npm - hi-secure - Versions diffs - 1.0.32 → 1.0.34 - Mend

hi-secure 1.0.32 → 1.0.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/adapters/JWTAdapter.d.ts.map +1 -1
package/dist/adapters/JWTAdapter.js +128 -14
package/dist/adapters/JWTAdapter.js.map +1 -1
package/package.json +1 -1
package/src/adapters/JWTAdapter.ts +228 -89

package/dist/adapters/JWTAdapter.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"JWTAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":"~~AAAA~~,OAAO,~~GAAG~~,MAAM,cAAc,CAAC;~~AAK/B~~,MAAM,WAAW,iBAAiB;~~IAC9B~~,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,SAAS,CAAC,EAAE,GAAG,CAAC,SAAS,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;~~CAChC~~;AAED,MAAM,WAAW,WAAW;~~IACxB~~,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;~~CAChC~~;~~AAED~~,qBAAa,UAAU;~~IACnB~~,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,SAAS,CAAC,~~CAAkB~~;~~IACpC~~,OAAO,CAAC,SAAS,CAAgB;IACjC,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,QAAQ,CAAC,CAAoB;gBAEzB,OAAO,EAAE,iBAAiB;IAoBtC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW;~~IA6B3C~~,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;KAAE;~~CA4BnE~~"}
1	+ {"version":3,"file":"JWTAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":"AA6GA,OAAO,GAAsC,MAAM,cAAc,CAAC;AAOlE,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,SAAS,CAAC,EAAE,GAAG,CAAC,SAAS,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC9B;AAWD,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,SAAS,CAAC,CAAY;IAC9B,OAAO,CAAC,SAAS,CAAgB;IACjC,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,QAAQ,CAAC,CAAoB;gBAEzB,OAAO,EAAE,iBAAiB;IAoBtC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW;IA4C3C,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;KAAE;CAgCjE"}

package/dist/adapters/JWTAdapter.js CHANGED Viewed

@@ -1,13 +1,111 @@
 "use strict";
+// import jwt from "jsonwebtoken";
+// import { randomUUID } from "crypto";
+// import { AdapterError } from "../core/errors/AdapterError";
+// import { logger } from "../logging";
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.JWTAdapter = void 0;
+// export interface JWTAdapterOptions {
+//     secret: string;
+//     expiresIn?: string | number;
+//     algorithm?: jwt.Algorithm;
+//     issuer?: string;
+//     audience?: string | string[];
+// }
+// export interface SignOptions {
+//     expiresIn?: string | number;
+//     jti?: string;
+//     subject?: string;
+//     issuer?: string;
+//     audience?: string | string[];
+// }
+// export class JWTAdapter {
+//     private secret: string;
+//     private expiresIn?: string | number;
+//     private algorithm: jwt.Algorithm;
+//     private issuer?: string;
+//     private audience?: string | string[];
+//     constructor(options: JWTAdapterOptions) {
+//         if (!options.secret) {
+//             throw new AdapterError("JWT secret is required");
+//         }
+//         if (options.secret.length < 32) {
+//             logger.warn("Weak JWT secret detected", {
+//                 adapter: "jwt",
+//                 operation: "init",
+//                 secretLength: options.secret.length
+//             });
+//         }
+//         this.secret = options.secret;
+//         this.expiresIn = options.expiresIn;
+//         this.algorithm = options.algorithm || "HS256";
+//         this.issuer = options.issuer;
+//         this.audience = options.audience;
+//     }
+//     sign(payload: object, options?: SignOptions) {
+//         try {
+//             const jwtOptions: jwt.SignOptions = {
+//                 algorithm: this.algorithm,
+//                 issuer: options?.issuer || this.issuer,
+//                 audience: options?.audience || this.audience,
+//                 jwtid: options?.jti || randomUUID(),
+//                 subject: options?.subject
+//             };
+//             if (options?.expiresIn !== undefined) {
+//                 jwtOptions.expiresIn = options.expiresIn as any;
+//             } else if (this.expiresIn !== undefined) {
+//                 jwtOptions.expiresIn = this.expiresIn as any;
+//             }
+//             return jwt.sign(payload, this.secret, jwtOptions);
+//         } catch (err: any) {
+//             logger.error("JWT signing failed", {
+//                 adapter: "jwt",
+//                 operation: "sign",
+//                 reason: err?.message
+//             });
+//             throw new AdapterError("JWT sign failed");
