@wabot-dev/framework 0.1.0 → 0.2.0-beta.10

package/dist/src/addon/auth/api-key/@apiKeyHandshakeGuard.js

@@ -0,0 +1,16 @@
+import { handshakeMiddlewares } from '../../../feature/socket-controller/metadata/@handshakeMiddlewares.js';
+import '../../../feature/socket-controller/metadata/SocketControllerMetadataStore.js';
+import '../../../core/injection/index.js';
+import 'debug';
+import '../../../core/validation/metadata/ValidationMetadataStore.js';
+import 'socket.io';
+import '../../../feature/socket/SocketServerProvider.js';
+import { ApiKeyHandshakeGuardMiddleware } from './ApiKeyHandshakeGuardMiddleware.js';
+
+function apiKeyHandshakeGuard() {
+    return function (target) {
+        handshakeMiddlewares([ApiKeyHandshakeGuardMiddleware])(target);
+    };
+}
+
+export { apiKeyHandshakeGuard };

package/dist/src/addon/auth/api-key/ApiKey.js

@@ -1,52 +1,47 @@
 import { Entity } from '../../../core/entity/Entity.js';
 import { CustomError } from '../../../core/error/CustomError.js';
-import { Password } from '../../../core/password/Password.js';
+import crypto from 'node:crypto';
 
 class ApiKey extends Entity {
+    static PREFIX = 'sk_';
+    static hashSecret(secret) {
+        return crypto.createHash('sha256').update(secret).digest('hex');
+    }
     get authInfo() {
         return this.data.authInfo;
     }
+    get metadata() {
+        return this.data.metadata ?? {};
+    }
+    get name() {
+        return this.data.name;
+    }
     setAuthInfo(authInfo) {
         this.data.authInfo = authInfo;
     }
-    generatePassword() {
-        if (this.data.passwordHash) {
-            throw new Error('This api key, already has a secret');
+    generateSecret() {
+        if (this.data.secretHash) {
+            throw new Error('This API key already has a secret');
         }
-        const password = Password.generate(64);
-        this.data.passwordHash = Password.hash({ password: password });
-        return password;
+        const secret = `${ApiKey.PREFIX}${crypto.randomBytes(32).toString('hex')}`;
+        this.data.secretHash = ApiKey.hashSecret(secret);
+        return secret;
     }
-    isValidPassword(password) {
-        if (!this.data.passwordHash)
+    isValidSecret(secret) {
+        if (!secret.startsWith(ApiKey.PREFIX))
             return false;
-        return Password.isValid({ password: password, hash: this.data.passwordHash });
-    }
-    validatePassword(password) {
-        if (!this.isValidPassword(password)) {
-            throw new CustomError({ message: 'invalid api key', httpCode: 401 });
-        }
-    }
-    static inflate(secret) {
-        try {
-            const json = Buffer.from(secret, 'base64').toString('utf-8');
-            const data = JSON.parse(json);
-            if (!data.id || !data.pass) {
-                throw new Error('invalid secret structure');
-            }
-            return data;
-        }
-        catch (err) {
-            throw new Error('fail to inflate secret: ' + err.message);
-        }
+        if (!this.data.secretHash)
+            return false;
+        const hashed = ApiKey.hashSecret(secret);
+        const stored = this.data.secretHash;
+        const hashedBuf = Buffer.from(hashed, 'hex');
+        const storedBuf = Buffer.from(stored, 'hex');
+        return hashedBuf.length === storedBuf.length && crypto.timingSafeEqual(hashedBuf, storedBuf);
     }
-    static deflate(data) {
-        const { id, pass } = data;
-        if (!id || !pass) {
-            throw new Error('id and pass required');
+    validateSecret(secret) {
+        if (!this.isValidSecret(secret)) {
+            throw new CustomError({ message: 'Invalid API key', httpCode: 401 });
         }
-        const json = JSON.stringify({ id, pass });
-        return Buffer.from(json, 'utf-8').toString('base64');
     }
 }
 

