ecwt 0.1.1-beta.1 → 0.1.1-beta.101

package/README.md

@@ -69,32 +69,24 @@ const lruCache = new LRUCache({
 
 #### Validation library of your choice (optional)
 
-To reduce the size of the token, ECWT does not include object keys in the payload. By specifying the schema, you also can validate the payloads.
+By specifying the schema, you also validate the payloads. Schema is a function that takes a value and returns it back or throws.
 
 In our example, we use [valibot](https://valibot.dev) library.
 
 ```javascript
-import {
-	number,
-	string,
-	maxValue,
-	maxLength,
-	safeParse } from 'valibot';
-
-const schema = {
-    user_id: (value) => safeParse(
-        number([
-            maxValue(10),
-        ]),
-        value,
-    ).success,
-    nick: (value) => safeParse(
-        string([
-            maxLength(10),
-        ]),
-        value,
-    ).success,
-};
+import * as v from 'valibot';
+
+const schema = (value) => v.parse(
+	v.object({
+		user_id: v.number([
+			v.maxValue(10),
+		]),
+		nick: v.string([
+			v.maxLength(10),
+		]),
+	}),
+	value,
+);
 ```
 
 That schema will prevent creating tokens for users with ID greater than 10 and nicknames longer than 10 characters.
@@ -111,14 +103,15 @@ constructor({
     options: {
         namespace: string?,
         key: Buffer,
-        schema: {
-            [key: string]: (value: any) => boolean,
-        } = {},
+        schema: (value: any) => any,
+        senmlKeyMap: {
+			[key: string]: number,
+		}?,
     },
 })
 ```
 
-Create your `EcwtFactory` instance to create, and parse tokens.
+Create your `EcwtFactory` instance to create, validate and revoke tokens.
 
 ```javascript
 import { EcwtFactory } from 'ecwt';
@@ -135,10 +128,16 @@ const ecwtFactory = new EcwtFactory({
 			'base64',
 		),
 		schema,
+		senml_key_map: {
+			user_id: 1,
+			nick: 2,
+		},
 	},
 });
 ```
 
+To reduce token size, which is especially important to reduce amount of data sent over the network, you can use `options.senml_key_map` to map keys to numbers. This way, CBOR encoder will use numbers instead of strings in object keys. You **should never change** number assigned to a key or **reassign number** to another key to avoid breaking the schema. For more information, see [RFC 8428](https://datatracker.ietf.org/doc/html/rfc8428#section-6).
+
 #### Class method `create`
 
 ```typescript
@@ -156,15 +155,15 @@ Creates a token.
 
 `options.ttl` specifies the time to live of the token in seconds. If set to null, token will never expire.
 
-> **Be careful with `ttl=null`!**
+> **Be careful with `ttl　=　null`!**
 >
-> Revoked tokens are stored in Redis until they expire. But such tokens will be stored in Redis forever, which will lead to uncontrolled Redis database growth.
+> Revoked tokens are stored in Redis until they expire. Never-expiring tokens will be stored in Redis **forever**, which will lead to uncontrolled Redis database growth.
 
 Returns `Ecwt` instance.
 
 ```javascript
 // Example
-const ecwt_token = await ecwtFactory.create(
+const ecwt = await ecwtFactory.create(
     {
         user_id: 1,
         nick: 'kirick',
@@ -195,12 +194,12 @@ Returns `Ecwt` instance.
 If the token is invalid, throws `EcwtInvalidError` which contains `Ecwt` instance in the `ecwt` property.
 
 ```javascript
-const ecwt_token = await ecwtFactory.verify(token);
+const ecwt = await ecwtFactory.verify(token);
 ```
 
 ### `Ecwt`
 
-Represents the token. It cannot be created by the user.
+Represents the token. Its counstructor cannot be called by the user.
 
 ```javascript
 import { Ecwt } from 'ecwt';

package/dist/ecwt.cjs

@@ -30,7 +30,10 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var main_exports = {};
 __export(main_exports, {
   Ecwt: () => Ecwt,
-  EcwtFactory: () => EcwtFactory
+  EcwtExpiredError: () => EcwtExpiredError,
+  EcwtFactory: () => EcwtFactory,
+  EcwtInvalidError: () => EcwtInvalidError,
+  EcwtRevokedError: () => EcwtRevokedError
 });
 module.exports = __toCommonJS(main_exports);
 
