npm - hi-secure - Versions diffs - 1.0.0 - Mend

hi-secure 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (210) hide show

package/dist/adapters/ArgonAdapter.d.ts +8 -0
package/dist/adapters/ArgonAdapter.d.ts.map +1 -0
package/dist/adapters/ArgonAdapter.js +45 -0
package/dist/adapters/ArgonAdapter.js.map +1 -0
package/dist/adapters/BcryptAdapter.d.ts +7 -0
package/dist/adapters/BcryptAdapter.d.ts.map +1 -0
package/dist/adapters/BcryptAdapter.js +48 -0
package/dist/adapters/BcryptAdapter.js.map +1 -0
package/dist/adapters/DomPurifyAdapter.d.ts +13 -0
package/dist/adapters/DomPurifyAdapter.d.ts.map +1 -0
package/dist/adapters/DomPurifyAdapter.js +61 -0
package/dist/adapters/DomPurifyAdapter.js.map +1 -0
package/dist/adapters/ExpressRLAdapter.d.ts +13 -0
package/dist/adapters/ExpressRLAdapter.d.ts.map +1 -0
package/dist/adapters/ExpressRLAdapter.js +68 -0
package/dist/adapters/ExpressRLAdapter.js.map +1 -0
package/dist/adapters/ExpressValidatorAdapter.d.ts +6 -0
package/dist/adapters/ExpressValidatorAdapter.d.ts.map +1 -0
package/dist/adapters/ExpressValidatorAdapter.js +78 -0
package/dist/adapters/ExpressValidatorAdapter.js.map +1 -0
package/dist/adapters/GoggleAdapter.d.ts +15 -0
package/dist/adapters/GoggleAdapter.d.ts.map +1 -0
package/dist/adapters/GoggleAdapter.js +91 -0
package/dist/adapters/GoggleAdapter.js.map +1 -0
package/dist/adapters/GoogleAdapter.d.ts +15 -0
package/dist/adapters/GoogleAdapter.d.ts.map +1 -0
package/dist/adapters/GoogleAdapter.js +159 -0
package/dist/adapters/GoogleAdapter.js.map +1 -0
package/dist/adapters/JWTAdapter.d.ts +28 -0
package/dist/adapters/JWTAdapter.d.ts.map +1 -0
package/dist/adapters/JWTAdapter.js +276 -0
package/dist/adapters/JWTAdapter.js.map +1 -0
package/dist/adapters/RLFlexibleAdapter.d.ts +11 -0
package/dist/adapters/RLFlexibleAdapter.d.ts.map +1 -0
package/dist/adapters/RLFlexibleAdapter.js +115 -0
package/dist/adapters/RLFlexibleAdapter.js.map +1 -0
package/dist/adapters/SanitizeHtmlAdapter.d.ts +12 -0
package/dist/adapters/SanitizeHtmlAdapter.d.ts.map +1 -0
package/dist/adapters/SanitizeHtmlAdapter.js +141 -0
package/dist/adapters/SanitizeHtmlAdapter.js.map +1 -0
package/dist/adapters/XSSAdapter.d.ts +33 -0
package/dist/adapters/XSSAdapter.d.ts.map +1 -0
package/dist/adapters/XSSAdapter.js +127 -0
package/dist/adapters/XSSAdapter.js.map +1 -0
package/dist/adapters/ZodAdapter.d.ts +7 -0
package/dist/adapters/ZodAdapter.d.ts.map +1 -0
package/dist/adapters/ZodAdapter.js +39 -0
package/dist/adapters/ZodAdapter.js.map +1 -0
package/dist/core/HiSecure.d.ts +62 -0
package/dist/core/HiSecure.d.ts.map +1 -0
package/dist/core/HiSecure.js +273 -0
package/dist/core/HiSecure.js.map +1 -0
package/dist/core/config.d.ts +3 -0
package/dist/core/config.d.ts.map +1 -0
package/dist/core/config.js +53 -0
package/dist/core/config.js.map +1 -0
package/dist/core/constants.d.ts +37 -0
package/dist/core/constants.d.ts.map +1 -0
package/dist/core/constants.js +67 -0
package/dist/core/constants.js.map +1 -0
package/dist/core/errors/AdapterError.d.ts +5 -0
package/dist/core/errors/AdapterError.d.ts.map +1 -0
package/dist/core/errors/AdapterError.js +15 -0
package/dist/core/errors/AdapterError.js.map +1 -0
package/dist/core/errors/HttpErrror.d.ts +17 -0
package/dist/core/errors/HttpErrror.d.ts.map +1 -0
package/dist/core/errors/HttpErrror.js +36 -0
package/dist/core/errors/HttpErrror.js.map +1 -0
package/dist/core/errors/SanitizerError.d.ts +5 -0
package/dist/core/errors/SanitizerError.d.ts.map +1 -0
package/dist/core/errors/SanitizerError.js +14 -0
package/dist/core/errors/SanitizerError.js.map +1 -0
package/dist/core/errors/SecurityError.d.ts +5 -0
package/dist/core/errors/SecurityError.d.ts.map +1 -0
package/dist/core/errors/SecurityError.js +14 -0
package/dist/core/errors/SecurityError.js.map +1 -0
package/dist/core/errors/ValidationError.d.ts +5 -0
package/dist/core/errors/ValidationError.d.ts.map +1 -0
package/dist/core/errors/ValidationError.js +14 -0
package/dist/core/errors/ValidationError.js.map +1 -0
package/dist/core/types/HiSecureConfig.d.ts +47 -0
package/dist/core/types/HiSecureConfig.d.ts.map +1 -0
package/dist/core/types/HiSecureConfig.js +3 -0
