@soapjs/soap-auth 0.1.0 → 0.1.1

package/build/factories/http-auth-strategy.factory.js

@@ -6,7 +6,6 @@ const api_key_strategy_1 = require("../strategies/api-key/api-key.strategy");
 const jwt_strategy_1 = require("../strategies/jwt/jwt.strategy");
 const basic_strategy_1 = require("../strategies/basic/basic.strategy");
 const auth_strategy_factory_1 = require("./auth-strategy.factory");
-const tools_1 = require("../tools/tools");
 const local_strategy_1 = require("../strategies/local/local.strategy");
 class HttpAuthStrategyFactory extends auth_strategy_factory_1.AuthStrategyFactory {
     createStrategies(config) {
@@ -16,7 +15,7 @@ class HttpAuthStrategyFactory extends auth_strategy_factory_1.AuthStrategyFactor
         }
         if (config.http.oauth2) {
             for (const provider in config.http.oauth2) {
-                strategies.set(provider, new oauth2_strategy_1.OAuth2Strategy(config.http.oauth2[provider], (0, tools_1.resolveConfig)(config.http.oauth2[provider].tokens.access, config.tokens.access), (0, tools_1.resolveConfig)(config.http.oauth2[provider].tokens.refresh, config.tokens.refresh), this.getSessionHandler(config.http.oauth2[provider].session, config.session), config.logger));
+                strategies.set(provider, new oauth2_strategy_1.OAuth2Strategy(config.http.oauth2[provider], config.http.oauth2[provider].accessToken, config.http.oauth2[provider].refreshToken, this.getSessionHandler(config.http.oauth2[provider].session, config.session), config.logger));
             }
         }
         if (config.http.apiKey) {

package/build/strategies/base-auth.strategy.js

@@ -15,14 +15,14 @@ class BaseAuthStrategy {
         return Promise.resolve();
     }
     async isAccountLocked(account, ...args) {
-        if (await this.config.isAccountLocked?.(account, ...args)) {
+        if (await this.config.lock.isAccountLocked?.(account, ...args)) {
             throw new errors_1.AccountLockedError();
         }
         return false;
     }
     async isAuthorized(user) {
-        if (this.config.authorizeByRoles && this.config.roles) {
-            const hasAccess = await this.config.authorizeByRoles(user, this.config.roles);
+        if (this.config.role.authorizeByRoles && this.config.role.roles) {
+            const hasAccess = await this.config.role.authorizeByRoles(user, this.config.role.roles);
             if (!hasAccess) {
                 throw new errors_1.UnauthorizedRoleError();
             }
@@ -30,8 +30,8 @@ class BaseAuthStrategy {
         return true;
     }
     async checkRateLimit(data) {
-        if (this.config.checkRateLimit &&
-            (await this.config.checkRateLimit(data))) {
+        if (this.config.rateLimit.checkRateLimit &&
+            (await this.config.rateLimit.checkRateLimit(data))) {
             throw new errors_1.RateLimitExceededError();
         }
     }

package/build/strategies/credential-based-auth.strategy.js

@@ -152,7 +152,7 @@ class CredentialBasedAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy
         }
     }
     async isAccountLocked(account, ...args) {
-        if (await this.config.isAccountLocked?.(account, ...args)) {
+        if (await this.config.lock.isAccountLocked?.(account, ...args)) {
             throw new errors_1.AccountLockedError();
         }
         if (typeof account === "string" && this.config.security?.lockoutDuration) {

