binoauth 0.0.11 → 0.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +359 -165
- package/dist/core/src/admin/client.d.ts +203 -0
- package/dist/core/src/admin/client.d.ts.map +1 -0
- package/dist/core/src/admin/client.js +391 -0
- package/dist/core/src/admin/client.js.map +1 -0
- package/dist/core/src/admin/index.d.ts +6 -0
- package/dist/core/src/admin/index.d.ts.map +1 -0
- package/dist/core/src/admin/index.js +5 -0
- package/dist/core/src/admin/index.js.map +1 -0
- package/dist/core/src/admin/types.d.ts +412 -0
- package/dist/core/src/admin/types.d.ts.map +1 -0
- package/dist/core/src/admin/types.js +5 -0
- package/dist/core/src/admin/types.js.map +1 -0
- package/dist/core/src/auth/client.d.ts +330 -0
- package/dist/core/src/auth/client.d.ts.map +1 -0
- package/dist/core/src/auth/client.js +408 -0
- package/dist/core/src/auth/client.js.map +1 -0
- package/dist/core/src/auth/error.d.ts +113 -0
- package/dist/core/src/auth/error.d.ts.map +1 -0
- package/dist/core/src/auth/error.js +257 -0
- package/dist/core/src/auth/error.js.map +1 -0
- package/dist/core/src/auth/flows/base-flow.d.ts +98 -0
- package/dist/core/src/auth/flows/base-flow.d.ts.map +1 -0
- package/dist/core/src/auth/flows/base-flow.js +182 -0
- package/dist/core/src/auth/flows/base-flow.js.map +1 -0
- package/dist/core/src/auth/flows/magic-link.d.ts +175 -0
- package/dist/core/src/auth/flows/magic-link.d.ts.map +1 -0
- package/dist/core/src/auth/flows/magic-link.js +228 -0
- package/dist/core/src/auth/flows/magic-link.js.map +1 -0
- package/dist/core/src/auth/flows/mfa.d.ts +81 -0
- package/dist/core/src/auth/flows/mfa.d.ts.map +1 -0
- package/dist/core/src/auth/flows/mfa.js +103 -0
- package/dist/core/src/auth/flows/mfa.js.map +1 -0
- package/dist/core/src/auth/flows/otp.d.ts +172 -0
- package/dist/core/src/auth/flows/otp.d.ts.map +1 -0
- package/dist/core/src/auth/flows/otp.js +222 -0
- package/dist/core/src/auth/flows/otp.js.map +1 -0
- package/dist/core/src/auth/flows/password.d.ts +242 -0
- package/dist/core/src/auth/flows/password.d.ts.map +1 -0
- package/dist/core/src/auth/flows/password.js +344 -0
- package/dist/core/src/auth/flows/password.js.map +1 -0
- package/dist/core/src/auth/flows/social.d.ts +209 -0
- package/dist/core/src/auth/flows/social.d.ts.map +1 -0
- package/dist/core/src/auth/flows/social.js +284 -0
- package/dist/core/src/auth/flows/social.js.map +1 -0
- package/dist/core/src/auth/index.d.ts +19 -0
- package/dist/core/src/auth/index.d.ts.map +1 -0
- package/dist/core/src/auth/index.js +32 -0
- package/dist/core/src/auth/index.js.map +1 -0
- package/dist/core/src/auth/types.d.ts +151 -0
- package/dist/core/src/auth/types.d.ts.map +1 -0
- package/dist/core/src/auth/types.js +7 -0
- package/dist/core/src/auth/types.js.map +1 -0
- package/dist/core/src/index.d.ts +53 -49
- package/dist/core/src/index.d.ts.map +1 -1
- package/dist/core/src/index.js +61 -343
- package/dist/core/src/index.js.map +1 -1
- package/dist/core/src/oauth/client.d.ts +322 -0
- package/dist/core/src/oauth/client.d.ts.map +1 -0
- package/dist/core/src/oauth/client.js +491 -0
- package/dist/core/src/oauth/client.js.map +1 -0
- package/dist/core/src/oauth/error.d.ts +18 -0
- package/dist/core/src/oauth/error.d.ts.map +1 -0
- package/dist/core/src/oauth/error.js +24 -0
- package/dist/core/src/oauth/error.js.map +1 -0
- package/dist/core/src/oauth/flows/authorization-code.d.ts +122 -0
- package/dist/core/src/oauth/flows/authorization-code.d.ts.map +1 -0
- package/dist/core/src/oauth/flows/authorization-code.js +278 -0
- package/dist/core/src/oauth/flows/authorization-code.js.map +1 -0
- package/dist/core/src/oauth/flows/base-flow.d.ts +17 -0
- package/dist/core/src/oauth/flows/base-flow.d.ts.map +1 -0
- package/dist/core/src/oauth/flows/base-flow.js +107 -0
- package/dist/core/src/oauth/flows/base-flow.js.map +1 -0
- package/dist/core/src/oauth/flows/client-credentials.d.ts +72 -0
- package/dist/core/src/oauth/flows/client-credentials.d.ts.map +1 -0
- package/dist/core/src/oauth/flows/client-credentials.js +100 -0
- package/dist/core/src/oauth/flows/client-credentials.js.map +1 -0
- package/dist/core/src/oauth/flows/device-code.d.ts +108 -0
- package/dist/core/src/oauth/flows/device-code.d.ts.map +1 -0
- package/dist/core/src/oauth/flows/device-code.js +193 -0
- package/dist/core/src/oauth/flows/device-code.js.map +1 -0
- package/dist/core/src/oauth/flows/refresh-token.d.ts +59 -0
- package/dist/core/src/oauth/flows/refresh-token.d.ts.map +1 -0
- package/dist/core/src/oauth/flows/refresh-token.js +105 -0
- package/dist/core/src/oauth/flows/refresh-token.js.map +1 -0
- package/dist/core/src/oauth/index.d.ts +12 -0
- package/dist/core/src/oauth/index.d.ts.map +1 -0
- package/dist/core/src/oauth/index.js +11 -0
- package/dist/core/src/oauth/index.js.map +1 -0
- package/dist/core/src/oauth/storage/encryption.d.ts +12 -0
- package/dist/core/src/oauth/storage/encryption.d.ts.map +1 -0
- package/dist/core/src/oauth/storage/encryption.js +76 -0
- package/dist/core/src/oauth/storage/encryption.js.map +1 -0
- package/dist/core/src/oauth/storage/index.d.ts +201 -0
- package/dist/core/src/oauth/storage/index.d.ts.map +1 -0
- package/dist/core/src/oauth/storage/index.js +322 -0
- package/dist/core/src/oauth/storage/index.js.map +1 -0
- package/dist/core/src/oauth/storage/strategies.d.ts +34 -0
- package/dist/core/src/oauth/storage/strategies.d.ts.map +1 -0
- package/dist/core/src/oauth/storage/strategies.js +100 -0
- package/dist/core/src/oauth/storage/strategies.js.map +1 -0
- package/dist/core/src/oauth/types.d.ts +261 -0
- package/dist/core/src/oauth/types.d.ts.map +1 -0
- package/dist/core/src/oauth/types.js +39 -0
- package/dist/core/src/oauth/types.js.map +1 -0
- package/dist/core/src/oauth/utils.d.ts +56 -0
- package/dist/core/src/oauth/utils.d.ts.map +1 -0
- package/dist/core/src/oauth/utils.js +140 -0
- package/dist/core/src/oauth/utils.js.map +1 -0
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,201 @@
|
|
|
1
|
+
import type { StorageConfig, StorageStrategy, Token, TokenSet } from "../types";
|
|
2
|
+
import { Encryptor } from "./encryption";
|
|
3
|
+
type TokenType = "access_token" | "refresh_token" | "id_token" | "state" | "verifier";
|
|
4
|
+
/**
|
|
5
|
+
* Secure token storage with encryption support
|
|
6
|
+
*
|
|
7
|
+
* Manages OAuth tokens with automatic encryption, storage strategy selection,
|
|
8
|
+
* and secure token operations. Supports multiple storage backends including
|
|
9
|
+
* memory, localStorage, sessionStorage, and secure cookies.
