hi-secure 1.0.14 → 1.0.16

package/src/index.ts

@@ -1,6 +1,10 @@
 import { HiSecure } from "./core/HiSecure.js";
 import { useSecure, secureRoute } from "./core/useSecure.js";
 
+
+export { z } from "zod";
+export { body, query, param, header } from "express-validator";
+
 const hiSecure = HiSecure.getInstance();
 
 export { 

package/src/logging/index.ts

@@ -1,2 +1,8 @@
+// export * from "./winstonSetup.js";
+// export * from "./morganSetup.js";
+
+
+
+
 export * from "./winstonSetup.js";
 export * from "./morganSetup.js";

package/src/logging/morganSetup.ts

@@ -1,3 +1,38 @@
+// // import morgan from "morgan";
+
+// // export const requestLogger = morgan("combined");
+
+
+
+
+// import morgan from "morgan";
+// import { logger } from "./winstonSetup";
+
+// export const requestLogger = morgan(
+//     ":method :url :status :response-time ms",
+//     {
+//         stream: {
+//             write: (message) => {
+//                 logger.http(message.trim());
+//             }
+//         }
+//     }
+// );
+
+
+
+
+
 import morgan from "morgan";
+import { logger } from "./winstonSetup";
 
-export const requestLogger = morgan("combined");
+export const requestLogger = morgan(
+    ":method :url :status :response-time ms",
+    {
+        stream: {
+            write: (message) => {
+                logger.http(message.trim());
+            }
+        }
+    }
+);

package/src/logging/winstonSetup.ts

@@ -1,17 +1,106 @@
+// // import winston from "winston";
+
+// // export const logger = winston.createLogger({
+// //     level: "info",
+// //     format: winston.format.combine(
+// //         winston.format.timestamp(),
+// //         winston.format.json()
+// //     ),
+// //     transports: [
+// //         new winston.transports.Console()
+// //     ]
+// // });
+
+// // // Shortcut helpers
+// // export const logInfo = (msg: string, meta: any = {}) => logger.info(msg, meta);
+// // export const logWarn = (msg: string, meta: any = {}) => logger.warn(msg, meta);
+// // export const logError = (msg: string, meta: any = {}) => logger.error(msg, meta);
+
+
+
+
+// import winston from "winston";
+
+// const { combine, timestamp, printf, colorize, errors } = winston.format;
+
+// const logFormat = printf(({ level, message, timestamp, ...meta }) => {
+//     const metaString =
+//         Object.keys(meta).length > 0 ? ` | ${JSON.stringify(meta)}` : "";
+
+//     return `${timestamp} ${level}: ${message}${metaString}`;
+// });
+
+// export const logger = winston.createLogger({
+//     level: "info",
+//     format: combine(
+//         errors({ stack: true }),
+//         timestamp({ format: "HH:mm:ss" })
+//     ),
+//     transports: [
+//         new winston.transports.Console({
+//             format: combine(
+//                 colorize({ all: true }),
+//                 logFormat
+//             )
+//         })
+//     ]
+// });
+
+// // Shortcut helpers
+// export const logInfo = (msg: string, meta: any = {}) =>
+//     logger.info(msg, meta);
+
+// export const logWarn = (msg: string, meta: any = {}) =>
+//     logger.warn(msg, meta);
+
+// export const logError = (msg: string, meta: any = {}) =>
+//     logger.error(msg, meta);
+
+
+
+
+
 import winston from "winston";
 
+const { combine, timestamp, printf, colorize, errors } = winston.format;
+
+// Explicit colors (best practice)
+winston.addColors({
+    error: "red",
+    warn: "yellow",
+    info: "green",
+    http: "cyan"
+});
+
+const logFormat = printf(({ level, message, timestamp, ...meta }) => {
+    const metaString =
+        Object.keys(meta).length > 0 ? ` | ${JSON.stringify(meta)}` : "";
+
+    return `${timestamp} ${level}: ${message}${metaString}`;
+});
+
 export const logger = winston.createLogger({
-    level: "info",
-    format: winston.format.combine(
-        winston.format.timestamp(),
-        winston.format.json()
+    level: "http", // 🔴 MOST IMPORTANT FIX
+    format: combine(
+        errors({ stack: true }),
+        timestamp({ format: "HH:mm:ss" })
     ),
     transports: [
-        new winston.transports.Console()
+        new winston.transports.Console({
+            format: combine(
+                colorize({ all: true }),
+                logFormat
+            )
+        })
     ]
 });
 