package/build/strategies/jwt/jwt.strategy.js

@@ -5,20 +5,18 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.JwtStrategy = void 0;
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
-const util_1 = require("util");
 const token_based_auth_strategy_1 = require("../token-based-auth.strategy");
 const errors_1 = require("../../errors");
 const jwt_tools_1 = require("./jwt.tools");
-const verifyAsync = (0, util_1.promisify)(jsonwebtoken_1.default.verify);
 class JwtStrategy extends token_based_auth_strategy_1.TokenBasedAuthStrategy {
     config;
     session;
     logger;
     constructor(config, session, logger) {
-        if (!config.access.secretKey) {
+        if (!config.accessToken.secretKey) {
             throw new errors_1.UndefinedTokenSecretError("Access");
         }
-        if (config.refresh && !config.refresh.secretKey) {
+        if (config.refreshToken && !config.refreshToken.secretKey) {
             throw new errors_1.UndefinedTokenSecretError("Refresh");
         }
         const accessTokenConfig = (0, jwt_tools_1.prepareAccessTokenConfig)(config);
@@ -34,7 +32,14 @@ class JwtStrategy extends token_based_auth_strategy_1.TokenBasedAuthStrategy {
                         throw new errors_1.UndefinedTokenError("Access");
                     if (!accessTokenConfig.secretKey)
                         throw new errors_1.UndefinedTokenSecretError("Access");
-                    return verifyAsync(token, accessTokenConfig.secretKey, accessTokenConfig.verifyOptions);
+                    return new Promise((resolve, reject) => {
+                        jsonwebtoken_1.default.verify(token, accessTokenConfig.secretKey, accessTokenConfig.verifyOptions, (err, payload) => {
+                            if (err)
+                                reject(err);
+                            else
+                                resolve(payload);
+                        });
+                    });
                 }
                 catch (error) {
                     this.logger?.error("JWT verification failed:", error);
@@ -52,7 +57,14 @@ class JwtStrategy extends token_based_auth_strategy_1.TokenBasedAuthStrategy {
                         throw new errors_1.UndefinedTokenError("Refresh");
                     if (!refreshTokenConfig.secretKey)
                         throw new errors_1.UndefinedTokenSecretError("Refresh");
-                    return verifyAsync(token, refreshTokenConfig.secretKey, refreshTokenConfig.verifyOptions);
+                    return new Promise((resolve, reject) => {
+                        jsonwebtoken_1.default.verify(token, refreshTokenConfig.secretKey, refreshTokenConfig.verifyOptions, (err, payload) => {
+                            if (err)
+                                reject(err);
+                            else
+                                resolve(payload);
+                        });
+                    });
                 }
                 catch (error) {
                     this.logger?.error("JWT verification failed:", error);

package/build/strategies/jwt/jwt.tools.d.ts

@@ -1,3 +1,3 @@
-import { JwtAccessTokenHandlerConfig, JwtConfig, JwtRefreshTokenHandlerConfig } from "./jwt.types";
-export declare const prepareAccessTokenConfig: (config: JwtConfig) => JwtAccessTokenHandlerConfig;
-export declare const prepareRefreshTokenConfig: (config: JwtConfig) => JwtRefreshTokenHandlerConfig;
+import { JwtAccessTokenConfig, JwtConfig, JwtRefreshTokenConfig } from "./jwt.types";
+export declare const prepareAccessTokenConfig: (config: JwtConfig) => JwtAccessTokenConfig;
+export declare const prepareRefreshTokenConfig: (config: JwtConfig) => JwtRefreshTokenConfig;

