hi-secure 1.0.29 → 1.0.33
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/JWTAdapter.d.ts.map +1 -1
- package/dist/adapters/JWTAdapter.js +120 -14
- package/dist/adapters/JWTAdapter.js.map +1 -1
- package/dist/core/HiSecure.d.ts +7 -0
- package/dist/core/HiSecure.d.ts.map +1 -1
- package/dist/core/HiSecure.js +27 -3
- package/dist/core/HiSecure.js.map +1 -1
- package/dist/core/useSecure.d.ts.map +1 -1
- package/dist/core/useSecure.js.map +1 -1
- package/package.json +1 -1
- package/src/adapters/JWTAdapter.ts +217 -89
- package/src/core/HiSecure.ts +30 -5
- package/src/core/useSecure.ts +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JWTAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"JWTAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":"AA6GA,OAAO,GAAsC,MAAM,cAAc,CAAC;AAOlE,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,SAAS,CAAC,EAAE,GAAG,CAAC,SAAS,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC9B;AAWD,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,SAAS,CAAC,CAAY;IAC9B,OAAO,CAAC,SAAS,CAAgB;IACjC,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,QAAQ,CAAC,CAAoB;gBAEzB,OAAO,EAAE,iBAAiB;IAoBtC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW;IAmC3C,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;KAAE;CA8BjE"}
|
|
@@ -1,13 +1,111 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
// import jwt from "jsonwebtoken";
|
|
3
|
+
// import { randomUUID } from "crypto";
|
|
4
|
+
// import { AdapterError } from "../core/errors/AdapterError";
|
|
5
|
+
// import { logger } from "../logging";
|
|
2
6
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
7
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
8
|
};
|
|
5
9
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
10
|
exports.JWTAdapter = void 0;
|
|
11
|
+
// export interface JWTAdapterOptions {
|
|
12
|
+
// secret: string;
|
|
13
|
+
// expiresIn?: string | number;
|
|
14
|
+
// algorithm?: jwt.Algorithm;
|
|
15
|
+
// issuer?: string;
|
|
16
|
+
// audience?: string | string[];
|
|
17
|
+
// }
|
|
18
|
+
// export interface SignOptions {
|
|
19
|
+
// expiresIn?: string | number;
|
|
20
|
+
// jti?: string;
|
|
21
|
+
// subject?: string;
|
|
22
|
+
// issuer?: string;
|
|
23
|
+
// audience?: string | string[];
|
|
24
|
+
// }
|
|
25
|
+
// export class JWTAdapter {
|
|
26
|
+
// private secret: string;
|
|
27
|
+
// private expiresIn?: string | number;
|
|
28
|
+
// private algorithm: jwt.Algorithm;
|
|
29
|
+
// private issuer?: string;
|
|
30
|
+
// private audience?: string | string[];
|
|
31
|
+
// constructor(options: JWTAdapterOptions) {
|
|
32
|
+
// if (!options.secret) {
|
|
33
|
+
// throw new AdapterError("JWT secret is required");
|
|
34
|
+
// }
|
|
35
|
+
// if (options.secret.length < 32) {
|
|
36
|
+
// logger.warn("Weak JWT secret detected", {
|
|
37
|
+
// adapter: "jwt",
|
|
38
|
+
// operation: "init",
|
|
39
|
+
// secretLength: options.secret.length
|
|
40
|
+
// });
|
|
41
|
+
// }
|
|
42
|
+
// this.secret = options.secret;
|
|
43
|
+
// this.expiresIn = options.expiresIn;
|
|
44
|
+
// this.algorithm = options.algorithm || "HS256";
|
|
45
|
+
// this.issuer = options.issuer;
|
|
46
|
+
// this.audience = options.audience;
|
|
47
|
+
// }
|
|
48
|
+
// sign(payload: object, options?: SignOptions) {
|
|
49
|
+
// try {
|
|
50
|
+
// const jwtOptions: jwt.SignOptions = {
|
|
51
|
+
// algorithm: this.algorithm,
|
|
52
|
+
// issuer: options?.issuer || this.issuer,
|
|
53
|
+
// audience: options?.audience || this.audience,
|
|
54
|
+
// jwtid: options?.jti || randomUUID(),
|
|
55
|
+
// subject: options?.subject
|
|
56
|
+
// };
|
|
57
|
+
// if (options?.expiresIn !== undefined) {
|
|
58
|
+
// jwtOptions.expiresIn = options.expiresIn as any;
|
|
59
|
+
// } else if (this.expiresIn !== undefined) {
|
|
60
|
+
// jwtOptions.expiresIn = this.expiresIn as any;
|
|
61
|
+
// }
|
|
62
|
+
// return jwt.sign(payload, this.secret, jwtOptions);
|
|
63
|
+
// } catch (err: any) {
|
|
64
|
+
// logger.error("JWT signing failed", {
|
|
65
|
+
// adapter: "jwt",
|
|
66
|
+
// operation: "sign",
|
|
67
|
+
// reason: err?.message
|
|
68
|
+
// });
|
|
69
|
+
// throw new AdapterError("JWT sign failed");
|
|
70
|
+
// }
|
|
71
|
+
// }
|
|
72
|
+
// verify(token: string, options?: { audience?: string | string[] }) {
|
|
73
|
+
// try {
|
|
74
|
+
// const verifyOptions: jwt.VerifyOptions = {
|
|
75
|
+
// algorithms: [this.algorithm],
|
|
76
|
+
// issuer: this.issuer,
|
|
77
|
+
// audience: (options?.audience || this.audience) as string
|
|
78
|
+
// };
|
|
79
|
+
// return jwt.verify(token, this.secret, verifyOptions);
|
|
80
|
+
// } catch (err: any) {
|
|
81
|
+
// logger.error("JWT verification failed", {
|
|
82
|
+
// adapter: "jwt",
|
|
83
|
+
// operation: "verify",
|
|
84
|
+
// reason: err?.message
|
|
85
|
+
// });
|
|
86
|
+
// if (err?.name === "TokenExpiredError") {
|
|
87
|
+
// throw new AdapterError("JWT token has expired");
|
|
88
|
+
// }
|
|
89
|
+
// if (err?.name === "JsonWebTokenError") {
|
|
90
|
+
// throw new AdapterError("Invalid JWT token");
|
|
91
|
+
// }
|
|
92
|
+
// throw new AdapterError("JWT verification failed");
|
|
93
|
+
// }
|
|
94
|
+
// }
|
|
95
|
+
// }
|
|
7
96
|
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
8
97
|
const crypto_1 = require("crypto");
|
|
9
98
|
const AdapterError_1 = require("../core/errors/AdapterError");
|
|
10
99
|
const logging_1 = require("../logging");
|
|
100
|
+
function normalizeAudience(aud) {
|
|
101
|
+
if (!aud)
|
|
102
|
+
return undefined;
|
|
103
|
+
if (typeof aud === "string")
|
|
104
|
+
return aud;
|
|
105
|
+
if (aud.length > 0)
|
|
106
|
+
return aud;
|
|
107
|
+
return undefined;
|
|
108
|
+
}
|
|
11
109
|
class JWTAdapter {
|
|
12
110
|
constructor(options) {
|
|
13
111
|
if (!options.secret) {
|
|
@@ -16,30 +114,34 @@ class JWTAdapter {
|
|
|
16
114
|
if (options.secret.length < 32) {
|
|
17
115
|
logging_1.logger.warn("Weak JWT secret detected", {
|
|
18
116
|
adapter: "jwt",
|
|
19
|
-
operation: "init",
|
|
20
117
|
secretLength: options.secret.length
|
|
21
118
|
});
|
|
22
119
|
}
|
|
23
120
|
this.secret = options.secret;
|
|
24
|
-
this.
|
|
25
|
-
this.algorithm = options.algorithm || "HS256";
|
|
121
|
+
this.algorithm = options.algorithm ?? "HS256";
|
|
26
122
|
this.issuer = options.issuer;
|
|
27
123
|
this.audience = options.audience;
|
|
124
|
+
this.expiresIn = options.expiresIn;
|
|
28
125
|
}
|
|
126
|
+
// ================= SIGN =================
|
|
29
127
|
sign(payload, options) {
|
|
30
128
|
try {
|
|
31
129
|
const jwtOptions = {
|
|
32
130
|
algorithm: this.algorithm,
|
|
33
|
-
|
|
34
|
-
audience: options?.audience || this.audience,
|
|
35
|
-
jwtid: options?.jti || (0, crypto_1.randomUUID)(),
|
|
131
|
+
jwtid: options?.jti ?? (0, crypto_1.randomUUID)(),
|
|
36
132
|
subject: options?.subject
|
|
37
133
|
};
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
134
|
+
const issuer = options?.issuer ?? this.issuer;
|
|
135
|
+
if (issuer)
|
|
136
|
+
jwtOptions.issuer = issuer;
|
|
137
|
+
const audience = normalizeAudience(options?.audience ?? this.audience);
|
|
138
|
+
if (audience)
|
|
139
|
+
jwtOptions.audience = audience;
|
|
140
|
+
const expires = options?.expiresIn !== undefined
|
|
141
|
+
? options.expiresIn
|
|
142
|
+
: this.expiresIn;
|
|
143
|
+
if (expires !== undefined) {
|
|
144
|
+
jwtOptions.expiresIn = expires;
|
|
43
145
|
}
|
|
44
146
|
return jsonwebtoken_1.default.sign(payload, this.secret, jwtOptions);
|
|
45
147
|
}
|
|
@@ -52,13 +154,17 @@ class JWTAdapter {
|
|
|
52
154
|
throw new AdapterError_1.AdapterError("JWT sign failed");
|
|
53
155
|
}
|
|
54
156
|
}
|
|
157
|
+
// ================= VERIFY =================
|
|
55
158
|
verify(token, options) {
|
|
56
159
|
try {
|
|
57
160
|
const verifyOptions = {
|
|
58
|
-
algorithms: [this.algorithm]
|
|
59
|
-
issuer: this.issuer,
|
|
60
|
-
audience: (options?.audience || this.audience)
|
|
161
|
+
algorithms: [this.algorithm]
|
|
61
162
|
};
|
|
163
|
+
if (this.issuer)
|
|
164
|
+
verifyOptions.issuer = this.issuer;
|
|
165
|
+
const audience = normalizeAudience(options?.audience ?? this.audience);
|
|
166
|
+
if (audience)
|
|
167
|
+
verifyOptions.audience = audience;
|
|
62
168
|
return jsonwebtoken_1.default.verify(token, this.secret, verifyOptions);
|
|
63
169
|
}
|
|
64
170
|
catch (err) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JWTAdapter.js","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":";;;;;;AAAA,gEAA+B;AAC/B,mCAAoC;AACpC,8DAA2D;AAC3D,wCAAoC;AAkBpC,MAAa,UAAU;IAOnB,YAAY,OAA0B;QAClC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,IAAI,2BAAY,CAAC,wBAAwB,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC7B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACpC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;aACtC,CAAC,CAAC;QACP,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACrC,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAqB;QACvC,IAAI,CAAC;YACD,MAAM,UAAU,GAAoB;gBAChC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC,MAAM;gBACtC,QAAQ,EAAE,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ;gBAC5C,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,IAAA,mBAAU,GAAE;gBACnC,OAAO,EAAE,OAAO,EAAE,OAAO;aAC5B,CAAC;YAEF,IAAI,OAAO,EAAE,SAAS,KAAK,SAAS,EAAE,CAAC;gBACnC,UAAU,CAAC,SAAS,GAAG,OAAO,CAAC,SAAgB,CAAC;YACpD,CAAC;iBAAM,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACtC,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC,SAAgB,CAAC;YACjD,CAAC;YAED,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAEtD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBAC/B,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,iBAAiB,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;IAED,MAAM,CAAC,KAAa,EAAE,OAA0C;QAC5D,IAAI,CAAC;YACD,MAAM,aAAa,GAAsB;gBACrC,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;gBAC5B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,QAAQ,EAAE,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAW;aAC3D,CAAC;YAEF,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QAEzD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACpC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACpC,MAAM,IAAI,2BAAY,CAAC,uBAAuB,CAAC,CAAC;YACpD,CAAC;YAED,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACpC,MAAM,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC;YAChD,CAAC;YAED,MAAM,IAAI,2BAAY,CAAC,yBAAyB,CAAC,CAAC;QACtD,CAAC;IACL,CAAC;CACJ;AApFD,gCAoFC","sourcesContent":["import jwt from \"jsonwebtoken\";\r\nimport { randomUUID } from \"crypto\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { logger } from \"../logging\";\r\n\r\nexport interface JWTAdapterOptions {\r\n secret: string;\r\n expiresIn?: string | number;\r\n algorithm?: jwt.Algorithm;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nexport interface SignOptions {\r\n expiresIn?: string | number;\r\n jti?: string;\r\n subject?: string;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nexport class JWTAdapter {\r\n private secret: string;\r\n private expiresIn?: string | number;\r\n private algorithm: jwt.Algorithm;\r\n private issuer?: string;\r\n private audience?: string | string[];\r\n\r\n constructor(options: JWTAdapterOptions) {\r\n if (!options.secret) {\r\n throw new AdapterError(\"JWT secret is required\");\r\n }\r\n\r\n if (options.secret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n adapter: \"jwt\",\r\n operation: \"init\",\r\n secretLength: options.secret.length\r\n });\r\n }\r\n\r\n this.secret = options.secret;\r\n this.expiresIn = options.expiresIn;\r\n this.algorithm = options.algorithm || \"HS256\";\r\n this.issuer = options.issuer;\r\n this.audience = options.audience;\r\n }\r\n\r\n sign(payload: object, options?: SignOptions) {\r\n try {\r\n const jwtOptions: jwt.SignOptions = {\r\n algorithm: this.algorithm,\r\n issuer: options?.issuer || this.issuer,\r\n audience: options?.audience || this.audience,\r\n jwtid: options?.jti || randomUUID(),\r\n subject: options?.subject\r\n };\r\n\r\n if (options?.expiresIn !== undefined) {\r\n jwtOptions.expiresIn = options.expiresIn as any;\r\n } else if (this.expiresIn !== undefined) {\r\n jwtOptions.expiresIn = this.expiresIn as any;\r\n }\r\n\r\n return jwt.sign(payload, this.secret, jwtOptions);\r\n\r\n } catch (err: any) {\r\n logger.error(\"JWT signing failed\", {\r\n adapter: \"jwt\",\r\n operation: \"sign\",\r\n reason: err?.message\r\n });\r\n\r\n throw new AdapterError(\"JWT sign failed\");\r\n }\r\n }\r\n\r\n verify(token: string, options?: { audience?: string | string[] }) {\r\n try {\r\n const verifyOptions: jwt.VerifyOptions = {\r\n algorithms: [this.algorithm],\r\n issuer: this.issuer,\r\n audience: (options?.audience || this.audience) as string\r\n };\r\n\r\n return jwt.verify(token, this.secret, verifyOptions);\r\n\r\n } catch (err: any) {\r\n logger.error(\"JWT verification failed\", {\r\n adapter: \"jwt\",\r\n operation: \"verify\",\r\n reason: err?.message\r\n });\r\n\r\n if (err?.name === \"TokenExpiredError\") {\r\n throw new AdapterError(\"JWT token has expired\");\r\n }\r\n\r\n if (err?.name === \"JsonWebTokenError\") {\r\n throw new AdapterError(\"Invalid JWT token\");\r\n }\r\n\r\n throw new AdapterError(\"JWT verification failed\");\r\n }\r\n }\r\n}\r\n"]}
