npm - @venizia/ignis - Versions diffs - 0.0.7-9 → 0.0.7 - Mend

@venizia/ignis 0.0.7-9 → 0.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (446) hide show

package/dist/components/auth/authenticate/services/bearer/index.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export * from './abstract.service';
+export * from './jwks';
+export * from './jws.service';
+//# sourceMappingURL=index.d.ts.map

package/dist/components/auth/authenticate/services/bearer/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/components/auth/authenticate/services/bearer/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC;AACnC,cAAc,QAAQ,CAAC;AACvB,cAAc,eAAe,CAAC"}

package/dist/components/auth/authenticate/services/bearer/index.js ADDED Viewed

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./abstract.service"), exports);
+__exportStar(require("./jwks"), exports);
+__exportStar(require("./jws.service"), exports);
+//# sourceMappingURL=index.js.map

package/dist/components/auth/authenticate/services/bearer/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../src/components/auth/authenticate/services/bearer/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAmC;AACnC,yCAAuB;AACvB,gDAA8B"}

package/dist/components/auth/authenticate/services/bearer/jwks/abstract.service.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { Env } from 'hono';
+import { AbstractBearerTokenService } from '../abstract.service';
+/**
+ * Base class for JWKS token services (Issuer + Verifier).
+ *
+ * Consolidates the lazy-initialization pattern with retry-on-failure semantics:
+ * if `initialize()` rejects, `initPromise` is reset so the next call retries
+ * instead of caching the failure permanently.
+ */
+export declare abstract class AbstractJWKSTokenService<E extends Env = Env> extends AbstractBearerTokenService<E> {
+    protected initialized: boolean;
+    protected initPromise: Promise<void> | null;
+    protected ensureInitialized(): Promise<void>;
+    protected abstract initialize(): Promise<void>;
+}
+//# sourceMappingURL=abstract.service.d.ts.map

package/dist/components/auth/authenticate/services/bearer/jwks/abstract.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"abstract.service.d.ts","sourceRoot":"","sources":["../../../../../../../src/components/auth/authenticate/services/bearer/jwks/abstract.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAC3B,OAAO,EAAE,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AAEjE;;;;;;GAMG;AACH,8BAAsB,wBAAwB,CAC5C,CAAC,SAAS,GAAG,GAAG,GAAG,CACnB,SAAQ,0BAA0B,CAAC,CAAC,CAAC;IACrC,SAAS,CAAC,WAAW,UAAS;IAC9B,SAAS,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAQ;cAEnC,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC;IAelD,SAAS,CAAC,QAAQ,CAAC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;CAC/C"}

package/dist/components/auth/authenticate/services/bearer/jwks/abstract.service.js ADDED Viewed

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AbstractJWKSTokenService = void 0;
+const abstract_service_1 = require("../abstract.service");
+/**
+ * Base class for JWKS token services (Issuer + Verifier).
+ *
+ * Consolidates the lazy-initialization pattern with retry-on-failure semantics:
+ * if `initialize()` rejects, `initPromise` is reset so the next call retries
+ * instead of caching the failure permanently.
+ */
+class AbstractJWKSTokenService extends abstract_service_1.AbstractBearerTokenService {
+    constructor() {
+        super(...arguments);
+        this.initialized = false;
+        this.initPromise = null;
+    }
+    async ensureInitialized() {
+        if (this.initialized) {
+            return;
+        }
+        if (!this.initPromise) {
+            this.initPromise = this.initialize().catch(error => {
+                this.initPromise = null;
+                throw error;
+            });
+        }
+        await this.initPromise;
+    }
+}
+exports.AbstractJWKSTokenService = AbstractJWKSTokenService;
+//# sourceMappingURL=abstract.service.js.map

package/dist/components/auth/authenticate/services/bearer/jwks/abstract.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"abstract.service.js","sourceRoot":"","sources":["../../../../../../../src/components/auth/authenticate/services/bearer/jwks/abstract.service.ts"],"names":[],"mappings":";;;AACA,0DAAiE;AAEjE;;;;;;GAMG;AACH,MAAsB,wBAEpB,SAAQ,6CAA6B;IAFvC;;QAGY,gBAAW,GAAG,KAAK,CAAC;QACpB,gBAAW,GAAyB,IAAI,CAAC;IAkBrD,CAAC;IAhBW,KAAK,CAAC,iBAAiB;QAC/B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,OAAO;QACT,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;gBACjD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;gBACxB,MAAM,KAAK,CAAC;YACd,CAAC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,IAAI,CAAC,WAAW,CAAC;IACzB,CAAC;CAGF;AAtBD,4DAsBC"}

package/dist/components/auth/authenticate/services/bearer/jwks/index.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export * from './abstract.service';
+export * from './issuer.service';
+export * from './verifier.service';
+//# sourceMappingURL=index.d.ts.map

package/dist/components/auth/authenticate/services/bearer/jwks/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../../src/components/auth/authenticate/services/bearer/jwks/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC;AACnC,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC"}

package/dist/components/auth/authenticate/services/bearer/jwks/index.js ADDED Viewed