+//         }
+//     }
+//     verify(token: string, options?: { audience?: string | string[] }) {
+//         try {
+//             const verifyOptions: jwt.VerifyOptions = {
+//                 algorithms: [this.algorithm],
+//                 issuer: this.issuer,
+//                 audience: (options?.audience || this.audience) as string
+//             };
+//             return jwt.verify(token, this.secret, verifyOptions);
+//         } catch (err: any) {
+//             logger.error("JWT verification failed", {
+//                 adapter: "jwt",
+//                 operation: "verify",
+//                 reason: err?.message
+//             });
+//             if (err?.name === "TokenExpiredError") {
+//                 throw new AdapterError("JWT token has expired");
+//             }
+//             if (err?.name === "JsonWebTokenError") {
+//                 throw new AdapterError("Invalid JWT token");
+//             }
+//             throw new AdapterError("JWT verification failed");
+//         }
+//     }
+// }
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const crypto_1 = require("crypto");
 const AdapterError_1 = require("../core/errors/AdapterError");
 const logging_1 = require("../logging");
+function normalizeAudience(aud) {
+    if (!aud)
+        return undefined;
+    if (typeof aud === "string")
+        return aud;
+    if (aud.length > 0)
+        return aud;
+    return undefined;
+}
 class JWTAdapter {
     constructor(options) {
         if (!options.secret) {
@@ -16,30 +114,41 @@ class JWTAdapter {
         if (options.secret.length < 32) {
             logging_1.logger.warn("Weak JWT secret detected", {
                 adapter: "jwt",
-                operation: "init",
                 secretLength: options.secret.length
             });
         }
         this.secret = options.secret;
-        this.expiresIn = options.expiresIn;
-        this.algorithm = options.algorithm || "HS256";
+        this.algorithm = options.algorithm ?? "HS256";
         this.issuer = options.issuer;
         this.audience = options.audience;
+        this.expiresIn = options.expiresIn;
     }
+    // ================= SIGN =================
     sign(payload, options) {
         try {
             const jwtOptions = {
                 algorithm: this.algorithm,
-                issuer: options?.issuer || this.issuer,
-                audience: options?.audience || this.audience,
-                jwtid: options?.jti || (0, crypto_1.randomUUID)(),
-                subject: options?.subject
+                jwtid: options?.jti ?? (0, crypto_1.randomUUID)()
             };
-            if (options?.expiresIn !== undefined) {
-                jwtOptions.expiresIn = options.expiresIn;
+            // ✅ subject ONLY if string
+            if (typeof options?.subject === "string") {
+                jwtOptions.subject = options.subject;
             }
-            else if (this.expiresIn !== undefined) {
-                jwtOptions.expiresIn = this.expiresIn;
+            // ✅ issuer
+            const issuer = options?.issuer ?? this.issuer;
+            if (typeof issuer === "string") {
+                jwtOptions.issuer = issuer;
+            }
+            // ✅ audience
+            const audience = normalizeAudience(options?.audience ?? this.audience);
+            if (audience)
+                jwtOptions.audience = audience;
+            // ✅ expiresIn
+            const expires = options?.expiresIn !== undefined
+                ? options.expiresIn
+                : this.expiresIn;
+            if (expires !== undefined) {
+                jwtOptions.expiresIn = expires;
             }
             return jsonwebtoken_1.default.sign(payload, this.secret, jwtOptions);
         }
@@ -52,13 +161,18 @@ class JWTAdapter {
             throw new AdapterError_1.AdapterError("JWT sign failed");
         }
     }
+    // ================= VERIFY =================
     verify(token, options) {
         try {
             const verifyOptions = {
-                algorithms: [this.algorithm],
-                issuer: this.issuer,
-                audience: (options?.audience || this.audience)
+                algorithms: [this.algorithm]
             };
+            if (typeof this.issuer === "string") {
+                verifyOptions.issuer = this.issuer;
+            }
+            const audience = normalizeAudience(options?.audience ?? this.audience);
