npm - hi-secure - Versions diffs - 1.0.0 - Mend

hi-secure 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (210) hide show

package/dist/adapters/ArgonAdapter.d.ts +8 -0
package/dist/adapters/ArgonAdapter.d.ts.map +1 -0
package/dist/adapters/ArgonAdapter.js +45 -0
package/dist/adapters/ArgonAdapter.js.map +1 -0
package/dist/adapters/BcryptAdapter.d.ts +7 -0
package/dist/adapters/BcryptAdapter.d.ts.map +1 -0
package/dist/adapters/BcryptAdapter.js +48 -0
package/dist/adapters/BcryptAdapter.js.map +1 -0
package/dist/adapters/DomPurifyAdapter.d.ts +13 -0
package/dist/adapters/DomPurifyAdapter.d.ts.map +1 -0
package/dist/adapters/DomPurifyAdapter.js +61 -0
package/dist/adapters/DomPurifyAdapter.js.map +1 -0
package/dist/adapters/ExpressRLAdapter.d.ts +13 -0
package/dist/adapters/ExpressRLAdapter.d.ts.map +1 -0
package/dist/adapters/ExpressRLAdapter.js +68 -0
package/dist/adapters/ExpressRLAdapter.js.map +1 -0
package/dist/adapters/ExpressValidatorAdapter.d.ts +6 -0
package/dist/adapters/ExpressValidatorAdapter.d.ts.map +1 -0
package/dist/adapters/ExpressValidatorAdapter.js +78 -0
package/dist/adapters/ExpressValidatorAdapter.js.map +1 -0
package/dist/adapters/GoggleAdapter.d.ts +15 -0
package/dist/adapters/GoggleAdapter.d.ts.map +1 -0
package/dist/adapters/GoggleAdapter.js +91 -0
package/dist/adapters/GoggleAdapter.js.map +1 -0
package/dist/adapters/GoogleAdapter.d.ts +15 -0
package/dist/adapters/GoogleAdapter.d.ts.map +1 -0
package/dist/adapters/GoogleAdapter.js +159 -0
package/dist/adapters/GoogleAdapter.js.map +1 -0
package/dist/adapters/JWTAdapter.d.ts +28 -0
package/dist/adapters/JWTAdapter.d.ts.map +1 -0
package/dist/adapters/JWTAdapter.js +276 -0
package/dist/adapters/JWTAdapter.js.map +1 -0
package/dist/adapters/RLFlexibleAdapter.d.ts +11 -0
package/dist/adapters/RLFlexibleAdapter.d.ts.map +1 -0
package/dist/adapters/RLFlexibleAdapter.js +115 -0
package/dist/adapters/RLFlexibleAdapter.js.map +1 -0
package/dist/adapters/SanitizeHtmlAdapter.d.ts +12 -0
package/dist/adapters/SanitizeHtmlAdapter.d.ts.map +1 -0
package/dist/adapters/SanitizeHtmlAdapter.js +141 -0
package/dist/adapters/SanitizeHtmlAdapter.js.map +1 -0
package/dist/adapters/XSSAdapter.d.ts +33 -0
package/dist/adapters/XSSAdapter.d.ts.map +1 -0
package/dist/adapters/XSSAdapter.js +127 -0
package/dist/adapters/XSSAdapter.js.map +1 -0
package/dist/adapters/ZodAdapter.d.ts +7 -0
package/dist/adapters/ZodAdapter.d.ts.map +1 -0
package/dist/adapters/ZodAdapter.js +39 -0
package/dist/adapters/ZodAdapter.js.map +1 -0
package/dist/core/HiSecure.d.ts +62 -0
package/dist/core/HiSecure.d.ts.map +1 -0
package/dist/core/HiSecure.js +273 -0
package/dist/core/HiSecure.js.map +1 -0
package/dist/core/config.d.ts +3 -0
package/dist/core/config.d.ts.map +1 -0
package/dist/core/config.js +53 -0
package/dist/core/config.js.map +1 -0
package/dist/core/constants.d.ts +37 -0
package/dist/core/constants.d.ts.map +1 -0
package/dist/core/constants.js +67 -0
package/dist/core/constants.js.map +1 -0
package/dist/core/errors/AdapterError.d.ts +5 -0
package/dist/core/errors/AdapterError.d.ts.map +1 -0
package/dist/core/errors/AdapterError.js +15 -0
package/dist/core/errors/AdapterError.js.map +1 -0
package/dist/core/errors/HttpErrror.d.ts +17 -0
package/dist/core/errors/HttpErrror.d.ts.map +1 -0
package/dist/core/errors/HttpErrror.js +36 -0
package/dist/core/errors/HttpErrror.js.map +1 -0
package/dist/core/errors/SanitizerError.d.ts +5 -0
package/dist/core/errors/SanitizerError.d.ts.map +1 -0
package/dist/core/errors/SanitizerError.js +14 -0
package/dist/core/errors/SanitizerError.js.map +1 -0
package/dist/core/errors/SecurityError.d.ts +5 -0
