@travetto/auth-web 7.1.3 → 8.0.0-alpha.0

package/README.md

@@ -52,7 +52,7 @@ export interface Authenticator<T = unknown, C = unknown, P extends Principal = P
    *
    * @returns Valid principal if authenticated
    * @returns undefined if authentication is valid, but incomplete (multi-step)
-   * @throws AppError if authentication fails
+   * @throws Error if authentication fails
    */
   authenticate(payload: T, context?: C): Promise<P | undefined> | P | undefined;
 }
@@ -123,7 +123,7 @@ import type { Jwt, Verifier, SupportedAlgorithms } from 'njwt';
 import { type AuthContext, AuthenticationError, type AuthToken, type Principal } from '@travetto/auth';
 import { Injectable, Inject } from '@travetto/di';
 import { type WebResponse, type WebRequest, type WebAsyncContext, CookieJar } from '@travetto/web';
-import { AppError, castTo, TimeUtil } from '@travetto/runtime';
+import { RuntimeError, castTo, TimeUtil } from '@travetto/runtime';
 
 import { CommonPrincipalCodecSymbol, type PrincipalCodec } from './types.ts';
 import type { WebAuthConfig } from './config.ts';
@@ -186,13 +186,13 @@ export class JWTPrincipalCodec implements PrincipalCodec {
   async create(value: Principal, keyId: string = 'default'): Promise<string> {
     const entry = this.config.keyMap[keyId];
     if (!entry) {
-      throw new AppError('Requested unknown key for signing');
+      throw new RuntimeError('Requested unknown key for signing');
     }
     // Weird issue with their ES module support
     const { default: { create } } = await import('njwt');
     const jwt = create({}, '-')
       .setExpiration(value.expiresAt!)
-      .setIssuedAt(TimeUtil.asSeconds(value.issuedAt!))
+      .setIssuedAt(TimeUtil.duration((value.issuedAt ?? new Date()).getTime(), 's'))
       .setClaim('core', castTo({ ...value }))
       .setIssuer(value.issuer!)
       .setJti(value.sessionId!)
@@ -225,7 +225,7 @@ A trivial/sample custom [PrincipalCodec](https://github.com/travetto/travetto/tr
 import type { Principal } from '@travetto/auth';
 import type { PrincipalCodec } from '@travetto/auth-web';
 import { Injectable } from '@travetto/di';
-import { BinaryUtil } from '@travetto/runtime';
+import { BinaryMetadataUtil } from '@travetto/runtime';
 import type { WebResponse, WebRequest } from '@travetto/web';
 
 @Injectable()
@@ -234,7 +234,7 @@ export class CustomCodec implements PrincipalCodec {
 
   decode(request: WebRequest): Promise<Principal | undefined> | Principal | undefined {
     const [userId, sig] = request.headers.get('USER_ID')?.split(':') ?? [];
-    if (userId && sig === BinaryUtil.hash(userId + this.secret)) {
+    if (userId && sig === BinaryMetadataUtil.hash(userId + this.secret)) {
       let principal: Principal | undefined;
       // Lookup user from db, remote system, etc.,
       return principal;
@@ -243,7 +243,7 @@ export class CustomCodec implements PrincipalCodec {
   }
   encode(response: WebResponse, data: Principal | undefined): WebResponse {
     if (data) {
-      response.headers.set('USER_ID', `${data.id}:${BinaryUtil.hash(data.id + this.secret)}`);
+      response.headers.set('USER_ID', `${data.id}:${BinaryMetadataUtil.hash(data.id + this.secret)}`);
     }
     return response;
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@travetto/auth-web",
-  "version": "7.1.3",
+  "version": "8.0.0-alpha.0",
   "type": "module",
   "description": "Web authentication integration support for the Travetto framework",
   "keywords": [
@@ -27,13 +27,13 @@
     "directory": "module/auth-web"
   },
   "dependencies": {
-    "@travetto/auth": "^7.1.3",
-    "@travetto/config": "^7.1.3",
-    "@travetto/web": "^7.1.3",
+    "@travetto/auth": "^8.0.0-alpha.0",
+    "@travetto/config": "^8.0.0-alpha.0",
+    "@travetto/web": "^8.0.0-alpha.0",
     "njwt": "^2.0.1"
   },
   "peerDependencies": {
-    "@travetto/test": "^7.1.3"
+    "@travetto/test": "^8.0.0-alpha.0"
   },
   "peerDependenciesMeta": {
     "@travetto/test": {