@@ -142,6 +145,10 @@ var Ecwt = class {
     }
     return this.#ttl_initial - toSeconds(Date.now() - this.snowflake.timestamp);
   }
+  /**
+   * Revokes token.
+   * @returns {Promise<void>} -
+   */
   /* async */
   revoke() {
     return this.#ecwtFactory._revoke({
@@ -162,6 +169,11 @@ var InvalidPackageInstanceError = class extends TypeError {
     super(`Value ${property} must be an instance of ${class_name} from package "${package_name}". That error is probably caused by two separate installations of "${package_name}". Please, make sure that "${package_name}" in your project is matches "peerDependencies" of "ecwt" package.`);
   }
 };
+var EcwtParseError = class extends Error {
+  constructor() {
+    super("Cannot parse data to Ecwt token.");
+  }
+};
 var EcwtInvalidError = class extends Error {
   constructor(ecwt) {
     super("Ecwt token is invalid.");
@@ -201,8 +213,8 @@ var EcwtFactory = class {
   #snowflakeFactory;
   #redis_keys = {};
   #encryption_key;
-  #schema;
-  #schema_keys_sorted;
+  #validator;
+  #cborEncoder;
   /**
    *
    * @param {object} param0 -
@@ -212,7 +224,8 @@ var EcwtFactory = class {
    * @param {object} param0.options -
    * @param {string} [param0.options.namespace] Namespace for Redis keys.
    * @param {Buffer} param0.options.key Encryption key, 64 bytes
-   * @param {{ [key: string]: (value: any) => boolean }} param0.options.schema Schema for token data. Each property is a validator function that returns true if value is valid.
+   * @param {(value: any) => any} [param0.options.validator] Validator for token data. Should return validated value or throw an error.
+   * @param {{ [key: string]: number }} [param0.options.senml_key_map] Payload object keys mapped for their SenML keys.
    */
   constructor({
     redisClient: redisClient2 = null,
@@ -221,7 +234,8 @@ var EcwtFactory = class {
     options: {
       namespace = null,
       key,
-      schema = {}
+      validator,
+      senml_key_map
     }
   }) {
     if (redisClient2 !== null && (redisClient2.constructor.name !== redis_client_constructor_name || getAllKeysList(redisClient2) !== redis_client_keys)) {
@@ -250,8 +264,12 @@ var EcwtFactory = class {
     this.#snowflakeFactory = snowflakeFactory;
     this.#redis_keys.revoked = `${REDIS_PREFIX}${namespace}:revoked`;
     this.#encryption_key = key;
-    this.#schema = schema;
-    this.#schema_keys_sorted = Object.keys(schema).sort();
+    this.#validator = validator;
+    if (senml_key_map) {
+      this.#cborEncoder = new import_cbor_x.Encoder({
+        keyMap: senml_key_map
+      });
+    }
   }
   /**
    * Creates new token.
@@ -264,24 +282,19 @@ var EcwtFactory = class {
   async create(data, {
     ttl
   } = {}) {
-    const payload = [];
-    for (const key of this.#schema_keys_sorted) {
-      const value = data[key];
-      const validator = this.#schema[key];
-      if (typeof validator === "function" && validator(value) !== true) {
-        throw new TypeError(`Value "${value}" of property "${key}" is invalid.`);
-      }
-      payload.push(value);
+    if (typeof this.#validator === "function") {
+      data = this.#validator(data);
     }
     if (typeof ttl !== "number" && Number.isNaN(ttl) !== true && ttl !== null) {
       throw new TypeError("TTL must be a number or null.");
     }
     const snowflake = await this.#snowflakeFactory.createSafe();
-    const token_raw = (0, import_cbor_x.encode)([
+    const payload = [
       snowflake.toBuffer(),
       ttl,
-      payload
-    ]);
+      data
+    ];
+    const token_raw = this.#cborEncoder ? this.#cborEncoder.encode(payload) : (0, import_cbor_x.encode)(payload);
     const token_encrypted = await import_evilcrypt.v2.encrypt(
       token_raw,
       this.#encryption_key
@@ -332,20 +345,31 @@ var EcwtFactory = class {
       const token_encrypted = Buffer.from(
         base62.decode(token)
       );
-      const token_raw = await (0, import_evilcrypt.decrypt)(
-        token_encrypted,
-        this.#encryption_key
-      );
+      let token_raw;
+      try {
+        token_raw = await (0, import_evilcrypt.decrypt)(
+          token_encrypted,
+          this.#encryption_key
+        );
+      } catch {
+        throw new EcwtParseError();
+      }
+      const payload = this.#cborEncoder ? this.#cborEncoder.decode(token_raw) : (0, import_cbor_x.decode)(token_raw);
       const [
-        snowflake_buffer,
-        _ttl_initial,
-        payload
-      ] = (0, import_cbor_x.decode)(token_raw);
+        snowflake_buffer
+      ] = payload;
+      [
+        ,
+        ttl_initial,
+        data
+      ] = payload;
       snowflake = this.#snowflakeFactory.parse(snowflake_buffer);
-      ttl_initial = _ttl_initial;
-      data = {};
-      for (const [index, key] of this.#schema_keys_sorted.entries()) {
-        data[key] = payload[index];
+      if (typeof this.#validator === "function") {
+        try {
+          data = this.#validator(data);
+        } catch {
+          throw new EcwtParseError();
+        }
       }
       this.#setCache(
         token,
@@ -426,5 +450,8 @@ var EcwtFactory = class {
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   Ecwt,
-  EcwtFactory
+  EcwtExpiredError,
+  EcwtFactory,
+  EcwtInvalidError,
+  EcwtRevokedError
 });