package/dist/core/errors/SecurityError.d.ts.map +1 -0
package/dist/core/errors/SecurityError.js +14 -0
package/dist/core/errors/SecurityError.js.map +1 -0
package/dist/core/errors/ValidationError.d.ts +5 -0
package/dist/core/errors/ValidationError.d.ts.map +1 -0
package/dist/core/errors/ValidationError.js +14 -0
package/dist/core/errors/ValidationError.js.map +1 -0
package/dist/core/types/HiSecureConfig.d.ts +47 -0
package/dist/core/types/HiSecureConfig.d.ts.map +1 -0
package/dist/core/types/HiSecureConfig.js +3 -0
package/dist/core/types/HiSecureConfig.js.map +1 -0
package/dist/core/types/SecureOptions.d.ts +30 -0
package/dist/core/types/SecureOptions.d.ts.map +1 -0
package/dist/core/types/SecureOptions.js +4 -0
package/dist/core/types/SecureOptions.js.map +1 -0
package/dist/core/useSecure.d.ts +10 -0
package/dist/core/useSecure.d.ts.map +1 -0
package/dist/core/useSecure.js +85 -0
package/dist/core/useSecure.js.map +1 -0
package/dist/examples/e1.d.ts +1 -0
package/dist/examples/e1.d.ts.map +1 -0
package/dist/examples/e1.js +3 -0
package/dist/examples/e1.js.map +1 -0
package/dist/index.d.ts +9 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +15 -0
package/dist/index.js.map +1 -0
package/dist/logging/index.d.ts +3 -0
package/dist/logging/index.d.ts.map +1 -0
package/dist/logging/index.js +19 -0
package/dist/logging/index.js.map +1 -0
package/dist/logging/morganSetup.d.ts +2 -0
package/dist/logging/morganSetup.d.ts.map +1 -0
package/dist/logging/morganSetup.js +9 -0
package/dist/logging/morganSetup.js.map +1 -0
package/dist/logging/winstonSetup.d.ts +6 -0
package/dist/logging/winstonSetup.d.ts.map +1 -0
package/dist/logging/winstonSetup.js +22 -0
package/dist/logging/winstonSetup.js.map +1 -0
package/dist/managers/AuthManager.d.ts +23 -0
package/dist/managers/AuthManager.d.ts.map +1 -0
package/dist/managers/AuthManager.js +190 -0
package/dist/managers/AuthManager.js.map +1 -0
package/dist/managers/CorsManager.d.ts +9 -0
package/dist/managers/CorsManager.d.ts.map +1 -0
package/dist/managers/CorsManager.js +55 -0
package/dist/managers/CorsManager.js.map +1 -0
package/dist/managers/HashManager.d.ts +22 -0
package/dist/managers/HashManager.d.ts.map +1 -0
package/dist/managers/HashManager.js +319 -0
package/dist/managers/HashManager.js.map +1 -0
package/dist/managers/JsonManager.d.ts +6 -0
package/dist/managers/JsonManager.d.ts.map +1 -0
package/dist/managers/JsonManager.js +142 -0
package/dist/managers/JsonManager.js.map +1 -0
package/dist/managers/RateLimitManager.d.ts +16 -0
package/dist/managers/RateLimitManager.d.ts.map +1 -0
package/dist/managers/RateLimitManager.js +108 -0
package/dist/managers/RateLimitManager.js.map +1 -0
package/dist/managers/SanitizerManager.d.ts +18 -0
package/dist/managers/SanitizerManager.d.ts.map +1 -0
package/dist/managers/SanitizerManager.js +296 -0
package/dist/managers/SanitizerManager.js.map +1 -0
package/dist/managers/ValidatorManager.d.ts +13 -0
package/dist/managers/ValidatorManager.d.ts.map +1 -0
package/dist/managers/ValidatorManager.js +218 -0
package/dist/managers/ValidatorManager.js.map +1 -0
package/dist/middlewares/errorHandler.d.ts +3 -0
package/dist/middlewares/errorHandler.d.ts.map +1 -0
package/dist/middlewares/errorHandler.js +94 -0
package/dist/middlewares/errorHandler.js.map +1 -0
package/dist/middlewares/index.d.ts +3 -0
package/dist/middlewares/index.d.ts.map +1 -0
package/dist/middlewares/index.js +19 -0
package/dist/middlewares/index.js.map +1 -0
package/dist/middlewares/requestLogger.d.ts +2 -0
package/dist/middlewares/requestLogger.d.ts.map +1 -0
package/dist/middlewares/requestLogger.js +8 -0
