create-fluxstack 1.10.1 → 1.12.1

package/plugins/crypto-auth/index.ts

@@ -3,7 +3,7 @@
  * Sistema de autenticação baseado em criptografia Ed25519
  */
 
-import type { FluxStack, PluginContext, RequestContext, ResponseContext } from "@/core/plugins/types"
+import type { FluxStack, PluginContext, RequestContext, ResponseContext } from "@core/plugins/types"
 
 type Plugin = FluxStack.Plugin
 import { Elysia, t } from "elysia"
@@ -74,8 +74,8 @@ export const cryptoAuthPlugin: Plugin = {
 
     // Inicializar serviço de autenticação (SEM SESSÕES)
     const authService = new CryptoAuthService({
-      maxTimeDrift: cryptoAuthConfig.maxTimeDrift,
-      adminKeys: cryptoAuthConfig.adminKeys,
+      maxTimeDrift: cryptoAuthConfig.maxTimeDrift ?? 300000,
+      adminKeys: cryptoAuthConfig.adminKeys ?? [],
       logger: context.logger
     })
 
@@ -95,7 +95,7 @@ export const cryptoAuthPlugin: Plugin = {
     (global as any).__fluxstackPlugins.push({
       name: 'Crypto Auth',
       status: 'Active',
-      details: `${cryptoAuthConfig.adminKeys.length} admin keys`
+      details: `${(cryptoAuthConfig.adminKeys ?? []).length} admin keys`
     })
   },
 

package/plugins/crypto-auth/package.json

@@ -1,66 +1,66 @@
-{
-  "name": "@fluxstack/crypto-auth-plugin",
-  "version": "1.0.0",
-  "description": "Plugin de autenticação criptográfica Ed25519 para FluxStack",
-  "main": "index.ts",
-  "types": "index.ts",
-  "exports": {
-    ".": {
-      "import": "./index.ts",
-      "types": "./index.ts"
-    },
-    "./client": {
-      "import": "./client/index.ts",
-      "types": "./client/index.ts"
-    },
-    "./server": {
-      "import": "./server/index.ts",
-      "types": "./server/index.ts"
-    }
-  },
-  "keywords": [
-    "fluxstack",
-    "plugin",
-    "authentication",
-    "ed25519",
-    "cryptography",
-    "security",
-    "react",
-    "typescript"
-  ],
-  "author": "FluxStack Team",
-  "license": "MIT",
-  "peerDependencies": {
-    "react": ">=16.8.0"
-  },
-  "peerDependenciesMeta": {
-    "react": {
-      "optional": true
-    }
-  },
-  "dependencies": {
-    "@noble/curves": "1.2.0",
-    "@noble/hashes": "1.3.2"
-  },
-  "devDependencies": {
-    "@types/react": "^18.0.0",
-    "typescript": "^5.0.0"
-  },
-  "fluxstack": {
-    "plugin": true,
-    "version": "^1.0.0",
-    "hooks": [
-      "setup",
-      "onServerStart",
-      "onRequest",
-      "onResponse"
-    ],
-    "category": "auth",
-    "tags": [
-      "authentication",
-      "ed25519",
-      "cryptography",
-      "security"
-    ]
-  }
+{
+  "name": "@fluxstack/crypto-auth-plugin",
+  "version": "1.0.0",
+  "description": "Plugin de autenticação criptográfica Ed25519 para FluxStack",
+  "main": "index.ts",
+  "types": "index.ts",
+  "exports": {
+    ".": {
+      "import": "./index.ts",
+      "types": "./index.ts"
+    },
+    "./client": {
+      "import": "./client/index.ts",
+      "types": "./client/index.ts"
+    },
+    "./server": {
+      "import": "./server/index.ts",
+      "types": "./server/index.ts"
+    }
+  },
+  "keywords": [
+    "fluxstack",
+    "plugin",
+    "authentication",
+    "ed25519",
+    "cryptography",
+    "security",
+    "react",
+    "typescript"
+  ],
+  "author": "FluxStack Team",
+  "license": "MIT",
+  "peerDependencies": {
+    "react": ">=16.8.0"
+  },
+  "peerDependenciesMeta": {
+    "react": {
+      "optional": true
+    }
+  },
+  "dependencies": {
+    "@noble/curves": "1.2.0",
+    "@noble/hashes": "1.3.2"
+  },
+  "devDependencies": {
+    "@types/react": "^18.0.0",
+    "typescript": "^5.0.0"
+  },
+  "fluxstack": {
+    "plugin": true,
+    "version": "^1.0.0",
+    "hooks": [
+      "setup",
+      "onServerStart",
+      "onRequest",
+      "onResponse"
+    ],
+    "category": "auth",
+    "tags": [
+      "authentication",
+      "ed25519",
+      "cryptography",
+      "security"
+    ]
+  }
 }

