@veloxts/auth 0.3.4 → 0.3.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +421 -19
- package/dist/__integration__/fixtures.d.ts +41 -0
- package/dist/__integration__/fixtures.d.ts.map +1 -0
- package/dist/__integration__/fixtures.js +79 -0
- package/dist/__integration__/fixtures.js.map +1 -0
- package/dist/__integration__/setup.d.ts +26 -0
- package/dist/__integration__/setup.d.ts.map +1 -0
- package/dist/__integration__/setup.js +28 -0
- package/dist/__integration__/setup.js.map +1 -0
- package/dist/csrf.d.ts +9 -3
- package/dist/csrf.d.ts.map +1 -1
- package/dist/csrf.js +9 -3
- package/dist/csrf.js.map +1 -1
- package/dist/guards.d.ts +12 -9
- package/dist/guards.d.ts.map +1 -1
- package/dist/guards.js +17 -5
- package/dist/guards.js.map +1 -1
- package/dist/hash.d.ts +7 -1
- package/dist/hash.d.ts.map +1 -1
- package/dist/hash.js +20 -4
- package/dist/hash.js.map +1 -1
- package/dist/index.d.ts +8 -6
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +38 -7
- package/dist/index.js.map +1 -1
- package/dist/jwt.d.ts +34 -5
- package/dist/jwt.d.ts.map +1 -1
- package/dist/jwt.js +154 -28
- package/dist/jwt.js.map +1 -1
- package/dist/middleware.d.ts +18 -6
- package/dist/middleware.d.ts.map +1 -1
- package/dist/middleware.js +23 -11
- package/dist/middleware.js.map +1 -1
- package/dist/plugin.d.ts +25 -7
- package/dist/plugin.d.ts.map +1 -1
- package/dist/plugin.js +28 -9
- package/dist/plugin.js.map +1 -1
- package/dist/rate-limit.d.ts +231 -0
- package/dist/rate-limit.d.ts.map +1 -0
- package/dist/rate-limit.js +352 -0
- package/dist/rate-limit.js.map +1 -0
- package/dist/session.d.ts +9 -3
- package/dist/session.d.ts.map +1 -1
- package/dist/session.js +9 -3
- package/dist/session.js.map +1 -1
- package/dist/types.d.ts +11 -1
- package/dist/types.d.ts.map +1 -1
- package/package.json +30 -7
package/dist/plugin.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAGjD,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAM3E,2BAA2B;AAC3B,eAAO,MAAM,YAAY,EAAE,MAA+C,CAAC;AAM3E;;GAEG;AACH,MAAM,WAAW,iBAAkB,SAAQ,UAAU;IACnD;;;OAGG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAMD;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,GAAG,EAAE,UAAU,CAAC;IAEhB;;OAEG;IACH,MAAM,EAAE,cAAc,CAAC;IAEvB;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,IAAI,EAAE,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,CAAC;IAEhF;;OAEG;IACH,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW,CAAC;IAExC;;OAEG;IACH,aAAa,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC;IAEpE;;OAEG;IACH,UAAU,EAAE,UAAU,CAAC,OAAO,oBAAoB,CAAC,CAAC;CACrD;AAMD,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAU,eAAe;QACvB,IAAI,EAAE,WAAW,CAAC;KACnB;IAED,UAAU,cAAc;QACtB,IAAI,CAAC,EAAE,WAAW,CAAC;QACnB,IAAI,CAAC,EAAE,IAAI,CAAC;KACb;CACF;AAMD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AACH,wBAAgB,
|
|
1
|
+