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./abstract.service"), exports);
+__exportStar(require("./issuer.service"), exports);
+__exportStar(require("./verifier.service"), exports);
+//# sourceMappingURL=index.js.map

package/dist/components/auth/authenticate/services/bearer/jwks/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../../src/components/auth/authenticate/services/bearer/jwks/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAmC;AACnC,mDAAiC;AACjC,qDAAmC"}

package/dist/components/auth/authenticate/services/bearer/jwks/issuer.service.d.ts ADDED Viewed

@@ -0,0 +1,46 @@
+import { TNullable, ValueOrPromise } from '@venizia/ignis-helpers';
+import { Env } from 'hono';
+import { CryptoKey, JWK, SignJWT } from 'jose';
+import { IJWKSIssuerOptions, IJWTTokenPayload, TGetTokenExpiresFn } from '../../../common';
+import { AbstractJWKSTokenService } from './abstract.service';
+export declare class JWKSIssuerTokenService<E extends Env = Env> extends AbstractJWKSTokenService<E> {
+    protected options: IJWKSIssuerOptions;
+    protected privateKey: TNullable<CryptoKey | Uint8Array>;
+    protected publicKey: TNullable<CryptoKey | Uint8Array>;
+    protected jwks: {
+        keys: JWK[];
+    } | null;
+    constructor(options: IJWKSIssuerOptions);
+    protected initialize(): Promise<void>;
+    protected resolveKeyContent(opts: {
+        keys: IJWKSIssuerOptions['keys'];
+    }): Promise<{
+        priv: string;
+        pub: string;
+    }>;
+    protected parseKeyMaterial(opts: {
+        raw: {
+            priv: string;
+            pub: string;
+        };
+        algorithm: IJWKSIssuerOptions['algorithm'];
+        keys: IJWKSIssuerOptions['keys'];
+    }): Promise<{
+        priv: Uint8Array<ArrayBufferLike> | import("node:crypto").webcrypto.CryptoKey;
+        pub: Uint8Array<ArrayBufferLike> | import("node:crypto").webcrypto.CryptoKey;
+    }>;
+    protected doVerify(token: string): Promise<IJWTTokenPayload>;
+    getSigner(opts: {
+        payload: IJWTTokenPayload;
+        getTokenExpiresFn: TGetTokenExpiresFn;
+    }): Promise<SignJWT>;
+    protected getSigningKey(): ValueOrPromise<Uint8Array | CryptoKey>;
+    protected getDefaultTokenExpiresFn(): TGetTokenExpiresFn;
+    getJWKS(): {
+        keys: JWK[];
+    };
+    getJWKSAsync(): Promise<{
+        keys: JWK[];
+    }>;
+}
+//# sourceMappingURL=issuer.service.d.ts.map

package/dist/components/auth/authenticate/services/bearer/jwks/issuer.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"issuer.service.d.ts","sourceRoot":"","sources":["../../../../../../../src/components/auth/authenticate/services/bearer/jwks/issuer.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAkB,SAAS,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACnF,OAAO,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAC3B,OAAO,EACL,SAAS,EAKT,GAAG,EAEH,OAAO,EACR,MAAM,MAAM,CAAC;AAEd,OAAO,EAEL,kBAAkB,EAClB,gBAAgB,EAGhB,kBAAkB,EACnB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAE9D,qBAAa,sBAAsB,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAE,SAAQ,wBAAwB,CAAC,CAAC,CAAC;IAOxF,SAAS,CAAC,OAAO,EAAE,kBAAkB;IANvC,SAAS,CAAC,UAAU,EAAE,SAAS,CAAC,SAAS,GAAG,UAAU,CAAC,CAAQ;IAC/D,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC,SAAS,GAAG,UAAU,CAAC,CAAQ;IAC9D,SAAS,CAAC,IAAI,EAAE;QAAE,IAAI,EAAE,GAAG,EAAE,CAAA;KAAE,GAAG,IAAI,CAAQ;gBAIlC,OAAO,EAAE,kBAAkB;cAWd,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;cA4BpC,iBAAiB,CAAC,IAAI,EAAE;QAAE,IAAI,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAA;KAAE;;;;cA0B5D,gBAAgB,CAAC,IAAI,EAAE;QACrC,GAAG,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,GAAG,EAAE,MAAM,CAAA;SAAE,CAAC;QACnC,SAAS,EAAE,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAC3C,IAAI,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC;KAClC;;;;cAoDwB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAM5D,SAAS,CAAC,IAAI,EAAE;QAC7B,OAAO,EAAE,gBAAgB,CAAC;QAC1B,iBAAiB,EAAE,kBAAkB,CAAC;KACvC;cAekB,aAAa,IAAI,cAAc,CAAC,UAAU,GAAG,SAAS,CAAC;cAQvD,wBAAwB,IAAI,kBAAkB;IAIjE,OAAO,IAAI;QAAE,IAAI,EAAE,GAAG,EAAE,CAAA;KAAE;IAWpB,YAAY,IAAI,OAAO,CAAC;QAAE,IAAI,EAAE,GAAG,EAAE,CAAA;KAAE,CAAC;CAI/C"}

package/dist/components/auth/authenticate/services/bearer/jwks/issuer.service.js ADDED Viewed

