@soapjs/soap-auth 0.3.3 → 0.4.4

package/build/soap-auth.js

@@ -1,11 +1,18 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SoapAuth = void 0;
+const validation_1 = require("./utils/validation");
+const session_handler_1 = require("./session/session-handler");
+const jwt_strategy_1 = require("./strategies/jwt/jwt.strategy");
+const local_strategy_1 = require("./strategies/local/local.strategy");
+const basic_strategy_1 = require("./strategies/basic/basic.strategy");
+const api_key_strategy_1 = require("./strategies/api-key/api-key.strategy");
 class SoapAuth {
-    requiredStrategyMethods = ["authenticate", "init"];
+    requiredStrategyMethods = ["authenticate"];
     strategies = new Map();
     logger;
     constructor(config) {
+        this.validateConfig(config);
         this.strategies.set("http", new Map());
         this.strategies.set("socket", new Map());
         this.strategies.set("event", new Map());
@@ -15,12 +22,83 @@ class SoapAuth {
         this.strategies.set("edge", new Map());
         this.logger = config.logger;
     }
+    validateConfig(config) {
+        try {
+            validation_1.ValidationUtils.required(config, "config");
+            if (config.logger) {
+                validation_1.ValidationUtils.object(config.logger, "config.logger");
+            }
+            if (config.session) {
+                this.validateSessionConfig(config.session);
+            }
+            if (config.jwt) {
+                this.validateJwtConfig(config.jwt);
+            }
+            if (config.http) {
+                this.validateHttpStrategies(config.http);
+            }
+            if (config.socket) {
+                this.validateSocketStrategies(config.socket);
+            }
+        }
+        catch (error) {
+            if (error instanceof validation_1.ValidationError) {
+                throw error;
+            }
+            throw new validation_1.ValidationError(`Invalid configuration: ${error.message}`);
+        }
+    }
+    validateSessionConfig(session) {
+        validation_1.ValidationUtils.required(session.secret, "session.secret");
+        validation_1.ValidationUtils.nonEmptyString(session.secret, "session.secret");
+        if (session.sessionKey) {
+            validation_1.ValidationUtils.nonEmptyString(session.sessionKey, "session.sessionKey");
+        }
+        if (session.sessionHeader) {
+            validation_1.ValidationUtils.nonEmptyString(session.sessionHeader, "session.sessionHeader");
+        }
+    }
+    validateJwtConfig(jwt) {
+        if (jwt.accessToken) {
+            validation_1.ValidationUtils.required(jwt.accessToken.issuer, "jwt.accessToken.issuer");
+            validation_1.ValidationUtils.required(jwt.accessToken.issuer.secretKey, "jwt.accessToken.issuer.secretKey");
+            validation_1.ValidationUtils.nonEmptyString(jwt.accessToken.issuer.secretKey, "jwt.accessToken.issuer.secretKey");
+        }
+        if (jwt.refreshToken) {
+            validation_1.ValidationUtils.required(jwt.refreshToken.issuer, "jwt.refreshToken.issuer");
+            validation_1.ValidationUtils.required(jwt.refreshToken.issuer.secretKey, "jwt.refreshToken.issuer.secretKey");
+            validation_1.ValidationUtils.nonEmptyString(jwt.refreshToken.issuer.secretKey, "jwt.refreshToken.issuer.secretKey");
+        }
+    }
+    validateHttpStrategies(http) {
+        validation_1.ValidationUtils.object(http, "http");
+        if (http.custom) {
+            validation_1.ValidationUtils.object(http.custom, "http.custom");
+            for (const [name, strategy] of Object.entries(http.custom)) {
+                validation_1.ValidationUtils.required(strategy, `http.custom.${name}`);
+                validation_1.ValidationUtils.object(strategy, `http.custom.${name}`);
+            }
+        }
+    }
+    validateSocketStrategies(socket) {
+        validation_1.ValidationUtils.object(socket, "socket");
+        if (socket.custom) {
+            validation_1.ValidationUtils.object(socket.custom, "socket.custom");
+            for (const [name, strategy] of Object.entries(socket.custom)) {
+                validation_1.ValidationUtils.required(strategy, `socket.custom.${name}`);
+                validation_1.ValidationUtils.object(strategy, `socket.custom.${name}`);
+            }
+        }
+    }
     isAuthStrategy(strategy) {
         return (typeof strategy === "object" &&
             strategy !== null &&
             this.requiredStrategyMethods.every((method) => typeof strategy[method] === "function"));
     }
     addStrategy(strategyInstance, name, type) {