package/plugins/crypto-auth/server/AuthMiddleware.ts

@@ -3,7 +3,7 @@
  * Apenas valida autenticação - routing é feito pelos middlewares Elysia
  */
 
-import type { RequestContext } from '@/core/plugins/types'
+import type { RequestContext } from '@core/plugins/types'
 import type { CryptoAuthService } from './CryptoAuthService'
 
 export interface Logger {

package/plugins/crypto-auth/server/CryptoAuthService.ts

@@ -1,186 +1,186 @@
-/**
- * Serviço de Autenticação Criptográfica
- * Implementa autenticação baseada em Ed25519 - SEM SESSÕES
- * Cada requisição é validada pela assinatura da chave pública
- */
-
-import { ed25519 } from '@noble/curves/ed25519'
-import { sha256 } from '@noble/hashes/sha256'
-import { hexToBytes } from '@noble/hashes/utils'
-
-export interface Logger {
-  debug(message: string, meta?: any): void
-  info(message: string, meta?: any): void
-  warn(message: string, meta?: any): void
-  error(message: string, meta?: any): void
-}
-
-export interface AuthResult {
-  success: boolean
-  error?: string
-  user?: {
-    publicKey: string
-    isAdmin: boolean
-    permissions: string[]
-  }
-}
-
-export interface CryptoAuthConfig {
-  maxTimeDrift: number
-  adminKeys: string[]
-  logger?: Logger
-}
-
-export class CryptoAuthService {
-  private config: CryptoAuthConfig
-  private logger?: Logger
-  private usedNonces: Map<string, number> = new Map() // Para prevenir replay attacks
-
-  constructor(config: CryptoAuthConfig) {
-    this.config = config
-    this.logger = config.logger
-
-    // Limpar nonces antigos a cada 5 minutos
-    setInterval(() => {
-      this.cleanupOldNonces()
-    }, 5 * 60 * 1000)
-  }
-
-  /**
-   * Validar assinatura de requisição
-   * PRINCIPAL: Valida se assinatura é válida para a chave pública fornecida
-   */
-  async validateRequest(data: {
-    publicKey: string
-    timestamp: number
-    nonce: string
-    signature: string
-    message?: string
-  }): Promise<AuthResult> {
-    try {
-      const { publicKey, timestamp, nonce, signature, message = "" } = data
-
-      // Validar chave pública
-      if (!this.isValidPublicKey(publicKey)) {
-        return {
-          success: false,
-          error: "Chave pública inválida"
-        }
-      }
-
-      // Verificar drift de tempo (previne replay de requisições antigas)
-      const now = Date.now()
-      const timeDrift = Math.abs(now - timestamp)
-      if (timeDrift > this.config.maxTimeDrift) {
-        return {
-          success: false,
-          error: "Timestamp inválido ou expirado"
-        }
-      }
-
-      // Verificar nonce (previne replay attacks)
-      const nonceKey = `${publicKey}:${nonce}`
-      if (this.usedNonces.has(nonceKey)) {
-        return {
-          success: false,
-          error: "Nonce já utilizado (possível replay attack)"
-        }
-      }
-
-      // Construir mensagem para verificação
-      const messageToVerify = `${publicKey}:${timestamp}:${nonce}:${message}`
-      const messageHash = sha256(new TextEncoder().encode(messageToVerify))
-
-      // Verificar assinatura usando chave pública
-      const publicKeyBytes = hexToBytes(publicKey)
-      const signatureBytes = hexToBytes(signature)
-
-      const isValidSignature = ed25519.verify(signatureBytes, messageHash, publicKeyBytes)
-
-      if (!isValidSignature) {
-        this.logger?.warn("Assinatura inválida", {
-          publicKey: publicKey.substring(0, 8) + "..."
-        })
-        return {
-          success: false,
