@tstdl/base 0.83.3 → 0.83.5

package/authentication/server/authentication.service.d.ts

@@ -9,8 +9,15 @@ import { AuthenticationSessionRepository } from './authentication-session.reposi
 import { AuthenticationSubjectResolver } from './authentication-subject.resolver.js';
 import { AuthenticationTokenPayloadProvider } from './authentication-token-payload.provider.js';
 export declare class AuthenticationServiceOptions {
-    /** Secret used for signing tokens and refreshTokens */
-    secret: string;
+    /**
+     * Secrets used for signing tokens and refreshTokens
+     * If single secret is provided, multiple secrets are derived internally
+     */
+    secret: string | BinaryData | {
+        tokenSigningSecret: Uint8Array;
+        refreshTokenSigningSecret: Uint8Array;
+        secretResetTokenSigningSecret: Uint8Array;
+    };
     /** Token version, forces refresh on mismatch (useful if payload changes) */
     version?: number;
     /** How long a token is valid */
@@ -39,6 +46,7 @@ export declare class AuthenticationService<AdditionalTokenPayload = Record<never
     private readonly tokenPayloadProvider;
     private readonly subjectResolver;
     private readonly authenticationResetSecretHandler;
+    private readonly options;
     private readonly secret;
     private readonly tokenVersion;
     private readonly tokenTimeToLive;

package/authentication/server/authentication.service.js

@@ -60,7 +60,10 @@ var __param = function(paramIndex, decorator) {
   };
 };
 class AuthenticationServiceOptions {
-  /** Secret used for signing tokens and refreshTokens */
+  /**
+   * Secrets used for signing tokens and refreshTokens
+   * If single secret is provided, multiple secrets are derived internally
+   */
   secret;
   /** Token version, forces refresh on mismatch (useful if payload changes) */
   version;
@@ -71,7 +74,7 @@ class AuthenticationServiceOptions {
   /** How long a secret reset token is valid. */
   secretResetTokenTimeToLive;
 }
-const SIGNING_SECRETS_LENGTH = 512;
+const SIGNING_SECRETS_LENGTH = 64;
 let AuthenticationService = class AuthenticationService2 {
   credentialsRepository;
   sessionRepository;
@@ -79,6 +82,7 @@ let AuthenticationService = class AuthenticationService2 {
   tokenPayloadProvider;
   subjectResolver;
   authenticationResetSecretHandler;
+  options;
   secret;
   tokenVersion;
   tokenTimeToLive;
@@ -94,7 +98,7 @@ let AuthenticationService = class AuthenticationService2 {
     this.subjectResolver = subjectResolver;
     this.tokenPayloadProvider = tokenPayloadProvider;
     this.authenticationResetSecretHandler = authenticationResetSecretHandler;
-    this.secret = options.secret;
+    this.options = options;
     this.tokenVersion = options.version ?? 1;
     this.tokenTimeToLive = options.tokenTimeToLive ?? 5 * import_units.millisecondsPerMinute;
     this.refreshTokenTimeToLive = options.refreshTokenTimeToLive ?? 5 * import_units.millisecondsPerDay;
@@ -104,7 +108,13 @@ let AuthenticationService = class AuthenticationService2 {
     await this.initialize();
   }
   async initialize() {
-    await this.deriveSigningSecrets();
+    if ((0, import_type_guards.isString)(this.options.secret) || (0, import_type_guards.isBinaryData)(this.options.secret)) {
+      await this.deriveSigningSecrets(this.options.secret);
+    } else {
+      this.derivedTokenSigningSecret = this.options.secret.tokenSigningSecret;
+      this.derivedRefreshTokenSigningSecret = this.options.secret.refreshTokenSigningSecret;
+      this.derivedSecretResetTokenSigningSecret = this.options.secret.secretResetTokenSigningSecret;
+    }
   }
   async setCredentials(subject, secret) {
     const actualSubject = await this.resolveSubject(subject);
@@ -269,9 +279,10 @@ let AuthenticationService = class AuthenticationService2 {
     const token = await (0, import_jwt.createJwtTokenString)(jsonToken, this.derivedSecretResetTokenSigningSecret);
     return { token, jsonToken };
   }
-  async deriveSigningSecrets() {
-    const key = await (0, import_cryptography.importPbkdf2Key)(this.secret);
-    const [derivedTokenSigningSecret, derivedRefreshTokenSigningSecret, derivedSecretResetTokenSigningSecret] = await (0, import_cryptography.deriveBytesMultiple)(3, SIGNING_SECRETS_LENGTH / 8, { name: "PBKDF2", hash: "SHA-512", iterations: 5e5, salt: new Uint8Array() }, key);
+  async deriveSigningSecrets(secret) {
+    const key = await (0, import_cryptography.importPbkdf2Key)(secret);
+    const algorithm = { name: "PBKDF2", hash: "SHA-512", iterations: 5e5, salt: new Uint8Array() };
+    const [derivedTokenSigningSecret, derivedRefreshTokenSigningSecret, derivedSecretResetTokenSigningSecret] = await (0, import_cryptography.deriveBytesMultiple)(algorithm, key, 3, SIGNING_SECRETS_LENGTH);
     this.derivedTokenSigningSecret = derivedTokenSigningSecret;
     this.derivedRefreshTokenSigningSecret = derivedRefreshTokenSigningSecret;
     this.derivedSecretResetTokenSigningSecret = derivedSecretResetTokenSigningSecret;

