npm - @plyaz/auth - Versions diffs - 1.0.0 - Mend

@plyaz/auth 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

package/.github/pull_request_template.md +71 -0
package/.github/workflows/deploy.yml +9 -0
package/.github/workflows/publish.yml +14 -0
package/.github/workflows/security.yml +20 -0
package/README.md +89 -0
package/commits.txt +5 -0
package/dist/common/index.cjs +48 -0
package/dist/common/index.cjs.map +1 -0
package/dist/common/index.mjs +43 -0
package/dist/common/index.mjs.map +1 -0
package/dist/index.cjs +20411 -0
package/dist/index.cjs.map +1 -0
package/dist/index.mjs +5139 -0
package/dist/index.mjs.map +1 -0
package/eslint.config.mjs +13 -0
package/index.html +13 -0
package/package.json +141 -0
package/src/adapters/auth-adapter-factory.ts +26 -0
package/src/adapters/auth-adapter.mapper.ts +53 -0
package/src/adapters/base-auth.adapter.ts +119 -0
package/src/adapters/clerk/clerk.adapter.ts +204 -0
package/src/adapters/custom/custom.adapter.ts +119 -0
package/src/adapters/index.ts +4 -0
package/src/adapters/next-auth/authOptions.ts +81 -0
package/src/adapters/next-auth/next-auth.adapter.ts +211 -0
package/src/api/client.ts +37 -0
package/src/audit/audit.logger.ts +52 -0
package/src/client/components/ProtectedRoute.tsx +37 -0
package/src/client/hooks/useAuth.ts +128 -0
package/src/client/hooks/useConnectedAccounts.ts +108 -0
package/src/client/hooks/usePermissions.ts +36 -0
package/src/client/hooks/useRBAC.ts +36 -0
package/src/client/hooks/useSession.ts +18 -0
package/src/client/providers/AuthProvider.tsx +104 -0
package/src/client/store/auth.store.ts +306 -0
package/src/client/utils/storage.ts +70 -0
package/src/common/constants/oauth-providers.ts +49 -0
package/src/common/errors/auth.errors.ts +64 -0
package/src/common/errors/specific-auth-errors.ts +201 -0
package/src/common/index.ts +19 -0
package/src/common/regex/index.ts +27 -0
package/src/common/types/auth.types.ts +641 -0
package/src/common/types/index.ts +297 -0
package/src/common/utils/index.ts +84 -0
package/src/core/blacklist/token.blacklist.ts +60 -0
package/src/core/index.ts +2 -0
package/src/core/jwt/jwt.manager.ts +131 -0
package/src/core/session/session.manager.ts +56 -0
package/src/db/repositories/connected-account.repository.ts +415 -0
package/src/db/repositories/role.repository.ts +519 -0
package/src/db/repositories/session.repository.ts +308 -0
package/src/db/repositories/user.repository.ts +320 -0
package/src/flows/index.ts +2 -0
package/src/flows/sign-in.flow.ts +106 -0
package/src/flows/sign-up.flow.ts +121 -0
package/src/index.ts +54 -0
package/src/libs/clerk.helper.ts +36 -0
package/src/libs/supabase.helper.ts +255 -0
package/src/libs/supabaseClient.ts +6 -0
package/src/providers/base/auth-provider.interface.ts +42 -0
package/src/providers/base/index.ts +1 -0
package/src/providers/index.ts +2 -0
package/src/providers/oauth/facebook.provider.ts +97 -0
package/src/providers/oauth/github.provider.ts +148 -0
package/src/providers/oauth/google.provider.ts +126 -0
package/src/providers/oauth/index.ts +3 -0
package/src/rbac/dynamic-roles.ts +552 -0
package/src/rbac/index.ts +4 -0
package/src/rbac/permission-checker.ts +464 -0
package/src/rbac/role-hierarchy.ts +545 -0
package/src/rbac/role.manager.ts +75 -0
package/src/security/csrf/csrf.protection.ts +37 -0
package/src/security/index.ts +3 -0
package/src/security/rate-limiting/auth/auth.controller.ts +12 -0
package/src/security/rate-limiting/auth/rate-limiting.interface.ts +67 -0
package/src/security/rate-limiting/auth.module.ts +32 -0
package/src/server/auth.module.ts +158 -0
package/src/server/decorators/auth.decorator.ts +43 -0
package/src/server/decorators/auth.decorators.ts +31 -0
package/src/server/decorators/current-user.decorator.ts +49 -0
package/src/server/decorators/permission.decorator.ts +49 -0
package/src/server/guards/auth.guard.ts +56 -0
package/src/server/guards/custom-throttler.guard.ts +46 -0
package/src/server/guards/permissions.guard.ts +115 -0
package/src/server/guards/roles.guard.ts +31 -0
package/src/server/middleware/auth.middleware.ts +46 -0
package/src/server/middleware/index.ts +2 -0
package/src/server/middleware/middleware.ts +11 -0
package/src/server/middleware/session.middleware.ts +255 -0
package/src/server/services/account.service.ts +269 -0
package/src/server/services/auth.service.ts +79 -0
package/src/server/services/brute-force.service.ts +98 -0