@@ -0,0 +1,168 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var JWKSIssuerTokenService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JWKSIssuerTokenService = void 0;
+const injectors_1 = require("../../../../../../base/metadata/injectors");
+const ignis_helpers_1 = require("@venizia/ignis-helpers");
+const jose_1 = require("jose");
+const promises_1 = require("node:fs/promises");
+const common_1 = require("../../../common");
+const abstract_service_1 = require("./abstract.service");
+let JWKSIssuerTokenService = JWKSIssuerTokenService_1 = class JWKSIssuerTokenService extends abstract_service_1.AbstractJWKSTokenService {
+    constructor(options) {
+        super({ scope: JWKSIssuerTokenService_1.name });
+        this.options = options;
+        this.privateKey = null;
+        this.publicKey = null;
+        this.jwks = null;
+        this.configurePayloadEncryption({
+            aesAlgorithm: this.options.aesAlgorithm,
+            applicationSecret: this.options.applicationSecret,
+            fieldCodecs: this.options.fieldCodecs,
+        });
+    }
+    async initialize() {
+        const { keys, algorithm } = this.options;
+        const raw = await this.resolveKeyContent({ keys });
+        const built = await this.parseKeyMaterial({ raw, algorithm, keys });
+        this.privateKey = built.priv;
+        this.publicKey = built.pub;
+        const publicJWK = await (0, jose_1.exportJWK)(this.publicKey);
+        publicJWK.kid = this.options.kid;
+        publicJWK.alg = algorithm;
+        publicJWK.use = 'sig';
+        this.jwks = { keys: [publicJWK] };
+        this.initialized = true;
+        this.logger
+            .for(this.initialize.name)
+            .info('JWKS issuer initialized | driver: %s | format: %s | kid: %s', keys.driver, keys.format, this.options.kid);
+    }
+    async resolveKeyContent(opts) {
+        const { keys } = opts;
+        switch (keys.driver) {
+            case common_1.JWKSKeyDrivers.FILE: {
+                const [priv, pub] = await Promise.all([
+                    (0, promises_1.readFile)(keys.private, 'utf-8'),
+                    (0, promises_1.readFile)(keys.public, 'utf-8'),
+                ]);
+                return { priv, pub };
+            }
+            case common_1.JWKSKeyDrivers.TEXT: {
+                return {
+                    priv: keys.private,
+                    pub: keys.public,
+                };
+            }
+            default: {
+                throw (0, ignis_helpers_1.getError)({
+                    statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+                    message: `[JWKSIssuerTokenService] Unknown key driver: ${keys.driver}`,
+                });
+            }
+        }
+    }
+    async parseKeyMaterial(opts) {
+        const { raw, algorithm, keys } = opts;
+        if (!raw.priv) {
+            throw (0, ignis_helpers_1.getError)({
+                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+                message: '[JWKSIssuerTokenService] Invalid raw.priv key!',
+            });
+        }
+        if (!raw.pub) {
+            throw (0, ignis_helpers_1.getError)({
+                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+                message: '[JWKSIssuerTokenService] Invalid raw.pub key!',
+            });
+        }
+        switch (keys.format) {
+            case common_1.JWKSKeyFormats.PEM: {
+                const priv = await (0, jose_1.importPKCS8)(raw.priv, algorithm);
+                const pub = await (0, jose_1.importSPKI)(raw.pub, algorithm);
+                return { priv, pub };
+            }
+            case common_1.JWKSKeyFormats.JWK: {
+                try {
+                    const parsed = {
+                        priv: JSON.parse(raw.priv),
+                        pub: JSON.parse(raw.pub),
+                    };
+                    const priv = await (0, jose_1.importJWK)(parsed.priv, algorithm);
+                    const pub = await (0, jose_1.importJWK)(parsed.pub, algorithm);
+                    return { priv, pub };
+                }
+                catch (error) {
+                    this.logger
+                        .for(this.parseKeyMaterial.name)
+                        .error('Invalid JWK key material | Error: %s', error);
+                    throw (0, ignis_helpers_1.getError)({
+                        statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+                        message: '[JWKSIssuerTokenService] Invalid JWK key material',
+                    });
+                }
+            }
+            default: {
+                throw (0, ignis_helpers_1.getError)({
+                    statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+                    message: `[JWKSIssuerTokenService] Unknown key format: ${keys.format}`,
+                });
+            }
+        }
+    }
+    async doVerify(token) {
+        await this.ensureInitialized();
+        const result = await (0, jose_1.jwtVerify)(token, this.publicKey);
+        return this.decryptPayload({ result });
+    }
+    async getSigner(opts) {
+        await this.ensureInitialized();
+        const now = Math.floor(Date.now() / 1000);
+        const expiresIn = await opts.getTokenExpiresFn();
+        const encryptedPayload = this.encryptPayload(opts.payload);
+        return new jose_1.SignJWT({ ...encryptedPayload })
+            .setProtectedHeader({ alg: this.options.algorithm, kid: this.options.kid })
+            .setIssuedAt()
+            .setExpirationTime(now + expiresIn)
+            .setNotBefore(now);
+    }
+    getSigningKey() {
+        if (!this.privateKey) {
+            throw (0, ignis_helpers_1.getError)({ message: '[getSigningKey] Invalid privateKey!' });
+        }
+        return this.privateKey;
+    }
+    getDefaultTokenExpiresFn() {
+        return this.options.getTokenExpiresFn;
+    }
+    getJWKS() {
+        if (!this.jwks) {
+            throw (0, ignis_helpers_1.getError)({
+                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+                message: '[JWKSIssuerTokenService] JWKS not initialized yet. Call getJWKSAsync() instead.',
+            });
+        }
+        return this.jwks;
+    }
+    async getJWKSAsync() {
+        await this.ensureInitialized();
+        return this.jwks;
+    }
+};
+exports.JWKSIssuerTokenService = JWKSIssuerTokenService;
+exports.JWKSIssuerTokenService = JWKSIssuerTokenService = JWKSIssuerTokenService_1 = __decorate([
+    __param(0, (0, injectors_1.inject)({ key: common_1.AuthenticateBindingKeys.JWKS_OPTIONS })),
+    __metadata("design:paramtypes", [Object])
+], JWKSIssuerTokenService);
+//# sourceMappingURL=issuer.service.js.map

