npm - @zapkey/express - Versions diffs - 1.0.0 → 1.0.1 - Mend

@zapkey/express 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.cjs CHANGED Viewed

	@@ -1 +1 @@
1	- "use strict";var f=Object.defineProperty;var T=Object.getOwnPropertyDescriptor;var m=Object.getOwnPropertyNames;var g=Object.prototype.hasOwnProperty;var d=(e,t)=>{for(var o in t)f(e,o,{get:t[o],enumerable:!0})},O=(e,t,o,s)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let n of m(t))!g.call(e,n)&&n!==o&&f(e,n,{get:()=>t[n],enumerable:!(s=T(t,n))\|\|s.enumerable});return e};var x=e=>O(f({},"__esModule",{value:!0}),e);var I={};d(I,{clearAuthCookie:()=>h,getUser:()=>N,handleLogin:()=>C,handleLogout:()=>E,handleRefresh:()=>A,requireAuth:()=>y,requireGuard:()=>l,setAuthCookie:()=>u});module.exports=x(I);var a=require("@zapkey/core");function y(e){return async(t,o,s)=>{try{let n=e.cookie.getAccessTokenName(),i=t.cookies?.[n];if(!i){let c=t.headers.authorization;c?.startsWith("Bearer ")&&(i=c.substring(7))}if(!i){o.status(401).json({error:"Unauthorized",code:"NO_TOKEN"});return}let r=await e.token.verifyAccessToken(i);t.user=r,s()}catch(n){k(n,o)}}}function l(e,t){return async(o,s,n)=>{try{if(!e.authorization){s.status(500).json({error:"Authorization not configured",code:"AUTHORIZATION_NOT_CONFIGURED",hint:"Provide AuthorizationStore in SDK config to use requireGuard"});return}let i=o.user;if(!i){s.status(401).json({error:"Unauthorized",code:"NO_USER"});return}await e.authorization.guard.enforce(i.userId,t),n()}catch(i){k(i,s)}}}function u(e,t,o,s){let n={httpOnly:s.httpOnly,secure:s.secure,sameSite:s.sameSite,maxAge:s.maxAge*1e3,path:s.path,domain:s.domain};e.cookie(t,o,n)}function h(e,t,o){let s={httpOnly:o.httpOnly,secure:o.secure,sameSite:o.sameSite,maxAge:0,path:o.path,domain:o.domain};e.clearCookie(t,s)}async function C(e,t,o,s){let n=s?.withRefresh??e.hasRefreshTokens(),i=s?.metadata!==void 0?{userId:t,metadata:s.metadata}:{userId:t};if(n){let r=await e.token.issue(i),c=e.cookie.getAccessTokenCookieOptions(r.expiresIn),p=e.getConfig().token.refreshTokenExpiresIn,R=e.cookie.getRefreshTokenCookieOptions(p);u(o,e.cookie.getAccessTokenName(),r.accessToken,c),u(o,e.cookie.getRefreshTokenName(),r.refreshToken,R)~~,o.json(~~{success:!0,~~accessToken:r.accessToken,~~expiresIn:r.expiresIn,refreshEnabled:!0})}else{let r=await e.token.issueAccessToken(i),c=e.cookie.getAccessTokenCookieOptions(r.expiresIn);u(o,e.cookie.getAccessTokenName(),r.accessToken,c~~),o.json(~~{success:!0,~~accessToken:r.accessToken,~~expiresIn:r.expiresIn,refreshEnabled:!1})}}async function A(e,t,o){try{if(!e.hasRefreshTokens()\|\|!e.token.rotate){o.status(400).json({error:"Refresh tokens are not enabled",code:"REFRESH_DISABLED",hint:"Set refreshTokens: true in SDK config to enable token refresh"});return}let s=t.cookies?.