npm - @wabot-dev/framework - Versions diffs - 0.1.0-beta.9 → 0.2.0-beta.1 - Mend

@wabot-dev/framework 0.1.0-beta.9 → 0.2.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (212) hide show

package/dist/src/addon/async/pg/PgJobRepository.js ADDED Viewed

@@ -0,0 +1,26 @@
+import { __decorate, __metadata } from 'tslib';
+import { Pool } from 'pg';
+import { singleton } from '../../../core/injection/index.js';
+import { PgCrudRepository } from '../../../feature/pg/PgCrudRepository.js';
+import '../../../feature/async/CommandMetadataStore.js';
+import '../../../feature/async/Async.js';
+import { Job } from '../../../feature/async/Job.js';
+import '../../../feature/async/JobRepository.js';
+import '../../../feature/async/JobRunner.js';
+import '../../../feature/async/JobsEventsHub.js';
+let PgJobRepository = class PgJobRepository extends PgCrudRepository {
+    constructor(pool) {
+        super(pool, {
+            schema: 'wabot',
+            table: 'job',
+            constructor: Job,
+        });
+    }
+};
+PgJobRepository = __decorate([
+    singleton(),
+    __metadata("design:paramtypes", [Pool])
+], PgJobRepository);
+export { PgJobRepository };

package/dist/src/addon/auth/api-key/@apiKeyConnectionGuard.js ADDED Viewed

@@ -0,0 +1,16 @@
+import { connectionMiddleware } from '../../../feature/socket-controller/metadata/@connectionMiddleware.js';
+import '../../../core/injection/index.js';
+import '../../../feature/socket-controller/metadata/SocketControllerMetadataStore.js';
+import 'path';
+import 'debug';
+import '../../../feature/socket/SocketServerProvider.js';
+import '../../../core/validation/metadata/ValidationMetadataStore.js';
+import { ApiKeyConnectionGuardMiddleware } from './ApiKeyConnectionGuardMiddleware.js';
+function apiKeyConnectionGuard() {
+    return function (target, propertyKey) {
+        connectionMiddleware(ApiKeyConnectionGuardMiddleware)(target, propertyKey);
+    };
+}
+export { apiKeyConnectionGuard };

package/dist/src/addon/auth/api-key/@apiKeyGuard.js ADDED Viewed

@@ -0,0 +1,17 @@
+import '../../../core/injection/index.js';
+import '../../../feature/rest-controller/metadata/RestControllerMetadataStore.js';
+import { middleware } from '../../../feature/rest-controller/metadata/@middleware.js';
+import 'debug';
+import '../../../core/validation/metadata/ValidationMetadataStore.js';
+import '../../../feature/express/ExpressProvider.js';
+import 'express';
+import 'path';
+import { ApiKeyGuardMiddleware } from './ApiKeyGuardMiddleware.js';
+function apiKeyGuard() {
+    return function (target, propertyKey) {
+        middleware(ApiKeyGuardMiddleware)(target, propertyKey);
+    };
+}
+export { apiKeyGuard };

package/dist/src/addon/auth/api-key/ApiKey.js ADDED Viewed

@@ -0,0 +1,45 @@
+import { Entity } from '../../../core/entity/Entity.js';
+import { CustomError } from '../../../core/error/CustomError.js';
+import crypto from 'node:crypto';
+class ApiKey extends Entity {
+    static PREFIX = 'sk_';
+    static hashSecret(secret) {
+        return crypto.createHash('sha256').update(secret).digest('hex');
+    }
+    get authInfo() {
+        return this.data.authInfo;
+    }
+    get metadata() {
+        return this.data.metadata ?? {};
+    }
+    setAuthInfo(authInfo) {
+        this.data.authInfo = authInfo;
+    }
+    generateSecret() {
+        if (this.data.secretHash) {
+            throw new Error('This API key already has a secret');
+        }
+        const secret = `${ApiKey.PREFIX}${crypto.randomBytes(32).toString('hex')}`;
+        this.data.secretHash = ApiKey.hashSecret(secret);
+        return secret;
+    }
+    isValidSecret(secret) {
+        if (!secret.startsWith(ApiKey.PREFIX))
+            return false;
+        if (!this.data.secretHash)
+            return false;
+        const hashed = ApiKey.hashSecret(secret);
+        const stored = this.data.secretHash;
+        const hashedBuf = Buffer.from(hashed, 'hex');
+        const storedBuf = Buffer.from(stored, 'hex');
+        return hashedBuf.length === storedBuf.length && crypto.timingSafeEqual(hashedBuf, storedBuf);
+    }
+    validateSecret(secret) {
+        if (!this.isValidSecret(secret)) {
+            throw new CustomError({ message: 'Invalid API key', httpCode: 401 });
+        }
+    }
+}
+export { ApiKey };

package/dist/src/addon/auth/api-key/ApiKeyConnectionGuardMiddleware.js ADDED Viewed

