ecwt 0.2.1-beta.6 → 0.2.5

package/dist/main.d.ts

@@ -0,0 +1,160 @@
+import { Snowflake, SnowflakeFactory } from "@kirick/snowflake";
+import { LRUCache } from "lru-cache";
+import { RedisClientType, RedisFunctions, RedisModules, RedisScripts } from "redis";
+
+//#region src/token.d.ts
+declare class Ecwt<D extends Record<string, unknown> = Record<string, unknown>> {
+  /** Token string representation. */
+  readonly token: string;
+  /** Token ID. */
+  readonly id: string;
+  /** Snowflake associated with token. */
+  readonly snowflake: Snowflake;
+  /** Data stored in token. */
+  readonly data: Readonly<D>;
+  private ecwtFactory;
+  private ttl_initial;
+  /**
+  * @param {EcwtFactory} ecwtFactory -
+  * @param {object} options -
+  * @param {string} options.token String representation of token.
+  * @param {Snowflake} options.snowflake -
+  * @param {number | null} options.ttl_initial Time to live in seconds at the moment of token creation.
+  * @param {D} options.data Data stored in token.
+  */
+  constructor(ecwtFactory: EcwtFactory, options: {
+    token: string;
+    snowflake: Snowflake;
+    ttl_initial: number | null;
+    data: D;
+  });
+  /**
+  * Unix timestamp of token expiration in seconds.
+  * @returns -
+  */
+  get ts_expired(): number | null;
+  /**
+  * Actual time to live in seconds.
+  * @returns -
+  */
+  getTTL(): number | null;
+  /**
+  * Revokes token.
+  * @returns {} -
+  */
+  revoke(): Promise<void>;
+} //#endregion
+//#region src/factory.d.ts
+type LRUCacheValue = {
+  snowflake: Snowflake;
+  ttl_initial: number | null;
+  data: Record<string, unknown>;
+};
+type RedisClient = RedisClientType<RedisModules, RedisFunctions, RedisScripts>;
+type EcwtFactoryArguments<D extends Record<string, unknown>> = {
+  /** RedisClient instance. If not provided, tokens can not be revoked and can not be checked for revocation. */
+  redisClient?: RedisClient;
+  /** LRUCache instance. If not provided, tokens will be decrypted every time they are verified. */
+  lruCache?: LRUCache<string, LRUCacheValue>;
+  /** SnowflakeFactory instance. Generates unique IDs for tokens. */
+  snowflakeFactory: SnowflakeFactory;
+  options: {
+    /** Namespace for Redis keys. */
+    namespace?: string;
+    /** Encryption key, 64 bytes. */
+    key: Buffer;
+    /** Validator for token data. Should return validated value or throw an error. */
+    validator?: (value: unknown) => D;
+    /** Payload object keys mapped for their SenML keys. */
+    senml_key_map?: Record<string, number>;
+  };
+};
+declare class EcwtFactory<D extends Record<string, unknown> = Record<string, unknown>> {
+  private redisClient;
+  private lruCache;
+  private snowflakeFactory;
+  private redis_key_revoked;
+  private encryption_key;
+  private validator;
+  private cborEncoder;
+  constructor({
+    redisClient,
+    lruCache,
+    snowflakeFactory,
+    options
+  }: EcwtFactoryArguments<D>);
+  /**
+  * Creates new token.
+  * @async
+  * @param data - Data to be stored in token.
+  * @param options -
+  * @param options.ttl - Time to live in seconds. If not defined, token will never expire.
+  * @returns -
+  */
+  create(data: D, options?: {
+    /** Time to live in seconds. If not defined, token will never expire. */
+    ttl?: number;
+  }): Promise<Ecwt<D>>;
+  /**
+  * Sets data to cache.
+  * @param token - String representation of token.
+  * @param cache_value - Data to be stored in cache.
+  */
+  private setCache;
+  /**
+  * Parses token.
+  * @param token String representation of token.
+  * @returns -
+  */
+  verify(token: string): Promise<Ecwt<D>>;
+  /**
+  * Parses token without throwing errors.
+  * @param token - String representation of token.
+  * @returns Returns whether token was parsed and verified successfully and Ecwt if parsed.
+  */
+  safeVerify(token: string): Promise<{
+    success: true;
+    ecwt: Ecwt<D>;
+  } | {
+    success: false;
+    ecwt: Ecwt<D> | null;
+  }>;
+  /**
+  * Revokes token.
+  * @param token_id -
+  * @param ts_ms_created -
+  * @param ttl_initial -
+  * @returns -
+  */
+  private _revoke;
+  /**
+  * Purges LRU cache.
+  * @returns {void} -
+  */
+  private _purgeCache;
+} //#endregion
+//#region src/errors.d.ts
+/** Error thrown when string token cannot be parsed to Ecwt. */
+declare class EcwtParseError extends Error {
+  constructor();
+}
+
+/** Error thrown when parsed Ecwt is invalid. */
+declare class EcwtInvalidError extends Error {
+  readonly ecwt: Ecwt;
+  message: string;
+  constructor(ecwt: Ecwt);
+}
+
+/** Error thrown when parsed Ecwt is expired. */
+declare class EcwtExpiredError extends EcwtInvalidError {
+  message: string;
+}
+
+/** Error thrown when parsed Ecwt is revoked. */
+declare class EcwtRevokedError extends EcwtInvalidError {
+  message: string;
+}
+
+//#endregion
+export { Ecwt, EcwtExpiredError, EcwtFactory, EcwtInvalidError, EcwtParseError, EcwtRevokedError };

