hi-secure 1.0.33 → 1.0.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/adapters/JWTAdapter.d.ts.map +1 -1
  2. package/dist/adapters/JWTAdapter.js +12 -4
  3. package/dist/adapters/JWTAdapter.js.map +1 -1
  4. package/package.json +1 -1
  5. package/src/adapters/JWTAdapter.ts +16 -5
package/dist/adapters/JWTAdapter.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"JWTAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":"AA6GA,OAAO,GAAsC,MAAM,cAAc,CAAC;AAOlE,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,SAAS,CAAC,EAAE,GAAG,CAAC,SAAS,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC9B;AAWD,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,SAAS,CAAC,CAAY;IAC9B,OAAO,CAAC,SAAS,CAAgB;IACjC,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,QAAQ,CAAC,CAAoB;gBAEzB,OAAO,EAAE,iBAAiB;IAoBtC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW;IAmC3C,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;KAAE;CA8BjE"}
1
+ {"version":3,"file":"JWTAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":"AA6GA,OAAO,GAAsC,MAAM,cAAc,CAAC;AAOlE,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,SAAS,CAAC,EAAE,GAAG,CAAC,SAAS,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC9B;AAWD,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,SAAS,CAAC,CAAY;IAC9B,OAAO,CAAC,SAAS,CAAgB;IACjC,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,QAAQ,CAAC,CAAoB;gBAEzB,OAAO,EAAE,iBAAiB;IAoBtC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW;IA4C3C,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;KAAE;CAgCjE"}
package/dist/adapters/JWTAdapter.js CHANGED
@@ -128,15 +128,22 @@ class JWTAdapter {
128
128
  try {
129
129
  const jwtOptions = {
130
130
  algorithm: this.algorithm,
131
- jwtid: options?.jti ?? (0, crypto_1.randomUUID)(),
132
- subject: options?.subject
131
+ jwtid: options?.jti ?? (0, crypto_1.randomUUID)()
133
132
  };
133
+ // ✅ subject ONLY if string
134
+ if (typeof options?.subject === "string") {
135
+ jwtOptions.subject = options.subject;
136
+ }
137
+ // ✅ issuer
134
138
  const issuer = options?.issuer ?? this.issuer;
135
- if (issuer)
139
+ if (typeof issuer === "string") {
136
140
  jwtOptions.issuer = issuer;
141
+ }
142
+ // ✅ audience
137
143
  const audience = normalizeAudience(options?.audience ?? this.audience);
138
144
  if (audience)
139
145
  jwtOptions.audience = audience;
146
+ // ✅ expiresIn
140
147
  const expires = options?.expiresIn !== undefined
141
148
  ? options.expiresIn
142
149
  : this.expiresIn;
@@ -160,8 +167,9 @@ class JWTAdapter {
160
167
  const verifyOptions = {
161
168
  algorithms: [this.algorithm]
162
169
  };
163
- if (this.issuer)
170
+ if (typeof this.issuer === "string") {
164
171
  verifyOptions.issuer = this.issuer;
172
+ }
165
173
  const audience = normalizeAudience(options?.audience ?? this.audience);
166
174
  if (audience)
167
175
  verifyOptions.audience = audience;