package/dist/src/addon/auth/api-key/ApiKeyGuardMiddleware.js

@@ -3,7 +3,6 @@ import { injectable } from '../../../core/injection/index.js';
 import { Auth } from '../../../core/auth/Auth.js';
 import { CustomError } from '../../../core/error/CustomError.js';
 import { ApiKeyRepository } from './ApiKeyRepository.js';
-import { ApiKey } from './ApiKey.js';
 
 let ApiKeyGuardMiddleware = class ApiKeyGuardMiddleware {
     apiKeyRepository;
@@ -22,15 +21,13 @@ let ApiKeyGuardMiddleware = class ApiKeyGuardMiddleware {
             throw new CustomError({ httpCode: 401, message: 'Authorization should be an Api-Key' });
         }
         try {
-            const keyData = ApiKey.inflate(keySecret);
-            const apiKey = await this.apiKeyRepository.findOrThrow(keyData.id);
-            apiKey.validatePassword(keyData.pass);
-            this.auth.assign(apiKey.authInfo);
+            const authInfo = await this.apiKeyRepository.findAndValidate(keySecret);
+            this.auth.assign(authInfo);
         }
         catch (err) {
             throw new CustomError({
                 httpCode: 401,
-                message: err instanceof Error ? `Invalid token: ${err.message}` : 'Invalid token',
+                message: err instanceof Error ? `Invalid key: ${err.message}` : 'Invalid key',
                 cause: err instanceof Error ? err : undefined,
             });
         }

package/dist/src/addon/auth/api-key/{ApiKeyConnectionGuardMiddleware.js → ApiKeyHandshakeGuardMiddleware.js}

@@ -4,7 +4,7 @@ import { CustomError } from '../../../core/error/CustomError.js';
 import { injectable } from '../../../core/injection/index.js';
 import { ApiKeyRepository } from './ApiKeyRepository.js';
 
-let ApiKeyConnectionGuardMiddleware = class ApiKeyConnectionGuardMiddleware {
+let ApiKeyHandshakeGuardMiddleware = class ApiKeyHandshakeGuardMiddleware {
     apiKeyRepository;
     auth;
     constructor(apiKeyRepository, auth) {
@@ -33,7 +33,7 @@ let ApiKeyConnectionGuardMiddleware = class ApiKeyConnectionGuardMiddleware {
             throw new CustomError({ httpCode: 401, message: 'Token not available' });
         }
         try {
-            const authInfo = await this.apiKeyRepository.findAuthInfo(keySecret);
+            const authInfo = await this.apiKeyRepository.findAndValidate(keySecret);
             this.auth.assign(authInfo);
         }
         catch (err) {
@@ -45,10 +45,10 @@ let ApiKeyConnectionGuardMiddleware = class ApiKeyConnectionGuardMiddleware {
         }
     }
 };
-ApiKeyConnectionGuardMiddleware = __decorate([
+ApiKeyHandshakeGuardMiddleware = __decorate([
     injectable(),
     __metadata("design:paramtypes", [ApiKeyRepository,
         Auth])
-], ApiKeyConnectionGuardMiddleware);
+], ApiKeyHandshakeGuardMiddleware);
 
-export { ApiKeyConnectionGuardMiddleware };
+export { ApiKeyHandshakeGuardMiddleware };

