npm - ace-auth - Versions diffs - 1.2.1 → 1.2.4 - Mend

ace-auth 1.2.1 → 1.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/adapters/MongoStore.d.ts +4 -4
package/dist/adapters/MongoStore.js +29 -18
package/dist/adapters/PostgressStore.d.ts +14 -10
package/dist/adapters/PostgressStore.js +53 -45
package/dist/index.d.ts +1 -0
package/dist/index.js +3 -1
package/package.json +1 -1

package/dist/adapters/MongoStore.d.ts CHANGED Viewed

@@ -1,11 +1,11 @@
 import { IStore } from "../interfaces/IStore";
 export declare class MongoStore implements IStore {
     private model;
-    constructor(mongooseModel: any);
-    findAllByUser(userId: string): Promise<string[]>;
-    deleteByUser(userId: string): Promise<void>;
+    constructor(mongooseCollection: any);
     set(key: string, value: string, ttlSeconds: number): Promise<void>;
     get(key: string): Promise<string | null>;
-    delete(key: string): Promise<void>;
     touch(key: string, ttlSeconds: number): Promise<void>;
+    delete(key: string): Promise<void>;
+    findAllByUser(userId: string): Promise<string[]>;
+    deleteByUser(userId: string): Promise<void>;
 }

package/dist/adapters/MongoStore.js CHANGED Viewed

@@ -2,40 +2,51 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.MongoStore = void 0;
 class MongoStore {
-    constructor(mongooseModel) {
-        this.model = mongooseModel;
-    }
-    async findAllByUser(userId) {
-        const docs = await this.model.findOne({ userId });
-        if (!docs)
-            return [];
-        return docs.map((doc) => doc.data);
-    }
-    async deleteByUser(userId) {
-        await this.model.deleteOne({ userId });
+    constructor(mongooseCollection) {
+        this.model = mongooseCollection;
     }
+    // ==============================
+    // REQUIRED BY AceAuth
+    // ==============================
     async set(key, value, ttlSeconds) {
         const expiresAt = new Date(Date.now() + ttlSeconds * 1000);
-        // Upsert: Update if exists, Insert if new
-        await this.model.updateOne({ _id: key }, { _id: key, data: value, expiresAt }, { upsert: true });
+        const parsed = JSON.parse(value);
+        await this.model.updateOne({ _id: key }, {
+            $set: {
+                _id: key,
+                data: value,
+                userId: parsed.id, // 🔥 REQUIRED for logoutAll / devices
+                expiresAt
+            }
+        }, { upsert: true });
     }
     async get(key) {
         const doc = await this.model.findOne({ _id: key });
         if (!doc)
             return null;
-        // MongoDB TTL indexes usually handle cleanup, but we double-check here
         if (new Date() > doc.expiresAt) {
+            // Clean up expired session eagerly
+            await this.delete(key);
             return null;
         }
         return doc.data;
     }
-    async delete(key) {
-        await this.model.deleteOne({ _id: key });
-    }
     async touch(key, ttlSeconds) {
         const expiresAt = new Date(Date.now() + ttlSeconds * 1000);
-        // The "Slide": Just update the date
         await this.model.updateOne({ _id: key }, { $set: { expiresAt } });
     }
+    async delete(key) {
+        await this.model.deleteOne({ _id: key });
+    }
+    // ==============================
+    // DEVICE / USER MANAGEMENT
+    // ==============================
+    async findAllByUser(userId) {
+        const docs = await this.model.find({ userId });
+        return docs.map(doc => doc.data);
+    }
+    async deleteByUser(userId) {
+        await this.model.deleteMany({ userId });
+    }
 }
 exports.MongoStore = MongoStore;

