hi-secure 1.0.26 → 1.0.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/JWTAdapter.js.map +1 -1
- package/dist/core/HiSecure.d.ts +15 -36
- package/dist/core/HiSecure.d.ts.map +1 -1
- package/dist/core/HiSecure.js +79 -138
- package/dist/core/HiSecure.js.map +1 -1
- package/dist/core/useSecure.d.ts +4 -1
- package/dist/core/useSecure.d.ts.map +1 -1
- package/dist/core/useSecure.js +58 -13
- package/dist/core/useSecure.js.map +1 -1
- package/dist/index.d.ts +1 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +13 -4
- package/dist/index.js.map +1 -1
- package/dist/managers/AuthManager.js.map +1 -1
- package/package.json +1 -1
- package/src/core/HiSecure.ts +488 -257
- package/src/core/useSecure.ts +94 -37
- package/src/index.ts +25 -11
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useSecure.js","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"useSecure.js","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":";AAAA,4CAA4C;AAC5C,4DAA4D;;AAyD5D,8BAKC;AAKD,kCAsCC;AAvGD,MAAM;AACN,iEAAiE;AACjE,MAAM;AAEN,qFAAqF;AACrF,mGAAmG;AACnG,2CAA2C;AAC3C,IAAI;AAGJ,4CAA4C;AAE5C,yDAAyD;AACzD,+BAA+B;AAE/B,2BAA2B;AAC3B,oCAAoC;AACpC,0EAA0E;AAC1E,cAAc;AACd,QAAQ;AAER,gCAAgC;AAChC,yCAAyC;AACzC,2EAA2E;AAC3E,oEAAoE;AACpE,cAAc;AACd,QAAQ;AAER,+BAA+B;AAC/B,wCAAwC;AACxC,kFAAkF;AAClF,cAAc;AACd,QAAQ;AAER,+BAA+B;AAC/B,2DAA2D;AAC3D,QAAQ;AAER,2BAA2B;AAC3B,oCAAoC;AACpC,0EAA0E;AAC1E,cAAc;AACd,QAAQ;AACR,oBAAoB;AACpB,IAAI;AAKJ,+CAAyC;AAGzC;;GAEG;AACH,SAAgB,SAAS,CACvB,OAAqD;IAErD,OAAO,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;IAC9E,OAAO,sBAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,OAAuB;IACjD,MAAM,KAAK,GAAU,EAAE,CAAC;IAExB,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAE3B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CACR,sBAAQ,CAAC,SAAS,CAChB,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ;YACnC,CAAC,CAAC,OAAO,CAAC,SAAS;YACnB,CAAC,CAAC,OAAO,CAAC,SAAS,KAAK,QAAQ;gBAChC,CAAC,CAAC,QAAQ;gBACV,CAAC,CAAC,SAAS,CACd,CACF,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CACR,sBAAQ,CAAC,IAAI,CACX,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAC5D,CACF,CAAC;IACJ,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC","sourcesContent":["// import { HiSecure } from \"./HiSecure.js\";\r\n// import { SecureOptions } from \"./types/SecureOptions.js\";\r\n\r\n// /**\r\n// * @deprecated Use HiSecure.middleware() or fluent API instead\r\n// */\r\n\r\n// export function useSecure(options?: SecureOptions | \"api\" | \"strict\" | \"public\") {\r\n// console.warn(\"useSecure() is deprecated. Use HiSecure.middleware() or fluent API methods.