npm - hi-secure - Versions diffs - 1.0.15 → 1.0.16 - Mend

hi-secure 1.0.15 → 1.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (99) hide show

package/dist/adapters/ArgonAdapter.d.ts +1 -1
package/dist/adapters/ArgonAdapter.d.ts.map +1 -1
package/dist/adapters/ArgonAdapter.js +43 -5
package/dist/adapters/ArgonAdapter.js.map +1 -1
package/dist/adapters/BcryptAdapter.d.ts.map +1 -1
package/dist/adapters/BcryptAdapter.js +43 -3
package/dist/adapters/BcryptAdapter.js.map +1 -1
package/dist/adapters/ExpressRLAdapter.d.ts.map +1 -1
package/dist/adapters/ExpressRLAdapter.js +48 -6
package/dist/adapters/ExpressRLAdapter.js.map +1 -1
package/dist/adapters/ExpressValidatorAdapter.d.ts.map +1 -1
package/dist/adapters/ExpressValidatorAdapter.js +50 -10
package/dist/adapters/ExpressValidatorAdapter.js.map +1 -1
package/dist/adapters/GoogleAdapter.d.ts.map +1 -1
package/dist/adapters/GoogleAdapter.js +82 -16
package/dist/adapters/GoogleAdapter.js.map +1 -1
package/dist/adapters/JWTAdapter.d.ts.map +1 -1
package/dist/adapters/JWTAdapter.js +104 -15
package/dist/adapters/JWTAdapter.js.map +1 -1
package/dist/adapters/RLFlexibleAdapter.d.ts.map +1 -1
package/dist/adapters/RLFlexibleAdapter.js +87 -12
package/dist/adapters/RLFlexibleAdapter.js.map +1 -1
package/dist/adapters/SanitizeHtmlAdapter.d.ts.map +1 -1
package/dist/adapters/SanitizeHtmlAdapter.js +81 -13
package/dist/adapters/SanitizeHtmlAdapter.js.map +1 -1
package/dist/adapters/XSSAdapter.d.ts +1 -1
package/dist/adapters/XSSAdapter.d.ts.map +1 -1
package/dist/adapters/XSSAdapter.js +137 -20
package/dist/adapters/XSSAdapter.js.map +1 -1
package/dist/adapters/ZodAdapter.d.ts +1 -1
package/dist/adapters/ZodAdapter.d.ts.map +1 -1
package/dist/adapters/ZodAdapter.js +13 -8
package/dist/adapters/ZodAdapter.js.map +1 -1
package/dist/core/HiSecure.d.ts +3 -4
package/dist/core/HiSecure.d.ts.map +1 -1
package/dist/core/HiSecure.js +108 -121
package/dist/core/HiSecure.js.map +1 -1
package/dist/index.d.ts +2 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +8 -1
package/dist/index.js.map +1 -1
package/dist/logging/index.d.ts.map +1 -1
package/dist/logging/index.js +2 -0
package/dist/logging/index.js.map +1 -1
package/dist/logging/morganSetup.d.ts.map +1 -1
package/dist/logging/morganSetup.js +22 -1
package/dist/logging/morganSetup.js.map +1 -1
package/dist/logging/winstonSetup.d.ts.map +1 -1
package/dist/logging/winstonSetup.js +61 -3
package/dist/logging/winstonSetup.js.map +1 -1
package/dist/managers/AuthManager.d.ts +2 -2
package/dist/managers/AuthManager.d.ts.map +1 -1
package/dist/managers/AuthManager.js +167 -31
package/dist/managers/AuthManager.js.map +1 -1
package/dist/managers/CorsManager.d.ts.map +1 -1
package/dist/managers/CorsManager.js +46 -11
package/dist/managers/CorsManager.js.map +1 -1
package/dist/managers/HashManager.d.ts +1 -1
package/dist/managers/HashManager.d.ts.map +1 -1
package/dist/managers/HashManager.js +127 -17
package/dist/managers/HashManager.js.map +1 -1
package/dist/managers/JsonManager.d.ts +1 -1
package/dist/managers/JsonManager.d.ts.map +1 -1
package/dist/managers/JsonManager.js +99 -16
package/dist/managers/JsonManager.js.map +1 -1
package/dist/managers/RateLimitManager.d.ts +1 -1
package/dist/managers/RateLimitManager.d.ts.map +1 -1
package/dist/managers/RateLimitManager.js +46 -22
package/dist/managers/RateLimitManager.js.map +1 -1
package/dist/managers/SanitizerManager.d.ts.map +1 -1
package/dist/managers/SanitizerManager.js +112 -15
package/dist/managers/SanitizerManager.js.map +1 -1
package/dist/managers/ValidatorManager.d.ts.map +1 -1
package/dist/managers/ValidatorManager.js +90 -7
package/dist/managers/ValidatorManager.js.map +1 -1
package/package.json +2 -6
package/readme.md +3 -6
package/src/adapters/ArgonAdapter.ts +55 -6
package/src/adapters/BcryptAdapter.ts +56 -8
package/src/adapters/ExpressRLAdapter.ts +62 -9
package/src/adapters/ExpressValidatorAdapter.ts +67 -11
package/src/adapters/GoogleAdapter.ts +106 -21
package/src/adapters/JWTAdapter.ts +129 -21
package/src/adapters/RLFlexibleAdapter.ts +113 -16
package/src/adapters/SanitizeHtmlAdapter.ts +111 -18
package/src/adapters/XSSAdapter.ts +183 -39
package/src/adapters/ZodAdapter.ts +56 -10
package/src/core/HiSecure.ts +496 -162
package/src/index.ts +4 -0
package/src/logging/index.ts +6 -0
package/src/logging/morganSetup.ts +36 -1
package/src/logging/winstonSetup.ts +97 -8
package/src/managers/AuthManager.ts +205 -34
package/src/managers/CorsManager.ts +63 -16
package/src/managers/HashManager.ts +156 -19
package/src/managers/JsonManager.ts +119 -15
package/src/managers/RateLimitManager.ts +174 -29
package/src/managers/SanitizerManager.ts +150 -25
package/src/managers/ValidatorManager.ts +115 -15

package/src/managers/SanitizerManager.ts CHANGED Viewed

@@ -1,4 +1,107 @@
-import { SanitizerError } from "../core/errors/SanitizerError.js";
+// import { SanitizerError } from "../core/errors/SanitizerError.js";
+// import { logger } from "../logging";
