@soapjs/soap-auth 0.1.0 → 0.2.0

package/build/tools/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./session.tools";
+export * from "./token.tools";
+export * from "./tools";

package/build/tools/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./session.tools"), exports);
+__exportStar(require("./token.tools"), exports);
+__exportStar(require("./tools"), exports);

package/build/types.d.ts

@@ -36,19 +36,22 @@ export type Credentials = {
     [key: string]: unknown;
 };
 export interface AuthResultConfig<TContext = unknown, TUser = unknown> {
-    onSuccess?: (context: AuthSuccessContext<TUser, TContext>) => Promise<void> | void;
-    onFailure?: (context: AuthFailureContext<TContext>) => Promise<void> | void;
+    onSuccess?: (action: string, context: AuthSuccessContext<TUser, TContext>) => Promise<void> | void;
+    onFailure?: (action: string, context: AuthFailureContext<TContext>) => Promise<void> | void;
 }
 export interface SecurityConfig {
-    security?: {
-        maxFailedLoginAttempts?: number;
-        lockoutDuration?: number;
-        notifyOnLockout?: (account: any) => Promise<void>;
-    };
+    maxFailedLoginAttempts?: number;
+    lockoutDuration?: number;
+    notifyOnLockout?: (account: any) => Promise<void>;
 }
-export interface BaseAuthStrategyConfig<TContext = unknown, TUser = unknown> extends AccountLockConfig<TContext>, RateLimitConfig, RoleAuthorizationConfig<TUser>, SecurityConfig {
+export interface BaseAuthStrategyConfig<TContext = unknown, TUser = unknown> extends AuthResultConfig<TContext, TUser> {
     mfa?: MfaConfig<TUser, TContext>;
     session?: SessionConfig;
+    role?: RoleAuthorizationConfig<TUser>;
+    rateLimit?: RateLimitConfig;
+    security?: SecurityConfig;
+    lock?: AccountLockConfig<TContext>;
+    failedAttempts?: FailedAttemptsConfig;
 }
 export interface AuditLoggingConfig<TContext = unknown> {
     logAttempt?: (userId: string, success: boolean, context?: TContext) => Promise<void>;
@@ -75,55 +78,58 @@ export interface PasswordPolicyConfig {
     getLastPasswordChange?: (identifier: string) => Date;
     forcePasswordChangeOnFirstLogin?: boolean;
     passwordExpirationDays?: number;
+    isPasswordChangeRequired?: (identifier: string) => Promise<boolean>;
+    generateResetToken?: (identifier: string) => Promise<string>;
+    sendResetEmail?: (identifier: string, token: string) => Promise<void>;
+    validateResetToken?: (token: string) => Promise<boolean>;
+    updatePassword?: (identifier: string, newPassword: string) => Promise<void>;
+}
+export interface UserConfig {
+    getUserData: (payload: any) => Promise<any>;
+    validateUser?: (payload: any) => Promise<any>;
+}
+export interface CredentailsConfig<TContext = any> {
+    extractCredentials: <TCredentials = {
+        identifier: string;
+        password: string;
+    }>(context: TContext) => TCredentials;
+    verifyCredentials: (identifier: string, password: string) => Promise<boolean>;
 }
-export interface CredentialBasedAuthStrategyConfig<TContext = unknown, TUser = unknown> extends BaseAuthStrategyConfig<TContext, TUser> {
+export interface FailedAttemptsConfig {
+    incrementFailedAttempts?: (identifier: string, ...rest: unknown[]) => Promise<void>;
+    resetFailedAttempts?: (identifier: string, ...rest: unknown[]) => Promise<void>;
+    getFailedAttempts?: (identifier: string, ...rest: unknown[]) => Promise<number>;
+}
+export interface CredentialAuthStrategyConfig<TContext = unknown, TUser = unknown> extends BaseAuthStrategyConfig<TContext, TUser> {
     passwordPolicy?: PasswordPolicyConfig;
     audit?: AuditLoggingConfig<TContext>;
-    logout: {} & AuthResultConfig<TContext, TUser>;
-    login: {
-        extractCredentials: (context: TContext) => Promise<{
-            identifier: string;
-            password: string;
-        }>;
-        retrieveUserData: (identifier: string) => Promise<TUser | null>;
-        verifyUserCredentials: (identifier: string, password: string) => Promise<boolean>;
-        incrementFailedAttempts?: (identifier: string) => Promise<void>;
-        resetFailedAttempts?: (identifier: string) => Promise<void>;
-        getFailedAttempts?: (identifier: string) => Promise<number>;
-    } & AuthResultConfig<TContext, TUser>;
-    passwordReset?: {
-        generateResetToken?: (identifier: string) => Promise<string>;
-        sendResetEmail?: (identifier: string, token: string) => Promise<void>;
-        validateResetToken?: (token: string) => Promise<boolean>;
-        updatePassword?: (identifier: string, newPassword: string) => Promise<void>;
-    } & AuthResultConfig<TContext, TUser>;
-}
-export interface TokenBasedAuthStrategyConfig<TContext = unknown, TUser = unknown> extends BaseAuthStrategyConfig<TContext, TUser>, TokenRotationConfig<TUser> {
-    tokens?: TokenHandlersConfig;
-    login: {
-        retrieveUserData: (identifier: string) => Promise<TUser | null>;
-    } & AuthResultConfig<TContext, TUser>;
-    logout: {} & AuthResultConfig<TContext, TUser>;
-}
-export interface TokenRotationConfig<TUser = unknown> {
-    enableRotation?: boolean;
-    maxRotations?: number;
-    storeUsedTokens?: boolean;
-    getRefreshToken?: (user: TUser) => Promise<string>;
-    rotateToken?: (refreshToken: string) => Promise<{
