@twin.org/api-auth-entity-storage-service 0.0.3-next.9 → 0.9.0-next.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (106) hide show
  1. package/README.md +2 -2
  2. package/dist/es/entities/authenticationAuditEntry.js +101 -0
  3. package/dist/es/entities/authenticationAuditEntry.js.map +1 -0
  4. package/dist/es/entities/authenticationRateEntry.js +37 -0
  5. package/dist/es/entities/authenticationRateEntry.js.map +1 -0
  6. package/dist/es/entities/authenticationUser.js +17 -1
  7. package/dist/es/entities/authenticationUser.js.map +1 -1
  8. package/dist/es/index.js +11 -1
  9. package/dist/es/index.js.map +1 -1
  10. package/dist/es/models/IAuthHeaderProcessorConstructorOptions.js.map +1 -1
  11. package/dist/es/models/IEntityStorageAuthenticationAdminServiceConstructorOptions.js.map +1 -1
  12. package/dist/es/models/IEntityStorageAuthenticationAuditServiceConfig.js +4 -0
  13. package/dist/es/models/IEntityStorageAuthenticationAuditServiceConfig.js.map +1 -0
  14. package/dist/es/models/IEntityStorageAuthenticationAuditServiceConstructorOptions.js +2 -0
  15. package/dist/es/models/IEntityStorageAuthenticationAuditServiceConstructorOptions.js.map +1 -0
  16. package/dist/es/models/IEntityStorageAuthenticationRateServiceConfig.js +2 -0
  17. package/dist/es/models/IEntityStorageAuthenticationRateServiceConfig.js.map +1 -0
  18. package/dist/es/models/IEntityStorageAuthenticationRateServiceConstructorOptions.js +2 -0
  19. package/dist/es/models/IEntityStorageAuthenticationRateServiceConstructorOptions.js.map +1 -0
  20. package/dist/es/models/IEntityStorageAuthenticationServiceConfig.js +0 -2
  21. package/dist/es/models/IEntityStorageAuthenticationServiceConfig.js.map +1 -1
  22. package/dist/es/models/IEntityStorageAuthenticationServiceConstructorOptions.js.map +1 -1
  23. package/dist/es/processors/authHeaderProcessor.js +68 -11
  24. package/dist/es/processors/authHeaderProcessor.js.map +1 -1
  25. package/dist/es/restEntryPoints.js +17 -0
  26. package/dist/es/restEntryPoints.js.map +1 -1
  27. package/dist/es/routes/entityStorageAuthenticationAdminRoutes.js +362 -0
  28. package/dist/es/routes/entityStorageAuthenticationAdminRoutes.js.map +1 -0
  29. package/dist/es/routes/entityStorageAuthenticationAuditRoutes.js +174 -0
  30. package/dist/es/routes/entityStorageAuthenticationAuditRoutes.js.map +1 -0
  31. package/dist/es/routes/entityStorageAuthenticationRoutes.js +18 -19
  32. package/dist/es/routes/entityStorageAuthenticationRoutes.js.map +1 -1
  33. package/dist/es/schema.js +4 -0
  34. package/dist/es/schema.js.map +1 -1
  35. package/dist/es/services/entityStorageAuthenticationAdminService.js +164 -58
  36. package/dist/es/services/entityStorageAuthenticationAdminService.js.map +1 -1
  37. package/dist/es/services/entityStorageAuthenticationAuditService.js +179 -0
  38. package/dist/es/services/entityStorageAuthenticationAuditService.js.map +1 -0
  39. package/dist/es/services/entityStorageAuthenticationRateService.js +213 -0
  40. package/dist/es/services/entityStorageAuthenticationRateService.js.map +1 -0
  41. package/dist/es/services/entityStorageAuthenticationService.js +200 -19
  42. package/dist/es/services/entityStorageAuthenticationService.js.map +1 -1
  43. package/dist/es/utils/passwordHelper.js +45 -16
  44. package/dist/es/utils/passwordHelper.js.map +1 -1
  45. package/dist/es/utils/tokenHelper.js +50 -10
  46. package/dist/es/utils/tokenHelper.js.map +1 -1