package/dist/core/types/HiSecureConfig.js.map +1 -0
package/dist/core/types/SecureOptions.d.ts +30 -0
package/dist/core/types/SecureOptions.d.ts.map +1 -0
package/dist/core/types/SecureOptions.js +4 -0
package/dist/core/types/SecureOptions.js.map +1 -0
package/dist/core/useSecure.d.ts +10 -0
package/dist/core/useSecure.d.ts.map +1 -0
package/dist/core/useSecure.js +85 -0
package/dist/core/useSecure.js.map +1 -0
package/dist/examples/e1.d.ts +1 -0
package/dist/examples/e1.d.ts.map +1 -0
package/dist/examples/e1.js +3 -0
package/dist/examples/e1.js.map +1 -0
package/dist/index.d.ts +9 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +15 -0
package/dist/index.js.map +1 -0
package/dist/logging/index.d.ts +3 -0
package/dist/logging/index.d.ts.map +1 -0
package/dist/logging/index.js +19 -0
package/dist/logging/index.js.map +1 -0
package/dist/logging/morganSetup.d.ts +2 -0
package/dist/logging/morganSetup.d.ts.map +1 -0
package/dist/logging/morganSetup.js +9 -0
package/dist/logging/morganSetup.js.map +1 -0
package/dist/logging/winstonSetup.d.ts +6 -0
package/dist/logging/winstonSetup.d.ts.map +1 -0
package/dist/logging/winstonSetup.js +22 -0
package/dist/logging/winstonSetup.js.map +1 -0
package/dist/managers/AuthManager.d.ts +23 -0
package/dist/managers/AuthManager.d.ts.map +1 -0
package/dist/managers/AuthManager.js +190 -0
package/dist/managers/AuthManager.js.map +1 -0
package/dist/managers/CorsManager.d.ts +9 -0
package/dist/managers/CorsManager.d.ts.map +1 -0
package/dist/managers/CorsManager.js +55 -0
package/dist/managers/CorsManager.js.map +1 -0
package/dist/managers/HashManager.d.ts +22 -0
package/dist/managers/HashManager.d.ts.map +1 -0
package/dist/managers/HashManager.js +319 -0
package/dist/managers/HashManager.js.map +1 -0
package/dist/managers/JsonManager.d.ts +6 -0
package/dist/managers/JsonManager.d.ts.map +1 -0
package/dist/managers/JsonManager.js +142 -0
package/dist/managers/JsonManager.js.map +1 -0
package/dist/managers/RateLimitManager.d.ts +16 -0
package/dist/managers/RateLimitManager.d.ts.map +1 -0
package/dist/managers/RateLimitManager.js +108 -0
package/dist/managers/RateLimitManager.js.map +1 -0
package/dist/managers/SanitizerManager.d.ts +18 -0
package/dist/managers/SanitizerManager.d.ts.map +1 -0
package/dist/managers/SanitizerManager.js +296 -0
package/dist/managers/SanitizerManager.js.map +1 -0
package/dist/managers/ValidatorManager.d.ts +13 -0
package/dist/managers/ValidatorManager.d.ts.map +1 -0
package/dist/managers/ValidatorManager.js +218 -0
package/dist/managers/ValidatorManager.js.map +1 -0
package/dist/middlewares/errorHandler.d.ts +3 -0
package/dist/middlewares/errorHandler.d.ts.map +1 -0
package/dist/middlewares/errorHandler.js +94 -0
package/dist/middlewares/errorHandler.js.map +1 -0
package/dist/middlewares/index.d.ts +3 -0
package/dist/middlewares/index.d.ts.map +1 -0
package/dist/middlewares/index.js +19 -0
package/dist/middlewares/index.js.map +1 -0
package/dist/middlewares/requestLogger.d.ts +2 -0
package/dist/middlewares/requestLogger.d.ts.map +1 -0
package/dist/middlewares/requestLogger.js +8 -0
package/dist/middlewares/requestLogger.js.map +1 -0
package/dist/test/t1.d.ts +1 -0
package/dist/test/t1.d.ts.map +1 -0
package/dist/test/t1.js +3 -0
package/dist/test/t1.js.map +1 -0
package/dist/utils/deepFreeze.d.ts +2 -0
package/dist/utils/deepFreeze.d.ts.map +1 -0
package/dist/utils/deepFreeze.js +69 -0
package/dist/utils/deepFreeze.js.map +1 -0
package/dist/utils/deepMerge.d.ts +5 -0
package/dist/utils/deepMerge.d.ts.map +1 -0
package/dist/utils/deepMerge.js +68 -0
package/dist/utils/deepMerge.js.map +1 -0
package/dist/utils/normalizeOptions.d.ts +38 -0
package/dist/utils/normalizeOptions.d.ts.map +1 -0
package/dist/utils/normalizeOptions.js +119 -0
package/dist/utils/normalizeOptions.js.map +1 -0
package/package.json +50 -0
package/src/adapters/ArgonAdapter.ts +41 -0
package/src/adapters/BcryptAdapter.ts +49 -0
package/src/adapters/ExpressRLAdapter.ts +84 -0
package/src/adapters/ExpressValidatorAdapter.ts +99 -0
package/src/adapters/GoogleAdapter.ts +206 -0
package/src/adapters/JWTAdapter.ts +346 -0
package/src/adapters/RLFlexibleAdapter.ts +139 -0
