@tstdl/base 0.82.6 → 0.82.7

package/authentication/client/module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"module.js","sourceRoot":"","sources":["../../../source/authentication/client/module.ts"],"names":[],"mappings":";;;AACA,+CAAwC;AAExC,yDAAgD;AAEhD,qCAAkF;AAOlF,SAAgB,6BAA6B,CAAC,SAA8C,EAAE;IAC5F,IAAI,IAAA,uBAAS,EAAC,MAAM,CAAC,uBAAuB,CAAC,EAAE;QAC7C,qBAAS,CAAC,iBAAiB,CAAC,kCAAyB,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,uBAAuB,EAAE,CAAC,CAAC;KACtG;IAED,IAAI,IAAA,uBAAS,EAAC,MAAM,CAAC,yBAAyB,CAAC,EAAE;QAC/C,qBAAS,CAAC,QAAQ,CAAC,oCAA2B,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,yBAAyB,EAAE,CAAC,CAAC;KACjG;AACH,CAAC;AARD,sEAQC"}

package/authentication/client/tokens.d.ts

@@ -0,0 +1,4 @@
+import type { ApiClient } from "../../api/client";
+import type { AuthenticationApiDefinition } from '../authentication.api';
+export declare const AUTHENTICATION_API_CLIENT: import("../../container").InjectionToken<ApiClient<AuthenticationApiDefinition<any, any>>, any>;
+export declare const INITIAL_AUTHENTICATION_DATA: import("../../container").InjectionToken<unknown, any>;

package/authentication/client/tokens.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.INITIAL_AUTHENTICATION_DATA = exports.AUTHENTICATION_API_CLIENT = void 0;
+const container_1 = require("../../container");
+exports.AUTHENTICATION_API_CLIENT = (0, container_1.injectionToken)('AUTHENTICATION_API_CLIENT');
+exports.INITIAL_AUTHENTICATION_DATA = (0, container_1.injectionToken)('INITIAL_AUTHENTICATION_DATA');
+//# sourceMappingURL=tokens.js.map

package/authentication/client/tokens.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens.js","sourceRoot":"","sources":["../../../source/authentication/client/tokens.ts"],"names":[],"mappings":";;;AACA,+CAA6C;AAGhC,QAAA,yBAAyB,GAAG,IAAA,0BAAc,EAAmD,2BAA2B,CAAC,CAAC;AAE1H,QAAA,2BAA2B,GAAG,IAAA,0BAAc,EAAC,6BAA6B,CAAC,CAAC"}

package/authentication/models/authentication-session.model.d.ts

@@ -5,7 +5,6 @@ export declare class AuthenticationSession {
     begin: number;
     /** timestamp */
     end: number;
-    tokenId: string;
     refreshTokenHashVersion: number;
     refreshTokenSalt: Uint8Array;
     refreshTokenHash: Uint8Array;
@@ -14,7 +13,6 @@ export declare class NewAuthenticationSession {
     subject: string;
     begin: number;
     end: number;
-    tokenId: string;
     refreshTokenHashVersion: number;
     refreshTokenSalt: Uint8Array;
     refreshTokenHash: Uint8Array;

package/authentication/models/authentication-session.model.js

@@ -18,7 +18,6 @@ class AuthenticationSession {
     begin;
     /** timestamp */
     end;
-    tokenId;
     refreshTokenHashVersion;
     refreshTokenSalt;
     refreshTokenHash;
@@ -39,10 +38,6 @@ __decorate([
     (0, schema_1.Property)(),
     __metadata("design:type", Number)
 ], AuthenticationSession.prototype, "end", void 0);
-__decorate([
-    (0, schema_1.Property)(),
-    __metadata("design:type", String)
-], AuthenticationSession.prototype, "tokenId", void 0);
 __decorate([
     (0, schema_1.Property)(),
     __metadata("design:type", Number)
@@ -60,7 +55,6 @@ class NewAuthenticationSession {
     subject;
     begin;
     end;
-    tokenId;
     refreshTokenHashVersion;
     refreshTokenSalt;
     refreshTokenHash;
@@ -77,10 +71,6 @@ __decorate([
     (0, schema_1.Property)(),
     __metadata("design:type", Number)
 ], NewAuthenticationSession.prototype, "end", void 0);
-__decorate([
-    (0, schema_1.Property)(),
-    __metadata("design:type", String)
-], NewAuthenticationSession.prototype, "tokenId", void 0);
 __decorate([
     (0, schema_1.Property)(),
     __metadata("design:type", Number)

