@soapjs/soap-auth 0.1.0 → 0.2.0

package/build/soap-auth.js

@@ -5,71 +5,101 @@ const http_auth_strategy_factory_1 = require("./factories/http-auth-strategy.fac
 const socket_auth_strategy_factory_1 = require("./factories/socket-auth-strategy.factory");
 class SoapAuth {
     requiredStrategyMethods = ["authenticate", "init"];
-    httpStrategies = new Map();
-    socketStrategies = new Map();
+    strategies = new Map();
+    logger;
     constructor(config) {
         const httpFactory = new http_auth_strategy_factory_1.HttpAuthStrategyFactory(config.logger);
-        this.httpStrategies = httpFactory.createStrategies(config);
         const socketFactory = new socket_auth_strategy_factory_1.SocketAuthStrategyFactory(config.logger);
-        this.socketStrategies = socketFactory.createStrategies(config);
+        const httpStrategies = httpFactory.createStrategies(config);
+        const socketStrategies = socketFactory.createStrategies(config);
+        this.strategies.set("http", httpStrategies);
+        this.strategies.set("socket", socketStrategies);
+        this.logger = config.logger;
     }
     isAuthStrategy(strategy) {
-        const isValidStrategy = this.requiredStrategyMethods.every((method) => typeof strategy[method] === "function");
-        return isValidStrategy;
+        return (typeof strategy === "object" &&
+            strategy !== null &&
+            this.requiredStrategyMethods.every((method) => typeof strategy[method] === "function"));
     }
-    addStrategy(strategiesMap, type, strategyInstance) {
+    addStrategy(strategyInstance, name, type) {
+        if (!this.strategies.has(type)) {
+            throw new Error(`Invalid strategy type "${type}". Expected "http" or "socket".`);
+        }
         if (this.isAuthStrategy(strategyInstance)) {
-            strategiesMap.set(type, strategyInstance);
+            this.strategies.get(type).set(name, strategyInstance);
         }
-    }
-    removeStrategy(type) {
-        if (this.httpStrategies.has(type)) {
-            this.httpStrategies.delete(type);
-            return true;
+        else {
+            this.logger?.error("Invalid authentication strategy provided.");
+            throw new Error("Invalid authentication strategy: does not implement required methods.");
         }
-        if (this.socketStrategies.has(type)) {
-            this.socketStrategies.delete(type);
-            return true;
+    }
+    removeStrategy(name, type) {
+        if (!this.strategies.has(type)) {
+            throw new Error(`Invalid strategy type "${type}". Expected "http" or "socket".`);
         }
-        return false;
+        const names = Array.isArray(name) ? name : [name];
+        names.forEach((n) => {
+            this.strategies.get(type).delete(n);
+        });
     }
-    hasStrategy(type) {
-        return this.httpStrategies.has(type) || this.socketStrategies.has(type);
+    hasStrategy(name, type) {
+        if (!this.strategies.has(type)) {
+            throw new Error(`Invalid strategy type "${type}". Expected "http" or "socket".`);
+        }
+        return this.strategies.get(type).has(name);
     }
-    getStrategy(strategyName, layer = "http") {
-        return layer === "http"
-            ? this.httpStrategies.get(strategyName)
-            : this.socketStrategies.get(strategyName);
+    getStrategy(name, type) {
+        if (!this.strategies.has(type)) {
+            throw new Error(`Invalid strategy type "${type}". Expected "http" or "socket".`);
+        }
+        const strategy = this.strategies.get(type).get(name);
+        if (!strategy) {
+            throw new Error(`Authentication strategy "${name}" not found.`);
+        }
+        return strategy;
     }
-    listStrategies() {
-        return [...this.httpStrategies.keys(), ...this.socketStrategies.keys()];
+    listStrategies(type) {
+        if (!this.strategies.has(type)) {
+            throw new Error(`Invalid strategy type "${type}". Expected "http" or "socket".`);
+        }
+        return Array.from(this.strategies.get(type).keys());
     }
     async init(sequential = false) {
         const strategies = [
-            ...this.httpStrategies.values(),
-            ...this.socketStrategies.values(),
+            ...this.strategies.get("http").values(),
+            ...this.strategies.get("socket").values(),
         ];
         if (sequential) {
             for (const strategy of strategies) {
-                await strategy.init();
+                try {
+                    await strategy.init();
+                }
+                catch (error) {
+                    this.logger?.error(`Failed to initialize strategy: ${error.message}`);
+                }
             }
         }
         else {
-            await Promise.all(strategies.map((strategy) => strategy.init()));
+            await Promise.all(strategies.map((strategy) => strategy
+                .init()
+                .catch((error) => this.logger?.error(`Failed to initialize strategy: ${error.message}`))));
         }
     }
-    async authenticate(strategyName, context) {
-        const strategy = this.getStrategy(strategyName);
+    async authenticate(type, name, context) {
+        const strategy = this.getStrategy(name, type);
         if (!strategy) {
-            throw new Error(`Authentication strategy "${strategyName}" not found.`);
+            throw new Error(`Authentication strategy "${name}" not found.`);
         }
         return strategy.authenticate(context);
     }
-    async logout(strategyName, context) {
-        const strategy = this.getStrategy(strategyName);
+    async logout(type, name, context) {
+        const strategy = this.getStrategy(name, type);
         if (strategy?.logout) {
             await strategy.logout(context);
         }
+        else {
+            this.logger?.error(`No "logout" implementation in strategy "${name}".`);
+        }
     }
 }
 exports.SoapAuth = SoapAuth;