package/dist/adapters/JWTAdapter.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"JWTAdapter.js","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":";AAAA,kCAAkC;AAClC,uCAAuC;AACvC,8DAA8D;AAC9D,uCAAuC;;;;;;AAEvC,uCAAuC;AACvC,sBAAsB;AACtB,mCAAmC;AACnC,iCAAiC;AACjC,uBAAuB;AACvB,oCAAoC;AACpC,IAAI;AAEJ,iCAAiC;AACjC,mCAAmC;AACnC,oBAAoB;AACpB,wBAAwB;AACxB,uBAAuB;AACvB,oCAAoC;AACpC,IAAI;AAEJ,4BAA4B;AAC5B,8BAA8B;AAC9B,2CAA2C;AAC3C,wCAAwC;AACxC,+BAA+B;AAC/B,4CAA4C;AAE5C,gDAAgD;AAChD,iCAAiC;AACjC,gEAAgE;AAChE,YAAY;AAEZ,4CAA4C;AAC5C,wDAAwD;AACxD,kCAAkC;AAClC,qCAAqC;AACrC,sDAAsD;AACtD,kBAAkB;AAClB,YAAY;AAEZ,wCAAwC;AACxC,8CAA8C;AAC9C,yDAAyD;AACzD,wCAAwC;AACxC,4CAA4C;AAC5C,QAAQ;AAER,qDAAqD;AACrD,gBAAgB;AAChB,oDAAoD;AACpD,6CAA6C;AAC7C,0DAA0D;AAC1D,gEAAgE;AAChE,uDAAuD;AACvD,4CAA4C;AAC5C,iBAAiB;AAEjB,sDAAsD;AACtD,mEAAmE;AACnE,yDAAyD;AACzD,gEAAgE;AAChE,gBAAgB;AAEhB,iEAAiE;AAEjE,+BAA+B;AAC/B,mDAAmD;AACnD,kCAAkC;AAClC,qCAAqC;AACrC,uCAAuC;AACvC,kBAAkB;AAElB,yDAAyD;AACzD,YAAY;AACZ,QAAQ;AAER,0EAA0E;AAC1E,gBAAgB;AAChB,yDAAyD;AACzD,gDAAgD;AAChD,uCAAuC;AACvC,2EAA2E;AAC3E,iBAAiB;AAEjB,oEAAoE;AAEpE,+BAA+B;AAC/B,wDAAwD;AACxD,kCAAkC;AAClC,uCAAuC;AACvC,uCAAuC;AACvC,kBAAkB;AAElB,uDAAuD;AACvD,mEAAmE;AACnE,gBAAgB;AAEhB,uDAAuD;AACvD,+DAA+D;AAC/D,gBAAgB;AAEhB,iEAAiE;AACjE,YAAY;AACZ,QAAQ;AACR,IAAI;AAIJ,gEAAkE;AAClE,mCAAoC;AACpC,8DAA2D;AAC3D,wCAAoC;AAoBpC,SAAS,iBAAiB,CACxB,GAAuB;IAEvB,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAA4B,CAAC;IACxD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAa,UAAU;IAOrB,YAAY,OAA0B;QACpC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,MAAM,IAAI,2BAAY,CAAC,wBAAwB,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC/B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACtC,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;aACpC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAsB,CAAC;IAClD,CAAC;IAED,2CAA2C;IAC3C,IAAI,CAAC,OAAe,EAAE,OAAqB;QACzC,IAAI,CAAC;YACH,MAAM,UAAU,GAAoB;gBAClC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,IAAA,mBAAU,GAAE;gBACnC,OAAO,EAAE,OAAO,EAAE,OAAO;aAC1B,CAAC;YAEF,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC;YAC9C,IAAI,MAAM;gBAAE,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC;YAEvC,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ;gBAAE,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE7C,MAAM,OAAO,GACX,OAAO,EAAE,SAAS,KAAK,SAAS;gBAC9B,CAAC,CAAE,OAAO,CAAC,SAAuB;gBAClC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;YAErB,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;gBAC1B,UAAU,CAAC,SAAS,GAAG,OAAO,CAAC;YACjC,CAAC;YAED,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,gBAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBACjC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,IAAI,2BAAY,CAAC,iBAAiB,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,MAAM,CAAC,KAAa,EAAE,OAA0C;QAC9D,IAAI,CAAC;YACH,MAAM,aAAa,GAAsB;gBACvC,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;aAC7B,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM;gBAAE,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YAEpD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ;gBAAE,aAAa,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAEhD,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,gBAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,GAAG,EAAE,OAAO;aACrB,CAAC,CAAC;YAEH,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAAY,CAAC,uBAAuB,CAAC,CAAC;YAClD,CAAC;YAED,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC;YAC9C,CAAC;YAED,MAAM,IAAI,2BAAY,CAAC,yBAAyB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;CACF;AA5FD,gCA4FC","sourcesContent":["// import