package/authentication/models/authentication-session.model.js.map

@@ -1 +1 @@
-{"version":3,"file":"authentication-session.model.js","sourceRoot":"","sources":["../../../source/authentication/models/authentication-session.model.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCAAoC;AAEpC,MAAa,qBAAqB;IAEhC,EAAE,CAAS;IAGX,OAAO,CAAS;IAEhB,gBAAgB;IAEhB,KAAK,CAAS;IAEd,gBAAgB;IAEhB,GAAG,CAAS;IAGZ,OAAO,CAAS;IAGhB,uBAAuB,CAAS;IAGhC,gBAAgB,CAAa;IAG7B,gBAAgB,CAAa;CAC9B;AAzBC;IAAC,IAAA,iBAAQ,GAAE;;iDACA;AAEX;IAAC,IAAA,iBAAQ,GAAE;;sDACK;AAGhB;IAAC,IAAA,iBAAQ,GAAE;;oDACG;AAGd;IAAC,IAAA,iBAAQ,GAAE;;kDACC;AAEZ;IAAC,IAAA,iBAAQ,GAAE;;sDACK;AAEhB;IAAC,IAAA,iBAAQ,GAAE;;sEACqB;AAEhC;IAAC,IAAA,iBAAQ,GAAE;8BACO,UAAU;+DAAC;AAE7B;IAAC,IAAA,iBAAQ,GAAE;8BACO,UAAU;+DAAC;AAzB/B,sDA0BC;AAED,MAAa,wBAAwB;IAEnC,OAAO,CAAS;IAGhB,KAAK,CAAS;IAGd,GAAG,CAAS;IAGZ,OAAO,CAAS;IAGhB,uBAAuB,CAAS;IAGhC,gBAAgB,CAAa;IAG7B,gBAAgB,CAAa;CAC9B;AApBC;IAAC,IAAA,iBAAQ,GAAE;;yDACK;AAEhB;IAAC,IAAA,iBAAQ,GAAE;;uDACG;AAEd;IAAC,IAAA,iBAAQ,GAAE;;qDACC;AAEZ;IAAC,IAAA,iBAAQ,GAAE;;yDACK;AAEhB;IAAC,IAAA,iBAAQ,GAAE;;yEACqB;AAEhC;IAAC,IAAA,iBAAQ,GAAE;8BACO,UAAU;kEAAC;AAE7B;IAAC,IAAA,iBAAQ,GAAE;8BACO,UAAU;kEAAC;AApB/B,4DAqBC"}
+{"version":3,"file":"authentication-session.model.js","sourceRoot":"","sources":["../../../source/authentication/models/authentication-session.model.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCAAoC;AAEpC,MAAa,qBAAqB;IAEhC,EAAE,CAAS;IAGX,OAAO,CAAS;IAEhB,gBAAgB;IAEhB,KAAK,CAAS;IAEd,gBAAgB;IAEhB,GAAG,CAAS;IAGZ,uBAAuB,CAAS;IAGhC,gBAAgB,CAAa;IAG7B,gBAAgB,CAAa;CAC9B;AAtBC;IAAC,IAAA,iBAAQ,GAAE;;iDACA;AAEX;IAAC,IAAA,iBAAQ,GAAE;;sDACK;AAGhB;IAAC,IAAA,iBAAQ,GAAE;;oDACG;AAGd;IAAC,IAAA,iBAAQ,GAAE;;kDACC;AAEZ;IAAC,IAAA,iBAAQ,GAAE;;sEACqB;AAEhC;IAAC,IAAA,iBAAQ,GAAE;8BACO,UAAU;+DAAC;AAE7B;IAAC,IAAA,iBAAQ,GAAE;8BACO,UAAU;+DAAC;AAtB/B,sDAuBC;AAED,MAAa,wBAAwB;IAEnC,OAAO,CAAS;IAGhB,KAAK,CAAS;IAGd,GAAG,CAAS;IAGZ,uBAAuB,CAAS;IAGhC,gBAAgB,CAAa;IAG7B,gBAAgB,CAAa;CAC9B;AAjBC;IAAC,IAAA,iBAAQ,GAAE;;yDACK;AAEhB;IAAC,IAAA,iBAAQ,GAAE;;uDACG;AAEd;IAAC,IAAA,iBAAQ,GAAE;;qDACC;AAEZ;IAAC,IAAA,iBAAQ,GAAE;;yEACqB;AAEhC;IAAC,IAAA,iBAAQ,GAAE;8BACO,UAAU;kEAAC;AAE7B;IAAC,IAAA,iBAAQ,GAAE;8BACO,UAAU;kEAAC;AAjB/B,4DAkBC"}

package/authentication/models/index.d.ts

@@ -1,3 +1,4 @@
 export * from './authentication-credentials.model';
 export * from './authentication-session.model';
 export * from './token-payload-base.model';
+export * from './token.model';

package/authentication/models/index.js

@@ -17,4 +17,5 @@ Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./authentication-credentials.model"), exports);
 __exportStar(require("./authentication-session.model"), exports);
 __exportStar(require("./token-payload-base.model"), exports);
+__exportStar(require("./token.model"), exports);
 //# sourceMappingURL=index.js.map

package/authentication/models/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../source/authentication/models/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qEAAmD;AACnD,iEAA+C;AAC/C,6DAA2C"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../source/authentication/models/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qEAAmD;AACnD,iEAA+C;AAC/C,6DAA2C;AAC3C,gDAA8B"}

package/authentication/models/token-payload-base.model.d.ts

@@ -1,5 +1,12 @@
 export declare class TokenPayloadBase {
+    /** token id */
     jti: string;
+    /** issue timestamp in seconds */
     iat: number;
+    /** expiration timestamp in seconds */
     exp: number;
+    /** refresh token expiration timestamp in seconds */
+    refreshTokenExp: number;
+    sessionId: string;
+    subject: string;
 }

