@tstdl/base 0.82.6 → 0.82.8

package/authentication/{authentication.service.js → server/authentication.service.js}

@@ -13,21 +13,22 @@ var __param = (this && this.__param) || function (paramIndex, decorator) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthenticationService = void 0;
-const container_1 = require("../container");
-const error_1 = require("../error");
-const invalid_token_error_1 = require("../error/invalid-token.error");
-const alphabet_1 = require("../utils/alphabet");
-const cryptography_1 = require("../utils/cryptography");
-const date_time_1 = require("../utils/date-time");
-const equals_1 = require("../utils/equals");
-const jwt_1 = require("../utils/jwt");
-const random_1 = require("../utils/random");
-const type_guards_1 = require("../utils/type-guards");
-const units_1 = require("../utils/units");
+const container_1 = require("../../container");
+const invalid_token_error_1 = require("../../error/invalid-token.error");
+const alphabet_1 = require("../../utils/alphabet");
+const cryptography_1 = require("../../utils/cryptography");
+const date_time_1 = require("../../utils/date-time");
+const equals_1 = require("../../utils/equals");
+const jwt_1 = require("../../utils/jwt");
+const random_1 = require("../../utils/random");
+const type_guards_1 = require("../../utils/type-guards");
+const units_1 = require("../../utils/units");
 const authentication_credentials_repository_1 = require("./authentication-credentials.repository");
 const authentication_session_repository_1 = require("./authentication-session.repository");
 const authentication_token_payload_provider_1 = require("./authentication-token-payload.provider");
+const helper_1 = require("./helper");
 const tokens_1 = require("./tokens");
+const SIGNING_SECRETS_LENGTH = 512;
 let AuthenticationService = class AuthenticationService {
     credentialsRepository;
     sessionRepository;
@@ -36,6 +37,8 @@ let AuthenticationService = class AuthenticationService {
     tokenVersion;
     tokenTimeToLive;
     sessionTimeToLive;
+    derivedTokenSigningSecret;
+    derivedRefreshTokenSigningSecret;
     constructor(credentialsService, sessionRepository, tokenPayloadProviderService, options) {
         this.credentialsRepository = credentialsService;
         this.sessionRepository = sessionRepository;
@@ -45,6 +48,12 @@ let AuthenticationService = class AuthenticationService {
         this.tokenTimeToLive = options.tokenTimeToLive ?? (5 * units_1.millisecondsPerMinute);
         this.sessionTimeToLive = options.sessionTimeToLive ?? (5 * units_1.millisecondsPerDay);
     }
+    async [container_1.afterResolve]() {
+        await this.initialize();
+    }
+    async initialize() {
+        await this.deriveSigningSecrets();
+    }
     async setCredentials(subject, secret) {
         const salt = (0, random_1.getRandomBytes)(32);
         const hash = await this.getHash(secret, salt);
@@ -57,67 +66,78 @@ let AuthenticationService = class AuthenticationService {
         await this.credentialsRepository.save(credentials);
     }
     async authenticate(subject, secret) {
-        const credentials = await this.credentialsRepository.tryLoad(subject);
+        const credentials = await this.credentialsRepository.tryLoadBySubject(subject);
         if ((0, type_guards_1.isUndefined)(credentials)) {
-            return false;
+            return { success: false };
         }
         const hash = await this.getHash(secret, credentials.salt);
-        return (0, equals_1.binaryEquals)(hash, credentials.hash);
-    }
-    async getToken(subject, secret, additionalAuthenticationData) {
-        const isAuthenticated = await this.authenticate(subject, secret);
-        if (!isAuthenticated) {
-            throw new error_1.UnauthorizedError('Invalid credentials.');
+        const valid = (0, equals_1.binaryEquals)(hash, credentials.hash);
+        if (valid) {
+            return { success: true, subject: credentials.subject };
         }
+        return { success: false };
+    }
+    async getToken(subject, additionalAuthenticationData) {
         const now = (0, date_time_1.currentTimestamp)();
-        const tokenPayload = await this.tokenPayloadProviderService.getTokenPayload(subject, additionalAuthenticationData);
-        const { token, payload } = await this.createToken(tokenPayload, now);
-        const refreshToken = await this.createRefreshToken();
-        await this.sessionRepository.insert({
+        const end = now + this.sessionTimeToLive;
+        const session = await this.sessionRepository.insert({
             subject,
             begin: now,
-            end: now + this.sessionTimeToLive,
-            tokenId: payload.jti,
+            end,
+            refreshTokenHashVersion: 0,
+            refreshTokenSalt: new Uint8Array(),
+            refreshTokenHash: new Uint8Array()
+        });
+        const tokenPayload = await this.tokenPayloadProviderService?.getTokenPayload(subject, additionalAuthenticationData);
+        const { token, jsonToken } = await this.createToken(tokenPayload, subject, session.id, end, now);
+        const refreshToken = await this.createRefreshToken(subject, session.id, end);
+        await this.sessionRepository.extend(session.id, {
+            end,
             refreshTokenHashVersion: 1,
             refreshTokenSalt: refreshToken.salt,
             refreshTokenHash: refreshToken.hash
         });
-        return { token, refreshToken: refreshToken.token };
+        return { token, jsonToken, refreshToken: refreshToken.token };
     }
     async endSession(sessionId) {
         const now = (0, date_time_1.currentTimestamp)();
         await this.sessionRepository.end(sessionId, now);
     }
-    async refresh(sessionId, refreshToken, additionalAuthenticationData) {
+    async refresh(refreshToken, additionalAuthenticationData) {
+        const validatedToken = await this.validateRefreshToken(refreshToken);
+        const sessionId = validatedToken.payload.sessionId;
         const session = await this.sessionRepository.load(sessionId);
