hi-secure 1.0.24 → 1.0.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/JWTAdapter.js.map +1 -1
- package/dist/core/HiSecure.d.ts.map +1 -1
- package/dist/core/HiSecure.js +2 -2
- package/dist/core/HiSecure.js.map +1 -1
- package/dist/managers/AuthManager.js.map +1 -1
- package/dist/managers/CorsManager.d.ts.map +1 -1
- package/dist/managers/CorsManager.js +0 -1
- package/dist/managers/CorsManager.js.map +1 -1
- package/dist/managers/HashManager.d.ts +1 -0
- package/dist/managers/HashManager.d.ts.map +1 -1
- package/dist/managers/HashManager.js +19 -23
- package/dist/managers/HashManager.js.map +1 -1
- package/dist/managers/JsonManager.js +0 -1
- package/dist/managers/JsonManager.js.map +1 -1
- package/dist/managers/SanitizerManager.js +0 -1
- package/dist/managers/SanitizerManager.js.map +1 -1
- package/package.json +1 -1
- package/readme.md +157 -95
- package/src/core/HiSecure.ts +2 -5
- package/src/managers/CorsManager.ts +1 -1
- package/src/managers/HashManager.ts +31 -29
- package/src/managers/JsonManager.ts +1 -1
- package/src/managers/SanitizerManager.ts +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JWTAdapter.js","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":";;;;;;AAAA,gEAA+B;AAC/B,mCAAoC;AACpC,8DAA2D;AAC3D,wCAAoC;AAkBpC,MAAa,UAAU;IAOnB,YAAY,OAA0B;QAClC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,IAAI,2BAAY,CAAC,wBAAwB,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC7B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACpC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;aACtC,CAAC,CAAC;QACP,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACrC,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAqB;QACvC,IAAI,CAAC;YACD,MAAM,UAAU,GAAoB;gBAChC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC,MAAM;gBACtC,QAAQ,EAAE,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ;gBAC5C,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,IAAA,mBAAU,GAAE;gBACnC,OAAO,EAAE,OAAO,EAAE,OAAO;aAC5B,CAAC;YAEF,IAAI,OAAO,EAAE,SAAS,KAAK,SAAS,EAAE,CAAC;gBACnC,UAAU,CAAC,SAAS,GAAG,OAAO,CAAC,SAAgB,CAAC;YACpD,CAAC;iBAAM,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACtC,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC,SAAgB,CAAC;YACjD,CAAC;YAED,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAEtD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBAC/B,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,iBAAiB,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;IAED,MAAM,CAAC,KAAa,EAAE,OAA0C;QAC5D,IAAI,CAAC;YACD,MAAM,aAAa,GAAsB;gBACrC,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;gBAC5B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,QAAQ,EAAE,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAW;aAC3D,CAAC;YAEF,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QAEzD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACpC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACpC,MAAM,IAAI,2BAAY,CAAC,uBAAuB,CAAC,CAAC;YACpD,CAAC;YAED,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACpC,MAAM,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC;YAChD,CAAC;YAED,MAAM,IAAI,2BAAY,CAAC,yBAAyB,CAAC,CAAC;QACtD,CAAC;IACL,CAAC;CACJ;AApFD,gCAoFC","sourcesContent":["import jwt from \"jsonwebtoken\";\r\nimport { randomUUID } from \"crypto\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { logger } from \"../logging\";\r\n\r\nexport interface JWTAdapterOptions {\r\n secret: string;\r\n expiresIn?: string | number;\r\n algorithm?: jwt.Algorithm;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nexport interface SignOptions {\r\n expiresIn?: string | number;\r\n jti?: string;\r\n subject?: string;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nexport class JWTAdapter {\r\n private secret: string;\r\n private expiresIn?: string | number;\r\n private algorithm: jwt.Algorithm;\r\n private issuer?: string;\r\n private audience?: string | string[];\r\n\r\n constructor(options: JWTAdapterOptions) {\r\n if (!options.secret) {\r\n throw new AdapterError(\"JWT secret is required\");\r\n }\r\n\r\n if (options.secret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n adapter: \"jwt\",\r\n operation: \"init\",\r\n secretLength: options.secret.length\r\n });\r\n }\r\n\r\n this.secret = options.secret;\r\n this.expiresIn = options.expiresIn;\r\n this.algorithm = options.algorithm || \"HS256\";\r\n this.issuer = options.issuer;\r\n this.audience = options.audience;\r\n }\r\n\r\n sign(payload: object, options?: SignOptions) {\r\n try {\r\n const jwtOptions: jwt.SignOptions = {\r\n algorithm: this.algorithm,\r\n issuer: options?.issuer || this.issuer,\r\n audience: options?.audience || this.audience,\r\n jwtid: options?.jti || randomUUID(),\r\n subject: options?.subject\r\n };\r\n\r\n if (options?.expiresIn !== undefined) {\r\n jwtOptions.expiresIn = options.expiresIn as any;\r\n } else if (this.expiresIn !== undefined) {\r\n jwtOptions.expiresIn = this.expiresIn as any;\r\n }\r\n\r\n return jwt.sign(payload, this.secret, jwtOptions);\r\n\r\n } catch (err: any) {\r\n logger.error(\"JWT signing failed\", {\r\n adapter: \"jwt\",\r\n operation: \"sign\",\r\n reason: err?.message\r\n });\r\n\r\n throw new AdapterError(\"JWT sign failed\");\r\n }\r\n }\r\n\r\n verify(token: string, options?: { audience?: string | string[] }) {\r\n try {\r\n const verifyOptions: jwt.VerifyOptions = {\r\n algorithms: [this.algorithm],\r\n issuer: this.issuer,\r\n audience: (options?.audience || this.audience) as string\r\n };\r\n\r\n return jwt.verify(token, this.secret, verifyOptions);\r\n\r\n } catch (err: any) {\r\n logger.error(\"JWT verification failed\", {\r\n adapter: \"jwt\",\r\n operation: \"verify\",\r\n reason: err?.message\r\n });\r\n\r\n if (err?.name === \"TokenExpiredError\") {\r\n throw new AdapterError(\"JWT token has expired\");\r\n }\r\n\r\n if (err?.name === \"JsonWebTokenError\") {\r\n throw new AdapterError(\"Invalid JWT token\");\r\n }\r\n\r\n throw new AdapterError(\"JWT verification failed\");\r\n }\r\n }\r\n}
|
|
1
|
+
{"version":3,"file":"JWTAdapter.js","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":";;;;;;AAAA,gEAA+B;AAC/B,mCAAoC;AACpC,8DAA2D;AAC3D,wCAAoC;AAkBpC,MAAa,UAAU;IAOnB,YAAY,OAA0B;QAClC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,IAAI,2BAAY,CAAC,wBAAwB,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC7B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACpC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;aACtC,CAAC,CAAC;QACP,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACrC,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAqB;QACvC,IAAI,CAAC;YACD,MAAM,UAAU,GAAoB;gBAChC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC,MAAM;gBACtC,QAAQ,EAAE,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ;gBAC5C,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,IAAA,mBAAU,GAAE;gBACnC,OAAO,EAAE,OAAO,EAAE,OAAO;aAC5B,CAAC;YAEF,IAAI,OAAO,EAAE,SAAS,KAAK,SAAS,EAAE,CAAC;gBACnC,UAAU,CAAC,SAAS,GAAG,OAAO,CAAC,SAAgB,CAAC;YACpD,CAAC;iBAAM,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACtC,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC,SAAgB,CAAC;YACjD,CAAC;YAED,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAEtD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBAC/B,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,iBAAiB,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;IAED,MAAM,CAAC,KAAa,EAAE,OAA0C;QAC5D,IAAI,CAAC;YACD,MAAM,aAAa,GAAsB;gBACrC,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;gBAC5B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,QAAQ,EAAE,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAW;aAC3D,CAAC;YAEF,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QAEzD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACpC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACpC,MAAM,IAAI,2BAAY,CAAC,uBAAuB,CAAC,CAAC;YACpD,CAAC;YAED,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACpC,MAAM,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC;YAChD,CAAC;YAED,MAAM,IAAI,2BAAY,CAAC,yBAAyB,CAAC,CAAC;QACtD,CAAC;IACL,CAAC;CACJ;AApFD,gCAoFC","sourcesContent":["import jwt from \"jsonwebtoken\";\r\nimport { randomUUID } from \"crypto\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { logger } from \"../logging\";\r\n\r\nexport interface JWTAdapterOptions {\r\n secret: string;\r\n expiresIn?: string | number;\r\n algorithm?: jwt.Algorithm;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nexport interface SignOptions {\r\n expiresIn?: string | number;\r\n jti?: string;\r\n subject?: string;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nexport class JWTAdapter {\r\n private secret: string;\r\n private expiresIn?: string | number;\r\n private algorithm: jwt.Algorithm;\r\n private issuer?: string;\r\n private audience?: string | string[];\r\n\r\n constructor(options: JWTAdapterOptions) {\r\n if (!options.secret) {\r\n throw new AdapterError(\"JWT secret is required\");\r\n }\r\n\r\n if (options.secret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n adapter: \"jwt\",\r\n operation: \"init\",\r\n secretLength: options.secret.length\r\n });\r\n }\r\n\r\n this.secret = options.secret;\r\n this.expiresIn = options.expiresIn;\r\n this.algorithm = options.algorithm || \"HS256\";\r\n this.issuer = options.issuer;\r\n this.audience = options.audience;\r\n }\r\n\r\n sign(payload: object, options?: SignOptions) {\r\n try {\r\n const jwtOptions: jwt.SignOptions = {\r\n algorithm: this.algorithm,\r\n issuer: options?.issuer || this.issuer,\r\n audience: options?.audience || this.audience,\r\n jwtid: options?.jti || randomUUID(),\r\n subject: options?.subject\r\n };\r\n\r\n if (options?.expiresIn !== undefined) {\r\n jwtOptions.expiresIn = options.expiresIn as any;\r\n } else if (this.expiresIn !== undefined) {\r\n jwtOptions.expiresIn = this.expiresIn as any;\r\n }\r\n\r\n return jwt.sign(payload, this.secret, jwtOptions);\r\n\r\n } catch (err: any) {\r\n logger.error(\"JWT signing failed\", {\r\n adapter: \"jwt\",\r\n operation: \"sign\",\r\n reason: err?.message\r\n });\r\n\r\n throw new AdapterError(\"JWT sign failed\");\r\n }\r\n }\r\n\r\n verify(token: string, options?: { audience?: string | string[] }) {\r\n try {\r\n const verifyOptions: jwt.VerifyOptions = {\r\n algorithms: [this.algorithm],\r\n issuer: this.issuer,\r\n audience: (options?.audience || this.audience) as string\r\n };\r\n\r\n return jwt.verify(token, this.secret, verifyOptions);\r\n\r\n } catch (err: any) {\r\n logger.error(\"JWT verification failed\", {\r\n adapter: \"jwt\",\r\n operation: \"verify\",\r\n reason: err?.message\r\n });\r\n\r\n if (err?.name === \"TokenExpiredError\") {\r\n throw new AdapterError(\"JWT token has expired\");\r\n }\r\n\r\n if (err?.name === \"JsonWebTokenError\") {\r\n throw new AdapterError(\"Invalid JWT token\");\r\n }\r\n\r\n throw new AdapterError(\"JWT verification failed\");\r\n }\r\n }\r\n}"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"HiSecure.d.ts","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAkB3D,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AASzD,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAE3E,qBAAa,QAAQ;IACjB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAyB;IAChD,OAAO,CAAC,MAAM,CAAiB;IAC/B,OAAO,CAAC,WAAW,CAAS;IAGrB,WAAW,EAAG,WAAW,CAAC;IAC1B,gBAAgB,EAAG,gBAAgB,CAAC;IACpC,gBAAgB,EAAG,gBAAgB,CAAC;IACpC,gBAAgB,EAAG,gBAAgB,CAAC;IACpC,WAAW,EAAG,WAAW,CAAC;IAC1B,WAAW,EAAG,WAAW,CAAC;IAC1B,WAAW,CAAC,EAAE,WAAW,CAAC;IAGjC,OAAO,CAAC,cAAc,CAAM;IAC5B,OAAO,CAAC,eAAe,CAAM;IAC7B,OAAO,CAAC,kBAAkB,CAAM;IAChC,OAAO,CAAC,mBAAmB,CAAM;IACjC,OAAO,CAAC,gBAAgB,CAAM;IAC9B,OAAO,CAAC,iBAAiB,CAAM;IAE/B,OAAO;IAMP,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,QAAQ;IAW9D,MAAM,CAAC,aAAa,IAAI,IAAI;IAI5B,IAAI,IAAI,IAAI;
|
|
1
|
+
{"version":3,"file":"HiSecure.d.ts","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAkB3D,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AASzD,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAE3E,qBAAa,QAAQ;IACjB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAyB;IAChD,OAAO,CAAC,MAAM,CAAiB;IAC/B,OAAO,CAAC,WAAW,CAAS;IAGrB,WAAW,EAAG,WAAW,CAAC;IAC1B,gBAAgB,EAAG,gBAAgB,CAAC;IACpC,gBAAgB,EAAG,gBAAgB,CAAC;IACpC,gBAAgB,EAAG,gBAAgB,CAAC;IACpC,WAAW,EAAG,WAAW,CAAC;IAC1B,WAAW,EAAG,WAAW,CAAC;IAC1B,WAAW,CAAC,EAAE,WAAW,CAAC;IAGjC,OAAO,CAAC,cAAc,CAAM;IAC5B,OAAO,CAAC,eAAe,CAAM;IAC7B,OAAO,CAAC,kBAAkB,CAAM;IAChC,OAAO,CAAC,mBAAmB,CAAM;IACjC,OAAO,CAAC,gBAAgB,CAAM;IAC9B,OAAO,CAAC,iBAAiB,CAAM;IAE/B,OAAO;IAMP,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,QAAQ;IAW9D,MAAM,CAAC,aAAa,IAAI,IAAI;IAI5B,IAAI,IAAI,IAAI;IA2BZ,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE;IAQ9D,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,gBAAgB;IAIxC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,GAAG;IAI7B,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,QAAQ,GAAG,SAAS,GAAG,KAAK,GAAG,MAAM;IAoB9D,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG;kBAhHK,CAAC;;;iBAID,CAAC;IAgH/B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG;WAUZ,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;WAMpC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAIlE,MAAM,CAAC,GAAG;wBACU,MAAM,YAAY,GAAG;wBAGrB,MAAM;;qCAIO,MAAM;;MAGrC;IAGF,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,aAAa,GAAG,KAAK,GAAG,QAAQ,GAAG,QAAQ;IAuBvE,OAAO,CAAC,aAAa;IA0CrB,OAAO,CAAC,aAAa;IA6BrB,OAAO,CAAC,oBAAoB;IAuB5B,OAAO,CAAC,qBAAqB;CAyBhC"}
|
package/dist/core/HiSecure.js
CHANGED
|
@@ -71,7 +71,7 @@ class HiSecure {
|
|
|
71
71
|
layer: "hisecure-core"
|
|
72
72
|
});
|
|
73
73
|
}
|
|
74
|
-
// Public Fluent
|
|
74
|
+
// Public Fluent API
|
|
75
75
|
static auth(options) {
|
|
76
76
|
const instance = this.getInstance();
|
|
77
77
|
if (!instance.authManager) {
|
|
@@ -120,7 +120,7 @@ class HiSecure {
|
|
|
120
120
|
static async verify(value, hash) {
|
|
121
121
|
return this.getInstance().hashManager.verify(value, hash);
|
|
122
122
|
}
|
|
123
|
-
