hi-secure 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/ArgonAdapter.d.ts +8 -0
- package/dist/adapters/ArgonAdapter.d.ts.map +1 -0
- package/dist/adapters/ArgonAdapter.js +45 -0
- package/dist/adapters/ArgonAdapter.js.map +1 -0
- package/dist/adapters/BcryptAdapter.d.ts +7 -0
- package/dist/adapters/BcryptAdapter.d.ts.map +1 -0
- package/dist/adapters/BcryptAdapter.js +48 -0
- package/dist/adapters/BcryptAdapter.js.map +1 -0
- package/dist/adapters/DomPurifyAdapter.d.ts +13 -0
- package/dist/adapters/DomPurifyAdapter.d.ts.map +1 -0
- package/dist/adapters/DomPurifyAdapter.js +61 -0
- package/dist/adapters/DomPurifyAdapter.js.map +1 -0
- package/dist/adapters/ExpressRLAdapter.d.ts +13 -0
- package/dist/adapters/ExpressRLAdapter.d.ts.map +1 -0
- package/dist/adapters/ExpressRLAdapter.js +68 -0
- package/dist/adapters/ExpressRLAdapter.js.map +1 -0
- package/dist/adapters/ExpressValidatorAdapter.d.ts +6 -0
- package/dist/adapters/ExpressValidatorAdapter.d.ts.map +1 -0
- package/dist/adapters/ExpressValidatorAdapter.js +78 -0
- package/dist/adapters/ExpressValidatorAdapter.js.map +1 -0
- package/dist/adapters/GoggleAdapter.d.ts +15 -0
- package/dist/adapters/GoggleAdapter.d.ts.map +1 -0
- package/dist/adapters/GoggleAdapter.js +91 -0
- package/dist/adapters/GoggleAdapter.js.map +1 -0
- package/dist/adapters/GoogleAdapter.d.ts +15 -0
- package/dist/adapters/GoogleAdapter.d.ts.map +1 -0
- package/dist/adapters/GoogleAdapter.js +159 -0
- package/dist/adapters/GoogleAdapter.js.map +1 -0
- package/dist/adapters/JWTAdapter.d.ts +28 -0
- package/dist/adapters/JWTAdapter.d.ts.map +1 -0
- package/dist/adapters/JWTAdapter.js +276 -0
- package/dist/adapters/JWTAdapter.js.map +1 -0
- package/dist/adapters/RLFlexibleAdapter.d.ts +11 -0
- package/dist/adapters/RLFlexibleAdapter.d.ts.map +1 -0
- package/dist/adapters/RLFlexibleAdapter.js +115 -0
- package/dist/adapters/RLFlexibleAdapter.js.map +1 -0
- package/dist/adapters/SanitizeHtmlAdapter.d.ts +12 -0
- package/dist/adapters/SanitizeHtmlAdapter.d.ts.map +1 -0
- package/dist/adapters/SanitizeHtmlAdapter.js +141 -0
- package/dist/adapters/SanitizeHtmlAdapter.js.map +1 -0
- package/dist/adapters/XSSAdapter.d.ts +33 -0
- package/dist/adapters/XSSAdapter.d.ts.map +1 -0
- package/dist/adapters/XSSAdapter.js +127 -0
- package/dist/adapters/XSSAdapter.js.map +1 -0
- package/dist/adapters/ZodAdapter.d.ts +7 -0
- package/dist/adapters/ZodAdapter.d.ts.map +1 -0
- package/dist/adapters/ZodAdapter.js +39 -0
- package/dist/adapters/ZodAdapter.js.map +1 -0
- package/dist/core/HiSecure.d.ts +62 -0
- package/dist/core/HiSecure.d.ts.map +1 -0
- package/dist/core/HiSecure.js +273 -0
- package/dist/core/HiSecure.js.map +1 -0
- package/dist/core/config.d.ts +3 -0
- package/dist/core/config.d.ts.map +1 -0
- package/dist/core/config.js +53 -0
- package/dist/core/config.js.map +1 -0
- package/dist/core/constants.d.ts +37 -0
- package/dist/core/constants.d.ts.map +1 -0
- package/dist/core/constants.js +67 -0
- package/dist/core/constants.js.map +1 -0
- package/dist/core/errors/AdapterError.d.ts +5 -0
- package/dist/core/errors/AdapterError.d.ts.map +1 -0
- package/dist/core/errors/AdapterError.js +15 -0
- package/dist/core/errors/AdapterError.js.map +1 -0
- package/dist/core/errors/HttpErrror.d.ts +17 -0
- package/dist/core/errors/HttpErrror.d.ts.map +1 -0
- package/dist/core/errors/HttpErrror.js +36 -0
- package/dist/core/errors/HttpErrror.js.map +1 -0
- package/dist/core/errors/SanitizerError.d.ts +5 -0
- package/dist/core/errors/SanitizerError.d.ts.map +1 -0
- package/dist/core/errors/SanitizerError.js +14 -0
- package/dist/core/errors/SanitizerError.js.map +1 -0
- package/dist/core/errors/SecurityError.d.ts +5 -0
- package/dist/core/errors/SecurityError.d.ts.map +1 -0
- package/dist/core/errors/SecurityError.js +14 -0
- package/dist/core/errors/SecurityError.js.map +1 -0
- package/dist/core/errors/ValidationError.d.ts +5 -0
- package/dist/core/errors/ValidationError.d.ts.map +1 -0
- package/dist/core/errors/ValidationError.js +14 -0
- package/dist/core/errors/ValidationError.js.map +1 -0
- package/dist/core/types/HiSecureConfig.d.ts +47 -0
- package/dist/core/types/HiSecureConfig.d.ts.map +1 -0
- package/dist/core/types/HiSecureConfig.js +3 -0
- package/dist/core/types/HiSecureConfig.js.map +1 -0
- package/dist/core/types/SecureOptions.d.ts +30 -0
- package/dist/core/types/SecureOptions.d.ts.map +1 -0
- package/dist/core/types/SecureOptions.js +4 -0
- package/dist/core/types/SecureOptions.js.map +1 -0
- package/dist/core/useSecure.d.ts +10 -0
- package/dist/core/useSecure.d.ts.map +1 -0
- package/dist/core/useSecure.js +85 -0
- package/dist/core/useSecure.js.map +1 -0
- package/dist/examples/e1.d.ts +1 -0
- package/dist/examples/e1.d.ts.map +1 -0
- package/dist/examples/e1.js +3 -0
- package/dist/examples/e1.js.map +1 -0
- package/dist/index.d.ts +9 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +15 -0
- package/dist/index.js.map +1 -0
- package/dist/logging/index.d.ts +3 -0
- package/dist/logging/index.d.ts.map +1 -0
- package/dist/logging/index.js +19 -0
- package/dist/logging/index.js.map +1 -0
- package/dist/logging/morganSetup.d.ts +2 -0
- package/dist/logging/morganSetup.d.ts.map +1 -0
- package/dist/logging/morganSetup.js +9 -0
- package/dist/logging/morganSetup.js.map +1 -0
- package/dist/logging/winstonSetup.d.ts +6 -0
- package/dist/logging/winstonSetup.d.ts.map +1 -0
- package/dist/logging/winstonSetup.js +22 -0
- package/dist/logging/winstonSetup.js.map +1 -0
- package/dist/managers/AuthManager.d.ts +23 -0
- package/dist/managers/AuthManager.d.ts.map +1 -0
- package/dist/managers/AuthManager.js +190 -0
- package/dist/managers/AuthManager.js.map +1 -0
- package/dist/managers/CorsManager.d.ts +9 -0
- package/dist/managers/CorsManager.d.ts.map +1 -0
- package/dist/managers/CorsManager.js +55 -0
- package/dist/managers/CorsManager.js.map +1 -0
- package/dist/managers/HashManager.d.ts +22 -0
- package/dist/managers/HashManager.d.ts.map +1 -0
- package/dist/managers/HashManager.js +319 -0
- package/dist/managers/HashManager.js.map +1 -0
- package/dist/managers/JsonManager.d.ts +6 -0
- package/dist/managers/JsonManager.d.ts.map +1 -0
- package/dist/managers/JsonManager.js +142 -0
- package/dist/managers/JsonManager.js.map +1 -0
- package/dist/managers/RateLimitManager.d.ts +16 -0
- package/dist/managers/RateLimitManager.d.ts.map +1 -0