jwt from \"jsonwebtoken\";\r\n// import { randomUUID } from \"crypto\";\r\n// import { AdapterError } from \"../core/errors/AdapterError\";\r\n// import { logger } from \"../logging\";\r\n\r\n// export interface JWTAdapterOptions {\r\n// secret: string;\r\n// expiresIn?: string | number;\r\n// algorithm?: jwt.Algorithm;\r\n// issuer?: string;\r\n// audience?: string | string[];\r\n// }\r\n\r\n// export interface SignOptions {\r\n// expiresIn?: string | number;\r\n// jti?: string;\r\n// subject?: string;\r\n// issuer?: string;\r\n// audience?: string | string[];\r\n// }\r\n\r\n// export class JWTAdapter {\r\n// private secret: string;\r\n// private expiresIn?: string | number;\r\n// private algorithm: jwt.Algorithm;\r\n// private issuer?: string;\r\n// private audience?: string | string[];\r\n\r\n// constructor(options: JWTAdapterOptions) {\r\n// if (!options.secret) {\r\n// throw new AdapterError(\"JWT secret is required\");\r\n// }\r\n\r\n// if (options.secret.length < 32) {\r\n// logger.warn(\"Weak JWT secret detected\", {\r\n// adapter: \"jwt\",\r\n// operation: \"init\",\r\n// secretLength: options.secret.length\r\n// });\r\n// }\r\n\r\n// this.secret = options.secret;\r\n// this.expiresIn = options.expiresIn;\r\n// this.algorithm = options.algorithm || \"HS256\";\r\n// this.issuer = options.issuer;\r\n// this.audience = options.audience;\r\n// }\r\n\r\n// sign(payload: object, options?: SignOptions) {\r\n// try {\r\n// const jwtOptions: jwt.SignOptions = {\r\n// algorithm: this.algorithm,\r\n// issuer: options?.issuer || this.issuer,\r\n// audience: options?.audience || this.audience,\r\n// jwtid: options?.jti || randomUUID(),\r\n// subject: options?.subject\r\n// };\r\n\r\n// if (options?.expiresIn !== undefined) {\r\n// jwtOptions.expiresIn = options.expiresIn as any;\r\n// } else if (this.expiresIn !== undefined) {\r\n// jwtOptions.expiresIn = this.expiresIn as any;\r\n// }\r\n\r\n// return jwt.sign(payload, this.secret, jwtOptions);\r\n\r\n// } catch (err: any) {\r\n// logger.error(\"JWT signing failed\", {\r\n// adapter: \"jwt\",\r\n// operation: \"sign\",\r\n// reason: err?.message\r\n// });\r\n\r\n// throw new AdapterError(\"JWT sign failed\");\r\n// }\r\n// }\r\n\r\n// verify(token: string, options?: { audience?: string | string[] }) {\r\n// try {\r\n// const verifyOptions: jwt.VerifyOptions = {\r\n// algorithms: [this.algorithm],\r\n// issuer: this.issuer,\r\n// audience: (options?.audience || this.audience) as string\r\n// };\r\n\r\n// return jwt.verify(token, this.secret, verifyOptions);\r\n\r\n// } catch (err: any) {\r\n// logger.error(\"JWT verification failed\", {\r\n// adapter: \"jwt\",\r\n// operation: \"verify\",\r\n// reason: err?.message\r\n// });\r\n\r\n// if (err?.name === \"TokenExpiredError\") {\r\n// throw new AdapterError(\"JWT token has expired\");\r\n// }\r\n\r\n// if (err?.name === \"JsonWebTokenError\") {\r\n// throw new AdapterError(\"Invalid JWT token\");\r\n// }\r\n\r\n// throw new AdapterError(\"JWT verification failed\");\r\n// }\r\n// }\r\n// }\r\n\r\n\r\n\r\nimport jwt, { SignOptions as JwtSignOptions } from \"jsonwebtoken\";\r\nimport { randomUUID } from \"crypto\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { logger } from \"../logging\";\r\n\r\ntype ExpiresIn = JwtSignOptions[\"expiresIn\"]; // ✅ important\r\n\r\nexport interface JWTAdapterOptions {\r\n secret: string;\r\n expiresIn?: string | number;\r\n algorithm?: jwt.Algorithm;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nexport interface SignOptions {\r\n expiresIn?: string | number;\r\n jti?: string;\r\n subject?: string;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nfunction normalizeAudience(\r\n aud?: string | string[]\r\n): string | [string, ...string[]] | undefined {\r\n if (!aud) return undefined;\r\n if (typeof aud === \"string\") return aud;\r\n if (aud.length > 0) return aud as [string, ...string[]];\r\n return undefined;\r\n}\r\n\r\nexport class JWTAdapter {\r\n private secret: string;\r\n private expiresIn?: ExpiresIn;\r\n private algorithm: jwt.Algorithm;\r\n private issuer?: string;\r\n private audience?: string | string[];\r\n\r\n constructor(options: JWTAdapterOptions) {\r\n if (!options.secret) {\r\n throw new AdapterError(\"JWT secret is required\");\r\n }\r\n\r\n if (options.secret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n adapter: \"jwt\",\r\n secretLength: options.secret.length\r\n });\r\n }\r\n\r\n this.secret = options.secret;\r\n this.algorithm = options.algorithm ?? \"HS256\";\r\n this.issuer = options.issuer;\r\n this.audience = options.audience;\r\n this.expiresIn = options.expiresIn as ExpiresIn;\r\n }\r\n\r\n // ================= SIGN =================\r\n sign(payload: object, options?: SignOptions) {\r\n try {\r\n const jwtOptions: jwt.SignOptions = {\r\n algorithm: this.algorithm,\r\n jwtid: options?.jti ?? randomUUID(),\r\n subject: options?.subject\r\n };\r\n\r\n const issuer = options?.issuer ?? this.issuer;\r\n if (issuer) jwtOptions.issuer = issuer;\r\n\r\n const audience = normalizeAudience(options?.audience ?? this.audience);\r\n if (audience) jwtOptions.audience = audience;\r\n\r\n const expires =\r\n options?.expiresIn !== undefined\r\n ? (options.expiresIn as ExpiresIn)\r\n : this.expiresIn;\r\n\r\n if (expires !== undefined) {\r\n jwtOptions.expiresIn = expires;\r\n }\r\n\r\n return jwt.sign(payload, this.secret, jwtOptions);\r\n } catch (err: any) {\r\n logger.error(\"JWT signing failed\", {\r\n adapter: \"jwt\",\r\n operation: \"sign\",\r\n reason: err?.message\r\n });\r\n throw new AdapterError(\"JWT sign failed\");\r\n }\r\n }\r\n\r\n // ================= VERIFY =================\r\n verify(token: string, options?: { audience?: string | string[] }) {\r\n try {\r\n const verifyOptions: jwt.VerifyOptions = {\r\n algorithms: [this.algorithm]\r\n };\r\n\r\n if (this.issuer) verifyOptions.issuer = this.issuer;\r\n\r\n const audience = normalizeAudience(options?.audience ?? this.audience);\r\n if (audience) verifyOptions.audience = audience;\r\n\r\n return jwt.verify(token, this.secret, verifyOptions);\r\n } catch (err: any) {\r\n logger.error(\"JWT verification failed\", {\r\n adapter: \"jwt\",\r\n operation: \"verify\",\r\n reason: err?.message\r\n });\r\n\r\n if (err?.name === \"TokenExpiredError\") {\r\n throw new AdapterError(\"JWT token has expired\");\r\n }\r\n\r\n if (err?.name === \"JsonWebTokenError\") {\r\n throw new AdapterError(\"Invalid JWT token\");\r\n }\r\n\r\n throw new AdapterError(\"JWT verification failed\");\r\n }\r\n }\r\n}\r\n"]}