-        const hash = await this.getHash(refreshToken, session.refreshTokenSalt);
+        const hash = await this.getHash(validatedToken.payload.secret, session.refreshTokenSalt);
         if (session.end <= (0, date_time_1.currentTimestamp)()) {
-            throw new error_1.UnauthorizedError('Session is ended.');
+            throw new invalid_token_error_1.InvalidTokenError('Session is expired.');
         }
         if (!(0, equals_1.binaryEquals)(hash, session.refreshTokenHash)) {
-            throw new error_1.UnauthorizedError('Invalid refresh token.');
+            throw new invalid_token_error_1.InvalidTokenError('Invalid refresh token.');
         }
         const now = (0, date_time_1.currentTimestamp)();
-        const tokenPayload = await this.tokenPayloadProviderService.getTokenPayload(session.subject, additionalAuthenticationData);
-        const { token, payload } = await this.createToken(tokenPayload, now);
-        const newRefreshToken = await this.createRefreshToken();
+        const newEnd = now + this.sessionTimeToLive;
+        const tokenPayload = await this.tokenPayloadProviderService?.getTokenPayload(session.subject, additionalAuthenticationData);
+        const { token, jsonToken } = await this.createToken(tokenPayload, session.subject, sessionId, newEnd, now);
+        const newRefreshToken = await this.createRefreshToken(validatedToken.payload.subject, sessionId, newEnd);
         await this.sessionRepository.extend(sessionId, {
-            end: now + this.sessionTimeToLive,
-            tokenId: payload.jti,
+            end: newEnd,
             refreshTokenHashVersion: 1,
             refreshTokenSalt: newRefreshToken.salt,
             refreshTokenHash: newRefreshToken.hash
         });
-        return { token, refreshToken: newRefreshToken.token };
+        return { token, jsonToken, refreshToken: newRefreshToken.token };
     }
     async validateToken(token) {
-        const validatedToken = await (0, jwt_1.parseAndValidateJwtTokenString)(token, 'HS256', this.secret);
-        if (validatedToken.header.v != this.tokenVersion) {
-            throw new invalid_token_error_1.InvalidTokenError('Invalid token version.');
+        return (0, helper_1.getTokenFromString)(token, this.tokenVersion, this.derivedTokenSigningSecret);
+    }
+    async validateRefreshToken(token) {
+        const validatedToken = await (0, jwt_1.parseAndValidateJwtTokenString)(token, 'HS256', this.derivedRefreshTokenSigningSecret);
+        if (validatedToken.payload.exp <= (0, date_time_1.currentTimestampSeconds)()) {
+            throw new invalid_token_error_1.InvalidTokenError('Token expired.');
         }
         return validatedToken;
     }
-    async createToken(additionalTokenPayload, timestamp = (0, date_time_1.currentTimestamp)()) {
+    async createToken(additionalTokenPayload, subject, sessionId, refreshTokenExpiration, timestamp) {
         const header = {
             v: this.tokenVersion,
             alg: 'HS256',
@@ -127,19 +147,43 @@ let AuthenticationService = class AuthenticationService {
             jti: (0, random_1.getRandomString)(24, alphabet_1.Alphabet.LowerUpperCaseNumbers),
             iat: (0, date_time_1.timestampToTimestampSeconds)(timestamp),
             exp: (0, date_time_1.timestampToTimestampSeconds)(timestamp + this.tokenTimeToLive),
+            refreshTokenExp: (0, date_time_1.timestampToTimestampSeconds)(refreshTokenExpiration),
+            sessionId,
+            subject,
             ...additionalTokenPayload
         };
-        const token = await (0, jwt_1.createJwtTokenString)({
+        const jsonToken = {
             header,
             payload
-        }, this.secret);
-        return { header, payload, token };
+        };
+        const token = await (0, jwt_1.createJwtTokenString)(jsonToken, this.derivedTokenSigningSecret);
+        return { token, jsonToken };
     }
-    async createRefreshToken() {
-        const token = (0, random_1.getRandomString)(64, alphabet_1.Alphabet.LowerUpperCaseNumbers);
+    async createRefreshToken(subject, sessionId, expirationTimestamp) {
+        const secret = (0, random_1.getRandomString)(64, alphabet_1.Alphabet.LowerUpperCaseNumbers);
         const salt = (0, random_1.getRandomBytes)(32);
-        const hash = await this.getHash(token, salt);
-        return { token, salt, hash: new Uint8Array(hash) };
+        const hash = await this.getHash(secret, salt);
+        const jsonToken = {
+            header: {
+                alg: 'HS256',
+                typ: 'JWT'
+            },
+            payload: {
+                exp: (0, date_time_1.timestampToTimestampSeconds)(expirationTimestamp),
+                subject,
+                sessionId,
+                secret
+            }
+        };
+        const token = await (0, jwt_1.createJwtTokenString)(jsonToken, this.derivedRefreshTokenSigningSecret);
+        return { token, jsonToken, salt, hash: new Uint8Array(hash) };
+    }
+    async deriveSigningSecrets() {
+        const key = await (0, cryptography_1.importPbkdf2Key)(this.secret);
+        const hash = await globalThis.crypto.subtle.deriveBits({ name: 'PBKDF2', hash: 'SHA-512', iterations: 500000, salt: new Uint8Array() }, key, SIGNING_SECRETS_LENGTH * 2);
+        const bufferSize = SIGNING_SECRETS_LENGTH / 8;
+        this.derivedTokenSigningSecret = new Uint8Array(hash.slice(0, bufferSize));
+        this.derivedRefreshTokenSigningSecret = new Uint8Array(hash.slice(bufferSize));
     }
     async getHash(secret, salt) {
         const key = await (0, cryptography_1.importPbkdf2Key)(secret);
@@ -149,6 +193,7 @@ let AuthenticationService = class AuthenticationService {
 };
 AuthenticationService = __decorate([
     (0, container_1.singleton)(),
+    __param(2, (0, container_1.optional)()),
     __param(3, (0, container_1.inject)(tokens_1.AUTHENTICATION_SERVICE_OPTIONS)),
     __metadata("design:paramtypes", [authentication_credentials_repository_1.AuthenticationCredentialsRepository,
         authentication_session_repository_1.AuthenticationSessionRepository,

