hi-secure 1.0.15 → 1.0.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/ArgonAdapter.d.ts +1 -1
- package/dist/adapters/ArgonAdapter.d.ts.map +1 -1
- package/dist/adapters/ArgonAdapter.js +7 -5
- package/dist/adapters/ArgonAdapter.js.map +1 -1
- package/dist/adapters/BcryptAdapter.d.ts.map +1 -1
- package/dist/adapters/BcryptAdapter.js +7 -3
- package/dist/adapters/BcryptAdapter.js.map +1 -1
- package/dist/adapters/ExpressRLAdapter.d.ts.map +1 -1
- package/dist/adapters/ExpressRLAdapter.js +10 -6
- package/dist/adapters/ExpressRLAdapter.js.map +1 -1
- package/dist/adapters/ExpressValidatorAdapter.d.ts.map +1 -1
- package/dist/adapters/ExpressValidatorAdapter.js +14 -10
- package/dist/adapters/ExpressValidatorAdapter.js.map +1 -1
- package/dist/adapters/GoogleAdapter.d.ts.map +1 -1
- package/dist/adapters/GoogleAdapter.js +19 -16
- package/dist/adapters/GoogleAdapter.js.map +1 -1
- package/dist/adapters/JWTAdapter.d.ts.map +1 -1
- package/dist/adapters/JWTAdapter.js +25 -15
- package/dist/adapters/JWTAdapter.js.map +1 -1
- package/dist/adapters/RLFlexibleAdapter.d.ts.map +1 -1
- package/dist/adapters/RLFlexibleAdapter.js +23 -12
- package/dist/adapters/RLFlexibleAdapter.js.map +1 -1
- package/dist/adapters/SanitizeHtmlAdapter.d.ts.map +1 -1
- package/dist/adapters/SanitizeHtmlAdapter.js +17 -13
- package/dist/adapters/SanitizeHtmlAdapter.js.map +1 -1
- package/dist/adapters/XSSAdapter.d.ts +1 -1
- package/dist/adapters/XSSAdapter.d.ts.map +1 -1
- package/dist/adapters/XSSAdapter.js +21 -20
- package/dist/adapters/XSSAdapter.js.map +1 -1
- package/dist/adapters/ZodAdapter.d.ts +1 -1
- package/dist/adapters/ZodAdapter.d.ts.map +1 -1
- package/dist/adapters/ZodAdapter.js +10 -8
- package/dist/adapters/ZodAdapter.js.map +1 -1
- package/dist/core/HiSecure.d.ts +3 -4
- package/dist/core/HiSecure.d.ts.map +1 -1
- package/dist/core/HiSecure.js +91 -120
- package/dist/core/HiSecure.js.map +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -1
- package/dist/index.js.map +1 -1
- package/dist/logging/morganSetup.d.ts.map +1 -1
- package/dist/logging/morganSetup.js +8 -1
- package/dist/logging/morganSetup.js.map +1 -1
- package/dist/logging/winstonSetup.d.ts.map +1 -1
- package/dist/logging/winstonSetup.js +17 -3
- package/dist/logging/winstonSetup.js.map +1 -1
- package/dist/managers/AuthManager.d.ts +2 -2
- package/dist/managers/AuthManager.d.ts.map +1 -1
- package/dist/managers/AuthManager.js +59 -31
- package/dist/managers/AuthManager.js.map +1 -1
- package/dist/managers/CorsManager.d.ts.map +1 -1
- package/dist/managers/CorsManager.js +18 -11
- package/dist/managers/CorsManager.js.map +1 -1
- package/dist/managers/HashManager.d.ts +1 -1
- package/dist/managers/HashManager.d.ts.map +1 -1
- package/dist/managers/HashManager.js +35 -17
- package/dist/managers/HashManager.js.map +1 -1
- package/dist/managers/JsonManager.d.ts +1 -1
- package/dist/managers/JsonManager.d.ts.map +1 -1
- package/dist/managers/JsonManager.js +44 -16
- package/dist/managers/JsonManager.js.map +1 -1
- package/dist/managers/RateLimitManager.d.ts +1 -1
- package/dist/managers/RateLimitManager.d.ts.map +1 -1
- package/dist/managers/RateLimitManager.js +43 -22
- package/dist/managers/RateLimitManager.js.map +1 -1
- package/dist/managers/SanitizerManager.d.ts.map +1 -1
- package/dist/managers/SanitizerManager.js +32 -15
- package/dist/managers/SanitizerManager.js.map +1 -1
- package/dist/managers/ValidatorManager.d.ts.map +1 -1
- package/dist/managers/ValidatorManager.js +31 -7
- package/dist/managers/ValidatorManager.js.map +1 -1
- package/package.json +2 -6
- package/readme.md +3 -6
- package/src/adapters/ArgonAdapter.ts +10 -6
- package/src/adapters/BcryptAdapter.ts +7 -8
- package/src/adapters/ExpressRLAdapter.ts +14 -9
- package/src/adapters/ExpressValidatorAdapter.ts +17 -11
- package/src/adapters/GoogleAdapter.ts +24 -21
- package/src/adapters/JWTAdapter.ts +33 -21
- package/src/adapters/RLFlexibleAdapter.ts +31 -16
- package/src/adapters/SanitizeHtmlAdapter.ts +28 -18
- package/src/adapters/XSSAdapter.ts +33 -38
- package/src/adapters/ZodAdapter.ts +10 -10
- package/src/core/HiSecure.ts +127 -161
- package/src/index.ts +4 -0
- package/src/logging/morganSetup.ts +11 -1
- package/src/logging/winstonSetup.ts +35 -8
- package/src/managers/AuthManager.ts +64 -34
- package/src/managers/CorsManager.ts +23 -16
- package/src/managers/HashManager.ts +48 -19
- package/src/managers/JsonManager.ts +57 -15
- package/src/managers/RateLimitManager.ts +61 -29
- package/src/managers/SanitizerManager.ts +47 -25
- package/src/managers/ValidatorManager.ts +40 -15
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ArgonAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/ArgonAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAI5B,qBAAa,YAAY;IACrB,OAAO,CAAC,OAAO,
|
|
1
|
+
{"version":3,"file":"ArgonAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/ArgonAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAI5B,qBAAa,YAAY;IACrB,OAAO,CAAC,OAAO,CAAC,CAAiB;gBAErB,OAAO,CAAC,EAAE,MAAM,CAAC,OAAO;IAI9B,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAgBpC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAiBhE"}
|
|
@@ -9,9 +9,7 @@ const AdapterError_1 = require("../core/errors/AdapterError");
|
|
|
9
9
|
const logging_1 = require("../logging");
|
|
10
10
|
class ArgonAdapter {
|
|
11
11
|
constructor(options) {
|
|
12
|
-
|
|
13
|
-
this.options = options;
|
|
14
|
-
}
|
|
12
|
+
this.options = options;
|
|
15
13
|
}
|
|
16
14
|
async hash(value) {
|
|
17
15
|
try {
|
|
@@ -21,7 +19,9 @@ class ArgonAdapter {
|
|
|
21
19
|
}
|
|
22
20
|
catch (err) {
|
|
23
21
|
logging_1.logger.error("Argon2 hashing failed", {
|
|
24
|
-
|
|
22
|
+
adapter: "argon2",
|
|
23
|
+
operation: "hash",
|
|
24
|
+
reason: err?.message
|
|
25
25
|
});
|
|
26
26
|
throw new AdapterError_1.AdapterError("Argon2 hashing failed.");
|
|
27
27
|
}
|
|
@@ -35,7 +35,9 @@ class ArgonAdapter {
|
|
|
35
35
|
}
|
|
36
36
|
catch (err) {
|
|
37
37
|