\");\r\n// return HiSecure.middleware(options);\r\n// }\r\n\r\n\r\n// // Legacy support - route-level security\r\n\r\n// export function secureRoute(options?: SecureOptions) {\r\n// const chain: any[] = [];\r\n \r\n// if (options?.cors) {\r\n// chain.push(HiSecure.cors(\r\n// typeof options.cors === 'object' ? options.cors : undefined\r\n// ));\r\n// }\r\n \r\n// if (options?.rateLimit) {\r\n// chain.push(HiSecure.rateLimit(\r\n// typeof options.rateLimit === 'object' ? options.rateLimit : \r\n// options.rateLimit === \"strict\" ? \"strict\" : \"relaxed\"\r\n// ));\r\n// }\r\n \r\n// if (options?.sanitize) {\r\n// chain.push(HiSecure.sanitize(\r\n// typeof options.sanitize === 'object' ? options.sanitize : undefined\r\n// ));\r\n// }\r\n \r\n// if (options?.validate) {\r\n// chain.push(HiSecure.validate(options.validate));\r\n// }\r\n \r\n// if (options?.auth) {\r\n// chain.push(HiSecure.auth(\r\n// typeof options.auth === 'object' ? options.auth : undefined\r\n// ));\r\n// }\r\n// return chain;\r\n// }\r\n\r\n\r\n\r\n\r\nimport { HiSecure } from \"./HiSecure.js\";\r\nimport { SecureOptions } from \"./types/SecureOptions.js\";\r\n\r\n/**\r\n * @deprecated Use HiSecure.middleware()\r\n */\r\nexport function useSecure(\r\n options?: SecureOptions | \"api\" | \"strict\" | \"public\"\r\n) {\r\n console.warn(\"useSecure() is deprecated. Use HiSecure.middleware() instead.\");\r\n return HiSecure.middleware(options);\r\n}\r\n\r\n/**\r\n * Legacy route-level security\r\n */\r\nexport function secureRoute(options?: SecureOptions) {\r\n const chain: any[] = [];\r\n\r\n if (!options) return chain;\r\n\r\n if (options.cors) {\r\n chain.push(HiSecure.cors());\r\n }\r\n\r\n if (options.rateLimit) {\r\n chain.push(\r\n HiSecure.rateLimit(\r\n typeof options.rateLimit === \"object\"\r\n ? options.rateLimit\r\n : options.rateLimit === \"strict\"\r\n ? \"strict\"\r\n : \"relaxed\"\r\n )\r\n );\r\n }\r\n\r\n if (options.sanitize) {\r\n chain.push(HiSecure.sanitize());\r\n }\r\n\r\n if (options.validate) {\r\n chain.push(HiSecure.validate(options.validate));\r\n }\r\n\r\n if (options.auth) {\r\n chain.push(\r\n HiSecure.auth(\r\n typeof options.auth === \"object\" ? options.auth : undefined\r\n )\r\n );\r\n }\r\n\r\n return chain;\r\n}\r\n"]}
|
package/dist/index.d.ts
CHANGED
|
@@ -2,7 +2,5 @@ import { HiSecure } from "./core/HiSecure.js";
|
|
|
2
2
|
import { useSecure, secureRoute } from "./core/useSecure.js";
|
|
3
3
|
export { z } from "zod";
|
|
4
4
|
export { body, query, param, header } from "express-validator";
|
|
5
|
-
|
|
6
|
-
export { HiSecure, hiSecure, useSecure, secureRoute };
|
|
7
|
-
export default hiSecure;
|
|
5
|
+
export { HiSecure, useSecure, secureRoute };
|
|
8
6
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAE7D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAG/D,OAAO,EACL,QAAQ,EACR,SAAS,EACT,WAAW,EACZ,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,6 +1,18 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
// import { HiSecure } from "./core/HiSecure.js";
|
|
3
|
+
// import { useSecure, secureRoute } from "./core/useSecure.js";
|
|
2
4
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.secureRoute = exports.useSecure = exports.