{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAGjD,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAM3E,2BAA2B;AAC3B,eAAO,MAAM,YAAY,EAAE,MAA+C,CAAC;AAM3E;;GAEG;AACH,MAAM,WAAW,iBAAkB,SAAQ,UAAU;IACnD;;;OAGG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAMD;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,GAAG,EAAE,UAAU,CAAC;IAEhB;;OAEG;IACH,MAAM,EAAE,cAAc,CAAC;IAEvB;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,IAAI,EAAE,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,CAAC;IAEhF;;OAEG;IACH,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW,CAAC;IAExC;;OAEG;IACH,aAAa,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC;IAEpE;;OAEG;IACH,UAAU,EAAE,UAAU,CAAC,OAAO,oBAAoB,CAAC,CAAC;CACrD;AAMD,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAU,eAAe;QACvB,IAAI,EAAE,WAAW,CAAC;KACnB;IAED,UAAU,cAAc;QACtB,IAAI,CAAC,EAAE,WAAW,CAAC;QACnB,IAAI,CAAC,EAAE,IAAI,CAAC;KACb;CACF;AAMD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG,WAAW,CAAC,iBAAiB,CAAC,CAsHrF;AAED;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,mBAAa,CAAC;AAE3C;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,iBAAiB,IAAI,WAAW,CAAC,iBAAiB,CAAC,CAYlE"}
|
package/dist/plugin.js
CHANGED
|
@@ -16,7 +16,7 @@ export const AUTH_VERSION = packageJson.version ?? '0.0.0-unknown';
|
|
|
16
16
|
// Auth Plugin
|
|
17
17
|
// ============================================================================
|
|
18
18
|
/**
|
|
19
|
-
* Creates the VeloxTS auth plugin
|
|
19
|
+
* Creates the VeloxTS auth plugin (succinct API)
|
|
20
20
|
*
|
|
21
21
|
* This plugin provides:
|
|
22
22
|
* - JWT token management (access + refresh tokens)
|
|
@@ -26,9 +26,9 @@ export const AUTH_VERSION = packageJson.version ?? '0.0.0-unknown';
|
|
|
26
26
|
*
|
|
27
27
|
* @example
|
|
28
28
|
* ```typescript
|
|
29
|
-
* import {
|
|
29
|
+
* import { authPlugin } from '@veloxts/auth';
|
|
30
30
|
*
|
|
31
|
-
* const
|
|
31
|
+
* const auth = authPlugin({
|
|
32
32
|
* jwt: {
|
|
33
33
|
* secret: process.env.JWT_SECRET!,
|
|
34
34
|
* accessTokenExpiry: '15m',
|
|
@@ -44,7 +44,7 @@ export const AUTH_VERSION = packageJson.version ?? '0.0.0-unknown';
|
|
|
44
44
|
* });
|
|
45
45
|
*
|
|
46
46
|
* // Register with VeloxApp
|
|
47
|
-
* app.register(
|
|
47
|
+
* await app.register(auth);
|
|
48
48
|
*
|
|
49
49
|
* // Use in procedures
|
|
50
50
|
* const { middleware, requireAuth } = app.auth.middleware;
|
|
@@ -54,11 +54,12 @@ export const AUTH_VERSION = packageJson.version ?? '0.0.0-unknown';
|
|
|
54
54
|
* .query(async ({ ctx }) => ctx.user);
|
|
55
55
|
* ```
|
|
56
56
|
*/
|
|
57
|
-
export function
|
|
57
|
+
export function authPlugin(options) {
|
|
58
58
|
return {
|
|
59
59
|
name: '@veloxts/auth',
|
|
60
60
|
version: AUTH_VERSION,
|
|
61
|
-
dependencies
|
|
61
|
+
// No explicit dependencies - works with any Fastify instance
|
|
62
|
+
// The plugin decorates Fastify with auth functionality
|
|
62
63
|
async register(server, _opts) {
|
|
63
64
|
const config = { ...options, ..._opts };
|
|
64
65
|
const { debug = false } = config;
|
|
@@ -157,17 +158,35 @@ export function createAuthPlugin(options) {
|
|
|
157
158
|
},
|
|
158
159
|
};
|
|
159
160
|
}
|
|
161
|
+
/**
|
|
162
|
+
* Creates the VeloxTS auth plugin
|
|
163
|
+
*
|
|
164
|
+
* @deprecated Use `authPlugin()` instead. Will be removed in v0.9.
