@technomoron/apicore-server 1.0.0-beta.1

package/dist/esm/token/memory.d.ts

@@ -0,0 +1,29 @@
+import { TokenStore } from './base.js';
+import type { Token } from './types.js';
+export interface MemoryTokenStoreOptions {
+    maxTokens?: number;
+}
+export declare class MemoryTokenStore extends TokenStore {
+    private readonly tokens;
+    private readonly tokensByUser;
+    private readonly maxTokens?;
+    constructor(options?: MemoryTokenStoreOptions);
+    private indexToken;
+    private unindexToken;
+    private removeByRefreshToken;
+    save(record: Token): Promise<void>;
+    get(query: Partial<Token>, opts?: {
+        includeExpired?: boolean;
+    }): Promise<Token | null>;
+    delete(query: Partial<Token>): Promise<number>;
+    update(params: Partial<Token> & {
+        refreshToken: string;
+    }): Promise<boolean>;
+    list(userId: string | number, opts?: {
+        limit?: number;
+        offset?: number;
+        includeExpired?: boolean;
+    }): Promise<Token[]>;
+    close(): Promise<void>;
+    private enforceCapacity;
+}

package/dist/esm/token/memory.js

@@ -0,0 +1,230 @@
+import { TokenStore } from './base.js';
+function comparableUserId(value) {
+    if (value === undefined) {
+        return undefined;
+    }
+    return String(value);
+}
+function cloneToken(record) {
+    return {
+        ...record,
+        scope: record.scope ? [...record.scope] : undefined,
+        expires: record.expires ? new Date(record.expires) : undefined,
+        issuedAt: record.issuedAt ? new Date(record.issuedAt) : undefined,
+        lastSeenAt: record.lastSeenAt ? new Date(record.lastSeenAt) : undefined
+    };
+}
+function matchesQuery(record, query, includeExpired) {
+    if (query.refreshToken !== undefined && record.refreshToken !== query.refreshToken) {
+        return false;
+    }
+    if (query.accessToken !== undefined && record.accessToken !== query.accessToken) {
+        return false;
+    }
+    if (query.userId !== undefined && comparableUserId(record.userId) !== comparableUserId(query.userId)) {
+        return false;
+    }
+    if (query.clientId !== undefined && record.clientId !== query.clientId) {
+        return false;
+    }
+    if (query.domain !== undefined && (record.domain ?? '') !== (query.domain ?? '')) {
+        return false;
+    }
+    if (query.fingerprint !== undefined && (record.fingerprint ?? '') !== (query.fingerprint ?? '')) {
+        return false;
+    }
+    if (query.loginType !== undefined && record.loginType !== (query.loginType ?? undefined)) {
+        return false;
+    }
+    if (query.label !== undefined && record.label !== query.label) {
+        return false;
+    }
+    if (!includeExpired) {
+        const expiresTime = record.expires ? record.expires.getTime() : Infinity;
+        if (expiresTime < Date.now()) {
+            return false;
+        }
+    }
+    return true;
+}
+export class MemoryTokenStore extends TokenStore {
+    constructor(options = {}) {
+        super();
+        this.tokens = new Map();
+        this.tokensByUser = new Map();
+        this.maxTokens =
+            typeof options.maxTokens === 'number' && Number.isFinite(options.maxTokens) && options.maxTokens > 0
+                ? Math.floor(options.maxTokens)
+                : undefined;
+    }
+    indexToken(token) {
+        const userId = comparableUserId(token.userId);
+        if (!userId) {
+            return;
+        }
+        let userTokens = this.tokensByUser.get(userId);
+        if (!userTokens) {
+            userTokens = new Set();
+            this.tokensByUser.set(userId, userTokens);
+        }
+        userTokens.add(token.refreshToken);
+    }
+    unindexToken(token) {
+        const userId = comparableUserId(token.userId);
+        if (!userId) {
+            return;
+        }
+        const userTokens = this.tokensByUser.get(userId);
+        if (!userTokens) {
+            return;
+        }
+        userTokens.delete(token.refreshToken);
+        if (userTokens.size === 0) {
+            this.tokensByUser.delete(userId);
+        }
+    }
+    removeByRefreshToken(refreshToken) {
+        const existing = this.tokens.get(refreshToken);
+        if (!existing) {
+            return;
+        }
+        this.unindexToken(existing);
+        this.tokens.delete(refreshToken);
+    }
+    async save(record) {
+        const stored = this.normalizeToken(record);
+        const normalizedUserId = comparableUserId(stored.userId);
+        if (!normalizedUserId) {
+            throw new Error('userId is required');
+        }
+        const domainProvided = record.domain !== undefined;
+        const fingerprintProvided = record.fingerprint !== undefined;
+        const userRefreshTokens = [...(this.tokensByUser.get(normalizedUserId) ?? [])];
+        for (const refreshToken of userRefreshTokens) {
+            const existing = this.tokens.get(refreshToken);
+            if (!existing) {