+// interface SanitizerAdapter {
+//     sanitize: (value: string, options?: any) => string;
+// }
+// export class SanitizerManager {
+//     private primary: SanitizerAdapter;
+//     private fallback: SanitizerAdapter | null;
+//     constructor(primary: SanitizerAdapter, fallback: SanitizerAdapter | null = null) {
+//         this.primary = primary;
+//         this.fallback = fallback;
+//     }
+//     sanitize(value: string, options?: any): string {
+//         if (typeof value !== 'string') {
+//             return value;
+//         }
+//         try {
+//             return this.primary.sanitize(value, options);
+//         } catch (err: any) {
+//             logger.warn("Primary sanitizer failed", { error: err?.message });
+//             if (!this.fallback) {
+//                 throw new SanitizerError("Primary sanitizer failed and no fallback available.");
+//             }
+//             logger.info("Using fallback sanitizer");
+//             return this.fallback.sanitize(value, options);
+//         }
+//     }
+//     middleware(options?: any) {
+//         return (req: any, _res: any, next: any) => {
+//             let fallbackTriggered = false;
+//             const safeSanitize = (value: string): string => {
+//                 if (fallbackTriggered && this.fallback) {
+//                     return this.fallback.sanitize(value, options);
+//                 }
+//                 try {
+//                     return this.primary.sanitize(value, options);
+//                 } catch (err: any) {
+//                     if (!this.fallback) {
+//                         throw err;
+//                     }
+//                     fallbackTriggered = true;
+//                     logger.warn("Switching to fallback sanitizer for this request");
+//                     return this.fallback.sanitize(value, options);
+//                 }
+//             };
+//             try {
+//                 if (req.body && typeof req.body === "object") {
+//                     const originalBody = req.body;
+//                     const sanitizedBody: any = Array.isArray(originalBody) ? [] : {};
+//                     for (const key of Object.keys(originalBody)) {
+//                         const value = originalBody[key];
+//                         if (typeof value === "string") {
+//                             sanitizedBody[key] = safeSanitize(value);
+//                         } else if (Array.isArray(value)) {
+//                             sanitizedBody[key] = value.map(item =>
+//                                 typeof item === "string" ? safeSanitize(item) : item
+//                             );
+//                         } else if (value && typeof value === "object") {
+//                             sanitizedBody[key] = value;
+//                         } else {
+//                             sanitizedBody[key] = value;
+//                         }
+//                     }
+//                     req.sanitizedBody = sanitizedBody;
+//                     logger.debug("Request body sanitized", {
+//                         originalKeys: Object.keys(originalBody),
+//                         sanitizedKeys: Object.keys(sanitizedBody),
+//                         usedFallback: fallbackTriggered
+//                     });
+//                 }
+//                 next();
+//             } catch (err: any) {
+//                 logger.error("Sanitizer middleware failed", {
+//                     error: err?.message
+//                 });
+//                 next(new SanitizerError("Sanitizer middleware failure"));
+//             }
+//         };
+//     }
+// }
+import { SanitizerError } from "../core/errors/SanitizerError";
 import { logger } from "../logging";
 interface SanitizerAdapter {
@@ -12,78 +115,97 @@ export class SanitizerManager {
     constructor(primary: SanitizerAdapter, fallback: SanitizerAdapter | null = null) {
         this.primary = primary;
         this.fallback = fallback;
+        logger.info("SanitizerManager initialized", {
+            layer: "sanitizer-manager",
+            fallbackEnabled: !!fallback
+        });
     }
     sanitize(value: string, options?: any): string {
-        if (typeof value !== 'string') {
+        if (typeof value !== "string") {
             return value;
         }
         try {
             return this.primary.sanitize(value, options);
         } catch (err: any) {
-            logger.warn("Primary sanitizer failed", { error: err?.message });
+            logger.warn("Primary sanitizer failed", {
+                layer: "sanitizer-manager",
+                operation: "sanitize",
+                reason: err?.message
+            });
             if (!this.fallback) {
-                throw new SanitizerError("Primary sanitizer failed and no fallback available.");
+                throw new SanitizerError(
+                    "Primary sanitizer failed and no fallback available."