package/dist/src/addon/auth/api-key/ApiKeyRepository.js

@@ -1,34 +1,24 @@
-import { ApiKey } from './ApiKey.js';
-
 class ApiKeyRepository {
-    findAuthInfo(secret) {
-        throw new Error('Method not implemented.');
-    }
     find(id) {
         throw new Error('Method not implemented.');
     }
     findOrThrow(id) {
         throw new Error('Method not implemented.');
     }
+    findByMetadata(metadata) {
+        throw new Error('Method not implemented.');
+    }
     create(item) {
         throw new Error('Method not implemented.');
     }
     generate(req) {
         throw new Error('Method not implemented.');
     }
-    static async generate(repository, req) {
-        const apiKey = new ApiKey(req);
-        const pass = apiKey.generatePassword();
-        await repository.create(apiKey);
-        const id = apiKey.id;
-        const secret = ApiKey.deflate({ id, pass });
-        return { id, secret };
+    findBySecret(secret) {
+        throw new Error('Method not implemented.');
     }
-    static async findAuthInfo(repository, secret) {
-        const { id, pass } = ApiKey.inflate(secret);
-        const apiKey = await repository.findOrThrow(id);
-        apiKey.validatePassword(pass);
-        return apiKey.authInfo;
+    findAndValidate(secret) {
+        throw new Error('Method not implemented.');
     }
 }
 

package/dist/src/addon/auth/api-key/PgApiKeyRepository.js

@@ -1,9 +1,9 @@
 import { __decorate, __metadata } from 'tslib';
-import { ApiKey } from './ApiKey.js';
-import { Pool } from 'pg';
 import { PgCrudRepository } from '../../../feature/pg/PgCrudRepository.js';
+import { Pool } from 'pg';
 import { singleton } from 'tsyringe';
-import { ApiKeyRepository } from './ApiKeyRepository.js';
+import { ApiKey } from './ApiKey.js';
+import { CustomError } from '../../../core/error/CustomError.js';
 
 let PgApiKeyRepository = class PgApiKeyRepository extends PgCrudRepository {
     constructor(pool) {
@@ -13,11 +13,44 @@ let PgApiKeyRepository = class PgApiKeyRepository extends PgCrudRepository {
             constructor: ApiKey,
         });
     }
-    findAuthInfo(secret) {
-        return ApiKeyRepository.findAuthInfo(this, secret);
+    async findAndValidate(secret) {
+        const apiKey = await this.findBySecret(secret);
+        if (!apiKey) {
+            throw new CustomError({ message: 'Invalid Api Key', httpCode: 401 });
+        }
+        return apiKey.authInfo;
+    }
+    async findBySecret(secret) {
+        const secretHash = ApiKey.hashSecret(secret);
+        const query = `
+      SELECT ${this.columns}
+      FROM ${this.table}
+      WHERE data @> $1::jsonb
+      LIMIT 1
+    `;
+        const items = await this.query(query, [JSON.stringify({ secretHash })]);
+        return items[0] ?? null;
+    }
+    async findByMetadata(metadata) {
+        const query = `
+      SELECT ${this.columns}
+      FROM ${this.table}
+      WHERE data @> $1::jsonb
+    `;
+        return await this.query(query, [JSON.stringify({ metadata })]);
     }
     async generate(req) {
-        return ApiKeyRepository.generate(this, req);
+        const apiKey = new ApiKey({
+            name: req.name,
+            metadata: req.metadata,
+            authInfo: req.authInfo,
+        });
+        const secret = apiKey.generateSecret();
+        await this.create(apiKey);
+        return {
+            apiKey,
+            secret,
+        };
     }
 };
 PgApiKeyRepository = __decorate([

package/dist/src/addon/auth/api-key/RemoteApiKeyRepository.js

@@ -1,40 +1,48 @@
-import { ApiKeyRepository } from './ApiKeyRepository.js';
+import { CustomError } from '../../../core/error/CustomError.js';
 
