hi-secure 1.0.33 → 1.0.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/JWTAdapter.d.ts.map +1 -1
- package/dist/adapters/JWTAdapter.js +8 -95
- package/dist/adapters/JWTAdapter.js.map +1 -1
- package/dist/core/HiSecure.d.ts.map +1 -1
- package/dist/core/HiSecure.js +0 -13
- package/dist/core/HiSecure.js.map +1 -1
- package/dist/core/useSecure.d.ts.map +1 -1
- package/dist/core/useSecure.js +0 -38
- package/dist/core/useSecure.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +0 -12
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
- package/src/adapters/JWTAdapter.ts +12 -116
- package/src/core/HiSecure.ts +0 -335
- package/src/core/useSecure.ts +0 -51
- package/src/index.ts +0 -21
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JWTAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"JWTAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,GAAsC,MAAM,cAAc,CAAC;AAOlE,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,SAAS,CAAC,EAAE,GAAG,CAAC,SAAS,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC9B;AAWD,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,SAAS,CAAC,CAAY;IAC9B,OAAO,CAAC,SAAS,CAAgB;IACjC,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,QAAQ,CAAC,CAAoB;gBAEzB,OAAO,EAAE,iBAAiB;IAmBtC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW;IAuC3C,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;KAAE;CAgCjE"}
|
|
@@ -1,98 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
// import jwt from "jsonwebtoken";
|
|
3
|
-
// import { randomUUID } from "crypto";
|
|
4
|
-
// import { AdapterError } from "../core/errors/AdapterError";
|
|
5
|
-
// import { logger } from "../logging";
|
|
6
2
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
7
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
8
4
|
};
|
|
9
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
6
|
exports.JWTAdapter = void 0;
|
|
11
|
-
// export interface JWTAdapterOptions {
|
|
12
|
-
// secret: string;
|
|
13
|
-
// expiresIn?: string | number;
|
|
14
|
-
// algorithm?: jwt.Algorithm;
|
|
15
|
-
// issuer?: string;
|
|
16
|
-
// audience?: string | string[];
|
|
17
|
-
// }
|
|
18
|
-
// export interface SignOptions {
|
|
19
|
-
// expiresIn?: string | number;
|
|
20
|
-
// jti?: string;
|
|
21
|
-
// subject?: string;
|
|
22
|
-
// issuer?: string;
|
|
23
|
-
// audience?: string | string[];
|
|
24
|
-
// }
|
|
25
|
-
// export class JWTAdapter {
|
|
26
|
-
// private secret: string;
|
|
27
|
-
// private expiresIn?: string | number;
|
|
28
|
-
// private algorithm: jwt.Algorithm;
|
|
29
|
-
// private issuer?: string;
|
|
30
|
-
// private audience?: string | string[];
|
|
31
|
-
// constructor(options: JWTAdapterOptions) {
|
|
32
|
-
// if (!options.secret) {
|
|
33
|
-
// throw new AdapterError("JWT secret is required");
|
|
34
|
-
// }
|
|
35
|
-
// if (options.secret.length < 32) {
|
|
36
|
-
// logger.warn("Weak JWT secret detected", {
|
|
37
|
-
// adapter: "jwt",
|
|
38
|
-
// operation: "init",
|
|
39
|
-
// secretLength: options.secret.length
|
|
40
|
-
// });
|
|
41
|
-
// }
|
|
42
|
-
// this.secret = options.secret;
|
|
43
|
-
// this.expiresIn = options.expiresIn;
|
|
44
|
-
// this.algorithm = options.algorithm || "HS256";
|
|
45
|
-
// this.issuer = options.issuer;
|
|
46
|
-
// this.audience = options.audience;
|
|
47
|
-
// }
|
|
48
|
-
// sign(payload: object, options?: SignOptions) {
|
|
49
|
-
// try {
|
|
50
|
-
// const jwtOptions: jwt.SignOptions = {
|
|
51
|
-
// algorithm: this.algorithm,
|
|
52
|
-
// issuer: options?.issuer || this.issuer,
|
|
53
|
-
// audience: options?.audience || this.audience,
|
|
54
|
-
// jwtid: options?.jti || randomUUID(),
|
|
55
|
-
// subject: options?.subject
|
|
56
|
-
// };
|
|
57
|
-
// if (options?.expiresIn !== undefined) {
|
|
58
|
-
// jwtOptions.expiresIn = options.expiresIn as any;
|
|
59
|
-
// } else if (this.expiresIn !== undefined) {
|
|
60
|
-
// jwtOptions.expiresIn = this.expiresIn as any;
|
|
61
|
-
// }
|
|
62
|
-
// return jwt.sign(payload, this.secret, jwtOptions);
|
|
63
|
-
// } catch (err: any) {
|
|
64
|
-
// logger.error("JWT signing failed", {
|
|
65
|
-
// adapter: "jwt",
|
|
66
|
-
// operation: "sign",
|
|
67
|
-
// reason: err?.message
|
|
68
|
-
// });
|
|
69
|
-
// throw new AdapterError("JWT sign failed");
|
|
70
|
-
// }
|
|
71
|
-
// }
|
|
72
|
-
// verify(token: string, options?: { audience?: string | string[] }) {
|
|
73
|
-
// try {
|
|
74
|
-
// const verifyOptions: jwt.VerifyOptions = {
|
|
75
|
-
// algorithms: [this.algorithm],
|
|
76
|
-
// issuer: this.issuer,
|
|
77
|
-
// audience: (options?.audience || this.audience) as string
|
|
78
|
-
// };
|
|
79
|
-
// return jwt.verify(token, this.secret, verifyOptions);
|
|
80
|
-
// } catch (err: any) {
|
|
81
|
-
// logger.error("JWT verification failed", {
|
|
82
|
-
// adapter: "jwt",
|
|
83
|
-
// operation: "verify",
|
|
84
|
-
// reason: err?.message
|
|
