npm - @versini/auth-common - Versions diffs - 3.2.0 → 3.3.0 - Mend

@versini/auth-common 3.2.0 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -94,6 +94,43 @@ type GetToken = {
 };
 declare const getToken: ({ headers, body, clientId }: GetToken) => string;
-declare const isGranted: (token: string, scopes: string[]) => Promise<boolean>;
+type ScopesGrants = {
+    [key: string]: string[];
+} | string[];
+/**
+ * Checks if the given token grants the required scopes.
+ *
+ * This function verifies the provided token and extracts its payload.
+ * It then checks if the token contains the required scopes. The scopes can be provided
+ * either as an array of strings or as a map of string arrays. When the scopes are provided
+ * as a map, the function checks if the token contains at least one of the scopes in each
+ * of the map's values (OR operation).
+ *
+ *
+ * @async
+ * @function isGranted
+ * @param {string} token - The token to be verified and checked for scopes.
+ * @param {ScopesGrants} scopes - The required scopes. This can be an array of strings
+ *  															representing the scopes or a map where the keys are strings
+ * 																and the values are arrays of strings representing the scopes.
+ * @returns {Promise<boolean>} - A promise that resolves to a boolean indicating whether the
+ * 															token grants the required scopes.
+ *
+ * @example
+ * Example with an array of scopes (AND operation)
+ * const scopesArray = ["read", "write"];
+ * const res = isGranted(token, scopesArray);
+ * console.log(res); // true only if the token has both "read" and "write" scopes
+ *
+ * @example
+ * Example with a map of scopes (OR operation)
+ * const scopesMap = {
+ * 	"admin": ["read", "write"],
+ * 	"user": ["read"]
+ * };
+ * const res = isGranted(token, scopesMap);
+ * console.log(res); // true if the token has either "read" and "write" scopes or "read" scope
+ */
+declare const isGranted: (token: string, scopes: ScopesGrants) => Promise<boolean>;
-export { API_TYPE, AUTH_TYPES, BODY, type BodyLike, HEADERS, type HeadersLike, JWT, JWT_PUBLIC_KEY, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, getToken, isGranted, pkceChallengePair, verifyAndExtractToken, verifyChallenge };
+export { API_TYPE, AUTH_TYPES, BODY, type BodyLike, HEADERS, type HeadersLike, JWT, JWT_PUBLIC_KEY, type ScopesGrants, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, getToken, isGranted, pkceChallengePair, verifyAndExtractToken, verifyChallenge };

package/dist/index.js CHANGED Viewed

@@ -1,11 +1,11 @@
 /*!
-  @versini/auth-common v3.2.0
+  @versini/auth-common v3.3.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "3.2.0",
-    buildTime: "07/21/2024 03:41 PM EDT",
+    version: "3.3.0",
+    buildTime: "07/21/2024 07:33 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
@@ -51,7 +51,7 @@ awIDAQAB
   LOGOUT: "logout"
 }, O = crypto, G = (e) => e instanceof CryptoKey, T = new TextEncoder(), C = new TextDecoder();
 function oe(...e) {
-  const t = e.reduce((a, { length: i }) => a + i, 0), r = new Uint8Array(t);
+  const t = e.reduce((a, { length: o }) => a + o, 0), r = new Uint8Array(t);
   let n = 0;
   for (const a of e)
     r.set(a, n), n += a.length;
@@ -139,7 +139,7 @@ class se extends A {
 function m(e, t = "algorithm.name") {
   return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
 }
-function _(e, t) {
+function v(e, t) {
   return e.name === t;
 }
 function W(e) {
@@ -172,7 +172,7 @@ function le(e, t, ...r) {
     case "HS256":
     case "HS384":
     case "HS512": {
-      if (!_(e.algorithm, "HMAC"))
+      if (!v(e.algorithm, "HMAC"))
         throw m("HMAC");
       const n = parseInt(t.slice(2), 10);
       if (W(e.algorithm.hash) !== n)
@@ -182,7 +182,7 @@ function le(e, t, ...r) {
     case "RS256":
     case "RS384":
     case "RS512": {
-      if (!_(e.algorithm, "RSASSA-PKCS1-v1_5"))
+      if (!v(e.algorithm, "RSASSA-PKCS1-v1_5"))
         throw m("RSASSA-PKCS1-v1_5");
       const n = parseInt(t.slice(2), 10);
       if (W(e.algorithm.hash) !== n)
@@ -192,7 +192,7 @@ function le(e, t, ...r) {