 class RemoteApiKeyRepository {
     fetcher;
     cacheSeconds;
-    cache = new Map();
+    cacheBySecret = new Map();
     constructor(fetcher, cacheSeconds) {
         this.fetcher = fetcher;
         this.cacheSeconds = cacheSeconds;
     }
-    async find(id) {
+    async findAndValidate(secret) {
         const now = Date.now();
-        const cached = this.cache.get(id);
+        const cached = this.cacheBySecret.get(secret);
         if (cached && cached.expiresAt > now) {
+            if (!cached.value) {
+                throw new CustomError({ message: 'Invalid Api Key', httpCode: 401 });
+            }
             return cached.value;
         }
-        const result = await this.fetcher(id);
-        this.cache.set(id, {
+        const result = await this.fetcher.fetchAuthInfoBySecret(secret);
+        this.cacheBySecret.set(secret, {
             value: result,
             expiresAt: now + this.cacheSeconds * 1000,
         });
-        return result;
-    }
-    async findOrThrow(id) {
-        const result = await this.find(id);
         if (!result) {
-            throw new Error(`API key with ID '${id}' not found.`);
+            throw new CustomError({ message: 'Invalid Api Key', httpCode: 401 });
         }
         return result;
     }
-    findAuthInfo(secret) {
-        return ApiKeyRepository.findAuthInfo(this, secret);
+    find(id) {
+        throw new Error('Method not implemented.');
+    }
+    findOrThrow(id) {
+        throw new Error('Method not implemented.');
+    }
+    findBySecret(secret) {
+        throw new Error('Method not implemented.');
+    }
+    findByMetadata(metadata) {
+        throw new Error('Method not implemented.');
     }
     create(item) {
         throw new Error('Method not implemented.');
     }
-    async generate(req) {
+    generate(req) {
         throw new Error('Method not implemented.');
     }
 }

package/dist/src/addon/auth/jwt/@jwtHandshakeGuard.js

@@ -0,0 +1,16 @@
+import { handshakeMiddlewares } from '../../../feature/socket-controller/metadata/@handshakeMiddlewares.js';
+import '../../../feature/socket-controller/metadata/SocketControllerMetadataStore.js';
+import '../../../core/injection/index.js';
+import 'debug';
+import '../../../core/validation/metadata/ValidationMetadataStore.js';
+import 'socket.io';
+import '../../../feature/socket/SocketServerProvider.js';
+import { JwtHandshakeGuardMiddleware } from './JwtHandshakeGuardMiddleware.js';
+
+function jwtHandshakeGuard() {
+    return function (target) {
+        handshakeMiddlewares([JwtHandshakeGuardMiddleware])(target);
+    };
+}
+
+export { jwtHandshakeGuard };

package/dist/src/addon/auth/jwt/Jwt.js

@@ -17,17 +17,18 @@ let Jwt = class Jwt {
         this.jwtRefreshTokenRepository = jwtRefreshTokenRepository;
         this.config = config;
     }
-    async createToken() {
+    async createToken(metadata) {
         const authInfo = this.auth.require();
         const refreshToken = new JwtRefreshToken({
+            metadata,
             authInfo,
-            expirationTime: new Date().getTime() + this.config.refreshExpirationSeconds * 1000,
+            expirationTime: Date.now() + this.config.refreshExpirationSeconds * 1000,
         });
-        const refreshPassword = refreshToken.generatePassword();
+        const refreshSecret = refreshToken.generateSecret();
         await this.jwtRefreshTokenRepository.create(refreshToken);
         const access = await this.jwtSigner.signAccessToken(refreshToken);
         const refresh = {
-            token: JwtRefreshToken.deflate({ id: refreshToken.id, pass: refreshPassword }),
+            token: refreshSecret,
             expiration: new Date(refreshToken.expirationTime),
         };
         return {
@@ -35,11 +36,8 @@ let Jwt = class Jwt {
             refresh,
         };
     }
-    async refreshToken(refreshSecret) {
-        const { id, pass } = JwtRefreshToken.inflate(refreshSecret);
-        const refreshToken = await this.jwtRefreshTokenRepository.findOrThrow(id);
-        refreshToken.validatePassword(pass);
-        return this.jwtSigner.signAccessToken(refreshToken);
+    async findRefreshTokenAuthInfo(secret) {
+        return await this.jwtRefreshTokenRepository.findAndValidate(secret);
     }
 };
 Jwt = __decorate([

package/dist/src/addon/auth/jwt/{JwtConnectionGuardMiddleware.js → JwtHandshakeGuardMiddleware.js}

