaz/types';
+import type {
+  Session,
+  SessionRepository,
+  SessionConfig,
+  CreateSessionData,
+} from "@plyaz/types";
 export class SessionManager {
   constructor(
     private sessionRepo: SessionRepository,
-    private config: SessionConfig
+    private config: SessionConfig,
   ) {}
-  async createSession(userId: string, deviceInfo: Record<string,unknown>): Promise<Session> {
+  async createSession(
+    userId: string,
+    deviceInfo: Record<string, unknown>,
+  ): Promise<Session> {
     await this.enforceSessionLimits(userId);
     const sessionData: CreateSessionData = {
       userId,
-      provider: 'default',
+      provider: "default",
       expiresAt: new Date(Date.now() + this.config.sessionTTL),
-      metadata:deviceInfo,
+      metadata: deviceInfo,
     };
     return this.sessionRepo.create(sessionData);
@@ -45,12 +50,10 @@ export class SessionManager {
   private async enforceSessionLimits(userId: string): Promise<void> {
     const sessions = await this.sessionRepo.findByUserId(userId);
     if (sessions.length >= this.config.maxConcurrentSessions) {
-      const oldestSession = sessions.sort((a, b) =>
-        a.lastActivityAt.getTime() - b.lastActivityAt.getTime()
+      const oldestSession = sessions.sort(
+        (a, b) => a.lastActivityAt.getTime() - b.lastActivityAt.getTime(),
       )[0];
       await this.sessionRepo.delete(oldestSession.id);
     }
   }
-}
+}