logging_1.logger.error("Argon2 verify failed", {
|
|
38
|
-
|
|
38
|
+
adapter: "argon2",
|
|
39
|
+
operation: "verify",
|
|
40
|
+
reason: err?.message
|
|
39
41
|
});
|
|
40
42
|
throw new AdapterError_1.AdapterError("Argon2 verify failed.");
|
|
41
43
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ArgonAdapter.js","sourceRoot":"","sources":["../../src/adapters/ArgonAdapter.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAC5B,8DAA2D;AAC3D,wCAAoC;AAEpC,MAAa,YAAY;IAGrB,YAAY,OAAwB;QAChC,IAAI,
|
|
1
|
+
{"version":3,"file":"ArgonAdapter.js","sourceRoot":"","sources":["../../src/adapters/ArgonAdapter.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAC5B,8DAA2D;AAC3D,wCAAoC;AAEpC,MAAa,YAAY;IAGrB,YAAY,OAAwB;QAChC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAa;QACpB,IAAI,CAAC;YACD,OAAO,IAAI,CAAC,OAAO;gBACf,CAAC,CAAC,MAAM,gBAAM,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC;gBACxC,CAAC,CAAC,MAAM,gBAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE;gBAClC,OAAO,EAAE,QAAQ;gBACjB,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,wBAAwB,CAAC,CAAC;QACrD,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,MAAc;QACtC,IAAI,CAAC;YACD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACxC,MAAM,IAAI,2BAAY,CAAC,yCAAyC,CAAC,CAAC;YACtE,CAAC;YAED,OAAO,MAAM,gBAAM,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE;gBACjC,OAAO,EAAE,QAAQ;gBACjB,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,uBAAuB,CAAC,CAAC;QACpD,CAAC;IACL,CAAC;CACJ;AAxCD,oCAwCC","sourcesContent":["import argon2 from \"argon2\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { logger } from \"../logging\";\r\n\r\nexport class ArgonAdapter {\r\n private options?: argon2.Options;\r\n\r\n constructor(options?: argon2.Options) {\r\n this.options = options;\r\n }\r\n\r\n async hash(value: string): Promise<string> {\r\n try {\r\n return this.options\r\n ? await argon2.hash(value, this.options)\r\n : await argon2.hash(value);\r\n } catch (err: any) {\r\n logger.error(\"Argon2 hashing failed\", {\r\n adapter: \"argon2\",\r\n operation: \"hash\",\r\n reason: err?.message\r\n });\r\n\r\n throw new AdapterError(\"Argon2 hashing failed.\");\r\n }\r\n }\r\n\r\n async verify(value: string, hashed: string): Promise<boolean> {\r\n try {\r\n if (!hashed || typeof hashed !== \"string\") {\r\n throw new AdapterError(\"Invalid hash provided for verification.\");\r\n }\r\n\r\n return await argon2.verify(hashed, value);\r\n } catch (err: any) {\r\n logger.error(\"Argon2 verify failed\", {\r\n adapter: \"argon2\",\r\n operation: \"verify\",\r\n reason: err?.message\r\n });\r\n\r\n throw new AdapterError(\"Argon2 verify failed.\");\r\n }\r\n }\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BcryptAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/BcryptAdapter.ts"],"names":[],"mappings":"AAIA,qBAAa,aAAa;IACV,OAAO,CAAC,UAAU;gBAAV,UAAU,GAAE,MAAW;IAErC,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"BcryptAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/BcryptAdapter.ts"],"names":[],"mappings":"AAIA,qBAAa,aAAa;IACV,OAAO,CAAC,UAAU;gBAAV,UAAU,GAAE,MAAW;IAErC,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAmBpC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAqBhE"}
|
|
@@ -20,8 +20,10 @@ class BcryptAdapter {
|
|
|
20
20
|
}
|
|
21
21
|
catch (err) {
|
|
22
22
|
logging_1.logger.error("Bcrypt hashing failed", {
|
|
23
|
-
|
|
24
|
-
|
|
23
|
+
adapter: "bcrypt",
|
|
24
|
+
operation: "hash",
|
|
25
|
+
saltRounds: this.saltRounds,
|
|
26
|
+
reason: err?.message
|
|
25
27
|
});
|
|
26
28
|
throw new AdapterError_1.AdapterError("Bcrypt hashing failed.");
|
|
27
29
|
}
|
|
@@ -38,7 +40,9 @@ class BcryptAdapter {
|
|
|
38
40
|
}
|
|
39
41
|
catch (err) {
|
|
40
42
|
logging_1.logger.error("Bcrypt verify failed", {
|
|
41
|
-
|
|
43
|
+
adapter: "bcrypt",
|
|
44
|
+
operation: "verify",
|
|
45
|
+
reason: err?.message
|
|
42
46
|
});
|
|
43
47
|
throw new AdapterError_1.AdapterError("Bcrypt verify failed.");
|
|
44
48
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BcryptAdapter.js","sourceRoot":"","sources":["../../src/adapters/BcryptAdapter.ts"],"names":[],"mappings":";;;;;;AAAA,wDAA8B;AAC9B,8DAA2D;AAC3D,wCAAoC;AAEpC,MAAa,aAAa;IACtB,YAAoB,aAAqB,EAAE;QAAvB,eAAU,GAAV,UAAU,CAAa;IAAG,CAAC;IAE/C,KAAK,CAAC,IAAI,CAAC,KAAa;QACpB,IAAI,CAAC;YACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC5B,MAAM,IAAI,2BAAY,CAAC,iCAAiC,CAAC,CAAC;YAC9D,CAAC;YAED,OAAO,MAAM,kBAAM,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE;gBAClC,
|
|
1
|
+
{"version":3,"file":"BcryptAdapter.js","sourceRoot":"","sources":["../../src/adapters/BcryptAdapter.ts"],"names":[],"mappings":";;;;;;AAAA,wDAA8B;AAC9B,8DAA2D;AAC3D,wCAAoC;AAEpC,MAAa,aAAa;IACtB,YAAoB,aAAqB,EAAE;QAAvB,eAAU,GAAV,UAAU,CAAa;IAAG,CAAC;IAE/C,KAAK,CAAC,IAAI,CAAC,KAAa;QACpB,IAAI,CAAC;YACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC5B,MAAM,IAAI,2BAAY,CAAC,iCAAiC,CAAC,CAAC;YAC9D,CAAC;YAED,OAAO,MAAM,kBAAM,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE;gBAClC,OAAO,EAAE,QAAQ;gBACjB,SAAS,EAAE,MAAM;gBACjB,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,wBAAwB,CAAC,CAAC;QACrD,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,MAAc;QACtC,IAAI,CAAC;YACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC5B,MAAM,IAAI,2BAAY,CAAC,mCAAmC,CAAC,CAAC;YAChE,CAAC;YAED,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACxC,MAAM,IAAI,2BAAY,CAAC,iCAAiC,CAAC,CAAC;YAC9D,CAAC;YAED,OAAO,MAAM,kBAAM,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC/C,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE;gBACjC,OAAO,EAAE,QAAQ;gBACjB,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,uBAAuB,CAAC,CAAC;QACpD,CAAC;IACL,CAAC;CACJ;AA3CD,sCA2CC","sourcesContent":["import bcrypt from \"bcryptjs\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { logger } from \"../logging\";\r\n\r\nexport class BcryptAdapter {\r\n constructor(private saltRounds: number = 10) {}\r\n\r\n async hash(value: string): Promise<string> {\r\n try {\r\n if (typeof value !