package/authentication/server/module.d.ts

@@ -1,3 +1,4 @@
+import type { Provider } from '../../container/index.js';
 import type { Type } from '../../types.js';
 import { AuthenticationCredentialsRepository } from './authentication-credentials.repository.js';
 import { AuthenticationSessionRepository } from './authentication-session.repository.js';
@@ -5,7 +6,7 @@ import { AuthenticationSubjectResolver } from './authentication-subject.resolver
 import { AuthenticationTokenPayloadProvider } from './authentication-token-payload.provider.js';
 import { AuthenticationService, AuthenticationServiceOptions } from './authentication.service.js';
 export type AuthenticationModuleConfig = {
-    serviceOptions: AuthenticationServiceOptions;
+    serviceOptions: AuthenticationServiceOptions | Provider<AuthenticationServiceOptions>;
     credentialsRepository: Type<AuthenticationCredentialsRepository>;
     sessionRepository: Type<AuthenticationSessionRepository>;
     /** override default AuthenticationService */

package/authentication/server/module.js

@@ -29,7 +29,7 @@ var import_authentication_subject_resolver = require("./authentication-subject.r
 var import_authentication_token_payload_provider = require("./authentication-token-payload.provider.js");
 var import_authentication_service = require("./authentication.service.js");
 function configureAuthenticationServer(config) {
-  import_container.container.register(import_authentication_service.AuthenticationServiceOptions, { useValue: config.serviceOptions });
+  import_container.container.register(import_authentication_service.AuthenticationServiceOptions, (0, import_container.isProvider)(config.serviceOptions) ? config.serviceOptions : { useValue: config.serviceOptions });
   import_container.container.registerSingleton(import_authentication_credentials_repository.AuthenticationCredentialsRepository, { useToken: config.credentialsRepository });
   import_container.container.registerSingleton(import_authentication_session_repository.AuthenticationSessionRepository, { useToken: config.sessionRepository });
   if ((0, import_type_guards.isDefined)(config.authenticationService)) {

package/container/provider.d.ts

@@ -28,7 +28,8 @@ export declare function classProvider<T>(constructor: Constructor<T>): ClassProv
 export declare function valueProvider<T>(value: T): ValueProvider<T>;
 export declare function tokenProvider<T, A>(token: InjectionToken<T, A>, argument?: InjectableArgument<T, A>): TokenProvider<T>;
 export declare function factoryProvider<T, A>(factory: Factory<T, A>): FactoryProvider<T, A>;
-export declare function isClassProvider<T>(provider: Provider<T>): provider is ClassProvider<T>;
-export declare function isValueProvider<T>(provider: Provider<T>): provider is ValueProvider<T>;
-export declare function isTokenProvider<T>(provider: Provider<T>): provider is TokenProvider<T>;
-export declare function isFactoryProvider<T, A>(provider: Provider<T, A>): provider is FactoryProvider<T, A>;
+export declare function isClassProvider<T>(value: unknown): value is ClassProvider<T>;
+export declare function isValueProvider<T>(value: unknown): value is ValueProvider<T>;
+export declare function isTokenProvider<T>(value: unknown): value is TokenProvider<T>;
+export declare function isFactoryProvider<T, A>(value: unknown): value is FactoryProvider<T, A>;
+export declare function isProvider<T, A>(value: unknown): value is Provider<T, A>;

