@soapjs/soap-auth 0.3.1 → 0.3.3

package/build/strategies/__tests__/token-auth.strategy.test.js

@@ -0,0 +1,298 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TestTokenAuthStrategy = void 0;
+const token_auth_strategy_1 = require("../token-auth.strategy");
+const errors_1 = require("../../../src/errors");
+class TestTokenAuthStrategy extends token_auth_strategy_1.TokenAuthStrategy {
+    async invalidateAccessToken(token, context) {
+        context.accessToken = undefined;
+    }
+    async invalidateRefreshToken(token, context) {
+        context.refreshToken = undefined;
+    }
+    constructor(config, session, logger) {
+        super(config, session, logger);
+    }
+    async fetchUser(payload) {
+        return { id: "testUserId", name: "Test User" };
+    }
+    extractAccessToken(context) {
+        return context.accessToken;
+    }
+    extractRefreshToken(context) {
+        return context.refreshToken;
+    }
+    async verifyAccessToken(token) {
+        return { userId: "testUserId" };
+    }
+    async verifyRefreshToken(token) {
+        return { userId: "testUserId" };
+    }
+    async generateAccessToken(user, context) {
+        return "newAccessToken";
+    }
+    async generateRefreshToken(user, context) {
+        return "newRefreshToken";
+    }
+    async storeAccessToken(token) {
+    }
+    async storeRefreshToken(token) {
+    }
+    embedAccessToken(token, context) {
+        context.accessToken = token;
+    }
+    embedRefreshToken(token, context) {
+        context.refreshToken = token;
+    }
+}
+exports.TestTokenAuthStrategy = TestTokenAuthStrategy;
+const jsonwebtoken_1 = require("jsonwebtoken");
+describe("TokenAuthStrategy", () => {
+    let config;
+    let strategy;
+    let mockSession;
+    let mockLogger;
+    let mockRateLimitService;
+    let mockRoleService;
+    let mockThrottleService;
+    let mockAccountLockService;
+    let mockMfaService;
+    let context;
+    beforeEach(() => {
+        config = {
+            refreshToken: {
+                enabled: true,
+            },
+        };
+        mockSession = {
+            logoutSession: jest.fn().mockResolvedValue(undefined),
+        };
+        mockLogger = {
+            warn: jest.fn(),
+            error: jest.fn(),
+            info: jest.fn(),
+        };
+        mockRateLimitService = {
+            checkRateLimit: jest.fn().mockResolvedValue(undefined),
+        };
+        mockRoleService = {
+            isAuthorized: jest.fn().mockResolvedValue(true),
+        };
+        mockThrottleService = {};
+        mockAccountLockService = {};
+        mockMfaService = {};
+        context = {
+            accessToken: undefined,
+            refreshToken: undefined,
+        };
+        strategy = new TestTokenAuthStrategy(config, mockSession, mockLogger);
+        strategy.rateLimit = mockRateLimitService;
+        strategy.role = mockRoleService;
+        strategy.throttle = mockThrottleService;
+        strategy.accountLock = mockAccountLockService;
+        strategy.mfa = mockMfaService;
+    });
+    describe("authenticate", () => {
+        it("should throw MissingTokenError if no access token and refreshToken is disabled in config", async () => {
+            config.refreshToken = undefined;
+            await expect(strategy.authenticate(context)).rejects.toThrowError(errors_1.MissingTokenError);
+            expect(mockRateLimitService.checkRateLimit).toHaveBeenCalledWith(context);
+        });
+        it("should verify access token if present and return user + tokens if valid", async () => {
+            context.accessToken = "validAccessToken";
+            const result = await strategy.authenticate(context);
+            expect(result.user).toEqual({ id: "testUserId", name: "Test User" });
+            expect(result.tokens).toEqual({ accessToken: "validAccessToken" });
+            expect(mockRoleService.isAuthorized).toHaveBeenCalledWith({
+                id: "testUserId",
+                name: "Test User",
+            });
+            expect(mockLogger.warn).not.toHaveBeenCalled();
+        });
+        it("should fallback to refresh token if access token is invalid or expired", async () => {
+            context.accessToken = "invalidAccessToken";
+            context.refreshToken = "validRefreshToken";
+            jest
+                .spyOn(strategy, "verifyAccessToken")
+                .mockRejectedValue(new jsonwebtoken_1.TokenExpiredError("expired", new Date()));
+            const refreshSpy = jest
+                .spyOn(strategy, "refreshTokens")
+                .mockResolvedValue({
+                user: { id: "testUserId", name: "Refreshed User" },