package/dist/components/auth/authenticate/services/bearer/jwks/issuer.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"issuer.service.js","sourceRoot":"","sources":["../../../../../../../src/components/auth/authenticate/services/bearer/jwks/issuer.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yDAAmD;AACnD,0DAAmF;AAEnF,+BASc;AACd,+CAA4C;AAC5C,4CAOyB;AACzB,yDAA8D;AAE9D,IAAa,sBAAsB,8BAAnC,MAAa,sBAA4C,SAAQ,2CAA2B;IAK1F,YAEE,OAAqC;QAErC,KAAK,CAAC,EAAE,KAAK,EAAE,wBAAsB,CAAC,IAAI,EAAE,CAAC,CAAC;QAFpC,YAAO,GAAP,OAAO,CAAoB;QAN7B,eAAU,GAAsC,IAAI,CAAC;QACrD,cAAS,GAAsC,IAAI,CAAC;QACpD,SAAI,GAA2B,IAAI,CAAC;QAQ5C,IAAI,CAAC,0BAA0B,CAAC;YAC9B,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY;YACvC,iBAAiB,EAAE,IAAI,CAAC,OAAO,CAAC,iBAAiB;YACjD,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;SACtC,CAAC,CAAC;IACL,CAAC;IAEkB,KAAK,CAAC,UAAU;QACjC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;QAEzC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACnD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC;QAE3B,MAAM,SAAS,GAAG,MAAM,IAAA,gBAAS,EAAC,IAAI,CAAC,SAAU,CAAC,CAAC;QACnD,SAAS,CAAC,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;QACjC,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC;QAC1B,SAAS,CAAC,GAAG,GAAG,KAAK,CAAC;QAEtB,IAAI,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC;QAElC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAExB,IAAI,CAAC,MAAM;aACR,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;aACzB,IAAI,CACH,6DAA6D,EAC7D,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,OAAO,CAAC,GAAG,CACjB,CAAC;IACN,CAAC;IAES,KAAK,CAAC,iBAAiB,CAAC,IAA0C;QAC1E,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;QAEtB,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;YACpB,KAAK,uBAAc,CAAC,IAAI,CAAC,CAAC,CAAC;gBACzB,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;oBACpC,IAAA,mBAAQ,EAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC;oBAC/B,IAAA,mBAAQ,EAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC;iBAC/B,CAAC,CAAC;gBACH,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;YACvB,CAAC;YACD,KAAK,uBAAc,CAAC,IAAI,CAAC,CAAC,CAAC;gBACzB,OAAO;oBACL,IAAI,EAAE,IAAI,CAAC,OAAO;oBAClB,GAAG,EAAE,IAAI,CAAC,MAAM;iBACjB,CAAC;YACJ,CAAC;YACD,OAAO,CAAC,CAAC,CAAC;gBACR,MAAM,IAAA,wBAAQ,EAAC;oBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;oBACrD,OAAO,EAAE,gDAAgD,IAAI,CAAC,MAAM,EAAE;iBACvE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,IAIhC;QACC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;QAEtC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACd,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;gBACrD,OAAO,EAAE,gDAAgD;aAC1D,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YACb,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;gBACrD,OAAO,EAAE,+CAA+C;aACzD,CAAC,CAAC;QACL,CAAC;QAED,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;YACpB,KAAK,uBAAc,CAAC,GAAG,CAAC,CAAC,CAAC;gBACxB,MAAM,IAAI,GAAG,MAAM,IAAA,kBAAW,EAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBACpD,MAAM,GAAG,GAAG,MAAM,IAAA,iBAAU,EAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;gBACjD,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;YACvB,CAAC;YACD,KAAK,uBAAc,CAAC,GAAG,CAAC,CAAC,CAAC;gBACxB,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG;wBACb,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAQ;wBACjC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAQ;qBAChC,CAAC;oBAEF,MAAM,IAAI,GAAG,MAAM,IAAA,gBAAS,EAAC,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;oBACrD,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAS,EAAC,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;oBACnD,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;gBACvB,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,IAAI,CAAC,MAAM;yBACR,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;yBAC/B,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;oBACxD,MAAM,IAAA,wBAAQ,EAAC;wBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;wBACrD,OAAO,EAAE,mDAAmD;qBAC7D,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,OAAO,CAAC,CAAC,CAAC;gBACR,MAAM,IAAA,wBAAQ,EAAC;oBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;oBACrD,OAAO,EAAE,gDAAgD,IAAI,CAAC,MAAM,EAAE;iBACvE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAEkB,KAAK,CAAC,QAAQ,CAAC,KAAa;QAC7C,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,IAAA,gBAAS,EAAmB,KAAK,EAAE,IAAI,CAAC,SAAU,CAAC,CAAC;QACzE,OAAO,IAAI,CAAC,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IACzC,CAAC;IAEQ,KAAK,CAAC,SAAS,CAAC,IAGxB;QACC,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE/B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEjD,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE3D,OAAO,IAAI,cAAO,CAAC,EAAE,GAAG,gBAAgB,EAAE,CAAC;aACxC,kBAAkB,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;aAC1E,WAAW,EAAE;aACb,iBAAiB,CAAC,GAAG,GAAG,SAAS,CAAC;aAClC,YAAY,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IAEkB,aAAa;QAC9B,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAA,wBAAQ,EAAC,EAAE,OAAO,EAAE,qCAAqC,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAEkB,wBAAwB;QACzC,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC;IACxC,CAAC;IAED,OAAO;QACL,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACf,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;gBACrD,OAAO,EAAE,iFAAiF;aAC3F,CAAC,CAAC;QACL,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC,IAAK,CAAC;IACpB,CAAC;CACF,CAAA;AAnLY,wDAAsB;iCAAtB,sBAAsB;IAM9B,WAAA,IAAA,kBAAM,EAAC,EAAE,GAAG,EAAE,gCAAuB,CAAC,YAAY,EAAE,CAAC,CAAA;;GAN7C,sBAAsB,CAmLlC"}