+        validation_1.ValidationUtils.required(strategyInstance, "strategyInstance");
+        validation_1.ValidationUtils.nonEmptyString(name, "name");
+        validation_1.ValidationUtils.oneOf(type, "type", ["http", "socket", "event", "isa", "webhook", "grpc", "edge"]);
         if (!this.strategies.has(type)) {
             throw new Error(`Invalid strategy type "${type}".`);
         }
@@ -33,21 +111,28 @@ class SoapAuth {
         }
     }
     removeStrategy(name, type) {
+        validation_1.ValidationUtils.required(name, "name");
+        validation_1.ValidationUtils.oneOf(type, "type", ["http", "socket", "event", "isa", "webhook", "grpc", "edge"]);
         if (!this.strategies.has(type)) {
             throw new Error(`Invalid strategy type "${type}".`);
         }
         const names = Array.isArray(name) ? name : [name];
         names.forEach((n) => {
+            validation_1.ValidationUtils.nonEmptyString(n, "strategy name");
             this.strategies.get(type).delete(n);
         });
     }
     hasStrategy(name, type) {
+        validation_1.ValidationUtils.nonEmptyString(name, "name");
+        validation_1.ValidationUtils.oneOf(type, "type", ["http", "socket", "event", "isa", "webhook", "grpc", "edge"]);
         if (!this.strategies.has(type)) {
             throw new Error(`Invalid strategy type "${type}".`);
         }
         return this.strategies.get(type).has(name);
     }
     getStrategy(name, type) {
+        validation_1.ValidationUtils.nonEmptyString(name, "name");
+        validation_1.ValidationUtils.oneOf(type, "type", ["http", "socket", "event", "isa", "webhook", "grpc", "edge"]);
         if (!this.strategies.has(type)) {
             throw new Error(`Invalid strategy type "${type}".`);
         }
@@ -101,7 +186,7 @@ class SoapAuth {
         if (sequential) {
             for (const strategy of strategies) {
                 try {
-                    await strategy.init();
+                    await strategy.init?.();
                 }
                 catch (error) {
                     this.logger?.error(`Failed to initialize strategy: ${error.message}`);
@@ -109,10 +194,52 @@ class SoapAuth {
             }
         }
         else {
-            await Promise.all(strategies.map((strategy) => strategy
-                .init()
-                .catch((error) => this.logger?.error(`Failed to initialize strategy: ${error.message}`))));
+            await Promise.all(strategies.map((strategy) => Promise.resolve(strategy.init?.()).catch((error) => this.logger?.error(`Failed to initialize strategy: ${error.message}`))));
+        }
+    }
+    static async create(config) {
+        const auth = new SoapAuth(config);
+        const logger = config.logger;
+        const sessionHandler = config.session
+            ? new session_handler_1.SessionHandler(config.session, logger)
+            : undefined;
+        if (config.http) {
+            const sharedJwt = config.http.jwt
+                ? new jwt_strategy_1.JwtStrategy(config.http.jwt, logger)
+                : undefined;
+            if (config.http.local) {
+                auth.addStrategy(new local_strategy_1.LocalStrategy(config.http.local, sessionHandler, sharedJwt, logger), "local", "http");
+            }
+            if (config.http.basic) {
+                auth.addStrategy(new basic_strategy_1.BasicStrategy(config.http.basic, sessionHandler, sharedJwt, logger), "basic", "http");
+            }
+            if (config.http.apiKey) {
+                auth.addStrategy(new api_key_strategy_1.ApiKeyStrategy(config.http.apiKey, logger), "api-key", "http");
+            }
+            if (sharedJwt) {
+                auth.addStrategy(sharedJwt, "jwt", "http");
+            }
+            if (config.http.custom) {
+                for (const [name, strategy] of Object.entries(config.http.custom)) {
+                    auth.addStrategy(strategy, name, "http");
+                }
+            }
+        }
+        if (config.socket) {
+            if (config.socket.jwt) {
+                auth.addStrategy(new jwt_strategy_1.JwtStrategy(config.socket.jwt, logger), "jwt", "socket");
+            }
+            if (config.socket.apiKey) {
+                auth.addStrategy(new api_key_strategy_1.ApiKeyStrategy(config.socket.apiKey, logger), "api-key", "socket");
+            }
+            if (config.socket.custom) {
+                for (const [name, strategy] of Object.entries(config.socket.custom)) {
+                    auth.addStrategy(strategy, name, "socket");
+                }
+            }
         }
+        await auth.init();
+        return auth;
     }
 }
 exports.SoapAuth = SoapAuth;