[e.cookie.getRefreshTokenName()];if(!s){o.status(401).json({error:"No refresh token",code:"NO_REFRESH_TOKEN"});return}let n=await e.token.rotate(s),i=e.cookie.getAccessTokenCookieOptions(n.expiresIn),r=e.getConfig().token.refreshTokenExpiresIn,c=e.cookie.getRefreshTokenCookieOptions(r);u(o,e.cookie.getAccessTokenName(),n.accessToken,i),u(o,e.cookie.getRefreshTokenName(),n.refreshToken,c~~),o.json(~~{success:!0,~~accessToken~~:n.accessToken,~~expiresIn:n~~.~~expiresIn}~~)}catch(s){k(s,o)}}async function E(e,t,o){try{let s=e.cookie.getClearCookieOptions();if(h(o,e.cookie.getAccessTokenName(),s),e.hasRefreshTokens()&&e.token.revokeToken){let n=t.cookies?.[e.cookie.getRefreshTokenName()];n&&await e.token.revokeToken(n,"logout"),h(o,e.cookie.getRefreshTokenName(),s)}o.json({success:!0})}catch(s){k(s,o)}}function k(e,t){e instanceof a.RateLimitError?t.status(e.statusCode).json({error:e.message,code:e.code,retryAfter:e.retryAfter}):e instanceof a.TokenError?t.status(e.statusCode).json({error:e.message,code:e.code}):e instanceof a.OTPError?t.status(e.statusCode).json({error:e.message,code:e.code}):e instanceof a.AuthorizationError?t.status(e.statusCode).json({error:e.message,code:e.code}):e instanceof a.AuthError?t.status(e.statusCode).json({error:e.message,code:e.code}):t.status(500).json({error:"Internal server error",code:"INTERNAL_ERROR"})}function N(e){return e.user}0&&(module.exports={clearAuthCookie,getUser,handleLogin,handleLogout,handleRefresh,requireAuth,requireGuard,setAuthCookie});
1	+ "use strict";var h=Object.defineProperty;var m=Object.getOwnPropertyDescriptor;var y=Object.getOwnPropertyNames;var g=Object.prototype.hasOwnProperty;var l=(e,s)=>{for(var o in s)h(e,o,{get:s[o],enumerable:!0})},O=(e,s,o,n)=>{if(s&&typeof s=="object"\|\|typeof s=="function")for(let t of y(s))!g.call(e,t)&&t!==o&&h(e,t,{get:()=>s[t],enumerable:!(n=m(s,t))\|\|n.enumerable});return e};var x=e=>O(h({},"__esModule",{value:!0}),e);var v={};l(v,{clearAuthCookie:()=>d,getUser:()=>j,handleLogin:()=>E,handleLogout:()=>I,handleRefresh:()=>N,requireAuth:()=>C,requireGuard:()=>A,setAuthCookie:()=>k});module.exports=x(v);var r=require("@zapkey/core");function C(e){return async(s,o,n)=>{try{let t=e.cookie.getAccessTokenName(),i=s.cookies?.[t];if(!i){let a=s.headers.authorization;a?.startsWith("Bearer ")&&(i=a.substring(7))}if(!i){o.status(401).json({error:"Unauthorized",code:"NO_TOKEN"});return}let u=await e.token.verifyAccessToken(i);s.user=u,n()}catch(t){p(t,o)}}}function A(e,s){return async(o,n,t)=>{try{if(!e.authorization){n.status(500).json({error:"Authorization not configured",code:"AUTHORIZATION_NOT_CONFIGURED",hint:"Provide AuthorizationStore in SDK config to use requireGuard"});return}let i=o.user;if(!i){n.status(401).json({error:"Unauthorized",code:"NO_USER"});return}await e.authorization.guard.enforce(i.userId,s),t()}catch(i){p(i,n)}}}function k(e,s,o,n){let t={httpOnly:n.httpOnly,secure:n.secure,sameSite:n.sameSite,maxAge:n.maxAge*1e3,path:n.path,domain:n.domain};e.cookie(s,o,t)}function d(e,s,o){let n={httpOnly:o.httpOnly,secure:o.secure,sameSite:o.sameSite,maxAge:0,path:o.path,domain:o.domain};e.clearCookie(s,n)}async function E(e,s,o,n){let t=n?.withRefresh??e.hasRefreshTokens(),i=n?.sendTokenInBody??!1,u=n?.metadata!