npm - @xcelsior/auth - Versions diffs - 1.0.0 → 1.1.0 - Mend

@xcelsior/auth 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/index.mjs CHANGED Viewed

@@ -2,177 +2,10 @@
 import bcrypt from "bcryptjs";
 import jwt from "jsonwebtoken";
 import { v4 as uuidv4 } from "uuid";
-// src/storage/dynamodb.ts
-import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
-import {
-  DynamoDBDocumentClient,
-  PutCommand,
-  GetCommand,
-  UpdateCommand,
-  DeleteCommand,
-  QueryCommand
-} from "@aws-sdk/lib-dynamodb";
-var DynamoDBStorageProvider = class {
-  constructor(config) {
-    const dbClient = new DynamoDBClient({ region: config.region });
-    this.client = DynamoDBDocumentClient.from(dbClient, {});
-    this.tableName = config.tableName;
-  }
-  async createUser(user) {
-    await this.client.send(
-      new PutCommand({
-        TableName: this.tableName,
-        Item: user,
-        ConditionExpression: "attribute_not_exists(email)"
-      })
-    );
-  }
-  async getUserByResetPasswordToken(resetPasswordToken) {
-    const response = await this.client.send(
-      new QueryCommand({
-        TableName: this.tableName,
-        IndexName: "ResetPasswordTokenIndex",
-        KeyConditionExpression: "resetPasswordToken = :token",
-        ExpressionAttributeValues: {
-          ":token": resetPasswordToken
-        }
-      })
-    );
-    return response.Items?.[0];
-  }
-  async getUserByVerifyEmailToken(verifyEmailToken) {
-    const response = await this.client.send(
-      new QueryCommand({
-        TableName: this.tableName,
-        IndexName: "VerifyEmailTokenIndex",
-        KeyConditionExpression: "verificationToken = :token",
-        ExpressionAttributeValues: {
-          ":token": verifyEmailToken
-        }
-      })
-    );
-    return response.Items?.[0];
-  }
-  async getUserById(id) {
-    const response = await this.client.send(
-      new GetCommand({
-        TableName: this.tableName,
-        Key: { id }
-      })
-    );
-    return response.Item;
-  }
-  async getUserByEmail(email) {
-    const response = await this.client.send(
-      new QueryCommand({
-        TableName: this.tableName,
-        IndexName: "EmailIndex",
-        KeyConditionExpression: "email = :email",
-        ExpressionAttributeValues: {
-          ":email": email
-        }
-      })
-    );
-    return response.Items?.[0];
-  }
-  async updateUser(id, updates) {
-    const toSet = {};
-    const toRemove = [];
-    Object.entries(updates).forEach(([key, value]) => {
-      if (value === void 0) {
-        toRemove.push(key);
-      } else {
-        toSet[key] = value;
-      }
-    });
-    if (Object.keys(toSet).length === 0 && toRemove.length === 0) {
-      return;
-    }
-    const setPart = Object.keys(toSet).length > 0 ? `SET ${Object.keys(toSet).map((key) => `#${key} = :${key}`).join(", ")}` : "";
-    const removePart = toRemove.length > 0 ? `REMOVE ${toRemove.map((key) => `#${key}`).join(", ")}` : "";
-    const updateExpression = [setPart, removePart].filter(Boolean).join(" ");
-    const expressionAttributeNames = [...Object.keys(toSet), ...toRemove].reduce(
-      (acc, key) => ({ ...acc, [`#${key}`]: key }),
-      {}
-    );
-    const expressionAttributeValues = Object.entries(toSet).reduce(
-      (acc, [key, value]) => ({ ...acc, [`:${key}`]: value }),
-      {}
-    );
-    await this.client.send(
-      new UpdateCommand({
-        TableName: this.tableName,
-        Key: { id },
-        UpdateExpression: updateExpression,
-        ExpressionAttributeNames: expressionAttributeNames,
-        ...Object.keys(expressionAttributeValues).length > 0 && {
-          ExpressionAttributeValues: expressionAttributeValues
-        }