package/build/strategies/api-key/api-key.strategy.d.ts

@@ -1,17 +1,17 @@
 import * as Soap from "@soapjs/soap";
-import { AuthResult, AuthStrategy } from "../../types";
 import { ApiKeyStrategyConfig } from "./api-key.types";
 import { BaseAuthStrategy } from "../base-auth.strategy";
-export declare class ApiKeyStrategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> implements AuthStrategy<TContext, TUser> {
+export declare class ApiKeyStrategy<TContext = Soap.HttpContext, TUser extends Soap.AuthUser = Soap.AuthUser> extends BaseAuthStrategy<TContext, TUser> {
     protected config: ApiKeyStrategyConfig<TContext, TUser>;
+    readonly name = "api-key";
     protected apiKeyValidity: {
         sessionDuration: number;
         longTermDuration: number;
     };
-    constructor(config: ApiKeyStrategyConfig<TContext, TUser>, logger: Soap.Logger);
+    constructor(config: ApiKeyStrategyConfig<TContext, TUser>, logger?: Soap.Logger);
     protected fetchUser(apiKey: string, context: TContext): Promise<TUser | null>;
     init(): Promise<void>;
-    authenticate(context?: TContext): Promise<AuthResult<TUser>>;
+    authenticate(context?: TContext): Promise<Soap.AuthResult<TUser> | null>;
     authorize(user: TUser, action: string, resource?: string): Promise<boolean>;
     revoke(apiKey: string): Promise<void>;
     private trackApiKeyUsage;

package/build/strategies/api-key/api-key.strategy.js

@@ -7,6 +7,7 @@ const base_auth_strategy_1 = require("../base-auth.strategy");
 const api_key_tools_1 = require("./api-key.tools");
 class ApiKeyStrategy extends base_auth_strategy_1.BaseAuthStrategy {
     config;
+    name = "api-key";
     apiKeyValidity;
     constructor(config, logger) {
         super((0, api_key_tools_1.prepareApiKeyConfig)(config), null, logger);
@@ -28,7 +29,7 @@ class ApiKeyStrategy extends base_auth_strategy_1.BaseAuthStrategy {
                 return user;
             }
             catch (error) {
-                this.logger.warn(`Attempt ${attempt + 1} failed: ${error}`);
+                this.logger?.warn(`Attempt ${attempt + 1} failed: ${error}`);
                 if (attempt < maxRetries) {
                     await new Promise((resolve) => setTimeout(resolve, retryDelay));
                 }
@@ -99,7 +100,7 @@ class ApiKeyStrategy extends base_auth_strategy_1.BaseAuthStrategy {
             await this.config.trackApiKeyUsage?.(apiKey);
         }
         catch (error) {
-            this.logger.warn("Failed to track API key usage:", error);
+            this.logger?.warn("Failed to track API key usage:", error);
         }
     }
 }

