b23-lib 1.1.0 → 1.2.0

package/dist/index.d.mts

@@ -235,30 +235,54 @@ declare const Schema: {
     };
 };
 
+type StringifiedJSONArray = string;
+type AuthUtilityConfig = {
+    maxTokenAge?: string;
+    userPrivateKeys?: StringifiedJSONArray;
+    userPublicKeys?: StringifiedJSONArray;
+    anonymousPrivateKeys?: StringifiedJSONArray;
+    anonymousPublicKeys?: StringifiedJSONArray;
+    systemPrivateKeys?: StringifiedJSONArray;
+    systemPublicKeys?: StringifiedJSONArray;
+    adminPrivateKeys?: StringifiedJSONArray;
+    adminPublicKeys?: StringifiedJSONArray;
+};
+type AuthMiddlewareConfig = {
+    allowAnonymous: boolean;
+    allowSystem: boolean;
+    allowUser: boolean;
+};
 declare class AuthUtility {
-    private secretToken;
     private maxTokenAge;
-    constructor({ secret, maxTokenAge }: {
-        secret: string;
-        maxTokenAge: string;
-    });
-    createToken(id: string, additionalData: object): Promise<string>;
-    verifyToken(token: string): Promise<jose.JWTPayload>;
-    AuthMiddleware(): (req: any, res: any, next: any) => Promise<void>;
+    private userPrivateKeys;
+    private userPublicKeys;
+    private anonymousPrivateKeys;
+    private anonymousPublicKeys;
+    private systemPrivateKeys;
+    private systemPublicKeys;
+    private adminPrivateKeys;
+    private adminPublicKeys;
+    constructor({ maxTokenAge, userPrivateKeys, userPublicKeys, anonymousPrivateKeys, anonymousPublicKeys, systemPrivateKeys, systemPublicKeys, adminPrivateKeys, adminPublicKeys }?: AuthUtilityConfig);
+    private createSignedJWT;
+    private verifySignedJWT;
+    createAnonymousToken(id: string, additionalData?: object): Promise<string>;
+    verifyAnonymousToken(token: string): Promise<jose.JWTPayload>;
+    createUserToken(id: string, additionalData?: object): Promise<string>;
+    verifyUserToken(token: string): Promise<jose.JWTPayload>;
+    createSystemToken(id: string, additionalData?: object): Promise<string>;
+    verifySystemToken(token: string): Promise<jose.JWTPayload>;
+    createAdminToken(id: string, additionalData?: object): Promise<string>;
+    verifyAdminToken(token: string): Promise<jose.JWTPayload>;
+    AuthMiddleware({ allowAnonymous, allowSystem, allowUser }?: AuthMiddlewareConfig): (req: any, res: any, next: any) => Promise<void>;
 }
 
-declare const ResponseUtility: {
-    handleException: (functionName: string, error: any, res: any) => void;
-    generateResponse: (status: number, data?: any, error?: string) => {
-        status: number;
-        data: any;
-        error: string | undefined;
-    };
-    generateError: (status: number, error: string, knownError?: Boolean, logError?: boolean) => {
-        status: number;
-        error: string;
-        knownError: Boolean;
-        logError: boolean;
+declare const _default: {
+    isUUID: (value: string) => boolean;
+    generateUUID: (value?: string, namespace?: string) => string;
+    generateSearchId: (key: string, variantId: string) => string;
+    getKeyfromSearchId: (searchId: string) => {
+        key: string;
+        variantId: string;
     };
 };
 
@@ -272,8 +296,9 @@ declare const Fetch: (baseURL: string, endpoint: string, method?: "GET" | "POST"
 declare const Logger: {
     logException: (functionName: string, error: any) => void;
     logError: (functionName: string, errorMessage: string) => void;
+    logWarning: (functionName: string, message: any) => void;
     logMessage: (functionName: string, message: any) => void;
     logInvalidPayload: (functionName: string, errorMessage: string) => void;
 };
 
-export { AuthUtility as Auth, DynamoDBUtility as DynamoDB, Fetch, Logger, ResponseUtility, Schema };
+export { AuthUtility as Auth, DynamoDBUtility as DynamoDB, Fetch, Logger, _default as ResponseUtility, Schema, _default as Utils };

package/dist/index.d.ts

@@ -235,30 +235,54 @@ declare const Schema: {
     };
 };
 