package/dist/components/auth/authenticate/services/bearer/jwks/verifier.service.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { Env } from 'hono';
+import { createRemoteJWKSet, SignJWT } from 'jose';
+import { IJWKSVerifierOptions, IJWTTokenPayload, TGetTokenExpiresFn } from '../../../common';
+import { AbstractJWKSTokenService } from './abstract.service';
+export declare class JWKSVerifierTokenService<E extends Env = Env> extends AbstractJWKSTokenService<E> {
+    protected options: IJWKSVerifierOptions;
+    protected jwksVerifier: ReturnType<typeof createRemoteJWKSet> | null;
+    constructor(options: IJWKSVerifierOptions);
+    protected initialize(): Promise<void>;
+    protected doVerify(token: string): Promise<IJWTTokenPayload>;
+    getSigner(_opts: {
+        payload: IJWTTokenPayload;
+        getTokenExpiresFn: TGetTokenExpiresFn;
+    }): Promise<SignJWT>;
+    protected getSigningKey(): never;
+    protected getDefaultTokenExpiresFn(): never;
+}
+//# sourceMappingURL=verifier.service.d.ts.map

package/dist/components/auth/authenticate/services/bearer/jwks/verifier.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verifier.service.d.ts","sourceRoot":"","sources":["../../../../../../../src/components/auth/authenticate/services/bearer/jwks/verifier.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAC3B,OAAO,EAAE,kBAAkB,EAAa,OAAO,EAAE,MAAM,MAAM,CAAC;AAC9D,OAAO,EAEL,oBAAoB,EACpB,gBAAgB,EAChB,kBAAkB,EACnB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAE9D,qBAAa,wBAAwB,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAE,SAAQ,wBAAwB,CAAC,CAAC,CAAC;IAK1F,SAAS,CAAC,OAAO,EAAE,oBAAoB;IAJzC,SAAS,CAAC,YAAY,EAAE,UAAU,CAAC,OAAO,kBAAkB,CAAC,GAAG,IAAI,CAAQ;gBAIhE,OAAO,EAAE,oBAAoB;cAUhB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;cAc3B,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAM5D,SAAS,CAAC,KAAK,EAAE;QAC9B,OAAO,EAAE,gBAAgB,CAAC;QAC1B,iBAAiB,EAAE,kBAAkB,CAAC;KACvC,GAAG,OAAO,CAAC,OAAO,CAAC;cAOD,aAAa,IAAI,KAAK;cAOtB,wBAAwB,IAAI,KAAK;CAMrD"}

package/dist/components/auth/authenticate/services/bearer/jwks/verifier.service.js ADDED Viewed