package/src/adapters/SanitizeHtmlAdapter.ts +162 -0
package/src/adapters/XSSAdapter.ts +153 -0
package/src/adapters/ZodAdapter.ts +91 -0
package/src/core/HiSecure.ts +955 -0
package/src/core/config.ts +156 -0
package/src/core/constants.ts +73 -0
package/src/core/errors/AdapterError.ts +14 -0
package/src/core/errors/HttpErrror.ts +46 -0
package/src/core/errors/SanitizerError.ts +13 -0
package/src/core/errors/SecurityError.ts +13 -0
package/src/core/errors/ValidationError.ts +13 -0
package/src/core/types/HiSecureConfig.ts +62 -0
package/src/core/types/SecureOptions.ts +61 -0
package/src/core/useSecure.ts +111 -0
package/src/examples/e1.ts +1 -0
package/src/index.ts +17 -0
package/src/logging/index.ts +2 -0
package/src/logging/morganSetup.ts +3 -0
package/src/logging/winstonSetup.ts +17 -0
package/src/managers/AuthManager.ts +237 -0
package/src/managers/CorsManager.ts +58 -0
package/src/managers/HashManager.ts +390 -0
package/src/managers/JsonManager.ts +149 -0
package/src/managers/RateLimitManager.ts +368 -0
package/src/managers/SanitizerManager.ts +359 -0
package/src/managers/ValidatorManager.ts +269 -0
package/src/middlewares/errorHandler.ts +265 -0
package/src/middlewares/index.ts +2 -0
package/src/middlewares/requestLogger.ts +5 -0
package/src/test/t1.ts +1 -0
package/src/utils/deepFreeze.ts +76 -0
package/src/utils/deepMerge.ts +87 -0
package/src/utils/normalizeOptions.ts +265 -0
package/tsconfig.json +30 -0

package/src/managers/AuthManager.ts ADDED Viewed

@@ -0,0 +1,237 @@
+// import { JWTAdapter } from "../adapters/JWTAdapter.js";
+// import { GoogleAdapter } from "../adapters/GoggleAdapter.js";
+// import { AdapterError } from "../core/errors/AdapterError.js";
+// import { HttpError } from "../core/errors/HttpErrror.js";
+// import { Request, Response, NextFunction } from "express";
+// import { logError, logWarn, logInfo } from "../logging";
+// export interface AuthOptions {
+//     jwtSecret: string;
+//     jwtExpiresIn?: string | number | undefined;
+//     googleClientId?: string | undefined;
+// }
+// export class AuthManager {
+//     private jwtAdapter: JWTAdapter;
+//     private googleAdapter?: GoogleAdapter;
+//     constructor(opts: AuthOptions) {
+//         if (!opts.jwtSecret)
+//             throw new AdapterError("jwtSecret required in AuthOptions");
+//         logInfo("AuthManager initialized");
+//         this.jwtAdapter = new JWTAdapter({
+//             secret: opts.jwtSecret,
+//             expiresIn: opts.jwtExpiresIn ?? undefined,
+//         });
+//         if (opts.googleClientId) {
+//             this.googleAdapter = new GoogleAdapter(opts.googleClientId);
+//             logInfo("GoogleAdapter enabled");
+//         }
+//     }
+//     sign(payload: object, options?: { expiresIn?: string | number }) {
+//         logInfo("JWT Sign called");
+//         return this.jwtAdapter.sign(payload, options);
+//     }
+//     verify(token: string) {
+//         logInfo("JWT Verify called");
+//         return this.jwtAdapter.verify(token);
+//     }
+//     async verifyGoogleIdToken(idToken: string) {
+//         if (!this.googleAdapter)
+//             throw new AdapterError("GoogleAdapter not configured.");
+//         logInfo("Google ID Token verify called");
+//         try {
+//             return await this.googleAdapter.verifyIdToken(idToken);
+//         } catch (err: any) {
+//             logError("Google ID Token verification failed", { error: err?.message });
+//             throw HttpError.Unauthorized("Invalid Google ID token");
+//         }
+//     }
+//     protect(options?: { required?: boolean }) {
+//         const required = options?.required ?? true;
+//         return (req: Request, res: Response, next: NextFunction) => {
+//             const header = req.headers["authorization"] || req.headers["Authorization"];
+//             if (!header) {
+//                 if (required) {
+//                     logWarn("Missing Authorization header", {
+//                         path: req.path,
+//                         method: req.method
+//                     });
+//                     return next(HttpError.Unauthorized("Missing Authorization header"));