package/dist/middlewares/requestLogger.js.map +1 -0
package/dist/test/t1.d.ts +1 -0
package/dist/test/t1.d.ts.map +1 -0
package/dist/test/t1.js +3 -0
package/dist/test/t1.js.map +1 -0
package/dist/utils/deepFreeze.d.ts +2 -0
package/dist/utils/deepFreeze.d.ts.map +1 -0
package/dist/utils/deepFreeze.js +69 -0
package/dist/utils/deepFreeze.js.map +1 -0
package/dist/utils/deepMerge.d.ts +5 -0
package/dist/utils/deepMerge.d.ts.map +1 -0
package/dist/utils/deepMerge.js +68 -0
package/dist/utils/deepMerge.js.map +1 -0
package/dist/utils/normalizeOptions.d.ts +38 -0
package/dist/utils/normalizeOptions.d.ts.map +1 -0
package/dist/utils/normalizeOptions.js +119 -0
package/dist/utils/normalizeOptions.js.map +1 -0
package/package.json +50 -0
package/src/adapters/ArgonAdapter.ts +41 -0
package/src/adapters/BcryptAdapter.ts +49 -0
package/src/adapters/ExpressRLAdapter.ts +84 -0
package/src/adapters/ExpressValidatorAdapter.ts +99 -0
package/src/adapters/GoogleAdapter.ts +206 -0
package/src/adapters/JWTAdapter.ts +346 -0
package/src/adapters/RLFlexibleAdapter.ts +139 -0
package/src/adapters/SanitizeHtmlAdapter.ts +162 -0
package/src/adapters/XSSAdapter.ts +153 -0
package/src/adapters/ZodAdapter.ts +91 -0
package/src/core/HiSecure.ts +955 -0
package/src/core/config.ts +156 -0
package/src/core/constants.ts +73 -0
package/src/core/errors/AdapterError.ts +14 -0
package/src/core/errors/HttpErrror.ts +46 -0
package/src/core/errors/SanitizerError.ts +13 -0
package/src/core/errors/SecurityError.ts +13 -0
package/src/core/errors/ValidationError.ts +13 -0
package/src/core/types/HiSecureConfig.ts +62 -0
package/src/core/types/SecureOptions.ts +61 -0
package/src/core/useSecure.ts +111 -0
package/src/examples/e1.ts +1 -0
package/src/index.ts +17 -0
package/src/logging/index.ts +2 -0
package/src/logging/morganSetup.ts +3 -0
package/src/logging/winstonSetup.ts +17 -0
package/src/managers/AuthManager.ts +237 -0
package/src/managers/CorsManager.ts +58 -0
package/src/managers/HashManager.ts +390 -0
package/src/managers/JsonManager.ts +149 -0
package/src/managers/RateLimitManager.ts +368 -0
package/src/managers/SanitizerManager.ts +359 -0
package/src/managers/ValidatorManager.ts +269 -0
package/src/middlewares/errorHandler.ts +265 -0
package/src/middlewares/index.ts +2 -0
package/src/middlewares/requestLogger.ts +5 -0
package/src/test/t1.ts +1 -0
package/src/utils/deepFreeze.ts +76 -0
package/src/utils/deepMerge.ts +87 -0
package/src/utils/normalizeOptions.ts +265 -0
package/tsconfig.json +30 -0

package/src/adapters/ArgonAdapter.ts ADDED Viewed

@@ -0,0 +1,41 @@
+import argon2 from "argon2";
+import { AdapterError } from "../core/errors/AdapterError";
+import { logger } from "../logging";
+export class ArgonAdapter {
+    private options: argon2.Options | undefined;
+    constructor(options?: argon2.Options) {
+        if (options) {
+            this.options = options;
+        }
+    }
+    async hash(value: string): Promise<string> {
+        try {
+            return this.options
+                ? await argon2.hash(value, this.options)
+                : await argon2.hash(value); // avoid passing undefined
+        } catch (err: any) {
+            logger.error("❌ Argon2 hashing failed", {
+                error: err?.message || err
+            });
+            throw new AdapterError("Argon2 hashing failed.");
+        }
+    }
+    async verify(value: string, hashed: string): Promise<boolean> {
+        try {
+            if (!hashed || typeof hashed !== "string") {
+                throw new AdapterError("Invalid hash provided for verification.");
+            }
+            return await argon2.verify(hashed, value);