-          error: "Assinatura inválida"
-        }
-      }
-
-      // Marcar nonce como usado
-      this.usedNonces.set(nonceKey, timestamp)
-
-      // Verificar se é admin
-      const isAdmin = this.config.adminKeys.includes(publicKey)
-      const permissions = isAdmin ? ['admin', 'read', 'write', 'delete'] : ['read']
-
-      this.logger?.debug("Requisição autenticada", {
-        publicKey: publicKey.substring(0, 8) + "...",
-        isAdmin,
-        permissions
-      })
-
-      return {
-        success: true,
-        user: {
-          publicKey,
-          isAdmin,
-          permissions
-        }
-      }
-    } catch (error) {
-      this.logger?.error("Erro ao validar requisição", { error })
-      return {
-        success: false,
-        error: "Erro interno ao validar requisição"
-      }
-    }
-  }
-
-  /**
-   * Verificar se uma chave pública é válida
-   */
-  private isValidPublicKey(publicKey: string): boolean {
-    try {
-      if (publicKey.length !== 64) {
-        return false
-      }
-      
-      const bytes = hexToBytes(publicKey)
-      return bytes.length === 32
-    } catch {
-      return false
-    }
-  }
-
-  /**
-   * Limpar nonces antigos (previne crescimento infinito da memória)
-   */
-  private cleanupOldNonces(): void {
-    const now = Date.now()
-    const maxAge = this.config.maxTimeDrift * 2 // Dobro do tempo máximo permitido
-    let cleanedCount = 0
-
-    for (const [nonceKey, timestamp] of this.usedNonces.entries()) {
-      if (now - timestamp > maxAge) {
-        this.usedNonces.delete(nonceKey)
-        cleanedCount++
-      }
-    }
-
-    if (cleanedCount > 0) {
-      this.logger?.debug(`Limpeza de nonces: ${cleanedCount} nonces antigos removidos`)
-    }
-  }
-
-  /**
-   * Obter estatísticas do serviço
-   */
-  getStats() {
-    return {
-      usedNoncesCount: this.usedNonces.size,
-      adminKeys: this.config.adminKeys.length,
-      maxTimeDrift: this.config.maxTimeDrift
-    }
-  }
+/**
+ * Serviço de Autenticação Criptográfica
+ * Implementa autenticação baseada em Ed25519 - SEM SESSÕES
+ * Cada requisição é validada pela assinatura da chave pública
+ */
+
+import { ed25519 } from '@noble/curves/ed25519'
+import { sha256 } from '@noble/hashes/sha256'
+import { hexToBytes } from '@noble/hashes/utils'
+
+export interface Logger {
+  debug(message: string, meta?: any): void
+  info(message: string, meta?: any): void
+  warn(message: string, meta?: any): void
+  error(message: string, meta?: any): void
+}
+
+export interface AuthResult {
+  success: boolean
+  error?: string
+  user?: {
+    publicKey: string
+    isAdmin: boolean
+    permissions: string[]
+  }
+}
+
+export interface CryptoAuthConfig {
+  maxTimeDrift: number
+  adminKeys: string[]
+  logger?: Logger
+}
+
+export class CryptoAuthService {
+  private config: CryptoAuthConfig
+  private logger?: Logger
+  private usedNonces: Map<string, number> = new Map() // Para prevenir replay attacks
+
+  constructor(config: CryptoAuthConfig) {
+    this.config = config
+    this.logger = config.logger
+
+    // Limpar nonces antigos a cada 5 minutos
+    setInterval(() => {
+      this.cleanupOldNonces()
+    }, 5 * 60 * 1000)
+  }
+
+  /**
+   * Validar assinatura de requisição
+   * PRINCIPAL: Valida se assinatura é válida para a chave pública fornecida
+   */
+  async validateRequest(data: {
+    publicKey: string
+    timestamp: number
+    nonce: string
+    signature: string
+    message?: string
+  }): Promise<AuthResult> {
+    try {