@@ -0,0 +1,73 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var JWKSVerifierTokenService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JWKSVerifierTokenService = void 0;
+const injectors_1 = require("../../../../../../base/metadata/injectors");
+const ignis_helpers_1 = require("@venizia/ignis-helpers");
+const jose_1 = require("jose");
+const common_1 = require("../../../common");
+const abstract_service_1 = require("./abstract.service");
+let JWKSVerifierTokenService = JWKSVerifierTokenService_1 = class JWKSVerifierTokenService extends abstract_service_1.AbstractJWKSTokenService {
+    constructor(options) {
+        super({ scope: JWKSVerifierTokenService_1.name });
+        this.options = options;
+        this.jwksVerifier = null;
+        this.configurePayloadEncryption({
+            aesAlgorithm: this.options.aesAlgorithm,
+            applicationSecret: this.options.applicationSecret,
+            fieldCodecs: this.options.fieldCodecs,
+        });
+    }
+    async initialize() {
+        const jwksUrl = new URL(this.options.jwksUrl);
+        this.jwksVerifier = (0, jose_1.createRemoteJWKSet)(jwksUrl, {
+            cacheMaxAge: this.options.cacheTtlMs ?? 43_200_000,
+            cooldownDuration: this.options.cooldownMs ?? 30_000,
+        });
+        this.initialized = true;
+        this.logger
+            .for(this.initialize.name)
+            .info('JWKS verifier initialized | url: %s', this.options.jwksUrl);
+    }
+    async doVerify(token) {
+        await this.ensureInitialized();
+        const result = await (0, jose_1.jwtVerify)(token, this.jwksVerifier);
+        return this.decryptPayload({ result });
+    }
+    async getSigner(_opts) {
+        throw (0, ignis_helpers_1.getError)({
+            statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+            message: '[JWKSVerifierTokenService] Verifier mode cannot sign tokens',
+        });
+    }
+    getSigningKey() {
+        throw (0, ignis_helpers_1.getError)({
+            statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+            message: '[JWKSVerifierTokenService] Verifier mode cannot sign tokens',
+        });
+    }
+    getDefaultTokenExpiresFn() {
+        throw (0, ignis_helpers_1.getError)({
+            statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+            message: '[JWKSVerifierTokenService] Verifier mode has no token expiry',
+        });
+    }
+};
+exports.JWKSVerifierTokenService = JWKSVerifierTokenService;
+exports.JWKSVerifierTokenService = JWKSVerifierTokenService = JWKSVerifierTokenService_1 = __decorate([
+    __param(0, (0, injectors_1.inject)({ key: common_1.AuthenticateBindingKeys.JWKS_OPTIONS })),
+    __metadata("design:paramtypes", [Object])
+], JWKSVerifierTokenService);
+//# sourceMappingURL=verifier.service.js.map

package/dist/components/auth/authenticate/services/bearer/jwks/verifier.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verifier.service.js","sourceRoot":"","sources":["../../../../../../../src/components/auth/authenticate/services/bearer/jwks/verifier.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yDAAmD;AACnD,0DAAwD;AAExD,+BAA8D;AAC9D,4CAKyB;AACzB,yDAA8D;AAE9D,IAAa,wBAAwB,gCAArC,MAAa,wBAA8C,SAAQ,2CAA2B;IAG5F,YAEE,OAAuC;QAEvC,KAAK,CAAC,EAAE,KAAK,EAAE,0BAAwB,CAAC,IAAI,EAAE,CAAC,CAAC;QAFtC,YAAO,GAAP,OAAO,CAAsB;QAJ/B,iBAAY,GAAiD,IAAI,CAAC;QAO1E,IAAI,CAAC,0BAA0B,CAAC;YAC9B,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY;YACvC,iBAAiB,EAAE,IAAI,CAAC,OAAO,CAAC,iBAAiB;YACjD,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;SACtC,CAAC,CAAC;IACL,CAAC;IAEkB,KAAK,CAAC,UAAU;QACjC,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC9C,IAAI,CAAC,YAAY,GAAG,IAAA,yBAAkB,EAAC,OAAO,EAAE;YAC9C,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,UAAU;YAClD,gBAAgB,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,MAAM;SACpD,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAExB,IAAI,CAAC,MAAM;aACR,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;aACzB,IAAI,CAAC,qCAAqC,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACvE,CAAC;IAEkB,KAAK,CAAC,QAAQ,CAAC,KAAa;QAC7C,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,IAAA,gBAAS,EAAmB,KAAK,EAAE,IAAI,CAAC,YAAa,CAAC,CAAC;QAC5E,OAAO,IAAI,CAAC,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IACzC,CAAC;IAEQ,KAAK,CAAC,SAAS,CAAC,KAGxB;QACC,MAAM,IAAA,wBAAQ,EAAC;YACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;YACrD,OAAO,EAAE,6DAA6D;SACvE,CAAC,CAAC;IACL,CAAC;IAEkB,aAAa;QAC9B,MAAM,IAAA,wBAAQ,EAAC;YACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;YACrD,OAAO,EAAE,6DAA6D;SACvE,CAAC,CAAC;IACL,CAAC;IAEkB,wBAAwB;QACzC,MAAM,IAAA,wBAAQ,EAAC;YACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;YACrD,OAAO,EAAE,8DAA8D;SACxE,CAAC,CAAC;IACL,CAAC;CACF,CAAA;AA1DY,4DAAwB;mCAAxB,wBAAwB;IAIhC,WAAA,IAAA,kBAAM,EAAC,EAAE,GAAG,EAAE,gCAAuB,CAAC,YAAY,EAAE,CAAC,CAAA;;GAJ7C,wBAAwB,CA0DpC"}

