npm - @veloxts/auth - Versions diffs - 0.7.0 → 0.7.2 - Mend

@veloxts/auth 0.7.0 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,23 @@
 # @veloxts/auth
+## 0.7.2
+### Patch Changes
+- chore(auth,core,create,cli,client,orm,mcp,router,validation,web): simplify code for clarity and maintainability
+- Updated dependencies
+  - @veloxts/core@0.7.2
+  - @veloxts/router@0.7.2
+## 0.7.1
+### Patch Changes
+- security audit, bumps dependency packages
+- Updated dependencies
+  - @veloxts/core@0.7.1
+  - @veloxts/router@0.7.1
 ## 0.7.0
 ### Minor Changes

package/dist/hash.js CHANGED Viewed

@@ -4,6 +4,8 @@
  */
 import { randomBytes, scrypt, timingSafeEqual } from 'node:crypto';
 import { promisify } from 'node:util';
+import { createLogger } from '@veloxts/core';
+const log = createLogger('auth');
 const scryptAsync = promisify(scrypt);
 // ============================================================================
 // Constants
@@ -134,7 +136,7 @@ export class PasswordHasher {
         catch (error) {
             // Fallback to scrypt if bcrypt fails
             if (error.message.includes('not found')) {
-                console.warn('bcrypt not available, falling back to scrypt');
+                log.warn('bcrypt not available, falling back to scrypt');
                 return this.hashWithScrypt(password);
             }
             throw error;
@@ -163,7 +165,7 @@ export class PasswordHasher {
         catch (error) {
             // Fallback to scrypt if argon2 fails
             if (error.message.includes('not found')) {
-                console.warn('argon2 not available, falling back to scrypt');
+                log.warn('argon2 not available, falling back to scrypt');
                 return this.hashWithScrypt(password);
             }
             throw error;

package/dist/jwt.js CHANGED Viewed

@@ -3,7 +3,9 @@
  * @module auth/jwt
  */
 import { createHmac, randomBytes, timingSafeEqual } from 'node:crypto';
+import { createLogger } from '@veloxts/core';
 import { AuthError } from './types.js';
+const log = createLogger('auth');
 // ============================================================================
 // Constants
 // ============================================================================
@@ -161,11 +163,11 @@ export function validateTokenExpiration(accessExpiry, refreshExpiry) {
     }
     // Warn about exceeding recommended limits (non-fatal)
     if (accessSeconds > TOKEN_BOUNDS.access.recommended) {
-        console.warn(`[Security] Access token expiry (${accessExpiry}) exceeds recommended maximum of 15 minutes. ` +
+        log.warn(`[Security] Access token expiry (${accessExpiry}) exceeds recommended maximum of 15 minutes. ` +
             'Consider using shorter-lived access tokens with refresh.');
     }
     if (refreshSeconds > TOKEN_BOUNDS.refresh.recommended) {
-        console.warn(`[Security] Refresh token expiry (${refreshExpiry}) exceeds recommended maximum of 7 days. ` +
+        log.warn(`[Security] Refresh token expiry (${refreshExpiry}) exceeds recommended maximum of 7 days. ` +
             'Long-lived refresh tokens increase the window for token theft attacks.');
     }
     // Ensure refresh tokens outlive access tokens

package/dist/middleware.js CHANGED Viewed

@@ -6,6 +6,16 @@ import { executeGuards } from './guards.js';
 import { JwtManager } from './jwt.js';
 import { AuthError } from './types.js';
 // ============================================================================
+// Constants
+// ============================================================================
+const UNAUTHENTICATED_CONTEXT = {
+    authMode: 'native',
+    user: undefined,
+    token: undefined,
+    payload: undefined,
+    isAuthenticated: false,
+};
+// ============================================================================
 // Auth Middleware Factory
 // ============================================================================
 /**
@@ -58,23 +68,10 @@ export function authMiddleware(config) {
             // No token handling
             if (!token) {
                 if (options.optional) {
-                    // Optional auth - continue without user
-                    const authContext = {
-                        authMode: 'native',
-                        user: undefined,
-                        token: undefined,
-                        payload: undefined,
-                        isAuthenticated: false,
-                    };
                     return next({
-                        ctx: {
-                            ...ctx,
-                            auth: authContext,
-                            user: undefined,
-                        },
+                        ctx: { ...ctx, auth: UNAUTHENTICATED_CONTEXT, user: undefined },
                     });
                 }
-                // Required auth - reject
                 throw new AuthError('Authorization header required', 401);
             }
             // Verify token
@@ -84,20 +81,8 @@ export function authMiddleware(config) {
             }
             catch (error) {
                 if (options.optional) {
-                    // Invalid token with optional auth - continue without user
-                    const authContext = {
-                        authMode: 'native',
-                        user: undefined,
-                        token: undefined,
-                        payload: undefined,
-                        isAuthenticated: false,
-                    };
                     return next({
-                        ctx: {
-                            ...ctx,
-                            auth: authContext,
-                            user: undefined,
-                        },
+                        ctx: { ...ctx, auth: UNAUTHENTICATED_CONTEXT, user: undefined },
                     });
                 }
                 throw new AuthError(error instanceof Error ? error.message : 'Invalid token', 401);
@@ -179,10 +164,6 @@ export function authMiddleware(config) {
     };
 }
 // ============================================================================
-// Error Helpers
-// ============================================================================
-// AuthError is now imported from types.ts
-// ============================================================================
 // Rate Limiting Middleware
 // ============================================================================
 /**