|
|
10
|
+
*
|
|
11
|
+
* Features:
|
|
12
|
+
* - Automatic token encryption/decryption
|
|
13
|
+
* - Multiple storage strategies (memory, web storage, secure cookies)
|
|
14
|
+
* - Token expiration checking
|
|
15
|
+
* - Secure token clearing
|
|
16
|
+
* - Cross-platform compatibility (browser/Node.js)
|
|
17
|
+
*
|
|
18
|
+
* @example
|
|
19
|
+
* ```typescript
|
|
20
|
+
* import { TokenStorage, InMemoryTokenStorage } from 'binoauth';
|
|
21
|
+
*
|
|
22
|
+
* // Basic configuration
|
|
23
|
+
* const storage = new TokenStorage({
|
|
24
|
+
* clientId: 'your_client_id',
|
|
25
|
+
* encryptionKey: 'your-32-char-encryption-key-here!',
|
|
26
|
+
* storage: 'localStorage',
|
|
27
|
+
* secure: true
|
|
28
|
+
* });
|
|
29
|
+
*
|
|
30
|
+
* // Store tokens
|
|
31
|
+
* await storage.setTokens({
|
|
32
|
+
* accessToken: { value: 'access_token_jwt', expiresAt: Date.now() + 3600000 },
|
|
33
|
+
* refreshToken: { value: 'refresh_token_jwt', expiresAt: Date.now() + 86400000 }
|
|
34
|
+
* });
|
|
35
|
+
*
|
|
36
|
+
* // Retrieve tokens
|
|
37
|
+
* const accessToken = await storage.getAccessToken();
|
|
38
|
+
* if (accessToken && !storage.isTokenExpired(accessToken)) {
|
|
39
|
+
* console.log('Valid access token:', accessToken.value);
|
|
40
|
+
* }
|
|
41
|
+
*
|
|
42
|
+
* // Clear all tokens
|
|
43
|
+
* storage.clearTokens();
|
|
44
|
+
* ```
|
|
45
|
+
*
|
|
46
|
+
* @example
|
|
47
|
+
* ```typescript
|
|
48
|
+
* // Using pre-configured storage strategies
|
|
49
|
+
* import { InMemoryTokenStorage, LocalStorageTokenStorage } from 'binoauth';
|
|
50
|
+
*
|
|
51
|
+
* // In-memory storage (for server-side or testing)
|
|
52
|
+
* const memoryStorage = new InMemoryTokenStorage({
|
|
53
|
+
* clientId: 'your_client_id',
|
|
54
|
+
* encryptionKey: 'your-encryption-key'
|
|
55
|
+
* });
|
|
56
|
+
*
|
|
57
|
+
* // localStorage storage (for browsers)
|
|
58
|
+
* const localStorageStorage = new LocalStorageTokenStorage({
|
|
59
|
+
* clientId: 'your_client_id',
|
|
60
|
+
* encryptionKey: 'your-encryption-key'
|
|
61
|
+
* });
|
|
62
|
+
* ```
|
|
63
|
+
*/
|
|
64
|
+
export declare class TokenStorage {
|
|
65
|
+
protected config: StorageConfig;
|
|
66
|
+
protected strategy: StorageStrategy;
|
|
67
|
+
protected readonly prefix: string;
|
|
68
|
+
protected encryptor: Encryptor;
|
|
69
|
+
protected readonly isBrowser: boolean;
|
|
70
|
+
protected encryptorInitialized: boolean;
|
|
71
|
+
/**
|
|
72
|
+
* Creates a new TokenStorage instance
|
|
73
|
+
*
|
|
74
|
+
* @param config - Storage configuration including encryption key and storage type
|
|
75
|
+
*
|
|
76
|
+
* @example
|
|
77
|
+
* ```typescript
|
|
78
|
+
* const storage = new TokenStorage({
|
|
79
|
+
* clientId: 'your_client_id',
|
|
80
|
+
* encryptionKey: 'your-32-char-encryption-key-here!',
|
|
81
|
+
* storage: 'localStorage', // 'memory', 'localStorage', 'sessionStorage'
|
|
82
|
+
* prefix: 'myapp_auth_', // optional custom prefix
|
|
83
|
+
* secure: true // enables secure cookies in browser
|
|
84
|
+
* });
|
|
85
|
+
* ```
|
|
86
|
+
*
|
|
87
|
+
* @throws {Error} When encryptionKey is missing from config
|
|
88
|
+
*/
|
|
89
|
+
constructor(config: StorageConfig);
|
|
90
|
+
protected initializeEncryptor(): Promise<void>;
|
|
91
|
+
/**
|
|
92
|
+
* Sets a custom storage strategy
|
|
93
|
+
*
|
|
94
|
+
* @param strategy - Storage strategy implementation
|
|
95
|
+
*
|
|
96
|
+
* @example
|
|
97
|
+
* ```typescript
|
|
98
|
+
* import { MemoryStorageStrategy } from 'binoauth';
|
|
99
|
+
*
|
|
100
|
+
* const customStrategy = new MemoryStorageStrategy();
|
|
101
|
+
* storage.setStrategy(customStrategy);
|
|
102
|
+
* ```
|
|
103
|
+
*/
|
|
104
|
+
setStrategy(strategy: StorageStrategy): void;
|
|
105
|
+
/**
|
|
106
|
+
* Gets the current storage strategy
|
|
107
|
+
*
|
|
108
|
+
* @returns The current storage strategy instance
|
|
109
|
+
*/
|
|
110
|
+
getStrategy(): StorageStrategy;
|
|
111
|
+
protected createDefaultStrategy(): StorageStrategy;
|
|
112
|
+
getPrefix(): string;
|
|
113
|
+
protected generatePrefix(config: StorageConfig): string;
|
|
114
|
+
protected safeCreateWebStorage(getStorage: () => Storage): StorageStrategy;
|
|
115
|
+
protected getKey(key: string): string;
|
|
116
|
+
/**
|
|
117
|
+
* Stores encrypted tokens in the configured storage
|
|
118
|
+
*
|
|
119
|
+
* @param tokens - Set of tokens to store
|
|
120
|
+
*
|
|
121
|
+
* @example
|
|
122
|
+
* ```typescript
|
|
123
|
+
* await storage.setTokens({
|
|
124
|
+
* accessToken: {
|
|
125
|
+
* value: 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...',
|
|
126
|
+
* expiresAt: Date.now() + 3600000
|
|
127
|
+
* },
|
|
128
|
+
* refreshToken: {
|
|
129
|
+
* value: 'refresh_token_jwt',
|
|
130
|
+
* expiresAt: Date.now() + 86400000
|
|
131
|
+
* }
|
|
132
|
+
* });
|
|
133
|
+
* ```
|
|
134
|
+
*
|
|
135
|
+
* @throws {Error} When token storage fails
|
|
136
|
+
*/
|
|
137
|
+
