hi-secure 1.0.15 → 1.0.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/ArgonAdapter.d.ts +1 -1
- package/dist/adapters/ArgonAdapter.d.ts.map +1 -1
- package/dist/adapters/ArgonAdapter.js +43 -5
- package/dist/adapters/ArgonAdapter.js.map +1 -1
- package/dist/adapters/BcryptAdapter.d.ts.map +1 -1
- package/dist/adapters/BcryptAdapter.js +43 -3
- package/dist/adapters/BcryptAdapter.js.map +1 -1
- package/dist/adapters/ExpressRLAdapter.d.ts.map +1 -1
- package/dist/adapters/ExpressRLAdapter.js +48 -6
- package/dist/adapters/ExpressRLAdapter.js.map +1 -1
- package/dist/adapters/ExpressValidatorAdapter.d.ts.map +1 -1
- package/dist/adapters/ExpressValidatorAdapter.js +50 -10
- package/dist/adapters/ExpressValidatorAdapter.js.map +1 -1
- package/dist/adapters/GoogleAdapter.d.ts.map +1 -1
- package/dist/adapters/GoogleAdapter.js +82 -16
- package/dist/adapters/GoogleAdapter.js.map +1 -1
- package/dist/adapters/JWTAdapter.d.ts.map +1 -1
- package/dist/adapters/JWTAdapter.js +104 -15
- package/dist/adapters/JWTAdapter.js.map +1 -1
- package/dist/adapters/RLFlexibleAdapter.d.ts.map +1 -1
- package/dist/adapters/RLFlexibleAdapter.js +87 -12
- package/dist/adapters/RLFlexibleAdapter.js.map +1 -1
- package/dist/adapters/SanitizeHtmlAdapter.d.ts.map +1 -1
- package/dist/adapters/SanitizeHtmlAdapter.js +81 -13
- package/dist/adapters/SanitizeHtmlAdapter.js.map +1 -1
- package/dist/adapters/XSSAdapter.d.ts +1 -1
- package/dist/adapters/XSSAdapter.d.ts.map +1 -1
- package/dist/adapters/XSSAdapter.js +137 -20
- package/dist/adapters/XSSAdapter.js.map +1 -1
- package/dist/adapters/ZodAdapter.d.ts +1 -1
- package/dist/adapters/ZodAdapter.d.ts.map +1 -1
- package/dist/adapters/ZodAdapter.js +13 -8
- package/dist/adapters/ZodAdapter.js.map +1 -1
- package/dist/core/HiSecure.d.ts +3 -4
- package/dist/core/HiSecure.d.ts.map +1 -1
- package/dist/core/HiSecure.js +108 -121
- package/dist/core/HiSecure.js.map +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -1
- package/dist/index.js.map +1 -1
- package/dist/logging/index.d.ts.map +1 -1
- package/dist/logging/index.js +2 -0
- package/dist/logging/index.js.map +1 -1
- package/dist/logging/morganSetup.d.ts.map +1 -1
- package/dist/logging/morganSetup.js +22 -1
- package/dist/logging/morganSetup.js.map +1 -1
- package/dist/logging/winstonSetup.d.ts.map +1 -1
- package/dist/logging/winstonSetup.js +61 -3
- package/dist/logging/winstonSetup.js.map +1 -1
- package/dist/managers/AuthManager.d.ts +2 -2
- package/dist/managers/AuthManager.d.ts.map +1 -1
- package/dist/managers/AuthManager.js +167 -31
- package/dist/managers/AuthManager.js.map +1 -1
- package/dist/managers/CorsManager.d.ts.map +1 -1
- package/dist/managers/CorsManager.js +46 -11
- package/dist/managers/CorsManager.js.map +1 -1
- package/dist/managers/HashManager.d.ts +1 -1
- package/dist/managers/HashManager.d.ts.map +1 -1
- package/dist/managers/HashManager.js +127 -17
- package/dist/managers/HashManager.js.map +1 -1
- package/dist/managers/JsonManager.d.ts +1 -1
- package/dist/managers/JsonManager.d.ts.map +1 -1
- package/dist/managers/JsonManager.js +99 -16
- package/dist/managers/JsonManager.js.map +1 -1
- package/dist/managers/RateLimitManager.d.ts +1 -1
- package/dist/managers/RateLimitManager.d.ts.map +1 -1
- package/dist/managers/RateLimitManager.js +46 -22
- package/dist/managers/RateLimitManager.js.map +1 -1
- package/dist/managers/SanitizerManager.d.ts.map +1 -1
- package/dist/managers/SanitizerManager.js +112 -15
- package/dist/managers/SanitizerManager.js.map +1 -1
- package/dist/managers/ValidatorManager.d.ts.map +1 -1
- package/dist/managers/ValidatorManager.js +90 -7
- package/dist/managers/ValidatorManager.js.map +1 -1
- package/package.json +2 -6
- package/readme.md +3 -6
- package/src/adapters/ArgonAdapter.ts +55 -6
- package/src/adapters/BcryptAdapter.ts +56 -8
- package/src/adapters/ExpressRLAdapter.ts +62 -9
- package/src/adapters/ExpressValidatorAdapter.ts +67 -11
- package/src/adapters/GoogleAdapter.ts +106 -21
- package/src/adapters/JWTAdapter.ts +129 -21
- package/src/adapters/RLFlexibleAdapter.ts +113 -16
- package/src/adapters/SanitizeHtmlAdapter.ts +111 -18
- package/src/adapters/XSSAdapter.ts +183 -39
- package/src/adapters/ZodAdapter.ts +56 -10
- package/src/core/HiSecure.ts +496 -162
- package/src/index.ts +4 -0
- package/src/logging/index.ts +6 -0
- package/src/logging/morganSetup.ts +36 -1
- package/src/logging/winstonSetup.ts +97 -8
- package/src/managers/AuthManager.ts +205 -34
- package/src/managers/CorsManager.ts +63 -16
- package/src/managers/HashManager.ts +156 -19
- package/src/managers/JsonManager.ts +119 -15
- package/src/managers/RateLimitManager.ts +174 -29
- package/src/managers/SanitizerManager.ts +150 -25
- package/src/managers/ValidatorManager.ts +115 -15
|
@@ -1,15 +1,73 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
// // import winston from "winston";
|
|
2
3
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
4
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
5
|
};
|
|
5
6
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
7
|
exports.logError = exports.logWarn = exports.logInfo = exports.logger = void 0;
|
|
8
|
+
// // export const logger = winston.createLogger({
|
|
9
|
+
// // level: "info",
|
|
10
|
+
// // format: winston.format.combine(
|
|
11
|
+
// // winston.format.timestamp(),
|
|
12
|
+
// // winston.format.json()
|
|
13
|
+
// // ),
|
|
14
|
+
// // transports: [
|
|
15
|
+
// // new winston.transports.Console()
|
|
16
|
+
// // ]
|
|
17
|
+
// // });
|
|
18
|
+
// // // Shortcut helpers
|
|
19
|
+
// // export const logInfo = (msg: string, meta: any = {}) => logger.info(msg, meta);
|
|
20
|
+
// // export const logWarn = (msg: string, meta: any = {}) => logger.warn(msg, meta);
|
|
21
|
+
// // export const logError = (msg: string, meta: any = {}) => logger.error(msg, meta);
|
|
22
|
+
// import winston from "winston";
|
|
23
|
+
// const { combine, timestamp, printf, colorize, errors } = winston.format;
|
|
24
|
+
// const logFormat = printf(({ level, message, timestamp, ...meta }) => {
|
|
25
|
+
// const metaString =
|
|
26
|
+
// Object.keys(meta).length > 0 ? ` | ${JSON.stringify(meta)}` : "";
|
|
27
|
+
// return `${timestamp} ${level}: ${message}${metaString}`;
|
|
28
|
+
// });
|
|
29
|
+
// export const logger = winston.createLogger({
|
|
30
|
+
// level: "info",
|
|
31
|
+
// format: combine(
|
|
32
|
+
// errors({ stack: true }),
|
|
33
|
+
// timestamp({ format: "HH:mm:ss" })
|
|
34
|
+
// ),
|
|
35
|
+
// transports: [
|
|
36
|
+
// new winston.transports.Console({
|
|
37
|
+
// format: combine(
|
|
38
|
+
// colorize({ all: true }),
|
|
39
|
+
// logFormat
|
|
40
|
+
// )
|
|
41
|
+
// })
|
|
42
|
+
// ]
|
|
43
|
+
// });
|
|
44
|
+
// // Shortcut helpers
|
|
45
|
+
// export const logInfo = (msg: string, meta: any = {}) =>