     case "PS256":
     case "PS384":
     case "PS512": {
-      if (!_(e.algorithm, "RSA-PSS"))
+      if (!v(e.algorithm, "RSA-PSS"))
         throw m("RSA-PSS");
       const n = parseInt(t.slice(2), 10);
       if (W(e.algorithm.hash) !== n)
@@ -207,7 +207,7 @@ function le(e, t, ...r) {
     case "ES256":
     case "ES384":
     case "ES512": {
-      if (!_(e.algorithm, "ECDSA"))
+      if (!v(e.algorithm, "ECDSA"))
         throw m("ECDSA");
       const n = de(t);
       if (e.algorithm.namedCurve !== n)
@@ -242,10 +242,10 @@ const X = (e) => G(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "K
       r = new Set(a);
       continue;
     }
-    for (const i of a) {
-      if (r.has(i))
+    for (const o of a) {
+      if (r.has(o))
         return !1;
-      r.add(i);
+      r.add(o);
     }
   }
   return !0;
@@ -357,8 +357,8 @@ const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j
   let a = e.get(t);
   if (a != null && a[n])
     return a[n];
-  const i = await Se({ ...r, alg: n });
-  return a ? a[n] = i : e.set(t, { [n]: i }), i;
+  const o = await Se({ ...r, alg: n });
+  return a ? a[n] = o : e.set(t, { [n]: o }), o;
 }, ye = (e, t) => {
   if (Z(e)) {
     let r = e.export({ format: "jwk" });
@@ -377,7 +377,7 @@ const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j
   if (n === -1)
     return !1;
   const a = e.subarray(n, n + t.length);
-  return a.length !== t.length ? !1 : a.every((i, o) => i === t[o]) || E(e, t, n + 1);
+  return a.length !== t.length ? !1 : a.every((o, i) => o === t[i]) || E(e, t, n + 1);
 }, k = (e) => {
   switch (!0) {
     case E(e, [42, 134, 72, 206, 61, 3, 1, 7]):
@@ -398,52 +398,52 @@ const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j
       throw new w("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
 }, ge = async (e, t, r, n, a) => {
-  let i, o;
+  let o, i;
   const c = new Uint8Array(atob(r.replace(e, "")).split("").map((s) => s.charCodeAt(0)));
   switch (n) {
     case "PS256":
     case "PS384":
     case "PS512":
-      i = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, o = ["verify"];
+      o = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, i = ["verify"];
       break;
     case "RS256":
     case "RS384":
     case "RS512":
-      i = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, o = ["verify"];
+      o = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, i = ["verify"];
       break;
     case "RSA-OAEP":
     case "RSA-OAEP-256":
     case "RSA-OAEP-384":
     case "RSA-OAEP-512":
-      i = {
+      o = {
         name: "RSA-OAEP",
         hash: `SHA-${parseInt(n.slice(-3), 10) || 1}`
-      }, o = ["encrypt", "wrapKey"];
+      }, i = ["encrypt", "wrapKey"];
       break;
     case "ES256":
-      i = { name: "ECDSA", namedCurve: "P-256" }, o = ["verify"];
+      o = { name: "ECDSA", namedCurve: "P-256" }, i = ["verify"];
       break;
     case "ES384":
-      i = { name: "ECDSA", namedCurve: "P-384" }, o = ["verify"];
+      o = { name: "ECDSA", namedCurve: "P-384" }, i = ["verify"];
       break;
     case "ES512":
-      i = { name: "ECDSA", namedCurve: "P-521" }, o = ["verify"];
+      o = { name: "ECDSA", namedCurve: "P-521" }, i = ["verify"];
       break;
     case "ECDH-ES":
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
       const s = k(c);
-      i = s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: s }, o = [];
+      o = s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: s }, i = [];
       break;
     }
     case "EdDSA":
-      i = { name: k(c) }, o = ["verify"];
+      o = { name: k(c) }, i = ["verify"];
       break;
     default:
       throw new w('Invalid or unsupported "alg" (Algorithm) value');
   }
-  return O.subtle.importKey(t, c, i, !1, o);
+  return O.subtle.importKey(t, c, o, !1, i);
 }, Ae = (e, t, r) => ge(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
 async function be(e, t, r) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
@@ -466,25 +466,25 @@ const P = (e) => e == null ? void 0 : e[Symbol.toStringTag], Ce = (e, t) => {
