b23-lib 1.1.1 → 1.2.1

package/dist/index.d.mts

@@ -235,22 +235,45 @@ declare const Schema: {
     };
 };
 
+type StringifiedJSONArray = string;
+type AuthUtilityConfig = {
+    maxTokenAge?: string;
+    userPrivateKeys?: StringifiedJSONArray;
+    userPublicKeys?: StringifiedJSONArray;
+    anonymousPrivateKeys?: StringifiedJSONArray;
+    anonymousPublicKeys?: StringifiedJSONArray;
+    systemPrivateKeys?: StringifiedJSONArray;
+    systemPublicKeys?: StringifiedJSONArray;
+    adminPrivateKeys?: StringifiedJSONArray;
+    adminPublicKeys?: StringifiedJSONArray;
+};
+type AuthMiddlewareConfig = {
+    allowAnonymous: boolean;
+    allowSystem: boolean;
+    allowUser: boolean;
+};
 declare class AuthUtility {
-    private secretToken;
     private maxTokenAge;
-    private anonymousPrivateKey;
-    private anonymousPublicKey;
-    constructor({ secret, maxTokenAge, anonymousPrivateKey, anonymousPublicKey }: {
-        secret?: string;
-        maxTokenAge?: string;
-        anonymousPrivateKey?: string;
-        anonymousPublicKey?: string;
-    });
+    private userPrivateKeys;
+    private userPublicKeys;
+    private anonymousPrivateKeys;
+    private anonymousPublicKeys;
+    private systemPrivateKeys;
+    private systemPublicKeys;
+    private adminPrivateKeys;
+    private adminPublicKeys;
+    constructor({ maxTokenAge, userPrivateKeys, userPublicKeys, anonymousPrivateKeys, anonymousPublicKeys, systemPrivateKeys, systemPublicKeys, adminPrivateKeys, adminPublicKeys }?: AuthUtilityConfig);
+    private createSignedJWT;
+    private verifySignedJWT;
     createAnonymousToken(id: string, additionalData?: object): Promise<string>;
     verifyAnonymousToken(token: string): Promise<jose.JWTPayload>;
-    createToken(id: string, additionalData?: object): Promise<string>;
-    verifyToken(token: string): Promise<jose.JWTPayload>;
-    AuthMiddleware(allowAnonymous: boolean): (req: any, res: any, next: any) => Promise<void>;
+    createUserToken(id: string, additionalData?: object): Promise<string>;
+    verifyUserToken(token: string): Promise<jose.JWTPayload>;
+    createSystemToken(id: string, additionalData?: object): Promise<string>;
+    verifySystemToken(token: string): Promise<jose.JWTPayload>;
+    createAdminToken(id: string, additionalData?: object): Promise<string>;
+    verifyAdminToken(token: string): Promise<jose.JWTPayload>;
+    AuthMiddleware({ allowAnonymous, allowSystem, allowUser }?: AuthMiddlewareConfig): (req: any, res: any, next: any) => Promise<void>;
 }
 
 declare const _default: {
@@ -263,6 +286,21 @@ declare const _default: {
     };
 };
 
+declare const ResponseUtility: {
+    handleException: (functionName: string, error: any, res: any) => void;
+    generateResponse: (status: number, data?: any, error?: string) => {
+        status: number;
+        data: any;
+        error: string | undefined;
+    };
+    generateError: (status: number, error: string, knownError?: Boolean, logError?: boolean) => {
+        status: number;
+        error: string;
+        knownError: Boolean;
+        logError: boolean;
+    };
+};
+
 type SuccessType = {
     status: number;
     statusText: string;
@@ -273,8 +311,9 @@ declare const Fetch: (baseURL: string, endpoint: string, method?: "GET" | "POST"
 declare const Logger: {
     logException: (functionName: string, error: any) => void;
     logError: (functionName: string, errorMessage: string) => void;
+    logWarning: (functionName: string, message: any) => void;
     logMessage: (functionName: string, message: any) => void;
     logInvalidPayload: (functionName: string, errorMessage: string) => void;
 };
 
-export { AuthUtility as Auth, DynamoDBUtility as DynamoDB, Fetch, Logger, _default as ResponseUtility, Schema, _default as Utils };
+export { AuthUtility as Auth, DynamoDBUtility as DynamoDB, Fetch, Logger, ResponseUtility, Schema, _default as Utils };

package/dist/index.d.ts

@@ -235,22 +235,45 @@ declare const Schema: {
     };
 };
 
