hi-secure 1.0.15 → 1.0.16

package/src/managers/HashManager.ts

@@ -1,5 +1,113 @@
-import { AdapterError } from "../core/errors/AdapterError.js";
-import { HiSecureConfig } from "../core/types/HiSecureConfig.js";
+// import { AdapterError } from "../core/errors/AdapterError.js";
+// import { HiSecureConfig } from "../core/types/HiSecureConfig.js";
+// import { logger } from "../logging";
+
+// interface HashAdapter {
+//     hash(value: string): Promise<string>;
+//     verify(value: string, hashed: string): Promise<boolean>;
+// }
+
+// export interface HashResult {
+//     hash: string;
+//     algorithm: string;
+//     usedFallback: boolean;
+// }
+
+// export class HashManager {
+//     private config: HiSecureConfig["hashing"];
+//     private primaryAdapter: HashAdapter;
+//     private fallbackAdapter: HashAdapter | null;
+
+//     constructor(
+//         config: HiSecureConfig["hashing"],
+//         primaryAdapter: HashAdapter,
+//         fallbackAdapter: HashAdapter | null
+//     ) {
+//         this.config = config;
+//         this.primaryAdapter = primaryAdapter;
+//         this.fallbackAdapter = fallbackAdapter;
+//     }
+
+//     async hash(value: string, options?: { allowFallback?: boolean }): Promise<HashResult> {
+//         try {
+//             const hash = await this.primaryAdapter.hash(value);
+//             return {
+//                 hash,
+//                 algorithm: this.config.primary,
+//                 usedFallback: false
+//             };
+//         } catch (err: any) {
+//             logger.warn("Primary hashing failed", {
+//                 error: err.message,
+//                 algorithm: this.config.primary
+//             });
+
+//             if (!options?.allowFallback || !this.fallbackAdapter) {
+//                 throw new AdapterError(
+//                     `Primary hashing (${this.config.primary}) failed. Fallback not allowed.`
+//                 );
+//             }
+
+//             try {
+//                 const hash = await this.fallbackAdapter.hash(value);
+                
+//                 // Log security downgrade warning
+//                 logger.warn("SECURITY DOWNGRADE: Using fallback hashing", {
+//                     from: this.config.primary,
+//                     to: this.config.fallback
+//                 });
+                
+//                 return {
+//                     hash,
+//                     algorithm: this.config.fallback || 'bcrypt',
+//                     usedFallback: true
+//                 };
+//             } catch (fallbackErr: any) {
+//                 logger.error("Fallback hashing failed", {
+//                     error: fallbackErr?.message,
+//                 });
+//                 throw new AdapterError(
+//                     "Both primary and fallback hashing failed."
+//                 );
+//             }
+//         }
+//     }
+
+//     async verify(value: string, hashed: string): Promise<boolean> {
+//         //  primary adapter - first
+//         try {
+//             return await this.primaryAdapter.verify(value, hashed);
+//         } catch (primaryErr: any) {
+//             logger.warn("Primary verify failed", {
+//                 error: primaryErr?.message,
+//             });
+
+//             //  fallback exists -  try it
+//             if (this.fallbackAdapter) {
+//                 try {
+//                     return await this.fallbackAdapter.verify(value, hashed);
+//                 } catch (fallbackErr: any) {
+//                     logger.error(" Fallback verify failed", {
+//                         error: fallbackErr?.message,
+//                     });
+//                     throw new AdapterError(
+//                         "Both primary and fallback verify failed."
+//                     );
+//                 }
+//             }
+            
+//             throw new AdapterError(
+//                 "Primary verify failed and no fallback adapter configured."
+//             );
+//         }
+//     }
+// }
+
+
+
+
+import { AdapterError } from "../core/errors/AdapterError";
+import { HiSecureConfig } from "../core/types/HiSecureConfig";
 import { logger } from "../logging";
 
 interface HashAdapter {
@@ -26,20 +134,33 @@ export class HashManager {
         this.config = config;
         this.primaryAdapter = primaryAdapter;
         this.fallbackAdapter = fallbackAdapter;
+
+        logger.info("HashManager initialized", {
+            layer: "hash-manager",
+            primary: config.primary,
+            fallbackEnabled: !!fallbackAdapter
+        });
     }
 