// Global Middleware
|
|
123
|
+
// Global Middleware - globalLevel
|
|
124
124
|
static middleware(options) {
|
|
125
125
|
const instance = this.getInstance();
|
|
126
126
|
if (typeof options === "string") {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"HiSecure.js","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":";;;;;;AACA,2CAA4C;AAC5C,iDAAuD;AACvD,wDAAkD;AAClD,0DAAoD;AACpD,wCAAoC;AAEpC,WAAW;AACX,iEAA2D;AAC3D,mEAA6D;AAC7D,2EAAqE;AACrE,yEAAmE;AACnE,6DAAuD;AACvD,uFAAiF;AACjF,+EAAyE;AACzE,6DAAuD;AAEvD,WAAW;AACX,+DAAyD;AACzD,yEAAmE;AACnE,yEAAmE;AACnE,yEAAmE;AACnE,+DAAyD;AACzD,+DAAyD;AACzD,+DAAyD;AAEzD,cAAc;AACd,oDAA4B;AAC5B,8CAAsB;AACtB,8DAAsC;AACtC,oEAA8D;AAK9D,MAAa,QAAQ;IAsBjB,YAAoB,aAAsC,EAAE;QAnBpD,gBAAW,GAAG,KAAK,CAAC;QAoBxB,IAAI,CAAC,MAAM,GAAG,IAAA,wBAAS,EAAC,yBAAa,EAAE,UAAU,CAAC,CAAC;IACvD,CAAC;IAED,mBAAmB;IAEnB,MAAM,CAAC,WAAW,CAAC,MAAgC;QAC/C,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACrB,gBAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBACvC,KAAK,EAAE,eAAe;aACzB,CAAC,CAAC;YACH,QAAQ,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;YACzC,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QACD,OAAO,QAAQ,CAAC,QAAQ,CAAC;IAC7B,CAAC;IAED,MAAM,CAAC,aAAa;QAChB,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC;IAC7B,CAAC;IAED,IAAI;QACA,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACnB,gBAAM,CAAC,IAAI,CAAC,8CAA8C,EAAE;gBACxD,KAAK,EAAE,eAAe;aACzB,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;YAC5C,KAAK,EAAE,eAAe;YACtB,GAAG,EAAE,uBAAQ;YACb,OAAO,EAAE,0BAAW;SACvB,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAE5B,IAAA,0BAAU,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAExB,gBAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE;YAC9C,KAAK,EAAE,eAAe;SACzB,CAAC,CAAC;IACP,CAAC;IAED,qBAAqB;IAGrB,MAAM,CAAC,IAAI,CAAC,OAAkD;QAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACpC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QAC1E,CAAC;QACD,OAAO,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,MAAwB;QACpC,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,OAAa;QACzB,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,CAAC,SAAS,CAAC,MAA6C;QAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAEpC,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7B,gBAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;gBACrC,KAAK,EAAE,eAAe;gBACtB,MAAM;aACT,CAAC,CAAC;YAEH,MAAM,OAAO,GAAQ;gBACjB,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC1B,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;gBAC5B,GAAG,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE;aACvB,CAAC;YACF,OAAO,QAAQ,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QACjE,CAAC;QAED,OAAO,QAAQ,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACrB,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACpC,OAAO;YACH,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC;YACxC,QAAQ,CAAC,WAAW,CAAC,UAAU,EAAE;SACpC,CAAC;IACN,CAAC;IAED,YAAY;IAEZ,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAa;QAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACpC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/E,OAAO,MAAM,CAAC,IAAI,CAAC;IACvB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,IAAY;QAC3C,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC9D,CAAC;IAeD,oBAAoB;IAEpB,MAAM,CAAC,UAAU,CAAC,OAAqD;QACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAEpC,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC9B,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;gBAC5C,KAAK,EAAE,eAAe;gBACtB,MAAM,EAAE,OAAO;aAClB,CAAC,CAAC;YAEH,MAAM,OAAO,GAAQ;gBACjB,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE;gBACzD,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;gBACvE,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE;aAC3D,CAAC;YAEF,OAAO,QAAQ,CAAC,qBAAqB,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,OAAO,QAAQ,CAAC,qBAAqB,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,iBAAiB;IAET,aAAa;QACjB,gBAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE;YAClC,KAAK,EAAE,eAAe;SACzB,CAAC,CAAC;QAEH,IAAI,CAAC,cAAc;YACf,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,KAAK,QAAQ;gBACpC,CAAC,CAAC,IAAI,8BAAY,EAAE;gBACpB,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE5D,IAAI,CAAC,eAAe;YAChB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;gBACrC,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;gBACnD,CAAC,CAAC,IAAI,CAAC;QAEf,gBAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE;YACvC,KAAK,EAAE,eAAe;YACtB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO;YACpC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,IAAI,IAAI;SACjD,CAAC,CAAC;QAEH,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe;YAC7D,CAAC,CAAC,IAAI,wCAAiB,EAAE;YACzB,CAAC,CAAC,IAAI,sCAAgB,EAAE,CAAC;QAE7B,IAAI,CAAC,mBAAmB,GAAG,IAAI,sCAAgB,EAAE,CAAC;QAElD,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;YAC5C,KAAK,EAAE,eAAe;YACtB,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe;SACpD,CAAC,CAAC;QAEH,IAAI,CAAC,gBAAgB,GAAG,IAAI,4CAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACvE,IAAI,CAAC,iBAAiB,GAAG,IAAI,0BAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAE/D,gBAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;YACzC,KAAK,EAAE,eAAe;YACtB,OAAO,EAAE,eAAe;YACxB,QAAQ,EAAE,KAAK;SAClB,CAAC,CAAC;IACP,CAAC;IAEO,aAAa;QACjB,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAC9B,IAAI,CAAC,MAAM,CAAC,OAAO,EACnB,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,eAAe,CACvB,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CACxC,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,mBAAmB,CAC3B,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CACxC,IAAI,0BAAU,EAAE,EAChB,IAAI,oDAAuB,EAAE,CAChC,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CACxC,IAAI,CAAC,gBAAgB,EACrB,IAAI,CAAC,iBAAiB,CACzB,CAAC;QAEF,gBAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;YACrC,KAAK,EAAE,eAAe;YACtB,QAAQ,EAAE,CAAC,MAAM,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,CAAC;SAC7D,CAAC,CAAC;IACP,CAAC;IAEO,oBAAoB;QACxB,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QAErC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAC3B,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAAC;gBAC/B,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU;gBAChE,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBAC3C,cAAc,EACV,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc;aACtE,CAAC,CAAC;YAEH,gBAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE;gBAClC,KAAK,EAAE,eAAe;gBACtB,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc;aAC5C,CAAC,CAAC;QACP,CAAC;aAAM,CAAC;YACJ,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;gBACnC,KAAK,EAAE,eAAe;aACzB,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAEO,qBAAqB,CAAC,OAAsB;QAChD,MAAM,KAAK,GAAU,EAAE,CAAC;QAExB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAEhE,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,gBAAM,GAAE,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,aAAG,GAAE,CAAC,CAAC;QAE7C,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB;YAC7B,KAAK,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;QAErD,IAAI,OAAO,CAAC,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC5E,IAAI,OAAO,CAAC,QAAQ;YAChB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC,CAAC;QAEnD,IAAI,OAAO,CAAC,SAAS;YACjB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QAErD,IAAI,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW;YAChC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;QAE3C,KAAK,CAAC,IAAI,CAAC,8BAAY,CAAC,CAAC;QACzB,OAAO,KAAK,CAAC;IACjB,CAAC;;AAhSL,4BAiSC;AAhSkB,iBAAQ,GAAoB,IAAI,AAAxB,CAAyB;AAmIzC,YAAG,GAAG;IACT,IAAI,EAAE,CAAC,OAAe,EAAE,OAAa,EAAE,EAAE,CACrC,QAAQ,CAAC,WAAW,EAAE,CAAC,WAAY,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC;IAE9D,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CACtB,QAAQ,CAAC,WAAW,EAAE,CAAC,WAAY,CAAC,MAAM,CAAC,KAAK,CAAC;IAErD,MAAM,EAAE;QACJ,aAAa,EAAE,CAAC,OAAe,EAAE,EAAE,CAC/B,QAAQ,CAAC,WAAW,EAAE,CAAC,WAAY,CAAC,mBAAmB,CAAC,OAAO,CAAC;KACvE;CACJ,AAXS,CAWR","sourcesContent":["import { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\nimport { defaultConfig } from \"./config.js\";\r\nimport { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\nimport { deepMerge } from \"../utils/deepMerge.js\";\r\nimport { deepFreeze } from \"../utils/deepFreeze.js\";\r\nimport { logger } from \"../logging\";\r\n\r\n// Adapters\r\nimport { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\nimport { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\nimport { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\nimport { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\nimport { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\nimport { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\nimport { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\nimport { XSSAdapter } from \"../adapters/XSSAdapter.js\";\r\n\r\n// Managers\r\nimport { HashManager } from \"../managers/HashManager.js\";\r\nimport { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\nimport { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\nimport { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\nimport { JsonManager } from \"../managers/JsonManager.js\";\r\nimport { CorsManager } from \"../managers/CorsManager.js\";\r\nimport { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// Middlewares\r\nimport helmet from \"helmet\";\r\nimport hpp from \"hpp\";\r\nimport compression from \"compression\";\r\nimport { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// Types\r\nimport { SecureOptions, ValidationSchema } from \"./types/SecureOptions.js\";\r\n\r\nexport class HiSecure {\r\n private static instance: HiSecure | null = null;\r\n private config: HiSecureConfig;\r\n private initialized = false;\r\n\r\n // Managers\r\n public hashManager!: HashManager;\r\n public rateLimitManager!: RateLimitManager;\r\n public validatorManager!: ValidatorManager;\r\n public sanitizerManager!: SanitizerManager;\r\n public jsonManager!: JsonManager;\r\n public corsManager!: CorsManager;\r\n public authManager?: AuthManager;\r\n\r\n // Internal adapters\r\n private hashingPrimary: any;\r\n private hashingFallback: any;\r\n private rateLimiterPrimary: any;\r\n private rateLimiterFallback: any;\r\n private sanitizerPrimary: any;\r\n private sanitizerFallback: any;\r\n\r\n private constructor(userConfig: Partial<HiSecureConfig> = {}) {\r\n this.config = deepMerge(defaultConfig, userConfig);\r\n }\r\n\r\n // Singleton & Init\r\n\r\n static getInstance(config?: Partial<HiSecureConfig>): HiSecure {\r\n if (!HiSecure.instance) {\r\n logger.info(\"Creating HiSecure singleton\", {\r\n layer: \"hisecure-core\"\r\n });\r\n HiSecure.instance = new HiSecure(config);\r\n HiSecure.instance.init();\r\n }\r\n return HiSecure.instance;\r\n }\r\n\r\n static resetInstance(): void {\r\n HiSecure.instance = null;\r\n }\r\n\r\n init(): void {\r\n if (this.initialized) {\r\n logger.warn(\"Initialization skipped (already initialized)\", {\r\n layer: \"hisecure-core\"\r\n });\r\n return;\r\n }\r\n\r\n logger.info(\"Framework initialization started\", {\r\n layer: \"hisecure-core\",\r\n lib: LIB_NAME,\r\n version: LIB_VERSION\r\n });\r\n\r\n this.setupAdapters();\r\n this.setupManagers();\r\n this.setupDynamicManagers();\r\n\r\n deepFreeze(this.config);\r\n this.initialized = true;\r\n\r\n logger.info(\"Framework initialized successfully\", {\r\n layer: \"hisecure-core\"\r\n });\r\n }\r\n\r\n // Public Fluent APIs\r\n \r\n\r\n static auth(options?: { required?: boolean; roles?: string[] }) {\r\n const instance = this.getInstance();\r\n if (!instance.authManager) {\r\n throw new Error(\"Auth not enabled. Set auth.enabled=true in config.\");\r\n }\r\n return instance.authManager.protect(options);\r\n }\r\n\r\n static validate(schema: ValidationSchema) {\r\n return this.getInstance().validatorManager.validate(schema);\r\n }\r\n\r\n static sanitize(options?: any) {\r\n return this.getInstance().sanitizerManager.middleware(options);\r\n }\r\n\r\n static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n const instance = this.getInstance();\r\n\r\n if (typeof preset === \"string\") {\r\n logger.info(\"Rate limit preset applied\", {\r\n layer: \"hisecure-core\",\r\n preset\r\n });\r\n\r\n const presets: any = {\r\n strict: { mode: \"strict\" },\r\n relaxed: { mode: \"relaxed\" },\r\n api: { mode: \"api\" }\r\n };\r\n return instance.rateLimitManager.middleware(presets[preset]);\r\n }\r\n\r\n return instance.rateLimitManager.middleware({ options: preset });\r\n }\r\n\r\n static cors(options?: any) {\r\n return this.getInstance().corsManager.middleware(options);\r\n }\r\n\r\n static json(options?: any) {\r\n const instance = this.getInstance();\r\n return [\r\n instance.jsonManager.middleware(options),\r\n instance.jsonManager.urlencoded()\r\n ];\r\n }\r\n\r\n // Utilities\r\n\r\n static async hash(value: string): Promise<string> {\r\n const instance = this.getInstance();\r\n const result = await instance.hashManager.hash(value, { allowFallback: true });\r\n return result.hash;\r\n }\r\n\r\n static async verify(value: string, hash: string): Promise<boolean> {\r\n return this.getInstance().hashManager.verify(value, hash);\r\n }\r\n\r\n static jwt = {\r\n sign: (payload: object, options?: any) =>\r\n HiSecure.getInstance().authManager!.sign(payload, options),\r\n\r\n verify: (token: string) =>\r\n HiSecure.getInstance().authManager!.verify(token),\r\n\r\n google: {\r\n verifyIdToken: (idToken: string) =>\r\n HiSecure.getInstance().authManager!.verifyGoogleIdToken(idToken)\r\n }\r\n };\r\n\r\n // Global Middleware\r\n\r\n static middleware(options?: SecureOptions | \"api\" | \"strict\" | \"public\") {\r\n const instance = this.getInstance();\r\n\r\n if (typeof options === \"string\") {\r\n logger.info(\"Global middleware preset applied\", {\r\n layer: \"hisecure-core\",\r\n preset: options\r\n });\r\n\r\n const presets: any = {\r\n api: { cors: true, rateLimit: \"relaxed\", sanitize: true },\r\n strict: { cors: true, rateLimit: \"strict\", sanitize: true, auth: true },\r\n public: { cors: true, rateLimit: true, sanitize: false }\r\n };\r\n\r\n return instance.createMiddlewareChain(presets[options] || {});\r\n }\r\n\r\n return instance.createMiddlewareChain(options || {});\r\n }\r\n\r\n // Internal Setup\r\n\r\n private setupAdapters() {\r\n logger.info(\"Adapters setup started\", {\r\n layer: \"hisecure-core\"\r\n });\r\n\r\n this.hashingPrimary =\r\n this.config.hashing.primary === \"argon2\"\r\n ? new ArgonAdapter()\r\n : new BcryptAdapter(this.config.hashing.saltRounds);\r\n\r\n this.hashingFallback =\r\n this.config.hashing.fallback === \"bcrypt\"\r\n ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n : null;\r\n\r\n logger.info(\"Hashing adapters configured\", {\r\n layer: \"hisecure-core\",\r\n primary: this.config.hashing.primary,\r\n fallback: this.config.hashing.fallback ?? null\r\n });\r\n\r\n this.rateLimiterPrimary = this.config.rateLimiter.useAdaptiveMode\r\n ? new RLFlexibleAdapter()\r\n : new ExpressRLAdapter();\r\n\r\n this.rateLimiterFallback = new ExpressRLAdapter();\r\n\r\n logger.info(\"Rate limiter adapters configured\", {\r\n layer: \"hisecure-core\",\r\n adaptive: this.config.rateLimiter.useAdaptiveMode\r\n });\r\n\r\n this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);\r\n this.sanitizerFallback = new XSSAdapter(this.config.sanitizer);\r\n\r\n logger.info(\"Sanitizer adapters configured\", {\r\n layer: \"hisecure-core\",\r\n primary: \"sanitize-html\",\r\n fallback: \"xss\"\r\n });\r\n }\r\n\r\n private setupManagers() {\r\n this.hashManager = new HashManager(\r\n this.config.hashing,\r\n this.hashingPrimary,\r\n this.hashingFallback\r\n );\r\n\r\n this.rateLimitManager = new RateLimitManager(\r\n this.config.rateLimiter,\r\n this.rateLimiterPrimary,\r\n this.rateLimiterFallback\r\n );\r\n\r\n this.validatorManager = new ValidatorManager(\r\n new ZodAdapter(),\r\n new ExpressValidatorAdapter()\r\n );\r\n\r\n this.sanitizerManager = new SanitizerManager(\r\n this.sanitizerPrimary,\r\n this.sanitizerFallback\r\n );\r\n\r\n logger.info(\"Core managers initialized\", {\r\n layer: \"hisecure-core\",\r\n managers: [\"hash\", \"rate-limit\", \"validator\", \"sanitizer\"]\r\n });\r\n }\r\n\r\n private setupDynamicManagers() {\r\n this.jsonManager = new JsonManager();\r\n this.corsManager = new CorsManager();\r\n\r\n if (this.config.auth.enabled) {\r\n this.authManager = new AuthManager({\r\n jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,\r\n jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n googleClientId:\r\n process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId\r\n });\r\n\r\n logger.info(\"Authentication enabled\", {\r\n layer: \"hisecure-core\",\r\n google: !!this.config.auth.googleClientId\r\n });\r\n } else {\r\n logger.info(\"Authentication disabled\", {\r\n layer: \"hisecure-core\"\r\n });\r\n }\r\n }\r\n\r\n private createMiddlewareChain(options: SecureOptions): any[] {\r\n const chain: any[] = [];\r\n\r\n chain.push(this.jsonManager.middleware(this.config.json));\r\n chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n\r\n if (this.config.enableHelmet) chain.push(helmet());\r\n if (this.config.enableHPP) chain.push(hpp());\r\n\r\n if (this.config.enableCompression)\r\n chain.push(compression(this.config.compression));\r\n\r\n if (options.cors) chain.push(this.corsManager.middleware(this.config.cors));\r\n if (options.sanitize)\r\n chain.push(this.sanitizerManager.middleware());\r\n\r\n if (options.rateLimit)\r\n chain.push(this.rateLimitManager.middleware({}));\r\n\r\n if (options.auth && this.authManager)\r\n chain.push(this.authManager.protect());\r\n\r\n chain.push(errorHandler);\r\n return chain;\r\n }\r\n}\r\n"]}
|
|
1
|
+
{"version":3,"file":"HiSecure.js","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":";;;;;;AACA,2CAA4C;AAC5C,iDAAuD;AACvD,wDAAkD;AAClD,0DAAoD;AACpD,wCAAoC;AAEpC,WAAW;AACX,iEAA2D;AAC3D,mEAA6D;AAC7D,2EAAqE;AACrE,yEAAmE;AACnE,6DAAuD;AACvD,uFAAiF;AACjF,+EAAyE;AACzE,6DAAuD;AAEvD,WAAW;AACX,+DAAyD;AACzD,yEAAmE;AACnE,yEAAmE;AACnE,yEAAmE;AACnE,+DAAyD;AACzD,+DAAyD;AACzD,+DAAyD;AAEzD,cAAc;AACd,oDAA4B;AAC5B,8CAAsB;AACtB,8DAAsC;AACtC,oEAA8D;AAK9D,MAAa,QAAQ;IAsBjB,YAAoB,aAAsC,EAAE;QAnBpD,gBAAW,GAAG,KAAK,CAAC;QAoBxB,IAAI,CAAC,MAAM,GAAG,IAAA,wBAAS,EAAC,yBAAa,EAAE,UAAU,CAAC,CAAC;IACvD,CAAC;IAED,mBAAmB;IAEnB,MAAM,CAAC,WAAW,CAAC,MAAgC;QAC/C,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACrB,gBAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBACvC,KAAK,EAAE,eAAe;aACzB,CAAC,CAAC;YACH,QAAQ,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;YACzC,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QACD,OAAO,QAAQ,CAAC,QAAQ,CAAC;IAC7B,CAAC;IAED,MAAM,CAAC,aAAa;QAChB,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC;IAC7B,CAAC;IAED,IAAI;QACA,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACnB,gBAAM,CAAC,IAAI,CAAC,8CAA8C,EAAE;gBACxD,KAAK,EAAE,eAAe;aACzB,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;YAC5C,KAAK,EAAE,eAAe;YACtB,GAAG,EAAE,uBAAQ;YACb,OAAO,EAAE,0BAAW;SACvB,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAE5B,IAAA,0BAAU,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAExB,gBAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE;YAC9C,KAAK,EAAE,eAAe;SACzB,CAAC,CAAC;IACP,CAAC;IAED,oBAAoB;IACpB,MAAM,CAAC,IAAI,CAAC,OAAkD;QAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACpC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QAC1E,CAAC;QACD,OAAO,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,MAAwB;QACpC,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,OAAa;QACzB,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,CAAC,SAAS,CAAC,MAA6C;QAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAEpC,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7B,gBAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;gBACrC,KAAK,EAAE,eAAe;gBACtB,MAAM;aACT,CAAC,CAAC;YAEH,MAAM,OAAO,GAAQ;gBACjB,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC1B,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;gBAC5B,GAAG,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE;aACvB,CAAC;YACF,OAAO,QAAQ,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QACjE,CAAC;QAED,OAAO,QAAQ,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACrB,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACpC,OAAO;YACH,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC;YACxC,QAAQ,CAAC,WAAW,CAAC,UAAU,EAAE;SACpC,CAAC;IACN,CAAC;IAED,YAAY;IAEZ,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAa;QAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACpC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/E,OAAO,MAAM,CAAC,IAAI,CAAC;IACvB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,IAAY;QAC3C,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC9D,CAAC;IAeD,kCAAkC;IAClC,MAAM,CAAC,UAAU,CAAC,OAAqD;QACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAEpC,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC9B,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;gBAC5C,KAAK,EAAE,eAAe;gBACtB,MAAM,EAAE,OAAO;aAClB,CAAC,CAAC;YAEH,MAAM,OAAO,GAAQ;gBACjB,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE;gBACzD,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;gBACvE,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE;aAC3D,CAAC;YAEF,OAAO,QAAQ,CAAC,qBAAqB,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,OAAO,QAAQ,CAAC,qBAAqB,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,iBAAiB;IAET,aAAa;QACjB,gBAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE;YAClC,KAAK,EAAE,eAAe;SACzB,CAAC,CAAC;QAEH,IAAI,CAAC,cAAc;YACf,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,KAAK,QAAQ;gBACpC,CAAC,CAAC,IAAI,8BAAY,EAAE;gBACpB,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE5D,IAAI,CAAC,eAAe;YAChB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;gBACrC,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;gBACnD,CAAC,CAAC,IAAI,CAAC;QAEf,gBAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE;YACvC,KAAK,EAAE,eAAe;YACtB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO;YACpC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,IAAI,IAAI;SACjD,CAAC,CAAC;QAEH,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe;YAC7D,CAAC,CAAC,IAAI,wCAAiB,EAAE;YACzB,CAAC,CAAC,IAAI,sCAAgB,EAAE,CAAC;QAE7B,IAAI,CAAC,mBAAmB,GAAG,IAAI,sCAAgB,EAAE,CAAC;QAElD,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;YAC5C,KAAK,EAAE,eAAe;YACtB,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe;SACpD,CAAC,CAAC;QAEH,IAAI,CAAC,gBAAgB,GAAG,IAAI,4CAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACvE,IAAI,CAAC,iBAAiB,GAAG,IAAI,0BAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAE/D,gBAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;YACzC,KAAK,EAAE,eAAe;YACtB,OAAO,EAAE,eAAe;YACxB,QAAQ,EAAE,KAAK;SAClB,CAAC,CAAC;IACP,CAAC;IAEO,aAAa;QACjB,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAC9B,IAAI,CAAC,MAAM,CAAC,OAAO,EACnB,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,eAAe,CACvB,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CACxC,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,mBAAmB,CAC3B,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CACxC,IAAI,0BAAU,EAAE,EAChB,IAAI,oDAAuB,EAAE,CAChC,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CACxC,IAAI,CAAC,gBAAgB,EACrB,IAAI,CAAC,iBAAiB,CACzB,CAAC;QAEF,gBAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;YACrC,KAAK,EAAE,eAAe;YACtB,QAAQ,EAAE,CAAC,MAAM,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,CAAC;SAC7D,CAAC,CAAC;IACP,CAAC;IAEO,oBAAoB;QACxB,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QAErC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAC3B,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAAC;gBAC/B,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU;gBAChE,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBAC3C,cAAc,EACV,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc;aACtE,CAAC,CAAC;YAEH,gBAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE;gBAClC,KAAK,EAAE,eAAe;gBACtB,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc;aAC5C,CAAC,CAAC;QACP,CAAC;aAAM,CAAC;YACJ,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;gBACnC,KAAK,EAAE,eAAe;aACzB,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAEO,qBAAqB,CAAC,OAAsB;QAChD,MAAM,KAAK,GAAU,EAAE,CAAC;QAExB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAEhE,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,gBAAM,GAAE,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,aAAG,GAAE,CAAC,CAAC;QAE7C,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB;YAC7B,KAAK,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;QAErD,IAAI,OAAO,CAAC,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC5E,IAAI,OAAO,CAAC,QAAQ;YAChB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC,CAAC;QAEnD,IAAI,OAAO,CAAC,SAAS;YACjB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QAErD,IAAI,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW;YAChC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;QAE3C,KAAK,CAAC,IAAI,CAAC,8BAAY,CAAC,CAAC;QACzB,OAAO,KAAK,CAAC;IACjB,CAAC;;AA7RL,4BA8RC;AA7RkB,iBAAQ,GAAoB,IAAI,AAAxB,CAAyB;AAiIzC,YAAG,GAAG;IACT,IAAI,EAAE,CAAC,OAAe,EAAE,OAAa,EAAE,EAAE,CACrC,QAAQ,CAAC,WAAW,EAAE,CAAC,WAAY,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC;IAE9D,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CACtB,QAAQ,CAAC,WAAW,EAAE,CAAC,WAAY,CAAC,MAAM,CAAC,KAAK,CAAC;IAErD,MAAM,EAAE;QACJ,aAAa,EAAE,CAAC,OAAe,EAAE,EAAE,CAC/B,QAAQ,CAAC,WAAW,EAAE,CAAC,WAAY,CAAC,mBAAmB,CAAC,OAAO,CAAC;KACvE;CACJ,AAXS,CAWR","sourcesContent":["import { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\nimport { defaultConfig } from \"./config.js\";\r\nimport { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\nimport { deepMerge } from \"../utils/deepMerge.js\";\r\nimport { deepFreeze } from \"../utils/deepFreeze.js\";\r\nimport { logger } from \"../logging\";\r\n\r\n// Adapters\r\nimport { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\nimport { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\nimport { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\nimport { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\nimport { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\nimport { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\nimport { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\nimport { XSSAdapter } from \"../adapters/XSSAdapter.js\";\r\n\r\n// Managers\r\nimport { HashManager } from \"../managers/HashManager.js\";\r\nimport { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\nimport { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\nimport { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\nimport { JsonManager } from \"../managers/JsonManager.js\";\r\nimport { CorsManager } from \"../managers/CorsManager.js\";\r\nimport { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// Middlewares\r\nimport helmet from \"helmet\";\r\nimport hpp from \"hpp\";\r\nimport compression from \"compression\";\r\nimport { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// Types\r\nimport { SecureOptions, ValidationSchema } from \"./types/SecureOptions.js\";\r\n\r\nexport class HiSecure {\r\n private static instance: HiSecure | null = null;\r\n private config: HiSecureConfig;\r\n private initialized = false;\r\n\r\n // Managers\r\n public hashManager!: HashManager;\r\n public rateLimitManager!: RateLimitManager;\r\n public validatorManager!: ValidatorManager;\r\n public sanitizerManager!: SanitizerManager;\r\n public jsonManager!: JsonManager;\r\n public corsManager!: CorsManager;\r\n public authManager?: AuthManager;\r\n\r\n // Internal adapters\r\n private hashingPrimary: any;\r\n private hashingFallback: any;\r\n private rateLimiterPrimary: any;\r\n private rateLimiterFallback: any;\r\n private sanitizerPrimary: any;\r\n private sanitizerFallback: any;\r\n\r\n private constructor(userConfig: Partial<HiSecureConfig> = {}) {\r\n this.config = deepMerge(defaultConfig, userConfig);\r\n }\r\n\r\n // Singleton & Init\r\n\r\n static getInstance(config?: Partial<HiSecureConfig>): HiSecure {\r\n if (!HiSecure.instance) {\r\n logger.info(\"Creating HiSecure singleton\", {\r\n layer: \"hisecure-core\"\r\n });\r\n HiSecure.instance = new HiSecure(config);\r\n HiSecure.instance.init();\r\n }\r\n return HiSecure.instance;\r\n }\r\n\r\n static resetInstance(): void {\r\n HiSecure.instance = null;\r\n }\r\n\r\n init(): void {\r\n if (this.initialized) {\r\n logger.warn(\"Initialization skipped (already initialized)\", {\r\n layer: \"hisecure-core\"\r\n });\r\n return;\r\n }\r\n\r\n logger.info(\"Framework initialization started\", {\r\n layer: \"hisecure-core\",\r\n lib: LIB_NAME,\r\n version: LIB_VERSION\r\n });\r\n\r\n this.setupAdapters();\r\n this.setupManagers();\r\n this.setupDynamicManagers();\r\n\r\n deepFreeze(this.config);\r\n this.initialized = true;\r\n\r\n logger.info(\"Framework initialized successfully\", {\r\n layer: \"hisecure-core\"\r\n });\r\n }\r\n\r\n // Public Fluent API\r\n static auth(options?: { required?: boolean; roles?: string[] }) {\r\n const instance = this.getInstance();\r\n if (!instance.authManager) {\r\n throw new Error(\"Auth not enabled. Set auth.enabled=true in config.