+type StringifiedJSONArray = string;
+type AuthUtilityConfig = {
+    maxTokenAge?: string;
+    userPrivateKeys?: StringifiedJSONArray;
+    userPublicKeys?: StringifiedJSONArray;
+    anonymousPrivateKeys?: StringifiedJSONArray;
+    anonymousPublicKeys?: StringifiedJSONArray;
+    systemPrivateKeys?: StringifiedJSONArray;
+    systemPublicKeys?: StringifiedJSONArray;
+    adminPrivateKeys?: StringifiedJSONArray;
+    adminPublicKeys?: StringifiedJSONArray;
+};
+type AuthMiddlewareConfig = {
+    allowAnonymous: boolean;
+    allowSystem: boolean;
+    allowUser: boolean;
+};
 declare class AuthUtility {
-    private secretToken;
     private maxTokenAge;
-    constructor({ secret, maxTokenAge }: {
-        secret: string;
-        maxTokenAge: string;
-    });
-    createToken(id: string, additionalData: object): Promise<string>;
-    verifyToken(token: string): Promise<jose.JWTPayload>;
-    AuthMiddleware(): (req: any, res: any, next: any) => Promise<void>;
+    private userPrivateKeys;
+    private userPublicKeys;
+    private anonymousPrivateKeys;
+    private anonymousPublicKeys;
+    private systemPrivateKeys;
+    private systemPublicKeys;
+    private adminPrivateKeys;
+    private adminPublicKeys;
+    constructor({ maxTokenAge, userPrivateKeys, userPublicKeys, anonymousPrivateKeys, anonymousPublicKeys, systemPrivateKeys, systemPublicKeys, adminPrivateKeys, adminPublicKeys }?: AuthUtilityConfig);
+    private createSignedJWT;
+    private verifySignedJWT;
+    createAnonymousToken(id: string, additionalData?: object): Promise<string>;
+    verifyAnonymousToken(token: string): Promise<jose.JWTPayload>;
+    createUserToken(id: string, additionalData?: object): Promise<string>;
+    verifyUserToken(token: string): Promise<jose.JWTPayload>;
+    createSystemToken(id: string, additionalData?: object): Promise<string>;
+    verifySystemToken(token: string): Promise<jose.JWTPayload>;
+    createAdminToken(id: string, additionalData?: object): Promise<string>;
+    verifyAdminToken(token: string): Promise<jose.JWTPayload>;
+    AuthMiddleware({ allowAnonymous, allowSystem, allowUser }?: AuthMiddlewareConfig): (req: any, res: any, next: any) => Promise<void>;
 }
 
-declare const ResponseUtility: {
-    handleException: (functionName: string, error: any, res: any) => void;
-    generateResponse: (status: number, data?: any, error?: string) => {
-        status: number;
-        data: any;
-        error: string | undefined;
-    };
-    generateError: (status: number, error: string, knownError?: Boolean, logError?: boolean) => {
-        status: number;
-        error: string;
-        knownError: Boolean;
-        logError: boolean;
+declare const _default: {
+    isUUID: (value: string) => boolean;
+    generateUUID: (value?: string, namespace?: string) => string;
+    generateSearchId: (key: string, variantId: string) => string;
+    getKeyfromSearchId: (searchId: string) => {
+        key: string;
+        variantId: string;
     };
 };
 
@@ -272,8 +296,9 @@ declare const Fetch: (baseURL: string, endpoint: string, method?: "GET" | "POST"
 declare const Logger: {
     logException: (functionName: string, error: any) => void;
     logError: (functionName: string, errorMessage: string) => void;
+    logWarning: (functionName: string, message: any) => void;
     logMessage: (functionName: string, message: any) => void;
     logInvalidPayload: (functionName: string, errorMessage: string) => void;
 };
 
-export { AuthUtility as Auth, DynamoDBUtility as DynamoDB, Fetch, Logger, ResponseUtility, Schema };
+export { AuthUtility as Auth, DynamoDBUtility as DynamoDB, Fetch, Logger, _default as ResponseUtility, Schema, _default as Utils };

package/dist/index.js

@@ -34,8 +34,9 @@ __export(src_exports, {
   DynamoDB: () => Dynamodb_default,
   Fetch: () => fetch_default,
   Logger: () => Logger_default,
-  ResponseUtility: () => response_default,
-  Schema: () => Schema_default
+  ResponseUtility: () => Utils_default,
+  Schema: () => Schema_default,
+  Utils: () => Utils_default
 });
 module.exports = __toCommonJS(src_exports);
 
@@ -414,8 +415,22 @@ var import_util2 = __toESM(require("util"));
 
 // src/enums/ErrorTypes.ts
 var ErrorTypes_default = Object.freeze({
+  INVALID_UUID: "Invalid UUID",
   INVALID_TOKEN: "Invalid Token",
   TOKEN_EXPIRED: "Token Expired",
+  INVALID_AUTH_TYPE: "Invalid Authorization Type",
+  USER_PRIVATE_KEY_NOT_FOUND: "User Private Key Not Found",
+  USER_PUBLIC_KEY_NOT_FOUND: "User Public Key Not Found",
+  ANONYMOUS_PRIVATE_KEY_NOT_FOUND: "Anonymous Private Key Not Found",
+  ANONYMOUS_PUBLIC_KEY_NOT_FOUND: "Anonymous Public Key Not Found",
+  SYSTEM_PRIVATE_KEY_NOT_FOUND: "System Private Key Not Found",
+  SYSTEM_PUBLIC_KEY_NOT_FOUND: "System Public Key Not Found",
+  ADMIN_PRIVATE_KEY_NOT_FOUND: "Admin Private Key Not Found",
+  ADMIN_PUBLIC_KEY_NOT_FOUND: "Admin Public Key Not Found",
+  SECRET_TOKEN_NOT_FOUND: "Secret Token Not Found",
+  ANONYMOUS_SESSION_NOT_ALLOWED: "Anonymous Session Not Allowed",
+  USER_SESSION_NOT_ALLOWED: "User Session Not Allowed",
+  SYSTEM_SESSION_NOT_ALLOWED: "System Session Not Allowed",
   INTERNAL_SERVER_ERROR: "Internal Server Error"
 });
 