package/dist/main.js

@@ -0,0 +1,246 @@
+import { Encoder, decode, encode } from "cbor-x";
+import { decrypt, v2 } from "evilcrypt";
+import basex from "base-x";
+
+//#region src/token.ts
+var Ecwt = class {
+	/** Token string representation. */
+	token;
+	/** Token ID. */
+	id;
+	/** Snowflake associated with token. */
+	snowflake;
+	/** Data stored in token. */
+	data;
+	ecwtFactory;
+	ttl_initial;
+	/**
+	* @param {EcwtFactory} ecwtFactory -
+	* @param {object} options -
+	* @param {string} options.token String representation of token.
+	* @param {Snowflake} options.snowflake -
+	* @param {number | null} options.ttl_initial Time to live in seconds at the moment of token creation.
+	* @param {D} options.data Data stored in token.
+	*/
+	constructor(ecwtFactory, options) {
+		this.token = options.token;
+		this.id = options.snowflake.toBase62();
+		this.snowflake = options.snowflake;
+		this.data = Object.freeze(options.data);
+		this.ecwtFactory = ecwtFactory;
+		this.ttl_initial = options.ttl_initial;
+	}
+	/**
+	* Unix timestamp of token expiration in seconds.
+	* @returns -
+	*/
+	get ts_expired() {
+		if (this.ttl_initial === null) return null;
+		return Math.floor(this.snowflake.timestamp / 1e3) + this.ttl_initial;
+	}
+	/**
+	* Actual time to live in seconds.
+	* @returns -
+	*/
+	getTTL() {
+		if (this.ttl_initial === null) return null;
+		return this.ttl_initial - Math.floor((Date.now() - this.snowflake.timestamp) / 1e3);
+	}
+	/**
+	* Revokes token.
+	* @returns {} -
+	*/
+	revoke() {
+		return this.ecwtFactory._revoke(this.id, this.snowflake.timestamp, this.ttl_initial);
+	}
+};
+
+//#endregion
+//#region src/utils.ts
+const base62 = basex("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
+
+//#endregion
+//#region src/errors.ts
+/** Error thrown when string token cannot be parsed to Ecwt. */
+var EcwtParseError = class extends Error {
+	constructor() {
+		super("Cannot parse data to Ecwt token.");
+	}
+};
+/** Error thrown when parsed Ecwt is invalid. */
+var EcwtInvalidError = class extends Error {
+	message = "Ecwt token is invalid.";
+	constructor(ecwt) {
+		super();
+		this.ecwt = ecwt;
+	}
+};
+/** Error thrown when parsed Ecwt is expired. */
+var EcwtExpiredError = class extends EcwtInvalidError {
+	message = "Ecwt is expired.";
+};
+/** Error thrown when parsed Ecwt is revoked. */
+var EcwtRevokedError = class extends EcwtInvalidError {
+	message = "Ecwt is revoked.";
+};
+
+//#endregion
+//#region src/factory.ts
+const REDIS_PREFIX = "@ecwt:";
+var EcwtFactory = class {
+	redisClient;
+	lruCache;
+	snowflakeFactory;
+	redis_key_revoked;
+	encryption_key;
+	validator;
+	cborEncoder = null;
+	constructor({ redisClient, lruCache, snowflakeFactory, options }) {
+		this.redisClient = redisClient;
+		this.lruCache = lruCache;
+		this.snowflakeFactory = snowflakeFactory;
+		this.redis_key_revoked = `${REDIS_PREFIX}${options.namespace}:revoked`;
+		this.encryption_key = options.key;
+		this.validator = options.validator;
+		if (options.senml_key_map) this.cborEncoder = new Encoder({ keyMap: options.senml_key_map });
+	}
+	/**
+	* Creates new token.
+	* @async
+	* @param data - Data to be stored in token.
+	* @param options -
+	* @param options.ttl - Time to live in seconds. If not defined, token will never expire.
+	* @returns -
+	*/
+	async create(data, options = {}) {
+		if (typeof this.validator === "function") data = this.validator(data);
+		const ttl = options.ttl ?? null;
+		const snowflake = await this.snowflakeFactory.createSafe();
+		const payload = [
+			snowflake.toBuffer(),
+			ttl,
+			data
+		];
