alepha 0.13.0 → 0.13.2

package/dist/security/index.d.ts

@@ -1,5 +1,5 @@
 import * as alepha1 from "alepha";
-import { Alepha, Descriptor, KIND, Static } from "alepha";
+import { Alepha, KIND, Primitive, Static } from "alepha";
 import * as alepha_logger0 from "alepha/logger";
 import { DateTimeProvider, Duration, DurationLike } from "alepha/datetime";
 import { UnauthorizedError } from "alepha/server";
@@ -19,6 +19,29 @@ declare const userAccountInfoSchema: alepha1.TObject<{
 }>;
 type UserAccount = Static<typeof userAccountInfoSchema>;
 //#endregion
+//#region src/security/errors/InvalidCredentialsError.d.ts
+/**
+ * Error thrown when the provided credentials are invalid.
+ *
+ * Message can not be changed to avoid leaking information.
+ * Cause is omitted for the same reason.
+ */
+declare class InvalidCredentialsError extends UnauthorizedError {
+  readonly name = "UnauthorizedError";
+  constructor();
+}
+//#endregion
+//#region src/security/errors/InvalidPermissionError.d.ts
+declare class InvalidPermissionError extends Error {
+  constructor(name: string);
+}
+//#endregion
+//#region src/security/errors/SecurityError.d.ts
+declare class SecurityError extends Error {
+  name: string;
+  readonly status = 403;
+}
+//#endregion
 //#region src/security/interfaces/UserAccountToken.d.ts
 /**
  * Add contextual metadata to a user account info.
@@ -156,7 +179,7 @@ declare class SecurityProvider {
    * The realms configured for the security provider.
    */
   protected readonly realms: Realm[];
-  protected start: alepha1.HookDescriptor<"start">;
+  protected start: alepha1.HookPrimitive<"start">;
   /**
    * Adds a role to one or more realms.
    *
@@ -291,15 +314,15 @@ interface SecurityCheckResult {
   ownership: string | boolean | undefined;
 }
 //#endregion
-//#region src/security/descriptors/$permission.d.ts
+//#region src/security/primitives/$permission.d.ts
 /**
  * Create a new permission.
  */
 declare const $permission: {
-  (options?: PermissionDescriptorOptions): PermissionDescriptor;
-  [KIND]: typeof PermissionDescriptor;
+  (options?: PermissionPrimitiveOptions): PermissionPrimitive;
+  [KIND]: typeof PermissionPrimitive;
 };
-interface PermissionDescriptorOptions {
+interface PermissionPrimitiveOptions {
   /**
    * Name of the permission. Use Property name is not provided.
    */
@@ -313,7 +336,7 @@ interface PermissionDescriptorOptions {
    */
   description?: string;
 }
-declare class PermissionDescriptor extends Descriptor<PermissionDescriptorOptions> {
+declare class PermissionPrimitive extends Primitive<PermissionPrimitiveOptions> {
   protected readonly securityProvider: SecurityProvider;
   get name(): string;
   get group(): string;
@@ -325,15 +348,15 @@ declare class PermissionDescriptor extends Descriptor<PermissionDescriptorOption
   can(user: UserAccount): boolean;
 }
 //#endregion
-//#region src/security/descriptors/$realm.d.ts
+//#region src/security/primitives/$realm.d.ts
 /**
  * Create a new realm.
  */
 declare const $realm: {
-  (options: RealmDescriptorOptions): RealmDescriptor;
-  [KIND]: typeof RealmDescriptor;
+  (options: RealmPrimitiveOptions): RealmPrimitive;
+  [KIND]: typeof RealmPrimitive;
 };
-type RealmDescriptorOptions = {
+type RealmPrimitiveOptions = {
   /**
    * Define the realm name.
    * If not provided, it will use the property key.
@@ -396,7 +419,7 @@ interface RealmExternal {
    */
   jwks: (() => string) | JSONWebKeySet;
 }
-declare class RealmDescriptor extends Descriptor<RealmDescriptorOptions> {
+declare class RealmPrimitive extends Primitive<RealmPrimitiveOptions> {
   protected readonly securityProvider: SecurityProvider;
   protected readonly dateTimeProvider: DateTimeProvider;
   protected readonly jwt: JwtProvider;
@@ -446,15 +469,15 @@ interface AccessTokenResponse {
   scope?: string;
 }
 //#endregion
-//#region src/security/descriptors/$role.d.ts
+//#region src/security/primitives/$role.d.ts
 /**
  * Create a new role.