- package/dist/managers/RateLimitManager.js +108 -0
- package/dist/managers/RateLimitManager.js.map +1 -0
- package/dist/managers/SanitizerManager.d.ts +18 -0
- package/dist/managers/SanitizerManager.d.ts.map +1 -0
- package/dist/managers/SanitizerManager.js +296 -0
- package/dist/managers/SanitizerManager.js.map +1 -0
- package/dist/managers/ValidatorManager.d.ts +13 -0
- package/dist/managers/ValidatorManager.d.ts.map +1 -0
- package/dist/managers/ValidatorManager.js +218 -0
- package/dist/managers/ValidatorManager.js.map +1 -0
- package/dist/middlewares/errorHandler.d.ts +3 -0
- package/dist/middlewares/errorHandler.d.ts.map +1 -0
- package/dist/middlewares/errorHandler.js +94 -0
- package/dist/middlewares/errorHandler.js.map +1 -0
- package/dist/middlewares/index.d.ts +3 -0
- package/dist/middlewares/index.d.ts.map +1 -0
- package/dist/middlewares/index.js +19 -0
- package/dist/middlewares/index.js.map +1 -0
- package/dist/middlewares/requestLogger.d.ts +2 -0
- package/dist/middlewares/requestLogger.d.ts.map +1 -0
- package/dist/middlewares/requestLogger.js +8 -0
- package/dist/middlewares/requestLogger.js.map +1 -0
- package/dist/test/t1.d.ts +1 -0
- package/dist/test/t1.d.ts.map +1 -0
- package/dist/test/t1.js +3 -0
- package/dist/test/t1.js.map +1 -0
- package/dist/utils/deepFreeze.d.ts +2 -0
- package/dist/utils/deepFreeze.d.ts.map +1 -0
- package/dist/utils/deepFreeze.js +69 -0
- package/dist/utils/deepFreeze.js.map +1 -0
- package/dist/utils/deepMerge.d.ts +5 -0
- package/dist/utils/deepMerge.d.ts.map +1 -0
- package/dist/utils/deepMerge.js +68 -0
- package/dist/utils/deepMerge.js.map +1 -0
- package/dist/utils/normalizeOptions.d.ts +38 -0
- package/dist/utils/normalizeOptions.d.ts.map +1 -0
- package/dist/utils/normalizeOptions.js +119 -0
- package/dist/utils/normalizeOptions.js.map +1 -0
- package/package.json +50 -0
- package/src/adapters/ArgonAdapter.ts +41 -0
- package/src/adapters/BcryptAdapter.ts +49 -0
- package/src/adapters/ExpressRLAdapter.ts +84 -0
- package/src/adapters/ExpressValidatorAdapter.ts +99 -0
- package/src/adapters/GoogleAdapter.ts +206 -0
- package/src/adapters/JWTAdapter.ts +346 -0
- package/src/adapters/RLFlexibleAdapter.ts +139 -0
- package/src/adapters/SanitizeHtmlAdapter.ts +162 -0
- package/src/adapters/XSSAdapter.ts +153 -0
- package/src/adapters/ZodAdapter.ts +91 -0
- package/src/core/HiSecure.ts +955 -0
- package/src/core/config.ts +156 -0
- package/src/core/constants.ts +73 -0
- package/src/core/errors/AdapterError.ts +14 -0
- package/src/core/errors/HttpErrror.ts +46 -0
- package/src/core/errors/SanitizerError.ts +13 -0
- package/src/core/errors/SecurityError.ts +13 -0
- package/src/core/errors/ValidationError.ts +13 -0
- package/src/core/types/HiSecureConfig.ts +62 -0
- package/src/core/types/SecureOptions.ts +61 -0
- package/src/core/useSecure.ts +111 -0
- package/src/examples/e1.ts +1 -0
- package/src/index.ts +17 -0
- package/src/logging/index.ts +2 -0
- package/src/logging/morganSetup.ts +3 -0
- package/src/logging/winstonSetup.ts +17 -0
- package/src/managers/AuthManager.ts +237 -0
- package/src/managers/CorsManager.ts +58 -0
- package/src/managers/HashManager.ts +390 -0
- package/src/managers/JsonManager.ts +149 -0
- package/src/managers/RateLimitManager.ts +368 -0
- package/src/managers/SanitizerManager.ts +359 -0
- package/src/managers/ValidatorManager.ts +269 -0
- package/src/middlewares/errorHandler.ts +265 -0
- package/src/middlewares/index.ts +2 -0
- package/src/middlewares/requestLogger.ts +5 -0
- package/src/test/t1.ts +1 -0
- package/src/utils/deepFreeze.ts +76 -0
- package/src/utils/deepMerge.ts +87 -0
- package/src/utils/normalizeOptions.ts +265 -0
- package/tsconfig.json +30 -0
|
@@ -0,0 +1,955 @@
|
|
|
1
|
+
// // // src/core/HiSecure.ts
|
|
2
|
+
|
|
3
|
+
// // import { HiSecureConfig } from "./types/HiSecureConfig.js";
|
|
4
|
+
// // import { defaultConfig } from "./config.js";
|
|
5
|
+
// // import { LIB_NAME, LIB_VERSION } from "./constants.js";
|
|
6
|
+
// // import { deepMerge } from "../utils/deepMerge.js";
|
|
7
|
+
// // import { deepFreeze } from "../utils/deepFreeze.js";
|
|
8
|
+
|
|
9
|
+
// // import { logger } from "../logging";
|
|
10
|
+
|
|
11
|
+
// // // Adapters
|
|
12
|
+
// // import { ArgonAdapter } from "../adapters/ArgonAdapter.js";
|
|
13
|
+
// // import { BcryptAdapter } from "../adapters/BcryptAdapter.js";
|
|
14
|
+
// // import { RLFlexibleAdapter } from "../adapters/RLFlexibleAdapter.js";
|
|
15
|
+
// // import { ExpressRLAdapter } from "../adapters/ExpressRLAdapter.js";
|
|
16
|
+
// // import { ZodAdapter } from "../adapters/ZodAdapter.js";
|
|
17
|
+
// // import { ExpressValidatorAdapter } from "../adapters/ExpressValidatorAdapter.js";
|
|
18
|
+
// // import { SanitizeHtmlAdapter } from "../adapters/SanitizeHtmlAdapter.js";
|
|
19
|
+
// // import { DomPurifyAdapter } from "../adapters/DomPurifyAdapter.js";
|
|
20
|
+
|
|
21
|
+
// // // Managers
|
|
22
|
+
// // import { HashManager } from "../managers/HashManager.js";
|
|
23
|
+
// // import { RateLimitManager } from "../managers/RateLimitManager.js";
|
|
24
|
+
// // import { ValidatorManager } from "../managers/ValidatorManager.js";
|
|
25
|
+
// // import { SanitizerManager } from "../managers/SanitizerManager.js";
|
|
26
|
+
// // import { JsonManager } from "../managers/JsonManager.js";
|
|
27
|
+
// // import { CorsManager } from "../managers/CorsManager.js";
|
|
28
|
+
// // import { AuthManager } from "../managers/AuthManager.js";
|
|
29
|
+
|
|
30
|
+
// // // 3rd-party express middlewares
|
|
31
|
+
// // import helmet from "helmet";
|
|
32
|
+
// // import hpp from "hpp";
|
|
33
|
+
|
|
34
|
+
// // // Shared error handler
|
|
35
|
+
// // import { errorHandler } from "../middlewares/errorHandler.js";
|
|
36
|
+
|
|
37
|
+
// // export class HiSecure {
|
|
38
|
+
// // private config: HiSecureConfig;
|
|
39
|
+
// // private initialized = false;
|
|
40
|
+
|
|
41
|
+
// // // Managers exposed for user
|
|
42
|
+
// // public hashManager!: HashManager;
|
|
43
|
+
// // public rateLimitManager!: RateLimitManager;
|
|
44
|
+
// // public validatorManager!: ValidatorManager;
|
|
45
|
+
// // public sanitizerManager!: SanitizerManager;
|
|
46
|
+
// // public jsonManager!: JsonManager;
|
|
47
|
+
// // public corsManager!: CorsManager;
|
|
48
|
+
// // public authManager?: AuthManager;
|
|
49
|
+
|
|
50
|
+