|
|
46
|
+
// logger.info(msg, meta);
|
|
47
|
+
// export const logWarn = (msg: string, meta: any = {}) =>
|
|
48
|
+
// logger.warn(msg, meta);
|
|
49
|
+
// export const logError = (msg: string, meta: any = {}) =>
|
|
50
|
+
// logger.error(msg, meta);
|
|
7
51
|
const winston_1 = __importDefault(require("winston"));
|
|
52
|
+
const { combine, timestamp, printf, colorize, errors } = winston_1.default.format;
|
|
53
|
+
// Explicit colors (best practice)
|
|
54
|
+
winston_1.default.addColors({
|
|
55
|
+
error: "red",
|
|
56
|
+
warn: "yellow",
|
|
57
|
+
info: "green",
|
|
58
|
+
http: "cyan"
|
|
59
|
+
});
|
|
60
|
+
const logFormat = printf(({ level, message, timestamp, ...meta }) => {
|
|
61
|
+
const metaString = Object.keys(meta).length > 0 ? ` | ${JSON.stringify(meta)}` : "";
|
|
62
|
+
return `${timestamp} ${level}: ${message}${metaString}`;
|
|
63
|
+
});
|
|
8
64
|
exports.logger = winston_1.default.createLogger({
|
|
9
|
-
level: "
|
|
10
|
-
format:
|
|
65
|
+
level: "http", // 🔴 MOST IMPORTANT FIX
|
|
66
|
+
format: combine(errors({ stack: true }), timestamp({ format: "HH:mm:ss" })),
|
|
11
67
|
transports: [
|
|
12
|
-
new winston_1.default.transports.Console(
|
|
68
|
+
new winston_1.default.transports.Console({
|
|
69
|
+
format: combine(colorize({ all: true }), logFormat)
|
|
70
|
+
})
|
|
13
71
|
]
|
|
14
72
|
});
|
|
15
73
|
// Shortcut helpers
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"winstonSetup.js","sourceRoot":"","sources":["../../src/logging/winstonSetup.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"winstonSetup.js","sourceRoot":"","sources":["../../src/logging/winstonSetup.ts"],"names":[],"mappings":";AAAA,oCAAoC;;;;;;AAEpC,kDAAkD;AAClD,wBAAwB;AACxB,yCAAyC;AACzC,yCAAyC;AACzC,mCAAmC;AACnC,YAAY;AACZ,uBAAuB;AACvB,8CAA8C;AAC9C,WAAW;AACX,SAAS;AAET,yBAAyB;AACzB,qFAAqF;AACrF,qFAAqF;AACrF,uFAAuF;AAKvF,iCAAiC;AAEjC,2EAA2E;AAE3E,yEAAyE;AACzE,yBAAyB;AACzB,4EAA4E;AAE5E,+DAA+D;AAC/D,MAAM;AAEN,+CAA+C;AAC/C,qBAAqB;AACrB,uBAAuB;AACvB,mCAAmC;AACnC,4CAA4C;AAC5C,SAAS;AACT,oBAAoB;AACpB,2CAA2C;AAC3C,+BAA+B;AAC/B,2CAA2C;AAC3C,4BAA4B;AAC5B,gBAAgB;AAChB,aAAa;AACb,QAAQ;AACR,MAAM;AAEN,sBAAsB;AACtB,0DAA0D;AAC1D,8BAA8B;AAE9B,0DAA0D;AAC1D,8BAA8B;AAE9B,2DAA2D;AAC3D,+BAA+B;AAM/B,sDAA8B;AAE9B,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,iBAAO,CAAC,MAAM,CAAC;AAExE,kCAAkC;AAClC,iBAAO,CAAC,SAAS,CAAC;IACd,KAAK,EAAE,KAAK;IACZ,IAAI,EAAE,QAAQ;IACd,IAAI,EAAE,OAAO;IACb,IAAI,EAAE,MAAM;CACf,CAAC,CAAC;AAEH,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE;IAChE,MAAM,UAAU,GACZ,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAErE,OAAO,GAAG,SAAS,IAAI,KAAK,KAAK,OAAO,GAAG,UAAU,EAAE,CAAC;AAC5D,CAAC,CAAC,CAAC;AAEU,QAAA,MAAM,GAAG,iBAAO,CAAC,YAAY,CAAC;IACvC,KAAK,EAAE,MAAM,EAAE,wBAAwB;IACvC,MAAM,EAAE,OAAO,CACX,MAAM,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EACvB,SAAS,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CACpC;IACD,UAAU,EAAE;QACR,IAAI,iBAAO,CAAC,UAAU,CAAC,OAAO,CAAC;YAC3B,MAAM,EAAE,OAAO,CACX,QAAQ,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,EACvB,SAAS,CACZ;SACJ,CAAC;KACL;CACJ,CAAC,CAAC;AAEH,mBAAmB;AACZ,MAAM,OAAO,GAAG,CAAC,GAAW,EAAE,OAAY,EAAE,EAAE,EAAE,CACnD,cAAM,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;AADd,QAAA,OAAO,WACO;AAEpB,MAAM,OAAO,GAAG,CAAC,GAAW,EAAE,OAAY,EAAE,EAAE,EAAE,CACnD,cAAM,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;AADd,QAAA,OAAO,WACO;AAEpB,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAE,OAAY,EAAE,EAAE,EAAE,CACpD,cAAM,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;AADf,QAAA,QAAQ,YACO","sourcesContent":["// // import winston from \"winston\";\r\n\r\n// // export const logger = winston.createLogger({\r\n// // level: \"info\",\r\n// // format: winston.format.combine(\r\n// // winston.format.timestamp(),\r\n// // winston.format.json()\r\n// // ),\r\n// // transports: [\r\n// // new winston.transports.Console()\r\n// // ]\r\n// // });\r\n\r\n// // // Shortcut helpers\r\n// // export const logInfo = (msg: string, meta: any = {}) => logger.info(msg, meta);\r\n// // export const logWarn = (msg: string, meta: any = {}) => logger.warn(msg, meta);\r\n// // export const logError = (msg: string, meta: any = {}) => logger.error(msg, meta);\r\n\r\n\r\n\r\n\r\n// import winston from \"winston\";\r\n\r\n// const { combine, timestamp, printf, colorize, errors } = winston.format;\r\n\r\n// const logFormat = printf(({ level, message, timestamp, ...meta }) => {\r\n// const metaString =\r\n// Object.keys(meta).length > 0 ? ` | ${JSON.stringify(meta)}` : \"\";\r\n\r\n// return `${timestamp} ${level}: ${message}${metaString}`;\r\n// });\r\n\r\n// export const logger = winston.createLogger({\r\n// level: \"info\",\r\n// format: combine(\r\n// errors({ stack: true }),\r\n// timestamp({ format: \"HH:mm:ss\" })\r\n// ),\r\n// transports: [\r\n// new winston.transports.Console({\r\n// format: combine(\r\n// colorize({ all: true }),\r\n// logFormat\r\n// )\r\n// })\r\n// ]\r\n// });\r\n\r\n// // Shortcut helpers\r\n// export const logInfo = (msg: string, meta: any = {}) =>\r\n// logger.info(msg, meta);\r\n\r\n// export const logWarn = (msg: string, meta: any = {}) =>\r\n// logger.warn(msg, meta);\r\n\r\n// export const logError = (msg: string, meta: any = {}) =>\r\n// logger.error(msg, meta);\r\n\r\n\r\n\r\n\r\n\r\nimport winston from \"winston\";\r\n\r\nconst { combine, timestamp, printf, colorize, errors } = winston.format;\r\n\r\n// Explicit colors (best practice)\r\nwinston.addColors({\r\n error: \"red\",\r\n warn: \"yellow\",\r\n info: \"green\",\r\n http: \"cyan\"\r\n});\r\n\r\nconst logFormat = printf(({ level, message, timestamp, ...meta }) => {\r\n const metaString =\r\n Object.keys(meta).length > 0 ? ` | ${JSON.stringify(meta)}` : \"\";\r\n\r\n return `${timestamp} ${level}: ${message}${metaString}`;\r\n});\r\n\r\nexport const logger = winston.createLogger({\r\n level: \"http\", // 🔴 MOST IMPORTANT FIX\r\n format: combine(\r\n errors({ stack: true }),\r\n timestamp({ format: \"HH:mm:ss\" })\r\n ),\r\n transports: [\r\n new winston.transports.Console({\r\n format: combine(\r\n colorize({ all: true }),\r\n logFormat\r\n )\r\n })\r\n ]\r\n});\r\n\r\n// Shortcut helpers\r\nexport const logInfo = (msg: string, meta: any = {}) =>\r\n logger.info(msg, meta);\r\n\r\nexport const logWarn = (msg: string, meta: any = {}) =>\r\n logger.warn(msg, meta);\r\n\r\nexport const logError = (msg: string, meta: any = {}) =>\r\n logger.error(msg, meta);\r\n"]}
|
|
@@ -17,7 +17,7 @@ export declare class AuthManager {
|
|
|
17
17
|
jti?: string;
|
|
18
18
|
}): string;
|
|
19
19
|
verify(token: string): string | import("jsonwebtoken").Jwt | import("jsonwebtoken").JwtPayload;
|
|
20
|
-
verifyGoogleIdToken(idToken: string): Promise<import("../adapters/GoogleAdapter
|
|
21
|
-
protect(options?: ProtectOptions): (req: Request,
|
|
20
|
+