+type StringifiedJSONArray = string;
+type AuthUtilityConfig = {
+    maxTokenAge?: string;
+    userPrivateKeys?: StringifiedJSONArray;
+    userPublicKeys?: StringifiedJSONArray;
+    anonymousPrivateKeys?: StringifiedJSONArray;
+    anonymousPublicKeys?: StringifiedJSONArray;
+    systemPrivateKeys?: StringifiedJSONArray;
+    systemPublicKeys?: StringifiedJSONArray;
+    adminPrivateKeys?: StringifiedJSONArray;
+    adminPublicKeys?: StringifiedJSONArray;
+};
+type AuthMiddlewareConfig = {
+    allowAnonymous: boolean;
+    allowSystem: boolean;
+    allowUser: boolean;
+};
 declare class AuthUtility {
-    private secretToken;
     private maxTokenAge;
-    private anonymousPrivateKey;
-    private anonymousPublicKey;
-    constructor({ secret, maxTokenAge, anonymousPrivateKey, anonymousPublicKey }: {
-        secret?: string;
-        maxTokenAge?: string;
-        anonymousPrivateKey?: string;
-        anonymousPublicKey?: string;
-    });
+    private userPrivateKeys;
+    private userPublicKeys;
+    private anonymousPrivateKeys;
+    private anonymousPublicKeys;
+    private systemPrivateKeys;
+    private systemPublicKeys;
+    private adminPrivateKeys;
+    private adminPublicKeys;
+    constructor({ maxTokenAge, userPrivateKeys, userPublicKeys, anonymousPrivateKeys, anonymousPublicKeys, systemPrivateKeys, systemPublicKeys, adminPrivateKeys, adminPublicKeys }?: AuthUtilityConfig);
+    private createSignedJWT;
+    private verifySignedJWT;
     createAnonymousToken(id: string, additionalData?: object): Promise<string>;
     verifyAnonymousToken(token: string): Promise<jose.JWTPayload>;
-    createToken(id: string, additionalData?: object): Promise<string>;
-    verifyToken(token: string): Promise<jose.JWTPayload>;
-    AuthMiddleware(allowAnonymous: boolean): (req: any, res: any, next: any) => Promise<void>;
+    createUserToken(id: string, additionalData?: object): Promise<string>;
+    verifyUserToken(token: string): Promise<jose.JWTPayload>;
+    createSystemToken(id: string, additionalData?: object): Promise<string>;
+    verifySystemToken(token: string): Promise<jose.JWTPayload>;
+    createAdminToken(id: string, additionalData?: object): Promise<string>;
+    verifyAdminToken(token: string): Promise<jose.JWTPayload>;
+    AuthMiddleware({ allowAnonymous, allowSystem, allowUser }?: AuthMiddlewareConfig): (req: any, res: any, next: any) => Promise<void>;
 }
 
 declare const _default: {
@@ -263,6 +286,21 @@ declare const _default: {
     };
 };
 
+declare const ResponseUtility: {
+    handleException: (functionName: string, error: any, res: any) => void;
+    generateResponse: (status: number, data?: any, error?: string) => {
+        status: number;
+        data: any;
+        error: string | undefined;
+    };
+    generateError: (status: number, error: string, knownError?: Boolean, logError?: boolean) => {
+        status: number;
+        error: string;
+        knownError: Boolean;
+        logError: boolean;
+    };
+};
+
 type SuccessType = {
     status: number;
     statusText: string;
@@ -273,8 +311,9 @@ declare const Fetch: (baseURL: string, endpoint: string, method?: "GET" | "POST"
 declare const Logger: {
     logException: (functionName: string, error: any) => void;
     logError: (functionName: string, errorMessage: string) => void;
+    logWarning: (functionName: string, message: any) => void;
     logMessage: (functionName: string, message: any) => void;
     logInvalidPayload: (functionName: string, errorMessage: string) => void;
 };
 
-export { AuthUtility as Auth, DynamoDBUtility as DynamoDB, Fetch, Logger, _default as ResponseUtility, Schema, _default as Utils };
+export { AuthUtility as Auth, DynamoDBUtility as DynamoDB, Fetch, Logger, ResponseUtility, Schema, _default as Utils };

package/dist/index.js

@@ -34,7 +34,7 @@ __export(src_exports, {
   DynamoDB: () => Dynamodb_default,
   Fetch: () => fetch_default,
   Logger: () => Logger_default,
-  ResponseUtility: () => Utils_default,
+  ResponseUtility: () => response_default,
   Schema: () => Schema_default,
   Utils: () => Utils_default
 });
@@ -419,7 +419,18 @@ var ErrorTypes_default = Object.freeze({
   INVALID_TOKEN: "Invalid Token",
   TOKEN_EXPIRED: "Token Expired",
   INVALID_AUTH_TYPE: "Invalid Authorization Type",
+  USER_PRIVATE_KEY_NOT_FOUND: "User Private Key Not Found",
+  USER_PUBLIC_KEY_NOT_FOUND: "User Public Key Not Found",
+  ANONYMOUS_PRIVATE_KEY_NOT_FOUND: "Anonymous Private Key Not Found",
+  ANONYMOUS_PUBLIC_KEY_NOT_FOUND: "Anonymous Public Key Not Found",
+  SYSTEM_PRIVATE_KEY_NOT_FOUND: "System Private Key Not Found",
+  SYSTEM_PUBLIC_KEY_NOT_FOUND: "System Public Key Not Found",
+  ADMIN_PRIVATE_KEY_NOT_FOUND: "Admin Private Key Not Found",
+  ADMIN_PUBLIC_KEY_NOT_FOUND: "Admin Public Key Not Found",
+  SECRET_TOKEN_NOT_FOUND: "Secret Token Not Found",
   ANONYMOUS_SESSION_NOT_ALLOWED: "Anonymous Session Not Allowed",
+  USER_SESSION_NOT_ALLOWED: "User Session Not Allowed",
+  SYSTEM_SESSION_NOT_ALLOWED: "System Session Not Allowed",
   INTERNAL_SERVER_ERROR: "Internal Server Error"
 });
 