|
|
165
|
+
*/
|
|
166
|
+
export const createAuthPlugin = authPlugin;
|
|
160
167
|
/**
|
|
161
168
|
* Default auth plugin with minimal configuration
|
|
162
|
-
*
|
|
169
|
+
*
|
|
170
|
+
* Uses environment variables for configuration:
|
|
171
|
+
* - `JWT_SECRET` (required): Secret for signing JWT tokens
|
|
172
|
+
*
|
|
173
|
+
* @throws {Error} If JWT_SECRET environment variable is not set
|
|
174
|
+
*
|
|
175
|
+
* @example
|
|
176
|
+
* ```typescript
|
|
177
|
+
* import { defaultAuthPlugin } from '@veloxts/auth';
|
|
178
|
+
*
|
|
179
|
+
* // Requires JWT_SECRET environment variable
|
|
180
|
+
* await app.register(defaultAuthPlugin());
|
|
181
|
+
* ```
|
|
163
182
|
*/
|
|
164
|
-
export function
|
|
183
|
+
export function defaultAuthPlugin() {
|
|
165
184
|
const secret = process.env.JWT_SECRET;
|
|
166
185
|
if (!secret) {
|
|
167
186
|
throw new Error('JWT_SECRET environment variable is required for auth plugin. ' +
|
|
168
187
|
'Set it to a secure random string of at least 32 characters.');
|
|
169
188
|
}
|
|
170
|
-
return
|
|
189
|
+
return authPlugin({
|
|
171
190
|
jwt: { secret },
|
|
172
191
|
});
|
|
173
192
|
}
|
package/dist/plugin.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"plugin.js","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAK5C,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAGvD,6CAA6C;AAC7C,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,WAAW,GAAG,OAAO,CAAC,iBAAiB,CAAwB,CAAC;AAEtE,2BAA2B;AAC3B,MAAM,CAAC,MAAM,YAAY,GAAW,WAAW,CAAC,OAAO,IAAI,eAAe,CAAC;AAwE3E,+EAA+E;AAC/E,cAAc;AACd,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AACH,MAAM,UAAU,
|
|
1
|
+
{"version":3,"file":"plugin.js","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAK5C,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAGvD,6CAA6C;AAC7C,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,WAAW,GAAG,OAAO,CAAC,iBAAiB,CAAwB,CAAC;AAEtE,2BAA2B;AAC3B,MAAM,CAAC,MAAM,YAAY,GAAW,WAAW,CAAC,OAAO,IAAI,eAAe,CAAC;AAwE3E,+EAA+E;AAC/E,cAAc;AACd,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AACH,MAAM,UAAU,UAAU,CAAC,OAA0B;IACnD,OAAO;QACL,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,YAAY;QACrB,6DAA6D;QAC7D,uDAAuD;QAEvD,KAAK,CAAC,QAAQ,CAAC,MAAuB,EAAE,KAAwB;YAC9D,MAAM,MAAM,GAAG,EAAE,GAAG,OAAO,EAAE,GAAG,KAAK,EAAE,CAAC;YACxC,MAAM,EAAE,KAAK,GAAG,KAAK,EAAE,GAAG,MAAM,CAAC;YAEjC,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YACtD,CAAC;YAED,mBAAmB;YACnB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACvC,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC/C,MAAM,cAAc,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC;YAEpD,sBAAsB;YACtB,MAAM,WAAW,GAAgB;gBAC/B,GAAG;gBACH,MAAM;gBAEN,YAAY,CAAC,IAAU,EAAE,gBAA0C;oBACjE,OAAO,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;gBACrD,CAAC;gBAED,WAAW,CAAC,KAAa;oBACvB,MAAM,OAAO,GAAG,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;oBACvC,OAAO;wBACL,IAAI,EAAE;4BACJ,EAAE,EAAE,OAAO,CAAC,GAAG;4BACf,KAAK,EAAE,OAAO,CAAC,KAAK;yBACrB;wBACD,KAAK,EAAE,OAAO;wBACd,eAAe,EAAE,IAAI;qBACtB,CAAC;gBACJ,CAAC;gBAED,aAAa,CAAC,YAAoB;oBAChC,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;wBACtB,OAAO,GAAG,CAAC,aAAa,CAAC,YAAY,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;oBAC5D,CAAC;oBACD,OAAO,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACzC,CAAC;gBAED,UAAU,EAAE,cAAc;aAC3B,CAAC;YAEF,oCAAoC;YACpC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YAErC,gEAAgE;YAChE,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAC1C,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAE1C,8DAA8D;YAC9D,IAAI,MAAM,CAAC,WAAW,KAAK,KAAK,EAAE,CAAC;gBACjC,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,KAAK,EAAE,OAAuB,EAAE,EAAE;oBAC7D,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;oBACjD,MAAM,KAAK,GAAG,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;oBAEhD,IAAI,KAAK,EAAE,CAAC;wBACV,IAAI,CAAC;4BACH,MAAM,OAAO,GAAG,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;4BAEvC,4BAA4B;4BAC5B,IAAI,MAAM,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gCACzC,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gCACzD,IAAI,OAAO,EAAE,CAAC;oCACZ,yCAAyC;oCACzC,OAAO;gCACT,CAAC;4BACH,CAAC;4BAED,+BAA+B;4BAC/B,IAAI,IAAI,GAAgB,IAAI,CAAC;4BAC7B,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;gCACtB,IAAI,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;4BAC9C,CAAC;iCAAM,CAAC;gCACN,IAAI,GAAG;oCACL,EAAE,EAAE,OAAO,CAAC,GAAG;oCACf,KAAK,EAAE,OAAO,CAAC,KAAK;iCACrB,CAAC;4BACJ,CAAC;4BAED,IAAI,IAAI,EAAE,CAAC;gCACT,OAAO,CAAC,IAAI,GAAG;oCACb,IAAI;oCACJ,KAAK,EAAE,OAAO;oCACd,eAAe,EAAE,IAAI;iCACtB,CAAC;gCACF,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;4BACtB,CAAC;wBACH,CAAC;wBAAC,MAAM,CAAC;4BACP,kDAAkD;4BAClD,IAAI,KAAK,EAAE,CAAC;gCACV,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;4BACpD,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC;YAED,gCAAgC;YAChC,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE;gBACnC,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;gBACxD,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;YAClE,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,UAAU,CAAC;AAE3C;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IACtC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,+DAA+D;YAC7D,6DAA6D,CAChE,CAAC;IACJ,CAAC;IAED,OAAO,UAAU,CAAC;QAChB,GAAG,EAAE,EAAE,MAAM,EAAE;KAChB,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,231 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Authentication-specific rate limiting
|
|
3
|
+
*
|
|
4
|
+
* Provides specialized rate limiters for authentication endpoints with:
|
|
5
|
+
* - Per-email+IP tracking (prevents brute force on specific accounts)
|
|
6
|
+
* - Account lockout detection
|
|
7
|
+
* - Separate limits for login, register, and password reset
|
|
8
|
+
* - Progressive backoff support
|
|
9
|
+
*
|
|
10
|
+
* @module auth/rate-limit
|
|
11
|
+
*/
|
|
12
|
+
import type { BaseContext } from '@veloxts/core';
|
|
13
|
+
import type { MiddlewareFunction } from '@veloxts/router';
|
|
14
|
+
/**
|
|
15
|
+
* Configuration for auth rate limiting
|
|
16
|
+
*/
|
|
17
|
+
export interface AuthRateLimitConfig {
|
|
18
|
+
/**
|
|
19
|
+
* Maximum attempts before lockout
|
|
20
|
+
* @default 5
|
|
21
|
+
*/
|
|
22
|
+
maxAttempts?: number;
|
|
23
|
+
/**
|
|
24
|
+
* Window duration in milliseconds
|
|
25
|
+
* @default 900000 (15 minutes)
|
|
26
|
+
*/
|
|
27
|
+
windowMs?: number;
|
|
28
|
+
/**
|
|
29
|
+
* Lockout duration in milliseconds after max attempts exceeded
|
|
30
|
+
* @default 900000 (15 minutes)
|
|
31
|
+
*/
|
|
32
|
+
lockoutDurationMs?: number;
|
|
33
|
+
/**
|
|
34
|
+
* Custom key generator for rate limiting
|
|
35
|
+
* Default uses IP + identifier (email)
|
|
36
|
+
*/
|
|
37
|
+
keyGenerator?: (ctx: BaseContext, identifier?: string) => string;
|
|
38
|
+
/**
|
|
39
|
+
* Error message when rate limited
|
|
40
|
+
* @default 'Too many attempts. Please try again later.'
