@veloxts/auth 0.7.0 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +9 -0
- package/dist/hash.js +4 -2
- package/dist/jwt.js +4 -2
- package/dist/password-policy.js +3 -1
- package/dist/policies.js +3 -1
- package/dist/token-store.js +3 -1
- package/package.json +5 -5
package/CHANGELOG.md
CHANGED
package/dist/hash.js
CHANGED
|
@@ -4,6 +4,8 @@
|
|
|
4
4
|
*/
|
|
5
5
|
import { randomBytes, scrypt, timingSafeEqual } from 'node:crypto';
|
|
6
6
|
import { promisify } from 'node:util';
|
|
7
|
+
import { createLogger } from '@veloxts/core';
|
|
8
|
+
const log = createLogger('auth');
|
|
7
9
|
const scryptAsync = promisify(scrypt);
|
|
8
10
|
// ============================================================================
|
|
9
11
|
// Constants
|
|
@@ -134,7 +136,7 @@ export class PasswordHasher {
|
|
|
134
136
|
catch (error) {
|
|
135
137
|
// Fallback to scrypt if bcrypt fails
|
|
136
138
|
if (error.message.includes('not found')) {
|
|
137
|
-
|
|
139
|
+
log.warn('bcrypt not available, falling back to scrypt');
|
|
138
140
|
return this.hashWithScrypt(password);
|
|
139
141
|
}
|
|
140
142
|
throw error;
|
|
@@ -163,7 +165,7 @@ export class PasswordHasher {
|
|
|
163
165
|
catch (error) {
|
|
164
166
|
// Fallback to scrypt if argon2 fails
|
|
165
167
|
if (error.message.includes('not found')) {
|
|
166
|
-
|
|
168
|
+
log.warn('argon2 not available, falling back to scrypt');
|
|
167
169
|
return this.hashWithScrypt(password);
|
|
168
170
|
}
|
|
169
171
|
throw error;
|
package/dist/jwt.js
CHANGED
|
@@ -3,6 +3,8 @@
|
|
|
3
3
|
* @module auth/jwt
|
|
4
4
|
*/
|
|
5
5
|
import { createHmac, randomBytes, timingSafeEqual } from 'node:crypto';
|
|
6
|
+
import { createLogger } from '@veloxts/core';
|
|
7
|
+
const log = createLogger('auth');
|
|
6
8
|
import { AuthError } from './types.js';
|
|
7
9
|
// ============================================================================
|
|
8
10
|
// Constants
|
|
@@ -161,11 +163,11 @@ export function validateTokenExpiration(accessExpiry, refreshExpiry) {
|
|
|
161
163
|
}
|
|
162
164
|
// Warn about exceeding recommended limits (non-fatal)
|
|
163
165
|
if (accessSeconds > TOKEN_BOUNDS.access.recommended) {
|
|
164
|
-
|
|
166
|
+
log.warn(`[Security] Access token expiry (${accessExpiry}) exceeds recommended maximum of 15 minutes. ` +
|
|
165
167
|
'Consider using shorter-lived access tokens with refresh.');
|
|
166
168
|
}
|
|
167
169
|
if (refreshSeconds > TOKEN_BOUNDS.refresh.recommended) {
|
|
168
|
-
|
|
170
|
+
log.warn(`[Security] Refresh token expiry (${refreshExpiry}) exceeds recommended maximum of 7 days. ` +
|
|
169
171
|
'Long-lived refresh tokens increase the window for token theft attacks.');
|
|
170
172
|
}
|
|
171
173
|
// Ensure refresh tokens outlive access tokens
|
package/dist/password-policy.js
CHANGED
|
@@ -7,6 +7,8 @@
|
|
|
7
7
|
* @module auth/password-policy
|
|
8
8
|
*/
|
|
9
9
|
import { createHash } from 'node:crypto';
|
|
10
|
+
import { createLogger } from '@veloxts/core';
|
|
11
|
+
const log = createLogger('auth');
|
|
10
12
|
/**
|
|
11
13
|