== \"string\") {\r\n throw new AdapterError(\"Value to hash must be a string.\");\r\n }\r\n\r\n return await bcrypt.hash(value, this.saltRounds);\r\n } catch (err: any) {\r\n logger.error(\"Bcrypt hashing failed\", {\r\n adapter: \"bcrypt\",\r\n operation: \"hash\",\r\n saltRounds: this.saltRounds,\r\n reason: err?.message\r\n });\r\n\r\n throw new AdapterError(\"Bcrypt hashing failed.\");\r\n }\r\n }\r\n\r\n async verify(value: string, hashed: string): Promise<boolean> {\r\n try {\r\n if (typeof value !== \"string\") {\r\n throw new AdapterError(\"Value to verify must be a string.\");\r\n }\r\n\r\n if (!hashed || typeof hashed !== \"string\") {\r\n throw new AdapterError(\"Invalid hashed string provided.\");\r\n }\r\n\r\n return await bcrypt.compare(value, hashed);\r\n } catch (err: any) {\r\n logger.error(\"Bcrypt verify failed\", {\r\n adapter: \"bcrypt\",\r\n operation: \"verify\",\r\n reason: err?.message\r\n });\r\n\r\n throw new AdapterError(\"Bcrypt verify failed.\");\r\n }\r\n }\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ExpressRLAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/ExpressRLAdapter.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,gBAAgB;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,GAAG,CAAC;IACd,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACtB;AAED,qBAAa,gBAAgB;IACzB,aAAa,CAAC,OAAO,GAAE,gBAAqB;
|
|
1
|
+
{"version":3,"file":"ExpressRLAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/ExpressRLAdapter.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,gBAAgB;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,GAAG,CAAC;IACd,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACtB;AAED,qBAAa,gBAAgB;IACzB,aAAa,CAAC,OAAO,GAAE,gBAAqB;CAkC/C"}
|
|
@@ -5,8 +5,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.ExpressRLAdapter = void 0;
|
|
7
7
|
const express_rate_limit_1 = __importDefault(require("express-rate-limit"));
|
|
8
|
-
const
|
|
9
|
-
const
|
|
8
|
+
const logging_1 = require("../logging");
|
|
9
|
+
const AdapterError_1 = require("../core/errors/AdapterError");
|
|
10
10
|
class ExpressRLAdapter {
|
|
11
11
|
getMiddleware(options = {}) {
|
|
12
12
|
try {
|
|
@@ -20,17 +20,21 @@ class ExpressRLAdapter {
|
|
|
20
20
|
};
|
|
21
21
|
const finalOptions = { ...defaultOptions, ...options };
|
|
22
22
|
const limiter = (0, express_rate_limit_1.default)(finalOptions);
|
|
23
|
-
|
|
23
|
+
logging_1.logger.info("Express rate limiter configured", {
|
|
24
|
+
adapter: "express-rate-limit",
|
|
25
|
+
operation: "configure",
|
|
24
26
|
windowMs: finalOptions.windowMs,
|
|
25
27
|
max: finalOptions.max
|
|
26
28
|
});
|
|
27
29
|
return limiter;
|
|
28
30
|
}
|
|
29
31
|
catch (err) {
|
|
30
|
-
|
|
31
|
-
|
|
32
|
+
logging_1.logger.error("Express rate limiter setup failed", {
|
|
33
|
+
adapter: "express-rate-limit",
|
|
34
|
+
operation: "configure",
|
|
35
|
+
reason: err?.message
|
|
32
36
|
});
|
|
33
|
-
throw new
|
|
37
|
+
throw new AdapterError_1.AdapterError("Express rate limiter creation failed.");
|
|
34
38
|
}
|
|
35
39
|
}
|
|
36
40
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ExpressRLAdapter.js","sourceRoot":"","sources":["../../src/adapters/ExpressRLAdapter.ts"],"names":[],"mappings":";;;;;;AAAA,4EAA2C;AAC3C,
|
|
1
|
+
{"version":3,"file":"ExpressRLAdapter.js","sourceRoot":"","sources":["../../src/adapters/ExpressRLAdapter.ts"],"names":[],"mappings":";;;;;;AAAA,4EAA2C;AAC3C,wCAAoC;AACpC,8DAA2D;AAY3D,MAAa,gBAAgB;IACzB,aAAa,CAAC,UAA4B,EAAE;QACxC,IAAI,CAAC;YACD,MAAM,cAAc,GAAG;gBACnB,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;gBACxB,GAAG,EAAE,GAAG;gBACR,OAAO,EAAE,EAAE,KAAK,EAAE,mBAAmB,EAAE;gBACvC,eAAe,EAAE,IAAI;gBACrB,aAAa,EAAE,KAAK;gBACpB,kBAAkB,EAAE,KAAK;aAC5B,CAAC;YAEF,MAAM,YAAY,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;YAEvD,MAAM,OAAO,GAAG,IAAA,4BAAS,EAAC,YAAY,CAAC,CAAC;YAGxC,gBAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE;gBAC3C,OAAO,EAAE,oBAAoB;gBAC7B,SAAS,EAAE,WAAW;gBACtB,QAAQ,EAAE,YAAY,CAAC,QAAQ;gBAC/B,GAAG,EAAE,YAAY,CAAC,GAAG;aACxB,CAAC,CAAC;YAEH,OAAO,OAAO,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE;gBAC9C,OAAO,EAAE,oBAAoB;gBAC7B,SAAS,EAAE,WAAW;gBACtB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,uCAAuC,CAAC,CAAC;QACpE,CAAC;IACL,CAAC;CACJ;AAnCD,4CAmCC","sourcesContent":["import rateLimit from \"express-rate-limit\";\r\nimport { logger } from \"../logging\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\n\r\nexport interface RateLimitOptions {\r\n windowMs?: number;\r\n max?: number;\r\n message?: any;\r\n skipFailedRequests?: boolean;\r\n standardHeaders?: boolean;\r\n legacyHeaders?: boolean;\r\n [key: string]: any;\r\n}\r\n\r\nexport class ExpressRLAdapter {\r\n getMiddleware(options: RateLimitOptions = {}) {\r\n try {\r\n const defaultOptions = {\r\n windowMs: 15 * 60 * 1000,\r\n max: 100,\r\n message: { error: \"Too many requests\" },\r\n standardHeaders: true,\r\n legacyHeaders: false,\r\n skipFailedRequests: false\r\n };\r\n\r\n const finalOptions = { ...defaultOptions, ...options };\r\n\r\n const limiter = rateLimit(finalOptions);\r\n\r\n \r\n logger.info(\"Express rate limiter configured\", {\r\n adapter: \"express-rate-limit\",\r\n operation: \"configure\",\r\n windowMs: finalOptions.windowMs,\r\n max: finalOptions.max\r\n });\r\n\r\n return limiter;\r\n } catch (err: any) {\r\n logger.error(\"Express rate limiter setup failed\", {\r\n adapter: \"express-rate-limit\",\r\n operation: \"configure\",\r\n reason: err?.message\r\n });\r\n\r\n throw new AdapterError(\"Express rate limiter creation failed.\");\r\n }\r\n }\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ExpressValidatorAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/ExpressValidatorAdapter.ts"],"names":[],"mappings":"AAIA,qBAAa,uBAAuB;IAChC,OAAO,CAAC,YAAY,CAAC,CAAQ;gBAEjB,YAAY,CAAC,EAAE,GAAG,EAAE;IAIhC,QAAQ,CAAC,aAAa,CAAC,EAAE,GAAG,EAAE,kBAIT,GAAG,OAAO,GAAG,QAAQ,GAAG;
|
|
1
|
+
