npm - @prsm/auth - Versions diffs - 1.0.0 - Mend

@prsm/auth 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

package/README.md +226 -0
package/index.d.ts +19 -0
package/package.json +76 -0
package/src/__tests__/auth.test.js +1171 -0
package/src/__tests__/impersonation-test-setup.js +208 -0
package/src/__tests__/impersonation.test.js +473 -0
package/src/__tests__/oauth-test-setup.js +136 -0
package/src/__tests__/oauth.test.js +400 -0
package/src/__tests__/prsm.test.js +215 -0
package/src/__tests__/test-setup.js +385 -0
package/src/__tests__/totp.test.js +158 -0
package/src/__tests__/two-factor-test-setup.js +331 -0
package/src/__tests__/two-factor.test.js +396 -0
package/src/activity-logger.js +228 -0
package/src/auth-context.js +120 -0
package/src/auth-functions.js +520 -0
package/src/auth-manager.js +1371 -0
package/src/errors.js +173 -0
package/src/hooks.js +41 -0
package/src/index.js +23 -0
package/src/invalidation.js +166 -0
package/src/middleware.js +33 -0
package/src/providers/azure-provider.js +114 -0
package/src/providers/base-provider.js +152 -0
package/src/providers/github-provider.js +86 -0
package/src/providers/google-provider.js +76 -0
package/src/providers/index.js +4 -0
package/src/queries.js +543 -0
package/src/schema.js +261 -0
package/src/totp.js +221 -0
package/src/two-factor/index.js +3 -0
package/src/two-factor/otp-provider.js +128 -0
package/src/two-factor/totp-provider.js +98 -0
package/src/two-factor/two-factor-manager.js +676 -0
package/src/types.js +399 -0
package/src/user-roles.js +128 -0
package/src/util.js +32 -0
package/types/activity-logger.d.ts +73 -0
package/types/auth-context.d.ts +88 -0
package/types/auth-functions.d.ts +151 -0
package/types/auth-manager.d.ts +365 -0
package/types/errors.d.ts +108 -0
package/types/hooks.d.ts +30 -0
package/types/index.d.ts +13 -0
package/types/invalidation.d.ts +40 -0
package/types/middleware.d.ts +11 -0
package/types/providers/azure-provider.d.ts +35 -0
package/types/providers/base-provider.d.ts +52 -0
package/types/providers/github-provider.d.ts +29 -0
package/types/providers/google-provider.d.ts +29 -0
package/types/providers/index.d.ts +4 -0
package/types/queries.d.ts +287 -0
package/types/schema.d.ts +37 -0
package/types/totp.d.ts +72 -0
package/types/two-factor/index.d.ts +3 -0
package/types/two-factor/otp-provider.d.ts +57 -0
package/types/two-factor/totp-provider.d.ts +58 -0
package/types/two-factor/two-factor-manager.d.ts +191 -0
package/types/types.d.ts +688 -0
package/types/user-roles.d.ts +47 -0
package/types/util.d.ts +3 -0

package/src/two-factor/totp-provider.js ADDED Viewed

@@ -0,0 +1,98 @@
+import Otp from "../totp.js"
+import hash from "@prsm/hash"
+/**
+ * @typedef {import("../types.js").AuthConfig} AuthConfig
+ */
+export class TotpProvider {
+  /**
+   * @param {AuthConfig} config
+   */
+  constructor(config) {
+    this.config = config
+  }
+  /**
+   * Generate a new base32 TOTP shared secret.
+   * @returns {string}
+   */
+  generateSecret() {
+    return Otp.createSecret()
+  }
+  /**
+   * Build an otpauth:// URI for QR-code provisioning.
+   * @param {string} email
+   * @param {string} secret
+   * @returns {string}
+   */
+  generateQRCode(email, secret) {
+    const issuer = this.config.twoFactor?.issuer || "EasyAccess"
+    return Otp.createTotpKeyUriForQrCode(issuer, email, secret)
+  }
+  /**
+   * Verify a TOTP code against a secret using the configured drift window.
+   * @param {string} secret
+   * @param {string} code
+   * @returns {boolean}
+   */
+  verify(secret, code) {
+    const window = this.config.twoFactor?.totpWindow || 1
+    return Otp.verifyTotp(secret, code, window)
+  }
+  /**
+   * Generate random alphanumeric backup codes.
+   * @param {number} [count]
+   * @returns {string[]}
+   */
+  generateBackupCodes(count = 10) {
+    const chars = "23456789ABCDEFGHJKLMNPQRSTUVWXYZ"
+    const codes = []
+    for (let i = 0; i < count; i++) {
+      const bytes = crypto.getRandomValues(new Uint8Array(8))
+      codes.push(Array.from(bytes, (b) => chars[b % chars.length]).join(""))
+    }
+    return codes
+  }
+  /**
+   * Hash a set of backup codes for storage.
+   * @param {string[]} codes
+   * @returns {Promise<string[]>}
+   */
+  async hashBackupCodes(codes) {
+    return await Promise.all(codes.map((code) => hash.encode(code)))
+  }
+  /**
+   * Verify an input backup code against hashed codes.
+   * @param {string[]} hashedCodes
+   * @param {string} inputCode
+   * @returns {Promise<{ isValid: boolean, index: number }>}
+   */
+  async verifyBackupCode(hashedCodes, inputCode) {
+    for (let i = 0; i < hashedCodes.length; i++) {
+      if (await hash.verify(hashedCodes[i], inputCode.toUpperCase())) {
+        return { isValid: true, index: i }
+      }
+    }
+    return { isValid: false, index: -1 }
+  }
+  /**
+   * Mask an email address for display.
+   * @param {string} email
+   * @returns {string}
+   */
+  maskEmail(email) {
+    const [username, domain] = email.split("@")
+    if (username.length <= 2) {
+      return `${username[0]}***@${domain}`
+    }
+    return `${username[0]}${"*".repeat(username.length - 2)}${username[username.length - 1]}@${domain}`
+  }
+}