|
|
1
|
+
{"version":3,"file":"JWTAdapter.js","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":";AAAA,kCAAkC;AAClC,uCAAuC;AACvC,8DAA8D;AAC9D,uCAAuC;;;;;;AAEvC,uCAAuC;AACvC,sBAAsB;AACtB,mCAAmC;AACnC,iCAAiC;AACjC,uBAAuB;AACvB,oCAAoC;AACpC,IAAI;AAEJ,iCAAiC;AACjC,mCAAmC;AACnC,oBAAoB;AACpB,wBAAwB;AACxB,uBAAuB;AACvB,oCAAoC;AACpC,IAAI;AAEJ,4BAA4B;AAC5B,8BAA8B;AAC9B,2CAA2C;AAC3C,wCAAwC;AACxC,+BAA+B;AAC/B,4CAA4C;AAE5C,gDAAgD;AAChD,iCAAiC;AACjC,gEAAgE;AAChE,YAAY;AAEZ,4CAA4C;AAC5C,wDAAwD;AACxD,kCAAkC;AAClC,qCAAqC;AACrC,sDAAsD;AACtD,kBAAkB;AAClB,YAAY;AAEZ,wCAAwC;AACxC,8CAA8C;AAC9C,yDAAyD;AACzD,wCAAwC;AACxC,4CAA4C;AAC5C,QAAQ;AAER,qDAAqD;AACrD,gBAAgB;AAChB,oDAAoD;AACpD,6CAA6C;AAC7C,0DAA0D;AAC1D,gEAAgE;AAChE,uDAAuD;AACvD,4CAA4C;AAC5C,iBAAiB;AAEjB,sDAAsD;AACtD,mEAAmE;AACnE,yDAAyD;AACzD,gEAAgE;AAChE,gBAAgB;AAEhB,iEAAiE;AAEjE,+BAA+B;AAC/B,mDAAmD;AACnD,kCAAkC;AAClC,qCAAqC;AACrC,uCAAuC;AACvC,kBAAkB;AAElB,yDAAyD;AACzD,YAAY;AACZ,QAAQ;AAER,0EAA0E;AAC1E,gBAAgB;AAChB,yDAAyD;AACzD,gDAAgD;AAChD,uCAAuC;AACvC,2EAA2E;AAC3E,iBAAiB;AAEjB,oEAAoE;AAEpE,+BAA+B;AAC/B,wDAAwD;AACxD,kCAAkC;AAClC,uCAAuC;AACvC,uCAAuC;AACvC,kBAAkB;AAElB,uDAAuD;AACvD,mEAAmE;AACnE,gBAAgB;AAEhB,uDAAuD;AACvD,+DAA+D;AAC/D,gBAAgB;AAEhB,iEAAiE;AACjE,YAAY;AACZ,QAAQ;AACR,IAAI;AAIJ,gEAAkE;AAClE,mCAAoC;AACpC,8DAA2D;AAC3D,wCAAoC;AAoBpC,SAAS,iBAAiB,CACxB,GAAuB;IAEvB,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAA4B,CAAC;IACxD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAa,UAAU;IAOrB,YAAY,OAA0B;QACpC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,MAAM,IAAI,2BAAY,CAAC,wBAAwB,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC/B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACtC,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;aACpC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAsB,CAAC;IAClD,CAAC;IAED,2CAA2C;IAC3C,IAAI,CAAC,OAAe,EAAE,OAAqB;QACzC,IAAI,CAAC;YACH,MAAM,UAAU,GAAoB;gBAClC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,IAAA,mBAAU,GAAE;gBACnC,OAAO,EAAE,OAAO,EAAE,OAAO;aAC1B,CAAC;YAEF,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC;YAC9C,IAAI,MAAM;gBAAE,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC;YAEvC,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ;gBAAE,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE7C,MAAM,OAAO,GACX,OAAO,EAAE,SAAS,KAAK,SAAS;gBAC9B,CAAC,CAAE,OAAO,CAAC,SAAuB;gBAClC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;YAErB,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;gBAC1B,UAAU,CAAC,SAAS,GAAG,OAAO,CAAC;YACjC,CAAC;YAED,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,gBAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBACjC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,IAAI,2BAAY,CAAC,iBAAiB,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,MAAM,CAAC,KAAa,EAAE,OAA0C;QAC9D,IAAI,CAAC;YACH,MAAM,aAAa,GAAsB;gBACvC,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;aAC7B,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM;gBAAE,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YAEpD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ;gBAAE,aAAa,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAEhD,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,gBAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,GAAG,EAAE,OAAO;aACrB,CAAC,CAAC;YAEH,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAAY,CAAC,uBAAuB,CAAC,CAAC;YAClD,CAAC;YAED,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC;YAC9C,CAAC;YAED,MAAM,IAAI,2BAAY,CAAC,yBAAyB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;CACF;AA5FD,gCA4FC","sourcesContent":["// import jwt from \"jsonwebtoken\";\r\n// import { randomUUID } from \"crypto\";\r\n// import { AdapterError } from \"../core/errors/AdapterError\";\r\n// import { logger } from \"../logging\";\r\n\r\n// export interface JWTAdapterOptions {\r\n// secret: string;\r\n// expiresIn?: string | number;\r\n// algorithm?: jwt.Algorithm;\r\n// issuer?: string;\r\n// audience?: string | string[];\r\n// }\r\n\r\n// export interface SignOptions {\r\n// expiresIn?: string | number;\r\n// jti?: string;\r\n// subject?: string;\r\n// issuer?: string;\r\n// audience?: string | string[];\r\n// }\r\n\r\n// export class JWTAdapter {\r\n// private secret: string;\r\n// private expiresIn?: string | number;\r\n// private algorithm: jwt.Algorithm;\r\n// private issuer?: string;\r\n// private audience?: string | string[];\r\n\r\n// constructor(options: JWTAdapterOptions) {\r\n// if (!options.secret) {\r\n// throw new AdapterError(\"JWT secret is required\");\r\n// }\r\n\r\n// if (options.secret.length < 32) {\r\n// logger.warn(\"Weak JWT secret detected\", {\r\n// adapter: \"jwt\",\r\n// operation: \"init\",\r\n// secretLength: options.secret.length\r\n// });\r\n// }\r\n\r\n// this.secret = options.secret;\r\n// this.expiresIn = options.expiresIn;\r\n// this.algorithm = options.algorithm || \"HS256\";\r\n// this.issuer = options.issuer;\r\n// this.audience = options.audience;\r\n// }\r\n\r\n// sign(payload: object, options?: SignOptions) {\r\n// try {\r\n// const jwtOptions: jwt.SignOptions = {\r\n// algorithm: this.algorithm,\r\n// issuer: options?.issuer || this.issuer,\r\n// audience: options?.audience || this.audience,\r\n// jwtid: options?.jti || randomUUID(),\r\n// subject: options?.subject\r\n// };\r\n\r\n// if (options?.expiresIn !== undefined) {\r\n// jwtOptions.expiresIn = options.expiresIn as any;\r\n// } else if (this.expiresIn !== undefined) {\r\n// jwtOptions.expiresIn = this.expiresIn as any;\r\n// }\r\n\r\n// return jwt.sign(payload, this.secret, jwtOptions);\r\n\r\n// } catch (err: any) {\r\n// logger.error(\"JWT signing failed\", {\r\n// adapter: \"jwt\",\r\n// operation: \"sign\",\r\n// reason: err?.message\r\n// });\r\n\r\n// throw new AdapterError(\"JWT sign failed\");\r\n// }\r\n// }\r\n\r\n// verify(token: string, options?: { audience?: string | string[] }) {\r\n// try {\r\n// const verifyOptions: jwt.VerifyOptions = {\r\n// algorithms: [this.algorithm],\r\n// issuer: this.issuer,\r\n// audience: (options?.audience || this.audience) as string\r\n// };\r\n\r\n// return jwt.verify(token, this.secret, verifyOptions);\r\n\r\n// } catch (err: any) {\r\n// logger.error(\"JWT verification failed\", {\r\n// adapter: \"jwt\",\r\n// operation: \"verify\",\r\n// reason: err?.message\r\n// });\r\n\r\n// if (err?.name === \"TokenExpiredError\") {\r\n// throw new AdapterError(\"JWT token has expired\");\r\n// }\r\n\r\n// if (err?.name === \"JsonWebTokenError\") {\r\n// throw new AdapterError(\"Invalid JWT token\");\r\n// }\r\n\r\n// throw new AdapterError(\"JWT verification failed\");\r\n// }\r\n// }\r\n// }\r\n\r\n\r\n\r\nimport jwt, { SignOptions as JwtSignOptions } from \"jsonwebtoken\";\r\nimport { randomUUID } from \"crypto\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { logger } from \"../logging\";\r\n\r\ntype ExpiresIn = JwtSignOptions[\"expiresIn\"]; // ✅ important\r\n\r\nexport interface JWTAdapterOptions {\r\n secret: string;\r\n expiresIn?: string | number;\r\n algorithm?: jwt.Algorithm;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nexport interface SignOptions {\r\n expiresIn?: string | number;\r\n jti?: string;\r\n subject?: string;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nfunction normalizeAudience(\r\n aud?: string | string[]\r\n): string | [string, ...string[]] | undefined {\r\n if (!aud) return undefined;\r\n if (typeof aud === \"string\") return aud;\r\n if (aud.length > 0) return aud as [string, ...string[]];\r\n return undefined;\r\n}\r\n\r\nexport class JWTAdapter {\r\n private secret: string;\r\n private expiresIn?: ExpiresIn;\r\n private algorithm: jwt.Algorithm;\r\n private issuer?: string;\r\n private audience?: string | string[];\r\n\r\n constructor(options: JWTAdapterOptions) {\r\n if (!options.secret) {\r\n throw new AdapterError(\"JWT secret is required\");\r\n }\r\n\r\n if (options.secret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n adapter: \"jwt\",\r\n secretLength: options.secret.length\r\n });\r\n }\r\n\r\n this.secret = options.secret;\r\n this.algorithm = options.algorithm ?? \"HS256\";\r\n this.issuer = options.issuer;\r\n this.audience = options.audience;\r\n this.expiresIn = options.expiresIn as ExpiresIn;\r\n }\r\n\r\n // ================= SIGN =================\r\n sign(payload: object, options?: SignOptions) {\r\n try {\r\n const jwtOptions: jwt.SignOptions = {\r\n algorithm: this.algorithm,\r\n jwtid: options?.jti ?? randomUUID(),\r\n subject: options?.subject\r\n };\r\n\r\n const issuer = options?.issuer ?? this.issuer;\r\n if (issuer) jwtOptions.issuer = issuer;\r\n\r\n const audience = normalizeAudience(options?.audience ?? this.audience);\r\n if (audience) jwtOptions.audience = audience;\r\n\r\n const expires =\r\n options?.expiresIn !== undefined\r\n ? (options.expiresIn as ExpiresIn)\r\n : this.expiresIn;\r\n\r\n if (expires !== undefined) {\r\n jwtOptions.expiresIn = expires;\r\n }\r\n\r\n return jwt.sign(payload, this.secret, jwtOptions);\r\n } catch (err: any) {\r\n logger.error(\"JWT signing failed\", {\r\n adapter: \"jwt\",\r\n operation: \"sign\",\r\n reason: err?.message\r\n });\r\n throw new AdapterError(\"JWT sign failed\");\r\n }\r\n }\r\n\r\n // ================= VERIFY =================\r\n verify(token: string, options?: { audience?: string | string[] }) {\r\n try {\r\n const verifyOptions: jwt.VerifyOptions = {\r\n algorithms: [this.algorithm]\r\n };\r\n\r\n if (this.issuer) verifyOptions.issuer = this.issuer;\r\n\r\n const audience = normalizeAudience(options?.audience ?? this.audience);\r\n if (audience) verifyOptions.audience = audience;\r\n\r\n return jwt.verify(token, this.secret, verifyOptions);\r\n } catch (err: any) {\r\n logger.error(\"JWT verification failed\", {\r\n adapter: \"jwt\",\r\n operation: \"verify\",\r\n reason: err?.message\r\n });\r\n\r\n if (err?.name === \"TokenExpiredError\") {\r\n throw new AdapterError(\"JWT token has expired\");\r\n }\r\n\r\n if (err?.name === \"JsonWebTokenError\") {\r\n throw new AdapterError(\"Invalid JWT token\");\r\n }\r\n\r\n throw new AdapterError(\"JWT verification failed\");\r\n }\r\n }\r\n}\r\n"]}