@@ -0,0 +1,57 @@
+import { __decorate, __metadata } from 'tslib';
+import { Auth } from '../../../core/auth/Auth.js';
+import { CustomError } from '../../../core/error/CustomError.js';
+import { injectable } from '../../../core/injection/index.js';
+import { ApiKeyRepository } from './ApiKeyRepository.js';
+let ApiKeyConnectionGuardMiddleware = class ApiKeyConnectionGuardMiddleware {
+    apiKeyRepository;
+    auth;
+    constructor(apiKeyRepository, auth) {
+        this.apiKeyRepository = apiKeyRepository;
+        this.auth = auth;
+    }
+    async handle(socket, container) {
+        if (!socket.handshake.auth.token) {
+            let authorization = socket.handshake.headers['Authorization'] ?? socket.handshake.headers['authorization'];
+            if (Array.isArray(authorization)) {
+                authorization = authorization[0];
+            }
+            if (authorization) {
+                const [prefix, token] = authorization.split(' ');
+                if (prefix.toLowerCase() !== 'api-key' || !token) {
+                    throw new CustomError({
+                        httpCode: 401,
+                        message: 'Authorization should be an Api-Key',
+                    });
+                }
+                socket.handshake.auth.token = token;
+            }
+        }
+        let keySecret = socket.handshake.auth.token;
+        if (!keySecret) {
+            throw new CustomError({ httpCode: 401, message: 'Token not available' });
+        }
+        try {
+            const authInfo = await this.apiKeyRepository.findAuthInfoBySecret(keySecret);
+            if (!authInfo) {
+                throw new CustomError({ httpCode: 401, message: 'Invalid token' });
+            }
+            this.auth.assign(authInfo);
+        }
+        catch (err) {
+            throw new CustomError({
+                httpCode: 401,
+                message: err instanceof Error ? `Invalid token: ${err.message}` : 'Invalid token',
+                cause: err instanceof Error ? err : undefined,
+            });
+        }
+    }
+};
+ApiKeyConnectionGuardMiddleware = __decorate([
+    injectable(),
+    __metadata("design:paramtypes", [ApiKeyRepository,
+        Auth])
+], ApiKeyConnectionGuardMiddleware);
+export { ApiKeyConnectionGuardMiddleware };

package/dist/src/addon/auth/api-key/ApiKeyGuardMiddleware.js ADDED Viewed

@@ -0,0 +1,45 @@
+import { __decorate, __metadata } from 'tslib';
+import { injectable } from '../../../core/injection/index.js';
+import { Auth } from '../../../core/auth/Auth.js';
+import { CustomError } from '../../../core/error/CustomError.js';
+import { ApiKeyRepository } from './ApiKeyRepository.js';
+let ApiKeyGuardMiddleware = class ApiKeyGuardMiddleware {
+    apiKeyRepository;
+    auth;
+    constructor(apiKeyRepository, auth) {
+        this.apiKeyRepository = apiKeyRepository;
+        this.auth = auth;
+    }
+    async handle(req, res, container) {
+        const authorization = req.header('Authorization');
+        if (!authorization) {
+            throw new CustomError({ httpCode: 401, message: 'Authorization header not available' });
+        }
+        const [keyPrefix, keySecret] = authorization.split(' ');
+        if (keyPrefix.toLowerCase() !== 'api-key' || !keySecret) {
+            throw new CustomError({ httpCode: 401, message: 'Authorization should be an Api-Key' });
+        }
+        try {
+            const authInfo = await this.apiKeyRepository.findAuthInfoBySecret(keySecret);
+            if (!authInfo) {
+                throw new CustomError({ httpCode: 401, message: 'Invalid key' });
+            }
+            this.auth.assign(authInfo);
+        }
+        catch (err) {
+            throw new CustomError({
+                httpCode: 401,
+                message: err instanceof Error ? `Invalid key: ${err.message}` : 'Invalid key',
+                cause: err instanceof Error ? err : undefined,
+            });
+        }
+    }
+};
+ApiKeyGuardMiddleware = __decorate([
+    injectable(),
+    __metadata("design:paramtypes", [ApiKeyRepository,
+        Auth])
+], ApiKeyGuardMiddleware);
+export { ApiKeyGuardMiddleware };