\");\r\n }\r\n return instance.authManager.protect(options);\r\n }\r\n\r\n static validate(schema: ValidationSchema) {\r\n return this.getInstance().validatorManager.validate(schema);\r\n }\r\n\r\n static sanitize(options?: any) {\r\n return this.getInstance().sanitizerManager.middleware(options);\r\n }\r\n\r\n static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n const instance = this.getInstance();\r\n\r\n if (typeof preset === \"string\") {\r\n logger.info(\"Rate limit preset applied\", {\r\n layer: \"hisecure-core\",\r\n preset\r\n });\r\n\r\n const presets: any = {\r\n strict: { mode: \"strict\" },\r\n relaxed: { mode: \"relaxed\" },\r\n api: { mode: \"api\" }\r\n };\r\n return instance.rateLimitManager.middleware(presets[preset]);\r\n }\r\n\r\n return instance.rateLimitManager.middleware({ options: preset });\r\n }\r\n\r\n static cors(options?: any) {\r\n return this.getInstance().corsManager.middleware(options);\r\n }\r\n\r\n static json(options?: any) {\r\n const instance = this.getInstance();\r\n return [\r\n instance.jsonManager.middleware(options),\r\n instance.jsonManager.urlencoded()\r\n ];\r\n }\r\n\r\n // Utilities\r\n\r\n static async hash(value: string): Promise<string> {\r\n const instance = this.getInstance();\r\n const result = await instance.hashManager.hash(value, { allowFallback: true });\r\n return result.hash;\r\n }\r\n\r\n static async verify(value: string, hash: string): Promise<boolean> {\r\n return this.getInstance().hashManager.verify(value, hash);\r\n }\r\n\r\n static jwt = {\r\n sign: (payload: object, options?: any) =>\r\n HiSecure.getInstance().authManager!.sign(payload, options),\r\n\r\n verify: (token: string) =>\r\n HiSecure.getInstance().authManager!.verify(token),\r\n\r\n google: {\r\n verifyIdToken: (idToken: string) =>\r\n HiSecure.getInstance().authManager!.verifyGoogleIdToken(idToken)\r\n }\r\n };\r\n\r\n // Global Middleware - globalLevel\r\n static middleware(options?: SecureOptions | \"api\" | \"strict\" | \"public\") {\r\n const instance = this.getInstance();\r\n\r\n if (typeof options === \"string\") {\r\n logger.info(\"Global middleware preset applied\", {\r\n layer: \"hisecure-core\",\r\n preset: options\r\n });\r\n\r\n const presets: any = {\r\n api: { cors: true, rateLimit: \"relaxed\", sanitize: true },\r\n strict: { cors: true, rateLimit: \"strict\", sanitize: true, auth: true },\r\n public: { cors: true, rateLimit: true, sanitize: false }\r\n };\r\n\r\n return instance.createMiddlewareChain(presets[options] || {});\r\n }\r\n\r\n return instance.createMiddlewareChain(options || {});\r\n }\r\n\r\n // Internal Setup\r\n\r\n private setupAdapters() {\r\n logger.info(\"Adapters setup started\", {\r\n layer: \"hisecure-core\"\r\n });\r\n\r\n this.hashingPrimary =\r\n this.config.hashing.primary === \"argon2\"\r\n ? new ArgonAdapter()\r\n : new BcryptAdapter(this.config.hashing.saltRounds);\r\n\r\n this.hashingFallback =\r\n this.config.hashing.fallback === \"bcrypt\"\r\n ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n : null;\r\n\r\n logger.info(\"Hashing adapters configured\", {\r\n layer: \"hisecure-core\",\r\n primary: this.config.hashing.primary,\r\n fallback: this.config.hashing.fallback ?? null\r\n });\r\n\r\n this.rateLimiterPrimary = this.config.rateLimiter.useAdaptiveMode\r\n ? new RLFlexibleAdapter()\r\n : new ExpressRLAdapter();\r\n\r\n this.rateLimiterFallback = new ExpressRLAdapter();\r\n\r\n logger.info(\"Rate limiter adapters configured\", {\r\n layer: \"hisecure-core\",\r\n adaptive: this.config.rateLimiter.useAdaptiveMode\r\n });\r\n\r\n this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);\r\n this.sanitizerFallback = new XSSAdapter(this.config.sanitizer);\r\n\r\n logger.info(\"Sanitizer adapters configured\", {\r\n layer: \"hisecure-core\",\r\n primary: \"sanitize-html\",\r\n fallback: \"xss\"\r\n });\r\n }\r\n\r\n private setupManagers() {\r\n this.hashManager = new HashManager(\r\n this.config.hashing,\r\n this.hashingPrimary,\r\n this.hashingFallback\r\n );\r\n\r\n this.rateLimitManager = new RateLimitManager(\r\n this.config.rateLimiter,\r\n this.rateLimiterPrimary,\r\n this.rateLimiterFallback\r\n );\r\n\r\n this.validatorManager = new ValidatorManager(\r\n new ZodAdapter(),\r\n new ExpressValidatorAdapter()\r\n );\r\n\r\n this.sanitizerManager = new SanitizerManager(\r\n this.sanitizerPrimary,\r\n this.sanitizerFallback\r\n );\r\n\r\n logger.info(\"Core managers initialized\", {\r\n layer: \"hisecure-core\",\r\n managers: [\"hash\", \"rate-limit\", \"validator\", \"sanitizer\"]\r\n });\r\n }\r\n\r\n private setupDynamicManagers() {\r\n this.jsonManager = new JsonManager();\r\n this.corsManager = new CorsManager();\r\n\r\n if (this.config.auth.enabled) {\r\n this.authManager = new AuthManager({\r\n jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,\r\n jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n googleClientId:\r\n process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId\r\n });\r\n\r\n logger.info(\"Authentication enabled\", {\r\n layer: \"hisecure-core\",\r\n google: !!this.config.auth.googleClientId\r\n });\r\n } else {\r\n logger.info(\"Authentication disabled\", {\r\n layer: \"hisecure-core\"\r\n });\r\n }\r\n }\r\n\r\n private createMiddlewareChain(options: SecureOptions): any[] {\r\n const chain: any[] = [];\r\n\r\n chain.push(this.jsonManager.middleware(this.config.json));\r\n chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n\r\n if (this.config.enableHelmet) chain.push(helmet());\r\n if (this.config.enableHPP) chain.push(hpp());\r\n\r\n if (this.config.enableCompression)\r\n chain.push(compression(this.config.compression));\r\n\r\n if (options.cors) chain.push(this.corsManager.middleware(this.config.cors));\r\n if (options.sanitize)\r\n chain.push(this.sanitizerManager.middleware());\r\n\r\n if (options.rateLimit)\r\n chain.push(this.rateLimitManager.middleware({}));\r\n\r\n if (options.auth && this.authManager)\r\n chain.push(this.authManager.protect());\r\n\r\n chain.push(errorHandler);\r\n return chain;\r\n }\r\n}"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthManager.js","sourceRoot":"","sources":["../../src/managers/AuthManager.ts"],"names":[],"mappings":";;;AAAA,uDAAoD;AACpD,6DAA0D;AAC1D,8DAA2D;AAC3D,wDAAqD;AAErD,wCAAoC;AAapC,MAAa,WAAW;IAIpB,YAAY,IAAiB;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YAClB,MAAM,IAAI,2BAAY,CAAC,mCAAmC,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC7B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACpC,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM;gBACjB,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM;aACtC,CAAC,CAAC;QACP,CAAC;QAED,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;YACnC,KAAK,EAAE,cAAc;YACrB,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI;YACvC,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,cAAc;SACvC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,GAAG,IAAI,uBAAU,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS;YACtB,SAAS,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI;SACvC,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtB,IAAI,CAAC,aAAa,GAAG,IAAI,6BAAa,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC5D,gBAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;gBACzC,KAAK,EAAE,cAAc;aACxB,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAuD;QACzE,gBAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE;YAC9B,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,CAAC,KAAa;QAChB,gBAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE;YAChC,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,QAAQ;SACtB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,OAAe;QACrC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACtB,MAAM,IAAI,2BAAY,CAAC,+BAA+B,CAAC,CAAC;QAC5D,CAAC;QAED,gBAAM,CAAC,IAAI,CAAC,wCAAwC,EAAE;YAClD,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,eAAe;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC;YACD,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAC3D,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE;gBAChD,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,eAAe;gBAC1B,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,qBAAS,CAAC,YAAY,CAAC,yBAAyB,CAAC,CAAC;QAC5D,CAAC;IACL,CAAC;IAED,OAAO,CAAC,OAAwB;QAC5B,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC;QAC3C,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;QAE7B,OAAO,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB,EAAE,EAAE;YACxD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAE5C,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvB,OAAO,IAAI,EAAE,CAAC;YAClB,CAAC;YAED,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,gBAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE;oBACxC,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,qBAAS,CAAC,YAAY,CAAC,8BAA8B,CAAC,CAAC,CAAC;YACxE,CAAC;YAED,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAChD,IAAI,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;gBAC9B,gBAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE;oBAC/C,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,qBAAS,CAAC,YAAY,CAAC,8BAA8B,CAAC,CAAC,CAAC;YACxE,CAAC;YAED,IAAI,CAAC;gBACD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAElC,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC;gBAC3B,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC;gBAE5B,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC5B,MAAM,QAAQ,GACT,OAAe,CAAC,IAAI,IAAK,OAAe,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;oBAEzD,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACzC,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;4BAC5C,KAAK,EAAE,cAAc;4BACrB,SAAS,EAAE,WAAW;4BACtB,IAAI,EAAE,GAAG,CAAC,IAAI;4BACd,aAAa,EAAE,KAAK;4BACpB,QAAQ;yBACX,CAAC,CAAC;wBAEH,OAAO,IAAI,CAAC,qBAAS,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC,CAAC;oBACjE,CAAC;gBACL,CAAC;gBAED,OAAO,IAAI,EAAE,CAAC;YAClB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAChB,gBAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE;oBACtC,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,MAAM,EAAE,GAAG,EAAE,OAAO;iBACvB,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,qBAAS,CAAC,YAAY,CAAC,0BAA0B,CAAC,CAAC,CAAC;YACpE,CAAC;QACL,CAAC,CAAC;IACN,CAAC;CACJ;AAlJD,kCAkJC","sourcesContent":["import { JWTAdapter } from \"../adapters/JWTAdapter\";\r\nimport { GoogleAdapter } from \"../adapters/GoogleAdapter\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { HttpError } from \"../core/errors/HttpError\";\r\nimport { Request, Response, NextFunction } from \"express\";\r\nimport { logger } from \"../logging\";\r\n\r\nexport interface AuthOptions {\r\n jwtSecret: string;\r\n jwtExpiresIn?: string | number;\r\n googleClientId?: string;\r\n}\r\n\r\nexport interface ProtectOptions {\r\n required?: boolean;\r\n roles?: string[];\r\n}\r\n\r\nexport class AuthManager {\r\n private jwtAdapter: JWTAdapter;\r\n private googleAdapter?: GoogleAdapter;\r\n\r\n constructor(opts: AuthOptions) {\r\n if (!opts.jwtSecret) {\r\n throw new AdapterError(\"jwtSecret required in AuthOptions\");\r\n }\r\n\r\n if (opts.jwtSecret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n layer: \"auth-manager\",\r\n operation: \"init\",\r\n secretLength: opts.jwtSecret.length\r\n });\r\n }\r\n\r\n logger.info(\"AuthManager initialized\", {\r\n layer: \"auth-manager\",\r\n jwtExpiresIn: opts.jwtExpiresIn ?? \"1d\",\r\n googleEnabled: !!opts.googleClientId\r\n });\r\n\r\n this.jwtAdapter = new JWTAdapter({\r\n secret: opts.jwtSecret,\r\n expiresIn: opts.jwtExpiresIn ?? \"1d\"\r\n });\r\n\r\n if (opts.googleClientId) {\r\n this.googleAdapter = new GoogleAdapter(opts.googleClientId);\r\n logger.info(\"Google authentication enabled\", {\r\n layer: \"auth-manager\"\r\n });\r\n }\r\n }\r\n\r\n sign(payload: object, options?: { expiresIn?: string | number; jti?: string }) {\r\n logger.info(\"JWT sign requested\", {\r\n layer: \"auth-manager\",\r\n operation: \"sign\"\r\n });\r\n\r\n return this.jwtAdapter.sign(payload, options);\r\n }\r\n\r\n verify(token: string) {\r\n logger.info(\"JWT verify requested\", {\r\n layer: \"auth-manager\",\r\n operation: \"verify\"\r\n });\r\n\r\n return this.jwtAdapter.verify(token);\r\n }\r\n\r\n async verifyGoogleIdToken(idToken: string) {\r\n if (!this.googleAdapter) {\r\n throw new AdapterError(\"GoogleAdapter not configured.\");\r\n }\r\n\r\n logger.info(\"Google ID token verification requested\", {\r\n layer: \"auth-manager\",\r\n operation: \"google-verify\"\r\n });\r\n\r\n try {\r\n return await this.googleAdapter.verifyIdToken(idToken);\r\n } catch (err: any) {\r\n logger.error(\"Google ID token verification failed\", {\r\n layer: \"auth-manager\",\r\n operation: \"google-verify\",\r\n reason: err?.message\r\n });\r\n\r\n throw HttpError.Unauthorized(\"Invalid Google ID token\");\r\n }\r\n }\r\n\r\n protect(options?: ProtectOptions) {\r\n const required = options?.required ?? true;\r\n const roles = options?.roles;\r\n\r\n return (req: Request, _res: Response, next: NextFunction) => {\r\n const header = req.headers[\"authorization\"];\r\n\r\n if (!required && !header) {\r\n return next();\r\n }\r\n\r\n if (!header) {\r\n logger.warn(\"Authorization header missing\", {\r\n layer: \"auth-manager\",\r\n operation: \"protect\",\r\n path: req.path,\r\n method: req.method\r\n });\r\n return next(HttpError.Unauthorized(\"Missing Authorization header\"));\r\n }\r\n\r\n const [type, token] = String(header).split(\" \");\r\n if (type !== \"Bearer\" || !token) {\r\n logger.warn(\"Invalid Authorization header format\", {\r\n layer: \"auth-manager\",\r\n operation: \"protect\",\r\n path: req.path,\r\n method: req.method\r\n });\r\n return next(HttpError.Unauthorized(\"Invalid Authorization header\"));\r\n }\r\n\r\n try {\r\n const decoded = this.verify(token);\r\n\r\n (req as any).auth = decoded;\r\n (req as any).user = decoded;\r\n\r\n if (roles && roles.length > 0) {\r\n const userRole =\r\n (decoded as any).role || (decoded as any).roles?.[0];\r\n\r\n if (!userRole || !roles.includes(userRole)) {\r\n logger.warn(\"Access denied: insufficient role\", {\r\n layer: \"auth-manager\",\r\n operation: \"authorize\",\r\n path: req.path,\r\n requiredRoles: roles,\r\n userRole\r\n });\r\n\r\n return next(HttpError.Forbidden(\"Insufficient permissions\"));\r\n }\r\n }\r\n\r\n return next();\r\n } catch (err: any) {\r\n logger.error(\"JWT authentication failed\", {\r\n layer: \"auth-manager\",\r\n operation: \"protect\",\r\n path: req.path,\r\n method: req.method,\r\n reason: err?.message\r\n });\r\n\r\n return next(HttpError.Unauthorized(\"Invalid or expired token\"));\r\n }\r\n };\r\n }\r\n}