// // // Internal adapters
|
|
51
|
+
// // private hashingPrimary: any;
|
|
52
|
+
// // private hashingFallback: any;
|
|
53
|
+
// // private rateLimiterPrimary: any;
|
|
54
|
+
// // private rateLimiterFallback: any;
|
|
55
|
+
// // private validatorPrimary: any;
|
|
56
|
+
// // private validatorFallback: any;
|
|
57
|
+
// // private sanitizerPrimary: any;
|
|
58
|
+
// // private sanitizerFallback: any;
|
|
59
|
+
|
|
60
|
+
// // constructor(userConfig: Partial<HiSecureConfig> = {}) {
|
|
61
|
+
// // this.config = deepMerge(defaultConfig, userConfig);
|
|
62
|
+
// // }
|
|
63
|
+
|
|
64
|
+
// // // ---------------------------------------------------------
|
|
65
|
+
// // // INIT
|
|
66
|
+
// // // ---------------------------------------------------------
|
|
67
|
+
// // init() {
|
|
68
|
+
// // if (this.initialized) {
|
|
69
|
+
// // logger.warn("⚠ HiSecure.init() called twice → ignored.");
|
|
70
|
+
// // return;
|
|
71
|
+
// // }
|
|
72
|
+
|
|
73
|
+
// // logger.info(`🔐 ${LIB_NAME} v${LIB_VERSION} initialized`);
|
|
74
|
+
// // logger.info("⚙ Loaded configuration:", this.config);
|
|
75
|
+
|
|
76
|
+
// // this.setupAdapters();
|
|
77
|
+
// // this.setupManagers();
|
|
78
|
+
// // this.setupDynamicManagers();
|
|
79
|
+
|
|
80
|
+
// // // IMMUTABLE — library cannot be modified at runtime
|
|
81
|
+
// // deepFreeze(this.config);
|
|
82
|
+
// // deepFreeze(this.hashManager);
|
|
83
|
+
// // deepFreeze(this.rateLimitManager);
|
|
84
|
+
// // deepFreeze(this.validatorManager);
|
|
85
|
+
// // deepFreeze(this.sanitizerManager);
|
|
86
|
+
// // deepFreeze(this.jsonManager);
|
|
87
|
+
// // deepFreeze(this.corsManager);
|
|
88
|
+
// // if (this.authManager) deepFreeze(this.authManager);
|
|
89
|
+
|
|
90
|
+
// // this.initialized = true;
|
|
91
|
+
|
|
92
|
+
// // logger.info("🔒 HiSecure locked — production-ready");
|
|
93
|
+
// // }
|
|
94
|
+
|
|
95
|
+
// // isInitialized() {
|
|
96
|
+
// // return this.initialized;
|
|
97
|
+
// // }
|
|
98
|
+
|
|
99
|
+
// // // ---------------------------------------------------------
|
|
100
|
+
// // // ADAPTER SETUP
|
|
101
|
+
// // // ---------------------------------------------------------
|
|
102
|
+
// // private setupAdapters() {
|
|
103
|
+
// // logger.info("🧩 Setting up adapters...");
|
|
104
|
+
|
|
105
|
+
// // // Hashing
|
|
106
|
+
// // this.hashingPrimary =
|
|
107
|
+
// // this.config.hashing.primary === "argon2"
|
|
108
|
+
// // ? new ArgonAdapter()
|
|
109
|
+
// // : new BcryptAdapter(this.config.hashing.saltRounds);
|
|
110
|
+
|
|
111
|
+
// // this.hashingFallback =
|
|
112
|
+
// // this.config.hashing.fallback === "bcrypt"
|
|
113
|
+
// // ? new BcryptAdapter(this.config.hashing.saltRounds)
|
|
114
|
+
// // : null;
|
|
115
|
+
|
|
116
|
+
// // // Rate limiter
|
|
117
|
+
// // this.rateLimiterPrimary =
|
|
118
|
+
// // this.config.rateLimiter.useAdaptiveMode
|
|
119
|
+
// // ? new RLFlexibleAdapter()
|
|
120
|
+
// // : new ExpressRLAdapter();
|
|
121
|
+
|
|
122
|
+
// // this.rateLimiterFallback = new ExpressRLAdapter();
|
|
123
|
+
|
|
124
|
+
// // // Validator
|
|
125
|
+
// // this.validatorPrimary =
|
|
126
|
+
// // this.config.validation.mode === "zod"
|
|
127
|
+
// // ? new ZodAdapter()
|
|
128
|
+
// // : new ExpressValidatorAdapter();
|
|
129
|
+
|
|
130
|
+
// // this.validatorFallback =
|
|
131
|
+
// // this.config.validation.fallback === "express-validator"
|
|
132
|
+
// // ? new ExpressValidatorAdapter()
|
|
133
|
+
// // : null;
|
|
134
|
+
|
|
135
|
+
// // // Sanitizer
|
|
136
|
+
// // this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);
|
|
137
|
+
// // this.sanitizerFallback = new DomPurifyAdapter();
|
|
138
|
+
|
|
139
|
+
// // logger.info("✔ Adapters ready");
|
|
140
|
+
// // }
|
|
141
|
+
|
|
142
|
+
// // // ---------------------------------------------------------
|
|
143
|
+
// // // MANAGER SETUP
|
|
144
|
+
// // // ---------------------------------------------------------
|
|
145
|
+
// // private setupManagers() {
|
|
146
|
+
// // this.hashManager = new HashManager(
|
|
147
|
+
// // this.config.hashing,
|
|
148
|
+
// // this.hashingPrimary,
|
|
149
|
+
// // this.hashingFallback
|
|
150
|
+
// // );
|
|
151
|
+
|
|
152
|
+
// // this.rateLimitManager = new RateLimitManager(
|
|
153
|
+
// // this.config.rateLimiter,
|
|
154
|
+
// // this.rateLimiterPrimary,
|
|
155
|
+
// // this.rateLimiterFallback
|
|
156
|
+
// // );
|
|
157
|
+
|
|
158
|
+
// // this.validatorManager = new ValidatorManager(
|
|
159
|
+
// // this.config.validation,
|
|
160
|
+
// // this.validatorPrimary,
|
|
161
|
+
// // this.validatorFallback
|
|
162
|
+
// // );
|
|
163
|
+
|
|
164
|
+
// // this.sanitizerManager = new SanitizerManager(
|
|
165
|
+
// // this.sanitizerPrimary,
|
|
166
|
+
// // this.sanitizerFallback
|
|
167
|
+
// // );
|
|
168
|
+
// // }
|
|
169
|
+
|
|
170
|
+
// // // ---------------------------------------------------------
|
|
171
|
+
// // // DYNAMIC MANAGERS (JSON, CORS, AUTH)
|
|
172
|
+
// // // ---------------------------------------------------------
|
|
173
|
+
// // private setupDynamicManagers() {
|
|
174
|
+
// // this.jsonManager = new JsonManager();
|
|
175
|
+
// // this.corsManager = new CorsManager();
|
|
176
|
+
|
|
177
|
+
// // // AUTH SUPPORT
|
|
178
|
+
// // if (this.config.auth?.enabled) {
|
|
179
|
+
// // this.authManager = new AuthManager({
|
|
180
|
+
// // jwtSecret: process.env.JWT_SECRET!,
|
|
181
|
+
// // jwtExpiresIn: this.config.auth.jwtExpiresIn,
|
|
182
|
+
// // googleClientId: process.env.GOOGLE_CLIENT_ID
|
|
183
|
+
// // });
|
|
184
|
+
// // }
|
|
185
|
+
// // }
|
|
186
|
+
|
|
187
|
+
// // // ---------------------------------------------------------
|
|
188
|
+
// // // PUBLIC API METHODS
|
|
189
|
+
// // // ---------------------------------------------------------
|
|
190
|
+
// // hash(value: string) {
|
|
191
|
+
// // return this.hashManager.hash(value);
|
|
192
|
+
// // }
|
|
193
|
+
|
|
194
|
+
// // verify(value: string, hashed: string) {
|
|
195
|
+
// // return this.hashManager.verify(value, hashed);
|
|
196
|
+
// // }
|
|
197
|
+
|
|
198
|
+
// // sanitize(value: string) {
|
|
199
|
+
// // return this.sanitizerManager.sanitize(value);
|
|
200
|
+
// // }
|
|
201
|
+
|
|
202
|
+
// // validate(schema: any) {
|
|
203
|
+
// // return this.validatorManager.validate(schema);