+		const token_raw = this.cborEncoder ? this.cborEncoder.encode(payload) : encode(payload);
+		const token_encrypted = await v2.encrypt(token_raw, this.encryption_key);
+		const token = base62.encode(token_encrypted);
+		this.setCache(token, {
+			snowflake,
+			ttl_initial: ttl,
+			data
+		});
+		return new Ecwt(this, {
+			token,
+			snowflake,
+			ttl_initial: ttl,
+			data
+		});
+	}
+	/**
+	* Sets data to cache.
+	* @param token - String representation of token.
+	* @param cache_value - Data to be stored in cache.
+	*/
+	setCache(token, cache_value) {
+		this.lruCache?.set(token, cache_value, cache_value.ttl_initial === null ? void 0 : { ttl: cache_value.ttl_initial * 1e3 });
+	}
+	/**
+	* Parses token.
+	* @param token String representation of token.
+	* @returns -
+	*/
+	async verify(token) {
+		if (typeof token !== "string") throw new TypeError("Token must be a string.");
+		let snowflake;
+		let ttl_initial;
+		let data;
+		const cached_entry = this.lruCache?.info(token);
+		if (cached_entry === void 0) {
+			const token_encrypted = Buffer.from(base62.decode(token));
+			let token_raw;
+			try {
+				token_raw = await decrypt(token_encrypted, this.encryption_key);
+			} catch {
+				throw new EcwtParseError();
+			}
+			const payload = this.cborEncoder ? this.cborEncoder.decode(token_raw) : decode(token_raw);
+			const [snowflake_buffer] = payload;
+			[, ttl_initial, data] = payload;
+			snowflake = this.snowflakeFactory.parse(snowflake_buffer);
+			if (typeof this.validator === "function") try {
+				data = this.validator(data);
+			} catch {
+				throw new EcwtParseError();
+			}
+			this.setCache(token, {
+				snowflake,
+				ttl_initial,
+				data
+			});
+		} else ({snowflake, ttl_initial, data} = cached_entry.value);
+		const ecwt = new Ecwt(this, {
+			token,
+			snowflake,
+			ttl_initial,
+			data
+		});
+		if (typeof ttl_initial === "number" && Number.isNaN(ttl_initial) !== true && snowflake.timestamp + ttl_initial * 1e3 < Date.now()) throw new EcwtExpiredError(ecwt);
+		if (this.redisClient) {
+			const score = await this.redisClient.ZSCORE(this.redis_key_revoked, ecwt.id);
+			if (score !== null) throw new EcwtRevokedError(ecwt);
+		}
+		return ecwt;
+	}
+	/**
+	* Parses token without throwing errors.
+	* @param token - String representation of token.
+	* @returns Returns whether token was parsed and verified successfully and Ecwt if parsed.
+	*/
+	async safeVerify(token) {
+		let ecwt = null;
+		try {
+			ecwt = await this.verify(token);
+			return {
+				success: true,
+				ecwt
+			};
+		} catch (error) {
+			if (error instanceof EcwtParseError) return {
+				success: false,
+				ecwt: null
+			};
+			if (error instanceof EcwtInvalidError) return {
+				success: false,
+				ecwt
+			};
+			throw error;
+		}
+	}
+	/**
+	* Revokes token.
+	* @param token_id -
+	* @param ts_ms_created -
+	* @param ttl_initial -
+	* @returns -
+	*/
+	async _revoke(token_id, ts_ms_created, ttl_initial) {
+		if (this.redisClient) {
+			ttl_initial ??= Number.MAX_SAFE_INTEGER;
+			const ts_ms_expired = ts_ms_created + ttl_initial * 1e3;
+			if (ts_ms_expired > Date.now()) await this.redisClient.MULTI().ZADD(this.redis_key_revoked, {
+				score: ts_ms_expired,
+				value: token_id
+			}).ZREMRANGEBYSCORE(this.redis_key_revoked, "-inf", Date.now()).EXEC();
+		} else console.warn("[ecwt] Redis client is not provided. Tokens cannot be revoked.");
+	}
+	/**
+	* Purges LRU cache.
+	* @returns {void} -
+	*/
+	_purgeCache() {
+		this.lruCache?.clear();
+	}
+};
+
+//#endregion
+export { Ecwt, EcwtExpiredError, EcwtFactory, EcwtInvalidError, EcwtParseError, EcwtRevokedError };