package/authentication/models/token-payload-base.model.js

@@ -12,9 +12,16 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.TokenPayloadBase = void 0;
 const property_1 = require("../../schema/decorators/property");
 class TokenPayloadBase {
+    /** token id */
     jti;
+    /** issue timestamp in seconds */
     iat;
+    /** expiration timestamp in seconds */
     exp;
+    /** refresh token expiration timestamp in seconds */
+    refreshTokenExp;
+    sessionId;
+    subject;
 }
 __decorate([
     (0, property_1.Property)(),
@@ -28,5 +35,17 @@ __decorate([
     (0, property_1.Property)(),
     __metadata("design:type", Number)
 ], TokenPayloadBase.prototype, "exp", void 0);
+__decorate([
+    (0, property_1.Property)(),
+    __metadata("design:type", Number)
+], TokenPayloadBase.prototype, "refreshTokenExp", void 0);
+__decorate([
+    (0, property_1.Property)(),
+    __metadata("design:type", String)
+], TokenPayloadBase.prototype, "sessionId", void 0);
+__decorate([
+    (0, property_1.Property)(),
+    __metadata("design:type", String)
+], TokenPayloadBase.prototype, "subject", void 0);
 exports.TokenPayloadBase = TokenPayloadBase;
 //# sourceMappingURL=token-payload-base.model.js.map

package/authentication/models/token-payload-base.model.js.map

@@ -1 +1 @@
-{"version":3,"file":"token-payload-base.model.js","sourceRoot":"","sources":["../../../source/authentication/models/token-payload-base.model.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+DAAwD;AAExD,MAAa,gBAAgB;IAE3B,GAAG,CAAS;IAGZ,GAAG,CAAS;IAGZ,GAAG,CAAS;CACb;AARC;IAAC,IAAA,mBAAQ,GAAE;;6CACC;AAEZ;IAAC,IAAA,mBAAQ,GAAE;;6CACC;AAEZ;IAAC,IAAA,mBAAQ,GAAE;;6CACC;AARd,4CASC"}
+{"version":3,"file":"token-payload-base.model.js","sourceRoot":"","sources":["../../../source/authentication/models/token-payload-base.model.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+DAAwD;AAExD,MAAa,gBAAgB;IAC3B,eAAe;IAEf,GAAG,CAAS;IAEZ,iCAAiC;IAEjC,GAAG,CAAS;IAEZ,sCAAsC;IAEtC,GAAG,CAAS;IAEZ,oDAAoD;IAEpD,eAAe,CAAS;IAGxB,SAAS,CAAS;IAGlB,OAAO,CAAS;CACjB;AApBC;IAAC,IAAA,mBAAQ,GAAE;;6CACC;AAGZ;IAAC,IAAA,mBAAQ,GAAE;;6CACC;AAGZ;IAAC,IAAA,mBAAQ,GAAE;;6CACC;AAGZ;IAAC,IAAA,mBAAQ,GAAE;;yDACa;AAExB;IAAC,IAAA,mBAAQ,GAAE;;mDACO;AAElB;IAAC,IAAA,mBAAQ,GAAE;;iDACK;AArBlB,4CAsBC"}

package/authentication/models/token.model.d.ts

@@ -0,0 +1,16 @@
+import type { Record } from "../../types";
+import type { JwtToken, JwtTokenHeader } from "../../utils/jwt";
+import type { TokenPayloadBase } from '../models';
+export type TokenHeader = {
+    v: number;
+};
+export type Token<AdditionalTokenPayload = Record<never>> = JwtToken<AdditionalTokenPayload & TokenPayloadBase, JwtTokenHeader<TokenHeader>>;
+export type TokenPayload<T> = T & TokenPayloadBase;
+export type RefreshTokenPayload = {
+    /** expiration timestamp in seconds */
+    exp: number;
+    subject: string;
+    sessionId: string;
+    secret: string;
+};
+export type RefreshToken = JwtToken<RefreshTokenPayload>;

package/authentication/models/token.model.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=token.model.js.map

package/authentication/models/token.model.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.model.js","sourceRoot":"","sources":["../../../source/authentication/models/token.model.ts"],"names":[],"mappings":""}

package/authentication/{authentication-credentials.repository.d.ts → server/authentication-credentials.repository.d.ts}

@@ -1,5 +1,5 @@
-import type { AuthenticationCredentials, NewAuthenticationCredentials } from './models';
+import type { AuthenticationCredentials, NewAuthenticationCredentials } from '../models';
 export declare abstract class AuthenticationCredentialsRepository {
-    abstract tryLoad(subject: string): Promise<AuthenticationCredentials | undefined>;
+    abstract tryLoadBySubject(subject: string): Promise<AuthenticationCredentials | undefined>;
     abstract save(credentials: NewAuthenticationCredentials | AuthenticationCredentials): Promise<void>;
 }

package/authentication/{authentication-credentials.repository.js → server/authentication-credentials.repository.js}