verifyGoogleIdToken(idToken: string): Promise<import("../adapters/GoogleAdapter").GoogleTokenPayload>;
|
|
21
|
+
protect(options?: ProtectOptions): (req: Request, _res: Response, next: NextFunction) => void;
|
|
22
22
|
}
|
|
23
23
|
//# sourceMappingURL=AuthManager.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthManager.d.ts","sourceRoot":"","sources":["../../src/managers/AuthManager.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"AuthManager.d.ts","sourceRoot":"","sources":["../../src/managers/AuthManager.ts"],"names":[],"mappings":"AAiJA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAG1D,MAAM,WAAW,WAAW;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,cAAc;IAC3B,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,qBAAa,WAAW;IACpB,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,aAAa,CAAC,CAAgB;gBAE1B,IAAI,EAAE,WAAW;IAgC7B,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAA;KAAE;IAS7E,MAAM,CAAC,KAAK,EAAE,MAAM;IASd,mBAAmB,CAAC,OAAO,EAAE,MAAM;IAuBzC,OAAO,CAAC,OAAO,CAAC,EAAE,cAAc,IAIpB,KAAK,OAAO,EAAE,MAAM,QAAQ,EAAE,MAAM,YAAY;CAiE/D"}
|
|
@@ -1,100 +1,236 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
// import { JWTAdapter } from "../adapters/JWTAdapter.js";
|
|
3
|
+
// import { GoogleAdapter } from "../adapters/GoogleAdapter.js";
|
|
4
|
+
// import { AdapterError } from "../core/errors/AdapterError.js";
|
|
5
|
+
// import { HttpError } from "../core/errors/HttpError.js";
|
|
6
|
+
// import { Request, Response, NextFunction } from "express";
|
|
7
|
+
// import { logger } from "../logging";
|
|
2
8
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
9
|
exports.AuthManager = void 0;
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
10
|
+
// export interface AuthOptions {
|
|
11
|
+
// jwtSecret: string;
|
|
12
|
+
// jwtExpiresIn?: string | number;
|
|
13
|
+
// googleClientId?: string;
|
|
14
|
+
// }
|
|
15
|
+
// export interface ProtectOptions {
|
|
16
|
+
// required?: boolean;
|
|
17
|
+
// roles?: string[];
|
|
18
|
+
// }
|
|
19
|
+
// export class AuthManager {
|
|
20
|
+
// private jwtAdapter: JWTAdapter;
|
|
21
|
+
// private googleAdapter?: GoogleAdapter;
|
|
22
|
+
// constructor(opts: AuthOptions) {
|
|
23
|
+
// if (!opts.jwtSecret) {
|
|
24
|
+
// throw new AdapterError("jwtSecret required in AuthOptions");
|
|
25
|
+
// }
|
|
26
|
+
// if (opts.jwtSecret.length < 32) {
|
|
27
|
+
// logger.warn(" JWT secret is less than 32 characters - consider using a stronger secret");
|
|
28
|
+
// }
|
|
29
|
+
// logger.info("AuthManager initialized");
|
|
30
|
+
// this.jwtAdapter = new JWTAdapter({
|
|
31
|
+
// secret: opts.jwtSecret,
|
|
32
|
+
// expiresIn: opts.jwtExpiresIn ?? "1d",
|
|
33
|
+
// });
|
|
34
|
+
// if (opts.googleClientId) {
|
|
35
|
+
// this.googleAdapter = new GoogleAdapter(opts.googleClientId);
|
|
36
|
+
// logger.info("GoogleAdapter enabled");
|
|
37
|
+
// }
|
|
38
|
+
// }
|
|
39
|
+
// sign(payload: object, options?: { expiresIn?: string | number, jti?: string }) {
|
|
40
|
+
// logger.info("JWT Sign called");
|
|
41
|
+
// return this.jwtAdapter.sign(payload, options);
|
|
42
|
+
// }
|
|
43
|
+
// verify(token: string) {
|
|
44
|
+
// logger.info("JWT Verify called");
|
|
45
|
+
// return this.jwtAdapter.verify(token);
|
|
46
|
+
// }
|
|
47
|
+
// async verifyGoogleIdToken(idToken: string) {
|
|
48
|
+
// if (!this.googleAdapter) {
|
|
49
|
+
// throw new AdapterError("GoogleAdapter not configured.");
|
|
50
|
+
// }
|
|
51
|
+
// logger.info("Google ID Token verify called");
|
|
52
|
+
// try {
|
|
53
|
+
// return await this.googleAdapter.verifyIdToken(idToken);
|
|
54
|
+
// } catch (err: any) {
|
|
55
|
+
// logger.error("Google ID Token verification failed", { error: err?.message });
|
|
56
|
+
// throw HttpError.Unauthorized("Invalid Google ID token");
|
|
57
|
+
// }
|
|
58
|
+
// }
|
|
59
|
+
// protect(options?: ProtectOptions) {
|
|
60
|
+
// const required = options?.required ?? true;
|
|
61
|
+
// const roles = options?.roles;
|
|
62
|
+
// return (req: Request, res: Response, next: NextFunction) => {
|
|
63
|
+
// const header = req.headers["authorization"];
|
|
64
|
+
// if (!required && !header) {
|
|
65
|
+
// return next();
|
|
66
|
+
// }
|
|
67
|
+
// if (!header) {
|
|
68
|
+
// logger.warn("Missing Authorization header", {
|
|
69
|
+
// path: req.path,
|
|
70
|
+
// method: req.method
|
|
71
|
+
// });
|
|
72
|
+
// return next(HttpError.Unauthorized("Missing Authorization header"));
|
|
73
|
+
// }
|
|
74
|
+
// const [type, token] = String(header).split(" ");
|
|
75
|
+
// if (type !== "Bearer" || !token) {
|
|
76
|
+
// logger.warn("Invalid Authorization header", {
|
|
77
|
+
// path: req.path,
|
|
78
|
+
// method: req.method
|
|
79
|
+
// });
|
|
80
|
+
// return next(HttpError.Unauthorized("Invalid Authorization header"));
|
|
81
|
+
// }
|
|
82
|
+
// try {
|
|
83
|
+
// // Verify JWT
|
|
84
|
+
// const decoded = this.verify(token);
|
|
85
|
+
// // Attach to request
|
|
86
|
+
// (req as any).auth = decoded;
|
|
87
|
+
// (req as any).user = decoded;
|
|
88
|
+
// // Role-based authorization - role added Middleware
|
|
89
|
+
// if (roles && roles.length > 0) {
|
|
90
|
+
// const userRole = (decoded as any).role || (decoded as any).roles?.[0];
|
|
91
|
+
// if (!userRole || !roles.includes(userRole)) {
|
|
92
|
+
// logger.warn("Insufficient permissions", {
|
|
93
|
+
// path: req.path,
|
|
94
|
+
// requiredRoles: roles,
|
|
95
|
+
// userRole
|
|
96
|
+
// });
|
|
97
|
+
// return next(HttpError.Forbidden("Insufficient permissions"));
|
|
98
|
+
// }
|
|
99
|
+
// }
|
|
100
|
+
// return next();
|
|
101
|
+
// } catch (err: any) {
|
|
102
|
+
// logger.error("JWT verify failed", {
|
|
103
|
+
// error: err?.message,
|
|
104
|
+
// path: req.path,
|
|
105
|
+
// method: req.method
|
|
106
|
+
// });
|
|
107
|
+
// return next(HttpError.Unauthorized("Invalid or expired token"));
|
|
108
|
+
// }
|
|
109
|
+
// };
|
|
110
|
+
// }
|
|
111
|
+
// }
|
|
112
|
+
const JWTAdapter_1 = require("../adapters/JWTAdapter");
|
|
113
|
+
const GoogleAdapter_1 = require("../adapters/GoogleAdapter");
|
|
114
|
+
const AdapterError_1 = require("../core/errors/AdapterError");
|
|
115
|
+
const HttpError_1 = require("../core/errors/HttpError");
|
|
8
116
|
const logging_1 = require("../logging");
|
|
9
117
|
class AuthManager {
|
|
10
118
|
constructor(opts) {
|
|
11
119
|
if (!opts.jwtSecret) {
|
|
12
|
-
throw new
|
|
120
|
+
throw new AdapterError_1.AdapterError("jwtSecret required in AuthOptions");
|
|
13
121
|
}
|
|
14
122
|
if (opts.jwtSecret.length < 32) {
|
|
15
|
-
logging_1.logger.warn(" JWT secret
|
|
123
|
+
logging_1.logger.warn("Weak JWT secret detected", {
|
|
124
|
+
layer: "auth-manager",
|
|
125
|
+
operation: "init",
|
|
126
|
+
secretLength: opts.jwtSecret.length
|
|
127
|
+
});
|
|
