npm - @travetto/auth-model - Versions diffs - 5.0.17 → 5.1.0 - Mend

@travetto/auth-model 5.0.17 → 5.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -37,7 +37,7 @@ Currently, the following are packages that provide [CRUD](https://github.com/tra
    *  [SQLite Model Service](https://github.com/travetto/travetto/tree/main/module/model-sqlite#readme "SQLite backing for the travetto model module, with real-time modeling support for SQL schemas.") - @travetto/model-sqlite
    *  [Memory Model Support](https://github.com/travetto/travetto/tree/main/module/model-memory#readme "Memory backing for the travetto model module.") - @travetto/model-memory
    *  [File Model Support](https://github.com/travetto/travetto/tree/main/module/model-file#readme "File system backing for the travetto model module.") - @travetto/model-file
-The module itself is fairly straightforward, and truly the only integration point for this module to work is defined at the model level.  The contract for authentication is established in code as providing translation to and from a [Registered Principal](https://github.com/travetto/travetto/tree/main/module/auth-model/src/model.ts#L9).
+The module itself is fairly straightforward, and truly the only integration point for this module to work is defined at the model level.  The contract for authentication is established in code as providing translation to and from a [Registered Principal](https://github.com/travetto/travetto/tree/main/module/auth-model/src/model.ts#L11).
 A registered principal extends the base concept of an principal, by adding in additional fields needed for local registration, specifically password management information.
@@ -92,7 +92,7 @@ Additionally, there exists a common practice of mapping various external securit
 **Code: Principal Source configuration**
 ```typescript
 import { InjectableFactory } from '@travetto/di';
-import { ModelAuthService, RegisteredPrincipal } from '@travetto/auth-model';
+import { ModelAuthService } from '@travetto/auth-model';
 import { ModelCrudSupport } from '@travetto/model';
 import { User } from './model';
@@ -103,10 +103,10 @@ class AuthConfig {
     return new ModelAuthService(
       svc,
       User,
-      (u: User) => ({    // This converts User to a RegisteredPrincipal
+      u => ({    // This converts User to a RegisteredPrincipal
         source: 'model',
         provider: 'model',
-        id: u.id,
+        id: u.id!,
         permissions: u.permissions,
         hash: u.hash,
         salt: u.salt,
@@ -115,7 +115,7 @@ class AuthConfig {
         password: u.password,
         details: u,
       }),
-      (u: Partial<RegisteredPrincipal>) => User.from(({   // This converts a RegisteredPrincipal to a User
+      u => User.from(({   // This converts a RegisteredPrincipal to a User
         id: u.id,
         permissions: [...(u.permissions || [])],
         hash: u.hash,
@@ -156,3 +156,37 @@ class UserService {
   }
 }
 ```
+## Common Utilities
+The [AuthModelUtil](https://github.com/travetto/travetto/tree/main/module/auth-model/src/util.ts#L11) provides the following functionality:
+**Code: Auth util structure**
+```typescript
+import crypto from 'node:crypto';
+import util from 'node:util';
+import { AppError, Util } from '@travetto/runtime';
+const pbkdf2 = util.promisify(crypto.pbkdf2);
+/**
+ * Standard auth utilities
+ */
+export class AuthModelUtil {
+  /**
+   * Generate a hash for a given value
+   *
+   * @param value Value to hash
+   * @param salt The salt value
+   * @param iterations Number of iterations on hashing
+   * @param keylen Length of hash
+   * @param digest Digest method
+   */
+  static generateHash(value: string, salt: string, iterations = 25000, keylen = 256, digest = 'sha256'): Promise<string>;
+  /**
+   * Generate a salted password, with the ability to validate the password
+   *
+   * @param password
+   * @param salt Salt value, or if a number, length of salt
+   * @param validator Optional function to validate your password
+   */
+  static async generatePassword(password: string, salt: number | string = 32): Promise<{ salt: string, hash: string }>;
+}
+```

package/__index__.ts CHANGED Viewed

@@ -1 +1,2 @@
-export * from './src/model';
+export * from './src/model';
+export * from './src/util';

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@travetto/auth-model",
-  "version": "5.0.17",
+  "version": "5.1.0",
   "description": "Authentication model support for the Travetto framework",
   "keywords": [
     "authentication",
@@ -25,11 +25,11 @@
     "directory": "module/auth-model"
   },
   "dependencies": {
-    "@travetto/auth": "^5.0.16",
-    "@travetto/model": "^5.0.17"
+    "@travetto/auth": "^5.1.0",
+    "@travetto/model": "^5.1.0"
   },
   "peerDependencies": {
-    "@travetto/test": "^5.0.18"
+    "@travetto/test": "^5.1.0"
   },
   "peerDependenciesMeta": {
     "@travetto/test": {