85
|
-
// });
|
|
86
|
-
// if (err?.name === "TokenExpiredError") {
|
|
87
|
-
// throw new AdapterError("JWT token has expired");
|
|
88
|
-
// }
|
|
89
|
-
// if (err?.name === "JsonWebTokenError") {
|
|
90
|
-
// throw new AdapterError("Invalid JWT token");
|
|
91
|
-
// }
|
|
92
|
-
// throw new AdapterError("JWT verification failed");
|
|
93
|
-
// }
|
|
94
|
-
// }
|
|
95
|
-
// }
|
|
96
7
|
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
97
8
|
const crypto_1 = require("crypto");
|
|
98
9
|
const AdapterError_1 = require("../core/errors/AdapterError");
|
|
@@ -123,17 +34,19 @@ class JWTAdapter {
|
|
|
123
34
|
this.audience = options.audience;
|
|
124
35
|
this.expiresIn = options.expiresIn;
|
|
125
36
|
}
|
|
126
|
-
// ================= SIGN =================
|
|
127
37
|
sign(payload, options) {
|
|
128
38
|
try {
|
|
129
39
|
const jwtOptions = {
|
|
130
40
|
algorithm: this.algorithm,
|
|
131
|
-
jwtid: options?.jti ?? (0, crypto_1.randomUUID)()
|
|
132
|
-
subject: options?.subject
|
|
41
|
+
jwtid: options?.jti ?? (0, crypto_1.randomUUID)()
|
|
133
42
|
};
|
|
43
|
+
if (typeof options?.subject === "string") {
|
|
44
|
+
jwtOptions.subject = options.subject;
|
|
45
|
+
}
|
|
134
46
|
const issuer = options?.issuer ?? this.issuer;
|
|
135
|
-
if (issuer)
|
|
47
|
+
if (typeof issuer === "string") {
|
|
136
48
|
jwtOptions.issuer = issuer;
|
|
49
|
+
}
|
|
137
50
|
const audience = normalizeAudience(options?.audience ?? this.audience);
|
|
138
51
|
if (audience)
|
|
139
52
|
jwtOptions.audience = audience;
|
|
@@ -154,14 +67,14 @@ class JWTAdapter {
|
|
|
154
67
|
throw new AdapterError_1.AdapterError("JWT sign failed");
|
|
155
68
|
}
|
|
156
69
|
}
|
|
157
|
-
// ================= VERIFY =================
|
|
158
70
|
verify(token, options) {
|
|
159
71
|
try {
|
|
160
72
|
const verifyOptions = {
|
|
161
73
|
algorithms: [this.algorithm]
|
|
162
74
|
};
|
|
163
|
-
if (this.issuer)
|
|
75
|
+
if (typeof this.issuer === "string") {
|
|
164
76
|
verifyOptions.issuer = this.issuer;
|
|
77
|
+
}
|
|
165
78
|
const audience = normalizeAudience(options?.audience ?? this.audience);
|
|
166
79
|
if (audience)
|
|
167
80
|
verifyOptions.audience = audience;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JWTAdapter.js","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":";AAAA,kCAAkC;AAClC,uCAAuC;AACvC,8DAA8D;AAC9D,uCAAuC;;;;;;AAEvC,uCAAuC;AACvC,sBAAsB;AACtB,mCAAmC;AACnC,iCAAiC;AACjC,uBAAuB;AACvB,oCAAoC;AACpC,IAAI;AAEJ,iCAAiC;AACjC,mCAAmC;AACnC,oBAAoB;AACpB,wBAAwB;AACxB,uBAAuB;AACvB,oCAAoC;AACpC,IAAI;AAEJ,4BAA4B;AAC5B,8BAA8B;AAC9B,2CAA2C;AAC3C,wCAAwC;AACxC,+BAA+B;AAC/B,4CAA4C;AAE5C,gDAAgD;AAChD,iCAAiC;AACjC,gEAAgE;AAChE,YAAY;AAEZ,4CAA4C;AAC5C,wDAAwD;AACxD,kCAAkC;AAClC,qCAAqC;AACrC,sDAAsD;AACtD,kBAAkB;AAClB,YAAY;AAEZ,wCAAwC;AACxC,8CAA8C;AAC9C,yDAAyD;AACzD,wCAAwC;AACxC,4CAA4C;AAC5C,QAAQ;AAER,qDAAqD;AACrD,gBAAgB;AAChB,oDAAoD;AACpD,6CAA6C;AAC7C,0DAA0D;AAC1D,gEAAgE;AAChE,uDAAuD;AACvD,4CAA4C;AAC5C,iBAAiB;AAEjB,sDAAsD;AACtD,mEAAmE;AACnE,yDAAyD;AACzD,gEAAgE;AAChE,gBAAgB;AAEhB,iEAAiE;AAEjE,+BAA+B;AAC/B,mDAAmD;AACnD,kCAAkC;AAClC,qCAAqC;AACrC,uCAAuC;AACvC,kBAAkB;AAElB,yDAAyD;AACzD,YAAY;AACZ,QAAQ;AAER,0EAA0E;AAC1E,gBAAgB;AAChB,yDAAyD;AACzD,gDAAgD;AAChD,uCAAuC;AACvC,2EAA2E;AAC3E,iBAAiB;AAEjB,oEAAoE;AAEpE,+BAA+B;AAC/B,wDAAwD;AACxD,kCAAkC;AAClC,uCAAuC;AACvC,uCAAuC;AACvC,kBAAkB;AAElB,uDAAuD;AACvD,mEAAmE;AACnE,gBAAgB;AAEhB,uDAAuD;AACvD,+DAA+D;AAC/D,gBAAgB;AAEhB,iEAAiE;AACjE,YAAY;AACZ,QAAQ;AACR,IAAI;AAIJ,gEAAkE;AAClE,mCAAoC;AACpC,8DAA2D;AAC3D,wCAAoC;AAoBpC,SAAS,iBAAiB,CACxB,GAAuB;IAEvB,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAA4B,CAAC;IACxD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAa,UAAU;IAOrB,YAAY,OAA0B;QACpC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,MAAM,IAAI,2BAAY,CAAC,wBAAwB,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC/B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACtC,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;aACpC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAsB,CAAC;IAClD,CAAC;IAED,2CAA2C;IAC3C,IAAI,CAAC,OAAe,EAAE,OAAqB;QACzC,IAAI,CAAC;YACH,MAAM,UAAU,GAAoB;gBAClC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,IAAA,mBAAU,GAAE;gBACnC,OAAO,EAAE,OAAO,EAAE,OAAO;aAC1B,CAAC;YAEF,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC;YAC9C,IAAI,MAAM;gBAAE,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC;YAEvC,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ;gBAAE,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE7C,MAAM,OAAO,GACX,OAAO,EAAE,SAAS,KAAK,SAAS;gBAC9B,CAAC,CAAE,OAAO,CAAC,SAAuB;gBAClC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;YAErB,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;gBAC1B,UAAU,CAAC,SAAS,GAAG,OAAO,CAAC;YACjC,CAAC;YAED,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,gBAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBACjC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,IAAI,2