package/src/codec.ts

@@ -3,7 +3,7 @@ import type { Jwt, Verifier, SupportedAlgorithms } from 'njwt';
 import { type AuthContext, AuthenticationError, type AuthToken, type Principal } from '@travetto/auth';
 import { Injectable, Inject } from '@travetto/di';
 import { type WebResponse, type WebRequest, type WebAsyncContext, CookieJar } from '@travetto/web';
-import { AppError, castTo, TimeUtil } from '@travetto/runtime';
+import { RuntimeError, castTo, TimeUtil } from '@travetto/runtime';
 
 import { CommonPrincipalCodecSymbol, type PrincipalCodec } from './types.ts';
 import type { WebAuthConfig } from './config.ts';
@@ -66,13 +66,13 @@ export class JWTPrincipalCodec implements PrincipalCodec {
   async create(value: Principal, keyId: string = 'default'): Promise<string> {
     const entry = this.config.keyMap[keyId];
     if (!entry) {
-      throw new AppError('Requested unknown key for signing');
+      throw new RuntimeError('Requested unknown key for signing');
     }
     // Weird issue with their ES module support
     const { default: { create } } = await import('njwt');
     const jwt = create({}, '-')
       .setExpiration(value.expiresAt!)
-      .setIssuedAt(TimeUtil.asSeconds(value.issuedAt!))
+      .setIssuedAt(TimeUtil.duration((value.issuedAt ?? new Date()).getTime(), 's'))
       .setClaim('core', castTo({ ...value }))
       .setIssuer(value.issuer!)
       .setJti(value.sessionId!)

package/src/config.ts

@@ -1,5 +1,5 @@
 import { Config } from '@travetto/config';
-import { Runtime, AppError, BinaryUtil } from '@travetto/runtime';
+import { Runtime, RuntimeError, BinaryMetadataUtil } from '@travetto/runtime';
 import { Ignore, Secret } from '@travetto/schema';
 
 type KeyEntry = { key: string, id: string };
@@ -19,11 +19,11 @@ export class WebAuthConfig {
 
   postConstruct(): void {
     if (!this.signingKey && Runtime.production) {
-      throw new AppError('The default signing key is only valid for development use, please specify a config value at web.auth.signingKey');
+      throw new RuntimeError('The default signing key is only valid for development use, please specify a config value at web.auth.signingKey');
     }
     this.signingKey ??= 'dummy';
 
-    const all = [this.signingKey].flat().map(key => ({ key, id: BinaryUtil.hash(key, 8) }));
+    const all = [this.signingKey].flat().map(key => ({ key, id: BinaryMetadataUtil.hash(key, { length: 8 }) }));
     this.keyMap = Object.fromEntries(all.map(entry => [entry.id, entry]));
     this.keyMap.default = all[0];
   }

package/src/interceptors/verify.ts

@@ -1,4 +1,4 @@
-import { AppError, Util } from '@travetto/runtime';
+import { RuntimeError, Util } from '@travetto/runtime';
 import type { WebInterceptor, WebInterceptorCategory, WebChainedContext, WebResponse, WebInterceptorContext } from '@travetto/web';
 import { Injectable, Inject } from '@travetto/di';
 import { Config } from '@travetto/config';
@@ -72,7 +72,7 @@ export class AuthVerifyInterceptor implements WebInterceptor<WebAuthVerifyConfig
         if (!principal) {
           throw new AuthenticationError('User is unauthenticated');
         } else if (!config.matcher(new Set(principal.permissions))) {
-          throw new AppError('Access denied', { category: 'permissions' });
+          throw new RuntimeError('Access denied', { category: 'permissions' });
         }
         break;
       }

package/support/test/server.ts

@@ -89,16 +89,20 @@ export abstract class AuthWebServerSuite extends BaseWebSuite {
   @Inject()
   config: WebAuthConfig;
 