  */
 declare const $role: {
-  (options?: RoleDescriptorOptions): RoleDescriptor;
-  [KIND]: typeof RoleDescriptor;
+  (options?: RolePrimitiveOptions): RolePrimitive;
+  [KIND]: typeof RolePrimitive;
 };
-interface RoleDescriptorOptions {
+interface RolePrimitiveOptions {
   /**
    * Name of the role.
    */
@@ -463,26 +486,26 @@ interface RoleDescriptorOptions {
    * Describe the role.
    */
   description?: string;
-  realm?: string | RealmDescriptor;
+  realm?: string | RealmPrimitive;
   permissions?: Array<string | {
     name: string;
     ownership?: boolean;
     exclude?: string[];
   }>;
 }
-declare class RoleDescriptor extends Descriptor<RoleDescriptorOptions> {
+declare class RolePrimitive extends Primitive<RolePrimitiveOptions> {
   protected readonly securityProvider: SecurityProvider;
   get name(): string;
   protected onInit(): void;
   /**
    * Get the realm of the role.
    */
-  get realm(): string | RealmDescriptor | undefined;
-  can(permission: string | PermissionDescriptor): boolean;
-  check(permission: string | PermissionDescriptor): SecurityCheckResult;
+  get realm(): string | RealmPrimitive | undefined;
+  can(permission: string | PermissionPrimitive): boolean;
+  check(permission: string | PermissionPrimitive): SecurityCheckResult;
 }
 //#endregion
-//#region src/security/descriptors/$serviceAccount.d.ts
+//#region src/security/primitives/$serviceAccount.d.ts
 /**
  * Allow to get an access token for a service account.
  *
@@ -511,16 +534,16 @@ declare class RoleDescriptor extends Descriptor<RoleDescriptorOptions> {
  * }
  * ```
  */
-declare const $serviceAccount: (options: ServiceAccountDescriptorOptions) => ServiceAccountDescriptor;
-type ServiceAccountDescriptorOptions = {
+declare const $serviceAccount: (options: ServiceAccountPrimitiveOptions) => ServiceAccountPrimitive;
+type ServiceAccountPrimitiveOptions = {
   gracePeriod?: number;
 } & ({
-  oauth2: Oauth2ServiceAccountDescriptorOptions;
+  oauth2: Oauth2ServiceAccountPrimitiveOptions;
 } | {
-  realm: RealmDescriptor;
+  realm: RealmPrimitive;
   user: UserAccount;
 });
-interface Oauth2ServiceAccountDescriptorOptions {
+interface Oauth2ServiceAccountPrimitiveOptions {
   /**
    * Get Token URL.
    */
@@ -534,36 +557,13 @@ interface Oauth2ServiceAccountDescriptorOptions {
    */
   clientSecret: string;
 }
-interface ServiceAccountDescriptor {
+interface ServiceAccountPrimitive {
   token: () => Promise<string>;
 }
 interface ServiceAccountStore {
   response?: AccessTokenResponse;
 }
 //#endregion
-//#region src/security/errors/InvalidCredentialsError.d.ts
-/**
- * Error thrown when the provided credentials are invalid.
- *
- * Message can not be changed to avoid leaking information.
- * Cause is omitted for the same reason.
- */
-declare class InvalidCredentialsError extends UnauthorizedError {
-  readonly name = "UnauthorizedError";
-  constructor();
-}
-//#endregion
-//#region src/security/errors/InvalidPermissionError.d.ts
-declare class InvalidPermissionError extends Error {
-  constructor(name: string);
-}
-//#endregion
-//#region src/security/errors/SecurityError.d.ts
-declare class SecurityError extends Error {
-  name: string;
-  readonly status = 403;
-}
-//#endregion
 //#region src/security/providers/CryptoProvider.d.ts
 declare class CryptoProvider {
   hashPassword(password: string): Promise<string>;
@@ -583,7 +583,7 @@ declare module "alepha" {
 /**
  * Provides comprehensive authentication and authorization capabilities with JWT tokens, role-based access control, and user management.