@@ -423,20 +438,48 @@ var ErrorTypes_default = Object.freeze({
 var import_util = __toESM(require("util"));
 var Logger = {
   logException: (functionName, error) => {
-    console.log(`Exception Occurred in Function: ${functionName}, Error: ${import_util.default.inspect(error)}`);
+    console.error(`Exception Occurred in Function: ${functionName}, Error: ${import_util.default.inspect(error)}`);
   },
   logError: (functionName, errorMessage) => {
-    console.log(`Error Occurred in Function: ${functionName}, Error: ${import_util.default.inspect(errorMessage)}`);
+    console.error(`Error Occurred in Function: ${functionName}, Error: ${import_util.default.inspect(errorMessage)}`);
+  },
+  logWarning: (functionName, message) => {
+    console.warn(`Warning in Function: ${functionName} - ${import_util.default.inspect(message)}`);
   },
   logMessage: (functionName, message) => {
-    console.log(`Message in Function: ${functionName}, Error: ${import_util.default.inspect(message)}`);
+    console.log(`Message in Function: ${functionName} - ${import_util.default.inspect(message)}`);
   },
   logInvalidPayload: (functionName, errorMessage) => {
-    console.log(`Invalid Payload received for Function: ${functionName}, Error: ${errorMessage}`);
+    console.error(`Invalid Payload received for Function: ${functionName}, Error: ${errorMessage}`);
   }
 };
 var Logger_default = Logger;
 
+// src/Utils/index.ts
+var import_uuid = require("uuid");
+var Utils_default = {
+  isUUID: (value) => {
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+    return uuidRegex.test(value);
+  },
+  generateUUID: (value, namespace) => {
+    if (namespace && value) {
+      return (0, import_uuid.v5)(value, namespace);
+    }
+    return (0, import_uuid.v4)();
+  },
+  generateSearchId: (key, variantId) => {
+    return `${key}#${variantId}`;
+  },
+  getKeyfromSearchId: (searchId) => {
+    const [key, variantId] = searchId.split("#");
+    return {
+      key,
+      variantId
+    };
+  }
+};
+
 // src/Utils/response.ts
 var ResponseUtility = {
   handleException: (functionName, error, res) => {
@@ -446,6 +489,12 @@ var ResponseUtility = {
         status: error.status,
         error: error.error
       });
+    } else if (error.status && error.error) {
+      Logger_default.logException(functionName, error);
+      res.status(error.status).json({
+        ...error.error,
+        status: error.status
+      });
     } else {
       Logger_default.logException(functionName, error);
       res.status(500).json({
@@ -473,40 +522,193 @@ var ResponseUtility = {
 var response_default = ResponseUtility;
 