package/src/server/services/index.ts +15 -0
package/src/server/services/rate-limiter.service.ts +60 -0
package/src/server/services/session.service.ts +287 -0
package/src/server/services/token.service.ts +262 -0
package/src/session/cookie-store.ts +255 -0
package/src/session/enhanced-session-manager.ts +406 -0
package/src/session/index.ts +14 -0
package/src/session/memory-store.ts +320 -0
package/src/session/redis-store.ts +443 -0
package/src/strategies/oauth.strategy.ts +128 -0
package/src/strategies/traditional-auth.strategy.ts +116 -0
package/src/tokens/index.ts +4 -0
package/src/tokens/refresh-token-manager.ts +448 -0
package/src/tokens/token-validator.ts +311 -0
package/tsconfig.build.json +28 -0
package/tsconfig.json +38 -0
package/tsup.config.mjs +28 -0
package/vitest.config.mjs +16 -0
package/vitest.setup.d.ts +2 -0
package/vitest.setup.d.ts.map +1 -0
package/vitest.setup.ts +1 -0

package/src/session/enhanced-session-manager.ts ADDED Viewed

@@ -0,0 +1,406 @@
+/**
+ * @fileoverview Enhanced session manager for @plyaz/auth
+ * @module @plyaz/auth/session/enhanced-session-manager
+ *
+ * @description
+ * Enhanced session manager that implements all documented session management
+ * methods. Provides comprehensive session lifecycle management including
+ * CSRF token generation, concurrent session detection, and session validation.
+ * Uses pluggable session stores for flexible storage backends.
+ *
+ * @example
+ * ```typescript
+ * import { EnhancedSessionManager, MemoryStore } from '@plyaz/auth';
+ *
+ * const sessionManager = new EnhancedSessionManager({
+ *   store: new MemoryStore(),
+ *   sessionTTL: 3600,
+ *   maxConcurrentSessions: 5
+ * });
+ *
+ * const session = await sessionManager.createSession(userContext, sessionData);
+ * ```
+ */
+import type { Session, SessionData, SessionStore } from '@plyaz/types';
+import { randomBytes } from 'crypto';
+import { CSRFProtection } from '../security';
+import { NUMERIX } from '@plyaz/config';
+/**
+ * User context for session creation
+ */
+export interface UserContext {
+  /** User ID */
+  userId: string;
+  /** User email */
+  email?: string;
+  /** User roles */
+  roles?: string[];
+  /** Additional user metadata */
+  metadata?: Record<string, unknown>;
+}
+/**
+ * Session creation data
+ */
+export interface SessionCreationData {
+  /** IP address */
+  ipAddress?: string;
+  /** User agent string */
+  userAgent?: string;
+  /** Device information */
+  deviceInfo?: Record<string, unknown>;
+  /** Additional session metadata */
+  metadata?: Record<string, unknown>;
+}
+/**
+ * Enhanced session manager configuration
+ */
+export interface EnhancedSessionManagerConfig {
+  /** Session store implementation */
+  store: SessionStore;
+  /** Default session TTL in seconds */
+  sessionTTL: number;
+  /** Maximum concurrent sessions per user */
+  maxConcurrentSessions: number;
+  /** Enable CSRF protection */
+  enableCSRF: boolean;
+  /** CSRF token TTL in seconds */
+  csrfTTL: number;
+  /** Enable session refresh */
+  enableRefresh: boolean;
+  /** Session refresh threshold (seconds before expiry) */
+  refreshThreshold: number;
+}
+/**
+ * Enhanced session manager implementation
+ * Provides comprehensive session management with all documented methods
+ */
+export class EnhancedSessionManager {
+  private readonly config: EnhancedSessionManagerConfig;
+  private readonly store: SessionStore;
+  private readonly csrfProtection: CSRFProtection;
+  constructor(config: Partial<EnhancedSessionManagerConfig> & { store: SessionStore }) {
+    this.config = {
+      sessionTTL: 3600,
+      maxConcurrentSessions: 5,
+      enableCSRF: true,
+      csrfTTL: 3600,
+      enableRefresh: true,
+      refreshThreshold: 300, // 5 minutes
+      ...config
+    };
+    this.store = config.store;
+    this.csrfProtection = new CSRFProtection();
+  }
+  /**
+   * Create a new session
+   * Generate session ID, store data, set expiry, generate CSRF token
+   * @param userContext - User context information
+   * @param sessionData - Session creation data
+   * @returns Created session
+   */
+  async createSession(userContext: UserContext, sessionData: SessionCreationData = {}): Promise<Session> {
+    // Generate unique session ID
+    const sessionId = this.generateSessionId();
+    // Enforce session limits
