authenik8-core 0.1.0

package/src/tests/full.intergration.test.ts

@@ -0,0 +1,100 @@
+// tests/full.integration.test.ts
+import { createTestApp } from "./testApp";
+
+describe("Authenik8 Full Integration", () => {
+  let request: any;
+  let auth: any;
+
+  let accessToken: string;
+  let refreshToken: string;
+
+  beforeAll(async () => {
+    const setup = await createTestApp();
+    request = setup.request;
+    auth = setup.auth;
+  });
+
+  afterAll(async () => {
+    if (auth.redis) {
+      await auth.redis.flushdb();
+      await auth.redis.quit();
+    }
+  });
+
+  // 🔐 LOGIN
+  test("should login and receive tokens", async () => {
+    const res = await request.post("/login");
+
+    expect(res.status).toBe(200);
+    expect(res.body).toHaveProperty("accessToken");
+    expect(res.body).toHaveProperty("refreshToken");
+
+    accessToken = res.body.accessToken;
+    refreshToken = res.body.refreshToken;
+  });
+
+  // 🔒 PROTECTED ROUTE
+  test("should access protected route with valid token", async () => {
+    const res = await request
+      .get("/protected")
+      .set("Authorization", `Bearer ${accessToken}`);
+
+    expect(res.status).toBe(200);
+    expect(res.body).toHaveProperty("data", "secure data");
+  });
+
+  // 🚫 NO TOKEN
+  test("should reject request without token", async () => {
+    const res = await request.get("/protected");
+
+    expect(res.status).toBe(401);
+  });
+
+  // 🔄 REFRESH TOKEN
+  test("should refresh access token", async () => {
+    const res = await request
+      .post("/refresh")
+      .send({ refreshToken });
+
+    expect(res.status).toBe(200);
+    expect(res.body).toHaveProperty("accessToken");
+    expect(res.body).toHaveProperty("refreshToken");
+
+    // update tokens
+    accessToken = res.body.accessToken;
+    refreshToken = res.body.refreshToken;
+ 
+    if (res.body.refreshToken) {
+  refreshToken = res.body.refreshToken;
+}
+
+  });
+
+  // 🔥 ROTATION (IMPORTANT)
+  test("should NOT allow reuse of old refresh token", async () => {
+  const originalToken = refreshToken;
+
+  // first use → rotates token
+  const firstRes = await request
+    .post("/refresh")
+    .send({ refreshToken: originalToken });
+
+  expect(firstRes.status).toBe(200);
+
+  const newToken = firstRes.body.refreshToken;
+
+  // second use with OLD token → should fail
+  const res = await request
+    .post("/refresh")
+    .send({ refreshToken: originalToken });
+
+  expect(res.status).toBe(401);
+
+  // sanity check: new token should work
+  const validRes = await request
+    .post("/refresh")
+    .send({ refreshToken: newToken });
+
+  expect(validRes.status).toBe(200);
+});
+  });

package/src/tests/testApp.ts

@@ -0,0 +1,56 @@
+// tests/testApp.ts
+import express from "express";
+import request from "supertest";
+import { createAuthenik8 } from "../createAuthenik8";
+
+export const createTestApp = async () => {
+  const auth = await createAuthenik8({
+    jwtSecret: "test-secret",
+    refreshSecret: "refresh-secret",
+    jwtExpiry: "15m"
+  });
+
+  const app = express();
+  app.use(express.json());
+
+  // 🔐 Login (simulate user)
+  app.post("/login", async(req, res) => {
+    const user = { userId: "user_1", email:"test@test.com" };
+
+    const accessToken = auth.signToken(user);
+    const refreshToken = await auth.generateRefreshToken(user);
+
+    res.json({ accessToken, refreshToken });
+    console.log("Refresh Token",refreshToken)
+  });
+
+  // 🔒 Protected route
+  app.get("/protected", (req, res) => {
+    const token = req.headers.authorization?.split(" ")[1];
+   
+    if(!token){
+   return res.status(401).json({error:"Invalid token"})
+    }
+    
+    const decoded = auth.verifyToken(token);
+
+    if (!decoded) {
+      return res.status(401).json({ error: "Unauthorized" });
+    }
+
+    res.json({ data: "secure data", user: decoded });
+  });
+
+  // 🔄 Refresh
+  app.post("/refresh", async (req, res) => {
+    try {
+      const result = await auth.refreshToken(req.body.refreshToken);
+      res.json(result);
+    } catch (err) {
+      res.status(401).json({ error: "Invalid refresh token" });
+    }
+
+  });
+
+  return { app, auth, request: request(app) };
+};