package/authentication/server/authentication.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authentication.service.js","sourceRoot":"","sources":["../../../source/authentication/server/authentication.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AACA,+CAAwE;AACxE,yEAAgE;AAEhE,mDAA4C;AAC5C,2DAAuD;AACvD,qDAA2G;AAC3G,+CAA8C;AAC9C,yCAAmF;AACnF,+CAAiE;AACjE,yDAAkD;AAClD,6CAA0E;AAE1E,mGAA8F;AAC9F,2FAAsF;AACtF,mGAA6F;AAC7F,qCAA8C;AAC9C,qCAA0D;AAsC1D,MAAM,sBAAsB,GAAG,GAAG,CAAC;AAG5B,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IACf,qBAAqB,CAAsC;IAC3D,iBAAiB,CAAkC;IACnD,2BAA2B,CAAuG;IAElI,MAAM,CAAS;IACf,YAAY,CAAS;IACrB,eAAe,CAAS;IACxB,iBAAiB,CAAS;IAEnC,yBAAyB,CAAa;IACtC,gCAAgC,CAAa;IAErD,YACE,kBAAuD,EACvD,iBAAkD,EACtC,2BAAqH,EACzF,OAAqC;QAE7E,IAAI,CAAC,qBAAqB,GAAG,kBAAkB,CAAC;QAChD,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC3C,IAAI,CAAC,2BAA2B,GAAG,2BAA2B,CAAC;QAE/D,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,OAAO,IAAI,CAAC,CAAC;QACzC,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,CAAC,CAAC,GAAG,6BAAqB,CAAC,CAAC;QAC9E,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,IAAI,CAAC,CAAC,GAAG,0BAAkB,CAAC,CAAC;IACjF,CAAC;IAED,KAAK,CAAC,CAAC,wBAAY,CAAC;QAClB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,UAAU;QACd,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAe,EAAE,MAAc;QAClD,MAAM,IAAI,GAAG,IAAA,uBAAc,EAAC,EAAE,CAAC,CAAC;QAChC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAE9C,MAAM,WAAW,GAAiC;YAChD,OAAO;YACP,WAAW,EAAE,CAAC;YACd,IAAI;YACJ,IAAI;SACL,CAAC;QAEF,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,OAAe,EAAE,MAAc;QAChD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAE/E,IAAI,IAAA,yBAAW,EAAC,WAAW,CAAC,EAAE;YAC5B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;SAC3B;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,KAAK,GAAG,IAAA,qBAAY,EAAC,IAAI,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;QAEnD,IAAI,KAAK,EAAE;YACT,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,CAAC,OAAO,EAAE,CAAC;SACxD;QAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAe,EAAE,4BAA0D;QACxF,MAAM,GAAG,GAAG,IAAA,4BAAgB,GAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,GAAG,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAEzC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC;YAClD,OAAO;YACP,KAAK,EAAE,GAAG;YACV,GAAG;YACH,uBAAuB,EAAE,CAAC;YAC1B,gBAAgB,EAAE,IAAI,UAAU,EAAE;YAClC,gBAAgB,EAAE,IAAI,UAAU,EAAE;SACnC,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,2BAA2B,EAAE,eAAe,CAAC,OAAO,EAAE,4BAA4B,CAAC,CAAC;QACpH,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAa,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAClG,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QAE7E,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE;YAC9C,GAAG;YACH,uBAAuB,EAAE,CAAC;YAC1B,gBAAgB,EAAE,YAAY,CAAC,IAAI;YACnC,gBAAgB,EAAE,YAAY,CAAC,IAAI;SACpC,CAAC,CAAC;QAEH,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,SAAiB;QAChC,MAAM,GAAG,GAAG,IAAA,4BAAgB,GAAE,CAAC;QAC/B,MAAM,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,YAAoB,EAAE,4BAA0D;QAC5F,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC;QAEnD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;QAEzF,IAAI,OAAO,CAAC,GAAG,IAAI,IAAA,4BAAgB,GAAE,EAAE;YACrC,MAAM,IAAI,uCAAiB,CAAC,qBAAqB,CAAC,CAAC;SACpD;QAED,IAAI,CAAC,IAAA,qBAAY,EAAC,IAAI,EAAE,OAAO,CAAC,gBAAgB,CAAC,EAAE;YACjD,MAAM,IAAI,uCAAiB,CAAC,wBAAwB,CAAC,