1
+ {"version":3,"file":"JWTAdapter.js","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":";AAAA,kCAAkC;AAClC,uCAAuC;AACvC,8DAA8D;AAC9D,uCAAuC;;;;;;AAEvC,uCAAuC;AACvC,sBAAsB;AACtB,mCAAmC;AACnC,iCAAiC;AACjC,uBAAuB;AACvB,oCAAoC;AACpC,IAAI;AAEJ,iCAAiC;AACjC,mCAAmC;AACnC,oBAAoB;AACpB,wBAAwB;AACxB,uBAAuB;AACvB,oCAAoC;AACpC,IAAI;AAEJ,4BAA4B;AAC5B,8BAA8B;AAC9B,2CAA2C;AAC3C,wCAAwC;AACxC,+BAA+B;AAC/B,4CAA4C;AAE5C,gDAAgD;AAChD,iCAAiC;AACjC,gEAAgE;AAChE,YAAY;AAEZ,4CAA4C;AAC5C,wDAAwD;AACxD,kCAAkC;AAClC,qCAAqC;AACrC,sDAAsD;AACtD,kBAAkB;AAClB,YAAY;AAEZ,wCAAwC;AACxC,8CAA8C;AAC9C,yDAAyD;AACzD,wCAAwC;AACxC,4CAA4C;AAC5C,QAAQ;AAER,qDAAqD;AACrD,gBAAgB;AAChB,oDAAoD;AACpD,6CAA6C;AAC7C,0DAA0D;AAC1D,gEAAgE;AAChE,uDAAuD;AACvD,4CAA4C;AAC5C,iBAAiB;AAEjB,sDAAsD;AACtD,mEAAmE;AACnE,yDAAyD;AACzD,gEAAgE;AAChE,gBAAgB;AAEhB,iEAAiE;AAEjE,+BAA+B;AAC/B,mDAAmD;AACnD,kCAAkC;AAClC,qCAAqC;AACrC,uCAAuC;AACvC,kBAAkB;AAElB,yDAAyD;AACzD,YAAY;AACZ,QAAQ;AAER,0EAA0E;AAC1E,gBAAgB;AAChB,yDAAyD;AACzD,gDAAgD;AAChD,uCAAuC;AACvC,2EAA2E;AAC3E,iBAAiB;AAEjB,oEAAoE;AAEpE,+BAA+B;AAC/B,wDAAwD;AACxD,kCAAkC;AAClC,uCAAuC;AACvC,uCAAuC;AACvC,kBAAkB;AAElB,uDAAuD;AACvD,mEAAmE;AACnE,gBAAgB;AAEhB,uDAAuD;AACvD,+DAA+D;AAC/D,gBAAgB;AAEhB,iEAAiE;AACjE,YAAY;AACZ,QAAQ;AACR,IAAI;AAIJ,gEAAkE;AAClE,mCAAoC;AACpC,8DAA2D;AAC3D,wCAAoC;AAoBpC,SAAS,iBAAiB,CACxB,GAAuB;IAEvB,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAA4B,CAAC;IACxD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAa,UAAU;IAOrB,YAAY,OAA0B;QACpC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,MAAM,IAAI,2BAAY,CAAC,wBAAwB,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC/B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACtC,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;aACpC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAsB,CAAC;IAClD,CAAC;IAED,2CAA2C;IAC3C,IAAI,CAAC,OAAe,EAAE,OAAqB;QACzC,IAAI,CAAC;YACH,MAAM,UAAU,GAAoB;gBAClC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,IAAA,mBAAU,GAAE;aACpC,CAAC;YAEF,2BAA2B;YAC3B,IAAI,OAAO,OAAO,EAAE,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACzC,UAAU,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;YACvC,CAAC;YAED,WAAW;YACX,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC;YAC9C,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;gBAC/B,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC;YAC7B,CAAC;YAED,aAAa;YACb,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ;gBAAE,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE7C,cAAc;YACd,MAAM,OAAO,GACX,OAAO,EAAE,SAAS,KAAK,SAAS;gBAC9B,CAAC,CAAE,OAAO,CAAC,SAAuB;gBAClC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;YAErB,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;gBAC1B,UAAU,CAAC,SAAS,GAAG,OAAO,CAAC;YACjC,CAAC;YAED,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,gBAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBACjC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,IAAI,2BAAY,CAAC,iBAAiB,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,MAAM,CAAC,KAAa,EAAE,OAA0C;QAC