|
|
1
|
+
{"version":3,"file":"AuthManager.js","sourceRoot":"","sources":["../../src/managers/AuthManager.ts"],"names":[],"mappings":";;;AAAA,uDAAoD;AACpD,6DAA0D;AAC1D,8DAA2D;AAC3D,wDAAqD;AAErD,wCAAoC;AAapC,MAAa,WAAW;IAIpB,YAAY,IAAiB;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YAClB,MAAM,IAAI,2BAAY,CAAC,mCAAmC,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC7B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACpC,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM;gBACjB,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM;aACtC,CAAC,CAAC;QACP,CAAC;QAED,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;YACnC,KAAK,EAAE,cAAc;YACrB,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI;YACvC,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,cAAc;SACvC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,GAAG,IAAI,uBAAU,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS;YACtB,SAAS,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI;SACvC,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtB,IAAI,CAAC,aAAa,GAAG,IAAI,6BAAa,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC5D,gBAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;gBACzC,KAAK,EAAE,cAAc;aACxB,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAuD;QACzE,gBAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE;YAC9B,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,CAAC,KAAa;QAChB,gBAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE;YAChC,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,QAAQ;SACtB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,OAAe;QACrC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACtB,MAAM,IAAI,2BAAY,CAAC,+BAA+B,CAAC,CAAC;QAC5D,CAAC;QAED,gBAAM,CAAC,IAAI,CAAC,wCAAwC,EAAE;YAClD,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,eAAe;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC;YACD,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAC3D,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE;gBAChD,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,eAAe;gBAC1B,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,qBAAS,CAAC,YAAY,CAAC,yBAAyB,CAAC,CAAC;QAC5D,CAAC;IACL,CAAC;IAED,OAAO,CAAC,OAAwB;QAC5B,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC;QAC3C,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;QAE7B,OAAO,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB,EAAE,EAAE;YACxD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAE5C,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvB,OAAO,IAAI,EAAE,CAAC;YAClB,CAAC;YAED,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,gBAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE;oBACxC,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,qBAAS,CAAC,YAAY,CAAC,8BAA8B,CAAC,CAAC,CAAC;YACxE,CAAC;YAED,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAChD,IAAI,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;gBAC9B,gBAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE;oBAC/C,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,qBAAS,CAAC,YAAY,CAAC,8BAA8B,CAAC,CAAC,CAAC;YACxE,CAAC;YAED,IAAI,CAAC;gBACD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAElC,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC;gBAC3B,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC;gBAE5B,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC5B,MAAM,QAAQ,GACT,OAAe,CAAC,IAAI,IAAK,OAAe,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;oBAEzD,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACzC,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;4BAC5C,KAAK,EAAE,cAAc;4BACrB,SAAS,EAAE,WAAW;4BACtB,IAAI,EAAE,GAAG,CAAC,IAAI;4BACd,aAAa,EAAE,KAAK;4BACpB,QAAQ;yBACX,CAAC,CAAC;wBAEH,OAAO,IAAI,CAAC,qBAAS,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC,CAAC;oBACjE,CAAC;gBACL,CAAC;gBAED,OAAO,IAAI,EAAE,CAAC;YAClB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAChB,gBAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE;oBACtC,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,MAAM,EAAE,GAAG,EAAE,OAAO;iBACvB,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,qBAAS,CAAC,YAAY,CAAC,0BAA0B,CAAC,CAAC,CAAC;YACpE,CAAC;QACL,CAAC,CAAC;IACN,CAAC;CACJ;AAlJD,kCAkJC","sourcesContent":["import { JWTAdapter } from \"../adapters/JWTAdapter\";\r\nimport { GoogleAdapter } from \"../adapters/GoogleAdapter\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { HttpError } from \"../core/errors/HttpError\";\r\nimport { Request, Response, NextFunction } from \"express\";\r\nimport { logger } from \"../logging\";\r\n\r\nexport interface AuthOptions {\r\n jwtSecret: string;\r\n jwtExpiresIn?: string | number;\r\n googleClientId?: string;\r\n}\r\n\r\nexport interface ProtectOptions {\r\n required?: boolean;\r\n roles?: string[];\r\n}\r\n\r\nexport class AuthManager {\r\n private jwtAdapter: JWTAdapter;\r\n private googleAdapter?: GoogleAdapter;\r\n\r\n constructor(opts: AuthOptions) {\r\n if (!opts.jwtSecret) {\r\n throw new AdapterError(\"jwtSecret required in AuthOptions\");\r\n }\r\n\r\n if (opts.jwtSecret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n layer: \"auth-manager\",\r\n operation: \"init\",\r\n secretLength: opts.jwtSecret.length\r\n });\r\n }\r\n\r\n logger.info(\"AuthManager initialized\", {\r\n layer: \"auth-manager\",\r\n jwtExpiresIn: opts.jwtExpiresIn ?? \"1d\",\r\n googleEnabled: !!opts.googleClientId\r\n });\r\n\r\n this.jwtAdapter = new JWTAdapter({\r\n secret: opts.jwtSecret,\r\n expiresIn: opts.jwtExpiresIn ?? \"1d\"\r\n });\r\n\r\n if (opts.googleClientId) {\r\n this.googleAdapter = new GoogleAdapter(opts.googleClientId);\r\n logger.info(\"Google authentication enabled\", {\r\n layer: \"auth-manager\"\r\n });\r\n }\r\n }\r\n\r\n sign(payload: object, options?: { expiresIn?: string | number; jti?: string }) {\r\n logger.info(\"JWT sign requested\", {\r\n layer: \"auth-manager\",\r\n operation: \"sign\"\r\n });\r\n\r\n return this.jwtAdapter.sign(payload, options);\r\n }\r\n\r\n verify(token: string) {\r\n logger.info(\"JWT verify requested\", {\r\n layer: \"auth-manager\",\r\n operation: \"verify\"\r\n });\r\n\r\n return this.jwtAdapter.verify(token);\r\n }\r\n\r\n async verifyGoogleIdToken(idToken: string) {\r\n if (!this.googleAdapter) {\r\n throw new AdapterError(\"GoogleAdapter not configured.\");\r\n }\r\n\r\n logger.info(\"Google ID token verification requested\", {\r\n layer: \"auth-manager\",\r\n operation: \"google-verify\"\r\n });\r\n\r\n try {\r\n return await this.googleAdapter.verifyIdToken(idToken);\r\n } catch (err: any) {\r\n logger.error(\"Google ID token verification failed\", {\r\n layer: \"auth-manager\",\r\n operation: \"google-verify\",\r\n reason: err?.message\r\n });\r\n\r\n throw HttpError.Unauthorized(\"Invalid Google ID token\");\r\n }\r\n }\r\n\r\n protect(options?: ProtectOptions) {\r\n const required = options?.required ?? true;\r\n const roles = options?.roles;\r\n\r\n return (req: Request, _res: Response, next: NextFunction) => {\r\n const header = req.headers[\"authorization\"];\r\n\r\n if (!required && !header) {\r\n return next();\r\n }\r\n\r\n if (!header) {\r\n logger.warn(\"Authorization header missing\", {\r\n layer: \"auth-manager\",\r\n operation: \"protect\",\r\n path: req.path,\r\n method: req.method\r\n });\r\n return next(HttpError.Unauthorized(\"Missing Authorization header\"));\r\n }\r\n\r\n const [type, token] = String(header).split(\" \");\r\n if (type !== \"Bearer\" || !token) {\r\n logger.warn(\"Invalid Authorization header format\", {\r\n layer: \"auth-manager\",\r\n operation: \"protect\",\r\n path: req.path,\r\n method: req.method\r\n });\r\n return next(HttpError.Unauthorized(\"Invalid Authorization header\"));\r\n }\r\n\r\n try {\r\n const decoded = this.verify(token);\r\n\r\n (req as any).auth = decoded;\r\n (req as any).user = decoded;\r\n\r\n if (roles && roles.length > 0) {\r\n const userRole =\r\n (decoded as any).role || (decoded as any).roles?.[0];\r\n\r\n if (!userRole || !roles.includes(userRole)) {\r\n logger.warn(\"Access denied: insufficient role\", {\r\n layer: \"auth-manager\",\r\n operation: \"authorize\",\r\n path: req.path,\r\n requiredRoles: roles,\r\n userRole\r\n });\r\n\r\n return next(HttpError.Forbidden(\"Insufficient permissions\"));\r\n }\r\n }\r\n\r\n return next();\r\n } catch (err: any) {\r\n logger.error(\"JWT authentication failed\", {\r\n layer: \"auth-manager\",\r\n operation: \"protect\",\r\n path: req.path,\r\n method: req.method,\r\n reason: err?.message\r\n });\r\n\r\n return next(HttpError.Unauthorized(\"Invalid or expired token\"));\r\n }\r\n };\r\n }\r\n}"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CorsManager.d.ts","sourceRoot":"","sources":["../../src/managers/CorsManager.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AAIxB,qBAAa,WAAW;IACpB,UAAU,CAAC,OAAO,CAAC,EAAE,GAAG;
|
|
1
|
+
{"version":3,"file":"CorsManager.d.ts","sourceRoot":"","sources":["../../src/managers/CorsManager.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AAIxB,qBAAa,WAAW;IACpB,UAAU,CAAC,OAAO,CAAC,EAAE,GAAG;kBAoCqE,CAAC;;;iBAAmH,CAAC;CADrN"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CorsManager.js","sourceRoot":"","sources":["../../src/managers/CorsManager.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AACxB,wCAAoC;AACpC,8DAA2D;AAE3D,MAAa,WAAW;IACpB,UAAU,CAAC,OAAa;QACpB,IAAI,CAAC;YACD,MAAM,cAAc,GAAG;gBACnB,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC;gBAC7D,cAAc,EAAE,CAAC,cAAc,EAAE,eAAe,CAAC;gBACjD,WAAW,EAAE,KAAK;gBAClB,MAAM,EAAE,KAAK;aAChB,CAAC;YAEF,MAAM,YAAY,GAAG,OAAO;gBACxB,CAAC,CAAC,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE;gBACnC,CAAC,CAAC,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"CorsManager.js","sourceRoot":"","sources":["../../src/managers/CorsManager.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AACxB,wCAAoC;AACpC,8DAA2D;AAE3D,MAAa,WAAW;IACpB,UAAU,CAAC,OAAa;QACpB,IAAI,CAAC;YACD,MAAM,cAAc,GAAG;gBACnB,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC;gBAC7D,cAAc,EAAE,CAAC,cAAc,EAAE,eAAe,CAAC;gBACjD,WAAW,EAAE,KAAK;gBAClB,MAAM,EAAE,KAAK;aAChB,CAAC;YAEF,MAAM,YAAY,GAAG,OAAO;gBACxB,CAAC,CAAC,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,EAAE;gBACnC,CAAC,CAAC,cAAc,CAAC;YAGrB,gBAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE;gBACtC,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,YAAY,CAAC,OAAO;gBAC7B,WAAW,EAAE,YAAY,CAAC,WAAW;aACxC,CAAC,CAAC;YAEH,OAAO,IAAA,cAAI,EAAC,YAAY,CAAC,CAAC;QAE9B,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE;gBAClD,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,wCAAwC,CAAC,CAAC;QACrE,CAAC;IACL,CAAC;CACJ;AApCD,kCAoCC","sourcesContent":["import cors from \"cors\";\r\nimport { logger } from \"../logging\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\n\r\nexport class CorsManager {\r\n middleware(options?: any) {\r\n try {\r\n const defaultOptions = {\r\n origin: \"*\",\r\n methods: [\"GET\", \"POST\", \"PUT\", \"DELETE\", \"PATCH\", \"OPTIONS\"],\r\n allowedHeaders: [\"Content-Type\", \"Authorization\"],\r\n credentials: false,\r\n maxAge: 86400\r\n };\r\n\r\n const finalOptions = options\r\n ? { ...defaultOptions, ...options }\r\n : defaultOptions;\r\n\r\n \r\n logger.info(\"CORS middleware configured\", {\r\n layer: \"cors-manager\",\r\n operation: \"init\",\r\n origin: finalOptions.origin,\r\n methods: finalOptions.methods,\r\n credentials: finalOptions.credentials\r\n });\r\n\r\n return cors(finalOptions);\r\n\r\n } catch (err: any) {\r\n logger.error(\"CORS middleware initialization failed\", {\r\n layer: \"cors-manager\",\r\n operation: \"init\",\r\n reason: err?.message\r\n });\r\n\r\n throw new AdapterError(\"CORS middleware initialization failed.\");\r\n }\r\n }\r\n}\r\n"]}
|
|
@@ -13,6 +13,7 @@ export declare class HashManager {
|
|
|
13
13
|
private primaryAdapter;
|
|
14
14
|
private fallbackAdapter;
|
|
15
15
|