CAAC;SACvD;QAED,MAAM,GAAG,GAAG,IAAA,4BAAgB,GAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC5C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,2BAA2B,EAAE,eAAe,CAAC,OAAO,CAAC,OAAO,EAAE,4BAA4B,CAAC,CAAC;QAC5H,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAa,EAAE,OAAO,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;QAC5G,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;QAEzG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,SAAS,EAAE;YAC7C,GAAG,EAAE,MAAM;YACX,uBAAuB,EAAE,CAAC;YAC1B,gBAAgB,EAAE,eAAe,CAAC,IAAI;YACtC,gBAAgB,EAAE,eAAe,CAAC,IAAI;SACvC,CAAC,CAAC;QAEH,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,eAAe,CAAC,KAAK,EAAE,CAAC;IACnE,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,KAAa;QAC/B,OAAO,IAAA,2BAAkB,EAAC,KAAK,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACtF,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,KAAa;QACtC,MAAM,cAAc,GAAG,MAAM,IAAA,oCAA8B,EAAe,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAEjI,IAAI,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,IAAA,mCAAuB,GAAE,EAAE;YAC3D,MAAM,IAAI,uCAAiB,CAAC,gBAAgB,CAAC,CAAC;SAC/C;QAED,OAAO,cAAc,CAAC;IACxB,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,sBAA8C,EAAE,OAAe,EAAE,SAAiB,EAAE,sBAA8B,EAAE,SAAiB;QAC7J,MAAM,MAAM,GAA4C;YACtD,CAAC,EAAE,IAAI,CAAC,YAAY;YACpB,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,KAAK;SACX,CAAC;QAEF,MAAM,OAAO,GAA6C;YACxD,GAAG,EAAE,IAAA,wBAAe,EAAC,EAAE,EAAE,mBAAQ,CAAC,qBAAqB,CAAC;YACxD,GAAG,EAAE,IAAA,uCAA2B,EAAC,SAAS,CAAC;YAC3C,GAAG,EAAE,IAAA,uCAA2B,EAAC,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC;YAClE,eAAe,EAAE,IAAA,uCAA2B,EAAC,sBAAsB,CAAC;YACpE,SAAS;YACT,OAAO;YACP,GAAG,sBAAsB;SAC1B,CAAC;QAEF,MAAM,SAAS,GAAkC;YAC/C,MAAM;YACN,OAAO;SACR,CAAC;QAEF,MAAM,KAAK,GAAG,MAAM,IAAA,0BAAoB,EAAgC,SAAS,EAAE,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAEnH,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;IAC9B,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,OAAe,EAAE,SAAiB,EAAE,mBAA2B;QAC9F,MAAM,MAAM,GAAG,IAAA,wBAAe,EAAC,EAAE,EAAE,mBAAQ,CAAC,qBAAqB,CAAC,CAAC;QACnE,MAAM,IAAI,GAAG,IAAA,uBAAc,EAAC,EAAE,CAAC,CAAC;QAChC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAE9C,MAAM,SAAS,GAAiB;YAC9B,MAAM,EAAE;gBACN,GAAG,EAAE,OAAO;gBACZ,GAAG,EAAE,KAAK;aACX;YACD,OAAO,EAAE;gBACP,GAAG,EAAE,IAAA,uCAA2B,EAAC,mBAAmB,CAAC;gBACrD,OAAO;gBACP,SAAS;gBACT,MAAM;aACP;SACF,CAAC;QAEF,MAAM,KAAK,GAAG,MAAM,IAAA,0BAAoB,EAAe,SAAS,EAAE,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAEzG,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;IAChE,CAAC;IAEO,KAAK,CAAC,oBAAoB;QAChC,MAAM,GAAG,GAAG,MAAM,IAAA,8BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/C,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,UAAU,EAAE,EAAE,EAAE,GAAG,EAAE,sBAAsB,GAAG,CAAC,CAAC,CAAC;QACzK,MAAM,UAAU,GAAG,sBAAsB,GAAG,CAAC,CAAC;QAE9C,IAAI,CAAC,yBAAyB,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,CAAC;QAC3E,IAAI,CAAC,gCAAgC,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;IACjF,CAAC;IAEO,KAAK,CAAC,OAAO,CAAC,MAA2B,EAAE,IAAgB;QACjE,MAAM,GAAG,GAAG,MAAM,IAAA,8BAAe,EAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAEhI,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;CACF,CAAA;AAlNY,qBAAqB;IADjC,IAAA,qBAAS,GAAE;IAiBP,WAAA,IAAA,oBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,kBAAM,EAAC,uCAA8B,CAAC,CAAA;qCAHnB,2EAAmC;QACpC,mEAA+B;QACT,0EAAkC;GAhBlE,qBAAqB,CAkNjC;AAlNY,sDAAqB"}

