@twin.org/api-auth-entity-storage-service 0.0.1-next.2

package/dist/types/processors/authHeaderProcessor.d.ts

@@ -0,0 +1,50 @@
+import { type IHttpRequestIdentity, type IHttpResponse, type IHttpRestRouteProcessor, type IHttpServerRequest, type IRestRoute } from "@twin.org/api-models";
+import type { IAuthHeaderProcessorConfig } from "../models/IAuthHeaderProcessorConfig";
+/**
+ * Handle a JWT token in the authorization header or cookies and validate it to populate request context identity.
+ */
+export declare class AuthHeaderProcessor implements IHttpRestRouteProcessor {
+    /**
+     * Runtime name for the class.
+     */
+    readonly CLASS_NAME: string;
+    /**
+     * Create a new instance of AuthCookiePreProcessor.
+     * @param options Options for the processor.
+     * @param options.vaultConnectorType The vault for the private keys, defaults to "vault".
+     * @param options.config The configuration for the processor.
+     */
+    constructor(options?: {
+        vaultConnectorType?: string;
+        config?: IAuthHeaderProcessorConfig;
+    });
+    /**
+     * The service needs to be started when the application is initialized.
+     * @param nodeIdentity The identity of the node.
+     * @param nodeLoggingConnectorType The node logging connector type, defaults to "node-logging".
+     * @returns Nothing.
+     */
+    start(nodeIdentity: string, nodeLoggingConnectorType?: string): Promise<void>;
+    /**
+     * Pre process the REST request for the specified route.
+     * @param request The incoming request.
+     * @param response The outgoing response.
+     * @param route The route to process.
+     * @param requestIdentity The identity context for the request.
+     * @param processorState The state handed through the processors.
+     */
+    pre(request: IHttpServerRequest, response: IHttpResponse, route: IRestRoute | undefined, requestIdentity: IHttpRequestIdentity, processorState: {
+        [id: string]: unknown;
+    }): Promise<void>;
+    /**
+     * Post process the REST request for the specified route.
+     * @param request The incoming request.
+     * @param response The outgoing response.
+     * @param route The route to process.
+     * @param requestIdentity The identity context for the request.
+     * @param processorState The state handed through the processors.
+     */
+    post(request: IHttpServerRequest, response: IHttpResponse, route: IRestRoute | undefined, requestIdentity: IHttpRequestIdentity, processorState: {
+        [id: string]: unknown;
+    }): Promise<void>;
+}

package/dist/types/restEntryPoints.d.ts

@@ -0,0 +1,2 @@
+import type { IRestRouteEntryPoint } from "@twin.org/api-models";
+export declare const restEntryPoints: IRestRouteEntryPoint[];

package/dist/types/routes/entityStorageAuthenticationRoutes.d.ts

@@ -0,0 +1,37 @@
+import type { ILoginRequest, ILoginResponse, ILogoutRequest, IRefreshTokenRequest, IRefreshTokenResponse } from "@twin.org/api-auth-entity-storage-models";
+import type { IHttpRequestContext, INoContentResponse, IRestRoute, IRestRouteResponseOptions, ITag } from "@twin.org/api-models";
+/**
+ * The tag to associate with the routes.
+ */
+export declare const tagsAuthentication: ITag[];
+/**
+ * The REST routes for authentication.
+ * @param baseRouteName Prefix to prepend to the paths.
+ * @param componentName The name of the component to use in the routes stored in the ComponentFactory.
+ * @returns The generated routes.
+ */
+export declare function generateRestRoutesAuthentication(baseRouteName: string, componentName: string): IRestRoute[];
+/**
+ * Login to the server.
+ * @param httpRequestContext The request context for the API.
+ * @param componentName The name of the component to use in the routes.
+ * @param request The request.
+ * @returns The response object with additional http response properties.
+ */
+export declare function authenticationLogin(httpRequestContext: IHttpRequestContext, componentName: string, request: ILoginRequest): Promise<ILoginResponse & IRestRouteResponseOptions>;
+/**
+ * Logout from the server.
+ * @param httpRequestContext The request context for the API.
+ * @param componentName The name of the component to use in the routes.
+ * @param request The request.
+ * @returns The response object with additional http response properties.
+ */
+export declare function authenticationLogout(httpRequestContext: IHttpRequestContext, componentName: string, request: ILogoutRequest): Promise<INoContentResponse & IRestRouteResponseOptions>;
+/**
+ * Refresh the login token.
+ * @param httpRequestContext The request context for the API.
+ * @param componentName The name of the component to use in the routes.
+ * @param request The request.
+ * @returns The response object with additional http response properties.
+ */
+export declare function authenticationRefreshToken(httpRequestContext: IHttpRequestContext, componentName: string, request: IRefreshTokenRequest): Promise<IRefreshTokenResponse & IRestRouteResponseOptions>;