+            if (audience)
+                verifyOptions.audience = audience;
             return jsonwebtoken_1.default.verify(token, this.secret, verifyOptions);
         }
         catch (err) {

package/dist/adapters/JWTAdapter.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"JWTAdapter.js","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":";;;;;;AAAA,gEAA+B;AAC/B,mCAAoC;AACpC,8DAA2D;AAC3D,wCAAoC;AAkBpC,MAAa,UAAU;IAOnB,YAAY,OAA0B;QAClC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,IAAI,2BAAY,CAAC,wBAAwB,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC7B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACpC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;aACtC,CAAC,CAAC;QACP,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACrC,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAqB;QACvC,IAAI,CAAC;YACD,MAAM,UAAU,GAAoB;gBAChC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC,MAAM;gBACtC,QAAQ,EAAE,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ;gBAC5C,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,IAAA,mBAAU,GAAE;gBACnC,OAAO,EAAE,OAAO,EAAE,OAAO;aAC5B,CAAC;YAEF,IAAI,OAAO,EAAE,SAAS,KAAK,SAAS,EAAE,CAAC;gBACnC,UAAU,CAAC,SAAS,GAAG,OAAO,CAAC,SAAgB,CAAC;YACpD,CAAC;iBAAM,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACtC,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC,SAAgB,CAAC;YACjD,CAAC;YAED,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAEtD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBAC/B,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,MAAM,IAAI,2BAAY,CAAC,iBAAiB,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;IAED,MAAM,CAAC,KAAa,EAAE,OAA0C;QAC5D,IAAI,CAAC;YACD,MAAM,aAAa,GAAsB;gBACrC,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;gBAC5B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,QAAQ,EAAE,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAW;aAC3D,CAAC;YAEF,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QAEzD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACpC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,GAAG,EAAE,OAAO;aACvB,CAAC,CAAC;YAEH,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACpC,MAAM,IAAI,2BAAY,CAAC,uBAAuB,CAAC,CAAC;YACpD,CAAC;YAED,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACpC,MAAM,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC;YAChD,CAAC;YAED,MAAM,IAAI,2BAAY,CAAC,yBAAyB,CAAC,CAAC;QACtD,CAAC;IACL,CAAC;CACJ;AApFD,gCAoFC","sourcesContent":["import jwt from \"jsonwebtoken\";\r\nimport { randomUUID } from \"crypto\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { logger } from \"../logging\";\r\n\r\nexport interface JWTAdapterOptions {\r\n secret: string;\r\n expiresIn?: string \| number;\r\n algorithm?: jwt.Algorithm;\r\n issuer?: string;\r\n audience?: string \| string[];\r\n}\r\n\r\nexport interface SignOptions {\r\n expiresIn?: string \| number;\r\n jti?: string;\r\n subject?: string;\r\n issuer?: string;\r\n audience?: string \| string[];\r\n}\r\n\r\nexport class JWTAdapter {\r\n private secret: string;\r\n private expiresIn?: string \| number;\r\n private algorithm: jwt.Algorithm;\r\n private issuer?: string;\r\n private audience?: string \| string[];\r\n\r\n constructor(options: JWTAdapterOptions) {\r\n if (!options.secret) {\r\n throw new AdapterError(\"JWT secret is required\");\r\n }\r\n\r\n if (options.secret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n adapter: \"jwt\",\r\n operation: \"init\",\r\n secretLength: options.secret.length\r\n });\r\n }\r\n\r\n this.secret = options.secret;\r\n this.expiresIn = options.expiresIn;\r\n this.algorithm = options.algorithm \|\| \"HS256\";\r\n this.issuer = options.issuer;\r\n this.audience = options.audience;\r\n }\r\n\r\n sign(payload: object, options?: SignOptions) {\r\n try {\r\n const jwtOptions: jwt.SignOptions = {\r\n algorithm: this.algorithm,\r\n issuer: options?.issuer \|\| this.issuer,\r\n audience: options?.audience \|\| this.audience,\r\n jwtid: options?.jti \|\| randomUUID(),\r\n subject: options?.subject\r\n };\r\n\r\n if (options?.expiresIn !== undefined) {\r\n jwtOptions.expiresIn = options.expiresIn as any;\r\n } else if (this.expiresIn !