+                );
             }
-            logger.info("Using fallback sanitizer");
+            logger.warn("Sanitizer fallback used", {
+                layer: "sanitizer-manager",
+                operation: "sanitize"
+            });
             return this.fallback.sanitize(value, options);
         }
     }
     middleware(options?: any) {
         return (req: any, _res: any, next: any) => {
             let fallbackTriggered = false;
             const safeSanitize = (value: string): string => {
                 if (fallbackTriggered && this.fallback) {
                     return this.fallback.sanitize(value, options);
                 }
                 try {
                     return this.primary.sanitize(value, options);
                 } catch (err: any) {
                     if (!this.fallback) {
                         throw err;
                     }
                     fallbackTriggered = true;
-                    logger.warn("Switching to fallback sanitizer for this request");
+                    logger.warn("Switching to fallback sanitizer for request", {
+                        layer: "sanitizer-manager",
+                        operation: "middleware"
+                    });
                     return this.fallback.sanitize(value, options);
                 }
             };
             try {
                 if (req.body && typeof req.body === "object") {
                     const originalBody = req.body;
                     const sanitizedBody: any = Array.isArray(originalBody) ? [] : {};
                     for (const key of Object.keys(originalBody)) {
                         const value = originalBody[key];
                         if (typeof value === "string") {
                             sanitizedBody[key] = safeSanitize(value);
                         } else if (Array.isArray(value)) {
-                            sanitizedBody[key] = value.map(item =>
-                                typeof item === "string" ? safeSanitize(item) : item
+                            sanitizedBody[key] = value.map(item =>
+                                typeof item === "string"
+                                    ? safeSanitize(item)
+                                    : item
                             );
-                        } else if (value && typeof value === "object") {
-                            sanitizedBody[key] = value;
                         } else {
                             sanitizedBody[key] = value;
                         }
                     }
                     req.sanitizedBody = sanitizedBody;
-                    logger.debug("Request body sanitized", {
-                        originalKeys: Object.keys(originalBody),
-                        sanitizedKeys: Object.keys(sanitizedBody),
+                    // ✅ visible + safe info
+                    logger.info("Request body sanitized", {
+                        layer: "sanitizer-manager",
+                        operation: "middleware",
+                        fieldCount: Object.keys(sanitizedBody).length,
                         usedFallback: fallbackTriggered
                     });
                 }
@@ -91,10 +213,13 @@ export class SanitizerManager {
                 next();
             } catch (err: any) {
                 logger.error("Sanitizer middleware failed", {
-                    error: err?.message
+                    layer: "sanitizer-manager",
+                    operation: "middleware",
+                    reason: err?.message
                 });
                 next(new SanitizerError("Sanitizer middleware failure"));
             }
         };
     }
-}
+}

package/src/managers/ValidatorManager.ts CHANGED Viewed

@@ -1,5 +1,80 @@
+// import { logger } from "../logging";
+// import { ValidationError } from "../core/errors/ValidationError.js";
+// interface ValidatorAdapter {
+//     validate: (schema?: any) => any;
+// }
+// export class ValidatorManager {
+//     private zodAdapter: ValidatorAdapter;
+//     private expressAdapter: ValidatorAdapter;
+//     constructor(zodAdapter: ValidatorAdapter, expressAdapter: ValidatorAdapter) {
+//         this.zodAdapter = zodAdapter;
+//         this.expressAdapter = expressAdapter;
+//     }
+//     validate(schema?: any) {
+//         const isZod =
+//     schema &&
+//     typeof schema === "object" &&
+//     typeof schema._def === "object" &&
+//     typeof schema.safeParse === "function";
+//         const isExpressValidator = Array.isArray(schema);
+//         return (req: any, res: any, next: any) => {
+//             let middleware;
+//             if (isZod) {
+//                 logger.debug("Using Zod adapter");
+//                 middleware = this.zodAdapter.validate(schema);
+//             }
+//             else if (isExpressValidator) {
+//                 logger.debug(" Using express-validator adapter");
+//                 middleware = this.expressAdapter.validate(schema);
