@revealui/core 0.3.0 → 0.5.0

package/dist/security/audit.js

@@ -1,433 +0,0 @@
-/**
- * Audit Logging System
- *
- * Track security-relevant events and user actions for compliance
- */
-/**
- * Audit logging system
- */
-export class AuditSystem {
-    storage;
-    filters = [];
-    constructor(storage) {
-        this.storage = storage;
-    }
-    /**
-     * Log audit event
-     */
-    async log(event) {
-        const fullEvent = {
-            ...event,
-            id: crypto.randomUUID(),
-            timestamp: new Date().toISOString(),
-        };
-        // Apply filters
-        const shouldLog = this.filters.every((filter) => filter(fullEvent));
-        if (!shouldLog) {
-            return;
-        }
-        await this.storage.write(fullEvent);
-    }
-    /**
-     * Log authentication event
-     */
-    async logAuth(type, actorId, result, metadata) {
-        await this.log({
-            type,
-            severity: result === 'failure' ? 'medium' : 'low',
-            actor: {
-                id: actorId,
-                type: 'user',
-            },
-            action: type.replace('auth.', ''),
-            result,
-            metadata,
-        });
-    }
-    /**
-     * Log data access event
-     */
-    async logDataAccess(action, actorId, resourceType, resourceId, result, changes) {
-        await this.log({
-            type: `data.${action}`,
-            severity: action === 'delete' ? 'high' : 'medium',
-            actor: {
-                id: actorId,
-                type: 'user',
-            },
-            resource: {
-                type: resourceType,
-                id: resourceId,
-            },
-            action,
-            result,
-            changes,
-        });
-    }
-    /**
-     * Log permission change
-     */
-    async logPermissionChange(action, actorId, targetUserId, permission, result) {
-        await this.log({
-            type: `permission.${action}`,
-            severity: 'high',
-            actor: {
-                id: actorId,
-                type: 'user',
-            },
-            resource: {
-                type: 'user',
-                id: targetUserId,
-            },
-            action,
-            result,
-            metadata: {
-                permission,
-            },
-        });
-    }
-    /**
-     * Log security event
-     */
-    async logSecurityEvent(type, severity, actorId, message, metadata) {
-        await this.log({
-            type: `security.${type}`,
-            severity,
-            actor: {
-                id: actorId,
-                type: 'user',
-            },
-            action: type,
-            result: 'failure',
-            message,
-            metadata,
-        });
-    }
-    /**
-     * Log GDPR event
-     */
-    async logGDPREvent(type, actorId, result, metadata) {
-        await this.log({
-            type: `gdpr.${type}`,
-            severity: 'high',
-            actor: {
-                id: actorId,
-                type: 'user',
-            },
-            action: type,
-            result,
-            metadata,
-        });
-    }
-    /**
-     * Query audit logs
-     */
-    async query(query) {
-        return this.storage.query(query);
-    }
-    /**
-     * Count audit logs
-     */
-    async count(query) {
-        return this.storage.count(query);
-    }
-    /**
-     * Add filter
-     */
-    addFilter(filter) {
-        this.filters.push(filter);
-    }
-    /**
-     * Remove filter
-     */
-    removeFilter(filter) {
-        const index = this.filters.indexOf(filter);
-        if (index > -1) {
-            this.filters.splice(index, 1);
-        }
-    }
-}
-/**
- * In-memory audit storage (for development)
- */
-export class InMemoryAuditStorage {
-    events = [];
-    maxEvents;
-    constructor(maxEvents = 10000) {
-        this.maxEvents = maxEvents;
-    }
-    async write(event) {
-        this.events.push(event);
-        // Trim old events
-        if (this.events.length > this.maxEvents) {
-            this.events.shift();
-        }
-    }
-    async query(query) {
-        let results = [...this.events];
-        // Filter by type
-        if (query.types && query.types.length > 0) {
-            results = results.filter((e) => query.types?.includes(e.type));
-        }
-        // Filter by actor
-        if (query.actorId) {
-            results = results.filter((e) => e.actor.id === query.actorId);
-        }
-        // Filter by resource
-        if (query.resourceType) {
-            results = results.filter((e) => e.resource?.type === query.resourceType);
-        }
-        if (query.resourceId) {
-            results = results.filter((e) => e.resource?.id === query.resourceId);
-        }
-        // Filter by date range
-        if (query.startDate) {
-            const startDate = query.startDate;
-            results = results.filter((e) => new Date(e.timestamp) >= startDate);
-        }
-        if (query.endDate) {
-            const endDate = query.endDate;
-            results = results.filter((e) => new Date(e.timestamp) <= endDate);
-        }
-        // Filter by severity
-        if (query.severity && query.severity.length > 0) {
-            results = results.filter((e) => query.severity?.includes(e.severity));
-        }
-        // Filter by result
-        if (query.result && query.result.length > 0) {
-            results = results.filter((e) => query.result?.includes(e.result));
-        }
-        // Sort by timestamp (newest first)
-        results.sort((a, b) => new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime());
-        // Apply pagination
-        const offset = query.offset || 0;
-        const limit = query.limit || 100;
-        return results.slice(offset, offset + limit);
-    }
-    async count(query) {
-        const results = await this.query({ ...query, limit: undefined, offset: undefined });
-        return results.length;
-    }
-    /**
-     * Clear all events
-     */
-    clear() {
-        this.events = [];
-    }
-    /**
-     * Get all events
-     */
-    getAll() {
-        return [...this.events];
-    }
-}
-/**
- * Audit trail decorator
- */
-export function AuditTrail(type, action, options) {
-    return (_target, _propertyKey, descriptor) => {
-        const originalMethod = descriptor.value;
-        descriptor.value = async function (...args) {
-            const actorId = this.user?.id || 'system';
-            const before = options?.captureChanges ? args[0] : undefined;
-            let result = 'success';
-            let error;
-            try {
-                const returnValue = await originalMethod.apply(this, args);
-                // Log audit event
-                if (this.audit) {