|
|
5
|
+
exports.secureRoute = exports.useSecure = exports.HiSecure = exports.header = exports.param = exports.query = exports.body = exports.z = void 0;
|
|
6
|
+
// export { z } from "zod";
|
|
7
|
+
// export { body, query, param, header } from "express-validator";
|
|
8
|
+
// const hiSecure = HiSecure.getInstance();
|
|
9
|
+
// export {
|
|
10
|
+
// HiSecure,
|
|
11
|
+
// hiSecure,
|
|
12
|
+
// useSecure,
|
|
13
|
+
// secureRoute
|
|
14
|
+
// };
|
|
15
|
+
// export default hiSecure;
|
|
4
16
|
const HiSecure_js_1 = require("./core/HiSecure.js");
|
|
5
17
|
Object.defineProperty(exports, "HiSecure", { enumerable: true, get: function () { return HiSecure_js_1.HiSecure; } });
|
|
6
18
|
const useSecure_js_1 = require("./core/useSecure.js");
|
|
@@ -13,7 +25,4 @@ Object.defineProperty(exports, "body", { enumerable: true, get: function () { re
|
|
|
13
25
|
Object.defineProperty(exports, "query", { enumerable: true, get: function () { return express_validator_1.query; } });
|
|
14
26
|
Object.defineProperty(exports, "param", { enumerable: true, get: function () { return express_validator_1.param; } });
|
|
15
27
|
Object.defineProperty(exports, "header", { enumerable: true, get: function () { return express_validator_1.header; } });
|
|
16
|
-
const hiSecure = HiSecure_js_1.HiSecure.getInstance();
|
|
17
|
-
exports.hiSecure = hiSecure;
|
|
18
|
-
exports.default = hiSecure;
|
|
19
28
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA,iDAAiD;AACjD,gEAAgE;;;AAGhE,2BAA2B;AAC3B,kEAAkE;AAElE,2CAA2C;AAE3C,YAAY;AACZ,wBAAwB;AACxB,wBAAwB;AACxB,wBAAwB;AACxB,wBAAwB;AACxB,KAAK;AAEL,2BAA2B;AAK3B,oDAA8C;AAQ5C,yFARO,sBAAQ,OAQP;AAPV,sDAA6D;AAQ3D,0FARO,wBAAS,OAQP;AACT,4FATkB,0BAAW,OASlB;AAPb,2BAAwB;AAAf,wFAAA,CAAC,OAAA;AACV,uDAA+D;AAAtD,yGAAA,IAAI,OAAA;AAAE,0GAAA,KAAK,OAAA;AAAE,0GAAA,KAAK,OAAA;AAAE,2GAAA,MAAM,OAAA","sourcesContent":["// import { HiSecure } from \"./core/HiSecure.js\";\r\n// import { useSecure, secureRoute } from \"./core/useSecure.js\";\r\n\r\n\r\n// export { z } from \"zod\";\r\n// export { body, query, param, header } from \"express-validator\";\r\n\r\n// const hiSecure = HiSecure.getInstance();\r\n\r\n// export { \r\n// HiSecure, \r\n// hiSecure, \r\n// useSecure, \r\n// secureRoute \r\n// };\r\n\r\n// export default hiSecure;\r\n\r\n\r\n\r\n\r\nimport { HiSecure } from \"./core/HiSecure.js\";\r\nimport { useSecure, secureRoute } from \"./core/useSecure.js\";\r\n\r\nexport { z } from \"zod\";\r\nexport { body, query, param, header } from \"express-validator\";\r\n\r\n\r\nexport {\r\n HiSecure,\r\n useSecure,\r\n secureRoute\r\n};\r\n\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthManager.js","sourceRoot":"","sources":["../../src/managers/AuthManager.ts"],"names":[],"mappings":";;;AAAA,uDAAoD;AACpD,6DAA0D;AAC1D,8DAA2D;AAC3D,wDAAqD;AAErD,wCAAoC;AAapC,MAAa,WAAW;IAIpB,YAAY,IAAiB;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YAClB,MAAM,IAAI,2BAAY,CAAC,mCAAmC,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC7B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACpC,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM;gBACjB,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM;aACtC,CAAC,CAAC;QACP,CAAC;QAED,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;YACnC,KAAK,EAAE,cAAc;YACrB,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI;YACvC,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,cAAc;SACvC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,GAAG,IAAI,uBAAU,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS;YACtB,SAAS,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI;SACvC,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtB,IAAI,CAAC,aAAa,GAAG,IAAI,6BAAa,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC5D,gBAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;gBACzC,KAAK,EAAE,cAAc;aACxB,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAuD;QACzE,gBAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE;YAC