hi-secure 1.0.0

package/dist/managers/AuthManager.js

@@ -0,0 +1,190 @@
+"use strict";
+// import { JWTAdapter } from "../adapters/JWTAdapter.js";
+// import { GoogleAdapter } from "../adapters/GoggleAdapter.js";
+// import { AdapterError } from "../core/errors/AdapterError.js";
+// import { HttpError } from "../core/errors/HttpErrror.js";
+// import { Request, Response, NextFunction } from "express";
+// import { logError, logWarn, logInfo } from "../logging";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthManager = void 0;
+// export interface AuthOptions {
+//     jwtSecret: string;
+//     jwtExpiresIn?: string | number | undefined;
+//     googleClientId?: string | undefined;
+// }
+// export class AuthManager {
+//     private jwtAdapter: JWTAdapter;
+//     private googleAdapter?: GoogleAdapter;
+//     constructor(opts: AuthOptions) {
+//         if (!opts.jwtSecret)
+//             throw new AdapterError("jwtSecret required in AuthOptions");
+//         logInfo("AuthManager initialized");
+//         this.jwtAdapter = new JWTAdapter({
+//             secret: opts.jwtSecret,
+//             expiresIn: opts.jwtExpiresIn ?? undefined,
+//         });
+//         if (opts.googleClientId) {
+//             this.googleAdapter = new GoogleAdapter(opts.googleClientId);
+//             logInfo("GoogleAdapter enabled");
+//         }
+//     }
+//     sign(payload: object, options?: { expiresIn?: string | number }) {
+//         logInfo("JWT Sign called");
+//         return this.jwtAdapter.sign(payload, options);
+//     }
+//     verify(token: string) {
+//         logInfo("JWT Verify called");
+//         return this.jwtAdapter.verify(token);
+//     }
+//     async verifyGoogleIdToken(idToken: string) {
+//         if (!this.googleAdapter)
+//             throw new AdapterError("GoogleAdapter not configured.");
+//         logInfo("Google ID Token verify called");
+//         try {
+//             return await this.googleAdapter.verifyIdToken(idToken);
+//         } catch (err: any) {
+//             logError("Google ID Token verification failed", { error: err?.message });
+//             throw HttpError.Unauthorized("Invalid Google ID token");
+//         }
+//     }
+//     protect(options?: { required?: boolean }) {
+//         const required = options?.required ?? true;
+//         return (req: Request, res: Response, next: NextFunction) => {
+//             const header = req.headers["authorization"] || req.headers["Authorization"];
+//             if (!header) {
+//                 if (required) {
+//                     logWarn("Missing Authorization header", {
+//                         path: req.path,
+//                         method: req.method
+//                     });
+//                     return next(HttpError.Unauthorized("Missing Authorization header"));
+//                 }
+//                 return next();
+//             }
+//             const [type, token] = String(header).split(" ");
+//             if (type !== "Bearer" || !token) {
+//                 logWarn("Invalid Authorization header", {
+//                     path: req.path,
+//                     method: req.method
+//                 });
+//                 return next(HttpError.Unauthorized("Invalid Authorization header"));
+//             }
+//             try {
+//                 const decoded = this.verify(token);
+//                 (req as any).auth = decoded;
+//                 return next();
+//             } catch (err: any) {
+//                 logError("JWT verify failed", {
+//                     error: err?.message,
+//                     path: req.path,
+//                     method: req.method
+//                 });
+//                 return next(HttpError.Unauthorized("Invalid or expired token"));
+//             }
+//         };
+//     }
+// }
+// src/managers/AuthManager.ts - FIXED
+const JWTAdapter_js_1 = require("../adapters/JWTAdapter.js");
+const GoogleAdapter_js_1 = require("../adapters/GoogleAdapter.js");
+const AdapterError_js_1 = require("../core/errors/AdapterError.js");
+const HttpErrror_js_1 = require("../core/errors/HttpErrror.js");
+const logging_1 = require("../logging");
+class AuthManager {
+    constructor(opts) {
+        if (!opts.jwtSecret) {
+            throw new AdapterError_js_1.AdapterError("jwtSecret required in AuthOptions");
+        }
+        if (opts.jwtSecret.length < 32) {
+            (0, logging_1.logWarn)("⚠ JWT secret is less than 32 characters - consider using a stronger secret");
+        }
+        (0, logging_1.logInfo)("AuthManager initialized");
+        this.jwtAdapter = new JWTAdapter_js_1.JWTAdapter({
+            secret: opts.jwtSecret,
+            expiresIn: opts.jwtExpiresIn ?? "1d",
+        });
+        if (opts.googleClientId) {
+            this.googleAdapter = new GoogleAdapter_js_1.GoogleAdapter(opts.googleClientId);
+            (0, logging_1.logInfo)("GoogleAdapter enabled");
+        }
+    }
+    sign(payload, options) {
+        (0, logging_1.logInfo)("JWT Sign called");
+        return this.jwtAdapter.sign(payload, options);
+    }
+    verify(token) {
+        (0, logging_1.logInfo)("JWT Verify called");