-                    await this.audit.log({
-                        type,
-                        severity: options?.severity || 'medium',
-                        actor: {
-                            id: actorId,
-                            type: 'user',
-                        },
-                        resource: options?.resourceType
-                            ? {
-                                type: options.resourceType,
-                                id: args[0]?.id || 'unknown',
-                            }
-                            : undefined,
-                        action,
-                        result,
-                        changes: options?.captureChanges
-                            ? {
-                                before: before,
-                                after: returnValue,
-                            }
-                            : undefined,
-                    });
-                }
-                return returnValue;
-            }
-            catch (err) {
-                result = 'failure';
-                error = err;
-                // Log failure
-                if (this.audit) {
-                    await this.audit.log({
-                        type,
-                        severity: 'high',
-                        actor: {
-                            id: actorId,
-                            type: 'user',
-                        },
-                        resource: options?.resourceType
-                            ? {
-                                type: options.resourceType,
-                                id: args[0]?.id || 'unknown',
-                            }
-                            : undefined,
-                        action,
-                        result,
-                        message: error.message,
-                    });
-                }
-                throw error;
-            }
-        };
-        return descriptor;
-    };
-}
-/**
- * Audit middleware
- */
-export function createAuditMiddleware(audit, getUser) {
-    return async (request, next) => {
-        const user = getUser(request);
-        const startTime = Date.now();
-        try {
-            const response = await next();
-            // Log successful request
-            await audit.log({
-                type: 'data.read',
-                severity: 'low',
-                actor: {
-                    id: user.id,
-                    type: 'user',
-                    ip: user.ip,
-                    userAgent: user.userAgent,
-                },
-                action: request.method,
-                result: 'success',
-                metadata: {
-                    path: request.url,
-                    duration: Date.now() - startTime,
-                    status: response.status,
-                },
-            });
-            return response;
-        }
-        catch (error) {
-            // Log failed request
-            await audit.log({
-                type: 'data.read',
-                severity: 'medium',
-                actor: {
-                    id: user.id,
-                    type: 'user',
-                    ip: user.ip,
-                    userAgent: user.userAgent,
-                },
-                action: request.method,
-                result: 'failure',
-                message: error instanceof Error ? error.message : 'Unknown error',
-                metadata: {
-                    path: request.url,
-                    duration: Date.now() - startTime,
-                },
-            });
-            throw error;
-        }
-    };
-}
-/**
- * Audit report generator
- */
-export class AuditReportGenerator {
-    audit;
-    constructor(audit) {
-        this.audit = audit;
-    }
-    /**
-     * Generate security report
-     */
-    async generateSecurityReport(startDate, endDate) {
-        const allEvents = await this.audit.query({
-            startDate,
-            endDate,
-        });
-        const securityViolations = allEvents.filter((e) => e.type.startsWith('security.')).length;
-        const failedLogins = allEvents.filter((e) => e.type === 'auth.failed_login').length;
-        const permissionChanges = allEvents.filter((e) => e.type.startsWith('permission.')).length;
-        const dataExports = allEvents.filter((e) => e.type === 'data.export').length;
-        const criticalEvents = allEvents.filter((e) => e.severity === 'critical');
-        return {
-            totalEvents: allEvents.length,
-            securityViolations,
-            failedLogins,
-            permissionChanges,
-            dataExports,
-            criticalEvents,
-        };
-    }
-    /**
-     * Generate user activity report
-     */
-    async generateUserActivityReport(userId, startDate, endDate) {
-        const events = await this.audit.query({
-            actorId: userId,
-            startDate,
-            endDate,
-        });
-        const actionsByType = events.reduce((acc, event) => {
-            acc[event.type] = (acc[event.type] || 0) + 1;
-            return acc;
-        }, {});
-        const failedActions = events.filter((e) => e.result === 'failure').length;
-        return {
-            totalActions: events.length,
-            actionsByType,
-            failedActions,
-            recentActions: events.slice(0, 10),
-        };
-    }
-    /**
-     * Generate compliance report
-     */
-    async generateComplianceReport(startDate, endDate) {
-        const events = await this.audit.query({
-            startDate,
-            endDate,
-        });
-        const dataAccesses = events.filter((e) => e.type === 'data.read').length;
-        const dataModifications = events.filter((e) => e.type === 'data.update' || e.type === 'data.create').length;
-        const dataDeletions = events.filter((e) => e.type === 'data.delete').length;
-        const gdprRequests = events.filter((e) => e.type.startsWith('gdpr.')).length;
-        // Check if audit trail is complete (no gaps)
-        const auditTrailComplete = this.checkAuditTrailContinuity(events);
-        return {
-            dataAccesses,
-            dataModifications,
-            dataDeletions,
-            gdprRequests,
-            auditTrailComplete,
-        };
-    }
-    /**
-     * Check audit trail continuity
-     */
-    checkAuditTrailContinuity(events) {
-        if (events.length === 0)
-            return true;
-        // Sort by timestamp
-        const sorted = events.sort((a, b) => new Date(a.timestamp).getTime() - new Date(b.timestamp).getTime());
-        // Check for gaps (simplified - just check if we have events)
-        return sorted.length > 0;
-    }
-}
-/**
- * Global audit system
- */
-export const audit = new AuditSystem(new InMemoryAuditStorage());