package/build/strategies/base-auth.strategy.d.ts

@@ -1,12 +1,12 @@
 import * as Soap from "@soapjs/soap";
-import { AuthFailureContext, AuthResult, AuthStrategy, AuthSuccessContext, BaseAuthStrategyConfig } from "../types";
+import { AuthFailureContext, AuthSuccessContext, BaseAuthStrategyConfig } from "../types";
 import { SessionHandler } from "../session/session-handler";
 import { AccountLockService } from "../services/account-lock.service";
 import { MfaService } from "../services/mfa.service";
 import { RateLimitService } from "../services/rate-limit.service";
 import { RoleService } from "../services/role.service";
 import { AuthThrottleService } from "../services/auth-throttle.service";
-export declare abstract class BaseAuthStrategy<TContext = unknown, TUser = unknown> implements AuthStrategy<TContext, TUser> {
+export declare abstract class BaseAuthStrategy<TContext = Soap.HttpContext, TUser extends Soap.AuthUser = Soap.AuthUser> {
     protected config: BaseAuthStrategyConfig<TContext, TUser>;
     protected session?: SessionHandler;
     protected logger?: Soap.Logger;
@@ -15,10 +15,11 @@ export declare abstract class BaseAuthStrategy<TContext = unknown, TUser = unkno
     protected rateLimit: RateLimitService;
     protected role: RoleService<TUser>;
     protected throttle: AuthThrottleService;
-    abstract authenticate(context?: TContext): Promise<AuthResult<TUser>>;
+    abstract readonly name: string;
+    abstract authenticate(ctx: TContext): Promise<Soap.AuthResult<TUser> | null>;
     constructor(config: BaseAuthStrategyConfig<TContext, TUser>, session?: SessionHandler, logger?: Soap.Logger);
     init(): Promise<void>;
     protected onSuccess(action: string, context: AuthSuccessContext<TUser, TContext>): Promise<void>;
     protected onFailure(action: string, context: AuthFailureContext<TContext>): Promise<void>;
-    protected authenticateWithSession(context: TContext): Promise<AuthResult<TUser>>;
+    protected authenticateWithSession(context: TContext): Promise<Soap.AuthResult<TUser>>;
 }

package/build/strategies/basic/basic.strategy.d.ts

@@ -3,11 +3,12 @@ import { CredentialAuthStrategy } from "../credential-auth.strategy";
 import { BasicStrategyConfig } from "./basic.types";
 import { SessionHandler } from "../../session/session-handler";
 import { JwtStrategy } from "../jwt/jwt.strategy";
-export declare class BasicStrategy<TContext = unknown, TUser = unknown> extends CredentialAuthStrategy<TContext, TUser> {
+export declare class BasicStrategy<TContext = Soap.HttpContext, TUser extends Soap.AuthUser = Soap.AuthUser> extends CredentialAuthStrategy<TContext, TUser> {
     protected config: BasicStrategyConfig<TContext, TUser>;
     protected session?: SessionHandler;
     protected jwt?: JwtStrategy<TContext, TUser>;
     protected logger?: Soap.Logger;
+    readonly name = "basic";
     constructor(config: BasicStrategyConfig<TContext, TUser>, session?: SessionHandler, jwt?: JwtStrategy<TContext, TUser>, logger?: Soap.Logger);
     protected extractCredentials(context?: TContext): {
         identifier: string;

package/build/strategies/basic/basic.strategy.js

@@ -9,6 +9,7 @@ class BasicStrategy extends credential_auth_strategy_1.CredentialAuthStrategy {
     session;
     jwt;
     logger;
+    name = "basic";
     constructor(config, session, jwt, logger) {
         super((0, basic_tools_1.prepareBasicConfig)(config), session, jwt, logger);
         this.config = config;