 // src/Auth/index.ts
+var import_assert = __toESM(require("assert"));
+var DefaultAuthUtilityConfig = {
+  maxTokenAge: "30 days",
+  userPrivateKeys: "[]",
+  userPublicKeys: "[]",
+  anonymousPrivateKeys: "[]",
+  anonymousPublicKeys: "[]",
+  systemPrivateKeys: "[]",
+  systemPublicKeys: "[]",
+  adminPrivateKeys: "[]",
+  adminPublicKeys: "[]"
+};
+var DefaultAuthMiddlewareConfig = {
+  allowAnonymous: false,
+  allowSystem: true,
+  allowUser: true
+};
 var AuthUtility = class {
-  secretToken;
   maxTokenAge;
-  constructor({ secret, maxTokenAge = "30 days" }) {
-    this.secretToken = secret;
+  userPrivateKeys;
+  userPublicKeys;
+  anonymousPrivateKeys;
+  anonymousPublicKeys;
+  systemPrivateKeys;
+  systemPublicKeys;
+  adminPrivateKeys;
+  adminPublicKeys;
+  constructor({ maxTokenAge = "30 days", userPrivateKeys = "[]", userPublicKeys = "[]", anonymousPrivateKeys = "[]", anonymousPublicKeys = "[]", systemPrivateKeys = "[]", systemPublicKeys = "[]", adminPrivateKeys = "[]", adminPublicKeys = "[]" } = DefaultAuthUtilityConfig) {
     this.maxTokenAge = maxTokenAge;
+    this.userPrivateKeys = JSON.parse(userPrivateKeys);
+    if (this.userPrivateKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 1 user private key provided. The last key will be used for signing.");
+    }
+    this.userPublicKeys = JSON.parse(userPublicKeys);
+    if (this.userPublicKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 3 user public keys provided. This is not recommended.");
+    }
+    this.anonymousPrivateKeys = JSON.parse(anonymousPrivateKeys);
+    if (this.anonymousPrivateKeys.length > 1) {
+      Logger_default.logWarning("AuthUtility", "More than 1 anonymous private key provided. The last key will be used for signing.");
+    }
+    this.anonymousPublicKeys = JSON.parse(anonymousPublicKeys);
+    if (this.anonymousPublicKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 3 anonymous public keys provided. This is not recommended.");
+    }
+    this.systemPrivateKeys = JSON.parse(systemPrivateKeys);
+    if (this.systemPrivateKeys.length > 1) {
+      Logger_default.logWarning("AuthUtility", "More than 1 system private key provided. The last key will be used for signing.");
+    }
+    this.systemPublicKeys = JSON.parse(systemPublicKeys);
+    if (this.systemPublicKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 3 system public keys provided. This is not recommended.");
+    }
+    this.adminPrivateKeys = JSON.parse(adminPrivateKeys);
+    if (this.adminPrivateKeys.length > 1) {
+      Logger_default.logWarning("AuthUtility", "More than 1 admin private key provided. The last key will be used for signing.");
+    }
+    this.adminPublicKeys = JSON.parse(adminPublicKeys);
+    if (this.adminPublicKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 3 admin public keys provided. This is not recommended.");
+    }
+  }
+  async createSignedJWT(payload, privateKeyString, expiration) {
+    const privateKey = await (0, import_jose.importPKCS8)(privateKeyString, "RS256");
+    const token = await new import_jose.SignJWT(payload).setProtectedHeader({ alg: "RS256" }).setExpirationTime(expiration).setIssuedAt().sign(privateKey);
+    return token;
+  }
+  async verifySignedJWT(token, publicKeyString, expiration) {
+    for (let i = publicKeyString.length - 1; i > 0; i--) {
+      try {
+        const publicKey2 = await (0, import_jose.importSPKI)(publicKeyString[i], "RS256");
+        const jwt2 = await (0, import_jose.jwtVerify)(token, publicKey2, { clockTolerance: 30, maxTokenAge: expiration });
+        return jwt2.payload;
+      } catch (error) {
+        continue;
+      }
+    }
+    const publicKey = await (0, import_jose.importSPKI)(publicKeyString[0], "RS256");
+    const jwt = await (0, import_jose.jwtVerify)(token, publicKey, { clockTolerance: 30, maxTokenAge: expiration });
+    return jwt.payload;
   }
-  async createToken(id, additionalData) {
+  async createAnonymousToken(id, additionalData) {
+    (0, import_assert.default)(this.anonymousPrivateKeys.length, ErrorTypes_default.ANONYMOUS_PRIVATE_KEY_NOT_FOUND);
+    (0, import_assert.default)(Utils_default.isUUID(id), ErrorTypes_default.INVALID_UUID);
     const payload = {
       id,
+      type: "Anon",
       ...additionalData
     };
-    const secretKey = Buffer.from(this.secretToken, "hex");
-    const token = await new import_jose.EncryptJWT(payload).setExpirationTime(this.maxTokenAge).setIssuedAt().setProtectedHeader({ alg: "dir", enc: "A256CBC-HS512" }).encrypt(secretKey);
-    return token;
+    return await this.createSignedJWT(payload, this.anonymousPrivateKeys[this.anonymousPrivateKeys.length - 1], this.maxTokenAge);
   }
-  async verifyToken(token) {
-    const secretKey = Buffer.from(this.secretToken, "hex");
-    const jwt = await (0, import_jose.jwtDecrypt)(token, secretKey, { maxTokenAge: this.maxTokenAge });
-    return jwt.payload;
+  async verifyAnonymousToken(token) {