{"version":3,"file":"ExpressValidatorAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/ExpressValidatorAdapter.ts"],"names":[],"mappings":"AAIA,qBAAa,uBAAuB;IAChC,OAAO,CAAC,YAAY,CAAC,CAAQ;gBAEjB,YAAY,CAAC,EAAE,GAAG,EAAE;IAIhC,QAAQ,CAAC,aAAa,CAAC,EAAE,GAAG,EAAE,kBAIT,GAAG,OAAO,GAAG,QAAQ,GAAG;CAoChD"}
|
|
@@ -2,8 +2,8 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.ExpressValidatorAdapter = void 0;
|
|
4
4
|
const express_validator_1 = require("express-validator");
|
|
5
|
-
const
|
|
6
|
-
const
|
|
5
|
+
const ValidationError_1 = require("../core/errors/ValidationError");
|
|
6
|
+
const logging_1 = require("../logging");
|
|
7
7
|
class ExpressValidatorAdapter {
|
|
8
8
|
constructor(globalSchema) {
|
|
9
9
|
this.globalSchema = globalSchema;
|
|
@@ -18,18 +18,22 @@ class ExpressValidatorAdapter {
|
|
|
18
18
|
(req, res, next) => {
|
|
19
19
|
const errors = (0, express_validator_1.validationResult)(req);
|
|
20
20
|
if (!errors.isEmpty()) {
|
|
21
|
-
const
|
|
21
|
+
const formattedErrors = errors.array().map(err => ({
|
|
22
22
|
message: err.msg,
|
|
23
|
-
|
|
24
|
-
// location: err.location
|
|
23
|
+
field: err.type
|
|
25
24
|
}));
|
|
26
|
-
|
|
27
|
-
|
|
25
|
+
logging_1.logger.warn("Request validation failed", {
|
|
26
|
+
adapter: "express-validator",
|
|
27
|
+
operation: "validate",
|
|
28
28
|
method: req.method,
|
|
29
|
-
|
|
30
|
-
|
|
29
|
+
path: req.path,
|
|
30
|
+
errorCount: formattedErrors.length,
|
|
31
|
+
errors: formattedErrors,
|
|
32
|
+
bodyPreview: req.body
|
|
33
|
+
? JSON.stringify(req.body).slice(0, 150)
|
|
34
|
+
: undefined
|
|
31
35
|
});
|
|
32
|
-
return next(new
|
|
36
|
+
return next(new ValidationError_1.ValidationError("Validation failed.", formattedErrors));
|
|
33
37
|
}
|
|
34
38
|
next();
|
|
35
39
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ExpressValidatorAdapter.js","sourceRoot":"","sources":["../../src/adapters/ExpressValidatorAdapter.ts"],"names":[],"mappings":";;;AAAA,yDAAqD;AACrD,
|
|
1
|
+
{"version":3,"file":"ExpressValidatorAdapter.js","sourceRoot":"","sources":["../../src/adapters/ExpressValidatorAdapter.ts"],"names":[],"mappings":";;;AAAA,yDAAqD;AACrD,oEAAiE;AACjE,wCAAoC;AAEpC,MAAa,uBAAuB;IAGhC,YAAY,YAAoB;QAC5B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACrC,CAAC;IAED,QAAQ,CAAC,aAAqB;QAC1B,MAAM,MAAM,GAAG,aAAa,IAAI,IAAI,CAAC,YAAY,CAAC;QAElD,IAAI,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACpC,OAAO,CAAC,GAAQ,EAAE,GAAQ,EAAE,IAAS,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC;QACrD,CAAC;QAED,OAAO;YACH,GAAG,MAAM;YAET,CAAC,GAAQ,EAAE,GAAQ,EAAE,IAAS,EAAE,EAAE;gBAC9B,MAAM,MAAM,GAAG,IAAA,oCAAgB,EAAC,GAAG,CAAC,CAAC;gBAErC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;oBACpB,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;wBAC/C,OAAO,EAAE,GAAG,CAAC,GAAG;wBAChB,KAAK,EAAE,GAAG,CAAC,IAAI;qBAClB,CAAC,CAAC,CAAC;oBAEJ,gBAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;wBACrC,OAAO,EAAE,mBAAmB;wBAC5B,SAAS,EAAE,UAAU;wBACrB,MAAM,EAAE,GAAG,CAAC,MAAM;wBAClB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,UAAU,EAAE,eAAe,CAAC,MAAM;wBAClC,MAAM,EAAE,eAAe;wBACvB,WAAW,EAAE,GAAG,CAAC,IAAI;4BACjB,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;4BACxC,CAAC,CAAC,SAAS;qBAClB,CAAC,CAAC;oBAEH,OAAO,IAAI,CACP,IAAI,iCAAe,CAAC,oBAAoB,EAAE,eAAsB,CAAC,CACpE,CAAC;gBACN,CAAC;gBAED,IAAI,EAAE,CAAC;YACX,CAAC;SACJ,CAAC;IACN,CAAC;CACJ;AA/CD,0DA+CC","sourcesContent":["import { validationResult } from \"express-validator\";\r\nimport { ValidationError } from \"../core/errors/ValidationError\";\r\nimport { logger } from \"../logging\";\r\n\r\nexport class ExpressValidatorAdapter {\r\n private globalSchema?: any[];\r\n\r\n constructor(globalSchema?: any[]) {\r\n this.globalSchema = globalSchema;\r\n }\r\n\r\n validate(dynamicSchema?: any[]) {\r\n const schema = dynamicSchema || this.globalSchema;\r\n\r\n if (!schema || !Array.isArray(schema)) {\r\n return (req: any, res: any, next: any) => next();\r\n }\r\n\r\n return [\r\n ...schema,\r\n\r\n (req: any, res: any, next: any) => {\r\n const errors = validationResult(req);\r\n\r\n if (!errors.isEmpty()) {\r\n const formattedErrors = errors.array().map(err => ({\r\n message: err.msg,\r\n field: err.type\r\n }));\r\n\r\n logger.warn(\"Request validation failed\", {\r\n adapter: \"express-validator\",\r\n operation: \"validate\",\r\n method: req.method,\r\n path: req.path,\r\n errorCount: formattedErrors.length,\r\n errors: formattedErrors,\r\n bodyPreview: req.body\r\n ? JSON.stringify(req.body).slice(0, 150)\r\n : undefined\r\n });\r\n\r\n return next(\r\n new ValidationError(\"Validation failed.\", formattedErrors as any)\r\n );\r\n }\r\n\r\n next();\r\n }\r\n ];\r\n }\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"GoogleAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/GoogleAdapter.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"GoogleAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/GoogleAdapter.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,kBAAkB;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,OAAO,CAAC;IACxB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACtB;AAED,qBAAa,aAAa;IACtB,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,QAAQ,CAAC,CAAS;gBAEd,QAAQ,CAAC,EAAE,MAAM;IASvB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;CAuDpE"}
|
|
@@ -2,56 +2,59 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.GoogleAdapter = void 0;
|
|
4
4
|
const google_auth_library_1 = require("google-auth-library");
|
|
5
|
-
const
|
|
5
|
+
const AdapterError_1 = require("../core/errors/AdapterError");
|
|
6
6
|
const logging_1 = require("../logging");
|
|
7
7
|
class GoogleAdapter {
|
|
8
8
|
constructor(clientId) {
|
|
9
9
|
if (clientId && clientId.trim().length === 0) {
|
|
10
|
-
throw new
|
|
10
|
+
throw new AdapterError_1.AdapterError("Google clientId cannot be empty string");
|
|
11
11
|
}
|
|
12
12
|
this.client = new google_auth_library_1.OAuth2Client(clientId);
|
|
13
13
|
this.clientId = clientId;
|
|
14
14
|
}
|
|
15
15
|
async verifyIdToken(idToken) {
|
|
16
16
|
try {
|
|
17
|
-
if (!idToken || typeof idToken !==
