@soapjs/soap-auth 0.1.1 → 0.2.0

package/build/strategies/oauth2/oauth2.types.d.ts

@@ -1,29 +1,21 @@
-import { TokenBasedAuthStrategyConfig, TokenConfig } from "../../types";
+import { CredentailsConfig, PKCEConfig, TokenAuthStrategyConfig } from "../../types";
 export interface OAuth2Endpoints {
     authorizationUrl: string;
     tokenUrl: string;
     userInfoUrl?: string;
     introspectionUrl?: string;
     revocationUrl?: string;
+    logoutUrl?: string;
 }
-export interface OAuth2StrategyConfig<TContext = unknown, TUser = unknown> extends TokenBasedAuthStrategyConfig<TContext, TUser> {
+export interface OAuth2StrategyConfig<TContext = unknown, TUser = unknown> extends TokenAuthStrategyConfig<TContext, TUser> {
     clientId: string;
     clientSecret: string;
     redirectUri: string;
-    scope?: string;
-    grantType: "authorization_code" | "client_credentials" | "password" | "refresh_token";
+    scope?: string | string[];
+    audience?: string;
+    responseType?: "code" | "token" | "id_token" | string;
+    grantType: "authorization_code" | "client_credentials" | "password" | "refresh_token" | string;
     endpoints: OAuth2Endpoints;
-    validateUser?: (tokenPayload: any) => Promise<TUser | null>;
-    credentials?: {
-        username: string;
-        password: string;
-    };
+    credentials?: CredentailsConfig<TContext>;
     pkce?: PKCEConfig<TContext>;
-    accessToken?: TokenConfig;
-    refreshToken?: TokenConfig;
-}
-export interface PKCEConfig<TContext> {
-    generateCodeVerifier?: () => string;
-    storeCodeVerifier?: (context: TContext, codeVerifier: string) => void;
-    retrieveCodeVerifier?: (context: TContext) => string | null;
 }

package/build/strategies/token-auth.strategy.d.ts

@@ -0,0 +1,25 @@
+import * as Soap from "@soapjs/soap";
+import { AuthResult, TokenAuthStrategyConfig } from "../types";
+import { BaseAuthStrategy } from "./base-auth.strategy";
+import { SessionHandler } from "../session/session-handler";
+export declare abstract class TokenAuthStrategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> {
+    protected config: TokenAuthStrategyConfig<TContext, TUser>;
+    protected session?: SessionHandler;
+    protected logger?: Soap.Logger;
+    constructor(config: TokenAuthStrategyConfig<TContext, TUser>, session?: SessionHandler, logger?: Soap.Logger);
+    protected abstract retrieveAccessToken(context: TContext): Promise<string | undefined>;
+    protected abstract retrieveRefreshToken(context: TContext): Promise<string | undefined>;
+    protected abstract verifyAccessToken(token: string): Promise<any>;
+    protected abstract verifyRefreshToken(token: string): Promise<any>;
+    protected abstract generateAccessToken(payload: any): Promise<string>;
+    protected abstract generateRefreshToken(payload: any): Promise<string>;
+    protected abstract storeAccessToken(token: string, context: TContext): Promise<void>;
+    protected abstract storeRefreshToken(token: string, context: TContext): Promise<void>;
+    protected abstract embedAccessToken(token: string, context: TContext): void;
+    protected abstract embedRefreshToken(token: string, context: TContext): void;
+    authenticate(context: TContext): Promise<AuthResult<TUser>>;
+    rotateTokens(context: TContext): Promise<{
+        accessToken: string;
+        refreshToken?: string;
+    }>;
+}