+        return this.jwtAdapter.verify(token);
+    }
+    async verifyGoogleIdToken(idToken) {
+        if (!this.googleAdapter) {
+            throw new AdapterError_js_1.AdapterError("GoogleAdapter not configured.");
+        }
+        (0, logging_1.logInfo)("Google ID Token verify called");
+        try {
+            return await this.googleAdapter.verifyIdToken(idToken);
+        }
+        catch (err) {
+            (0, logging_1.logError)("Google ID Token verification failed", { error: err?.message });
+            throw HttpErrror_js_1.HttpError.Unauthorized("Invalid Google ID token");
+        }
+    }
+    protect(options) {
+        const required = options?.required ?? true;
+        const roles = options?.roles;
+        return (req, res, next) => {
+            const header = req.headers["authorization"];
+            // If auth is not required, skip authentication
+            if (!required && !header) {
+                return next();
+            }
+            // If auth is required but no header
+            if (!header) {
+                (0, logging_1.logWarn)("Missing Authorization header", {
+                    path: req.path,
+                    method: req.method
+                });
+                return next(HttpErrror_js_1.HttpError.Unauthorized("Missing Authorization header"));
+            }
+            // Parse Bearer token
+            const [type, token] = String(header).split(" ");
+            if (type !== "Bearer" || !token) {
+                (0, logging_1.logWarn)("Invalid Authorization header", {
+                    path: req.path,
+                    method: req.method
+                });
+                return next(HttpErrror_js_1.HttpError.Unauthorized("Invalid Authorization header"));
+            }
+            try {
+                // Verify JWT
+                const decoded = this.verify(token);
+                // Attach to request
+                req.auth = decoded;
+                req.user = decoded; // Common pattern
+                // Role-based authorization
+                if (roles && roles.length > 0) {
+                    const userRole = decoded.role || decoded.roles?.[0];
+                    if (!userRole || !roles.includes(userRole)) {
+                        (0, logging_1.logWarn)("Insufficient permissions", {
+                            path: req.path,
+                            requiredRoles: roles,
+                            userRole
+                        });
+                        return next(HttpErrror_js_1.HttpError.Forbidden("Insufficient permissions"));
+                    }
+                }
+                return next();
+            }
+            catch (err) {
+                (0, logging_1.logError)("JWT verify failed", {
+                    error: err?.message,
+                    path: req.path,
+                    method: req.method
+                });
+                return next(HttpErrror_js_1.HttpError.Unauthorized("Invalid or expired token"));
+            }
+        };
+    }
+}
+exports.AuthManager = AuthManager;
+//# sourceMappingURL=AuthManager.js.map

package/dist/managers/AuthManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthManager.js","sourceRoot":"","sources":["../../src/managers/AuthManager.ts"],"names":[],"mappings":";AAAA,0DAA0D;AAC1D,gEAAgE;AAChE,iEAAiE;AACjE,4DAA4D;AAC5D,6DAA6D;AAC7D,2DAA2D;;;AAE3D,iCAAiC;AACjC,yBAAyB;AACzB,kDAAkD;AAClD,2CAA2C;AAC3C,IAAI;AAEJ,6BAA6B;AAC7B,sCAAsC;AACtC,6CAA6C;AAE7C,uCAAuC;AACvC,+BAA+B;AAC/B,2EAA2E;AAE3E,8CAA8C;AAE9C,6CAA6C;AAC7C,sCAAsC;AACtC,yDAAyD;AACzD,cAAc;AAEd,qCAAqC;AACrC,2EAA2E;AAC3E,gDAAgD;AAChD,YAAY;AACZ,QAAQ;AAER,yEAAyE;AACzE,sCAAsC;AACtC,yDAAyD;AACzD,QAAQ;AAER,8BAA8B;AAC9B,wCAAwC;AACxC,gDAAgD;AAChD,QAAQ;AAER,mDAAmD;AACnD,mCAAmC;AACnC,uEAAuE;AAEvE,oDAAoD;AAEpD,gBAAgB;AAChB,sEAAsE;AACtE,+BAA+B;AAC/B,wFAAwF;AACxF,uEAAuE;AACvE,YAAY;AACZ,QAAQ;AAER,kDAAkD;AAClD,sDAAsD;AAEtD,wEAAwE;AACxE,2FAA2F;AAE3F,6BAA6B;AAC7B,kCAAkC;AAClC,gEAAgE;AAChE,0CAA0C;AAC1C,6CAA6C;AAC7C,0BAA0B;AAC1B,2FAA2F;AAC3F,oBAAoB;AACpB,iCAAiC;AACjC,gBAAgB;AAEhB,+DAA+D;AAE/D,iDAAiD;AACjD,4DAA4D;AAC5D,sCAAsC;AACtC,yCAAyC;AACzC,sBAAsB;AACtB,uFAAuF;AACvF,gBAAgB;AAEhB,oBAAoB;AACpB,sDAAsD;AACtD,+CAA+C;AAC/C,iCAAiC;AACjC,mCAAmC;AACnC,kDAAkD;AAClD,2CAA2C;AAC3C,sCAAsC;AACtC,yCAAyC;AACzC,sBAAsB;AACtB,mFAAmF;AACnF,gBAAgB;AAChB,aAAa;AACb,QAAQ;AACR,IAAI;AAIJ,sCAAsC;AACtC,6DAAuD;AACvD,mEAA6D;AAC7D,oEAA8D;AAC9D,gEAAyD;AAEzD,wCAAwD;AAaxD,MAAa,WAAW;IAIpB,YAAY,IAAiB;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YAClB,MAAM,IAAI,8BAAY,CAAC,mCAAmC,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC7B,IAAA,iBAAO,EAAC,4EAA4E,CAAC,CAAC;QAC1F,CAAC;QAED,IAAA,iBAAO,EAAC,yBAAyB,CAAC,CAAC;QAEnC,IAAI,CAAC,UAAU,GAAG,IAAI,0BAAU,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS;YACtB,SAAS,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI;SACvC,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtB,IAAI,CAAC,aAAa,GAAG,IAAI,gCAAa,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC5D,IAAA,iBAAO,EAAC,uBAAuB,CAAC,CAAC;QACrC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAuD;QACzE,IAAA,iBAAO,EAAC,iBAAiB,CAAC,CAAC;QAC3B,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,CAAC,KAAa;QAChB,IAAA,iBAAO,EAAC,mBAAmB,CAAC,CAAC;QAC7B,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,OAAe;QACrC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACtB,MAAM,IAAI,8BAAY,CAAC,+BAA+B,CAAC,CAAC;QAC5D,CAAC;QAED,IAAA,iBAAO,EAAC,+BAA+B,CAAC,CAAC;QAEzC,IAAI,CAAC;YACD,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAC3D,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,IAAA,kBAAQ,EAAC,qCAAqC,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;YACzE,MAAM,yBAAS,CAAC,YAAY,CAAC,yBAAyB,CAAC,CAAC;QAC5D,CAAC;IACL,CAAC;IAED,OAAO,CAAC,OAAwB;QAC5B,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC;QAC3C,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;QAE7B,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YACvD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAE5C,+CAA+C;YAC/C,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvB,OAAO,IAAI,EAAE,CAAC;YAClB,CAAC;YAED,oCAAoC;YACpC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,IAAA,iBAAO,EAAC,8BAA8B,EAAE;oBACpC,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,yBAAS,CAAC,YAAY,CAAC,8BAA8B,CAAC,CAAC,CAAC;YACxE,CAAC;YAED,qBAAqB;YACrB,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAChD,IAAI,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;gBAC9B,IAAA,iBAAO,EAAC,8BAA8B,EAAE;oBACpC,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,yBAAS,CAAC,YAAY,CAAC,8BAA8B,CAAC,CAAC,CAAC;YACxE,CAAC;YAED,IAAI,CAAC;gBACD,aAAa;gBACb,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAEnC,oBAAoB;gBACnB,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC;gBAC3B,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC,CAAC,iBAAiB;gBAE9C,2BAA2B;gBAC3B,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC5B,MAAM,QAAQ,GAAI,OAAe,CAAC,IAAI,IAAK,OAAe,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;oBACtE,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACzC,IAAA,iBAAO,EAAC,0BAA0B,EAAE;4BAChC,IAAI,EAAE,GAAG,CAAC,IAAI;4BACd,aAAa,EAAE,KAAK;4BACpB,QAAQ;yBACX,CAAC,CAAC;wBACH,OAAO,IAAI,CAAC,yBAAS,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC,CAAC;oBACjE,CAAC;gBACL,CAAC;gBAED,OAAO,IAAI,EAAE,CAAC;YAClB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAChB,IAAA,kBAAQ,EAAC,mBAAmB,EAAE;oBAC1B,KAAK,EAAE,GAAG,EAAE,OAAO;oBACnB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,yBAAS,CAAC,YAAY,CAAC,0BAA0B,CAAC,CAAC,CAAC;YACpE,CAAC;QACL,CAAC,CAAC;IACN,CAAC;CACJ;AAlHD,kCAkHC","sourcesContent":["// import { JWTAdapter } from \"../adapters/JWTAdapter.js\";\r\n// import { GoogleAdapter } from \"../adapters/GoggleAdapter.js\";\r\n// import { AdapterError } from \"../core/errors/AdapterError.js\";\r\n// import { HttpError } from \"../core/errors/HttpErrror.js\";\r\n// import { Request, Response, NextFunction } from \"express\";\r\n// import { logError, logWarn, logInfo } from \"../logging\";\r\n\r\n// export interface AuthOptions {\r\n//     jwtSecret: string;\r\n//     jwtExpiresIn?: string | number | undefined;\r\n//     googleClientId?: string | undefined;\r\n// }\r\n\r\n// export class AuthManager {\r\n//     private jwtAdapter: JWTAdapter;\r\n//     private googleAdapter?: GoogleAdapter;\r\n\r\n//     constructor(opts: AuthOptions) {\r\n//         if (!opts.jwtSecret)\r\n//             throw new AdapterError(\"jwtSecret required in AuthOptions\");\r\n\r\n//         logInfo(\"AuthManager initialized\");\r\n\r\n//         this.jwtAdapter = new JWTAdapter({\r\n//             secret: opts.jwtSecret,\r\n//             expiresIn: opts.jwtExpiresIn ?? undefined,\r\n//         });\r\n\r\n//         if (opts.googleClientId) {\r\n//             this.googleAdapter = new GoogleAdapter(opts.googleClientId);\r\n//             logInfo(\"GoogleAdapter enabled\");\r\n//         }\r\n//     }\r\n\r\n//     sign(payload: object, options?: { expiresIn?: string | number }) {\r\n//         logInfo(\"JWT Sign called\");\r\n//         return this.jwtAdapter.sign(payload, options);\r\n//     }\r\n\r\n//     verify(token: string) {\r\n//         logInfo(\"JWT Verify called\");\r\n//         return this.jwtAdapter.verify(token);\r\n//     }\r\n\r\n//     async verifyGoogleIdToken(idToken: string) {\r\n//         if (!this.googleAdapter)\r\n//             throw new AdapterError(\"GoogleAdapter not configured.\");\r\n\r\n//         logInfo(\"Google ID Token verify called\");\r\n\r\n//         try {\r\n//             return await this.googleAdapter.verifyIdToken(idToken);\r\n//         } catch (err: any) {\r\n//             logError(\"Google ID Token verification failed\", { error: err?.message });\r\n//             throw HttpError.Unauthorized(\"Invalid Google ID token\");\r\n//         }\r\n//     }\r\n\r\n//     protect(options?: { required?: boolean }) {\r\n//         const required = options?.required ?? true;\r\n\r\n//         return (req: Request, res: Response, next: NextFunction) => {\r\n//             const header = req.headers[\"authorization\"] || req.headers[\"Authorization\"];\r\n\r\n//             if (!header) {\r\n//                 if (required) {\r\n//                     logWarn(\"Missing Authorization header\", {\r\n//                         path: req.path,\r\n//                         method: req.method\r\n//                     });\r\n//                     return next(HttpError.Unauthorized(\"Missing Authorization header\"));\r\n//                 }\r\n//                 return next();\r\n//             }\r\n\r\n//             const [type, token] = String(header).split(\" \");\r\n\r\n//             if (type !