package/build/strategies/credential-auth.strategy.d.ts

@@ -1,10 +1,10 @@
 import * as Soap from "@soapjs/soap";
-import { AuthResult, CredentialAuthStrategyConfig } from "../types";
+import { CredentialAuthStrategyConfig, NewPasswordOptions } from "../types";
 import { BaseAuthStrategy } from "./base-auth.strategy";
 import { SessionHandler } from "../session/session-handler";
 import { JwtStrategy } from "./jwt/jwt.strategy";
 import { PasswordService } from "../services/password.service";
-export declare abstract class CredentialAuthStrategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> {
+export declare abstract class CredentialAuthStrategy<TContext = Soap.HttpContext, TUser extends Soap.AuthUser = Soap.AuthUser> extends BaseAuthStrategy<TContext, TUser> {
     protected config: CredentialAuthStrategyConfig<TContext, TUser>;
     protected session?: SessionHandler;
     protected jwt?: JwtStrategy<TContext, TUser>;
@@ -14,10 +14,10 @@ export declare abstract class CredentialAuthStrategy<TContext = unknown, TUser =
     protected abstract extractCredentials(context: TContext): any;
     constructor(config: CredentialAuthStrategyConfig<TContext, TUser>, session?: SessionHandler, jwt?: JwtStrategy<TContext, TUser>, logger?: Soap.Logger);
     protected fetchUser(payload: unknown): Promise<TUser | null>;
-    authenticate(context: TContext): Promise<AuthResult<TUser>>;
-    login(context: TContext): Promise<AuthResult<TUser>>;
+    authenticate(context: TContext): Promise<Soap.AuthResult<TUser> | null>;
+    login(context: TContext): Promise<Soap.AuthResult<TUser>>;
     logout(context: TContext): Promise<void>;
-    requestPasswordReset(identifier: string, email?: string): Promise<void>;
-    resetPassword(identifier: string, token: string, newPassword: string): Promise<void>;
-    changePassword(identifier: string, oldPassword: string, newPassword: string): Promise<void>;
+    requestPasswordResetLink(identifier: string, email?: string): Promise<void>;
+    resetPasswordWithToken(identifier: string, token: string, newPassword: string, passwordOptions?: NewPasswordOptions): Promise<void>;
+    replacePassword(identifier: string, oldPassword: string, newPassword: string, options?: NewPasswordOptions): Promise<void>;
 }

package/build/strategies/credential-auth.strategy.js

@@ -126,7 +126,7 @@ class CredentialAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
             throw error;
         }
     }
-    async requestPasswordReset(identifier, email) {
+    async requestPasswordResetLink(identifier, email) {
         try {
             const token = await this.password.generateResetToken(identifier);
             if (email) {
@@ -136,7 +136,7 @@ class CredentialAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
                 identifier,
                 tokens: { reset: token },
             });
-            this.logger.info(`Password reset requested for identifier: ${identifier}`);
+            this.logger?.info(`Password reset requested for identifier: ${identifier}`);
         }
         catch (error) {
             await this.onFailure("request_password_reset", {
@@ -147,17 +147,12 @@ class CredentialAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
             throw error;
         }
     }
-    async resetPassword(identifier, token, newPassword) {
+    async resetPasswordWithToken(identifier, token, newPassword, passwordOptions) {
         try {
-            if (!this.password?.validateResetToken) {
-                throw new Soap.NotImplementedError("validateResetToken");
-            }
-            if ((await this.password.validateResetToken(token)) === false) {
-                throw new errors_1.ExpiredResetTokenError();
-            }
-            await this.password.updatePassword(identifier, newPassword);
+            await this.password?.validateResetToken(token);
+            await this.password.updatePassword(identifier, newPassword, passwordOptions);
             await this.onSuccess("password_reset", { identifier });
-            this.logger.info(`Password successfully reset for identifier: ${identifier}`);
+            this.logger?.info(`Password successfully reset for identifier: ${identifier}`);
         }
         catch (error) {
             await this.onFailure("password_reset", {
@@ -168,14 +163,14 @@ class CredentialAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
             throw error;
         }
     }
-    async changePassword(identifier, oldPassword, newPassword) {
+    async replacePassword(identifier, oldPassword, newPassword, options) {
         try {
             if (!(await this.verifyCredentials(identifier, oldPassword))) {
                 throw new errors_1.InvalidCredentialsError();
             }
-            await this.password.updatePassword(identifier, newPassword);
+            await this.password.updatePassword(identifier, newPassword, options);
             await this.onSuccess("change_password", { identifier });
-            this.logger.info(`Password changed successfully for identifier: ${identifier}`);
+            this.logger?.info(`Password changed successfully for identifier: ${identifier}`);
         }
         catch (error) {
             await this.onFailure("change_password", {