9B,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,CAAC,KAAa;QAChB,gBAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE;YAChC,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,QAAQ;SACtB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,OAAe;QACrC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACtB,MAAM,IAAI,2BAAY,CAAC,+BAA+B,CAAC,CAAC;QAC5D,CAAC;QAED,gBAAM,CAAC,IAAI,CAAC,wCAAwC,EAAE;YAClD,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,eAAe;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC;YACD,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAC3D,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE;gBAChD,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,eAAe;gBAC1B,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,qBAAS,CAAC,YAAY,CAAC,yBAAyB,CAAC,CAAC;QAC5D,CAAC;IACL,CAAC;IAED,OAAO,CAAC,OAAwB;QAC5B,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC;QAC3C,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;QAE7B,OAAO,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB,EAAE,EAAE;YACxD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAE5C,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvB,OAAO,IAAI,EAAE,CAAC;YAClB,CAAC;YAED,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,gBAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE;oBACxC,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,qBAAS,CAAC,YAAY,CAAC,8BAA8B,CAAC,CAAC,CAAC;YACxE,CAAC;YAED,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAChD,IAAI,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;gBAC9B,gBAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE;oBAC/C,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,qBAAS,CAAC,YAAY,CAAC,8BAA8B,CAAC,CAAC,CAAC;YACxE,CAAC;YAED,IAAI,CAAC;gBACD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAElC,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC;gBAC3B,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC;gBAE5B,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC5B,MAAM,QAAQ,GACT,OAAe,CAAC,IAAI,IAAK,OAAe,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;oBAEzD,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACzC,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;4BAC5C,KAAK,EAAE,cAAc;4BACrB,SAAS,EAAE,WAAW;4BACtB,IAAI,EAAE,GAAG,CAAC,IAAI;4BACd,aAAa,EAAE,KAAK;4BACpB,QAAQ;yBACX,CAAC,CAAC;wBAEH,OAAO,IAAI,CAAC,qBAAS,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC,CAAC;oBACjE,CAAC;gBACL,CAAC;gBAED,OAAO,IAAI,EAAE,CAAC;YAClB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAChB,gBAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE;oBACtC,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,MAAM,EAAE,GAAG,EAAE,OAAO;iBACvB,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,qBAAS,CAAC,YAAY,CAAC,0BAA0B,CAAC,CAAC,CAAC;YACpE,CAAC;QACL,CAAC,CAAC;IACN,CAAC;CACJ;AAlJD,kCAkJC","sourcesContent":["import { JWTAdapter } from \"../adapters/JWTAdapter\";\r\nimport { GoogleAdapter } from \"../adapters/GoogleAdapter\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { HttpError } from \"../core/errors/HttpError\";\r\nimport { Request, Response, NextFunction } from \"express\";\r\nimport { logger } from \"../logging\";\r\n\r\nexport interface AuthOptions {\r\n jwtSecret: string;\r\n jwtExpiresIn?: string | number;\r\n googleClientId?: string;\r\n}\r\n\r\nexport interface ProtectOptions {\r\n required?: boolean;\r\n roles?: string[];\r\n}\r\n\r\nexport class AuthManager {\r\n private jwtAdapter: JWTAdapter;\r\n private googleAdapter?: GoogleAdapter;\r\n\r\n constructor(opts: AuthOptions) {\r\n if (!opts.jwtSecret) {\r\n throw new AdapterError(\"jwtSecret required in AuthOptions\");\r\n }\r\n\r\n if (opts.jwtSecret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n layer: \"auth-manager\",\r\n operation: \"init\",\r\n secretLength: opts.jwtSecret.length\r\n });\r\n }\r\n\r\n logger.info(\"AuthManager initialized\", {\r\n layer: \"auth-manager\",\r\n jwtExpiresIn: opts.jwtExpiresIn ?? \"1d\",\r\n googleEnabled: !!opts.googleClientId\r\n });\r\n\r\n this.jwtAdapter = new JWTAdapter({\r\n secret: opts.jwtSecret,\r\n expiresIn: opts.jwtExpiresIn ?? \"1d\"\r\n });\r\n\r\n if (opts.googleClientId) {\r\n this.googleAdapter = new GoogleAdapter(opts.googleClientId);\r\n logger.info(\"Google authentication enabled\", {\r\n layer: \"auth-manager\"\r\n });\r\n }\r\n }\r\n\r\n sign(payload: object, options?: { expiresIn?: string | number; jti?: string }) {\r\n logger.info(\"JWT sign requested\", {\r\n layer: \"auth-manager\",\r\n operation: \"sign\"\r\n });\r\n\r\n return this.jwtAdapter.sign(payload, options);\r\n }\r\n\r\n verify(token: string) {\r\n logger.info(\"JWT verify requested\", {\r\n layer: \"auth-manager\",\r\n operation: \"verify\"\r\n });\r\n\r\n return this.jwtAdapter.verify(token);\r\n }\r\n\r\n async verifyGoogleIdToken(idToken: string) {\r\n if (!this.googleAdapter) {\r\n throw new AdapterError(\"GoogleAdapter not configured.\");\r\n }\r\n\r\n logger.info(\"Google ID token verification requested\", {\r\n layer: \"auth-manager\",\r\n operation: \"google-verify\"\r\n });\r\n\r\n try {\r\n return await this.googleAdapter.verifyIdToken(idToken);\r\n } catch (err: any) {\r\n logger.error(\"Google ID token verification failed\", {\r\n layer: \"auth-manager\",\r\n operation: \"google-verify\",\r\n reason: err?.message\r\n });\r\n\r\n throw HttpError.Unauthorized(\"Invalid Google ID token\");\r\n }\r\n }\r\n\r\n protect(options?: ProtectOptions) {\r\n const required = options?.required ?? true;\r\n const roles = options?.roles;\r\n\r\n return (req: Request, _res: Response, next: NextFunction) => {\r\n const header = req.headers[\"authorization\"];\r\n\r\n if (!required && !header) {\r\n return next();\r\n }\r\n\r\n if (!header) {\r\n logger.warn(\"Authorization header missing\", {\r\n layer: \"auth-manager\",\r\n operation: \"protect\",\r\n path: req.path,\r\n method: req.method\r\n });\r\n return next(HttpError.Unauthorized(\"Missing Authorization header\"));\r\n }\r\n\r\n const [type, token] = String(header).split(\" \");\r\n if (type !== \"Bearer\" || !token) {\r\n logger.warn(\"Invalid Authorization header format\", {\r\n layer: \"auth-manager\",\r\n operation: \"protect\",\r\n path: req.path,\r\n method: req.method\r\n });\r\n return next(HttpError.Unauthorized(\"Invalid Authorization header\"));\r\n }\r\n\r\n try {\r\n const decoded = this.verify(token);\r\n\r\n (req as any).auth = decoded;\r\n (req as any).user = decoded;\r\n\r\n if (roles && roles.length > 0) {\r\n const userRole =\r\n (decoded as any).role || (decoded as any).roles?.[0];\r\n\r\n if (!userRole || !roles.includes(userRole)) {\r\n logger.warn(\"Access denied: insufficient role\", {\r\n layer: \"auth-manager\",\r\n operation: \"authorize\",\r\n path: req.path,\r\n requiredRoles: roles,\r\n userRole\r\n });\r\n\r\n return next(HttpError.Forbidden(\"Insufficient permissions\"));\r\n }\r\n }\r\n\r\n return next();\r\n } catch (err: any) {\r\n logger.error(\"JWT authentication failed\", {\r\n layer: \"auth-manager\",\r\n operation: \"protect\",\r\n path: req.path,\r\n method: req.method,\r\n reason: err?.message\r\n });\r\n\r\n return next(HttpError.Unauthorized(\"Invalid or expired token\"));\r\n }\r\n };\r\n }\r\n}"]}
|
|
1
|
+
{"version":3,"file":"AuthManager.js","sourceRoot":"","sources":["../../src/managers/AuthManager.ts"],"names":[],"mappings":";;;AAAA,uDAAoD;AACpD,6DAA0D;AAC1D,8DAA2D;AAC3D,wDAAqD;AAErD,wCAAoC;AAapC,MAAa,WAAW;IAIpB,YAAY,IAAiB;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YAClB,MAAM,IAAI,2BAAY,CAAC,mCAAmC,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC7B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACpC,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM;gBACjB,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM;aACtC,CAAC,CAAC;QACP,CAAC;QAED,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;YACnC,KAAK,EAAE,cAAc;YACrB,