package/build/strategies/token-auth.strategy.js

@@ -0,0 +1,78 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenAuthStrategy = void 0;
+const base_auth_strategy_1 = require("./base-auth.strategy");
+const errors_1 = require("../errors");
+class TokenAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
+    config;
+    session;
+    logger;
+    constructor(config, session, logger) {
+        super(config, session, logger);
+        this.config = config;
+        this.session = session;
+        this.logger = logger;
+    }
+    async authenticate(context) {
+        try {
+            let accessToken = await this.retrieveAccessToken(context);
+            let refreshToken;
+            await this.checkRateLimit(context);
+            if (accessToken) {
+                try {
+                    const decoded = await this.verifyAccessToken(accessToken);
+                    const user = await this.config.user.getUserData(decoded);
+                    if (!user)
+                        throw new errors_1.UserNotFoundError();
+                    await this.isAuthorized(user);
+                    return { user, tokens: { accessToken } };
+                }
+                catch (error) {
+                    this.logger?.warn("Access token is invalid or expired, trying refresh token...");
+                }
+            }
+            refreshToken = await this.retrieveRefreshToken(context);
+            if (!refreshToken)
+                throw new errors_1.MissingTokenError("Refresh");
+            const newTokens = await this.rotateTokens(context);
+            accessToken = newTokens.accessToken;
+            refreshToken = newTokens.refreshToken;
+            if (!accessToken)
+                throw new errors_1.MissingTokenError("Access");
+            const decoded = await this.verifyAccessToken(accessToken);
+            const user = await this.config.user.getUserData(decoded);
+            if (!user)
+                throw new errors_1.UserNotFoundError();
+            await this.isAuthorized(user);
+            return { user, tokens: { accessToken, refreshToken } };
+        }
+        catch (error) {
+            this.logger?.error("Authentication failed:", error);
+            throw new errors_1.AuthError(error, "Authentication failed.");
+        }
+    }
+    async rotateTokens(context) {
+        try {
+            const refreshToken = await this.retrieveRefreshToken(context);
+            if (!refreshToken)
+                throw new errors_1.MissingTokenError("Refresh");
+            const payload = await this.verifyRefreshToken(refreshToken);
+            if (!payload)
+                throw new errors_1.InvalidTokenError("Refresh");
+            const newAccessToken = await this.generateAccessToken(payload);
+            let newRefreshToken = await this.generateRefreshToken(payload);
+            await this.storeAccessToken(newAccessToken, context);
+            if (newRefreshToken) {
+                await this.storeRefreshToken(newRefreshToken, context);
+            }
+            this.embedAccessToken(newAccessToken, context);
+            this.embedRefreshToken(newRefreshToken, context);
+            return { accessToken: newAccessToken, refreshToken: newRefreshToken };
+        }
+        catch (error) {
+            this.logger?.error("Token rotation failed:", error);
+            throw new errors_1.InvalidTokenError("Refresh");
+        }
+    }
+}
+exports.TokenAuthStrategy = TokenAuthStrategy;

package/build/tools/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./session.tools";
+export * from "./token.tools";
+export * from "./tools";

package/build/tools/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./session.tools"), exports);
+__exportStar(require("./token.tools"), exports);
+__exportStar(require("./tools"), exports);