-      })
-    );
-  }
-  async deleteUser(id) {
-    await this.client.send(
-      new DeleteCommand({
-        TableName: this.tableName,
-        Key: { id }
-      })
-    );
-  }
-};
-// src/storage/index.ts
-function createStorageProvider(config) {
-  switch (config.type) {
-    case "dynamodb":
-      return new DynamoDBStorageProvider(config.options);
-    case "mongodb":
-      throw new Error("MongoDB storage provider not implemented yet");
-    case "postgres":
-      throw new Error("PostgreSQL storage provider not implemented yet");
-    default:
-      throw new Error(`Unsupported storage type: ${config.type}`);
-  }
-}
+import crypto from "crypto";
 // src/email/smtp.ts
 import nodemailer from "nodemailer";
-var SMTPEmailProvider = class {
-  constructor(from, config, templates) {
-    this.transporter = nodemailer.createTransport(config);
-    this.config = { from, templates };
-  }
-  async sendVerificationEmail(email, token) {
-    const { subject, html } = this.config.templates.verification;
-    await this.transporter.sendMail({
-      from: this.config.from,
-      to: email,
-      subject,
-      html: html(token)
-    });
-  }
-  async sendPasswordResetEmail(email, token) {
-    const { subject, html } = this.config.templates.resetPassword;
-    await this.transporter.sendMail({
-      from: this.config.from,
-      to: email,
-      subject,
-      html: html(token)
-    });
-  }
-  async verifyConnection() {
-    try {
-      await this.transporter.verify();
-      return true;
-    } catch (_error) {
-      return false;
-    }
-  }
-};
-// src/email/ses.ts
-import { SESv2Client, SendEmailCommand } from "@aws-sdk/client-sesv2";
 // src/email/defaultTemplates.ts
 var defaultTemplates = {
@@ -231,7 +64,42 @@ var defaultTemplates = {
   }
 };
+// src/email/smtp.ts
+var SMTPEmailProvider = class {
+  constructor(from, config, templates) {
+    this.transporter = nodemailer.createTransport(config);
+    this.config = { from, templates: templates ?? defaultTemplates };
+  }
+  async sendVerificationEmail(email, token) {
+    const { subject, html } = this.config.templates.verification;
+    await this.transporter.sendMail({
+      from: this.config.from,
+      to: email,
+      subject,
+      html: html(token)
+    });
+  }
+  async sendPasswordResetEmail(email, token) {
+    const { subject, html } = this.config.templates.resetPassword;
+    await this.transporter.sendMail({
+      from: this.config.from,
+      to: email,
+      subject,
+      html: html(token)
+    });
+  }
+  async verifyConnection() {
+    try {
+      await this.transporter.verify();
+      return true;
+    } catch (_error) {
+      return false;
+    }
+  }
+};
 // src/email/ses.ts
+import { SESv2Client, SendEmailCommand } from "@aws-sdk/client-sesv2";
 var SESEmailProvider = class {
   constructor(from, config, templates) {
     this.client = new SESv2Client({
@@ -321,10 +189,10 @@ function createEmailProvider(config) {
 var AuthService = class {
   constructor(config) {
     this.config = config;
-    this.storage = createStorageProvider(config.storage);
+    this.storage = config.storage;
     this.email = createEmailProvider(config.email);
   }
-  generateToken(user) {
+  generateAccessToken(user) {
     return jwt.sign(
       {
         id: user.id,
@@ -340,31 +208,100 @@ var AuthService = class {
       }
     );
   }
+  generateRefreshToken(sessionId, userId) {
+    const payload = {
+      sessionId,
+      userId,
+      type: "refresh"
+    };
+    return jwt.sign(payload, this.config.jwt.privateKey, {
+      algorithm: "RS256",
+      expiresIn: this.config.jwt.refreshTokenExpiresIn || "7d",
+      keyid: this.config.jwt.keyId
+    });