@@ -5,7 +5,7 @@ import { Auth } from '../../../core/auth/Auth.js';
 import { CustomError } from '../../../core/error/CustomError.js';
 import { JwtConfig } from './JwtConfig.js';
 
-let JwtConnectionGuardMiddleware = class JwtConnectionGuardMiddleware {
+let JwtHandshakeGuardMiddleware = class JwtHandshakeGuardMiddleware {
     config;
     auth;
     constructor(config, auth) {
@@ -48,10 +48,10 @@ let JwtConnectionGuardMiddleware = class JwtConnectionGuardMiddleware {
         }
     }
 };
-JwtConnectionGuardMiddleware = __decorate([
+JwtHandshakeGuardMiddleware = __decorate([
     injectable(),
     __metadata("design:paramtypes", [JwtConfig,
         Auth])
-], JwtConnectionGuardMiddleware);
+], JwtHandshakeGuardMiddleware);
 
-export { JwtConnectionGuardMiddleware };
+export { JwtHandshakeGuardMiddleware };

package/dist/src/addon/auth/jwt/JwtRefreshToken.js

@@ -1,55 +1,60 @@
 import { Entity } from '../../../core/entity/Entity.js';
 import { CustomError } from '../../../core/error/CustomError.js';
-import { Password } from '../../../core/password/Password.js';
+import crypto from 'node:crypto';
 
 class JwtRefreshToken extends Entity {
+    static PREFIX = 'rt_';
+    static hashSecret(secret) {
+        return crypto.createHash('sha256').update(secret).digest('hex');
+    }
     get authInfo() {
         return this.data.authInfo;
     }
+    get metadata() {
+        return this.data.metadata ?? {};
+    }
     get expirationTime() {
         return new Date(this.data.expirationTime);
     }
-    generatePassword() {
-        if (this.data.passwordHash) {
-            throw new Error('This api key, already has a secret');
+    isExpired() {
+        return Date.now() > this.data.expirationTime;
+    }
+    revoke() {
+        this.data.revokedAt = Date.now();
+    }
+    isRevoked() {
+        return this.data.revokedAt != null;
+    }
+    generateSecret() {
+        if (this.data.secretHash) {
+            throw new Error('This Token key already has a secret');
         }
-        const password = Password.generate(64);
-        this.data.passwordHash = Password.hash({ password: password });
-        return password;
+        const secret = `${JwtRefreshToken.PREFIX}${crypto.randomBytes(32).toString('hex')}`;
+        this.data.secretHash = JwtRefreshToken.hashSecret(secret);
+        return secret;
     }
-    isValidPassword(password) {
-        if (new Date().getTime() > this.data.expirationTime) {
+    isValidSecret(secret) {
+        if (!secret.startsWith(JwtRefreshToken.PREFIX))
             return false;
-        }
-        if (!this.data.passwordHash)
+        if (!this.data.secretHash)
             return false;
-        return Password.isValid({ password: password, hash: this.data.passwordHash });
+        const hashed = JwtRefreshToken.hashSecret(secret);
+        const stored = this.data.secretHash;
+        const hashedBuf = Buffer.from(hashed, 'hex');
+        const storedBuf = Buffer.from(stored, 'hex');
+        return hashedBuf.length === storedBuf.length && crypto.timingSafeEqual(hashedBuf, storedBuf);
     }
-    validatePassword(password) {
-        if (!this.isValidPassword(password)) {
-            throw new CustomError({ message: 'Invalid Api key', httpCode: 401 });
-        }
-    }
-    static inflate(secret) {
-        try {
-            const json = Buffer.from(secret, 'base64').toString('utf-8');
-            const data = JSON.parse(json);
-            if (!data.id || !data.pass) {
-                throw new Error('invalid secret structure');
-            }
-            return data;
-        }
-        catch (err) {
-            throw new Error('fail to inflate secret: ' + err.message);
-        }
+    isValidToken(secret) {
+        if (this.isExpired())
+            return false;
+        if (this.isRevoked())
+            return false;
+        return this.isValidSecret(secret);
     }
-    static deflate(data) {
-        const { id, pass } = data;
-        if (!id || !pass) {
-            throw new Error('id and pass required');
+    validateToken(secret) {
+        if (!this.isValidToken(secret)) {
+            throw new CustomError({ message: 'Invalid Token', httpCode: 401 });
         }
-        const json = JSON.stringify({ id, pass });
-        return Buffer.from(json, 'utf-8').toString('base64');
     }
 }
 

