npm - @wabot-dev/framework - Versions diffs - 0.2.0-beta.2 → 0.2.0-beta.3 - Mend

@wabot-dev/framework 0.2.0-beta.2 → 0.2.0-beta.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/src/addon/auth/jwt/Jwt.js +7 -9
package/dist/src/addon/auth/jwt/JwtRefreshToken.js +40 -35
package/dist/src/addon/auth/jwt/JwtRefreshTokenRepository.js +6 -0
package/dist/src/addon/auth/jwt/PgJwtRefreshTokenRepository.js +27 -0
package/dist/src/index.d.ts +22 -14
package/package.json +1 -1

package/dist/src/addon/auth/jwt/Jwt.js CHANGED Viewed

@@ -17,17 +17,18 @@ let Jwt = class Jwt {
         this.jwtRefreshTokenRepository = jwtRefreshTokenRepository;
         this.config = config;
     }
-    async createToken() {
+    async createToken(metadata) {
         const authInfo = this.auth.require();
         const refreshToken = new JwtRefreshToken({
+            metadata,
             authInfo,
-            expirationTime: new Date().getTime() + this.config.refreshExpirationSeconds * 1000,
+            expirationTime: Date.now() + this.config.refreshExpirationSeconds * 1000,
         });
-        const refreshPassword = refreshToken.generatePassword();
+        const refreshSecret = refreshToken.generateSecret();
         await this.jwtRefreshTokenRepository.create(refreshToken);
         const access = await this.jwtSigner.signAccessToken(refreshToken);
         const refresh = {
-            token: JwtRefreshToken.deflate({ id: refreshToken.id, pass: refreshPassword }),
+            token: refreshSecret,
             expiration: new Date(refreshToken.expirationTime),
         };
         return {
@@ -35,11 +36,8 @@ let Jwt = class Jwt {
             refresh,
         };
     }
-    async refreshToken(refreshSecret) {
-        const { id, pass } = JwtRefreshToken.inflate(refreshSecret);
-        const refreshToken = await this.jwtRefreshTokenRepository.findOrThrow(id);
-        refreshToken.validatePassword(pass);
-        return this.jwtSigner.signAccessToken(refreshToken);
+    async findRefreshTokenAuthInfo(secret) {
+        return await this.jwtRefreshTokenRepository.findAndValidate(secret);
     }
 };
 Jwt = __decorate([