== \"Bearer\" || !token) {\r\n//                 logWarn(\"Invalid Authorization header\", {\r\n//                     path: req.path,\r\n//                     method: req.method\r\n//                 });\r\n//                 return next(HttpError.Unauthorized(\"Invalid Authorization header\"));\r\n//             }\r\n\r\n//             try {\r\n//                 const decoded = this.verify(token);\r\n//                 (req as any).auth = decoded;\r\n//                 return next();\r\n//             } catch (err: any) {\r\n//                 logError(\"JWT verify failed\", {\r\n//                     error: err?.message,\r\n//                     path: req.path,\r\n//                     method: req.method\r\n//                 });\r\n//                 return next(HttpError.Unauthorized(\"Invalid or expired token\"));\r\n//             }\r\n//         };\r\n//     }\r\n// }\r\n\r\n\r\n\r\n// src/managers/AuthManager.ts - FIXED\r\nimport { JWTAdapter } from \"../adapters/JWTAdapter.js\";\r\nimport { GoogleAdapter } from \"../adapters/GoogleAdapter.js\";\r\nimport { AdapterError } from \"../core/errors/AdapterError.js\";\r\nimport { HttpError } from \"../core/errors/HttpErrror.js\";\r\nimport { Request, Response, NextFunction } from \"express\";\r\nimport { logError, logWarn, logInfo } from \"../logging\";\r\n\r\nexport interface AuthOptions {\r\n    jwtSecret: string;\r\n    jwtExpiresIn?: string | number;\r\n    googleClientId?: string;\r\n}\r\n\r\nexport interface ProtectOptions {\r\n    required?: boolean;\r\n    roles?: string[];\r\n}\r\n\r\nexport class AuthManager {\r\n    private jwtAdapter: JWTAdapter;\r\n    private googleAdapter?: GoogleAdapter;\r\n\r\n    constructor(opts: AuthOptions) {\r\n        if (!opts.jwtSecret) {\r\n            throw new AdapterError(\"jwtSecret required in AuthOptions\");\r\n        }\r\n\r\n        if (opts.jwtSecret.length < 32) {\r\n            logWarn(\"⚠ JWT secret is less than 32 characters - consider using a stronger secret\");\r\n        }\r\n\r\n        logInfo(\"AuthManager initialized\");\r\n\r\n        this.jwtAdapter = new JWTAdapter({\r\n            secret: opts.jwtSecret,\r\n            expiresIn: opts.jwtExpiresIn ?? \"1d\",\r\n        });\r\n\r\n        if (opts.googleClientId) {\r\n            this.googleAdapter = new GoogleAdapter(opts.googleClientId);\r\n            logInfo(\"GoogleAdapter enabled\");\r\n        }\r\n    }\r\n\r\n    sign(payload: object, options?: { expiresIn?: string | number, jti?: string }) {\r\n        logInfo(\"JWT Sign called\");\r\n        return this.jwtAdapter.sign(payload, options);\r\n    }\r\n\r\n    verify(token: string) {\r\n        logInfo(\"JWT Verify called\");\r\n        return this.jwtAdapter.verify(token);\r\n    }\r\n\r\n    async verifyGoogleIdToken(idToken: string) {\r\n        if (!this.googleAdapter) {\r\n            throw new AdapterError(\"GoogleAdapter not configured.\");\r\n        }\r\n\r\n        logInfo(\"Google ID Token verify called\");\r\n\r\n        try {\r\n            return await this.googleAdapter.verifyIdToken(idToken);\r\n        } catch (err: any) {\r\n            logError(\"Google ID Token verification failed\", { error: err?.message });\r\n            throw HttpError.Unauthorized(\"Invalid Google ID token\");\r\n        }\r\n    }\r\n\r\n    protect(options?: ProtectOptions) {\r\n        const required = options?.required ?? true;\r\n        const roles = options?.roles;\r\n\r\n        return (req: Request, res: Response, next: NextFunction) => {\r\n            const header = req.headers[\"authorization\"];\r\n\r\n            // If auth is not required, skip authentication\r\n            if (!required && !header) {\r\n                return next();\r\n            }\r\n\r\n            // If auth is required but no header\r\n            if (!header) {\r\n                logWarn(\"Missing Authorization header\", {\r\n                    path: req.path,\r\n                    method: req.method\r\n                });\r\n                return next(HttpError.Unauthorized(\"Missing Authorization header\"));\r\n            }\r\n\r\n            // Parse Bearer token\r\n            const [type, token] = String(header).split(\" \");\r\n            if (type !== \"Bearer\" || !token) {\r\n                logWarn(\"Invalid Authorization header\", {\r\n                    path: req.path,\r\n                    method: req.method\r\n                });\r\n                return next(HttpError.Unauthorized(\"Invalid Authorization header\"));\r\n            }\r\n\r\n            try {\r\n                // Verify JWT\r\n                const decoded = this.verify(token);\r\n                \r\n                // Attach to request\r\n                (req as any).auth = decoded;\r\n                (req as any).user = decoded; // Common pattern\r\n                \r\n                // Role-based authorization\r\n                if (roles && roles.length > 0) {\r\n                    const userRole = (decoded as any).role || (decoded as any).roles?.