package/authentication/server/helper.d.ts

@@ -0,0 +1,13 @@
+import type { HttpServerRequest } from "../../http/server";
+import type { Record } from "../../types";
+import type { Token } from '../models';
+/**
+ *
+ * @param request
+ * @param cookieName (default "authorization")
+ * @returns token string
+ */
+export declare function tryGetAuthorizationTokenStringFromRequest(request: HttpServerRequest, cookieName?: string): string | undefined;
+export declare function tryGetTokenFromRequest<AdditionalTokenPayload = Record<never>>(request: HttpServerRequest, tokenVersion: number, secret: string | BinaryData): Promise<Token<AdditionalTokenPayload> | undefined>;
+export declare function getTokenFromRequest<AdditionalTokenPayload = Record<never>>(request: HttpServerRequest, tokenVersion: number, secret: string | BinaryData): Promise<Token<AdditionalTokenPayload>>;
+export declare function getTokenFromString<AdditionalTokenPayload = Record<never>>(tokenString: string, tokenVersion: number, secret: string | BinaryData): Promise<Token<AdditionalTokenPayload>>;

package/authentication/server/helper.js

@@ -0,0 +1,62 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getTokenFromString = exports.getTokenFromRequest = exports.tryGetTokenFromRequest = exports.tryGetAuthorizationTokenStringFromRequest = void 0;
+const bad_request_error_1 = require("../../error/bad-request.error");
+const invalid_token_error_1 = require("../../error/invalid-token.error");
+const unauthorized_error_1 = require("../../error/unauthorized.error");
+const date_time_1 = require("../../utils/date-time");
+const jwt_1 = require("../../utils/jwt");
+const type_guards_1 = require("../../utils/type-guards");
+/**
+ *
+ * @param request
+ * @param cookieName (default "authorization")
+ * @returns token string
+ */
+function tryGetAuthorizationTokenStringFromRequest(request, cookieName = 'authorization') {
+    const authorizationHeaders = request.headers.tryGet('Authorization');
+    const authorizationString = ((0, type_guards_1.isArray)(authorizationHeaders) ? authorizationHeaders[0] : authorizationHeaders)
+        ?? request.cookies.tryGet(cookieName);
+    if ((0, type_guards_1.isDefined)(authorizationString)) {
+        const authorizationSchemeEnd = authorizationString.indexOf(' ');
+        const authorizationScheme = authorizationString.slice(0, authorizationSchemeEnd).trim().toLowerCase();
+        if (authorizationScheme == 'bearer') {
+            throw new bad_request_error_1.BadRequestError(`Unsupported authorization scheme "${authorizationScheme}".`);
+        }
+        const authorization = authorizationString.slice(authorizationSchemeEnd).trim();
+        return authorization;
+    }
+    return undefined;
+}
+exports.tryGetAuthorizationTokenStringFromRequest = tryGetAuthorizationTokenStringFromRequest;
+async function tryGetTokenFromRequest(request, tokenVersion, secret) {
+    const tokenString = tryGetAuthorizationTokenStringFromRequest(request);
+    if ((0, type_guards_1.isUndefined)(tokenString)) {
+        return undefined;
+    }
+    return getTokenFromString(tokenString, tokenVersion, secret);
+}
+exports.tryGetTokenFromRequest = tryGetTokenFromRequest;
+async function getTokenFromRequest(request, tokenVersion, secret) {
+    const token = await tryGetTokenFromRequest(request, tokenVersion, secret);
+    if ((0, type_guards_1.isUndefined)(token)) {
+        throw new unauthorized_error_1.UnauthorizedError('Missing authorization.');
+    }
+    return token;
+}
+exports.getTokenFromRequest = getTokenFromRequest;
+async function getTokenFromString(tokenString, tokenVersion, secret) {
+    if ((0, type_guards_1.isUndefined)(tokenString)) {
+        throw new unauthorized_error_1.UnauthorizedError('Missing authorization.');
+    }
+    const validatedToken = await (0, jwt_1.parseAndValidateJwtTokenString)(tokenString, 'HS256', secret);
+    if (validatedToken.header.v != tokenVersion) {
+        throw new invalid_token_error_1.InvalidTokenError('Invalid token version.');
+    }
+    if (validatedToken.payload.exp <= (0, date_time_1.currentTimestampSeconds)()) {
+        throw new invalid_token_error_1.InvalidTokenError('Token expired.');
+    }
+    return validatedToken;
+}
+exports.getTokenFromString = getTokenFromString;
+//# sourceMappingURL=helper.js.map

package/authentication/server/helper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"helper.js","sourceRoot":"","sources":["../../../source/authentication/server/helper.ts"],"names":[],"mappings":";;;AAAA,qEAA4D;AAC5D,yEAAgE;AAChE,uEAA+D;AAG/D,qDAA4D;AAC5D,yCAA6D;AAC7D,yDAAsE;AAGtE;;;;;GAKG;AACH,SAAgB,yCAAyC,CAAC,OAA0B,EAAE,aAAqB,eAAe;IACxH,MAAM,oBAAoB,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,CAAkC,CAAC;IAEtG,MAAM,mBAAmB,GAAG,CAAC,IAAA,qBAAO,EAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC;WACvG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAExC,IAAI,IAAA,uBAAS,EAAC,mBAAmB,CAAC,EAAE;QAClC,MAAM,sBAAsB,GAAG,mBAAmB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAChE,MAAM,mBAAmB,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC,EAAE,sBAAsB,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAEtG,IAAI,mBAAmB,IAAI,QAAQ,EAAE;YACnC,MAAM,IAAI,mCAAe,CAAC,qCAAqC,mBAAmB,IAAI,CAAC,CAAC;SACzF;QAED,MAAM,aAAa,GAAG,mBAAmB,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,IAAI,EAAE,CAAC;QAC/E,OAAO,aAAa,CAAC;KACtB;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAnBD,8FAmBC;AAEM,KAAK,UAAU,sBAAsB,CAAyC,OAA0B,EAAE,YAAoB,EAAE,MAA2B;IAChK,MAAM,WAAW,GAAG,yCAAyC,CAAC,OAAO,CAAC,CAAC;IAEvE,IAAI,IAAA,yBAAW,EAAC,WAAW,CAAC,EAAE;QAC5B,OAAO,SAAS,CAAC;KAClB;IAED,OAAO,kBAAkB,CAAC,WAAW,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;AAC/D,CAAC;AARD,wDAQC;AAEM,KAAK,UAAU,mBAAmB,CAAyC,OAA0B,EAAE,YAAoB,EAAE,MAA2B;IAC7J,MAAM,KAAK,GAAG,MAAM,sBAAsB,CAAyB,OAAO,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;IAElG,IAAI,IAAA,yBAAW,EAAC,KAAK,CAAC,EAAE;QACtB,MAAM,IAAI,sCAAiB,CAAC,wBAAwB,CAAC,CAAC;KACvD;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AARD,kDAQC;AAEM,KAAK,UAAU,kBAAkB,CAAyC,WAAmB,EAAE,YAAoB,EAAE,MAA2B;IACrJ,IAAI,IAAA,yBAAW,EAAC,WAAW,CAAC,EAAE;QAC5B,MAAM,IAAI,sCAAiB,CAAC,wBAAwB,CAAC,CAAC;KACvD;IAED,MAAM,cAAc,GAAG,MAAM,IAAA,oCAA8B,EAAgC,WAAW,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAEzH,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC,IAAI,YAAY,EAAE;QAC3C,MAAM,IAAI,uCAAiB,CAAC,wBAAwB,CAAC,CAAC;KACvD;IAED,IAAI,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,IAAA,mCAAuB,GAAE,EAAE;QAC3D,MAAM,IAAI,uCAAiB,CAAC,gBAAgB,CAAC,CAAC;KAC/C;IAED,OAAO,cAAc,CAAC;AACxB,CAAC;AAhBD,gDAgBC"}

package/authentication/server/index.d.ts

@@ -0,0 +1,8 @@
+export * from './authentication-credentials.repository';
+export * from './authentication-session.repository';
+export * from './authentication-token-payload.provider';
+export * from './authentication.api-controller';
+export * from './authentication.service';
+export * from './helper';
+export * from './module';
+export * from './tokens';