package/dist/password-policy.js CHANGED Viewed

@@ -7,6 +7,8 @@
  * @module auth/password-policy
  */
 import { createHash } from 'node:crypto';
+import { createLogger } from '@veloxts/core';
+const log = createLogger('auth');
 /**
  * Password strength levels
  */
@@ -253,7 +255,7 @@ export class PasswordPolicy {
             }
             catch (error) {
                 // Breach check failed - log but don't fail validation
-                console.warn('Password breach check failed:', error);
+                log.warn('Password breach check failed:', error);
             }
         }
         return {

package/dist/plugin.d.ts CHANGED Viewed

@@ -13,7 +13,7 @@ import type { JwtAdapterConfig } from './adapters/jwt-adapter.js';
 import { PasswordHasher } from './hash.js';
 import type { JwtManager, TokenStore } from './jwt.js';
 import { authMiddleware } from './middleware.js';
-import type { AdapterAuthContext, AuthConfig, JwtConfig, TokenPair, User } from './types.js';
+import type { AdapterAuthContext, AuthConfig, AuthContext, JwtConfig, TokenPair, User } from './types.js';
 /** Auth package version */
 export declare const AUTH_VERSION: string;
 /**
@@ -60,7 +60,6 @@ export interface AuthService {
      */
     middleware: ReturnType<typeof authMiddleware>;
 }
-import type { AuthContext } from './types.js';
 declare module 'fastify' {
     interface FastifyInstance {
         auth: AuthService;

package/dist/policies.js CHANGED Viewed

@@ -2,6 +2,8 @@
  * Resource-level authorization policies for @veloxts/auth
  * @module auth/policies
  */
+import { createLogger } from '@veloxts/core';
+const log = createLogger('auth');
 // ============================================================================
 // Policy Registry
 // ============================================================================
@@ -82,7 +84,7 @@ export async function can(user, action, resourceName, resource) {
     const policy = policyRegistry.get(resourceName);
     if (!policy) {
         // No policy registered = deny by default
-        console.warn(`No policy registered for resource: ${resourceName}`);
+        log.warn(`No policy registered for resource: ${resourceName}`);
         return false;
     }
     const actionHandler = policy[action];

package/dist/rate-limit.js CHANGED Viewed

@@ -259,13 +259,9 @@ export function createAuthRateLimiter(config = {}) {
         isLockedOut: (key, operation) => {
             const fullKey = `auth:${operation}:${key}`;
             const entry = authRateLimitStore.get(fullKey);
-            if (!entry || !entry.lockoutUntil)
+            if (!entry?.lockoutUntil)
                 return false;
-            if (entry.lockoutUntil <= Date.now()) {
-                // Lockout expired
-                return false;
-            }
-            return true;
+            return entry.lockoutUntil > Date.now();
         },
         /**
          * Get remaining attempts for a key