@@ -7,7 +7,7 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthenticationCredentialsRepository = void 0;
-const reflection_1 = require("../reflection");
+const reflection_1 = require("../../reflection");
 let AuthenticationCredentialsRepository = class AuthenticationCredentialsRepository {
 };
 AuthenticationCredentialsRepository = __decorate([

package/authentication/server/authentication-credentials.repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authentication-credentials.repository.js","sourceRoot":"","sources":["../../../source/authentication/server/authentication-credentials.repository.ts"],"names":[],"mappings":";;;;;;;;;AAAA,iDAAqC;AAI9B,IAAe,mCAAmC,GAAlD,MAAe,mCAAmC;CAGxD,CAAA;AAHqB,mCAAmC;IADxD,IAAA,kBAAK,GAAE;GACc,mCAAmC,CAGxD;AAHqB,kFAAmC"}

package/authentication/{authentication-session.repository.d.ts → server/authentication-session.repository.d.ts}

@@ -1,8 +1,7 @@
-import type { NewEntity } from "../database";
-import type { AuthenticationSession } from './models';
+import type { NewEntity } from "../../database";
+import type { AuthenticationSession } from '../models';
 export type AuthenticationSessionExtendData = {
     end: number;
-    tokenId: string;
     refreshTokenHashVersion: number;
     refreshTokenSalt: Uint8Array;
     refreshTokenHash: Uint8Array;

package/authentication/server/authentication-session.repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authentication-session.repository.js","sourceRoot":"","sources":["../../../source/authentication/server/authentication-session.repository.ts"],"names":[],"mappings":";;;AAUA,MAAsB,+BAA+B;CAQpD;AARD,0EAQC"}

package/authentication/server/authentication-token-payload.provider.d.ts

@@ -0,0 +1,3 @@
+export declare abstract class AuthenticationTokenPayloadProvider<TokenPayload = any, AuthenticationData = any> {
+    abstract getTokenPayload(subject: string, authenticationData: AuthenticationData): TokenPayload | Promise<TokenPayload>;
+}

package/authentication/{authentication-token-payload.provider.js → server/authentication-token-payload.provider.js}

@@ -7,7 +7,7 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthenticationTokenPayloadProvider = void 0;
-const reflection_1 = require("../reflection");
+const reflection_1 = require("../../reflection");
 let AuthenticationTokenPayloadProvider = class AuthenticationTokenPayloadProvider {
 };
 AuthenticationTokenPayloadProvider = __decorate([

package/authentication/server/authentication-token-payload.provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authentication-token-payload.provider.js","sourceRoot":"","sources":["../../../source/authentication/server/authentication-token-payload.provider.ts"],"names":[],"mappings":";;;;;;;;;AAAA,iDAAqC;AAG9B,IAAe,kCAAkC,GAAjD,MAAe,kCAAkC;CAEvD,CAAA;AAFqB,kCAAkC;IADvD,IAAA,kBAAK,GAAE;GACc,kCAAkC,CAEvD;AAFqB,gFAAkC"}

package/authentication/server/authentication.api-controller.d.ts

@@ -0,0 +1,13 @@
+import type { ApiController, ApiRequestData, ApiServerResult } from "../../api/types";
+import type { AuthenticationApiDefinition } from '../authentication.api';
+import type { TokenPayloadBase } from '../models';
+import { AuthenticationService } from './authentication.service';
+export declare class AuthenticationApiController<TokenPayload extends TokenPayloadBase, AuthenticationData> implements ApiController<AuthenticationApiDefinition<TokenPayload, AuthenticationData>> {
+    readonly authenticationService: AuthenticationService<TokenPayload, AuthenticationData>;
+    constructor(authenticationService: AuthenticationService<TokenPayload, AuthenticationData>);
+    token({ parameters }: ApiRequestData<AuthenticationApiDefinition<TokenPayload, AuthenticationData>, 'token'>): Promise<ApiServerResult<AuthenticationApiDefinition<TokenPayload, AuthenticationData>, 'token'>>;
+    refresh({ request, parameters }: ApiRequestData<AuthenticationApiDefinition<TokenPayload, AuthenticationData>, 'refresh'>): Promise<ApiServerResult<AuthenticationApiDefinition<TokenPayload, AuthenticationData>, 'refresh'>>;
+    endSession({ request }: ApiRequestData<AuthenticationApiDefinition<TokenPayload, AuthenticationData>, 'endSession'>): Promise<ApiServerResult<AuthenticationApiDefinition<TokenPayload, AuthenticationData>, 'endSession'>>;
+    timestamp(): ApiServerResult<AuthenticationApiDefinition<TokenPayload, AuthenticationData>, 'timestamp'>;
+    private getAuthenticationResponse;
+}