+//                 }
+//                 return next();
+//             }
+//             const [type, token] = String(header).split(" ");
+//             if (type !== "Bearer" || !token) {
+//                 logWarn("Invalid Authorization header", {
+//                     path: req.path,
+//                     method: req.method
+//                 });
+//                 return next(HttpError.Unauthorized("Invalid Authorization header"));
+//             }
+//             try {
+//                 const decoded = this.verify(token);
+//                 (req as any).auth = decoded;
+//                 return next();
+//             } catch (err: any) {
+//                 logError("JWT verify failed", {
+//                     error: err?.message,
+//                     path: req.path,
+//                     method: req.method
+//                 });
+//                 return next(HttpError.Unauthorized("Invalid or expired token"));
+//             }
+//         };
+//     }
+// }
+// src/managers/AuthManager.ts - FIXED
+import { JWTAdapter } from "../adapters/JWTAdapter.js";
+import { GoogleAdapter } from "../adapters/GoogleAdapter.js";
+import { AdapterError } from "../core/errors/AdapterError.js";
+import { HttpError } from "../core/errors/HttpErrror.js";
+import { Request, Response, NextFunction } from "express";
+import { logError, logWarn, logInfo } from "../logging";
+export interface AuthOptions {
+    jwtSecret: string;
+    jwtExpiresIn?: string | number;
+    googleClientId?: string;
+}
+export interface ProtectOptions {
+    required?: boolean;
+    roles?: string[];
+}
+export class AuthManager {
+    private jwtAdapter: JWTAdapter;
+    private googleAdapter?: GoogleAdapter;
+    constructor(opts: AuthOptions) {
+        if (!opts.jwtSecret) {
+            throw new AdapterError("jwtSecret required in AuthOptions");
+        }
+        if (opts.jwtSecret.length < 32) {
+            logWarn("⚠ JWT secret is less than 32 characters - consider using a stronger secret");
+        }
+        logInfo("AuthManager initialized");
+        this.jwtAdapter = new JWTAdapter({
+            secret: opts.jwtSecret,
+            expiresIn: opts.jwtExpiresIn ?? "1d",
+        });
+        if (opts.googleClientId) {
+            this.googleAdapter = new GoogleAdapter(opts.googleClientId);
+            logInfo("GoogleAdapter enabled");
+        }
+    }
+    sign(payload: object, options?: { expiresIn?: string | number, jti?: string }) {
+        logInfo("JWT Sign called");
+        return this.jwtAdapter.sign(payload, options);
+    }
+    verify(token: string) {
+        logInfo("JWT Verify called");
+        return this.jwtAdapter.verify(token);
+    }
+    async verifyGoogleIdToken(idToken: string) {
+        if (!this.googleAdapter) {
+            throw new AdapterError("GoogleAdapter not configured.");
+        }
+        logInfo("Google ID Token verify called");
+        try {
+            return await this.googleAdapter.verifyIdToken(idToken);
+        } catch (err: any) {
+            logError("Google ID Token verification failed", { error: err?.message });
+            throw HttpError.Unauthorized("Invalid Google ID token");
+        }
+    }
+    protect(options?: ProtectOptions) {
+        const required = options?.required ?? true;
+        const roles = options?.roles;
+        return (req: Request, res: Response, next: NextFunction) => {
+            const header = req.headers["authorization"];
+            // If auth is not required, skip authentication
+            if (!required && !header) {
+                return next();
+            }
+            // If auth is required but no header
+            if (!header) {
+                logWarn("Missing Authorization header", {
+                    path: req.path,
+                    method: req.method
+                });
+                return next(HttpError.Unauthorized("Missing Authorization header"));
+            }
+            // Parse Bearer token
+            const [type, token] = String(header).split(" ");
+            if (type !== "Bearer" || !token) {
+                logWarn("Invalid Authorization header", {