  *
- * The security module enables building secure applications using descriptors like `$realm`, `$role`, and `$permission`
+ * The security module enables building secure applications using primitives like `$realm`, `$role`, and `$permission`
  * on class properties. It offers JWT-based authentication, fine-grained permissions, service accounts, and seamless
  * integration with various authentication providers and user management systems.
  *
@@ -594,5 +594,5 @@ declare module "alepha" {
  */
 declare const AlephaSecurity: alepha1.Service<alepha1.Module>;
 //#endregion
-export { $permission, $realm, $role, $serviceAccount, AccessTokenResponse, AlephaSecurity, CreateTokenOptions, CryptoProvider, DEFAULT_APP_SECRET, ExtendedJWTPayload, InvalidCredentialsError, InvalidPermissionError, JwtParseResult, JwtProvider, JwtSignOptions, KeyLoader, KeyLoaderHolder, Oauth2ServiceAccountDescriptorOptions, Permission, PermissionDescriptor, PermissionDescriptorOptions, Realm, RealmDescriptor, RealmDescriptorOptions, RealmExternal, RealmInternal, RealmSettings, Role, RoleDescriptor, RoleDescriptorOptions, SecurityCheckResult, SecurityError, SecurityProvider, ServiceAccountDescriptor, ServiceAccountDescriptorOptions, ServiceAccountStore, UserAccount, UserAccountToken, permissionSchema, roleSchema, userAccountInfoSchema };
+export { $permission, $realm, $role, $serviceAccount, AccessTokenResponse, AlephaSecurity, CreateTokenOptions, CryptoProvider, DEFAULT_APP_SECRET, ExtendedJWTPayload, InvalidCredentialsError, InvalidPermissionError, JwtParseResult, JwtProvider, JwtSignOptions, KeyLoader, KeyLoaderHolder, Oauth2ServiceAccountPrimitiveOptions, Permission, PermissionPrimitive, PermissionPrimitiveOptions, Realm, RealmExternal, RealmInternal, RealmPrimitive, RealmPrimitiveOptions, RealmSettings, Role, RolePrimitive, RolePrimitiveOptions, SecurityCheckResult, SecurityError, SecurityProvider, ServiceAccountPrimitive, ServiceAccountPrimitiveOptions, ServiceAccountStore, UserAccount, UserAccountToken, permissionSchema, roleSchema, userAccountInfoSchema };
 //# sourceMappingURL=index.d.ts.map

package/dist/security/index.js

@@ -1,4 +1,4 @@
-import { $context, $env, $hook, $inject, $module, Alepha, AlephaError, AppNotStartedError, ContainerLockedError, Descriptor, KIND, createDescriptor, t } from "alepha";
+import { $context, $env, $hook, $inject, $module, Alepha, AlephaError, AppNotStartedError, ContainerLockedError, KIND, Primitive, createPrimitive, t } from "alepha";
 import { $logger } from "alepha/logger";
 import { createSecretKey, randomBytes, randomUUID, scrypt, timingSafeEqual } from "node:crypto";
 import { DateTimeProvider } from "alepha/datetime";
@@ -1941,14 +1941,14 @@ var SecurityProvider = class {
 };
 
 //#endregion
-//#region src/security/descriptors/$permission.ts
+//#region src/security/primitives/$permission.ts
 /**
 * Create a new permission.
 */
 const $permission = (options = {}) => {
-	return createDescriptor(PermissionDescriptor, options);
+	return createPrimitive(PermissionPrimitive, options);
 };
-var PermissionDescriptor = class extends Descriptor {
+var PermissionPrimitive = class extends Primitive {
 	securityProvider = $inject(SecurityProvider);
 	get name() {
 		return this.options.name || this.config.propertyKey;
@@ -1974,17 +1974,17 @@ var PermissionDescriptor = class extends Descriptor {
 		return this.securityProvider.checkPermission(this, ...user.roles).isAuthorized;
 	}
 };
-$permission[KIND] = PermissionDescriptor;
+$permission[KIND] = PermissionPrimitive;
 
 //#endregion
-//#region src/security/descriptors/$realm.ts
+//#region src/security/primitives/$realm.ts
 /**
 * Create a new realm.