@@ -427,16 +438,19 @@ var ErrorTypes_default = Object.freeze({
 var import_util = __toESM(require("util"));
 var Logger = {
   logException: (functionName, error) => {
-    console.log(`Exception Occurred in Function: ${functionName}, Error: ${import_util.default.inspect(error)}`);
+    console.error(`Exception Occurred in Function: ${functionName}, Error: ${import_util.default.inspect(error)}`);
   },
   logError: (functionName, errorMessage) => {
-    console.log(`Error Occurred in Function: ${functionName}, Error: ${import_util.default.inspect(errorMessage)}`);
+    console.error(`Error Occurred in Function: ${functionName}, Error: ${import_util.default.inspect(errorMessage)}`);
+  },
+  logWarning: (functionName, message) => {
+    console.warn(`Warning in Function: ${functionName} - ${import_util.default.inspect(message)}`);
   },
   logMessage: (functionName, message) => {
-    console.log(`Message in Function: ${functionName}, Error: ${import_util.default.inspect(message)}`);
+    console.log(`Message in Function: ${functionName} - ${import_util.default.inspect(message)}`);
   },
   logInvalidPayload: (functionName, errorMessage) => {
-    console.log(`Invalid Payload received for Function: ${functionName}, Error: ${errorMessage}`);
+    console.error(`Invalid Payload received for Function: ${functionName}, Error: ${errorMessage}`);
   }
 };
 var Logger_default = Logger;
@@ -475,6 +489,12 @@ var ResponseUtility = {
         status: error.status,
         error: error.error
       });
+    } else if (error.status && error.error) {
+      Logger_default.logException(functionName, error);
+      res.status(error.status).json({
+        ...error.error,
+        status: error.status
+      });
     } else {
       Logger_default.logException(functionName, error);
       res.status(500).json({
@@ -503,48 +523,151 @@ var response_default = ResponseUtility;
 