|
|
18
|
-
throw new
|
|
17
|
+
if (!idToken || typeof idToken !== "string") {
|
|
18
|
+
throw new AdapterError_1.AdapterError("Invalid ID token provided");
|
|
19
19
|
}
|
|
20
20
|
const options = {
|
|
21
21
|
idToken
|
|
22
22
|
};
|
|
23
|
-
// audience only if clientId is provided and not empty
|
|
24
23
|
if (this.clientId && this.clientId.trim().length > 0) {
|
|
25
24
|
options.audience = this.clientId;
|
|
26
25
|
}
|
|
27
26
|
const ticket = await this.client.verifyIdToken(options);
|
|
28
27
|
const payload = ticket.getPayload();
|
|
29
28
|
if (!payload) {
|
|
30
|
-
logging_1.logger.warn("
|
|
31
|
-
|
|
29
|
+
logging_1.logger.warn("Google ID token payload empty", {
|
|
30
|
+
adapter: "google-auth",
|
|
31
|
+
operation: "verifyIdToken",
|
|
32
|
+
hasClientId: !!this.clientId
|
|
33
|
+
});
|
|
34
|
+
throw new AdapterError_1.AdapterError("Invalid Google ID token payload.");
|
|
32
35
|
}
|
|
33
|
-
// result object
|
|
34
36
|
const result = {
|
|
35
37
|
sub: payload.sub,
|
|
36
|
-
email: payload.email ||
|
|
38
|
+
email: payload.email || "",
|
|
37
39
|
email_verified: payload.email_verified || false,
|
|
38
40
|
name: payload.name,
|
|
39
41
|
picture: payload.picture
|
|
40
42
|
};
|
|
41
|
-
// remaining properties from payload
|
|
42
43
|
const { sub, email, email_verified, name, picture, ...rest } = payload;
|
|
43
44
|
Object.assign(result, rest);
|
|
44
45
|
return result;
|
|
45
46
|
}
|
|
46
47
|
catch (err) {
|
|
47
|
-
logging_1.logger.error("
|
|
48
|
-
|
|
49
|
-
|
|
48
|
+
logging_1.logger.error("Google ID token verification failed", {
|
|
49
|
+
adapter: "google-auth",
|
|
50
|
+
operation: "verifyIdToken",
|
|
51
|
+
hasClientId: !!this.clientId,
|
|
52
|
+
reason: err?.message
|
|
50
53
|
});
|
|
51
|
-
if (err
|
|
52
|
-
throw new
|
|
54
|
+
if (err?.message?.includes("audience")) {
|
|
55
|
+
throw new AdapterError_1.AdapterError("Invalid Google client ID configured.");
|
|
53
56
|
}
|
|
54
|
-
throw new
|
|
57
|
+
throw new AdapterError_1.AdapterError("Google token verification failed.");
|
|
55
58
|
}
|
|
56
59
|
}
|
|
57
60
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"GoogleAdapter.js","sourceRoot":"","sources":["../../src/adapters/GoogleAdapter.ts"],"names":[],"mappings":";;;AAAA,6DAAgE;AAChE,
|
|
1
|
+
{"version":3,"file":"GoogleAdapter.js","sourceRoot":"","sources":["../../src/adapters/GoogleAdapter.ts"],"names":[],"mappings":";;;AAAA,6DAAgE;AAChE,8DAA2D;AAC3D,wCAAoC;AAWpC,MAAa,aAAa;IAItB,YAAY,QAAiB;QACzB,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3C,MAAM,IAAI,2BAAY,CAAC,wCAAwC,CAAC,CAAC;QACrE,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,IAAI,kCAAY,CAAC,QAAQ,CAAC,CAAC;QACzC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAAe;QAC/B,IAAI,CAAC;YACD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC1C,MAAM,IAAI,2BAAY,CAAC,2BAA2B,CAAC,CAAC;YACxD,CAAC;YAED,MAAM,OAAO,GAAsD;gBAC/D,OAAO;aACV,CAAC;YAEF,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACnD,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;YACrC,CAAC;YAED,MAAM,MAAM,GAAgB,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;YACrE,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;YAEpC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,gBAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;oBACzC,OAAO,EAAE,aAAa;oBACtB,SAAS,EAAE,eAAe;oBAC1B,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;iBAC/B,CAAC,CAAC;gBAEH,MAAM,IAAI,2BAAY,CAAC,kCAAkC,CAAC,CAAC;YAC/D,CAAC;YAED,MAAM,MAAM,GAAuB;gBAC/B,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;gBAC1B,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,KAAK;gBAC/C,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,OAAO,EAAE,OAAO,CAAC,OAAO;aAC3B,CAAC;YAEF,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;YACvE,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAE5B,OAAO,MAAM,CAAC;QAElB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE;gBAChD,OAAO,EAAE,aAAa;gBACtB,SAAS,EAAE,eAAe;gBAC1B,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;gBAC5B,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,IAAI,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBACrC,MAAM,IAAI,2BAAY,CAAC,sCAAsC,CAAC,CAAC;YACnE,CAAC;YAED,MAAM,IAAI,2BAAY,CAAC,mCAAmC,CAAC,CAAC;QAChE,CAAC;IACL,CAAC;CACJ;AApED,sCAoEC","sourcesContent":["import { OAuth2Client, LoginTicket } from \"google-auth-library\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { logger } from \"../logging\";\r\n\r\nexport interface GoogleTokenPayload {\r\n sub: string;\r\n email: string;\r\n email_verified: boolean;\r\n name?: string;\r\n picture?: string;\r\n [key: string]: any;\r\n}\r\n\r\nexport class GoogleAdapter {\r\n private client: OAuth2Client;\r\n private clientId?: string;\r\n\r\n constructor(clientId?: string) {\r\n if (clientId && clientId.trim().length === 0) {\r\n throw new AdapterError(\"Google clientId cannot be empty string\");\r\n }\r\n\r\n this.client = new OAuth2Client(clientId);\r\n this.clientId = clientId;\r\n }\r\n\r\n async verifyIdToken(idToken: string): Promise<GoogleTokenPayload> {\r\n try {\r\n if (!idToken || typeof idToken !== \"string\") {\r\n throw new AdapterError(\"Invalid ID token provided\");\r\n }\r\n\r\n const options: { idToken: string; audience?: string | string[] } = {\r\n idToken\r\n };\r\n\r\n if (this.clientId && this.clientId.trim().length > 0) {\r\n options.audience = this.clientId;\r\n }\r\n\r\n const ticket: LoginTicket = await this.client.verifyIdToken(options);\r\n const payload = ticket.getPayload();\r\n\r\n if (!payload) {\r\n logger.warn(\"Google ID token payload empty\", {\r\n adapter: \"google-auth\",\r\n operation: \"verifyIdToken\",\r\n hasClientId: !!this.clientId\r\n });\r\n\r\n throw new AdapterError(\"Invalid Google ID token payload.