 // Shortcut helpers
-export const logInfo = (msg: string, meta: any = {}) => logger.info(msg, meta);
-export const logWarn = (msg: string, meta: any = {}) => logger.warn(msg, meta);
-export const logError = (msg: string, meta: any = {}) => logger.error(msg, meta);
+export const logInfo = (msg: string, meta: any = {}) =>
+    logger.info(msg, meta);
+
+export const logWarn = (msg: string, meta: any = {}) =>
+    logger.warn(msg, meta);
+
+export const logError = (msg: string, meta: any = {}) =>
+    logger.error(msg, meta);

package/src/managers/AuthManager.ts

@@ -1,11 +1,151 @@
-import { JWTAdapter } from "../adapters/JWTAdapter.js";
-import { GoogleAdapter } from "../adapters/GoogleAdapter.js";
-import { AdapterError } from "../core/errors/AdapterError.js";
-import { HttpError } from "../core/errors/HttpError.js";
+// import { JWTAdapter } from "../adapters/JWTAdapter.js";
+// import { GoogleAdapter } from "../adapters/GoogleAdapter.js";
+// import { AdapterError } from "../core/errors/AdapterError.js";
+// import { HttpError } from "../core/errors/HttpError.js";
+// import { Request, Response, NextFunction } from "express";
+// import { logger } from "../logging";
+
+
+// export interface AuthOptions {
+//     jwtSecret: string;
+//     jwtExpiresIn?: string | number;
+//     googleClientId?: string;
+// }
+
+// export interface ProtectOptions {
+//     required?: boolean;
+//     roles?: string[];
+// }
+
+// export class AuthManager {
+//     private jwtAdapter: JWTAdapter;
+//     private googleAdapter?: GoogleAdapter;
+
+//     constructor(opts: AuthOptions) {
+//         if (!opts.jwtSecret) {
+//             throw new AdapterError("jwtSecret required in AuthOptions");
+//         }
+
+//         if (opts.jwtSecret.length < 32) {
+//             logger.warn(" JWT secret is less than 32 characters - consider using a stronger secret");
+//         }
+
+//         logger.info("AuthManager initialized");
+
+//         this.jwtAdapter = new JWTAdapter({
+//             secret: opts.jwtSecret,
+//             expiresIn: opts.jwtExpiresIn ?? "1d",
+//         });
+
+//         if (opts.googleClientId) {
+//             this.googleAdapter = new GoogleAdapter(opts.googleClientId);
+//             logger.info("GoogleAdapter enabled");
+//         }
+//     }
+
+//     sign(payload: object, options?: { expiresIn?: string | number, jti?: string }) {
+//         logger.info("JWT Sign called");
+//         return this.jwtAdapter.sign(payload, options);
+//     }
+
+//     verify(token: string) {
+//         logger.info("JWT Verify called");
+//         return this.jwtAdapter.verify(token);
+//     }
+
+//     async verifyGoogleIdToken(idToken: string) {
+//         if (!this.googleAdapter) {
+//             throw new AdapterError("GoogleAdapter not configured.");
+//         }
+
+//         logger.info("Google ID Token verify called");
+
+//         try {
+//             return await this.googleAdapter.verifyIdToken(idToken);
+//         } catch (err: any) {
+//             logger.error("Google ID Token verification failed", { error: err?.message });
+//             throw HttpError.Unauthorized("Invalid Google ID token");
+//         }
+//     }
+
+//     protect(options?: ProtectOptions) {
+//         const required = options?.required ?? true;
+//         const roles = options?.roles;
+
+//         return (req: Request, res: Response, next: NextFunction) => {
+//             const header = req.headers["authorization"];
+
+            
+//             if (!required && !header) {
+//                 return next();
+//             }
+
+           
+//             if (!header) {
+//                 logger.warn("Missing Authorization header", {
+//                     path: req.path,
+//                     method: req.method
+//                 });
+//                 return next(HttpError.Unauthorized("Missing Authorization header"));
+//             }
+
+          
+//             const [type, token] = String(header).split(" ");
+//             if (type !== "Bearer" || !token) {
+//                 logger.warn("Invalid Authorization header", {
+//                     path: req.path,
+//                     method: req.method
+//                 });
+//                 return next(HttpError.Unauthorized("Invalid Authorization header"));
+//             }
+
+//             try {
+
+//                 // Verify JWT
+//                 const decoded = this.verify(token);
+                
+//                 // Attach to request
+//                 (req as any).auth = decoded;
+//                 (req as any).user = decoded; 
+                
+//                 // Role-based authorization - role added Middleware
+//                 if (roles && roles.length > 0) {
+//                     const userRole = (decoded as any).role || (decoded as any).roles?.[0];
+//                     if (!userRole || !roles.includes(userRole)) {
+//                         logger.warn("Insufficient permissions", {
+//                             path: req.path,
+//                             requiredRoles: roles,
+//                             userRole
+//                         });
+//                         return next(HttpError.Forbidden("Insufficient permissions"));
+//                     }
+//                 }
+                
+//                 return next();
+//             } catch (err: any) {
+//                 logger.error("JWT verify failed", {
+//                     error: err?.message,
+//                     path: req.path,
+//                     method: req.method
+//                 });
+//                 return next(HttpError.Unauthorized("Invalid or expired token"));
+//             }
+//         };
+//     }
+// }
+
+
+
+
+
+
+import { JWTAdapter } from "../adapters/JWTAdapter";
+import { GoogleAdapter } from "../adapters/GoogleAdapter";
+import { AdapterError } from "../core/errors/AdapterError";
+import { HttpError } from "../core/errors/HttpError";
 import { Request, Response, NextFunction } from "express";
 import { logger } from "../logging";
 