|
|
41
|
+
*/
|
|
42
|
+
message?: string;
|
|
43
|
+
/**
|
|
44
|
+
* Enable progressive backoff (double lockout on repeated violations)
|
|
45
|
+
* @default false
|
|
46
|
+
*/
|
|
47
|
+
progressiveBackoff?: boolean;
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Configuration for the auth rate limiter factory
|
|
51
|
+
*/
|
|
52
|
+
export interface AuthRateLimiterConfig {
|
|
53
|
+
/**
|
|
54
|
+
* Rate limit for login attempts
|
|
55
|
+
* @default { maxAttempts: 5, windowMs: 900000 }
|
|
56
|
+
*/
|
|
57
|
+
login?: AuthRateLimitConfig;
|
|
58
|
+
/**
|
|
59
|
+
* Rate limit for registration attempts
|
|
60
|
+
* @default { maxAttempts: 3, windowMs: 3600000 }
|
|
61
|
+
*/
|
|
62
|
+
register?: AuthRateLimitConfig;
|
|
63
|
+
/**
|
|
64
|
+
* Rate limit for password reset requests
|
|
65
|
+
* @default { maxAttempts: 3, windowMs: 3600000 }
|
|
66
|
+
*/
|
|
67
|
+
passwordReset?: AuthRateLimitConfig;
|
|
68
|
+
/**
|
|
69
|
+
* Rate limit for token refresh
|
|
70
|
+
* @default { maxAttempts: 10, windowMs: 60000 }
|
|
71
|
+
*/
|
|
72
|
+
refresh?: AuthRateLimitConfig;
|
|
73
|
+
}
|
|
74
|
+
/**
|
|
75
|
+
* Stop cleanup interval (for testing)
|
|
76
|
+
*/
|
|
77
|
+
export declare function stopAuthRateLimitCleanup(): void;
|
|
78
|
+
/**
|
|
79
|
+
* Clear all rate limit entries (for testing)
|
|
80
|
+
*/
|
|
81
|
+
export declare function clearAuthRateLimitStore(): void;
|
|
82
|
+
/**
|
|
83
|
+
* Creates an authentication rate limiter
|
|
84
|
+
*
|
|
85
|
+
* This factory returns rate limit middlewares configured for different
|
|
86
|
+
* auth operations with sensible defaults.
|
|
87
|
+
*
|
|
88
|
+
* @example
|
|
89
|
+
* ```typescript
|
|
90
|
+
* const authRateLimiter = createAuthRateLimiter({
|
|
91
|
+
* login: { maxAttempts: 5, windowMs: 15 * 60 * 1000 },
|
|
92
|
+
* register: { maxAttempts: 3, windowMs: 60 * 60 * 1000 },
|
|
93
|
+
* });
|
|
94
|
+
*
|
|
95
|
+
* // Apply to procedures
|
|
96
|
+
* const login = procedure()
|
|
97
|
+
* .use(authRateLimiter.login(ctx => ctx.input.email))
|
|
98
|
+
* .mutation(loginHandler);
|
|
99
|
+
*
|
|
100
|
+
* const register = procedure()
|
|
101
|
+
* .use(authRateLimiter.register())
|
|
102
|
+
* .mutation(registerHandler);
|
|
103
|
+
* ```
|
|
104
|
+
*/
|
|
105
|
+
export declare function createAuthRateLimiter(config?: AuthRateLimiterConfig): {
|
|
106
|
+
/**
|
|
107
|
+
* Rate limiter for login attempts
|
|
108
|
+
*
|
|
109
|
+
* @param identifierFn - Function to extract identifier (email) from context
|
|
110
|
+
*
|
|
111
|
+
* @example
|
|
112
|
+
* ```typescript
|
|
113
|
+
* login: procedure()
|
|
114
|
+
* .use(authRateLimiter.login((ctx) => (ctx.input as { email: string }).email))
|
|
115