[0];\r\n                    if (!userRole || !roles.includes(userRole)) {\r\n                        logWarn(\"Insufficient permissions\", {\r\n                            path: req.path,\r\n                            requiredRoles: roles,\r\n                            userRole\r\n                        });\r\n                        return next(HttpError.Forbidden(\"Insufficient permissions\"));\r\n                    }\r\n                }\r\n                \r\n                return next();\r\n            } catch (err: any) {\r\n                logError(\"JWT verify failed\", {\r\n                    error: err?.message,\r\n                    path: req.path,\r\n                    method: req.method\r\n                });\r\n                return next(HttpError.Unauthorized(\"Invalid or expired token\"));\r\n            }\r\n        };\r\n    }\r\n}"]}

package/dist/managers/CorsManager.d.ts

@@ -0,0 +1,9 @@
+import cors from "cors";
+export declare class CorsManager {
+    middleware(options?: any): (req: cors.CorsRequest, res: {
+        statusCode?: number | undefined;
+        setHeader(key: string, value: string): any;
+        end(): any;
+    }, next: (err?: any) => any) => void;
+}
+//# sourceMappingURL=CorsManager.d.ts.map

package/dist/managers/CorsManager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CorsManager.d.ts","sourceRoot":"","sources":["../../src/managers/CorsManager.ts"],"names":[],"mappings":"AAwBA,OAAO,IAAI,MAAM,MAAM,CAAC;AAIxB,qBAAa,WAAW;IAEpB,UAAU,CAAC,OAAO,CAAC,EAAE,GAAG;kBAaZ,CAAN;;;iBAIE,CAAV;CAUD"}

package/dist/managers/CorsManager.js

@@ -0,0 +1,55 @@
+"use strict";
+// import cors from "cors";
+// import { logger } from "../logging";
+// import { AdapterError } from "../core/errors/AdapterError.js";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CorsManager = void 0;
+// export class CorsManager {
+//     middleware(options?: any) {
+//         try {
+//             // options = undefined → use default CORS
+//             return options ? cors(options) : cors();
+//         } catch (err: any) {
+//             logger.error("❌ CORS Manager: failed to create CORS middleware", {
+//                 error: err?.message || err,
+//                 options
+//             });
+//             throw new AdapterError("CORS middleware initialization failed.");
+//         }
+//     }
+// }
+// src/managers/CorsManager.ts - IMPROVED
+const cors_1 = __importDefault(require("cors"));
+const logging_1 = require("../logging");
+const AdapterError_js_1 = require("../core/errors/AdapterError.js");
+class CorsManager {
+    middleware(options) {
+        try {
+            const defaultOptions = {
+                origin: '*',
+                methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
+                allowedHeaders: ['Content-Type', 'Authorization'],
+                credentials: false,
+                maxAge: 86400 // 24 hours
+            };
+            const finalOptions = options ? { ...defaultOptions, ...options } : defaultOptions;
+            logging_1.logger.debug("🔧 CORS configured", {
+                origin: finalOptions.origin,
+                methods: finalOptions.methods
+            });
+            return (0, cors_1.default)(finalOptions);
+        }
+        catch (err) {
+            logging_1.logger.error("❌ CORS Manager: failed to create CORS middleware", {
+                error: err?.message || err,
+                options
+            });
+            throw new AdapterError_js_1.AdapterError("CORS middleware initialization failed.");
+        }
+    }
+}
+exports.CorsManager = CorsManager;
+//# sourceMappingURL=CorsManager.js.map

package/dist/managers/CorsManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CorsManager.js","sourceRoot":"","sources":["../../src/managers/CorsManager.ts"],"names":[],"mappings":";AAAA,2BAA2B;AAC3B,uCAAuC;AACvC,iEAAiE;;;;;;AAEjE,6BAA6B;AAE7B,kCAAkC;AAClC,gBAAgB;AAChB,wDAAwD;AACxD,uDAAuD;AAEvD,+BAA+B;AAC/B,iFAAiF;AACjF,8CAA8C;AAC9C,0BAA0B;AAC1B,kBAAkB;AAClB,gFAAgF;AAChF,YAAY;AACZ,QAAQ;AACR,IAAI;AAIJ,yCAAyC;AACzC,gDAAwB;AACxB,wCAAoC;AACpC,oEAA8D;AAE9D,MAAa,WAAW;IAEpB,UAAU,CAAC,OAAa;QACpB,IAAI,CAAC;YACD,MAAM,cAAc,GAAG;gBACnB,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC;gBAC7D,cAAc,EAAE,CAAC,cAAc,EAAE,eAAe,CAAC;gBACjD,WAAW,EAAE,KAAK;gBAClB,MAAM,EAAE,KAAK,CAAC,WAAW;aAC5B,CAAC;YAEF,MAAM,YAAY,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC;YAElF,gBAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBAC/B,MAAM,EAAE,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,YAAY,CAAC,OAAO;aAChC,CAAC,CAAC;YAEH,OAAO,IAAA,cAAI,EAAC,YAAY,CAAC,CAAC;QAE9B,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,kDAAkD,EAAE;gBAC7D,KAAK,EAAE,GAAG,EAAE,OAAO,IAAI,GAAG;gBAC1B,OAAO;aACV,CAAC,CAAC;YACH,MAAM,IAAI,8BAAY,CAAC,wCAAwC,CAAC,CAAC;QACrE,CAAC;IACL,CAAC;CACJ;AA7BD,kCA6BC","sourcesContent":["// import cors from \"cors\";\r\n// import { logger } from \"../logging\";\r\n// import { AdapterError } from \"../core/errors/AdapterError.js\";\r\n\r\n// export class CorsManager {\r\n\r\n//     middleware(options?: any) {\r\n//         try {\r\n//             // options = undefined → use default CORS\r\n//             return options ? cors(options) : cors();\r\n\r\n//         } catch (err: any) {\r\n//             logger.error(\"❌ CORS Manager: failed to create CORS middleware\", {\r\n//                 error: err?.message || err,\r\n//                 options\r\n//             });\r\n//             throw new AdapterError(\"CORS middleware initialization failed.