+                tokens: {
+                    accessToken: "refreshedAccess",
+                    refreshToken: "refreshedRefresh",
+                },
+            });
+            const result = await strategy.authenticate(context);
+            expect(mockLogger.warn).toHaveBeenCalledWith("Access token expired, attempting refresh...");
+            expect(refreshSpy).toHaveBeenCalledWith(context);
+            expect(result).toEqual({
+                user: { id: "testUserId", name: "Refreshed User" },
+                tokens: {
+                    accessToken: "refreshedAccess",
+                    refreshToken: "refreshedRefresh",
+                },
+            });
+        });
+        it("should throw MissingTokenError if no access token and no refresh token provided", async () => {
+            context.accessToken = undefined;
+            context.refreshToken = undefined;
+            await expect(strategy.authenticate(context)).rejects.toThrow(errors_1.MissingTokenError);
+        });
+    });
+    describe("refreshTokens", () => {
+        it("should throw an error if refresh tokens are not enabled in config", async () => {
+            config.refreshToken = undefined;
+            await expect(strategy.refreshTokens(context)).rejects.toThrowError("Refresh tokens are not enabled.");
+        });
+        it("should throw MissingTokenError if no refresh token is provided", async () => {
+            config.refreshToken = {};
+            await expect(strategy.refreshTokens(context)).rejects.toThrow(errors_1.MissingTokenError);
+        });
+        it("should throw InvalidTokenError if refresh token is invalid", async () => {
+            context.refreshToken = "invalidRefreshToken";
+            jest
+                .spyOn(strategy, "verifyRefreshToken")
+                .mockRejectedValue(new errors_1.InvalidTokenError("Refresh"));
+            await expect(strategy.refreshTokens(context)).rejects.toThrow(errors_1.InvalidTokenError);
+        });
+        it("should throw UserNotFoundError if user retrieval returns null", async () => {
+            context.refreshToken = "validRefresh";
+            jest.spyOn(strategy, "fetchUser").mockResolvedValueOnce(null);
+            await expect(strategy.refreshTokens(context)).rejects.toThrow(errors_1.UserNotFoundError);
+        });
+        it("should return new access token (and refresh token) on success", async () => {
+            context.refreshToken = "validRefresh";
+            jest
+                .spyOn(strategy, "verifyRefreshToken")
+                .mockResolvedValueOnce({ userId: "testUserId" });
+            jest
+                .spyOn(strategy, "generateAccessToken")
+                .mockResolvedValueOnce("newAccessToken");
+            jest
+                .spyOn(strategy, "generateRefreshToken")
+                .mockResolvedValueOnce("newRefreshToken");
+            const storeAccessSpy = jest.spyOn(strategy, "storeAccessToken");
+            const storeRefreshSpy = jest.spyOn(strategy, "storeRefreshToken");
+            const result = await strategy.refreshTokens(context);
+            expect(storeAccessSpy).toHaveBeenCalledWith("newAccessToken");
+            expect(storeRefreshSpy).toHaveBeenCalledWith("newRefreshToken");
+            expect(result).toEqual({
+                user: { id: "testUserId", name: "Test User" },
+                tokens: {
+                    accessToken: "newAccessToken",
+                    refreshToken: "newRefreshToken",
+                },
+            });
+        });
+        describe("absoluteExpiry", () => {
+            it("should log a warning and throw InvalidTokenError if absolute expiry is exceeded (onExpiry=error)", async () => {
+                config.refreshToken = {
+                    absoluteExpiry: {
+                        payloadField: "absoluteExp",
+                        onExpiry: "error",
+                    },
+                };
+                context.refreshToken = "validRefresh";
+                jest
+                    .spyOn(strategy, "verifyRefreshToken")
+                    .mockResolvedValueOnce({
+                    userId: "testUserId",
+                    absoluteExp: Math.floor(Date.now() / 1000) - 1000,
+                });
+                await expect(strategy.refreshTokens(context)).rejects.toThrow(errors_1.InvalidTokenError);
+                expect(mockLogger.warn).toHaveBeenCalledWith("Absolute expiry exceeded for refresh token.");
+            });
+            it("should call logoutSession and throw if onExpiry=logout", async () => {
+                config.refreshToken = {