  47. package/dist/types/entities/authenticationAuditEntry.d.ts +49 -0
  48. package/dist/types/entities/authenticationRateEntry.d.ts +17 -0
  49. package/dist/types/entities/authenticationUser.d.ts +8 -0
  50. package/dist/types/index.d.ts +11 -1
  51. package/dist/types/models/IAuthHeaderProcessorConstructorOptions.d.ts +10 -0
  52. package/dist/types/models/IEntityStorageAuthenticationAdminServiceConstructorOptions.d.ts +5 -0
  53. package/dist/types/models/IEntityStorageAuthenticationAuditServiceConfig.d.ts +9 -0
  54. package/dist/types/models/IEntityStorageAuthenticationAuditServiceConstructorOptions.d.ts +15 -0
  55. package/dist/types/models/IEntityStorageAuthenticationRateServiceConfig.d.ts +10 -0
  56. package/dist/types/models/IEntityStorageAuthenticationRateServiceConstructorOptions.d.ts +25 -0
  57. package/dist/types/models/IEntityStorageAuthenticationServiceConfig.d.ts +22 -1
  58. package/dist/types/models/IEntityStorageAuthenticationServiceConstructorOptions.d.ts +13 -3
  59. package/dist/types/processors/authHeaderProcessor.d.ts +4 -2
  60. package/dist/types/restEntryPoints.d.ts +3 -0
  61. package/dist/types/routes/entityStorageAuthenticationAdminRoutes.d.ts +61 -0
  62. package/dist/types/routes/entityStorageAuthenticationAuditRoutes.d.ts +29 -0
  63. package/dist/types/services/entityStorageAuthenticationAdminService.d.ts +26 -9
  64. package/dist/types/services/entityStorageAuthenticationAuditService.d.ts +53 -0
  65. package/dist/types/services/entityStorageAuthenticationRateService.d.ts +60 -0
  66. package/dist/types/services/entityStorageAuthenticationService.d.ts +10 -5
  67. package/dist/types/utils/passwordHelper.d.ts +13 -5
  68. package/dist/types/utils/tokenHelper.d.ts +10 -4
  69. package/docs/changelog.md +845 -85
  70. package/docs/examples.md +178 -1
  71. package/docs/reference/classes/AuthHeaderProcessor.md +15 -11
  72. package/docs/reference/classes/AuthenticationAuditEntry.md +101 -0
  73. package/docs/reference/classes/AuthenticationRateEntry.md +37 -0
  74. package/docs/reference/classes/AuthenticationUser.md +21 -5
  75. package/docs/reference/classes/EntityStorageAuthenticationAdminService.md +80 -20
  76. package/docs/reference/classes/EntityStorageAuthenticationAuditService.md +157 -0
  77. package/docs/reference/classes/EntityStorageAuthenticationRateService.md +227 -0
  78. package/docs/reference/classes/EntityStorageAuthenticationService.md +37 -17
  79. package/docs/reference/classes/PasswordHelper.md +37 -12
  80. package/docs/reference/classes/TokenHelper.md +49 -13
  81. package/docs/reference/functions/authenticationAdminCreateUser.md +31 -0
  82. package/docs/reference/functions/authenticationAdminGetUser.md +31 -0
  83. package/docs/reference/functions/authenticationAdminGetUserByIdentity.md +31 -0
  84. package/docs/reference/functions/authenticationAdminRemoveUser.md +31 -0
  85. package/docs/reference/functions/authenticationAdminUpdateUser.md +31 -0
  86. package/docs/reference/functions/authenticationAdminUpdateUserPassword.md +31 -0
  87. package/docs/reference/functions/authenticationAuditCreate.md +31 -0
  88. package/docs/reference/functions/authenticationAuditQuery.md +31 -0
  89. package/docs/reference/functions/generateRestRoutesAuthenticationAdmin.md +25 -0
  90. package/docs/reference/functions/generateRestRoutesAuthenticationAudit.md +25 -0
  91. package/docs/reference/index.md +20 -0
  92. package/docs/reference/interfaces/IAuthHeaderProcessorConfig.md +4 -4