== undefined) {\r\n jwtOptions.expiresIn = this.expiresIn as any;\r\n }\r\n\r\n return jwt.sign(payload, this.secret, jwtOptions);\r\n\r\n } catch (err: any) {\r\n logger.error(\"JWT signing failed\", {\r\n adapter: \"jwt\",\r\n operation: \"sign\",\r\n reason: err?.message\r\n });\r\n\r\n throw new AdapterError(\"JWT sign failed\");\r\n }\r\n }\r\n\r\n verify(token: string, options?: { audience?: string \| string[] }) {\r\n try {\r\n const verifyOptions: jwt.VerifyOptions = {\r\n algorithms: [this.algorithm],\r\n issuer: this.issuer,\r\n audience: (options?.audience \|\| this.audience) as string\r\n };\r\n\r\n return jwt.verify(token, this.secret, verifyOptions);\r\n\r\n } catch (err: any) {\r\n logger.error(\"JWT verification failed\", {\r\n adapter: \"jwt\",\r\n operation: \"verify\",\r\n reason: err?.message\r\n });\r\n\r\n if (err?.name === \"TokenExpiredError\") {\r\n throw new AdapterError(\"JWT token has expired\");\r\n }\r\n\r\n if (err?.name === \"JsonWebTokenError\") {\r\n throw new AdapterError(\"Invalid JWT token\");\r\n }\r\n\r\n throw new AdapterError(\"JWT verification failed\");\r\n }\r\n }\r\n}\r\n"]}
1	+ {"version":3,"file":"JWTAdapter.js","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":";AAAA,kCAAkC;AAClC,uCAAuC;AACvC,8DAA8D;AAC9D,uCAAuC;;;;;;AAEvC,uCAAuC;AACvC,sBAAsB;AACtB,mCAAmC;AACnC,iCAAiC;AACjC,uBAAuB;AACvB,oCAAoC;AACpC,IAAI;AAEJ,iCAAiC;AACjC,mCAAmC;AACnC,oBAAoB;AACpB,wBAAwB;AACxB,uBAAuB;AACvB,oCAAoC;AACpC,IAAI;AAEJ,4BAA4B;AAC5B,8BAA8B;AAC9B,2CAA2C;AAC3C,wCAAwC;AACxC,+BAA+B;AAC/B,4CAA4C;AAE5C,gDAAgD;AAChD,iCAAiC;AACjC,gEAAgE;AAChE,YAAY;AAEZ,4CAA4C;AAC5C,wDAAwD;AACxD,kCAAkC;AAClC,qCAAqC;AACrC,sDAAsD;AACtD,kBAAkB;AAClB,YAAY;AAEZ,wCAAwC;AACxC,8CAA8C;AAC9C,yDAAyD;AACzD,wCAAwC;AACxC,4CAA4C;AAC5C,QAAQ;AAER,qDAAqD;AACrD,gBAAgB;AAChB,oDAAoD;AACpD,6CAA6C;AAC7C,0DAA0D;AAC1D,gEAAgE;AAChE,uDAAuD;AACvD,4CAA4C;AAC5C,iBAAiB;AAEjB,sDAAsD;AACtD,mEAAmE;AACnE,yDAAyD;AACzD,gEAAgE;AAChE,gBAAgB;AAEhB,iEAAiE;AAEjE,+BAA+B;AAC/B,mDAAmD;AACnD,kCAAkC;AAClC,qCAAqC;AACrC,uCAAuC;AACvC,kBAAkB;AAElB,yDAAyD;AACzD,YAAY;AACZ,QAAQ;AAER,0EAA0E;AAC1E,gBAAgB;AAChB,yDAAyD;AACzD,gDAAgD;AAChD,uCAAuC;AACvC,2EAA2E;AAC3E,iBAAiB;AAEjB,oEAAoE;AAEpE,+BAA+B;AAC/B,wDAAwD;AACxD,kCAAkC;AAClC,uCAAuC;AACvC,uCAAuC;AACvC,kBAAkB;AAElB,uDAAuD;AACvD,mEAAmE;AACnE,gBAAgB;AAEhB,uDAAuD;AACvD,+DAA+D;AAC/D,gBAAgB;AAEhB,iEAAiE;AACjE,YAAY;AACZ,QAAQ;AACR,IAAI;AAIJ,gEAAkE;AAClE,mCAAoC;AACpC,8DAA2D;AAC3D,wCAAoC;AAoBpC,SAAS,iBAAiB,CACxB,GAAuB;IAEvB,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAA4B,CAAC;IACxD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAa,UAAU;IAOrB,YAAY,OAA0B;QACpC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,MAAM,IAAI,2BAAY,CAAC,wBAAwB,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC/B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACtC,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;aACpC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAsB,CAAC;IAClD,CAAC;IAED,2CAA2C;IAC3C,IAAI,CAAC,OAAe,EAAE,OAAqB;QACzC,IAAI,CAAC;YACH,MAAM,UAAU,GAAoB;gBAClC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,IAAA,mBAAU,GAAE;aACpC,CAAC;YAEF,2BAA2B;YAC3B,IAAI,OAAO,OAAO,EAAE,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACzC,UAAU,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;YACvC,CAAC;YAED,WAAW;YACX,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC;YAC9C,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;gBAC/B,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC;YAC7B,CAAC;YAED,aAAa;YACb,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ;gBAAE,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE7C,cAAc;YACd,MAAM,OAAO,GACX,OAAO,EAAE,SAAS,KAAK,SAAS;gBAC9B,CAAC,CAAE,OAAO,CAAC,SAAuB;gBAClC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;YAErB,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;gBAC1B,UAAU,CAAC,SAAS,GAAG,OAAO,CAAC;YACjC,CAAC;YAED,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,gBAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBACjC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,IAAI,2BAAY,CAAC,iBAAiB,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,MAAM,CAAC,KAAa,EAAE,OAA0C;QAC9D,IAAI,CAAC;YACH,MAAM,aAAa,GAAsB;gBACvC,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;aAC7B,CAAC;YAEF,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACpC,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YACrC,CAAC;YAED,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ;gBAAE,aAAa,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAEhD,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,gBAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,GAAG,EAAE,OAAO;aACrB,CAAC,CAAC;YAEH,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAAY,CAAC,uBAAuB,CAAC,CAAC;YAClD,CAAC;YAED,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC;YAC9C,CAAC;YAED,MAAM,IAAI,2BAAY,CAAC,yBAAyB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;CACF;AAvGD,gCAuGC","sourcesContent":["// import