|
package/dist/core/HiSecure.d.ts
CHANGED
|
@@ -20,6 +20,13 @@ export declare class HiSecure {
|
|
|
20
20
|
required?: boolean;
|
|
21
21
|
roles?: string[];
|
|
22
22
|
}): (req: import("express").Request, _res: import("express").Response, next: import("express").NextFunction) => void;
|
|
23
|
+
static jwt: {
|
|
24
|
+
sign(payload: object, options?: any): string;
|
|
25
|
+
verify(token: string): string | import("jsonwebtoken").Jwt | import("jsonwebtoken").JwtPayload;
|
|
26
|
+
google: {
|
|
27
|
+
verifyIdToken(idToken: string): Promise<import("../adapters/GoogleAdapter.js").GoogleTokenPayload>;
|
|
28
|
+
};
|
|
29
|
+
};
|
|
23
30
|
static validate(schema: ValidationSchema): (req: any, res: any, next: any) => any;
|
|
24
31
|
static sanitize(options?: any): (req: any, _res: any, next: any) => void;
|
|
25
32
|
static rateLimit(preset: "strict" | "relaxed" | "api" | object): any;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"HiSecure.d.ts","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"HiSecure.d.ts","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":"AAwUA,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAiC3D,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAE3E,KAAK,gBAAgB,GAAG,QAAQ,GAAG,KAAK,GAAG,QAAQ,CAAC;AAEpD,qBAAa,QAAQ;IACnB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAyB;IAEhD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiB;IACxC,OAAO,CAAC,WAAW,CAAS;IAE5B,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,gBAAgB,CAAoB;IAC5C,OAAO,CAAC,gBAAgB,CAAoB;IAC5C,OAAO,CAAC,gBAAgB,CAAoB;IAC5C,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,WAAW,CAAC,CAAc;IAElC,OAAO;IAKP,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,QAAQ;IAU3D,OAAO,CAAC,MAAM,CAAC,GAAG;IAOlB,OAAO,CAAC,SAAS;IAgEjB,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE;IAO9D,MAAM,CAAC,GAAG;sBACM,MAAM,YAAY,GAAG;sBAMrB,MAAM;;mCAOK,MAAM;;MAO/B;IAGF,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,gBAAgB;IAIxC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,GAAG;IAI7B,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,QAAQ,GAAG,SAAS,GAAG,KAAK,GAAG,MAAM;IAgB9D,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG;kBA7eV,CAAA;;;iBAGY,CAAC;IA8e5B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG;WAKZ,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAOjD,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK5D,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,aAAa,GAAG,gBAAgB;IAe5D,OAAO,CAAC,WAAW;CAqBpB"}
|
package/dist/core/HiSecure.js
CHANGED
|
@@ -79,7 +79,7 @@ class HiSecure {
|
|
|
79
79
|
this.sanitizerManager = new SanitizerManager_js_1.SanitizerManager(new SanitizeHtmlAdapter_js_1.SanitizeHtmlAdapter(this.config.sanitizer), new XSSAdapter_js_1.XSSAdapter(this.config.sanitizer));
|
|
80
80
|
this.jsonManager = new JsonManager_js_1.JsonManager();
|
|
81
81
|
this.corsManager = new CorsManager_js_1.CorsManager();
|
|
82
|
-
// =====
|
|
82
|
+
// ===== AUTH (OPTIONAL) =====
|
|
83
83
|
if (this.config.auth?.enabled) {
|
|
84
84
|
this.authManager = new AuthManager_js_1.AuthManager({
|
|
85
85
|
jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret,
|
|
@@ -97,13 +97,14 @@ class HiSecure {
|
|
|
97
97
|
layer: "hisecure-core"
|
|
98
98
|
});
|
|
99
99
|
}
|
|
100
|
-
// =================
|
|
100
|
+
// ================= AUTH =================
|
|
101
101
|
static auth(options) {
|
|
102
102
|
const i = HiSecure.get();
|
|
103
103
|
if (!i.authManager)
|
|
104
104
|
throw new Error("Auth not enabled");
|
|
105
105
|
return i.authManager.protect(options);
|
|
106
106
|
}
|
|
107
|
+
// ================= OTHER UTILS =================
|
|
107
108
|
static validate(schema) {
|
|
108
109
|
return HiSecure.get().validatorManager.validate(schema);
|
|
109
110
|
}
|
|
@@ -138,6 +139,7 @@ class HiSecure {
|
|
|
138
139
|
static verify(value, hash) {
|
|
139
140
|
return HiSecure.get().hashManager.verify(value, hash);
|
|
140
141
|
}
|
|
142
|
+
// ================= GLOBAL MIDDLEWARE =================
|
|
141
143
|
static middleware(options) {
|
|
142
144
|
const i = HiSecure.get();
|
|
143
145
|
const presets = {
|
|
@@ -148,7 +150,6 @@ class HiSecure {
|
|
|
148
150
|
const finalOptions = typeof options === "string" ? presets[options] : options ?? {};
|
|
149
151
|
return i.createChain(finalOptions);
|
|
150
152
|
}
|
|
151
|
-
// ================= INTERNAL =================
|
|
152
153
|
createChain(options) {
|
|
153
154
|
const chain = [];
|
|
154
155
|
chain.push(this.jsonManager.middleware(this.config.json));
|
|
@@ -173,4 +174,27 @@ class HiSecure {
|
|
|
173
174
|
}
|
|
174
175
|
exports.HiSecure = HiSecure;
|
|
175
176
|
HiSecure.instance = null;
|
|
177
|
+
// ================= JWT =================
|
|
178
|
+
HiSecure.jwt = {
|
|
179
|
+
sign(payload, options) {
|
|
180
|
+
const i = HiSecure.get();
|
|
181
|
+
if (!i.authManager)
|
|
182
|
+
throw new Error("Auth not enabled");
|
|
183
|
+
return i.authManager.sign(payload, options);
|
|
184
|
+
},
|
|
185
|
+
verify(token) {
|
|
186
|
+
const i = HiSecure.get();
|
|
187
|
+
if (!i.authManager)
|
|
188
|
+
throw new Error("Auth not enabled");
|
|
189
|
+
return i.authManager.verify(token);
|
|
190
|
+
},
|
|
191
|
+
google: {
|
|
192
|
+
verifyIdToken(idToken) {
|
|
193
|
+
const i = HiSecure.get();
|
|
194
|
+
if (!i.authManager)
|
|
195
|
+
throw new Error("Auth not enabled (Google)");
|
|
196
|
+
return i.authManager.verifyGoogleIdToken(idToken);
|
|
197
|
+
}
|
|
198
|
+
}
|
|
199
|
+
};
|
|
176
200
|
//# sourceMappingURL=HiSecure.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"HiSecure.js","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":";AAAA,8DAA8D;AAC9D,+CAA+C;AAC/C,0DAA0D;AAC1D,qDAAqD;AACrD,uDAAuD;AACvD,uCAAuC;;;;;;AAkUvC,2CAA4C;AAC5C,iDAAuD;AACvD,wDAAkD;AAClD,0DAAoD;AACpD,wCAAoC;AAEpC,WAAW;AACX,iEAA2D;AAC3D,mEAA6D;AAC7D,2EAAqE;AACrE,yEAAmE;AACnE,6DAAuD;AACvD,uFAAiF;AACjF,+EAAyE;AACzE,6DAAuD;AAEvD,WAAW;AACX,+DAAyD;AACzD,yEAAmE;AACnE,yEAAmE;AACnE,yEAAmE;AACnE,+DAAyD;AACzD,+DAAyD;AACzD,+DAAyD;AAEzD,cAAc;AACd,oDAA4B;AAC5B,8CAAsB;AACtB,8DAAsC;AACtC,oEAA8D;AAO9D,MAAa,QAAQ;IAcnB,YAAoB,MAAsB;QAVlC,gBAAW,GAAG,KAAK,CAAC;QAW1B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,uDAAuD;IACvD,MAAM,CAAC,IAAI,CAAC,UAAoC;QAC9C,IAAI,QAAQ,CAAC,QAAQ;YAAE,OAAO,QAAQ,CAAC,QAAQ,CAAC;QAEhD,MAAM,WAAW,GAAG,IAAA,wBAAS,EAAC,yBAAa,EAAE,UAAU,IAAI,EAAE,CAAC,CAAC;QAC/D,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC3C,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,QAAQ,CAAC,SAAS,EAAE,CAAC;QACrB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,MAAM,CAAC,GAAG;QAChB,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO,QAAQ,CAAC,QAAQ,CAAC;IAC3B,CAAC;IAEO,SAAS;QACf,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;YAC9C,KAAK,EAAE,eAAe;YACtB,GAAG,EAAE,uBAAQ;YACb,OAAO,EAAE,0BAAW;SACrB,CAAC,CAAC;QAEH,4BAA4B;QAC5B,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAChC,IAAI,CAAC,MAAM,CAAC,OAAO,EACnB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,KAAK,QAAQ;YACtC,CAAC,CAAC,IAAI,8BAAY,EAAE;YACpB,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EACrD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ;YAC1B,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;YACnD,CAAC,CAAC,IAAI,CACT,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe;YACrC,CAAC,CAAC,IAAI,wCAAiB,EAAE;YACzB,CAAC,CAAC,IAAI,sCAAgB,EAAE,EAC1B,IAAI,sCAAgB,EAAE,CACvB,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,0BAAU,EAAE,EAChB,IAAI,oDAAuB,EAAE,CAC9B,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,4CAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAC9C,IAAI,0BAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CACtC,CAAC;QAEF,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QAErC,8BAA8B;QAC9B,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;YAC9B,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAAC;gBACjC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU;gBAChE,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBAC3C,cAAc,EACZ,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc;aAClE,CAAC,CAAC;YAEH,gBAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,IAAA,0BAAU,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAExB,gBAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE;YAChD,KAAK,EAAE,eAAe;SACvB,CAAC,CAAC;IACL,CAAC;IAED,wDAAwD;IAExD,MAAM,CAAC,IAAI,CAAC,OAAkD;QAC5D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,MAAwB;QACtC,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,OAAa;QAC3B,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,CAAC,SAAS,CAAC,MAA6C;QAC5D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QAEzB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG;gBACd,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC1B,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;gBAC5B,GAAG,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE;aACZ,CAAC;YAEX,OAAO,CAAC,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,CAAC,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACvB,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACvB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAa;QAC7B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE;YAC5D,aAAa,EAAE,IAAI;SACpB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,KAAa,EAAE,IAAY;QACvC,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,OAA0C;QAC1D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QAEzB,MAAM,OAAO,GAA4C;YACvD,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;YACvE,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE;YACzD,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;SACxC,CAAC;QAEF,MAAM,YAAY,GAChB,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC;QAEjE,OAAO,CAAC,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;IACrC,CAAC;IAED,+CAA+C;IAEvC,WAAW,CAAC,OAAsB;QACxC,MAAM,KAAK,GAAU,EAAE,CAAC;QAExB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAEhE,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,gBAAM,GAAE,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,aAAG,GAAE,CAAC,CAAC;QAC7C,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB;YAC/B,KAAK,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;QAEnD,IAAI,OAAO,CAAC,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;QAC5D,IAAI,OAAO,CAAC,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC,CAAC;QACrE,IAAI,OAAO,CAAC,SAAS;YACnB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QACnD,IAAI,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW;YAClC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;QAEzC,KAAK,CAAC,IAAI,CAAC,8BAAY,CAAC,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;;AA5LH,4BA6LC;AA5LgB,iBAAQ,GAAoB,IAAI,AAAxB,CAAyB","sourcesContent":["// import { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\n// import { defaultConfig } from \"./config.js\";\r\n// import { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\n// import { deepMerge } from \"../utils/deepMerge.js\";\r\n// import { deepFreeze } from \"../utils/deepFreeze.js\";\r\n// import { logger } from \"../logging\";\r\n\r\n// // Adapters\r\n// import { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\n// import { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\n// import { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\n// import { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\n// import { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\n// import { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\n// import { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\n// import { XSSAdapter } from \"../adapters/XSSAdapter.js\";\r\n\r\n// // Managers\r\n// import { HashManager } from \"../managers/HashManager.js\";\r\n// import { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\n// import { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\n// import { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\n// import { JsonManager } from \"../managers/JsonManager.js\";\r\n// import { CorsManager } from \"../managers/CorsManager.js\";\r\n// import { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// // Middlewares\r\n// import helmet from \"helmet\";\r\n// import hpp from \"hpp\";\r\n// import compression from \"compression\";\r\n// import { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// // Types\r\n// import { SecureOptions, ValidationSchema } from \"./types/SecureOptions.js\";\r\n\r\n// export class HiSecure {\r\n// private static instance: HiSecure | null = null;\r\n// private config: HiSecureConfig;\r\n// private initialized = false;\r\n\r\n// // Managers\r\n// public hashManager!: HashManager;\r\n// public rateLimitManager!: RateLimitManager;\r\n// public validatorManager!: ValidatorManager;\r\n// public sanitizerManager!: SanitizerManager;\r\n// public jsonManager!: JsonManager;\r\n// public corsManager!: CorsManager;\r\n// public authManager?: AuthManager;\r\n\r\n// // Internal adapters\r\n// private hashingPrimary: any;\r\n// private hashingFallback: any;\r\n// private rateLimiterPrimary: any;\r\n// private rateLimiterFallback: any;\r\n// private sanitizerPrimary: any;\r\n// private sanitizerFallback: any;\r\n\r\n// private constructor(userConfig: Partial<HiSecureConfig> = {}) {\r\n// this.config = deepMerge(defaultConfig, userConfig);\r\n// }\r\n\r\n// // Singleton & Init\r\n\r\n// static getInstance(config?: Partial<HiSecureConfig>): HiSecure {\r\n// if (!HiSecure.instance) {\r\n// logger.info(\"Creating HiSecure singleton\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n// HiSecure.instance = new HiSecure(config);\r\n// HiSecure.instance.init();\r\n// }\r\n// return HiSecure.instance;\r\n// }\r\n\r\n// static resetInstance(): void {\r\n// HiSecure.instance = null;\r\n// }\r\n\r\n// init(): void {\r\n// if (this.initialized) {\r\n// logger.warn(\"Initialization skipped (already initialized)\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n// return;\r\n// }\r\n\r\n// logger.info(\"Framework initialization started\", {\r\n// layer: \"hisecure-core\",\r\n// lib: LIB_NAME,\r\n// version: LIB_VERSION\r\n// });\r\n\r\n// this.setupAdapters();\r\n// this.setupManagers();\r\n// this.setupDynamicManagers();\r\n\r\n// deepFreeze(this.config);\r\n// this.initialized = true;\r\n\r\n// logger.info(\"Framework initialized successfully\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n// }\r\n\r\n// // Public Fluent API\r\n// static auth(options?: { required?: boolean; roles?: string[] }) {\r\n// const instance = this.getInstance();\r\n// if (!instance.authManager) {\r\n// throw new Error(\"Auth not enabled. Set auth.enabled=true in config.\");\r\n// }\r\n// return instance.authManager.protect(options);\r\n// }\r\n\r\n// static validate(schema: ValidationSchema) {\r\n// return this.getInstance().validatorManager.validate(schema);\r\n// }\r\n\r\n// static sanitize(options?: any) {\r\n// return this.getInstance().sanitizerManager.middleware(options);\r\n// }\r\n\r\n// static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n// const instance = this.getInstance();\r\n\r\n// if (typeof preset === \"string\") {\r\n// logger.info(\"Rate limit preset applied\", {\r\n// layer: \"hisecure-core\",\r\n// preset\r\n// });\r\n\r\n// const presets: any = {\r\n// strict: { mode: \"strict\" },\r\n// relaxed: { mode: \"relaxed\" },\r\n// api: { mode: \"api\" }\r\n// };\r\n// return instance.rateLimitManager.middleware(presets[preset]);\r\n// }\r\n\r\n// return instance.rateLimitManager.middleware({ options: preset });\r\n// }\r\n\r\n// static cors(options?: any) {\r\n// return this.getInstance().corsManager.middleware(options);\r\n// }\r\n\r\n// static json(options?: any) {\r\n// const instance = this.getInstance();\r\n// return [\r\n// instance.jsonManager.middleware(options),\r\n// instance.jsonManager.urlencoded()\r\n// ];\r\n// }\r\n\r\n// // Utilities\r\n\r\n// static async hash(value: string): Promise<string> {\r\n// const instance = this.getInstance();\r\n// const result = await instance.hashManager.hash(value, { allowFallback: true });\r\n// return result.hash;\r\n// }\r\n\r\n// static async verify(value: string, hash: string): Promise<boolean> {\r\n// return this.getInstance().hashManager.verify(value, hash);\r\n// }\r\n\r\n// static jwt = {\r\n// sign: (payload: object, options?: any) =>\r\n// HiSecure.getInstance().authManager!.sign(payload, options),\r\n\r\n// verify: (token: string) =>\r\n// HiSecure.getInstance().authManager!.verify(token),\r\n\r\n// google: {\r\n// verifyIdToken: (idToken: string) =>\r\n// HiSecure.getInstance().authManager!.verifyGoogleIdToken(idToken)\r\n// }\r\n// };\r\n\r\n// // Global Middleware - globalLevel\r\n// static middleware(options?: SecureOptions | \"api\" | \"strict\" | \"public\") {\r\n// const instance = this.getInstance();\r\n\r\n// if (typeof options === \"string\") {\r\n// logger.info(\"Global middleware preset applied\", {\r\n// layer: \"hisecure-core\",\r\n// preset: options\r\n// });\r\n\r\n// const presets: any = {\r\n// api: { cors: true, rateLimit: \"relaxed\", sanitize: true },\r\n// strict: { cors: true, rateLimit: \"strict\", sanitize: true, auth: true },\r\n// public: { cors: true, rateLimit: true, sanitize: false }\r\n// };\r\n\r\n// return instance.createMiddlewareChain(presets[options] || {});\r\n// }\r\n\r\n// return instance.createMiddlewareChain(options || {});\r\n// }\r\n\r\n// // Internal Setup\r\n\r\n// private setupAdapters() {\r\n// logger.info(\"Adapters setup started\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n\r\n// this.hashingPrimary =\r\n// this.config.hashing.primary === \"argon2\"\r\n// ? new ArgonAdapter()\r\n// : new BcryptAdapter(this.config.hashing.saltRounds);\r\n\r\n// this.hashingFallback =\r\n// this.config.hashing.fallback === \"bcrypt\"\r\n// ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n// : null;\r\n\r\n// logger.info(\"Hashing adapters configured\", {\r\n// layer: \"hisecure-core\",\r\n// primary: this.config.hashing.primary,\r\n// fallback: this.config.hashing.fallback ?? null\r\n// });\r\n\r\n// this.rateLimiterPrimary = this.config.rateLimiter.useAdaptiveMode\r\n// ? new RLFlexibleAdapter()\r\n// : new ExpressRLAdapter();\r\n\r\n// this.rateLimiterFallback = new ExpressRLAdapter();\r\n\r\n// logger.info(\"Rate limiter adapters configured\", {\r\n// layer: \"hisecure-core\",\r\n// adaptive: this.config.rateLimiter.useAdaptiveMode\r\n// });\r\n\r\n// this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);\r\n// this.sanitizerFallback = new XSSAdapter(this.config.sanitizer);\r\n\r\n// logger.info(\"Sanitizer adapters configured\", {\r\n// layer: \"hisecure-core\",\r\n// primary: \"sanitize-html\",\r\n// fallback: \"xss\"\r\n// });\r\n// }\r\n\r\n// private setupManagers() {\r\n// this.hashManager = new HashManager(\r\n// this.config.hashing,\r\n// this.hashingPrimary,\r\n// this.hashingFallback\r\n// );\r\n\r\n// this.rateLimitManager = new RateLimitManager(\r\n// this.config.rateLimiter,\r\n// this.rateLimiterPrimary,\r\n// this.rateLimiterFallback\r\n// );\r\n\r\n// this.validatorManager = new ValidatorManager(\r\n// new ZodAdapter(),\r\n// new ExpressValidatorAdapter()\r\n// );\r\n\r\n// this.sanitizerManager = new SanitizerManager(\r\n// this.sanitizerPrimary,\r\n// this.sanitizerFallback\r\n// );\r\n\r\n// logger.info(\"Core managers initialized\", {\r\n// layer: \"hisecure-core\",\r\n// managers: [\"hash\", \"rate-limit\", \"validator\", \"sanitizer\"]\r\n// });\r\n// }\r\n\r\n// private setupDynamicManagers() {\r\n// this.jsonManager = new JsonManager();\r\n// this.corsManager = new CorsManager();\r\n\r\n// if (this.config.auth.enabled) {\r\n// this.authManager = new AuthManager({\r\n// jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,\r\n// jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n// googleClientId:\r\n// process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId\r\n// });\r\n\r\n// logger.info(\"Authentication enabled\", {\r\n// layer: \"hisecure-core\",\r\n// google: !!this.config.auth.googleClientId\r\n// });\r\n// } else {\r\n// logger.info(\"Authentication disabled\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n// }\r\n// }\r\n\r\n// private createMiddlewareChain(options: SecureOptions): any[] {\r\n// const chain: any[] = [];\r\n\r\n// chain.push(this.jsonManager.middleware(this.config.json));\r\n// chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n\r\n// if (this.config.enableHelmet) chain.push(helmet());\r\n// if (this.config.enableHPP) chain.push(hpp());\r\n\r\n// if (this.config.enableCompression)\r\n// chain.push(compression(this.config.compression));\r\n\r\n// if (options.cors) chain.push(this.corsManager.middleware(this.config.cors));\r\n// if (options.sanitize)\r\n// chain.push(this.sanitizerManager.middleware());\r\n\r\n// if (options.rateLimit)\r\n// chain.push(this.rateLimitManager.middleware({}));\r\n\r\n// if (options.auth && this.authManager)\r\n// chain.push(this.authManager.protect());\r\n\r\n// chain.push(errorHandler);\r\n// return chain;\r\n// }\r\n// }\r\n\r\n\r\n\r\n\r\nimport { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\nimport { defaultConfig } from \"./config.js\";\r\nimport { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\nimport { deepMerge } from \"../utils/deepMerge.js\";\r\nimport { deepFreeze } from \"../utils/deepFreeze.js\";\r\nimport { logger } from \"../logging\";\r\n\r\n// Adapters\r\nimport { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\nimport { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\nimport { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\nimport { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\nimport { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\nimport { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\nimport { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\nimport { XSSAdapter } from \"../adapters/XSSAdapter.js\";\r\n\r\n// Managers\r\nimport { HashManager } from \"../managers/HashManager.js\";\r\nimport { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\nimport { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\nimport { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\nimport { JsonManager } from \"../managers/JsonManager.js\";\r\nimport { CorsManager } from \"../managers/CorsManager.js\";\r\nimport { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// Middlewares\r\nimport helmet from \"helmet\";\r\nimport hpp from \"hpp\";\r\nimport compression from \"compression\";\r\nimport { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// Types\r\nimport { SecureOptions, ValidationSchema } from \"./types/SecureOptions.js\";\r\n\r\ntype MiddlewarePreset = \"strict\" | \"api\" | \"public\";\r\n\r\nexport class HiSecure {\r\n private static instance: HiSecure | null = null;\r\n\r\n private readonly config: HiSecureConfig;\r\n private initialized = false;\r\n\r\n private hashManager!: HashManager;\r\n private rateLimitManager!: RateLimitManager;\r\n private validatorManager!: ValidatorManager;\r\n private sanitizerManager!: SanitizerManager;\r\n private jsonManager!: JsonManager;\r\n private corsManager!: CorsManager;\r\n private authManager?: AuthManager;\r\n\r\n private constructor(config: HiSecureConfig) {\r\n this.config = config;\r\n }\r\n\r\n // ================= INIT (ONLY ONCE) =================\r\n static init(userConfig?: Partial<HiSecureConfig>): HiSecure {\r\n if (HiSecure.instance) return HiSecure.instance;\r\n\r\n const finalConfig = deepMerge(defaultConfig, userConfig ?? {});\r\n const instance = new HiSecure(finalConfig);\r\n HiSecure.instance = instance;\r\n instance.bootstrap();\r\n return instance;\r\n }\r\n\r\n private static get(): HiSecure {\r\n if (!HiSecure.instance) {\r\n throw new Error(\"HiSecure not initialized. Call HiSecure.init() first.