setTokens(tokens: TokenSet): Promise<void>;
|
|
138
|
+
getToken(type: TokenType): Promise<Token | null>;
|
|
139
|
+
/**
|
|
140
|
+
* Retrieves and decrypts the access token
|
|
141
|
+
*
|
|
142
|
+
* @returns Promise resolving to access token or null if not found
|
|
143
|
+
*
|
|
144
|
+
* @example
|
|
145
|
+
* ```typescript
|
|
146
|
+
* const accessToken = await storage.getAccessToken();
|
|
147
|
+
* if (accessToken && !storage.isTokenExpired(accessToken)) {
|
|
148
|
+
* console.log('Valid token:', accessToken.value);
|
|
149
|
+
* }
|
|
150
|
+
* ```
|
|
151
|
+
*/
|
|
152
|
+
getAccessToken(): Promise<Token | null>;
|
|
153
|
+
/**
|
|
154
|
+
* Retrieves and decrypts the refresh token
|
|
155
|
+
*
|
|
156
|
+
* @returns Promise resolving to refresh token or null if not found
|
|
157
|
+
*/
|
|
158
|
+
getRefreshToken(): Promise<Token | null>;
|
|
159
|
+
/**
|
|
160
|
+
* Retrieves and decrypts the ID token
|
|
161
|
+
*
|
|
162
|
+
* @returns Promise resolving to ID token or null if not found
|
|
163
|
+
*/
|
|
164
|
+
getIdToken(): Promise<Token | null>;
|
|
165
|
+
getStateToken(): Promise<Token | null>;
|
|
166
|
+
getVerifierToken(): Promise<Token | null>;
|
|
167
|
+
/**
|
|
168
|
+
* Clears all stored tokens
|
|
169
|
+
*
|
|
170
|
+
* @example
|
|
171
|
+
* ```typescript
|
|
172
|
+
* // Clear all tokens on logout
|
|
173
|
+
* storage.clearTokens();
|
|
174
|
+
* ```
|
|
175
|
+
*/
|
|
176
|
+
clearTokens(): void;
|
|
177
|
+
/**
|
|
178
|
+
* Clears only state and verifier tokens (used after OAuth callback)
|
|
179
|
+
*/
|
|
180
|
+
clearStateAndVerifier(): void;
|
|
181
|
+
/**
|
|
182
|
+
* Checks if a token is expired
|
|
183
|
+
*
|
|
184
|
+
* @param token - Token to check
|
|
185
|
+
* @returns True if token is expired or null, false if still valid
|
|
186
|
+
*
|
|
187
|
+
* @example
|
|
188
|
+
* ```typescript
|
|
189
|
+
* const accessToken = await storage.getAccessToken();
|
|
190
|
+
* if (storage.isTokenExpired(accessToken)) {
|
|
191
|
+
* console.log('Token expired, need to refresh');
|
|
192
|
+
* }
|
|
193
|
+
* ```
|
|
194
|
+
*/
|
|
195
|
+
isTokenExpired(token: Token | null): boolean;
|
|
196
|
+
setItem(key: string, value: string): void;
|
|
197
|
+
getItem(key: string): string | null;
|
|
198
|
+
removeItem(key: string): void;
|
|
199
|
+
}
|
|
200
|
+
export { TokenStorage as default };
|
|
201
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/oauth/storage/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAMhF,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,KAAK,SAAS,GACV,cAAc,GACd,eAAe,GACf,UAAU,GACV,OAAO,GACP,UAAU,CAAC;AAEf;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2DG;AACH,qBAAa,YAAY;IAyBX,SAAS,CAAC,MAAM,EAAE,aAAa;IAxB3C,SAAS,CAAC,QAAQ,EAAE,eAAe,CAAC;IACpC,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAClC,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC;IAC/B,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;IACtC,SAAS,CAAC,oBAAoB,EAAE,OAAO,CAAS;IAEhD;;;;;;;;;;;;;;;;;OAiBG;gBACmB,MAAM,EAAE,aAAa;cAa3B,mBAAmB,IAAI,OAAO,CAAC,IAAI,CAAC;IAOpD;;;;;;;;;;;;OAYG;IACH,WAAW,CAAC,QAAQ,EAAE,eAAe,GAAG,IAAI;IAO5C;;;;OAIG;IACH,WAAW,IAAI,eAAe;IAI9B,SAAS,CAAC,qBAAqB,IAAI,eAAe;IAkBlD,SAAS,IAAI,MAAM;IAInB,SAAS,CAAC,cAAc,CAAC,MAAM,EAAE,aAAa,GAAG,MAAM;IAYvD,SAAS,CAAC,oBAAoB,CAAC,UAAU,EAAE,MAAM,OAAO,GAAG,eAAe;IAc1E,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM;IAIrC;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,SAAS,CAAC,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IA0B1C,QAAQ,CAAC,IAAI,EAAE,SAAS,GAAG,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC;IAetD;;;;;;;;;;;;OAYG;IACG,cAAc,IAAI,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC;IAI7C;;;;OAIG;IACG,eAAe,IAAI,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC;IAI9C;;;;OAIG;IACG,UAAU,IAAI,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC;IAInC,aAAa,IAAI,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC;IAItC,gBAAgB,IAAI,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC;IAI/C;;;;;;;;OAQG;IACH,WAAW,IAAI,IAAI;IAcnB;;OAEG;IACH,qBAAqB,IAAI,IAAI;IAK7B;;;;;;;;;;;;;OAaG;IACH,cAAc,CAAC,KAAK,EAAE,KAAK,GAAG,IAAI,GAAG,OAAO;IAK5C,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;IAIzC,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAInC,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;CAG9B;AAED,OAAO,EAAE,YAAY,IAAI,OAAO,EAAE,CAAC"}
|
|
@@ -0,0 +1,322 @@
|
|
|
1
|
+
import { MemoryStorageStrategy, WebStorageStrategy, SecureCookieStrategy, } from "./strategies";
|
|
2
|
+
import { Encryptor } from "./encryption";
|
|
3
|
+
/**
|
|
4
|
+
* Secure token storage with encryption support
|
|
5
|
+
*
|
|
6
|
+
* Manages OAuth tokens with automatic encryption, storage strategy selection,
|
|
7
|
+
* and secure token operations. Supports multiple storage backends including
|
|
8
|
+
* memory, localStorage, sessionStorage, and secure cookies.
|
|
9
|
+
*
|
|
10
|
+
* Features:
|
|
11
|
+
* - Automatic token encryption/decryption