-        accessToken: string;
-        refreshToken: string;
-    }>;
-    onTokenRotated?: (user: TUser, newTokens: {
-        accessToken: string;
-        refreshToken: string;
-    }) => Promise<void>;
-    onTokenRotationFailure?: (user: TUser, error: Error) => Promise<void>;
+    credentials?: CredentailsConfig<TContext>;
+    user?: UserConfig;
+    routes?: {
+        login?: AuthRouteConfig;
+        logout?: AuthRouteConfig;
+        resetPassword?: AuthRouteConfig;
+    };
+}
+export type AuthRouteConfig = {
+    path?: string;
+    method?: string;
+};
+export interface TokenAuthStrategyConfig<TContext = unknown, TUser = unknown> extends BaseAuthStrategyConfig<TContext, TUser> {
+    user?: UserConfig;
+    routes: {
+        login?: AuthRouteConfig;
+        logout?: AuthRouteConfig;
+        refresh?: AuthRouteConfig;
+        [key: string]: AuthRouteConfig;
+    };
+    accessToken?: TokenConfig<TContext>;
+    refreshToken?: TokenConfig<TContext>;
 }
 export interface AccountLockConfig<TContext = unknown> {
     logFailedAttempt?: (account: any, context?: TContext) => Promise<void>;
-    lockAccount?: (account: any, ...args: unknown[]) => Promise<void>;
-    isAccountLocked?: (account: any, ...args: unknown[]) => Promise<boolean>;
+    lockAccount?: (account: any) => Promise<void>;
+    isAccountLocked?: (account: any, context?: TContext) => Promise<boolean>;
 }
 export interface RateLimitConfig {
     checkRateLimit?: (...args: unknown[]) => Promise<boolean>;
@@ -158,7 +164,7 @@ export type AuthResult<TUser, TSessionData = unknown> = {
 };
 export interface AuthStrategy<TContext = unknown, TUser = unknown> {
     init?(...args: unknown[]): Promise<void>;
-    authenticate(context?: TContext, ...args: unknown[]): Promise<AuthResult<TUser>>;
+    authenticate(context?: TContext, ...args: unknown[]): Promise<AuthResult<TUser> | null>;
     authorize?(user: any, action: string, resource?: string): Promise<boolean>;
     refresh?(refreshToken: string): Promise<string>;
     logout?(context?: TContext): Promise<void>;
@@ -184,7 +190,6 @@ export interface SoapSocketAuthConfig<TContext = unknown, TUser = unknown> {
 }
 export interface SoapAuthConfig<TContext = unknown, TUser = unknown> {
     session?: SessionConfig;
-    tokens?: TokenHandlersConfig;
     http?: SoapHttpAuthConfig<TContext, TUser>;
     socket?: SoapSocketAuthConfig<TContext, TUser>;
     logger?: Soap.Logger;
@@ -230,22 +235,43 @@ export interface StorageContext {
     encrypt?: (data: string) => Promise<string> | string;
     decrypt?: (data: string) => Promise<string> | string;
 }
-export interface TokenHandlerConfig {
+export interface TokenIssuerConfig {
     secretKey: string;
-    expiresIn: string | number;
-    audience?: string | string[];
-    issuer?: string | string[];
-    subject?: string;
-    tokenType?: string;
+    options: {
+        expiresIn: string | number;
+        audience?: string | string[];
+        issuer?: string | string[];
+        subject?: string;
+        [option: string]: unknown;
+    };
     generate?: (payload: any) => string;
+}
+export interface TokenVerifierConfig {
+    options: {
+        [option: string]: unknown;
+    };
     verify?: (token: string) => Promise<any>;
-    store?: (token: string, data: any, expiresIn: number) => Promise<void>;
-    retrieve?: (context: any) => Promise<string | null>;
-    remove?: (context: any) => Promise<void>;
-    embed?: (context: any, token: string) => void;
-    rotate?: (oldToken: string) => Promise<string>;
-}
-export interface TokenHandlersConfig {
-    access: TokenHandlerConfig;
-    refresh?: TokenHandlerConfig;
+}
+export interface TokenPersistenceConfig {
+    store?: (token: string, data: any, expiresIn: string | number) => Promise<void>;
+    read?: (...args: any[]) => Promise<string | null>;
+    remove?: (...args: any[]) => Promise<void>;
+}
+export interface TokenConfig<TContext = any> {
+    embed?: (context: TContext, token: string) => void;
+    retrieve?: (context: TContext) => Promise<string | null>;
+    rotation?: TokenRotationConfig;
+    issuer?: TokenIssuerConfig;
+    verifier?: TokenVerifierConfig;
+    persistence?: TokenPersistenceConfig;
+    additional?: Record<string, unknown>;
+}
+export interface TokenRotationConfig {
+    maxRotations?: number;
+    rotateToken?: (token: string) => Promise<string>;
+}
+export interface PKCEConfig<TContext> {
+    generateCodeVerifier?: () => string;
+    storeCodeVerifier?: (context: TContext, codeVerifier: string) => void;
+    retrieveCodeVerifier?: (context: TContext) => string | null;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@soapjs/soap-auth",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "",
   "homepage": "https://docs.soapjs.com",
   "repository": "https://github.com/soapjs/soap-auth",
@@ -15,14 +15,14 @@
     "prepublish": "npm run clean && tsc --project tsconfig.build.json"
   },
   "devDependencies": {
-    "@soapjs/soap": "^0.5.2",
+    "@soapjs/soap": "^0.5.8",
     "@types/jest": "^27.0.3",
     "jest": "^27.4.5",
     "ts-jest": "^27.1.3",
     "typescript": "^4.8.2"
   },
   "peerDependencies": {
-    "@soapjs/soap": ">=0.5.2"
+    "@soapjs/soap": ">=0.5.8"
   },
   "dependencies": {
     "axios": "^1.7.9",