\");\r\n//         }\r\n//     }\r\n// }\r\n\r\n\r\n\r\n// src/managers/CorsManager.ts - IMPROVED\r\nimport cors from \"cors\";\r\nimport { logger } from \"../logging\";\r\nimport { AdapterError } from \"../core/errors/AdapterError.js\";\r\n\r\nexport class CorsManager {\r\n    \r\n    middleware(options?: any) {\r\n        try {\r\n            const defaultOptions = {\r\n                origin: '*',\r\n                methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],\r\n                allowedHeaders: ['Content-Type', 'Authorization'],\r\n                credentials: false,\r\n                maxAge: 86400 // 24 hours\r\n            };\r\n            \r\n            const finalOptions = options ? { ...defaultOptions, ...options } : defaultOptions;\r\n            \r\n            logger.debug(\"🔧 CORS configured\", {\r\n                origin: finalOptions.origin,\r\n                methods: finalOptions.methods\r\n            });\r\n            \r\n            return cors(finalOptions);\r\n            \r\n        } catch (err: any) {\r\n            logger.error(\"❌ CORS Manager: failed to create CORS middleware\", {\r\n                error: err?.message || err,\r\n                options\r\n            });\r\n            throw new AdapterError(\"CORS middleware initialization failed.\");\r\n        }\r\n    }\r\n}"]}

package/dist/managers/HashManager.d.ts

@@ -0,0 +1,22 @@
+import { HiSecureConfig } from "../core/types/HiSecureConfig.js";
+interface HashAdapter {
+    hash(value: string): Promise<string>;
+    verify(value: string, hashed: string): Promise<boolean>;
+}
+export interface HashResult {
+    hash: string;
+    algorithm: string;
+    usedFallback: boolean;
+}
+export declare class HashManager {
+    private config;
+    private primaryAdapter;
+    private fallbackAdapter;
+    constructor(config: HiSecureConfig["hashing"], primaryAdapter: HashAdapter, fallbackAdapter: HashAdapter | null);
+    hash(value: string, options?: {
+        allowFallback?: boolean;
+    }): Promise<HashResult>;
+    verify(value: string, hashed: string): Promise<boolean>;
+}
+export {};
+//# sourceMappingURL=HashManager.d.ts.map

package/dist/managers/HashManager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"HashManager.d.ts","sourceRoot":"","sources":["../../src/managers/HashManager.ts"],"names":[],"mappings":"AA8RA,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAGjE,UAAU,WAAW;IACjB,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAE3D;AAED,MAAM,WAAW,UAAU;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,OAAO,CAAC;CACzB;AAED,qBAAa,WAAW;IACpB,OAAO,CAAC,MAAM,CAA4B;IAC1C,OAAO,CAAC,cAAc,CAAc;IACpC,OAAO,CAAC,eAAe,CAAqB;gBAGxC,MAAM,EAAE,cAAc,CAAC,SAAS,CAAC,EACjC,cAAc,EAAE,WAAW,EAC3B,eAAe,EAAE,WAAW,GAAG,IAAI;IAOjC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,UAAU,CAAC;IA6C/E,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CA4BhE"}

package/dist/managers/HashManager.js

@@ -0,0 +1,319 @@
+"use strict";
+// // // import { AdapterError } from "../core/errors/AdapterError";
+// // // import { HiSecureConfig } from "../core/config";
+// // // import { logger } from "../logging";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HashManager = void 0;
+// // // export class HashManager {
+// // //     private config: HiSecureConfig["hashing"];
+// // //     private primaryAdapter: {
+// // //         hash: (value: string) => Promise<string>;
+// // //         verify: (value: string, hashed: string) => Promise<boolean>;
+// // //     };
+// // //     private fallbackAdapter: {
+// // //         hash: (value: string) => Promise<string>;
+// // //         verify: (value: string, hashed: string) => Promise<boolean>;
+// // //     } | null;
+// // //     constructor(
+// // //         config: HiSecureConfig["hashing"],
+// // //         primaryAdapter: any,
+// // //         fallbackAdapter: any
+// // //     ) {
+// // //         this.config = config;
+// // //         this.primaryAdapter = primaryAdapter;
+// // //         this.fallbackAdapter = fallbackAdapter;
+// // //     }
+// // //     /**
+// // //      * Hash a password using primary adapter (Argon2)
+// // //      * If it fails → fallback (Bcrypt)
+// // //      */
+// // //     async hash(value: string): Promise<string> {
+// // //         try {
+// // //             return await this.primaryAdapter.hash(value);
+// // //         } catch (err: any) {
+// // //             logger.warn("⚠ Primary hashing failed — switching to fallback", {
+// // //                 error: err?.message,
+// // //             });
+// // //             if (!this.fallbackAdapter) {
+// // //                 throw new AdapterError(
+// // //                     "Primary hashing failed and no fallback adapter is configured."