|
+
* .input(LoginSchema)
|
|
116
|
+
* .mutation(handler)
|
|
117
|
+
* ```
|
|
118
|
+
*/
|
|
119
|
+
login: <TInput, TContext extends BaseContext, TOutput>(identifierFn?: (ctx: TContext & {
|
|
120
|
+
input?: unknown;
|
|
121
|
+
}) => string) => MiddlewareFunction<TInput, TContext, TContext, TOutput>;
|
|
122
|
+
/**
|
|
123
|
+
* Rate limiter for registration attempts
|
|
124
|
+
* Uses IP-only by default (no identifier needed)
|
|
125
|
+
*/
|
|
126
|
+
register: <TInput, TContext extends BaseContext, TOutput>() => MiddlewareFunction<TInput, TContext, TContext, TOutput>;
|
|
127
|
+
/**
|
|
128
|
+
* Rate limiter for password reset requests
|
|
129
|
+
*
|
|
130
|
+
* @param identifierFn - Optional function to extract identifier (email)
|
|
131
|
+
*/
|
|
132
|
+
passwordReset: <TInput, TContext extends BaseContext, TOutput>(identifierFn?: (ctx: TContext & {
|
|
133
|
+
input?: unknown;
|
|
134
|
+
}) => string) => MiddlewareFunction<TInput, TContext, TContext, TOutput>;
|
|
135
|
+
/**
|
|
136
|
+
* Rate limiter for token refresh
|
|
137
|
+
*/
|
|
138
|
+
refresh: <TInput, TContext extends BaseContext, TOutput>() => MiddlewareFunction<TInput, TContext, TContext, TOutput>;
|
|
139
|
+
/**
|
|
140
|
+
* Record a failed attempt (call after authentication fails)
|
|
141
|
+
*
|
|
142
|
+
* This allows tracking failures even when rate limit hasn't been hit,
|
|
143
|
+
* enabling account lockout after X failed passwords.
|
|
144
|
+
*
|
|
145
|
+
* @param key - Rate limit key (usually IP:email or IP)
|
|
146
|
+
* @param operation - Operation type for key namespacing
|
|
147
|
+
*/
|
|
148
|
+
recordFailure: (key: string, operation: "login" | "register" | "password-reset") => void;
|
|
149
|
+
/**
|
|
150
|
+
* Reset rate limit for a key (call after successful auth)
|
|
151
|
+
*/
|
|
152
|
+
resetLimit: (key: string, operation: "login" | "register" | "password-reset") => void;
|
|
153
|
+
/**
|
|
154
|
+
* Check if a key is currently locked out
|
|
155
|
+
*/
|
|
156
|
+
isLockedOut: (key: string, operation: "login" | "register" | "password-reset") => boolean;
|
|
157
|
+
/**
|
|
158
|
+
* Get remaining attempts for a key
|
|
159
|
+
*/
|
|
160
|
+
getRemainingAttempts: (key: string, operation: "login" | "register" | "password-reset" | "refresh") => number;
|
|
161
|
+
};
|
|
162
|
+
/**
|
|
163
|
+
* Pre-configured auth rate limiter with sensible defaults
|
|
164
|
+
*
|
|
165
|
+
* @example
|
|
166
|
+
* ```typescript
|
|
167
|
+
* import { authRateLimiter } from '@veloxts/auth';
|
|
168
|
+
*
|
|
169
|
+
* const login = procedure()
|
|
170
|
+
* .use(authRateLimiter.login((ctx) => ctx.input.email))
|
|
171
|
+
* .mutation(handler);
|
|
172
|
+
* ```
|
|
173
|
+
*/
|
|
174