package/dist/src/addon/auth/jwt/JwtRefreshToken.js CHANGED Viewed

@@ -1,55 +1,60 @@
 import { Entity } from '../../../core/entity/Entity.js';
 import { CustomError } from '../../../core/error/CustomError.js';
-import { Password } from '../../../core/password/Password.js';
+import crypto from 'node:crypto';
 class JwtRefreshToken extends Entity {
+    static PREFIX = 'rt_';
+    static hashSecret(secret) {
+        return crypto.createHash('sha256').update(secret).digest('hex');
+    }
     get authInfo() {
         return this.data.authInfo;
     }
+    get metadata() {
+        return this.data.metadata ?? {};
+    }
     get expirationTime() {
         return new Date(this.data.expirationTime);
     }
-    generatePassword() {
-        if (this.data.passwordHash) {
-            throw new Error('This api key, already has a secret');
+    isExpired() {
+        return Date.now() > this.data.expirationTime;
+    }
+    revoke() {
+        this.data.revokedAt = Date.now();
+    }
+    isRevoked() {
+        return this.data.revokedAt != null;
+    }
+    generateSecret() {
+        if (this.data.secretHash) {
+            throw new Error('This Token key already has a secret');
         }
-        const password = Password.generate(64);
-        this.data.passwordHash = Password.hash({ password: password });
-        return password;
+        const secret = `${JwtRefreshToken.PREFIX}${crypto.randomBytes(32).toString('hex')}`;
+        this.data.secretHash = JwtRefreshToken.hashSecret(secret);
+        return secret;
     }
-    isValidPassword(password) {
-        if (new Date().getTime() > this.data.expirationTime) {
+    isValidSecret(secret) {
+        if (!secret.startsWith(JwtRefreshToken.PREFIX))
             return false;
-        }
-        if (!this.data.passwordHash)
+        if (!this.data.secretHash)
             return false;
-        return Password.isValid({ password: password, hash: this.data.passwordHash });
+        const hashed = JwtRefreshToken.hashSecret(secret);
+        const stored = this.data.secretHash;
+        const hashedBuf = Buffer.from(hashed, 'hex');
+        const storedBuf = Buffer.from(stored, 'hex');
+        return hashedBuf.length === storedBuf.length && crypto.timingSafeEqual(hashedBuf, storedBuf);
     }
-    validatePassword(password) {
-        if (!this.isValidPassword(password)) {
-            throw new CustomError({ message: 'Invalid Api key', httpCode: 401 });
-        }
-    }
-    static inflate(secret) {
-        try {
-            const json = Buffer.from(secret, 'base64').toString('utf-8');
-            const data = JSON.parse(json);
-            if (!data.id || !data.pass) {
-                throw new Error('invalid secret structure');
-            }
-            return data;
-        }
-        catch (err) {
-            throw new Error('fail to inflate secret: ' + err.message);
-        }
+    isValidToken(secret) {
+        if (this.isExpired())
+            return false;
+        if (this.isRevoked())
+            return false;
+        return this.isValidSecret(secret);
     }
-    static deflate(data) {
-        const { id, pass } = data;
-        if (!id || !pass) {
-            throw new Error('id and pass required');
+    validateToken(secret) {
+        if (!this.isValidToken(secret)) {
+            throw new CustomError({ message: 'Invalid Token', httpCode: 401 });
         }
-        const json = JSON.stringify({ id, pass });
-        return Buffer.from(json, 'utf-8').toString('base64');
     }
 }

package/dist/src/addon/auth/jwt/JwtRefreshTokenRepository.js CHANGED Viewed

@@ -1,4 +1,10 @@
 class JwtRefreshTokenRepository {
+    findByMetadata(metadata) {
+        throw new Error('Method not implemented.');
+    }
+    findAndValidate(secret) {
+        throw new Error('Method not implemented.');
+    }
     find(id) {
         throw new Error('Method not implemented.');
     }

package/dist/src/addon/auth/jwt/PgJwtRefreshTokenRepository.js CHANGED Viewed

@@ -3,6 +3,7 @@ import { singleton } from '../../../core/injection/index.js';
 import { Pool } from 'pg';
 import { PgCrudRepository } from '../../../feature/pg/PgCrudRepository.js';
 import { JwtRefreshToken } from './JwtRefreshToken.js';
+import { CustomError } from '../../../core/error/CustomError.js';
 let PgJwtRefreshTokenRepository = class PgJwtRefreshTokenRepository extends PgCrudRepository {
     constructor(pool) {
@@ -12,6 +13,32 @@ let PgJwtRefreshTokenRepository = class PgJwtRefreshTokenRepository extends PgCr
             constructor: JwtRefreshToken,
         });
     }
+    async findAndValidate(secret) {
+        const apiKey = await this.findBySecret(secret);
+        if (!apiKey) {
+            throw new CustomError({ message: 'Invalid Token', httpCode: 401 });
+        }
+        return apiKey.authInfo;
+    }
+    async findBySecret(secret) {
+        const secretHash = JwtRefreshToken.hashSecret(secret);
+        const query = `
+        SELECT ${this.columns}
+        FROM ${this.table}
+        WHERE data @> $1::jsonb
+        LIMIT 1
+      `;
+        const items = await this.query(query, [JSON.stringify({ secretHash })]);
+        return items[0] ?? null;
+    }
+    async findByMetadata(metadata) {
+        const query = `
+        SELECT ${this.columns}
+        FROM ${this.table}
+        WHERE data @> $1::jsonb
+      `;
+        return await this.query(query, [JSON.stringify({ metadata })]);
+    }
 };
 PgJwtRefreshTokenRepository = __decorate([
     singleton(),