+    (0, import_assert.default)(this.anonymousPublicKeys.length, ErrorTypes_default.ANONYMOUS_PUBLIC_KEY_NOT_FOUND);
+    const payload = await this.verifySignedJWT(token, this.anonymousPublicKeys, this.maxTokenAge);
+    (0, import_assert.default)(payload.type === "Anon", ErrorTypes_default.INVALID_AUTH_TYPE);
+    return payload;
+  }
+  async createUserToken(id, additionalData) {
+    (0, import_assert.default)(this.userPrivateKeys.length, ErrorTypes_default.USER_PRIVATE_KEY_NOT_FOUND);
+    (0, import_assert.default)(Utils_default.isUUID(id), ErrorTypes_default.INVALID_UUID);
+    const payload = {
+      id,
+      type: "User",
+      ...additionalData
+    };
+    return await this.createSignedJWT(payload, this.userPrivateKeys[this.userPrivateKeys.length - 1], this.maxTokenAge);
+  }
+  async verifyUserToken(token) {
+    (0, import_assert.default)(this.userPublicKeys.length, ErrorTypes_default.USER_PUBLIC_KEY_NOT_FOUND);
+    const payload = await this.verifySignedJWT(token, this.userPublicKeys, this.maxTokenAge);
+    (0, import_assert.default)(payload.type === "User", ErrorTypes_default.INVALID_AUTH_TYPE);
+    return payload;
   }
-  AuthMiddleware() {
+  async createSystemToken(id, additionalData) {
+    (0, import_assert.default)(this.userPrivateKeys.length, ErrorTypes_default.USER_PRIVATE_KEY_NOT_FOUND);
+    (0, import_assert.default)(Utils_default.isUUID(id), ErrorTypes_default.INVALID_UUID);
+    const payload = {
+      id,
+      type: "System",
+      ...additionalData
+    };
+    return await this.createSignedJWT(payload, this.systemPrivateKeys[this.systemPrivateKeys.length - 1], "5 min");
+  }
+  async verifySystemToken(token) {
+    (0, import_assert.default)(this.systemPublicKeys.length, ErrorTypes_default.USER_PUBLIC_KEY_NOT_FOUND);
+    const payload = await this.verifySignedJWT(token, this.systemPublicKeys, "5 min");
+    (0, import_assert.default)(payload.type === "System", ErrorTypes_default.INVALID_AUTH_TYPE);
+    return payload;
+  }
+  async createAdminToken(id, additionalData) {
+    (0, import_assert.default)(this.adminPrivateKeys.length, ErrorTypes_default.ADMIN_PRIVATE_KEY_NOT_FOUND);
+    (0, import_assert.default)(Utils_default.isUUID(id), ErrorTypes_default.INVALID_UUID);
+    const payload = {
+      id,
+      type: "Admin",
+      ...additionalData
+    };
+    return await this.createSignedJWT(payload, this.adminPrivateKeys[this.adminPrivateKeys.length - 1], this.maxTokenAge);
+  }
+  async verifyAdminToken(token) {
+    (0, import_assert.default)(this.adminPublicKeys.length, ErrorTypes_default.ADMIN_PUBLIC_KEY_NOT_FOUND);
+    const payload = await this.verifySignedJWT(token, this.adminPublicKeys, this.maxTokenAge);
+    (0, import_assert.default)(payload.type === "Admin", ErrorTypes_default.INVALID_AUTH_TYPE);
+    return payload;
+  }
+  AuthMiddleware({ allowAnonymous, allowSystem, allowUser } = DefaultAuthMiddlewareConfig) {
     return async (req, res, next) => {
       try {
-        const token = req.get("Authorization")?.split(" ")?.[1];
+        const [authType, token] = req.get("Authorization")?.split(" ");
         if (!token) {
           throw new Error(ErrorTypes_default.INVALID_TOKEN);
         }
-        const payload = await this.verifyToken(token);
-        res.locals.auth = payload;
+        let payload;
+        switch (authType) {
+          case "Anon":
+            if (!allowAnonymous) {
+              throw response_default.generateError(403, ErrorTypes_default.ANONYMOUS_SESSION_NOT_ALLOWED);
+            }
+            payload = await this.verifyAnonymousToken(token);
+            break;
+          case "User":
+            if (!allowUser) {
+              throw response_default.generateError(403, ErrorTypes_default.USER_SESSION_NOT_ALLOWED);
+            }
+            payload = await this.verifyUserToken(token);
+            break;
+          case "System":
+            if (!allowSystem) {
+              throw response_default.generateError(403, ErrorTypes_default.SYSTEM_SESSION_NOT_ALLOWED);
+            }
+            payload = await this.verifySystemToken(token);
+            break;
+          case "Admin":
+            payload = await this.verifyAdminToken(token);
+            break;
+          default:
+            throw response_default.generateError(403, ErrorTypes_default.INVALID_AUTH_TYPE);
+        }
+        res.locals.auth = {
+          authType,
+          token,
+          ...payload
+        };
         next();
       } catch (error) {
         Logger_default.logError("AuthMiddleware", import_util2.default.inspect(error));
-        response_default.handleException("AuthMiddleware", response_default.generateError(401, ErrorTypes_default.TOKEN_EXPIRED), res);
+        response_default.handleException("AuthMiddleware", response_default.generateError(401, error.error ? error.error : ErrorTypes_default.TOKEN_EXPIRED, true), res);
       }
     };
   }
@@ -565,5 +767,6 @@ var fetch_default = Fetch;
   Fetch,
   Logger,
   ResponseUtility,
-  Schema
+  Schema,
+  Utils
 });