+    await this.enforceSessionLimits(userContext.userId);
+    // Create session data
+    const now = new Date();
+    const expiresAt = new Date(now.getTime() + this.config.sessionTTL * NUMERIX.THOUSAND);
+    const session: SessionData = {
+      id: sessionId,
+      userId: userContext.userId,
+      expiresAt,
+      createdAt: now,
+      lastActivityAt: now,
+      ipAddress: sessionData.ipAddress,
+      userAgent: sessionData.userAgent,
+      metadata: {
+        ...sessionData.metadata,
+        deviceInfo: sessionData.deviceInfo,
+        userRoles: userContext.roles,
+        userEmail: userContext.email
+      }
+    };
+    // Store session
+    await this.store.set(sessionId, session, this.config.sessionTTL);
+    // Generate CSRF token if enabled
+    let csrfToken: string | undefined;
+    if (this.config.enableCSRF) {
+      csrfToken = this.csrfProtection.generateToken(sessionId);
+    }
+    return {
+      id: sessionId,
+      userId: userContext.userId,
+      provider: 'enhanced-session-manager',
+      providerSessionId: sessionId,
+      expiresAt,
+      createdAt: now,
+      lastActivityAt: now,
+      ipAddress: sessionData.ipAddress,
+      userAgent: sessionData.userAgent,
+      metadata: {
+        ...session.metadata,
+        csrfToken
+      }
+    };
+  }
+  /**
+   * Retrieve session by ID
+   * @param sessionId - Session identifier
+   * @returns Session or null if not found
+   */
+  async getSession(sessionId: string): Promise<Session | null> {
+    const sessionData = await this.store.get(sessionId);
+    if (!sessionData) {
+      return null;
+    }
+    return this.mapSessionDataToSession(sessionData);
+  }
+  /**
+   * Update session data
+   * @param sessionId - Session identifier
+   * @param updates - Partial session updates
+   * @returns Updated session
+   */
+  async updateSession(sessionId: string, updates: Partial<SessionData>): Promise<Session> {
+    const existingSession = await this.store.get(sessionId);
+    if (!existingSession) {
+      throw new Error('Session not found');
+    }
+    // Merge updates
+    const updatedSession: SessionData = {
+      ...existingSession,
+      ...updates,
+      lastActivityAt: new Date()
+    };
+    // Calculate remaining TTL
+    const remainingTTL = Math.max(0, Math.floor((updatedSession.expiresAt.getTime() - Date.now()) / NUMERIX.THOUSAND));
+    if (remainingTTL <= 0) {
+      throw new Error('Session has expired');
+    }
+    // Store updated session
+    await this.store.set(sessionId, updatedSession, remainingTTL);
+    return this.mapSessionDataToSession(updatedSession);
+  }
+  /**
+   * Delete session
+   * @param sessionId - Session identifier
+   */
+  async deleteSession(sessionId: string): Promise<void> {
+    await this.store.delete(sessionId);
+    // Remove CSRF token if enabled
+    if (this.config.enableCSRF) {
+      this.csrfProtection.removeToken(sessionId);
+    }
+  }
+  /**
+   * Refresh session (extend expiry)
+   * @param sessionId - Session identifier
+   * @returns Refreshed session
+   */
+  async refreshSession(sessionId: string): Promise<Session> {
+    const sessionData = await this.store.get(sessionId);
+    if (!sessionData) {
+      throw new Error('Session not found');
+    }
+    // Extend expiry
+    const now = new Date();
+    const newExpiresAt = new Date(now.getTime() + this.config.sessionTTL * NUMERIX.THOUSAND);
+    const refreshedSession: SessionData = {
+      ...sessionData,
+      expiresAt: newExpiresAt,
+      lastActivityAt: now
+    };
+    // Store refreshed session
+    await this.store.set(sessionId, refreshedSession, this.config.sessionTTL);
+    return this.mapSessionDataToSession(refreshedSession);
+  }
+  /**
+   * Validate session
+   * @param sessionId - Session identifier
+   * @returns True if session is valid
+   */
+  async validateSession(sessionId: string): Promise<boolean> {
+    const sessionData = await this.store.get(sessionId);
+    if (!sessionData) {
+      return false;
+    }
+    // Check expiration
+    if (sessionData.expiresAt < new Date()) {
+      await this.deleteSession(sessionId);
+      return false;
+    }
+    // Update activity
+    await this.store.updateActivity(sessionId);
+    return true;
+  }
+  /**
+   * Invalidate all sessions for a user (logout all devices)
+   * @param userId - User identifier
+   */