 // src/Auth/index.ts
 var import_assert = __toESM(require("assert"));
+var DefaultAuthUtilityConfig = {
+  maxTokenAge: "30 days",
+  userPrivateKeys: "[]",
+  userPublicKeys: "[]",
+  anonymousPrivateKeys: "[]",
+  anonymousPublicKeys: "[]",
+  systemPrivateKeys: "[]",
+  systemPublicKeys: "[]",
+  adminPrivateKeys: "[]",
+  adminPublicKeys: "[]"
+};
+var DefaultAuthMiddlewareConfig = {
+  allowAnonymous: false,
+  allowSystem: true,
+  allowUser: true
+};
 var AuthUtility = class {
-  secretToken;
   maxTokenAge;
-  anonymousPrivateKey;
-  anonymousPublicKey;
-  constructor({ secret = "", maxTokenAge = "30 days", anonymousPrivateKey = "", anonymousPublicKey = "" }) {
-    this.secretToken = secret;
+  userPrivateKeys;
+  userPublicKeys;
+  anonymousPrivateKeys;
+  anonymousPublicKeys;
+  systemPrivateKeys;
+  systemPublicKeys;
+  adminPrivateKeys;
+  adminPublicKeys;
+  constructor({ maxTokenAge = "30 days", userPrivateKeys = "[]", userPublicKeys = "[]", anonymousPrivateKeys = "[]", anonymousPublicKeys = "[]", systemPrivateKeys = "[]", systemPublicKeys = "[]", adminPrivateKeys = "[]", adminPublicKeys = "[]" } = DefaultAuthUtilityConfig) {
     this.maxTokenAge = maxTokenAge;
-    this.anonymousPrivateKey = anonymousPrivateKey;
-    this.anonymousPublicKey = anonymousPublicKey;
+    this.userPrivateKeys = JSON.parse(userPrivateKeys);
+    if (this.userPrivateKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 1 user private key provided. The last key will be used for signing.");
+    }
+    this.userPublicKeys = JSON.parse(userPublicKeys);
+    if (this.userPublicKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 3 user public keys provided. This is not recommended.");
+    }
+    this.anonymousPrivateKeys = JSON.parse(anonymousPrivateKeys);
+    if (this.anonymousPrivateKeys.length > 1) {
+      Logger_default.logWarning("AuthUtility", "More than 1 anonymous private key provided. The last key will be used for signing.");
+    }
+    this.anonymousPublicKeys = JSON.parse(anonymousPublicKeys);
+    if (this.anonymousPublicKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 3 anonymous public keys provided. This is not recommended.");
+    }
+    this.systemPrivateKeys = JSON.parse(systemPrivateKeys);
+    if (this.systemPrivateKeys.length > 1) {
+      Logger_default.logWarning("AuthUtility", "More than 1 system private key provided. The last key will be used for signing.");
+    }
+    this.systemPublicKeys = JSON.parse(systemPublicKeys);
+    if (this.systemPublicKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 3 system public keys provided. This is not recommended.");
+    }
+    this.adminPrivateKeys = JSON.parse(adminPrivateKeys);
+    if (this.adminPrivateKeys.length > 1) {
+      Logger_default.logWarning("AuthUtility", "More than 1 admin private key provided. The last key will be used for signing.");
+    }
+    this.adminPublicKeys = JSON.parse(adminPublicKeys);
+    if (this.adminPublicKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 3 admin public keys provided. This is not recommended.");
+    }
+  }
+  async createSignedJWT(payload, privateKeyString, expiration) {
+    const privateKey = await (0, import_jose.importPKCS8)(privateKeyString, "RS256");
+    const token = await new import_jose.SignJWT(payload).setProtectedHeader({ alg: "RS256" }).setExpirationTime(expiration).setIssuedAt().sign(privateKey);
+    return token;
+  }
+  async verifySignedJWT(token, publicKeyString, expiration) {
+    for (let i = publicKeyString.length - 1; i > 0; i--) {
+      try {
+        const publicKey2 = await (0, import_jose.importSPKI)(publicKeyString[i], "RS256");
+        const jwt2 = await (0, import_jose.jwtVerify)(token, publicKey2, { clockTolerance: 30, maxTokenAge: expiration });
+        return jwt2.payload;
+      } catch (error) {
+        continue;
+      }
+    }
+    const publicKey = await (0, import_jose.importSPKI)(publicKeyString[0], "RS256");
+    const jwt = await (0, import_jose.jwtVerify)(token, publicKey, { clockTolerance: 30, maxTokenAge: expiration });
+    return jwt.payload;
   }
   async createAnonymousToken(id, additionalData) {
+    (0, import_assert.default)(this.anonymousPrivateKeys.length, ErrorTypes_default.ANONYMOUS_PRIVATE_KEY_NOT_FOUND);
     (0, import_assert.default)(Utils_default.isUUID(id), ErrorTypes_default.INVALID_UUID);
     const payload = {
       id,
+      type: "Anon",
       ...additionalData
     };
-    const privateKey = await (0, import_jose.importPKCS8)(this.anonymousPrivateKey, "RS256");
-    const token = await new import_jose.SignJWT(payload).setProtectedHeader({ alg: "RS256" }).setExpirationTime(this.maxTokenAge).setIssuedAt().sign(privateKey);
-    return token;
+    return await this.createSignedJWT(payload, this.anonymousPrivateKeys[this.anonymousPrivateKeys.length - 1], this.maxTokenAge);
   }
   async verifyAnonymousToken(token) {
-    const publicKey = await (0, import_jose.importSPKI)(this.anonymousPublicKey, "RS256");
-    const jwt = await (0, import_jose.jwtVerify)(token, publicKey, { clockTolerance: 30, maxTokenAge: this.maxTokenAge });
-    return jwt.payload;
+    (0, import_assert.default)(this.anonymousPublicKeys.length, ErrorTypes_default.ANONYMOUS_PUBLIC_KEY_NOT_FOUND);
+    const payload = await this.verifySignedJWT(token, this.anonymousPublicKeys, this.maxTokenAge);