+  }
+  verifyRefreshToken(token) {
+    try {
+      const payload = jwt.verify(token, this.config.jwt.publicKey, {
+        algorithms: ["RS256"]
+      });
+      if (payload.type !== "refresh") {
+        throw new Error("Invalid token type");
+      }
+      return payload;
+    } catch (_error) {
+      throw new Error("Invalid refresh token");
+    }
+  }
+  hashToken(token) {
+    return crypto.createHash("sha256").update(token).digest("hex");
+  }
+  getRefreshTokenExpiryMs() {
+    const expiresIn = this.config.jwt.refreshTokenExpiresIn || "7d";
+    const match = expiresIn.match(/^(\d+)([smhd])$/);
+    if (!match) {
+      return 7 * 24 * 60 * 60 * 1e3;
+    }
+    const value = parseInt(match[1], 10);
+    const unit = match[2];
+    const multipliers = {
+      s: 1e3,
+      m: 60 * 1e3,
+      h: 60 * 60 * 1e3,
+      d: 24 * 60 * 60 * 1e3
+    };
+    return value * multipliers[unit];
+  }
   async hashPassword(password) {
     return bcrypt.hash(password, 10);
   }
-  async signup(email, password, roles = ["USER"]) {
-    const existingUser = await this.storage.getUserByEmail(email);
+  async createSession(userId, options = {}) {
+    const now = Date.now();
+    const sessionId = this.config.idGeneration === "uuid" ? uuidv4() : void 0;
+    const tempSession = {
+      ...sessionId ? { id: sessionId } : {},
+      userId,
+      refreshTokenHash: "",
+      userAgent: options.userAgent,
+      ipAddress: options.ipAddress,
+      deviceName: options.deviceName,
+      createdAt: now,
+      lastUsedAt: now,
+      expiresAt: now + this.getRefreshTokenExpiryMs()
+    };
+    const session = await this.storage.createSession(tempSession);
+    const refreshToken = this.generateRefreshToken(session.id, userId);
+    await this.storage.updateSession(session.id, {
+      refreshTokenHash: this.hashToken(refreshToken)
+    });
+    return {
+      session: { ...session, refreshTokenHash: this.hashToken(refreshToken) },
+      refreshToken
+    };
+  }
+  async signup(createUserInput, password, options = {}) {
+    const existingUser = await this.storage.getUserByEmail(createUserInput.email);
     if (existingUser) {
       throw new Error("User already exists");
     }
     const verificationToken = uuidv4();
+    const id = this.config.idGeneration === "uuid" ? uuidv4() : void 0;
     const user = {
-      id: uuidv4(),
-      email,
+      ...createUserInput,
+      id,
       passwordHash: await this.hashPassword(password),
-      roles,
       isEmailVerified: false,
       verificationToken,
       createdAt: Date.now(),
       updatedAt: Date.now()
     };
-    await this.storage.createUser(user);
-    await this.email.sendVerificationEmail(email, verificationToken);
-    const token = this.generateToken(user);
-    return { user, token };
+    const createdUser = await this.storage.createUser(user);
+    await this.email.sendVerificationEmail(createUserInput.email, verificationToken);
+    const { refreshToken } = await this.createSession(createdUser.id, options);
+    const accessToken = this.generateAccessToken(createdUser);
+    return { user: createdUser, tokens: { accessToken, refreshToken } };
   }
-  async signin(email, password) {
+  async signin(email, password, options = {}) {
     const user = await this.storage.getUserByEmail(email);
     if (!user) {
       throw new Error("Invalid credentials");
@@ -376,8 +313,86 @@ var AuthService = class {
     if (!user.isEmailVerified) {
       throw new Error("Please verify your email before signing in");
     }
-    const token = this.generateToken(user);
-    return { user, token };
+    const { refreshToken } = await this.createSession(user.id, options);
