create-fluxstack 1.15.0 → 1.17.0

package/plugins/crypto-auth/package.json

@@ -1,66 +1,66 @@
-{
-  "name": "@fluxstack/crypto-auth-plugin",
-  "version": "1.0.0",
-  "description": "Plugin de autenticação criptográfica Ed25519 para FluxStack",
-  "main": "index.ts",
-  "types": "index.ts",
-  "exports": {
-    ".": {
-      "import": "./index.ts",
-      "types": "./index.ts"
-    },
-    "./client": {
-      "import": "./client/index.ts",
-      "types": "./client/index.ts"
-    },
-    "./server": {
-      "import": "./server/index.ts",
-      "types": "./server/index.ts"
-    }
-  },
-  "keywords": [
-    "fluxstack",
-    "plugin",
-    "authentication",
-    "ed25519",
-    "cryptography",
-    "security",
-    "react",
-    "typescript"
-  ],
-  "author": "FluxStack Team",
-  "license": "MIT",
-  "peerDependencies": {
-    "react": ">=16.8.0"
-  },
-  "peerDependenciesMeta": {
-    "react": {
-      "optional": true
-    }
-  },
-  "dependencies": {
-    "@noble/curves": "1.2.0",
-    "@noble/hashes": "1.3.2"
-  },
-  "devDependencies": {
-    "@types/react": "^18.0.0",
-    "typescript": "^5.0.0"
-  },
-  "fluxstack": {
-    "plugin": true,
-    "version": "^1.0.0",
-    "hooks": [
-      "setup",
-      "onServerStart",
-      "onRequest",
-      "onResponse"
-    ],
-    "category": "auth",
-    "tags": [
-      "authentication",
-      "ed25519",
-      "cryptography",
-      "security"
-    ]
-  }
+{
+  "name": "@fluxstack/crypto-auth-plugin",
+  "version": "1.0.0",
+  "description": "Plugin de autenticação criptográfica Ed25519 para FluxStack",
+  "main": "index.ts",
+  "types": "index.ts",
+  "exports": {
+    ".": {
+      "import": "./index.ts",
+      "types": "./index.ts"
+    },
+    "./client": {
+      "import": "./client/index.ts",
+      "types": "./client/index.ts"
+    },
+    "./server": {
+      "import": "./server/index.ts",
+      "types": "./server/index.ts"
+    }
+  },
+  "keywords": [
+    "fluxstack",
+    "plugin",
+    "authentication",
+    "ed25519",
+    "cryptography",
+    "security",
+    "react",
+    "typescript"
+  ],
+  "author": "FluxStack Team",
+  "license": "MIT",
+  "peerDependencies": {
+    "react": ">=16.8.0"
+  },
+  "peerDependenciesMeta": {
+    "react": {
+      "optional": true
+    }
+  },
+  "dependencies": {
+    "@noble/curves": "1.2.0",
+    "@noble/hashes": "1.3.2"
+  },
+  "devDependencies": {
+    "@types/react": "^18.0.0",
+    "typescript": "^5.0.0"
+  },
+  "fluxstack": {
+    "plugin": true,
+    "version": "^1.0.0",
+    "hooks": [
+      "setup",
+      "onServerStart",
+      "onRequest",
+      "onResponse"
+    ],
+    "category": "auth",
+    "tags": [
+      "authentication",
+      "ed25519",
+      "cryptography",
+      "security"
+    ]
+  }
 }