package/container/provider.js

@@ -22,6 +22,7 @@ __export(provider_exports, {
   factoryProvider: () => factoryProvider,
   isClassProvider: () => isClassProvider,
   isFactoryProvider: () => isFactoryProvider,
+  isProvider: () => isProvider,
   isTokenProvider: () => isTokenProvider,
   isValueProvider: () => isValueProvider,
   tokenProvider: () => tokenProvider,
@@ -29,6 +30,7 @@ __export(provider_exports, {
 });
 module.exports = __toCommonJS(provider_exports);
 var import_object = require("../utils/object/object.js");
+var import_type_guards = require("../utils/type-guards.js");
 function classProvider(constructor) {
   return { useClass: constructor };
 }
@@ -41,15 +43,18 @@ function tokenProvider(token, argument) {
 function factoryProvider(factory) {
   return { useFactory: factory };
 }
-function isClassProvider(provider) {
-  return (0, import_object.hasOwnProperty)(provider, "useClass");
+function isClassProvider(value) {
+  return (0, import_type_guards.isObject)(value) && (0, import_object.hasOwnProperty)(value, "useClass");
 }
-function isValueProvider(provider) {
-  return (0, import_object.hasOwnProperty)(provider, "useValue");
+function isValueProvider(value) {
+  return (0, import_type_guards.isObject)(value) && (0, import_object.hasOwnProperty)(value, "useValue");
 }
-function isTokenProvider(provider) {
-  return (0, import_object.hasOwnProperty)(provider, "useToken") || (0, import_object.hasOwnProperty)(provider, "useTokenProvider");
+function isTokenProvider(value) {
+  return (0, import_type_guards.isObject)(value) && ((0, import_object.hasOwnProperty)(value, "useToken") || (0, import_object.hasOwnProperty)(value, "useTokenProvider"));
 }
-function isFactoryProvider(provider) {
-  return (0, import_object.hasOwnProperty)(provider, "useFactory");
+function isFactoryProvider(value) {
+  return (0, import_type_guards.isObject)(value) && (0, import_object.hasOwnProperty)(value, "useFactory");
+}
+function isProvider(value) {
+  return (0, import_type_guards.isObject)(value) && (isClassProvider(value) || isValueProvider(value) || isTokenProvider(value) || isFactoryProvider(value));
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tstdl/base",
-  "version": "0.83.3",
+  "version": "0.83.5",
   "author": "Patrick Hein",
   "publishConfig": {
     "access": "public"

package/utils/cryptography.d.ts

@@ -8,6 +8,7 @@ export type AsymmetricAlgorithm = 'RSASSA-PKCS1-v1_5' | 'RSA-PSS' | 'RSA-OAEP' |
 export type CryptionAlgorithm = Parameters<typeof crypto.subtle.encrypt>[0];
 export type SignAlgorithm = Parameters<typeof crypto.subtle.sign>[0];
 export type KeyAlgorithm = Parameters<typeof crypto.subtle.generateKey>[0];
+export type DeriveAlgorithm = Parameters<typeof globalThis.crypto.subtle.deriveBits>['0'];
 export type KeyType = 'raw' | 'pkcs8' | 'spki' | 'jwk';
 export type Key = JsonWebKey | BinaryData;
 export type ScryptOptions = {
@@ -105,13 +106,18 @@ export declare function generateEcdsaKey(curve: EcdsaCurve, extractable?: boolea
  * @param extractable whether the key can be used for exportKey
  */
 export declare function generatePbkdf2Key(extractable?: boolean): Promise<CryptoKey>;
-type AlgorithmParameter = Parameters<typeof globalThis.crypto.subtle.deriveBits>['0'];
 /**
- * derive multiply byte arrays
+ * derive byte array from key
+ * @param length length in bytes
+ * @param algorithm algorithm to derive with
+ * @param baseKey key to derive from
+ */
+export declare function deriveBytes(algorithm: DeriveAlgorithm, baseKey: CryptoKey, length: number): Promise<Uint8Array>;
+/**
+ * derive multiply byte arrays from key
  * @param count how many Uint8Arrays to dervice
  * @param length length of each Uint8Array in bytes
  * @param algorithm algorithm to derive with
  * @param baseKey key to derive from
  */
-export declare function deriveBytesMultiple<C extends number>(count: C, length: number, algorithm: AlgorithmParameter, baseKey: CryptoKey): Promise<ReadonlyTuple<Uint8Array, C>>;
-export {};
+export declare function deriveBytesMultiple<C extends number>(algorithm: DeriveAlgorithm, baseKey: CryptoKey, count: C, length: number): Promise<ReadonlyTuple<Uint8Array, C>>;

package/utils/cryptography.js

@@ -19,6 +19,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var cryptography_exports = {};
 __export(cryptography_exports, {
   decrypt: () => decrypt,
+  deriveBytes: () => deriveBytes,
   deriveBytesMultiple: () => deriveBytesMultiple,
   digest: () => digest,
   encrypt: () => encrypt,
@@ -122,7 +123,11 @@ async function generatePbkdf2Key(extractable = false) {
   const key = (0, import_random.getRandomBytes)(16);
   return importPbkdf2Key(key, extractable);
 }
-async function deriveBytesMultiple(count, length, algorithm, baseKey) {
+async function deriveBytes(algorithm, baseKey, length) {
+  const bytes = await globalThis.crypto.subtle.deriveBits(algorithm, baseKey, length * 8);
+  return new Uint8Array(bytes);
+}
+async function deriveBytesMultiple(algorithm, baseKey, count, length) {
   const totalBits = count * length * 8;
   const bytes = await globalThis.crypto.subtle.deriveBits(algorithm, baseKey, totalBits);
   return (0, import_array.createArray)(count, (index) => new Uint8Array(bytes.slice(index * length, index * length + length)));