+    (0, import_assert.default)(payload.type === "Anon", ErrorTypes_default.INVALID_AUTH_TYPE);
+    return payload;
   }
-  async createToken(id, additionalData) {
+  async createUserToken(id, additionalData) {
+    (0, import_assert.default)(this.userPrivateKeys.length, ErrorTypes_default.USER_PRIVATE_KEY_NOT_FOUND);
     (0, import_assert.default)(Utils_default.isUUID(id), ErrorTypes_default.INVALID_UUID);
     const payload = {
       id,
+      type: "User",
       ...additionalData
     };
-    const secretKey = Buffer.from(this.secretToken, "hex");
-    const token = await new import_jose.EncryptJWT(payload).setExpirationTime(this.maxTokenAge).setIssuedAt().setProtectedHeader({ alg: "dir", enc: "A256CBC-HS512" }).encrypt(secretKey);
-    return token;
+    return await this.createSignedJWT(payload, this.userPrivateKeys[this.userPrivateKeys.length - 1], this.maxTokenAge);
   }
-  async verifyToken(token) {
-    const secretKey = Buffer.from(this.secretToken, "hex");
-    const jwt = await (0, import_jose.jwtDecrypt)(token, secretKey, { clockTolerance: 30, maxTokenAge: this.maxTokenAge });
-    return jwt.payload;
+  async verifyUserToken(token) {
+    (0, import_assert.default)(this.userPublicKeys.length, ErrorTypes_default.USER_PUBLIC_KEY_NOT_FOUND);
+    const payload = await this.verifySignedJWT(token, this.userPublicKeys, this.maxTokenAge);
+    (0, import_assert.default)(payload.type === "User", ErrorTypes_default.INVALID_AUTH_TYPE);
+    return payload;
+  }
+  async createSystemToken(id, additionalData) {
+    (0, import_assert.default)(this.userPrivateKeys.length, ErrorTypes_default.USER_PRIVATE_KEY_NOT_FOUND);
+    (0, import_assert.default)(Utils_default.isUUID(id), ErrorTypes_default.INVALID_UUID);
+    const payload = {
+      id,
+      type: "System",
+      ...additionalData
+    };
+    return await this.createSignedJWT(payload, this.systemPrivateKeys[this.systemPrivateKeys.length - 1], "5 min");
+  }
+  async verifySystemToken(token) {
+    (0, import_assert.default)(this.systemPublicKeys.length, ErrorTypes_default.USER_PUBLIC_KEY_NOT_FOUND);
+    const payload = await this.verifySignedJWT(token, this.systemPublicKeys, "5 min");
+    (0, import_assert.default)(payload.type === "System", ErrorTypes_default.INVALID_AUTH_TYPE);
+    return payload;
   }
-  AuthMiddleware(allowAnonymous) {
+  async createAdminToken(id, additionalData) {
+    (0, import_assert.default)(this.adminPrivateKeys.length, ErrorTypes_default.ADMIN_PRIVATE_KEY_NOT_FOUND);
+    (0, import_assert.default)(Utils_default.isUUID(id), ErrorTypes_default.INVALID_UUID);
+    const payload = {
+      id,
+      type: "Admin",
+      ...additionalData
+    };
+    return await this.createSignedJWT(payload, this.adminPrivateKeys[this.adminPrivateKeys.length - 1], this.maxTokenAge);
+  }
+  async verifyAdminToken(token) {
+    (0, import_assert.default)(this.adminPublicKeys.length, ErrorTypes_default.ADMIN_PUBLIC_KEY_NOT_FOUND);
+    const payload = await this.verifySignedJWT(token, this.adminPublicKeys, this.maxTokenAge);
+    (0, import_assert.default)(payload.type === "Admin", ErrorTypes_default.INVALID_AUTH_TYPE);
+    return payload;
+  }
+  AuthMiddleware({ allowAnonymous, allowSystem, allowUser } = DefaultAuthMiddlewareConfig) {
     return async (req, res, next) => {
       try {
         const [authType, token] = req.get("Authorization")?.split(" ");
@@ -555,17 +678,27 @@ var AuthUtility = class {
         switch (authType) {
           case "Anon":
             if (!allowAnonymous) {
-              throw response_default.generateError(403, ErrorTypes_default.ANONYMOUS_SESSION_NOT_ALLOWED, true, true);
+              throw response_default.generateError(403, ErrorTypes_default.ANONYMOUS_SESSION_NOT_ALLOWED);
             }
             payload = await this.verifyAnonymousToken(token);
             break;
           case "User":
-            payload = await this.verifyToken(token);
+            if (!allowUser) {
+              throw response_default.generateError(403, ErrorTypes_default.USER_SESSION_NOT_ALLOWED);
+            }
+            payload = await this.verifyUserToken(token);
             break;
           case "System":
+            if (!allowSystem) {
+              throw response_default.generateError(403, ErrorTypes_default.SYSTEM_SESSION_NOT_ALLOWED);
+            }
+            payload = await this.verifySystemToken(token);
+            break;
+          case "Admin":
+            payload = await this.verifyAdminToken(token);
             break;
           default:
-            throw response_default.generateError(403, ErrorTypes_default.INVALID_AUTH_TYPE, true, true);
+            throw response_default.generateError(403, ErrorTypes_default.INVALID_AUTH_TYPE);
         }
         res.locals.auth = {
           authType,
@@ -575,7 +708,7 @@ var AuthUtility = class {
         next();
       } catch (error) {
         Logger_default.logError("AuthMiddleware", import_util2.default.inspect(error));
-        response_default.handleException("AuthMiddleware", response_default.generateError(401, ErrorTypes_default.TOKEN_EXPIRED), res);
+        response_default.handleException("AuthMiddleware", response_default.generateError(401, error.error ? error.error : ErrorTypes_default.TOKEN_EXPIRED, true), res);
       }
     };
   }