package/package.json

@@ -1,49 +1,54 @@
 {
 	"name": "ecwt",
-	"version": "0.2.1-beta.6",
-	"description": "Encrypted CBOR-encoded Web Token",
+	"version": "0.2.5",
+	"description": "Encrypted CBOR Web Token",
+	"publishConfig": {
+		"access": "public"
+	},
 	"type": "module",
-	"main": "src/main.js",
-	"types": "dist/types/main.d.ts",
+	"main": "dist/main.js",
+	"types": "dist/main.d.ts",
 	"exports": {
 		".": {
-			"import": "./src/main.js",
+			"import": "./dist/main.js",
 			"require": "./dist/main.cjs"
 		}
 	},
 	"engines": {
-		"node": ">=14.0.0"
+		"node": ">=16"
 	},
 	"dependencies": {
-		"base-x": "4.0.0",
+		"base-x": "5.0.1",
 		"cbor-x": "1.5.6",
-		"evilcrypt": "0.2.1-beta.1"
+		"evilcrypt": "0.2.3"
 	},
 	"peerDependencies": {
-		"@kirick/snowflake": "^0.2.2-beta.2",
+		"@kirick/snowflake": "^0.2.3 || ^0.3",
 		"lru-cache": "^9 || ^10",
-		"redis": "^4"
+		"redis": "^4.6"
 	},
 	"devDependencies": {
-		"@kirick/eslint-config": "^0.1.21",
-		"@types/node": "^22.2",
-		"eslint": "9.8.0",
-		"valibot": "^0.37",
-		"vitest": "^1.6"
+		"@kirick/eslint-config": "0.1.30",
+		"@types/node": "^22.14.1",
+		"eslint": "9.10.0",
+		"publint": "^0.3.12",
+		"tsdown": "^0.10.0",
+		"typescript": "5.8.3",
+		"unplugin-unused": "^0.4.4",
+		"valibot": "^1.0.0",
+		"vitest": "3.1.2"
 	},
 	"scripts": {
-		"build": "bun run build:types && bun run build:cjs",
-		"build:cjs": "bunx esbuild --bundle --platform=node --format=cjs --packages=external --outfile=dist/main.cjs src/main.js",
-		"build:types": "rm -rf dist/esm dist/types ; bunx tsc --emitDeclarationOnly && rm dist/**/*.test.d.ts",
-		"lint": "eslint . && bunx tsc --skipLibCheck --noemit",
-		"publish:npm": "bun run build && bun run lint && bun run test && npm publish",
+		"build": "tsdown src/main.ts --publint --unused --dts --format esm --format cjs && rm dist/main.d.cts",
+		"check": "bun run lint && bun run build && bun run test",
+		"lint": "eslint . && tsc --skipLibCheck --noemit",
 		"redis:up": "docker ps | grep test-redis >/dev/null || docker run --rm -d -p 16379:6379 --name test-redis redis:7-alpine",
 		"test": "bun run redis:up && npm run test:vitest && bun test --coverage",
 		"test:vitest": "vitest run --no-file-parallelism"
 	},
 	"repository": {
 		"type": "git",
-		"url": "git+https://github.com/kirick13/ecwt.git"
+		"url": "git+https://github.com/kirick-ts/ecwt.git"
 	},
 	"keywords": [
 		"ecwt",
@@ -56,7 +61,7 @@
 	"author": "Daniil Kirichenko (https://twitter.com/kirickme)",
 	"license": "MIT",
 	"bugs": {
-		"url": "https://github.com/kirick13/ecwt/issues"
+		"url": "https://github.com/kirick-ts/ecwt/issues"
 	},
-	"homepage": "https://github.com/kirick13/ecwt#readme"
+	"homepage": "https://github.com/kirick-ts/ecwt#readme"
 }