16
128
|
}
|
|
17
|
-
logging_1.logger.info("AuthManager initialized"
|
|
18
|
-
|
|
129
|
+
logging_1.logger.info("AuthManager initialized", {
|
|
130
|
+
layer: "auth-manager",
|
|
131
|
+
jwtExpiresIn: opts.jwtExpiresIn ?? "1d",
|
|
132
|
+
googleEnabled: !!opts.googleClientId
|
|
133
|
+
});
|
|
134
|
+
this.jwtAdapter = new JWTAdapter_1.JWTAdapter({
|
|
19
135
|
secret: opts.jwtSecret,
|
|
20
|
-
expiresIn: opts.jwtExpiresIn ?? "1d"
|
|
136
|
+
expiresIn: opts.jwtExpiresIn ?? "1d"
|
|
21
137
|
});
|
|
22
138
|
if (opts.googleClientId) {
|
|
23
|
-
this.googleAdapter = new
|
|
24
|
-
logging_1.logger.info("
|
|
139
|
+
this.googleAdapter = new GoogleAdapter_1.GoogleAdapter(opts.googleClientId);
|
|
140
|
+
logging_1.logger.info("Google authentication enabled", {
|
|
141
|
+
layer: "auth-manager"
|
|
142
|
+
});
|
|
25
143
|
}
|
|
26
144
|
}
|
|
27
145
|
sign(payload, options) {
|
|
28
|
-
logging_1.logger.info("JWT
|
|
146
|
+
logging_1.logger.info("JWT sign requested", {
|
|
147
|
+
layer: "auth-manager",
|
|
148
|
+
operation: "sign"
|
|
149
|
+
});
|
|
29
150
|
return this.jwtAdapter.sign(payload, options);
|
|
30
151
|
}
|
|
31
152
|
verify(token) {
|
|
32
|
-
logging_1.logger.info("JWT
|
|
153
|
+
logging_1.logger.info("JWT verify requested", {
|
|
154
|
+
layer: "auth-manager",
|
|
155
|
+
operation: "verify"
|
|
156
|
+
});
|
|
33
157
|
return this.jwtAdapter.verify(token);
|
|
34
158
|
}
|
|
35
159
|
async verifyGoogleIdToken(idToken) {
|
|
36
160
|
if (!this.googleAdapter) {
|
|
37
|
-
throw new
|
|
161
|
+
throw new AdapterError_1.AdapterError("GoogleAdapter not configured.");
|
|
38
162
|
}
|
|
39
|
-
logging_1.logger.info("Google ID
|
|
163
|
+
logging_1.logger.info("Google ID token verification requested", {
|
|
164
|
+
layer: "auth-manager",
|
|
165
|
+
operation: "google-verify"
|
|
166
|
+
});
|
|
40
167
|
try {
|
|
41
168
|
return await this.googleAdapter.verifyIdToken(idToken);
|
|
42
169
|
}
|
|
43
170
|
catch (err) {
|
|
44
|
-
logging_1.logger.error("Google ID
|
|
45
|
-
|
|
171
|
+
logging_1.logger.error("Google ID token verification failed", {
|
|
172
|
+
layer: "auth-manager",
|
|
173
|
+
operation: "google-verify",
|
|
174
|
+
reason: err?.message
|
|
175
|
+
});
|
|
176
|
+
throw HttpError_1.HttpError.Unauthorized("Invalid Google ID token");
|
|
46
177
|
}
|
|
47
178
|
}
|
|
48
179
|
protect(options) {
|
|
49
180
|
const required = options?.required ?? true;
|
|
50
181
|
const roles = options?.roles;
|
|
51
|
-
return (req,
|
|
182
|
+
return (req, _res, next) => {
|
|
52
183
|
const header = req.headers["authorization"];
|
|
53
184
|
if (!required && !header) {
|
|
54
185
|
return next();
|
|
55
186
|
}
|
|
56
187
|
if (!header) {
|
|
57
|
-
logging_1.logger.warn("
|
|
188
|
+
logging_1.logger.warn("Authorization header missing", {
|
|
189
|
+
layer: "auth-manager",
|
|
190
|
+
operation: "protect",
|
|
58
191
|
path: req.path,
|
|
59
192
|
method: req.method
|
|
60
193
|
});
|
|
61
|
-
return next(
|
|
194
|
+
return next(HttpError_1.HttpError.Unauthorized("Missing Authorization header"));
|
|
62
195
|
}
|
|
63
196
|
const [type, token] = String(header).split(" ");
|
|
64
197
|
if (type !== "Bearer" || !token) {
|
|
65
|
-
logging_1.logger.warn("Invalid Authorization header", {
|
|
198
|
+
logging_1.logger.warn("Invalid Authorization header format", {
|
|
199
|
+
layer: "auth-manager",
|
|
200
|
+
operation: "protect",
|
|
66
201
|
path: req.path,
|
|
67
202
|
method: req.method
|
|
68
203
|
});
|
|
69
|
-
return next(
|
|
204
|
+
return next(HttpError_1.HttpError.Unauthorized("Invalid Authorization header"));
|
|
70
205
|
}
|
|
71
206
|
try {
|
|
72
|
-
// Verify JWT
|
|
73
207
|
const decoded = this.verify(token);
|
|
74
|
-
// Attach to request
|
|
75
208
|
req.auth = decoded;
|
|
76
209
|
req.user = decoded;
|
|
77
|
-
// Role-based authorization - role added Middleware
|
|
78
210
|
if (roles && roles.length > 0) {
|
|
79
211
|
const userRole = decoded.role || decoded.roles?.[0];
|
|
80
212
|
if (!userRole || !roles.includes(userRole)) {
|
|
81
|
-
logging_1.logger.warn("
|
|
213
|
+
logging_1.logger.warn("Access denied: insufficient role", {
|
|
214
|
+
layer: "auth-manager",
|
|
215
|
+
operation: "authorize",
|
|
82
216
|
path: req.path,
|
|
83
217
|
requiredRoles: roles,
|
|
84
218
|
userRole
|
|
85
219
|
});
|
|
86
|
-
return next(
|
|
220
|
+
return next(HttpError_1.HttpError.Forbidden("Insufficient permissions"));
|
|
87
221
|
}
|
|
88
222
|
}
|
|
89
223
|
return next();
|
|
90
224
|
}
|
|
91
225
|
catch (err) {
|
|
92
|
-
logging_1.logger.error("JWT
|
|
93
|
-
|
|
226
|
+
logging_1.logger.error("JWT authentication failed", {
|
|
227
|
+
layer: "auth-manager",
|
|
228
|
+
operation: "protect",
|
|
94
229
|
path: req.path,
|
|
95
|
-
method: req.method
|
|
230
|
+
method: req.method,
|
|
231
|
+
reason: err?.message
|
|
96
232
|
});
|
|
97
|
-
return next(
|
|
233
|
+
return next(HttpError_1.HttpError.Unauthorized("Invalid or expired token"));
|
|
98
234
|
}
|
|
99
235
|
};
|
|
100
236
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthManager.js","sourceRoot":"","sources":["../../src/managers/AuthManager.ts"],"names":[],"mappings":";;;AAAA,6DAAuD;AACvD,mEAA6D;AAC7D,oEAA8D;AAC9D,8DAAwD;AAExD,wCAAoC;AAcpC,MAAa,WAAW;IAIpB,YAAY,IAAiB;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YAClB,MAAM,IAAI,8BAAY,CAAC,mCAAmC,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC7B,gBAAM,CAAC,IAAI,CAAC,2EAA2E,CAAC,CAAC;QAC7F,CAAC;QAED,gBAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAEvC,IAAI,CAAC,UAAU,GAAG,IAAI,0BAAU,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS;YACtB,SAAS,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI;SACvC,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtB,IAAI,CAAC,aAAa,GAAG,IAAI,gCAAa,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC5D,gBAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACzC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAuD;QACzE,gBAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC/B,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,CAAC,KAAa;QAChB,gBAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACjC,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,OAAe;QACrC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACtB,MAAM,IAAI,8BAAY,CAAC,+BAA+B,CAAC,CAAC;QAC5D,CAAC;QAED,gBAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAE7C,IAAI,CAAC;YACD,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAC3D,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;YAC7E,MAAM,wBAAS,CAAC,YAAY,CAAC,yBAAyB,CAAC,CAAC;QAC5D,CAAC;IACL,CAAC;IAED,OAAO,CAAC,OAAwB;QAC5B,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC;QAC3C,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;QAE7B,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YACvD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAG5C,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvB,OAAO,IAAI,EAAE,CAAC;YAClB,CAAC;YAGD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,gBAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE;oBACxC,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,wBAAS,CAAC,YAAY,CAAC,8BAA8B,CAAC,CAAC,CAAC;YACxE,CAAC;YAGD,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAChD,IAAI,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;gBAC9B,gBAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE;oBACxC,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,wBAAS,CAAC,YAAY,CAAC,8BAA8B,CAAC,CAAC,CAAC;YACxE,CAAC;YAED,IAAI,CAAC;gBAED,aAAa;gBACb,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAEnC,oBAAoB;gBACnB,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC;gBAC3B,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC;gBAE5B,mDAAmD;gBACnD,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC5B,MAAM,QAAQ,GAAI,OAAe,CAAC,IAAI,IAAK,OAAe,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;oBACtE,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACzC,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;4BACpC,IAAI,EAAE,GAAG,CAAC,IAAI;4BACd,aAAa,EAAE,KAAK;4BACpB,QAAQ;yBACX,CAAC,CAAC;wBACH,OAAO,IAAI,CAAC,wBAAS,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC,CAAC;oBACjE,CAAC;gBACL,CAAC;gBAED,OAAO,IAAI,EAAE,CAAC;YAClB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAChB,gBAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE;oBAC9B,KAAK,EAAE,GAAG,EAAE,OAAO;oBACnB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,wBAAS,CAAC,YAAY,CAAC,0BAA0B,CAAC,CAAC,CAAC;YACpE,CAAC;QACL,CAAC,CAAC;IACN,CAAC;CACJ;AAnHD,kCAmHC","sourcesContent":["import { JWTAdapter } from \"../adapters/JWTAdapter.js\";\r\nimport { GoogleAdapter } from \"../adapters/GoogleAdapter.js\";\r\nimport { AdapterError } from \"../core/errors/AdapterError.js\";\r\nimport { HttpError } from \"../core/errors/HttpError.js\";\r\nimport { Request, Response, NextFunction } from \"express\";\r\nimport { logger } from \"../logging\";\r\n\r\n\r\nexport interface AuthOptions {\r\n jwtSecret: string;\r\n jwtExpiresIn?: string | number;\r\n googleClientId?: string;\r\n}\r\n\r\nexport interface ProtectOptions {\r\n required?: boolean;\r\n roles?: string[];\r\n}\r\n\r\nexport class AuthManager {\r\n private jwtAdapter: JWTAdapter;\r\n private googleAdapter?: GoogleAdapter;\r\n\r\n constructor(opts: AuthOptions) {\r\n if (!opts.jwtSecret) {\r\n throw new AdapterError(\"jwtSecret required in AuthOptions\");\r\n }\r\n\r\n if (opts.jwtSecret.length < 32) {\r\n logger.warn(\" JWT secret is less than 32 characters - consider using a stronger secret\");\r\n }\r\n\r\n logger.info(\"AuthManager initialized\");\r\n\r\n this.jwtAdapter = new JWTAdapter({\r\n secret: opts.jwtSecret,\r\n expiresIn: opts.jwtExpiresIn ?? \"1d\",\r\n });\r\n\r\n if (opts.googleClientId) {\r\n this.googleAdapter = new GoogleAdapter(opts.googleClientId);\r\n logger.info(\"GoogleAdapter enabled\");\r\n }\r\n }\r\n\r\n sign(payload: object, options?: { expiresIn?: string | number, jti?: string }) {\r\n logger.info(\"JWT Sign called\");\r\n return this.jwtAdapter.sign(payload, options);\r\n }\r\n\r\n verify(token: string) {\r\n logger.info(\"JWT Verify called\");\r\n return this.jwtAdapter.verify(token);\r\n }\r\n\r\n async verifyGoogleIdToken(idToken: string) {\r\n if (!this.googleAdapter) {\r\n throw new AdapterError(\"GoogleAdapter not configured.\");\r\n }\r\n\r\n logger.info(\"Google ID Token verify called\");\r\n\r\n try {\r\n return await this.googleAdapter.verifyIdToken(idToken);\r\n } catch (err: any) {\r\n logger.error(\"Google ID Token verification failed\", { error: err?.message });\r\n throw HttpError.Unauthorized(\"Invalid Google ID token\");\r\n }\r\n }\r\n\r\n protect(options?: ProtectOptions) {\r\n const required = options?.required ?? true;\r\n const roles = options?.roles;\r\n\r\n return (req: Request, res: Response, next: NextFunction) => {\r\n const header = req.headers[\"authorization\"];\r\n\r\n \r\n if (!required && !header) {\r\n return next();\r\n }\r\n\r\n \r\n if (!header) {\r\n logger.warn(\"Missing Authorization header\", {\r\n path: req.path,\r\n method: req.method\r\n });\r\n return next(HttpError.Unauthorized(\"Missing Authorization header\"));\r\n }\r\n\r\n \r\n const [type, token] = String(header).split(\" \");\r\n if (type !== \"Bearer\" || !token) {\r\n logger.warn(\"Invalid Authorization header\", {\r\n path: req.path,\r\n method: req.method\r\n });\r\n return next(HttpError.Unauthorized(\"Invalid Authorization header\"));\r\n }\r\n\r\n try {\r\n\r\n // Verify JWT\r\n const decoded = this.verify(token);\r\n \r\n // Attach to request\r\n (req as any).auth = decoded;\r\n (req as any).user = decoded; \r\n \r\n // Role-based authorization - role added Middleware\r\n if (roles && roles.length > 0) {\r\n const userRole = (decoded as any).role || (decoded as any).roles?.[0];\r\n if (!userRole || !roles.includes(userRole)) {\r\n logger.warn(\"Insufficient permissions\", {\r\n path: req.path,\r\n requiredRoles: roles,\r\n userRole\r\n });\r\n return next(HttpError.Forbidden(\"Insufficient permissions\"));\r\n }\r\n }\r\n \r\n return next();\r\n } catch (err: any) {\r\n logger.error(\"JWT verify failed\", {\r\n error: err?.message,\r\n path: req.path,\r\n method: req.method\r\n });\r\n return next(HttpError.Unauthorized(\"Invalid or expired token\"));\r\n }\r\n };\r\n }\r\n}"]}
|
|
1
|
+
{"version":3,"file":"AuthManager.js","sourceRoot":"","sources":["../../src/managers/AuthManager.ts"],"names":[],"mappings":";AAAA,0DAA0D;AAC1D,gEAAgE;AAChE,iEAAiE;AACjE,2DAA2D;AAC3D,6DAA6D;AAC7D,uCAAuC;;;AAGvC,iCAAiC;AACjC,yBAAyB;AACzB,sCAAsC;AACtC,+BAA+B;AAC/B,IAAI;AAEJ,oCAAoC;AACpC,0BAA0B;AAC1B,wBAAwB;AACxB,IAAI;AAEJ,6BAA6B;AAC7B,sCAAsC;AACtC,6CAA6C;AAE7C,uCAAuC;AACvC,iCAAiC;AACjC,2EAA2E;AAC3E,YAAY;AAEZ,4CAA4C;AAC5C,wGAAwG;AACxG,YAAY;AAEZ,kDAAkD;AAElD,6CAA6C;AAC7C,sCAAsC;AACtC,oDAAoD;AACpD,cAAc;AAEd,qCAAqC;AACrC,2EAA2E;AAC3E,oDAAoD;AACpD,YAAY;AACZ,QAAQ;AAER,uFAAuF;AACvF,0CAA0C;AAC1C,yDAAyD;AACzD,QAAQ;AAER,8BAA8B;AAC9B,4CAA4C;AAC5C,gDAAgD;AAChD,QAAQ;AAER,mDAAmD;AACnD,qCAAqC;AACrC,uEAAuE;AACvE,YAAY;AAEZ,wDAAwD;AAExD,gBAAgB;AAChB,sEAAsE;AACtE,+BAA+B;AAC/B,4FAA4F;AAC5F,uEAAuE;AACvE,YAAY;AACZ,QAAQ;AAER,0CAA0C;AAC1C,sDAAsD;AACtD,wCAAwC;AAExC,wEAAwE;AACxE,2DAA2D;AAG3D,0CAA0C;AAC1C,iCAAiC;AACjC,gBAAgB;AAGhB,6BAA6B;AAC7B,gEAAgE;AAChE,sCAAsC;AACtC,yCAAyC;AACzC,sBAAsB;AACtB,uFAAuF;AACvF,gBAAgB;AAGhB,+DAA+D;AAC/D,iDAAiD;AACjD,gEAAgE;AAChE,sCAAsC;AACtC,yCAAyC;AACzC,sBAAsB;AACtB,uFAAuF;AACvF,gBAAgB;AAEhB,oBAAoB;AAEpB,gCAAgC;AAChC,sDAAsD;AAEtD,uCAAuC;AACvC,+CAA+C;AAC/C,gDAAgD;AAEhD,sEAAsE;AACtE,mDAAmD;AACnD,6FAA6F;AAC7F,oEAAoE;AACpE,oEAAoE;AACpE,8CAA8C;AAC9C,oDAAoD;AACpD,uCAAuC;AACvC,8BAA8B;AAC9B,wFAAwF;AACxF,wBAAwB;AACxB,oBAAoB;AAEpB,iCAAiC;AACjC,mCAAmC;AACnC,