package/build/strategies/jwt/jwt.tools.js

@@ -27,25 +27,25 @@ exports.prepareRefreshTokenConfig = exports.prepareAccessTokenConfig = void 0;
 const Soap = __importStar(require("@soapjs/soap"));
 const prepareAccessTokenConfig = (config) => {
     return Soap.removeUndefinedProperties({
-        ...config.access,
+        ...config.accessToken,
         tokenType: "Access",
-        expiresIn: config.access.expiresIn || "1h",
+        expiresIn: config.accessToken.expiresIn || "1h",
         signOptions: {
-            ...config.access.signOptions,
-            algorithm: config.access.signOptions.algorithm || "HS256",
-            expiresIn: config.access.expiresIn || "1h",
-            audience: config.access.audience,
-            issuer: config.access.issuer,
-            subject: config.access.subject,
+            ...config.accessToken.signOptions,
+            algorithm: config.accessToken.signOptions.algorithm || "HS256",
+            expiresIn: config.accessToken.expiresIn || "1h",
+            audience: config.accessToken.audience,
+            issuer: config.accessToken.issuer,
+            subject: config.accessToken.subject,
         },
-        verifyOptions: config.access.verifyOptions
+        verifyOptions: config.accessToken.verifyOptions
             ? {
-                ...config.access.verifyOptions,
-                algorithms: config.access.verifyOptions.algorithms || ["HS256"],
-                expiresIn: config.access.expiresIn || "1h",
-                audience: config.access.audience,
-                issuer: config.access.issuer,
-                subject: config.access.subject,
+                ...config.accessToken.verifyOptions,
+                algorithms: config.accessToken.verifyOptions.algorithms || ["HS256"],
+                expiresIn: config.accessToken.expiresIn || "1h",
+                audience: config.accessToken.audience,
+                issuer: config.accessToken.issuer,
+                subject: config.accessToken.subject,
             }
             : {},
     });
@@ -53,25 +53,25 @@ const prepareAccessTokenConfig = (config) => {
 exports.prepareAccessTokenConfig = prepareAccessTokenConfig;
 const prepareRefreshTokenConfig = (config) => {
     return Soap.removeUndefinedProperties({
-        ...config.refresh,
-        secretKey: config.refresh.secretKey,
+        ...config.refreshToken,
+        secretKey: config.refreshToken.secretKey,
         tokenType: "Refresh",
         signOptions: {
-            ...config.refresh.signOptions,
-            algorithm: config.refresh.signOptions.algorithm || "HS256",
-            expiresIn: config.refresh.expiresIn || "7d",
-            audience: config.refresh.audience,
-            issuer: config.refresh.issuer,
-            subject: config.refresh.subject,
+            ...config.refreshToken.signOptions,
+            algorithm: config.refreshToken.signOptions.algorithm || "HS256",
+            expiresIn: config.refreshToken.expiresIn || "7d",
+            audience: config.refreshToken.audience,
+            issuer: config.refreshToken.issuer,
+            subject: config.refreshToken.subject,
         },
-        verifyOptions: config.refresh.verifyOptions
+        verifyOptions: config.refreshToken.verifyOptions
             ? {
-                ...config.refresh.verifyOptions,
-                algorithm: config.refresh.verifyOptions.algorithms || ["HS256"],
-                expiresIn: config.refresh.expiresIn || "7d",
-                audience: config.refresh.audience,
-                issuer: config.refresh.issuer,
-                subject: config.refresh.subject,
+                ...config.refreshToken.verifyOptions,
+                algorithm: config.refreshToken.verifyOptions.algorithms || ["HS256"],
+                expiresIn: config.refreshToken.expiresIn || "7d",
+                audience: config.refreshToken.audience,
+                issuer: config.refreshToken.issuer,
+                subject: config.refreshToken.subject,
             }
             : {},
     });

package/build/strategies/jwt/jwt.types.d.ts

@@ -1,4 +1,4 @@
-import { TokenBasedAuthStrategyConfig, TokenHandlerConfig } from "../../types";
+import { TokenBasedAuthStrategyConfig, TokenConfig } from "../../types";
 export interface JwtVerifyOptions {
     algorithms?: string[];
     notBefore?: string | number;
@@ -19,15 +19,29 @@ export interface JwtSignOptions {
     keyid?: string;
     allowUnsafe?: boolean;
 }
-export type JwtAccessTokenHandlerConfig = {
+export type JwtAccessTokenConfig = {
     verifyOptions?: JwtVerifyOptions;
     signOptions: JwtSignOptions;
-} & TokenHandlerConfig;
-export type JwtRefreshTokenHandlerConfig = {
+} & TokenConfig;
+export type JwtRefreshTokenConfig = {
     verifyOptions?: JwtVerifyOptions;
     signOptions: JwtSignOptions;
-} & TokenHandlerConfig;
-export type JwtConfig<TContext = unknown, TUser = unknown> = {
-    access: JwtAccessTokenHandlerConfig;
-    refresh?: JwtRefreshTokenHandlerConfig;
-} & TokenBasedAuthStrategyConfig<TContext, TUser>;
+} & TokenConfig;
+export interface JwtConfig<TContext = unknown, TUser = unknown> extends TokenBasedAuthStrategyConfig<TContext, TUser> {
+    accessToken: JwtAccessTokenConfig;
+    refreshToken?: JwtRefreshTokenConfig;
+    routes?: {
+        login?: {
+            path: string;
+            method?: "POST" | "GET";
+        };
+        logout?: {
+            path: string;
+            method?: "POST" | "GET";
+        };
+        refresh?: {
+            path: string;
+            method?: "POST" | "GET";
+        };
+    };
+}