package/build/strategies/index.d.ts

@@ -13,4 +13,5 @@ export * from "./local/local.types";
 export * from "./oauth2/oauth2.strategy";
 export * from "./oauth2/oauth2.tools";
 export * from "./oauth2/oauth2.types";
+export * from "./oauth2/providers";
 export * from "./token-auth.strategy";

package/build/strategies/index.js

@@ -29,4 +29,5 @@ __exportStar(require("./local/local.types"), exports);
 __exportStar(require("./oauth2/oauth2.strategy"), exports);
 __exportStar(require("./oauth2/oauth2.tools"), exports);
 __exportStar(require("./oauth2/oauth2.types"), exports);
+__exportStar(require("./oauth2/providers"), exports);
 __exportStar(require("./token-auth.strategy"), exports);

package/build/strategies/jwt/jwt.strategy.d.ts

@@ -1,12 +1,14 @@
 import * as Soap from "@soapjs/soap";
 import { TokenAuthStrategy } from "../token-auth.strategy";
 import { TokenAuthStrategyConfig, TokenConfig } from "../../types";
-export declare class JwtStrategy<TContext = unknown, TUser = unknown> extends TokenAuthStrategy<TContext, TUser> {
+export declare class JwtStrategy<TContext = Soap.HttpContext, TUser extends Soap.AuthUser = Soap.AuthUser> extends TokenAuthStrategy<TContext, TUser> {
     protected config: TokenAuthStrategyConfig<TContext, TUser>;
     protected logger?: Soap.Logger;
+    readonly name = "jwt";
     protected accessTokenConfig: TokenConfig<TContext>;
     protected refreshTokenConfig: TokenConfig<TContext>;
     constructor(config: TokenAuthStrategyConfig<TContext, TUser>, logger?: Soap.Logger);
+    private static validateConfig;
     protected verifyAccessToken(token: string): Promise<any>;
     protected verifyRefreshToken(token: string): Promise<any>;
     protected generateAccessToken(user: TUser, context: TContext): Promise<string>;

