npm - @seip/blue-bird - Versions diffs - 0.4.3 → 0.4.5 - Mend

@seip/blue-bird 0.4.3 → 0.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/LICENSE +21 -0
package/backend/index.js +1 -1
package/backend/routes/api.js +31 -31
package/backend/routes/frontend.js +3 -3
package/core/auth.js +61 -30
package/core/cli/scaffolding-auth.js +1037 -0
package/core/swagger.js +40 -25
package/frontend/public/robots.txt +0 -0
package/frontend/public/sitemap.xml +0 -0
package/package.json +1 -1

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Andres Paiva
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/backend/index.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import App from "../core/app.js";
+import App from "@seip/blue-bird/core/app.js";
 import routerApiExample from "./routes/api.js";
 import routerFrontendExample from "./routes/frontend.js";

package/backend/routes/api.js CHANGED Viewed

@@ -1,31 +1,31 @@
-import Router from "../../core/router.js";
-import Validator from "../../core/validate.js";
-const routerApiExample = new Router("/api");
-routerApiExample.get("/users", (req, res) => {
-  const users = [
-    {
-      name: "John Doe",
-      email: "john.doe@example.com",
-    },
-    {
-      name: "Jane Doe2",
-      email: "jane.doe2@example.com",
-    },
-  ];
-  res.json(users);
-});
-const loginSchema = {
-  email: { required: true, email: true },
-  password: { required: true, min: 6 },
-};
-const loginValidator = new Validator(loginSchema);
-routerApiExample.post("/login", loginValidator.middleware(), (req, res) => {
-  res.json({ message: "Login successful", body: req.body });
-});
-export default routerApiExample;
+import Router from "@seip/blue-bird/core/router.js";
+import Validator from "@seip/blue-bird/core/validate.js";
+const routerApiExample = new Router("/api");
+routerApiExample.get("/users", (req, res) => {
+  const users = [
+    {
+      name: "John Doe",
+      email: "john.doe@example.com",
+    },
+    {
+      name: "Jane Doe2",
+      email: "jane.doe2@example.com",
+    },
+  ];
+  res.json(users);
+});
+const loginSchema = {
+  email: { required: true, email: true },
+  password: { required: true, min: 6 },
+};
+const loginValidator = new Validator(loginSchema);
+routerApiExample.post("/login", loginValidator.middleware(), (req, res) => {
+  res.json({ message: "Login successful", body: req.body });
+});
+export default routerApiExample;

package/backend/routes/frontend.js CHANGED Viewed

@@ -1,6 +1,6 @@
-import Router from "../../core/router.js";
-import Template from "../../core/template.js";
-import App from "../../core/app.js";
+import Router from "@seip/blue-bird/core/router.js";
+import Template from "@seip/blue-bird/core/template.js";
+import App from "@seip/blue-bird/core/app.js";
 import seoData from "./seo.js";
 const routerFrontendExample = new Router();