package/dist/src/addon/auth/api-key/ApiKeyRepository.js ADDED Viewed

@@ -0,0 +1,22 @@
+class ApiKeyRepository {
+    findAuthInfoBySecret(secret) {
+        throw new Error('Method not implemented.');
+    }
+    findByMetadata(metadata) {
+        throw new Error('Method not implemented.');
+    }
+    find(id) {
+        throw new Error('Method not implemented.');
+    }
+    findOrThrow(id) {
+        throw new Error('Method not implemented.');
+    }
+    create(item) {
+        throw new Error('Method not implemented.');
+    }
+    generate(req) {
+        throw new Error('Method not implemented.');
+    }
+}
+export { ApiKeyRepository };

package/dist/src/addon/auth/api-key/PgApiKeyRepository.js ADDED Viewed

@@ -0,0 +1,53 @@
+import { __decorate, __metadata } from 'tslib';
+import { PgCrudRepository } from '../../../feature/pg/PgCrudRepository.js';
+import { Pool } from 'pg';
+import { singleton } from 'tsyringe';
+import { ApiKey } from './ApiKey.js';
+let PgApiKeyRepository = class PgApiKeyRepository extends PgCrudRepository {
+    constructor(pool) {
+        super(pool, {
+            schema: 'wabot',
+            table: 'api_key',
+            constructor: ApiKey,
+        });
+    }
+    async findAuthInfoBySecret(secret) {
+        const secretHash = ApiKey.hashSecret(secret);
+        const query = `
+      SELECT ${this.columns}
+      FROM ${this.table}
+      WHERE data @> $1::jsonb
+      LIMIT 1
+    `;
+        const items = await this.query(query, [JSON.stringify({ secretHash })]);
+        return items[0]?.authInfo ?? null;
+    }
+    async findByMetadata(metadata) {
+        const query = `
+      SELECT ${this.columns}
+      FROM ${this.table}
+      WHERE data @> $1::jsonb
+    `;
+        return await this.query(query, [JSON.stringify({ metadata })]);
+    }
+    async generate(req) {
+        const apiKey = new ApiKey({
+            name: req.name,
+            metadata: req.metadata,
+            authInfo: req.authInfo,
+        });
+        const secret = apiKey.generateSecret();
+        await this.create(apiKey);
+        return {
+            apiKey,
+            secret,
+        };
+    }
+};
+PgApiKeyRepository = __decorate([
+    singleton(),
+    __metadata("design:paramtypes", [Pool])
+], PgApiKeyRepository);
+export { PgApiKeyRepository };

package/dist/src/addon/auth/api-key/RemoteApiKeyRepository.js ADDED Viewed

@@ -0,0 +1,62 @@
+import { CustomError } from '../../../core/error/CustomError.js';
+class RemoteApiKeyRepository {
+    fetcher;
+    cacheSeconds;
+    cacheById = new Map();
+    cacheBySecret = new Map();
+    constructor(fetcher, cacheSeconds) {
+        this.fetcher = fetcher;
+        this.cacheSeconds = cacheSeconds;
+    }
+    async find(id) {
+        const now = Date.now();
+        const cached = this.cacheById.get(id);
+        if (cached && cached.expiresAt > now) {
+            return cached.value;
+        }
+        const result = await this.fetcher.fetchById(id);
+        this.cacheById.set(id, {
+            value: result,
+            expiresAt: now + this.cacheSeconds * 1000,
+        });
+        return result;
+    }
+    async findOrThrow(id) {
+        const result = await this.find(id);
+        if (!result) {
+            throw new Error(`API key with ID '${id}' not found.`);
+        }
+        return result;
+    }
+    async findAuthInfoBySecret(secret) {
+        const now = Date.now();
+        const cached = this.cacheBySecret.get(secret);
+        if (cached && cached.expiresAt > now) {
+            if (!cached.value) {
+                throw new CustomError({ message: 'Invalid Api Key', httpCode: 401 });
+            }
+            return cached.value.authInfo;
+        }
+        const result = await this.fetcher.fetchBySecret(secret);
+        this.cacheBySecret.set(secret, {
+            value: result,
+            expiresAt: now + this.cacheSeconds * 1000,
+        });
+        if (!result) {
+            throw new CustomError({ message: 'Invalid Api Key', httpCode: 401 });
+        }
+        return result.authInfo;
+    }
+    findByMetadata(metadata) {
+        throw new Error('Method not implemented.');
+    }
+    create(item) {
+        throw new Error('Method not implemented.');
+    }
+    generate(req) {
+        throw new Error('Method not implemented.');
+    }
+}
+export { RemoteApiKeyRepository };