package/build/types.d.ts

@@ -36,21 +36,22 @@ export type Credentials = {
     [key: string]: unknown;
 };
 export interface AuthResultConfig<TContext = unknown, TUser = unknown> {
-    onSuccess?: (context: AuthSuccessContext<TUser, TContext>) => Promise<void> | void;
-    onFailure?: (context: AuthFailureContext<TContext>) => Promise<void> | void;
+    onSuccess?: (action: string, context: AuthSuccessContext<TUser, TContext>) => Promise<void> | void;
+    onFailure?: (action: string, context: AuthFailureContext<TContext>) => Promise<void> | void;
 }
 export interface SecurityConfig {
     maxFailedLoginAttempts?: number;
     lockoutDuration?: number;
     notifyOnLockout?: (account: any) => Promise<void>;
 }
-export interface BaseAuthStrategyConfig<TContext = unknown, TUser = unknown> {
+export interface BaseAuthStrategyConfig<TContext = unknown, TUser = unknown> extends AuthResultConfig<TContext, TUser> {
     mfa?: MfaConfig<TUser, TContext>;
     session?: SessionConfig;
     role?: RoleAuthorizationConfig<TUser>;
     rateLimit?: RateLimitConfig;
     security?: SecurityConfig;
     lock?: AccountLockConfig<TContext>;
+    failedAttempts?: FailedAttemptsConfig;
 }
 export interface AuditLoggingConfig<TContext = unknown> {
     logAttempt?: (userId: string, success: boolean, context?: TContext) => Promise<void>;
@@ -77,54 +78,58 @@ export interface PasswordPolicyConfig {
     getLastPasswordChange?: (identifier: string) => Date;
     forcePasswordChangeOnFirstLogin?: boolean;
     passwordExpirationDays?: number;
+    isPasswordChangeRequired?: (identifier: string) => Promise<boolean>;
+    generateResetToken?: (identifier: string) => Promise<string>;
+    sendResetEmail?: (identifier: string, token: string) => Promise<void>;
+    validateResetToken?: (token: string) => Promise<boolean>;
+    updatePassword?: (identifier: string, newPassword: string) => Promise<void>;
 }
-export interface CredentialBasedAuthStrategyConfig<TContext = unknown, TUser = unknown> extends BaseAuthStrategyConfig<TContext, TUser> {
+export interface UserConfig {
+    getUserData: (payload: any) => Promise<any>;
+    validateUser?: (payload: any) => Promise<any>;
+}
+export interface CredentailsConfig<TContext = any> {
+    extractCredentials: <TCredentials = {
+        identifier: string;
+        password: string;
+    }>(context: TContext) => TCredentials;
+    verifyCredentials: (identifier: string, password: string) => Promise<boolean>;
+}
+export interface FailedAttemptsConfig {
+    incrementFailedAttempts?: (identifier: string, ...rest: unknown[]) => Promise<void>;
+    resetFailedAttempts?: (identifier: string, ...rest: unknown[]) => Promise<void>;
+    getFailedAttempts?: (identifier: string, ...rest: unknown[]) => Promise<number>;
+}
+export interface CredentialAuthStrategyConfig<TContext = unknown, TUser = unknown> extends BaseAuthStrategyConfig<TContext, TUser> {
     passwordPolicy?: PasswordPolicyConfig;
     audit?: AuditLoggingConfig<TContext>;
-    logout: {} & AuthResultConfig<TContext, TUser>;
-    login: {
-        extractCredentials: (context: TContext) => Promise<{
-            identifier: string;
-            password: string;
-        }>;
-        retrieveUserData: (identifier: string) => Promise<TUser | null>;
-        verifyUserCredentials: (identifier: string, password: string) => Promise<boolean>;
-        incrementFailedAttempts?: (identifier: string) => Promise<void>;
-        resetFailedAttempts?: (identifier: string) => Promise<void>;
-        getFailedAttempts?: (identifier: string) => Promise<number>;
-    } & AuthResultConfig<TContext, TUser>;
-    passwordReset?: {
-        generateResetToken?: (identifier: string) => Promise<string>;
-        sendResetEmail?: (identifier: string, token: string) => Promise<void>;
-        validateResetToken?: (token: string) => Promise<boolean>;
-        updatePassword?: (identifier: string, newPassword: string) => Promise<void>;
-    } & AuthResultConfig<TContext, TUser>;
-}
-export interface TokenBasedAuthStrategyConfig<TContext = unknown, TUser = unknown> extends BaseAuthStrategyConfig<TContext, TUser> {
-    rotation?: TokenRotationConfig<TUser>;
-    login: {
-        retrieveUserData: (identifier: string) => Promise<TUser | null>;
-    } & AuthResultConfig<TContext, TUser>;
-    logout: {} & AuthResultConfig<TContext, TUser>;
-}
-export interface TokenRotationConfig<TUser = unknown> {
-    maxRotations?: number;
-    storeUsedTokens?: boolean;
-    getRefreshToken?: (user: TUser) => Promise<string>;
-    rotateToken?: (refreshToken: string) => Promise<{
-        accessToken: string;
-        refreshToken: string;
-    }>;
-    onTokenRotated?: (user: TUser, newTokens: {
-        accessToken: string;
-        refreshToken: string;
-    }) => Promise<void>;
-    onTokenRotationFailure?: (user: TUser, error: Error) => Promise<void>;
+    credentials?: CredentailsConfig<TContext>;
+    user?: UserConfig;
+    routes?: {
+        login?: AuthRouteConfig;
+        logout?: AuthRouteConfig;
+        resetPassword?: AuthRouteConfig;
+    };
+}
+export type AuthRouteConfig = {
+    path?: string;
+    method?: string;
+};
+export interface TokenAuthStrategyConfig<TContext = unknown, TUser = unknown> extends BaseAuthStrategyConfig<TContext, TUser> {
+    user?: UserConfig;
+    routes: {
+        login?: AuthRouteConfig;
+        logout?: AuthRouteConfig;
+        refresh?: AuthRouteConfig;
+        [key: string]: AuthRouteConfig;
+    };
+    accessToken?: TokenConfig<TContext>;
+    refreshToken?: TokenConfig<TContext>;
 }
 export interface AccountLockConfig<TContext = unknown> {
     logFailedAttempt?: (account: any, context?: TContext) => Promise<void>;
-    lockAccount?: (account: any, ...args: unknown[]) => Promise<void>;
-    isAccountLocked?: (account: any, ...args: unknown[]) => Promise<boolean>;
+    lockAccount?: (account: any) => Promise<void>;
+    isAccountLocked?: (account: any, context?: TContext) => Promise<boolean>;
 }
 export interface RateLimitConfig {
     checkRateLimit?: (...args: unknown[]) => Promise<boolean>;
@@ -159,7 +164,7 @@ export type AuthResult<TUser, TSessionData = unknown> = {
 };
 export interface AuthStrategy<TContext = unknown, TUser = unknown> {
     init?(...args: unknown[]): Promise<void>;
-    authenticate(context?: TContext, ...args: unknown[]): Promise<AuthResult<TUser>>;
+    authenticate(context?: TContext, ...args: unknown[]): Promise<AuthResult<TUser> | null>;
     authorize?(user: any, action: string, resource?: string): Promise<boolean>;
     refresh?(refreshToken: string): Promise<string>;
     logout?(context?: TContext): Promise<void>;
@@ -230,18 +235,43 @@ export interface StorageContext {
     encrypt?: (data: string) => Promise<string> | string;
     decrypt?: (data: string) => Promise<string> | string;
 }
-export interface TokenConfig {
+export interface TokenIssuerConfig {
     secretKey: string;
-    expiresIn: string | number;
-    audience?: string | string[];
-    issuer?: string | string[];
-    subject?: string;
-    tokenType?: string;
+    options: {
+        expiresIn: string | number;
+        audience?: string | string[];
+        issuer?: string | string[];
+        subject?: string;
+        [option: string]: unknown;
+    };
     generate?: (payload: any) => string;
+}
+export interface TokenVerifierConfig {
+    options: {
+        [option: string]: unknown;
+    };
     verify?: (token: string) => Promise<any>;
-    store?: (token: string, data: any, expiresIn: number) => Promise<void>;
-    retrieve?: (context: any) => Promise<string | null>;
-    remove?: (context: any) => Promise<void>;
-    embed?: (context: any, token: string) => void;
-    rotate?: (oldToken: string) => Promise<string>;
+}
+export interface TokenPersistenceConfig {
+    store?: (token: string, data: any, expiresIn: string | number) => Promise<void>;
+    read?: (...args: any[]) => Promise<string | null>;
+    remove?: (...args: any[]) => Promise<void>;
+}
+export interface TokenConfig<TContext = any> {
+    embed?: (context: TContext, token: string) => void;
+    retrieve?: (context: TContext) => Promise<string | null>;
+    rotation?: TokenRotationConfig;
+    issuer?: TokenIssuerConfig;
+    verifier?: TokenVerifierConfig;
+    persistence?: TokenPersistenceConfig;
+    additional?: Record<string, unknown>;
+}
+export interface TokenRotationConfig {
+    maxRotations?: number;
+    rotateToken?: (token: string) => Promise<string>;
+}
+export interface PKCEConfig<TContext> {
+    generateCodeVerifier?: () => string;
+    storeCodeVerifier?: (context: TContext, codeVerifier: string) => void;
+    retrieveCodeVerifier?: (context: TContext) => string | null;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@soapjs/soap-auth",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "",
   "homepage": "https://docs.soapjs.com",
   "repository": "https://github.com/soapjs/soap-auth",