package/dist/index.mjs

@@ -383,7 +383,7 @@ var Schema = {
 var Schema_default = Schema;
 
 // src/Auth/index.ts
-import { EncryptJWT, importPKCS8, importSPKI, jwtDecrypt, jwtVerify, SignJWT } from "jose";
+import { importPKCS8, importSPKI, jwtVerify, SignJWT } from "jose";
 import util2 from "util";
 
 // src/enums/ErrorTypes.ts
@@ -392,7 +392,18 @@ var ErrorTypes_default = Object.freeze({
   INVALID_TOKEN: "Invalid Token",
   TOKEN_EXPIRED: "Token Expired",
   INVALID_AUTH_TYPE: "Invalid Authorization Type",
+  USER_PRIVATE_KEY_NOT_FOUND: "User Private Key Not Found",
+  USER_PUBLIC_KEY_NOT_FOUND: "User Public Key Not Found",
+  ANONYMOUS_PRIVATE_KEY_NOT_FOUND: "Anonymous Private Key Not Found",
+  ANONYMOUS_PUBLIC_KEY_NOT_FOUND: "Anonymous Public Key Not Found",
+  SYSTEM_PRIVATE_KEY_NOT_FOUND: "System Private Key Not Found",
+  SYSTEM_PUBLIC_KEY_NOT_FOUND: "System Public Key Not Found",
+  ADMIN_PRIVATE_KEY_NOT_FOUND: "Admin Private Key Not Found",
+  ADMIN_PUBLIC_KEY_NOT_FOUND: "Admin Public Key Not Found",
+  SECRET_TOKEN_NOT_FOUND: "Secret Token Not Found",
   ANONYMOUS_SESSION_NOT_ALLOWED: "Anonymous Session Not Allowed",
+  USER_SESSION_NOT_ALLOWED: "User Session Not Allowed",
+  SYSTEM_SESSION_NOT_ALLOWED: "System Session Not Allowed",
   INTERNAL_SERVER_ERROR: "Internal Server Error"
 });
 
@@ -400,16 +411,19 @@ var ErrorTypes_default = Object.freeze({
 import util from "util";
 var Logger = {
   logException: (functionName, error) => {
-    console.log(`Exception Occurred in Function: ${functionName}, Error: ${util.inspect(error)}`);
+    console.error(`Exception Occurred in Function: ${functionName}, Error: ${util.inspect(error)}`);
   },
   logError: (functionName, errorMessage) => {
-    console.log(`Error Occurred in Function: ${functionName}, Error: ${util.inspect(errorMessage)}`);
+    console.error(`Error Occurred in Function: ${functionName}, Error: ${util.inspect(errorMessage)}`);
+  },
+  logWarning: (functionName, message) => {
+    console.warn(`Warning in Function: ${functionName} - ${util.inspect(message)}`);
   },
   logMessage: (functionName, message) => {
-    console.log(`Message in Function: ${functionName}, Error: ${util.inspect(message)}`);
+    console.log(`Message in Function: ${functionName} - ${util.inspect(message)}`);
   },
   logInvalidPayload: (functionName, errorMessage) => {
-    console.log(`Invalid Payload received for Function: ${functionName}, Error: ${errorMessage}`);
+    console.error(`Invalid Payload received for Function: ${functionName}, Error: ${errorMessage}`);
   }
 };
 var Logger_default = Logger;
@@ -448,6 +462,12 @@ var ResponseUtility = {
         status: error.status,
         error: error.error
       });
+    } else if (error.status && error.error) {
+      Logger_default.logException(functionName, error);
+      res.status(error.status).json({
+        ...error.error,
+        status: error.status
+      });
     } else {
       Logger_default.logException(functionName, error);
       res.status(500).json({
@@ -476,48 +496,151 @@ var response_default = ResponseUtility;
 