+      const { publicKey, timestamp, nonce, signature, message = "" } = data
+
+      // Validar chave pública
+      if (!this.isValidPublicKey(publicKey)) {
+        return {
+          success: false,
+          error: "Chave pública inválida"
+        }
+      }
+
+      // Verificar drift de tempo (previne replay de requisições antigas)
+      const now = Date.now()
+      const timeDrift = Math.abs(now - timestamp)
+      if (timeDrift > this.config.maxTimeDrift) {
+        return {
+          success: false,
+          error: "Timestamp inválido ou expirado"
+        }
+      }
+
+      // Verificar nonce (previne replay attacks)
+      const nonceKey = `${publicKey}:${nonce}`
+      if (this.usedNonces.has(nonceKey)) {
+        return {
+          success: false,
+          error: "Nonce já utilizado (possível replay attack)"
+        }
+      }
+
+      // Construir mensagem para verificação
+      const messageToVerify = `${publicKey}:${timestamp}:${nonce}:${message}`
+      const messageHash = sha256(new TextEncoder().encode(messageToVerify))
+
+      // Verificar assinatura usando chave pública
+      const publicKeyBytes = hexToBytes(publicKey)
+      const signatureBytes = hexToBytes(signature)
+
+      const isValidSignature = ed25519.verify(signatureBytes, messageHash, publicKeyBytes)
+
+      if (!isValidSignature) {
+        this.logger?.warn("Assinatura inválida", {
+          publicKey: publicKey.substring(0, 8) + "..."
+        })
+        return {
+          success: false,
+          error: "Assinatura inválida"
+        }
+      }
+
+      // Marcar nonce como usado
+      this.usedNonces.set(nonceKey, timestamp)
+
+      // Verificar se é admin
+      const isAdmin = this.config.adminKeys.includes(publicKey)
+      const permissions = isAdmin ? ['admin', 'read', 'write', 'delete'] : ['read']
+
+      this.logger?.debug("Requisição autenticada", {
+        publicKey: publicKey.substring(0, 8) + "...",
+        isAdmin,
+        permissions
+      })
+
+      return {
+        success: true,
+        user: {
+          publicKey,
+          isAdmin,
+          permissions
+        }
+      }
+    } catch (error) {
+      this.logger?.error("Erro ao validar requisição", { error })
+      return {
+        success: false,
+        error: "Erro interno ao validar requisição"
+      }
+    }
+  }
+
+  /**
+   * Verificar se uma chave pública é válida
+   */
+  private isValidPublicKey(publicKey: string): boolean {
+    try {
+      if (publicKey.length !== 64) {
+        return false
+      }
+      
+      const bytes = hexToBytes(publicKey)
+      return bytes.length === 32
+    } catch {
+      return false
+    }
+  }
+
+  /**
+   * Limpar nonces antigos (previne crescimento infinito da memória)
+   */
+  private cleanupOldNonces(): void {
+    const now = Date.now()
+    const maxAge = this.config.maxTimeDrift * 2 // Dobro do tempo máximo permitido
+    let cleanedCount = 0
+
+    for (const [nonceKey, timestamp] of this.usedNonces.entries()) {
+      if (now - timestamp > maxAge) {
+        this.usedNonces.delete(nonceKey)
+        cleanedCount++
+      }
+    }
+
+    if (cleanedCount > 0) {
+      this.logger?.debug(`Limpeza de nonces: ${cleanedCount} nonces antigos removidos`)
+    }
+  }
+
+  /**
+   * Obter estatísticas do serviço
+   */
+  getStats() {
+    return {
+      usedNoncesCount: this.usedNonces.size,
+      adminKeys: this.config.adminKeys.length,
+      maxTimeDrift: this.config.maxTimeDrift
+    }
+  }
 }