BAAY,CAAC,iBAAiB,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,MAAM,CAAC,KAAa,EAAE,OAA0C;QAC9D,IAAI,CAAC;YACH,MAAM,aAAa,GAAsB;gBACvC,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;aAC7B,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM;gBAAE,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YAEpD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ;gBAAE,aAAa,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAEhD,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,gBAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,GAAG,EAAE,OAAO;aACrB,CAAC,CAAC;YAEH,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAAY,CAAC,uBAAuB,CAAC,CAAC;YAClD,CAAC;YAED,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC;YAC9C,CAAC;YAED,MAAM,IAAI,2BAAY,CAAC,yBAAyB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;CACF;AA5FD,gCA4FC","sourcesContent":["// import jwt from \"jsonwebtoken\";\r\n// import { randomUUID } from \"crypto\";\r\n// import { AdapterError } from \"../core/errors/AdapterError\";\r\n// import { logger } from \"../logging\";\r\n\r\n// export interface JWTAdapterOptions {\r\n// secret: string;\r\n// expiresIn?: string | number;\r\n// algorithm?: jwt.Algorithm;\r\n// issuer?: string;\r\n// audience?: string | string[];\r\n// }\r\n\r\n// export interface SignOptions {\r\n// expiresIn?: string | number;\r\n// jti?: string;\r\n// subject?: string;\r\n// issuer?: string;\r\n// audience?: string | string[];\r\n// }\r\n\r\n// export class JWTAdapter {\r\n// private secret: string;\r\n// private expiresIn?: string | number;\r\n// private algorithm: jwt.Algorithm;\r\n// private issuer?: string;\r\n// private audience?: string | string[];\r\n\r\n// constructor(options: JWTAdapterOptions) {\r\n// if (!options.secret) {\r\n// throw new AdapterError(\"JWT secret is required\");\r\n// }\r\n\r\n// if (options.secret.length < 32) {\r\n// logger.warn(\"Weak JWT secret detected\", {\r\n// adapter: \"jwt\",\r\n// operation: \"init\",\r\n// secretLength: options.secret.length\r\n// });\r\n// }\r\n\r\n// this.secret = options.secret;\r\n// this.expiresIn = options.expiresIn;\r\n// this.algorithm = options.algorithm || \"HS256\";\r\n// this.issuer = options.issuer;\r\n// this.audience = options.audience;\r\n// }\r\n\r\n// sign(payload: object, options?: SignOptions) {\r\n// try {\r\n// const jwtOptions: jwt.SignOptions = {\r\n// algorithm: this.algorithm,\r\n// issuer: options?.issuer || this.issuer,\r\n// audience: options?.audience || this.audience,\r\n// jwtid: options?.jti || randomUUID(),\r\n// subject: options?.subject\r\n// };\r\n\r\n// if (options?.expiresIn !== undefined) {\r\n// jwtOptions.expiresIn = options.expiresIn as any;\r\n// } else if (this.expiresIn !== undefined) {\r\n// jwtOptions.expiresIn = this.expiresIn as any;\r\n// }\r\n\r\n// return jwt.sign(payload, this.secret, jwtOptions);\r\n\r\n// } catch (err: any) {\r\n// logger.error(\"JWT signing failed\", {\r\n// adapter: \"jwt\",\r\n// operation: \"sign\",\r\n// reason: err?.message\r\n// });\r\n\r\n// throw new AdapterError(\"JWT sign failed\");\r\n// }\r\n// }\r\n\r\n// verify(token: string, options?: { audience?: string | string[] }) {\r\n// try {\r\n// const verifyOptions: jwt.VerifyOptions = {\r\n// algorithms: [this.algorithm],\r\n// issuer: this.issuer,\r\n// audience: (options?.audience || this.audience) as string\r\n// };\r\n\r\n// return jwt.verify(token, this.secret, verifyOptions);\r\n\r\n// } catch (err: any) {\r\n// logger.error(\"JWT verification failed\", {\r\n// adapter: \"jwt\",\r\n// operation: \"verify\",\r\n// reason: err?.message\r\n// });\r\n\r\n// if (err?.name === \"TokenExpiredError\") {\r\n// throw new AdapterError(\"JWT token has expired\");\r\n// }\r\n\r\n// if (err?.name === \"JsonWebTokenError\") {\r\n// throw new AdapterError(\"Invalid JWT token\");\r\n// }\r\n\r\n// throw new AdapterError(\"JWT verification failed\");\r\n// }\r\n// }\r\n// }\r\n\r\n\r\n\r\nimport jwt, { SignOptions as JwtSignOptions } from \"jsonwebtoken\";\r\nimport { randomUUID } from \"crypto\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { logger } from \"../logging\";\r\n\r\ntype ExpiresIn = JwtSignOptions[\"expiresIn\"]; // ✅ important\r\n\r\nexport interface JWTAdapterOptions {\r\n secret: string;\r\n expiresIn?: string | number;\r\n algorithm?: jwt.Algorithm;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nexport interface SignOptions {\r\n expiresIn?: string | number;\r\n jti?: string;\r\n subject?: string;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nfunction normalizeAudience(\r\n aud?: string | string[]\r\n): string | [string, ...string[]] | undefined {\r\n if (!aud) return undefined;\r\n if (typeof aud === \"string\") return aud;\r\n if (aud.length > 0) return aud as [string, ...string[]];\r\n return undefined;\r\n}\r\n\r\nexport class JWTAdapter {\r\n private secret: string;\r\n private expiresIn?: ExpiresIn;\r\n