package/build/strategies/oauth2/oauth2.strategy.d.ts

@@ -1,15 +1,15 @@
 import * as Soap from "@soapjs/soap";
-import { TokenHandlerConfig, AuthResult } from "../../types";
+import { TokenConfig, AuthResult } from "../../types";
 import { TokenBasedAuthStrategy } from "../token-based-auth.strategy";
 import { OAuth2StrategyConfig } from "./oauth2.types";
 import { SessionHandler } from "../../session/session-handler";
 export declare class OAuth2Strategy<TContext = unknown, TUser = unknown> extends TokenBasedAuthStrategy<TContext, TUser> {
     protected config: OAuth2StrategyConfig<TContext, TUser>;
-    protected accessTokenHandler: TokenHandlerConfig;
-    protected refreshTokenHandler?: TokenHandlerConfig;
+    protected accessTokenConfig: TokenConfig;
+    protected refreshTokenConfig?: TokenConfig;
     protected session?: SessionHandler;
     protected logger?: Soap.Logger;
-    constructor(config: OAuth2StrategyConfig<TContext, TUser>, accessTokenHandler: TokenHandlerConfig, refreshTokenHandler?: TokenHandlerConfig, session?: SessionHandler, logger?: Soap.Logger);
+    constructor(config: OAuth2StrategyConfig<TContext, TUser>, accessTokenConfig: TokenConfig, refreshTokenConfig?: TokenConfig, session?: SessionHandler, logger?: Soap.Logger);
     authenticate(context: TContext): Promise<AuthResult<TUser>>;
     protected verifyAuthorizationCode(context: TContext, code: string): void;
     protected extractAuthorizationCode(context: TContext): string | null;