+        } catch (err: any) {
+            logger.error("❌ Argon2 verify failed", {
+                error: err?.message || err
+            });
+            throw new AdapterError("Argon2 verify failed.");
+        }
+    }
+}

package/src/adapters/BcryptAdapter.ts ADDED Viewed

@@ -0,0 +1,49 @@
+import bcrypt from "bcryptjs";
+import { AdapterError } from "../core/errors/AdapterError";
+import { logger } from "../logging";
+export class BcryptAdapter {
+    constructor(private saltRounds: number = 10) {}
+    async hash(value: string): Promise<string> {
+        try {
+            if (typeof value !== "string") {
+                throw new AdapterError("Value to hash must be a string.");
+            }
+            return await bcrypt.hash(value, this.saltRounds);
+        } catch (err: any) {
+            logger.error("❌ Bcrypt hashing failed", {
+                error: err?.message || err,
+                saltRounds: this.saltRounds
+            });
+            throw new AdapterError("Bcrypt hashing failed.");
+        }
+    }
+    async verify(value: string, hashed: string): Promise<boolean> {
+        try {
+            if (typeof value !== "string") {
+                throw new AdapterError("Value to verify must be a string.");
+            }
+            if (!hashed || typeof hashed !== "string") {
+                throw new AdapterError("Invalid hashed string provided.");
+            }
+            return await bcrypt.compare(value, hashed);
+        } catch (err: any) {
+            logger.error("❌ Bcrypt verify failed", {
+                error: err?.message || err
+            });
+            throw new AdapterError("Bcrypt verify failed.");
+        }
+    }
+}

package/src/adapters/ExpressRLAdapter.ts ADDED Viewed

@@ -0,0 +1,84 @@
+// import rateLimit from "express-rate-limit";
+// import { logger } from "../logging";
+// import { AdapterError } from "../core/errors/AdapterError";
+// export class ExpressRLAdapter {
+//     /**
+//      * Create express rate-limit middleware dynamically
+//      */
+//     getMiddleware(options: {
+//         windowMs?: number;
+//         max?: number;
+//         message?: any;
+//     } = {}) {
+//         try {
+//             const limiter = rateLimit({
+//                 windowMs: options.windowMs ?? 15 * 60 * 1000, // default
+//                 max: options.max ?? 100,
+//                 message: options.message ?? { error: "Too many requests" },
+//                 standardHeaders: true,
+//                 legacyHeaders: false,
+//             });
+//             return limiter;
+//         } catch (err: any) {
+//             logger.error("❌ ExpressRLAdapter: failed to create limiter", {
+//                 error: err?.message || err
+//             });
+//             throw new AdapterError("Express rate limiter creation failed.");
+//         }
+//     }
+// }
+// src/adapters/ExpressRLAdapter.ts - IMPROVED
+import rateLimit from "express-rate-limit";
+import { logger } from "../logging/index.js";
+import { AdapterError } from "../core/errors/AdapterError.js";
+export interface RateLimitOptions {
+    windowMs?: number;
+    max?: number;
+    message?: any;
+    skipFailedRequests?: boolean;
+    standardHeaders?: boolean;
+    legacyHeaders?: boolean;
+    [key: string]: any;
+}
+export class ExpressRLAdapter {
+    getMiddleware(options: RateLimitOptions = {}) {
+        try {
+            const defaultOptions = {
+                windowMs: 15 * 60 * 1000, // 15 minutes
+                max: 100,
+                message: { error: "Too many requests" },
+                standardHeaders: true,