|
+
export declare const authRateLimiter: {
|
|
175
|
+
/**
|
|
176
|
+
* Rate limiter for login attempts
|
|
177
|
+
*
|
|
178
|
+
* @param identifierFn - Function to extract identifier (email) from context
|
|
179
|
+
*
|
|
180
|
+
* @example
|
|
181
|
+
* ```typescript
|
|
182
|
+
* login: procedure()
|
|
183
|
+
* .use(authRateLimiter.login((ctx) => (ctx.input as { email: string }).email))
|
|
184
|
+
* .input(LoginSchema)
|
|
185
|
+
* .mutation(handler)
|
|
186
|
+
* ```
|
|
187
|
+
*/
|
|
188
|
+
login: <TInput, TContext extends BaseContext, TOutput>(identifierFn?: (ctx: TContext & {
|
|
189
|
+
input?: unknown;
|
|
190
|
+
}) => string) => MiddlewareFunction<TInput, TContext, TContext, TOutput>;
|
|
191
|
+
/**
|
|
192
|
+
* Rate limiter for registration attempts
|
|
193
|
+
* Uses IP-only by default (no identifier needed)
|
|
194
|
+
*/
|
|
195
|
+
register: <TInput, TContext extends BaseContext, TOutput>() => MiddlewareFunction<TInput, TContext, TContext, TOutput>;
|
|
196
|
+
/**
|
|
197
|
+
* Rate limiter for password reset requests
|
|
198
|
+
*
|
|
199
|
+
* @param identifierFn - Optional function to extract identifier (email)
|
|
200
|
+
*/
|
|
201
|
+
passwordReset: <TInput, TContext extends BaseContext, TOutput>(identifierFn?: (ctx: TContext & {
|
|
202
|
+
input?: unknown;
|
|
203
|
+
}) => string) => MiddlewareFunction<TInput, TContext, TContext, TOutput>;
|
|
204
|
+
/**
|
|
205
|
+
* Rate limiter for token refresh
|
|
206
|
+
*/
|
|
207
|
+
refresh: <TInput, TContext extends BaseContext, TOutput>() => MiddlewareFunction<TInput, TContext, TContext, TOutput>;
|
|
208
|
+
/**
|
|
209
|
+
* Record a failed attempt (call after authentication fails)
|
|
210
|
+
*
|
|
211
|
+
* This allows tracking failures even when rate limit hasn't been hit,
|
|
212
|
+
* enabling account lockout after X failed passwords.
|
|
213
|
+
*
|
|
214
|
+
* @param key - Rate limit key (usually IP:email or IP)
|
|
215
|
+
* @param operation - Operation type for key namespacing
|
|
216
|
+
*/
|
|
217
|
+
recordFailure: (key: string, operation: "login" | "register" | "password-reset") => void;
|
|
218
|
+
/**
|
|
219
|
+
* Reset rate limit for a key (call after successful auth)
|
|
220
|
+
*/
|
|
221
|
+
resetLimit: (key: string, operation: "login" | "register" | "password-reset") => void;
|
|
222
|
+
/**
|
|
223
|
+
* Check if a key is currently locked out
|
|
224
|
+
*/
|
|
225
|
+
isLockedOut: (key: string, operation: "login" | "register" | "password-reset") => boolean;
|
|
226
|
+
/**
|
|
227
|
+
* Get remaining attempts for a key
|
|
228
|
+
*/
|
|
229
|
+
getRemainingAttempts: (key: string, operation: "login" | "register" | "password-reset" | "refresh") => number;
|
|
230
|
+
};
|
|