-    async hash(value: string, options?: { allowFallback?: boolean }): Promise<HashResult> {
+    async hash(
+        value: string,
+        options?: { allowFallback?: boolean }
+    ): Promise<HashResult> {
         try {
             const hash = await this.primaryAdapter.hash(value);
+
             return {
                 hash,
                 algorithm: this.config.primary,
                 usedFallback: false
             };
+
         } catch (err: any) {
             logger.warn("Primary hashing failed", {
-                error: err.message,
-                algorithm: this.config.primary
+                layer: "hash-manager",
+                operation: "hash",
+                algorithm: this.config.primary,
+                reason: err?.message
             });
 
             if (!options?.allowFallback || !this.fallbackAdapter) {
@@ -50,22 +171,30 @@ export class HashManager {
 
             try {
                 const hash = await this.fallbackAdapter.hash(value);
-                
-                // Log security downgrade warning
-                logger.warn("SECURITY DOWNGRADE: Using fallback hashing", {
+
+                // ⚠️ security downgrade log (VERY GOOD PRACTICE)
+                logger.warn("Hashing fallback used (security downgrade)", {
+                    layer: "hash-manager",
+                    operation: "hash",
                     from: this.config.primary,
                     to: this.config.fallback
                 });
-                
+
                 return {
                     hash,
-                    algorithm: this.config.fallback || 'bcrypt',
+                    algorithm: this.config.fallback || "bcrypt",
                     usedFallback: true
                 };
+
             } catch (fallbackErr: any) {
                 logger.error("Fallback hashing failed", {
-                    error: fallbackErr?.message,
+                    layer: "hash-manager",
+                    operation: "hash",
+                    from: this.config.primary,
+                    to: this.config.fallback,
+                    reason: fallbackErr?.message
                 });
+
                 throw new AdapterError(
                     "Both primary and fallback hashing failed."
                 );
@@ -74,31 +203,39 @@ export class HashManager {
     }
 
     async verify(value: string, hashed: string): Promise<boolean> {
-        //  primary adapter - first
         try {
             return await this.primaryAdapter.verify(value, hashed);
+
         } catch (primaryErr: any) {
-            logger.warn("Primary verify failed", {
-                error: primaryErr?.message,
+            logger.warn("Primary hash verification failed", {
+                layer: "hash-manager",
+                operation: "verify",
+                algorithm: this.config.primary,
+                reason: primaryErr?.message
             });
 
-            //  fallback exists -  try it
             if (this.fallbackAdapter) {
                 try {
                     return await this.fallbackAdapter.verify(value, hashed);
+
                 } catch (fallbackErr: any) {
-                    logger.error(" Fallback verify failed", {
-                        error: fallbackErr?.message,
+                    logger.error("Fallback hash verification failed", {
+                        layer: "hash-manager",
+                        operation: "verify",
+                        from: this.config.primary,
+                        to: this.config.fallback,
+                        reason: fallbackErr?.message
                     });
+
                     throw new AdapterError(
                         "Both primary and fallback verify failed."
                     );
                 }
             }
-            
+
             throw new AdapterError(
                 "Primary verify failed and no fallback adapter configured."
             );
         }
     }
-}
+}

package/src/managers/JsonManager.ts

@@ -1,19 +1,97 @@
+// import express from "express";
+// import qs from "qs";
+// import { logger } from "../logging";
+// import { AdapterError } from "../core/errors/AdapterError.js";
+
+// export class JsonManager {
+//     middleware(options?: any) {
+//         try {
+//             const defaultOptions = {
+//                 limit: '1mb',
+//                 inflate: true,
+//                 strict: true
+//             };
+//             return express.json({ ...defaultOptions, ...(options || {}) });
+//         } catch (err: any) {
+//             logger.error("JSON Manager: failed to create JSON parser");
+//             throw new AdapterError("JSON parser initialization failed.");
+//         }
+//     }
+
+//     urlencoded(options?: any) {
+//         try {
+//             const defaultOptions = {
+//                 extended: true,
+//                 limit: '1mb',
+//                 parameterLimit: 1000
+//             };
+//             const opts = { ...defaultOptions, ...(options || {}) };
+//             return express.urlencoded(opts);
+//         } catch (err: any) {
+//             logger.error("URL-encoded parser failed");
+//             throw new AdapterError("URL-encoded parser initialization failed.");
+//         }
+//     }
+
+//     queryParser(options?: any) {
+//         return (req: any, res: any, next: any) => {
+//             try {
+//                 if (!req.parsedQuery && req.url.includes('?')) {
+//                     const queryString = req.url.split("?")[1] || "";
+//                     const parsed = qs.parse(queryString, {
+//                         depth: 5,
+//                         parameterLimit: 100,
+//                         ...options
+//                     });
+                    
+//                     req.parsedQuery = parsed;
+//                     logger.debug(" Query parsed", {
+//                         keys: Object.keys(parsed)
+//                     });
+//                 }
+//                 next();
+//             } catch (err: any) {
+//                 logger.error("Failed to parse query", { error: err?.message });
+//                 next(new AdapterError("Query parsing failed."));
+//             }
+//         };
+//     }
+// }
+
+
+
 import express from "express";
 import qs from "qs";
 import { logger } from "../logging";
-import { AdapterError } from "../core/errors/AdapterError.js";
+import { AdapterError } from "../core/errors/AdapterError";
 