package/dist/types/factory.d.ts

@@ -1,97 +0,0 @@
-/**
- * @template {Record<string, any>} [D=Record<string, any>]
- */
-export class EcwtFactory<D extends Record<string, any> = Record<string, any>> {
-    /**
-     * @param {object} param0 -
-     * @param {import('redis').RedisClientType<import('redis').RedisModules, import('redis').RedisFunctions, import('redis').RedisScripts>} [param0.redisClient] RedisClient instance. If not provided, tokens will not be revoked and cannot be checked for revocation.
-     * @param {LRUCache<string, CacheValue>} [param0.lruCache] LRUCache instance. If not provided, tokens will be decrypted every time they are verified.
-     * @param {SnowflakeFactory} param0.snowflakeFactory SnowflakeFactory instance.
-     * @param {object} param0.options -
-     * @param {string} [param0.options.namespace] Namespace for Redis keys.
-     * @param {Buffer} param0.options.key Encryption key, 64 bytes
-     * @param {(value: unknown) => D} [param0.options.validator] Validator for token data. Should return validated value or throw an error.
-     * @param {Record<string, number>} [param0.options.senml_key_map] Payload object keys mapped for their SenML keys.
-     */
-    constructor({ redisClient, lruCache, snowflakeFactory, options: { namespace, key, validator, senml_key_map, }, }: {
-        redisClient?: import("redis").RedisClientType<import("redis").RedisModules, import("redis").RedisFunctions, import("redis").RedisScripts> | undefined;
-        lruCache?: LRUCache<string, CacheValue, any> | undefined;
-        snowflakeFactory: SnowflakeFactory;
-        options: {
-            namespace?: string | undefined;
-            key: Buffer;
-            validator?: ((value: unknown) => D) | undefined;
-            senml_key_map?: Record<string, number> | undefined;
-        };
-    });
-    /**
-     * Creates new token.
-     * @async
-     * @param {D} data Data to be stored in token.
-     * @param {object} [options] -
-     * @param {number | null} [options.ttl] Time to live in seconds. By default, token will never expire.
-     * @returns {Promise<Ecwt<D>>} -
-     */
-    create(data: D, { ttl, }?: {
-        ttl?: number | null | undefined;
-    } | undefined): Promise<Ecwt<D>>;
-    /**
-     * Parses token.
-     * @async
-     * @param {string} token String representation of token.
-     * @returns {Promise<Ecwt<D>>} -
-     */
-    verify(token: string): Promise<Ecwt<D>>;
-    /**
-     * Parses token without throwing errors.
-     * @async
-     * @param {string} token String representation of token.
-     * @returns {Promise<{ success: true, ecwt: Ecwt<D> } | { success: false, ecwt: Ecwt<D> | null }>} Returns whether token was parsed and verified successfully and Ecwt if parsed.
-     */
-    safeVerify(token: string): Promise<{
-        success: true;
-        ecwt: Ecwt<D>;
-    } | {
-        success: false;
-        ecwt: Ecwt<D> | null;
-    }>;
-    /**
-     * Revokes token.
-     * @async
-     * @param {object} options -
-     * @param {string} options.token_id -
-     * @param {number} options.ts_ms_created -
-     * @param {number | null} options.ttl_initial -
-     * @returns {Promise<void>} -
-     */
-    _revoke({ token_id, ts_ms_created, ttl_initial, }: {
-        token_id: string;
-        ts_ms_created: number;
-        ttl_initial: number | null;
-    }): Promise<void>;
-    /**
-     * Purges cache.
-     * @private
-     * @returns {void} -
-     */
-    private _purgeCache;
-    #private;
-}
-export type Snowflake = import("@kirick/snowflake").Snowflake;
-export type CacheValue = {
-    /**
-     * -
-     */
-    snowflake: Snowflake;
-    /**
-     * -
-     */
-    ttl_initial: number | null;
-    /**
-     * -
-     */
-    data: Record<string, any>;
-};
-import { Ecwt } from './token.js';
-import { LRUCache } from 'lru-cache';
-import { SnowflakeFactory } from '@kirick/snowflake';

