@plyaz/auth 1.0.0

package/src/server/services/token.service.ts

@@ -0,0 +1,262 @@
+/**
+ * @fileoverview Token service for @plyaz/auth
+ * @module @plyaz/auth/server/services/token-service
+ * 
+ * @description
+ * NestJS service for token management operations. Provides high-level
+ * token operations including validation, refresh, and revocation.
+ * Wraps TokenValidator and RefreshTokenManager with NestJS integration.
+ * 
+ * @example
+ * ```typescript
+ * import { TokenService } from '@plyaz/auth';
+ * 
+ * @Injectable()
+ * export class AuthService {
+ *   constructor(private tokenService: TokenService) {}
+ * 
+ *   async validateRequest(token: string) {
+ *     return await this.tokenService.validateAccessToken(token);
+ *   }
+ * }
+ * ```
+ */
+
+import { Injectable, Logger } from '@nestjs/common';
+import type { TokenValidator, ValidatedTokenPayload, TokenValidationResult } from '../../tokens/token-validator';
+import type { RefreshTokenManager, TokenPair } from '../../tokens/refresh-token-manager';
+
+/**
+ * Token service implementation
+ * Provides token management operations for NestJS applications
+ */
+@Injectable()
+export class TokenService {
+  private readonly logger = new Logger(TokenService.name);
+
+  constructor(
+    private tokenValidator: TokenValidator,
+    private refreshTokenManager: RefreshTokenManager
+  ) {}
+
+  /**
+   * Validate access token
+   * @param token - Access token to validate
+   * @returns Validation result with payload or error
+   */
+  async validateAccessToken(token: string): Promise<TokenValidationResult> {
+    this.logger.debug('Validating access token');
+    
+    try {
+      const result = await this.tokenValidator.validateAccessToken(token);
+      
+      if (!result.valid) {
+        this.logger.warn(`Access token validation failed: ${result.error?.message}`);
+      }
+      
+      return result;
+    } catch (error) {
+      this.logger.error('Failed to validate access token', error);
+      return {
+        valid: false,
+        error: {
+          code: 'VALIDATION_ERROR',
+          message: 'Token validation failed'
+        }
+      };
+    }
+  }
+
+  /**
+   * Validate refresh token
+   * @param token - Refresh token to validate
+   * @returns Validation result with payload or error
+   */
+  async validateRefreshToken(token: string): Promise<TokenValidationResult> {
+    this.logger.debug('Validating refresh token');
+    
+    try {
+      const result = await this.tokenValidator.validateRefreshToken(token);
+      
+      if (!result.valid) {
+        this.logger.warn(`Refresh token validation failed: ${result.error?.message}`);
+      }
+      
+      return result;
+    } catch (error) {
+      this.logger.error('Failed to validate refresh token', error);
+      return {
+        valid: false,
+        error: {
+          code: 'VALIDATION_ERROR',
+          message: 'Token validation failed'
+        }
+      };
+    }
+  }
+
+  /**
+   * Generate new token pair
+   * @param userId - User identifier
+   * @param sessionId - Session identifier
+   * @param userRoles - User roles for access token
+   * @param userPermissions - User permissions for access token
+   * @returns Token pair
+   */
+  async generateTokenPair(
+    userId: string,
+    sessionId: string,
+    userRoles?: string[],
+    userPermissions?: string[]
+  ): Promise<TokenPair> {
+    this.logger.debug(`Generating token pair for user: ${userId}`);
+    
+    try {
+      const tokenPair = await this.refreshTokenManager.generateTokenPair(
+        userId,
+        sessionId,
+        userRoles,
+        userPermissions
+      );
+      
+      this.logger.log(`Token pair generated for user: ${userId}`);
+      return tokenPair;
+    } catch (error) {
+      this.logger.error(`Failed to generate token pair for user: ${userId}`, error);
+      throw error;
+    }
+  }
+
+  /**
+   * Refresh token pair using refresh token
+   * @param refreshToken - Current refresh token
+   * @param userRoles - Updated user roles
+   * @param userPermissions - Updated user permissions
+   * @returns New token pair
+   */
+  async refreshTokenPair(
+    refreshToken: string,
+    userRoles?: string[],
+    userPermissions?: string[]
+  ): Promise<TokenPair> {
+    this.logger.debug('Refreshing token pair');
+    
+    try {
+      const tokenPair = await this.refreshTokenManager.refreshTokenPair(
+        refreshToken,
+        userRoles,
+        userPermissions
+      );
+      
+      this.logger.log('Token pair refreshed successfully');
+      return tokenPair;
+    } catch (error) {
+      this.logger.error('Failed to refresh token pair', error);
+      throw error;
+    }
+  }
+
+  /**
+   * Revoke refresh token
+   * @param refreshToken - Refresh token to revoke
+   */
+  async revokeRefreshToken(refreshToken: string): Promise<void> {
+    this.logger.debug('Revoking refresh token');
+    
+    try {
+      await this.refreshTokenManager.revokeRefreshToken(refreshToken);