==void 0?{userId:s,metadata:n.metadata}:{userId:s};if(t){let a=await e.token.issue(u),f=e.cookie.getAccessTokenCookieOptions(a.expiresIn),c=e.getConfig().token.refreshTokenExpiresIn,R=e.cookie.getRefreshTokenCookieOptions(c);k(o,e.cookie.getAccessTokenName(),a.accessToken,f),k(o,e.cookie.getRefreshTokenName(),a.refreshToken,R);let T={success:!0,expiresIn:a.expiresIn,refreshEnabled:!0};i&&(T.accessToken=a.accessToken),o.json(T)}else{let a=await e.token.issueAccessToken(u),f=e.cookie.getAccessTokenCookieOptions(a.expiresIn);k(o,e.cookie.getAccessTokenName(),a.accessToken,f);let c={success:!0,expiresIn:a.expiresIn,refreshEnabled:!1};i&&(c.accessToken=a.accessToken),o.json(c)}}async function N(e,s,o,n){try{if(!e.hasRefreshTokens()\|\|!e.token.rotate){o.status(400).json({error:"Refresh tokens are not enabled",code:"REFRESH_DISABLED",hint:"Set refreshTokens: true in SDK config to enable token refresh"});return}let t=s.cookies?.[e.cookie.getRefreshTokenName()];if(!t){o.status(401).json({error:"No refresh token",code:"NO_REFRESH_TOKEN"});return}let i=await e.token.rotate(t),u=e.cookie.getAccessTokenCookieOptions(i.expiresIn),a=e.getConfig().token.refreshTokenExpiresIn,f=e.cookie.getRefreshTokenCookieOptions(a);k(o,e.cookie.getAccessTokenName(),i.accessToken,u),k(o,e.cookie.getRefreshTokenName(),i.refreshToken,f);let c={success:!0,expiresIn:i.expiresIn};n?.sendTokenInBody&&(c.accessToken=i.accessToken),o.json(c)}catch(t){p(t,o)}}async function I(e,s,o){try{let n=e.cookie.getClearCookieOptions();if(d(o,e.cookie.getAccessTokenName(),n),e.hasRefreshTokens()&&e.token.revokeToken){let t=s.cookies?.[e.cookie.getRefreshTokenName()];t&&await e.token.revokeToken(t,"logout"),d(o,e.cookie.getRefreshTokenName(),n)}o.json({success:!0})}catch(n){p(n,o)}}function p(e,s){e instanceof r.RateLimitError?s.status(e.statusCode).json({error:e.message,code:e.code,retryAfter:e.retryAfter}):e instanceof r.TokenError?s.status(e.statusCode).json({error:e.message,code:e.code}):e instanceof r.OTPError?s.status(e.statusCode).json({error:e.message,code:e.code}):e instanceof r.AuthorizationError?s.status(e.statusCode).json({error:e.message,code:e.code}):e instanceof r.AuthError?s.status(e.statusCode).json({error:e.message,code:e.code}):s.status(500).json({error:"Internal server error",code:"INTERNAL_ERROR"})}function j(e){return e.user}0&&(module.exports={clearAuthCookie,getUser,handleLogin,handleLogout,handleRefresh,requireAuth,requireGuard,setAuthCookie});

package/dist/index.d.cts CHANGED Viewed

@@ -52,6 +52,11 @@ declare function handleLogin(sdk: Zapkey, userId: string, res: Response, options
      * Set to false to force access-only mode even if refresh is enabled
      */
     withRefresh?: boolean;
+    /**
+     * Return the accessToken in the JSON body.