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "ecwt",
-	"version": "0.1.1-beta.1",
+	"version": "0.1.1-beta.101",
 	"description": "Encrypted CBOR-encoded Web Token",
 	"main": "src/main.js",
 	"type": "module",
@@ -20,7 +20,7 @@
 	},
 	"peerDependencies": {
 		"@kirick/snowflake": "^0.2.1-beta.1",
-		"lru-cache": "^7 || ^8 || ^9 || ^10",
+		"lru-cache": "^9 || ^10",
 		"redis": "^4"
 	},
 	"devDependencies": {
@@ -28,20 +28,21 @@
 		"eslint": "8.41.0",
 		"eslint-config-xo": "0.43.1",
 		"eslint-plugin-import": "2.27.5",
-		"eslint-plugin-jsdoc": "^46.9.1",
+		"eslint-plugin-jsdoc": "46.9.1",
 		"eslint-plugin-node": "11.1.0",
 		"eslint-plugin-promise": "6.1.1",
 		"eslint-plugin-unicorn": "47.0.0",
-		"jest": "^29.7.0",
-		"valibot": "^0.24.1"
+		"valibot": "^0.24.1",
+		"vitest": "1.3.1"
 	},
 	"scripts": {
-		"test": "bun run redis-up && npm run test-node && bun test",
-		"test-node": "NODE_OPTIONS=--experimental-vm-modules jest --forceExit",
+		"test": "bun run redis-up && bun test && npm run test-node",
+		"test-node": "vitest run --no-file-parallelism",
 		"coverage": "bun run redis-up && bun test --coverage",
 		"build": "bun run build-cjs",
 		"build-cjs": "bunx esbuild --bundle --platform=node --format=cjs --packages=external --outfile=dist/ecwt.cjs src/main.js",
-		"npm-publish": "bun run build && bun run eslint . && bun run test && npm publish --tag beta; bun run redis-down",
+		"npm-publish": "bun run build && bun run eslint . && bun run test && npm publish; bun run redis-down",
+		"npm-publish-beta": "bun run build && bun run eslint . && bun run test && npm publish --tag beta; bun run redis-down",
 		"redis-up": "docker ps | grep test-redis-ecwt-test >/dev/null || docker run --rm -d -p 16274:6379 --name test-redis-ecwt-test redis:7-alpine",
 		"redis-down": "docker stop test-redis-ecwt-test"
 	},

package/src/factory.js

@@ -1,6 +1,7 @@
 
 import { SnowflakeFactory }       from '@kirick/snowflake';
 import {
+	Encoder as CborEncoder,
 	encode as cborEncode,
 	decode as cborDecode }        from 'cbor-x';
 import {
@@ -13,7 +14,8 @@ import { base62 }                 from './utils/base62.js';
 import {
 	InvalidPackageInstanceError,
 	EcwtExpiredError,
-	EcwtRevokedError }            from './utils/errors.js';
+	EcwtRevokedError,
+    EcwtParseError }              from './utils/errors.js';
 
 const REDIS_PREFIX = '@ecwt:';
 
@@ -39,8 +41,8 @@ export class EcwtFactory {
 	#redis_keys = {};
 	#encryption_key;
 
-	#schema;
-	#schema_keys_sorted;
+	#validator;
+	#cborEncoder;
 