package/authentication/server/index.js

@@ -0,0 +1,25 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./authentication-credentials.repository"), exports);
+__exportStar(require("./authentication-session.repository"), exports);
+__exportStar(require("./authentication-token-payload.provider"), exports);
+__exportStar(require("./authentication.api-controller"), exports);
+__exportStar(require("./authentication.service"), exports);
+__exportStar(require("./helper"), exports);
+__exportStar(require("./module"), exports);
+__exportStar(require("./tokens"), exports);
+//# sourceMappingURL=index.js.map

package/authentication/server/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../source/authentication/server/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0EAAwD;AACxD,sEAAoD;AACpD,0EAAwD;AACxD,kEAAgD;AAChD,2DAAyC;AACzC,2CAAyB;AACzB,2CAAyB;AACzB,2CAAyB"}

package/authentication/server/module.d.ts

@@ -0,0 +1,12 @@
+import type { Type } from "../../types";
+import { AuthenticationCredentialsRepository } from './authentication-credentials.repository';
+import { AuthenticationSessionRepository } from './authentication-session.repository';
+import { AuthenticationTokenPayloadProvider } from './authentication-token-payload.provider';
+import type { AuthenticationServiceOptions } from './authentication.service';
+export type AuthenticationModuleConfig = {
+    serviceOptions: AuthenticationServiceOptions;
+    credentialsRepository: Type<AuthenticationCredentialsRepository>;
+    sessionRepository: Type<AuthenticationSessionRepository>;
+    tokenPayloadProvider?: Type<AuthenticationTokenPayloadProvider>;
+};
+export declare function configureAuthenticationServer(config: AuthenticationModuleConfig): void;

package/authentication/server/module.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configureAuthenticationServer = void 0;
+const container_1 = require("../../container");
+const type_guards_1 = require("../../utils/type-guards");
+const authentication_credentials_repository_1 = require("./authentication-credentials.repository");
+const authentication_session_repository_1 = require("./authentication-session.repository");
+const authentication_token_payload_provider_1 = require("./authentication-token-payload.provider");
+const tokens_1 = require("./tokens");
+function configureAuthenticationServer(config) {
+    container_1.container.register(tokens_1.AUTHENTICATION_SERVICE_OPTIONS, { useValue: config.serviceOptions });
+    container_1.container.registerSingleton(authentication_credentials_repository_1.AuthenticationCredentialsRepository, { useToken: config.credentialsRepository });
+    container_1.container.registerSingleton(authentication_session_repository_1.AuthenticationSessionRepository, { useToken: config.sessionRepository });
+    if ((0, type_guards_1.isDefined)(config.tokenPayloadProvider)) {
+        container_1.container.registerSingleton(authentication_token_payload_provider_1.AuthenticationTokenPayloadProvider, { useToken: config.tokenPayloadProvider });
+    }
+}
+exports.configureAuthenticationServer = configureAuthenticationServer;
+//# sourceMappingURL=module.js.map

package/authentication/server/module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"module.js","sourceRoot":"","sources":["../../../source/authentication/server/module.ts"],"names":[],"mappings":";;;AAAA,+CAAwC;AAExC,yDAAgD;AAChD,mGAA8F;AAC9F,2FAAsF;AACtF,mGAA6F;AAE7F,qCAA0D;AAS1D,SAAgB,6BAA6B,CAAC,MAAkC;IAC9E,qBAAS,CAAC,QAAQ,CAAC,uCAA8B,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;IACxF,qBAAS,CAAC,iBAAiB,CAAC,2EAAmC,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,qBAAqB,EAAE,CAAC,CAAC;IAC7G,qBAAS,CAAC,iBAAiB,CAAC,mEAA+B,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAErG,IAAI,IAAA,uBAAS,EAAC,MAAM,CAAC,oBAAoB,CAAC,EAAE;QAC1C,qBAAS,CAAC,iBAAiB,CAAC,0EAAkC,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,oBAAoB,EAAE,CAAC,CAAC;KAC5G;AACH,CAAC;AARD,sEAQC"}

package/authentication/server/mongo/index.d.ts

@@ -0,0 +1,2 @@
+export * from './mongo-authentication-credentials.repository';
+export * from './mongo-authentication-session.repository';

package/authentication/server/mongo/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./mongo-authentication-credentials.repository"), exports);
+__exportStar(require("./mongo-authentication-session.repository"), exports);
+//# sourceMappingURL=index.js.map

package/authentication/server/mongo/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../source/authentication/server/mongo/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,gFAA8D;AAC9D,4EAA0D"}

package/authentication/{mongo → server/mongo}/mongo-authentication-credentials.repository.d.ts

@@ -1,25 +1,22 @@
-import type { Injectable } from "../../container";
-import { resolveArgumentType } from "../../container";
-import { MaybeNewEntity } from "../../database";
-import type { CollectionArgument } from "../../database/mongo";
-import { Collection, MongoEntityRepository } from "../../database/mongo";
-import { Logger } from "../../logger";
+import type { Injectable } from "../../../container";
+import { resolveArgumentType } from "../../../container";
+import type { MaybeNewEntity } from "../../../database";
+import type { CollectionArgument } from "../../../database/mongo";
+import { Collection, MongoEntityRepository } from "../../../database/mongo";
+import { Logger } from "../../../logger";
+import type { AuthenticationCredentials, NewAuthenticationCredentials } from '../../models';
 import { AuthenticationCredentialsRepository } from '../authentication-credentials.repository';
-import type { AuthenticationCredentials, NewAuthenticationCredentials } from '../models';
-export type MongoAuthenticationCredentialsRepositoryConfig = {
-    config?: MongoAuthenticationCredentialsRepositoryArgument;
-};
 export type MongoAuthenticationCredentialsRepositoryArgument = CollectionArgument<AuthenticationCredentials>;
-export declare const mongoAuthenticationCredentialsRepositoryConfig: MongoAuthenticationCredentialsRepositoryConfig;
-export declare class MongoAuthenticationCredentialsRepository extends AuthenticationCredentialsRepository {
-    private readonly repository;
-    constructor(repository: InternalMongoAuthenticationCredentialsRepository);
-    tryLoad(id: string): Promise<AuthenticationCredentials | undefined>;
-    save(credentials: AuthenticationCredentials | NewAuthenticationCredentials): Promise<void>;
-}
+export type MongoAuthenticationCredentialsRepositoryConfig = MongoAuthenticationCredentialsRepositoryArgument;
 export declare class InternalMongoAuthenticationCredentialsRepository extends MongoEntityRepository<AuthenticationCredentials> implements Injectable<MongoAuthenticationCredentialsRepositoryArgument> {
     readonly [resolveArgumentType]: MongoAuthenticationCredentialsRepositoryArgument;
     constructor(collection: Collection<AuthenticationCredentials>, logger: Logger);
     upsert(credentials: MaybeNewEntity<AuthenticationCredentials>): Promise<void>;
 }
-export declare function configureMongoAuthenticationCredentialsRepository(config?: Partial<MongoAuthenticationCredentialsRepositoryConfig>): void;
+export declare class MongoAuthenticationCredentialsRepository extends AuthenticationCredentialsRepository {
+    private readonly repository;
+    constructor(repository: InternalMongoAuthenticationCredentialsRepository);
+    tryLoadBySubject(subject: string): Promise<AuthenticationCredentials | undefined>;
+    save(credentials: AuthenticationCredentials | NewAuthenticationCredentials): Promise<void>;
+}
+export declare function configureMongoAuthenticationCredentialsRepository(config: MongoAuthenticationCredentialsRepositoryConfig): void;