+                legacyHeaders: false,
+                skipFailedRequests: false
+            };
+            const finalOptions = { ...defaultOptions, ...options };
+            const limiter = rateLimit(finalOptions);
+            logger.debug("📌 Express rate limiter configured", {
+                windowMs: finalOptions.windowMs,
+                max: finalOptions.max
+            });
+            return limiter;
+        } catch (err: any) {
+            logger.error("❌ ExpressRLAdapter: failed to create limiter", {
+                error: err?.message || err
+            });
+            throw new AdapterError("Express rate limiter creation failed.");
+        }
+    }
+}

package/src/adapters/ExpressValidatorAdapter.ts ADDED Viewed

@@ -0,0 +1,99 @@
+// import { validationResult } from "express-validator";
+// import { ValidationError } from "../core/errors/ValidationError";
+// import { logger } from "../logging";
+// export class ExpressValidatorAdapter {
+//     private globalSchema?: any[];
+//     constructor(globalSchema?: any[]) {
+//         this.globalSchema = globalSchema as any;;
+//     }
+//     /**
+//      * Dynamic schema override
+//      */
+//     validate(dynamicSchema?: any[]) {
+//         const schema = dynamicSchema || this.globalSchema;
+//         if (!schema || !Array.isArray(schema)) {
+//             return (req: any, res: any, next: any) => next();
+//         }
+//         return [
+//             ...schema,
+//             (req: any, res: any, next: any) => {
+//                 const errors = validationResult(req);
+//                 if (!errors.isEmpty()) {
+//                     const formatted = errors.array().map(err => ({
+//                         message: err.msg,
+//                     }));
+//                     logger.warn("⚠ express-validator failed", {
+//                         path: req.path,
+//                         method: req.method,
+//                         errors: formatted,
+//                         preview: JSON.stringify(req.body).slice(0, 200)
+//                     });
+//                     return next(new ValidationError("Validation failed."));
+//                 }
+//                 next();
+//             }
+//         ];
+//     }
+// }
+// src/adapters/ExpressValidatorAdapter.ts - FIXED
+import { validationResult } from "express-validator";
+import { ValidationError } from "../core/errors/ValidationError.js"; // ✅ Add .js
+import { logger } from "../logging/index.js";
+export class ExpressValidatorAdapter {
+    private globalSchema?: any[];
+    constructor(globalSchema?: any[]) {
+        this.globalSchema = globalSchema;
+    }
+    validate(dynamicSchema?: any[]) {
+        const schema = dynamicSchema || this.globalSchema;
+        if (!schema || !Array.isArray(schema)) {
+            return (req: any, res: any, next: any) => next();
+        }
+        return [
+            ...schema,
+            (req: any, res: any, next: any) => {
+                const errors = validationResult(req);
+                if (!errors.isEmpty()) {
+                    const formatted = errors.array().map(err => ({
+                        message: err.msg,
+                        // param: err.param ,
+                        // location: err.location
+                    }));
+                    logger.warn("⚠ express-validator failed", {
+                        path: req.path,
+                        method: req.method,
+                        errors: formatted,
+                        preview: JSON.stringify(req.body).slice(0, 200)
+                    });