|
|
204
|
+
// // }
|
|
205
|
+
|
|
206
|
+
// // // ---------------------------------------------------------
|
|
207
|
+
// // // EXPRESS GLOBAL PIPELINE
|
|
208
|
+
// // // ---------------------------------------------------------
|
|
209
|
+
// // middleware() {
|
|
210
|
+
// // const chain: any[] = [];
|
|
211
|
+
|
|
212
|
+
// // // JSON + URL encoded
|
|
213
|
+
// // chain.push(this.jsonManager.middleware(this.config.json));
|
|
214
|
+
// // chain.push(this.jsonManager.urlencoded(this.config.urlencoded));
|
|
215
|
+
|
|
216
|
+
// // // add qs
|
|
217
|
+
// // chain.push(this.jsonManager.queryParser());
|
|
218
|
+
|
|
219
|
+
// // // Core security
|
|
220
|
+
// // if (this.config.enableHelmet) chain.push(helmet());
|
|
221
|
+
// // if (this.config.enableHPP) chain.push(hpp());
|
|
222
|
+
|
|
223
|
+
// // if (this.config.enableCORS)
|
|
224
|
+
// // chain.push(this.corsManager.middleware(this.config.cors));
|
|
225
|
+
|
|
226
|
+
// // if (this.config.enableSanitizer)
|
|
227
|
+
// // chain.push(this.sanitizerManager.middleware());
|
|
228
|
+
|
|
229
|
+
// // if (this.config.enableRateLimiter)
|
|
230
|
+
// // chain.push(this.rateLimitManager.middleware());
|
|
231
|
+
|
|
232
|
+
// // // Centralized error handling
|
|
233
|
+
// // chain.push(errorHandler);
|
|
234
|
+
|
|
235
|
+
// // return chain;
|
|
236
|
+
// // }
|
|
237
|
+
// // }
|
|
238
|
+
|
|
239
|
+
|
|
240
|
+
|
|
241
|
+
// // src/core/HiSecure.ts - COMPLETE FIXED
|
|
242
|
+
// import { HiSecureConfig } from "./types/HiSecureConfig.js";
|
|
243
|
+
// import { defaultConfig } from "./config.js";
|
|
244
|
+
// import { LIB_NAME, LIB_VERSION } from "./constants.js";
|
|
245
|
+
// import { deepMerge } from "../utils/deepMerge.js";
|
|
246
|
+
// import { deepFreeze } from "../utils/deepFreeze.js";
|
|
247
|
+
// import { logger } from "../logging/index.js";
|
|
248
|
+
|
|
249
|
+
// // Adapters
|
|
250
|
+
// import { ArgonAdapter } from "../adapters/ArgonAdapter.js";
|
|
251
|
+
// import { BcryptAdapter } from "../adapters/BcryptAdapter.js";
|
|
252
|
+
// import { RLFlexibleAdapter } from "../adapters/RLFlexibleAdapter.js";
|
|
253
|
+
// import { ExpressRLAdapter } from "../adapters/ExpressRLAdapter.js";
|
|
254
|
+
// import { ZodAdapter } from "../adapters/ZodAdapter.js";
|
|
255
|
+
// import { ExpressValidatorAdapter } from "../adapters/ExpressValidatorAdapter.js";
|
|
256
|
+
// import { SanitizeHtmlAdapter } from "../adapters/SanitizeHtmlAdapter.js";
|
|
257
|
+
// import { XSSAdapter } from "../adapters/XSSAdapter.js"; // ✅ FIXED IMPORT
|
|
258
|
+
|
|
259
|
+
// // Managers
|
|
260
|
+
// import { HashManager } from "../managers/HashManager.js";
|
|
261
|
+
// import { RateLimitManager } from "../managers/RateLimitManager.js";
|
|
262
|
+
// import { ValidatorManager } from "../managers/ValidatorManager.js";
|
|
263
|
+
// import { SanitizerManager } from "../managers/SanitizerManager.js";
|
|
264
|
+
// import { JsonManager } from "../managers/JsonManager.js";
|
|
265
|
+
// import { CorsManager } from "../managers/CorsManager.js";
|
|
266
|
+
// import { AuthManager } from "../managers/AuthManager.js";
|
|
267
|
+
|
|
268
|
+
// // Middlewares
|
|
269
|
+
// import helmet from "helmet";
|
|
270
|
+
// import hpp from "hpp";
|
|
271
|
+
// import compression from "compression";
|
|
272
|
+
// import { errorHandler } from "../middlewares/errorHandler.js";
|
|
273
|
+
|
|
274
|
+
// // Types
|
|
275
|
+
// import { SecureOptions, ValidationSchema } from "./types/SecureOptions.js";
|
|
276
|
+
|
|
277
|
+
// export class HiSecure {
|
|
278
|
+
// private static instance: HiSecure | null = null;
|
|
279
|
+
// private config: HiSecureConfig;
|
|
280
|
+
// private initialized = false;
|
|
281
|
+
|
|
282
|
+
// // Managers
|
|
283
|
+
// public hashManager!: HashManager;
|
|
284
|
+
// public rateLimitManager!: RateLimitManager;
|
|
285
|
+
// public validatorManager!: ValidatorManager;
|
|
286
|
+
// public sanitizerManager!: SanitizerManager;
|
|
287
|
+
// public jsonManager!: JsonManager;
|
|
288
|
+
// public corsManager!: CorsManager;
|
|
289
|
+
// public authManager?: AuthManager;
|
|
290
|
+
|
|
291
|
+
// // Internal adapters
|
|
292
|
+
// private hashingPrimary: any;
|
|
293
|
+
// private hashingFallback: any;
|
|
294
|
+
// private rateLimiterPrimary: any;
|
|
295
|
+
// private rateLimiterFallback: any;
|
|
296
|
+
// private validatorPrimary: any;
|
|
297
|
+
// private validatorFallback: any;
|
|
298
|
+
// private sanitizerPrimary: any;
|
|
299
|
+
// private sanitizerFallback: any;
|
|
300
|
+
|
|
301
|
+
// // Private constructor for singleton
|
|
302
|
+
// private constructor(userConfig: Partial<HiSecureConfig> = {}) {
|
|
303
|
+
// this.config = deepMerge(defaultConfig, userConfig);
|
|
304
|
+
// }
|
|
305
|
+
|
|
306
|
+
// // =====================================================
|
|
307
|
+
// // SINGLETON & INITIALIZATION
|
|
308
|
+
// // =====================================================
|
|
309
|
+
|
|
310
|
+
// static getInstance(config?: Partial<HiSecureConfig>): HiSecure {
|
|
311
|
+
// if (!HiSecure.instance) {
|
|
312
|
+
// HiSecure.instance = new HiSecure(config);
|
|
313
|
+
// HiSecure.instance.init();
|
|
314
|
+
// }
|
|
315
|
+
// return HiSecure.instance;
|
|
316
|
+
// }
|
|
317
|
+
|
|
318
|
+
// static resetInstance(): void {
|
|
319
|
+
// HiSecure.instance = null;
|
|
320
|
+
// }
|
|
321
|
+
|
|
322
|
+
// init(): void {
|
|
323
|
+
// if (this.initialized) {
|
|
324
|
+
// logger.warn("⚠ HiSecure already initialized");
|
|
325
|
+
// return;
|
|
326
|
+
// }
|
|
327
|
+
|
|
328
|
+
// logger.info(`🔐 ${LIB_NAME} v${LIB_VERSION} initializing...`);
|
|
329
|
+
|
|
330
|
+
// this.setupAdapters();
|
|
331
|
+
// this.setupManagers();
|
|
332
|
+
// this.setupDynamicManagers();
|
|
333
|
+
|
|
334
|
+
// // Make everything immutable
|
|
335
|
+
// deepFreeze(this.config);
|
|
336
|
+
// deepFreeze(this.hashManager);
|
|
337
|
+
// deepFreeze(this.rateLimitManager);
|
|
338
|
+
// deepFreeze(this.validatorManager);
|
|
339
|
+
// deepFreeze(this.sanitizerManager);
|
|
340
|
+
// deepFreeze(this.jsonManager);
|
|
341
|
+
// deepFreeze(this.corsManager);
|
|
342
|
+
// if (this.authManager) deepFreeze(this.authManager);
|
|
343
|
+
|
|
344
|
+
// this.initialized = true;
|
|
345
|
+
// logger.info("✅ HiSecure initialized successfully");