package/dist/types/schema.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Initialize the schema for the authentication service.
+ */
+export declare function initSchema(): void;

package/dist/types/services/entityStorageAuthenticationService.d.ts

@@ -0,0 +1,55 @@
+import type { IAuthenticationComponent } from "@twin.org/api-auth-entity-storage-models";
+import type { IEntityStorageAuthenticationServiceConfig } from "../models/IEntityStorageAuthenticationServiceConfig";
+/**
+ * Implementation of the authentication component using entity storage.
+ */
+export declare class EntityStorageAuthenticationService implements IAuthenticationComponent {
+    /**
+     * Runtime name for the class.
+     */
+    readonly CLASS_NAME: string;
+    /**
+     * Create a new instance of EntityStorageAuthentication.
+     * @param options The dependencies for the identity connector.
+     * @param options.userEntityStorageType The entity storage for the users, defaults to "authentication-user".
+     * @param options.vaultConnectorType The vault for the private keys, defaults to "vault".
+     * @param options.config The configuration for the authentication.
+     */
+    constructor(options?: {
+        userEntityStorageType?: string;
+        vaultConnectorType?: string;
+        config?: IEntityStorageAuthenticationServiceConfig;
+    });
+    /**
+     * The service needs to be started when the application is initialized.
+     * @param nodeIdentity The identity of the node.
+     * @param nodeLoggingConnectorType The node logging connector type, defaults to "node-logging".
+     * @returns Nothing.
+     */
+    start(nodeIdentity: string, nodeLoggingConnectorType?: string): Promise<void>;
+    /**
+     * Perform a login for the user.
+     * @param email The email address for the user.
+     * @param password The password for the user.
+     * @returns The authentication token for the user, if it uses a mechanism with public access.
+     */
+    login(email: string, password: string): Promise<{
+        token?: string;
+        expiry: number;
+    }>;
+    /**
+     * Logout the current user.
+     * @param token The token to logout, if it uses a mechanism with public access.
+     * @returns Nothing.
+     */
+    logout(token?: string): Promise<void>;
+    /**
+     * Refresh the token.
+     * @param token The token to refresh, if it uses a mechanism with public access.
+     * @returns The refreshed token, if it uses a mechanism with public access.
+     */
+    refresh(token?: string): Promise<{
+        token: string;
+        expiry: number;
+    }>;
+}

package/dist/types/utils/passwordHelper.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Helper class for password operations.
+ */
+export declare class PasswordHelper {
+    /**
+     * Hash the password for the user.
+     * @param passwordBytes The password bytes.
+     * @param saltBytes The salt bytes.
+     * @returns The hashed password.
+     */
+    static hashPassword(passwordBytes: Uint8Array, saltBytes: Uint8Array): Promise<string>;
+}

package/dist/types/utils/tokenHelper.d.ts

@@ -0,0 +1,41 @@
+import type { IVaultConnector } from "@twin.org/vault-models";
+import { type IHttpHeaders, type IJwtHeader, type IJwtPayload } from "@twin.org/web";
+/**
+ * Helper class for token operations.
+ */
+export declare class TokenHelper {
+    /**
+     * Create a new token.
+     * @param vaultConnector The vault connector.
+     * @param signingKeyName The signing key name.
+     * @param subject The subject for the token.
+     * @param ttlMinutes The time to live for the token in minutes.
+     * @returns The new token and its expiry date.
+     */
+    static createToken(vaultConnector: IVaultConnector, signingKeyName: string, subject: string, ttlMinutes: number): Promise<{
+        token: string;
+        expiry: number;
+    }>;
+    /**
+     * Verify the token.
+     * @param vaultConnector The vault connector.
+     * @param signingKeyName The signing key name.
+     * @param token The token to verify.
+     * @returns The verified details.
+     * @throws UnauthorizedError if the token is missing, invalid or expired.
+     */
+    static verify(vaultConnector: IVaultConnector, signingKeyName: string, token: string | undefined): Promise<{
+        header: IJwtHeader;
+        payload: IJwtPayload;
+    }>;
+    /**
+     * Extract the auth token from the headers, either from the authorization header or the cookie header.
+     * @param headers The headers to extract the token from.
+     * @param cookieName The name of the cookie to extract the token from.
+     * @returns The token if found.
+     */
+    static extractTokenFromHeaders(headers?: IHttpHeaders, cookieName?: string): {
+        token: string | undefined;
+        location: "authorization" | "cookie" | undefined;
+    };
+}