9D,IAAI,CAAC;YACH,MAAM,aAAa,GAAsB;gBACvC,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;aAC7B,CAAC;YAEF,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACpC,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YACrC,CAAC;YAED,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ;gBAAE,aAAa,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAEhD,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,gBAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,GAAG,EAAE,OAAO;aACrB,CAAC,CAAC;YAEH,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAAY,CAAC,uBAAuB,CAAC,CAAC;YAClD,CAAC;YAED,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC;YAC9C,CAAC;YAED,MAAM,IAAI,2BAAY,CAAC,yBAAyB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;CACF;AAvGD,gCAuGC","sourcesContent":["// import jwt from \"jsonwebtoken\";\r\n// import { randomUUID } from \"crypto\";\r\n// import { AdapterError } from \"../core/errors/AdapterError\";\r\n// import { logger } from \"../logging\";\r\n\r\n// export interface JWTAdapterOptions {\r\n// secret: string;\r\n// expiresIn?: string | number;\r\n// algorithm?: jwt.Algorithm;\r\n// issuer?: string;\r\n// audience?: string | string[];\r\n// }\r\n\r\n// export interface SignOptions {\r\n// expiresIn?: string | number;\r\n// jti?: string;\r\n// subject?: string;\r\n// issuer?: string;\r\n// audience?: string | string[];\r\n// }\r\n\r\n// export class JWTAdapter {\r\n// private secret: string;\r\n// private expiresIn?: string | number;\r\n// private algorithm: jwt.Algorithm;\r\n// private issuer?: string;\r\n// private audience?: string | string[];\r\n\r\n// constructor(options: JWTAdapterOptions) {\r\n// if (!options.secret) {\r\n// throw new AdapterError(\"JWT secret is required\");\r\n// }\r\n\r\n// if (options.secret.length < 32) {\r\n// logger.warn(\"Weak JWT secret detected\", {\r\n// adapter: \"jwt\",\r\n// operation: \"init\",\r\n// secretLength: options.secret.length\r\n// });\r\n// }\r\n\r\n// this.secret = options.secret;\r\n// this.expiresIn = options.expiresIn;\r\n// this.algorithm = options.algorithm || \"HS256\";\r\n// this.issuer = options.issuer;\r\n// this.audience = options.audience;\r\n// }\r\n\r\n// sign(payload: object, options?: SignOptions) {\r\n// try {\r\n// const jwtOptions: jwt.SignOptions = {\r\n// algorithm: this.algorithm,\r\n// issuer: options?.issuer || this.issuer,\r\n// audience: options?.audience || this.audience,\r\n// jwtid: options?.jti || randomUUID(),\r\n// subject: options?.subject\r\n// };\r\n\r\n// if (options?.expiresIn !== undefined) {\r\n// jwtOptions.expiresIn = options.expiresIn as any;\r\n// } else if (this.expiresIn !== undefined) {\r\n// jwtOptions.expiresIn = this.expiresIn as any;\r\n// }\r\n\r\n// return jwt.sign(payload, this.secret, jwtOptions);\r\n\r\n// } catch (err: any) {\r\n// logger.error(\"JWT signing failed\", {\r\n// adapter: \"jwt\",\r\n// operation: \"sign\",\r\n// reason: err?.message\r\n// });\r\n\r\n// throw new AdapterError(\"JWT sign failed\");\r\n// }\r\n// }\r\n\r\n// verify(token: string, options?: { audience?: string | string[] }) {\r\n// try {\r\n// const verifyOptions: jwt.VerifyOptions = {\r\n// algorithms: [this.algorithm],\r\n// issuer: this.issuer,\r\n// audience: (options?.audience || this.audience) as string\r\n// };\r\n\r\n// return jwt.verify(token, this.secret, verifyOptions);\r\n\r\n// } catch (err: any) {\r\n// logger.error(\"JWT verification failed\", {\r\n// adapter: \"jwt\",\r\n// operation: \"verify\",\r\n// reason: err?.message\r\n// });\r\n\r\n// if (err?.name === \"TokenExpiredError\") {\r\n// throw new AdapterError(\"JWT token has expired\");\r\n// }\r\n\r\n// if (err?.name === \"JsonWebTokenError\") {\r\n// throw new AdapterError(\"Invalid JWT token\");\r\n// }\r\n\r\n// throw new AdapterError(\"JWT verification failed\");\r\n// }\r\n// }\r\n// }\r\n\r\n\r\n\r\nimport jwt, { SignOptions as JwtSignOptions } from \"jsonwebtoken\";\r\nimport { randomUUID } from \"crypto\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { logger } from \"../logging\";\r\n\r\ntype ExpiresIn = JwtSignOptions[\"expiresIn\"];\r\n\r\nexport interface JWTAdapterOptions {\r\n secret: string;\r\n expiresIn?: string | number;\r\n algorithm?: jwt.Algorithm;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nexport interface SignOptions {\r\n expiresIn?: string | number;\r\n jti?: string;\r\n subject?: string;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nfunction normalizeAudience(\r\n aud?: string | string[]\r\n): string | [string, ...string[]] | undefined {\r\n if (!aud) return undefined;\r\n if (typeof aud === \"string\") return aud;\r\n if (aud.length > 0) return aud as [string, ...string[]];\r\n return undefined;\r\n}\r\n\r\nexport class JWTAdapter {\r\n private secret: string;\r\n private expiresIn?: ExpiresIn;\r\n private algorithm: jwt.Algorithm;\r\n private issuer?: string;\r\n private audience?: string | string[];\r\n\r\n constructor(options: JWTAdapterOptions) {\r\n if (!options.secret) {\r\n throw new AdapterError(\"JWT secret is required\");\r\n }\r\n\r\n if (options.secret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n adapter: \"jwt\",\r\n secretLength: options.secret.length\r\n });\r\n }\r\n\r\n this.secret = options.secret;\r\n this.algorithm = options.algorithm ?? \"HS256\";\r\n this.issuer = options.issuer;\r\n this.audience = options.audience;\r\n this.expiresIn = options.expiresIn as ExpiresIn;\r\n }\r\n\r\n // ================= SIGN =================\r\n sign(payload: object, options?: SignOptions) {\r\n try {\r\n const jwtOptions: jwt.SignOptions = {\r\n algorithm: this.algorithm,\r\n jwtid: options?.jti ?? randomUUID()\r\n };\r\n\r\n // ✅ subject ONLY if string\r\n if (typeof options?.subject === \"string\") {\r\n jwtOptions.subject = options.subject;\r\n }\r\n\r\n // ✅ issuer\r\n const issuer = options?.issuer ?? this.issuer;\r\n if (typeof issuer === \"string\") {\r\n jwtOptions.issuer = issuer;\r\n }\r\n\r\n // ✅ audience\r\n const audience = normalizeAudience(options?.audience ?? this.audience);\r\n if (audience) jwtOptions.audience = audience;\r\n\r\n // ✅ expiresIn\r\n const expires =\r\n options?.expiresIn !== undefined\r\n ? (options.expiresIn as ExpiresIn)\r\n : this.expiresIn;\r\n\r\n if (expires !