package/build/strategies/token-based-auth.strategy.d.ts

@@ -1,25 +0,0 @@
-import * as Soap from "@soapjs/soap";
-import { AuthResult, TokenBasedAuthStrategyConfig } from "../types";
-import { BaseAuthStrategy } from "./base-auth.strategy";
-import { TokenConfig } from "../types";
-import { SessionHandler } from "../session/session-handler";
-export declare abstract class TokenBasedAuthStrategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> {
-    protected config: TokenBasedAuthStrategyConfig<TContext, TUser>;
-    protected accessTokenConfig?: TokenConfig;
-    protected refreshTokenConfig?: TokenConfig;
-    protected session?: SessionHandler;
-    protected logger?: Soap.Logger;
-    constructor(config: TokenBasedAuthStrategyConfig<TContext, TUser>, accessTokenConfig?: TokenConfig, refreshTokenConfig?: TokenConfig, session?: SessionHandler, logger?: Soap.Logger);
-    protected retrieveUser(decodedToken: any): Promise<TUser | null>;
-    authenticate(context: TContext): Promise<AuthResult<TUser>>;
-    logout(context: TContext): Promise<void>;
-    generateTokens(user: TUser, context: TContext): Promise<{
-        accessToken: string;
-        refreshToken?: string;
-    }>;
-    rotateToken(context: TContext): Promise<{
-        accessToken: string;
-        refreshToken?: string;
-    }>;
-    isTokenExpired(token: string): Promise<boolean>;
-}