 	/**
 	 *
@@ -51,7 +53,8 @@ export class EcwtFactory {
 	 * @param {object} param0.options -
 	 * @param {string} [param0.options.namespace] Namespace for Redis keys.
 	 * @param {Buffer} param0.options.key Encryption key, 64 bytes
-	 * @param {{ [key: string]: (value: any) => boolean }} param0.options.schema Schema for token data. Each property is a validator function that returns true if value is valid.
+	 * @param {(value: any) => any} [param0.options.validator] Validator for token data. Should return validated value or throw an error.
+	 * @param {{ [key: string]: number }} [param0.options.senml_key_map] Payload object keys mapped for their SenML keys.
 	 */
 	constructor({
 		redisClient = null,
@@ -60,7 +63,8 @@ export class EcwtFactory {
 		options: {
 			namespace = null,
 			key,
-			schema = {},
+			validator,
+			senml_key_map,
 		},
 	}) {
 		if (
@@ -103,8 +107,13 @@ export class EcwtFactory {
 
 		this.#encryption_key = key;
 
-		this.#schema = schema;
-		this.#schema_keys_sorted = Object.keys(schema).sort();
+		this.#validator = validator;
+
+		if (senml_key_map) {
+			this.#cborEncoder = new CborEncoder({
+				keyMap: senml_key_map,
+			});
+		}
 	}
 
 	/**
@@ -121,19 +130,8 @@ export class EcwtFactory {
 			ttl,
 		} = {},
 	) {
-		const payload = [];
-		for (const key of this.#schema_keys_sorted) {
-			const value = data[key];
-			const validator = this.#schema[key];
-
-			if (
-				typeof validator === 'function'
-				&& validator(value) !== true
-			) {
-				throw new TypeError(`Value "${value}" of property "${key}" is invalid.`);
-			}
-
-			payload.push(value);
+		if (typeof this.#validator === 'function') {
+			data = this.#validator(data);
 		}
 
 		if (
@@ -146,11 +144,14 @@ export class EcwtFactory {
 
 		const snowflake = await this.#snowflakeFactory.createSafe();
 
-		const token_raw = cborEncode([
+		const payload = [
 			snowflake.toBuffer(),
 			ttl,
-			payload,
-		]);
+			data,
+		];
+		const token_raw = this.#cborEncoder
+			? this.#cborEncoder.encode(payload)
+			: cborEncode(payload);
 
 		const token_encrypted = await evilcryptV2.encrypt(
 			token_raw,
@@ -205,29 +206,45 @@ export class EcwtFactory {
 		let data;
 
 		const cached_entry = this.#lruCache?.info(token);
-		// token is cached
+		// token is not cached
 		if (cached_entry === undefined) {
 			const token_encrypted = Buffer.from(
 				base62.decode(token),
 			);
 
-			const token_raw = await evilcryptDecrypt(
-				token_encrypted,
-				this.#encryption_key,
-			);
+			let token_raw;
+			try {
+				token_raw = await evilcryptDecrypt(
+					token_encrypted,
+					this.#encryption_key,
+				);
+			}
+			catch {
+				throw new EcwtParseError();
+			}
+
+			const payload = this.#cborEncoder
+				? this.#cborEncoder.decode(token_raw)
+				: cborDecode(token_raw);
 
 			const [
 				snowflake_buffer,
-				_ttl_initial,
-				payload,
-			] = cborDecode(token_raw);
+			] = payload;
+			[
+				,
+				ttl_initial,
+				data,
+			] = payload;
 
 			snowflake = this.#snowflakeFactory.parse(snowflake_buffer);
-			ttl_initial = _ttl_initial;
 
-			data = {};
-			for (const [ index, key ] of this.#schema_keys_sorted.entries()) {
-				data[key] = payload[index];
+			if (typeof this.#validator === 'function') {
+				try {
+					data = this.#validator(data);
+				}
+				catch {
+					throw new EcwtParseError();
+				}
 			}
 
 			this.#setCache(

package/src/main.js

@@ -1,3 +1,8 @@
 
 export { EcwtFactory } from './factory.js';
 export { Ecwt } from './token.js';
+export {
+	EcwtInvalidError,
+	EcwtExpiredError,
+	EcwtRevokedError,
+} from './utils/errors.js';

package/src/token.js

@@ -120,6 +120,10 @@ export class Ecwt {
 		return this.#ttl_initial - toSeconds(Date.now() - this.snowflake.timestamp);
 	}
 
+	/**
+	 * Revokes token.
+	 * @returns {Promise<void>} -
+	 */
 	/* async */ revoke() {
 		return this.#ecwtFactory._revoke({
 			token_id: this.id,

package/src/utils/errors.js

@@ -5,6 +5,12 @@ export class InvalidPackageInstanceError extends TypeError {
 	}
 }
 
+export class EcwtParseError extends Error {
+	constructor() {
+		super('Cannot parse data to Ecwt token.');
+	}
+}
+
 export class EcwtInvalidError extends Error {
 	constructor(ecwt) {
 		super('Ecwt token is invalid.');