-
 export interface AuthOptions {
     jwtSecret: string;
     jwtExpiresIn?: string | number;
@@ -27,29 +167,47 @@ export class AuthManager {
         }
 
         if (opts.jwtSecret.length < 32) {
-            logger.warn(" JWT secret is less than 32 characters - consider using a stronger secret");
+            logger.warn("Weak JWT secret detected", {
+                layer: "auth-manager",
+                operation: "init",
+                secretLength: opts.jwtSecret.length
+            });
         }
 
-        logger.info("AuthManager initialized");
+        logger.info("AuthManager initialized", {
+            layer: "auth-manager",
+            jwtExpiresIn: opts.jwtExpiresIn ?? "1d",
+            googleEnabled: !!opts.googleClientId
+        });
 
         this.jwtAdapter = new JWTAdapter({
             secret: opts.jwtSecret,
-            expiresIn: opts.jwtExpiresIn ?? "1d",
+            expiresIn: opts.jwtExpiresIn ?? "1d"
         });
 
         if (opts.googleClientId) {
             this.googleAdapter = new GoogleAdapter(opts.googleClientId);
-            logger.info("GoogleAdapter enabled");
+            logger.info("Google authentication enabled", {
+                layer: "auth-manager"
+            });
         }
     }
 
-    sign(payload: object, options?: { expiresIn?: string | number, jti?: string }) {
-        logger.info("JWT Sign called");
+    sign(payload: object, options?: { expiresIn?: string | number; jti?: string }) {
+        logger.info("JWT sign requested", {
+            layer: "auth-manager",
+            operation: "sign"
+        });
+
         return this.jwtAdapter.sign(payload, options);
     }
 
     verify(token: string) {
-        logger.info("JWT Verify called");
+        logger.info("JWT verify requested", {
+            layer: "auth-manager",
+            operation: "verify"
+        });
+
         return this.jwtAdapter.verify(token);
     }
 
@@ -58,12 +216,20 @@ export class AuthManager {
             throw new AdapterError("GoogleAdapter not configured.");
         }
 
-        logger.info("Google ID Token verify called");
+        logger.info("Google ID token verification requested", {
+            layer: "auth-manager",
+            operation: "google-verify"
+        });
 
         try {
             return await this.googleAdapter.verifyIdToken(idToken);
         } catch (err: any) {
-            logger.error("Google ID Token verification failed", { error: err?.message });
+            logger.error("Google ID token verification failed", {
+                layer: "auth-manager",
+                operation: "google-verify",
+                reason: err?.message
+            });
+
             throw HttpError.Unauthorized("Invalid Google ID token");
         }
     }
@@ -72,27 +238,28 @@ export class AuthManager {
         const required = options?.required ?? true;
         const roles = options?.roles;
 
-        return (req: Request, res: Response, next: NextFunction) => {
+        return (req: Request, _res: Response, next: NextFunction) => {
             const header = req.headers["authorization"];
 
-            
             if (!required && !header) {
                 return next();
             }
 
-           
             if (!header) {
-                logger.warn("Missing Authorization header", {
+                logger.warn("Authorization header missing", {
+                    layer: "auth-manager",
+                    operation: "protect",
                     path: req.path,
                     method: req.method
                 });
                 return next(HttpError.Unauthorized("Missing Authorization header"));
             }
 