package/authentication/server/authentication.api-controller.js

@@ -0,0 +1,65 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthenticationApiController = void 0;
+const server_1 = require("../../api/server");
+const unauthorized_error_1 = require("../../error/unauthorized.error");
+const server_2 = require("../../http/server");
+const date_time_1 = require("../../utils/date-time");
+const authentication_api_1 = require("../authentication.api");
+const authentication_service_1 = require("./authentication.service");
+const helper_1 = require("./helper");
+let AuthenticationApiController = class AuthenticationApiController {
+    authenticationService;
+    constructor(authenticationService) {
+        this.authenticationService = authenticationService;
+    }
+    async token({ parameters }) {
+        const authenticationResult = await this.authenticationService.authenticate(parameters.subject, parameters.secret);
+        if (!authenticationResult.success) {
+            throw new unauthorized_error_1.UnauthorizedError('Invalid credentials.');
+        }
+        const result = await this.authenticationService.getToken(authenticationResult.subject, parameters.data);
+        return this.getAuthenticationResponse(result);
+    }
+    async refresh({ request, parameters }) {
+        const tokenString = (0, helper_1.tryGetAuthorizationTokenStringFromRequest)(request, 'refreshToken') ?? '';
+        const result = await this.authenticationService.refresh(tokenString, parameters.data);
+        return this.getAuthenticationResponse(result);
+    }
+    async endSession({ request }) {
+        const tokenString = (0, helper_1.tryGetAuthorizationTokenStringFromRequest)(request) ?? '';
+        const token = await this.authenticationService.validateToken(tokenString);
+        await this.authenticationService.endSession(token.payload.sessionId);
+        return 'ok';
+    }
+    timestamp() {
+        return (0, date_time_1.currentTimestamp)();
+    }
+    getAuthenticationResponse({ token, jsonToken, refreshToken }) {
+        const result = jsonToken.payload;
+        return new server_2.HttpServerResponse({
+            cookies: {
+                authorization: { value: `Bearer ${token}`, httpOnly: true, secure: true, sameSite: 'strict', expires: jsonToken.payload.refreshTokenExp * 1000 },
+                refreshToken: { value: `Bearer ${refreshToken}`, httpOnly: true, secure: true, sameSite: 'strict', expires: jsonToken.payload.refreshTokenExp * 1000 }
+            },
+            body: {
+                json: result
+            }
+        });
+    }
+};
+AuthenticationApiController = __decorate([
+    (0, server_1.apiController)(authentication_api_1.authenticationApiDefinition),
+    __metadata("design:paramtypes", [authentication_service_1.AuthenticationService])
+], AuthenticationApiController);
+exports.AuthenticationApiController = AuthenticationApiController;
+//# sourceMappingURL=authentication.api-controller.js.map

package/authentication/server/authentication.api-controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authentication.api-controller.js","sourceRoot":"","sources":["../../../source/authentication/server/authentication.api-controller.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAA6C;AAE7C,uEAA+D;AAC/D,8CAAmD;AACnD,qDAAqD;AAErD,8DAAoE;AAGpE,qEAAiE;AACjE,qCAAqE;AAG9D,IAAM,2BAA2B,GAAjC,MAAM,2BAA2B;IAC7B,qBAAqB,CAA0D;IAExF,YAAY,qBAA8E;QACxF,IAAI,CAAC,qBAAqB,GAAG,qBAAqB,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,EAAE,UAAU,EAA0F;QAChH,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAAC,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;QAElH,IAAI,CAAC,oBAAoB,CAAC,OAAO,EAAE;YACjC,MAAM,IAAI,sCAAiB,CAAC,sBAAsB,CAAC,CAAC;SACrD;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,oBAAoB,CAAC,OAAO,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC;QAExG,OAAO,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,UAAU,EAA4F;QAC7H,MAAM,WAAW,GAAG,IAAA,kDAAyC,EAAC,OAAO,EAAE,cAAc,CAAC,IAAI,EAAE,CAAC;QAC7F,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC;QAEtF,OAAO,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,EAAE,OAAO,EAA+F;QACvH,MAAM,WAAW,GAAG,IAAA,kDAAyC,EAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAC7E,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;QAC1E,MAAM,IAAI,CAAC,qBAAqB,CAAC,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAErE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,SAAS;QACP,OAAO,IAAA,4BAAgB,GAAE,CAAC;IAC5B,CAAC;IAEO,yBAAyB,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,YAAY,EAA6B;QAC7F,MAAM,MAAM,GAA4F,SAAS,CAAC,OAAO,CAAC;QAE1H,OAAO,IAAI,2BAAkB,CAAC;YAC5B,OAAO,EAAE;gBACP,aAAa,EAAE,EAAE,KAAK,EAAE,UAAU,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,CAAC,eAAe,GAAG,IAAI,EAAE;gBAChJ,YAAY,EAAE,EAAE,KAAK,EAAE,UAAU,YAAY,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,CAAC,eAAe,GAAG,IAAI,EAAE;aACvJ;YACD,IAAI,EAAE;gBACJ,IAAI,EAAE,MAAM;aACb;SACF,CAAC,CAAC;IACL,CAAC;CACF,CAAA;AAnDY,2BAA2B;IADvC,IAAA,sBAAa,EAAC,gDAA2B,CAAC;qCAIN,8CAAqB;GAH7C,2BAA2B,CAmDvC;AAnDY,kEAA2B"}

package/authentication/{authentication.service.d.ts → server/authentication.service.d.ts}