package/plugins/crypto-auth/server/CryptoAuthService.ts

@@ -1,186 +1,186 @@
-/**
- * Serviço de Autenticação Criptográfica
- * Implementa autenticação baseada em Ed25519 - SEM SESSÕES
- * Cada requisição é validada pela assinatura da chave pública
- */
-
-import { ed25519 } from '@noble/curves/ed25519'
-import { sha256 } from '@noble/hashes/sha256'
-import { hexToBytes } from '@noble/hashes/utils'
-
-export interface Logger {
-  debug(message: string, meta?: any): void
-  info(message: string, meta?: any): void
-  warn(message: string, meta?: any): void
-  error(message: string, meta?: any): void
-}
-
-export interface AuthResult {
-  success: boolean
-  error?: string
-  user?: {
-    publicKey: string
-    isAdmin: boolean
-    permissions: string[]
-  }
-}
-
-export interface CryptoAuthConfig {
-  maxTimeDrift: number
-  adminKeys: string[]
-  logger?: Logger
-}
-
-export class CryptoAuthService {
-  private config: CryptoAuthConfig
-  private logger?: Logger
-  private usedNonces: Map<string, number> = new Map() // Para prevenir replay attacks
-
-  constructor(config: CryptoAuthConfig) {
-    this.config = config
-    this.logger = config.logger
-
-    // Limpar nonces antigos a cada 5 minutos
-    setInterval(() => {
-      this.cleanupOldNonces()
-    }, 5 * 60 * 1000)
-  }
-
-  /**
-   * Validar assinatura de requisição
-   * PRINCIPAL: Valida se assinatura é válida para a chave pública fornecida
-   */
-  async validateRequest(data: {
-    publicKey: string
-    timestamp: number
-    nonce: string
-    signature: string
-    message?: string
-  }): Promise<AuthResult> {
-    try {
-      const { publicKey, timestamp, nonce, signature, message = "" } = data
-
-      // Validar chave pública
-      if (!this.isValidPublicKey(publicKey)) {
-        return {
-          success: false,
-          error: "Chave pública inválida"
-        }
-      }
-
-      // Verificar drift de tempo (previne replay de requisições antigas)
-      const now = Date.now()
-      const timeDrift = Math.abs(now - timestamp)
-      if (timeDrift > this.config.maxTimeDrift) {
-        return {
-          success: false,
-          error: "Timestamp inválido ou expirado"
-        }
-      }
-
-      // Verificar nonce (previne replay attacks)
-      const nonceKey = `${publicKey}:${nonce}`
-      if (this.usedNonces.has(nonceKey)) {
-        return {
-          success: false,
-          error: "Nonce já utilizado (possível replay attack)"
-        }
-      }
-
-      // Construir mensagem para verificação
-      const messageToVerify = `${publicKey}:${timestamp}:${nonce}:${message}`
-      const messageHash = sha256(new TextEncoder().encode(messageToVerify))
-
-      // Verificar assinatura usando chave pública
-      const publicKeyBytes = hexToBytes(publicKey)
-      const signatureBytes = hexToBytes(signature)
-
-      const isValidSignature = ed25519.verify(signatureBytes, messageHash, publicKeyBytes)
-
-      if (!isValidSignature) {
-        this.logger?.warn("Assinatura inválida", {
-          publicKey: publicKey.substring(0, 8) + "..."
-        })
-        return {
-          success: false,
-          error: "Assinatura inválida"
-        }
-      }
-
-      // Marcar nonce como usado
-      this.usedNonces.set(nonceKey, timestamp)
-
-      // Verificar se é admin
-      const isAdmin = this.config.adminKeys.includes(publicKey)
-      const permissions = isAdmin ? ['admin', 'read', 'write', 'delete'] : ['read']
-
-      this.logger?.debug("Requisição autenticada", {
-        publicKey: publicKey.substring(0, 8) + "...",
-        isAdmin,
-        permissions
-      })
-
-      return {
-        success: true,
-        user: {
-          publicKey,
-          isAdmin,
-          permissions
-        }
-      }
-    } catch (error) {
-      this.logger?.error("Erro ao validar requisição", { error })
-      return {
-        success: false,
-        error: "Erro interno ao validar requisição"
-      }
-    }
-  }
-
-  /**
-   * Verificar se uma chave pública é válida
-   */
-  private isValidPublicKey(publicKey: string): boolean {
-    try {
-      if (publicKey.length !== 64) {
-        return false
-      }
-      
-      const bytes = hexToBytes(publicKey)
-      return bytes.length === 32
-    } catch {
-      return false
-    }
-  }
-
-  /**
-   * Limpar nonces antigos (previne crescimento infinito da memória)
-   */
-  private cleanupOldNonces(): void {
-    const now = Date.now()
-    const maxAge = this.config.maxTimeDrift * 2 // Dobro do tempo máximo permitido
-    let cleanedCount = 0
-
-    for (const [nonceKey, timestamp] of this.usedNonces.entries()) {
-      if (now - timestamp > maxAge) {
-        this.usedNonces.delete(nonceKey)
-        cleanedCount++
-      }
-    }
-
-    if (cleanedCount > 0) {
-      this.logger?.debug(`Limpeza de nonces: ${cleanedCount} nonces antigos removidos`)
-    }
-  }
-
-  /**
-   * Obter estatísticas do serviço
-   */
-  getStats() {
-    return {
-      usedNoncesCount: this.usedNonces.size,
-      adminKeys: this.config.adminKeys.length,