private algorithm: jwt.Algorithm;\r\n private issuer?: string;\r\n private audience?: string | string[];\r\n\r\n constructor(options: JWTAdapterOptions) {\r\n if (!options.secret) {\r\n throw new AdapterError(\"JWT secret is required\");\r\n }\r\n\r\n if (options.secret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n adapter: \"jwt\",\r\n secretLength: options.secret.length\r\n });\r\n }\r\n\r\n this.secret = options.secret;\r\n this.algorithm = options.algorithm ?? \"HS256\";\r\n this.issuer = options.issuer;\r\n this.audience = options.audience;\r\n this.expiresIn = options.expiresIn as ExpiresIn;\r\n }\r\n\r\n // ================= SIGN =================\r\n sign(payload: object, options?: SignOptions) {\r\n try {\r\n const jwtOptions: jwt.SignOptions = {\r\n algorithm: this.algorithm,\r\n jwtid: options?.jti ?? randomUUID(),\r\n subject: options?.subject\r\n };\r\n\r\n const issuer = options?.issuer ?? this.issuer;\r\n if (issuer) jwtOptions.issuer = issuer;\r\n\r\n const audience = normalizeAudience(options?.audience ?? this.audience);\r\n if (audience) jwtOptions.audience = audience;\r\n\r\n const expires =\r\n options?.expiresIn !== undefined\r\n ? (options.expiresIn as ExpiresIn)\r\n : this.expiresIn;\r\n\r\n if (expires !== undefined) {\r\n jwtOptions.expiresIn = expires;\r\n }\r\n\r\n return jwt.sign(payload, this.secret, jwtOptions);\r\n } catch (err: any) {\r\n logger.error(\"JWT signing failed\", {\r\n adapter: \"jwt\",\r\n operation: \"sign\",\r\n reason: err?.message\r\n });\r\n throw new AdapterError(\"JWT sign failed\");\r\n }\r\n }\r\n\r\n // ================= VERIFY =================\r\n verify(token: string, options?: { audience?: string | string[] }) {\r\n try {\r\n const verifyOptions: jwt.VerifyOptions = {\r\n algorithms: [this.algorithm]\r\n };\r\n\r\n if (this.issuer) verifyOptions.issuer = this.issuer;\r\n\r\n const audience = normalizeAudience(options?.audience ?? this.audience);\r\n if (audience) verifyOptions.audience = audience;\r\n\r\n return jwt.verify(token, this.secret, verifyOptions);\r\n } catch (err: any) {\r\n logger.error(\"JWT verification failed\", {\r\n adapter: \"jwt\",\r\n operation: \"verify\",\r\n reason: err?.message\r\n });\r\n\r\n if (err?.name === \"TokenExpiredError\") {\r\n throw new AdapterError(\"JWT token has expired\");\r\n }\r\n\r\n if (err?.name === \"JsonWebTokenError\") {\r\n throw new AdapterError(\"Invalid JWT token\");\r\n }\r\n\r\n throw new AdapterError(\"JWT verification failed\");\r\n }\r\n }\r\n}\r\n"]}
|
|
1
|
+
{"version":3,"file":"JWTAdapter.js","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":";;;;;;AAAA,gEAAkE;AAClE,mCAAoC;AACpC,8DAA2D;AAC3D,wCAAoC;AAoBpC,SAAS,iBAAiB,CACxB,GAAuB;IAEvB,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAA4B,CAAC;IACxD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAa,UAAU;IAOrB,YAAY,OAA0B;QACpC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,MAAM,IAAI,2BAAY,CAAC,wBAAwB,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC/B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACtC,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;aACpC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAsB,CAAC;IAClD,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAqB;QACzC,IAAI,CAAC;YACH,MAAM,UAAU,GAAoB;gBAClC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,IAAA,mBAAU,GAAE;aACpC,CAAC;YAEF,IAAI,OAAO,OAAO,EAAE,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACzC,UAAU,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;YACvC,CAAC;YAED,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC;YAC9C,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;gBAC/B,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC;YAC7B,CAAC;YAED,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ;gBAAE,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE7C,MAAM,OAAO,GACX,OAAO,EAAE,SAAS,KAAK,SAAS;gBAC9B,CAAC,CAAE,OAAO,CAAC,SAAuB;gBAClC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;YAErB,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;gBAC1B,UAAU,CAAC,SAAS,GAAG,OAAO,CAAC;YACjC,CAAC;YAED,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,gBAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBACjC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,IAAI,2BAAY,CAAC,iBAAiB,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAAa,EAAE,OAA0C;QAC9D,IAAI,CAAC;YACH,MAAM,aAAa,GAAsB;gBACvC,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;aAC7B,CAAC;YAEF,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACpC,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YACrC,CAAC;YAED,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ;gBAAE,aAAa,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAEhD,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,gBAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,GAAG,EAAE,OAAO;aACrB,CAAC,CAAC;YAEH,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAAY,CAAC,uBAAuB,CAAC,CAAC;YAClD,CAAC;YAED,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC;YAC9C,CAAC;YAED,MAAM,IAAI,2BAAY,CAAC,yBAAyB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;CACF;AAjGD,gCAiGC","sourcesContent":["import