package/build/strategies/api-key/api-key.strategy.d.ts

@@ -1,9 +1,9 @@
 import * as Soap from "@soapjs/soap";
 import { AuthResult, AuthStrategy } from "../../types";
 import { ApiKeyStrategyConfig } from "./api-key.types";
-export declare class ApiKeyStrategy<TContext = unknown, TUser = unknown> implements AuthStrategy<TContext, TUser> {
-    private config;
-    private logger;
+import { BaseAuthStrategy } from "../base-auth.strategy";
+export declare class ApiKeyStrategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> implements AuthStrategy<TContext, TUser> {
+    protected config: ApiKeyStrategyConfig<TContext, TUser>;
     constructor(config: ApiKeyStrategyConfig<TContext, TUser>, logger: Soap.Logger);
     init(): Promise<void>;
     authenticate(context?: TContext): Promise<AuthResult<TUser>>;
@@ -11,4 +11,5 @@ export declare class ApiKeyStrategy<TContext = unknown, TUser = unknown> impleme
     revoke(apiKey: string): Promise<void>;
     private trackApiKeyUsage;
     private incrementRequestCount;
+    logout(context: TContext): Promise<void>;
 }

package/build/strategies/api-key/api-key.strategy.js

@@ -3,12 +3,12 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ApiKeyStrategy = void 0;
 const api_key_errors_1 = require("./api-key.errors");
 const errors_1 = require("../../errors");
-class ApiKeyStrategy {
+const base_auth_strategy_1 = require("../base-auth.strategy");
+class ApiKeyStrategy extends base_auth_strategy_1.BaseAuthStrategy {
     config;
-    logger;
     constructor(config, logger) {
+        super(config, null, logger);
         this.config = config;
-        this.logger = logger;
         if (!this.config.extractApiKey || !this.config.retrieveUserByApiKey) {
             throw new Error("ApiKeyStrategy requires extractApiKey and retrieveUserByApiKey functions.");
         }
@@ -45,13 +45,13 @@ class ApiKeyStrategy {
             }
             await this.trackApiKeyUsage(apiKey);
             await this.incrementRequestCount(apiKey);
-            await this.config.onSuccess?.({ user, context });
+            await this.onSuccess("authenticate", { user, context });
             return { user };
         }
         catch (error) {
             this.logger.error("API Key authentication error:", error);
             try {
-                await this.config.onFailure?.({ error, context });
+                await this.onFailure("authenticate", { error, context });
             }
             catch (callbackError) {
                 this.logger.error("onFailure callback error during authentication:", callbackError);
@@ -63,7 +63,7 @@ class ApiKeyStrategy {
         if (this.config.authorize) {
             return this.config.authorize(user, action, resource);
         }
-        throw new Error("Authorization logic is not implemented.");
+        return true;
     }
     async revoke(apiKey) {
         if (this.config.revokeApiKey) {
@@ -91,5 +91,8 @@ class ApiKeyStrategy {
             this.logger.warn("Failed to increment request count:", error);
         }
     }
+    logout(context) {
+        return;
+    }
 }
 exports.ApiKeyStrategy = ApiKeyStrategy;