-      maxTimeDrift: this.config.maxTimeDrift
-    }
-  }
+/**
+ * Serviço de Autenticação Criptográfica
+ * Implementa autenticação baseada em Ed25519 - SEM SESSÕES
+ * Cada requisição é validada pela assinatura da chave pública
+ */
+
+import { ed25519 } from '@noble/curves/ed25519'
+import { sha256 } from '@noble/hashes/sha256'
+import { hexToBytes } from '@noble/hashes/utils'
+
+export interface Logger {
+  debug(message: string, meta?: any): void
+  info(message: string, meta?: any): void
+  warn(message: string, meta?: any): void
+  error(message: string, meta?: any): void
+}
+
+export interface AuthResult {
+  success: boolean
+  error?: string
+  user?: {
+    publicKey: string
+    isAdmin: boolean
+    permissions: string[]
+  }
+}
+
+export interface CryptoAuthConfig {
+  maxTimeDrift: number
+  adminKeys: string[]
+  logger?: Logger
+}
+
+export class CryptoAuthService {
+  private config: CryptoAuthConfig
+  private logger?: Logger
+  private usedNonces: Map<string, number> = new Map() // Para prevenir replay attacks
+
+  constructor(config: CryptoAuthConfig) {
+    this.config = config
+    this.logger = config.logger
+
+    // Limpar nonces antigos a cada 5 minutos
+    setInterval(() => {
+      this.cleanupOldNonces()
+    }, 5 * 60 * 1000)
+  }
+
+  /**
+   * Validar assinatura de requisição
+   * PRINCIPAL: Valida se assinatura é válida para a chave pública fornecida
+   */
+  async validateRequest(data: {
+    publicKey: string
+    timestamp: number
+    nonce: string
+    signature: string
+    message?: string
+  }): Promise<AuthResult> {
+    try {
+      const { publicKey, timestamp, nonce, signature, message = "" } = data
+
+      // Validar chave pública
+      if (!this.isValidPublicKey(publicKey)) {
+        return {
+          success: false,
+          error: "Chave pública inválida"
+        }
+      }
+
+      // Verificar drift de tempo (previne replay de requisições antigas)
+      const now = Date.now()
+      const timeDrift = Math.abs(now - timestamp)
+      if (timeDrift > this.config.maxTimeDrift) {
+        return {
+          success: false,
+          error: "Timestamp inválido ou expirado"
+        }
+      }
+
+      // Verificar nonce (previne replay attacks)
+      const nonceKey = `${publicKey}:${nonce}`
+      if (this.usedNonces.has(nonceKey)) {
+        return {
+          success: false,
+          error: "Nonce já utilizado (possível replay attack)"
+        }
+      }
+
+      // Construir mensagem para verificação
+      const messageToVerify = `${publicKey}:${timestamp}:${nonce}:${message}`
+      const messageHash = sha256(new TextEncoder().encode(messageToVerify))
+
+      // Verificar assinatura usando chave pública
+      const publicKeyBytes = hexToBytes(publicKey)
+      const signatureBytes = hexToBytes(signature)
+
+      const isValidSignature = ed25519.verify(signatureBytes, messageHash, publicKeyBytes)
+
+      if (!isValidSignature) {
+        this.logger?.warn("Assinatura inválida", {
+          publicKey: publicKey.substring(0, 8) + "..."
+        })
+        return {
+          success: false,
+          error: "Assinatura inválida"
+        }
+      }
+
+      // Marcar nonce como usado
+      this.usedNonces.set(nonceKey, timestamp)
+
+      // Verificar se é admin
+      const isAdmin = this.config.adminKeys.includes(publicKey)
+      const permissions = isAdmin ? ['admin', 'read', 'write', 'delete'] : ['read']
+
+      this.logger?.debug("Requisição autenticada", {
+        publicKey: publicKey.substring(0, 8) + "...",
+        isAdmin,
+        permissions
+      })
+
+      return {
+        success: true,
+        user: {
+          publicKey,
+          isAdmin,
+          permissions
+        }
+      }
+    } catch (error) {
+      this.logger?.error("Erro ao validar requisição", { error })
+      return {
+        success: false,
+        error: "Erro interno ao validar requisição"
+      }
+    }
+  }
+
+  /**
+   * Verificar se uma chave pública é válida
+   */
+  private isValidPublicKey(publicKey: string): boolean {
+    try {
+      if (publicKey.length !== 64) {
+        return false
+      }
+      
+      const bytes = hexToBytes(publicKey)
+      return bytes.length === 32
+    } catch {
+      return false
+    }
+  }
+
+  /**
+   * Limpar nonces antigos (previne crescimento infinito da memória)
+   */
+  private cleanupOldNonces(): void {
+    const now = Date.now()
+    const maxAge = this.config.maxTimeDrift * 2 // Dobro do tempo máximo permitido
+    let cleanedCount = 0
+
+    for (const [nonceKey, timestamp] of this.usedNonces.entries()) {
+      if (now - timestamp > maxAge) {
+        this.usedNonces.delete(nonceKey)
+        cleanedCount++
+      }
+    }
+
+    if (cleanedCount > 0) {
+      this.logger?.debug(`Limpeza de nonces: ${cleanedCount} nonces antigos removidos`)
+    }
+  }
+
+  /**
+   * Obter estatísticas do serviço
+   */
+  getStats() {
+    return {
+      usedNoncesCount: this.usedNonces.size,
+      adminKeys: this.config.adminKeys.length,
+      maxTimeDrift: this.config.maxTimeDrift
+    }
+  }
 }