package/dist/index.mjs

@@ -383,13 +383,27 @@ var Schema = {
 var Schema_default = Schema;
 
 // src/Auth/index.ts
-import { EncryptJWT, jwtDecrypt } from "jose";
+import { importPKCS8, importSPKI, jwtVerify, SignJWT } from "jose";
 import util2 from "util";
 
 // src/enums/ErrorTypes.ts
 var ErrorTypes_default = Object.freeze({
+  INVALID_UUID: "Invalid UUID",
   INVALID_TOKEN: "Invalid Token",
   TOKEN_EXPIRED: "Token Expired",
+  INVALID_AUTH_TYPE: "Invalid Authorization Type",
+  USER_PRIVATE_KEY_NOT_FOUND: "User Private Key Not Found",
+  USER_PUBLIC_KEY_NOT_FOUND: "User Public Key Not Found",
+  ANONYMOUS_PRIVATE_KEY_NOT_FOUND: "Anonymous Private Key Not Found",
+  ANONYMOUS_PUBLIC_KEY_NOT_FOUND: "Anonymous Public Key Not Found",
+  SYSTEM_PRIVATE_KEY_NOT_FOUND: "System Private Key Not Found",
+  SYSTEM_PUBLIC_KEY_NOT_FOUND: "System Public Key Not Found",
+  ADMIN_PRIVATE_KEY_NOT_FOUND: "Admin Private Key Not Found",
+  ADMIN_PUBLIC_KEY_NOT_FOUND: "Admin Public Key Not Found",
+  SECRET_TOKEN_NOT_FOUND: "Secret Token Not Found",
+  ANONYMOUS_SESSION_NOT_ALLOWED: "Anonymous Session Not Allowed",
+  USER_SESSION_NOT_ALLOWED: "User Session Not Allowed",
+  SYSTEM_SESSION_NOT_ALLOWED: "System Session Not Allowed",
   INTERNAL_SERVER_ERROR: "Internal Server Error"
 });
 
@@ -397,20 +411,48 @@ var ErrorTypes_default = Object.freeze({
 import util from "util";
 var Logger = {
   logException: (functionName, error) => {
-    console.log(`Exception Occurred in Function: ${functionName}, Error: ${util.inspect(error)}`);
+    console.error(`Exception Occurred in Function: ${functionName}, Error: ${util.inspect(error)}`);
   },
   logError: (functionName, errorMessage) => {
-    console.log(`Error Occurred in Function: ${functionName}, Error: ${util.inspect(errorMessage)}`);
+    console.error(`Error Occurred in Function: ${functionName}, Error: ${util.inspect(errorMessage)}`);
+  },
+  logWarning: (functionName, message) => {
+    console.warn(`Warning in Function: ${functionName} - ${util.inspect(message)}`);
   },
   logMessage: (functionName, message) => {
-    console.log(`Message in Function: ${functionName}, Error: ${util.inspect(message)}`);
+    console.log(`Message in Function: ${functionName} - ${util.inspect(message)}`);
   },
   logInvalidPayload: (functionName, errorMessage) => {
-    console.log(`Invalid Payload received for Function: ${functionName}, Error: ${errorMessage}`);
+    console.error(`Invalid Payload received for Function: ${functionName}, Error: ${errorMessage}`);
   }
 };
 var Logger_default = Logger;
 
+// src/Utils/index.ts
+import { v4 as uuidv4, v5 as uuidv5 } from "uuid";
+var Utils_default = {
+  isUUID: (value) => {
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+    return uuidRegex.test(value);
+  },
+  generateUUID: (value, namespace) => {
+    if (namespace && value) {
+      return uuidv5(value, namespace);
+    }
+    return uuidv4();
+  },
+  generateSearchId: (key, variantId) => {
+    return `${key}#${variantId}`;
+  },
+  getKeyfromSearchId: (searchId) => {
+    const [key, variantId] = searchId.split("#");
+    return {
+      key,
+      variantId
+    };
+  }
+};
+
 // src/Utils/response.ts
 var ResponseUtility = {
   handleException: (functionName, error, res) => {
@@ -420,6 +462,12 @@ var ResponseUtility = {
         status: error.status,
         error: error.error
       });
+    } else if (error.status && error.error) {
+      Logger_default.logException(functionName, error);
+      res.status(error.status).json({
+        ...error.error,
+        status: error.status
+      });
     } else {
       Logger_default.logException(functionName, error);
       res.status(500).json({
@@ -447,40 +495,193 @@ var ResponseUtility = {
 var response_default = ResponseUtility;
 