package/dist/session.js CHANGED Viewed

@@ -214,8 +214,7 @@ export function sessionManager(config) {
                 modified = true;
             },
             getFlash(key) {
-                const value = currentData._flashOld?.[key];
-                return value;
+                return currentData._flashOld?.[key];
             },
             getAllFlash() {
                 return currentData._flashOld ?? {};
@@ -400,6 +399,33 @@ export function sessionManager(config) {
     };
 }
 // ============================================================================
+// Session Helpers
+// ============================================================================
+/**
+ * Runs a middleware next() call with automatic session save on both success and error.
+ * Extracts the duplicated try/catch pattern from session middleware functions.
+ */
+async function withSessionSave(session, fn) {
+    try {
+        const result = await fn();
+        if (session.isModified && !session.isDestroyed) {
+            await session.save();
+        }
+        return result;
+    }
+    catch (error) {
+        if (session.isModified && !session.isDestroyed) {
+            try {
+                await session.save();
+            }
+            catch {
+                // Ignore save errors during error handling
+            }
+        }
+        throw error;
+    }
+}
+// ============================================================================
 // Session Middleware Factory
 // ============================================================================
 /**
@@ -465,31 +491,7 @@ export function sessionMiddleware(config) {
             }
             // Attach to request for hooks
             request.session = session;
-            try {
-                const result = await next({
-                    ctx: {
-                        ...ctx,
-                        session,
-                    },
-                });
-                // Auto-save session if modified
-                if (session.isModified && !session.isDestroyed) {
-                    await session.save();
-                }
-                return result;
-            }
-            catch (error) {
-                // Still try to save session on error
-                if (session.isModified && !session.isDestroyed) {
-                    try {
-                        await session.save();
-                    }
-                    catch {
-                        // Ignore save errors during error handling
-                    }
-                }
-                throw error;
-            }
+            return withSessionSave(session, () => next({ ctx: { ...ctx, session } }));
         };
     }
     /**
@@ -526,31 +528,7 @@ export function sessionMiddleware(config) {
                 };
             }
             request.session = session;
-            try {
-                const result = await next({
-                    ctx: {
-                        ...ctx,
-                        session,
-                        user,
-                        isAuthenticated: true,
-                    },
-                });
-                if (session.isModified && !session.isDestroyed) {
-                    await session.save();
-                }
-                return result;
-            }
-            catch (error) {
-                if (session.isModified && !session.isDestroyed) {
-                    try {
-                        await session.save();
-                    }
-                    catch {
-                        // Ignore
-                    }
-                }
-                throw error;
-            }
+            return withSessionSave(session, () => next({ ctx: { ...ctx, session, user, isAuthenticated: true } }));
         };
     }
     /**
@@ -583,31 +561,7 @@ export function sessionMiddleware(config) {
                 }
             }
             request.session = session;
-            try {
-                const result = await next({
-                    ctx: {
-                        ...ctx,
-                        session,
-                        user,
-                        isAuthenticated,
-                    },
-                });
-                if (session.isModified && !session.isDestroyed) {
-                    await session.save();
-                }
-                return result;
-            }
-            catch (error) {
-                if (session.isModified && !session.isDestroyed) {
-                    try {
-                        await session.save();
-                    }
-                    catch {
-                        // Ignore
-                    }
-                }
-                throw error;
-            }
+            return withSessionSave(session, () => next({ ctx: { ...ctx, session, user, isAuthenticated } }));
         };
     }
     return {

package/dist/token-store.js CHANGED Viewed

@@ -8,6 +8,8 @@
  *
  * @module auth/token-store
  */
+import { createLogger } from '@veloxts/core';
+const log = createLogger('auth');
 // ============================================================================
 // Implementation
 // ============================================================================
@@ -89,7 +91,7 @@ export function createEnhancedTokenStore(options) {
         },
         revokeAllUserTokens(userId) {
             // Placeholder - in production, implement proper user->token mapping
-            console.warn(`[Security] Token reuse detected for user ${userId}. ` +
+            log.warn(`[Security] Token reuse detected for user ${userId}. ` +
                 'All tokens should be revoked. Implement proper user->token mapping for production.');
         },
         clear() {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@veloxts/auth",
-  "version": "0.7.0",
+  "version": "0.7.2",
   "description": "Authentication and authorization system for VeloxTS framework",
   "type": "module",
   "main": "dist/index.js",
@@ -61,8 +61,8 @@
   "dependencies": {
     "@fastify/cookie": "11.0.2",
     "fastify": "5.7.4",
-    "@veloxts/core": "0.7.0",
-    "@veloxts/router": "0.7.0"
+    "@veloxts/core": "0.7.2",
+    "@veloxts/router": "0.7.2"
   },
   "peerDependencies": {
     "argon2": ">=0.30.0",
@@ -85,8 +85,8 @@
     "@vitest/coverage-v8": "4.0.18",
     "typescript": "5.9.3",
     "vitest": "4.0.18",
-    "@veloxts/testing": "0.7.0",
-    "@veloxts/validation": "0.7.0"
+    "@veloxts/testing": "0.7.2",
+    "@veloxts/validation": "0.7.2"
   },
   "keywords": [
     "velox",