@soapjs/soap-auth 0.3.2 → 0.4.0

package/build/types.d.ts

@@ -1,4 +1,6 @@
 import * as Soap from "@soapjs/soap";
+export type AuthResult<TUser extends Soap.AuthUser = Soap.AuthUser> = Soap.AuthResult<TUser>;
+export type AuthStrategy<TUser extends Soap.AuthUser = Soap.AuthUser> = Soap.AuthStrategy<TUser>;
 import { LocalStrategyConfig } from "./strategies/local/local.types";
 import { OAuth2StrategyConfig } from "./strategies/oauth2/oauth2.types";
 import { ApiKeyStrategyConfig } from "./strategies/api-key/api-key.types";
@@ -71,29 +73,43 @@ export interface MfaConfig<TUser = unknown, TContext = unknown> {
     resetMfaAttempts?: (user: TUser) => Promise<void>;
     incrementMfaAttempts?: (user: TUser) => Promise<void>;
 }
+export type PasswordType = "default" | "one-time" | "temporary";
+export type NewPasswordOptions = {
+    expiresIn?: number;
+    type: PasswordType;
+    additional?: Record<string, unknown>;
+};
+export type PasswordInfo = {
+    type: PasswordType;
+    expiresIn?: number;
+    lastChangeDate?: Date;
+};
 export interface PasswordPolicyConfig {
-    validatePassword?: (password: string) => Promise<boolean>;
-    getLastPasswordChange?: (identifier: string) => Promise<Date>;
+    validatePassword?: (password: string, previousPassword?: string) => Promise<void>;
+    getPasswordPasswordInfo?: (identifier: string) => Promise<PasswordInfo>;
     passwordExpirationDays?: number;
     generateResetToken?: (identifier: string) => Promise<string>;
-    sendResetEmail?: (identifier: string, token: string) => Promise<void>;
-    validateResetToken?: (token: string) => Promise<boolean>;
-    updatePassword?: (identifier: string, newPassword: string) => Promise<void>;
+    sendPasswordResetEmail?: (identifier: string, token: string) => Promise<void>;
+    validatePasswordResetToken?: (token: string) => Promise<boolean>;
+    updatePassword?: (identifier: string, newPassword: string, options?: NewPasswordOptions) => Promise<void>;
+    generatePassword?: (identifier: string, options: NewPasswordOptions) => Promise<string>;
 }
 export interface UserConfig<TUser = unknown> {
     fetchUser: (payload: unknown) => Promise<TUser | null>;
     validateUser?: (payload: unknown) => Promise<any>;
 }
-export interface CredentailsConfig<TContext = any> {
+export type CredentailsConfig<TContext = any> = CredentialsConfig<TContext>;
+export interface CredentialsConfig<TContext = any> {
     extractCredentials: <TCredentials = {
         identifier: string;
         password: string;
+        newPassword?: string;
     }>(context: TContext) => TCredentials;
     verifyCredentials: (identifier: string, password: string) => Promise<boolean>;
 }
 export interface CredentialAuthStrategyConfig<TContext = unknown, TUser = unknown> extends BaseAuthStrategyConfig<TContext, TUser> {
     passwordPolicy?: PasswordPolicyConfig;
-    credentials?: CredentailsConfig<TContext>;
+    credentials?: CredentialsConfig<TContext>;
     jwt?: TokenAuthConfig<TContext>;
     user?: UserConfig<TUser>;
     allowGuest?: boolean;
@@ -155,43 +171,26 @@ export type AuthFailureContext<TContext = unknown> = {
     email?: string;
     additional?: Record<string, unknown>;
 };
-export type AuthResult<TUser = unknown, TSessionData = unknown> = {
-    user: TUser;
-    session?: SessionInfo<TSessionData>;
-    tokens?: {
-        accessToken?: string;
-        refreshToken?: string | null;
-        apiKey?: string | null;
-        [key: string]: string;
-    };
-};
-export interface AuthStrategy<TContext = unknown, TUser = unknown> {
-    init?(...args: unknown[]): Promise<void>;
-    authenticate(context?: TContext, ...args: unknown[]): Promise<AuthResult<TUser> | null>;
-    authorize?(user: any, action: string, resource?: string): Promise<boolean>;
-    refresh?(refreshToken: string): Promise<string>;
-    logout?(context?: TContext): Promise<void>;
-    logout?(context?: TContext): Promise<void>;
-}
-export interface SoapHttpAuthConfig<TContext = unknown, TUser = unknown> {
+export interface SoapHttpAuthConfig<TContext = unknown, TUser extends Soap.AuthUser = Soap.AuthUser> {
     local?: LocalStrategyConfig<TContext, TUser>;
+    jwt?: JwtConfig<TContext, TUser>;
     oauth2?: {
         [provider: string]: OAuth2StrategyConfig<TContext, TUser>;
     };
     apiKey?: ApiKeyStrategyConfig<TContext, TUser>;
     basic?: BasicStrategyConfig<TContext, TUser>;
-    custom: {
-        [label: string]: AuthStrategy;
+    custom?: {
+        [label: string]: Soap.AuthStrategy;
     };
 }
-export interface SoapSocketAuthConfig<TContext = unknown, TUser = unknown> {
+export interface SoapSocketAuthConfig<TContext = unknown, TUser extends Soap.AuthUser = Soap.AuthUser> {
     jwt?: JwtConfig<TContext, TUser>;
     apiKey?: ApiKeyStrategyConfig<TContext, TUser>;
-    custom: {
-        [provider: string]: AuthStrategy;
+    custom?: {
+        [provider: string]: Soap.AuthStrategy;
     };
 }
-export interface SoapAuthConfig<TContext = unknown, TUser = unknown> {
+export interface SoapAuthConfig<TContext = unknown, TUser extends Soap.AuthUser = Soap.AuthUser> {
     session?: SessionConfig;
     jwt?: TokenAuthConfig<TContext>;
     http?: SoapHttpAuthConfig<TContext, TUser>;