@@ -1,14 +1,12 @@
-import type { JwtToken, JwtTokenHeader } from "../utils/jwt";
+import type { AfterResolve } from "../../container";
+import { afterResolve } from "../../container";
+import type { Record } from "../../types";
+import type { RefreshToken, Token } from '../models';
 import { AuthenticationCredentialsRepository } from './authentication-credentials.repository';
 import { AuthenticationSessionRepository } from './authentication-session.repository';
 import { AuthenticationTokenPayloadProvider } from './authentication-token-payload.provider';
-import type { TokenPayloadBase } from './models';
-export type Token<AdditionalTokenPayload> = JwtToken<AdditionalTokenPayload & TokenPayloadBase, JwtTokenHeader<TokenHeader>>;
-export type TokenHeader = {
-    v: number;
-};
 export type AuthenticationServiceOptions = {
-    /** Secret used for signing tokens */
+    /** Secret used for signing tokens and refreshTokens */
     secret: string;
     /** Token version, forces refresh on mismatch (useful if payload changes) */
     version?: number;
@@ -18,10 +16,18 @@ export type AuthenticationServiceOptions = {
     sessionTimeToLive?: number;
 };
 export type AuthenticationResult = {
+    success: true;
+    subject: string;
+} | {
+    success: false;
+    subject?: undefined;
+};
+export type TokenResult<AdditionalTokenPayload = Record<never>> = {
     token: string;
+    jsonToken: Token<AdditionalTokenPayload>;
     refreshToken: string;
 };
-export declare class AuthenticationService<AdditionalTokenPayload, AdditionalAuthenticationData> {
+export declare class AuthenticationService<AdditionalTokenPayload = Record<never>, AdditionalAuthenticationData = Record<never>> implements AfterResolve {
     private readonly credentialsRepository;
     private readonly sessionRepository;
     private readonly tokenPayloadProviderService;
@@ -29,14 +35,20 @@ export declare class AuthenticationService<AdditionalTokenPayload, AdditionalAut
     private readonly tokenVersion;
     private readonly tokenTimeToLive;
     private readonly sessionTimeToLive;
+    private derivedTokenSigningSecret;
+    private derivedRefreshTokenSigningSecret;
     constructor(credentialsService: AuthenticationCredentialsRepository, sessionRepository: AuthenticationSessionRepository, tokenPayloadProviderService: AuthenticationTokenPayloadProvider<AdditionalTokenPayload, AdditionalAuthenticationData>, options: AuthenticationServiceOptions);
+    [afterResolve](): Promise<void>;
+    initialize(): Promise<void>;
     setCredentials(subject: string, secret: string): Promise<void>;
-    authenticate(subject: string, secret: string): Promise<boolean>;
-    getToken(subject: string, secret: string, additionalAuthenticationData: AdditionalAuthenticationData): Promise<AuthenticationResult>;
+    authenticate(subject: string, secret: string): Promise<AuthenticationResult>;
+    getToken(subject: string, additionalAuthenticationData: AdditionalAuthenticationData): Promise<TokenResult<AdditionalTokenPayload>>;
     endSession(sessionId: string): Promise<void>;
-    refresh(sessionId: string, refreshToken: string, additionalAuthenticationData: AdditionalAuthenticationData): Promise<AuthenticationResult>;
+    refresh(refreshToken: string, additionalAuthenticationData: AdditionalAuthenticationData): Promise<TokenResult<AdditionalTokenPayload>>;
     validateToken(token: string): Promise<Token<AdditionalTokenPayload>>;
+    validateRefreshToken(token: string): Promise<RefreshToken>;
     private createToken;
     private createRefreshToken;
+    private deriveSigningSecrets;
     private getHash;
 }

package/authentication/{authentication.service.js → server/authentication.service.js}