jwt, { SignOptions as JwtSignOptions } from \"jsonwebtoken\";\r\nimport { randomUUID } from \"crypto\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { logger } from \"../logging\";\r\n\r\ntype ExpiresIn = JwtSignOptions[\"expiresIn\"];\r\n\r\nexport interface JWTAdapterOptions {\r\n secret: string;\r\n expiresIn?: string | number;\r\n algorithm?: jwt.Algorithm;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nexport interface SignOptions {\r\n expiresIn?: string | number;\r\n jti?: string;\r\n subject?: string;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nfunction normalizeAudience(\r\n aud?: string | string[]\r\n): string | [string, ...string[]] | undefined {\r\n if (!aud) return undefined;\r\n if (typeof aud === \"string\") return aud;\r\n if (aud.length > 0) return aud as [string, ...string[]];\r\n return undefined;\r\n}\r\n\r\nexport class JWTAdapter {\r\n private secret: string;\r\n private expiresIn?: ExpiresIn;\r\n private algorithm: jwt.Algorithm;\r\n private issuer?: string;\r\n private audience?: string | string[];\r\n\r\n constructor(options: JWTAdapterOptions) {\r\n if (!options.secret) {\r\n throw new AdapterError(\"JWT secret is required\");\r\n }\r\n\r\n if (options.secret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n adapter: \"jwt\",\r\n secretLength: options.secret.length\r\n });\r\n }\r\n\r\n this.secret = options.secret;\r\n this.algorithm = options.algorithm ?? \"HS256\";\r\n this.issuer = options.issuer;\r\n this.audience = options.audience;\r\n this.expiresIn = options.expiresIn as ExpiresIn;\r\n }\r\n\r\n sign(payload: object, options?: SignOptions) {\r\n try {\r\n const jwtOptions: jwt.SignOptions = {\r\n algorithm: this.algorithm,\r\n jwtid: options?.jti ?? randomUUID()\r\n };\r\n\r\n if (typeof options?.subject === \"string\") {\r\n jwtOptions.subject = options.subject;\r\n }\r\n\r\n const issuer = options?.issuer ?? this.issuer;\r\n if (typeof issuer === \"string\") {\r\n jwtOptions.issuer = issuer;\r\n }\r\n\r\n const audience = normalizeAudience(options?.audience ?? this.audience);\r\n if (audience) jwtOptions.audience = audience;\r\n\r\n const expires =\r\n options?.expiresIn !== undefined\r\n ? (options.expiresIn as ExpiresIn)\r\n : this.expiresIn;\r\n\r\n if (expires !== undefined) {\r\n jwtOptions.expiresIn = expires;\r\n }\r\n\r\n return jwt.sign(payload, this.secret, jwtOptions);\r\n } catch (err: any) {\r\n logger.error(\"JWT signing failed\", {\r\n adapter: \"jwt\",\r\n operation: \"sign\",\r\n reason: err?.message\r\n });\r\n throw new AdapterError(\"JWT sign failed\");\r\n }\r\n }\r\n\r\n verify(token: string, options?: { audience?: string | string[] }) {\r\n try {\r\n const verifyOptions: jwt.VerifyOptions = {\r\n algorithms: [this.algorithm]\r\n };\r\n\r\n if (typeof this.issuer === \"string\") {\r\n verifyOptions.issuer = this.issuer;\r\n }\r\n\r\n const audience = normalizeAudience(options?.audience ?? this.audience);\r\n if (audience) verifyOptions.audience = audience;\r\n\r\n return jwt.verify(token, this.secret, verifyOptions);\r\n } catch (err: any) {\r\n logger.error(\"JWT verification failed\", {\r\n adapter: \"jwt\",\r\n operation: \"verify\",\r\n reason: err?.message\r\n });\r\n\r\n if (err?.name === \"TokenExpiredError\") {\r\n throw new AdapterError(\"JWT token has expired\");\r\n }\r\n\r\n if (err?.name === \"JsonWebTokenError\") {\r\n throw new AdapterError(\"Invalid JWT token\");\r\n }\r\n\r\n throw new AdapterError(\"JWT verification failed\");\r\n }\r\n }\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"HiSecure.d.ts","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"HiSecure.d.ts","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAiC3D,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAE3E,KAAK,gBAAgB,GAAG,QAAQ,GAAG,KAAK,GAAG,QAAQ,CAAC;AAEpD,qBAAa,QAAQ;IACnB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAyB;IAEhD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiB;IACxC,OAAO,CAAC,WAAW,CAAS;IAE5B,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,gBAAgB,CAAoB;IAC5C,OAAO,CAAC,gBAAgB,CAAoB;IAC5C,OAAO,CAAC,gBAAgB,CAAoB;IAC5C,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,WAAW,CAAC,CAAc;IAElC,OAAO;IAIP,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,QAAQ;IAU3D,OAAO,CAAC,MAAM,CAAC,GAAG;IAOlB,OAAO,CAAC,SAAS;IA6DjB,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE;IAM9D,MAAM,CAAC,GAAG;sBACM,MAAM,YAAY,GAAG;sBAMrB,MAAM;;mCAOK,MAAM;;MAO/B;IAEF,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,gBAAgB;IAIxC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,GAAG;IAI7B,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,QAAQ,GAAG,SAAS,GAAG,KAAK,GAAG,MAAM;IAgB9D,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG;kBA7JO,CAAC;;;iBAID,CAAC;IA6JjC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG;WAKZ,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAOjD,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAI5D,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,aAAa,GAAG,gBAAgB;IAe5D,OAAO,CAAC,WAAW;CAqBpB"}