package/docs/changelog.md

@@ -0,0 +1,5 @@
+# @twin.org/api-auth-entity-storage-service - Changelog
+
+## v0.0.1-next.2
+
+- Initial Release

package/docs/examples.md

@@ -0,0 +1 @@
+# @twin.org/api-auth-entity-storage-service - Examples

package/docs/reference/classes/AuthHeaderProcessor.md

@@ -0,0 +1,149 @@
+# Class: AuthHeaderProcessor
+
+Handle a JWT token in the authorization header or cookies and validate it to populate request context identity.
+
+## Implements
+
+- `IHttpRestRouteProcessor`
+
+## Constructors
+
+### new AuthHeaderProcessor()
+
+> **new AuthHeaderProcessor**(`options`?): [`AuthHeaderProcessor`](AuthHeaderProcessor.md)
+
+Create a new instance of AuthCookiePreProcessor.
+
+#### Parameters
+
+• **options?**
+
+Options for the processor.
+
+• **options.vaultConnectorType?**: `string`
+
+The vault for the private keys, defaults to "vault".
+
+• **options.config?**: [`IAuthHeaderProcessorConfig`](../interfaces/IAuthHeaderProcessorConfig.md)
+
+The configuration for the processor.
+
+#### Returns
+
+[`AuthHeaderProcessor`](AuthHeaderProcessor.md)
+
+## Properties
+
+### CLASS\_NAME
+
+> `readonly` **CLASS\_NAME**: `string`
+
+Runtime name for the class.
+
+#### Implementation of
+
+`IHttpRestRouteProcessor.CLASS_NAME`
+
+## Methods
+
+### start()
+
+> **start**(`nodeIdentity`, `nodeLoggingConnectorType`?): `Promise`\<`void`\>
+
+The service needs to be started when the application is initialized.
+
+#### Parameters
+
+• **nodeIdentity**: `string`
+
+The identity of the node.
+
+• **nodeLoggingConnectorType?**: `string`
+
+The node logging connector type, defaults to "node-logging".
+
+#### Returns
+
+`Promise`\<`void`\>
+
+Nothing.
+
+#### Implementation of
+
+`IHttpRestRouteProcessor.start`
+
+***
+
+### pre()
+
+> **pre**(`request`, `response`, `route`, `requestIdentity`, `processorState`): `Promise`\<`void`\>
+
+Pre process the REST request for the specified route.
+
+#### Parameters
+
+• **request**: `IHttpServerRequest`\<`any`\>
+
+The incoming request.
+
+• **response**: `IHttpResponse`\<`any`\>
+
+The outgoing response.
+
+• **route**: `undefined` \| `IRestRoute`\<`any`, `any`\>
+
+The route to process.
+
+• **requestIdentity**: `IHttpRequestIdentity`
+
+The identity context for the request.
+
+• **processorState**
+
+The state handed through the processors.
+
+#### Returns
+
+`Promise`\<`void`\>
+
+#### Implementation of
+
+`IHttpRestRouteProcessor.pre`
+
+***
+
+### post()
+
+> **post**(`request`, `response`, `route`, `requestIdentity`, `processorState`): `Promise`\<`void`\>
+
+Post process the REST request for the specified route.
+
+#### Parameters
+
+• **request**: `IHttpServerRequest`\<`any`\>
+
+The incoming request.
+
+• **response**: `IHttpResponse`\<`any`\>
+
+The outgoing response.
+
+• **route**: `undefined` \| `IRestRoute`\<`any`, `any`\>
+
+The route to process.
+
+• **requestIdentity**: `IHttpRequestIdentity`
+
+The identity context for the request.
+
+• **processorState**
+
+The state handed through the processors.
+
+#### Returns
+
+`Promise`\<`void`\>
+
+#### Implementation of
+
+`IHttpRestRouteProcessor.post`

package/docs/reference/classes/AuthenticationUser.md

@@ -0,0 +1,45 @@
+# Class: AuthenticationUser
+
+Class defining the storage for user login credentials.
+
+## Constructors
+
+### new AuthenticationUser()
+
+> **new AuthenticationUser**(): [`AuthenticationUser`](AuthenticationUser.md)
+
+#### Returns
+
+[`AuthenticationUser`](AuthenticationUser.md)
+
+## Properties
+
+### email
+
+> **email**: `string`
+
+The user e-mail address.
+
+***
+
+### password
+
+> **password**: `string`
+
+The encrypted password for the user.
+
+***
+
+### salt
+
+> **salt**: `string`
+
+The salt for the password.
+
+***
+
+### identity
+
+> **identity**: `string`
+
+The user identity.