package/build/strategies/oauth2/oauth2.strategy.js

@@ -10,35 +10,35 @@ const token_based_auth_strategy_1 = require("../token-based-auth.strategy");
 const oauth2_tools_1 = require("./oauth2.tools");
 class OAuth2Strategy extends token_based_auth_strategy_1.TokenBasedAuthStrategy {
     config;
-    accessTokenHandler;
-    refreshTokenHandler;
+    accessTokenConfig;
+    refreshTokenConfig;
     session;
     logger;
-    constructor(config, accessTokenHandler, refreshTokenHandler, session, logger) {
-        super(config, accessTokenHandler, refreshTokenHandler, session, logger);
+    constructor(config, accessTokenConfig, refreshTokenConfig, session, logger) {
+        super(config, accessTokenConfig, refreshTokenConfig, session, logger);
         this.config = config;
-        this.accessTokenHandler = accessTokenHandler;
-        this.refreshTokenHandler = refreshTokenHandler;
+        this.accessTokenConfig = accessTokenConfig;
+        this.refreshTokenConfig = refreshTokenConfig;
         this.session = session;
         this.logger = logger;
-        this.config.scope = this.config.scope ?? "openid profile email";
+        this.config.scope = this.config.scope ?? "email";
     }
     async authenticate(context) {
         try {
             let user;
             let refreshToken;
-            let accessToken = await this.accessTokenHandler.retrieve?.(context);
+            let accessToken = await this.accessTokenConfig.retrieve?.(context);
             if (!accessToken) {
                 this.logger?.info("No access token found, checking for refresh token.");
-                refreshToken = await this.refreshTokenHandler?.retrieve?.(context);
+                refreshToken = await this.refreshTokenConfig?.retrieve?.(context);
                 if (refreshToken) {
                     this.logger?.info("Found refresh token, attempting to refresh access token.");
                     const newTokens = await this.refreshAccessToken(context);
                     accessToken = newTokens.accessToken;
-                    this.accessTokenHandler.embed?.(context, accessToken);
+                    this.accessTokenConfig.embed?.(context, accessToken);
                     if (newTokens.refreshToken) {
                         refreshToken = newTokens.refreshToken;
-                        this.refreshTokenHandler?.embed?.(context, newTokens.refreshToken);
+                        this.refreshTokenConfig?.embed?.(context, newTokens.refreshToken);
                     }
                 }
                 else {
@@ -67,24 +67,24 @@ class OAuth2Strategy extends token_based_auth_strategy_1.TokenBasedAuthStrategy
                         default:
                             throw new Error(`Unsupported grant type: ${this.config.grantType}`);
                     }
-                    this.accessTokenHandler.embed?.(context, accessToken);
+                    this.accessTokenConfig.embed?.(context, accessToken);
                     if (refreshToken) {
-                        this.refreshTokenHandler?.embed?.(context, refreshToken);
+                        this.refreshTokenConfig?.embed?.(context, refreshToken);
                     }
                 }
             }
             else if (accessToken && (await this.isTokenExpired(accessToken))) {
                 this.logger?.info("Access token expired, attempting refresh.");
-                refreshToken = await this.refreshTokenHandler?.retrieve?.(context);
+                refreshToken = await this.refreshTokenConfig?.retrieve?.(context);
                 if (!refreshToken) {
                     throw new errors_1.MissingTokenError("Refresh");
                 }
                 const newTokens = await this.refreshAccessToken(context);
                 accessToken = newTokens.accessToken;
-                this.accessTokenHandler.embed?.(context, accessToken);
+                this.accessTokenConfig.embed?.(context, accessToken);
                 if (newTokens.refreshToken && newTokens.refreshToken !== refreshToken) {
                     refreshToken = newTokens.refreshToken;
-                    this.refreshTokenHandler?.embed?.(context, newTokens.refreshToken);
+                    this.refreshTokenConfig?.embed?.(context, newTokens.refreshToken);
                 }
             }
             if (!accessToken) {
@@ -126,7 +126,7 @@ class OAuth2Strategy extends token_based_auth_strategy_1.TokenBasedAuthStrategy
     }
     buildAuthorizationUrl(context) {
         let authorizationUrl = `${this.config.endpoints.authorizationUrl}?client_id=${this.config.clientId}&redirect_uri=${encodeURIComponent(this.config.redirectUri)}&response_type=code&scope=${this.config.scope ?? ""}`;
-        if (this.config.pkce?.enabled) {
+        if (this.config.pkce) {
             const codeVerifier = this.config.pkce.generateCodeVerifier
                 ? this.config.pkce.generateCodeVerifier()
                 : oauth2_tools_1.OAuth2Tools.generateCodeVerifier();
@@ -143,7 +143,7 @@ class OAuth2Strategy extends token_based_auth_strategy_1.TokenBasedAuthStrategy
             code,
             redirect_uri: this.config.redirectUri,
         };
-        if (this.config.pkce?.enabled) {
+        if (this.config.pkce) {
             const codeVerifier = this.config.pkce.retrieveCodeVerifier?.(context);
             if (!codeVerifier) {
                 throw new Error("Missing PKCE code verifier in context.");
@@ -215,7 +215,7 @@ class OAuth2Strategy extends token_based_auth_strategy_1.TokenBasedAuthStrategy
     }
     async refreshAccessToken(context) {
         try {
-            const refreshToken = await this.refreshTokenHandler?.retrieve?.(context);
+            const refreshToken = await this.refreshTokenConfig?.retrieve?.(context);
             if (!refreshToken) {
                 throw new errors_1.MissingTokenError("Refresh");
             }
@@ -229,9 +229,9 @@ class OAuth2Strategy extends token_based_auth_strategy_1.TokenBasedAuthStrategy
                 accessToken: response.data.access_token,
                 refreshToken: response.data.refresh_token,
             };
-            await this.accessTokenHandler.embed?.(context, refreshedTokens.accessToken);
+            await this.accessTokenConfig.embed?.(context, refreshedTokens.accessToken);
             if (refreshedTokens.refreshToken) {
-                await this.refreshTokenHandler?.embed?.(context, refreshedTokens.refreshToken);
+                await this.refreshTokenConfig?.embed?.(context, refreshedTokens.refreshToken);
             }
             return refreshedTokens;
         }