package/dist/src/addon/auth/jwt/@jwtConnectionGuard.js ADDED Viewed

@@ -0,0 +1,16 @@
+import { connectionMiddleware } from '../../../feature/socket-controller/metadata/@connectionMiddleware.js';
+import '../../../core/injection/index.js';
+import '../../../feature/socket-controller/metadata/SocketControllerMetadataStore.js';
+import 'path';
+import 'debug';
+import '../../../feature/socket/SocketServerProvider.js';
+import '../../../core/validation/metadata/ValidationMetadataStore.js';
+import { JwtConnectionGuardMiddleware } from './JwtConnectionGuardMiddleware.js';
+function jwtConnectionGuard() {
+    return function (target, propertyKey) {
+        connectionMiddleware(JwtConnectionGuardMiddleware)(target, propertyKey);
+    };
+}
+export { jwtConnectionGuard };

package/dist/src/addon/auth/jwt/@jwtGuard.js ADDED Viewed

@@ -0,0 +1,17 @@
+import '../../../core/injection/index.js';
+import '../../../feature/rest-controller/metadata/RestControllerMetadataStore.js';
+import { middleware } from '../../../feature/rest-controller/metadata/@middleware.js';
+import 'debug';
+import '../../../core/validation/metadata/ValidationMetadataStore.js';
+import '../../../feature/express/ExpressProvider.js';
+import 'express';
+import 'path';
+import { JwtGuardMiddleware } from './JwtGuardMiddleware.js';
+function jwtGuard() {
+    return function (target, propertyKey) {
+        middleware(JwtGuardMiddleware)(target, propertyKey);
+    };
+}
+export { jwtGuard };

package/dist/src/addon/auth/jwt/Jwt.js ADDED Viewed

@@ -0,0 +1,53 @@
+import { __decorate, __metadata } from 'tslib';
+import { JwtSigner } from './JwtSigner.js';
+import { JwtRefreshTokenRepository } from './JwtRefreshTokenRepository.js';
+import { JwtRefreshToken } from './JwtRefreshToken.js';
+import { injectable } from '../../../core/injection/index.js';
+import { Auth } from '../../../core/auth/Auth.js';
+import { JwtConfig } from './JwtConfig.js';
+let Jwt = class Jwt {
+    auth;
+    jwtSigner;
+    jwtRefreshTokenRepository;
+    config;
+    constructor(auth, jwtSigner, jwtRefreshTokenRepository, config) {
+        this.auth = auth;
+        this.jwtSigner = jwtSigner;
+        this.jwtRefreshTokenRepository = jwtRefreshTokenRepository;
+        this.config = config;
+    }
+    async createToken() {
+        const authInfo = this.auth.require();
+        const refreshToken = new JwtRefreshToken({
+            authInfo,
+            expirationTime: new Date().getTime() + this.config.refreshExpirationSeconds * 1000,
+        });
+        const refreshPassword = refreshToken.generatePassword();
+        await this.jwtRefreshTokenRepository.create(refreshToken);
+        const access = await this.jwtSigner.signAccessToken(refreshToken);
+        const refresh = {
+            token: JwtRefreshToken.deflate({ id: refreshToken.id, pass: refreshPassword }),
+            expiration: new Date(refreshToken.expirationTime),
+        };
+        return {
+            access,
+            refresh,
+        };
+    }
+    async refreshToken(refreshSecret) {
+        const { id, pass } = JwtRefreshToken.inflate(refreshSecret);
+        const refreshToken = await this.jwtRefreshTokenRepository.findOrThrow(id);
+        refreshToken.validatePassword(pass);
+        return this.jwtSigner.signAccessToken(refreshToken);
+    }
+};
+Jwt = __decorate([
+    injectable(),
+    __metadata("design:paramtypes", [Auth,
+        JwtSigner,
+        JwtRefreshTokenRepository,
+        JwtConfig])
+], Jwt);
+export { Jwt };