|
|
12
|
+
* - Multiple storage strategies (memory, web storage, secure cookies)
|
|
13
|
+
* - Token expiration checking
|
|
14
|
+
* - Secure token clearing
|
|
15
|
+
* - Cross-platform compatibility (browser/Node.js)
|
|
16
|
+
*
|
|
17
|
+
* @example
|
|
18
|
+
* ```typescript
|
|
19
|
+
* import { TokenStorage, InMemoryTokenStorage } from 'binoauth';
|
|
20
|
+
*
|
|
21
|
+
* // Basic configuration
|
|
22
|
+
* const storage = new TokenStorage({
|
|
23
|
+
* clientId: 'your_client_id',
|
|
24
|
+
* encryptionKey: 'your-32-char-encryption-key-here!',
|
|
25
|
+
* storage: 'localStorage',
|
|
26
|
+
* secure: true
|
|
27
|
+
* });
|
|
28
|
+
*
|
|
29
|
+
* // Store tokens
|
|
30
|
+
* await storage.setTokens({
|
|
31
|
+
* accessToken: { value: 'access_token_jwt', expiresAt: Date.now() + 3600000 },
|
|
32
|
+
* refreshToken: { value: 'refresh_token_jwt', expiresAt: Date.now() + 86400000 }
|
|
33
|
+
* });
|
|
34
|
+
*
|
|
35
|
+
* // Retrieve tokens
|
|
36
|
+
* const accessToken = await storage.getAccessToken();
|
|
37
|
+
* if (accessToken && !storage.isTokenExpired(accessToken)) {
|
|
38
|
+
* console.log('Valid access token:', accessToken.value);
|
|
39
|
+
* }
|
|
40
|
+
*
|
|
41
|
+
* // Clear all tokens
|
|
42
|
+
* storage.clearTokens();
|
|
43
|
+
* ```
|
|
44
|
+
*
|
|
45
|
+
* @example
|
|
46
|
+
* ```typescript
|
|
47
|
+
* // Using pre-configured storage strategies
|
|
48
|
+
* import { InMemoryTokenStorage, LocalStorageTokenStorage } from 'binoauth';
|
|
49
|
+
*
|
|
50
|
+
* // In-memory storage (for server-side or testing)
|
|
51
|
+
* const memoryStorage = new InMemoryTokenStorage({
|
|
52
|
+
* clientId: 'your_client_id',
|
|
53
|
+
* encryptionKey: 'your-encryption-key'
|
|
54
|
+
* });
|
|
55
|
+
*
|
|
56
|
+
* // localStorage storage (for browsers)
|
|
57
|
+
* const localStorageStorage = new LocalStorageTokenStorage({
|
|
58
|
+
* clientId: 'your_client_id',
|
|
59
|
+
* encryptionKey: 'your-encryption-key'
|
|
60
|
+
* });
|
|
61
|
+
* ```
|
|
62
|
+
*/
|
|
63
|
+
export class TokenStorage {
|
|
64
|
+
config;
|
|
65
|
+
strategy;
|
|
66
|
+
prefix;
|
|
67
|
+
encryptor;
|
|
68
|
+
isBrowser;
|
|
69
|
+
encryptorInitialized = false;
|
|
70
|
+
/**
|
|
71
|
+
* Creates a new TokenStorage instance
|
|
72
|
+
*
|
|
73
|
+
* @param config - Storage configuration including encryption key and storage type
|
|
74
|
+
*
|
|
75
|
+
* @example
|
|
76
|
+
* ```typescript
|
|
77
|
+
* const storage = new TokenStorage({
|
|
78
|
+
* clientId: 'your_client_id',
|
|
79
|
+
* encryptionKey: 'your-32-char-encryption-key-here!',
|
|
80
|
+
* storage: 'localStorage', // 'memory', 'localStorage', 'sessionStorage'
|
|
81
|
+
* prefix: 'myapp_auth_', // optional custom prefix
|
|
82
|
+
* secure: true // enables secure cookies in browser
|
|
83
|
+
* });
|
|
84
|
+
* ```
|
|
85
|
+
*
|
|
86
|
+
* @throws {Error} When encryptionKey is missing from config
|
|
87
|
+
*/
|
|
88
|
+
constructor(config) {
|
|
89
|
+
this.config = config;
|
|
90
|
+
if (!config.encryptionKey) {
|
|
91
|
+
throw new Error("encryptionKey is required in StorageConfig");
|
|
92
|
+
}
|
|
93
|
+
this.isBrowser =
|
|
94
|
+
typeof window !== "undefined" && typeof document !== "undefined";
|
|
95
|
+
this.prefix = this.generatePrefix(config);
|
|
96
|
+
this.encryptor = new Encryptor();
|
|
97
|
+
this.strategy = this.createDefaultStrategy();
|
|
98
|
+
}
|
|
99
|
+
async initializeEncryptor() {
|
|
100
|
+
if (!this.encryptorInitialized) {
|
|
101
|
+
await this.encryptor.initialize(this.config.encryptionKey);
|
|
102
|
+
this.encryptorInitialized = true;
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
/**
|
|
106
|
+
* Sets a custom storage strategy
|
|
107
|
+
*
|
|
108
|
+
* @param strategy - Storage strategy implementation
|
|
109
|
+
*
|
|
110
|
+
* @example
|
|
111
|
+
* ```typescript
|
|
112
|
+
* import { MemoryStorageStrategy } from 'binoauth';
|
|
113
|
+
*
|
|
114
|
+
* const customStrategy = new MemoryStorageStrategy();
|
|
115
|
+
* storage.setStrategy(customStrategy);
|
|
116
|
+
* ```
|
|
117
|
+
*/
|
|
118
|
+
setStrategy(strategy) {
|
|
119
|
+
if (!strategy) {
|
|
120
|
+
throw new Error("Strategy cannot be null or undefined");
|
|
121
|
+
}
|
|
122
|
+
this.strategy = strategy;
|
|
123
|
+
}
|
|
124
|
+
/**
|
|
125
|
+
* Gets the current storage strategy
|
|
126
|
+
*
|
|
127
|
+
* @returns The current storage strategy instance
|
|
128
|
+
*/
|
|
129
|
+
getStrategy() {
|
|
130
|
+
return this.strategy;
|
|
131
|
+
}
|
|
132
|
+
createDefaultStrategy() {
|
|
133
|
+
if (this.config.secure) {
|
|
134
|
+
if (this.isBrowser) {
|
|
135
|
+
return new SecureCookieStrategy();
|
|
136
|
+
}
|
|
137
|
+
return new MemoryStorageStrategy();
|
|
138
|
+
}
|
|
139
|
+
switch (this.config.storage) {
|
|
140
|
+
case "localStorage":
|
|
141
|
+
return this.safeCreateWebStorage(() => localStorage);
|
|
142
|
+
case "sessionStorage":
|
|
143
|
+
return this.safeCreateWebStorage(() => sessionStorage);