package/build/strategies/token-based-auth.strategy.d.ts

@@ -1,25 +0,0 @@
-import * as Soap from "@soapjs/soap";
-import { AuthResult, TokenBasedAuthStrategyConfig } from "../types";
-import { BaseAuthStrategy } from "./base-auth.strategy";
-import { TokenHandlerConfig } from "../types";
-import { SessionHandler } from "../session/session-handler";
-export declare abstract class TokenBasedAuthStrategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> {
-    protected config: TokenBasedAuthStrategyConfig<TContext, TUser>;
-    protected accessTokenHandler: TokenHandlerConfig;
-    protected refreshTokenHandler?: TokenHandlerConfig;
-    protected session?: SessionHandler;
-    protected logger?: Soap.Logger;
-    constructor(config: TokenBasedAuthStrategyConfig<TContext, TUser>, accessTokenHandler: TokenHandlerConfig, refreshTokenHandler?: TokenHandlerConfig, session?: SessionHandler, logger?: Soap.Logger);
-    protected retrieveUser(decodedToken: any): Promise<TUser | null>;
-    authenticate(context: TContext): Promise<AuthResult<TUser>>;
-    logout(context: TContext): Promise<void>;
-    generateTokens(user: TUser, context: TContext): Promise<{
-        accessToken: string;
-        refreshToken?: string;
-    }>;
-    rotateToken(context: TContext): Promise<{
-        accessToken: string;
-        refreshToken?: string;
-    }>;
-    isTokenExpired(token: string): Promise<boolean>;
-}