package/authentication/{mongo → server/mongo}/mongo-authentication-credentials.repository.js

@@ -12,34 +12,17 @@ var __param = (this && this.__param) || function (paramIndex, decorator) {
     return function (target, key) { decorator(target, key, paramIndex); }
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.configureMongoAuthenticationCredentialsRepository = exports.InternalMongoAuthenticationCredentialsRepository = exports.MongoAuthenticationCredentialsRepository = exports.mongoAuthenticationCredentialsRepositoryConfig = void 0;
-const container_1 = require("../../container");
-const database_1 = require("../../database");
-const mongo_1 = require("../../database/mongo");
-const logger_1 = require("../../logger");
+exports.configureMongoAuthenticationCredentialsRepository = exports.MongoAuthenticationCredentialsRepository = exports.InternalMongoAuthenticationCredentialsRepository = void 0;
+const container_1 = require("../../../container");
+const database_1 = require("../../../database");
+const mongo_1 = require("../../../database/mongo");
+const logger_1 = require("../../../logger");
+const type_guards_1 = require("../../../utils/type-guards");
 const authentication_credentials_repository_1 = require("../authentication-credentials.repository");
-exports.mongoAuthenticationCredentialsRepositoryConfig = {};
+let defaultArgument;
 const indexes = [
     { key: { subject: 1 }, unique: true }
 ];
-let MongoAuthenticationCredentialsRepository = class MongoAuthenticationCredentialsRepository extends authentication_credentials_repository_1.AuthenticationCredentialsRepository {
-    repository;
-    constructor(repository) {
-        super();
-        this.repository = repository;
-    }
-    async tryLoad(id) {
-        return this.repository.tryLoad(id);
-    }
-    async save(credentials) {
-        await this.repository.upsert(credentials);
-    }
-};
-MongoAuthenticationCredentialsRepository = __decorate([
-    (0, container_1.singleton)(),
-    __metadata("design:paramtypes", [InternalMongoAuthenticationCredentialsRepository])
-], MongoAuthenticationCredentialsRepository);
-exports.MongoAuthenticationCredentialsRepository = MongoAuthenticationCredentialsRepository;
 let InternalMongoAuthenticationCredentialsRepository = class InternalMongoAuthenticationCredentialsRepository extends mongo_1.MongoEntityRepository {
     [container_1.resolveArgumentType];
     constructor(collection, logger) {
@@ -52,14 +35,40 @@ let InternalMongoAuthenticationCredentialsRepository = class InternalMongoAuthen
 };
 InternalMongoAuthenticationCredentialsRepository = __decorate([
     (0, container_1.singleton)({
-        defaultArgumentProvider: () => exports.mongoAuthenticationCredentialsRepositoryConfig.config
+        defaultArgumentProvider: () => defaultArgument
     }),
     __param(0, (0, container_1.forwardArg)()),
     __metadata("design:paramtypes", [mongo_1.Collection, logger_1.Logger])
 ], InternalMongoAuthenticationCredentialsRepository);
 exports.InternalMongoAuthenticationCredentialsRepository = InternalMongoAuthenticationCredentialsRepository;
-function configureMongoAuthenticationCredentialsRepository(config = {}) {
-    exports.mongoAuthenticationCredentialsRepositoryConfig.config = config.config ?? exports.mongoAuthenticationCredentialsRepositoryConfig.config;
+let MongoAuthenticationCredentialsRepository = class MongoAuthenticationCredentialsRepository extends authentication_credentials_repository_1.AuthenticationCredentialsRepository {
+    repository;
+    constructor(repository) {
+        super();
+        this.repository = repository;
+    }
+    async tryLoadBySubject(subject) {
+        const credentials = await this.repository.tryLoadByFilter({ subject });
+        if ((0, type_guards_1.isUndefined)(credentials)) {
+            return credentials;
+        }
+        return {
+            ...credentials,
+            salt: credentials.salt.buffer,
+            hash: credentials.hash.buffer
+        };
+    }
+    async save(credentials) {
+        await this.repository.upsert(credentials);
+    }
+};
+MongoAuthenticationCredentialsRepository = __decorate([
+    (0, container_1.singleton)(),
+    __metadata("design:paramtypes", [InternalMongoAuthenticationCredentialsRepository])
+], MongoAuthenticationCredentialsRepository);
+exports.MongoAuthenticationCredentialsRepository = MongoAuthenticationCredentialsRepository;
+function configureMongoAuthenticationCredentialsRepository(config) {
+    defaultArgument = config;
 }
 exports.configureMongoAuthenticationCredentialsRepository = configureMongoAuthenticationCredentialsRepository;
 //# sourceMappingURL=mongo-authentication-credentials.repository.js.map