-  getCookie(headers: WebHeaders): Cookie | undefined {
-    return new CookieJar().importSetCookieHeader(headers.getSetCookie()).getAll()[0];
+  async getCookie(headers: WebHeaders): Promise<Cookie | undefined> {
+    const jar = new CookieJar();
+    await jar.importSetCookieHeader(headers.getSetCookie());
+    return jar.getAll()[0];
   }
 
-  getCookieHeader(headers: WebHeaders): string | undefined {
-    return new CookieJar().importSetCookieHeader(headers.getSetCookie()).exportCookieHeader();
+  async getCookieHeader(headers: WebHeaders): Promise<string | undefined> {
+    const jar = new CookieJar();
+    await jar.importSetCookieHeader(headers.getSetCookie());
+    return jar.exportCookieHeader();
   }
 
-  getCookieExpires(headers: WebHeaders): Date | undefined {
-    const v = this.getCookie(headers)?.expires;
+  async getCookieExpires(headers: WebHeaders): Promise<Date | undefined> {
+    const v = (await this.getCookie(headers))?.expires;
     return v ? new Date(v) : undefined;
   }
 
@@ -151,7 +155,7 @@ export abstract class AuthWebServerSuite extends BaseWebSuite {
       }
     }, false);
     assert(statusCode === 201);
-    const cookie = this.getCookieHeader(headers);
+    const cookie = await this.getCookieHeader(headers);
     assert(cookie);
 
     const { context: { httpStatusCode: lastStatus } } = await this.request({
@@ -222,7 +226,7 @@ export abstract class AuthWebServerSuite extends BaseWebSuite {
       }
     }, false);
     assert(statusCode === 201);
-    const cookie = this.getCookieHeader(headers);
+    const cookie = await this.getCookieHeader(headers);
     assert(cookie);
 
     const { body, context: { httpStatusCode: lastStatus } } = await this.request({
@@ -250,17 +254,17 @@ export abstract class AuthWebServerSuite extends BaseWebSuite {
     assert(statusCode === 201);
 
     const start = Date.now();
-    const cookie = this.getCookieHeader(headers);
+    const cookie = await this.getCookieHeader(headers);
     assert(cookie);
 
-    const expires = this.getCookieExpires(headers);
+    const expires = await this.getCookieExpires(headers);
     assert(expires);
 
     const { headers: selfHeaders, context: { httpStatusCode: lastStatus } } = await this.request({
       context: { httpMethod: 'GET', path: '/test/auth/self' },
       headers: { cookie }
     }, false);
-    assert(this.getCookie(selfHeaders) === undefined);
+    assert(await this.getCookie(selfHeaders) === undefined);
     assert(lastStatus === 200);
 
     const used = (Date.now() - start);
@@ -272,9 +276,9 @@ export abstract class AuthWebServerSuite extends BaseWebSuite {
       headers: { cookie }
     }, false);
     assert(lastStatus2 === 200);
-    assert(this.getCookie(selfHeadersRenew));
+    assert(await this.getCookie(selfHeadersRenew));
 
-    const expiresRenew = this.getCookieExpires(selfHeadersRenew);
+    const expiresRenew = await this.getCookieExpires(selfHeadersRenew);
     assert(expiresRenew);
 
     const delta = expiresRenew.getTime() - expires.getTime();