|
package/dist/core/HiSecure.js
CHANGED
|
@@ -1,10 +1,4 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
// import { HiSecureConfig } from "./types/HiSecureConfig.js";
|
|
3
|
-
// import { defaultConfig } from "./config.js";
|
|
4
|
-
// import { LIB_NAME, LIB_VERSION } from "./constants.js";
|
|
5
|
-
// import { deepMerge } from "../utils/deepMerge.js";
|
|
6
|
-
// import { deepFreeze } from "../utils/deepFreeze.js";
|
|
7
|
-
// import { logger } from "../logging";
|
|
8
2
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
9
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
10
4
|
};
|
|
@@ -42,7 +36,6 @@ class HiSecure {
|
|
|
42
36
|
this.initialized = false;
|
|
43
37
|
this.config = config;
|
|
44
38
|
}
|
|
45
|
-
// ================= INIT (ONLY ONCE) =================
|
|
46
39
|
static init(userConfig) {
|
|
47
40
|
if (HiSecure.instance)
|
|
48
41
|
return HiSecure.instance;
|
|
@@ -66,7 +59,6 @@ class HiSecure {
|
|
|
66
59
|
lib: constants_js_1.LIB_NAME,
|
|
67
60
|
version: constants_js_1.LIB_VERSION
|
|
68
61
|
});
|
|
69
|
-
// ===== Core Managers =====
|
|
70
62
|
this.hashManager = new HashManager_js_1.HashManager(this.config.hashing, this.config.hashing.primary === "argon2"
|
|
71
63
|
? new ArgonAdapter_js_1.ArgonAdapter()
|
|
72
64
|
: new BcryptAdapter_js_1.BcryptAdapter(this.config.hashing.saltRounds), this.config.hashing.fallback
|
|
@@ -79,7 +71,6 @@ class HiSecure {
|
|
|
79
71
|
this.sanitizerManager = new SanitizerManager_js_1.SanitizerManager(new SanitizeHtmlAdapter_js_1.SanitizeHtmlAdapter(this.config.sanitizer), new XSSAdapter_js_1.XSSAdapter(this.config.sanitizer));
|
|
80
72
|
this.jsonManager = new JsonManager_js_1.JsonManager();
|
|
81
73
|
this.corsManager = new CorsManager_js_1.CorsManager();
|
|
82
|
-
// ===== AUTH (OPTIONAL) =====
|
|
83
74
|
if (this.config.auth?.enabled) {
|
|
84
75
|
this.authManager = new AuthManager_js_1.AuthManager({
|
|
85
76
|
jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret,
|
|
@@ -97,14 +88,12 @@ class HiSecure {
|
|
|
97
88
|
layer: "hisecure-core"
|
|
98
89
|
});
|
|
99
90
|
}
|
|
100
|
-
// ================= AUTH =================
|
|
101
91
|
static auth(options) {
|
|
102
92
|
const i = HiSecure.get();
|
|
103
93
|
if (!i.authManager)
|
|
104
94
|
throw new Error("Auth not enabled");
|
|
105
95
|
return i.authManager.protect(options);
|
|
106
96
|
}
|
|
107
|
-
// ================= OTHER UTILS =================
|
|
108
97
|
static validate(schema) {
|
|
109
98
|
return HiSecure.get().validatorManager.validate(schema);
|
|
110
99
|
}
|
|
@@ -139,7 +128,6 @@ class HiSecure {
|
|
|
139
128
|
static verify(value, hash) {
|
|
140
129
|
return HiSecure.get().hashManager.verify(value, hash);
|
|
141
130
|
}
|
|
142
|
-
// ================= GLOBAL MIDDLEWARE =================
|
|
143
131
|
static middleware(options) {
|
|
144
132
|
const i = HiSecure.get();
|
|
145
133
|
const presets = {
|
|
@@ -174,7 +162,6 @@ class HiSecure {
|
|
|
174
162
|
}
|
|
175
163
|
exports.HiSecure = HiSecure;
|
|
176
164
|
HiSecure.instance = null;
|
|
177
|
-
// ================= JWT =================
|
|
178
165
|
HiSecure.jwt = {
|
|
179
166
|
sign(payload, options) {
|
|
180
167
|
const i = HiSecure.get();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"HiSecure.js","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":";AAAA,8DAA8D;AAC9D,+CAA+C;AAC/C,0DAA0D;AAC1D,qDAAqD;AACrD,uDAAuD;AACvD,uCAAuC;;;;;;AAoUvC,2CAA4C;AAC5C,iDAAuD;AACvD,wDAAkD;AAClD,0DAAoD;AACpD,wCAAoC;AAEpC,WAAW;AACX,iEAA2D;AAC3D,mEAA6D;AAC7D,2EAAqE;AACrE,yEAAmE;AACnE,6DAAuD;AACvD,uFAAiF;AACjF,+EAAyE;AACzE,6DAAuD;AAEvD,WAAW;AACX,+DAAyD;AACzD,yEAAmE;AACnE,yEAAmE;AACnE,yEAAmE;AACnE,+DAAyD;AACzD,+DAAyD;AACzD,+DAAyD;AAEzD,cAAc;AACd,oDAA4B;AAC5B,8CAAsB;AACtB,8DAAsC;AACtC,oEAA8D;AAO9D,MAAa,QAAQ;IAcnB,YAAoB,MAAsB;QAVlC,gBAAW,GAAG,KAAK,CAAC;QAW1B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,uDAAuD;IACvD,MAAM,CAAC,IAAI,CAAC,UAAoC;QAC9C,IAAI,QAAQ,CAAC,QAAQ;YAAE,OAAO,QAAQ,CAAC,QAAQ,CAAC;QAEhD,MAAM,WAAW,GAAG,IAAA,wBAAS,EAAC,yBAAa,EAAE,UAAU,IAAI,EAAE,CAAC,CAAC;QAC/D,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC3C,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,QAAQ,CAAC,SAAS,EAAE,CAAC;QACrB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,MAAM,CAAC,GAAG;QAChB,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO,QAAQ,CAAC,QAAQ,CAAC;IAC3B,CAAC;IAEO,SAAS;QACf,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;YAC9C,KAAK,EAAE,eAAe;YACtB,GAAG,EAAE,uBAAQ;YACb,OAAO,EAAE,0BAAW;SACrB,CAAC,CAAC;QAEH,4BAA4B;QAC5B,