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI;YACvC,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,cAAc;SACvC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,GAAG,IAAI,uBAAU,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS;YACtB,SAAS,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI;SACvC,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtB,IAAI,CAAC,aAAa,GAAG,IAAI,6BAAa,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC5D,gBAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;gBACzC,KAAK,EAAE,cAAc;aACxB,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAuD;QACzE,gBAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE;YAC9B,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,CAAC,KAAa;QAChB,gBAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE;YAChC,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,QAAQ;SACtB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,OAAe;QACrC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACtB,MAAM,IAAI,2BAAY,CAAC,+BAA+B,CAAC,CAAC;QAC5D,CAAC;QAED,gBAAM,CAAC,IAAI,CAAC,wCAAwC,EAAE;YAClD,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,eAAe;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC;YACD,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAC3D,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE;gBAChD,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,eAAe;gBAC1B,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,qBAAS,CAAC,YAAY,CAAC,yBAAyB,CAAC,CAAC;QAC5D,CAAC;IACL,CAAC;IAED,OAAO,CAAC,OAAwB;QAC5B,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC;QAC3C,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;QAE7B,OAAO,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB,EAAE,EAAE;YACxD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAE5C,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvB,OAAO,IAAI,EAAE,CAAC;YAClB,CAAC;YAED,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,gBAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE;oBACxC,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,qBAAS,CAAC,YAAY,CAAC,8BAA8B,CAAC,CAAC,CAAC;YACxE,CAAC;YAED,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAChD,IAAI,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;gBAC9B,gBAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE;oBAC/C,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,qBAAS,CAAC,YAAY,CAAC,8BAA8B,CAAC,CAAC,CAAC;YACxE,CAAC;YAED,IAAI,CAAC;gBACD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAElC,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC;gBAC3B,GAAW,CAAC,IAAI,GAAG,OAAO,CAAC;gBAE5B,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC5B,MAAM,QAAQ,GACT,OAAe,CAAC,IAAI,IAAK,OAAe,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;oBAEzD,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACzC,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;4BAC5C,KAAK,EAAE,cAAc;4BACrB,SAAS,EAAE,WAAW;4BACtB,IAAI,EAAE,GAAG,CAAC,IAAI;4BACd,aAAa,EAAE,KAAK;4BACpB,QAAQ;yBACX,CAAC,CAAC;wBAEH,OAAO,IAAI,CAAC,qBAAS,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC,CAAC;oBACjE,CAAC;gBACL,CAAC;gBAED,OAAO,IAAI,EAAE,CAAC;YAClB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAChB,gBAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE;oBACtC,KAAK,EAAE,cAAc;oBACrB,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,MAAM,EAAE,GAAG,EAAE,OAAO;iBACvB,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,qBAAS,CAAC,YAAY,CAAC,0BAA0B,CAAC,CAAC,CAAC;YACpE,CAAC;QACL,CAAC,CAAC;IACN,CAAC;CACJ;AAlJD,kCAkJC","sourcesContent":["import { JWTAdapter } from \"../adapters/JWTAdapter\";\r\nimport { GoogleAdapter } from \"../adapters/GoogleAdapter\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { HttpError } from \"../core/errors/HttpError\";\r\nimport { Request, Response, NextFunction } from \"express\";\r\nimport { logger } from \"../logging\";\r\n\r\nexport interface AuthOptions {\r\n jwtSecret: string;\r\n jwtExpiresIn?: string | number;\r\n googleClientId?: string;\r\n}\r\n\r\nexport interface ProtectOptions {\r\n required?: boolean;\r\n roles?: string[];\r\n}\r\n\r\nexport class AuthManager {\r\n private jwtAdapter: JWTAdapter;\r\n private googleAdapter?: GoogleAdapter;\r\n\r\n constructor(opts: AuthOptions) {\r\n if (!opts.jwtSecret) {\r\n throw new AdapterError(\"jwtSecret required in AuthOptions\");\r\n }\r\n\r\n if (opts.jwtSecret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n layer: \"auth-manager\",\r\n operation: \"init\",\r\n secretLength: opts.jwtSecret.length\r\n });\r\n }\r\n\r\n logger.info(\"AuthManager initialized\", {\r\n layer: \"auth-manager\",\r\n jwtExpiresIn: opts.jwtExpiresIn ?? \"1d\",\r\n googleEnabled: !!opts.googleClientId\r\n });\r\n\r\n this.jwtAdapter = new JWTAdapter({\r\n secret: opts.jwtSecret,\r\n expiresIn: opts.jwtExpiresIn ?? \"1d\"\r\n });\r\n\r\n if (opts.googleClientId) {\r\n this.googleAdapter = new GoogleAdapter(opts.googleClientId);\r\n logger.info(\"Google authentication enabled\", {\r\n layer: \"auth-manager\"\r\n });\r\n }\r\n }\r\n\r\n sign(payload: object, options?: { expiresIn?: string | number; jti?: string }) {\r\n logger.info(\"JWT sign requested\", {\r\n layer: \"auth-manager\",\r\n operation: \"sign\"\r\n });\r\n\r\n return this.jwtAdapter.sign(payload, options);\r\n }\r\n\r\n verify(token: string) {\r\n logger.info(\"JWT verify requested\", {\r\n layer: \"auth-manager\",\r\n operation: \"verify\"\r\n });\r\n\r\n return this.jwtAdapter.verify(token);\r\n }\r\n\r\n async verifyGoogleIdToken(idToken: string) {\r\n if (!this.googleAdapter) {\r\n throw new AdapterError(\"GoogleAdapter not configured.\");\r\n }\r\n\r\n logger.info(\"Google ID token verification requested\", {\r\n layer: \"auth-manager\",\r\n operation: \"google-verify\"\r\n });\r\n\r\n try {\r\n return await this.googleAdapter.verifyIdToken(idToken);\r\n } catch (err: any) {\r\n logger.error(\"Google ID token verification failed\", {\r\n layer: \"auth-manager\",\r\n operation: \"google-verify\",\r\n reason: err?.message\r\n });\r\n\r\n throw HttpError.Unauthorized(\"Invalid Google ID token\");\r\n }\r\n }\r\n\r\n protect(options?: ProtectOptions) {\r\n const required = options?.required ?? true;\r\n const roles = options?.roles;\r\n\r\n return (req: Request, _res: Response, next: NextFunction) => {\r\n const header = req.headers[\"authorization\"];\r\n\r\n if (!required && !header) {\r\n return next();\r\n }\r\n\r\n if (!header) {\r\n logger.warn(\"Authorization header missing\", {\r\n layer: \"auth-manager\",\r\n operation: \"protect\",\r\n path: req.path,\r\n method: req.method\r\n });\r\n return next(HttpError.Unauthorized(\"Missing Authorization header\"));\r\n }\r\n\r\n const [type, token] = String(header).split(\" \");\r\n if (type !== \"Bearer\" || !token) {\r\n logger.warn(\"Invalid Authorization header format\", {\r\n layer: \"auth-manager\",\r\n operation: \"protect\",\r\n path: req.path,\r\n method: req.method\r\n });\r\n return next(HttpError.Unauthorized(\"Invalid Authorization header\"));\r\n }\r\n\r\n try {\r\n const decoded = this.verify(token);\r\n\r\n (req as any).auth = decoded;\r\n (req as any).user = decoded;\r\n\r\n if (roles && roles.length > 0) {\r\n const userRole =\r\n (decoded as any).role || (decoded as any).roles?.[0];\r\n\r\n if (!userRole || !roles.includes(userRole)) {\r\n logger.warn(\"Access denied: insufficient role\", {\r\n layer: \"auth-manager\",\r\n operation: \"authorize\",\r\n path: req.path,\r\n requiredRoles: roles,\r\n userRole\r\n });\r\n\r\n return next(HttpError.Forbidden(\"Insufficient permissions\"));\r\n }\r\n }\r\n\r\n return next();\r\n } catch (err: any) {\r\n logger.error(\"JWT authentication failed\", {\r\n layer: \"auth-manager\",\r\n operation: \"protect\",\r\n path: req.path,\r\n method: req.method,\r\n reason: err?.message\r\n });\r\n\r\n return next(HttpError.Unauthorized(\"Invalid or expired token\"));\r\n }\r\n };\r\n }\r\n}\r\n"]}
|
package/package.json
CHANGED