+                    return next(new ValidationError("Validation failed.", formatted as any));
+                }
+                next();
+            }
+        ];
+    }
+}

package/src/adapters/GoogleAdapter.ts ADDED Viewed

@@ -0,0 +1,206 @@
+// // import { OAuth2Client, LoginTicket } from "google-auth-library";
+// // import { AdapterError } from "../core/errors/AdapterError";
+// // import { logWarn, logError } from "../logging";
+// // export class GoogleAdapter {
+// //     private client: OAuth2Client;
+// //     private clientId?: string;
+// //     constructor(clientId?: string) {
+// //         this.client = new OAuth2Client(clientId);
+// //         this.clientId = clientId as any;
+// //     }
+// //     async verifyIdToken(idToken: string) {
+// //         try {
+// //             const options: {
+// //                 idToken: string;
+// //                 audience?: string | string[];
+// //             } = { idToken };
+// //             // ADD ONLY IF DEFINED → FIXES TS ERROR
+// //             if (this.clientId !== undefined) {
+// //                 options.audience = this.clientId;
+// //             }
+// //             const ticket: LoginTicket = await this.client.verifyIdToken(options);
+// //             const payload = ticket.getPayload();
+// //             if (!payload) {
+// //                 logWarn("GoogleAdapter: Empty payload");
+// //                 throw new AdapterError("Invalid Google ID token payload.");
+// //             }
+// //             return {
+// //                 sub: payload.sub,
+// //                 email: payload.email,
+// //                 email_verified: payload.email_verified,
+// //                 name: payload.name,
+// //                 picture: payload.picture,
+// //             };
+// //         } catch (err: any) {
+// //             logError("GoogleAdapter.verifyIdToken failed", { error: err?.message });
+// //             throw new AdapterError(err?.message || "Google token verification failed");
+// //         }
+// //     }
+// // }
+// // src/adapters/GoogleAdapter.ts - IMPROVED
+// import { OAuth2Client, LoginTicket } from "google-auth-library";
+// import { AdapterError } from "../core/errors/AdapterError.js";
+// import { logWarn, logError } from "../logging/index.js";
+// export interface GoogleTokenPayload {
+//     sub: string;
+//     email: string;
+//     email_verified: boolean;
+//     name?: string;
+//     picture?: string;
+//     [key: string]: any;
+// }
+// export class GoogleAdapter {
+//     private client: OAuth2Client;
+//     private clientId?: string;
+//     constructor(clientId?: string) {
+//         if (clientId && clientId.trim().length === 0) {
+//             throw new AdapterError("Google clientId cannot be empty string");
+//         }
+//         this.client = new OAuth2Client(clientId);
+//         this.clientId = clientId;
+//     }
+//     async verifyIdToken(idToken: string): Promise<GoogleTokenPayload> {
+//         try {
+//             if (!idToken || typeof idToken !== 'string') {
+//                 throw new AdapterError("Invalid ID token provided");
+//             }
+//             const options: { idToken: string; audience?: string | string[] } = {
+//                 idToken
+//             };
+//             // Add audience only if clientId is provided and not empty
+//             if (this.clientId && this.clientId.trim().length > 0) {
+//                 options.audience = this.clientId;
+//             }
+//             const ticket: LoginTicket = await this.client.verifyIdToken(options);
+//             const payload = ticket.getPayload();
+//             if (!payload) {