 export class JsonManager {
     middleware(options?: any) {
         try {
             const defaultOptions = {
-                limit: '1mb',
+                limit: "1mb",
                 inflate: true,
                 strict: true
             };
-            return express.json({ ...defaultOptions, ...(options || {}) });
+
+            const finalOptions = { ...defaultOptions, ...(options || {}) };
+
+            logger.info("JSON body parser configured", {
+                layer: "json-manager",
+                operation: "json",
+                limit: finalOptions.limit,
+                strict: finalOptions.strict
+            });
+
+            return express.json(finalOptions);
+
         } catch (err: any) {
-            logger.error("JSON Manager: failed to create JSON parser");
+            logger.error("JSON body parser initialization failed", {
+                layer: "json-manager",
+                operation: "json",
+                reason: err?.message
+            });
+
             throw new AdapterError("JSON parser initialization failed.");
         }
     }
@@ -22,38 +100,64 @@ export class JsonManager {
         try {
             const defaultOptions = {
                 extended: true,
-                limit: '1mb',
+                limit: "1mb",
                 parameterLimit: 1000
             };
-            const opts = { ...defaultOptions, ...(options || {}) };
-            return express.urlencoded(opts);
+
+            const finalOptions = { ...defaultOptions, ...(options || {}) };
+
+            logger.info("URL-encoded parser configured", {
+                layer: "json-manager",
+                operation: "urlencoded",
+                limit: finalOptions.limit,
+                parameterLimit: finalOptions.parameterLimit
+            });
+
+            return express.urlencoded(finalOptions);
+
         } catch (err: any) {
-            logger.error("URL-encoded parser failed");
+            logger.error("URL-encoded parser initialization failed", {
+                layer: "json-manager",
+                operation: "urlencoded",
+                reason: err?.message
+            });
+
             throw new AdapterError("URL-encoded parser initialization failed.");
         }
     }
 
     queryParser(options?: any) {
-        return (req: any, res: any, next: any) => {
+        return (req: any, _res: any, next: any) => {
             try {
-                if (!req.parsedQuery && req.url.includes('?')) {
+                if (!req.parsedQuery && req.url.includes("?")) {
                     const queryString = req.url.split("?")[1] || "";
+
                     const parsed = qs.parse(queryString, {
                         depth: 5,
                         parameterLimit: 100,
                         ...options
                     });
-                    
+
                     req.parsedQuery = parsed;
-                    logger.debug(" Query parsed", {
-                        keys: Object.keys(parsed)
+
+                    // ✅ visible + safe info
+                    logger.info("Query parameters parsed", {
+                        layer: "json-manager",
+                        operation: "query-parse",
+                        keyCount: Object.keys(parsed).length
                     });
                 }
+
                 next();
             } catch (err: any) {
-                logger.error("Failed to parse query", { error: err?.message });
+                logger.error("Query parsing failed", {
+                    layer: "json-manager",
+                    operation: "query-parse",
+                    reason: err?.message
+                });
+
                 next(new AdapterError("Query parsing failed."));
             }
         };
     }
-}
+}