+  async invalidateAllUserSessions(userId: string): Promise<void> {
+    await this.store.deleteByUserId(userId);
+  }
+  /**
+   * Detect concurrent sessions for a user
+   * @param userId - User identifier
+   * @returns Array of active sessions
+   */
+  async detectConcurrentSessions(userId: string): Promise<Session[]> {
+    const sessionDataArray = await this.store.getByUserId(userId);
+    return sessionDataArray.map(sessionData => this.mapSessionDataToSession(sessionData));
+  }
+  /**
+   * Apply maximum session policy for a user
+   * @param userId - User identifier
+   */
+  async enforceSessionLimits(userId: string): Promise<void> {
+    const userSessions = await this.store.getByUserId(userId);
+    if (userSessions.length >= this.config.maxConcurrentSessions) {
+      // Sort by last activity (oldest first)
+      userSessions.sort((a, b) => a.lastActivityAt.getTime() - b.lastActivityAt.getTime());
+      // Remove oldest sessions to make room
+      const sessionsToRemove = userSessions.length - this.config.maxConcurrentSessions + 1;
+      for (let i = 0; i < sessionsToRemove; i++) {
+        await this.deleteSession(userSessions[i].id);
+      }
+    }
+  }
+  /**
+   * Generate CSRF token for session
+   * @param sessionId - Session identifier
+   * @returns CSRF token
+   */
+  async generateCsrfToken(sessionId: string): Promise<string> {
+    if (!this.config.enableCSRF) {
+      throw new Error('CSRF protection is disabled');
+    }
+    return this.csrfProtection.generateToken(sessionId);
+  }
+  /**
+   * Validate CSRF token for session
+   * @param sessionId - Session identifier
+   * @param token - CSRF token to validate
+   * @returns True if token is valid
+   */
+  async validateCsrfToken(sessionId: string, token: string): Promise<boolean> {
+    if (!this.config.enableCSRF) {
+      return true; // CSRF disabled, always valid
+    }
+    return this.csrfProtection.validateToken(sessionId, token);
+  }
+  /**
+   * Check if session needs refresh
+   * @param sessionId - Session identifier
+   * @returns True if session should be refreshed
+   */
+  async shouldRefreshSession(sessionId: string): Promise<boolean> {
+    if (!this.config.enableRefresh) {
+      return false;
+    }
+    const sessionData = await this.store.get(sessionId);
+    if (!sessionData) {
+      return false;
+    }
+    const timeUntilExpiry = sessionData.expiresAt.getTime() - Date.now();
+    return timeUntilExpiry <= this.config.refreshThreshold * NUMERIX.THOUSAND;
+  }
+  /**
+   * Get session statistics
+   * @returns Session statistics
+   */
+  async getSessionStats(): Promise<{
+    totalSessions: number;
+    activeUsers: number;
+  }> {
+    // This would require additional tracking in a real implementation
+    return {
+      totalSessions: 0, // Would need to scan all sessions
+      activeUsers: 0    // Would need to count unique user IDs
+    };
+  }
+  /**
+   * Generate cryptographically secure session ID
+   * @returns Session ID
+   * @private
+   */
+  private generateSessionId(): string {
+    const randomBytesNumber = 32;
+    return randomBytes(randomBytesNumber).toString('hex');
+  }
+  /**
+   * Map session data to session interface
+   * @param sessionData - Session data from store
+   * @returns Session interface
+   * @private
+   */
+  private mapSessionDataToSession(sessionData: SessionData): Session {
+    return {
+      id: sessionData.id,
+      userId: sessionData.userId,
+      provider: 'enhanced-session-manager',
+      providerSessionId: sessionData.id,
+      expiresAt: sessionData.expiresAt,
+      createdAt: sessionData.createdAt,
+      lastActivityAt: sessionData.lastActivityAt,
+      ipAddress: sessionData.ipAddress,
+      userAgent: sessionData.userAgent,
+      metadata: sessionData.metadata
+    };
+  }
+}

package/src/session/index.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * @fileoverview Session management barrel export for @plyaz/auth
+ * @module @plyaz/auth/session
+ *
+ * @description
+ * Centralized export of all session management components including
+ * session stores, interfaces, and the enhanced session manager.
+ * Provides a single import point for all session-related functionality.
+ */
+export * from './cookie-store';
+export * from './memory-store';
+export * from './redis-store';
+export * from './enhanced-session-manager';