jwt from \"jsonwebtoken\";\r\n// import { randomUUID } from \"crypto\";\r\n// import { AdapterError } from \"../core/errors/AdapterError\";\r\n// import { logger } from \"../logging\";\r\n\r\n// export interface JWTAdapterOptions {\r\n// secret: string;\r\n// expiresIn?: string \| number;\r\n// algorithm?: jwt.Algorithm;\r\n// issuer?: string;\r\n// audience?: string \| string[];\r\n// }\r\n\r\n// export interface SignOptions {\r\n// expiresIn?: string \| number;\r\n// jti?: string;\r\n// subject?: string;\r\n// issuer?: string;\r\n// audience?: string \| string[];\r\n// }\r\n\r\n// export class JWTAdapter {\r\n// private secret: string;\r\n// private expiresIn?: string \| number;\r\n// private algorithm: jwt.Algorithm;\r\n// private issuer?: string;\r\n// private audience?: string \| string[];\r\n\r\n// constructor(options: JWTAdapterOptions) {\r\n// if (!options.secret) {\r\n// throw new AdapterError(\"JWT secret is required\");\r\n// }\r\n\r\n// if (options.secret.length < 32) {\r\n// logger.warn(\"Weak JWT secret detected\", {\r\n// adapter: \"jwt\",\r\n// operation: \"init\",\r\n// secretLength: options.secret.length\r\n// });\r\n// }\r\n\r\n// this.secret = options.secret;\r\n// this.expiresIn = options.expiresIn;\r\n// this.algorithm = options.algorithm \|\| \"HS256\";\r\n// this.issuer = options.issuer;\r\n// this.audience = options.audience;\r\n// }\r\n\r\n// sign(payload: object, options?: SignOptions) {\r\n// try {\r\n// const jwtOptions: jwt.SignOptions = {\r\n// algorithm: this.algorithm,\r\n// issuer: options?.issuer \|\| this.issuer,\r\n// audience: options?.audience \|\| this.audience,\r\n// jwtid: options?.jti \|\| randomUUID(),\r\n// subject: options?.subject\r\n// };\r\n\r\n// if (options?.expiresIn !== undefined) {\r\n// jwtOptions.expiresIn = options.expiresIn as any;\r\n// } else if (this.expiresIn !== undefined) {\r\n// jwtOptions.expiresIn = this.expiresIn as any;\r\n// }\r\n\r\n// return jwt.sign(payload, this.secret, jwtOptions);\r\n\r\n// } catch (err: any) {\r\n// logger.error(\"JWT signing failed\", {\r\n// adapter: \"jwt\",\r\n// operation: \"sign\",\r\n// reason: err?.message\r\n// });\r\n\r\n// throw new AdapterError(\"JWT sign failed\");\r\n// }\r\n// }\r\n\r\n// verify(token: string, options?: { audience?: string \| string[] }) {\r\n// try {\r\n// const verifyOptions: jwt.VerifyOptions = {\r\n// algorithms: [this.algorithm],\r\n// issuer: this.issuer,\r\n// audience: (options?.audience \|\| this.audience) as string\r\n// };\r\n\r\n// return jwt.verify(token, this.secret, verifyOptions);\r\n\r\n// } catch (err: any) {\r\n// logger.error(\"JWT verification failed\", {\r\n// adapter: \"jwt\",\r\n// operation: \"verify\",\r\n// reason: err?.message\r\n// });\r\n\r\n// if (err?.name === \"TokenExpiredError\") {\r\n// throw new AdapterError(\"JWT token has expired\");\r\n// }\r\n\r\n// if (err?.name === \"JsonWebTokenError\") {\r\n// throw new AdapterError(\"Invalid JWT token\");\r\n// }\r\n\r\n// throw new AdapterError(\"JWT verification failed\");\r\n// }\r\n// }\r\n// }\r\n\r\n\r\n\r\nimport jwt, { SignOptions as JwtSignOptions } from \"jsonwebtoken\";\r\nimport { randomUUID } from \"crypto\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { logger } from \"../logging\";\r\n\r\ntype ExpiresIn = JwtSignOptions[\"expiresIn\"];\r\n\r\nexport interface JWTAdapterOptions {\r\n secret: string;\r\n expiresIn?: string \| number;\r\n algorithm?: jwt.Algorithm;\r\n issuer?: string;\r\n audience?: string \| string[];\r\n}\r\n\r\nexport interface SignOptions {\r\n expiresIn?: string \| number;\r\n jti?: string;\r\n subject?: string;\r\n issuer?: string;\r\n audience?: string \| string[];\r\n}\r\n\r\nfunction normalizeAudience(\r\n aud?: string \| string[]\r\n): string \| [string, ...string[]] \| undefined {\r\n if (!aud) return undefined;\r\n if (typeof aud === \"string\") return aud;\r\n if (aud.length > 0) return aud as [string, ...string[]];\r\n return undefined;\r\n}\r\n\r\nexport class JWTAdapter {\r\n private secret: string;\r\n private expiresIn?: ExpiresIn;\r\n private algorithm: jwt.Algorithm;\r\n private issuer?: string;\r\n private audience?: string \| string[];\r\n\r\n constructor(options: JWTAdapterOptions) {\r\n if (!options.secret) {\r\n throw new AdapterError(\"JWT secret is required\");\r\n }\r\n\r\n if (options.secret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n adapter: \"jwt\",\r\n secretLength: options.secret.length\r\n });\r\n }\r\n\r\n this.secret = options.secret;\r\n this.algorithm = options.algorithm ?? \"HS256\";\r\n this.issuer = options.issuer;\r\n this.audience = options.audience;\r\n this.expiresIn = options.expiresIn as ExpiresIn;\r\n }\r\n\r\n // ================= SIGN =================\r\n sign(payload: object, options?: SignOptions) {\r\n try {\r\n const jwtOptions: jwt.SignOptions = {\r\n algorithm: this.algorithm,\r\n jwtid: options?.jti ?? randomUUID()\r\n };\r\n\r\n // ✅ subject ONLY if string\r\n if (typeof options?.subject === \"string\") {\r\n jwtOptions.subject = options.subject;\r\n }\r\n\r\n // ✅ issuer\r\n const issuer = options?.issuer ?? this.issuer;\r\n if (typeof issuer === \"string\") {\r\n jwtOptions.issuer = issuer;\r\n }\r\n\r\n // ✅ audience\r\n const audience = normalizeAudience(options?.audience ?? this.audience);\r\n if (audience) jwtOptions.audience = audience;\r\n\r\n // ✅ expiresIn\r\n const expires =\r\n options?.expiresIn !== undefined\r\n ? (options.expiresIn as ExpiresIn)\r\n : this.expiresIn;\r\n\r\n if (expires !== undefined) {\r\n jwtOptions.expiresIn = expires;\r\n }\r\n\r\n return jwt.sign(payload, this.secret, jwtOptions);\r\n } catch (err: any) {\r\n logger.error(\"JWT signing failed\", {\r\n adapter: \"jwt\",\r\n operation: \"sign\",\r\n reason: err?.message\r\n });\r\n throw new AdapterError(\"JWT sign failed\");\r\n }\r\n }\r\n\r\n // ================= VERIFY =================\r\n verify(token: string, options?: { audience?: string \| string[] }) {\r\n try {\r\n const verifyOptions: jwt.VerifyOptions = {\r\n algorithms: [this.algorithm]\r\n };\r\n\r\n if (typeof this.issuer === \"string\") {\r\n verifyOptions.issuer = this.issuer;\r\n }\r\n\r\n const audience = normalizeAudience(options?.audience ?? this.audience);\r\n if (audience) verifyOptions.audience = audience;\r\n\r\n return jwt.verify(token, this.secret, verifyOptions);\r\n } catch (err: any) {\r\n logger.error(\"JWT verification failed\", {\r\n adapter: \"jwt\",\r\n operation: \"verify\",\r\n reason: err?.message\r\n });\r\n\r\n if (err?.name === \"TokenExpiredError\") {\r\n throw new AdapterError(\"JWT token has expired\");\r\n }\r\n\r\n if (err?.name === \"JsonWebTokenError\") {\r\n throw new AdapterError(\"Invalid JWT token\");\r\n }\r\n\r\n throw new AdapterError(\"JWT verification failed\");\r\n }\r\n }\r\n}\r\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "hi-secure",
-    "version": "1.0.32",
+    "version": "1.0.34",
     "description": "Unified security layer for Express.js: authentication, validation, sanitization, rate limiting and CORS",
     "license": "MIT",
     "main": "dist/index.js",

package/src/adapters/JWTAdapter.ts CHANGED Viewed

@@ -1,106 +1,245 @@
-import jwt from "jsonwebtoken";
+// import jwt from "jsonwebtoken";
+// import { randomUUID } from "crypto";
+// import { AdapterError } from "../core/errors/AdapterError";
+// import { logger } from "../logging";
+// export interface JWTAdapterOptions {
+//     secret: string;
+//     expiresIn?: string | number;
+//     algorithm?: jwt.Algorithm;
+//     issuer?: string;
+//     audience?: string | string[];
+// }
+// export interface SignOptions {
+//     expiresIn?: string | number;
+//     jti?: string;
+//     subject?: string;
+//     issuer?: string;
+//     audience?: string | string[];
+// }
+// export class JWTAdapter {
+//     private secret: string;
+//     private expiresIn?: string | number;
+//     private algorithm: jwt.Algorithm;
+//     private issuer?: string;
+//     private audience?: string | string[];
+//     constructor(options: JWTAdapterOptions) {
+//         if (!options.secret) {
+//             throw new AdapterError("JWT secret is required");
+//         }
+//         if (options.secret.length < 32) {
+//             logger.warn("Weak JWT secret detected", {
+//                 adapter: "jwt",
+//                 operation: "init",
+//                 secretLength: options.secret.length
+//             });
+//         }
+//         this.secret = options.secret;
+//         this.expiresIn = options.expiresIn;
+//         this.algorithm = options.algorithm || "HS256";
+//         this.issuer = options.issuer;
+//         this.audience = options.audience;