  93. package/docs/reference/interfaces/IAuthHeaderProcessorConstructorOptions.md +32 -4
  94. package/docs/reference/interfaces/IEntityStorageAuthenticationAdminServiceConfig.md +2 -2
  95. package/docs/reference/interfaces/IEntityStorageAuthenticationAdminServiceConstructorOptions.md +18 -4
  96. package/docs/reference/interfaces/IEntityStorageAuthenticationAuditServiceConfig.md +11 -0
  97. package/docs/reference/interfaces/IEntityStorageAuthenticationAuditServiceConstructorOptions.md +25 -0
  98. package/docs/reference/interfaces/IEntityStorageAuthenticationRateServiceConfig.md +17 -0
  99. package/docs/reference/interfaces/IEntityStorageAuthenticationRateServiceConstructorOptions.md +53 -0
  100. package/docs/reference/interfaces/IEntityStorageAuthenticationServiceConfig.md +61 -5
  101. package/docs/reference/interfaces/IEntityStorageAuthenticationServiceConstructorOptions.md +38 -10
  102. package/docs/reference/variables/restEntryPoints.md +2 -0
  103. package/docs/reference/variables/tagsAuthenticationAdmin.md +5 -0
  104. package/docs/reference/variables/tagsAuthenticationAudit.md +5 -0
  105. package/locales/en.json +23 -6
  106. package/package.json +17 -16
@@ -21,9 +21,15 @@ export declare class EntityStorageAuthenticationService implements IAuthenticati
21
21
  /**
22
22
  * The service needs to be started when the application is initialized.
23
23
  * @param nodeLoggingComponentType The node logging component type.
24
- * @returns Nothing.
24
+ * @returns A promise that resolves when rate-limit actions have been registered and the node identity cached.
25
25
  */
26
26
  start(nodeLoggingComponentType?: string): Promise<void>;
27
+ /**
28
+ * The component needs to be stopped when the node is closed.
29
+ * @param nodeLoggingComponentType The node logging component type.
30
+ * @returns A promise that resolves when all rate-limit actions have been unregistered.
31
+ */
32
+ stop(nodeLoggingComponentType?: string): Promise<void>;
27
33
  /**
28
34
  * Perform a login for the user.
29
35
  * @param email The email address for the user.
@@ -37,7 +43,7 @@ export declare class EntityStorageAuthenticationService implements IAuthenticati
37
43
  /**
38
44
  * Logout the current user.
39
45
  * @param token The token to logout, if it uses a mechanism with public access.
40
- * @returns Nothing.
46
+ * @returns A promise that resolves when the logout audit entry has been recorded.
41
47
  */
42
48
  logout(token?: string): Promise<void>;
43
49
  /**
@@ -51,10 +57,9 @@ export declare class EntityStorageAuthenticationService implements IAuthenticati
51
57
  }>;
52
58
  /**
53
59
  * Update the user's password.
54
- * @param email The email address of the user to update.
55
60
  * @param currentPassword The current password for the user.
56
61
  * @param newPassword The new password for the user.
57
- * @returns Nothing.
62
+ * @returns A promise that resolves when the password has been updated and the rate limit cleared.
58
63
  */
59
- updatePassword(email: string, currentPassword: string, newPassword: string): Promise<void>;
64
+ updatePassword(currentPassword: string, newPassword: string): Promise<void>;
60
65
  }
@@ -1,3 +1,6 @@
1
+ import type { IAuthenticationAuditComponent } from "@twin.org/api-auth-entity-storage-models";
2
+ import type { IEntityStorageConnector } from "@twin.org/entity-storage-models";
3
+ import type { AuthenticationUser } from "../entities/authenticationUser.js";
1
4
  /**
2
5
  * Helper class for password operations.