 // src/Auth/index.ts
 import assert from "assert";
+var DefaultAuthUtilityConfig = {
+  maxTokenAge: "30 days",
+  userPrivateKeys: "[]",
+  userPublicKeys: "[]",
+  anonymousPrivateKeys: "[]",
+  anonymousPublicKeys: "[]",
+  systemPrivateKeys: "[]",
+  systemPublicKeys: "[]",
+  adminPrivateKeys: "[]",
+  adminPublicKeys: "[]"
+};
+var DefaultAuthMiddlewareConfig = {
+  allowAnonymous: false,
+  allowSystem: true,
+  allowUser: true
+};
 var AuthUtility = class {
-  secretToken;
   maxTokenAge;
-  anonymousPrivateKey;
-  anonymousPublicKey;
-  constructor({ secret = "", maxTokenAge = "30 days", anonymousPrivateKey = "", anonymousPublicKey = "" }) {
-    this.secretToken = secret;
+  userPrivateKeys;
+  userPublicKeys;
+  anonymousPrivateKeys;
+  anonymousPublicKeys;
+  systemPrivateKeys;
+  systemPublicKeys;
+  adminPrivateKeys;
+  adminPublicKeys;
+  constructor({ maxTokenAge = "30 days", userPrivateKeys = "[]", userPublicKeys = "[]", anonymousPrivateKeys = "[]", anonymousPublicKeys = "[]", systemPrivateKeys = "[]", systemPublicKeys = "[]", adminPrivateKeys = "[]", adminPublicKeys = "[]" } = DefaultAuthUtilityConfig) {
     this.maxTokenAge = maxTokenAge;
-    this.anonymousPrivateKey = anonymousPrivateKey;
-    this.anonymousPublicKey = anonymousPublicKey;
+    this.userPrivateKeys = JSON.parse(userPrivateKeys);
+    if (this.userPrivateKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 1 user private key provided. The last key will be used for signing.");
+    }
+    this.userPublicKeys = JSON.parse(userPublicKeys);
+    if (this.userPublicKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 3 user public keys provided. This is not recommended.");
+    }
+    this.anonymousPrivateKeys = JSON.parse(anonymousPrivateKeys);
+    if (this.anonymousPrivateKeys.length > 1) {
+      Logger_default.logWarning("AuthUtility", "More than 1 anonymous private key provided. The last key will be used for signing.");
+    }
+    this.anonymousPublicKeys = JSON.parse(anonymousPublicKeys);
+    if (this.anonymousPublicKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 3 anonymous public keys provided. This is not recommended.");
+    }
+    this.systemPrivateKeys = JSON.parse(systemPrivateKeys);
+    if (this.systemPrivateKeys.length > 1) {
+      Logger_default.logWarning("AuthUtility", "More than 1 system private key provided. The last key will be used for signing.");
+    }
+    this.systemPublicKeys = JSON.parse(systemPublicKeys);
+    if (this.systemPublicKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 3 system public keys provided. This is not recommended.");
+    }
+    this.adminPrivateKeys = JSON.parse(adminPrivateKeys);
+    if (this.adminPrivateKeys.length > 1) {
+      Logger_default.logWarning("AuthUtility", "More than 1 admin private key provided. The last key will be used for signing.");
+    }
+    this.adminPublicKeys = JSON.parse(adminPublicKeys);
+    if (this.adminPublicKeys.length > 3) {
+      Logger_default.logWarning("AuthUtility", "More than 3 admin public keys provided. This is not recommended.");
+    }
+  }
+  async createSignedJWT(payload, privateKeyString, expiration) {
+    const privateKey = await importPKCS8(privateKeyString, "RS256");
+    const token = await new SignJWT(payload).setProtectedHeader({ alg: "RS256" }).setExpirationTime(expiration).setIssuedAt().sign(privateKey);
+    return token;
+  }
+  async verifySignedJWT(token, publicKeyString, expiration) {
+    for (let i = publicKeyString.length - 1; i > 0; i--) {
+      try {
+        const publicKey2 = await importSPKI(publicKeyString[i], "RS256");
+        const jwt2 = await jwtVerify(token, publicKey2, { clockTolerance: 30, maxTokenAge: expiration });
+        return jwt2.payload;
+      } catch (error) {
+        continue;
+      }
+    }
+    const publicKey = await importSPKI(publicKeyString[0], "RS256");
+    const jwt = await jwtVerify(token, publicKey, { clockTolerance: 30, maxTokenAge: expiration });
+    return jwt.payload;
   }
   async createAnonymousToken(id, additionalData) {
+    assert(this.anonymousPrivateKeys.length, ErrorTypes_default.ANONYMOUS_PRIVATE_KEY_NOT_FOUND);
     assert(Utils_default.isUUID(id), ErrorTypes_default.INVALID_UUID);
     const payload = {
       id,
+      type: "Anon",
       ...additionalData
     };
-    const privateKey = await importPKCS8(this.anonymousPrivateKey, "RS256");
-    const token = await new SignJWT(payload).setProtectedHeader({ alg: "RS256" }).setExpirationTime(this.maxTokenAge).setIssuedAt().sign(privateKey);
-    return token;
+    return await this.createSignedJWT(payload, this.anonymousPrivateKeys[this.anonymousPrivateKeys.length - 1], this.maxTokenAge);
   }
   async verifyAnonymousToken(token) {
-    const publicKey = await importSPKI(this.anonymousPublicKey, "RS256");
-    const jwt = await jwtVerify(token, publicKey, { clockTolerance: 30, maxTokenAge: this.maxTokenAge });
-    return jwt.payload;
+    assert(this.anonymousPublicKeys.length, ErrorTypes_default.ANONYMOUS_PUBLIC_KEY_NOT_FOUND);
+    const payload = await this.verifySignedJWT(token, this.anonymousPublicKeys, this.maxTokenAge);
+    assert(payload.type === "Anon", ErrorTypes_default.INVALID_AUTH_TYPE);
+    return payload;
   }
-  async createToken(id, additionalData) {
+  async createUserToken(id, additionalData) {