package/build/strategies/api-key/api-key.types.d.ts

@@ -1,11 +1,9 @@
-import { RateLimitConfig, RoleAuthorizationConfig, AuthFailureContext, AuthSuccessContext, AccountLockConfig } from "../../types";
-export interface ApiKeyStrategyConfig<TContext = unknown, TUser = unknown> extends ApiKeyTrackingConfig, RateLimitConfig, RoleAuthorizationConfig<TUser>, AccountLockConfig<TContext> {
+import { RateLimitConfig, RoleAuthorizationConfig, AccountLockConfig, AuthResultConfig } from "../../types";
+export interface ApiKeyStrategyConfig<TContext = unknown, TUser = unknown> extends AuthResultConfig<TContext, TUser>, ApiKeyTrackingConfig, RateLimitConfig, RoleAuthorizationConfig<TUser>, AccountLockConfig<TContext> {
     extractApiKey: (context: TContext) => string | null;
     retrieveUserByApiKey: (apiKey: string) => Promise<TUser | null>;
     authorize?: (user: TUser, action: string, resource?: string) => Promise<boolean>;
     revokeApiKey?: (apiKey: string) => Promise<void>;
-    onSuccess?: (context: AuthSuccessContext<TUser, TContext>) => Promise<void> | void;
-    onFailure?: (context: AuthFailureContext<TContext>) => Promise<void> | void;
 }
 export interface ApiKeyTrackingConfig {
     trackApiKeyUsage?: (apiKey: string) => Promise<void>;

package/build/strategies/base-auth.strategy.d.ts

@@ -1,17 +1,18 @@
 import * as Soap from "@soapjs/soap";
-import { AuthResult, AuthStrategy, BaseAuthStrategyConfig } from "../types";
+import { AuthFailureContext, AuthResult, AuthStrategy, AuthSuccessContext, BaseAuthStrategyConfig } from "../types";
 import { SessionHandler } from "../session/session-handler";
 export declare abstract class BaseAuthStrategy<TContext = unknown, TUser = unknown> implements AuthStrategy<TContext, TUser> {
     protected config: BaseAuthStrategyConfig<TContext, TUser>;
     protected session?: SessionHandler;
     protected logger?: Soap.Logger;
     abstract authenticate(context?: TContext): Promise<AuthResult<TUser>>;
-    protected abstract retrieveUser(context: TContext): Promise<TUser | null>;
     abstract logout(context: TContext): Promise<void>;
     constructor(config: BaseAuthStrategyConfig<TContext, TUser>, session?: SessionHandler, logger?: Soap.Logger);
     init(): Promise<void>;
-    protected isAccountLocked(account: any, ...args: unknown[]): Promise<boolean>;
+    protected isAccountLocked(account: any): Promise<boolean>;
     protected isAuthorized(user: TUser): Promise<boolean>;
     protected checkRateLimit(data: unknown): Promise<void>;
     protected checkMfa(user: TUser, context: TContext): Promise<void>;
+    protected onSuccess(action: string, context: AuthSuccessContext<TUser, TContext>): Promise<void>;
+    protected onFailure(action: string, context: AuthFailureContext<TContext>): Promise<void>;
 }

package/build/strategies/base-auth.strategy.js

@@ -14,15 +14,15 @@ class BaseAuthStrategy {
     async init() {
         return Promise.resolve();
     }
-    async isAccountLocked(account, ...args) {
-        if (await this.config.isAccountLocked?.(account, ...args)) {
+    async isAccountLocked(account) {
+        if (await this.config.lock.isAccountLocked?.(account)) {
             throw new errors_1.AccountLockedError();
         }
         return false;
     }
     async isAuthorized(user) {
-        if (this.config.authorizeByRoles && this.config.roles) {
-            const hasAccess = await this.config.authorizeByRoles(user, this.config.roles);
+        if (this.config.role.authorizeByRoles && this.config.role.roles) {
+            const hasAccess = await this.config.role.authorizeByRoles(user, this.config.role.roles);
             if (!hasAccess) {
                 throw new errors_1.UnauthorizedRoleError();
             }
@@ -30,8 +30,8 @@ class BaseAuthStrategy {
         return true;
     }
     async checkRateLimit(data) {
-        if (this.config.checkRateLimit &&
-            (await this.config.checkRateLimit(data))) {
+        if (this.config.rateLimit.checkRateLimit &&
+            (await this.config.rateLimit.checkRateLimit(data))) {
             throw new errors_1.RateLimitExceededError();
         }
     }
@@ -65,5 +65,21 @@ class BaseAuthStrategy {
             throw error;
         }
     }
+    async onSuccess(action, context) {
+        try {
+            await this.config.onSuccess?.(action, context);
+        }
+        catch (error) {
+            this.logger?.error(error);
+        }
+    }
+    async onFailure(action, context) {
+        try {
+            await this.config.onFailure?.(action, context);
+        }
+        catch (error) {
+            this.logger?.error(error);
+        }
+    }
 }
 exports.BaseAuthStrategy = BaseAuthStrategy;