+                    path: req.path,
+                    method: req.method
+                });
+                return next(HttpError.Unauthorized("Invalid Authorization header"));
+            }
+            try {
+                // Verify JWT
+                const decoded = this.verify(token);
+                // Attach to request
+                (req as any).auth = decoded;
+                (req as any).user = decoded; // Common pattern
+                // Role-based authorization
+                if (roles && roles.length > 0) {
+                    const userRole = (decoded as any).role || (decoded as any).roles?.[0];
+                    if (!userRole || !roles.includes(userRole)) {
+                        logWarn("Insufficient permissions", {
+                            path: req.path,
+                            requiredRoles: roles,
+                            userRole
+                        });
+                        return next(HttpError.Forbidden("Insufficient permissions"));
+                    }
+                }
+                return next();
+            } catch (err: any) {
+                logError("JWT verify failed", {
+                    error: err?.message,
+                    path: req.path,
+                    method: req.method
+                });
+                return next(HttpError.Unauthorized("Invalid or expired token"));
+            }
+        };
+    }
+}

package/src/managers/CorsManager.ts ADDED Viewed

@@ -0,0 +1,58 @@
+// import cors from "cors";
+// import { logger } from "../logging";
+// import { AdapterError } from "../core/errors/AdapterError.js";
+// export class CorsManager {
+//     middleware(options?: any) {
+//         try {
+//             // options = undefined → use default CORS
+//             return options ? cors(options) : cors();
+//         } catch (err: any) {
+//             logger.error("❌ CORS Manager: failed to create CORS middleware", {
+//                 error: err?.message || err,
+//                 options
+//             });
+//             throw new AdapterError("CORS middleware initialization failed.");
+//         }
+//     }
+// }
+// src/managers/CorsManager.ts - IMPROVED
+import cors from "cors";
+import { logger } from "../logging";
+import { AdapterError } from "../core/errors/AdapterError.js";
+export class CorsManager {
+    middleware(options?: any) {
+        try {
+            const defaultOptions = {
+                origin: '*',
+                methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
+                allowedHeaders: ['Content-Type', 'Authorization'],
+                credentials: false,
+                maxAge: 86400 // 24 hours
+            };
+            const finalOptions = options ? { ...defaultOptions, ...options } : defaultOptions;
+            logger.debug("🔧 CORS configured", {
+                origin: finalOptions.origin,
+                methods: finalOptions.methods
+            });
+            return cors(finalOptions);
+        } catch (err: any) {
+            logger.error("❌ CORS Manager: failed to create CORS middleware", {
+                error: err?.message || err,
+                options
+            });
+            throw new AdapterError("CORS middleware initialization failed.");
+        }
+    }
+}

package/src/managers/HashManager.ts ADDED Viewed

@@ -0,0 +1,390 @@
+// // // import { AdapterError } from "../core/errors/AdapterError";
+// // // import { HiSecureConfig } from "../core/config";
+// // // import { logger } from "../logging";
+// // // export class HashManager {
+// // //     private config: HiSecureConfig["hashing"];
+// // //     private primaryAdapter: {
+// // //         hash: (value: string) => Promise<string>;
+// // //         verify: (value: string, hashed: string) => Promise<boolean>;
+// // //     };
+// // //     private fallbackAdapter: {
+// // //         hash: (value: string) => Promise<string>;
+// // //         verify: (value: string, hashed: string) => Promise<boolean>;
+// // //     } | null;
+// // //     constructor(
+// // //         config: HiSecureConfig["hashing"],
+// // //         primaryAdapter: any,