package/plugins/crypto-auth/server/middlewares/cryptoAuthAdmin.ts

@@ -24,17 +24,18 @@ export const cryptoAuthAdmin = (options: CryptoAuthMiddlewareOptions = {}) => {
       return {}
     })
     .use(
-      createGuard({
+      createGuard<{ request: Request & { user?: CryptoAuthUser } }>({
         name: 'crypto-auth-admin-check',
         check: ({ request }) => {
-          const user = (request as any).user as CryptoAuthUser | undefined
+          const user = request.user
           return !!(user && user.isAdmin)
         },
         onFail: (set, { request }) => {
-          const user = (request as any).user as CryptoAuthUser | undefined
+          const user = request.user
+          const s = set as { status: number }
 
           if (!user) {
-            set.status = 401
+            s.status = 401
             return {
               error: {
                 message: 'Authentication required',
@@ -49,7 +50,7 @@ export const cryptoAuthAdmin = (options: CryptoAuthMiddlewareOptions = {}) => {
             permissions: user.permissions
           })
 
-          set.status = 403
+          s.status = 403
           return {
             error: {
               message: 'Admin privileges required',

package/plugins/crypto-auth/server/middlewares/cryptoAuthPermissions.ts

@@ -27,10 +27,10 @@ export const cryptoAuthPermissions = (
       return {}
     })
     .use(
-      createGuard({
+      createGuard<{ request: Request & { user?: CryptoAuthUser } }>({
         name: 'crypto-auth-permissions-check',
         check: ({ request }) => {
-          const user = (request as any).user as CryptoAuthUser | undefined
+          const user = request.user
 
           if (!user) return false
 
@@ -40,10 +40,11 @@ export const cryptoAuthPermissions = (
           )
         },
         onFail: (set, { request }) => {
-          const user = (request as any).user as CryptoAuthUser | undefined
+          const user = request.user
+          const s = set as { status: number }
 
           if (!user) {
-            set.status = 401
+            s.status = 401
             return {
               error: {
                 message: 'Authentication required',
@@ -59,7 +60,7 @@ export const cryptoAuthPermissions = (
             has: user.permissions
           })
 