|
|
144
|
+
default:
|
|
145
|
+
return new MemoryStorageStrategy();
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
getPrefix() {
|
|
149
|
+
return this.prefix;
|
|
150
|
+
}
|
|
151
|
+
generatePrefix(config) {
|
|
152
|
+
if (config.prefix) {
|
|
153
|
+
return config.prefix;
|
|
154
|
+
}
|
|
155
|
+
if (config.clientId) {
|
|
156
|
+
return `auth_${config.clientId}_`;
|
|
157
|
+
}
|
|
158
|
+
return "auth_";
|
|
159
|
+
}
|
|
160
|
+
safeCreateWebStorage(getStorage) {
|
|
161
|
+
if (this.isBrowser) {
|
|
162
|
+
try {
|
|
163
|
+
const storage = getStorage();
|
|
164
|
+
storage.setItem("test", "test");
|
|
165
|
+
storage.removeItem("test");
|
|
166
|
+
return new WebStorageStrategy(storage);
|
|
167
|
+
}
|
|
168
|
+
catch (e) {
|
|
169
|
+
console.warn("Web storage unavailable, falling back to memory");
|
|
170
|
+
}
|
|
171
|
+
}
|
|
172
|
+
return new MemoryStorageStrategy();
|
|
173
|
+
}
|
|
174
|
+
getKey(key) {
|
|
175
|
+
return `${this.prefix}${key}`;
|
|
176
|
+
}
|
|
177
|
+
/**
|
|
178
|
+
* Stores encrypted tokens in the configured storage
|
|
179
|
+
*
|
|
180
|
+
* @param tokens - Set of tokens to store
|
|
181
|
+
*
|
|
182
|
+
* @example
|
|
183
|
+
* ```typescript
|
|
184
|
+
* await storage.setTokens({
|
|
185
|
+
* accessToken: {
|
|
186
|
+
* value: 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...',
|
|
187
|
+
* expiresAt: Date.now() + 3600000
|
|
188
|
+
* },
|
|
189
|
+
* refreshToken: {
|
|
190
|
+
* value: 'refresh_token_jwt',
|
|
191
|
+
* expiresAt: Date.now() + 86400000
|
|
192
|
+
* }
|
|
193
|
+
* });
|
|
194
|
+
* ```
|
|
195
|
+
*
|
|
196
|
+
* @throws {Error} When token storage fails
|
|
197
|
+
*/
|
|
198
|
+
async setTokens(tokens) {
|
|
199
|
+
await this.initializeEncryptor();
|
|
200
|
+
const entries = Object.entries(tokens).filter(([_, value]) => !!value);
|
|
201
|
+
try {
|
|
202
|
+
await Promise.all(entries.map(async ([type, token]) => {
|
|
203
|
+
const encrypted = await this.encryptor.encrypt(JSON.stringify(token));
|
|
204
|
+
this.strategy.setItem(this.getKey(type.replace(/Token$/, "_token").toLowerCase()), encrypted);
|
|
205
|
+
}));
|
|
206
|
+
}
|
|
207
|
+
catch (error) {
|
|
208
|
+
this.clearTokens();
|
|
209
|
+
throw new Error(`Failed to store tokens: ${error instanceof Error ? error.message : error}`);
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
async getToken(type) {
|
|
213
|
+
await this.initializeEncryptor();
|
|
214
|
+
const encrypted = this.strategy.getItem(this.getKey(type));
|
|
215
|
+
if (!encrypted)
|
|
216
|
+
return null;
|
|
217
|
+
try {
|
|
218
|
+
const decrypted = await this.encryptor.decrypt(encrypted);
|
|
219
|
+
return JSON.parse(decrypted);
|
|
220
|
+
}
|
|
221
|
+
catch (error) {
|
|
222
|
+
console.warn(`Error decrypting token (${type}):`, error);
|
|
223
|
+
return null;
|
|
224
|
+
}
|
|
225
|
+
}
|
|
226
|
+
/**
|
|
227
|
+
* Retrieves and decrypts the access token
|
|
228
|
+
*
|
|
229
|
+
* @returns Promise resolving to access token or null if not found
|
|
230
|
+
*
|
|
231
|
+
* @example
|
|
232
|
+
* ```typescript
|
|
233
|
+
* const accessToken = await storage.getAccessToken();
|
|
234
|
+
* if (accessToken && !storage.isTokenExpired(accessToken)) {
|
|
235
|
+
* console.log('Valid token:', accessToken.value);
|
|
236
|
+
* }
|
|
237
|
+
* ```
|
|
238
|
+
*/
|
|
239
|
+
async getAccessToken() {
|
|
240
|
+
return this.getToken("access_token");
|
|
241
|
+
}
|
|
242
|
+
/**
|
|
243
|
+
* Retrieves and decrypts the refresh token
|
|
244
|
+
*
|
|
245
|
+
* @returns Promise resolving to refresh token or null if not found
|
|
246
|
+
*/
|
|
247
|
+
async getRefreshToken() {
|
|
248
|
+
return this.getToken("refresh_token");
|
|
249
|
+
}
|
|
250
|
+
/**
|
|
251
|
+
* Retrieves and decrypts the ID token
|
|
252
|
+
*
|
|
253
|
+
* @returns Promise resolving to ID token or null if not found
|
|
254
|
+
*/
|
|
255
|
+
async getIdToken() {
|
|
256
|
+
return this.getToken("id_token");
|
|
257
|
+
}
|
|
258
|
+
async getStateToken() {
|
|
259
|
+
return this.getToken("state");
|
|
260
|
+
}
|
|
261
|
+
async getVerifierToken() {
|
|
262
|
+
return this.getToken("verifier");
|
|
263
|
+
}
|
|
264
|
+
/**
|
|
265
|
+
* Clears all stored tokens
|
|
266
|
+
*
|
|
267
|
+
* @example
|
|
268
|
+
* ```typescript
|
|
269
|
+
* // Clear all tokens on logout
|
|
270
|
+
* storage.clearTokens();
|
|
271
|
+
* ```
|
|
272
|
+
*/
|
|
273
|
+
clearTokens() {
|
|
274
|
+
const tokenTypes = [
|
|
275
|
+
"access_token",
|
|
276
|
+
"refresh_token",
|
|
277
|
+
"id_token",
|
|
278
|
+
"state",
|
|
279
|
+
"verifier"
|
|
280
|
+
];
|
|
281
|
+
tokenTypes.forEach(type => {
|
|
282
|
+
this.strategy.removeItem(this.getKey(type));
|
|
283
|
+
});
|
|
284
|
+
}
|
|
285
|
+
/**
|
|
286
|
+
* Clears only state and verifier tokens (used after OAuth callback)
|
|
287
|
+
*/
|
|
288
|
+
clearStateAndVerifier() {
|
|
289
|
+
this.strategy.removeItem(this.getKey("state"));