-          
             const [type, token] = String(header).split(" ");
             if (type !== "Bearer" || !token) {
-                logger.warn("Invalid Authorization header", {
+                logger.warn("Invalid Authorization header format", {
+                    layer: "auth-manager",
+                    operation: "protect",
                     path: req.path,
                     method: req.method
                 });
@@ -100,36 +267,40 @@ export class AuthManager {
             }
 
             try {
-
-                // Verify JWT
                 const decoded = this.verify(token);
-                
-                // Attach to request
+
                 (req as any).auth = decoded;
-                (req as any).user = decoded; 
-                
-                // Role-based authorization - role added Middleware
+                (req as any).user = decoded;
+
                 if (roles && roles.length > 0) {
-                    const userRole = (decoded as any).role || (decoded as any).roles?.[0];
+                    const userRole =
+                        (decoded as any).role || (decoded as any).roles?.[0];
+
                     if (!userRole || !roles.includes(userRole)) {
-                        logger.warn("Insufficient permissions", {
+                        logger.warn("Access denied: insufficient role", {
+                            layer: "auth-manager",
+                            operation: "authorize",
                             path: req.path,
                             requiredRoles: roles,
                             userRole
                         });
+
                         return next(HttpError.Forbidden("Insufficient permissions"));
                     }
                 }
-                
+
                 return next();
             } catch (err: any) {
-                logger.error("JWT verify failed", {
-                    error: err?.message,
+                logger.error("JWT authentication failed", {
+                    layer: "auth-manager",
+                    operation: "protect",
                     path: req.path,
-                    method: req.method
+                    method: req.method,
+                    reason: err?.message
                 });
+
                 return next(HttpError.Unauthorized("Invalid or expired token"));
             }
         };
     }
-}
+}

package/src/managers/CorsManager.ts

@@ -1,34 +1,81 @@
+// import cors from "cors";
+// import { logger } from "../logging";
+// import { AdapterError } from "../core/errors/AdapterError.js";
+
+// export class CorsManager {
+    
+//     middleware(options?: any) {
+//         try {
+//             const defaultOptions = {
+//                 origin: '*',
+//                 methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
+//                 allowedHeaders: ['Content-Type', 'Authorization'],
+//                 credentials: false,
+//                 maxAge: 86400
+//             };
+            
+//             const finalOptions = options ? { ...defaultOptions, ...options } : defaultOptions;
+            
+//             logger.debug("CORS configured", {
+//                 origin: finalOptions.origin,
+//                 methods: finalOptions.methods
+//             });
+            
+//             return cors(finalOptions);
+            
+//         } catch (err: any) {
+//             logger.error(" CORS Manager: failed to create CORS middleware", {
+//                 error: err?.message || err,
+//                 options
+//             });
+//             throw new AdapterError("CORS middleware initialization failed.");
+//         }
+//     }
+// }
+
+
+
+
+
+
 import cors from "cors";
 import { logger } from "../logging";
-import { AdapterError } from "../core/errors/AdapterError.js";
+import { AdapterError } from "../core/errors/AdapterError";
 
 export class CorsManager {
-    
     middleware(options?: any) {
         try {
             const defaultOptions = {
-                origin: '*',
-                methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
-                allowedHeaders: ['Content-Type', 'Authorization'],
+                origin: "*",
+                methods: ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"],
+                allowedHeaders: ["Content-Type", "Authorization"],
                 credentials: false,
                 maxAge: 86400
             };
-            
-            const finalOptions = options ? { ...defaultOptions, ...options } : defaultOptions;
-            
-            logger.debug("CORS configured", {
+
+            const finalOptions = options
+                ? { ...defaultOptions, ...options }
+                : defaultOptions;
+
+            // ✅ visible + clean log
+            logger.info("CORS middleware configured", {
+                layer: "cors-manager",
+                operation: "init",
                 origin: finalOptions.origin,
-                methods: finalOptions.methods
+                methods: finalOptions.methods,
+                credentials: finalOptions.credentials
             });
-            
+
             return cors(finalOptions);
-            
+
         } catch (err: any) {
-            logger.error(" CORS Manager: failed to create CORS middleware", {
-                error: err?.message || err,
-                options
+            logger.error("CORS middleware initialization failed", {
+                layer: "cors-manager",
+                operation: "init",
+                reason: err?.message
             });
+
             throw new AdapterError("CORS middleware initialization failed.");
         }
     }
-}
+}