+     * Default: false (Highest security, assumes HttpOnly cookies).
+     */
+    sendTokenInBody?: boolean;
 }): Promise<void>;
 /**
  * Refresh token handler
@@ -59,7 +64,9 @@ declare function handleLogin(sdk: Zapkey, userId: string, res: Response, options
  * NOTE: Only works when refreshTokens is enabled.
  * Returns 400 error if called when refresh tokens are disabled.
  */
-declare function handleRefresh(sdk: Zapkey, req: Request, res: Response): Promise<void>;
+declare function handleRefresh(sdk: Zapkey, req: Request, res: Response, options?: {
+    sendTokenInBody?: boolean;
+}): Promise<void>;
 /**
  * Logout handler
  *

package/dist/index.d.ts CHANGED Viewed

@@ -52,6 +52,11 @@ declare function handleLogin(sdk: Zapkey, userId: string, res: Response, options
      * Set to false to force access-only mode even if refresh is enabled
      */
     withRefresh?: boolean;
+    /**
+     * Return the accessToken in the JSON body.
+     * Default: false (Highest security, assumes HttpOnly cookies).
+     */
+    sendTokenInBody?: boolean;
 }): Promise<void>;
 /**
  * Refresh token handler
@@ -59,7 +64,9 @@ declare function handleLogin(sdk: Zapkey, userId: string, res: Response, options
  * NOTE: Only works when refreshTokens is enabled.
  * Returns 400 error if called when refresh tokens are disabled.
  */
-declare function handleRefresh(sdk: Zapkey, req: Request, res: Response): Promise<void>;
+declare function handleRefresh(sdk: Zapkey, req: Request, res: Response, options?: {
+    sendTokenInBody?: boolean;
+}): Promise<void>;
 /**
  * Logout handler
  *

package/dist/index.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{AuthError as p,TokenError as R,OTPError as T,AuthorizationError as m,RateLimitError as g}from"@zapkey/core";function O(e){return async(s,o,t)=>{try{let n=e.cookie.getAccessTokenName(),i=s.cookies?.[n];if(!i){let a=s.headers.authorization;a?.startsWith("Bearer ")&&(i=a.substring(7))}if(!i){o.status(401).json({error:"Unauthorized",code:"NO_TOKEN"});return}let r=await e.token.verifyAccessToken(i);s.user=r,t()}catch(n){u(n,o)}}}function x(e,s){return async(o,t,n)=>{try{if(!e.authorization){t.status(500).json({error:"Authorization not configured",code:"AUTHORIZATION_NOT_CONFIGURED",hint:"Provide AuthorizationStore in SDK config to use requireGuard"});return}let i=o.user;if(!i){t.status(401).json({error:"Unauthorized",code:"NO_USER"});return}await e.authorization.guard.enforce(i.userId,s),n()}catch(i){u(i,t)}}}function c(e,s,o,t){let n={httpOnly:t.httpOnly,secure:t.secure,sameSite:t.sameSite,maxAge:t.maxAge*1e3,path:t.path,domain:t.domain};e.cookie(s,o,n)}function k(e,s,o){let t={httpOnly:o.httpOnly,secure:o.secure,sameSite:o.sameSite,maxAge:0,path:o.path,domain:o.domain};e.clearCookie(s,t)}async function y(e,s,o,t){let n=t?.withRefresh??e.hasRefreshTokens(),i=t?.metadata!==void 0?