sDAAsD;AACtD,2CAA2C;AAC3C,sCAAsC;AACtC,yCAAyC;AACzC,sBAAsB;AACtB,mFAAmF;AACnF,gBAAgB;AAChB,aAAa;AACb,QAAQ;AACR,IAAI;AAOJ,uDAAoD;AACpD,6DAA0D;AAC1D,8DAA2D;AAC3D,wDAAqD;AAErD,wCAAoC;AAapC,MAAa,WAAW;IAIpB,YAAY,IAAiB;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YAClB,MAAM,IAAI,2BAAY,CAAC,mCAAmC,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC7B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACpC,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM;gBACjB,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM;aACtC,CAAC,CAAC;QACP,CAAC;QAED,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;YACnC,KAAK,EAAE,cAAc;YACrB,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI;YACvC,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,cAAc;SACvC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,GAAG,IAAI,uBAAU,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS;YACtB,SAAS,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI;SACvC,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtB,IAAI,CAAC,aAAa,GAAG,IAAI,6BAAa,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC5D,gBAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;gBACzC,KAAK,EAAE,cAAc;aACxB,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAuD;QACzE,gBAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE;YAC9B,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,CAAC,KAAa;QAChB,gBAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE;YAChC,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,QAAQ;SACtB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,OAAe;QACrC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACtB,MAAM,IAAI,2BAAY,CAAC,+BAA+B,CAAC,CAAC;QAC5D,CAAC;QAED,gBAAM,CAAC,IAAI,CAAC,wCAAwC,EAAE;YAClD,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,eAAe;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC;YACD,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAC3D,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE;gBAChD,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,eAAe;gBAC1B,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,qBAAS,CAAC,YAAY,CAAC,yBAAyB,CAAC,CAAC;QAC5D,CAAC;IACL,CAAC;IAED,OAAO,CAAC,OAAwB;QAC5B,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC;QAC3C,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;QAE7B,OAAO,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB,EAAE,EAAE;YACxD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAE5C,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvB,OAAO,IAAI,EAAE,CAAC;YAClB,CAAC;YAED,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,gBAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE;oBACxC,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,qBAAS,CAAC,YAAY,CAAC,8BAA8B,CAAC,CAAC,CAAC;YACxE,CAAC;YAED,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAChD,IAAI,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;gBAC9B,gBAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE;oBAC/C,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,qBAAS,CAAC,YAAY,CAAC,8BAA8B,CAAC,CAAC,CAAC;YACxE,CAAC;YAED,IAAI,CAAC;gBACD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAElC,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC;gBAC3B,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC;gBAE5B,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC5B,MAAM,QAAQ,GACT,OAAe,CAAC,IAAI,IAAK,OAAe,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;oBAEzD,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACzC,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;4BAC5C,KAAK,EAAE,cAAc;4BACrB,SAAS,EAAE,WAAW;4BACtB,IAAI,EAAE,GAAG,CAAC,IAAI;4BACd,aAAa,EAAE,KAAK;4BACpB,QAAQ;yBACX,CAAC,CAAC;wBAEH,OAAO,IAAI,CAAC,qBAAS,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC,CAAC;oBACjE,CAAC;gBACL,CAAC;gBAED,OAAO,IAAI,EAAE,CAAC;YAClB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAChB,gBAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE;oBACtC,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,MAAM,EAAE,GAAG,EAAE,OAAO;iBACvB,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,qBAAS,CAAC,YAAY,CAAC,0BAA0B,CAAC,CAAC,CAAC;YACpE,CAAC;QACL,CAAC,CAAC;IACN,CAAC;CACJ;AAlJD,kCAkJC","sourcesContent":["// import { JWTAdapter } from \"../adapters/JWTAdapter.js\";\r\n// import { GoogleAdapter } from \"../adapters/GoogleAdapter.js\";\r\n// import { AdapterError } from \"../core/errors/AdapterError.js\";\r\n// import { HttpError } from \"../core/errors/HttpError.js\";\r\n// import { Request, Response, NextFunction } from \"express\";\r\n// import { logger } from \"../logging\";\r\n\r\n\r\n// export interface AuthOptions {\r\n// jwtSecret: string;\r\n// jwtExpiresIn?: string | number;\r\n// googleClientId?: string;\r\n// }\r\n\r\n// export interface ProtectOptions {\r\n// required?: boolean;\r\n// roles?: string[];\r\n// }\r\n\r\n// export class AuthManager {\r\n// private jwtAdapter: JWTAdapter;\r\n// private googleAdapter?: GoogleAdapter;\r\n\r\n// constructor(opts: AuthOptions) {\r\n// if (!opts.jwtSecret) {\r\n// throw new AdapterError(\"jwtSecret required in AuthOptions\");\r\n// }\r\n\r\n// if (opts.jwtSecret.length < 32) {\r\n// logger.warn(\" JWT secret is less than 32 characters - consider using a stronger secret\");\r\n// }\r\n\r\n// logger.info(\"AuthManager initialized\");\r\n\r\n// this.jwtAdapter = new JWTAdapter({\r\n// secret: opts.jwtSecret,\r\n// expiresIn: opts.jwtExpiresIn ?? \"1d\",\r\n// });\r\n\r\n// if (opts.googleClientId) {\r\n// this.googleAdapter = new GoogleAdapter(opts.googleClientId);\r\n// logger.info(\"GoogleAdapter enabled\");\r\n// }\r\n// }\r\n\r\n// sign(payload: object, options?: { expiresIn?: string | number, jti?: string }) {\r\n// logger.info(\"JWT Sign called\");\r\n// return this.jwtAdapter.sign(payload, options);\r\n// }\r\n\r\n// verify(token: string) {\r\n// logger.info(\"JWT Verify called\");\r\n// return this.jwtAdapter.verify(token);\r\n// }\r\n\r\n// async verifyGoogleIdToken(idToken: string) {\r\n// if (!this.googleAdapter) {\r\n// throw new AdapterError(\"GoogleAdapter not configured.\");\r\n// }\r\n\r\n// logger.info(\"Google ID Token verify called\");\r\n\r\n// try {\r\n// return await this.googleAdapter.verifyIdToken(idToken);\r\n// } catch (err: any) {\r\n// logger.error(\"Google ID Token verification failed\", { error: err?.message });\r\n// throw HttpError.Unauthorized(\"Invalid Google ID token\");\r\n// }\r\n// }\r\n\r\n// protect(options?: ProtectOptions) {\r\n// const required = options?.required ?? true;\r\n// const roles = options?.roles;\r\n\r\n// return (req: Request, res: Response, next: NextFunction) => {\r\n// const header = req.headers[\"authorization\"];\r\n\r\n \r\n// if (!required && !header) {\r\n// return next();\r\n// }\r\n\r\n \r\n// if (!header) {\r\n// logger.warn(\"Missing Authorization header\", {\r\n// path: req.path,\r\n// method: req.method\r\n// });\r\n// return next(HttpError.Unauthorized(\"Missing Authorization header\"));\r\n// }\r\n\r\n \r\n// const [type, token] = String(header).split(\" \");\r\n// if (type !