package/core/auth.js CHANGED Viewed

@@ -1,45 +1,82 @@
 import jwt from "jsonwebtoken";
+import crypto from "node:crypto";
 /**
- * Auth class to handle JWT generation, verification and protection.
+ * Auth class to handle JWT generation, verification and protection with AES-256-GCM encryption.
  */
 class Auth {
   /**
-   * Generates a JWT token.
+   * Encrypts a payload using AES-256-GCM.
+   * @param {Object} payload - The data to encrypt.
+   * @param {string} secret - The secret key for encryption.
+   * @returns {string} The encrypted string in format iv:tag:encrypted.
+   */
+  static encrypt(payload, secret) {
+    const iv = crypto.randomBytes(12);
+    const key = crypto.createHash("sha256").update(secret).digest();
+    const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
+    let encrypted = cipher.update(JSON.stringify(payload), "utf8", "hex");
+    encrypted += cipher.final("hex");
+    const tag = cipher.getAuthTag().toString("hex");
+    return `${iv.toString("hex")}:${tag}:${encrypted}`;
+  }
+  /**
+   * Decrypts a payload using AES-256-GCM.
+   * @param {string} data - The encrypted string in format iv:tag:encrypted.
+   * @param {string} secret - The secret key for decryption.
+   * @returns {Object|null} The decrypted object or null if failed.
+   */
+  static decrypt(data, secret) {
+    try {
+      const [ivHex, tagHex, encryptedHex] = data.split(":");
+      if (!ivHex || !tagHex || !encryptedHex) return null;
+      const iv = Buffer.from(ivHex, "hex");
+      const tag = Buffer.from(tagHex, "hex");
+      const key = crypto.createHash("sha256").update(secret).digest();
+      const decipher = crypto.createDecipheriv("aes-256-gcm", key, iv);
+      decipher.setAuthTag(tag);
+      let decrypted = decipher.update(encryptedHex, "hex", "utf8");
+      decrypted += decipher.final("utf8");
+      return JSON.parse(decrypted);
+    } catch (error) {
+      return null;
+    }
+  }
+  /**
+   * Generates an encrypted JWT token.
    * @param {Object} payload - The data to store in the token.
    * @param {string} [secret=process.env.JWT_SECRET] - The secret key.
-   * @param {string|number} [expiresIn='24h'] - Expiration time.
+   * @param {string} [expiresIn="24h"] - Expiration time.
    * @returns {string} The generated token.
-   * @example
-   * const token = Auth.generateToken({ id: 1 });
-   * console.log(token);
-   *
    */
   static generateToken(
     payload,
     secret = process.env.JWT_SECRET,
-    expiresIn = "24h",
+    expiresIn = "24h"
   ) {
     if (!secret)
       throw new Error("FATAL: JWT_SECRET environment variable is not defined.");
-    return jwt.sign(payload, secret, { expiresIn });
+    const encrypted = this.encrypt(payload, secret);
+    return jwt.sign({ data: encrypted }, secret, { expiresIn });
   }
   /**
-   * Verifies a JWT token.
+   * Verifies and decrypts a JWT token.
    * @param {string} token - The token to verify.
    * @param {string} [secret=process.env.JWT_SECRET] - The secret key.
-   * @returns {Object|null} The decoded payload or null if invalid.
-   * @example
-   * const token = Auth.generateToken({ id: 1 });
-   * const decoded = Auth.verifyToken(token);
-   * console.log(decoded);
+   * @returns {Object|null} The decoded and decrypted payload or null if invalid.
    */
   static verifyToken(token, secret = process.env.JWT_SECRET) {
     if (!secret)
       throw new Error("FATAL: JWT_SECRET environment variable is not defined.");
     try {
-      return jwt.verify(token, secret);
+      const decoded = jwt.verify(token, secret);
+      if (!decoded || !decoded.data) return null;
+      return this.decrypt(decoded.data, secret);
     } catch (error) {
       return null;
     }
@@ -48,33 +85,27 @@ class Auth {
   /**
    * Middleware to protect routes. Checks for token in Cookies or Authorization header.
    * @param {Object} options - Options for protection.
-   * @param {string} [options.redirect=null] - URL to redirect if not authenticated (for web routes).
+   * @param {string} [options.redirect=null] - URL to redirect if not authenticated.
    * @param {string} [options.key="user"] - Key to store the decoded token in the request.
    * @returns {Function} Express middleware.
-   * @example
-   * app.use(Auth.protect({ redirect: "/login" ,key:"user"}));
    */
-  static protect(options = {}) {
-    const { redirect = null, key = "user" } = options;
+  static protect(options = { redirect: null, key: "user" }) {
     return (req, res, next) => {
       const token =
-        req.cookies?.token || req.headers.authorization?.split(" ")[1];
+        req.cookies?.auth || req.headers.authorization?.split(" ")[1];
       if (!token) {
-        if (redirect) return res.redirect(redirect);
-        return res
-          .status(401)
-          .json({ message: "Unauthorized: No token provided" });
+        if (options.redirect) return res.redirect(options.redirect);
+        return res.status(401).json({ message: "Unauthorized" });
       }
       const decoded = this.verifyToken(token);
       if (!decoded) {
-        if (redirect) return res.redirect(redirect);
-        return res.status(401).json({ message: "Unauthorized: Invalid token" });
+        if (options.redirect) return res.redirect(options.redirect);
+        return res.status(401).json({ message: "Unauthorized" });
       }
-      req[key] = decoded;
+      req[options.key || "user"] = decoded;
       next();
     };
   }