+//             }
+//             else {
+//                 return next();
+//             }
+//             // CASE 1 — express-validator returns ARRAY
+//             if (Array.isArray(middleware)) {
+//                 let idx = 0;
+//                 const run = (err?: any) => {
+//                     if (err) return next(err);
+//                     const fn = middleware[idx++];
+//                     if (!fn) return next(); // done
+//                     try {
+//                         fn(req, res, run);
+//                     } catch (error: any) {
+//                         next(new ValidationError(error.message));
+//                     }
+//                 };
+//                 return run();
+//             }
+//             // CASE 2 — Zod returns SINGLE MIDDLEWARE
+//             try {
+//                 middleware(req, res, (err?: any) => {
+//                     if (err) return next(err);
+//                     next();
+//                 });
+//             } catch (err: any) {
+//                 next(new ValidationError(err.message));
+//             }
+//         };
+//     }
+// }
 import { logger } from "../logging";
-import { ValidationError } from "../core/errors/ValidationError.js";
+import { ValidationError } from "../core/errors/ValidationError";
 interface ValidatorAdapter {
     validate: (schema?: any) => any;
@@ -12,32 +87,44 @@ export class ValidatorManager {
     constructor(zodAdapter: ValidatorAdapter, expressAdapter: ValidatorAdapter) {
         this.zodAdapter = zodAdapter;
         this.expressAdapter = expressAdapter;
+        logger.info("ValidatorManager initialized", {
+            layer: "validator-manager",
+            adapters: ["zod", "express-validator"]
+        });
     }
     validate(schema?: any) {
         const isZod =
-    schema &&
-    typeof schema === "object" &&
-    typeof schema._def === "object" &&
-    typeof schema.safeParse === "function";
+            schema &&
+            typeof schema === "object" &&
+            typeof schema._def === "object" &&
+            typeof schema.safeParse === "function";
         const isExpressValidator = Array.isArray(schema);
         return (req: any, res: any, next: any) => {
             let middleware;
+            let adapterUsed: "zod" | "express-validator" | "none" = "none";
             if (isZod) {
-                logger.debug("Using Zod adapter");
+                adapterUsed = "zod";
                 middleware = this.zodAdapter.validate(schema);
-            }
-            else if (isExpressValidator) {
-                logger.debug(" Using express-validator adapter");
+            } else if (isExpressValidator) {
+                adapterUsed = "express-validator";
                 middleware = this.expressAdapter.validate(schema);
-            }
-            else {
-                return next();
+            } else {
+                return next();
             }
+            logger.info("Validation adapter selected", {
+                layer: "validator-manager",
+                operation: "select",
+                adapter: adapterUsed,
+                path: req.path,
+                method: req.method
+            });
             // CASE 1 — express-validator returns ARRAY
             if (Array.isArray(middleware)) {
                 let idx = 0;
@@ -46,11 +133,18 @@ export class ValidatorManager {
                     if (err) return next(err);
                     const fn = middleware[idx++];
-                    if (!fn) return next(); // done
+                    if (!fn) return next();
                     try {
                         fn(req, res, run);
                     } catch (error: any) {
+                        logger.error("Validation middleware execution failed", {
+                            layer: "validator-manager",
+                            operation: "execute",
+                            adapter: adapterUsed,
+                            reason: error?.message
+                        });
                         next(new ValidationError(error.message));
                     }
                 };
@@ -58,16 +152,22 @@ export class ValidatorManager {
                 return run();
             }
-            // CASE 2 — Zod returns SINGLE MIDDLEWARE
+            // CASE 2 — Zod returns SINGLE middleware
             try {
                 middleware(req, res, (err?: any) => {
                     if (err) return next(err);
                     next();
                 });
             } catch (err: any) {
+                logger.error("Validation middleware execution failed", {
+                    layer: "validator-manager",
+                    operation: "execute",
+                    adapter: adapterUsed,
+                    reason: err?.message
+                });
                 next(new ValidationError(err.message));
             }
         };
     }
 }