package/build/strategies/oauth2/oauth2.types.d.ts

@@ -1,4 +1,4 @@
-import { TokenBasedAuthStrategyConfig } from "../../types";
+import { TokenBasedAuthStrategyConfig, TokenConfig } from "../../types";
 export interface OAuth2Endpoints {
     authorizationUrl: string;
     tokenUrl: string;
@@ -6,7 +6,7 @@ export interface OAuth2Endpoints {
     introspectionUrl?: string;
     revocationUrl?: string;
 }
-export interface OAuth2StrategyConfig<TContext = unknown, TUser = unknown> extends TokenBasedAuthStrategyConfig<TContext, TUser>, PKCEConfig<TContext> {
+export interface OAuth2StrategyConfig<TContext = unknown, TUser = unknown> extends TokenBasedAuthStrategyConfig<TContext, TUser> {
     clientId: string;
     clientSecret: string;
     redirectUri: string;
@@ -18,12 +18,12 @@ export interface OAuth2StrategyConfig<TContext = unknown, TUser = unknown> exten
         username: string;
         password: string;
     };
+    pkce?: PKCEConfig<TContext>;
+    accessToken?: TokenConfig;
+    refreshToken?: TokenConfig;
 }
 export interface PKCEConfig<TContext> {
-    pkce?: {
-        enabled?: boolean;
-        generateCodeVerifier?: () => string;
-        storeCodeVerifier?: (context: TContext, codeVerifier: string) => void;
-        retrieveCodeVerifier?: (context: TContext) => string | null;
-    };
+    generateCodeVerifier?: () => string;
+    storeCodeVerifier?: (context: TContext, codeVerifier: string) => void;
+    retrieveCodeVerifier?: (context: TContext) => string | null;
 }

package/build/strategies/token-based-auth.strategy.d.ts

@@ -1,15 +1,15 @@
 import * as Soap from "@soapjs/soap";
 import { AuthResult, TokenBasedAuthStrategyConfig } from "../types";
 import { BaseAuthStrategy } from "./base-auth.strategy";
-import { TokenHandlerConfig } from "../types";
+import { TokenConfig } from "../types";
 import { SessionHandler } from "../session/session-handler";
 export declare abstract class TokenBasedAuthStrategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> {
     protected config: TokenBasedAuthStrategyConfig<TContext, TUser>;
-    protected accessTokenHandler: TokenHandlerConfig;
-    protected refreshTokenHandler?: TokenHandlerConfig;
+    protected accessTokenConfig?: TokenConfig;
+    protected refreshTokenConfig?: TokenConfig;
     protected session?: SessionHandler;
     protected logger?: Soap.Logger;
-    constructor(config: TokenBasedAuthStrategyConfig<TContext, TUser>, accessTokenHandler: TokenHandlerConfig, refreshTokenHandler?: TokenHandlerConfig, session?: SessionHandler, logger?: Soap.Logger);
+    constructor(config: TokenBasedAuthStrategyConfig<TContext, TUser>, accessTokenConfig?: TokenConfig, refreshTokenConfig?: TokenConfig, session?: SessionHandler, logger?: Soap.Logger);
     protected retrieveUser(decodedToken: any): Promise<TUser | null>;
     authenticate(context: TContext): Promise<AuthResult<TUser>>;
     logout(context: TContext): Promise<void>;