+// // //                 );
+// // //             }
+// // //             try {
+// // //                 return await this.fallbackAdapter.hash(value);
+// // //             } catch (fallbackErr: any) {
+// // //                 logger.error("❌ Fallback hashing failed", {
+// // //                     error: fallbackErr?.message,
+// // //                 });
+// // //                 throw new AdapterError(
+// // //                     "Both primary and fallback hashing failed."
+// // //                 );
+// // //             }
+// // //         }
+// // //     }
+// // //     /**
+// // //      * Verify using primary hashing method.
+// // //      * If mismatch OR failure → use fallback.
+// // //      */
+// // //     async verify(value: string, hashed: string): Promise<boolean> {
+// // //         try {
+// // //             return await this.primaryAdapter.verify(value, hashed);
+// // //         } catch (err: any) {
+// // //             logger.warn("⚠ Primary verify failed — trying fallback", {
+// // //                 error: err?.message,
+// // //             });
+// // //             if (!this.fallbackAdapter) {
+// // //                 throw new AdapterError(
+// // //                     "Primary verify failed and no fallback adapter is configured."
+// // //                 );
+// // //             }
+// // //             try {
+// // //                 return await this.fallbackAdapter.verify(value, hashed);
+// // //             } catch (fallbackErr: any) {
+// // //                 logger.error("❌ Fallback verify failed", {
+// // //                     error: fallbackErr?.message,
+// // //                 });
+// // //                 throw new AdapterError(
+// // //                     "Both primary and fallback verify failed."
+// // //                 );
+// // //             }
+// // //         }
+// // //     }
+// // // }
+// // import { AdapterError } from "../core/errors/AdapterError.js";
+// // import { HiSecureConfig } from "../core/config.js";
+// // import { logger } from "../logging";
+// // interface HashAdapter {
+// //     hash(value: string): Promise<string>;
+// //     verify(value: string, hashed: string): Promise<boolean>;
+// // }
+// // export class HashManager {
+// //     private config: HiSecureConfig["hashing"];
+// //     private primaryAdapter: HashAdapter;
+// //     private fallbackAdapter: HashAdapter | null;
+// //     constructor(
+// //         config: HiSecureConfig["hashing"],
+// //         primaryAdapter: HashAdapter,
+// //         fallbackAdapter: HashAdapter | null
+// //     ) {
+// //         this.config = config;
+// //         this.primaryAdapter = primaryAdapter;
+// //         this.fallbackAdapter = fallbackAdapter;
+// //     }
+// //     async hash(value: string): Promise<string> {
+// //         try {
+// //             return await this.primaryAdapter.hash(value);
+// //         } catch (err: any) {
+// //             logger.warn("⚠ Primary hashing failed — trying fallback", {
+// //                 error: err?.message,
+// //             });
+// //             if (!this.fallbackAdapter) {
+// //                 throw new AdapterError(
+// //                     "Primary hashing failed and no fallback adapter configured."
+// //                 );
+// //             }
+// //             try {
+// //                 return await this.fallbackAdapter.hash(value);
+// //             } catch (fallbackErr: any) {
+// //                 logger.error("❌ Fallback hashing failed", {
+// //                     error: fallbackErr?.message,
+// //                 });
+// //                 throw new AdapterError(
+// //                     "Both primary and fallback hashing failed."
+// //                 );
+// //             }
+// //         }
+// //     }
+// //     async verify(value: string, hashed: string): Promise<boolean> {
+// //         try {
+// //             return await this.primaryAdapter.verify(value, hashed);
+// //         } catch (err: any) {
+// //             logger.warn("⚠ Primary verify failed — trying fallback", {
+// //                 error: err?.message,
+// //             });
+// //             if (!this.fallbackAdapter) {
+// //                 throw new AdapterError(
+// //                     "Primary verify failed and no fallback adapter configured."
+// //                 );
+// //             }
+// //             try {
+// //                 return await this.fallbackAdapter.verify(value, hashed);
+// //             } catch (fallbackErr: any) {
+// //                 logger.error("❌ Fallback verify failed", {
+// //                     error: fallbackErr?.message,
+// //                 });
+// //                 throw new AdapterError(
+// //                     "Both primary and fallback verify failed."