package/src/managers/RateLimitManager.ts

@@ -1,5 +1,118 @@
-import { HiSecureConfig } from "../core/types/HiSecureConfig.js";
-import { AdapterError } from "../core/errors/AdapterError.js";
+// import { HiSecureConfig } from "../core/types/HiSecureConfig.js";
+// import { AdapterError } from "../core/errors/AdapterError.js";
+// import { logger } from "../logging";
+
+// interface RateLimiterAdapter {
+//     getMiddleware: (options?: any) => any;
+// }
+
+// export class RateLimitManager {
+//     private config: HiSecureConfig["rateLimiter"];
+//     private primaryAdapter: RateLimiterAdapter;
+//     private fallbackAdapter: RateLimiterAdapter | null;
+
+//     constructor(
+//         config: HiSecureConfig["rateLimiter"],
+//         primaryAdapter: RateLimiterAdapter,
+//         fallbackAdapter: RateLimiterAdapter | null
+//     ) {
+//         this.config = config;
+//         this.primaryAdapter = primaryAdapter;
+//         this.fallbackAdapter = fallbackAdapter;
+//     }
+
+//     middleware(opts?: { mode?: "strict" | "relaxed" | "api"; options?: any }) {
+//         let finalOptions: any = {};
+
+//         if (opts?.mode === "strict") {
+//             finalOptions = {
+//                 windowMs: 10_000,
+//                 max: 5,
+//                 message: "Too many requests, please slow down."
+//             };
+//         } else if (opts?.mode === "relaxed") {
+//             finalOptions = {
+//                 windowMs: 60_000,
+//                 max: 100,
+//                 message: "Rate limit exceeded."
+//             };
+//         } else if (opts?.mode === "api") {
+//             finalOptions = {
+//                 windowMs: 15 * 60 * 1000, 
+//                 max: 100,
+//                 message: "API rate limit exceeded."
+//             };
+//         } else {
+//             finalOptions = {
+//                 windowMs: this.config.windowMs,
+//                 max: this.config.maxRequests,
+//                 message: this.config.message,
+//                 standardHeaders: true,      
+//                 legacyHeaders: false        
+//             };
+//         }
+
+//         if (opts?.options) {
+//             const allowedOverrides = ['message', 'skipFailedRequests', 'standardHeaders', 'legacyHeaders'];
+//             for (const key of allowedOverrides) {
+//                 if (opts.options[key] !== undefined) {
+//                     finalOptions[key] = opts.options[key];
+//                 }
+//             }
+            
+//             const attemptedOverrides = Object.keys(opts.options).filter(
+//                 k => !allowedOverrides.includes(k) && k !== 'mode'
+//             );
+//             if (attemptedOverrides.length > 0) {
+//                 logger.warn("Rate limit overrides ignored", {
+//                     preset: opts?.mode || 'default',
+//                     ignoredOptions: attemptedOverrides
+//                 });
+//             }
+//         }
+
+//         if (finalOptions.standardHeaders === undefined) {
+//             finalOptions.standardHeaders = true;
+//         }
+//         if (finalOptions.legacyHeaders === undefined) {
+//             finalOptions.legacyHeaders = false;
+//         }
+
+//         try {
+//             logger.info("Applying rate limiting", {
+//                 mode: opts?.mode || 'default',
+//                 windowMs: finalOptions.windowMs,
+//                 max: finalOptions.max
+//             });
+            
+//             return this.primaryAdapter.getMiddleware(finalOptions);
+//         } catch (err: any) {
+//             logger.warn("Primary rate limiter failed → fallback", {
+//                 error: err?.message
+//             });
+
+//             if (!this.fallbackAdapter) {
+//                 throw new AdapterError("Rate limiters failed; no fallback adapter.");
+//             }
+
+//             try {
+//                 logger.info("Using fallback rate limiter");
+//                 return this.fallbackAdapter.getMiddleware(finalOptions);
+//             } catch (fallbackErr: any) {
+//                 logger.error("Fallback limiter also failed", {
+//                     error: fallbackErr?.message
+//                 });
+//                 throw new AdapterError("Both primary and fallback limiters failed.");
+//             }
+//         }
+//     }
+// }
+
+
+
+
+import { HiSecureConfig } from "../core/types/HiSecureConfig";
+import { AdapterError } from "../core/errors/AdapterError";
 import { logger } from "../logging";
 
 interface RateLimiterAdapter {
@@ -19,26 +132,33 @@ export class RateLimitManager {
         this.config = config;
         this.primaryAdapter = primaryAdapter;
         this.fallbackAdapter = fallbackAdapter;
+
+        logger.info("RateLimitManager initialized", {
+            layer: "rate-limit-manager",
+            primaryConfigured: true,
+            fallbackConfigured: !!fallbackAdapter
+        });
     }
 
     middleware(opts?: { mode?: "strict" | "relaxed" | "api"; options?: any }) {
         let finalOptions: any = {};
+        const mode = opts?.mode || "default";
 