 // src/Auth/index.ts
+import assert from "assert";
+var DefaultAuthUtilityConfig = {
+  maxTokenAge: "30 days",
+  userPrivateKeys: "[]",
+  userPublicKeys: "[]",
+  anonymousPrivateKeys: "[]",
+  anonymousPublicKeys: "[]",
+  systemPrivateKeys: "[]",
+  systemPublicKeys: "[]",
+  adminPrivateKeys: "[]",
+  adminPublicKeys: "[]"
+};
+var DefaultAuthMiddlewareConfig = {
+  allowAnonymous: false,
+  allowSystem: true,
+  allowUser: true
+};
 var AuthUtility = class {
-  secretToken;
   maxTokenAge;
-  constructor({ secret, maxTokenAge = "30 days" }) {
-    this.secretToken = secret;
+  userPrivateKeys;
+  userPublicKeys;
+  anonymousPrivateKeys;
+  anonymousPublicKeys;
+  systemPrivateKeys;
+  systemPublicKeys;
+  adminPrivateKeys;
+  adminPublicKeys;
+  constructor({ maxTokenAge = "30 days", userPrivateKeys = "[]", userPublicKeys = "[]", anonymousPrivateKeys = "[]", anonymousPublicKeys = "[]", systemPrivateKeys = "[]", systemPublicKeys = "[]", adminPrivateKeys = "[]", adminPublicKeys = "[]" } = DefaultAuthUtilityConfig) {
     this.maxTokenAge = maxTokenAge;
+    this.userPrivateKeys = JSON.parse(userPrivateKeys);
+    if (this.userPrivateKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 1 user private key provided. The last key will be used for signing.");
+    }
+    this.userPublicKeys = JSON.parse(userPublicKeys);
+    if (this.userPublicKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 3 user public keys provided. This is not recommended.");
+    }
+    this.anonymousPrivateKeys = JSON.parse(anonymousPrivateKeys);
+    if (this.anonymousPrivateKeys.length > 1) {
+      Logger_default.logWarning("AuthUtility", "More than 1 anonymous private key provided. The last key will be used for signing.");
+    }
+    this.anonymousPublicKeys = JSON.parse(anonymousPublicKeys);
+    if (this.anonymousPublicKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 3 anonymous public keys provided. This is not recommended.");
+    }
+    this.systemPrivateKeys = JSON.parse(systemPrivateKeys);
+    if (this.systemPrivateKeys.length > 1) {
+      Logger_default.logWarning("AuthUtility", "More than 1 system private key provided. The last key will be used for signing.");
+    }
+    this.systemPublicKeys = JSON.parse(systemPublicKeys);
+    if (this.systemPublicKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 3 system public keys provided. This is not recommended.");
+    }
+    this.adminPrivateKeys = JSON.parse(adminPrivateKeys);
+    if (this.adminPrivateKeys.length > 1) {
+      Logger_default.logWarning("AuthUtility", "More than 1 admin private key provided. The last key will be used for signing.");
+    }
+    this.adminPublicKeys = JSON.parse(adminPublicKeys);
+    if (this.adminPublicKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 3 admin public keys provided. This is not recommended.");
+    }
+  }
+  async createSignedJWT(payload, privateKeyString, expiration) {
+    const privateKey = await importPKCS8(privateKeyString, "RS256");
+    const token = await new SignJWT(payload).setProtectedHeader({ alg: "RS256" }).setExpirationTime(expiration).setIssuedAt().sign(privateKey);
+    return token;
+  }
+  async verifySignedJWT(token, publicKeyString, expiration) {
+    for (let i = publicKeyString.length - 1; i > 0; i--) {
+      try {
+        const publicKey2 = await importSPKI(publicKeyString[i], "RS256");
+        const jwt2 = await jwtVerify(token, publicKey2, { clockTolerance: 30, maxTokenAge: expiration });
+        return jwt2.payload;
+      } catch (error) {
+        continue;
+      }
+    }
+    const publicKey = await importSPKI(publicKeyString[0], "RS256");
+    const jwt = await jwtVerify(token, publicKey, { clockTolerance: 30, maxTokenAge: expiration });
+    return jwt.payload;
   }
-  async createToken(id, additionalData) {
+  async createAnonymousToken(id, additionalData) {
+    assert(this.anonymousPrivateKeys.length, ErrorTypes_default.ANONYMOUS_PRIVATE_KEY_NOT_FOUND);
+    assert(Utils_default.isUUID(id), ErrorTypes_default.INVALID_UUID);
     const payload = {
       id,
+      type: "Anon",
       ...additionalData
     };
-    const secretKey = Buffer.from(this.secretToken, "hex");
-    const token = await new EncryptJWT(payload).setExpirationTime(this.maxTokenAge).setIssuedAt().setProtectedHeader({ alg: "dir", enc: "A256CBC-HS512" }).encrypt(secretKey);
-    return token;
+    return await this.createSignedJWT(payload, this.anonymousPrivateKeys[this.anonymousPrivateKeys.length - 1], this.maxTokenAge);
   }
-  async verifyToken(token) {
-    const secretKey = Buffer.from(this.secretToken, "hex");
-    const jwt = await jwtDecrypt(token, secretKey, { maxTokenAge: this.maxTokenAge });
-    return jwt.payload;
+  async verifyAnonymousToken(token) {
+    assert(this.anonymousPublicKeys.length, ErrorTypes_default.ANONYMOUS_PUBLIC_KEY_NOT_FOUND);
+    const payload = await this.verifySignedJWT(token, this.anonymousPublicKeys, this.maxTokenAge);
+    assert(payload.type === "Anon", ErrorTypes_default.INVALID_AUTH_TYPE);
+    return payload;