+      this.logger.log('Refresh token revoked successfully');
+    } catch (error) {
+      this.logger.error('Failed to revoke refresh token', error);
+      throw error;
+    }
+  }
+
+  /**
+   * Revoke all refresh tokens for a user
+   * @param userId - User identifier
+   */
+  async revokeAllUserTokens(userId: string): Promise<void> {
+    this.logger.debug(`Revoking all tokens for user: ${userId}`);
+    
+    try {
+      await this.refreshTokenManager.revokeAllUserTokens(userId);
+      this.logger.log(`All tokens revoked for user: ${userId}`);
+    } catch (error) {
+      this.logger.error(`Failed to revoke all tokens for user: ${userId}`, error);
+      throw error;
+    }
+  }
+
+  /**
+   * Revoke all refresh tokens for a session
+   * @param sessionId - Session identifier
+   */
+  async revokeSessionTokens(sessionId: string): Promise<void> {
+    this.logger.debug(`Revoking tokens for session: ${sessionId}`);
+    
+    try {
+      await this.refreshTokenManager.revokeSessionTokens(sessionId);
+      this.logger.log(`Tokens revoked for session: ${sessionId}`);
+    } catch (error) {
+      this.logger.error(`Failed to revoke tokens for session: ${sessionId}`, error);
+      throw error;
+    }
+  }
+
+  /**
+   * Extract token payload without validation
+   * @param token - JWT token
+   * @returns Decoded payload or null
+   */
+  extractTokenPayload(token: string): ValidatedTokenPayload | null {
+    try {
+      return this.tokenValidator.extractPayload(token);
+    } catch (error) {
+      this.logger.error('Failed to extract token payload', error);
+      return null;
+    }
+  }
+
+  /**
+   * Check if token is expired
+   * @param token - JWT token
+   * @returns True if token is expired
+   */
+  isTokenExpired(token: string): boolean {
+    try {
+      return this.tokenValidator.isTokenExpired(token);
+    } catch (error) {
+      this.logger.error('Failed to check token expiration', error);
+      return true;
+    }
+  }
+
+  /**
+   * Get token expiration time
+   * @param token - JWT token
+   * @returns Expiration date or null
+   */
+  getTokenExpiration(token: string): Date | null {
+    try {
+      return this.tokenValidator.getTokenExpiration(token);
+    } catch (error) {
+      this.logger.error('Failed to get token expiration', error);
+      return null;
+    }
+  }
+
+  /**
+   * Get time until token expires
+   * @param token - JWT token
+   * @returns Seconds until expiration or null
+   */
+  getTimeUntilExpiration(token: string): number | null {
+    try {
+      return this.tokenValidator.getTimeUntilExpiration(token);
+    } catch (error) {
+      this.logger.error('Failed to get time until expiration', error);
+      return null;
+    }
+  }
+}

package/src/session/cookie-store.ts

@@ -0,0 +1,255 @@
+/**
+ * @fileoverview Cookie-based session store for @plyaz/auth
+ * @module @plyaz/auth/session/cookie-store
+ * 
+ * @description
+ * Implements session storage using HTTP cookies. Provides stateless session
+ * management by storing session data directly in encrypted cookies.
+ * Suitable for applications that don't require server-side session storage
+ * or need to minimize server memory usage.
+ * 
+ * @example
+ * ```typescript
+ * import { CookieStore } from '@plyaz/auth';
+ * 
+ * const store = new CookieStore({
+ *   secretKey: 'your-secret-key',
+ *   cookieName: 'session',
+ *   secure: true
+ * });
+ * 
+ * await store.set('session_123', sessionData, 3600);
+ * ```
+ */
+
+import { NUMERIX } from '@plyaz/config';
+import type { SessionData, SessionStore, SessionStoreConfig } from '@plyaz/types';
+import {  createCipher, createDecipher } from 'crypto';
+
+/**
+ * Cookie store configuration
+ */
+export interface CookieStoreConfig extends Partial<SessionStoreConfig> {
+  /** Secret key for encryption */
+  secretKey: string;
+  /** Cookie name */
+  cookieName: string;
+  /** Cookie domain */
+  domain?: string;
+  /** Cookie path */
+  path?: string;
+  /** Secure flag (HTTPS only) */
+  secure?: boolean;
+  /** HttpOnly flag */
+  httpOnly?: boolean;
+  /** SameSite policy */
+  sameSite?: 'strict' | 'lax' | 'none';
+}
+
+/**
+ * Cookie-based session store implementation
+ * Stores session data in encrypted HTTP cookies
+ */
+export class CookieStore implements SessionStore {
+  private readonly config: Required<CookieStoreConfig>;
+  private readonly sessions = new Map<string, SessionData>();
+
+  constructor(config: CookieStoreConfig) {
+    this.config = {
+      defaultTTL: 3600,
+      maxSessionsPerUser: 5,
+      cleanupInterval: 300,
+      keyPrefix: 'session:',
+      domain: '',
+      path: '/',
+      secure: true,
+      httpOnly: true,
+      sameSite: 'lax',
+      ...config
+    };
+  }
+
+  /**
+   * Store session data in cookie
+   * @param sessionId - Session identifier
+   * @param data - Session data to store
+   * @param ttlSeconds - Time to live in seconds
+   */