constructor(config: HiSecureConfig["hashing"], primaryAdapter: HashAdapter, fallbackAdapter: HashAdapter | null);
|
|
16
|
+
private detectAlgorithm;
|
|
16
17
|
hash(value: string, options?: {
|
|
17
18
|
allowFallback?: boolean;
|
|
18
19
|
}): Promise<HashResult>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"HashManager.d.ts","sourceRoot":"","sources":["../../src/managers/HashManager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAG9D,UAAU,WAAW;IACjB,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC3D;AAED,MAAM,WAAW,UAAU;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,OAAO,CAAC;CACzB;AAED,qBAAa,WAAW;IACpB,OAAO,CAAC,MAAM,CAA4B;IAC1C,OAAO,CAAC,cAAc,CAAc;IACpC,OAAO,CAAC,eAAe,CAAqB;gBAGxC,MAAM,EAAE,cAAc,CAAC,SAAS,CAAC,EACjC,cAAc,EAAE,WAAW,EAC3B,eAAe,EAAE,WAAW,GAAG,IAAI;
|
|
1
|
+
{"version":3,"file":"HashManager.d.ts","sourceRoot":"","sources":["../../src/managers/HashManager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAG9D,UAAU,WAAW;IACjB,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC3D;AAED,MAAM,WAAW,UAAU;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,OAAO,CAAC;CACzB;AAED,qBAAa,WAAW;IACpB,OAAO,CAAC,MAAM,CAA4B;IAC1C,OAAO,CAAC,cAAc,CAAc;IACpC,OAAO,CAAC,eAAe,CAAqB;gBAGxC,MAAM,EAAE,cAAc,CAAC,SAAS,CAAC,EACjC,cAAc,EAAE,WAAW,EAC3B,eAAe,EAAE,WAAW,GAAG,IAAI;IAcvC,OAAO,CAAC,eAAe;IAajB,IAAI,CACN,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,OAAO,CAAA;KAAE,GACtC,OAAO,CAAC,UAAU,CAAC;IAyDhB,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAwBhE"}
|
|
@@ -14,6 +14,16 @@ class HashManager {
|
|
|
14
14
|
fallbackEnabled: !!fallbackAdapter
|
|
15
15
|
});
|
|
16
16
|
}
|
|
17
|
+
detectAlgorithm(hashed) {
|
|
18
|
+
if (hashed.startsWith("$argon2"))
|
|
19
|
+
return "argon2";
|
|
20
|
+
if (hashed.startsWith("$2a$") ||
|
|
21
|
+
hashed.startsWith("$2b$") ||
|
|
22
|
+
hashed.startsWith("$2y$")) {
|
|
23
|
+
return "bcrypt";
|
|
24
|
+
}
|
|
25
|
+
throw new AdapterError_1.AdapterError("Unknown hash algorithm");
|
|
26
|
+
}
|
|
17
27
|
async hash(value, options) {
|
|
18
28
|
try {
|
|
19
29
|
const hash = await this.primaryAdapter.hash(value);
|
|
@@ -35,7 +45,6 @@ class HashManager {
|
|
|
35
45
|
}
|
|
36
46
|
try {
|
|
37
47
|
const hash = await this.fallbackAdapter.hash(value);
|
|
38
|
-
// ⚠️ security downgrade log (VERY GOOD PRACTICE)
|
|
39
48
|
logging_1.logger.warn("Hashing fallback used (security downgrade)", {
|
|
40
49
|
layer: "hash-manager",
|
|
41
50
|
operation: "hash",
|
|
@@ -61,33 +70,20 @@ class HashManager {
|
|
|
61
70
|
}
|
|
62
71
|
}
|
|
63
72
|
async verify(value, hashed) {
|
|
64
|
-
|
|
65
|
-
|
|
73
|
+
const algorithm = this.detectAlgorithm(hashed);
|
|
74
|
+
if (algorithm === this.config.primary) {
|
|
75
|
+
return this.primaryAdapter.verify(value, hashed);
|
|
66
76
|
}
|
|
67
|
-
|
|
68
|
-
|
|
77
|
+
if (algorithm === this.config.fallback &&
|
|
78
|
+
this.fallbackAdapter) {
|
|
79
|
+
logging_1.logger.warn("Verifying legacy hash using fallback adapter", {
|
|
69
80
|
layer: "hash-manager",
|
|
70
81
|
operation: "verify",
|
|
71
|
-
algorithm
|
|
72
|
-
reason: primaryErr?.message
|
|
82
|
+
algorithm
|
|
73
83
|
});
|
|
74
|
-
|
|
75
|
-
try {
|
|
76
|
-
return await this.fallbackAdapter.verify(value, hashed);
|
|
77
|
-
}
|
|
78
|
-
catch (fallbackErr) {
|
|
79
|
-
logging_1.logger.error("Fallback hash verification failed", {
|
|
80
|
-
layer: "hash-manager",
|
|
81
|
-
operation: "verify",
|
|
82
|
-
from: this.config.primary,
|
|
83
|
-
to: this.config.fallback,
|
|
84
|
-
reason: fallbackErr?.message
|
|
85
|
-
});
|
|
86
|
-
throw new AdapterError_1.AdapterError("Both primary and fallback verify failed.");
|
|
87
|
-
}
|
|
88
|
-
}
|
|
89
|
-
throw new AdapterError_1.AdapterError("Primary verify failed and no fallback adapter configured.");
|
|
84
|
+
return this.fallbackAdapter.verify(value, hashed);
|
|
90
85
|
}
|
|
86
|
+
throw new AdapterError_1.AdapterError(`No adapter configured for detected hash algorithm: ${algorithm}`);
|
|
91
87
|
}
|
|
92
88
|
}
|
|
93
89
|
exports.HashManager = HashManager;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"HashManager.js","sourceRoot":"","sources":["../../src/managers/HashManager.ts"],"names":[],"mappings":";;;AAAA,8DAA2D;AAE3D,wCAAoC;AAapC,MAAa,WAAW;IAKpB,YACI,MAAiC,EACjC,cAA2B,EAC3B,eAAmC;QAEnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QAEvC,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;YACnC,KAAK,EAAE,cAAc;YACrB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,eAAe,EAAE,CAAC,CAAC,eAAe;SACrC,CAAC,CAAC;IACP,CAAC;IAED,KAAK,CAAC,IAAI,CACN,KAAa,EACb,OAAqC;QAErC,IAAI,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAEnD,OAAO;gBACH,IAAI;gBACJ,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;gBAC9B,YAAY,EAAE,KAAK;aACtB,CAAC;QAEN,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE;gBAClC,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM;gBACjB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;gBAC9B,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,IAAI,CAAC,OAAO,EAAE,aAAa,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;gBACnD,MAAM,IAAI,2BAAY,CAClB,oBAAoB,IAAI,CAAC,MAAM,CAAC,OAAO,iCAAiC,CAC3E,CAAC;YACN,CAAC;YAED,IAAI,CAAC;gBACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAEpD,
|
|
1
|
+
{"version":3,"file":"HashManager.js","sourceRoot":"","sources":["../../src/managers/HashManager.ts"],"names":[],"mappings":";;;AAAA,8DAA2D;AAE3D,wCAAoC;AAapC,MAAa,WAAW;IAKpB,YACI,MAAiC,EACjC,cAA2B,EAC3B,eAAmC;QAEnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QAEvC,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;YACnC,KAAK,EAAE,cAAc;YACrB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,eAAe,EAAE,CAAC,CAAC,eAAe;SACrC,CAAC,CAAC;IACP,CAAC;IAGO,eAAe,CAAC,MAAc;QAClC,IAAI,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC;YAAE,OAAO,QAAQ,CAAC;QAClD,IACI,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;YACzB,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;YACzB,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAC3B,CAAC;YACC,OAAO,QAAQ,CAAC;QACpB,CAAC;QAED,MAAM,IAAI,2BAAY,CAAC,wBAAwB,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,IAAI,CACN,KAAa,EACb,OAAqC;QAErC,IAAI,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAEnD,OAAO;gBACH,IAAI;gBACJ,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;gBAC9B,YAAY,EAAE,KAAK;aACtB,CAAC;QAEN,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE;gBAClC,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM;gBACjB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;gBAC9B,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,IAAI,CAAC,OAAO,EAAE,aAAa,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;gBACnD,MAAM,IAAI,2BAAY,CAClB,oBAAoB,IAAI,CAAC,MAAM,CAAC,OAAO,iCAAiC,CAC3E,CAAC;YACN,CAAC;YAED,IAAI,CAAC;gBACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAEpD,gBAAM,CAAC,IAAI,CAAC,4CAA4C,EAAE;oBACtD,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,MAAM;oBACjB,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;oBACzB,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;iBAC3B,CAAC,CAAC;gBAEH,OAAO;oBACH,IAAI;oBACJ,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,QAAQ;oBAC3C,YAAY,EAAE,IAAI;iBACrB,CAAC;YAEN,CAAC;YAAC,OAAO,WAAgB,EAAE,CAAC;gBACxB,gBAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;oBACpC,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,MAAM;oBACjB,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;oBACzB,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;oBACxB,MAAM,EAAE,WAAW,EAAE,OAAO;iBAC/B,CAAC,CAAC;gBAEH,MAAM,IAAI,2BAAY,CAClB,2CAA2C,CAC9C,CAAC;YACN,CAAC;QACL,CAAC;IACL,CAAC;IAGD,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,MAAc;QACtC,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAE/C,IAAI,SAAS,KAAK,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpC,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QACrD,CAAC;QAED,IACI,SAAS,KAAK,IAAI,CAAC,MAAM,CAAC,QAAQ;YAClC,IAAI,CAAC,eAAe,EACtB,CAAC;YACC,gBAAM,CAAC,IAAI,CAAC,8CAA8C,EAAE;gBACxD,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,QAAQ;gBACnB,SAAS;aACZ,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,IAAI,2BAAY,CAClB,sDAAsD,SAAS,EAAE,CACpE,CAAC;IACN,CAAC;CACJ;AAvHD,kCAuHC","sourcesContent":["import { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { HiSecureConfig } from \"../core/types/HiSecureConfig\";\r\nimport { logger } from \"../logging\";\r\n\r\ninterface HashAdapter {\r\n hash(value: string): Promise<string>;\r\n verify(value: string, hashed: string): Promise<boolean>;\r\n}\r\n\r\nexport interface HashResult {\r\n hash: string;\r\n algorithm: string;\r\n usedFallback: boolean;\r\n}\r\n\r\nexport class HashManager {\r\n private config: HiSecureConfig[\"hashing\"];\r\n private primaryAdapter: HashAdapter;\r\n private fallbackAdapter: HashAdapter | null;\r\n\r\n constructor(\r\n config: HiSecureConfig[\"hashing\"],\r\n primaryAdapter: HashAdapter,\r\n fallbackAdapter: HashAdapter | null\r\n ) {\r\n this.config = config;\r\n this.primaryAdapter = primaryAdapter;\r\n this.fallbackAdapter = fallbackAdapter;\r\n\r\n logger.info(\"HashManager initialized\", {\r\n layer: \"hash-manager\",\r\n primary: config.primary,\r\n fallbackEnabled: !!fallbackAdapter\r\n });\r\n }\r\n\r\n \r\n private detectAlgorithm(hashed: string): string {\r\n if (hashed.startsWith(\"$argon2\")) return \"argon2\";\r\n if (\r\n hashed.startsWith(\"$2a$\") ||\r\n hashed.startsWith(\"$2b$\") ||\r\n hashed.startsWith(\"$2y$\")\r\n ) {\r\n return \"bcrypt\";\r\n }\r\n\r\n throw new AdapterError(\"Unknown hash algorithm\");\r\n }\r\n\r\n async hash(\r\n value: string,\r\n options?: { allowFallback?: boolean }\r\n ): Promise<HashResult> {\r\n try {\r\n const hash = await this.primaryAdapter.hash(value);\r\n\r\n return {\r\n hash,\r\n algorithm: this.config.primary,\r\n usedFallback: false\r\n };\r\n\r\n } catch (err: any) {\r\n logger.warn(\"Primary hashing failed\", {\r\n layer: \"hash-manager\",\r\n operation: \"hash\",\r\n algorithm: this.config.primary,\r\n reason: err?.message\r\n });\r\n\r\n if (!options?.allowFallback || !this.fallbackAdapter) {\r\n throw new AdapterError(\r\n `Primary hashing (${this.config.primary}) failed. Fallback not allowed.`\r\n );\r\n }\r\n\r\n try {\r\n const hash = await this.fallbackAdapter.hash(value);\r\n\r\n logger.warn(\"Hashing fallback used (security downgrade)\", {\r\n layer: \"hash-manager\",\r\n operation: \"hash\",\r\n from: this.config.primary,\r\n to: this.config.fallback\r\n });\r\n\r\n return {\r\n hash,\r\n algorithm: this.config.fallback || \"bcrypt\",\r\n usedFallback: true\r\n };\r\n\r\n } catch (fallbackErr: any) {\r\n logger.error(\"Fallback hashing failed\", {\r\n layer: \"hash-manager\",\r\n operation: \"hash\",\r\n from: this.config.primary,\r\n to: this.config.fallback,\r\n reason: fallbackErr?.message\r\n });\r\n\r\n throw new AdapterError(\r\n \"Both primary and fallback hashing failed.\"\r\n );\r\n }\r\n }\r\n }\r\n\r\n \r\n async verify(value: string, hashed: string): Promise<boolean> {\r\n const algorithm = this.detectAlgorithm(hashed);\r\n\r\n if (algorithm === this.config.primary) {\r\n return this.primaryAdapter.verify(value, hashed);\r\n }\r\n\r\n if (\r\n algorithm === this.config.fallback &&\r\n this.fallbackAdapter\r\n ) {\r\n logger.warn(\"Verifying legacy hash using fallback adapter\", {\r\n layer: \"hash-manager\",\r\n operation: \"verify\",\r\n algorithm\r\n });\r\n\r\n return this.fallbackAdapter.verify(value, hashed);\r\n }\r\n\r\n throw new AdapterError(\r\n `No adapter configured for detected hash algorithm: ${algorithm}`\r\n );\r\n }\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JsonManager.js","sourceRoot":"","sources":["../../src/managers/JsonManager.ts"],"names":[],"mappings":";;;;;;AAAA,sDAA8B;AAC9B,4CAAoB;AACpB,wCAAoC;AACpC,8DAA2D;AAE3D,MAAa,WAAW;IACpB,UAAU,CAAC,OAAa;QACpB,IAAI,CAAC;YACD,MAAM,cAAc,GAAG;gBACnB,KAAK,EAAE,KAAK;gBACZ,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,IAAI;aACf,CAAC;YAEF,MAAM,YAAY,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,CAAC;YAE/D,gBAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBACvC,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM;gBACjB,KAAK,EAAE,YAAY,CAAC,KAAK;gBACzB,MAAM,EAAE,YAAY,CAAC,MAAM;aAC9B,CAAC,CAAC;YAEH,OAAO,iBAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAEtC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,wCAAwC,EAAE;gBACnD,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,oCAAoC,CAAC,CAAC;QACjE,CAAC;IACL,CAAC;IAED,UAAU,CAAC,OAAa;QACpB,IAAI,CAAC;YACD,MAAM,cAAc,GAAG;gBACnB,QAAQ,EAAE,IAAI;gBACd,KAAK,EAAE,KAAK;gBACZ,cAAc,EAAE,IAAI;aACvB,CAAC;YAEF,MAAM,YAAY,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,CAAC;YAE/D,gBAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;gBACzC,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,YAAY;gBACvB,KAAK,EAAE,YAAY,CAAC,KAAK;gBACzB,cAAc,EAAE,YAAY,CAAC,cAAc;aAC9C,CAAC,CAAC;YAEH,OAAO,iBAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QAE5C,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,0CAA0C,EAAE;gBACrD,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,YAAY;gBACvB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,2CAA2C,CAAC,CAAC;QACxE,CAAC;IACL,CAAC;IAED,WAAW,CAAC,OAAa;QACrB,OAAO,CAAC,GAAQ,EAAE,IAAS,EAAE,IAAS,EAAE,EAAE;YACtC,IAAI,CAAC;gBACD,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC5C,MAAM,WAAW,GAAG,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBAEhD,MAAM,MAAM,GAAG,YAAE,CAAC,KAAK,CAAC,WAAW,EAAE;wBACjC,KAAK,EAAE,CAAC;wBACR,cAAc,EAAE,GAAG;wBACnB,GAAG,OAAO;qBACb,CAAC,CAAC;oBAEH,GAAG,CAAC,WAAW,GAAG,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"JsonManager.js","sourceRoot":"","sources":["../../src/managers/JsonManager.ts"],"names":[],"mappings":";;;;;;AAAA,sDAA8B;AAC9B,4CAAoB;AACpB,wCAAoC;AACpC,8DAA2D;AAE3D,MAAa,WAAW;IACpB,UAAU,CAAC,OAAa;QACpB,IAAI,CAAC;YACD,MAAM,cAAc,GAAG;gBACnB,KAAK,EAAE,KAAK;gBACZ,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,IAAI