package/build/utils/__tests__/validation.test.d.ts

@@ -0,0 +1 @@
+export {};

package/build/utils/__tests__/validation.test.js

@@ -0,0 +1,181 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const validation_1 = require("../validation");
+describe("ValidationUtils", () => {
+    describe("required", () => {
+        it("should not throw for valid values", () => {
+            expect(() => validation_1.ValidationUtils.required("test", "field")).not.toThrow();
+            expect(() => validation_1.ValidationUtils.required(0, "field")).not.toThrow();
+            expect(() => validation_1.ValidationUtils.required(false, "field")).not.toThrow();
+            expect(() => validation_1.ValidationUtils.required([], "field")).not.toThrow();
+            expect(() => validation_1.ValidationUtils.required({}, "field")).not.toThrow();
+        });
+        it("should throw ValidationError for null or undefined", () => {
+            expect(() => validation_1.ValidationUtils.required(null, "field")).toThrow(validation_1.ValidationError);
+            expect(() => validation_1.ValidationUtils.required(undefined, "field")).toThrow(validation_1.ValidationError);
+        });
+        it("should include field name in error message", () => {
+            expect(() => validation_1.ValidationUtils.required(null, "testField")).toThrow("testField is required");
+        });
+    });
+    describe("nonEmptyString", () => {
+        it("should return trimmed string for valid input", () => {
+            expect(validation_1.ValidationUtils.nonEmptyString("  test  ", "field")).toBe("test");
+        });
+        it("should throw for non-string input", () => {
+            expect(() => validation_1.ValidationUtils.nonEmptyString(123, "field")).toThrow(validation_1.ValidationError);
+        });
+        it("should throw for empty string", () => {
+            expect(() => validation_1.ValidationUtils.nonEmptyString("", "field")).toThrow(validation_1.ValidationError);
+            expect(() => validation_1.ValidationUtils.nonEmptyString("   ", "field")).toThrow(validation_1.ValidationError);
+        });
+        it("should throw for null or undefined", () => {
+            expect(() => validation_1.ValidationUtils.nonEmptyString(null, "field")).toThrow(validation_1.ValidationError);
+            expect(() => validation_1.ValidationUtils.nonEmptyString(undefined, "field")).toThrow(validation_1.ValidationError);
+        });
+    });
+    describe("email", () => {
+        it("should return email for valid input", () => {
+            expect(validation_1.ValidationUtils.email("test@example.com", "field")).toBe("test@example.com");
+        });
+        it("should throw for invalid email format", () => {
+            expect(() => validation_1.ValidationUtils.email("invalid-email", "field")).toThrow(validation_1.ValidationError);
+            expect(() => validation_1.ValidationUtils.email("@example.com", "field")).toThrow(validation_1.ValidationError);
+            expect(() => validation_1.ValidationUtils.email("test@", "field")).toThrow(validation_1.ValidationError);
+        });
+    });
+    describe("password", () => {
+        it("should return password for valid input", () => {
+            expect(validation_1.ValidationUtils.password("password123", "field")).toBe("password123");
+        });
+        it("should throw for short password", () => {
+            expect(() => validation_1.ValidationUtils.password("short", "field", 8)).toThrow(validation_1.ValidationError);
+        });
+        it("should use default minimum length", () => {
+            expect(() => validation_1.ValidationUtils.password("short", "field")).toThrow(validation_1.ValidationError);
+        });
+    });
+    describe("positiveNumber", () => {
+        it("should return number for valid input", () => {
+            expect(validation_1.ValidationUtils.positiveNumber(5, "field")).toBe(5);
+            expect(validation_1.ValidationUtils.positiveNumber("10", "field")).toBe(10);
+        });
+        it("should throw for non-positive numbers", () => {
+            expect(() => validation_1.ValidationUtils.positiveNumber(0, "field")).toThrow(validation_1.ValidationError);
+            expect(() => validation_1.ValidationUtils.positiveNumber(-1, "field")).toThrow(validation_1.ValidationError);
+            expect(() => validation_1.ValidationUtils.positiveNumber("abc", "field")).toThrow(validation_1.ValidationError);
+        });
+    });
+    describe("range", () => {
+        it("should return number within range", () => {
+            expect(validation_1.ValidationUtils.range(5, "field", 1, 10)).toBe(5);
+        });
+        it("should throw for numbers outside range", () => {
+            expect(() => validation_1.ValidationUtils.range(0, "field", 1, 10)).toThrow(validation_1.ValidationError);
+            expect(() => validation_1.ValidationUtils.range(11, "field", 1, 10)).toThrow(validation_1.ValidationError);
+        });
+    });
+    describe("oneOf", () => {
+        it("should return value if it's in allowed values", () => {
+            expect(validation_1.ValidationUtils.oneOf("test", "field", ["test", "other"])).toBe("test");
+        });
+        it("should throw if value is not in allowed values", () => {