== \"Bearer\" || !token) {\r\n// logger.warn(\"Invalid Authorization header\", {\r\n// path: req.path,\r\n// method: req.method\r\n// });\r\n// return next(HttpError.Unauthorized(\"Invalid Authorization header\"));\r\n// }\r\n\r\n// try {\r\n\r\n// // Verify JWT\r\n// const decoded = this.verify(token);\r\n \r\n// // Attach to request\r\n// (req as any).auth = decoded;\r\n// (req as any).user = decoded; \r\n \r\n// // Role-based authorization - role added Middleware\r\n// if (roles && roles.length > 0) {\r\n// const userRole = (decoded as any).role || (decoded as any).roles?.[0];\r\n// if (!userRole || !roles.includes(userRole)) {\r\n// logger.warn(\"Insufficient permissions\", {\r\n// path: req.path,\r\n// requiredRoles: roles,\r\n// userRole\r\n// });\r\n// return next(HttpError.Forbidden(\"Insufficient permissions\"));\r\n// }\r\n// }\r\n \r\n// return next();\r\n// } catch (err: any) {\r\n// logger.error(\"JWT verify failed\", {\r\n// error: err?.message,\r\n// path: req.path,\r\n// method: req.method\r\n// });\r\n// return next(HttpError.Unauthorized(\"Invalid or expired token\"));\r\n// }\r\n// };\r\n// }\r\n// }\r\n\r\n\r\n\r\n\r\n\r\n\r\nimport { JWTAdapter } from \"../adapters/JWTAdapter\";\r\nimport { GoogleAdapter } from \"../adapters/GoogleAdapter\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { HttpError } from \"../core/errors/HttpError\";\r\nimport { Request, Response, NextFunction } from \"express\";\r\nimport { logger } from \"../logging\";\r\n\r\nexport interface AuthOptions {\r\n jwtSecret: string;\r\n jwtExpiresIn?: string | number;\r\n googleClientId?: string;\r\n}\r\n\r\nexport interface ProtectOptions {\r\n required?: boolean;\r\n roles?: string[];\r\n}\r\n\r\nexport class AuthManager {\r\n private jwtAdapter: JWTAdapter;\r\n private googleAdapter?: GoogleAdapter;\r\n\r\n constructor(opts: AuthOptions) {\r\n if (!opts.jwtSecret) {\r\n throw new AdapterError(\"jwtSecret required in AuthOptions\");\r\n }\r\n\r\n if (opts.jwtSecret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n layer: \"auth-manager\",\r\n operation: \"init\",\r\n secretLength: opts.jwtSecret.length\r\n });\r\n }\r\n\r\n logger.info(\"AuthManager initialized\", {\r\n layer: \"auth-manager\",\r\n jwtExpiresIn: opts.jwtExpiresIn ?? \"1d\",\r\n googleEnabled: !!opts.googleClientId\r\n });\r\n\r\n this.jwtAdapter = new JWTAdapter({\r\n secret: opts.jwtSecret,\r\n expiresIn: opts.jwtExpiresIn ?? \"1d\"\r\n });\r\n\r\n if (opts.googleClientId) {\r\n this.googleAdapter = new GoogleAdapter(opts.googleClientId);\r\n logger.info(\"Google authentication enabled\", {\r\n layer: \"auth-manager\"\r\n });\r\n }\r\n }\r\n\r\n sign(payload: object, options?: { expiresIn?: string | number; jti?: string }) {\r\n logger.info(\"JWT sign requested\", {\r\n layer: \"auth-manager\",\r\n operation: \"sign\"\r\n });\r\n\r\n return this.jwtAdapter.sign(payload, options);\r\n }\r\n\r\n verify(token: string) {\r\n logger.info(\"JWT verify requested\", {\r\n layer: \"auth-manager\",\r\n operation: \"verify\"\r\n });\r\n\r\n return this.jwtAdapter.verify(token);\r\n }\r\n\r\n async verifyGoogleIdToken(idToken: string) {\r\n if (!this.googleAdapter) {\r\n throw new AdapterError(\"GoogleAdapter not configured.\");\r\n }\r\n\r\n logger.info(\"Google ID token verification requested\", {\r\n layer: \"auth-manager\",\r\n operation: \"google-verify\"\r\n });\r\n\r\n try {\r\n return await this.googleAdapter.verifyIdToken(idToken);\r\n } catch (err: any) {\r\n logger.error(\"Google ID token verification failed\", {\r\n layer: \"auth-manager\",\r\n operation: \"google-verify\",\r\n reason: err?.message\r\n });\r\n\r\n throw HttpError.Unauthorized(\"Invalid Google ID token\");\r\n }\r\n }\r\n\r\n protect(options?: ProtectOptions) {\r\n const required = options?.required ?? true;\r\n const roles = options?.roles;\r\n\r\n return (req: Request, _res: Response, next: NextFunction) => {\r\n const header = req.headers[\"authorization\"];\r\n\r\n if (!required && !header) {\r\n return next();\r\n }\r\n\r\n if (!header) {\r\n logger.warn(\"Authorization header missing\", {\r\n layer: \"auth-manager\",\r\n operation: \"protect\",\r\n path: req.path,\r\n method: req.method\r\n });\r\n return next(HttpError.Unauthorized(\"Missing Authorization header\"));\r\n }\r\n\r\n const [type, token] = String(header).split(\" \");\r\n if (type !== \"Bearer\" || !token) {\r\n logger.warn(\"Invalid Authorization header format\", {\r\n layer: \"auth-manager\",\r\n operation: \"protect\",\r\n path: req.path,\r\n method: req.method\r\n });\r\n return next(HttpError.Unauthorized(\"Invalid Authorization header\"));\r\n }\r\n\r\n try {\r\n const decoded = this.verify(token);\r\n\r\n (req as any).auth = decoded;\r\n (req as any).user = decoded;\r\n\r\n if (roles && roles.length > 0) {\r\n const userRole =\r\n (decoded as any).role || (decoded as any).roles?.[0];\r\n\r\n if (!userRole || !roles.includes(userRole)) {\r\n logger.warn(\"Access denied: insufficient role\", {\r\n layer: \"auth-manager\",\r\n operation: \"authorize\",\r\n path: req.path,\r\n requiredRoles: roles,\r\n userRole\r\n });\r\n\r\n return next(HttpError.Forbidden(\"Insufficient permissions\"));\r\n }\r\n }\r\n\r\n return next();\r\n } catch (err: any) {\r\n logger.error(\"JWT authentication failed\", {\r\n layer: \"auth-manager\",\r\n operation: \"protect\",\r\n path: req.path,\r\n method: req.method,\r\n reason: err?.message\r\n });\r\n\r\n return next(HttpError.Unauthorized(\"Invalid or expired token\"));\r\n }\r\n };\r\n }\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CorsManager.d.ts","sourceRoot":"","sources":["../../src/managers/CorsManager.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"CorsManager.d.ts","sourceRoot":"","sources":["../../src/managers/CorsManager.ts"],"names":[],"mappings":"AAwCA,OAAO,IAAI,MAAM,MAAM,CAAC;AAIxB,qBAAa,WAAW;IACpB,UAAU,CAAC,OAAO,CAAC,EAAE,GAAG;kBAAb,CAAC;;;iBAIA,CAAA;CA+Bf"}
|
|
@@ -1,35 +1,70 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
// import cors from "cors";
|
|
3
|
+
// import { logger } from "../logging";
|
|
4
|
+
// import { AdapterError } from "../core/errors/AdapterError.js";
|
|
2
5
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
6
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
7
|
};
|
|
5
8
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
9
|
exports.CorsManager = void 0;
|
|
10
|
+
// export class CorsManager {
|
|
11
|
+
// middleware(options?: any) {
|
|
12
|
+
// try {
|
|
13
|
+
// const defaultOptions = {
|
|
14
|
+
// origin: '*',
|
|
15
|
+
// methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
|
|
16
|
+
