@travetto/auth-model 7.1.4 → 8.0.0-alpha.0

package/README.md

@@ -132,7 +132,7 @@ class AuthConfig {
 
 **Code: Sample usage**
 ```typescript
-import { AppError } from '@travetto/runtime';
+import { RuntimeError } from '@travetto/runtime';
 import { Injectable, Inject } from '@travetto/di';
 import type { ModelAuthService } from '@travetto/auth-model';
 
@@ -148,7 +148,7 @@ class UserService {
     try {
       return await this.auth.authenticate(identity);
     } catch (error) {
-      if (error instanceof AppError && error.category === 'notfound') {
+      if (error instanceof RuntimeError && error.category === 'notfound') {
         return await this.auth.register(identity);
       } else {
         throw error;
@@ -159,7 +159,7 @@ class UserService {
 ```
 
 ## Common Utilities
-The [AuthModelUtil](https://github.com/travetto/travetto/tree/main/module/auth-model/src/util.ts#L11) provides the following functionality:
+The [AuthModelUtil](https://github.com/travetto/travetto/tree/main/module/auth-model/src/util.ts#L6) provides the following functionality:
 
 **Code: Auth util structure**
 ```typescript
@@ -173,7 +173,7 @@ export class AuthModelUtil {
    * @param keylen Length of hash
    * @param digest Digest method
    */
-  static generateHash(value: string, salt: string, iterations = 25000, keylen = 256, digest = 'sha256'): Promise<string>;
+  static async generateHash(value: string, salt: string, iterations = 25000, keylen = 256, digest = 'SHA-256'): Promise<string>;
   /**
    * Generate a salted password, with the ability to validate the password
    *

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@travetto/auth-model",
-  "version": "7.1.4",
+  "version": "8.0.0-alpha.0",
   "type": "module",
   "description": "Authentication model support for the Travetto framework",
   "keywords": [
@@ -26,11 +26,11 @@
     "directory": "module/auth-model"
   },
   "dependencies": {
-    "@travetto/auth": "^7.1.4",
-    "@travetto/model": "^7.1.4"
+    "@travetto/auth": "^8.0.0-alpha.0",
+    "@travetto/model": "^8.0.0-alpha.0"
   },
   "peerDependencies": {
-    "@travetto/test": "^7.1.4"
+    "@travetto/test": "^8.0.0-alpha.0"
   },
   "peerDependenciesMeta": {
     "@travetto/test": {

package/src/model.ts

@@ -153,10 +153,10 @@ export class ModelAuthService<T extends ModelType> implements Authenticator<T>,
   async generateResetToken(userId: string): Promise<RegisteredPrincipal> {
     const user = await this.#retrieve(userId);
     const identity = this.toPrincipal(user);
-    const salt = await Util.uuid();
+    const salt = Util.uuid();
 
     identity.resetToken = await AuthModelUtil.generateHash(Util.uuid(), salt, 25000, 32);
-    identity.resetExpires = TimeUtil.fromNow(1, 'h');
+    identity.resetExpires = TimeUtil.fromNow('1h');
 
     const output: Partial<T> = { ...user, ...this.fromPrincipal(identity) };
     await this.#modelService.update(this.#cls, this.#cls.from(castTo(output)));

package/src/util.ts

@@ -1,9 +1,4 @@
-import crypto from 'node:crypto';
-import util from 'node:util';
-
-import { AppError, Util } from '@travetto/runtime';
-
-const pbkdf2 = util.promisify(crypto.pbkdf2);
+import { BinaryUtil, CodecUtil, RuntimeError, Util } from '@travetto/runtime';
 
 /**
  * Standard auth utilities
@@ -19,9 +14,27 @@ export class AuthModelUtil {
    * @param keylen Length of hash
    * @param digest Digest method
    */
-  static generateHash(value: string, salt: string, iterations = 25000, keylen = 256, digest = 'sha256'): Promise<string> {
-    const half = Math.trunc(Math.ceil(keylen / 2));
-    return pbkdf2(value, salt, iterations, half, digest).then(buffer => buffer.toString('hex').substring(0, keylen));
+  static async generateHash(value: string, salt: string, iterations = 25000, keylen = 256, digest = 'SHA-256'): Promise<string> {
+    const hashKey = await crypto.subtle.importKey(
+      'raw',
+      BinaryUtil.binaryArrayToBuffer(CodecUtil.fromUTF8String(value)),
+      { name: 'PBKDF2' },
+      false,
+      ['deriveBits']
+    );
+
+    const result = await crypto.subtle.deriveBits(
+      {
+        name: 'PBKDF2',
+        hash: { name: digest },
+        salt: BinaryUtil.binaryArrayToBuffer(CodecUtil.fromUTF8String(salt)),
+        iterations,
+      },
+      hashKey,
+      keylen * 8
+    );
+
+    return BinaryUtil.binaryArrayToUint8Array(result).toHex().substring(0, keylen);
   }
 
   /**
@@ -33,7 +46,7 @@ export class AuthModelUtil {
    */
   static async generatePassword(password: string, salt: number | string = 32): Promise<{ salt: string, hash: string }> {
     if (!password) {
-      throw new AppError('Password is required', { category: 'data' });
+      throw new RuntimeError('Password is required', { category: 'data' });
     }
 
     salt = typeof salt === 'number' ? Util.uuid(salt) : salt;

package/support/test/model.ts

@@ -1,6 +1,6 @@
 import assert from 'node:assert';
 
-import { AppError, castTo, type Class } from '@travetto/runtime';
+import { RuntimeError, castTo, type Class } from '@travetto/runtime';
 import { Suite, Test } from '@travetto/test';
 import { Inject, InjectableFactory } from '@travetto/di';
 import { type ModelCrudSupport, Model, Transient } from '@travetto/model';
@@ -76,7 +76,7 @@ export abstract class AuthModelServiceSuite {
       await this.authService.authenticate(pre);
       assert.fail('Should not have gotten here');
     } catch (err) {
-      if (err instanceof AppError && err.category === 'notfound') {
+      if (err instanceof RuntimeError && err.category === 'notfound') {
         const user = await this.authService.register(pre);
         assert.ok(user.hash);
         assert.ok(user.id);