\");\r\n }\r\n return HiSecure.instance;\r\n }\r\n\r\n private bootstrap(): void {\r\n if (this.initialized) return;\r\n\r\n logger.info(\"Framework initialization started\", {\r\n layer: \"hisecure-core\",\r\n lib: LIB_NAME,\r\n version: LIB_VERSION\r\n });\r\n\r\n // ===== Core Managers =====\r\n this.hashManager = new HashManager(\r\n this.config.hashing,\r\n this.config.hashing.primary === \"argon2\"\r\n ? new ArgonAdapter()\r\n : new BcryptAdapter(this.config.hashing.saltRounds),\r\n this.config.hashing.fallback\r\n ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n : null\r\n );\r\n\r\n this.rateLimitManager = new RateLimitManager(\r\n this.config.rateLimiter,\r\n this.config.rateLimiter.useAdaptiveMode\r\n ? new RLFlexibleAdapter()\r\n : new ExpressRLAdapter(),\r\n new ExpressRLAdapter()\r\n );\r\n\r\n this.validatorManager = new ValidatorManager(\r\n new ZodAdapter(),\r\n new ExpressValidatorAdapter()\r\n );\r\n\r\n this.sanitizerManager = new SanitizerManager(\r\n new SanitizeHtmlAdapter(this.config.sanitizer),\r\n new XSSAdapter(this.config.sanitizer)\r\n );\r\n\r\n this.jsonManager = new JsonManager();\r\n this.corsManager = new CorsManager();\r\n\r\n // ===== Auth (OPTIONAL) =====\r\n if (this.config.auth?.enabled) {\r\n this.authManager = new AuthManager({\r\n jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,\r\n jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n googleClientId:\r\n process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId\r\n });\r\n\r\n logger.info(\"Authentication enabled\", { layer: \"hisecure-core\" });\r\n } else {\r\n logger.info(\"Authentication disabled\", { layer: \"hisecure-core\" });\r\n }\r\n\r\n deepFreeze(this.config);\r\n this.initialized = true;\r\n\r\n logger.info(\"Framework initialized successfully\", {\r\n layer: \"hisecure-core\"\r\n });\r\n }\r\n\r\n // ================= PUBLIC STATIC API =================\r\n\r\n static auth(options?: { required?: boolean; roles?: string[] }) {\r\n const i = HiSecure.get();\r\n if (!i.authManager) throw new Error(\"Auth not enabled\");\r\n return i.authManager.protect(options);\r\n }\r\n\r\n static validate(schema: ValidationSchema) {\r\n return HiSecure.get().validatorManager.validate(schema);\r\n }\r\n\r\n static sanitize(options?: any) {\r\n return HiSecure.get().sanitizerManager.middleware(options);\r\n }\r\n\r\n static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n const i = HiSecure.get();\r\n\r\n if (typeof preset === \"string\") {\r\n const presets = {\r\n strict: { mode: \"strict\" },\r\n relaxed: { mode: \"relaxed\" },\r\n api: { mode: \"api\" }\r\n } as const;\r\n\r\n return i.rateLimitManager.middleware(presets[preset]);\r\n }\r\n\r\n return i.rateLimitManager.middleware({ options: preset });\r\n }\r\n\r\n static cors(options?: any) {\r\n return HiSecure.get().corsManager.middleware(options);\r\n }\r\n\r\n static json(options?: any) {\r\n const i = HiSecure.get();\r\n return [i.jsonManager.middleware(options), i.jsonManager.urlencoded()];\r\n }\r\n\r\n static async hash(value: string): Promise<string> {\r\n const { hash } = await HiSecure.get().hashManager.hash(value, {\r\n allowFallback: true\r\n });\r\n return hash;\r\n }\r\n\r\n static verify(value: string, hash: string): Promise<boolean> {\r\n return HiSecure.get().hashManager.verify(value, hash);\r\n }\r\n\r\n static middleware(options?: SecureOptions | MiddlewarePreset) {\r\n const i = HiSecure.get();\r\n\r\n const presets: Record<MiddlewarePreset, SecureOptions> = {\r\n strict: { cors: true, rateLimit: \"strict\", sanitize: true, auth: true },\r\n api: { cors: true, rateLimit: \"relaxed\", sanitize: true },\r\n public: { cors: true, rateLimit: true }\r\n };\r\n\r\n const finalOptions =\r\n typeof options === \"string\" ? presets[options] : options ?? {};\r\n\r\n return i.createChain(finalOptions);\r\n }\r\n\r\n // ================= INTERNAL =================\r\n\r\n private createChain(options: SecureOptions): any[] {\r\n const chain: any[] = [];\r\n\r\n chain.push(this.jsonManager.middleware(this.config.json));\r\n chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n\r\n if (this.config.enableHelmet) chain.push(helmet());\r\n if (this.config.enableHPP) chain.push(hpp());\r\n if (this.config.enableCompression)\r\n chain.push(compression(this.config.compression));\r\n\r\n if (options.cors) chain.push(this.corsManager.middleware());\r\n if (options.sanitize) chain.push(this.sanitizerManager.middleware());\r\n if (options.rateLimit)\r\n chain.push(this.rateLimitManager.middleware({}));\r\n if (options.auth && this.authManager)\r\n chain.push(this.authManager.protect());\r\n\r\n chain.push(errorHandler);\r\n return chain;\r\n }\r\n}\r\n"]}
|
|
1
|
+
{"version":3,"file":"HiSecure.js","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":";AAAA,8DAA8D;AAC9D,+CAA+C;AAC/C,0DAA0D;AAC1D,qDAAqD;AACrD,uDAAuD;AACvD,uCAAuC;;;;;;AAoUvC,2CAA4C;AAC5C,iDAAuD;AACvD,wDAAkD;AAClD,0DAAoD;AACpD,wCAAoC;AAEpC,WAAW;AACX,iEAA2D;AAC3D,mEAA6D;AAC7D,2EAAqE;AACrE,yEAAmE;AACnE,6DAAuD;AACvD,uFAAiF;AACjF,+EAAyE;AACzE,6DAAuD;AAEvD,WAAW;AACX,+DAAyD;AACzD,yEAAmE;AACnE,yEAAmE;AACnE,yEAAmE;AACnE,+DAAyD;AACzD,+DAAyD;AACzD,+DAAyD;AAEzD,cAAc;AACd,oDAA4B;AAC5B,8CAAsB;AACtB,8DAAsC;AACtC,oEAA8D;AAO9D,MAAa,QAAQ;IAcnB,YAAoB,MAAsB;QAVlC,gBAAW,GAAG,KAAK,CAAC;QAW1B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,uDAAuD;IACvD,MAAM,CAAC,IAAI,CAAC,UAAoC;QAC9C,IAAI,QAAQ,CAAC,QAAQ;YAAE,OAAO,QAAQ,CAAC,QAAQ,CAAC;QAEhD,MAAM,WAAW,GAAG,IAAA,wBAAS,EAAC,yBAAa,EAAE,UAAU,IAAI,EAAE,CAAC,CAAC;QAC/D,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC3C,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,QAAQ,CAAC,SAAS,EAAE,CAAC;QACrB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,MAAM,CAAC,GAAG;QAChB,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO,QAAQ,CAAC,QAAQ,CAAC;IAC3B,CAAC;IAEO,SAAS;QACf,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;YAC9C,KAAK,EAAE,eAAe;YACtB,GAAG,EAAE,uBAAQ;YACb,OAAO,EAAE,0BAAW;SACrB,CAAC,CAAC;QAEH,4BAA4B;QAC5B,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAChC,IAAI,CAAC,MAAM,CAAC,OAAO,EACnB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,KAAK,QAAQ;YACtC,CAAC,CAAC,IAAI,8BAAY,EAAE;YACpB,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EACrD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ;YAC1B,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;YACnD,CAAC,CAAC,IAAI,CACT,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe;YACrC,CAAC,CAAC,IAAI,wCAAiB,EAAE;YACzB,CAAC,CAAC,IAAI,sCAAgB,EAAE,EAC1B,IAAI,sCAAgB,EAAE,CACvB,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,0BAAU,EAAE,EAChB,IAAI,oDAAuB,EAAE,CAC9B,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,4CAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAC9C,IAAI,0BAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CACtC,CAAC;QAEF,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QAErC,8BAA8B;QAC9B,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;YAC9B,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAAC;gBACjC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU;gBAChE,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBAC3C,cAAc,EACZ,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc;aAClE,CAAC,CAAC;YAEH,gBAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,IAAA,0BAAU,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAExB,gBAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE;YAChD,KAAK,EAAE,eAAe;SACvB,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,MAAM,CAAC,IAAI,CAAC,OAAkD;QAC5D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;IA0BD,kDAAkD;IAClD,MAAM,CAAC,QAAQ,CAAC,MAAwB;QACtC,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,OAAa;QAC3B,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,CAAC,SAAS,CAAC,MAA6C;QAC5D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QAEzB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG;gBACd,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC1B,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;gBAC5B,GAAG,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE;aACZ,CAAC;YAEX,OAAO,CAAC,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,CAAC,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACvB,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACvB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAa;QAC7B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE;YAC5D,aAAa,EAAE,IAAI;SACpB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,KAAa,EAAE,IAAY;QACvC,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,wDAAwD;IACxD,MAAM,CAAC,UAAU,CAAC,OAA0C;QAC1D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QAEzB,MAAM,OAAO,GAA4C;YACvD,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;YACvE,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE;YACzD,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;SACxC,CAAC;QAEF,MAAM,YAAY,GAChB,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC;QAEjE,OAAO,CAAC,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;IACrC,CAAC;IAEO,WAAW,CAAC,OAAsB;QACxC,MAAM,KAAK,GAAU,EAAE,CAAC;QAExB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAEhE,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,gBAAM,GAAE,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,aAAG,GAAE,CAAC,CAAC;QAC7C,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB;YAC/B,KAAK,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;QAEnD,IAAI,OAAO,CAAC,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;QAC5D,IAAI,OAAO,CAAC,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC,CAAC;QACrE,IAAI,OAAO,CAAC,SAAS;YACnB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QACnD,IAAI,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW;YAClC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;QAEzC,KAAK,CAAC,IAAI,CAAC,8BAAY,CAAC,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;;AAnNH,4BAoNC;AAnNgB,iBAAQ,GAAoB,IAAI,AAAxB,CAAyB;AAyGhD,0CAA0C;AACnC,YAAG,GAAG;IACX,IAAI,CAAC,OAAe,EAAE,OAAa;QACjC,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,CAAC,KAAa;QAClB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,EAAE;QACN,aAAa,CAAC,OAAe;YAC3B,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,CAAC,WAAW;gBAChB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAC/C,OAAO,CAAC,CAAC,WAAW,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACpD,CAAC;KACF;CACF,AArBS,CAqBR","sourcesContent":["// import { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\n// import { defaultConfig } from \"./config.js\";\r\n// import { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\n// import { deepMerge } from \"../utils/deepMerge.js\";\r\n// import { deepFreeze } from \"../utils/deepFreeze.js\";\r\n// import { logger } from \"../logging\";\r\n\r\n// // Adapters\r\n// import { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\n// import { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\n// import { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\n// import { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\n// import { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\n// import { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\n// import { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\n// import { XSSAdapter } from \"../adapters/XSSAdapter.js\";\r\n\r\n// // Managers\r\n// import { HashManager } from \"../managers/HashManager.js\";\r\n// import { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\n// import { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\n// import { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\n// import { JsonManager } from \"../managers/JsonManager.js\";\r\n// import { CorsManager } from \"../managers/CorsManager.js\";\r\n// import { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// // Middlewares\r\n// import helmet from \"helmet\";\r\n// import hpp from \"hpp\";\r\n// import compression from \"compression\";\r\n// import { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// // Types\r\n// import { SecureOptions, ValidationSchema } from \"./types/SecureOptions.js\";\r\n\r\n// export class HiSecure {\r\n// private static instance: HiSecure | null = null;\r\n// private config: HiSecureConfig;\r\n// private initialized = false;\r\n\r\n// // Managers\r\n// public hashManager!: HashManager;\r\n// public rateLimitManager!: RateLimitManager;\r\n// public validatorManager!: ValidatorManager;\r\n// public sanitizerManager!: SanitizerManager;\r\n// public jsonManager!: JsonManager;\r\n// public corsManager!: CorsManager;\r\n// public authManager?: AuthManager;\r\n\r\n// // Internal adapters\r\n// private hashingPrimary: any;\r\n// private hashingFallback: any;\r\n// private rateLimiterPrimary: any;\r\n// private rateLimiterFallback: any;\r\n// private sanitizerPrimary: any;\r\n// private sanitizerFallback: any;\r\n\r\n// private constructor(userConfig: Partial<HiSecureConfig> = {}) {\r\n// this.config = deepMerge(defaultConfig, userConfig);\r\n// }\r\n\r\n// // Singleton & Init\r\n\r\n// static getInstance(config?: Partial<HiSecureConfig>): HiSecure {\r\n// if (!HiSecure.instance) {\r\n// logger.info(\"Creating HiSecure singleton\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n// HiSecure.instance = new HiSecure(config);\r\n// HiSecure.instance.init();\r\n// }\r\n// return HiSecure.instance;\r\n// }\r\n\r\n// static resetInstance(): void {\r\n// HiSecure.instance = null;\r\n// }\r\n\r\n// init(): void {\r\n// if (this.initialized) {\r\n// logger.warn(\"Initialization skipped (already initialized)\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n// return;\r\n// }\r\n\r\n// logger.info(\"Framework initialization started\", {\r\n// layer: \"hisecure-core\",\r\n// lib: LIB_NAME,\r\n// version: LIB_VERSION\r\n// });\r\n\r\n// this.setupAdapters();\r\n// this.setupManagers();\r\n// this.setupDynamicManagers();\r\n\r\n// deepFreeze(this.config);\r\n// this.initialized = true;\r\n\r\n// logger.info(\"Framework initialized successfully\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n// }\r\n\r\n// // Public Fluent API\r\n// static auth(options?: { required?: boolean; roles?: string[] }) {\r\n// const instance = this.getInstance();\r\n// if (!instance.authManager) {\r\n// throw new Error(\"Auth not enabled. Set auth.enabled=true in config.\");\r\n// }\r\n// return instance.authManager.protect(options);\r\n// }\r\n\r\n// static validate(schema: ValidationSchema) {\r\n// return this.getInstance().validatorManager.validate(schema);\r\n// }\r\n\r\n// static sanitize(options?: any) {\r\n// return this.getInstance().sanitizerManager.middleware(options);\r\n// }\r\n\r\n// static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n// const instance = this.getInstance();\r\n\r\n// if (typeof preset === \"string\") {\r\n// logger.info(\"Rate limit preset applied\", {\r\n// layer: \"hisecure-core\",\r\n// preset\r\n// });\r\n\r\n// const presets: any = {\r\n// strict: { mode: \"strict\" },\r\n// relaxed: { mode: \"relaxed\" },\r\n// api: { mode: \"api\" }\r\n// };\r\n// return instance.rateLimitManager.middleware(presets[preset]);\r\n// }\r\n\r\n// return instance.rateLimitManager.middleware({ options: preset });\r\n// }\r\n\r\n// static cors(options?: any) {\r\n// return this.getInstance().corsManager.middleware(options);\r\n// }\r\n\r\n// static json(options?: any) {\r\n// const instance = this.getInstance();\r\n// return [\r\n// instance.jsonManager.middleware(options),\r\n// instance.jsonManager.urlencoded()\r\n// ];\r\n// }\r\n\r\n// // Utilities\r\n\r\n// static async hash(value: string): Promise<string> {\r\n// const instance = this.getInstance();\r\n// const result = await instance.hashManager.hash(value, { allowFallback: true });\r\n// return result.hash;\r\n// }\r\n\r\n// static async verify(value: string, hash: string): Promise<boolean> {\r\n// return this.getInstance().hashManager.verify(value, hash);\r\n// }\r\n\r\n// static jwt = {\r\n// sign: (payload: object, options?: any) =>\r\n// HiSecure.getInstance().authManager!.sign(payload, options),\r\n\r\n// verify: (token: string) =>\r\n// HiSecure.getInstance().authManager!.verify(token),\r\n\r\n// google: {\r\n// verifyIdToken: (idToken: string) =>\r\n// HiSecure.getInstance().authManager!.verifyGoogleIdToken(idToken)\r\n// }\r\n// };\r\n\r\n// // Global Middleware - globalLevel\r\n// static middleware(options?: SecureOptions | \"api\" | \"strict\" | \"public\") {\r\n// const instance = this.getInstance();\r\n\r\n// if (typeof options === \"string\") {\r\n// logger.info(\"Global middleware preset applied\", {\r\n// layer: \"hisecure-core\",\r\n// preset: options\r\n// });\r\n\r\n// const presets: any = {\r\n// api: { cors: true, rateLimit: \"relaxed\", sanitize: true },\r\n// strict: { cors: true, rateLimit: \"strict\", sanitize: true, auth: true },\r\n// public: { cors: true, rateLimit: true, sanitize: false }\r\n// };\r\n\r\n// return instance.createMiddlewareChain(presets[options] || {});\r\n// }\r\n\r\n// return instance.createMiddlewareChain(options || {});\r\n// }\r\n\r\n// // Internal Setup\r\n\r\n// private setupAdapters() {\r\n// logger.info(\"Adapters setup started\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n\r\n// this.hashingPrimary =\r\n// this.config.hashing.primary === \"argon2\"\r\n// ? new ArgonAdapter()\r\n// : new BcryptAdapter(this.config.hashing.saltRounds);\r\n\r\n// this.hashingFallback =\r\n// this.config.hashing.fallback === \"bcrypt\"\r\n// ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n// : null;\r\n\r\n// logger.info(\"Hashing adapters configured\", {\r\n// layer: \"hisecure-core\",\r\n// primary: this.config.hashing.primary,\r\n// fallback: this.config.hashing.fallback ?? null\r\n// });\r\n\r\n// this.rateLimiterPrimary = this.config.rateLimiter.useAdaptiveMode\r\n// ? new RLFlexibleAdapter()\r\n// : new ExpressRLAdapter();\r\n\r\n// this.rateLimiterFallback = new ExpressRLAdapter();\r\n\r\n// logger.info(\"Rate limiter adapters configured\", {\r\n// layer: \"hisecure-core\",\r\n// adaptive: this.config.rateLimiter.useAdaptiveMode\r\n// });\r\n\r\n// this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);\r\n// this.sanitizerFallback = new XSSAdapter(this.config.sanitizer);\r\n\r\n// logger.info(\"Sanitizer adapters configured\", {\r\n// layer: \"hisecure-core\",\r\n// primary: \"sanitize-html\",\r\n// fallback: \"xss\"\r\n// });\r\n// }\r\n\r\n// private setupManagers() {\r\n// this.hashManager = new HashManager(\r\n// this.config.hashing,\r\n// this.hashingPrimary,\r\n// this.hashingFallback\r\n// );\r\n\r\n// this.rateLimitManager = new RateLimitManager(\r\n// this.config.rateLimiter,\r\n// this.rateLimiterPrimary,\r\n// this.rateLimiterFallback\r\n// );\r\n\r\n// this.validatorManager = new ValidatorManager(\r\n// new ZodAdapter(),\r\n// new ExpressValidatorAdapter()\r\n// );\r\n\r\n// this.sanitizerManager = new SanitizerManager(\r\n// this.sanitizerPrimary,\r\n// this.sanitizerFallback\r\n// );\r\n\r\n// logger.info(\"Core managers initialized\", {\r\n// layer: \"hisecure-core\",\r\n// managers: [\"hash\", \"rate-limit\", \"validator\", \"sanitizer\"]\r\n// });\r\n// }\r\n\r\n// private setupDynamicManagers() {\r\n// this.jsonManager = new JsonManager();\r\n// this.corsManager = new CorsManager();\r\n\r\n// if (this.config.auth.enabled) {\r\n// this.authManager = new AuthManager({\r\n// jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,\r\n// jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n// googleClientId:\r\n// process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId\r\n// });\r\n\r\n// logger.info(\"Authentication enabled\", {\r\n// layer: \"hisecure-core\",\r\n// google: !!this.config.auth.googleClientId\r\n// });\r\n// } else {\r\n// logger.info(\"Authentication disabled\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n// }\r\n// }\r\n\r\n// private createMiddlewareChain(options: SecureOptions): any[] {\r\n// const chain: any[] = [];\r\n\r\n// chain.push(this.jsonManager.middleware(this.config.json));\r\n// chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n\r\n// if (this.config.enableHelmet) chain.push(helmet());\r\n// if (this.config.enableHPP) chain.push(hpp());\r\n\r\n// if (this.config.enableCompression)\r\n// chain.push(compression(this.config.compression));\r\n\r\n// if (options.cors) chain.push(this.corsManager.middleware(this.config.cors));\r\n// if (options.sanitize)\r\n// chain.push(this.sanitizerManager.middleware());\r\n\r\n// if (options.rateLimit)\r\n// chain.push(this.rateLimitManager.middleware({}));\r\n\r\n// if (options.auth && this.authManager)\r\n// chain.push(this.authManager.protect());\r\n\r\n// chain.push(errorHandler);\r\n// return chain;\r\n// }\r\n// }\r\n\r\n\r\n\r\n\r\n\r\n\r\nimport { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\nimport { defaultConfig } from \"./config.js\";\r\nimport { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\nimport { deepMerge } from \"../utils/deepMerge.js\";\r\nimport { deepFreeze } from \"../utils/deepFreeze.js\";\r\nimport { logger } from \"../logging\";\r\n\r\n// Adapters\r\nimport { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\nimport { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\nimport { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\nimport { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\nimport { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\nimport { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\nimport { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\nimport { XSSAdapter } from \"../adapters/XSSAdapter.js\";\r\n\r\n// Managers\r\nimport { HashManager } from \"../managers/HashManager.js\";\r\nimport { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\nimport { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\nimport { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\nimport { JsonManager } from \"../managers/JsonManager.js\";\r\nimport { CorsManager } from \"../managers/CorsManager.js\";\r\nimport { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// Middlewares\r\nimport helmet from \"helmet\";\r\nimport hpp from \"hpp\";\r\nimport compression from \"compression\";\r\nimport { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// Types\r\nimport { SecureOptions, ValidationSchema } from \"./types/SecureOptions.js\";\r\n\r\ntype MiddlewarePreset = \"strict\" | \"api\" | \"public\";\r\n\r\nexport class HiSecure {\r\n private static instance: HiSecure | null = null;\r\n\r\n private readonly config: HiSecureConfig;\r\n private initialized = false;\r\n\r\n private hashManager!: HashManager;\r\n private rateLimitManager!: RateLimitManager;\r\n private validatorManager!: ValidatorManager;\r\n private sanitizerManager!: SanitizerManager;\r\n private jsonManager!: JsonManager;\r\n private corsManager!: CorsManager;\r\n private authManager?: AuthManager;\r\n\r\n private constructor(config: HiSecureConfig) {\r\n this.config = config;\r\n }\r\n\r\n // ================= INIT (ONLY ONCE) =================\r\n static init(userConfig?: Partial<HiSecureConfig>): HiSecure {\r\n if (HiSecure.instance) return HiSecure.instance;\r\n\r\n const finalConfig = deepMerge(defaultConfig, userConfig ?? {});\r\n const instance = new HiSecure(finalConfig);\r\n HiSecure.instance = instance;\r\n instance.bootstrap();\r\n return instance;\r\n }\r\n\r\n private static get(): HiSecure {\r\n if (!HiSecure.instance) {\r\n throw new Error(\"HiSecure not initialized. Call HiSecure.init() first.