+                continue;
+            }
+            if (comparableUserId(existing.userId) !== normalizedUserId) {
+                continue;
+            }
+            if (record.clientId && existing.clientId !== record.clientId) {
+                continue;
+            }
+            if (domainProvided && existing.domain !== stored.domain) {
+                continue;
+            }
+            if (fingerprintProvided && existing.fingerprint !== stored.fingerprint) {
+                continue;
+            }
+            this.removeByRefreshToken(existing.refreshToken);
+        }
+        this.removeByRefreshToken(stored.refreshToken);
+        this.tokens.set(stored.refreshToken, stored);
+        this.indexToken(stored);
+        this.enforceCapacity();
+    }
+    async get(query, opts) {
+        if (!query.refreshToken && !query.accessToken && query.userId === undefined) {
+            throw new Error('At least one token lookup field must be provided');
+        }
+        const includeExpired = opts?.includeExpired ?? false;
+        if (query.refreshToken) {
+            const record = this.tokens.get(query.refreshToken);
+            return record && matchesQuery(record, query, includeExpired) ? cloneToken(record) : null;
+        }
+        for (const token of this.tokens.values()) {
+            if (matchesQuery(token, query, includeExpired)) {
+                return cloneToken(token);
+            }
+        }
+        return null;
+    }
+    async delete(query) {
+        if (!query.refreshToken && !query.accessToken && query.userId === undefined && !query.clientId) {
+            return 0;
+        }
+        let removed = 0;
+        const refreshTokens = [...this.tokens.keys()];
+        for (const refreshToken of refreshTokens) {
+            const token = this.tokens.get(refreshToken);
+            if (token && matchesQuery(token, query, true)) {
+                this.removeByRefreshToken(refreshToken);
+                removed += 1;
+            }
+        }
+        return removed;
+    }
+    async update(params) {
+        const token = this.tokens.get(params.refreshToken);
+        if (!token) {
+            return false;
+        }
+        if (params.clientId && token.clientId !== params.clientId) {
+            return false;
+        }
+        const merged = { ...token };
+        const maybeAssign = (key) => {
+            const value = params[key];
+            if (value !== undefined && value !== null) {
+                merged[key] = value;
+            }
+        };
+        maybeAssign('accessToken');
+        maybeAssign('expires');
+        maybeAssign('issuedAt');
+        maybeAssign('lastSeenAt');
+        maybeAssign('scope');
+        maybeAssign('label');
+        maybeAssign('domain');
+        maybeAssign('fingerprint');
+        maybeAssign('browser');
+        maybeAssign('device');
+        maybeAssign('ip');
+        maybeAssign('os');
+        maybeAssign('refreshTtlSeconds');
+        maybeAssign('loginType');
+        maybeAssign('sessionCookie');
+        const normalized = this.normalizeToken(merged);
+        const previousUserId = token.userId;
+        const previousRefreshToken = token.refreshToken;
+        const userChanged = comparableUserId(previousUserId) !== comparableUserId(normalized.userId);
+        Object.assign(token, normalized);
+        if (userChanged || previousRefreshToken !== token.refreshToken) {
+            this.unindexToken({ ...token, userId: previousUserId, refreshToken: previousRefreshToken });
+            this.indexToken(token);
+            if (previousRefreshToken !== token.refreshToken) {
+                this.tokens.delete(previousRefreshToken);
+                this.tokens.set(token.refreshToken, token);
+            }
+        }
+        return true;
+    }
+    async list(userId, opts = {}) {
+        const includeExpired = opts.includeExpired ?? false;
+        const normalizedUserId = comparableUserId(userId);
+        const userRefreshTokens = normalizedUserId ? [...(this.tokensByUser.get(normalizedUserId) ?? [])] : [];
+        const filtered = userRefreshTokens
+            .map((refreshToken) => this.tokens.get(refreshToken))
+            .filter((token) => Boolean(token))
+            .filter((token) => matchesQuery(token, { userId: normalizedUserId }, includeExpired));
+        const offset = opts.offset ?? 0;
+        const limit = opts.limit ?? filtered.length;
+        return filtered.slice(offset, offset + limit).map(cloneToken);
+    }
+    async close() {
+        return;
+    }
+    enforceCapacity() {
+        if (!this.maxTokens) {
+            return;
+        }
+        while (this.tokens.size > this.maxTokens) {
+            const oldestRefresh = this.tokens.keys().next().value;
+            if (!oldestRefresh) {
+                return;
+            }
+            this.removeByRefreshToken(oldestRefresh);
+        }
+    }
+}