+  }
+  async createUserToken(id, additionalData) {
+    assert(this.userPrivateKeys.length, ErrorTypes_default.USER_PRIVATE_KEY_NOT_FOUND);
+    assert(Utils_default.isUUID(id), ErrorTypes_default.INVALID_UUID);
+    const payload = {
+      id,
+      type: "User",
+      ...additionalData
+    };
+    return await this.createSignedJWT(payload, this.userPrivateKeys[this.userPrivateKeys.length - 1], this.maxTokenAge);
+  }
+  async verifyUserToken(token) {
+    assert(this.userPublicKeys.length, ErrorTypes_default.USER_PUBLIC_KEY_NOT_FOUND);
+    const payload = await this.verifySignedJWT(token, this.userPublicKeys, this.maxTokenAge);
+    assert(payload.type === "User", ErrorTypes_default.INVALID_AUTH_TYPE);
+    return payload;
   }
-  AuthMiddleware() {
+  async createSystemToken(id, additionalData) {
+    assert(this.userPrivateKeys.length, ErrorTypes_default.USER_PRIVATE_KEY_NOT_FOUND);
+    assert(Utils_default.isUUID(id), ErrorTypes_default.INVALID_UUID);
+    const payload = {
+      id,
+      type: "System",
+      ...additionalData
+    };
+    return await this.createSignedJWT(payload, this.systemPrivateKeys[this.systemPrivateKeys.length - 1], "5 min");
+  }
+  async verifySystemToken(token) {
+    assert(this.systemPublicKeys.length, ErrorTypes_default.USER_PUBLIC_KEY_NOT_FOUND);
+    const payload = await this.verifySignedJWT(token, this.systemPublicKeys, "5 min");
+    assert(payload.type === "System", ErrorTypes_default.INVALID_AUTH_TYPE);
+    return payload;
+  }
+  async createAdminToken(id, additionalData) {
+    assert(this.adminPrivateKeys.length, ErrorTypes_default.ADMIN_PRIVATE_KEY_NOT_FOUND);
+    assert(Utils_default.isUUID(id), ErrorTypes_default.INVALID_UUID);
+    const payload = {
+      id,
+      type: "Admin",
+      ...additionalData
+    };
+    return await this.createSignedJWT(payload, this.adminPrivateKeys[this.adminPrivateKeys.length - 1], this.maxTokenAge);
+  }
+  async verifyAdminToken(token) {
+    assert(this.adminPublicKeys.length, ErrorTypes_default.ADMIN_PUBLIC_KEY_NOT_FOUND);
+    const payload = await this.verifySignedJWT(token, this.adminPublicKeys, this.maxTokenAge);
+    assert(payload.type === "Admin", ErrorTypes_default.INVALID_AUTH_TYPE);
+    return payload;
+  }
+  AuthMiddleware({ allowAnonymous, allowSystem, allowUser } = DefaultAuthMiddlewareConfig) {
     return async (req, res, next) => {
       try {
-        const token = req.get("Authorization")?.split(" ")?.[1];
+        const [authType, token] = req.get("Authorization")?.split(" ");
         if (!token) {
           throw new Error(ErrorTypes_default.INVALID_TOKEN);
         }
-        const payload = await this.verifyToken(token);
-        res.locals.auth = payload;
+        let payload;
+        switch (authType) {
+          case "Anon":
+            if (!allowAnonymous) {
+              throw response_default.generateError(403, ErrorTypes_default.ANONYMOUS_SESSION_NOT_ALLOWED);
+            }
+            payload = await this.verifyAnonymousToken(token);
+            break;
+          case "User":
+            if (!allowUser) {
+              throw response_default.generateError(403, ErrorTypes_default.USER_SESSION_NOT_ALLOWED);
+            }
+            payload = await this.verifyUserToken(token);
+            break;
+          case "System":
+            if (!allowSystem) {
+              throw response_default.generateError(403, ErrorTypes_default.SYSTEM_SESSION_NOT_ALLOWED);
+            }
+            payload = await this.verifySystemToken(token);
+            break;
+          case "Admin":
+            payload = await this.verifyAdminToken(token);
+            break;
+          default:
+            throw response_default.generateError(403, ErrorTypes_default.INVALID_AUTH_TYPE);
+        }
+        res.locals.auth = {
+          authType,
+          token,
+          ...payload
+        };
         next();
       } catch (error) {
         Logger_default.logError("AuthMiddleware", util2.inspect(error));
-        response_default.handleException("AuthMiddleware", response_default.generateError(401, ErrorTypes_default.TOKEN_EXPIRED), res);
+        response_default.handleException("AuthMiddleware", response_default.generateError(401, error.error ? error.error : ErrorTypes_default.TOKEN_EXPIRED, true), res);
       }
     };
   }
@@ -537,6 +738,7 @@ export {
   Dynamodb_default as DynamoDB,
   fetch_default as Fetch,
   Logger_default as Logger,
-  response_default as ResponseUtility,
-  Schema_default as Schema
+  Utils_default as ResponseUtility,
+  Schema_default as Schema,
+  Utils_default as Utils
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "b23-lib",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "This repo hold common classes, type and util functiona",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -19,7 +19,7 @@
   "dependencies": {
     "@aws-sdk/client-dynamodb": "^3.620.0",
     "@aws-sdk/util-dynamodb": "^3.620.0",
-    "jose": "^5.9.6",
+    "jose": "^5.6.3",
     "util": "^0.12.5"
   },
   "devDependencies": {