package/build/strategies/basic/basic.strategy.d.ts

@@ -1,25 +1,19 @@
 import * as Soap from "@soapjs/soap";
-import { CredentialBasedAuthStrategy } from "../credential-based-auth.strategy";
+import { CredentialAuthStrategy } from "../credential-auth.strategy";
 import { BasicContext, BasicStrategyConfig } from "./basic.types";
 import { SessionHandler } from "../../session/session-handler";
-export declare class BasicStrategy<TContext extends BasicContext = BasicContext, TUser = unknown> extends CredentialBasedAuthStrategy<TContext, TUser> {
+export declare class BasicStrategy<TContext extends BasicContext = BasicContext, TUser = unknown> extends CredentialAuthStrategy<TContext, TUser> {
     protected config: BasicStrategyConfig<TContext, TUser>;
     protected session?: SessionHandler;
     protected logger?: Soap.Logger;
     constructor(config: BasicStrategyConfig<TContext, TUser>, session?: SessionHandler, logger?: Soap.Logger);
-    protected extractCredentials(context?: TContext): Promise<{
+    protected extractCredentials(context?: TContext): {
         identifier: string;
         password: string;
-    }>;
-    protected verifyCredentials(credentials: {
-        identifier: string;
-        password: string;
-    }): Promise<boolean>;
+    };
+    protected verifyCredentials(identifier: string, password: string): Promise<boolean>;
     protected retrieveUser(credentials: {
         identifier: string;
         password: string;
     }): Promise<TUser | null>;
-    requestPasswordReset(email: string): Promise<void>;
-    resetPassword(email: string, token: string, newPassword: string): Promise<void>;
-    changePassword(email: string, oldPassword: string, newPassword: string): Promise<void>;
 }

package/build/strategies/basic/basic.strategy.js

@@ -1,9 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.BasicStrategy = void 0;
-const credential_based_auth_strategy_1 = require("../credential-based-auth.strategy");
+const credential_auth_strategy_1 = require("../credential-auth.strategy");
 const errors_1 = require("../../errors");
-class BasicStrategy extends credential_based_auth_strategy_1.CredentialBasedAuthStrategy {
+class BasicStrategy extends credential_auth_strategy_1.CredentialAuthStrategy {
     config;
     session;
     logger;
@@ -13,17 +13,21 @@ class BasicStrategy extends credential_based_auth_strategy_1.CredentialBasedAuth
         this.session = session;
         this.logger = logger;
     }
-    async extractCredentials(context) {
-        const authHeader = context?.headers?.authorization || context?.headers?.["x-custom-auth"];
+    extractCredentials(context) {
+        const authHeader = this.config.credentials.extractCredentials
+            ? this.config.credentials.extractCredentials(context)
+            : context?.headers?.authorization ||
+                context?.headers?.["x-custom-auth"] ||
+                context?.headers?.["proxy-authorization"];
         if (!authHeader) {
             throw new errors_1.MissingCredentialsError();
         }
-        const parts = authHeader.split(" ");
-        if (parts.length !== 2 || parts[0] !== "Basic") {
+        if (!authHeader || !authHeader.toLowerCase().startsWith("basic ")) {
             throw new errors_1.InvalidCredentialsError();
         }
+        const encoded = authHeader.substring(6);
         try {
-            const decoded = Buffer.from(parts[1], "base64").toString("utf-8");
+            const decoded = Buffer.from(encoded, "base64").toString("utf-8");
             const [username, password] = decoded.split(":");
             if (!username || !password) {
                 throw new errors_1.InvalidCredentialsError();
@@ -34,20 +38,11 @@ class BasicStrategy extends credential_based_auth_strategy_1.CredentialBasedAuth
             throw new errors_1.InvalidCredentialsError();
         }
     }
-    async verifyCredentials(credentials) {
-        return this.config.login.verifyUserCredentials(credentials.identifier, credentials.password);
+    async verifyCredentials(identifier, password) {
+        return this.config.credentials.verifyCredentials(identifier, password);
     }
     async retrieveUser(credentials) {
-        return this.config.login.retrieveUserData(credentials.identifier);
-    }
-    async requestPasswordReset(email) {
-        await super.requestPasswordReset(email);
-    }
-    async resetPassword(email, token, newPassword) {
-        await super.resetPassword(email, token, newPassword);
-    }
-    async changePassword(email, oldPassword, newPassword) {
-        await super.changePassword(email, oldPassword, newPassword);
+        return this.config.user.getUserData(credentials.identifier);
     }
 }
 exports.BasicStrategy = BasicStrategy;