* Password strength levels
|
|
12
14
|
*/
|
|
@@ -253,7 +255,7 @@ export class PasswordPolicy {
|
|
|
253
255
|
}
|
|
254
256
|
catch (error) {
|
|
255
257
|
// Breach check failed - log but don't fail validation
|
|
256
|
-
|
|
258
|
+
log.warn('Password breach check failed:', error);
|
|
257
259
|
}
|
|
258
260
|
}
|
|
259
261
|
return {
|
package/dist/policies.js
CHANGED
|
@@ -2,6 +2,8 @@
|
|
|
2
2
|
* Resource-level authorization policies for @veloxts/auth
|
|
3
3
|
* @module auth/policies
|
|
4
4
|
*/
|
|
5
|
+
import { createLogger } from '@veloxts/core';
|
|
6
|
+
const log = createLogger('auth');
|
|
5
7
|
// ============================================================================
|
|
6
8
|
// Policy Registry
|
|
7
9
|
// ============================================================================
|
|
@@ -82,7 +84,7 @@ export async function can(user, action, resourceName, resource) {
|
|
|
82
84
|
const policy = policyRegistry.get(resourceName);
|
|
83
85
|
if (!policy) {
|
|
84
86
|
// No policy registered = deny by default
|
|
85
|
-
|
|
87
|
+
log.warn(`No policy registered for resource: ${resourceName}`);
|
|
86
88
|
return false;
|
|
87
89
|
}
|
|
88
90
|
const actionHandler = policy[action];
|
package/dist/token-store.js
CHANGED
|
@@ -8,6 +8,8 @@
|
|
|
8
8
|
*
|
|
9
9
|
* @module auth/token-store
|
|
10
10
|
*/
|
|
11
|
+
import { createLogger } from '@veloxts/core';
|
|
12
|
+
const log = createLogger('auth');
|
|
11
13
|
// ============================================================================
|
|
12
14
|
// Implementation
|
|
13
15
|
// ============================================================================
|
|
@@ -89,7 +91,7 @@ export function createEnhancedTokenStore(options) {
|
|
|
89
91
|
},
|
|
90
92
|
revokeAllUserTokens(userId) {
|
|
91
93
|
// Placeholder - in production, implement proper user->token mapping
|
|
92
|
-
|
|
94
|
+
log.warn(`[Security] Token reuse detected for user ${userId}. ` +
|
|
93
95
|
'All tokens should be revoked. Implement proper user->token mapping for production.');
|
|
94
96
|
},
|
|
95
97
|
clear() {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@veloxts/auth",
|
|
3
|
-
"version": "0.7.
|
|
3
|
+
"version": "0.7.1",
|
|
4
4
|
"description": "Authentication and authorization system for VeloxTS framework",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -61,8 +61,8 @@
|
|
|
61
61
|
"dependencies": {
|
|
62
62
|
"@fastify/cookie": "11.0.2",
|
|
63
63
|
"fastify": "5.7.4",
|
|
64
|
-
"@veloxts/core": "0.7.
|
|
65
|
-
"@veloxts/router": "0.7.
|
|
64
|
+
"@veloxts/core": "0.7.1",
|
|
65
|
+
"@veloxts/router": "0.7.1"
|
|
66
66
|
},
|
|
67
67
|
"peerDependencies": {
|
|
68
68
|
"argon2": ">=0.30.0",
|
|
@@ -85,8 +85,8 @@
|
|
|
85
85
|
"@vitest/coverage-v8": "4.0.18",
|
|
86
86
|
"typescript": "5.9.3",
|
|
87
87
|
"vitest": "4.0.18",
|
|
88
|
-
"@veloxts/testing": "0.7.
|
|
89
|
-
"@veloxts/validation": "0.7.
|
|
88
|
+
"@veloxts/testing": "0.7.1",
|
|
89
|
+
"@veloxts/validation": "0.7.1"
|
|
90
90
|
},
|
|
91
91
|
"keywords": [
|
|
92
92
|
"velox",
|