== undefined) {\r\n jwtOptions.expiresIn = expires;\r\n }\r\n\r\n return jwt.sign(payload, this.secret, jwtOptions);\r\n } catch (err: any) {\r\n logger.error(\"JWT signing failed\", {\r\n adapter: \"jwt\",\r\n operation: \"sign\",\r\n reason: err?.message\r\n });\r\n throw new AdapterError(\"JWT sign failed\");\r\n }\r\n }\r\n\r\n // ================= VERIFY =================\r\n verify(token: string, options?: { audience?: string | string[] }) {\r\n try {\r\n const verifyOptions: jwt.VerifyOptions = {\r\n algorithms: [this.algorithm]\r\n };\r\n\r\n if (typeof this.issuer === \"string\") {\r\n verifyOptions.issuer = this.issuer;\r\n }\r\n\r\n const audience = normalizeAudience(options?.audience ?? this.audience);\r\n if (audience) verifyOptions.audience = audience;\r\n\r\n return jwt.verify(token, this.secret, verifyOptions);\r\n } catch (err: any) {\r\n logger.error(\"JWT verification failed\", {\r\n adapter: \"jwt\",\r\n operation: \"verify\",\r\n reason: err?.message\r\n });\r\n\r\n if (err?.name === \"TokenExpiredError\") {\r\n throw new AdapterError(\"JWT token has expired\");\r\n }\r\n\r\n if (err?.name === \"JsonWebTokenError\") {\r\n throw new AdapterError(\"Invalid JWT token\");\r\n }\r\n\r\n throw new AdapterError(\"JWT verification failed\");\r\n }\r\n }\r\n}\r\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "hi-secure",
3
- "version": "1.0.33",
3
+ "version": "1.0.34",
4
4
  "description": "Unified security layer for Express.js: authentication, validation, sanitization, rate limiting and CORS",
5
5
  "license": "MIT",
6
6
  "main": "dist/index.js",
package/src/adapters/JWTAdapter.ts CHANGED
@@ -112,7 +112,7 @@ import { randomUUID } from "crypto";
112
112
  import { AdapterError } from "../core/errors/AdapterError";
113
113
  import { logger } from "../logging";
114
114
 
115
- type ExpiresIn = JwtSignOptions["expiresIn"]; // ✅ important
115
+ type ExpiresIn = JwtSignOptions["expiresIn"];
116
116
 
117
117
  export interface JWTAdapterOptions {
118
118
  secret: string;
@@ -170,16 +170,25 @@ export class JWTAdapter {
170
170
  try {
171
171
  const jwtOptions: jwt.SignOptions = {
172
172
  algorithm: this.algorithm,
173
- jwtid: options?.jti ?? randomUUID(),
174
- subject: options?.subject
173
+ jwtid: options?.jti ?? randomUUID()
175
174
  };
176
175
 
176
+ // ✅ subject ONLY if string
177
+ if (typeof options?.subject === "string") {
178
+ jwtOptions.subject = options.subject;
179
+ }
180
+
181
+ // ✅ issuer
177
182
  const issuer = options?.issuer ?? this.issuer;
178
- if (issuer) jwtOptions.issuer = issuer;
183
+ if (typeof issuer === "string") {
184
+ jwtOptions.issuer = issuer;
185
+ }
179
186
 
187
+ // ✅ audience
180
188
  const audience = normalizeAudience(options?.audience ?? this.audience);
181
189
  if (audience) jwtOptions.audience = audience;
182
190
 
191
+ // ✅ expiresIn
183
192
  const expires =
184
193
  options?.expiresIn !== undefined
185
194
  ? (options.expiresIn as ExpiresIn)
@@ -207,7 +216,9 @@ export class JWTAdapter {
207
216
  algorithms: [this.algorithm]
208
217
  };
209
218
 
210
- if (this.issuer) verifyOptions.issuer = this.issuer;
219
+ if (typeof this.issuer === "string") {
220
+ verifyOptions.issuer = this.issuer;
221
+ }
211
222
 
212
223
  const audience = normalizeAudience(options?.audience ?? this.audience);
213
224
  if (audience) verifyOptions.audience = audience;