+            expect(() => validation_1.ValidationUtils.oneOf("invalid", "field", ["test", "other"])).toThrow(validation_1.ValidationError);
+        });
+    });
+    describe("url", () => {
+        it("should return URL for valid input", () => {
+            expect(validation_1.ValidationUtils.url("https://example.com", "field")).toBe("https://example.com");
+        });
+        it("should throw for invalid URL", () => {
+            expect(() => validation_1.ValidationUtils.url("not-a-url", "field")).toThrow(validation_1.ValidationError);
+        });
+    });
+    describe("jwtToken", () => {
+        it("should return token for valid JWT format", () => {
+            const token = "header.payload.signature";
+            expect(validation_1.ValidationUtils.jwtToken(token, "field")).toBe(token);
+        });
+        it("should throw for invalid JWT format", () => {
+            expect(() => validation_1.ValidationUtils.jwtToken("invalid", "field")).toThrow(validation_1.ValidationError);
+            expect(() => validation_1.ValidationUtils.jwtToken("header.payload", "field")).toThrow(validation_1.ValidationError);
+        });
+    });
+    describe("uuid", () => {
+        it("should return UUID for valid input", () => {
+            const uuid = "123e4567-e89b-12d3-a456-426614174000";
+            expect(validation_1.ValidationUtils.uuid(uuid, "field")).toBe(uuid);
+        });
+        it("should throw for invalid UUID", () => {
+            expect(() => validation_1.ValidationUtils.uuid("not-a-uuid", "field")).toThrow(validation_1.ValidationError);
+        });
+    });
+    describe("object", () => {
+        it("should return object for valid input", () => {
+            const obj = { test: "value" };
+            expect(validation_1.ValidationUtils.object(obj, "field")).toBe(obj);
+        });
+        it("should throw for non-object input", () => {
+            expect(() => validation_1.ValidationUtils.object("string", "field")).toThrow(validation_1.ValidationError);
+            expect(() => validation_1.ValidationUtils.object([], "field")).toThrow(validation_1.ValidationError);
+        });
+    });
+    describe("array", () => {
+        it("should return array for valid input", () => {
+            const arr = [1, 2, 3];
+            expect(validation_1.ValidationUtils.array(arr, "field")).toBe(arr);
+        });
+        it("should throw for non-array input", () => {
+            expect(() => validation_1.ValidationUtils.array("string", "field")).toThrow(validation_1.ValidationError);
+            expect(() => validation_1.ValidationUtils.array({}, "field")).toThrow(validation_1.ValidationError);
+        });
+    });
+    describe("function", () => {
+        it("should return function for valid input", () => {
+            const fn = () => { };
+            expect(validation_1.ValidationUtils.function(fn, "field")).toBe(fn);
+        });
+        it("should throw for non-function input", () => {
+            expect(() => validation_1.ValidationUtils.function("string", "field")).toThrow(validation_1.ValidationError);
+        });
+    });
+    describe("validateConfig", () => {
+        it("should not throw for valid config", () => {
+            const config = { field1: "value1", field2: "value2" };
+            expect(() => validation_1.ValidationUtils.validateConfig(config, ["field1", "field2"])).not.toThrow();
+        });
+        it("should throw for missing required fields", () => {
+            const config = { field1: "value1" };
+            expect(() => validation_1.ValidationUtils.validateConfig(config, ["field1", "field2"])).toThrow(validation_1.ValidationError);
+        });
+    });
+    describe("pattern", () => {
+        it("should return string for matching pattern", () => {
+            const regex = /^[a-z]+$/;
+            expect(validation_1.ValidationUtils.pattern("test", "field", regex)).toBe("test");
+        });
+        it("should throw for non-matching pattern", () => {
+            const regex = /^[a-z]+$/;
+            expect(() => validation_1.ValidationUtils.pattern("TEST", "field", regex)).toThrow(validation_1.ValidationError);
+        });
+    });
+    describe("date", () => {
+        it("should return Date for valid input", () => {
+            const date = validation_1.ValidationUtils.date("2023-01-01", "field");
+            expect(date).toBeInstanceOf(Date);
+        });
+        it("should throw for invalid date", () => {
+            expect(() => validation_1.ValidationUtils.date("invalid-date", "field")).toThrow(validation_1.ValidationError);
+        });
+    });
+    describe("boolean", () => {
+        it("should return boolean for valid input", () => {
+            expect(validation_1.ValidationUtils.boolean(true, "field")).toBe(true);
+            expect(validation_1.ValidationUtils.boolean(false, "field")).toBe(false);
+        });
+        it("should throw for non-boolean input", () => {
+            expect(() => validation_1.ValidationUtils.boolean("true", "field")).toThrow(validation_1.ValidationError);
+            expect(() => validation_1.ValidationUtils.boolean(1, "field")).toThrow(validation_1.ValidationError);
+        });
+    });
+});