+    const accessToken = this.generateAccessToken(user);
+    return { user, tokens: { accessToken, refreshToken } };
+  }
+  async refreshAccessToken(refreshToken) {
+    const payload = this.verifyRefreshToken(refreshToken);
+    const session = await this.storage.getSessionById(payload.sessionId);
+    if (!session) {
+      throw new Error("Session not found");
+    }
+    const tokenHash = this.hashToken(refreshToken);
+    if (session.refreshTokenHash !== tokenHash) {
+      throw new Error("Invalid refresh token");
+    }
+    if (session.expiresAt < Date.now()) {
+      await this.storage.deleteSession(session.id);
+      throw new Error("Session expired");
+    }
+    const user = await this.storage.getUserById(session.userId);
+    if (!user) {
+      throw new Error("User not found");
+    }
+    const newRefreshToken = this.generateRefreshToken(session.id, user.id);
+    await this.storage.updateSession(session.id, {
+      refreshTokenHash: this.hashToken(newRefreshToken),
+      lastUsedAt: Date.now(),
+      expiresAt: Date.now() + this.getRefreshTokenExpiryMs()
+    });
+    const accessToken = this.generateAccessToken(user);
+    return { accessToken, refreshToken: newRefreshToken };
+  }
+  /**
+   * Logout from current session only
+   */
+  async logout(refreshToken) {
+    try {
+      const payload = this.verifyRefreshToken(refreshToken);
+      await this.storage.deleteSession(payload.sessionId);
+    } catch {
+    }
+  }
+  /**
+   * Revoke a specific session by ID
+   */
+  async revokeSession(userId, sessionId) {
+    const session = await this.storage.getSessionById(sessionId);
+    if (!session || session.userId !== userId) {
+      throw new Error("Session not found");
+    }
+    await this.storage.deleteSession(sessionId);
+  }
+  /**
+   * Revoke all sessions for a user (logout from all devices)
+   */
+  async revokeAllSessions(userId) {
+    await this.storage.deleteAllUserSessions(userId);
+  }
+  /**
+   * Get all active sessions for a user
+   */
+  async getSessions(userId, currentRefreshToken) {
+    const sessions = await this.storage.getSessionsByUserId(userId);
+    const now = Date.now();
+    let currentSessionId;
+    if (currentRefreshToken) {
+      try {
+        const payload = this.verifyRefreshToken(currentRefreshToken);
+        currentSessionId = payload.sessionId;
+      } catch {
+      }
+    }
+    return sessions.filter((s) => s.expiresAt > now).map((session) => ({
+      id: session.id,
+      deviceName: session.deviceName,
+      userAgent: session.userAgent,
+      ipAddress: session.ipAddress,
+      createdAt: session.createdAt,
+      lastUsedAt: session.lastUsedAt,
+      isCurrent: session.id === currentSessionId
+    }));
   }
   async verifyEmail(token) {
     const user = await this.storage.getUserByVerifyEmailToken(token);
@@ -420,6 +435,7 @@ var AuthService = class {
     try {
       return jwt.verify(token, this.config.jwt.publicKey, { algorithms: ["RS256"] });
     } catch (_error) {
+      console.log("Token verification failed:", _error);
       throw new Error("Invalid token");
     }
   }
@@ -430,6 +446,74 @@ var AuthService = class {
     }
     return requiredRoles.some((role) => user.roles.includes(role));
   }
+  // ==================== User Management ====================
+  /**
+   * Get a user by ID
+   */
+  async getUserById(id) {
+    return this.storage.getUserById(id);
+  }
+  /**
+   * Get a user by email
+   */
+  async getUserByEmail(email) {
+    return this.storage.getUserByEmail(email);
+  }
+  /**
+   * Update a user's profile information.
+   * Supports predefined fields (email, firstName, lastName, roles, isEmailVerified)
+   * as well as any additional custom fields.