|
|
290
|
+
this.strategy.removeItem(this.getKey("verifier"));
|
|
291
|
+
}
|
|
292
|
+
/**
|
|
293
|
+
* Checks if a token is expired
|
|
294
|
+
*
|
|
295
|
+
* @param token - Token to check
|
|
296
|
+
* @returns True if token is expired or null, false if still valid
|
|
297
|
+
*
|
|
298
|
+
* @example
|
|
299
|
+
* ```typescript
|
|
300
|
+
* const accessToken = await storage.getAccessToken();
|
|
301
|
+
* if (storage.isTokenExpired(accessToken)) {
|
|
302
|
+
* console.log('Token expired, need to refresh');
|
|
303
|
+
* }
|
|
304
|
+
* ```
|
|
305
|
+
*/
|
|
306
|
+
isTokenExpired(token) {
|
|
307
|
+
if (!token || !token.expiresAt)
|
|
308
|
+
return true;
|
|
309
|
+
return Date.now() >= token.expiresAt;
|
|
310
|
+
}
|
|
311
|
+
setItem(key, value) {
|
|
312
|
+
this.strategy.setItem(this.getKey(key), value);
|
|
313
|
+
}
|
|
314
|
+
getItem(key) {
|
|
315
|
+
return this.strategy.getItem(this.getKey(key));
|
|
316
|
+
}
|
|
317
|
+
removeItem(key) {
|
|
318
|
+
this.strategy.removeItem(this.getKey(key));
|
|
319
|
+
}
|
|
320
|
+
}
|
|
321
|
+
export { TokenStorage as default };
|
|
322
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/oauth/storage/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,qBAAqB,EACrB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AASzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2DG;AACH,MAAM,OAAO,YAAY;IAyBD;IAxBZ,QAAQ,CAAkB;IACjB,MAAM,CAAS;IACxB,SAAS,CAAY;IACZ,SAAS,CAAU;IAC5B,oBAAoB,GAAY,KAAK,CAAC;IAEhD;;;;;;;;;;;;;;;;;OAiBG;IACH,YAAsB,MAAqB;QAArB,WAAM,GAAN,MAAM,CAAe;QACzC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,CAAC,SAAS;YACZ,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,QAAQ,KAAK,WAAW,CAAC;QACnE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,CAAC,SAAS,GAAG,IAAI,SAAS,EAAE,CAAC;QAEjC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,qBAAqB,EAAE,CAAC;IAC/C,CAAC;IAES,KAAK,CAAC,mBAAmB;QACjC,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC/B,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,aAAuB,CAAC,CAAC;YACrE,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACnC,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,WAAW,CAAC,QAAyB;QACnC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAES,qBAAqB;QAC7B,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACvB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACnB,OAAO,IAAI,oBAAoB,EAAE,CAAC;YACpC,CAAC;YACD,OAAO,IAAI,qBAAqB,EAAE,CAAC;QACrC,CAAC;QAED,QAAQ,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YAC5B,KAAK,cAAc;gBACjB,OAAO,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,CAAC;YACvD,KAAK,gBAAgB;gBACnB,OAAO,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,CAAC;YACzD;gBACE,OAAO,IAAI,qBAAqB,EAAE,CAAC;QACvC,CAAC;IACH,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAES,cAAc,CAAC,MAAqB;QAC5C,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,OAAO,MAAM,CAAC,MAAM,CAAC;QACvB,CAAC;QAED,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,OAAO,QAAQ,MAAM,CAAC,QAAQ,GAAG,CAAC;QACpC,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAES,oBAAoB,CAAC,UAAyB;QACtD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;gBAC7B,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBAChC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;gBAC3B,OAAO,IAAI,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACzC,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;YAClE,CAAC;QACH,CAAC;QACD,OAAO,IAAI,qBAAqB,EAAE,CAAC;IACrC,CAAC;IAES,MAAM,CAAC,GAAW;QAC1B,OAAO,GAAG,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;IAChC,CAAC;IAED;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,KAAK,CAAC,SAAS,CAAC,MAAgB;QAC9B,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAEjC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAGlE,CAAC;QAEJ,IAAI,CAAC;YACH,MAAM,OAAO,CAAC,GAAG,CACf,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE;gBAClC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;gBACtE,IAAI,CAAC,QAAQ,CAAC,OAAO,CACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC,EAC3D,SAAS,CACV,CAAC;YACJ,CAAC,CAAC,CACH,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,WAAW,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CACb,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,CAC5E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAAe;QAC5B,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAEjC,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3D,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAE5B,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC1D,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC/B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,2BAA2B,IAAI,IAAI,EAAE,KAAK,CAAC,CAAC;YACzD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,cAAc;QAClB,OAAO,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IACvC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe;QACnB,OAAO,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IACxC