package/dist/src/addon/auth/jwt/JwtRefreshTokenRepository.js

@@ -1,4 +1,10 @@
 class JwtRefreshTokenRepository {
+    findByMetadata(metadata) {
+        throw new Error('Method not implemented.');
+    }
+    findAndValidate(secret) {
+        throw new Error('Method not implemented.');
+    }
     find(id) {
         throw new Error('Method not implemented.');
     }

package/dist/src/addon/auth/jwt/JwtSigner.js

@@ -23,7 +23,7 @@ let JwtSigner = class JwtSigner {
         const token = jwt.sign(_authInfo, this.config.secretOrPrivateKey, {
             expiresIn: this.config.accessExpirationSeconds,
         });
-        const expiration = new Date().getTime() + this.config.accessExpirationSeconds * 1000;
+        const expiration = new Date(new Date().getTime() + this.config.accessExpirationSeconds * 1000);
         return this.mapper.map({ token, expiration }, JwtTokenDto);
     }
 };

package/dist/src/addon/auth/jwt/PgJwtRefreshTokenRepository.js

@@ -3,6 +3,7 @@ import { singleton } from '../../../core/injection/index.js';
 import { Pool } from 'pg';
 import { PgCrudRepository } from '../../../feature/pg/PgCrudRepository.js';
 import { JwtRefreshToken } from './JwtRefreshToken.js';
+import { CustomError } from '../../../core/error/CustomError.js';
 
 let PgJwtRefreshTokenRepository = class PgJwtRefreshTokenRepository extends PgCrudRepository {
     constructor(pool) {
@@ -12,6 +13,32 @@ let PgJwtRefreshTokenRepository = class PgJwtRefreshTokenRepository extends PgCr
             constructor: JwtRefreshToken,
         });
     }
+    async findAndValidate(secret) {
+        const apiKey = await this.findBySecret(secret);
+        if (!apiKey) {
+            throw new CustomError({ message: 'Invalid Token', httpCode: 401 });
+        }
+        return apiKey.authInfo;
+    }
+    async findBySecret(secret) {
+        const secretHash = JwtRefreshToken.hashSecret(secret);
+        const query = `
+        SELECT ${this.columns}
+        FROM ${this.table}
+        WHERE data @> $1::jsonb
+        LIMIT 1
+      `;
+        const items = await this.query(query, [JSON.stringify({ secretHash })]);
+        return items[0] ?? null;
+    }
+    async findByMetadata(metadata) {
+        const query = `
+        SELECT ${this.columns}
+        FROM ${this.table}
+        WHERE data @> $1::jsonb
+      `;
+        return await this.query(query, [JSON.stringify({ metadata })]);
+    }
 };
 PgJwtRefreshTokenRepository = __decorate([
     singleton(),

package/dist/src/addon/chat-controller/socket/@socket.js

@@ -18,7 +18,7 @@ function socket(config) {
             channelConstructor: SocketChannel,
             functionName: propertyKey.toString(),
             controllerConstructor: target.constructor,
-            channelConfig: new SocketChannelConfig(config.channel),
+            channelConfig: new SocketChannelConfig(config.namespace, config.handshakeMidlewares),
         });
     };
 }