+//     }
+//     sign(payload: object, options?: SignOptions) {
+//         try {
+//             const jwtOptions: jwt.SignOptions = {
+//                 algorithm: this.algorithm,
+//                 issuer: options?.issuer || this.issuer,
+//                 audience: options?.audience || this.audience,
+//                 jwtid: options?.jti || randomUUID(),
+//                 subject: options?.subject
+//             };
+//             if (options?.expiresIn !== undefined) {
+//                 jwtOptions.expiresIn = options.expiresIn as any;
+//             } else if (this.expiresIn !== undefined) {
+//                 jwtOptions.expiresIn = this.expiresIn as any;
+//             }
+//             return jwt.sign(payload, this.secret, jwtOptions);
+//         } catch (err: any) {
+//             logger.error("JWT signing failed", {
+//                 adapter: "jwt",
+//                 operation: "sign",
+//                 reason: err?.message
+//             });
+//             throw new AdapterError("JWT sign failed");
+//         }
+//     }
+//     verify(token: string, options?: { audience?: string | string[] }) {
+//         try {
+//             const verifyOptions: jwt.VerifyOptions = {
+//                 algorithms: [this.algorithm],
+//                 issuer: this.issuer,
+//                 audience: (options?.audience || this.audience) as string
+//             };
+//             return jwt.verify(token, this.secret, verifyOptions);
+//         } catch (err: any) {
+//             logger.error("JWT verification failed", {
+//                 adapter: "jwt",
+//                 operation: "verify",
+//                 reason: err?.message
+//             });
+//             if (err?.name === "TokenExpiredError") {
+//                 throw new AdapterError("JWT token has expired");
+//             }
+//             if (err?.name === "JsonWebTokenError") {
+//                 throw new AdapterError("Invalid JWT token");
+//             }
+//             throw new AdapterError("JWT verification failed");
+//         }
+//     }
+// }
+import jwt, { SignOptions as JwtSignOptions } from "jsonwebtoken";
 import { randomUUID } from "crypto";
 import { AdapterError } from "../core/errors/AdapterError";
 import { logger } from "../logging";
+type ExpiresIn = JwtSignOptions["expiresIn"];
 export interface JWTAdapterOptions {
-    secret: string;
-    expiresIn?: string | number;
-    algorithm?: jwt.Algorithm;
-    issuer?: string;
-    audience?: string | string[];
+  secret: string;
+  expiresIn?: string | number;
+  algorithm?: jwt.Algorithm;
+  issuer?: string;
+  audience?: string | string[];
 }
 export interface SignOptions {
-    expiresIn?: string | number;
-    jti?: string;
-    subject?: string;
-    issuer?: string;
-    audience?: string | string[];
+  expiresIn?: string | number;
+  jti?: string;
+  subject?: string;
+  issuer?: string;
+  audience?: string | string[];
+}
+function normalizeAudience(
+  aud?: string | string[]
+): string | [string, ...string[]] | undefined {
+  if (!aud) return undefined;
+  if (typeof aud === "string") return aud;
+  if (aud.length > 0) return aud as [string, ...string[]];
+  return undefined;
 }
 export class JWTAdapter {
-    private secret: string;
-    private expiresIn?: string | number;
-    private algorithm: jwt.Algorithm;
-    private issuer?: string;
-    private audience?: string | string[];
-    constructor(options: JWTAdapterOptions) {
-        if (!options.secret) {
-            throw new AdapterError("JWT secret is required");
-        }
-        if (options.secret.length < 32) {
-            logger.warn("Weak JWT secret detected", {
-                adapter: "jwt",
-                operation: "init",
-                secretLength: options.secret.length
-            });
-        }
-        this.secret = options.secret;
-        this.expiresIn = options.expiresIn;
-        this.algorithm = options.algorithm || "HS256";
-        this.issuer = options.issuer;
-        this.audience = options.audience;
+  private secret: string;
+  private expiresIn?: ExpiresIn;
+  private algorithm: jwt.Algorithm;
+  private issuer?: string;
+  private audience?: string | string[];
+  constructor(options: JWTAdapterOptions) {
+    if (!options.secret) {
+      throw new AdapterError("JWT secret is required");
     }
-    sign(payload: object, options?: SignOptions) {
-        try {
-            const jwtOptions: jwt.SignOptions = {