-        if (opts?.mode === "strict") {
+        if (mode === "strict") {
             finalOptions = {
                 windowMs: 10_000,
                 max: 5,
                 message: "Too many requests, please slow down."
             };
-        } else if (opts?.mode === "relaxed") {
+        } else if (mode === "relaxed") {
             finalOptions = {
                 windowMs: 60_000,
                 max: 100,
                 message: "Rate limit exceeded."
             };
-        } else if (opts?.mode === "api") {
+        } else if (mode === "api") {
             finalOptions = {
-                windowMs: 15 * 60 * 1000, 
+                windowMs: 15 * 60 * 1000,
                 max: 100,
                 message: "API rate limit exceeded."
             };
@@ -47,63 +167,88 @@ export class RateLimitManager {
                 windowMs: this.config.windowMs,
                 max: this.config.maxRequests,
                 message: this.config.message,
-                standardHeaders: true,      
-                legacyHeaders: false        
+                standardHeaders: true,
+                legacyHeaders: false
             };
         }
 
         if (opts?.options) {
-            const allowedOverrides = ['message', 'skipFailedRequests', 'standardHeaders', 'legacyHeaders'];
+            const allowedOverrides = [
+                "message",
+                "skipFailedRequests",
+                "standardHeaders",
+                "legacyHeaders"
+            ];
+
             for (const key of allowedOverrides) {
                 if (opts.options[key] !== undefined) {
                     finalOptions[key] = opts.options[key];
                 }
             }
-            
+
             const attemptedOverrides = Object.keys(opts.options).filter(
-                k => !allowedOverrides.includes(k) && k !== 'mode'
+                k => !allowedOverrides.includes(k) && k !== "mode"
             );
+
             if (attemptedOverrides.length > 0) {
                 logger.warn("Rate limit overrides ignored", {
-                    preset: opts?.mode || 'default',
+                    layer: "rate-limit-manager",
+                    operation: "configure",
+                    mode,
                     ignoredOptions: attemptedOverrides
                 });
             }
         }
 
-        if (finalOptions.standardHeaders === undefined) {
-            finalOptions.standardHeaders = true;
-        }
-        if (finalOptions.legacyHeaders === undefined) {
-            finalOptions.legacyHeaders = false;
-        }
+        finalOptions.standardHeaders ??= true;
+        finalOptions.legacyHeaders ??= false;
 
         try {
-            logger.info("Applying rate limiting", {
-                mode: opts?.mode || 'default',
+            logger.info("Rate limiting applied", {
+                layer: "rate-limit-manager",
+                operation: "apply",
+                mode,
                 windowMs: finalOptions.windowMs,
                 max: finalOptions.max
             });
-            
+
             return this.primaryAdapter.getMiddleware(finalOptions);
+
         } catch (err: any) {
-            logger.warn("Primary rate limiter failed → fallback", {
-                error: err?.message
+            logger.warn("Primary rate limiter failed", {
+                layer: "rate-limit-manager",
+                operation: "apply",
+                mode,
+                reason: err?.message
             });
 
             if (!this.fallbackAdapter) {
-                throw new AdapterError("Rate limiters failed; no fallback adapter.");
+                throw new AdapterError(
+                    "Rate limiters failed; no fallback adapter configured."
+                );
             }
 
             try {
-                logger.info("Using fallback rate limiter");
+                logger.warn("Using fallback rate limiter", {
+                    layer: "rate-limit-manager",
+                    operation: "fallback",
+                    mode
+                });
+
                 return this.fallbackAdapter.getMiddleware(finalOptions);
+
             } catch (fallbackErr: any) {
-                logger.error("Fallback limiter also failed", {
-                    error: fallbackErr?.message
+                logger.error("Fallback rate limiter failed", {
+                    layer: "rate-limit-manager",
+                    operation: "fallback",
+                    mode,
+                    reason: fallbackErr?.message
                 });
-                throw new AdapterError("Both primary and fallback limiters failed.");
+
+                throw new AdapterError(
+                    "Both primary and fallback rate limiters failed."
+                );
             }
         }
     }
-}
+}