package/dist/components/auth/authenticate/services/bearer/jws.service.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { ValueOrPromise } from '@venizia/ignis-helpers';
+import { Env } from 'hono';
+import { SignJWT } from 'jose';
+import { IJWSTokenServiceOptions, IJWTTokenPayload, TGetTokenExpiresFn } from '../../common';
+import { AbstractBearerTokenService } from './abstract.service';
+/** Symmetric JWT (JWS) token service with optional AES-encrypted payloads. */
+export declare class JWSTokenService<E extends Env = Env> extends AbstractBearerTokenService<E> {
+    protected options: IJWSTokenServiceOptions;
+    protected jwtSecret: Uint8Array;
+    constructor(options: IJWSTokenServiceOptions);
+    protected doVerify(token: string): Promise<IJWTTokenPayload>;
+    getSigner(opts: {
+        payload: IJWTTokenPayload;
+        getTokenExpiresFn: TGetTokenExpiresFn;
+    }): Promise<SignJWT>;
+    protected getSigningKey(): ValueOrPromise<Uint8Array>;
+    protected getDefaultTokenExpiresFn(): TGetTokenExpiresFn;
+}
+//# sourceMappingURL=jws.service.d.ts.map

package/dist/components/auth/authenticate/services/bearer/jws.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"jws.service.d.ts","sourceRoot":"","sources":["../../../../../../src/components/auth/authenticate/services/bearer/jws.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAkB,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxE,OAAO,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAC3B,OAAO,EAAa,OAAO,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAEL,uBAAuB,EACvB,gBAAgB,EAChB,kBAAkB,EACnB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAEhE,8EAA8E;AAC9E,qBAAa,eAAe,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAE,SAAQ,0BAA0B,CAAC,CAAC,CAAC;IAKnF,SAAS,CAAC,OAAO,EAAE,uBAAuB;IAJ5C,SAAS,CAAC,SAAS,EAAE,UAAU,CAAC;gBAIpB,OAAO,EAAE,uBAAuB;cA4BnB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAK5D,SAAS,CAAC,IAAI,EAAE;QAC7B,OAAO,EAAE,gBAAgB,CAAC;QAC1B,iBAAiB,EAAE,kBAAkB,CAAC;KACvC;cAakB,aAAa,IAAI,cAAc,CAAC,UAAU,CAAC;cAQ3C,wBAAwB,IAAI,kBAAkB;CAGlE"}

package/dist/components/auth/authenticate/services/bearer/jws.service.js ADDED Viewed

@@ -0,0 +1,76 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var JWSTokenService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JWSTokenService = void 0;
+const injectors_1 = require("../../../../../base/metadata/injectors");
+const ignis_helpers_1 = require("@venizia/ignis-helpers");
+const jose_1 = require("jose");
+const common_1 = require("../../common");
+const abstract_service_1 = require("./abstract.service");
+/** Symmetric JWT (JWS) token service with optional AES-encrypted payloads. */
+let JWSTokenService = JWSTokenService_1 = class JWSTokenService extends abstract_service_1.AbstractBearerTokenService {
+    constructor(options) {
+        super({ scope: JWSTokenService_1.name });
+        this.options = options;
+        const { aesAlgorithm, jwtSecret, applicationSecret, getTokenExpiresFn } = options ?? {};
+        if (!jwtSecret) {
+            throw (0, ignis_helpers_1.getError)({
+                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+                message: '[JWSTokenService] Invalid jwtSecret',
+            });
+        }
+        if (!getTokenExpiresFn) {
+            throw (0, ignis_helpers_1.getError)({
+                statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_5.InternalServerError,
+                message: '[JWSTokenService] Invalid getTokenExpiresFn',
+            });
+        }
+        this.configurePayloadEncryption({
+            aesAlgorithm,
+            applicationSecret,
+            fieldCodecs: options.fieldCodecs,
+        });
+        this.jwtSecret = new TextEncoder().encode(this.options.jwtSecret);
+    }
+    async doVerify(token) {
+        const decodedToken = await (0, jose_1.jwtVerify)(token, this.jwtSecret, {});
+        return this.decryptPayload({ result: decodedToken });
+    }
+    async getSigner(opts) {
+        const now = Math.floor(Date.now() / 1000);
+        const expiresIn = await opts.getTokenExpiresFn();
+        const encryptedPayload = this.encryptPayload(opts.payload);
+        return new jose_1.SignJWT(Object.assign({}, encryptedPayload))
+            .setProtectedHeader({ alg: this.options.headerAlgorithm ?? 'HS256' })
+            .setIssuedAt()
+            .setExpirationTime(now + expiresIn)
+            .setNotBefore(now);
+    }
+    getSigningKey() {
+        if (!this.jwtSecret) {
+            throw (0, ignis_helpers_1.getError)({ message: '[getSigningKey] Invalid jwtSecret!' });
+        }
+        return this.jwtSecret;
+    }
+    getDefaultTokenExpiresFn() {
+        return this.options.getTokenExpiresFn;
+    }
+};
+exports.JWSTokenService = JWSTokenService;
+exports.JWSTokenService = JWSTokenService = JWSTokenService_1 = __decorate([
+    __param(0, (0, injectors_1.inject)({ key: common_1.AuthenticateBindingKeys.JWT_OPTIONS })),
+    __metadata("design:paramtypes", [Object])
+], JWSTokenService);
+//# sourceMappingURL=jws.service.js.map