package/dist/adapters/PostgressStore.d.ts CHANGED Viewed

@@ -1,25 +1,29 @@
 import { IStore } from '../interfaces/IStore';
 /**
- * SQL SCHEMA REQUIREMENT:
- * * CREATE TABLE auth_sessions (
- * sid VARCHAR(255) PRIMARY KEY,
- * sess JSON NOT NULL,
- * expired_at TIMESTAMPTZ NOT NULL
+ * REQUIRED SQL SCHEMA:
+ *
+ * CREATE TABLE auth_sessions (
+ *   sid TEXT PRIMARY KEY,
+ *   sess JSONB NOT NULL,
+ *   user_id TEXT NOT NULL,
+ *   expired_at TIMESTAMPTZ NOT NULL
  * );
- * * CREATE INDEX idx_auth_sessions_expired_at ON auth_sessions(expired_at);
+ *
+ * CREATE INDEX idx_auth_sessions_user_id ON auth_sessions(user_id);
+ * CREATE INDEX idx_auth_sessions_expired_at ON auth_sessions(expired_at);
  */
 interface PgPool {
     query(text: string, params?: any[]): Promise<any>;
 }
 export declare class PostgresStore implements IStore {
     private pool;
-    private tableName;
+    private table;
     constructor(pool: PgPool, tableName?: string);
-    findAllByUser(userId: string): Promise<string[]>;
-    deleteByUser(userId: string): Promise<void>;
     set(key: string, value: string, ttlSeconds: number): Promise<void>;
     get(key: string): Promise<string | null>;
-    delete(key: string): Promise<void>;
     touch(key: string, ttlSeconds: number): Promise<void>;
+    delete(key: string): Promise<void>;
+    findAllByUser(userId: string): Promise<string[]>;
+    deleteByUser(userId: string): Promise<void>;
 }
 export {};

package/dist/adapters/PostgressStore.js CHANGED Viewed

@@ -2,71 +2,79 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PostgresStore = void 0;
 class PostgresStore {
-    // Allow user to customize table name
     constructor(pool, tableName = 'auth_sessions') {
         this.pool = pool;
-        this.tableName = tableName;
-    }
-    async findAllByUser(userId) {
-        const query = `
-            SELECT sess FROM ${this.tableName}
-            WHERE sess->>'userId' = $1 AND expired_at > NOW()
-        `;
-        const result = await this.pool.query(query, [userId]);
-        // Extract sessions and return them as an array of strings
-        return result.rows.map((row) => {
-            const data = row.sess;
-            return typeof data === 'string' ? data : JSON.stringify(data);
-        });
-    }
-    async deleteByUser(userId) {
-        const query = `
-            DELETE FROM ${this.tableName}
-            WHERE sess->>'userId' = $1
-        `;
-        await this.pool.query(query, [userId]);
+        // 🛡️ Prevent SQL injection via table name
+        if (!/^[a-zA-Z_]+$/.test(tableName)) {
+            throw new Error('Invalid table name');
+        }
+        this.table = tableName;
     }
+    // ==============================
+    // CORE SESSION OPERATIONS
+    // ==============================
     async set(key, value, ttlSeconds) {
         const expiresAt = new Date(Date.now() + ttlSeconds * 1000);
-        // We use ON CONFLICT to handle "Upserts" (Update if exists, Insert if new)
+        const parsed = JSON.parse(value);
         const query = `
-      INSERT INTO ${this.tableName} (sid, sess, expired_at)
-      VALUES ($1, $2, $3)
-      ON CONFLICT (sid)
-      DO UPDATE SET sess = $2, expired_at = $3
+      INSERT INTO ${this.table} (sid, sess, user_id, expired_at)
+      VALUES ($1, $2, $3, $4)
+      ON CONFLICT (sid)
+      DO UPDATE SET
+        sess = EXCLUDED.sess,
+        user_id = EXCLUDED.user_id,
+        expired_at = EXCLUDED.expired_at
     `;
-        await this.pool.query(query, [key, value, expiresAt]);
+        await this.pool.query(query, [
+            key,
+            parsed,
+            parsed.id, // 🔥 REQUIRED for logoutAll & device management
+            expiresAt
+        ]);
     }
     async get(key) {
-        // We perform a "Lazy Delete" check here.
-        // Even if the row exists, if it's expired, we treat it as null.
         const query = `
-      SELECT sess FROM ${this.tableName}
-      WHERE sid = $1 AND expired_at > NOW()
+      SELECT sess, expired_at
+      FROM ${this.table}
+      WHERE sid = $1
     `;
         const result = await this.pool.query(query, [key]);
-        if (result.rows && result.rows.length > 0) {
-            // Postgres returns JSON columns as objects, but our interface expects a string
-            // so we might need to stringify it back, or just return the data depending on implementation.
-            // Since ZenAuth expects a stringified payload:
-            const data = result.rows[0].sess;
-            return typeof data === 'string' ? data : JSON.stringify(data);
+        if (!result.rows.length)
+            return null;
+        const { sess, expired_at } = result.rows[0];
+        if (new Date() > expired_at) {
+            // Lazy cleanup
+            await this.delete(key);
+            return null;
         }
-        return null;
-    }
-    async delete(key) {
-        const query = `DELETE FROM ${this.tableName} WHERE sid = $1`;
-        await this.pool.query(query, [key]);
+        return JSON.stringify(sess);
     }
     async touch(key, ttlSeconds) {
         const expiresAt = new Date(Date.now() + ttlSeconds * 1000);
-        // Just update the timestamp to keep the session alive
         const query = `
-      UPDATE ${this.tableName}
-      SET expired_at = $1
+      UPDATE ${this.table}
+      SET expired_at = $1
       WHERE sid = $2
     `;
         await this.pool.query(query, [expiresAt, key]);
     }
+    async delete(key) {
+        await this.pool.query(`DELETE FROM ${this.table} WHERE sid = $1`, [key]);
+    }
+    // ==============================
+    // USER / DEVICE MANAGEMENT
+    // ==============================
+    async findAllByUser(userId) {
+        const query = `
+      SELECT sess
+      FROM ${this.table}
+      WHERE user_id = $1 AND expired_at > NOW()
+    `;
+        const result = await this.pool.query(query, [userId]);
+        return result.rows.map((row) => JSON.stringify(row.sess));
+    }
+    async deleteByUser(userId) {
+        await this.pool.query(`DELETE FROM ${this.table} WHERE user_id = $1`, [userId]);
+    }
 }
 exports.PostgresStore = PostgresStore;