package/authentication/server/mongo/mongo-authentication-credentials.repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mongo-authentication-credentials.repository.js","sourceRoot":"","sources":["../../../../source/authentication/server/mongo/mongo-authentication-credentials.repository.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AACA,kDAAyE;AAEzE,gDAAsC;AAEtC,mDAAsF;AACtF,4CAAkC;AAClC,4DAAkD;AAGlD,oGAA+F;AAM/F,IAAI,eAA2E,CAAC;AAEhF,MAAM,OAAO,GAAuD;IAClE,EAAE,GAAG,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE;CACtC,CAAC;AAKK,IAAM,gDAAgD,GAAtD,MAAM,gDAAiD,SAAQ,6BAAgD;IAC3G,CAAC,+BAAmB,CAAC,CAAmD;IAEjF,YAA0B,UAAiD,EAAE,MAAc;QACzF,KAAK,CAAC,UAAU,EAAE,uBAAe,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,WAAsD;QACjE,MAAM,EAAE,EAAE,EAAE,CAAC,EAAE,GAAG,oBAAoB,EAAE,GAAG,WAAW,CAAC;QAEvD,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,WAAW,CAAC,OAAO,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,GAAG,EAAE,IAAA,mBAAQ,GAAE,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1J,CAAC;CACF,CAAA;AAZY,gDAAgD;IAH5D,IAAA,qBAAS,EAAC;QACT,uBAAuB,EAAE,GAAG,EAAE,CAAC,eAAe;KAC/C,CAAC;IAIa,WAAA,IAAA,sBAAU,GAAE,CAAA;qCAAa,kBAAU,EAAqC,eAAM;GAHhF,gDAAgD,CAY5D;AAZY,4GAAgD;AAetD,IAAM,wCAAwC,GAA9C,MAAM,wCAAyC,SAAQ,2EAAmC;IAC9E,UAAU,CAAmD;IAE9E,YAAY,UAA4D;QACtE,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAe;QACpC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;QAEvE,IAAI,IAAA,yBAAW,EAAC,WAAW,CAAC,EAAE;YAC5B,OAAO,WAAW,CAAC;SACpB;QAED,OAAO;YACL,GAAG,WAAW;YACd,IAAI,EAAG,WAAW,CAAC,IAA0B,CAAC,MAAM;YACpD,IAAI,EAAG,WAAW,CAAC,IAA0B,CAAC,MAAM;SACrD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,WAAqE;QAC9E,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC;CACF,CAAA;AAzBY,wCAAwC;IADpD,IAAA,qBAAS,GAAE;qCAIc,gDAAgD;GAH7D,wCAAwC,CAyBpD;AAzBY,4FAAwC;AA2BrD,SAAgB,iDAAiD,CAAC,MAAsD;IACtH,eAAe,GAAG,MAAM,CAAC;AAC3B,CAAC;AAFD,8GAEC"}

package/authentication/{mongo → server/mongo}/mongo-authentication-session.repository.d.ts

@@ -1,16 +1,17 @@
-import type { Injectable } from "../../container";
-import { resolveArgumentType } from "../../container";
-import type { CollectionArgument } from "../../database/mongo";
-import { Collection, MongoEntityRepository } from "../../database/mongo";
-import { Logger } from "../../logger";
+import type { Injectable } from "../../../container";
+import { resolveArgumentType } from "../../../container";
+import type { CollectionArgument } from "../../../database/mongo";
+import { Collection, MongoEntityRepository } from "../../../database/mongo";
+import { Logger } from "../../../logger";
+import type { AuthenticationSession, NewAuthenticationSession } from '../../models';
 import type { AuthenticationSessionExtendData } from '../authentication-session.repository';
 import { AuthenticationSessionRepository } from '../authentication-session.repository';
-import type { AuthenticationSession, NewAuthenticationSession } from '../models';
-export type MongoAuthenticationSessionRepositoryConfig = {
-    config?: MongoAuthenticationSessionRepositoryArgument;
-};
+export type MongoAuthenticationSessionRepositoryConfig = MongoAuthenticationSessionRepositoryArgument;
 export type MongoAuthenticationSessionRepositoryArgument = CollectionArgument<AuthenticationSession>;
-export declare const mongoAuthenticationSessionRepositoryConfig: MongoAuthenticationSessionRepositoryConfig;
+export declare class InternalMongoAuthenticationSessionRepository extends MongoEntityRepository<AuthenticationSession> implements Injectable<MongoAuthenticationSessionRepositoryArgument> {
+    readonly [resolveArgumentType]: MongoAuthenticationSessionRepositoryArgument;
+    constructor(collection: Collection<AuthenticationSession>, logger: Logger);
+}
 export declare class MongoAuthenticationSessionRepository extends AuthenticationSessionRepository {
     private readonly repository;
     constructor(repository: InternalMongoAuthenticationSessionRepository);
@@ -19,8 +20,4 @@ export declare class MongoAuthenticationSessionRepository extends Authentication
     extend(id: string, data: AuthenticationSessionExtendData): Promise<void>;
     end(id: string, timestamp: number): Promise<void>;
 }
-export declare class InternalMongoAuthenticationSessionRepository extends MongoEntityRepository<AuthenticationSession> implements Injectable<MongoAuthenticationSessionRepositoryArgument> {
-    readonly [resolveArgumentType]: MongoAuthenticationSessionRepositoryArgument;
-    constructor(collection: Collection<AuthenticationSession>, logger: Logger);
-}
-export declare function configureMongoAuthenticationSessionRepository(config?: Partial<MongoAuthenticationSessionRepositoryConfig>): void;
+export declare function configureMongoAuthenticationSessionRepository(config: MongoAuthenticationSessionRepositoryConfig): void;