@@ -13,21 +13,22 @@ var __param = (this && this.__param) || function (paramIndex, decorator) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthenticationService = void 0;
-const container_1 = require("../container");
-const error_1 = require("../error");
-const invalid_token_error_1 = require("../error/invalid-token.error");
-const alphabet_1 = require("../utils/alphabet");
-const cryptography_1 = require("../utils/cryptography");
-const date_time_1 = require("../utils/date-time");
-const equals_1 = require("../utils/equals");
-const jwt_1 = require("../utils/jwt");
-const random_1 = require("../utils/random");
-const type_guards_1 = require("../utils/type-guards");
-const units_1 = require("../utils/units");
+const container_1 = require("../../container");
+const invalid_token_error_1 = require("../../error/invalid-token.error");
+const alphabet_1 = require("../../utils/alphabet");
+const cryptography_1 = require("../../utils/cryptography");
+const date_time_1 = require("../../utils/date-time");
+const equals_1 = require("../../utils/equals");
+const jwt_1 = require("../../utils/jwt");
+const random_1 = require("../../utils/random");
+const type_guards_1 = require("../../utils/type-guards");
+const units_1 = require("../../utils/units");
 const authentication_credentials_repository_1 = require("./authentication-credentials.repository");
 const authentication_session_repository_1 = require("./authentication-session.repository");
 const authentication_token_payload_provider_1 = require("./authentication-token-payload.provider");
+const helper_1 = require("./helper");
 const tokens_1 = require("./tokens");
+const SIGNING_SECRETS_LENGTH = 512;
 let AuthenticationService = class AuthenticationService {
     credentialsRepository;
     sessionRepository;
@@ -36,6 +37,8 @@ let AuthenticationService = class AuthenticationService {
     tokenVersion;
     tokenTimeToLive;
     sessionTimeToLive;
+    derivedTokenSigningSecret;
+    derivedRefreshTokenSigningSecret;
     constructor(credentialsService, sessionRepository, tokenPayloadProviderService, options) {
         this.credentialsRepository = credentialsService;
         this.sessionRepository = sessionRepository;
@@ -45,6 +48,12 @@ let AuthenticationService = class AuthenticationService {
         this.tokenTimeToLive = options.tokenTimeToLive ?? (5 * units_1.millisecondsPerMinute);
         this.sessionTimeToLive = options.sessionTimeToLive ?? (5 * units_1.millisecondsPerDay);
     }
+    async [container_1.afterResolve]() {
+        await this.initialize();
+    }
+    async initialize() {
+        await this.deriveSigningSecrets();
+    }
     async setCredentials(subject, secret) {
         const salt = (0, random_1.getRandomBytes)(32);
         const hash = await this.getHash(secret, salt);
@@ -57,67 +66,78 @@ let AuthenticationService = class AuthenticationService {
         await this.credentialsRepository.save(credentials);
     }
     async authenticate(subject, secret) {
-        const credentials = await this.credentialsRepository.tryLoad(subject);
+        const credentials = await this.credentialsRepository.tryLoadBySubject(subject);
         if ((0, type_guards_1.isUndefined)(credentials)) {
-            return false;
+            return { success: false };
         }
         const hash = await this.getHash(secret, credentials.salt);
-        return (0, equals_1.binaryEquals)(hash, credentials.hash);
-    }
-    async getToken(subject, secret, additionalAuthenticationData) {
-        const isAuthenticated = await this.authenticate(subject, secret);
-        if (!isAuthenticated) {
-            throw new error_1.UnauthorizedError('Invalid credentials.');
+        const valid = (0, equals_1.binaryEquals)(hash, credentials.hash);
+        if (valid) {
+            return { success: true, subject: credentials.subject };
         }
+        return { success: false };
+    }
+    async getToken(subject, additionalAuthenticationData) {
         const now = (0, date_time_1.currentTimestamp)();
-        const tokenPayload = await this.tokenPayloadProviderService.getTokenPayload(subject, additionalAuthenticationData);
-        const { token, payload } = await this.createToken(tokenPayload, now);
-        const refreshToken = await this.createRefreshToken();
-        await this.sessionRepository.insert({
+        const end = now + this.sessionTimeToLive;
+        const session = await this.sessionRepository.insert({
             subject,
             begin: now,
-            end: now + this.sessionTimeToLive,
-            tokenId: payload.jti,
+            end,
+            refreshTokenHashVersion: 0,
+            refreshTokenSalt: new Uint8Array(),
+            refreshTokenHash: new Uint8Array()
+        });
+        const tokenPayload = await this.tokenPayloadProviderService?.getTokenPayload(subject, additionalAuthenticationData);
+        const { token, jsonToken } = await this.createToken(tokenPayload, subject, session.id, end, now);
+        const refreshToken = await this.createRefreshToken(subject, session.id, end);
+        await this.sessionRepository.extend(session.id, {
+            end,
             refreshTokenHashVersion: 1,
             refreshTokenSalt: refreshToken.salt,
             refreshTokenHash: refreshToken.hash
         });
-        return { token, refreshToken: refreshToken.token };
+        return { token, jsonToken, refreshToken: refreshToken.token };
     }
     async endSession(sessionId) {
         const now = (0, date_time_1.currentTimestamp)();
         await this.sessionRepository.end(sessionId, now);
     }
-    async refresh(sessionId, refreshToken, additionalAuthenticationData) {
+    async refresh(refreshToken, additionalAuthenticationData) {
+        const validatedToken = await this.validateRefreshToken(refreshToken);
+        const sessionId = validatedToken.payload.sessionId;
         const session = await this.sessionRepository.load(sessionId);
-        const hash = await this.getHash(refreshToken, session.refreshTokenSalt);