231
|
+
//# sourceMappingURL=rate-limit.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../src/rate-limit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAQ1D;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;;OAGG;IACH,YAAY,CAAC,EAAE,CAAC,GAAG,EAAE,WAAW,EAAE,UAAU,CAAC,EAAE,MAAM,KAAK,MAAM,CAAC;IAEjE;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAgBD;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC;;;OAGG;IACH,KAAK,CAAC,EAAE,mBAAmB,CAAC;IAE5B;;;OAGG;IACH,QAAQ,CAAC,EAAE,mBAAmB,CAAC;IAE/B;;;OAGG;IACH,aAAa,CAAC,EAAE,mBAAmB,CAAC;IAEpC;;;OAGG;IACH,OAAO,CAAC,EAAE,mBAAmB,CAAC;CAC/B;AAiDD;;GAEG;AACH,wBAAgB,wBAAwB,IAAI,IAAI,CAK/C;AAED;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,IAAI,CAE9C;AASD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,GAAE,qBAA0B;IAwCpE;;;;;;;;;;;;OAYG;YACK,MAAM,EAAE,QAAQ,SAAS,WAAW,EAAE,OAAO,iBACpC,CAAC,GAAG,EAAE,QAAQ,GAAG;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,KAAK,MAAM,KAC7D,kBAAkB,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC;IAI1D;;;OAGG;eACQ,MAAM,EAAE,QAAQ,SAAS,WAAW,EAAE,OAAO,OAAK,kBAAkB,CAC7E,MAAM,EACN,QAAQ,EACR,QAAQ,EACR,OAAO,CACR;IAID;;;;OAIG;oBACa,MAAM,EAAE,QAAQ,SAAS,WAAW,EAAE,OAAO,iBAC5C,CAAC,GAAG,EAAE,QAAQ,GAAG;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,KAAK,MAAM,KAC7D,kBAAkB,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC;IAI1D;;OAEG;cACO,MAAM,EAAE,QAAQ,SAAS,WAAW,EAAE,OAAO,OAAK,kBAAkB,CAC5E,MAAM,EACN,QAAQ,EACR,QAAQ,EACR,OAAO,CACR;IAID;;;;;;;;OAQG;yBACkB,MAAM,aAAa,OAAO,GAAG,UAAU,GAAG,gBAAgB;IAiC/E;;OAEG;sBACe,MAAM,aAAa,OAAO,GAAG,UAAU,GAAG,gBAAgB;IAK5E;;OAEG;uBACgB,MAAM,aAAa,OAAO,GAAG,UAAU,GAAG,gBAAgB,KAAG,OAAO;IAYvF;;OAEG;gCAEI,MAAM,aACA,OAAO,GAAG,UAAU,GAAG,gBAAgB,GAAG,SAAS,KAC7D,MAAM;EAkBZ;AA0HD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,eAAe;IAtRxB;;;;;;;;;;;;OAYG;YACK,MAAM,EAAE,QAAQ,SAAS,WAAW,EAAE,OAAO,iBACpC,CAAC,GAAG,EAAE,QAAQ,GAAG;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,KAAK,MAAM,KAC7D,kBAAkB,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC;IAI1D;;;OAGG;eACQ,MAAM,EAAE,QAAQ,SAAS,WAAW,EAAE,OAAO,OAAK,kBAAkB,CAC7E,MAAM,EACN,QAAQ,EACR,QAAQ,EACR,OAAO,CACR;IAID;;;;OAIG;oBACa,MAAM,EAAE,QAAQ,SAAS,WAAW,EAAE,OAAO,iBAC5C,CAAC,GAAG,EAAE,QAAQ,GAAG;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,KAAK,MAAM,KAC7D,kBAAkB,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC;IAI1D;;OAEG;cACO,MAAM,EAAE,QAAQ,SAAS,WAAW,EAAE,OAAO,OAAK,kBAAkB,CAC5E,MAAM,EACN,QAAQ,EACR,QAAQ,EACR,OAAO,CACR;IAID;;;;;;;;OAQG;yBACkB,MAAM,aAAa,OAAO,GAAG,UAAU,GAAG,gBAAgB;IAiC/E;;OAEG;sBACe,MAAM,aAAa,OAAO,GAAG,UAAU,GAAG,gBAAgB;IAK5E;;OAEG;uBACgB,MAAM,aAAa,OAAO,GAAG,UAAU,GAAG,gBAAgB,KAAG,OAAO;IAYvF;;OAEG;gCAEI,MAAM,aACA,OAAO,GAAG,UAAU,GAAG,gBAAgB,GAAG,SAAS,KAC7D,MAAM;CAwJyC,CAAC"}
|