+                    absoluteExpiry: {
+                        payloadField: "absoluteExp",
+                        onExpiry: "logout",
+                    },
+                };
+                context.refreshToken = "validRefresh";
+                jest
+                    .spyOn(strategy, "verifyRefreshToken")
+                    .mockResolvedValueOnce({
+                    userId: "testUserId",
+                    absoluteExp: Math.floor(Date.now() / 1000) - 1000,
+                });
+                await expect(strategy.refreshTokens(context)).rejects.toThrow(errors_1.InvalidTokenError);
+                expect(mockSession.logoutSession).toHaveBeenCalledWith(context);
+            });
+        });
+        describe("rotation", () => {
+            beforeEach(() => {
+                config.refreshToken = {
+                    enabled: true,
+                    rotation: {
+                        maxRotations: 3,
+                        getRotationCount: jest.fn().mockResolvedValue(1),
+                        isLimitReached: jest
+                            .fn()
+                            .mockImplementation((count, max) => count >= max),
+                        rotateToken: jest.fn().mockResolvedValue({
+                            newToken: "rotatedRefreshToken",
+                        }),
+                        afterRotation: jest.fn(),
+                    },
+                };
+                context.refreshToken = "someOldRefreshToken";
+            });
+            it("should throw TokenRotationLimitReachedError if limit is reached", async () => {
+                config.refreshToken.rotation.getRotationCount.mockResolvedValueOnce(3);
+                await expect(strategy.refreshTokens(context)).rejects.toThrow(errors_1.TokenRotationLimitReachedError);
+            });
+            it("should rotate the refresh token and call afterRotation if limit not reached", async () => {
+                config.refreshToken.rotation.getRotationCount.mockResolvedValueOnce(2);
+                jest
+                    .spyOn(strategy, "verifyRefreshToken")
+                    .mockResolvedValueOnce({ userId: "testUserId" });
+                jest
+                    .spyOn(strategy, "generateAccessToken")
+                    .mockResolvedValueOnce("newAccessToken");
+                const afterRotationSpy = config.refreshToken.rotation
+                    .afterRotation;
+                const result = await strategy.refreshTokens(context);
+                expect(config.refreshToken.rotation.rotateToken).toHaveBeenCalledWith("someOldRefreshToken", { id: "testUserId", name: "Test User" }, context);
+                expect(afterRotationSpy).toHaveBeenCalledWith("someOldRefreshToken", "rotatedRefreshToken", { id: "testUserId", name: "Test User" }, context, 3);
+                expect(result).toEqual({
+                    user: { id: "testUserId", name: "Test User" },
+                    tokens: {
+                        accessToken: "newAccessToken",
+                        refreshToken: "rotatedRefreshToken",
+                    },
+                });
+            });
+            it("should warn if rotation is enabled but rotateToken is not provided", async () => {
+                config.refreshToken.rotation.rotateToken = undefined;
+                jest
+                    .spyOn(strategy, "verifyRefreshToken")
+                    .mockResolvedValueOnce({ userId: "testUserId" });
+                jest
+                    .spyOn(strategy, "generateAccessToken")
+                    .mockResolvedValueOnce("newAccessToken");
+                const result = await strategy.refreshTokens(context);
+                expect(mockLogger.warn).toHaveBeenCalledWith("Rotation enabled but rotateToken not provided.");
+                expect(result).toEqual({
+                    user: { id: "testUserId", name: "Test User" },
+                    tokens: { accessToken: "newAccessToken" },
+                });
+            });
+        });
+    });
+    describe("error handling", () => {
+        it("should call onFailure", async () => {
+            const onFailureSpy = jest.spyOn(strategy, "onFailure");
+            jest
+                .spyOn(strategy, "verifyAccessToken")
+                .mockRejectedValue(new Error());
+            context.accessToken = "someToken";
+            await expect(strategy.authenticate(context)).rejects.toThrow(errors_1.InvalidTokenError);
+            expect(onFailureSpy).toHaveBeenCalledWith("authenticate", {
+                error: expect.any(Error),
+            });
+        });
+    });
+});