package/dist/index.d.ts CHANGED Viewed

@@ -4,3 +4,4 @@ export { MemoryStore } from './adapters/MemoryStore';
 export { MongoStore } from './adapters/MongoStore';
 export { RedisStore } from './adapters/RedisStore';
 export { PostgresStore } from './adapters/PostgressStore';
+export { gatekeeper } from './middleware/gatekeeper';

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,7 @@
 "use strict";
 // src/index.ts
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.PostgresStore = exports.RedisStore = exports.MongoStore = exports.MemoryStore = exports.AceAuth = void 0;
+exports.gatekeeper = exports.PostgresStore = exports.RedisStore = exports.MongoStore = exports.MemoryStore = exports.AceAuth = void 0;
 // Export Core
 var AceAuth_1 = require("./core/AceAuth");
 Object.defineProperty(exports, "AceAuth", { enumerable: true, get: function () { return AceAuth_1.AceAuth; } });
@@ -14,3 +14,5 @@ var RedisStore_1 = require("./adapters/RedisStore");
 Object.defineProperty(exports, "RedisStore", { enumerable: true, get: function () { return RedisStore_1.RedisStore; } });
 var PostgressStore_1 = require("./adapters/PostgressStore");
 Object.defineProperty(exports, "PostgresStore", { enumerable: true, get: function () { return PostgressStore_1.PostgresStore; } });
+var gatekeeper_1 = require("./middleware/gatekeeper");
+Object.defineProperty(exports, "gatekeeper", { enumerable: true, get: function () { return gatekeeper_1.gatekeeper; } });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "ace-auth",
-  "version": "1.2.1",
+  "version": "1.2.4",
   "description": "Enterprise-grade identity management with graceful token rotation",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",