-                algorithm: this.algorithm,
-                issuer: options?.issuer || this.issuer,
-                audience: options?.audience || this.audience,
-                jwtid: options?.jti || randomUUID(),
-                subject: options?.subject
-            };
-            if (options?.expiresIn !== undefined) {
-                jwtOptions.expiresIn = options.expiresIn as any;
-            } else if (this.expiresIn !== undefined) {
-                jwtOptions.expiresIn = this.expiresIn as any;
-            }
-            return jwt.sign(payload, this.secret, jwtOptions);
-        } catch (err: any) {
-            logger.error("JWT signing failed", {
-                adapter: "jwt",
-                operation: "sign",
-                reason: err?.message
-            });
-            throw new AdapterError("JWT sign failed");
-        }
+    if (options.secret.length < 32) {
+      logger.warn("Weak JWT secret detected", {
+        adapter: "jwt",
+        secretLength: options.secret.length
+      });
     }
-    verify(token: string, options?: { audience?: string | string[] }) {
-        try {
-            const verifyOptions: jwt.VerifyOptions = {
-                algorithms: [this.algorithm],
-                issuer: this.issuer,
-                audience: (options?.audience || this.audience) as string
-            };
-            return jwt.verify(token, this.secret, verifyOptions);
-        } catch (err: any) {
-            logger.error("JWT verification failed", {
-                adapter: "jwt",
-                operation: "verify",
-                reason: err?.message
-            });
-            if (err?.name === "TokenExpiredError") {
-                throw new AdapterError("JWT token has expired");
-            }
-            if (err?.name === "JsonWebTokenError") {
-                throw new AdapterError("Invalid JWT token");
-            }
-            throw new AdapterError("JWT verification failed");
-        }
+    this.secret = options.secret;
+    this.algorithm = options.algorithm ?? "HS256";
+    this.issuer = options.issuer;
+    this.audience = options.audience;
+    this.expiresIn = options.expiresIn as ExpiresIn;
+  }
+  // ================= SIGN =================
+  sign(payload: object, options?: SignOptions) {
+    try {
+      const jwtOptions: jwt.SignOptions = {
+        algorithm: this.algorithm,
+        jwtid: options?.jti ?? randomUUID()
+      };
+      // ✅ subject ONLY if string
+      if (typeof options?.subject === "string") {
+        jwtOptions.subject = options.subject;
+      }
+      // ✅ issuer
+      const issuer = options?.issuer ?? this.issuer;
+      if (typeof issuer === "string") {
+        jwtOptions.issuer = issuer;
+      }
+      // ✅ audience
+      const audience = normalizeAudience(options?.audience ?? this.audience);
+      if (audience) jwtOptions.audience = audience;
+      // ✅ expiresIn
+      const expires =
+        options?.expiresIn !== undefined
+          ? (options.expiresIn as ExpiresIn)
+          : this.expiresIn;
+      if (expires !== undefined) {
+        jwtOptions.expiresIn = expires;
+      }
+      return jwt.sign(payload, this.secret, jwtOptions);
+    } catch (err: any) {
+      logger.error("JWT signing failed", {
+        adapter: "jwt",
+        operation: "sign",
+        reason: err?.message
+      });
+      throw new AdapterError("JWT sign failed");
+    }
+  }
+  // ================= VERIFY =================
+  verify(token: string, options?: { audience?: string | string[] }) {
+    try {
+      const verifyOptions: jwt.VerifyOptions = {
+        algorithms: [this.algorithm]
+      };
+      if (typeof this.issuer === "string") {
+        verifyOptions.issuer = this.issuer;
+      }
+      const audience = normalizeAudience(options?.audience ?? this.audience);
+      if (audience) verifyOptions.audience = audience;
+      return jwt.verify(token, this.secret, verifyOptions);
+    } catch (err: any) {
+      logger.error("JWT verification failed", {
+        adapter: "jwt",
+        operation: "verify",
+        reason: err?.message
+      });
+      if (err?.name === "TokenExpiredError") {
+        throw new AdapterError("JWT token has expired");
+      }
+      if (err?.name === "JsonWebTokenError") {
+        throw new AdapterError("Invalid JWT token");
+      }
+      throw new AdapterError("JWT verification failed");
     }
+  }
 }