 */
 const $realm = (options) => {
-	return createDescriptor(RealmDescriptor, options);
+	return createPrimitive(RealmPrimitive, options);
 };
-var RealmDescriptor = class extends Descriptor {
+var RealmPrimitive = class extends Primitive {
 	securityProvider = $inject(SecurityProvider);
 	dateTimeProvider = $inject(DateTimeProvider);
 	jwt = $inject(JwtProvider);
@@ -2129,17 +2129,17 @@ var RealmDescriptor = class extends Descriptor {
 		};
 	}
 };
-$realm[KIND] = RealmDescriptor;
+$realm[KIND] = RealmPrimitive;
 
 //#endregion
-//#region src/security/descriptors/$role.ts
+//#region src/security/primitives/$role.ts
 /**
 * Create a new role.
 */
 const $role = (options = {}) => {
-	return createDescriptor(RoleDescriptor, options);
+	return createPrimitive(RolePrimitive, options);
 };
-var RoleDescriptor = class extends Descriptor {
+var RolePrimitive = class extends Primitive {
 	securityProvider = $inject(SecurityProvider);
 	get name() {
 		return this.options.name || this.config.propertyKey;
@@ -2167,7 +2167,7 @@ var RoleDescriptor = class extends Descriptor {
 		return this.securityProvider.checkPermission(permission, this.name);
 	}
 };
-$role[KIND] = RoleDescriptor;
+$role[KIND] = RolePrimitive;
 
 //#endregion
 //#region src/security/providers/CryptoProvider.ts
@@ -2199,7 +2199,22 @@ var CryptoProvider = class {
 };
 
 //#endregion
-//#region src/security/descriptors/$serviceAccount.ts
+//#region src/security/errors/InvalidCredentialsError.ts
+/**
+* Error thrown when the provided credentials are invalid.
+*
+* Message can not be changed to avoid leaking information.
+* Cause is omitted for the same reason.
+*/
+var InvalidCredentialsError = class extends UnauthorizedError {
+	name = "UnauthorizedError";
+	constructor() {
+		super("Invalid credentials");
+	}
+};
+
+//#endregion
+//#region src/security/primitives/$serviceAccount.ts
 /**
 * Allow to get an access token for a service account.
 *
@@ -2298,21 +2313,6 @@ const $serviceAccount = (options) => {
 	} };
 };
 
-//#endregion
-//#region src/security/errors/InvalidCredentialsError.ts
-/**
-* Error thrown when the provided credentials are invalid.
-*
-* Message can not be changed to avoid leaking information.
-* Cause is omitted for the same reason.
-*/
-var InvalidCredentialsError = class extends UnauthorizedError {
-	name = "UnauthorizedError";
-	constructor() {
-		super("Invalid credentials");
-	}
-};
-
 //#endregion
 //#region src/security/schemas/permissionSchema.ts
 const permissionSchema = t.object({
@@ -2357,7 +2357,7 @@ const userAccountInfoSchema = t.object({
 /**
 * Provides comprehensive authentication and authorization capabilities with JWT tokens, role-based access control, and user management.
 *
-* The security module enables building secure applications using descriptors like `$realm`, `$role`, and `$permission`
+* The security module enables building secure applications using primitives like `$realm`, `$role`, and `$permission`
 * on class properties. It offers JWT-based authentication, fine-grained permissions, service accounts, and seamless
 * integration with various authentication providers and user management systems.
 *
@@ -2368,7 +2368,7 @@ const userAccountInfoSchema = t.object({
 */
 const AlephaSecurity = $module({
 	name: "alepha.security",
-	descriptors: [
+	primitives: [
 		$realm,
 		$role,
 		$permission
@@ -2381,5 +2381,5 @@ const AlephaSecurity = $module({
 });
 
 //#endregion
-export { $permission, $realm, $role, $serviceAccount, AlephaSecurity, CryptoProvider, DEFAULT_APP_SECRET, InvalidCredentialsError, InvalidPermissionError, JwtProvider, PermissionDescriptor, RealmDescriptor, RoleDescriptor, SecurityError, SecurityProvider, permissionSchema, roleSchema, userAccountInfoSchema };
+export { $permission, $realm, $role, $serviceAccount, AlephaSecurity, CryptoProvider, DEFAULT_APP_SECRET, InvalidCredentialsError, InvalidPermissionError, JwtProvider, PermissionPrimitive, RealmPrimitive, RolePrimitive, SecurityError, SecurityProvider, permissionSchema, roleSchema, userAccountInfoSchema };
 //# sourceMappingURL=index.js.map