package/build/strategies/jwt/jwt.strategy.js

@@ -8,12 +8,15 @@ const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const token_auth_strategy_1 = require("../token-auth.strategy");
 const errors_1 = require("../../errors");
 const jwt_tools_1 = require("./jwt.tools");
+const validation_1 = require("../../utils/validation");
 class JwtStrategy extends token_auth_strategy_1.TokenAuthStrategy {
     config;
     logger;
+    name = "jwt";
     accessTokenConfig;
     refreshTokenConfig;
     constructor(config, logger) {
+        JwtStrategy.validateConfig(config);
         if (!config.accessToken.issuer.secretKey) {
             throw new errors_1.UndefinedTokenSecretError("Access");
         }
@@ -24,13 +27,39 @@ class JwtStrategy extends token_auth_strategy_1.TokenAuthStrategy {
         this.config = config;
         this.logger = logger;
         this.accessTokenConfig = jwt_tools_1.JwtTools.prepareAccessTokenConfig(config.accessToken);
-        this.refreshTokenConfig = jwt_tools_1.JwtTools.prepareRefreshTokenConfig(config.refreshToken);
+        if (config.refreshToken) {
+            this.refreshTokenConfig = jwt_tools_1.JwtTools.prepareRefreshTokenConfig(config.refreshToken);
+        }
         this.logger?.info("JWTStrategy initialized with provided configurations.");
     }
+    static validateConfig(config) {
+        try {
+            validation_1.ValidationUtils.required(config, "config");
+            validation_1.ValidationUtils.required(config.accessToken, "config.accessToken");
+            validation_1.ValidationUtils.required(config.accessToken.issuer, "config.accessToken.issuer");
+            validation_1.ValidationUtils.required(config.accessToken.issuer.secretKey, "config.accessToken.issuer.secretKey");
+            validation_1.ValidationUtils.nonEmptyString(config.accessToken.issuer.secretKey, "config.accessToken.issuer.secretKey");
+            if (config.refreshToken) {
+                validation_1.ValidationUtils.required(config.refreshToken.issuer, "config.refreshToken.issuer");
+                validation_1.ValidationUtils.required(config.refreshToken.issuer.secretKey, "config.refreshToken.issuer.secretKey");
+                validation_1.ValidationUtils.nonEmptyString(config.refreshToken.issuer.secretKey, "config.refreshToken.issuer.secretKey");
+            }
+            if (config.user) {
+                validation_1.ValidationUtils.required(config.user.fetchUser, "config.user.fetchUser");
+                validation_1.ValidationUtils.function(config.user.fetchUser, "config.user.fetchUser");
+            }
+        }
+        catch (error) {
+            if (error instanceof validation_1.ValidationError) {
+                throw error;
+            }
+            throw new validation_1.ValidationError(`Invalid JWT configuration: ${error.message}`);
+        }
+    }
     verifyAccessToken(token) {
         try {
-            if (!token)
-                throw new errors_1.UndefinedTokenError("Access");
+            validation_1.ValidationUtils.required(token, "token");
+            validation_1.ValidationUtils.jwtToken(token, "token");
             if (!this.accessTokenConfig.issuer.secretKey)
                 throw new errors_1.UndefinedTokenSecretError("Access");
             return new Promise((resolve, reject) => {
@@ -49,8 +78,8 @@ class JwtStrategy extends token_auth_strategy_1.TokenAuthStrategy {
     }
     verifyRefreshToken(token) {
         try {
-            if (!token)
-                throw new errors_1.UndefinedTokenError("Refresh");
+            validation_1.ValidationUtils.required(token, "token");
+            validation_1.ValidationUtils.jwtToken(token, "token");
             if (!this.refreshTokenConfig.issuer.secretKey)
                 throw new errors_1.UndefinedTokenSecretError("Refresh");
             return new Promise((resolve, reject) => {
@@ -64,7 +93,7 @@ class JwtStrategy extends token_auth_strategy_1.TokenAuthStrategy {
         }
         catch (error) {
             this.logger?.error("JWT verification failed:", error);
-            error;
+            throw error;
         }
     }
     async generateAccessToken(user, context) {
@@ -76,12 +105,12 @@ class JwtStrategy extends token_auth_strategy_1.TokenAuthStrategy {
         return Promise.resolve(jwt_tools_1.JwtTools.generateRefreshToken(payload, this.refreshTokenConfig));
     }
     async storeAccessToken(token) {
-        if (this.accessTokenConfig.persistence.store) {
+        if (this.accessTokenConfig.persistence?.store) {
             await this.accessTokenConfig.persistence.store(token, null, this.accessTokenConfig.issuer.options.expiresIn);
         }
     }
     async storeRefreshToken(token) {
-        if (this.refreshTokenConfig.persistence.store) {
+        if (this.refreshTokenConfig?.persistence?.store) {
             await this.refreshTokenConfig.persistence.store(token, null, this.refreshTokenConfig.issuer.options.expiresIn);
         }
     }
@@ -112,6 +141,9 @@ class JwtStrategy extends token_auth_strategy_1.TokenAuthStrategy {
         }
     }
     extractRefreshToken(context) {
+        if (!this.refreshTokenConfig) {
+            return undefined;
+        }
         if (this.refreshTokenConfig.extract) {
             return this.refreshTokenConfig.extract(context);
         }
@@ -132,7 +164,7 @@ class JwtStrategy extends token_auth_strategy_1.TokenAuthStrategy {
     async invalidateRefreshToken(token, context) {
         const refreshToken = token || (await this.extractRefreshToken(context));
         if (refreshToken) {
-            await this.refreshTokenConfig.persistence?.remove?.(refreshToken);
+            await this.refreshTokenConfig?.persistence?.remove?.(refreshToken);
             if (context) {
                 jwt_tools_1.JwtTools.clearDefaultJwtCookie(context);
                 jwt_tools_1.JwtTools.clearDefaultJwtHeader(context);