{userId:s,metadata:t.metadata}:{userId:s};if(n){let r=await e.token.issue(i),a=e.cookie.getAccessTokenCookieOptions(r.expiresIn),f=e.getConfig().token.refreshTokenExpiresIn,h=e.cookie.getRefreshTokenCookieOptions(f);c(o,e.cookie.getAccessTokenName(),r.accessToken,a),c(o,e.cookie.getRefreshTokenName(),r.refreshToken,h)~~,o.json(~~{success:!0,~~accessToken:r.accessToken,~~expiresIn:r.expiresIn,refreshEnabled:!0})}else{let r=await e.token.issueAccessToken(i),a=e.cookie.getAccessTokenCookieOptions(r.expiresIn);c(o,e.cookie.getAccessTokenName(),r.accessToken,a)~~,o.json(~~{success:!0,~~accessToken:r.accessToken,~~expiresIn:r.expiresIn,refreshEnabled:!1})}}async function l(e,s,o){try{if(!e.hasRefreshTokens()\|\|!e.token.rotate){o.status(400).json({error:"Refresh tokens are not enabled",code:"REFRESH_DISABLED",hint:"Set refreshTokens: true in SDK config to enable token refresh"});return}let t=s.cookies?.[e.cookie.getRefreshTokenName()];if(!t){o.status(401).json({error:"No refresh token",code:"NO_REFRESH_TOKEN"});return}let n=await e.token.rotate(t),i=e.cookie.getAccessTokenCookieOptions(n.expiresIn),r=e.getConfig().token.refreshTokenExpiresIn,a=e.cookie.getRefreshTokenCookieOptions(r);c(o,e.cookie.getAccessTokenName(),n.accessToken,i),c(o,e.cookie.getRefreshTokenName(),n.refreshToken,a)~~,o.json(~~{success:!0,~~accessToken:n.accessToken,~~expiresIn:n.expiresIn})}catch(t){u(t,o)}}async function C(e,s,o){try{let t=e.cookie.getClearCookieOptions();if(k(o,e.cookie.getAccessTokenName(),t),e.hasRefreshTokens()&&e.token.revokeToken){let n=s.cookies?.[e.cookie.getRefreshTokenName()];n&&await e.token.revokeToken(n,"logout"),k(o,e.cookie.getRefreshTokenName(),t)}o.json({success:!0})}catch(t){u(t,o)}}function u(e,s){e instanceof g?s.status(e.statusCode).json({error:e.message,code:e.code,retryAfter:e.retryAfter}):e instanceof R?s.status(e.statusCode).json({error:e.message,code:e.code}):e instanceof T?s.status(e.statusCode).json({error:e.message,code:e.code}):e instanceof m?s.status(e.statusCode).json({error:e.message,code:e.code}):e instanceof p?s.status(e.statusCode).json({error:e.message,code:e.code}):s.status(500).json({error:"Internal server error",code:"INTERNAL_ERROR"})}function A(e){return e.user}export{k as clearAuthCookie,A as getUser,y as handleLogin,C as handleLogout,l as handleRefresh,O as requireAuth,x as requireGuard,c as setAuthCookie};
1	+ import{AuthError as T,TokenError as R,OTPError as m,AuthorizationError as y,RateLimitError as g}from"@zapkey/core";function O(e){return async(n,o,s)=>{try{let i=e.cookie.getAccessTokenName(),t=n.cookies?.[i];if(!t){let a=n.headers.authorization;a?.startsWith("Bearer ")&&(t=a.substring(7))}if(!t){o.status(401).json({error:"Unauthorized",code:"NO_TOKEN"});return}let c=await e.token.verifyAccessToken(t);n.user=c,s()}catch(i){f(i,o)}}}function x(e,n){return async(o,s,i)=>{try{if(!e.authorization){s.status(500).json({error:"Authorization not configured",code:"AUTHORIZATION_NOT_CONFIGURED",hint:"Provide AuthorizationStore in SDK config to use requireGuard"});return}let t=o.user;if(!t){s.status(401).json({error:"Unauthorized",code:"NO_USER"});return}await e.authorization.guard.enforce(t.userId,n),i()}catch(t){f(t,s)}}}function k(e,n,o,s){let i={httpOnly:s.httpOnly,secure:s.secure,sameSite:s.sameSite,maxAge:s.maxAge*1e3,path:s.path,domain:s.domain};e.cookie(n,o,i)}function h(e,n,o){let s={httpOnly:o.httpOnly,secure:o.secure,sameSite:o.sameSite,maxAge:0,path:o.path,domain:o.domain};e.clearCookie(n,s)}async function C(e,n,o,s){let i=s?.withRefresh??e.hasRefreshTokens(),t=s?.sendTokenInBody??!1,c=s?.metadata!