\");\r\n }\r\n return HiSecure.instance;\r\n }\r\n\r\n private bootstrap(): void {\r\n if (this.initialized) return;\r\n\r\n logger.info(\"Framework initialization started\", {\r\n layer: \"hisecure-core\",\r\n lib: LIB_NAME,\r\n version: LIB_VERSION\r\n });\r\n\r\n // ===== Core Managers =====\r\n this.hashManager = new HashManager(\r\n this.config.hashing,\r\n this.config.hashing.primary === \"argon2\"\r\n ? new ArgonAdapter()\r\n : new BcryptAdapter(this.config.hashing.saltRounds),\r\n this.config.hashing.fallback\r\n ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n : null\r\n );\r\n\r\n this.rateLimitManager = new RateLimitManager(\r\n this.config.rateLimiter,\r\n this.config.rateLimiter.useAdaptiveMode\r\n ? new RLFlexibleAdapter()\r\n : new ExpressRLAdapter(),\r\n new ExpressRLAdapter()\r\n );\r\n\r\n this.validatorManager = new ValidatorManager(\r\n new ZodAdapter(),\r\n new ExpressValidatorAdapter()\r\n );\r\n\r\n this.sanitizerManager = new SanitizerManager(\r\n new SanitizeHtmlAdapter(this.config.sanitizer),\r\n new XSSAdapter(this.config.sanitizer)\r\n );\r\n\r\n this.jsonManager = new JsonManager();\r\n this.corsManager = new CorsManager();\r\n\r\n // ===== AUTH (OPTIONAL) =====\r\n if (this.config.auth?.enabled) {\r\n this.authManager = new AuthManager({\r\n jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,\r\n jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n googleClientId:\r\n process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId\r\n });\r\n\r\n logger.info(\"Authentication enabled\", { layer: \"hisecure-core\" });\r\n } else {\r\n logger.info(\"Authentication disabled\", { layer: \"hisecure-core\" });\r\n }\r\n\r\n deepFreeze(this.config);\r\n this.initialized = true;\r\n\r\n logger.info(\"Framework initialized successfully\", {\r\n layer: \"hisecure-core\"\r\n });\r\n }\r\n\r\n // ================= AUTH =================\r\n static auth(options?: { required?: boolean; roles?: string[] }) {\r\n const i = HiSecure.get();\r\n if (!i.authManager) throw new Error(\"Auth not enabled\");\r\n return i.authManager.protect(options);\r\n }\r\n\r\n // ================= JWT =================\r\n static jwt = {\r\n sign(payload: object, options?: any) {\r\n const i = HiSecure.get();\r\n if (!i.authManager) throw new Error(\"Auth not enabled\");\r\n return i.authManager.sign(payload, options);\r\n },\r\n\r\n verify(token: string) {\r\n const i = HiSecure.get();\r\n if (!i.authManager) throw new Error(\"Auth not enabled\");\r\n return i.authManager.verify(token);\r\n },\r\n\r\n google: {\r\n verifyIdToken(idToken: string) {\r\n const i = HiSecure.get();\r\n if (!i.authManager)\r\n throw new Error(\"Auth not enabled (Google)\");\r\n return i.authManager.verifyGoogleIdToken(idToken);\r\n }\r\n }\r\n };\r\n\r\n // ================= OTHER UTILS =================\r\n static validate(schema: ValidationSchema) {\r\n return HiSecure.get().validatorManager.validate(schema);\r\n }\r\n\r\n static sanitize(options?: any) {\r\n return HiSecure.get().sanitizerManager.middleware(options);\r\n }\r\n\r\n static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n const i = HiSecure.get();\r\n\r\n if (typeof preset === \"string\") {\r\n const presets = {\r\n strict: { mode: \"strict\" },\r\n relaxed: { mode: \"relaxed\" },\r\n api: { mode: \"api\" }\r\n } as const;\r\n\r\n return i.rateLimitManager.middleware(presets[preset]);\r\n }\r\n\r\n return i.rateLimitManager.middleware({ options: preset });\r\n }\r\n\r\n static cors(options?: any) {\r\n return HiSecure.get().corsManager.middleware(options);\r\n }\r\n\r\n static json(options?: any) {\r\n const i = HiSecure.get();\r\n return [i.jsonManager.middleware(options), i.jsonManager.urlencoded()];\r\n }\r\n\r\n static async hash(value: string): Promise<string> {\r\n const { hash } = await HiSecure.get().hashManager.hash(value, {\r\n allowFallback: true\r\n });\r\n return hash;\r\n }\r\n\r\n static verify(value: string, hash: string): Promise<boolean> {\r\n return HiSecure.get().hashManager.verify(value, hash);\r\n }\r\n\r\n // ================= GLOBAL MIDDLEWARE =================\r\n static middleware(options?: SecureOptions | MiddlewarePreset) {\r\n const i = HiSecure.get();\r\n\r\n const presets: Record<MiddlewarePreset, SecureOptions> = {\r\n strict: { cors: true, rateLimit: \"strict\", sanitize: true, auth: true },\r\n api: { cors: true, rateLimit: \"relaxed\", sanitize: true },\r\n public: { cors: true, rateLimit: true }\r\n };\r\n\r\n const finalOptions =\r\n typeof options === \"string\" ? presets[options] : options ?? {};\r\n\r\n return i.createChain(finalOptions);\r\n }\r\n\r\n private createChain(options: SecureOptions): any[] {\r\n const chain: any[] = [];\r\n\r\n chain.push(this.jsonManager.middleware(this.config.json));\r\n chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n\r\n if (this.config.enableHelmet) chain.push(helmet());\r\n if (this.config.enableHPP) chain.push(hpp());\r\n if (this.config.enableCompression)\r\n chain.push(compression(this.config.compression));\r\n\r\n if (options.cors) chain.push(this.corsManager.middleware());\r\n if (options.sanitize) chain.push(this.sanitizerManager.middleware());\r\n if (options.rateLimit)\r\n chain.push(this.rateLimitManager.middleware({}));\r\n if (options.auth && this.authManager)\r\n chain.push(this.authManager.protect());\r\n\r\n chain.push(errorHandler);\r\n return chain;\r\n }\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useSecure.d.ts","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"useSecure.d.ts","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":"AAoDA,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAEzD;;GAEG;AACH,wBAAgB,SAAS,CACvB,OAAO,CAAC,EAAE,aAAa,GAAG,KAAK,GAAG,QAAQ,GAAG,QAAQ,SAItD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,CAAC,EAAE,aAAa,SAsClD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useSecure.js","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":";AAAA,4CAA4C;AAC5C,4DAA4D;;
|
|
1
|
+
{"version":3,"file":"useSecure.js","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":";AAAA,4CAA4C;AAC5C,4DAA4D;;AAwD5D,8BAKC;AAKD,kCAsCC;AAtGD,MAAM;AACN,iEAAiE;AACjE,MAAM;AAEN,qFAAqF;AACrF,mGAAmG;AACnG,2CAA2C;AAC3C,IAAI;AAGJ,4CAA4C;AAE5C,yDAAyD;AACzD,+BAA+B;AAE/B,2BAA2B;AAC3B,oCAAoC;AACpC,0EAA0E;AAC1E,cAAc;AACd,QAAQ;AAER,gCAAgC;AAChC,yCAAyC;AACzC,2EAA2E;AAC3E,oEAAoE;AACpE,cAAc;AACd,QAAQ;AAER,+BAA+B;AAC/B,wCAAwC;AACxC,kFAAkF;AAClF,cAAc;AACd,QAAQ;AAER,+BAA+B;AAC/B,2DAA2D;AAC3D,QAAQ;AAER,2BAA2B;AAC3B,oCAAoC;AACpC,0EAA0E;AAC1E,cAAc;AACd,QAAQ;AACR,oBAAoB;AACpB,IAAI;AAIJ,+CAAyC;AAGzC;;GAEG;AACH,SAAgB,SAAS,CACvB,OAAqD;IAErD,OAAO,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;IAC9E,OAAO,sBAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,OAAuB;IACjD,MAAM,KAAK,GAAU,EAAE,CAAC;IAExB,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAE3B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CACR,sBAAQ,CAAC,SAAS,CAChB,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ;YACnC,CAAC,CAAC,OAAO,CAAC,SAAS;YACnB,CAAC,CAAC,OAAO,CAAC,SAAS,KAAK,QAAQ;gBAChC,CAAC,CAAC,QAAQ;gBACV,CAAC,CAAC,SAAS,CACd,CACF,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CACR,sBAAQ,CAAC,IAAI,CACX,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAC5D,CACF,CAAC;IACJ,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC","sourcesContent":["// import { HiSecure } from \"./HiSecure.js\";\r\n// import { SecureOptions } from \"./types/SecureOptions.js\";\r\n\r\n// /**\r\n// * @deprecated Use HiSecure.middleware() or fluent API instead\r\n// */\r\n\r\n// export function useSecure(options?: SecureOptions | \"api\" | \"strict\" | \"public\") {\r\n// console.warn(\"useSecure() is deprecated. Use HiSecure.middleware() or fluent API methods.\");\r\n// return HiSecure.middleware(options);\r\n// }\r\n\r\n\r\n// // Legacy support - route-level security\r\n\r\n// export function secureRoute(options?: SecureOptions) {\r\n// const chain: any[] = [];\r\n \r\n// if (options?.cors) {\r\n// chain.push(HiSecure.cors(\r\n// typeof options.cors === 'object' ? options.cors : undefined\r\n// ));\r\n// }\r\n \r\n// if (options?.rateLimit) {\r\n// chain.push(HiSecure.rateLimit(\r\n// typeof options.rateLimit === 'object' ? options.rateLimit : \r\n// options.rateLimit === \"strict\" ? \"strict\" : \"relaxed\"\r\n// ));\r\n// }\r\n \r\n// if (options?.sanitize) {\r\n// chain.push(HiSecure.sanitize(\r\n// typeof options.sanitize === 'object' ? options.sanitize : undefined\r\n// ));\r\n// }\r\n \r\n// if (options?.validate) {\r\n// chain.push(HiSecure.validate(options.validate));\r\n// }\r\n \r\n// if (options?.auth) {\r\n// chain.push(HiSecure.auth(\r\n// typeof options.auth === 'object' ? options.auth : undefined\r\n// ));\r\n// }\r\n// return chain;\r\n// }\r\n\r\n\r\n\r\nimport { HiSecure } from \"./HiSecure.js\";\r\nimport { SecureOptions } from \"./types/SecureOptions.js\";\r\n\r\n/**\r\n * @deprecated Use HiSecure.middleware()\r\n */\r\nexport function useSecure(\r\n options?: SecureOptions | \"api\" | \"strict\" | \"public\"\r\n) {\r\n console.warn(\"useSecure() is deprecated. Use HiSecure.middleware() instead.\");\r\n return HiSecure.middleware(options);\r\n}\r\n\r\n/**\r\n * Legacy route-level security\r\n */\r\nexport function secureRoute(options?: SecureOptions) {\r\n const chain: any[] = [];\r\n\r\n if (!options) return chain;\r\n\r\n if (options.cors) {\r\n chain.push(HiSecure.cors());\r\n }\r\n\r\n if (options.rateLimit) {\r\n chain.push(\r\n HiSecure.rateLimit(\r\n typeof options.rateLimit === \"object\"\r\n ? options.rateLimit\r\n : options.rateLimit === \"strict\"\r\n ? \"strict\"\r\n : \"relaxed\"\r\n )\r\n );\r\n }\r\n\r\n if (options.sanitize) {\r\n chain.push(HiSecure.sanitize());\r\n }\r\n\r\n if (options.validate) {\r\n chain.push(HiSecure.validate(options.validate));\r\n }\r\n\r\n if (options.auth) {\r\n chain.push(\r\n HiSecure.auth(\r\n typeof options.auth === \"object\" ? options.auth : undefined\r\n )\r\n );\r\n }\r\n\r\n return chain;\r\n}\r\n"]}
|
package/package.json
CHANGED
|
@@ -1,106 +1,234 @@
|
|
|
1
|
-
import jwt from "jsonwebtoken";
|
|
1
|
+
// import jwt from "jsonwebtoken";
|
|
2
|
+
// import { randomUUID } from "crypto";
|
|
3
|
+
// import { AdapterError } from "../core/errors/AdapterError";
|
|
4
|
+
// import { logger } from "../logging";
|
|
5
|
+
|
|
6
|
+
// export interface JWTAdapterOptions {
|
|
7
|
+
// secret: string;
|
|
8
|
+
// expiresIn?: string | number;
|
|
9
|
+
// algorithm?: jwt.Algorithm;
|
|
10
|
+
// issuer?: string;
|
|
11
|
+
// audience?: string | string[];
|
|
12
|
+
// }
|
|
13
|
+
|
|
14
|
+
// export interface SignOptions {
|
|
15
|
+
// expiresIn?: string | number;
|
|
16
|
+
// jti?: string;
|
|
17
|
+
// subject?: string;
|
|
18
|
+
// issuer?: string;
|
|
19
|
+
// audience?: string | string[];
|
|
20
|
+
// }
|
|
21
|
+
|
|
22
|
+
// export class JWTAdapter {
|
|
23
|
+
// private secret: string;
|
|
24
|
+
// private expiresIn?: string | number;
|
|
25
|
+
// private algorithm: jwt.Algorithm;
|
|
26
|
+
// private issuer?: string;
|
|
27
|
+
// private audience?: string | string[];
|
|
28
|
+
|
|
29
|
+
// constructor(options: JWTAdapterOptions) {
|
|
30
|
+
// if (!options.secret) {
|
|
31
|
+
// throw new AdapterError("JWT secret is required");