+        const hash = await this.getHash(validatedToken.payload.secret, session.refreshTokenSalt);
         if (session.end <= (0, date_time_1.currentTimestamp)()) {
-            throw new error_1.UnauthorizedError('Session is ended.');
+            throw new invalid_token_error_1.InvalidTokenError('Session is expired.');
         }
         if (!(0, equals_1.binaryEquals)(hash, session.refreshTokenHash)) {
-            throw new error_1.UnauthorizedError('Invalid refresh token.');
+            throw new invalid_token_error_1.InvalidTokenError('Invalid refresh token.');
         }
         const now = (0, date_time_1.currentTimestamp)();
-        const tokenPayload = await this.tokenPayloadProviderService.getTokenPayload(session.subject, additionalAuthenticationData);
-        const { token, payload } = await this.createToken(tokenPayload, now);
-        const newRefreshToken = await this.createRefreshToken();
+        const newEnd = now + this.sessionTimeToLive;
+        const tokenPayload = await this.tokenPayloadProviderService?.getTokenPayload(session.subject, additionalAuthenticationData);
+        const { token, jsonToken } = await this.createToken(tokenPayload, session.subject, sessionId, newEnd, now);
+        const newRefreshToken = await this.createRefreshToken(validatedToken.payload.subject, sessionId, newEnd);
         await this.sessionRepository.extend(sessionId, {
-            end: now + this.sessionTimeToLive,
-            tokenId: payload.jti,
+            end: newEnd,
             refreshTokenHashVersion: 1,
             refreshTokenSalt: newRefreshToken.salt,
             refreshTokenHash: newRefreshToken.hash
         });
-        return { token, refreshToken: newRefreshToken.token };
+        return { token, jsonToken, refreshToken: newRefreshToken.token };
     }
     async validateToken(token) {
-        const validatedToken = await (0, jwt_1.parseAndValidateJwtTokenString)(token, 'HS256', this.secret);
-        if (validatedToken.header.v != this.tokenVersion) {
-            throw new invalid_token_error_1.InvalidTokenError('Invalid token version.');
+        return (0, helper_1.getTokenFromString)(token, this.tokenVersion, this.derivedTokenSigningSecret);
+    }
+    async validateRefreshToken(token) {
+        const validatedToken = await (0, jwt_1.parseAndValidateJwtTokenString)(token, 'HS256', this.derivedRefreshTokenSigningSecret);
+        if (validatedToken.payload.exp <= (0, date_time_1.currentTimestampSeconds)()) {
+            throw new invalid_token_error_1.InvalidTokenError('Token expired.');
         }
         return validatedToken;
     }
-    async createToken(additionalTokenPayload, timestamp = (0, date_time_1.currentTimestamp)()) {
+    async createToken(additionalTokenPayload, subject, sessionId, refreshTokenExpiration, timestamp) {
         const header = {
             v: this.tokenVersion,
             alg: 'HS256',
@@ -127,19 +147,43 @@ let AuthenticationService = class AuthenticationService {
             jti: (0, random_1.getRandomString)(24, alphabet_1.Alphabet.LowerUpperCaseNumbers),
             iat: (0, date_time_1.timestampToTimestampSeconds)(timestamp),
             exp: (0, date_time_1.timestampToTimestampSeconds)(timestamp + this.tokenTimeToLive),
+            refreshTokenExp: (0, date_time_1.timestampToTimestampSeconds)(refreshTokenExpiration),
+            sessionId,
+            subject,
             ...additionalTokenPayload
         };
-        const token = await (0, jwt_1.createJwtTokenString)({
+        const jsonToken = {
             header,
             payload
-        }, this.secret);
-        return { header, payload, token };
+        };
+        const token = await (0, jwt_1.createJwtTokenString)(jsonToken, this.derivedTokenSigningSecret);
+        return { token, jsonToken };
     }
-    async createRefreshToken() {
-        const token = (0, random_1.getRandomString)(64, alphabet_1.Alphabet.LowerUpperCaseNumbers);
+    async createRefreshToken(subject, sessionId, expirationTimestamp) {
+        const secret = (0, random_1.getRandomString)(64, alphabet_1.Alphabet.LowerUpperCaseNumbers);
         const salt = (0, random_1.getRandomBytes)(32);
-        const hash = await this.getHash(token, salt);
-        return { token, salt, hash: new Uint8Array(hash) };
+        const hash = await this.getHash(secret, salt);
+        const jsonToken = {
+            header: {
+                alg: 'HS256',
+                typ: 'JWT'
+            },
+            payload: {
+                exp: (0, date_time_1.timestampToTimestampSeconds)(expirationTimestamp),
+                subject,
+                sessionId,
+                secret
+            }
+        };
+        const token = await (0, jwt_1.createJwtTokenString)(jsonToken, this.derivedRefreshTokenSigningSecret);
+        return { token, jsonToken, salt, hash: new Uint8Array(hash) };
+    }
+    async deriveSigningSecrets() {
+        const key = await (0, cryptography_1.importPbkdf2Key)(this.secret);
+        const hash = await globalThis.crypto.subtle.deriveBits({ name: 'PBKDF2', hash: 'SHA-512', iterations: 500000, salt: new Uint8Array() }, key, SIGNING_SECRETS_LENGTH * 2);
+        const bufferSize = SIGNING_SECRETS_LENGTH / 8;
+        this.derivedTokenSigningSecret = new Uint8Array(hash.slice(0, bufferSize));
+        this.derivedRefreshTokenSigningSecret = new Uint8Array(hash.slice(bufferSize));
     }
     async getHash(secret, salt) {
         const key = await (0, cryptography_1.importPbkdf2Key)(secret);
@@ -149,6 +193,7 @@ let AuthenticationService = class AuthenticationService {
 };
 AuthenticationService = __decorate([
     (0, container_1.singleton)(),
+    __param(2, (0, container_1.optional)()),
     __param(3, (0, container_1.inject)(tokens_1.AUTHENTICATION_SERVICE_OPTIONS)),
     __metadata("design:paramtypes", [authentication_credentials_repository_1.AuthenticationCredentialsRepository,
         authentication_session_repository_1.AuthenticationSessionRepository,