package/build/strategies/api-key/__tests__/api-key.strategy.test.d.ts

@@ -0,0 +1 @@
+export {};

package/build/strategies/api-key/__tests__/api-key.strategy.test.js

@@ -0,0 +1,103 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const api_key_strategy_1 = require("../api-key.strategy");
+const errors_1 = require("../../../errors");
+const api_key_errors_1 = require("../api-key.errors");
+describe("ApiKeyStrategy", () => {
+    let strategy;
+    let mockConfig;
+    let mockLogger;
+    beforeEach(() => {
+        mockLogger = {
+            error: jest.fn(),
+            warn: jest.fn(),
+            info: jest.fn(),
+        };
+        mockConfig = {
+            extractApiKey: jest.fn(),
+            retrieveUserByApiKey: jest.fn(),
+            lock: {
+                isAccountLocked: jest.fn(),
+                logFailedAttempt: jest.fn(),
+            },
+            isApiKeyExpired: jest.fn(),
+            rateLimit: {
+                checkRateLimit: jest.fn(),
+                incrementRequestCount: jest.fn(),
+            },
+            role: { authorizeByRoles: jest.fn(), roles: [] },
+            revokeApiKey: jest.fn(),
+            trackApiKeyUsage: jest.fn(),
+            keyType: "long-term",
+        };
+        strategy = new api_key_strategy_1.ApiKeyStrategy(mockConfig, mockLogger);
+    });
+    it("should authenticate a user with a valid API key", async () => {
+        mockConfig.extractApiKey.mockReturnValue("valid-api-key");
+        mockConfig.retrieveUserByApiKey.mockResolvedValue({
+            id: 1,
+            name: "John Doe",
+        });
+        const result = await strategy.authenticate({});
+        expect(result).toEqual({ user: { id: 1, name: "John Doe" } });
+        expect(mockConfig.trackApiKeyUsage).toHaveBeenCalledWith("valid-api-key");
+        expect(mockConfig.rateLimit.incrementRequestCount).toHaveBeenCalledWith("valid-api-key");
+    });
+    it("should throw MissingApiKeyError if no API key is provided", async () => {
+        mockConfig.extractApiKey.mockReturnValue(null);
+        await expect(strategy.authenticate({})).rejects.toThrow(api_key_errors_1.MissingApiKeyError);
+        expect(mockConfig.lock.logFailedAttempt).toHaveBeenCalled();
+    });
+    it("should throw InvalidApiKeyError if the API key is invalid", async () => {
+        mockConfig.extractApiKey.mockReturnValue("invalid-api-key");
+        mockConfig.retrieveUserByApiKey.mockResolvedValue(null);
+        await expect(strategy.authenticate({})).rejects.toThrow(api_key_errors_1.InvalidApiKeyError);
+        expect(mockConfig.lock.logFailedAttempt).toHaveBeenCalledWith("invalid-api-key", {});
+    });
+    it("should throw AccountLockedError if account is locked", async () => {
+        mockConfig.extractApiKey.mockReturnValue("valid-api-key");
+        mockConfig.lock.isAccountLocked.mockResolvedValue(true);
+        await expect(strategy.authenticate({})).rejects.toThrow(errors_1.AccountLockedError);
+    });
+    it("should throw ExpiredApiKeyError if API key is expired", async () => {
+        mockConfig.extractApiKey.mockReturnValue("valid-api-key");
+        mockConfig.isApiKeyExpired.mockResolvedValue(true);
+        await expect(strategy.authenticate({})).rejects.toThrow(api_key_errors_1.ExpiredApiKeyError);
+    });
+    it("should throw RateLimitExceededError if API key exceeds rate limit", async () => {
+        mockConfig.extractApiKey.mockReturnValue("valid-api-key");
+        mockConfig.rateLimit.checkRateLimit.mockResolvedValue(true);
+        await expect(strategy.authenticate({})).rejects.toThrow(errors_1.RateLimitExceededError);
+    });
+    it("should throw UnauthorizedRoleError if user has no access", async () => {
+        mockConfig.extractApiKey.mockReturnValue("valid-api-key");
+        mockConfig.retrieveUserByApiKey.mockResolvedValue({ id: 1, role: "guest" });
+        mockConfig.role.authorizeByRoles.mockResolvedValue(false);
+        strategy.role.roles = ["admin", "user"];
+        await expect(strategy.authenticate({})).rejects.toThrow(errors_1.UnauthorizedRoleError);
+    });
+    it("should revoke one-time API keys after authentication", async () => {
+        mockConfig.keyType = "one-time";
+        mockConfig.extractApiKey.mockReturnValue("one-time-key");
+        mockConfig.retrieveUserByApiKey.mockResolvedValue({ id: 1 });
+        await strategy.authenticate({});
+        expect(mockConfig.revokeApiKey).toHaveBeenCalledWith("one-time-key");
+    });
+    it("should retry retrieving user on failure", async () => {
+        mockConfig.retrieveUserMaxRetries = 1;
+        mockConfig.extractApiKey.mockReturnValue("valid-api-key");
+        mockConfig.retrieveUserByApiKey
+            .mockRejectedValueOnce(new Error("Temporary failure"))
+            .mockResolvedValueOnce({ id: 1, name: "John Doe" });
+        const result = await strategy.authenticate({});
+        expect(result).toEqual({ user: { id: 1, name: "John Doe" } });
+        expect(mockConfig.retrieveUserByApiKey).toHaveBeenCalledTimes(2);
+    });
+    it("should log failed authentication attempts", async () => {
+        mockConfig.extractApiKey.mockReturnValue("invalid-api-key");
+        mockConfig.retrieveUserByApiKey.mockResolvedValue(null);
+        const ctx = {};
+        await expect(strategy.authenticate(ctx)).rejects.toThrow(api_key_errors_1.InvalidApiKeyError);
+        expect(mockConfig.lock.logFailedAttempt).toHaveBeenCalledWith("invalid-api-key", ctx);
+    });
+});