package/build/strategies/token-based-auth.strategy.js

@@ -5,15 +5,15 @@ const base_auth_strategy_1 = require("./base-auth.strategy");
 const errors_1 = require("../errors");
 class TokenBasedAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
     config;
-    accessTokenHandler;
-    refreshTokenHandler;
+    accessTokenConfig;
+    refreshTokenConfig;
     session;
     logger;
-    constructor(config, accessTokenHandler, refreshTokenHandler, session, logger) {
+    constructor(config, accessTokenConfig, refreshTokenConfig, session, logger) {
         super(config, session, logger);
         this.config = config;
-        this.accessTokenHandler = accessTokenHandler;
-        this.refreshTokenHandler = refreshTokenHandler;
+        this.accessTokenConfig = accessTokenConfig;
+        this.refreshTokenConfig = refreshTokenConfig;
         this.session = session;
         this.logger = logger;
     }
@@ -22,11 +22,12 @@ class TokenBasedAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
     }
     async authenticate(context) {
         try {
-            let accessToken = await this.accessTokenHandler.retrieve?.(context);
+            let accessToken = await this.accessTokenConfig.retrieve?.(context);
+            let refreshToken;
             await this.checkRateLimit(context);
             if (accessToken) {
                 try {
-                    const decoded = await this.accessTokenHandler.verify?.(accessToken);
+                    const decoded = await this.accessTokenConfig.verify?.(accessToken);
                     const user = await this.retrieveUser(decoded);
                     if (!user) {
                         throw new errors_1.UserNotFoundError();
@@ -38,13 +39,18 @@ class TokenBasedAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
                     this.logger?.warn("Access token is invalid or expired, trying refresh token...");
                 }
             }
-            const refreshToken = await this.refreshTokenHandler?.retrieve?.(context);
-            if (!refreshToken) {
-                throw new errors_1.MissingTokenError();
+            if (this.refreshTokenConfig) {
+                refreshToken = await this.refreshTokenConfig?.retrieve?.(context);
+                if (!refreshToken) {
+                    throw new errors_1.MissingTokenError("Refresh");
+                }
+                accessToken = await this.refreshTokenConfig?.rotate?.(refreshToken);
+                if (!accessToken) {
+                    throw new errors_1.MissingTokenError("Access");
+                }
             }
-            accessToken = await this.refreshTokenHandler?.rotate?.(refreshToken);
-            this.accessTokenHandler.embed?.(context, accessToken);
-            const decoded = await this.accessTokenHandler.verify?.(accessToken);
+            this.accessTokenConfig.embed?.(context, accessToken);
+            const decoded = await this.accessTokenConfig.verify?.(accessToken);
             const user = await this.retrieveUser(decoded);
             if (!user) {
                 throw new errors_1.UserNotFoundError();
@@ -59,9 +65,9 @@ class TokenBasedAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
     }
     async logout(context) {
         try {
-            await this.accessTokenHandler.remove?.(context);
-            if (this.refreshTokenHandler) {
-                await this.refreshTokenHandler.remove?.(context);
+            await this.accessTokenConfig.remove?.(context);
+            if (this.refreshTokenConfig) {
+                await this.refreshTokenConfig.remove?.(context);
             }
             await this.config.logout.onSuccess?.(context);
             this.logger?.info("User logged out successfully.");
@@ -74,32 +80,32 @@ class TokenBasedAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
     }
     async generateTokens(user, context) {
         const payload = { userId: user.id, roles: user.roles };
-        const accessToken = this.accessTokenHandler.generate?.(payload);
+        const accessToken = this.accessTokenConfig.generate?.(payload);
         if (!accessToken)
             throw new Error("Failed to generate access token.");
-        await this.accessTokenHandler.store?.(accessToken, user, +this.accessTokenHandler.expiresIn);
-        this.accessTokenHandler.embed?.(context, accessToken);
+        await this.accessTokenConfig.store?.(accessToken, user, +this.accessTokenConfig.expiresIn);
+        this.accessTokenConfig.embed?.(context, accessToken);
         let refreshToken;
-        if (this.refreshTokenHandler) {
-            refreshToken = this.refreshTokenHandler.generate?.(payload);
+        if (this.refreshTokenConfig) {
+            refreshToken = this.refreshTokenConfig.generate?.(payload);
             if (refreshToken) {
-                await this.refreshTokenHandler.store?.(refreshToken, user, +this.refreshTokenHandler.expiresIn);
-                this.refreshTokenHandler.embed?.(context, refreshToken);
+                await this.refreshTokenConfig.store?.(refreshToken, user, +this.refreshTokenConfig.expiresIn);
+                this.refreshTokenConfig.embed?.(context, refreshToken);
             }
         }
         return { accessToken, refreshToken };
     }
     async rotateToken(context) {
         try {
-            if (!this.refreshTokenHandler) {
+            if (!this.refreshTokenConfig) {
                 throw new Error("Refresh token handler is not configured.");
             }
-            const refreshToken = await this.refreshTokenHandler.retrieve?.(context);
+            const refreshToken = await this.refreshTokenConfig.retrieve?.(context);
             if (!refreshToken) {
                 throw new errors_1.MissingTokenError("Refresh");
             }
-            const newAccessToken = await this.refreshTokenHandler.rotate?.(refreshToken);
-            this.accessTokenHandler.embed?.(context, newAccessToken);
+            const newAccessToken = await this.refreshTokenConfig.rotate?.(refreshToken);
+            this.accessTokenConfig.embed?.(context, newAccessToken);
             return { accessToken: newAccessToken, refreshToken };
         }
         catch (error) {