;aACf,CAAC;YAEF,MAAM,YAAY,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,CAAC;YAE/D,gBAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBACvC,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM;gBACjB,KAAK,EAAE,YAAY,CAAC,KAAK;gBACzB,MAAM,EAAE,YAAY,CAAC,MAAM;aAC9B,CAAC,CAAC;YAEH,OAAO,iBAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAEtC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,wCAAwC,EAAE;gBACnD,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,oCAAoC,CAAC,CAAC;QACjE,CAAC;IACL,CAAC;IAED,UAAU,CAAC,OAAa;QACpB,IAAI,CAAC;YACD,MAAM,cAAc,GAAG;gBACnB,QAAQ,EAAE,IAAI;gBACd,KAAK,EAAE,KAAK;gBACZ,cAAc,EAAE,IAAI;aACvB,CAAC;YAEF,MAAM,YAAY,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,CAAC;YAE/D,gBAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;gBACzC,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,YAAY;gBACvB,KAAK,EAAE,YAAY,CAAC,KAAK;gBACzB,cAAc,EAAE,YAAY,CAAC,cAAc;aAC9C,CAAC,CAAC;YAEH,OAAO,iBAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QAE5C,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,0CAA0C,EAAE;gBACrD,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,YAAY;gBACvB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,2CAA2C,CAAC,CAAC;QACxE,CAAC;IACL,CAAC;IAED,WAAW,CAAC,OAAa;QACrB,OAAO,CAAC,GAAQ,EAAE,IAAS,EAAE,IAAS,EAAE,EAAE;YACtC,IAAI,CAAC;gBACD,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC5C,MAAM,WAAW,GAAG,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBAEhD,MAAM,MAAM,GAAG,YAAE,CAAC,KAAK,CAAC,WAAW,EAAE;wBACjC,KAAK,EAAE,CAAC;wBACR,cAAc,EAAE,GAAG;wBACnB,GAAG,OAAO;qBACb,CAAC,CAAC;oBAEH,GAAG,CAAC,WAAW,GAAG,MAAM,CAAC;oBAGzB,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;wBACnC,KAAK,EAAE,cAAc;wBACrB,SAAS,EAAE,aAAa;wBACxB,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM;qBACvC,CAAC,CAAC;gBACP,CAAC;gBAED,IAAI,EAAE,CAAC;YACX,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAChB,gBAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE;oBACjC,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,aAAa;oBACxB,MAAM,EAAE,GAAG,EAAE,OAAO;iBACvB,CAAC,CAAC;gBAEH,IAAI,CAAC,IAAI,2BAAY,CAAC,uBAAuB,CAAC,CAAC,CAAC;YACpD,CAAC;QACL,CAAC,CAAC;IACN,CAAC;CACJ;AA/FD,kCA+FC","sourcesContent":["import express from \"express\";\r\nimport qs from \"qs\";\r\nimport { logger } from \"../logging\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\n\r\nexport class JsonManager {\r\n middleware(options?: any) {\r\n try {\r\n const defaultOptions = {\r\n limit: \"1mb\",\r\n inflate: true,\r\n strict: true\r\n };\r\n\r\n const finalOptions = { ...defaultOptions, ...(options || {}) };\r\n\r\n logger.info(\"JSON body parser configured\", {\r\n layer: \"json-manager\",\r\n operation: \"json\",\r\n limit: finalOptions.limit,\r\n strict: finalOptions.strict\r\n });\r\n\r\n return express.json(finalOptions);\r\n\r\n } catch (err: any) {\r\n logger.error(\"JSON body parser initialization failed\", {\r\n layer: \"json-manager\",\r\n operation: \"json\",\r\n reason: err?.message\r\n });\r\n\r\n throw new AdapterError(\"JSON parser initialization failed.\");\r\n }\r\n }\r\n\r\n urlencoded(options?: any) {\r\n try {\r\n const defaultOptions = {\r\n extended: true,\r\n limit: \"1mb\",\r\n parameterLimit: 1000\r\n };\r\n\r\n const finalOptions = { ...defaultOptions, ...(options || {}) };\r\n\r\n logger.info(\"URL-encoded parser configured\", {\r\n layer: \"json-manager\",\r\n operation: \"urlencoded\",\r\n limit: finalOptions.limit,\r\n parameterLimit: finalOptions.parameterLimit\r\n });\r\n\r\n return express.urlencoded(finalOptions);\r\n\r\n } catch (err: any) {\r\n logger.error(\"URL-encoded parser initialization failed\", {\r\n layer: \"json-manager\",\r\n operation: \"urlencoded\",\r\n reason: err?.message\r\n });\r\n\r\n throw new AdapterError(\"URL-encoded parser initialization failed.\");\r\n }\r\n }\r\n\r\n queryParser(options?: any) {\r\n return (req: any, _res: any, next: any) => {\r\n try {\r\n if (!req.parsedQuery && req.url.includes(\"?\")) {\r\n const queryString = req.url.split(\"?\")[1] || \"\";\r\n\r\n const parsed = qs.parse(queryString, {\r\n depth: 5,\r\n parameterLimit: 100,\r\n ...options\r\n });\r\n\r\n req.parsedQuery = parsed;\r\n\r\n \r\n logger.info(\"Query parameters parsed\", {\r\n layer: \"json-manager\",\r\n operation: \"query-parse\",\r\n keyCount: Object.keys(parsed).length\r\n });\r\n }\r\n\r\n next();\r\n } catch (err: any) {\r\n logger.error(\"Query parsing failed\", {\r\n layer: \"json-manager\",\r\n operation: \"query-parse\",\r\n reason: err?.message\r\n });\r\n\r\n next(new AdapterError(\"Query parsing failed.\"));\r\n }\r\n };\r\n }\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SanitizerManager.js","sourceRoot":"","sources":["../../src/managers/SanitizerManager.ts"],"names":[],"mappings":";;;AAAA,kEAA+D;AAC/D,wCAAoC;AAMpC,MAAa,gBAAgB;IAIzB,YAAY,OAAyB,EAAE,WAAoC,IAAI;QAC3E,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,gBAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE;YACxC,KAAK,EAAE,mBAAmB;YAC1B,eAAe,EAAE,CAAC,CAAC,QAAQ;SAC9B,CAAC,CAAC;IACP,CAAC;IAED,QAAQ,CAAC,KAAa,EAAE,OAAa;QACjC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC5B,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,CAAC;YACD,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACpC,KAAK,EAAE,mBAAmB;gBAC1B,SAAS,EAAE,UAAU;gBACrB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACjB,MAAM,IAAI,+BAAc,CACpB,qDAAqD,CACxD,CAAC;YACN,CAAC;YAED,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;gBACnC,KAAK,EAAE,mBAAmB;gBAC1B,SAAS,EAAE,UAAU;aACxB,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAClD,CAAC;IACL,CAAC;IAED,UAAU,CAAC,OAAa;QACpB,OAAO,CAAC,GAAQ,EAAE,IAAS,EAAE,IAAS,EAAE,EAAE;YACtC,IAAI,iBAAiB,GAAG,KAAK,CAAC;YAE9B,MAAM,YAAY,GAAG,CAAC,KAAa,EAAU,EAAE;gBAC3C,IAAI,iBAAiB,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACrC,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAClD,CAAC;gBAED,IAAI,CAAC;oBACD,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBACjD,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAChB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACjB,MAAM,GAAG,CAAC;oBACd,CAAC;oBAED,iBAAiB,GAAG,IAAI,CAAC;oBAEzB,gBAAM,CAAC,IAAI,CAAC,6CAA6C,EAAE;wBACvD,KAAK,EAAE,mBAAmB;wBAC1B,SAAS,EAAE,YAAY;qBAC1B,CAAC,CAAC;oBAEH,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAClD,CAAC;YACL,CAAC,CAAC;YAEF,IAAI,CAAC;gBACD,IAAI,GAAG,CAAC,IAAI,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC3C,MAAM,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC;oBAC9B,MAAM,aAAa,GAAQ,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAEjE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;wBAC1C,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;wBAEhC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;4BAC5B,aAAa,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;wBAC7C,CAAC;6BAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;4BAC9B,aAAa,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAClC,OAAO,IAAI,KAAK,QAAQ;gCACpB,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC;gCACpB,CAAC,CAAC,IAAI,CACb,CAAC;wBACN,CAAC;6BAAM,CAAC;4BACJ,aAAa,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;wBAC/B,CAAC;oBACL,CAAC;oBAED,GAAG,CAAC,aAAa,GAAG,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"SanitizerManager.js","sourceRoot":"","sources":["../../src/managers/SanitizerManager.ts"],"names":[],"mappings":";;;AAAA,kEAA+D;AAC/D,wCAAoC;AAMpC,MAAa,gBAAgB;IAIzB,YAAY,OAAyB,EAAE,WAAoC,IAAI;QAC3E,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,gBAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE;YACxC,KAAK,EAAE,mBAAmB;YAC1B,eAAe,EAAE,CAAC,CAAC,QAAQ;SAC9B,CAAC,CAAC;IACP,CAAC;IAED,QAAQ,CAAC,KAAa,EAAE,OAAa;QACjC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC5B,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,CAAC;YACD,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACpC,KAAK,EAAE,mBAAmB;gBAC1B,SAAS,EAAE,UAAU;gBACrB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACjB,MAAM,IAAI,+BAAc,CACpB,qDAAqD,CACxD,CAAC;YACN,CAAC;YAED,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;gBACnC,KAAK,EAAE,mBAAmB;gBAC1B,SAAS,EAAE,UAAU;aACxB,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAClD,CAAC;IACL,CAAC;IAED,UAAU,CAAC,OAAa;QACpB,OAAO,CAAC,GAAQ,EAAE,IAAS,EAAE,IAAS,EAAE,EAAE;YACtC,IAAI,iBAAiB,GAAG,KAAK,CAAC;YAE9B,MAAM,YAAY,GAAG,CAAC,KAAa,EAAU,EAAE;gBAC3C,IAAI,iBAAiB,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACrC,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAClD,CAAC;gBAED,IAAI,CAAC;oBACD,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBACjD,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAChB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACjB,MAAM,GAAG,CAAC;oBACd,CAAC;oBAED,iBAAiB,GAAG,IAAI,CAAC;oBAEzB,gBAAM,CAAC,IAAI,CAAC,6CAA6C,EAAE;wBACvD,KAAK,EAAE,mBAAmB;wBAC1B,SAAS,EAAE,YAAY;qBAC1B,CAAC,CAAC;oBAEH,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAClD,CAAC;YACL,CAAC,CAAC;YAEF,IAAI,CAAC;gBACD,IAAI,GAAG,CAAC,IAAI,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC3C,MAAM,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC;oBAC9B,MAAM,aAAa,GAAQ,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAEjE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;wBAC1C,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;wBAEhC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;4BAC5B,aAAa,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;wBAC7C,CAAC;6BAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;4BAC9B,aAAa,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAClC,OAAO,IAAI,KAAK,QAAQ;gCACpB,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC;gCACpB,CAAC,CAAC,IAAI,CACb,CAAC;wBACN,CAAC;6BAAM,CAAC;4BACJ,aAAa,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;wBAC/B,CAAC;oBACL,CAAC;oBAED,GAAG,CAAC,aAAa,GAAG,aAAa,CAAC;oBAGlC,gBAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE;wBAClC,KAAK,EAAE,mBAAmB;wBAC1B,SAAS,EAAE,YAAY;wBACvB,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM;wBAC7C,YAAY,EAAE,iBAAiB;qBAClC,CAAC,CAAC;gBACP,CAAC;gBAED,IAAI,EAAE,CAAC;YACX,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAChB,gBAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE;oBACxC,KAAK,EAAE,mBAAmB;oBAC1B,SAAS,EAAE,YAAY;oBACvB,MAAM,EAAE,GAAG,EAAE,OAAO;iBACvB,CAAC,CAAC;gBAEH,IAAI,CAAC,IAAI,+BAAc,CAAC,8BAA8B,CAAC,CAAC,CAAC;YAC7D,CAAC;QACL,CAAC,CAAC;IACN,CAAC;CACJ;AAlHD,4CAkHC","sourcesContent":["import { SanitizerError } from \"../core/errors/SanitizerError\";\r\nimport { logger } from \"../logging\";\r\n\r\ninterface SanitizerAdapter {\r\n sanitize: (value: string, options?: any) => string;\r\n}\r\n\r\nexport class SanitizerManager {\r\n private primary: SanitizerAdapter;\r\n private fallback: SanitizerAdapter | null;\r\n\r\n constructor(primary: SanitizerAdapter, fallback: SanitizerAdapter | null = null) {\r\n this.primary = primary;\r\n this.fallback = fallback;\r\n\r\n logger.info(\"SanitizerManager initialized\", {\r\n layer: \"sanitizer-manager\",\r\n fallbackEnabled: !!fallback\r\n });\r\n }\r\n\r\n sanitize(value: string, options?: any): string {\r\n if (typeof value !== \"string\") {\r\n return value;\r\n }\r\n\r\n try {\r\n return this.primary.sanitize(value, options);\r\n } catch (err: any) {\r\n logger.warn(\"Primary sanitizer failed\", {\r\n layer: \"sanitizer-manager\",\r\n operation: \"sanitize\",\r\n reason: err?.message\r\n });\r\n\r\n if (!this.fallback) {\r\n throw new SanitizerError(\r\n \"Primary sanitizer failed and no fallback available.\"\r\n );\r\n }\r\n\r\n logger.warn(\"Sanitizer fallback used\", {\r\n layer: \"sanitizer-manager\",\r\n operation: \"sanitize\"\r\n });\r\n\r\n return this.fallback.sanitize(value, options);\r\n }\r\n }\r\n\r\n middleware(options?: any) {\r\n return (req: any, _res: any, next: any) => {\r\n let fallbackTriggered = false;\r\n\r\n const safeSanitize = (value: string): string => {\r\n if (fallbackTriggered && this.fallback) {\r\n return this.fallback.sanitize(value, options);\r\n }\r\n\r\n try {\r\n return this.primary.sanitize(value, options);\r\n } catch (err: any) {\r\n if (!this.fallback) {\r\n throw err;\r\n }\r\n\r\n fallbackTriggered = true;\r\n\r\n logger.warn(\"Switching to fallback sanitizer for request\", {\r\n layer: \"sanitizer-manager\",\r\n operation: \"middleware\"\r\n });\r\n\r\n return this.fallback.sanitize(value, options);\r\n }\r\n };\r\n\r\n try {\r\n if (req.body && typeof req.body === \"object\") {\r\n const originalBody = req.body;\r\n const sanitizedBody: any = Array.isArray(originalBody) ? [] : {};\r\n\r\n for (const key of Object.keys(originalBody)) {\r\n const value = originalBody[key];\r\n\r\n if (typeof value === \"string\") {\r\n sanitizedBody[key] = safeSanitize(value);\r\n } else if (Array.isArray(value)) {\r\n sanitizedBody[key] = value.map(item =>\r\n typeof item === \"string\"\r\n ? safeSanitize(item)\r\n : item\r\n );\r\n } else {\r\n sanitizedBody[key] = value;\r\n }\r\n }\r\n\r\n req.sanitizedBody = sanitizedBody;\r\n\r\n \r\n logger.info(\"Request body sanitized\", {\r\n layer: \"sanitizer-manager\",\r\n operation: \"middleware\",\r\n fieldCount: Object.keys(sanitizedBody).length,\r\n usedFallback: fallbackTriggered\r\n });\r\n }\r\n\r\n next();\r\n } catch (err: any) {\r\n logger.error(\"Sanitizer middleware failed\", {\r\n layer: \"sanitizer-manager\",\r\n operation: \"middleware\",\r\n reason: err?.message\r\n });\r\n\r\n next(new SanitizerError(\"Sanitizer middleware failure\"));\r\n }\r\n };\r\n }\r\n}\r\n"]}
|
package/package.json
CHANGED
package/readme.md
CHANGED
|
@@ -97,7 +97,7 @@ Managing these separately leads to duplicated logic, configuration drift and sub
|
|
|
97
97
|
|
|
98
98
|
<tr>
|
|
99
99
|
<td>Logging</td>
|
|
100
|
-
<td>Improved
|
|
100
|
+
<td>Improved</td>
|
|
101
101
|
<td>
|
|
102
102
|
Structured, lifecycle-aware logs with adapter, manager and fallback visibility.
|
|
103
103
|
Designed for production debugging without leaking sensitive data.