     throw new TypeError(`${P(t)} instances for asymmetric algorithm verifying must be of type "public"`);
   if (t.algorithm && r === "encrypt" && t.type === "private")
     throw new TypeError(`${P(t)} instances for asymmetric algorithm encryption must be of type "public"`);
-}, _e = (e, t, r) => {
+}, ve = (e, t, r) => {
   e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Ce(e, t) : Te(e, t, r);
 };
-function ve(e, t, r, n, a) {
+function _e(e, t, r, n, a) {
   if (a.crit !== void 0 && (n == null ? void 0 : n.crit) === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!n || n.crit === void 0)
     return /* @__PURE__ */ new Set();
-  if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((o) => typeof o != "string" || o.length === 0))
+  if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((i) => typeof i != "string" || i.length === 0))
     throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
-  let i;
-  r !== void 0 ? i = new Map([...Object.entries(r), ...t.entries()]) : i = t;
-  for (const o of n.crit) {
-    if (!i.has(o))
-      throw new w(`Extension Header Parameter "${o}" is not recognized`);
-    if (a[o] === void 0)
-      throw new e(`Extension Header Parameter "${o}" is missing`);
-    if (i.get(o) && n[o] === void 0)
-      throw new e(`Extension Header Parameter "${o}" MUST be integrity protected`);
+  let o;
+  r !== void 0 ? o = new Map([...Object.entries(r), ...t.entries()]) : o = t;
+  for (const i of n.crit) {
+    if (!o.has(i))
+      throw new w(`Extension Header Parameter "${i}" is not recognized`);
+    if (a[i] === void 0)
+      throw new e(`Extension Header Parameter "${i}" is missing`);
+    if (o.get(i) && n[i] === void 0)
+      throw new e(`Extension Header Parameter "${i}" MUST be integrity protected`);
   }
   return new Set(n.crit);
 }
@@ -532,9 +532,9 @@ async function Re(e, t, r) {
 const Ke = async (e, t, r, n) => {
   const a = await Re(e, t, "verify");
   pe(e, a);
-  const i = Ie(e, a.algorithm);
+  const o = Ie(e, a.algorithm);
   try {
-    return await O.subtle.verify(i, a, r, n);
+    return await O.subtle.verify(o, a, r, n);
   } catch {
     return !1;
   }
@@ -565,9 +565,9 @@ async function Oe(e, t, r) {
   const a = {
     ...n,
     ...e.header
-  }, i = ve(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
-  let o = !0;
-  if (i.has("b64") && (o = n.b64, typeof o != "boolean"))
+  }, o = _e(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
+  let i = !0;
+  if (o.has("b64") && (i = n.b64, typeof i != "boolean"))
     throw new u('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
   const { alg: c } = a;
   if (typeof c != "string" || !c)
@@ -575,13 +575,13 @@ async function Oe(e, t, r) {
   const s = r && Pe("algorithms", r.algorithms);
   if (s && !s.has(c))
     throw new ce('"alg" (Algorithm) Header Parameter value not allowed');
-  if (o) {
+  if (i) {
     if (typeof e.payload != "string")
       throw new u("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
     throw new u("JWS Payload must be a string or an Uint8Array instance");
   let p = !1;
-  typeof t == "function" && (t = await t(n, e), p = !0), _e(c, t, "verify");
+  typeof t == "function" && (t = await t(n, e), p = !0), ve(c, t, "verify");
   const g = oe(T.encode(e.protected ?? ""), T.encode("."), typeof e.payload == "string" ? T.encode(e.payload) : e.payload);
   let f;
   try {
@@ -592,7 +592,7 @@ async function Oe(e, t, r) {
   if (!await Ke(c, t, f, g))
     throw new se();
   let y;
-  if (o)
+  if (i)
     try {
       y = b(e.payload);
     } catch {
@@ -605,10 +605,10 @@ async function Oe(e, t, r) {
 async function xe(e, t, r) {
   if (e instanceof Uint8Array && (e = C.decode(e)), typeof e != "string")
     throw new u("Compact JWS must be a string or Uint8Array");
-  const { 0: n, 1: a, 2: i, length: o } = e.split(".");
-  if (o !== 3)
+  const { 0: n, 1: a, 2: o, length: i } = e.split(".");
+  if (i !== 3)
     throw new u("Invalid Compact JWS");
-  const c = await Oe({ payload: a, protected: n, signature: i }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