package/dist/components/auth/authenticate/services/bearer/jws.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"jws.service.js","sourceRoot":"","sources":["../../../../../../src/components/auth/authenticate/services/bearer/jws.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yDAAmD;AACnD,0DAAwE;AAExE,+BAA0C;AAC1C,yCAKsB;AACtB,yDAAgE;AAEhE,8EAA8E;AAC9E,IAAa,eAAe,uBAA5B,MAAa,eAAqC,SAAQ,6CAA6B;IAGrF,YAEY,OAAgC;QAE1C,KAAK,CAAC,EAAE,KAAK,EAAE,iBAAe,CAAC,IAAI,EAAE,CAAC,CAAC;QAF7B,YAAO,GAAP,OAAO,CAAyB;QAI1C,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;QAExF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;gBACrD,OAAO,EAAE,qCAAqC;aAC/C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB;gBACrD,OAAO,EAAE,6CAA6C;aACvD,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,0BAA0B,CAAC;YAC9B,YAAY;YACZ,iBAAiB;YACjB,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC,CAAC;QACH,IAAI,CAAC,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACpE,CAAC;IAEkB,KAAK,CAAC,QAAQ,CAAC,KAAa;QAC7C,MAAM,YAAY,GAAG,MAAM,IAAA,gBAAS,EAAmB,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAClF,OAAO,IAAI,CAAC,cAAc,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;IACvD,CAAC;IAEQ,KAAK,CAAC,SAAS,CAAC,IAGxB;QACC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEjD,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE3D,OAAO,IAAI,cAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,gBAAgB,CAAC,CAAC;aACpD,kBAAkB,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,eAAe,IAAI,OAAO,EAAE,CAAC;aACpE,WAAW,EAAE;aACb,iBAAiB,CAAC,GAAG,GAAG,SAAS,CAAC;aAClC,YAAY,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IAEkB,aAAa;QAC9B,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,IAAA,wBAAQ,EAAC,EAAE,OAAO,EAAE,oCAAoC,EAAE,CAAC,CAAC;QACpE,CAAC;QAED,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAEkB,wBAAwB;QACzC,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC;IACxC,CAAC;CACF,CAAA;AAjEY,0CAAe;0BAAf,eAAe;IAIvB,WAAA,IAAA,kBAAM,EAAC,EAAE,GAAG,EAAE,gCAAuB,CAAC,WAAW,EAAE,CAAC,CAAA;;GAJ5C,eAAe,CAiE3B"}

package/dist/components/auth/authenticate/services/index.d.ts CHANGED Viewed

@@ -1,3 +1,3 @@
-export * from './basic-token.service';
-export * from './jwt-token.service';
+export * from './basic';
+export * from './bearer';
 //# sourceMappingURL=index.d.ts.map

package/dist/components/auth/authenticate/services/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authenticate/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,~~uBAAuB~~,CAAC;~~AACtC~~,cAAc,~~qBAAqB~~,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authenticate/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,UAAU,CAAC"}

package/dist/components/auth/authenticate/services/index.js CHANGED Viewed

@@ -14,6 +14,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./basic-token.service"), exports);
-__exportStar(require("./jwt-token.service"), exports);
+__exportStar(require("./basic"), exports);
+__exportStar(require("./bearer"), exports);
 //# sourceMappingURL=index.js.map

package/dist/components/auth/authenticate/services/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/components/auth/authenticate/services/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,~~wDAAsC~~;~~AACtC~~,~~sDAAoC~~"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/components/auth/authenticate/services/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0CAAwB;AACxB,2CAAyB"}

package/dist/components/auth/authenticate/strategies/basic.strategy.d.ts CHANGED Viewed

@@ -3,28 +3,7 @@ import { BaseHelper } from '@venizia/ignis-helpers';
 import { Env } from 'hono';
 import { IAuthUser, IAuthenticationStrategy } from '../common';
 import { BasicTokenService } from '../services';
-/**
- * Basic Authentication Strategy.
- *
- * Implements HTTP Basic Authentication by extracting credentials from
- * the `Authorization: Basic <base64>` header and verifying them using
- * a user-provided verification function.
- *
- * @example
- * ```typescript
- * // Register the strategy
- * AuthenticationStrategyRegistry.getInstance().register({
- *   container: this,
- *   name: Authentication.STRATEGY_BASIC,
- *   strategy: BasicAuthenticationStrategy,
- * });
- *
- * // Use in routes
- * authenticate: { strategies: ['basic'] }
- * // Or with JWT fallback
- * authenticate: { strategies: ['jwt', 'basic'], mode: 'any' }
- * ```
- */
+/** HTTP Basic Authentication strategy using Authorization header credentials. */
 export declare class BasicAuthenticationStrategy<E extends Env = Env> extends BaseHelper implements IAuthenticationStrategy<E> {
     private service;
     name: string;