|
|
346
|
+
// }
|
|
347
|
+
|
|
348
|
+
// isInitialized(): boolean {
|
|
349
|
+
// return this.initialized;
|
|
350
|
+
// }
|
|
351
|
+
|
|
352
|
+
// // =====================================================
|
|
353
|
+
// // FLUENT API METHODS (Route-level security)
|
|
354
|
+
// // =====================================================
|
|
355
|
+
|
|
356
|
+
// static auth(options?: { required?: boolean; roles?: string[] }) {
|
|
357
|
+
// const instance = this.getInstance();
|
|
358
|
+
// if (!instance.authManager) {
|
|
359
|
+
// throw new Error("Auth not enabled. Set auth.enabled=true in config.");
|
|
360
|
+
// }
|
|
361
|
+
// return instance.authManager.protect(options);
|
|
362
|
+
// }
|
|
363
|
+
|
|
364
|
+
// static validate(schema: ValidationSchema) {
|
|
365
|
+
// return this.getInstance().validatorManager.validate(schema);
|
|
366
|
+
// }
|
|
367
|
+
|
|
368
|
+
// static sanitize(options?: any) {
|
|
369
|
+
// return this.getInstance().sanitizerManager.middleware(options);
|
|
370
|
+
// }
|
|
371
|
+
|
|
372
|
+
// static rateLimit(preset: "strict" | "relaxed" | "api" | object) {
|
|
373
|
+
// const instance = this.getInstance();
|
|
374
|
+
|
|
375
|
+
// if (typeof preset === "string") {
|
|
376
|
+
// const presets = {
|
|
377
|
+
// strict: { mode: "strict" as const },
|
|
378
|
+
// relaxed: { mode: "relaxed" as const },
|
|
379
|
+
// api: { max: 100, windowMs: 60000 }
|
|
380
|
+
// };
|
|
381
|
+
// return instance.rateLimitManager.middleware(presets[preset] || {});
|
|
382
|
+
// }
|
|
383
|
+
|
|
384
|
+
// return instance.rateLimitManager.middleware({ options: preset });
|
|
385
|
+
// }
|
|
386
|
+
|
|
387
|
+
// static cors(options?: any) {
|
|
388
|
+
// return this.getInstance().corsManager.middleware(options);
|
|
389
|
+
// }
|
|
390
|
+
|
|
391
|
+
// static json(options?: any) {
|
|
392
|
+
// const instance = this.getInstance();
|
|
393
|
+
// const chain = [];
|
|
394
|
+
// chain.push(instance.jsonManager.middleware(options));
|
|
395
|
+
// chain.push(instance.jsonManager.urlencoded());
|
|
396
|
+
// return chain;
|
|
397
|
+
// }
|
|
398
|
+
|
|
399
|
+
// // =====================================================
|
|
400
|
+
// // UTILITY METHODS (Direct usage)
|
|
401
|
+
// // =====================================================
|
|
402
|
+
|
|
403
|
+
// static async hash(password: string): Promise<string> {
|
|
404
|
+
// const instance = this.getInstance();
|
|
405
|
+
// const result = await instance.hashManager.hash(password, { allowFallback: true });
|
|
406
|
+
// return result.hash;
|
|
407
|
+
// }
|
|
408
|
+
|
|
409
|
+
// static async verify(password: string, hash: string): Promise<boolean> {
|
|
410
|
+
// return this.getInstance().hashManager.verify(password, hash);
|
|
411
|
+
// }
|
|
412
|
+
|
|
413
|
+
// static jwt = {
|
|
414
|
+
// sign: (payload: object, options?: any) => {
|
|
415
|
+
// const instance = HiSecure.getInstance();
|
|
416
|
+
// if (!instance.authManager) {
|
|
417
|
+
// throw new Error("Auth not enabled");
|
|
418
|
+
// }
|
|
419
|
+
// return instance.authManager.sign(payload, options);
|
|
420
|
+
// },
|
|
421
|
+
|
|
422
|
+
// verify: (token: string) => {
|
|
423
|
+
// const instance = HiSecure.getInstance();
|
|
424
|
+
// if (!instance.authManager) {
|
|
425
|
+
// throw new Error("Auth not enabled");
|
|
426
|
+
// }
|
|
427
|
+
// return instance.authManager.verify(token);
|
|
428
|
+
// },
|
|
429
|
+
|
|
430
|
+
// google: {
|
|
431
|
+
// verifyIdToken: (idToken: string) => {
|
|
432
|
+
// const instance = HiSecure.getInstance();
|
|
433
|
+
// if (!instance.authManager) {
|
|
434
|
+
// throw new Error("Auth not enabled");
|
|
435
|
+
// }
|
|
436
|
+
// return instance.authManager.verifyGoogleIdToken(idToken);
|
|
437
|
+
// }
|
|
438
|
+
// }
|
|
439
|
+
// };
|
|
440
|
+
|
|
441
|
+
// // =====================================================
|
|
442
|
+
// // GLOBAL MIDDLEWARE (app.use())
|
|
443
|
+
// // =====================================================
|
|
444
|
+
|
|
445
|
+
// static middleware(options?: SecureOptions | "api" | "strict" | "public") {
|
|
446
|
+
// const instance = this.getInstance();
|
|
447
|
+
|
|
448
|
+
// // Handle preset strings
|
|
449
|
+
// if (typeof options === "string") {
|
|
450
|
+
// const presets = {
|
|
451
|
+
// api: { cors: true, rateLimit: "relaxed", sanitize: true },
|
|
452
|
+
// strict: { cors: true, rateLimit: "strict", sanitize: true, auth: true },
|
|
453
|
+
// public: { cors: true, rateLimit: true }
|
|
454
|
+
// };
|
|
455
|
+
// options = presets[options] || {};
|
|
456
|
+
// }
|
|
457
|
+
|
|
458
|
+
// return instance.createMiddlewareChain(options || {});
|
|
459
|
+
// }
|
|
460
|
+
|
|
461
|
+
// // =====================================================
|
|
462
|
+
// // INTERNAL METHODS
|
|
463
|
+
// // =====================================================
|
|
464
|
+
|
|
465
|
+
// private setupAdapters(): void {
|
|
466
|
+
// logger.info("🧩 Setting up adapters...");
|
|
467
|
+
|
|
468
|
+
// // Hashing
|
|
469
|
+
// this.hashingPrimary = this.config.hashing.primary === "argon2"
|
|
470
|
+
// ? new ArgonAdapter()
|
|
471
|
+
// : new BcryptAdapter(this.config.hashing.saltRounds);
|
|
472
|
+
|
|
473
|
+
// this.hashingFallback = this.config.hashing.fallback === "bcrypt"
|
|
474
|
+
// ? new BcryptAdapter(this.config.hashing.saltRounds)
|
|
475
|
+
// : null;
|
|
476
|
+
|
|
477
|
+
// // Rate limiting
|
|
478
|
+
// this.rateLimiterPrimary = this.config.rateLimiter.useAdaptiveMode
|
|
479
|
+
// ? new RLFlexibleAdapter()
|
|
480
|
+
// : new ExpressRLAdapter();
|
|
481
|
+
// this.rateLimiterFallback = new ExpressRLAdapter();
|
|
482
|
+
|
|
483
|
+
// // Validation
|
|
484
|
+
// this.validatorPrimary = this.config.validation.mode === "zod"
|
|
485
|
+
// ? new ZodAdapter()
|
|
486
|
+
// : new ExpressValidatorAdapter();
|
|
487
|
+
// this.validatorFallback = this.config.validation.fallback === "express-validator"
|
|
488
|
+
// ? new ExpressValidatorAdapter()
|
|
489
|
+
// : null;
|
|
490
|
+
|
|
491
|
+
// // Sanitization
|
|
492
|
+
// this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);
|
|
493
|
+
// this.sanitizerFallback = new XSSAdapter(this.config.sanitizer); // ✅ XSSAdapter, NOT DomPurifyAdapter
|
|
494
|
+
|
|
495
|
+
// logger.info("✅ Adapters ready");