package/build/utils/validation.d.ts

@@ -0,0 +1,23 @@
+export declare class ValidationError extends Error {
+    field?: string;
+    constructor(message: string, field?: string);
+}
+export declare class ValidationUtils {
+    static required(value: any, fieldName: string): void;
+    static nonEmptyString(value: any, fieldName: string): string;
+    static email(value: any, fieldName: string): string;
+    static password(value: any, fieldName: string, minLength?: number): string;
+    static positiveNumber(value: any, fieldName: string): number;
+    static range(value: any, fieldName: string, min: number, max: number): number;
+    static oneOf<T>(value: any, fieldName: string, allowedValues: T[]): T;
+    static url(value: any, fieldName: string): string;
+    static jwtToken(value: any, fieldName: string): string;
+    static uuid(value: any, fieldName: string): string;
+    static object(value: any, fieldName: string): object;
+    static array(value: any, fieldName: string): any[];
+    static function(value: any, fieldName: string): Function;
+    static validateConfig(config: any, requiredFields: string[], fieldName?: string): void;
+    static pattern(value: any, fieldName: string, regex: RegExp, message?: string): string;
+    static date(value: any, fieldName: string): Date;
+    static boolean(value: any, fieldName: string): boolean;
+}

package/build/utils/validation.js

@@ -0,0 +1,139 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ValidationUtils = exports.ValidationError = void 0;
+class ValidationError extends Error {
+    field;
+    constructor(message, field) {
+        super(message);
+        this.field = field;
+        this.name = "ValidationError";
+    }
+}
+exports.ValidationError = ValidationError;
+class ValidationUtils {
+    static required(value, fieldName) {
+        if (value === null || value === undefined) {
+            throw new ValidationError(`${fieldName} is required`, fieldName);
+        }
+    }
+    static nonEmptyString(value, fieldName) {
+        this.required(value, fieldName);
+        if (typeof value !== "string" || value.trim().length === 0) {
+            throw new ValidationError(`${fieldName} must be a non-empty string`, fieldName);
+        }
+        return value.trim();
+    }
+    static email(value, fieldName) {
+        const email = this.nonEmptyString(value, fieldName);
+        const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+        if (!emailRegex.test(email)) {
+            throw new ValidationError(`${fieldName} must be a valid email address`, fieldName);
+        }
+        return email;
+    }
+    static password(value, fieldName, minLength = 8) {
+        const password = this.nonEmptyString(value, fieldName);
+        if (password.length < minLength) {
+            throw new ValidationError(`${fieldName} must be at least ${minLength} characters long`, fieldName);
+        }
+        return password;
+    }
+    static positiveNumber(value, fieldName) {
+        this.required(value, fieldName);
+        const num = Number(value);
+        if (isNaN(num) || num <= 0) {
+            throw new ValidationError(`${fieldName} must be a positive number`, fieldName);
+        }
+        return num;
+    }
+    static range(value, fieldName, min, max) {
+        const num = this.positiveNumber(value, fieldName);
+        if (num < min || num > max) {
+            throw new ValidationError(`${fieldName} must be between ${min} and ${max}`, fieldName);
+        }
+        return num;
+    }
+    static oneOf(value, fieldName, allowedValues) {
+        this.required(value, fieldName);
+        if (!allowedValues.includes(value)) {
+            throw new ValidationError(`${fieldName} must be one of: ${allowedValues.join(", ")}`, fieldName);