-          set.status = 403
+          s.status = 403
           return {
             error: {
               message: 'Insufficient permissions',

package/plugins/crypto-auth/server/middlewares/cryptoAuthRequired.ts

@@ -24,13 +24,13 @@ export const cryptoAuthRequired = (options: CryptoAuthMiddlewareOptions = {}) =>
       return {}
     })
     .use(
-      createGuard({
+      createGuard<{ request: Request & { user?: unknown } }>({
         name: 'crypto-auth-check',
         check: ({ request }) => {
-          return !!(request as any).user
+          return !!request.user
         },
         onFail: (set) => {
-          set.status = 401
+          (set as { status: number }).status = 401
           return {
             error: {
               message: 'Authentication required',

package/plugins/crypto-auth/server/middlewares/index.ts

@@ -1,22 +1,22 @@
-/**
- * Crypto Auth Middlewares
- * Exports centralizados de todos os middlewares
- */
-
-// Middlewares
-export { cryptoAuthRequired } from './cryptoAuthRequired'
-export { cryptoAuthAdmin } from './cryptoAuthAdmin'
-export { cryptoAuthOptional } from './cryptoAuthOptional'
-export { cryptoAuthPermissions } from './cryptoAuthPermissions'
-
-// Helpers
-export {
-  getCryptoAuthUser,
-  isCryptoAuthAuthenticated,
-  isCryptoAuthAdmin,
-  hasCryptoAuthPermission,
-  type CryptoAuthUser
-} from './helpers'
-
-// Types
-export type { CryptoAuthMiddlewareOptions } from './cryptoAuthRequired'
+/**
+ * Crypto Auth Middlewares
+ * Exports centralizados de todos os middlewares
+ */
+
+// Middlewares
+export { cryptoAuthRequired } from './cryptoAuthRequired'
+export { cryptoAuthAdmin } from './cryptoAuthAdmin'
+export { cryptoAuthOptional } from './cryptoAuthOptional'
+export { cryptoAuthPermissions } from './cryptoAuthPermissions'
+
+// Helpers
+export {
+  getCryptoAuthUser,
+  isCryptoAuthAuthenticated,
+  isCryptoAuthAdmin,
+  hasCryptoAuthPermission,
+  type CryptoAuthUser
+} from './helpers'
+
+// Types
+export type { CryptoAuthMiddlewareOptions } from './cryptoAuthRequired'

package/plugins/crypto-auth/server/middlewares.ts

@@ -1,19 +1,19 @@
-/**
- * Crypto Auth Middlewares
- * Middlewares Elysia para autenticação criptográfica
- *
- * Uso:
- * ```typescript
- * import { cryptoAuthRequired, cryptoAuthAdmin } from '@/plugins/crypto-auth/server'
- *
- * export const myRoutes = new Elysia()
- *   .use(cryptoAuthRequired())
- *   .get('/protected', ({ request }) => {
- *     const user = getCryptoAuthUser(request)
- *     return { user }
- *   })
- * ```
- */
-
-// Re-export tudo do módulo middlewares
-export * from './middlewares/index'
+/**
+ * Crypto Auth Middlewares
+ * Middlewares Elysia para autenticação criptográfica
+ *
+ * Uso:
+ * ```typescript
+ * import { cryptoAuthRequired, cryptoAuthAdmin } from '@/plugins/crypto-auth/server'
+ *
+ * export const myRoutes = new Elysia()
+ *   .use(cryptoAuthRequired())
+ *   .get('/protected', ({ request }) => {
+ *     const user = getCryptoAuthUser(request)
+ *     return { user }
+ *   })
+ * ```
+ */
+
+// Re-export tudo do módulo middlewares
+export * from './middlewares/index'