+   */
+  async updateUser(id, updates) {
+    const user = await this.storage.getUserById(id);
+    if (!user) {
+      throw new Error("User not found");
+    }
+    if (updates.email !== void 0 && updates.email !== user.email) {
+      const existingUser = await this.storage.getUserByEmail(updates.email);
+      if (existingUser) {
+        throw new Error("Email already in use");
+      }
+    }
+    const { email, firstName, lastName, roles, isEmailVerified, ...additionalFields } = updates;
+    const mergedUpdates = {
+      updatedAt: Date.now(),
+      ...additionalFields
+    };
+    if (email !== void 0) mergedUpdates.email = email;
+    if (firstName !== void 0) mergedUpdates.firstName = firstName;
+    if (lastName !== void 0) mergedUpdates.lastName = lastName;
+    if (roles !== void 0) mergedUpdates.roles = roles;
+    if (isEmailVerified !== void 0) mergedUpdates.isEmailVerified = isEmailVerified;
+    await this.storage.updateUser(id, mergedUpdates);
+    return { ...user, ...mergedUpdates };
+  }
+  /**
+   * Delete a user and all their sessions
+   */
+  async deleteUser(id) {
+    const user = await this.storage.getUserById(id);
+    if (!user) {
+      throw new Error("User not found");
+    }
+    await this.storage.deleteUser(id);
+  }
+  /**
+   * Find users with filtering and pagination
+   *
+   * @example
+   * // Find all admins
+   * const { users } = await authService.findUsers({ hasAnyRole: ['ADMIN'] });
+   *
+   * // Find verified users with email containing '@company.com'
+   * const result = await authService.findUsers({
+   *   emailContains: '@company.com',
+   *   isEmailVerified: true
+   * }, { limit: 20 });
+   */
+  async findUsers(filter, options) {
+    return this.storage.findUsers(filter, options);
+  }
 };
 // src/middleware/auth.ts
@@ -444,8 +528,7 @@ var AuthMiddleware = class {
         if (!token) {
           throw new Error("No token provided");
         }
-        const decoded = await this.authService.verifyToken(token);
-        req.user = decoded;
+        req.user = await this.authService.verifyToken(token);
         next();
       } catch (_error) {
         res.status(401).json({ error: "Unauthorized" });
@@ -477,12 +560,13 @@ var AuthMiddleware = class {
 // src/types/index.ts
 import { z } from "zod";
-var UserRoleSchema = z.enum(["ADMIN", "USER", "GUEST"]);
 var UserSchema = z.object({
-  id: z.string(),
+  id: z.union([z.string(), z.number()]),
   email: z.string().email(),
+  firstName: z.string().optional(),
+  lastName: z.string().optional(),
   passwordHash: z.string(),
-  roles: z.array(UserRoleSchema),
+  roles: z.array(z.string()),
   isEmailVerified: z.boolean(),
   verificationToken: z.string().optional(),
   resetPasswordToken: z.string().optional(),
@@ -490,10 +574,41 @@ var UserSchema = z.object({
   createdAt: z.number(),
   updatedAt: z.number()
 });
+var CreateUserSchema = UserSchema.omit({
+  id: true,
+  createdAt: true,
+  updatedAt: true
+}).extend({
+  createdAt: z.number().optional(),
+  updatedAt: z.number().optional(),
+  id: z.union([z.string(), z.number()]).optional()
+});
+var SessionSchema = z.object({
+  id: z.union([z.string(), z.number()]),
+  userId: z.union([z.string(), z.number()]),
+  refreshTokenHash: z.string(),
+  userAgent: z.string().optional(),
+  ipAddress: z.string().optional(),
+  deviceName: z.string().optional(),
+  createdAt: z.number(),
+  lastUsedAt: z.number(),
+  expiresAt: z.number()
+});
+var CreateSessionSchema = SessionSchema.omit({
+  id: true,
+  createdAt: true,
+  lastUsedAt: true
+}).extend({
+  createdAt: z.number().optional(),
+  lastUsedAt: z.number().optional(),
+  id: z.union([z.string(), z.number()]).optional()
+});
 export {
   AuthMiddleware,
   AuthService,
-  UserRoleSchema,
+  CreateSessionSchema,
+  CreateUserSchema,
+  SessionSchema,
   UserSchema
 };
 //# sourceMappingURL=index.mjs.map