package/docs/reference/classes/EntityStorageAuthenticationService.md

@@ -0,0 +1,169 @@
+# Class: EntityStorageAuthenticationService
+
+Implementation of the authentication component using entity storage.
+
+## Implements
+
+- `IAuthenticationComponent`
+
+## Constructors
+
+### new EntityStorageAuthenticationService()
+
+> **new EntityStorageAuthenticationService**(`options`?): [`EntityStorageAuthenticationService`](EntityStorageAuthenticationService.md)
+
+Create a new instance of EntityStorageAuthentication.
+
+#### Parameters
+
+• **options?**
+
+The dependencies for the identity connector.
+
+• **options.userEntityStorageType?**: `string`
+
+The entity storage for the users, defaults to "authentication-user".
+
+• **options.vaultConnectorType?**: `string`
+
+The vault for the private keys, defaults to "vault".
+
+• **options.config?**: [`IEntityStorageAuthenticationServiceConfig`](../interfaces/IEntityStorageAuthenticationServiceConfig.md)
+
+The configuration for the authentication.
+
+#### Returns
+
+[`EntityStorageAuthenticationService`](EntityStorageAuthenticationService.md)
+
+## Properties
+
+### CLASS\_NAME
+
+> `readonly` **CLASS\_NAME**: `string`
+
+Runtime name for the class.
+
+#### Implementation of
+
+`IAuthenticationComponent.CLASS_NAME`
+
+## Methods
+
+### start()
+
+> **start**(`nodeIdentity`, `nodeLoggingConnectorType`?): `Promise`\<`void`\>
+
+The service needs to be started when the application is initialized.
+
+#### Parameters
+
+• **nodeIdentity**: `string`
+
+The identity of the node.
+
+• **nodeLoggingConnectorType?**: `string`
+
+The node logging connector type, defaults to "node-logging".
+
+#### Returns
+
+`Promise`\<`void`\>
+
+Nothing.
+
+#### Implementation of
+
+`IAuthenticationComponent.start`
+
+***
+
+### login()
+
+> **login**(`email`, `password`): `Promise`\<`object`\>
+
+Perform a login for the user.
+
+#### Parameters
+
+• **email**: `string`
+
+The email address for the user.
+
+• **password**: `string`
+
+The password for the user.
+
+#### Returns
+
+`Promise`\<`object`\>
+
+The authentication token for the user, if it uses a mechanism with public access.
+
+##### token?
+
+> `optional` **token**: `string`
+
+##### expiry
+
+> **expiry**: `number`
+
+#### Implementation of
+
+`IAuthenticationComponent.login`
+
+***
+
+### logout()
+
+> **logout**(`token`?): `Promise`\<`void`\>
+
+Logout the current user.
+
+#### Parameters
+
+• **token?**: `string`
+
+The token to logout, if it uses a mechanism with public access.
+
+#### Returns
+
+`Promise`\<`void`\>
+
+Nothing.
+
+#### Implementation of
+
+`IAuthenticationComponent.logout`
+
+***
+
+### refresh()
+
+> **refresh**(`token`?): `Promise`\<`object`\>
+
+Refresh the token.
+
+#### Parameters
+
+• **token?**: `string`
+
+The token to refresh, if it uses a mechanism with public access.
+
+#### Returns
+
+`Promise`\<`object`\>
+
+The refreshed token, if it uses a mechanism with public access.
+
+##### token
+
+> **token**: `string`
+
+##### expiry
+
+> **expiry**: `number`
+
+#### Implementation of
+
+`IAuthenticationComponent.refresh`

package/docs/reference/classes/PasswordHelper.md

@@ -0,0 +1,37 @@
+# Class: PasswordHelper
+
+Helper class for password operations.
+
+## Constructors
+
+### new PasswordHelper()
+
+> **new PasswordHelper**(): [`PasswordHelper`](PasswordHelper.md)
+
+#### Returns
+
+[`PasswordHelper`](PasswordHelper.md)
+
+## Methods
+
+### hashPassword()
+
+> `static` **hashPassword**(`passwordBytes`, `saltBytes`): `Promise`\<`string`\>
+
+Hash the password for the user.
+
+#### Parameters
+
+• **passwordBytes**: `Uint8Array`
+
+The password bytes.
+
+• **saltBytes**: `Uint8Array`
+
+The salt bytes.
+
+#### Returns
+
+`Promise`\<`string`\>
+
+The hashed password.