|
|
32
|
+
// }
|
|
33
|
+
|
|
34
|
+
// if (options.secret.length < 32) {
|
|
35
|
+
// logger.warn("Weak JWT secret detected", {
|
|
36
|
+
// adapter: "jwt",
|
|
37
|
+
// operation: "init",
|
|
38
|
+
// secretLength: options.secret.length
|
|
39
|
+
// });
|
|
40
|
+
// }
|
|
41
|
+
|
|
42
|
+
// this.secret = options.secret;
|
|
43
|
+
// this.expiresIn = options.expiresIn;
|
|
44
|
+
// this.algorithm = options.algorithm || "HS256";
|
|
45
|
+
// this.issuer = options.issuer;
|
|
46
|
+
// this.audience = options.audience;
|
|
47
|
+
// }
|
|
48
|
+
|
|
49
|
+
// sign(payload: object, options?: SignOptions) {
|
|
50
|
+
// try {
|
|
51
|
+
// const jwtOptions: jwt.SignOptions = {
|
|
52
|
+
// algorithm: this.algorithm,
|
|
53
|
+
// issuer: options?.issuer || this.issuer,
|
|
54
|
+
// audience: options?.audience || this.audience,
|
|
55
|
+
// jwtid: options?.jti || randomUUID(),
|
|
56
|
+
// subject: options?.subject
|
|
57
|
+
// };
|
|
58
|
+
|
|
59
|
+
// if (options?.expiresIn !== undefined) {
|
|
60
|
+
// jwtOptions.expiresIn = options.expiresIn as any;
|
|
61
|
+
// } else if (this.expiresIn !== undefined) {
|
|
62
|
+
// jwtOptions.expiresIn = this.expiresIn as any;
|
|
63
|
+
// }
|
|
64
|
+
|
|
65
|
+
// return jwt.sign(payload, this.secret, jwtOptions);
|
|
66
|
+
|
|
67
|
+
// } catch (err: any) {
|
|
68
|
+
// logger.error("JWT signing failed", {
|
|
69
|
+
// adapter: "jwt",
|
|
70
|
+
// operation: "sign",
|
|
71
|
+
// reason: err?.message
|
|
72
|
+
// });
|
|
73
|
+
|
|
74
|
+
// throw new AdapterError("JWT sign failed");
|
|
75
|
+
// }
|
|
76
|
+
// }
|
|
77
|
+
|
|
78
|
+
// verify(token: string, options?: { audience?: string | string[] }) {
|
|
79
|
+
// try {
|
|
80
|
+
// const verifyOptions: jwt.VerifyOptions = {
|
|
81
|
+
// algorithms: [this.algorithm],
|
|
82
|
+
// issuer: this.issuer,
|
|
83
|
+
// audience: (options?.audience || this.audience) as string
|
|
84
|
+
// };
|
|
85
|
+
|
|
86
|
+
// return jwt.verify(token, this.secret, verifyOptions);
|
|
87
|
+
|
|
88
|
+
// } catch (err: any) {
|
|
89
|
+
// logger.error("JWT verification failed", {
|
|
90
|
+
// adapter: "jwt",
|
|
91
|
+
// operation: "verify",
|
|
92
|
+
// reason: err?.message
|
|
93
|
+
// });
|
|
94
|
+
|
|
95
|
+
// if (err?.name === "TokenExpiredError") {
|
|
96
|
+
// throw new AdapterError("JWT token has expired");
|
|
97
|
+
// }
|
|
98
|
+
|
|
99
|
+
// if (err?.name === "JsonWebTokenError") {
|
|
100
|
+
// throw new AdapterError("Invalid JWT token");
|
|
101
|
+
// }
|
|
102
|
+
|
|
103
|
+
// throw new AdapterError("JWT verification failed");
|
|
104
|
+
// }
|
|
105
|
+
// }
|
|
106
|
+
// }
|
|
107
|
+
|
|
108
|
+
|
|
109
|
+
|
|
110
|
+
import jwt, { SignOptions as JwtSignOptions } from "jsonwebtoken";
|
|
2
111
|
import { randomUUID } from "crypto";
|
|
3
112
|
import { AdapterError } from "../core/errors/AdapterError";
|
|
4
113
|
import { logger } from "../logging";
|
|
5
114
|
|
|
115
|
+
type ExpiresIn = JwtSignOptions["expiresIn"]; // ✅ important
|
|
116
|
+
|
|
6
117
|
export interface JWTAdapterOptions {
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
118
|
+
secret: string;
|
|
119
|
+
expiresIn?: string | number;
|
|
120
|
+
algorithm?: jwt.Algorithm;
|
|
121
|
+
issuer?: string;
|
|
122
|
+
audience?: string | string[];
|
|
12
123
|
}
|
|
13
124
|
|
|
14
125
|
export interface SignOptions {
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
126
|
+
expiresIn?: string | number;
|
|
127
|
+
jti?: string;
|
|
128
|
+
subject?: string;
|
|
129
|
+
issuer?: string;
|
|
130
|
+
audience?: string | string[];
|
|
131
|
+
}
|
|
132
|
+
|
|
133
|
+
function normalizeAudience(
|
|
134
|
+
aud?: string | string[]
|
|
135
|
+
): string | [string, ...string[]] | undefined {
|
|
136
|
+
if (!aud) return undefined;
|
|
137
|
+
if (typeof aud === "string") return aud;
|
|
138
|
+
if (aud.length > 0) return aud as [string, ...string[]];
|
|
139
|
+
return undefined;
|
|
20
140
|
}
|
|
21
141
|
|
|
22
142
|
export class JWTAdapter {
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
}
|
|
33
|
-
|
|
34
|
-
if (options.secret.length < 32) {
|
|
35
|
-
logger.warn("Weak JWT secret detected", {
|
|
36
|
-
adapter: "jwt",
|
|
37
|
-
operation: "init",
|
|
38
|
-
secretLength: options.secret.length
|
|
39
|
-
});
|
|
40
|
-
}
|
|
41
|
-
|
|
42
|
-
this.secret = options.secret;
|
|
43
|
-
this.expiresIn = options.expiresIn;
|
|
44
|
-
this.algorithm = options.algorithm || "HS256";
|
|
45
|
-
this.issuer = options.issuer;
|
|
46
|
-
this.audience = options.audience;
|
|
143
|
+
private secret: string;
|
|
144
|
+
private expiresIn?: ExpiresIn;
|
|
145
|
+
private algorithm: jwt.Algorithm;
|
|
146
|
+
private issuer?: string;
|
|
147
|
+
private audience?: string | string[];
|
|
148
|
+
|
|
149
|
+
constructor(options: JWTAdapterOptions) {
|
|
150
|
+
if (!options.secret) {
|
|
151
|
+
throw new AdapterError("JWT secret is required");
|
|
47
152
|
}
|
|
48
153
|
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
audience: options?.audience || this.audience,
|
|
55
|
-
jwtid: options?.jti || randomUUID(),
|
|
56
|
-
subject: options?.subject
|
|
57
|
-
};
|
|
58
|
-
|
|
59
|
-
if (options?.expiresIn !== undefined) {
|
|
60
|
-
jwtOptions.expiresIn = options.expiresIn as any;
|
|
61
|
-
} else if (this.expiresIn !== undefined) {
|
|
62
|
-
jwtOptions.expiresIn = this.expiresIn as any;
|
|
63
|
-
}
|
|
64
|
-
|
|
65
|
-
return jwt.sign(payload, this.secret, jwtOptions);
|
|
66
|
-
|
|
67
|
-
} catch (err: any) {
|
|
68
|
-
logger.error("JWT signing failed", {
|
|
69
|
-
adapter: "jwt",
|
|
70
|
-
operation: "sign",
|
|
71
|
-
reason: err?.message
|
|
72
|
-
});
|
|
73
|
-
|
|
74
|
-
throw new AdapterError("JWT sign failed");
|
|
75
|
-
}
|
|
154
|
+
if (options.secret.length < 32) {
|
|
155
|
+
logger.warn("Weak JWT secret detected", {
|
|
156
|
+
adapter: "jwt",
|
|
157
|
+
secretLength: options.secret.length
|
|
158
|
+
});
|
|
76
159
|
}
|
|
77
160
|
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
161
|
+
this.secret = options.secret;
|
|
162
|
+
this.algorithm = options.algorithm ?? "HS256";
|
|
163
|
+
this.issuer = options.issuer;
|
|
164
|
+
this.audience = options.audience;
|
|
165
|
+
this.expiresIn = options.expiresIn as ExpiresIn;
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
// ================= SIGN =================
|
|
169
|
+
sign(payload: object, options?: SignOptions) {
|
|
170
|
+
try {
|
|
171
|
+
const jwtOptions: jwt.SignOptions = {
|
|
172
|
+
algorithm: this.algorithm,
|
|
173
|
+
jwtid: options?.jti ?? randomUUID(),
|
|
174
|
+
subject: options?.subject
|
|
175
|
+
};
|
|
176
|
+
|
|
177
|
+
const issuer = options?.issuer ?? this.issuer;
|
|
178
|
+
if (issuer) jwtOptions.issuer = issuer;
|
|
179
|
+
|
|
180
|
+
const audience = normalizeAudience(options?.audience ?? this.audience);
|
|
181
|
+
if (audience) jwtOptions.audience = audience;
|
|
182
|
+
|
|
183
|
+
const expires =
|
|
184
|
+
options?.expiresIn !== undefined
|
|
185
|
+
? (options.expiresIn as ExpiresIn)
|
|
186
|
+
: this.expiresIn;
|
|
187
|
+
|
|
188
|
+
if (expires !== undefined) {
|
|
189
|
+
jwtOptions.expiresIn = expires;
|
|
190
|
+
}
|
|
191
|
+
|
|
192
|
+
return jwt.sign(payload, this.secret, jwtOptions);
|
|
193
|
+
} catch (err: any) {
|
|
194
|
+
logger.error("JWT signing failed", {
|
|
195
|
+
adapter: "jwt",
|
|
196
|
+
operation: "sign",
|
|
197
|
+
reason: err?.message
|
|
198
|
+
});
|
|
199
|
+
throw new AdapterError("JWT sign failed");
|
|
200
|
+
}
|
|
201
|
+
}
|
|
202
|
+
|
|
203
|
+
// ================= VERIFY =================
|
|
204
|
+
verify(token: string, options?: { audience?: string | string[] }) {
|
|
205
|
+
try {
|
|
206
|
+
const verifyOptions: jwt.VerifyOptions = {
|
|
207
|
+
algorithms: [this.algorithm]
|
|
208
|
+
};
|
|
209
|
+
|
|
210
|
+
if (this.issuer) verifyOptions.issuer = this.issuer;
|
|
211
|
+
|
|
212
|
+
const audience = normalizeAudience(options?.audience ?? this.audience);
|
|
213
|
+
if (audience) verifyOptions.audience = audience;
|
|
214
|
+
|
|
215
|
+
return jwt.verify(token, this.secret, verifyOptions);
|
|
216
|
+
} catch (err: any) {
|
|
217
|
+
logger.error("JWT verification failed", {
|
|
218
|
+
adapter: "jwt",
|
|
219
|
+
operation: "verify",
|
|
220
|
+
reason: err?.message
|
|
221
|
+
});
|
|
222
|
+
|
|
223
|
+
if (err?.name === "TokenExpiredError") {
|
|
224
|
+
throw new AdapterError("JWT token has expired");
|
|
225
|
+
}
|
|
226
|
+
|
|
227
|
+
if (err?.name === "JsonWebTokenError") {
|
|
228
|
+
throw new AdapterError("Invalid JWT token");
|
|
229
|
+
}
|
|
230
|
+
|
|
231
|
+
throw new AdapterError("JWT verification failed");
|
|
105
232
|
}
|
|
233
|
+
}
|
|
106
234
|
}
|
package/src/core/HiSecure.ts
CHANGED
|
@@ -324,6 +324,8 @@
|
|
|
324
324
|
|
|
325
325
|
|
|
326
326
|
|
|
327
|
+
|
|
328
|
+
|
|
327
329
|
import { HiSecureConfig } from "./types/HiSecureConfig.js";
|
|
328
330
|
import { defaultConfig } from "./config.js";
|
|
329
331
|
import { LIB_NAME, LIB_VERSION } from "./constants.js";
|
|
@@ -438,7 +440,7 @@ export class HiSecure {
|
|
|
438
440
|
this.jsonManager = new JsonManager();
|
|
439
441
|
this.corsManager = new CorsManager();
|
|
440
442
|
|
|
441
|
-
// =====
|
|
443
|
+
// ===== AUTH (OPTIONAL) =====
|
|
442
444
|
if (this.config.auth?.enabled) {
|
|
443
445
|
this.authManager = new AuthManager({
|
|
444
446
|
jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,
|
|
@@ -460,14 +462,38 @@ export class HiSecure {
|
|
|
460
462
|
});
|
|
461
463
|
}
|
|
462
464
|
|
|
463
|
-
// =================
|
|
464
|
-
|
|
465
|
+
// ================= AUTH =================
|
|
465
466
|
static auth(options?: { required?: boolean; roles?: string[] }) {
|
|
466
467
|
const i = HiSecure.get();
|
|
467
468
|
if (!i.authManager) throw new Error("Auth not enabled");
|
|
468
469
|
return i.authManager.protect(options);
|
|
469
470
|
}
|
|
470
471
|
|
|
472
|
+
// ================= JWT =================
|
|
473
|
+
static jwt = {
|
|
474
|
+
sign(payload: object, options?: any) {
|
|
475
|
+
const i = HiSecure.get();
|
|
476
|
+
if (!i.authManager) throw new Error("Auth not enabled");
|
|
477
|
+
return i.authManager.sign(payload, options);
|
|
478
|
+
},
|
|
479
|
+
|
|
480
|
+
verify(token: string) {
|
|
481
|
+
const i = HiSecure.get();
|
|
482
|
+
if (!i.authManager) throw new Error("Auth not enabled");
|
|
483
|
+
return i.authManager.verify(token);
|
|
484
|
+
},
|
|
485
|
+
|
|
486
|
+
google: {
|
|
487
|
+
verifyIdToken(idToken: string) {
|
|
488
|
+
const i = HiSecure.get();
|
|
489
|
+
if (!i.authManager)
|
|
490
|
+
throw new Error("Auth not enabled (Google)");
|
|
491
|
+
return i.authManager.verifyGoogleIdToken(idToken);
|
|
492
|
+
}
|
|
493
|
+
}
|
|
494
|
+
};
|
|
495
|
+
|
|
496
|
+
// ================= OTHER UTILS =================
|
|
471
497
|
static validate(schema: ValidationSchema) {
|
|
472
498
|
return HiSecure.get().validatorManager.validate(schema);
|
|
473
499
|
}
|
|
@@ -512,6 +538,7 @@ export class HiSecure {
|
|
|
512
538
|
return HiSecure.get().hashManager.verify(value, hash);
|
|
513
539
|
}
|
|
514
540
|
|
|
541
|
+
// ================= GLOBAL MIDDLEWARE =================
|
|
515
542
|
static middleware(options?: SecureOptions | MiddlewarePreset) {
|
|
516
543
|
const i = HiSecure.get();
|
|
517
544
|
|
|
@@ -527,8 +554,6 @@ export class HiSecure {
|
|
|
527
554
|
return i.createChain(finalOptions);
|
|
528
555
|
}
|
|
529
556
|
|
|
530
|
-
// ================= INTERNAL =================
|
|
531
|
-
|
|
532
557
|
private createChain(options: SecureOptions): any[] {
|
|
533
558
|
const chain: any[] = [];
|
|
534
559
|
|