package/build/strategies/basic/basic.types.d.ts

@@ -1,5 +1,5 @@
-import { CredentialBasedAuthStrategyConfig } from "../../types";
-export interface BasicStrategyConfig<TContext = unknown, TUser = unknown> extends CredentialBasedAuthStrategyConfig<TContext, TUser> {
+import { CredentialAuthStrategyConfig } from "../../types";
+export interface BasicStrategyConfig<TContext = unknown, TUser = unknown> extends CredentialAuthStrategyConfig<TContext, TUser> {
 }
 export type BasicContext = {
     headers: {

package/build/strategies/{credential-based-auth.strategy.d.ts → credential-auth.strategy.d.ts}

@@ -1,21 +1,24 @@
 import * as Soap from "@soapjs/soap";
-import { AuthResult, CredentialBasedAuthStrategyConfig } from "../types";
+import { AuthResult, CredentialAuthStrategyConfig } from "../types";
 import { BaseAuthStrategy } from "./base-auth.strategy";
 import { SessionHandler } from "../session/session-handler";
-export declare abstract class CredentialBasedAuthStrategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> {
-    protected config: CredentialBasedAuthStrategyConfig<TContext, TUser>;
+export declare abstract class CredentialAuthStrategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> {
+    protected config: CredentialAuthStrategyConfig<TContext, TUser>;
     protected session?: SessionHandler;
     protected logger?: Soap.Logger;
-    protected abstract extractCredentials(context?: TContext): Promise<{
-        identifier: string;
-        password: string;
-    }>;
-    protected abstract verifyCredentials(credentials: any): Promise<boolean>;
+    protected abstract verifyCredentials(identifier: string, password: string): Promise<boolean>;
+    protected abstract extractCredentials(context: TContext): any;
     protected abstract retrieveUser(credentials: any): Promise<TUser | null>;
-    constructor(config: CredentialBasedAuthStrategyConfig<TContext, TUser>, session?: SessionHandler, logger?: Soap.Logger);
-    authenticate(context?: TContext): Promise<AuthResult<TUser>>;
+    constructor(config: CredentialAuthStrategyConfig<TContext, TUser>, session?: SessionHandler, logger?: Soap.Logger);
+    protected storeUserSession(user: TUser, context: TContext): Promise<void>;
+    protected handleAuthenticationError(error: Error, context: TContext): Promise<never>;
+    protected preAuthChecks(identifier: string): Promise<void>;
+    protected handleFailedLogin(identifier: string): Promise<void>;
+    protected handleSuccessfulLogin(identifier: string): Promise<void>;
+    protected finalizeAuthentication(user: TUser, context: TContext): Promise<void>;
+    authenticate(context: TContext): Promise<AuthResult<TUser>>;
     protected handleSession(user: TUser, context?: TContext): Promise<void>;
-    logout(context?: TContext): Promise<void>;
+    logout(context: TContext): Promise<void>;
     requestPasswordReset(identifier: string, email?: string): Promise<void>;
     resetPassword(identifier: string, token: string, newPassword: string): Promise<void>;
     changePassword(identifier: string, oldPassword: string, newPassword: string): Promise<void>;
@@ -23,7 +26,7 @@ export declare abstract class CredentialBasedAuthStrategy<TContext = unknown, TU
     protected auditPasswordChange(identifier: string, context?: TContext): Promise<void>;
     protected validatePasswordPolicy(password: string): boolean;
     protected checkFailedAttempts(identifier: string): Promise<void>;
-    protected isAccountLocked(account: any, ...args: unknown[]): Promise<boolean>;
+    protected isAccountLocked(account: any): Promise<boolean>;
     protected incrementFailedAttempts(account: any): Promise<void>;
     protected notifyAccountLocked(identifier: string): Promise<void>;
     protected checkPasswordExpiry(identifier: string): Promise<void>;