package/build/strategies/api-key/api-key.strategy.d.ts

@@ -4,12 +4,15 @@ import { ApiKeyStrategyConfig } from "./api-key.types";
 import { BaseAuthStrategy } from "../base-auth.strategy";
 export declare class ApiKeyStrategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> implements AuthStrategy<TContext, TUser> {
     protected config: ApiKeyStrategyConfig<TContext, TUser>;
+    protected apiKeyValidity: {
+        sessionDuration: number;
+        longTermDuration: number;
+    };
     constructor(config: ApiKeyStrategyConfig<TContext, TUser>, logger: Soap.Logger);
+    protected fetchUser(apiKey: string, context: TContext): Promise<TUser | null>;
     init(): Promise<void>;
     authenticate(context?: TContext): Promise<AuthResult<TUser>>;
     authorize(user: TUser, action: string, resource?: string): Promise<boolean>;
     revoke(apiKey: string): Promise<void>;
     private trackApiKeyUsage;
-    private incrementRequestCount;
-    logout(context: TContext): Promise<void>;
 }

package/build/strategies/api-key/api-key.strategy.js

@@ -4,58 +4,79 @@ exports.ApiKeyStrategy = void 0;
 const api_key_errors_1 = require("./api-key.errors");
 const errors_1 = require("../../errors");
 const base_auth_strategy_1 = require("../base-auth.strategy");
+const api_key_tools_1 = require("./api-key.tools");
 class ApiKeyStrategy extends base_auth_strategy_1.BaseAuthStrategy {
     config;
+    apiKeyValidity;
     constructor(config, logger) {
-        super(config, null, logger);
+        super((0, api_key_tools_1.prepareApiKeyConfig)(config), null, logger);
         this.config = config;
         if (!this.config.extractApiKey || !this.config.retrieveUserByApiKey) {
             throw new Error("ApiKeyStrategy requires extractApiKey and retrieveUserByApiKey functions.");
         }
+        this.apiKeyValidity = {
+            sessionDuration: config.sessionDuration || 15 * 60 * 1000,
+            longTermDuration: config.longTermDuration || 90 * 24 * 60 * 60 * 1000,
+        };
+    }
+    async fetchUser(apiKey, context) {
+        const maxRetries = this.config.retrieveUserMaxRetries ?? 0;
+        const retryDelay = this.config.retrieveUserRetryDelay ?? 100;
+        for (let attempt = 0; attempt <= maxRetries; attempt++) {
+            try {
+                const user = await this.config.retrieveUserByApiKey(apiKey, context);
+                return user;
+            }
+            catch (error) {
+                this.logger.warn(`Attempt ${attempt + 1} failed: ${error}`);
+                if (attempt < maxRetries) {
+                    await new Promise((resolve) => setTimeout(resolve, retryDelay));
+                }
+                else {
+                    throw error;
+                }
+            }
+        }
+        return null;
     }
     async init() {
         return Promise.resolve();
     }
     async authenticate(context) {
+        let apiKey;
         try {
-            const apiKey = this.config.extractApiKey(context);
+            apiKey = this.config.extractApiKey(context);
             if (!apiKey) {
                 throw new api_key_errors_1.MissingApiKeyError();
             }
-            if (await this.config.isAccountLocked?.(apiKey, context)) {
+            if (await this.accountLock?.isAccountLocked(apiKey)) {