package/utils/type-guards.d.ts

@@ -118,6 +118,12 @@ export declare function assertBlob(value: any, message?: AssertionMessage): asse
 export declare function assertNotBlob<T>(value: T, message?: AssertionMessage): asserts value is InferIsNotType<T, typeof isBlob>;
 export declare function assertBlobPass(value: any, message?: AssertionMessage): InferIsType<typeof isBlob>;
 export declare function assertNotBlobPass<T>(value: T, message?: AssertionMessage): InferIsNotType<T, typeof isBlob>;
+export declare function isBinaryData(value: any): value is BinaryData;
+export declare function isNotBinaryData<T>(value: T): value is InferIsNotType<T, typeof isBinaryData>;
+export declare function assertBinaryData(value: any, message?: AssertionMessage): asserts value is InferIsType<typeof isBinaryData>;
+export declare function assertNotBinaryData<T>(value: T, message?: AssertionMessage): asserts value is InferIsNotType<T, typeof isBinaryData>;
+export declare function assertBinaryDataPass(value: any, message?: AssertionMessage): InferIsType<typeof isBinaryData>;
+export declare function assertNotBinaryDataPass<T>(value: T, message?: AssertionMessage): InferIsNotType<T, typeof isBinaryData>;
 export declare function isArrayBuffer(value: any): value is ArrayBuffer;
 export declare function isNotArrayBuffer<T>(value: T): value is InferIsNotType<T, typeof isArrayBuffer>;
 export declare function assertArrayBuffer(value: any, message?: AssertionMessage): asserts value is InferIsType<typeof isArrayBuffer>;

package/utils/type-guards.js

@@ -31,6 +31,8 @@ __export(type_guards_exports, {
   assertBigIntPass: () => assertBigIntPass,
   assertBigUint64Array: () => assertBigUint64Array,
   assertBigUint64ArrayPass: () => assertBigUint64ArrayPass,
+  assertBinaryData: () => assertBinaryData,
+  assertBinaryDataPass: () => assertBinaryDataPass,
   assertBlob: () => assertBlob,
   assertBlobPass: () => assertBlobPass,
   assertBoolean: () => assertBoolean,
@@ -70,6 +72,8 @@ __export(type_guards_exports, {
   assertNotBigIntPass: () => assertNotBigIntPass,
   assertNotBigUint64Array: () => assertNotBigUint64Array,
   assertNotBigUint64ArrayPass: () => assertNotBigUint64ArrayPass,
+  assertNotBinaryData: () => assertNotBinaryData,
+  assertNotBinaryDataPass: () => assertNotBinaryDataPass,
   assertNotBlob: () => assertNotBlob,
   assertNotBlobPass: () => assertNotBlobPass,
   assertNotBoolean: () => assertNotBoolean,
@@ -178,6 +182,7 @@ __export(type_guards_exports, {
   isBigInt: () => isBigInt,
   isBigInt64Array: () => isBigInt64Array,
   isBigUint64Array: () => isBigUint64Array,
+  isBinaryData: () => isBinaryData,
   isBlob: () => isBlob,
   isBoolean: () => isBoolean,
   isDataView: () => isDataView,
@@ -197,6 +202,7 @@ __export(type_guards_exports, {
   isNotBigInt: () => isNotBigInt,
   isNotBigInt64Array: () => isNotBigInt64Array,
   isNotBigUint64Array: () => isNotBigUint64Array,
+  isNotBinaryData: () => isNotBinaryData,
   isNotBlob: () => isNotBlob,
   isNotBoolean: () => isNotBoolean,
   isNotDataView: () => isNotDataView,
@@ -642,6 +648,26 @@ function assertNotBlobPass(value, message) {
   assertNotBlob(value, message);
   return value;
 }
+function isBinaryData(value) {
+  return isArrayBuffer(value) || isArrayBufferView(value);
+}
+function isNotBinaryData(value) {
+  return !isBinaryData(value);
+}
+function assertBinaryData(value, message = "Expected value to be BinaryData.") {
+  assert(isBinaryData(value), message);
+}
+function assertNotBinaryData(value, message = "Expected value to not be BinaryData.") {
+  assert(isNotBinaryData(value), message);
+}
+function assertBinaryDataPass(value, message) {
+  assertBinaryData(value, message);
+  return value;
+}
+function assertNotBinaryDataPass(value, message) {
+  assertNotBinaryData(value, message);
+  return value;
+}
 function isArrayBuffer(value) {
   return value instanceof ArrayBuffer;
 }