package/dist/src/index.d.ts CHANGED Viewed

@@ -1091,27 +1091,30 @@ declare function jwtConnectionGuard(): (target: object, propertyKey: string | sy
 declare function jwtGuard(): (target: object, propertyKey: string | symbol) => void;
 interface IJwtRefreshTokenData<A extends IStorableData> extends IEntityData {
+    secretHash?: string;
+    metadata?: Record<string, string>;
     authInfo: A;
-    passwordHash?: string;
     expirationTime: number;
+    revokedAt?: number;
 }
 declare class JwtRefreshToken<A extends IStorableData> extends Entity<IJwtRefreshTokenData<A>> {
+    static PREFIX: string;
+    static hashSecret(secret: string): string;
     get authInfo(): A;
+    get metadata(): Record<string, string>;
     get expirationTime(): Date;
-    generatePassword(): string;
-    isValidPassword(password: string): boolean;
-    validatePassword(password: string): void;
-    static inflate(secret: string): {
-        id: string;
-        pass: string;
-    };
-    static deflate(data: {
-        id: string;
-        pass: string;
-    }): string;
+    isExpired(): boolean;
+    revoke(): void;
+    isRevoked(): boolean;
+    generateSecret(): string;
+    isValidSecret(secret: string): boolean;
+    isValidToken(secret: string): boolean;
+    validateToken(secret: string): void;
 }
 interface IJwtRefreshTokenRepository<D extends IStorableData> extends ICrudRepository<JwtRefreshToken<D>> {
+    findAndValidate(secret: string): Promise<D>;
+    findByMetadata(metadata: Record<string, string>): Promise<JwtRefreshToken<D>[]>;
 }
 declare class JwtTokenDto {
@@ -1141,6 +1144,8 @@ declare class JwtSigner {
 }
 declare class JwtRefreshTokenRepository<D extends IStorableData> implements IJwtRefreshTokenRepository<D> {
+    findByMetadata(metadata: Record<string, string>): Promise<JwtRefreshToken<D>[]>;
+    findAndValidate(secret: string): Promise<D>;
     find(id: string): Promise<JwtRefreshToken<D> | null>;
     findOrThrow(id: string): Promise<JwtRefreshToken<D>>;
     findByIds(ids: string[]): Promise<JwtRefreshToken<D>[]>;
@@ -1156,8 +1161,8 @@ declare class Jwt {
     private jwtRefreshTokenRepository;
     private config;
     constructor(auth: Auth<any>, jwtSigner: JwtSigner, jwtRefreshTokenRepository: JwtRefreshTokenRepository<any>, config: JwtConfig);
-    createToken(): Promise<JwtAccessAndRefreshTokenDto>;
-    refreshToken(refreshSecret: string): Promise<JwtTokenDto>;
+    createToken(metadata?: Record<string, string>): Promise<JwtAccessAndRefreshTokenDto>;
+    findRefreshTokenAuthInfo(secret: string): Promise<any>;
 }
 declare class JwtConnectionGuardMiddleware implements IConnectionMiddleware {
@@ -1176,6 +1181,9 @@ declare class JwtGuardMiddleware implements IMiddleware {
 declare class PgJwtRefreshTokenRepository<D extends IStorableData> extends PgCrudRepository<JwtRefreshToken<D>> implements IJwtRefreshTokenRepository<D> {
     constructor(pool: Pool);
+    findAndValidate(secret: string): Promise<D>;
+    findBySecret(secret: string): Promise<JwtRefreshToken<D> | null>;
+    findByMetadata(metadata: Record<string, string>): Promise<JwtRefreshToken<D>[]>;
 }
 declare class AnthropicChatAdapter implements IChatAdapter {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wabot-dev/framework",
-  "version": "0.2.0-beta.2",
+  "version": "0.2.0-beta.3",
   "description": "Framework for IA Chat Bots",
   "type": "module",
   "main": "dist/src/index.js",