                 throw new errors_1.AccountLockedError();
             }
+            await this.rateLimit?.checkRateLimit(apiKey);
             if (await this.config.isApiKeyExpired?.(apiKey)) {
                 throw new api_key_errors_1.ExpiredApiKeyError();
             }
-            if (this.config.checkRateLimit &&
-                (await this.config.checkRateLimit(apiKey))) {
-                throw new errors_1.RateLimitExceededError();
-            }
-            const user = await this.config.retrieveUserByApiKey(apiKey);
+            const user = await this.fetchUser(apiKey, context);
             if (!user) {
-                await this.config.logFailedAttempt?.(apiKey, context);
                 throw new api_key_errors_1.InvalidApiKeyError();
             }
-            if (this.config.authorizeByRoles) {
-                const hasAccess = await this.config.authorizeByRoles(user, this.config.roles || []);
-                if (!hasAccess) {
-                    throw new errors_1.UnauthorizedRoleError();
-                }
+            await this.role?.isAuthorized(user);
+            if (this.config.keyType === "one-time") {
+                await this.config.revokeApiKey?.(apiKey);
             }
+            await this.rateLimit?.incrementRequestCount(apiKey);
             await this.trackApiKeyUsage(apiKey);
-            await this.incrementRequestCount(apiKey);
             await this.onSuccess("authenticate", { user, context });
             return { user };
         }
         catch (error) {
-            this.logger.error("API Key authentication error:", error);
-            try {
-                await this.onFailure("authenticate", { error, context });
-            }
-            catch (callbackError) {
-                this.logger.error("onFailure callback error during authentication:", callbackError);
+            if (this.accountLock) {
+                this.accountLock.logFailedAttempt(apiKey, context);
             }
+            await this.onFailure("authenticate", {
+                context,
+                error,
+            });
             throw error;
         }
     }
@@ -75,24 +96,11 @@ class ApiKeyStrategy extends base_auth_strategy_1.BaseAuthStrategy {
     }
     async trackApiKeyUsage(apiKey) {
         try {
-            if (this.config.trackApiKeyUsage) {
-                await this.config.trackApiKeyUsage(apiKey);
-            }
+            await this.config.trackApiKeyUsage?.(apiKey);
         }
         catch (error) {
             this.logger.warn("Failed to track API key usage:", error);
         }
     }
-    async incrementRequestCount(apiKey) {
-        try {
-            await this.config.incrementRequestCount?.(apiKey);
-        }
-        catch (error) {
-            this.logger.warn("Failed to increment request count:", error);
-        }
-    }
-    logout(context) {
-        return;
-    }
 }
 exports.ApiKeyStrategy = ApiKeyStrategy;

package/build/strategies/api-key/api-key.tools.d.ts

@@ -0,0 +1,2 @@
+import { ApiKeyStrategyConfig } from "./api-key.types";
+export declare const prepareApiKeyConfig: <TContext = any, TUser = any>(config: Partial<ApiKeyStrategyConfig<TContext, TUser>>) => ApiKeyStrategyConfig<TContext, TUser>;