+  async set(sessionId: string, data: SessionData, ttlSeconds: number): Promise<void> {
+    // Store in memory for this implementation
+    // In real implementation, this would set HTTP cookie
+    this.sessions.set(sessionId, {
+      ...data,
+      expiresAt: new Date(Date.now() + ttlSeconds * NUMERIX.THOUSAND)
+    });
+
+    // Simulate cookie setting
+    this.setCookie(sessionId, data, ttlSeconds);
+  }
+
+  /**
+   * Retrieve session data from cookie
+   * @param sessionId - Session identifier
+   * @returns Session data or null if not found/expired
+   */
+  async get(sessionId: string): Promise<SessionData | null> {
+    const data = this.sessions.get(sessionId);
+    
+    if (!data) {
+      return null;
+    }
+
+    // Check expiration
+    if (data.expiresAt < new Date()) {
+      await this.delete(sessionId);
+      return null;
+    }
+
+    return data;
+  }
+
+  /**
+   * Delete session cookie
+   * @param sessionId - Session identifier
+   */
+  async delete(sessionId: string): Promise<void> {
+    this.sessions.delete(sessionId);
+    // In real implementation, this would clear the cookie
+    this.clearCookie(sessionId);
+  }
+
+  /**
+   * Delete all sessions for a user
+   * @param userId - User identifier
+   * @returns Number of deleted sessions
+   */
+  async deleteByUserId(userId: string): Promise<number> {
+    let deletedCount = 0;
+    
+    for (const [sessionId, data] of this.sessions.entries()) {
+      if (data.userId === userId) {
+        await this.delete(sessionId);
+        deletedCount++;
+      }
+    }
+    
+    return deletedCount;
+  }
+
+  /**
+   * Update session activity timestamp
+   * @param sessionId - Session identifier
+   */
+  async updateActivity(sessionId: string): Promise<void> {
+    const data = this.sessions.get(sessionId);
+    if (data) {
+      data.lastActivityAt = new Date();
+      this.sessions.set(sessionId, data);
+    }
+  }
+
+  /**
+   * Check if session exists and is valid
+   * @param sessionId - Session identifier
+   * @returns True if session exists and is valid
+   */
+  async exists(sessionId: string): Promise<boolean> {
+    const data = await this.get(sessionId);
+    return data !== null;
+  }
+
+  /**
+   * Get all active sessions for a user
+   * @param userId - User identifier
+   * @returns Array of session data
+   */
+  async getByUserId(userId: string): Promise<SessionData[]> {
+    const userSessions: SessionData[] = [];
+    
+    for (const data of this.sessions.values()) {
+      if (data.userId === userId && data.expiresAt > new Date()) {
+        userSessions.push(data);
+      }
+    }
+    
+    return userSessions;
+  }
+
+  /**
+   * Clean up expired sessions
+   * @returns Number of cleaned sessions
+   */
+  async cleanup(): Promise<number> {
+    let cleanedCount = 0;
+    const now = new Date();
+    
+    for (const [sessionId, data] of this.sessions.entries()) {
+      if (data.expiresAt < now) {
+        await this.delete(sessionId);
+        cleanedCount++;
+      }
+    }
+    
+    return cleanedCount;
+  }
+
+  /**
+   * Get session count for a user
+   * @param userId - User identifier
+   * @returns Session count
+   */
+  async getSessionCount(userId: string): Promise<number> {
+    const sessions = await this.getByUserId(userId);
+    return sessions.length;
+  }
+
+  /**
+   * Encrypt session data for cookie storage
+   * @param data - Session data to encrypt
+   * @returns Encrypted string
+   * @private
+   */
+  private encrypt(data: string): string {
+    const cipher = createCipher('aes-256-cbc', this.config.secretKey);
+    let encrypted = cipher.update(data, 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+    return encrypted;
+  }
+
+  /**
+   * Decrypt session data from cookie
+   * @param encryptedData - Encrypted session data
+   * @returns Decrypted string
+   * @private
+   */
+  private decrypt(encryptedData: string): string {
+    const decipher = createDecipher('aes-256-cbc', this.config.secretKey);
+    let decrypted = decipher.update(encryptedData, 'hex', 'utf8');
+    decrypted += decipher.final('utf8');
+    return decrypted;
+  }
+
+  /**
+   * Set HTTP cookie (mock implementation)
+   * @param sessionId - Session identifier
+   * @param data - Session data
+   * @param ttlSeconds - Time to live in seconds
+   * @private
+   */
+  private setCookie(sessionId: string, data: SessionData, ttlSeconds: number): void {
+    // Mock implementation - in real app this would use response.cookie()
+    const encryptedData = this.encrypt(JSON.stringify(data));
+    globalThis.console.log(`Setting cookie: ${this.config.cookieName}=${encryptedData}; Max-Age=${ttlSeconds}`);
+  }
+
+  /**
+   * Clear HTTP cookie (mock implementation)
+   * @param sessionId - Session identifier
+   * @private
+   */
+  private clearCookie(sessionId:string): void {
+    globalThis.console.log('session_id',sessionId)
+    // Mock implementation - in real app this would use response.clearCookie()
+  
+  }
+}