package/dist/security/auth.d.ts

@@ -1,110 +0,0 @@
-/**
- * Authentication Utilities
- *
- * OAuth support, password hashing, and two-factor authentication.
- * JWT-based auth was removed — session auth is handled by @revealui/auth.
- */
-export interface User {
-    id: string;
-    email: string;
-    username?: string;
-    roles: string[];
-    permissions: string[];
-    metadata?: Record<string, unknown>;
-}
-/**
- * OAuth configuration
- */
-export interface OAuthConfig {
-    provider: 'google' | 'github' | 'microsoft' | 'custom';
-    clientId: string;
-    clientSecret: string;
-    redirectUri: string;
-    scope?: string[];
-    authorizationUrl?: string;
-    tokenUrl?: string;
-    userInfoUrl?: string;
-}
-/**
- * OAuth provider configurations
- */
-export declare const OAuthProviders: {
-    google: {
-        authorizationUrl: string;
-        tokenUrl: string;
-        userInfoUrl: string;
-        scope: string[];
-    };
-    github: {
-        authorizationUrl: string;
-        tokenUrl: string;
-        userInfoUrl: string;
-        scope: string[];
-    };
-    microsoft: {
-        authorizationUrl: string;
-        tokenUrl: string;
-        userInfoUrl: string;
-        scope: string[];
-    };
-};
-/**
- * OAuth client
- */
-export declare class OAuthClient {
-    private config;
-    constructor(config: OAuthConfig);
-    /**
-     * Get authorization URL
-     */
-    getAuthorizationUrl(state?: string): string;
-    /**
-     * Exchange code for token
-     */
-    exchangeCodeForToken(code: string): Promise<{
-        access_token: string;
-        refresh_token?: string;
-        expires_in: number;
-        token_type: string;
-    }>;
-    /**
-     * Get user info
-     */
-    getUserInfo(accessToken: string): Promise<{
-        id: string;
-        email: string;
-        name?: string;
-        picture?: string;
-    }>;
-}
-/**
- * Hash password with PBKDF2 and random salt
- */
-declare function hashPassword(password: string): Promise<string>;
-/**
- * Verify password against stored hash
- */
-declare function verifyPassword(password: string, storedHash: string): Promise<boolean>;
-export declare const PasswordHasher: {
-    readonly hash: typeof hashPassword;
-    readonly verify: typeof verifyPassword;
-};
-/**
- * Generate TOTP secret
- */
-declare function generateSecret(): string;
-/**
- * Generate TOTP code
- */
-declare function generateCode(secret: string, timestamp?: number): string;
-/**
- * Verify TOTP code
- */
-declare function verifyCode(secret: string, code: string, window?: number): boolean;
-export declare const TwoFactorAuth: {
-    readonly generateSecret: typeof generateSecret;
-    readonly generateCode: typeof generateCode;
-    readonly verifyCode: typeof verifyCode;
-};
-export {};
-//# sourceMappingURL=auth.d.ts.map

package/dist/security/auth.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/security/auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,QAAQ,GAAG,QAAQ,GAAG,WAAW,GAAG,QAAQ,CAAC;IACvD,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;CAmB1B,CAAC;AAEF;;GAEG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAc;gBAEhB,MAAM,EAAE,WAAW;IAQ/B;;OAEG;IACH,mBAAmB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM;IAe3C;;OAEG;IACG,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QAChD,YAAY,EAAE,MAAM,CAAC;QACrB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IA8BF;;OAEG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;QAC9C,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;CAsBH;AAgBD;;GAEG;AACH,iBAAe,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAU7D;AAED;;GAEG;AACH,iBAAe,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAsBpF;AAED,eAAO,MAAM,cAAc;;;CAGjB,CAAC;AAyCX;;GAEG;AACH,iBAAS,cAAc,IAAI,MAAM,CAShC;AAED;;GAEG;AACH,iBAAS,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAgBhE;AAED;;GAEG;AACH,iBAAS,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,GAAE,MAAU,GAAG,OAAO,CAiB7E;AAED,eAAO,MAAM,aAAa;;;;CAIhB,CAAC"}