package/build/strategies/api-key/api-key.tools.js

@@ -0,0 +1,39 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.prepareApiKeyConfig = void 0;
+const Soap = __importStar(require("@soapjs/soap"));
+const prepareApiKeyConfig = (config) => {
+    return Soap.removeUndefinedProperties({
+        ...config,
+        keyType: config.keyType || "long-term",
+        retrieveUserMaxRetries: config.retrieveUserMaxRetries ?? 3,
+        retrieveUserRetryDelay: config.retrieveUserRetryDelay ?? 1000,
+        sessionDuration: config.sessionDuration ?? 3600,
+        longTermDuration: config.longTermDuration ?? 86400,
+        trackApiKeyUsage: config.trackApiKeyUsage || (() => Promise.resolve()),
+    });
+};
+exports.prepareApiKeyConfig = prepareApiKeyConfig;

package/build/strategies/api-key/api-key.types.d.ts

@@ -1,7 +1,15 @@
 import { RateLimitConfig, RoleAuthorizationConfig, AccountLockConfig, AuthResultConfig } from "../../types";
-export interface ApiKeyStrategyConfig<TContext = unknown, TUser = unknown> extends AuthResultConfig<TContext, TUser>, ApiKeyTrackingConfig, RateLimitConfig, RoleAuthorizationConfig<TUser>, AccountLockConfig<TContext> {
+export interface ApiKeyStrategyConfig<TContext = unknown, TUser = unknown> extends AuthResultConfig<TContext, TUser>, ApiKeyTrackingConfig {
+    role?: RoleAuthorizationConfig<TUser>;
+    rateLimit?: RateLimitConfig;
+    lock?: AccountLockConfig<TContext>;
+    keyType: "one-time" | "long-term" | "session";
+    retrieveUserMaxRetries?: number;
+    retrieveUserRetryDelay?: number;
+    sessionDuration?: number;
+    longTermDuration?: number;
     extractApiKey: (context: TContext) => string | null;
-    retrieveUserByApiKey: (apiKey: string) => Promise<TUser | null>;
+    retrieveUserByApiKey: (apiKey: string, context?: TContext) => Promise<TUser | null>;
     authorize?: (user: TUser, action: string, resource?: string) => Promise<boolean>;
     revokeApiKey?: (apiKey: string) => Promise<void>;
 }

package/build/strategies/base-auth.strategy.d.ts

@@ -1,18 +1,24 @@
 import * as Soap from "@soapjs/soap";
 import { AuthFailureContext, AuthResult, AuthStrategy, AuthSuccessContext, BaseAuthStrategyConfig } from "../types";
 import { SessionHandler } from "../session/session-handler";
+import { AccountLockService } from "../services/account-lock.service";
+import { MfaService } from "../services/mfa.service";
+import { RateLimitService } from "../services/rate-limit.service";
+import { RoleService } from "../services/role.service";
+import { AuthThrottleService } from "../services/auth-throttle.service";
 export declare abstract class BaseAuthStrategy<TContext = unknown, TUser = unknown> implements AuthStrategy<TContext, TUser> {
     protected config: BaseAuthStrategyConfig<TContext, TUser>;
     protected session?: SessionHandler;
     protected logger?: Soap.Logger;
+    protected accountLock: AccountLockService<TContext>;
+    protected mfa: MfaService<TContext, TUser>;
+    protected rateLimit: RateLimitService;
+    protected role: RoleService<TUser>;
+    protected throttle: AuthThrottleService;
     abstract authenticate(context?: TContext): Promise<AuthResult<TUser>>;
-    abstract logout(context: TContext): Promise<void>;
     constructor(config: BaseAuthStrategyConfig<TContext, TUser>, session?: SessionHandler, logger?: Soap.Logger);
     init(): Promise<void>;
-    protected isAccountLocked(account: any): Promise<boolean>;
-    protected isAuthorized(user: TUser): Promise<boolean>;
-    protected checkRateLimit(data: unknown): Promise<void>;
-    protected checkMfa(user: TUser, context: TContext): Promise<void>;
     protected onSuccess(action: string, context: AuthSuccessContext<TUser, TContext>): Promise<void>;
     protected onFailure(action: string, context: AuthFailureContext<TContext>): Promise<void>;
+    protected authenticateWithSession(context: TContext): Promise<AuthResult<TUser>>;
 }