package/src/types/admin.ts

@@ -0,0 +1,7 @@
+
+import { Redis } from "ioredis";
+
+export interface RequireAdminOptions {
+  jwtSecret: string;
+  redis?: Redis;
+}

package/src/types/config.ts

@@ -0,0 +1,11 @@
+
+import { SignOptions } from "jsonwebtoken";
+import { Redis } from "ioredis";
+
+export interface Authenik8Config {
+  jwtSecret: string;
+  jwtExpiry: SignOptions["expiresIn"];
+  refreshSecret: string;
+
+  redis?: Redis; 
+}

package/src/types/public.ts

@@ -0,0 +1,22 @@
+
+export interface Authenik8Instance {
+  signToken: (payload: any) => string;
+  verifyToken: (token: string) => any;
+  guestToken: () => string;
+
+  refreshToken: (token: string) => Promise<any>;
+  generateRefreshToken: (payload: any) => Promise<string>;
+
+  rateLimit: any;
+  ipWhitelist: any;
+  helmet: any;
+
+  addIP: (ip: string) => Promise<void>;
+  removeIP: (ip: string) => Promise<void>;
+  listIPs: () => Promise<string[]>;
+
+  requireAdmin: any;
+  incognito: any;
+
+  redis?: any;
+}

package/src/types/storage.ts

@@ -0,0 +1,15 @@
+export interface User{
+id:string;
+email:string;
+password:string;
+role?:string;
+type?:string;
+}
+
+export interface UserStore{
+findByEmail(email:string):Promise<User | null>;
+findById(id:string):Promise<User | null>;
+create(user: Partial<User>):
+Promise<User>;
+update(id:string, data:Partial<User>):Promise<User>;
+}

package/tsconfig.json

@@ -0,0 +1,51 @@
+{
+  // Visit https://aka.ms/tsconfig to read more about this file
+  "compilerOptions": {
+    // File Layout
+     "rootDir": "./src",
+     "outDir": "./dist",
+     "strict": true,
+    "esModuleInterop": true,
+
+    "declaration": true,
+    "sourceMap": true,
+
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+     // Environment Settings
+    // See also https://aka.ms/tsconfig/module
+    "module": "CommonJS",
+    "target": "ES2019",
+    "types": [],
+    // For nodejs:
+    // "lib": ["esnext"],
+     "types": ["node","jest"],
+    // and npm install -D @types/node
+
+    // Other Outputs
+    "sourceMap": true,
+    "declaration": true,
+    "declarationMap": true,
+
+    // Stricter Typechecking Options
+    "noUncheckedIndexedAccess": true,
+    //"exactOptionalPropertyTypes": true,
+
+    // Style Options
+    // "noImplicitReturns": true,
+    // "noImplicitOverride": true,
+    // "noUnusedLocals": true,
+    // "noUnusedParameters": true,
+    // "noFallthroughCasesInSwitch": true,
+    // "noPropertyAccessFromIndexSignature": true,
+
+    // Recommended Options
+    "strict": true,
+    "jsx": "react-jsx",
+    //"verbatimModuleSyntax": true,
+    "isolatedModules": true,
+    "noUncheckedSideEffectImports": true,
+    "moduleDetection": "force",
+    "skipLibCheck": true,
+  }
+}