package/dist/types/main.d.ts

@@ -1,4 +0,0 @@
-export { EcwtFactory } from "./factory.js";
-export { Ecwt } from "./token.js";
-export type CacheValue = import("./factory.js").CacheValue;
-export { EcwtParseError, EcwtInvalidError, EcwtExpiredError, EcwtRevokedError } from "./utils/errors.js";

package/dist/types/token.d.ts

@@ -1,66 +0,0 @@
-/**
- * @typedef {import('@kirick/snowflake').Snowflake} Snowflake
- * @typedef {import('./factory.js').EcwtFactory} EcwtFactory
- */
-/**
- * @template {Record<string, any>} [D=Record<string, any>]
- */
-export class Ecwt<D extends Record<string, any> = Record<string, any>> {
-    /**
-     * @param {EcwtFactory} ecwtFactory -
-     * @param {object} options -
-     * @param {string} options.token String representation of token.
-     * @param {Snowflake} options.snowflake -
-     * @param {number | null} options.ttl_initial Time to live in seconds at the moment of token creation.
-     * @param {D} options.data Data stored in token.
-     */
-    constructor(ecwtFactory: EcwtFactory, { token, snowflake, ttl_initial, data, }: {
-        token: string;
-        snowflake: Snowflake;
-        ttl_initial: number | null;
-        data: D;
-    });
-    /**
-     * Token string representation.
-     * @type {string}
-     * @readonly
-     */
-    readonly token: string;
-    /**
-     * Token ID.
-     * @type {string}
-     * @readonly
-     */
-    readonly id: string;
-    /**
-     * Snowflake associated with token.
-     * @type {Snowflake}
-     * @readonly
-     */
-    readonly snowflake: Snowflake;
-    /**
-     * Timestamp when token expires in seconds.
-     * @type {number?}
-     * @readonly
-     */
-    readonly ts_expired: number | null;
-    /**
-     * Data stored in token.
-     * @type {D}
-     * @readonly
-     */
-    readonly data: D;
-    /**
-     * Actual time to live in seconds.
-     * @returns {number | null} -
-     */
-    getTTL(): number | null;
-    /**
-     * Revokes token.
-     * @returns {Promise<void>} -
-     */
-    revoke(): Promise<void>;
-    #private;
-}
-export type Snowflake = import("@kirick/snowflake").Snowflake;
-export type EcwtFactory = import("./factory.js").EcwtFactory;

package/dist/types/utils/base62.d.ts

@@ -1,2 +0,0 @@
-export const base62: basex.BaseConverter;
-import basex from 'base-x';