+// //                 );
+// //             }
+// //         }
+// //     }
+// // }
+// // src/managers/HashManager.ts - FIXED
+// import { AdapterError } from "../core/errors/AdapterError.js";
+// import { HiSecureConfig } from "../core/types/HiSecureConfig.js";
+// import { logger } from "../logging";
+// interface HashAdapter {
+//     hash(value: string): Promise<string>;
+//     verify(value: string, hashed: string): Promise<boolean>;
+//     getAlgorithm(): string;
+// }
+// export interface HashResult {
+//     hash: string;
+//     algorithm: string;
+//     usedFallback: boolean;
+// }
+// export class HashManager {
+//     private config: HiSecureConfig["hashing"];
+//     private primaryAdapter: HashAdapter;
+//     private fallbackAdapter: HashAdapter | null;
+//     constructor(
+//         config: HiSecureConfig["hashing"],
+//         primaryAdapter: HashAdapter,
+//         fallbackAdapter: HashAdapter | null
+//     ) {
+//         this.config = config;
+//         this.primaryAdapter = primaryAdapter;
+//         this.fallbackAdapter = fallbackAdapter;
+//     }
+//     async hash(value: string, options?: { allowFallback?: boolean }): Promise<HashResult> {
+//         try {
+//             const hash = await this.primaryAdapter.hash(value);
+//             return {
+//                 hash,
+//                 algorithm: this.config.primary,
+//                 usedFallback: false
+//             };
+//         } catch (err: any) {
+//             logger.warn("⚠ Primary hashing failed", {
+//                 error: err.message,
+//                 algorithm: this.config.primary
+//             });
+//             if (!options?.allowFallback || !this.fallbackAdapter) {
+//                 throw new AdapterError(
+//                     `Primary hashing (${this.config.primary}) failed. Fallback not allowed.`
+//                 );
+//             }
+//             try {
+//                 const hash = await this.fallbackAdapter.hash(value);
+//                 // Log security downgrade warning
+//                 logger.warn("⚠ SECURITY DOWNGRADE: Using fallback hashing", {
+//                     from: this.config.primary,
+//                     to: this.config.fallback
+//                 });
+//                 return {
+//                     hash,
+//                     algorithm: this.config.fallback || 'bcrypt',
+//                     usedFallback: true
+//                 };
+//             } catch (fallbackErr: any) {
+//                 logger.error("❌ Fallback hashing failed", {
+//                     error: fallbackErr?.message,
+//                 });
+//                 throw new AdapterError(
+//                     "Both primary and fallback hashing failed."
+//                 );
+//             }
+//         }
+//     }
+//     async verify(value: string, hashed: string): Promise<boolean> {
+//         // Try primary adapter first
+//         try {
+//             return await this.primaryAdapter.verify(value, hashed);
+//         } catch (primaryErr: any) {
+//             logger.warn("⚠ Primary verify failed", {
+//                 error: primaryErr?.message,
+//             });
+//             // If fallback exists, try it
+//             if (this.fallbackAdapter) {
+//                 try {
+//                     return await this.fallbackAdapter.verify(value, hashed);
+//                 } catch (fallbackErr: any) {
+//                     logger.error("❌ Fallback verify failed", {
+//                         error: fallbackErr?.message,
+//                     });
+//                     throw new AdapterError(
+//                         "Both primary and fallback verify failed."
+//                     );
+//                 }
+//             }
+//             throw new AdapterError(
+//                 "Primary verify failed and no fallback adapter configured."
+//             );
+//         }
+//     }
+// }
+// src/managers/HashManager.ts - COMPLETE FIXED
+const AdapterError_js_1 = require("../core/errors/AdapterError.js");
+const logging_1 = require("../logging");
+class HashManager {
+    constructor(config, primaryAdapter, fallbackAdapter) {
+        this.config = config;
+        this.primaryAdapter = primaryAdapter;
+        this.fallbackAdapter = fallbackAdapter;
+    }
+    async hash(value, options) {
+        try {
+            const hash = await this.primaryAdapter.hash(value);
+            return {
+                hash,
+                algorithm: this.config.primary,
+                usedFallback: false
+            };
+        }
+        catch (err) {
+            logging_1.logger.warn("⚠ Primary hashing failed", {
+                error: err.message,
+                algorithm: this.config.primary
+            });
+            if (!options?.allowFallback || !this.fallbackAdapter) {
+                throw new AdapterError_js_1.AdapterError(`Primary hashing (${this.config.primary}) failed. Fallback not allowed.`);
+            }
+            try {
+                const hash = await this.fallbackAdapter.hash(value);
+                // Log security downgrade warning
+                logging_1.logger.warn("⚠ SECURITY DOWNGRADE: Using fallback hashing", {
+                    from: this.config.primary,
+                    to: this.config.fallback
+                });
+                return {
+                    hash,
+                    algorithm: this.config.fallback || 'bcrypt',
+                    usedFallback: true
+                };
+            }
+            catch (fallbackErr) {
+                logging_1.logger.error("❌ Fallback hashing failed", {
+                    error: fallbackErr?.message,
+                });
+                throw new AdapterError_js_1.AdapterError("Both primary and fallback hashing failed.");
+            }
+        }
+    }
+    async verify(value, hashed) {
+        // Try primary adapter first
+        try {
+            return await this.primaryAdapter.verify(value, hashed);
+        }
+        catch (primaryErr) {
+            logging_1.logger.warn("⚠ Primary verify failed", {
+                error: primaryErr?.message,
+            });
+            // If fallback exists, try it
+            if (this.fallbackAdapter) {
+                try {
+                    return await this.fallbackAdapter.verify(value, hashed);
+                }
+                catch (fallbackErr) {
+                    logging_1.logger.error("❌ Fallback verify failed", {
+                        error: fallbackErr?.message,
+                    });
+                    throw new AdapterError_js_1.AdapterError("Both primary and fallback verify failed.");
+                }
+            }
+            throw new AdapterError_js_1.AdapterError("Primary verify failed and no fallback adapter configured.");
+        }
+    }
+}
+exports.HashManager = HashManager;
+//# sourceMappingURL=HashManager.js.map