package/dist/esm/token/sequelize.d.ts

@@ -0,0 +1,58 @@
+import { CreationOptional, Model, type InferAttributes, type InferCreationAttributes, type ModelStatic, type Sequelize } from 'sequelize';
+import { TokenStore } from './base.js';
+import type { Token } from './types.js';
+declare class TokenModel extends Model<InferAttributes<TokenModel>, InferCreationAttributes<TokenModel>> implements InferAttributes<TokenModel> {
+    token_id: CreationOptional<number>;
+    user_id: string;
+    real_user_id: CreationOptional<string | null>;
+    expires: Date;
+    issued_at: CreationOptional<Date>;
+    last_seen_at: CreationOptional<Date>;
+    access: string;
+    refresh: string;
+    domain: CreationOptional<string>;
+    fingerprint: CreationOptional<string>;
+    label: CreationOptional<string>;
+    browser: CreationOptional<string>;
+    device: CreationOptional<string>;
+    ip: CreationOptional<string>;
+    os: CreationOptional<string>;
+    client_id: CreationOptional<string | null>;
+    scope: CreationOptional<string>;
+    login_type: CreationOptional<string>;
+    refresh_ttl_seconds: CreationOptional<number | null>;
+    session_cookie: CreationOptional<boolean>;
+}
+export type TokenAttributes = InferAttributes<TokenModel>;
+export type TokenCreationAttributes = InferCreationAttributes<TokenModel>;
+export interface SequelizeTokenStoreOptions {
+    sequelize: Sequelize;
+    tablePrefix?: string;
+    tokenModel?: ModelStatic<TokenModel>;
+    tokenModelFactory?: (sequelize: Sequelize, options?: {
+        tablePrefix?: string;
+    }) => ModelStatic<TokenModel>;
+}
+export declare class SequelizeTokenStore extends TokenStore {
+    readonly Tokens: ModelStatic<TokenModel>;
+    constructor(options: SequelizeTokenStoreOptions);
+    save(record: Token): Promise<void>;
+    get(query: Partial<Token>, opts?: {
+        includeExpired?: boolean;
+    }): Promise<Token | null>;
+    delete(query: Partial<Token>): Promise<number>;
+    update(params: Partial<Token> & {
+        refreshToken: string;
+    }): Promise<boolean>;
+    list(userId: string | number, opts?: {
+        limit?: number;
+        offset?: number;
+        includeExpired?: boolean;
+    }): Promise<Token[]>;
+    close(): Promise<void>;
+    private normalizeUserId;
+    private resolveRealUserId;
+    private encodeScope;
+    private toTokenRecord;
+}
+export {};