\");\r\n }\r\n\r\n const result: GoogleTokenPayload = {\r\n sub: payload.sub,\r\n email: payload.email || \"\",\r\n email_verified: payload.email_verified || false,\r\n name: payload.name,\r\n picture: payload.picture\r\n };\r\n\r\n const { sub, email, email_verified, name, picture, ...rest } = payload;\r\n Object.assign(result, rest);\r\n\r\n return result;\r\n\r\n } catch (err: any) {\r\n logger.error(\"Google ID token verification failed\", {\r\n adapter: \"google-auth\",\r\n operation: \"verifyIdToken\",\r\n hasClientId: !!this.clientId,\r\n reason: err?.message\r\n });\r\n\r\n if (err?.message?.includes(\"audience\")) {\r\n throw new AdapterError(\"Invalid Google client ID configured.\");\r\n }\r\n\r\n throw new AdapterError(\"Google token verification failed.\");\r\n }\r\n }\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JWTAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"JWTAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,cAAc,CAAC;AAK/B,MAAM,WAAW,iBAAiB;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,SAAS,CAAC,EAAE,GAAG,CAAC,SAAS,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAChC;AAED,MAAM,WAAW,WAAW;IACxB,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAChC;AAED,qBAAa,UAAU;IACnB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,SAAS,CAAC,CAAkB;IACpC,OAAO,CAAC,SAAS,CAAgB;IACjC,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,QAAQ,CAAC,CAAoB;gBAEzB,OAAO,EAAE,iBAAiB;IAoBtC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW;IA6B3C,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;KAAE;CA4BnE"}
|
|
@@ -6,21 +6,23 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
6
6
|
exports.JWTAdapter = void 0;
|
|
7
7
|
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
8
8
|
const crypto_1 = require("crypto");
|
|
9
|
-
const
|
|
10
|
-
const index_js_1 = require("../logging/index.js");
|
|
9
|
+
const AdapterError_1 = require("../core/errors/AdapterError");
|
|
11
10
|
const logging_1 = require("../logging");
|
|
12
11
|
class JWTAdapter {
|
|
13
12
|
constructor(options) {
|
|
14
13
|
if (!options.secret) {
|
|
15
|
-
throw new
|
|
14
|
+
throw new AdapterError_1.AdapterError("JWT secret is required");
|
|
16
15
|
}
|
|
17
16
|
if (options.secret.length < 32) {
|
|
18
|
-
logging_1.logger.warn("JWT secret
|
|
19
|
-
|
|
17
|
+
logging_1.logger.warn("Weak JWT secret detected", {
|
|
18
|
+
adapter: "jwt",
|
|
19
|
+
operation: "init",
|
|
20
|
+
secretLength: options.secret.length
|
|
21
|
+
});
|
|
20
22
|
}
|
|
21
23
|
this.secret = options.secret;
|
|
22
24
|
this.expiresIn = options.expiresIn;
|
|
23
|
-
this.algorithm = options.algorithm ||
|
|
25
|
+
this.algorithm = options.algorithm || "HS256";
|
|
24
26
|
this.issuer = options.issuer;
|
|
25
27
|
this.audience = options.audience;
|
|
26
28
|
}
|
|
@@ -42,8 +44,12 @@ class JWTAdapter {
|
|
|
42
44
|
return jsonwebtoken_1.default.sign(payload, this.secret, jwtOptions);
|
|
43
45
|
}
|
|
44
46
|
catch (err) {
|
|
45
|
-
|
|
46
|
-
|
|
47
|
+
logging_1.logger.error("JWT signing failed", {
|
|
48
|
+
adapter: "jwt",
|
|
49
|
+
operation: "sign",
|
|
50
|
+
reason: err?.message
|
|
51
|
+
});
|
|
52
|
+
throw new AdapterError_1.AdapterError("JWT sign failed");
|
|
47
53
|
}
|
|
48
54
|
}
|
|
49
55
|
verify(token, options) {
|
|
@@ -51,19 +57,23 @@ class JWTAdapter {
|
|
|
51
57
|
const verifyOptions = {
|
|
52
58
|
algorithms: [this.algorithm],
|
|
53
59
|
issuer: this.issuer,
|
|
54
|
-
audience: options?.audience || this.audience
|
|
60
|
+
audience: (options?.audience || this.audience)
|
|
55
61
|
};
|
|
56
62
|
return jsonwebtoken_1.default.verify(token, this.secret, verifyOptions);
|
|
57
63
|
}
|
|
58
64
|
catch (err) {
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
65
|
+
logging_1.logger.error("JWT verification failed", {
|
|
66
|
+
adapter: "jwt",
|
|
67
|
+
operation: "verify",
|
|
68
|
+
reason: err?.message
|
|
69
|
+
});
|
|
70
|
+
if (err?.name === "TokenExpiredError") {
|
|
71
|
+
throw new AdapterError_1.AdapterError("JWT token has expired");
|
|
62
72
|
}
|
|
63
|
-
if (err
|
|
64
|
-
throw new
|
|
73
|
+
if (err?.name === "JsonWebTokenError") {
|
|
74
|
+
throw new AdapterError_1.AdapterError("Invalid JWT token");
|
|
65
75
|
}
|
|
66
|
-
throw new
|
|
76
|
+
throw new AdapterError_1.AdapterError("JWT verification failed");
|
|
67
77
|
}
|
|
68
78
|
}
|
|
69
79
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JWTAdapter.js","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":";;;;;;AAAA,gEAA+B;AAC/B,mCAAoC;AACpC,
|
|
1
|
+
{"version":3,"file":"JWTAdapter.js","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":";;;;;;AAAA,gEAA+B;AAC/B,mCAAoC;AACpC,8DAA2D;AAC3D,wCAAoC;AAkBpC,MAAa,UAAU;IAOnB,YAAY,OAA0B;QAClC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,IAAI,2BAAY,CAAC,wBAAwB,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC7B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACpC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;aACtC,CAAC,CAAC;QACP,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACrC,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAqB;QACvC,IAAI,CAAC;YACD,MAAM,UAAU,GAAoB;gBAChC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC,MAAM;gBACtC,QAAQ,EAAE,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ;gBAC5C,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,IAAA,mBAAU,GAAE;gBACnC,OAAO,EAAE,OAAO,EAAE,OAAO;aAC5B,CAAC;YAEF,IAAI,OAAO,EAAE,SAAS,KAAK,SAAS,EAAE,CAAC;gBACnC,UAAU,CAAC,SAAS,GAAG,OAAO,CAAC,SAAgB,CAAC;YACpD,CAAC;iBAAM,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACtC,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC,SAAgB,CAAC;YACjD,CAAC;YAED,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAEtD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBAC/B,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,iBAAiB,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;IAED,MAAM,CAAC,KAAa,EAAE,OAA0C;QAC5D,IAAI,CAAC;YACD,MAAM,aAAa,GAAsB;gBACrC,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;gBAC5B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,QAAQ,EAAE,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAW;aAC3D,CAAC;YAEF,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QAEzD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACpC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACpC,MAAM,IAAI,2BAAY,CAAC,uBAAuB,CAAC,CAAC;YACpD,CAAC;YAED,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACpC,MAAM,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC;YAChD,CAAC;YAED,MAAM,IAAI,2BAAY,CAAC,yBAAyB,CAAC,CAAC;QACtD,CAAC;IACL,CAAC;CACJ;AApFD,gCAoFC","sourcesContent":["import