package/src/model.ts CHANGED Viewed

@@ -1,8 +1,10 @@
 import { Util, Class, TimeUtil, Runtime } from '@travetto/runtime';
 import { ModelCrudSupport, ModelType, NotFoundError, OptionalId } from '@travetto/model';
-import { AuthUtil, Principal, Authenticator, Authorizer, AuthenticationError } from '@travetto/auth';
+import { Principal, Authenticator, Authorizer, AuthenticationError } from '@travetto/auth';
 import { isStorageSupported } from '@travetto/model/src/internal/service/common';
+import { AuthModelUtil } from './util';
 /**
  * A set of registration data
  */
@@ -29,16 +31,20 @@ export interface RegisteredPrincipal extends Principal {
   password?: string;
 }
+type ToPrincipal<T extends ModelType> = (t: OptionalId<T>) => RegisteredPrincipal;
+type FromPrincipal<T extends ModelType> = (t: Partial<RegisteredPrincipal>) => Partial<T>;
 /**
  * A model-based auth service
  */
-export class ModelAuthService<T extends ModelType> implements
-  Authenticator<T, RegisteredPrincipal>,
-  Authorizer<RegisteredPrincipal> {
+export class ModelAuthService<T extends ModelType> implements Authenticator<T>, Authorizer {
   #modelService: ModelCrudSupport;
   #cls: Class<T>;
+  toPrincipal: ToPrincipal<T>;
+  fromPrincipal: FromPrincipal<T>;
   /**
    * Build a Model Principal Source
    *
@@ -49,11 +55,13 @@ export class ModelAuthService<T extends ModelType> implements
   constructor(
     modelService: ModelCrudSupport,
     cls: Class<T>,
-    public toPrincipal: (t: OptionalId<T>) => RegisteredPrincipal,
-    public fromPrincipal: (t: Partial<RegisteredPrincipal>) => Partial<T>,
+    toPrincipal: ToPrincipal<T>,
+    fromPrincipal: FromPrincipal<T>,
   ) {
     this.#modelService = modelService;
     this.#cls = cls;
+    this.toPrincipal = toPrincipal;
+    this.fromPrincipal = fromPrincipal;
   }
   /**
@@ -81,7 +89,7 @@ export class ModelAuthService<T extends ModelType> implements
   async #authenticate(userId: string, password: string): Promise<RegisteredPrincipal> {
     const ident = await this.#resolvePrincipal({ id: userId, details: {} });
-    const hash = await AuthUtil.generateHash(password, ident.salt!);
+    const hash = await AuthModelUtil.generateHash(password, ident.salt!);
     if (hash !== ident.hash) {
       throw new AuthenticationError('Invalid password');
     } else {
@@ -114,7 +122,7 @@ export class ModelAuthService<T extends ModelType> implements
       }
     }
-    const fields = await AuthUtil.generatePassword(ident.password!);
+    const fields = await AuthModelUtil.generatePassword(ident.password!);
     ident.password = undefined; // Clear it out on set
@@ -139,13 +147,13 @@ export class ModelAuthService<T extends ModelType> implements
         throw new AuthenticationError('Reset token has expired', { category: 'data' });
       }
     } else if (oldPassword !== undefined) {
-      const pw = await AuthUtil.generateHash(oldPassword, ident.salt!);
+      const pw = await AuthModelUtil.generateHash(oldPassword, ident.salt!);
       if (pw !== ident.hash) {
         throw new AuthenticationError('Old password is required to change');
       }
     }
-    const fields = await AuthUtil.generatePassword(password);
+    const fields = await AuthModelUtil.generatePassword(password);
     Object.assign(user, this.fromPrincipal(fields));
     return await this.#modelService.update(this.#cls, user);
@@ -160,7 +168,7 @@ export class ModelAuthService<T extends ModelType> implements
     const ident = this.toPrincipal(user);
     const salt = await Util.uuid();
-    ident.resetToken = await AuthUtil.generateHash(Util.uuid(), salt, 25000, 32);
+    ident.resetToken = await AuthModelUtil.generateHash(Util.uuid(), salt, 25000, 32);
     ident.resetExpires = TimeUtil.fromNow(1, 'h');
     Object.assign(user, this.fromPrincipal(ident));

package/src/util.ts ADDED Viewed

@@ -0,0 +1,44 @@
+import crypto from 'node:crypto';
+import util from 'node:util';
+import { AppError, Util } from '@travetto/runtime';
+const pbkdf2 = util.promisify(crypto.pbkdf2);
+/**
+ * Standard auth utilities
+ */
+export class AuthModelUtil {
+  /**
+   * Generate a hash for a given value
+   *
+   * @param value Value to hash
+   * @param salt The salt value
+   * @param iterations Number of iterations on hashing
+   * @param keylen Length of hash
+   * @param digest Digest method
+   */
+  static generateHash(value: string, salt: string, iterations = 25000, keylen = 256, digest = 'sha256'): Promise<string> {
+    const half = Math.trunc(Math.ceil(keylen / 2));
+    return pbkdf2(value, salt, iterations, half, digest).then(x => x.toString('hex').substring(0, keylen));
+  }
+  /**
+   * Generate a salted password, with the ability to validate the password
+   *
+   * @param password
+   * @param salt Salt value, or if a number, length of salt
+   * @param validator Optional function to validate your password
+   */
+  static async generatePassword(password: string, salt: number | string = 32): Promise<{ salt: string, hash: string }> {
+    if (!password) {
+      throw new AppError('Password is required', { category: 'data' });
+    }
+    salt = typeof salt === 'number' ? Util.uuid(salt) : salt;
+    const hash = await this.generateHash(password, salt);
+    return { salt, hash };
+  }
+}

package/LICENSE DELETED Viewed

@@ -1,21 +0,0 @@
-MIT License
-Copyright (c) 2020 ArcSine Technologies
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.