package/dist/src/addon/auth/jwt/JwtAccessAndRefreshTokenDto.js ADDED Viewed

@@ -0,0 +1,20 @@
+import { __decorate, __metadata } from 'tslib';
+import { isModel } from '../../../core/validation/metadata/@isModel.js';
+import '../../../core/injection/index.js';
+import '../../../core/validation/metadata/ValidationMetadataStore.js';
+import { JwtTokenDto } from './JwtTokenDto.js';
+class JwtAccessAndRefreshTokenDto {
+    access;
+    refresh;
+}
+__decorate([
+    isModel(JwtTokenDto),
+    __metadata("design:type", JwtTokenDto)
+], JwtAccessAndRefreshTokenDto.prototype, "access", void 0);
+__decorate([
+    isModel(JwtTokenDto),
+    __metadata("design:type", JwtTokenDto)
+], JwtAccessAndRefreshTokenDto.prototype, "refresh", void 0);
+export { JwtAccessAndRefreshTokenDto };

package/dist/src/addon/auth/jwt/JwtConfig.js ADDED Viewed

@@ -0,0 +1,28 @@
+import { __decorate, __metadata } from 'tslib';
+import { Env } from '../../../core/env/Env.js';
+import { singleton } from '../../../core/injection/index.js';
+let JwtConfig = class JwtConfig {
+    secretOrPublicKey;
+    secretOrPrivateKey;
+    algorithm;
+    accessExpirationSeconds;
+    refreshExpirationSeconds;
+    constructor(env) {
+        this.algorithm = env.requireString('JWT_ALGORITHM', { default: 'HS256' });
+        this.secretOrPublicKey = env.requireString('JWT_SECRET');
+        this.secretOrPrivateKey = env.requireString('JWT_SECRET');
+        this.accessExpirationSeconds = env.requireNumber('JWT_ACCESS_EXPIRATION_SECONDS', {
+            default: 10 * 60,
+        });
+        this.refreshExpirationSeconds = env.requireNumber('JWT_REFRESH_EXPIRATION_SECONDS', {
+            default: 365 * 24 * 3600,
+        });
+    }
+};
+JwtConfig = __decorate([
+    singleton(),
+    __metadata("design:paramtypes", [Env])
+], JwtConfig);
+export { JwtConfig };

package/dist/src/addon/auth/jwt/JwtConnectionGuardMiddleware.js ADDED Viewed

@@ -0,0 +1,57 @@
+import { __decorate, __metadata } from 'tslib';
+import jwt from 'jsonwebtoken';
+import { injectable } from '../../../core/injection/index.js';
+import { Auth } from '../../../core/auth/Auth.js';
+import { CustomError } from '../../../core/error/CustomError.js';
+import { JwtConfig } from './JwtConfig.js';
+let JwtConnectionGuardMiddleware = class JwtConnectionGuardMiddleware {
+    config;
+    auth;
+    constructor(config, auth) {
+        this.config = config;
+        this.auth = auth;
+    }
+    async handle(socket, container) {
+        if (!socket.handshake.auth.token) {
+            let authorization = socket.handshake.headers['Authorization'] ?? socket.handshake.headers['authorization'];
+            if (Array.isArray(authorization)) {
+                authorization = authorization[0];
+            }
+            if (authorization) {
+                const [prefix, token] = authorization.split(' ');
+                if (prefix.toLowerCase() !== 'bearer' || !token) {
+                    throw new CustomError({
+                        httpCode: 401,
+                        message: 'Authorization should be a bearer token',
+                    });
+                }
+                socket.handshake.auth.token = token;
+            }
+        }
+        let token = socket.handshake.auth.token;
+        if (!token) {
+            throw new CustomError({ httpCode: 401, message: 'Token not available' });
+        }
+        try {
+            const jwtPayload = jwt.verify(token, this.config.secretOrPublicKey, {
+                algorithms: [this.config.algorithm],
+            });
+            this.auth.assign(jwtPayload);
+        }
+        catch (err) {
+            throw new CustomError({
+                httpCode: 401,
+                message: err instanceof Error ? `Invalid token: ${err.message}` : 'Invalid token',
+                cause: err instanceof Error ? err : undefined,
+            });
+        }
+    }
+};
+JwtConnectionGuardMiddleware = __decorate([
+    injectable(),
+    __metadata("design:paramtypes", [JwtConfig,
+        Auth])
+], JwtConnectionGuardMiddleware);
+export { JwtConnectionGuardMiddleware };