jwt from \"jsonwebtoken\";\r\nimport { randomUUID } from \"crypto\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { logger } from \"../logging\";\r\n\r\nexport interface JWTAdapterOptions {\r\n secret: string;\r\n expiresIn?: string | number;\r\n algorithm?: jwt.Algorithm;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nexport interface SignOptions {\r\n expiresIn?: string | number;\r\n jti?: string;\r\n subject?: string;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nexport class JWTAdapter {\r\n private secret: string;\r\n private expiresIn?: string | number;\r\n private algorithm: jwt.Algorithm;\r\n private issuer?: string;\r\n private audience?: string | string[];\r\n\r\n constructor(options: JWTAdapterOptions) {\r\n if (!options.secret) {\r\n throw new AdapterError(\"JWT secret is required\");\r\n }\r\n\r\n if (options.secret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n adapter: \"jwt\",\r\n operation: \"init\",\r\n secretLength: options.secret.length\r\n });\r\n }\r\n\r\n this.secret = options.secret;\r\n this.expiresIn = options.expiresIn;\r\n this.algorithm = options.algorithm || \"HS256\";\r\n this.issuer = options.issuer;\r\n this.audience = options.audience;\r\n }\r\n\r\n sign(payload: object, options?: SignOptions) {\r\n try {\r\n const jwtOptions: jwt.SignOptions = {\r\n algorithm: this.algorithm,\r\n issuer: options?.issuer || this.issuer,\r\n audience: options?.audience || this.audience,\r\n jwtid: options?.jti || randomUUID(),\r\n subject: options?.subject\r\n };\r\n\r\n if (options?.expiresIn !== undefined) {\r\n jwtOptions.expiresIn = options.expiresIn as any;\r\n } else if (this.expiresIn !== undefined) {\r\n jwtOptions.expiresIn = this.expiresIn as any;\r\n }\r\n\r\n return jwt.sign(payload, this.secret, jwtOptions);\r\n\r\n } catch (err: any) {\r\n logger.error(\"JWT signing failed\", {\r\n adapter: \"jwt\",\r\n operation: \"sign\",\r\n reason: err?.message\r\n });\r\n\r\n throw new AdapterError(\"JWT sign failed\");\r\n }\r\n }\r\n\r\n verify(token: string, options?: { audience?: string | string[] }) {\r\n try {\r\n const verifyOptions: jwt.VerifyOptions = {\r\n algorithms: [this.algorithm],\r\n issuer: this.issuer,\r\n audience: (options?.audience || this.audience) as string\r\n };\r\n\r\n return jwt.verify(token, this.secret, verifyOptions);\r\n\r\n } catch (err: any) {\r\n logger.error(\"JWT verification failed\", {\r\n adapter: \"jwt\",\r\n operation: \"verify\",\r\n reason: err?.message\r\n });\r\n\r\n if (err?.name === \"TokenExpiredError\") {\r\n throw new AdapterError(\"JWT token has expired\");\r\n }\r\n\r\n if (err?.name === \"JsonWebTokenError\") {\r\n throw new AdapterError(\"Invalid JWT token\");\r\n }\r\n\r\n throw new AdapterError(\"JWT verification failed\");\r\n }\r\n }\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RLFlexibleAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/RLFlexibleAdapter.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,SAAS;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,GAAG,CAAC;IACd,aAAa,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,qBAAa,iBAAiB;IAC1B,aAAa,CAAC,OAAO,GAAE,SAAc,
|
|
1
|
+
{"version":3,"file":"RLFlexibleAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/RLFlexibleAdapter.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,SAAS;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,GAAG,CAAC;IACd,aAAa,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,qBAAa,iBAAiB;IAC1B,aAAa,CAAC,OAAO,GAAE,SAAc,SA0BV,GAAG,OAAO,GAAG,QAAQ,GAAG;IA0CnD,OAAO,CAAC,SAAS;CAUpB"}
|
|
@@ -2,8 +2,8 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.RLFlexibleAdapter = void 0;
|
|
4
4
|
const rate_limiter_flexible_1 = require("rate-limiter-flexible");
|
|
5
|
-
const
|
|
6
|
-
const
|
|
5
|
+
const logging_1 = require("../logging");
|
|
6
|
+
const AdapterError_1 = require("../core/errors/AdapterError");
|
|
7
7
|
class RLFlexibleAdapter {
|
|
8
8
|
getMiddleware(options = {}) {
|
|
9
9
|
try {
|
|
@@ -19,6 +19,13 @@ class RLFlexibleAdapter {
|
|
|
19
19
|
duration: finalOptions.duration,
|
|
20
20
|
blockDuration: finalOptions.blockDuration
|
|
21
21
|
});
|
|
22
|
+
logging_1.logger.info("Rate limiter initialized", {
|
|
23
|
+
adapter: "rate-limiter-flexible",
|
|
24
|
+
operation: "init",
|
|
25
|
+
points: finalOptions.points,
|
|
26
|
+
duration: finalOptions.duration,
|
|
27
|
+
blockDuration: finalOptions.blockDuration
|
|
28
|
+
});
|
|
22
29
|
return async (req, res, next) => {
|
|
23
30
|
const ip = this.extractIP(req);
|
|
24
31
|
try {
|
|
@@ -27,13 +34,15 @@ class RLFlexibleAdapter {
|
|
|
27
34
|
}
|
|
28
35
|
catch (err) {
|
|
29
36
|
const rlErr = err;
|
|
30
|
-
|
|
37
|
+
logging_1.logger.warn("Rate limit exceeded", {
|
|
38
|
+
adapter: "rate-limiter-flexible",
|
|
39
|
+
operation: "consume",
|
|
31
40
|
ip,
|
|
32
|
-
path: req.path,
|
|
33
41
|
method: req.method,
|
|
34
|
-
|
|
42
|
+
path: req.path,
|
|
43
|
+
retryAfterMs: rlErr.msBeforeNext
|
|
35
44
|
});
|
|
36
|
-
res.setHeader(
|
|
45
|
+
res.setHeader("Retry-After", Math.ceil(rlErr.msBeforeNext / 1000));
|
|
37
46
|
return res.status(429).json({
|
|
38
47
|
success: false,
|
|
39
48
|
error: "RATE_LIMIT_EXCEEDED",
|
|
@@ -44,19 +53,21 @@ class RLFlexibleAdapter {
|
|
|
44
53
|
};
|
|
45
54
|
}
|
|
46
55
|
catch (err) {
|
|
47
|
-
|
|
48
|
-
|
|
56
|
+
logging_1.logger.error("Rate limiter initialization failed", {
|
|
57
|
+
adapter: "rate-limiter-flexible",
|
|
58
|
+
operation: "init",
|
|
59
|
+
reason: err?.message
|
|
49
60
|
});
|
|
50
|
-
throw new
|
|
61
|
+
throw new AdapterError_1.AdapterError("RateLimiterFlexible creation failed.");