+  const c = await Oe({ payload: a, protected: n, signature: o }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
   return typeof t == "function" ? { ...s, key: c.key } : s;
 }
 const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, N = te * 24, Je = N * 7, De = N * 365.25, He = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, M = (e) => {
@@ -665,12 +665,12 @@ const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, N = te *
   const { typ: a } = r;
   if (a && (typeof e.typ != "string" || B(e.typ) !== B(a)))
     throw new h('unexpected "typ" JWT header value', n, "typ", "check_failed");
-  const { requiredClaims: i = [], issuer: o, subject: c, audience: s, maxTokenAge: p } = r, g = [...i];
-  p !== void 0 && g.push("iat"), s !== void 0 && g.push("aud"), c !== void 0 && g.push("sub"), o !== void 0 && g.push("iss");
+  const { requiredClaims: o = [], issuer: i, subject: c, audience: s, maxTokenAge: p } = r, g = [...o];
+  p !== void 0 && g.push("iat"), s !== void 0 && g.push("aud"), c !== void 0 && g.push("sub"), i !== void 0 && g.push("iss");
   for (const l of new Set(g.reverse()))
     if (!(l in n))
       throw new h(`missing required "${l}" claim`, n, l, "missing");
-  if (o && !(Array.isArray(o) ? o : [o]).includes(n.iss))
+  if (i && !(Array.isArray(i) ? i : [i]).includes(n.iss))
     throw new h('unexpected "iss" claim value', n, "iss", "check_failed");
   if (c && n.sub !== c)
     throw new h('unexpected "sub" claim value', n, "sub", "check_failed");
@@ -715,12 +715,12 @@ const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, N = te *
   return n;
 };
 async function $e(e, t, r) {
-  var o;
+  var i;
   const n = await xe(e, t, r);
-  if ((o = n.protectedHeader.crit) != null && o.includes("b64") && n.protectedHeader.b64 === !1)
+  if ((i = n.protectedHeader.crit) != null && i.includes("b64") && n.protectedHeader.b64 === !1)
     throw new S("JWTs MUST NOT use unencoded payload");
-  const i = { payload: Ue(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
-  return typeof t == "function" ? { ...i, key: n.key } : i;
+  const o = { payload: Ue(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
+  return typeof t == "function" ? { ...o, key: n.key } : o;
 }
 const Le = b;
 function ke(e) {
@@ -771,11 +771,11 @@ for (var H = 0; H < 256; ++H)
 function Be(e, t = 0) {
   return (d[e[t + 0]] + d[e[t + 1]] + d[e[t + 2]] + d[e[t + 3]] + "-" + d[e[t + 4]] + d[e[t + 5]] + "-" + d[e[t + 6]] + d[e[t + 7]] + "-" + d[e[t + 8]] + d[e[t + 9]] + "-" + d[e[t + 10]] + d[e[t + 11]] + d[e[t + 12]] + d[e[t + 13]] + d[e[t + 14]] + d[e[t + 15]]).toLowerCase();
 }
-var v, Fe = new Uint8Array(16);
+var _, Fe = new Uint8Array(16);
 function Ve() {
-  if (!v && (v = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !v))
+  if (!_ && (_ = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !_))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return v(Fe);
+  return _(Fe);
 }
 var Ye = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
 const F = {
@@ -833,13 +833,14 @@ const ze = /^Bearer (.+)$/i, Xe = (e) => {
   const n = Xe(e), a = Qe(e, r);
   return Ze(t) || a || n || "";
 }, ct = async (e, t) => {
-  var n, a;
+  var a;
   const r = await Me(e);
-  if ((a = r && ((n = r == null ? void 0 : r.payload) == null ? void 0 : n[I.SCOPES_KEY])) != null && a.length) {
-    const i = r.payload[I.SCOPES_KEY];
-    return t.every((o) => i.includes(o));
-  }
-  return !1;
+  if (!r || !Array.isArray((a = r.payload) == null ? void 0 : a[I.SCOPES_KEY]))
+    return !1;
+  const n = r.payload[I.SCOPES_KEY];
+  return Array.isArray(t) ? t.every((o) => n.includes(o)) : Object.keys(t).some(
+    (o) => t[o].every((i) => n.includes(i))
+  );
 };
 export {
   rt as API_TYPE,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-common",
-	"version": "3.2.0",
+	"version": "3.3.0",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -36,5 +36,5 @@
 		"jose": "5.6.3",
 		"uuid": "10.0.0"
 	},
-	"gitHead": "57d681a2201591a0623cbbef9dc2edc65f2e3cdc"
+	"gitHead": "8df31ef170a75c2983d7ac821fe0371641139815"
 }