package/build/strategies/token-based-auth.strategy.js

@@ -1,130 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.TokenBasedAuthStrategy = void 0;
-const base_auth_strategy_1 = require("./base-auth.strategy");
-const errors_1 = require("../errors");
-class TokenBasedAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
-    config;
-    accessTokenConfig;
-    refreshTokenConfig;
-    session;
-    logger;
-    constructor(config, accessTokenConfig, refreshTokenConfig, session, logger) {
-        super(config, session, logger);
-        this.config = config;
-        this.accessTokenConfig = accessTokenConfig;
-        this.refreshTokenConfig = refreshTokenConfig;
-        this.session = session;
-        this.logger = logger;
-    }
-    retrieveUser(decodedToken) {
-        return this.config.login.retrieveUserData(decodedToken);
-    }
-    async authenticate(context) {
-        try {
-            let accessToken = await this.accessTokenConfig.retrieve?.(context);
-            let refreshToken;
-            await this.checkRateLimit(context);
-            if (accessToken) {
-                try {
-                    const decoded = await this.accessTokenConfig.verify?.(accessToken);
-                    const user = await this.retrieveUser(decoded);
-                    if (!user) {
-                        throw new errors_1.UserNotFoundError();
-                    }
-                    await this.isAuthorized(user);
-                    return { user, tokens: { accessToken } };
-                }
-                catch (error) {
-                    this.logger?.warn("Access token is invalid or expired, trying refresh token...");
-                }
-            }
-            if (this.refreshTokenConfig) {
-                refreshToken = await this.refreshTokenConfig?.retrieve?.(context);
-                if (!refreshToken) {
-                    throw new errors_1.MissingTokenError("Refresh");
-                }
-                accessToken = await this.refreshTokenConfig?.rotate?.(refreshToken);
-                if (!accessToken) {
-                    throw new errors_1.MissingTokenError("Access");
-                }
-            }
-            this.accessTokenConfig.embed?.(context, accessToken);
-            const decoded = await this.accessTokenConfig.verify?.(accessToken);
-            const user = await this.retrieveUser(decoded);
-            if (!user) {
-                throw new errors_1.UserNotFoundError();
-            }
-            await this.isAuthorized(user);
-            return { user, tokens: { accessToken, refreshToken } };
-        }
-        catch (error) {
-            this.logger?.error("Authentication failed:", error);
-            throw new errors_1.AuthError(error, "Authentication failed.");
-        }
-    }
-    async logout(context) {
-        try {
-            await this.accessTokenConfig.remove?.(context);
-            if (this.refreshTokenConfig) {
-                await this.refreshTokenConfig.remove?.(context);
-            }
-            await this.config.logout.onSuccess?.(context);
-            this.logger?.info("User logged out successfully.");
-        }
-        catch (error) {
-            this.logger?.error("Error during logout:", error);
-            await this.config.logout.onFailure?.({ context, error });
-            throw new errors_1.AuthError(error, "Logout process failed.");
-        }
-    }
-    async generateTokens(user, context) {
-        const payload = { userId: user.id, roles: user.roles };
-        const accessToken = this.accessTokenConfig.generate?.(payload);
-        if (!accessToken)
-            throw new Error("Failed to generate access token.");
-        await this.accessTokenConfig.store?.(accessToken, user, +this.accessTokenConfig.expiresIn);
-        this.accessTokenConfig.embed?.(context, accessToken);
-        let refreshToken;
-        if (this.refreshTokenConfig) {
-            refreshToken = this.refreshTokenConfig.generate?.(payload);
-            if (refreshToken) {
-                await this.refreshTokenConfig.store?.(refreshToken, user, +this.refreshTokenConfig.expiresIn);
-                this.refreshTokenConfig.embed?.(context, refreshToken);
-            }
-        }
-        return { accessToken, refreshToken };
-    }
-    async rotateToken(context) {
-        try {
-            if (!this.refreshTokenConfig) {
-                throw new Error("Refresh token handler is not configured.");
-            }
-            const refreshToken = await this.refreshTokenConfig.retrieve?.(context);
-            if (!refreshToken) {
-                throw new errors_1.MissingTokenError("Refresh");
-            }
-            const newAccessToken = await this.refreshTokenConfig.rotate?.(refreshToken);
-            this.accessTokenConfig.embed?.(context, newAccessToken);
-            return { accessToken: newAccessToken, refreshToken };
-        }
-        catch (error) {
-            this.logger?.error("Token rotation failed:", error);
-            throw new errors_1.InvalidTokenError("Refresh");
-        }
-    }
-    async isTokenExpired(token) {
-        try {
-            const decoded = JSON.parse(Buffer.from(token.split(".")[1], "base64").toString());
-            if (!decoded.exp)
-                return false;
-            const currentTime = Math.floor(Date.now() / 1000);
-            return decoded.exp < currentTime;
-        }
-        catch (error) {
-            this.logger?.warn("Failed to decode token:", error);
-            return false;
-        }
-    }
-}
-exports.TokenBasedAuthStrategy = TokenBasedAuthStrategy;