package/build/types.d.ts

@@ -40,15 +40,17 @@ export interface AuthResultConfig<TContext = unknown, TUser = unknown> {
     onFailure?: (context: AuthFailureContext<TContext>) => Promise<void> | void;
 }
 export interface SecurityConfig {
-    security?: {
-        maxFailedLoginAttempts?: number;
-        lockoutDuration?: number;
-        notifyOnLockout?: (account: any) => Promise<void>;
-    };
+    maxFailedLoginAttempts?: number;
+    lockoutDuration?: number;
+    notifyOnLockout?: (account: any) => Promise<void>;
 }
-export interface BaseAuthStrategyConfig<TContext = unknown, TUser = unknown> extends AccountLockConfig<TContext>, RateLimitConfig, RoleAuthorizationConfig<TUser>, SecurityConfig {
+export interface BaseAuthStrategyConfig<TContext = unknown, TUser = unknown> {
     mfa?: MfaConfig<TUser, TContext>;
     session?: SessionConfig;
+    role?: RoleAuthorizationConfig<TUser>;
+    rateLimit?: RateLimitConfig;
+    security?: SecurityConfig;
+    lock?: AccountLockConfig<TContext>;
 }
 export interface AuditLoggingConfig<TContext = unknown> {
     logAttempt?: (userId: string, success: boolean, context?: TContext) => Promise<void>;
@@ -98,15 +100,14 @@ export interface CredentialBasedAuthStrategyConfig<TContext = unknown, TUser = u
         updatePassword?: (identifier: string, newPassword: string) => Promise<void>;
     } & AuthResultConfig<TContext, TUser>;
 }
-export interface TokenBasedAuthStrategyConfig<TContext = unknown, TUser = unknown> extends BaseAuthStrategyConfig<TContext, TUser>, TokenRotationConfig<TUser> {
-    tokens?: TokenHandlersConfig;
+export interface TokenBasedAuthStrategyConfig<TContext = unknown, TUser = unknown> extends BaseAuthStrategyConfig<TContext, TUser> {
+    rotation?: TokenRotationConfig<TUser>;
     login: {
         retrieveUserData: (identifier: string) => Promise<TUser | null>;
     } & AuthResultConfig<TContext, TUser>;
     logout: {} & AuthResultConfig<TContext, TUser>;
 }
 export interface TokenRotationConfig<TUser = unknown> {
-    enableRotation?: boolean;
     maxRotations?: number;
     storeUsedTokens?: boolean;
     getRefreshToken?: (user: TUser) => Promise<string>;
@@ -184,7 +185,6 @@ export interface SoapSocketAuthConfig<TContext = unknown, TUser = unknown> {
 }
 export interface SoapAuthConfig<TContext = unknown, TUser = unknown> {
     session?: SessionConfig;
-    tokens?: TokenHandlersConfig;
     http?: SoapHttpAuthConfig<TContext, TUser>;
     socket?: SoapSocketAuthConfig<TContext, TUser>;
     logger?: Soap.Logger;
@@ -230,7 +230,7 @@ export interface StorageContext {
     encrypt?: (data: string) => Promise<string> | string;
     decrypt?: (data: string) => Promise<string> | string;
 }
-export interface TokenHandlerConfig {
+export interface TokenConfig {
     secretKey: string;
     expiresIn: string | number;
     audience?: string | string[];
@@ -245,7 +245,3 @@ export interface TokenHandlerConfig {
     embed?: (context: any, token: string) => void;
     rotate?: (oldToken: string) => Promise<string>;
 }
-export interface TokenHandlersConfig {
-    access: TokenHandlerConfig;
-    refresh?: TokenHandlerConfig;
-}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@soapjs/soap-auth",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "",
   "homepage": "https://docs.soapjs.com",
   "repository": "https://github.com/soapjs/soap-auth",
@@ -15,14 +15,14 @@
     "prepublish": "npm run clean && tsc --project tsconfig.build.json"
   },
   "devDependencies": {
-    "@soapjs/soap": "^0.5.2",
+    "@soapjs/soap": "^0.5.8",
     "@types/jest": "^27.0.3",
     "jest": "^27.4.5",
     "ts-jest": "^27.1.3",
     "typescript": "^4.8.2"
   },
   "peerDependencies": {
-    "@soapjs/soap": ">=0.5.2"
+    "@soapjs/soap": ">=0.5.8"
   },
   "dependencies": {
     "axios": "^1.7.9",