+    assert(this.userPrivateKeys.length, ErrorTypes_default.USER_PRIVATE_KEY_NOT_FOUND);
     assert(Utils_default.isUUID(id), ErrorTypes_default.INVALID_UUID);
     const payload = {
       id,
+      type: "User",
       ...additionalData
     };
-    const secretKey = Buffer.from(this.secretToken, "hex");
-    const token = await new EncryptJWT(payload).setExpirationTime(this.maxTokenAge).setIssuedAt().setProtectedHeader({ alg: "dir", enc: "A256CBC-HS512" }).encrypt(secretKey);
-    return token;
+    return await this.createSignedJWT(payload, this.userPrivateKeys[this.userPrivateKeys.length - 1], this.maxTokenAge);
   }
-  async verifyToken(token) {
-    const secretKey = Buffer.from(this.secretToken, "hex");
-    const jwt = await jwtDecrypt(token, secretKey, { clockTolerance: 30, maxTokenAge: this.maxTokenAge });
-    return jwt.payload;
+  async verifyUserToken(token) {
+    assert(this.userPublicKeys.length, ErrorTypes_default.USER_PUBLIC_KEY_NOT_FOUND);
+    const payload = await this.verifySignedJWT(token, this.userPublicKeys, this.maxTokenAge);
+    assert(payload.type === "User", ErrorTypes_default.INVALID_AUTH_TYPE);
+    return payload;
+  }
+  async createSystemToken(id, additionalData) {
+    assert(this.userPrivateKeys.length, ErrorTypes_default.USER_PRIVATE_KEY_NOT_FOUND);
+    assert(Utils_default.isUUID(id), ErrorTypes_default.INVALID_UUID);
+    const payload = {
+      id,
+      type: "System",
+      ...additionalData
+    };
+    return await this.createSignedJWT(payload, this.systemPrivateKeys[this.systemPrivateKeys.length - 1], "5 min");
+  }
+  async verifySystemToken(token) {
+    assert(this.systemPublicKeys.length, ErrorTypes_default.USER_PUBLIC_KEY_NOT_FOUND);
+    const payload = await this.verifySignedJWT(token, this.systemPublicKeys, "5 min");
+    assert(payload.type === "System", ErrorTypes_default.INVALID_AUTH_TYPE);
+    return payload;
   }
-  AuthMiddleware(allowAnonymous) {
+  async createAdminToken(id, additionalData) {
+    assert(this.adminPrivateKeys.length, ErrorTypes_default.ADMIN_PRIVATE_KEY_NOT_FOUND);
+    assert(Utils_default.isUUID(id), ErrorTypes_default.INVALID_UUID);
+    const payload = {
+      id,
+      type: "Admin",
+      ...additionalData
+    };
+    return await this.createSignedJWT(payload, this.adminPrivateKeys[this.adminPrivateKeys.length - 1], this.maxTokenAge);
+  }
+  async verifyAdminToken(token) {
+    assert(this.adminPublicKeys.length, ErrorTypes_default.ADMIN_PUBLIC_KEY_NOT_FOUND);
+    const payload = await this.verifySignedJWT(token, this.adminPublicKeys, this.maxTokenAge);
+    assert(payload.type === "Admin", ErrorTypes_default.INVALID_AUTH_TYPE);
+    return payload;
+  }
+  AuthMiddleware({ allowAnonymous, allowSystem, allowUser } = DefaultAuthMiddlewareConfig) {
     return async (req, res, next) => {
       try {
         const [authType, token] = req.get("Authorization")?.split(" ");
@@ -528,17 +651,27 @@ var AuthUtility = class {
         switch (authType) {
           case "Anon":
             if (!allowAnonymous) {
-              throw response_default.generateError(403, ErrorTypes_default.ANONYMOUS_SESSION_NOT_ALLOWED, true, true);
+              throw response_default.generateError(403, ErrorTypes_default.ANONYMOUS_SESSION_NOT_ALLOWED);
             }
             payload = await this.verifyAnonymousToken(token);
             break;
           case "User":
-            payload = await this.verifyToken(token);
+            if (!allowUser) {
+              throw response_default.generateError(403, ErrorTypes_default.USER_SESSION_NOT_ALLOWED);
+            }
+            payload = await this.verifyUserToken(token);
             break;
           case "System":
+            if (!allowSystem) {
+              throw response_default.generateError(403, ErrorTypes_default.SYSTEM_SESSION_NOT_ALLOWED);
+            }
+            payload = await this.verifySystemToken(token);
+            break;
+          case "Admin":
+            payload = await this.verifyAdminToken(token);
             break;
           default:
-            throw response_default.generateError(403, ErrorTypes_default.INVALID_AUTH_TYPE, true, true);
+            throw response_default.generateError(403, ErrorTypes_default.INVALID_AUTH_TYPE);
         }
         res.locals.auth = {
           authType,
@@ -548,7 +681,7 @@ var AuthUtility = class {
         next();
       } catch (error) {
         Logger_default.logError("AuthMiddleware", util2.inspect(error));
-        response_default.handleException("AuthMiddleware", response_default.generateError(401, ErrorTypes_default.TOKEN_EXPIRED), res);
+        response_default.handleException("AuthMiddleware", response_default.generateError(401, error.error ? error.error : ErrorTypes_default.TOKEN_EXPIRED, true), res);
       }
     };
   }
@@ -605,7 +738,7 @@ export {
   Dynamodb_default as DynamoDB,
   fetch_default as Fetch,
   Logger_default as Logger,
-  Utils_default as ResponseUtility,
+  response_default as ResponseUtility,
   Schema_default as Schema,
   Utils_default as Utils
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "b23-lib",
-  "version": "1.1.1",
+  "version": "1.2.1",
   "description": "This repo hold common classes, type and util functiona",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",