==void 0?{userId:n,metadata:s.metadata}:{userId:n};if(i){let a=await e.token.issue(c),u=e.cookie.getAccessTokenCookieOptions(a.expiresIn),r=e.getConfig().token.refreshTokenExpiresIn,d=e.cookie.getRefreshTokenCookieOptions(r);k(o,e.cookie.getAccessTokenName(),a.accessToken,u),k(o,e.cookie.getRefreshTokenName(),a.refreshToken,d);let p={success:!0,expiresIn:a.expiresIn,refreshEnabled:!0};t&&(p.accessToken=a.accessToken),o.json(p)}else{let a=await e.token.issueAccessToken(c),u=e.cookie.getAccessTokenCookieOptions(a.expiresIn);k(o,e.cookie.getAccessTokenName(),a.accessToken,u);let r={success:!0,expiresIn:a.expiresIn,refreshEnabled:!1};t&&(r.accessToken=a.accessToken),o.json(r)}}async function A(e,n,o,s){try{if(!e.hasRefreshTokens()\|\|!e.token.rotate){o.status(400).json({error:"Refresh tokens are not enabled",code:"REFRESH_DISABLED",hint:"Set refreshTokens: true in SDK config to enable token refresh"});return}let i=n.cookies?.[e.cookie.getRefreshTokenName()];if(!i){o.status(401).json({error:"No refresh token",code:"NO_REFRESH_TOKEN"});return}let t=await e.token.rotate(i),c=e.cookie.getAccessTokenCookieOptions(t.expiresIn),a=e.getConfig().token.refreshTokenExpiresIn,u=e.cookie.getRefreshTokenCookieOptions(a);k(o,e.cookie.getAccessTokenName(),t.accessToken,c),k(o,e.cookie.getRefreshTokenName(),t.refreshToken,u);let r={success:!0,expiresIn:t.expiresIn};s?.sendTokenInBody&&(r.accessToken=t.accessToken),o.json(r)}catch(i){f(i,o)}}async function E(e,n,o){try{let s=e.cookie.getClearCookieOptions();if(h(o,e.cookie.getAccessTokenName(),s),e.hasRefreshTokens()&&e.token.revokeToken){let i=n.cookies?.[e.cookie.getRefreshTokenName()];i&&await e.token.revokeToken(i,"logout"),h(o,e.cookie.getRefreshTokenName(),s)}o.json({success:!0})}catch(s){f(s,o)}}function f(e,n){e instanceof g?n.status(e.statusCode).json({error:e.message,code:e.code,retryAfter:e.retryAfter}):e instanceof R?n.status(e.statusCode).json({error:e.message,code:e.code}):e instanceof m?n.status(e.statusCode).json({error:e.message,code:e.code}):e instanceof y?n.status(e.statusCode).json({error:e.message,code:e.code}):e instanceof T?n.status(e.statusCode).json({error:e.message,code:e.code}):n.status(500).json({error:"Internal server error",code:"INTERNAL_ERROR"})}function N(e){return e.user}export{h as clearAuthCookie,N as getUser,C as handleLogin,E as handleLogout,A as handleRefresh,O as requireAuth,x as requireGuard,k as setAuthCookie};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@zapkey/express",
-    "version": "1.0.0",
+    "version": "1.0.1",
     "description": "Express adapter for ZapKey authentication SDK",
     "type": "module",
     "main": "./dist/index.cjs",