|
|
@@ -112,7 +112,7 @@ Managing these separately leads to duplicated logic, configuration drift and sub
|
|
|
112
112
|
|
|
113
113
|
<hr/>
|
|
114
114
|
|
|
115
|
-
<h2>What’s New in
|
|
115
|
+
<h2>What’s New in latest version</h2>
|
|
116
116
|
|
|
117
117
|
<ul>
|
|
118
118
|
<li>Improved structured logging across core lifecycle</li>
|
|
@@ -485,7 +485,7 @@ It covers signup, JWT login, Google login, role-based access control, and proper
|
|
|
485
485
|
<ul>
|
|
486
486
|
<li>Signup using email and password</li>
|
|
487
487
|
<li>Login using email and password (JWT-based)</li>
|
|
488
|
-
<li>Login with Google (ID token verification)</li>
|
|
488
|
+
<li>Login with Google (ID token verification) - Added Soon in Docs </li>
|
|
489
489
|
<li>Role-based protected routes</li>
|
|
490
490
|
<li>Optional authentication support</li>
|
|
491
491
|
<li>Correct HiSecure bootstrap with reset rules</li>
|
|
@@ -511,7 +511,7 @@ HiSecure.getInstance({
|
|
|
511
511
|
enabled: true,
|
|
512
512
|
jwtSecret: process.env.JWT_SECRET || "supersecret_32_chars_minimum",
|
|
513
513
|
jwtExpiresIn: "1d",
|
|
514
|
-
googleClientId: process.env.GOOGLE_CLIENT_ID
|
|
514
|
+
googleClientId: process.env.GOOGLE_CLIENT_ID // this only added if need googleLogin as well
|
|
515
515
|
}
|
|
516
516
|
});
|
|
517
517
|
|
|
@@ -560,128 +560,190 @@ export default router;
|
|
|
560
560
|
|
|
561
561
|
<h4>Signup (Email and Password)</h4>
|
|
562
562
|
|
|
563
|
-
<pre><code>
|
|
563
|
+
<pre><code>
|
|
564
|
+
import { HiSecure } from "hi-secure";
|
|
564
565
|
import { HttpError } from "../core/errors/HttpError.js";
|
|
565
566
|
import User from "../models/User.js";
|
|
566
567
|
|
|
567
|
-
export const signup = async (req, res, next) => {
|
|
568
|
-
try {
|
|
569
|
-
const { email, password, name } = req.body;
|
|
570
|
-
|
|
571
|
-
if (!email || !password) {
|
|
572
|
-
throw HttpError.BadRequest("Email and password required");
|
|
573
|
-
}
|
|
574
|
-
|
|
575
|
-
const existing = await User.findOne({ email });
|
|
576
|
-
if (existing) {
|
|
577
|
-
throw HttpError.Conflict("User already exists");
|
|
578
|
-
}
|
|
579
|
-
|
|
580
|
-
const passwordHash = await HiSecure.hash(password);
|
|
581
568
|
|
|
582
|
-
|
|
583
|
-
|
|
584
|
-
|
|
585
|
-
|
|
586
|
-
|
|
587
|
-
|
|
588
|
-
});
|
|
569
|
+
const JWT_OPTIONS = {
|
|
570
|
+
issuer: 'hi-secure-backend',
|
|
571
|
+
audience: ['web-app', 'mobile-app'],
|
|
572
|
+
expiresIn: '7d',
|
|
573
|
+
subject: 'user-authentication'
|
|
574
|
+
};
|
|
589
575
|
|
|
590
|
-
const token = HiSecure.jwt.sign({
|
|
591
|
-
userId: user.id,
|
|
592
|
-
roles: user.roles
|
|
593
|
-
});
|
|
594
576
|
|
|
595
|
-
|
|
596
|
-
|
|
597
|
-
|
|
598
|
-
|
|
577
|
+
exports.registerUser = async(req, res) => {
|
|
578
|
+
try {
|
|
579
|
+
const { name, email, password } = req.body;
|
|
580
|
+
|
|
581
|
+
const existingUser = await User.findOne({ email });
|
|
582
|
+
if (existingUser) {
|
|
583
|
+
return res.status(400).json({
|
|
584
|
+
error: 'User already exists'
|
|
585
|
+
});
|
|
586
|
+
}
|
|
587
|
+
|
|
588
|
+
const hashedPassword = await HiSecure.hash(password);
|
|
589
|
+
|
|
590
|
+
const user = await User.create({
|
|
591
|
+
name,
|
|
592
|
+
email,
|
|
593
|
+
password: hashedPassword
|
|
594
|
+
});
|
|
595
|
+
|
|
596
|
+
const token = HiSecure.jwt.sign({
|
|
597
|
+
userId: user._id.toString(),
|
|
598
|
+
email: user.email,
|
|
599
|
+
name: user.name,
|
|
600
|
+
role: 'user'
|
|
601
|
+
},
|
|
602
|
+
JWT_OPTIONS
|
|
603
|
+
);
|
|
604
|
+
|
|
605
|
+
res.status(201).json({
|
|
606
|
+
message: 'User registered successfully',
|
|
607
|
+
token,
|
|
608
|
+
user: {
|
|
609
|
+
id: user._id,
|
|
610
|
+
name: user.name,
|
|
611
|
+
email: user.email
|
|
612
|
+
}
|
|
613
|
+
});
|
|
614
|
+
|
|
615
|
+
} catch (error) {
|
|
616
|
+
console.error('Registration error:', error);
|
|
617
|
+
res.status(500).json({
|
|
618
|
+
error: 'Registration failed',
|
|
619
|
+
details: error.message
|
|
620
|
+
});
|
|
621
|
+
}
|
|
599
622
|
};
|
|
623
|
+
|
|
600
624
|
</code></pre>
|
|
601
625
|
|
|
602
626
|
<hr/>
|
|
603
627
|
|
|
604
628
|
<h4>Login (Email and Password)</h4>
|
|
605
629
|
|
|
606
|
-
<pre><code>
|
|
607
|
-
|
|
608
|
-
|
|
609
|
-
|
|
610
|
-
|
|
611
|
-
|
|
612
|
-
|
|
630
|
+
<pre><code>
|
|
631
|
+
|
|
632
|
+
exports.loginUser = async(req, res) => {
|
|
633
|
+
try {
|
|
634
|
+
const { email, password } = req.body;
|
|
635
|
+
|
|
636
|
+
const user = await User.findOne({ email });
|
|
637
|
+
if (!user) {
|
|
638
|
+
return res.status(401).json({
|
|
639
|
+
error: 'Invalid credentials'
|
|
640
|
+
});
|
|
641
|
+
}
|
|
642
|
+
|
|
643
|
+
const isValid = await HiSecure.verify(password, user.password);
|
|
644
|
+
if (!isValid) {
|
|
645
|
+
return res.status(401).json({
|
|
646
|
+
error: 'Invalid credentials'
|
|
647
|
+
});
|
|
648
|
+
}
|
|
649
|
+
|
|
650
|
+
const token = HiSecure.jwt.sign({
|
|
651
|
+
userId: user._id.toString(),
|
|
652
|
+
email: user.email,
|
|
653
|
+
name: user.name,
|
|
654
|
+
role: 'user'
|
|
655
|
+
},
|
|
656
|
+
JWT_OPTIONS
|
|
657
|
+
);
|
|
658
|
+
|
|
659
|
+
res.json({
|
|
660
|
+
message: 'Login successful',
|
|
661
|
+
token,
|
|
662
|
+
user: {
|
|
663
|
+
id: user._id,
|
|
664
|
+
name: user.name,
|
|
665
|
+
email: user.email
|
|
666
|
+
}
|
|
667
|
+
});
|
|
668
|
+
|
|
669
|
+
} catch (error) {
|
|
670
|
+
console.error('Login error:', error);
|
|
671
|
+
res.status(500).json({
|
|
672
|
+
error: 'Login failed',
|
|
673
|
+
details: error.message
|
|
674
|
+
});
|
|
613
675
|
}
|
|
676
|
+
};
|
|
614
677
|
|
|
615
|
-
|
|
616
|
-
|
|
617
|
-
|
|
618
|
-
}
|
|
678
|
+
</code></pre>
|
|
679
|
+
|
|
680
|
+
<hr/>
|
|
619
681
|
|
|
620
|
-
|
|
621
|
-
userId: user.id,
|
|
622
|
-
roles: user.roles
|
|
623
|
-
});
|
|
682
|
+
<h3>Role-Based Protected Routes</h3>
|
|
624
683
|
|
|
625
|
-
|
|
626
|
-
|
|
627
|
-
|
|
684
|
+
<pre><code>app.get(
|
|
685
|
+
"/admin",
|
|
686
|
+
HiSecure.auth({ roles: ["admin"] }),
|
|
687
|
+
(req, res) => {
|
|
688
|
+
res.json({ message: "Welcome Admin" });
|
|
628
689
|
}
|
|
629
|
-
|
|
690
|
+
);
|
|
630
691
|
</code></pre>
|
|
631
692
|
|
|
632
|
-
<hr/>
|
|
633
693
|
|
|
634
|
-
<
|
|
694
|
+
<pre>
|
|
695
|
+
<code>
|
|
696
|
+
const router = express.Router();
|
|
697
|
+
router.post(
|
|
698
|
+
'/register',
|
|
635
699
|
|
|
636
|
-
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
640
|
-
throw HttpError.BadRequest("Google idToken required");
|
|
641
|
-
}
|
|
700
|
+
HiSecure.validate([
|
|
701
|
+
body("name")
|
|
702
|
+
.notEmpty().withMessage("Name is required")
|
|
703
|
+
.isLength({ min: 3 }).withMessage("Name must be at least 3 characters"),
|
|
642
704
|
|
|
643
|
-
|
|
705
|
+
body("email")
|
|
706
|
+
.notEmpty().withMessage("Email is required")
|
|
707
|
+
.isEmail().withMessage("Invalid email format"),
|
|
644
708
|
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
|
|
709
|
+
body("password")
|
|
710
|
+
.notEmpty().withMessage("Password is required")
|
|
711
|
+
.isLength({ min: 6 }).withMessage("Password must be at least 6 characters"),
|
|
712
|
+
]),
|
|
648
713
|
|
|
649
|
-
|
|
714
|
+
registerUser
|
|
715
|
+
);
|
|
650
716
|
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
email: googleUser.email,
|
|
654
|
-
name: googleUser.name,
|
|
655
|
-
provider: "google",
|
|
656
|
-
providerId: googleUser.sub,
|
|
657
|
-
roles: ["user"]
|
|
658
|
-
});
|
|
659
|
-
}
|
|
717
|
+
router.post(
|
|
718
|
+
'/login',
|
|
660
719
|
|
|
661
|
-
|
|
662
|
-
|
|
663
|
-
|
|
664
|
-
|
|
720
|
+
HiSecure.validate([
|
|
721
|
+
body("email")
|
|
722
|
+
.notEmpty().withMessage("Email is required")
|
|
723
|
+
.isEmail().withMessage("Invalid email format"),
|
|
665
724
|
|
|
666
|
-
|
|
667
|
-
|
|
668
|
-
|
|
669
|
-
}
|
|
670
|
-
};
|
|
671
|
-
</code></pre>
|
|
725
|
+
body("password")
|
|
726
|
+
.notEmpty().withMessage("Password is required")
|
|
727
|
+
]),
|
|
672
728
|
|
|
673
|
-
|
|
729
|
+
HiSecure.rateLimit({ max: 5, windowMs: 15 * 60 * 1000 }),
|
|
674
730
|
|
|
675
|
-
|
|
731
|
+
loginUser
|
|
732
|
+
);
|
|
676
733
|
|
|
677
|
-
|
|
678
|
-
|
|
679
|
-
|
|
680
|
-
|
|
681
|
-
|
|
682
|
-
|
|
683
|
-
|
|
684
|
-
|
|
734
|
+
router.get(
|
|
735
|
+
'/profile',
|
|
736
|
+
HiSecure.auth({ required: true }),
|
|
737
|
+
getProfile
|
|
738
|
+
);
|
|
739
|
+
|
|
740
|
+
<!-- U can also add validator [Either zod Or express-validator] -->
|
|
741
|
+
router.post('/create', HiSecure.auth({ required: true }), createTask)
|
|
742
|
+
router.get('/get', HiSecure.auth({ required: true }), getTask)
|
|
743
|
+
router.put('/:id', HiSecure.auth({ required: true }), updateTask)
|
|
744
|
+
router.psot('/health',heatlh);
|
|
745
|
+
</code>
|
|
746
|
+
</pre>
|
|
685
747
|
|
|
686
748
|
<hr/>
|
|
687
749
|
|
package/src/core/HiSecure.ts
CHANGED
|
@@ -102,9 +102,7 @@ export class HiSecure {
|
|
|
102
102
|
});
|
|
103
103
|
}
|
|
104
104
|
|
|
105
|
-
// Public Fluent
|
|
106
|
-
|
|
107
|
-
|
|
105
|
+
// Public Fluent API
|
|
108
106
|
static auth(options?: { required?: boolean; roles?: string[] }) {
|
|
109
107
|
const instance = this.getInstance();
|
|
110
108
|
if (!instance.authManager) {
|
|
@@ -178,8 +176,7 @@ export class HiSecure {
|
|
|
178
176
|
}
|
|
179
177
|
};
|
|
180
178
|
|
|
181
|
-
// Global Middleware
|
|
182
|
-
|
|
179
|
+
// Global Middleware - globalLevel
|
|
183
180
|
static middleware(options?: SecureOptions | "api" | "strict" | "public") {
|
|
184
181
|
const instance = this.getInstance();
|
|
185
182
|
|
|
@@ -34,6 +34,20 @@ export class HashManager {
|
|
|
34
34
|
});
|
|
35
35
|
}
|
|
36
36
|
|
|
37
|
+
|
|
38
|
+
private detectAlgorithm(hashed: string): string {
|
|
39
|
+
if (hashed.startsWith("$argon2")) return "argon2";
|
|
40
|
+
if (
|
|
41
|
+
hashed.startsWith("$2a$") ||
|
|
42
|
+
hashed.startsWith("$2b$") ||
|
|
43
|
+
hashed.startsWith("$2y$")
|
|
44
|
+
) {
|
|
45
|
+
return "bcrypt";
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
throw new AdapterError("Unknown hash algorithm");
|
|
49
|
+
}
|
|
50
|
+
|
|
37
51
|
async hash(
|
|
38
52
|
value: string,
|
|
39
53
|
options?: { allowFallback?: boolean }
|
|
@@ -64,7 +78,6 @@ export class HashManager {
|
|
|
64
78
|
try {
|
|
65
79
|
const hash = await this.fallbackAdapter.hash(value);
|
|
66
80
|
|
|
67
|
-
// ⚠️ security downgrade log (VERY GOOD PRACTICE)
|
|
68
81
|
logger.warn("Hashing fallback used (security downgrade)", {
|
|
69
82
|
layer: "hash-manager",
|
|
70
83
|
operation: "hash",
|
|
@@ -94,40 +107,29 @@ export class HashManager {
|
|
|
94
107
|
}
|
|
95
108
|
}
|
|
96
109
|
|
|
110
|
+
|
|
97
111
|
async verify(value: string, hashed: string): Promise<boolean> {
|
|
98
|
-
|
|
99
|
-
return await this.primaryAdapter.verify(value, hashed);
|
|
112
|
+
const algorithm = this.detectAlgorithm(hashed);
|
|
100
113
|
|
|
101
|
-
|
|
102
|
-
|
|
114
|
+
if (algorithm === this.config.primary) {
|
|
115
|
+
return this.primaryAdapter.verify(value, hashed);
|
|
116
|
+
}
|
|
117
|
+
|
|
118
|
+
if (
|
|
119
|
+
algorithm === this.config.fallback &&
|
|
120
|
+
this.fallbackAdapter
|
|
121
|
+
) {
|
|
122
|
+
logger.warn("Verifying legacy hash using fallback adapter", {
|
|
103
123
|
layer: "hash-manager",
|
|
104
124
|
operation: "verify",
|
|
105
|
-
algorithm
|
|
106
|
-
reason: primaryErr?.message
|
|
125
|
+
algorithm
|
|
107
126
|
});
|
|
108
127
|
|
|
109
|
-
|
|
110
|
-
try {
|
|
111
|
-
return await this.fallbackAdapter.verify(value, hashed);
|
|
112
|
-
|
|
113
|
-
} catch (fallbackErr: any) {
|
|
114
|
-
logger.error("Fallback hash verification failed", {
|
|
115
|
-
layer: "hash-manager",
|
|
116
|
-
operation: "verify",
|
|
117
|
-
from: this.config.primary,
|
|
118
|
-
to: this.config.fallback,
|
|
119
|
-
reason: fallbackErr?.message
|
|
120
|
-
});
|
|
121
|
-
|
|
122
|
-
throw new AdapterError(
|
|
123
|
-
"Both primary and fallback verify failed."
|
|
124
|
-
);
|
|
125
|
-
}
|
|
126
|
-
}
|
|
127
|
-
|
|
128
|
-
throw new AdapterError(
|
|
129
|
-
"Primary verify failed and no fallback adapter configured."
|
|
130
|
-
);
|
|
128
|
+
return this.fallbackAdapter.verify(value, hashed);
|
|
131
129
|
}
|
|
130
|
+
|
|
131
|
+
throw new AdapterError(
|
|
132
|
+
`No adapter configured for detected hash algorithm: ${algorithm}`
|
|
133
|
+
);
|
|
132
134
|
}
|
|
133
135
|
}
|