+// // //         fallbackAdapter: any
+// // //     ) {
+// // //         this.config = config;
+// // //         this.primaryAdapter = primaryAdapter;
+// // //         this.fallbackAdapter = fallbackAdapter;
+// // //     }
+// // //     /**
+// // //      * Hash a password using primary adapter (Argon2)
+// // //      * If it fails → fallback (Bcrypt)
+// // //      */
+// // //     async hash(value: string): Promise<string> {
+// // //         try {
+// // //             return await this.primaryAdapter.hash(value);
+// // //         } catch (err: any) {
+// // //             logger.warn("⚠ Primary hashing failed — switching to fallback", {
+// // //                 error: err?.message,
+// // //             });
+// // //             if (!this.fallbackAdapter) {
+// // //                 throw new AdapterError(
+// // //                     "Primary hashing failed and no fallback adapter is configured."
+// // //                 );
+// // //             }
+// // //             try {
+// // //                 return await this.fallbackAdapter.hash(value);
+// // //             } catch (fallbackErr: any) {
+// // //                 logger.error("❌ Fallback hashing failed", {
+// // //                     error: fallbackErr?.message,
+// // //                 });
+// // //                 throw new AdapterError(
+// // //                     "Both primary and fallback hashing failed."
+// // //                 );
+// // //             }
+// // //         }
+// // //     }
+// // //     /**
+// // //      * Verify using primary hashing method.
+// // //      * If mismatch OR failure → use fallback.
+// // //      */
+// // //     async verify(value: string, hashed: string): Promise<boolean> {
+// // //         try {
+// // //             return await this.primaryAdapter.verify(value, hashed);
+// // //         } catch (err: any) {
+// // //             logger.warn("⚠ Primary verify failed — trying fallback", {
+// // //                 error: err?.message,
+// // //             });
+// // //             if (!this.fallbackAdapter) {
+// // //                 throw new AdapterError(
+// // //                     "Primary verify failed and no fallback adapter is configured."
+// // //                 );
+// // //             }
+// // //             try {
+// // //                 return await this.fallbackAdapter.verify(value, hashed);
+// // //             } catch (fallbackErr: any) {
+// // //                 logger.error("❌ Fallback verify failed", {
+// // //                     error: fallbackErr?.message,
+// // //                 });
+// // //                 throw new AdapterError(
+// // //                     "Both primary and fallback verify failed."
+// // //                 );
+// // //             }
+// // //         }
+// // //     }
+// // // }
+// // import { AdapterError } from "../core/errors/AdapterError.js";
+// // import { HiSecureConfig } from "../core/config.js";
+// // import { logger } from "../logging";
+// // interface HashAdapter {
+// //     hash(value: string): Promise<string>;
+// //     verify(value: string, hashed: string): Promise<boolean>;
+// // }
+// // export class HashManager {
+// //     private config: HiSecureConfig["hashing"];
+// //     private primaryAdapter: HashAdapter;
+// //     private fallbackAdapter: HashAdapter | null;
+// //     constructor(
+// //         config: HiSecureConfig["hashing"],
+// //         primaryAdapter: HashAdapter,
+// //         fallbackAdapter: HashAdapter | null
+// //     ) {
+// //         this.config = config;
+// //         this.primaryAdapter = primaryAdapter;
+// //         this.fallbackAdapter = fallbackAdapter;
+// //     }
+// //     async hash(value: string): Promise<string> {
+// //         try {
+// //             return await this.primaryAdapter.hash(value);
+// //         } catch (err: any) {
+// //             logger.warn("⚠ Primary hashing failed — trying fallback", {
+// //                 error: err?.message,
+// //             });
+// //             if (!this.fallbackAdapter) {
+// //                 throw new AdapterError(
+// //                     "Primary hashing failed and no fallback adapter configured."