+        }
+        return value;
+    }
+    static url(value, fieldName) {
+        const url = this.nonEmptyString(value, fieldName);
+        try {
+            new URL(url);
+            return url;
+        }
+        catch {
+            throw new ValidationError(`${fieldName} must be a valid URL`, fieldName);
+        }
+    }
+    static jwtToken(value, fieldName) {
+        const token = this.nonEmptyString(value, fieldName);
+        const parts = token.split(".");
+        if (parts.length !== 3) {
+            throw new ValidationError(`${fieldName} must be a valid JWT token`, fieldName);
+        }
+        return token;
+    }
+    static uuid(value, fieldName) {
+        const uuid = this.nonEmptyString(value, fieldName);
+        const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+        if (!uuidRegex.test(uuid)) {
+            throw new ValidationError(`${fieldName} must be a valid UUID`, fieldName);
+        }
+        return uuid;
+    }
+    static object(value, fieldName) {
+        this.required(value, fieldName);
+        if (typeof value !== "object" || Array.isArray(value)) {
+            throw new ValidationError(`${fieldName} must be an object`, fieldName);
+        }
+        return value;
+    }
+    static array(value, fieldName) {
+        this.required(value, fieldName);
+        if (!Array.isArray(value)) {
+            throw new ValidationError(`${fieldName} must be an array`, fieldName);
+        }
+        return value;
+    }
+    static function(value, fieldName) {
+        this.required(value, fieldName);
+        if (typeof value !== "function") {
+            throw new ValidationError(`${fieldName} must be a function`, fieldName);
+        }
+        return value;
+    }
+    static validateConfig(config, requiredFields, fieldName = "config") {
+        this.object(config, fieldName);
+        for (const field of requiredFields) {
+            this.required(config[field], `${fieldName}.${field}`);
+        }
+    }
+    static pattern(value, fieldName, regex, message) {
+        const str = this.nonEmptyString(value, fieldName);
+        if (!regex.test(str)) {
+            throw new ValidationError(message || `${fieldName} does not match required pattern`, fieldName);
+        }
+        return str;
+    }
+    static date(value, fieldName) {
+        this.required(value, fieldName);
+        const date = new Date(value);
+        if (isNaN(date.getTime())) {
+            throw new ValidationError(`${fieldName} must be a valid date`, fieldName);
+        }
+        return date;
+    }
+    static boolean(value, fieldName) {
+        this.required(value, fieldName);
+        if (typeof value !== "boolean") {
+            throw new ValidationError(`${fieldName} must be a boolean`, fieldName);
+        }
+        return value;
+    }
+}
+exports.ValidationUtils = ValidationUtils;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@soapjs/soap-auth",
-  "version": "0.3.2",
+  "version": "0.4.0",
   "description": "",
   "homepage": "https://docs.soapjs.com",
   "repository": "https://github.com/soapjs/soap-auth",
@@ -15,20 +15,21 @@
     "prepublish": "npm run clean && tsc --project tsconfig.build.json"
   },
   "devDependencies": {
-    "@soapjs/soap": "^0.5.8",
+    "@soapjs/soap": "^0.9.0",
     "@types/jest": "^27.0.3",
     "jest": "^27.4.5",
     "ts-jest": "^27.1.3",
     "typescript": "^4.8.2"
   },
   "peerDependencies": {
-    "@soapjs/soap": ">=0.5.8"
+    "@soapjs/soap": ">=0.8.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
   },
   "dependencies": {
-    "axios": "^1.7.9",
-    "bcrypt": "^5.1.1",
+    "bcrypt": "^6.0.0",
     "jsonwebtoken": "^9.0.2",
-    "jwks-rsa": "^3.1.0",
-    "uuid": "^9.0.1"
+    "jwks-rsa": "^3.1.0"
   }
 }