|
|
496
|
+
// }
|
|
497
|
+
|
|
498
|
+
// private setupManagers(): void {
|
|
499
|
+
// this.hashManager = new HashManager(
|
|
500
|
+
// this.config.hashing,
|
|
501
|
+
// this.hashingPrimary,
|
|
502
|
+
// this.hashingFallback
|
|
503
|
+
// );
|
|
504
|
+
|
|
505
|
+
// this.rateLimitManager = new RateLimitManager(
|
|
506
|
+
// this.config.rateLimiter,
|
|
507
|
+
// this.rateLimiterPrimary,
|
|
508
|
+
// this.rateLimiterFallback
|
|
509
|
+
// );
|
|
510
|
+
|
|
511
|
+
// this.validatorManager = new ValidatorManager(
|
|
512
|
+
// this.config.validation,
|
|
513
|
+
// this.validatorPrimary,
|
|
514
|
+
// this.validatorFallback
|
|
515
|
+
// );
|
|
516
|
+
|
|
517
|
+
// this.sanitizerManager = new SanitizerManager(
|
|
518
|
+
// this.sanitizerPrimary,
|
|
519
|
+
// this.sanitizerFallback
|
|
520
|
+
// );
|
|
521
|
+
// }
|
|
522
|
+
|
|
523
|
+
// private setupDynamicManagers(): void {
|
|
524
|
+
// this.jsonManager = new JsonManager();
|
|
525
|
+
// this.corsManager = new CorsManager();
|
|
526
|
+
|
|
527
|
+
// // Auth manager (only if enabled)
|
|
528
|
+
// if (this.config.auth.enabled) {
|
|
529
|
+
// const jwtSecret = process.env.JWT_SECRET || this.config.auth.jwtSecret;
|
|
530
|
+
// if (!jwtSecret) {
|
|
531
|
+
// throw new Error("JWT_SECRET environment variable or jwtSecret in config is required when auth.enabled=true");
|
|
532
|
+
// }
|
|
533
|
+
|
|
534
|
+
// this.authManager = new AuthManager({
|
|
535
|
+
// jwtSecret,
|
|
536
|
+
// jwtExpiresIn: this.config.auth.jwtExpiresIn,
|
|
537
|
+
// googleClientId: process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId,
|
|
538
|
+
// // ✅ Add algorithm option for JWT security
|
|
539
|
+
// algorithm: 'HS256'
|
|
540
|
+
// });
|
|
541
|
+
// }
|
|
542
|
+
// }
|
|
543
|
+
|
|
544
|
+
// private createMiddlewareChain(options: SecureOptions): any[] {
|
|
545
|
+
// const chain: any[] = [];
|
|
546
|
+
|
|
547
|
+
// // JSON parsing
|
|
548
|
+
// chain.push(this.jsonManager.middleware(this.config.json));
|
|
549
|
+
// chain.push(this.jsonManager.urlencoded(this.config.urlencoded));
|
|
550
|
+
|
|
551
|
+
// // Security headers
|
|
552
|
+
// if (this.config.enableHelmet) chain.push(helmet());
|
|
553
|
+
// if (this.config.enableHPP) chain.push(hpp());
|
|
554
|
+
|
|
555
|
+
// // Compression (check if compression config exists)
|
|
556
|
+
// if (this.config.enableCompression && this.config.compression) {
|
|
557
|
+
// chain.push(compression(this.config.compression));
|
|
558
|
+
// } else if (this.config.enableCompression) {
|
|
559
|
+
// chain.push(compression()); // Use defaults
|
|
560
|
+
// }
|
|
561
|
+
|
|
562
|
+
// // CORS
|
|
563
|
+
// if (this.config.enableCORS || options.cors) {
|
|
564
|
+
// const corsOptions = options.cors === true ? this.config.cors :
|
|
565
|
+
// (typeof options.cors === 'object' ? options.cors : this.config.cors);
|
|
566
|
+
// chain.push(this.corsManager.middleware(corsOptions));
|
|
567
|
+
// }
|
|
568
|
+
|
|
569
|
+
// // Sanitization
|
|
570
|
+
// if (this.config.enableSanitizer || options.sanitize) {
|
|
571
|
+
// const sanitizeOptions = options.sanitize === true ? undefined :
|
|
572
|
+
// (typeof options.sanitize === 'object' ? options.sanitize : undefined);
|
|
573
|
+
// chain.push(this.sanitizerManager.middleware(sanitizeOptions));
|
|
574
|
+
// }
|
|
575
|
+
|
|
576
|
+
// // Rate limiting
|
|
577
|
+
// if (this.config.enableRateLimiter || options.rateLimit) {
|
|
578
|
+
// const rateLimitOpts = typeof options.rateLimit === 'object' ?
|
|
579
|
+
// { options: options.rateLimit } : {};
|
|
580
|
+
// chain.push(this.rateLimitManager.middleware(rateLimitOpts));
|
|
581
|
+
// }
|
|
582
|
+
|
|
583
|
+
// // Authentication
|
|
584
|
+
// if (options.auth && this.authManager) {
|
|
585
|
+
// const authOpts = options.auth === true ? undefined :
|
|
586
|
+
// (typeof options.auth === 'object' ? options.auth : undefined);
|
|
587
|
+
// chain.push(this.authManager.protect(authOpts));
|
|
588
|
+
// }
|
|
589
|
+
|
|
590
|
+
// // Error handler (always last)
|
|
591
|
+
// chain.push(errorHandler);
|
|
592
|
+
|
|
593
|
+
// return chain;
|
|
594
|
+
// }
|
|
595
|
+
// }
|
|
596
|
+
|
|
597
|
+
|
|
598
|
+
// src/core/HiSecure.ts - COMPLETELY FIXED
|
|
599
|
+
import { HiSecureConfig } from "./types/HiSecureConfig.js";
|
|
600
|
+
import { defaultConfig } from "./config.js";
|
|
601
|
+
import { LIB_NAME, LIB_VERSION } from "./constants.js";
|
|
602
|
+
import { deepMerge } from "../utils/deepMerge.js";
|
|
603
|
+
import { deepFreeze } from "../utils/deepFreeze.js";
|
|
604
|
+
import { logger } from "../logging/index.js";
|
|
605
|
+
|
|
606
|
+
// Adapters
|
|
607
|
+
import { ArgonAdapter } from "../adapters/ArgonAdapter.js";
|
|
608
|
+
import { BcryptAdapter } from "../adapters/BcryptAdapter.js";
|
|
609
|
+
import { RLFlexibleAdapter } from "../adapters/RLFlexibleAdapter.js";
|
|
610
|
+
import { ExpressRLAdapter } from "../adapters/ExpressRLAdapter.js";
|
|
611
|
+
import { ZodAdapter } from "../adapters/ZodAdapter.js";
|
|
612
|
+
import { ExpressValidatorAdapter } from "../adapters/ExpressValidatorAdapter.js";
|
|
613
|
+
import { SanitizeHtmlAdapter } from "../adapters/SanitizeHtmlAdapter.js";
|
|
614
|
+
import { XSSAdapter } from "../adapters/XSSAdapter.js";
|
|
615
|
+
|
|
616
|
+
// Managers
|
|
617
|
+
import { HashManager } from "../managers/HashManager.js";
|
|
618
|
+
import { RateLimitManager } from "../managers/RateLimitManager.js";
|
|
619
|
+
import { ValidatorManager } from "../managers/ValidatorManager.js";
|
|
620
|
+
import { SanitizerManager } from "../managers/SanitizerManager.js";
|
|
621
|
+
import { JsonManager } from "../managers/JsonManager.js";
|
|
622
|
+
import { CorsManager } from "../managers/CorsManager.js";
|
|
623
|
+
import { AuthManager } from "../managers/AuthManager.js";
|
|
624
|
+
|
|
625
|
+
// Middlewares
|
|
626
|
+
import helmet from "helmet";
|
|
627
|
+
import hpp from "hpp";
|
|
628
|
+
import compression from "compression";
|
|
629
|
+
import { errorHandler } from "../middlewares/errorHandler.js";
|
|
630
|
+
|
|
631
|
+
// Types
|
|
632
|
+
import { SecureOptions, ValidationSchema, RateLimitOptions } from "./types/SecureOptions.js";
|
|
633
|
+
|
|
634
|
+
export class HiSecure {
|
|
635
|
+
private static instance: HiSecure | null = null;
|
|
636
|
+