package/build/strategies/jwt/jwt.tools.js

@@ -88,6 +88,7 @@ class JwtTools {
         return context.req.cookies?.refreshToken;
     }
     static prepareAccessTokenConfig = (config) => {
+        const verifierOptions = config.verifier?.options ?? {};
         return Soap.removeUndefinedProperties({
             ...config,
             issuer: {
@@ -101,14 +102,15 @@ class JwtTools {
             verifier: {
                 ...config.verifier,
                 options: {
-                    ...config.verifier.options,
-                    algorithms: config.verifier.options.algorithms || ["HS256"],
-                    expiresIn: config.verifier.options.expiresIn || "1h",
+                    ...verifierOptions,
+                    algorithms: verifierOptions.algorithms || ["HS256"],
+                    expiresIn: verifierOptions.expiresIn || "1h",
                 },
             },
         });
     };
     static prepareRefreshTokenConfig = (config) => {
+        const verifierOptions = config.verifier?.options ?? {};
         return Soap.removeUndefinedProperties({
             ...config,
             issuer: {
@@ -122,9 +124,9 @@ class JwtTools {
             verifier: {
                 ...config.verifier,
                 options: {
-                    ...config.verifier.options,
-                    algorithms: config.verifier.options.algorithms || ["HS256"],
-                    expiresIn: config.verifier.options.expiresIn || "7d",
+                    ...verifierOptions,
+                    algorithms: verifierOptions.algorithms || ["HS256"],
+                    expiresIn: verifierOptions.expiresIn || "7d",
                 },
             },
         });
@@ -189,6 +191,14 @@ exports.JwtTools = JwtTools;
 const prepareJwtConfig = (config) => {
     return Soap.removeUndefinedProperties({
         ...config,
+        user: {
+            ...config.user,
+            validateUser: config.user?.validateUser ?? (() => Promise.resolve(true)),
+        },
+        accessToken: JwtTools.prepareAccessTokenConfig(config.accessToken),
+        refreshToken: config.refreshToken
+            ? JwtTools.prepareRefreshTokenConfig(config.refreshToken)
+            : undefined,
         routes: {
             login: config.routes?.login ?? {
                 path: "/auth/jwt/login",
@@ -203,14 +213,6 @@ const prepareJwtConfig = (config) => {
                 method: "POST",
             },
             ...config.routes,
-            user: {
-                ...config.user,
-                validateUser: config.user?.validateUser ?? (() => Promise.resolve(true)),
-            },
-            accessToken: JwtTools.prepareAccessTokenConfig(config.accessToken),
-            refreshToken: config.refreshToken
-                ? JwtTools.prepareRefreshTokenConfig(config.refreshToken)
-                : undefined,
         },
     });
 };

package/build/strategies/local/local.strategy.d.ts

@@ -3,18 +3,21 @@ import { CredentialAuthStrategy } from "../credential-auth.strategy";
 import { LocalStrategyConfig } from "./local.types";
 import { SessionHandler } from "../../session/session-handler";
 import { JwtStrategy } from "../jwt/jwt.strategy";
-export declare class LocalStrategy<TContext = unknown, TUser = unknown> extends CredentialAuthStrategy<TContext, TUser> {
+export declare class LocalStrategy<TContext = Soap.HttpContext, TUser extends Soap.AuthUser = Soap.AuthUser> extends CredentialAuthStrategy<TContext, TUser> {
     protected session?: SessionHandler;
     protected jwt?: JwtStrategy<TContext, TUser>;
     protected logger?: Soap.Logger;
+    readonly name = "local";
     constructor(config: LocalStrategyConfig<TContext, TUser>, session?: SessionHandler, jwt?: JwtStrategy<TContext, TUser>, logger?: Soap.Logger);
+    private static validateConfig;
     protected extractCredentials(context?: TContext): Promise<{
         identifier: string;
         password: string;
     }>;
     protected verifyCredentials(identifier: string, password: string): Promise<boolean>;
-    protected fetchUser(credentials: {
+    protected fetchUser(identifierOrCredentials: string | {
         identifier: string;
-        password: string;
+        password?: string;
     }): Promise<TUser | null>;
+    changePassword(context: TContext): Promise<void>;
 }