package/plugins/crypto-auth/server/index.ts

@@ -1,22 +1,22 @@
-/**
- * Exportações do servidor de autenticação
- */
-
-export { CryptoAuthService } from './CryptoAuthService'
-export type { AuthResult, CryptoAuthConfig } from './CryptoAuthService'
-
-export { AuthMiddleware } from './AuthMiddleware'
-export type { AuthMiddlewareConfig, AuthMiddlewareResult } from './AuthMiddleware'
-
-// Middlewares Elysia
-export {
-  cryptoAuthRequired,
-  cryptoAuthAdmin,
-  cryptoAuthPermissions,
-  cryptoAuthOptional,
-  getCryptoAuthUser,
-  isCryptoAuthAuthenticated,
-  isCryptoAuthAdmin,
-  hasCryptoAuthPermission
-} from './middlewares'
+/**
+ * Exportações do servidor de autenticação
+ */
+
+export { CryptoAuthService } from './CryptoAuthService'
+export type { AuthResult, CryptoAuthConfig } from './CryptoAuthService'
+
+export { AuthMiddleware } from './AuthMiddleware'
+export type { AuthMiddlewareConfig, AuthMiddlewareResult } from './AuthMiddleware'
+
+// Middlewares Elysia
+export {
+  cryptoAuthRequired,
+  cryptoAuthAdmin,
+  cryptoAuthPermissions,
+  cryptoAuthOptional,
+  getCryptoAuthUser,
+  isCryptoAuthAuthenticated,
+  isCryptoAuthAdmin,
+  hasCryptoAuthPermission
+} from './middlewares'
 export type { CryptoAuthUser, CryptoAuthMiddlewareOptions } from './middlewares'

package/plugins/crypto-auth/server/middlewares/cryptoAuthAdmin.ts

@@ -4,8 +4,8 @@
  */
 
 import { Elysia } from 'elysia'
-import { createGuard } from '@/core/server/middleware/elysia-helpers'
-import type { Logger } from '@/core/utils/logger'
+import { createGuard } from '@core/server/middleware/elysia-helpers'
+import type { Logger } from '@core/utils/logger'
 import { validateAuthSync, type CryptoAuthUser } from './helpers'
 
 export interface CryptoAuthMiddlewareOptions {
@@ -28,7 +28,7 @@ export const cryptoAuthAdmin = (options: CryptoAuthMiddlewareOptions = {}) => {
         name: 'crypto-auth-admin-check',
         check: ({ request }) => {
           const user = (request as any).user as CryptoAuthUser | undefined
-          return user && user.isAdmin
+          return !!(user && user.isAdmin)
         },
         onFail: (set, { request }) => {
           const user = (request as any).user as CryptoAuthUser | undefined

package/plugins/crypto-auth/server/middlewares/cryptoAuthOptional.ts

@@ -4,7 +4,7 @@
  */
 
 import { Elysia } from 'elysia'
-import type { Logger } from '@/core/utils/logger'
+import type { Logger } from '@core/utils/logger'
 import { validateAuthSync } from './helpers'
 
 export interface CryptoAuthMiddlewareOptions {

package/plugins/crypto-auth/server/middlewares/cryptoAuthPermissions.ts

@@ -4,8 +4,8 @@
  */
 
 import { Elysia } from 'elysia'
-import { createGuard } from '@/core/server/middleware/elysia-helpers'
-import type { Logger } from '@/core/utils/logger'
+import { createGuard } from '@core/server/middleware/elysia-helpers'
+import type { Logger } from '@core/utils/logger'
 import { validateAuthSync, type CryptoAuthUser } from './helpers'
 
 export interface CryptoAuthMiddlewareOptions {

package/plugins/crypto-auth/server/middlewares/cryptoAuthRequired.ts

@@ -4,8 +4,8 @@
  */
 
 import { Elysia } from 'elysia'
-import { createGuard } from '@/core/server/middleware/elysia-helpers'
-import type { Logger } from '@/core/utils/logger'
+import { createGuard } from '@core/server/middleware/elysia-helpers'
+import type { Logger } from '@core/utils/logger'
 import { validateAuthSync } from './helpers'
 
 export interface CryptoAuthMiddlewareOptions {

package/plugins/crypto-auth/server/middlewares/helpers.ts

@@ -3,7 +3,7 @@
  * Funções compartilhadas para validação de autenticação
  */
 
-import type { Logger } from '@/core/utils/logger'
+import type { Logger } from '@core/utils/logger'
 
 /**
  * Helper to safely parse request.url which might be relative or absolute