private config: HiSecureConfig;
|
|
637
|
+
private initialized = false;
|
|
638
|
+
|
|
639
|
+
// Managers
|
|
640
|
+
public hashManager!: HashManager;
|
|
641
|
+
public rateLimitManager!: RateLimitManager;
|
|
642
|
+
public validatorManager!: ValidatorManager;
|
|
643
|
+
public sanitizerManager!: SanitizerManager;
|
|
644
|
+
public jsonManager!: JsonManager;
|
|
645
|
+
public corsManager!: CorsManager;
|
|
646
|
+
public authManager?: AuthManager;
|
|
647
|
+
|
|
648
|
+
// Internal adapters
|
|
649
|
+
private hashingPrimary: any;
|
|
650
|
+
private hashingFallback: any;
|
|
651
|
+
private rateLimiterPrimary: any;
|
|
652
|
+
private rateLimiterFallback: any;
|
|
653
|
+
private validatorPrimary: any;
|
|
654
|
+
private validatorFallback: any;
|
|
655
|
+
private sanitizerPrimary: any;
|
|
656
|
+
private sanitizerFallback: any;
|
|
657
|
+
|
|
658
|
+
// Private constructor for singleton
|
|
659
|
+
private constructor(userConfig: Partial<HiSecureConfig> = {}) {
|
|
660
|
+
this.config = deepMerge(defaultConfig, userConfig);
|
|
661
|
+
}
|
|
662
|
+
|
|
663
|
+
// =====================================================
|
|
664
|
+
// SINGLETON & INITIALIZATION
|
|
665
|
+
// =====================================================
|
|
666
|
+
|
|
667
|
+
static getInstance(config?: Partial<HiSecureConfig>): HiSecure {
|
|
668
|
+
if (!HiSecure.instance) {
|
|
669
|
+
HiSecure.instance = new HiSecure(config);
|
|
670
|
+
HiSecure.instance.init();
|
|
671
|
+
}
|
|
672
|
+
return HiSecure.instance;
|
|
673
|
+
}
|
|
674
|
+
|
|
675
|
+
static resetInstance(): void {
|
|
676
|
+
HiSecure.instance = null;
|
|
677
|
+
}
|
|
678
|
+
|
|
679
|
+
init(): void {
|
|
680
|
+
if (this.initialized) {
|
|
681
|
+
logger.warn("⚠ HiSecure already initialized");
|
|
682
|
+
return;
|
|
683
|
+
}
|
|
684
|
+
|
|
685
|
+
logger.info(`🔐 ${LIB_NAME} v${LIB_VERSION} initializing...`);
|
|
686
|
+
|
|
687
|
+
this.setupAdapters();
|
|
688
|
+
this.setupManagers();
|
|
689
|
+
this.setupDynamicManagers();
|
|
690
|
+
|
|
691
|
+
// Make everything immutable
|
|
692
|
+
deepFreeze(this.config);
|
|
693
|
+
deepFreeze(this.hashManager);
|
|
694
|
+
deepFreeze(this.rateLimitManager);
|
|
695
|
+
deepFreeze(this.validatorManager);
|
|
696
|
+
deepFreeze(this.sanitizerManager);
|
|
697
|
+
deepFreeze(this.jsonManager);
|
|
698
|
+
deepFreeze(this.corsManager);
|
|
699
|
+
if (this.authManager) deepFreeze(this.authManager);
|
|
700
|
+
|
|
701
|
+
this.initialized = true;
|
|
702
|
+
logger.info("✅ HiSecure initialized successfully");
|
|
703
|
+
}
|
|
704
|
+
|
|
705
|
+
isInitialized(): boolean {
|
|
706
|
+
return this.initialized;
|
|
707
|
+
}
|
|
708
|
+
|
|
709
|
+
// =====================================================
|
|
710
|
+
// FLUENT API METHODS (Route-level security)
|
|
711
|
+
// =====================================================
|
|
712
|
+
|
|
713
|
+
static auth(options?: { required?: boolean; roles?: string[] }) {
|
|
714
|
+
const instance = this.getInstance();
|
|
715
|
+
if (!instance.authManager) {
|
|
716
|
+
throw new Error("Auth not enabled. Set auth.enabled=true in config.");
|
|
717
|
+
}
|
|
718
|
+
return instance.authManager.protect(options);
|
|
719
|
+
}
|
|
720
|
+
|
|
721
|
+
static validate(schema: ValidationSchema) {
|
|
722
|
+
return this.getInstance().validatorManager.validate(schema);
|
|
723
|
+
}
|
|
724
|
+
|
|
725
|
+
static sanitize(options?: any) {
|
|
726
|
+
return this.getInstance().sanitizerManager.middleware(options);
|
|
727
|
+
}
|
|
728
|
+
|
|
729
|
+
static rateLimit(preset: "strict" | "relaxed" | "api" | object) {
|
|
730
|
+
const instance = this.getInstance();
|
|
731
|
+
|
|
732
|
+
if (typeof preset === "string") {
|
|
733
|
+
const presets: Record<string, { mode?: "strict" | "relaxed" | "api"; options?: any }> = {
|
|
734
|
+
strict: { mode: "strict" },
|
|
735
|
+
relaxed: { mode: "relaxed" },
|
|
736
|
+
api: { mode: "api", options: { max: 100, windowMs: 60000 } }
|
|
737
|
+
};
|
|
738
|
+
return instance.rateLimitManager.middleware(presets[preset] || {});
|
|
739
|
+
}
|
|
740
|
+
|
|
741
|
+
return instance.rateLimitManager.middleware({ options: preset });
|
|
742
|
+
}
|
|
743
|
+
|
|
744
|
+
static cors(options?: any) {
|
|
745
|
+
return this.getInstance().corsManager.middleware(options);
|
|
746
|
+
}
|
|
747
|
+
|
|
748
|
+
static json(options?: any) {
|
|
749
|
+
const instance = this.getInstance();
|
|
750
|
+
const chain = [];
|
|
751
|
+
chain.push(instance.jsonManager.middleware(options));
|
|
752
|
+
chain.push(instance.jsonManager.urlencoded());
|
|
753
|
+
return chain;
|
|
754
|
+
}
|
|
755
|
+
|
|
756
|
+
// =====================================================
|
|
757
|
+
// UTILITY METHODS (Direct usage)
|
|
758
|
+
// =====================================================
|
|
759
|
+
|
|
760
|
+
static async hash(password: string): Promise<string> {
|
|
761
|
+
const instance = this.getInstance();
|
|
762
|
+
const result = await instance.hashManager.hash(password, { allowFallback: true });
|
|
763
|
+
return result.hash;
|
|
764
|
+
}
|
|
765
|
+
|
|
766
|
+
static async verify(password: string, hash: string): Promise<boolean> {
|
|
767
|
+
return this.getInstance().hashManager.verify(password, hash);
|
|
768
|
+
}
|
|
769
|
+
|
|
770
|
+
static jwt = {
|
|
771
|
+
sign: (payload: object, options?: any) => {
|
|
772
|
+
const instance = HiSecure.getInstance();
|
|
773
|
+
if (!instance.authManager) {
|
|
774
|
+
throw new Error("Auth not enabled");
|
|
775
|
+
}
|
|
776
|
+
return instance.authManager.sign(payload, options);
|
|
777
|
+
},
|
|
778
|
+
|
|
779
|
+
verify: (token: string) => {
|
|
780
|
+
const instance = HiSecure.getInstance();
|
|
781
|
+
if (!instance.authManager) {
|
|
782
|
+
throw new Error("Auth not enabled");
|
|
783
|
+
}
|
|
784
|
+
return instance.authManager.verify(token);
|
|
785
|
+
},
|
|
786
|
+
|
|
787
|
+
google: {
|
|
788
|
+
verifyIdToken: (idToken: string) => {
|
|
789
|
+
const instance = HiSecure.getInstance();
|
|
790
|
+
if (!instance.authManager) {
|
|
791
|
+
throw new Error("Auth not enabled");
|
|
792
|
+
}
|
|
793
|
+
return instance.authManager.verifyGoogleIdToken(idToken);
|
|
794
|
+
}
|
|
795
|
+
}
|
|
796
|
+
};
|
|
797
|
+
|
|
798
|
+
// =====================================================
|
|
799
|
+
// GLOBAL MIDDLEWARE (app.use())
|
|
800
|
+