+//                 logWarn("GoogleAdapter: Empty payload");
+//                 throw new AdapterError("Invalid Google ID token payload.");
+//             }
+//             return {
+//                 sub: payload.sub,
+//                 email: payload.email || '',
+//                 email_verified: payload.email_verified || false,
+//                 name: payload.name,
+//                 picture: payload.picture,
+//                 ...payload
+//             };
+//         } catch (err: any) {
+//             logError("GoogleAdapter.verifyIdToken failed", {
+//                 error: err?.message,
+//                 hasClientId: !!this.clientId
+//             });
+//             if (err.message?.includes('audience')) {
+//                 throw new AdapterError("Invalid Google client ID configured.");
+//             }
+//             throw new AdapterError(err?.message || "Google token verification failed");
+//         }
+//     }
+// }
+// src/adapters/GoogleAdapter.ts - FIXED
+import { OAuth2Client, LoginTicket } from "google-auth-library";
+import { AdapterError } from "../core/errors/AdapterError.js";
+import { logWarn, logError } from "../logging/index.js";
+export interface GoogleTokenPayload {
+    sub: string;
+    email: string;
+    email_verified: boolean;
+    name?: string;
+    picture?: string;
+    [key: string]: any;
+}
+export class GoogleAdapter {
+    private client: OAuth2Client;
+    private clientId?: string;
+    constructor(clientId?: string) {
+        if (clientId && clientId.trim().length === 0) {
+            throw new AdapterError("Google clientId cannot be empty string");
+        }
+        this.client = new OAuth2Client(clientId);
+        this.clientId = clientId;
+    }
+    async verifyIdToken(idToken: string): Promise<GoogleTokenPayload> {
+        try {
+            if (!idToken || typeof idToken !== 'string') {
+                throw new AdapterError("Invalid ID token provided");
+            }
+            const options: { idToken: string; audience?: string | string[] } = {
+                idToken
+            };
+            // Add audience only if clientId is provided and not empty
+            if (this.clientId && this.clientId.trim().length > 0) {
+                options.audience = this.clientId;
+            }
+            const ticket: LoginTicket = await this.client.verifyIdToken(options);
+            const payload = ticket.getPayload();
+            if (!payload) {
+                logWarn("GoogleAdapter: Empty payload");
+                throw new AdapterError("Invalid Google ID token payload.");
+            }
+            // Create result object
+            const result: GoogleTokenPayload = {
+                sub: payload.sub,
+                email: payload.email || '',
+                email_verified: payload.email_verified || false,
+                name: payload.name,
+                picture: payload.picture
+            };
+            // Add remaining properties from payload (excluding duplicates)
+            const { sub, email, email_verified, name, picture, ...rest } = payload;
+            Object.assign(result, rest);
+            return result;
+        } catch (err: any) {
+            logError("GoogleAdapter.verifyIdToken failed", {
+                error: err?.message,
+                hasClientId: !!this.clientId
+            });
+            if (err.message?.includes('audience')) {
+                throw new AdapterError("Invalid Google client ID configured.");
+            }
+            throw new AdapterError(err?.message || "Google token verification failed");
+        }
+    }
+}