package/dist/src/addon/auth/jwt/JwtGuardMiddleware.js ADDED Viewed

@@ -0,0 +1,45 @@
+import { __decorate, __metadata } from 'tslib';
+import { CustomError } from '../../../core/error/CustomError.js';
+import { injectable } from '../../../core/injection/index.js';
+import jwt from 'jsonwebtoken';
+import { Auth } from '../../../core/auth/Auth.js';
+import { JwtConfig } from './JwtConfig.js';
+let JwtGuardMiddleware = class JwtGuardMiddleware {
+    config;
+    auth;
+    constructor(config, auth) {
+        this.config = config;
+        this.auth = auth;
+    }
+    async handle(req, res, container) {
+        const authorization = req.header('Authorization');
+        if (!authorization) {
+            throw new CustomError({ httpCode: 401, message: 'Authorization header not available' });
+        }
+        const [bearer, token] = authorization.split(' ');
+        if (bearer.toLowerCase() !== 'bearer' || !token) {
+            throw new CustomError({ httpCode: 401, message: 'Authorization should be a bearer token' });
+        }
+        try {
+            const jwtPayload = jwt.verify(token, this.config.secretOrPublicKey, {
+                algorithms: [this.config.algorithm],
+            });
+            this.auth.assign(jwtPayload);
+        }
+        catch (err) {
+            throw new CustomError({
+                httpCode: 401,
+                message: err instanceof Error ? `Invalid token: ${err.message}` : 'Invalid token',
+                cause: err instanceof Error ? err : undefined,
+            });
+        }
+    }
+};
+JwtGuardMiddleware = __decorate([
+    injectable(),
+    __metadata("design:paramtypes", [JwtConfig,
+        Auth])
+], JwtGuardMiddleware);
+export { JwtGuardMiddleware };

package/dist/src/addon/auth/jwt/JwtRefreshToken.js ADDED Viewed

@@ -0,0 +1,56 @@
+import { Entity } from '../../../core/entity/Entity.js';
+import { CustomError } from '../../../core/error/CustomError.js';
+import { Password } from '../../../core/password/Password.js';
+class JwtRefreshToken extends Entity {
+    get authInfo() {
+        return this.data.authInfo;
+    }
+    get expirationTime() {
+        return new Date(this.data.expirationTime);
+    }
+    generatePassword() {
+        if (this.data.passwordHash) {
+            throw new Error('This api key, already has a secret');
+        }
+        const password = Password.generate(64);
+        this.data.passwordHash = Password.hash({ password: password });
+        return password;
+    }
+    isValidPassword(password) {
+        if (new Date().getTime() > this.data.expirationTime) {
+            return false;
+        }
+        if (!this.data.passwordHash)
+            return false;
+        return Password.isValid({ password: password, hash: this.data.passwordHash });
+    }
+    validatePassword(password) {
+        if (!this.isValidPassword(password)) {
+            throw new CustomError({ message: 'Invalid Api key', httpCode: 401 });
+        }
+    }
+    static inflate(secret) {
+        try {
+            const json = Buffer.from(secret, 'base64').toString('utf-8');
+            const data = JSON.parse(json);
+            if (!data.id || !data.pass) {
+                throw new Error('invalid secret structure');
+            }
+            return data;
+        }
+        catch (err) {
+            throw new Error('fail to inflate secret: ' + err.message);
+        }
+    }
+    static deflate(data) {
+        const { id, pass } = data;
+        if (!id || !pass) {
+            throw new Error('id and pass required');
+        }
+        const json = JSON.stringify({ id, pass });
+        return Buffer.from(json, 'utf-8').toString('base64');
+    }
+}
+export { JwtRefreshToken };