// allowedHeaders: ['Content-Type', 'Authorization'],
|
|
17
|
+
// credentials: false,
|
|
18
|
+
// maxAge: 86400
|
|
19
|
+
// };
|
|
20
|
+
// const finalOptions = options ? { ...defaultOptions, ...options } : defaultOptions;
|
|
21
|
+
// logger.debug("CORS configured", {
|
|
22
|
+
// origin: finalOptions.origin,
|
|
23
|
+
// methods: finalOptions.methods
|
|
24
|
+
// });
|
|
25
|
+
// return cors(finalOptions);
|
|
26
|
+
// } catch (err: any) {
|
|
27
|
+
// logger.error(" CORS Manager: failed to create CORS middleware", {
|
|
28
|
+
// error: err?.message || err,
|
|
29
|
+
// options
|
|
30
|
+
// });
|
|
31
|
+
// throw new AdapterError("CORS middleware initialization failed.");
|
|
32
|
+
// }
|
|
33
|
+
// }
|
|
34
|
+
// }
|
|
7
35
|
const cors_1 = __importDefault(require("cors"));
|
|
8
36
|
const logging_1 = require("../logging");
|
|
9
|
-
const
|
|
37
|
+
const AdapterError_1 = require("../core/errors/AdapterError");
|
|
10
38
|
class CorsManager {
|
|
11
39
|
middleware(options) {
|
|
12
40
|
try {
|
|
13
41
|
const defaultOptions = {
|
|
14
|
-
origin:
|
|
15
|
-
methods: [
|
|
16
|
-
allowedHeaders: [
|
|
42
|
+
origin: "*",
|
|
43
|
+
methods: ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"],
|
|
44
|
+
allowedHeaders: ["Content-Type", "Authorization"],
|
|
17
45
|
credentials: false,
|
|
18
46
|
maxAge: 86400
|
|
19
47
|
};
|
|
20
|
-
const finalOptions = options
|
|
21
|
-
|
|
48
|
+
const finalOptions = options
|
|
49
|
+
? { ...defaultOptions, ...options }
|
|
50
|
+
: defaultOptions;
|
|
51
|
+
// ✅ visible + clean log
|
|
52
|
+
logging_1.logger.info("CORS middleware configured", {
|
|
53
|
+
layer: "cors-manager",
|
|
54
|
+
operation: "init",
|
|
22
55
|
origin: finalOptions.origin,
|
|
23
|
-
methods: finalOptions.methods
|
|
56
|
+
methods: finalOptions.methods,
|
|
57
|
+
credentials: finalOptions.credentials
|
|
24
58
|
});
|
|
25
59
|
return (0, cors_1.default)(finalOptions);
|
|
26
60
|
}
|
|
27
61
|
catch (err) {
|
|
28
|
-
logging_1.logger.error("
|
|
29
|
-
|
|
30
|
-
|
|
62
|
+
logging_1.logger.error("CORS middleware initialization failed", {
|
|
63
|
+
layer: "cors-manager",
|
|
64
|
+
operation: "init",
|
|
65
|
+
reason: err?.message
|
|
31
66
|
});
|
|
32
|
-
throw new
|
|
67
|
+
throw new AdapterError_1.AdapterError("CORS middleware initialization failed.");
|
|
33
68
|
}
|
|
34
69
|
}
|
|
35
70
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CorsManager.js","sourceRoot":"","sources":["../../src/managers/CorsManager.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"CorsManager.js","sourceRoot":"","sources":["../../src/managers/CorsManager.ts"],"names":[],"mappings":";AAAA,2BAA2B;AAC3B,uCAAuC;AACvC,iEAAiE;;;;;;AAEjE,6BAA6B;AAE7B,kCAAkC;AAClC,gBAAgB;AAChB,uCAAuC;AACvC,+BAA+B;AAC/B,iFAAiF;AACjF,qEAAqE;AACrE,sCAAsC;AACtC,gCAAgC;AAChC,iBAAiB;AAEjB,iGAAiG;AAEjG,gDAAgD;AAChD,+CAA+C;AAC/C,gDAAgD;AAChD,kBAAkB;AAElB,yCAAyC;AAEzC,+BAA+B;AAC/B,gFAAgF;AAChF,8CAA8C;AAC9C,0BAA0B;AAC1B,kBAAkB;AAClB,gFAAgF;AAChF,YAAY;AACZ,QAAQ;AACR,IAAI;AAOJ,gDAAwB;AACxB,wCAAoC;AACpC,8DAA2D;AAE3D,MAAa,WAAW;IACpB,UAAU,CAAC,OAAa;QACpB,IAAI,CAAC;YACD,MAAM,cAAc,GAAG;gBACnB,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC;gBAC7D,cAAc,EAAE,CAAC,cAAc,EAAE,eAAe,CAAC;gBACjD,WAAW,EAAE,KAAK;gBAClB,MAAM,EAAE,KAAK;aAChB,CAAC;YAEF,MAAM,YAAY,GAAG,OAAO;gBACxB,CAAC,CAAC,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE;gBACnC,CAAC,CAAC,cAAc,CAAC;YAErB,wBAAwB;YACxB,gBAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE;gBACtC,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,YAAY,CAAC,OAAO;gBAC7B,WAAW,EAAE,YAAY,CAAC,WAAW;aACxC,CAAC,CAAC;YAEH,OAAO,IAAA,cAAI,EAAC,YAAY,CAAC,CAAC;QAE9B,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE;gBAClD,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,wCAAwC,CAAC,CAAC;QACrE,CAAC;IACL,CAAC;CACJ;AApCD,kCAoCC","sourcesContent":["// import cors from \"cors\";\r\n// import { logger } from \"../logging\";\r\n// import { AdapterError } from \"../core/errors/AdapterError.js\";\r\n\r\n// export class CorsManager {\r\n \r\n// middleware(options?: any) {\r\n// try {\r\n// const defaultOptions = {\r\n// origin: '*',\r\n// methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],\r\n// allowedHeaders: ['Content-Type', 'Authorization'],\r\n// credentials: false,\r\n// maxAge: 86400\r\n// };\r\n \r\n// const finalOptions = options ? { ...defaultOptions, ...options } : defaultOptions;\r\n \r\n// logger.debug(\"CORS configured\", {\r\n// origin: finalOptions.origin,\r\n// methods: finalOptions.methods\r\n// });\r\n \r\n// return cors(finalOptions);\r\n \r\n// } catch (err: any) {\r\n// logger.error(\" CORS Manager: failed to create CORS middleware\", {\r\n// error: err?.message || err,\r\n// options\r\n// });\r\n// throw new AdapterError(\"CORS middleware initialization failed.\");\r\n// }\r\n// }\r\n// }\r\n\r\n\r\n\r\n\r\n\r\n\r\nimport cors from \"cors\";\r\nimport { logger } from \"../logging\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\n\r\nexport class CorsManager {\r\n middleware(options?: any) {\r\n try {\r\n const defaultOptions = {\r\n origin: \"*\",\r\n methods: [\"GET\", \"POST\", \"PUT\", \"DELETE\", \"PATCH\", \"OPTIONS\"],\r\n allowedHeaders: [\"Content-Type\", \"Authorization\"],\r\n credentials: false,\r\n maxAge: 86400\r\n };\r\n\r\n const finalOptions = options\r\n ? { ...defaultOptions, ...options }\r\n : defaultOptions;\r\n\r\n // ✅ visible + clean log\r\n logger.info(\"CORS middleware configured\", {\r\n layer: \"cors-manager\",\r\n operation: \"init\",\r\n origin: finalOptions.origin,\r\n methods: finalOptions.methods,\r\n credentials: finalOptions.credentials\r\n });\r\n\r\n return cors(finalOptions);\r\n\r\n } catch (err: any) {\r\n logger.error(\"CORS middleware initialization failed\", {\r\n layer: \"cors-manager\",\r\n operation: \"init\",\r\n reason: err?.message\r\n });\r\n\r\n throw new AdapterError(\"CORS middleware initialization failed.\");\r\n }\r\n }\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"HashManager.d.ts","sourceRoot":"","sources":["../../src/managers/HashManager.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"HashManager.d.ts","sourceRoot":"","sources":["../../src/managers/HashManager.ts"],"names":[],"mappings":"AA6GA,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAG9D,UAAU,WAAW;IACjB,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC3D;AAED,MAAM,WAAW,UAAU;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,OAAO,CAAC;CACzB;AAED,qBAAa,WAAW;IACpB,OAAO,CAAC,MAAM,CAA4B;IAC1C,OAAO,CAAC,cAAc,CAAc;IACpC,OAAO,CAAC,eAAe,CAAqB;gBAGxC,MAAM,EAAE,cAAc,CAAC,SAAS,CAAC,EACjC,cAAc,EAAE,WAAW,EAC3B,eAAe,EAAE,WAAW,GAAG,IAAI;IAajC,IAAI,CACN,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,OAAO,CAAA;KAAE,GACtC,OAAO,CAAC,UAAU,CAAC;IAyDhB,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAoChE"}
|