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,UAAU;QACd,OAAO,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,gBAAgB;QACpB,OAAO,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAED;;;;;;;;OAQG;IACH,WAAW;QACT,MAAM,UAAU,GAAgB;YAC9B,cAAc;YACd,eAAe;YACf,UAAU;YACV,OAAO;YACP,UAAU;SACX,CAAC;QAEF,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;YACxB,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,qBAAqB;QACnB,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QAC/C,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;IACpD,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,cAAc,CAAC,KAAmB;QAChC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAC5C,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,KAAK,CAAC,SAAS,CAAC;IACvC,CAAC;IAED,OAAO,CAAC,GAAW,EAAE,KAAa;QAChC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,CAAC,GAAW;QACjB,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,UAAU,CAAC,GAAW;QACpB,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7C,CAAC;CACF;AAED,OAAO,EAAE,YAAY,IAAI,OAAO,EAAE,CAAC"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
import type { StorageStrategy } from "../types";
|
|
2
|
+
export declare class MemoryStorageStrategy implements StorageStrategy {
|
|
3
|
+
private storage;
|
|
4
|
+
getItem(key: string): string | null;
|
|
5
|
+
setItem(key: string, value: string): void;
|
|
6
|
+
removeItem(key: string): void;
|
|
7
|
+
clear(): void;
|
|
8
|
+
}
|
|
9
|
+
export declare class WebStorageStrategy implements StorageStrategy {
|
|
10
|
+
private storage;
|
|
11
|
+
constructor(storage: Storage);
|
|
12
|
+
getItem(key: string): string | null;
|
|
13
|
+
setItem(key: string, value: string): void;
|
|
14
|
+
removeItem(key: string): void;
|
|
15
|
+
clear(): void;
|
|
16
|
+
}
|
|
17
|
+
export declare class SecureCookieStrategy implements StorageStrategy {
|
|
18
|
+
private options;
|
|
19
|
+
constructor(options?: {
|
|
20
|
+
secure?: boolean;
|
|
21
|
+
sameSite?: "strict" | "lax" | "none";
|
|
22
|
+
path?: string;
|
|
23
|
+
httpOnly?: boolean;
|
|
24
|
+
maxAge?: number;
|
|
25
|
+
domain?: string;
|
|
26
|
+
});
|
|
27
|
+
getItem(key: string): string | null;
|
|
28
|
+
setItem(key: string, value: string): void;
|
|
29
|
+
removeItem(key: string): void;
|
|
30
|
+
clear(): void;
|
|
31
|
+
private setCookie;
|
|
32
|
+
private getCookie;
|
|
33
|
+
}
|
|
34
|
+
//# sourceMappingURL=strategies.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"strategies.d.ts","sourceRoot":"","sources":["../../../../../src/oauth/storage/strategies.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAEhD,qBAAa,qBAAsB,YAAW,eAAe;IAC3D,OAAO,CAAC,OAAO,CAA6B;IAE5C,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAInC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;IAIzC,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAI7B,KAAK,IAAI,IAAI;CAGd;AAED,qBAAa,kBAAmB,YAAW,eAAe;IAC5C,OAAO,CAAC,OAAO;gBAAP,OAAO,EAAE,OAAO;IAEpC,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAInC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;IAIzC,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAI7B,KAAK,IAAI,IAAI;CAGd;AAED,qBAAa,oBAAqB,YAAW,eAAe;IAC1D,OAAO,CAAC,OAAO,CAOb;gBAEU,OAAO,CAAC,EAAE;QACpB,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;QACrC,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB;IAqBD,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAUnC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;IAIzC,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAO7B,KAAK,IAAI,IAAI;IAOb,OAAO,CAAC,SAAS;IAwBjB,OAAO,CAAC,SAAS;CAUlB"}
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
export class MemoryStorageStrategy {
|
|
2
|
+
storage = new Map();
|
|
3
|
+
getItem(key) {
|
|
4
|
+
return this.storage.get(key) || null;
|
|
5
|
+
}
|
|
6
|
+
setItem(key, value) {
|
|
7
|
+
this.storage.set(key, value);
|
|
8
|
+
}
|
|
9
|
+
removeItem(key) {
|
|
10
|
+
this.storage.delete(key);
|
|
11
|
+
}
|
|
12
|
+
clear() {
|
|
13
|
+
this.storage.clear();
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
export class WebStorageStrategy {
|
|
17
|
+
storage;
|
|
18
|
+
constructor(storage) {
|
|
19
|
+
this.storage = storage;
|
|
20
|
+
}
|
|
21
|
+
getItem(key) {
|
|
22
|
+
return this.storage.getItem(key);
|
|
23
|
+
}
|
|
24
|
+
setItem(key, value) {
|
|
25
|
+
this.storage.setItem(key, value);
|
|
26
|
+
}
|
|
27
|
+
removeItem(key) {
|
|
28
|
+
this.storage.removeItem(key);
|
|
29
|
+
}
|
|
30
|
+
clear() {
|
|
31
|
+
this.storage.clear();
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
export class SecureCookieStrategy {
|
|
35
|
+
options;
|
|
36
|
+
constructor(options) {
|
|
37
|
+
const isProduction = typeof process !== 'undefined' && process.env.NODE_ENV === 'production';
|
|
38
|
+
this.options = {
|
|
39
|
+
secure: isProduction,
|
|
40
|
+
sameSite: "lax",
|
|
41
|
+
path: "/",
|
|
42
|
+
httpOnly: true,
|
|
43
|
+
maxAge: 3600,
|
|
44
|
+
...options,
|
|
45
|
+
};
|
|
46
|
+