+// //                 );
+// //             }
+// //             try {
+// //                 return await this.fallbackAdapter.hash(value);
+// //             } catch (fallbackErr: any) {
+// //                 logger.error("❌ Fallback hashing failed", {
+// //                     error: fallbackErr?.message,
+// //                 });
+// //                 throw new AdapterError(
+// //                     "Both primary and fallback hashing failed."
+// //                 );
+// //             }
+// //         }
+// //     }
+// //     async verify(value: string, hashed: string): Promise<boolean> {
+// //         try {
+// //             return await this.primaryAdapter.verify(value, hashed);
+// //         } catch (err: any) {
+// //             logger.warn("⚠ Primary verify failed — trying fallback", {
+// //                 error: err?.message,
+// //             });
+// //             if (!this.fallbackAdapter) {
+// //                 throw new AdapterError(
+// //                     "Primary verify failed and no fallback adapter configured."
+// //                 );
+// //             }
+// //             try {
+// //                 return await this.fallbackAdapter.verify(value, hashed);
+// //             } catch (fallbackErr: any) {
+// //                 logger.error("❌ Fallback verify failed", {
+// //                     error: fallbackErr?.message,
+// //                 });
+// //                 throw new AdapterError(
+// //                     "Both primary and fallback verify failed."
+// //                 );
+// //             }
+// //         }
+// //     }
+// // }
+// // src/managers/HashManager.ts - FIXED
+// import { AdapterError } from "../core/errors/AdapterError.js";
+// import { HiSecureConfig } from "../core/types/HiSecureConfig.js";
+// import { logger } from "../logging";
+// interface HashAdapter {
+//     hash(value: string): Promise<string>;
+//     verify(value: string, hashed: string): Promise<boolean>;
+//     getAlgorithm(): string;
+// }
+// export interface HashResult {
+//     hash: string;
+//     algorithm: string;
+//     usedFallback: boolean;
+// }
+// export class HashManager {
+//     private config: HiSecureConfig["hashing"];
+//     private primaryAdapter: HashAdapter;
+//     private fallbackAdapter: HashAdapter | null;
+//     constructor(
+//         config: HiSecureConfig["hashing"],
+//         primaryAdapter: HashAdapter,
+//         fallbackAdapter: HashAdapter | null
+//     ) {
+//         this.config = config;
+//         this.primaryAdapter = primaryAdapter;
+//         this.fallbackAdapter = fallbackAdapter;
+//     }
+//     async hash(value: string, options?: { allowFallback?: boolean }): Promise<HashResult> {
+//         try {
+//             const hash = await this.primaryAdapter.hash(value);
+//             return {
+//                 hash,
+//                 algorithm: this.config.primary,
+//                 usedFallback: false
+//             };
+//         } catch (err: any) {
+//             logger.warn("⚠ Primary hashing failed", {
+//                 error: err.message,
+//                 algorithm: this.config.primary
+//             });
+//             if (!options?.allowFallback || !this.fallbackAdapter) {
+//                 throw new AdapterError(
+//                     `Primary hashing (${this.config.primary}) failed. Fallback not allowed.`
+//                 );
+//             }
+//             try {
+//                 const hash = await this.fallbackAdapter.hash(value);
+//                 // Log security downgrade warning
+//                 logger.warn("⚠ SECURITY DOWNGRADE: Using fallback hashing", {
+//                     from: this.config.primary,
+//                     to: this.config.fallback
+//                 });
+//                 return {
+//                     hash,
+//                     algorithm: this.config.fallback || 'bcrypt',
+//                     usedFallback: true
+//                 };
+//             } catch (fallbackErr: any) {
+//                 logger.error("❌ Fallback hashing failed", {
+//                     error: fallbackErr?.message,
+//                 });
+//                 throw new AdapterError(
+//                     "Both primary and fallback hashing failed."