|
|
51
62
|
}
|
|
52
63
|
}
|
|
53
64
|
extractIP(req) {
|
|
54
|
-
return (req.headers[
|
|
55
|
-
req.headers[
|
|
65
|
+
return (req.headers["x-real-ip"] ||
|
|
66
|
+
req.headers["x-forwarded-for"]?.split(",")[0]?.trim() ||
|
|
56
67
|
req.ip ||
|
|
57
68
|
req.connection?.remoteAddress ||
|
|
58
69
|
req.socket?.remoteAddress ||
|
|
59
|
-
|
|
70
|
+
"unknown");
|
|
60
71
|
}
|
|
61
72
|
}
|
|
62
73
|
exports.RLFlexibleAdapter = RLFlexibleAdapter;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RLFlexibleAdapter.js","sourceRoot":"","sources":["../../src/adapters/RLFlexibleAdapter.ts"],"names":[],"mappings":";;;AAAA,iEAA0E;AAC1E,
|
|
1
|
+
{"version":3,"file":"RLFlexibleAdapter.js","sourceRoot":"","sources":["../../src/adapters/RLFlexibleAdapter.ts"],"names":[],"mappings":";;;AAAA,iEAA0E;AAC1E,wCAAoC;AACpC,8DAA2D;AAS3D,MAAa,iBAAiB;IAC1B,aAAa,CAAC,UAAqB,EAAE;QACjC,IAAI,CAAC;YACD,MAAM,cAAc,GAAG;gBACnB,MAAM,EAAE,GAAG;gBACX,QAAQ,EAAE,EAAE;gBACZ,OAAO,EAAE,+BAA+B;gBACxC,aAAa,EAAE,CAAC;aACnB,CAAC;YAEF,MAAM,YAAY,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;YAEvD,MAAM,OAAO,GAAG,IAAI,yCAAiB,CAAC;gBAClC,MAAM,EAAE,YAAY,CAAC,MAAM;gBAC3B,QAAQ,EAAE,YAAY,CAAC,QAAQ;gBAC/B,aAAa,EAAE,YAAY,CAAC,aAAa;aAC5C,CAAC,CAAC;YAGH,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACpC,OAAO,EAAE,uBAAuB;gBAChC,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,YAAY,CAAC,MAAM;gBAC3B,QAAQ,EAAE,YAAY,CAAC,QAAQ;gBAC/B,aAAa,EAAE,YAAY,CAAC,aAAa;aAC5C,CAAC,CAAC;YAEH,OAAO,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,IAAS,EAAE,EAAE;gBAC3C,MAAM,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBAE/B,IAAI,CAAC;oBACD,MAAM,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;oBAC1B,IAAI,EAAE,CAAC;gBACX,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAChB,MAAM,KAAK,GAAG,GAAqB,CAAC;oBAEpC,gBAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE;wBAC/B,OAAO,EAAE,uBAAuB;wBAChC,SAAS,EAAE,SAAS;wBACpB,EAAE;wBACF,MAAM,EAAE,GAAG,CAAC,MAAM;wBAClB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,YAAY,EAAE,KAAK,CAAC,YAAY;qBACnC,CAAC,CAAC;oBAEH,GAAG,CAAC,SAAS,CACT,aAAa,EACb,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC,CACvC,CAAC;oBAEF,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACxB,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,qBAAqB;wBAC5B,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC;wBAChD,OAAO,EAAE,YAAY,CAAC,OAAO;qBAChC,CAAC,CAAC;gBACP,CAAC;YACL,CAAC,CAAC;QACN,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,EAAE;gBAC/C,OAAO,EAAE,uBAAuB;gBAChC,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,sCAAsC,CAAC,CAAC;QACnE,CAAC;IACL,CAAC;IAEO,SAAS,CAAC,GAAQ;QACtB,OAAO,CACH,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC;YACxB,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;YACrD,GAAG,CAAC,EAAE;YACN,GAAG,CAAC,UAAU,EAAE,aAAa;YAC7B,GAAG,CAAC,MAAM,EAAE,aAAa;YACzB,SAAS,CACZ,CAAC;IACN,CAAC;CACJ;AA/ED,8CA+EC","sourcesContent":["import { RateLimiterMemory, RateLimiterRes } from \"rate-limiter-flexible\";\r\nimport { logger } from \"../logging\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\n\r\nexport interface RLOptions {\r\n points?: number;\r\n duration?: number;\r\n message?: any;\r\n blockDuration?: number;\r\n}\r\n\r\nexport class RLFlexibleAdapter {\r\n getMiddleware(options: RLOptions = {}) {\r\n try {\r\n const defaultOptions = {\r\n points: 100,\r\n duration: 60,\r\n message: \"Too many requests, slow down.\",\r\n blockDuration: 0\r\n };\r\n\r\n const finalOptions = { ...defaultOptions, ...options };\r\n\r\n const limiter = new RateLimiterMemory({\r\n points: finalOptions.points,\r\n duration: finalOptions.duration,\r\n blockDuration: finalOptions.blockDuration\r\n });\r\n\r\n \r\n logger.info(\"Rate limiter initialized\", {\r\n adapter: \"rate-limiter-flexible\",\r\n operation: \"init\",\r\n points: finalOptions.points,\r\n duration: finalOptions.duration,\r\n blockDuration: finalOptions.blockDuration\r\n });\r\n\r\n return async (req: any, res: any, next: any) => {\r\n const ip = this.extractIP(req);\r\n\r\n try {\r\n await limiter.consume(ip);\r\n next();\r\n } catch (err: any) {\r\n const rlErr = err as RateLimiterRes;\r\n\r\n logger.warn(\"Rate limit exceeded\", {\r\n adapter: \"rate-limiter-flexible\",\r\n operation: \"consume\",\r\n ip,\r\n method: req.method,\r\n path: req.path,\r\n retryAfterMs: rlErr.msBeforeNext\r\n });\r\n\r\n res.setHeader(\r\n \"Retry-After\",\r\n Math.ceil(rlErr.msBeforeNext / 1000)\r\n );\r\n\r\n return res.status(429).json({\r\n success: false,\r\n error: \"RATE_LIMIT_EXCEEDED\",\r\n retryAfter: Math.ceil(rlErr.msBeforeNext / 1000),\r\n message: finalOptions.message\r\n });\r\n }\r\n };\r\n } catch (err: any) {\r\n logger.error(\"Rate limiter initialization failed\", {\r\n adapter: \"rate-limiter-flexible\",\r\n operation: \"init\",\r\n reason: err?.message\r\n });\r\n\r\n throw new AdapterError(\"RateLimiterFlexible creation failed.\");\r\n }\r\n }\r\n\r\n private extractIP(req: any): string {\r\n return (\r\n req.headers[\"x-real-ip\"] ||\r\n req.headers[\"x-forwarded-for\"]?.split(\",\")[0]?.trim() ||\r\n req.ip ||\r\n req.connection?.remoteAddress ||\r\n req.socket?.remoteAddress ||\r\n \"unknown\"\r\n );\r\n }\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SanitizeHtmlAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/SanitizeHtmlAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,eAAe,CAAC;AAIzC,qBAAa,mBAAmB;IAC5B,OAAO,CAAC,aAAa,CAAwB;gBAEjC,OAAO,GAAE,YAAY,CAAC,QAAa;IAI/C,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,CAAC,EAAE,GAAG,GAAG,MAAM;
|
|
1
|
+
{"version":3,"file":"SanitizeHtmlAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/SanitizeHtmlAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,eAAe,CAAC;AAIzC,qBAAa,mBAAmB;IAC5B,OAAO,CAAC,aAAa,CAAwB;gBAEjC,OAAO,GAAE,YAAY,CAAC,QAAa;IAI/C,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,CAAC,EAAE,GAAG,GAAG,MAAM;IAmBrD,OAAO,CAAC,YAAY;IA+BpB,UAAU,CAAC,cAAc,CAAC,EAAE,GAAG,IACnB,KAAK,GAAG,EAAE,MAAM,GAAG,EAAE,MAAM,GAAG;CAyB7C"}
|