if (!this.options.secure && isProduction) {
|
|
47
|
+
console.warn('SECURITY WARNING: Cookies are not marked secure in production environment');
|
|
48
|
+
}
|
|
49
|
+
if (!this.options.httpOnly) {
|
|
50
|
+
console.warn('SECURITY WARNING: Cookies are not httpOnly - vulnerable to XSS attacks');
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
getItem(key) {
|
|
54
|
+
if (this.options.httpOnly) {
|
|
55
|
+
console.warn("Cannot read httpOnly cookies from JavaScript. Consider using server-side storage for httpOnly cookies.");
|
|
56
|
+
return null;
|
|
57
|
+
}
|
|
58
|
+
return this.getCookie(key);
|
|
59
|
+
}
|
|
60
|
+
setItem(key, value) {
|
|
61
|
+
this.setCookie(key, value, this.options);
|
|
62
|
+
}
|
|
63
|
+
removeItem(key) {
|
|
64
|
+
this.setCookie(key, "", {
|
|
65
|
+
...this.options,
|
|
66
|
+
maxAge: 0,
|
|
67
|
+
});
|
|
68
|
+
}
|
|
69
|
+
clear() {
|
|
70
|
+
console.warn("SecureCookieStrategy.clear() cannot selectively clear cookies. " +
|
|
71
|
+
"Use TokenStorage.clearTokens() for safe token clearing.");
|
|
72
|
+
}
|
|
73
|
+
setCookie(name, value, options) {
|
|
74
|
+
let cookie = `${name}=${encodeURIComponent(value)}`;
|
|
75
|
+
if (options.secure)
|
|
76
|
+
cookie += ";secure";
|
|
77
|
+
if (options.sameSite)
|
|
78
|
+
cookie += `;samesite=${options.sameSite}`;
|
|
79
|
+
if (options.path)
|
|
80
|
+
cookie += `;path=${options.path}`;
|
|
81
|
+
if (options.httpOnly)
|
|
82
|
+
cookie += ";httponly";
|
|
83
|
+
if (options.maxAge !== undefined)
|
|
84
|
+
cookie += `;max-age=${options.maxAge}`;
|
|
85
|
+
if (options.domain)
|
|
86
|
+
cookie += `;domain=${options.domain}`;
|
|
87
|
+
document.cookie = cookie;
|
|
88
|
+
}
|
|
89
|
+
getCookie(name) {
|
|
90
|
+
const cookies = document.cookie.split(";");
|
|
91
|
+
for (const cookie of cookies) {
|
|
92
|
+
const [key, value] = cookie.split("=");
|
|
93
|
+
if (key.trim() === name) {
|
|
94
|
+
return decodeURIComponent(value);
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
return null;
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
//# sourceMappingURL=strategies.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"strategies.js","sourceRoot":"","sources":["../../../../../src/oauth/storage/strategies.ts"],"names":[],"mappings":"AAEA,MAAM,OAAO,qBAAqB;IACxB,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE5C,OAAO,CAAC,GAAW;QACjB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;IACvC,CAAC;IAED,OAAO,CAAC,GAAW,EAAE,KAAa;QAChC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,UAAU,CAAC,GAAW;QACpB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,KAAK;QACH,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;CACF;AAED,MAAM,OAAO,kBAAkB;IACT;IAApB,YAAoB,OAAgB;QAAhB,YAAO,GAAP,OAAO,CAAS;IAAG,CAAC;IAExC,OAAO,CAAC,GAAW;QACjB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACnC,CAAC;IAED,OAAO,CAAC,GAAW,EAAE,KAAa;QAChC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACnC,CAAC;IAED,UAAU,CAAC,GAAW;QACpB,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK;QACH,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;CACF;AAED,MAAM,OAAO,oBAAoB;IACvB,OAAO,CAOb;IAEF,YAAY,OAOX;QACC,MAAM,YAAY,GAAG,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;QAE7F,IAAI,CAAC,OAAO,GAAG;YACb,MAAM,EAAE,YAAY;YACpB,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,IAAI;YACZ,GAAG,OAAO;SACX,CAAC;QAEF,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,YAAY,EAAE,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC,2EAA2E,CAAC,CAAC;QAC5F,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC3B,OAAO,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAW;QACjB,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CACV,wGAAwG,CACzG,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO,CAAC,GAAW,EAAE,KAAa;QAChC,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED,UAAU,CAAC,GAAW;QACpB,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,EAAE;YACtB,GAAG,IAAI,CAAC,OAAO;YACf,MAAM,EAAE,CAAC;SACV,CAAC,CAAC;IACL,CAAC;IAED,KAAK;QACH,OAAO,CAAC,IAAI,CACV,iEAAiE;YACjE,yDAAyD,CAC1D,CAAC;IACJ,CAAC;IAEO,SAAS,CACf,IAAY,EACZ,KAAa,EACb,OAOC;QAED,IAAI,MAAM,GAAG,GAAG,IAAI,IAAI,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC;QAEpD,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,SAAS,CAAC;QACxC,IAAI,OAAO,CAAC,QAAQ;YAAE,MAAM,IAAI,aAAa,OAAO,CAAC,QAAQ,EAAE,CAAC;QAChE,IAAI,OAAO,CAAC,IAAI;YAAE,MAAM,IAAI,SAAS,OAAO,CAAC,IAAI,EAAE,CAAC;QACpD,IAAI,OAAO,CAAC,QAAQ;YAAE,MAAM,IAAI,WAAW,CAAC;QAC5C,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS;YAAE,MAAM,IAAI,YAAY,OAAO,CAAC,MAAM,EAAE,CAAC;QACzE,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,WAAW,OAAO,CAAC,MAAM,EAAE,CAAC;QAE1D,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC;IAC3B,CAAC;IAEO,SAAS,CAAC,IAAY;QAC5B,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC3C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,GAAG,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;gBACxB,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
|