3
6
  */
@@ -7,10 +10,15 @@ export declare class PasswordHelper {
7
10
  */
8
11
  static readonly CLASS_NAME: string;
9
12
  /**
10
- * Hash the password for the user.
11
- * @param passwordBytes The password bytes.
12
- * @param saltBytes The salt bytes.
13
- * @returns The hashed password.
13
+ * Update the password for a user.
14
+ * Validates password strength, verifies the current password if provided, then hashes and stores the new password and raises an audit event.
15
+ * @param userEntityStorage The entity storage for users.
16
+ * @param authenticationAuditService The optional audit service.
17
+ * @param user The user whose password is being updated.
18
+ * @param newPassword The new password to set.
19
+ * @param currentPassword The current password to verify against, if supplied.
20
+ * @param minPasswordLength Optional minimum password length for validation.
21
+ * @returns A promise that resolves when the new password has been stored and the audit entry recorded.
14
22
  */
15
- static hashPassword(passwordBytes: Uint8Array, saltBytes: Uint8Array): Promise<string>;
23
+ static updatePassword(userEntityStorage: IEntityStorageConnector<AuthenticationUser>, authenticationAuditService: IAuthenticationAuditComponent | undefined, user: AuthenticationUser, newPassword: string, currentPassword?: string, minPasswordLength?: number): Promise<void>;
16
24
  }
@@ -11,26 +11,32 @@ export declare class TokenHelper {
11
11
  /**
12
12
  * Create a new token.
13
13
  * @param vaultConnector The vault connector.
14
- * @param signingKeyName The signing key name.
14
+ * @param nodeId The node identifier, embedded as the JWT issuer claim.
15
+ * @param signingKeyName The signing key name, embedded as the JWT key identifier.
15
16
  * @param userIdentity The subject for the token.
16
17
  * @param organizationIdentity The organization for the token.
17
18
  * @param tenantId The tenant id for the token.
18
19
  * @param ttlMinutes The time to live for the token in minutes.
20
+ * @param scope The scopes for the token.
21
+ * @param passwordVersion The user's current password version counter, embedded in the token so that a password change invalidates existing tokens.
19
22
  * @returns The new token and its expiry date.
20
23
  */
21
- static createToken(vaultConnector: IVaultConnector, signingKeyName: string, userIdentity: string, organizationIdentity: string | undefined, tenantId: string | undefined, ttlMinutes: number): Promise<{
24
+ static createToken(vaultConnector: IVaultConnector, nodeId: string, signingKeyName: string, userIdentity: string, organizationIdentity: string | undefined, tenantId: string | undefined, ttlMinutes: number, scope?: string, passwordVersion?: number): Promise<{
22
25
  token: string;
23
26
  expiry: number;
24
27
  }>;
25
28
  /**
26
29
  * Verify the token.
27
30
  * @param vaultConnector The vault connector.
28
- * @param signingKeyName The signing key name.
31
+ * @param nodeId The node identifier, expected to match the JWT issuer claim.
32
+ * @param signingKeyName The signing key name, expected to match the JWT key identifier.
29
33
  * @param token The token to verify.
34
+ * @param requiredScopes The required scopes.
35
+ * @param verifyUser A function to verify the user identity and organization. The password version counter embedded in the token (pver claim) is passed so callers can detect if the password has changed since the token was issued.
30
36
  * @returns The verified details.
31
37
  * @throws UnauthorizedError if the token is missing, invalid or expired.
32
38
  */
33
- static verify(vaultConnector: IVaultConnector, signingKeyName: string, token: string | undefined): Promise<{
39
+ static verify(vaultConnector: IVaultConnector, nodeId: string, signingKeyName: string, token: string | undefined, requiredScopes?: string[], verifyUser?: (sub: string, org: string, tid: string | undefined, passwordVersion: number | undefined) => Promise<string[]>): Promise<{
34
40
  header: IJwtHeader;
35
41
  payload: IJwtPayload;
36
42
  }>;