+//                 );
+//             }
+//         }
+//     }
+//     async verify(value: string, hashed: string): Promise<boolean> {
+//         // Try primary adapter first
+//         try {
+//             return await this.primaryAdapter.verify(value, hashed);
+//         } catch (primaryErr: any) {
+//             logger.warn("⚠ Primary verify failed", {
+//                 error: primaryErr?.message,
+//             });
+//             // If fallback exists, try it
+//             if (this.fallbackAdapter) {
+//                 try {
+//                     return await this.fallbackAdapter.verify(value, hashed);
+//                 } catch (fallbackErr: any) {
+//                     logger.error("❌ Fallback verify failed", {
+//                         error: fallbackErr?.message,
+//                     });
+//                     throw new AdapterError(
+//                         "Both primary and fallback verify failed."
+//                     );
+//                 }
+//             }
+//             throw new AdapterError(
+//                 "Primary verify failed and no fallback adapter configured."
+//             );
+//         }
+//     }
+// }
+// src/managers/HashManager.ts - COMPLETE FIXED
+import { AdapterError } from "../core/errors/AdapterError.js";
+import { HiSecureConfig } from "../core/types/HiSecureConfig.js";
+import { logger } from "../logging";
+interface HashAdapter {
+    hash(value: string): Promise<string>;
+    verify(value: string, hashed: string): Promise<boolean>;
+    // ❌ getAlgorithm() REMOVED - Not needed in adapters
+}
+export interface HashResult {
+    hash: string;
+    algorithm: string;
+    usedFallback: boolean;
+}
+export class HashManager {
+    private config: HiSecureConfig["hashing"];
+    private primaryAdapter: HashAdapter;
+    private fallbackAdapter: HashAdapter | null;
+    constructor(
+        config: HiSecureConfig["hashing"],
+        primaryAdapter: HashAdapter,
+        fallbackAdapter: HashAdapter | null
+    ) {
+        this.config = config;
+        this.primaryAdapter = primaryAdapter;
+        this.fallbackAdapter = fallbackAdapter;
+    }
+    async hash(value: string, options?: { allowFallback?: boolean }): Promise<HashResult> {
+        try {
+            const hash = await this.primaryAdapter.hash(value);
+            return {
+                hash,
+                algorithm: this.config.primary,
+                usedFallback: false
+            };
+        } catch (err: any) {
+            logger.warn("⚠ Primary hashing failed", {
+                error: err.message,
+                algorithm: this.config.primary
+            });
+            if (!options?.allowFallback || !this.fallbackAdapter) {
+                throw new AdapterError(
+                    `Primary hashing (${this.config.primary}) failed. Fallback not allowed.`
+                );
+            }
+            try {
+                const hash = await this.fallbackAdapter.hash(value);
+                // Log security downgrade warning
+                logger.warn("⚠ SECURITY DOWNGRADE: Using fallback hashing", {
+                    from: this.config.primary,
+                    to: this.config.fallback
+                });
+                return {
+                    hash,
+                    algorithm: this.config.fallback || 'bcrypt',
+                    usedFallback: true
+                };
+            } catch (fallbackErr: any) {
+                logger.error("❌ Fallback hashing failed", {
+                    error: fallbackErr?.message,
+                });
+                throw new AdapterError(
+                    "Both primary and fallback hashing failed."
+                );
+            }
+        }
+    }
+    async verify(value: string, hashed: string): Promise<boolean> {
+        // Try primary adapter first
+        try {
+            return await this.primaryAdapter.verify(value, hashed);
+        } catch (primaryErr: any) {
+            logger.warn("⚠ Primary verify failed", {
+                error: primaryErr?.message,
+            });
+            // If fallback exists, try it
+            if (this.fallbackAdapter) {
+                try {
+                    return await this.fallbackAdapter.verify(value, hashed);
+                } catch (fallbackErr: any) {
+                    logger.error("❌ Fallback verify failed", {
+                        error: fallbackErr?.message,
+                    });
+                    throw new AdapterError(
+                        "Both primary and fallback verify failed."
+                    );
+                }
+            }
+            throw new AdapterError(
+                "Primary verify failed and no fallback adapter configured."
+            );
+        }
+    }
+}