package/build/strategies/token-based-auth.strategy.js

@@ -1,124 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.TokenBasedAuthStrategy = void 0;
-const base_auth_strategy_1 = require("./base-auth.strategy");
-const errors_1 = require("../errors");
-class TokenBasedAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
-    config;
-    accessTokenHandler;
-    refreshTokenHandler;
-    session;
-    logger;
-    constructor(config, accessTokenHandler, refreshTokenHandler, session, logger) {
-        super(config, session, logger);
-        this.config = config;
-        this.accessTokenHandler = accessTokenHandler;
-        this.refreshTokenHandler = refreshTokenHandler;
-        this.session = session;
-        this.logger = logger;
-    }
-    retrieveUser(decodedToken) {
-        return this.config.login.retrieveUserData(decodedToken);
-    }
-    async authenticate(context) {
-        try {
-            let accessToken = await this.accessTokenHandler.retrieve?.(context);
-            await this.checkRateLimit(context);
-            if (accessToken) {
-                try {
-                    const decoded = await this.accessTokenHandler.verify?.(accessToken);
-                    const user = await this.retrieveUser(decoded);
-                    if (!user) {
-                        throw new errors_1.UserNotFoundError();
-                    }
-                    await this.isAuthorized(user);
-                    return { user, tokens: { accessToken } };
-                }
-                catch (error) {
-                    this.logger?.warn("Access token is invalid or expired, trying refresh token...");
-                }
-            }
-            const refreshToken = await this.refreshTokenHandler?.retrieve?.(context);
-            if (!refreshToken) {
-                throw new errors_1.MissingTokenError();
-            }
-            accessToken = await this.refreshTokenHandler?.rotate?.(refreshToken);
-            this.accessTokenHandler.embed?.(context, accessToken);
-            const decoded = await this.accessTokenHandler.verify?.(accessToken);
-            const user = await this.retrieveUser(decoded);
-            if (!user) {
-                throw new errors_1.UserNotFoundError();
-            }
-            await this.isAuthorized(user);
-            return { user, tokens: { accessToken, refreshToken } };
-        }
-        catch (error) {
-            this.logger?.error("Authentication failed:", error);
-            throw new errors_1.AuthError(error, "Authentication failed.");
-        }
-    }
-    async logout(context) {
-        try {
-            await this.accessTokenHandler.remove?.(context);
-            if (this.refreshTokenHandler) {
-                await this.refreshTokenHandler.remove?.(context);
-            }
-            await this.config.logout.onSuccess?.(context);
-            this.logger?.info("User logged out successfully.");
-        }
-        catch (error) {
-            this.logger?.error("Error during logout:", error);
-            await this.config.logout.onFailure?.({ context, error });
-            throw new errors_1.AuthError(error, "Logout process failed.");
-        }
-    }
-    async generateTokens(user, context) {
-        const payload = { userId: user.id, roles: user.roles };
-        const accessToken = this.accessTokenHandler.generate?.(payload);
-        if (!accessToken)
-            throw new Error("Failed to generate access token.");
-        await this.accessTokenHandler.store?.(accessToken, user, +this.accessTokenHandler.expiresIn);
-        this.accessTokenHandler.embed?.(context, accessToken);
-        let refreshToken;
-        if (this.refreshTokenHandler) {
-            refreshToken = this.refreshTokenHandler.generate?.(payload);
-            if (refreshToken) {
-                await this.refreshTokenHandler.store?.(refreshToken, user, +this.refreshTokenHandler.expiresIn);
-                this.refreshTokenHandler.embed?.(context, refreshToken);
-            }
-        }
-        return { accessToken, refreshToken };
-    }
-    async rotateToken(context) {
-        try {
-            if (!this.refreshTokenHandler) {
-                throw new Error("Refresh token handler is not configured.");
-            }
-            const refreshToken = await this.refreshTokenHandler.retrieve?.(context);
-            if (!refreshToken) {
-                throw new errors_1.MissingTokenError("Refresh");
-            }
-            const newAccessToken = await this.refreshTokenHandler.rotate?.(refreshToken);
-            this.accessTokenHandler.embed?.(context, newAccessToken);
-            return { accessToken: newAccessToken, refreshToken };
-        }
-        catch (error) {
-            this.logger?.error("Token rotation failed:", error);
-            throw new errors_1.InvalidTokenError("Refresh");
-        }
-    }
-    async isTokenExpired(token) {
-        try {
-            const decoded = JSON.parse(Buffer.from(token.split(".")[1], "base64").toString());
-            if (!decoded.exp)
-                return false;
-            const currentTime = Math.floor(Date.now() / 1000);
-            return decoded.exp < currentTime;
-        }
-        catch (error) {
-            this.logger?.warn("Failed to decode token:", error);
-            return false;
-        }
-    }
-}
-exports.TokenBasedAuthStrategy = TokenBasedAuthStrategy;