// =====================================================
|
|
801
|
+
|
|
802
|
+
static middleware(options?: SecureOptions | "api" | "strict" | "public") {
|
|
803
|
+
const instance = this.getInstance();
|
|
804
|
+
|
|
805
|
+
// Handle preset strings
|
|
806
|
+
if (typeof options === "string") {
|
|
807
|
+
const presets: Record<string, SecureOptions> = {
|
|
808
|
+
api: { cors: true, rateLimit: "relaxed" as any, sanitize: true },
|
|
809
|
+
strict: { cors: true, rateLimit: "strict" as any, sanitize: true, auth: true },
|
|
810
|
+
public: { cors: true, rateLimit: true as any, sanitize: false }
|
|
811
|
+
};
|
|
812
|
+
const presetOptions = presets[options];
|
|
813
|
+
if (presetOptions) {
|
|
814
|
+
return instance.createMiddlewareChain(presetOptions);
|
|
815
|
+
}
|
|
816
|
+
return instance.createMiddlewareChain({});
|
|
817
|
+
}
|
|
818
|
+
|
|
819
|
+
return instance.createMiddlewareChain(options || {});
|
|
820
|
+
}
|
|
821
|
+
|
|
822
|
+
// =====================================================
|
|
823
|
+
// INTERNAL METHODS
|
|
824
|
+
// =====================================================
|
|
825
|
+
|
|
826
|
+
private setupAdapters(): void {
|
|
827
|
+
logger.info("🧩 Setting up adapters...");
|
|
828
|
+
|
|
829
|
+
// Hashing
|
|
830
|
+
this.hashingPrimary = this.config.hashing.primary === "argon2"
|
|
831
|
+
? new ArgonAdapter()
|
|
832
|
+
: new BcryptAdapter(this.config.hashing.saltRounds);
|
|
833
|
+
|
|
834
|
+
this.hashingFallback = this.config.hashing.fallback === "bcrypt"
|
|
835
|
+
? new BcryptAdapter(this.config.hashing.saltRounds)
|
|
836
|
+
: null;
|
|
837
|
+
|
|
838
|
+
// Rate limiting
|
|
839
|
+
this.rateLimiterPrimary = this.config.rateLimiter.useAdaptiveMode
|
|
840
|
+
? new RLFlexibleAdapter()
|
|
841
|
+
: new ExpressRLAdapter();
|
|
842
|
+
this.rateLimiterFallback = new ExpressRLAdapter();
|
|
843
|
+
|
|
844
|
+
// Validation
|
|
845
|
+
this.validatorPrimary = this.config.validation.mode === "zod"
|
|
846
|
+
? new ZodAdapter()
|
|
847
|
+
: new ExpressValidatorAdapter();
|
|
848
|
+
this.validatorFallback = this.config.validation.fallback === "express-validator"
|
|
849
|
+
? new ExpressValidatorAdapter()
|
|
850
|
+
: null;
|
|
851
|
+
|
|
852
|
+
// Sanitization
|
|
853
|
+
this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);
|
|
854
|
+
this.sanitizerFallback = new XSSAdapter(this.config.sanitizer);
|
|
855
|
+
|
|
856
|
+
logger.info("✅ Adapters ready");
|
|
857
|
+
}
|
|
858
|
+
|
|
859
|
+
private setupManagers(): void {
|
|
860
|
+
this.hashManager = new HashManager(
|
|
861
|
+
this.config.hashing,
|
|
862
|
+
this.hashingPrimary,
|
|
863
|
+
this.hashingFallback
|
|
864
|
+
);
|
|
865
|
+
|
|
866
|
+
this.rateLimitManager = new RateLimitManager(
|
|
867
|
+
this.config.rateLimiter,
|
|
868
|
+
this.rateLimiterPrimary,
|
|
869
|
+
this.rateLimiterFallback
|
|
870
|
+
);
|
|
871
|
+
|
|
872
|
+
this.validatorManager = new ValidatorManager(
|
|
873
|
+
this.config.validation,
|
|
874
|
+
this.validatorPrimary,
|
|
875
|
+
this.validatorFallback
|
|
876
|
+
);
|
|
877
|
+
|
|
878
|
+
this.sanitizerManager = new SanitizerManager(
|
|
879
|
+
this.sanitizerPrimary,
|
|
880
|
+
this.sanitizerFallback
|
|
881
|
+
);
|
|
882
|
+
}
|
|
883
|
+
|
|
884
|
+
private setupDynamicManagers(): void {
|
|
885
|
+
this.jsonManager = new JsonManager();
|
|
886
|
+
this.corsManager = new CorsManager();
|
|
887
|
+
|
|
888
|
+
// Auth manager (only if enabled)
|
|
889
|
+
if (this.config.auth.enabled) {
|
|
890
|
+
const jwtSecret = process.env.JWT_SECRET || this.config.auth.jwtSecret;
|
|
891
|
+
if (!jwtSecret) {
|
|
892
|
+
throw new Error("JWT_SECRET environment variable or jwtSecret in config is required when auth.enabled=true");
|
|
893
|
+
}
|
|
894
|
+
|
|
895
|
+
this.authManager = new AuthManager({
|
|
896
|
+
jwtSecret,
|
|
897
|
+
jwtExpiresIn: this.config.auth.jwtExpiresIn,
|
|
898
|
+
googleClientId: process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId
|
|
899
|
+
// Removed algorithm - handled in AuthManager
|
|
900
|
+
});
|
|
901
|
+
}
|
|
902
|
+
}
|
|
903
|
+
|
|
904
|
+
private createMiddlewareChain(options: SecureOptions): any[] {
|
|
905
|
+
const chain: any[] = [];
|
|
906
|
+
|
|
907
|
+
// JSON parsing
|
|
908
|
+
chain.push(this.jsonManager.middleware(this.config.json));
|
|
909
|
+
chain.push(this.jsonManager.urlencoded(this.config.urlencoded));
|
|
910
|
+
|
|
911
|
+
// Security headers
|
|
912
|
+
if (this.config.enableHelmet) chain.push(helmet());
|
|
913
|
+
if (this.config.enableHPP) chain.push(hpp());
|
|
914
|
+
|
|
915
|
+
// Compression (check if compression config exists)
|
|
916
|
+
if (this.config.enableCompression && this.config.compression) {
|
|
917
|
+
chain.push(compression(this.config.compression));
|
|
918
|
+
} else if (this.config.enableCompression) {
|
|
919
|
+
chain.push(compression()); // Use defaults
|
|
920
|
+
}
|
|
921
|
+
|
|
922
|
+
// CORS
|
|
923
|
+
if (this.config.enableCORS || options.cors) {
|
|
924
|
+
const corsOptions = options.cors === true ? this.config.cors :
|
|
925
|
+
(typeof options.cors === 'object' ? options.cors : this.config.cors);
|
|
926
|
+
chain.push(this.corsManager.middleware(corsOptions));
|
|
927
|
+
}
|
|
928
|
+
|
|
929
|
+
// Sanitization
|
|
930
|
+
if (this.config.enableSanitizer || options.sanitize) {
|
|
931
|
+
const sanitizeOptions = options.sanitize === true ? undefined :
|
|
932
|
+
(typeof options.sanitize === 'object' ? options.sanitize : undefined);
|
|
933
|
+
chain.push(this.sanitizerManager.middleware(sanitizeOptions));
|
|
934
|
+
}
|
|
935
|
+
|
|
936
|
+
// Rate limiting
|
|
937
|
+
if (this.config.enableRateLimiter || options.rateLimit) {
|
|
938
|
+
const rateLimitOpts = typeof options.rateLimit === 'object' ?
|
|
939
|
+
{ options: options.rateLimit } : {};
|
|
940
|
+
chain.push(this.rateLimitManager.middleware(rateLimitOpts));
|
|
941
|
+
}
|
|
942
|
+
|
|
943
|
+
// Authentication
|
|
944
|
+
if (options.auth && this.authManager) {
|
|
945
|
+
const authOpts = options.auth === true ? undefined :
|
|
946
|
+
(typeof options.auth === 'object' ? options.auth : undefined);
|
|
947
|
+
chain.push(this.authManager.protect(authOpts));
|
|
948
|
+
}
|
|
949
|
+
|
|
950
|
+
// Error handler (always last)
|
|
951
|
+
chain.push(errorHandler);
|
|
952
|
+
|
|
953
|
+
return chain;
|
|
954
|
+
}
|
|
955
|
+
}
|