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAChC,IAAI,CAAC,MAAM,CAAC,OAAO,EACnB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,KAAK,QAAQ;YACtC,CAAC,CAAC,IAAI,8BAAY,EAAE;YACpB,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EACrD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ;YAC1B,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;YACnD,CAAC,CAAC,IAAI,CACT,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe;YACrC,CAAC,CAAC,IAAI,wCAAiB,EAAE;YACzB,CAAC,CAAC,IAAI,sCAAgB,EAAE,EAC1B,IAAI,sCAAgB,EAAE,CACvB,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,0BAAU,EAAE,EAChB,IAAI,oDAAuB,EAAE,CAC9B,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,4CAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAC9C,IAAI,0BAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CACtC,CAAC;QAEF,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QAErC,8BAA8B;QAC9B,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;YAC9B,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAAC;gBACjC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU;gBAChE,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBAC3C,cAAc,EACZ,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc;aAClE,CAAC,CAAC;YAEH,gBAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,IAAA,0BAAU,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAExB,gBAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE;YAChD,KAAK,EAAE,eAAe;SACvB,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,MAAM,CAAC,IAAI,CAAC,OAAkD;QAC5D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;IA0BD,kDAAkD;IAClD,MAAM,CAAC,QAAQ,CAAC,MAAwB;QACtC,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,OAAa;QAC3B,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,CAAC,SAAS,CAAC,MAA6C;QAC5D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QAEzB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG;gBACd,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC1B,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;gBAC5B,GAAG,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE;aACZ,CAAC;YAEX,OAAO,CAAC,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,CAAC,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACvB,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACvB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAa;QAC7B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE;YAC5D,aAAa,EAAE,IAAI;SACpB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,KAAa,EAAE,IAAY;QACvC,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,wDAAwD;IACxD,MAAM,CAAC,UAAU,CAAC,OAA0C;QAC1D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QAEzB,MAAM,OAAO,GAA4C;YACvD,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;YACvE,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE;YACzD,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;SACxC,CAAC;QAEF,MAAM,YAAY,GAChB,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC;QAEjE,OAAO,CAAC,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;IACrC,CAAC;IAEO,WAAW,CAAC,OAAsB;QACxC,MAAM,KAAK,GAAU,EAAE,CAAC;QAExB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAEhE,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,gBAAM,GAAE,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,aAAG,GAAE,CAAC,CAAC;QAC7C,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB;YAC/B,KAAK,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;QAEnD,IAAI,OAAO,CAAC,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;QAC5D,IAAI,OAAO,CAAC,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC,CAAC;QACrE,IAAI,OAAO,CAAC,SAAS;YACnB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QACnD,IAAI,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW;YAClC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;QAEzC,KAAK,CAAC,IAAI,CAAC,8BAAY,CAAC,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;;AAnNH,4BAoNC;AAnNgB,iBAAQ,GAAoB,IAAI,AAAxB,CAAyB;AAyGhD,0CAA0C;AACnC,YAAG,GAAG;IACX,IAAI,CAAC,OAAe,EAAE,OAAa;QACjC,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,CAAC,KAAa;QAClB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,EAAE;QACN,aAAa,CAAC,OAAe;YAC3B,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,CAAC,WAAW;gBAChB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAC/C,OAAO,CAAC,CAAC,WAAW,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACpD,CAAC;KACF;CACF,AArBS,CAqBR","sourcesContent":["// import { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\n// import { defaultConfig } from \"./config.js\";\r\n// import { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\n// import { deepMerge } from \"../utils/deepMerge.js\";\r\n// import { deepFreeze } from \"../utils/deepFreeze.js\";\r\n// import { logger } from \"../logging\";\r\n\r\n// // Adapters\r\n// import { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\n// import { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\n// import { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\n// import { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\n// import { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\n// import { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\n// import { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\n// import { XSSAdapter } from \"../adapters/XSSAdapter.js\";\r\n\r\n// // Managers\r\n// import { HashManager } from \"../managers/HashManager.js\";\r\n// import { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\n// import { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\n// import { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\n// import { JsonManager } from \"../managers/JsonManager.js\";\r\n// import { CorsManager } from \"../managers/CorsManager.js\";\r\n// import { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// // Middlewares\r\n// import helmet from \"helmet\";\r\n// import hpp from \"hpp\";\r\n// import compression from \"compression\";\r\n// import { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// // Types\r\n// import { SecureOptions, ValidationSchema } from \"./types/SecureOptions.js\";\r\n\r\n// export class HiSecure {\r\n// private static instance: HiSecure | null = null;\r\n// private config: HiSecureConfig;\r\n// private initialized = false;\r\n\r\n// // Managers\r\n// public hashManager!: HashManager;\r\n// public rateLimitManager!: RateLimitManager;\r\n// public validatorManager!: ValidatorManager;\r\n// public sanitizerManager!: SanitizerManager;\r\n// public jsonManager!: JsonManager;\r\n// public corsManager!: CorsManager;\r\n// public authManager?: AuthManager;\r\n\r\n// // Internal adapters\r\n// private hashingPrimary: any;\r\n// private hashingFallback: any;\r\n// private rateLimiterPrimary: any;\r\n// private rateLimiterFallback: any;\r\n// private sanitizerPrimary: any;\r\n// private sanitizerFallback: any;\r\n\r\n// private constructor(userConfig: Partial<HiSecureConfig> = {}) {\r\n// this.config = deepMerge(defaultConfig, userConfig);\r\n// }\r\n\r\n// // Singleton & Init\r\n\r\n// static getInstance(config?: Partial<HiSecureConfig>): HiSecure {\r\n// if (!HiSecure.instance) {\r\n// logger.info(\"Creating HiSecure singleton\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n// HiSecure.instance = new HiSecure(config);\r\n// HiSecure.instance.init();\r\n// }\r\n// return HiSecure.instance;\r\n// }\r\n\r\n// static resetInstance(): void {\r\n// HiSecure.instance = null;\r\n// }\r\n\r\n// init(): void {\r\n// if (this.initialized) {\r\n// logger.warn(\"Initialization skipped (already initialized)\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n// return;\r\n// }\r\n\r\n// logger.info(\"Framework initialization started\", {\r\n// layer: \"hisecure-core\",\r\n// lib: LIB_NAME,\r\n// version: LIB_VERSION\r\n// });\r\n\r\n// this.setupAdapters();\r\n// this.setupManagers();\r\n// this.setupDynamicManagers();\r\n\r\n// deepFreeze(this.config);\r\n// this.initialized = true;\r\n\r\n// logger.info(\"Framework initialized successfully\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n// }\r\n\r\n// // Public Fluent API\r\n// static auth(options?: { required?: boolean; roles?: string[] }) {\r\n// const instance = this.getInstance();\r\n// if (!instance.authManager) {\r\n// throw new Error(\"Auth not enabled. Set auth.enabled=true in config.\");\r\n// }\r\n// return instance.authManager.protect(options);\r\n// }\r\n\r\n// static validate(schema: ValidationSchema) {\r\n// return this.getInstance().validatorManager.validate(schema);\r\n// }\r\n\r\n// static sanitize(options?: any) {\r\n// return this.getInstance().sanitizerManager.middleware(options);\r\n// }\r\n\r\n// static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n// const instance = this.getInstance();\r\n\r\n// if (typeof preset === \"string\") {\r\n// logger.info(\"Rate limit preset applied\", {\r\n// layer: \"hisecure-core\",\r\n// preset\r\n// });\r\n\r\n// const presets: any = {\r\n// strict: { mode: \"strict\" },\r\n// relaxed: { mode: \"relaxed\" },\r\n// api: { mode: \"api\" }\r\n// };\r\n// return instance.rateLimitManager.middleware(presets[preset]);\r\n// }\r\n\r\n// return instance.rateLimitManager.middleware({ options: preset });\r\n// }\r\n\r\n// static cors(options?: any) {\r\n// return this.getInstance().corsManager.middleware(options);\r\n// }\r\n\r\n// static json(options?: any) {\r\n// const instance = this.getInstance();\r\n// return [\r\n// instance.jsonManager.middleware(options),\r\n// instance.jsonManager.urlencoded()\r\n// ];\r\n// }\r\n\r\n// // Utilities\r\n\r\n// static async hash(value: string): Promise<string> {\r\n// const instance = this.getInstance();\r\n// const result = await instance.hashManager.hash(value, { allowFallback: true });\r\n// return result.hash;\r\n// }\r\n\r\n// static async verify(value: string, hash: string): Promise<boolean> {\r\n// return this.getInstance().hashManager.verify(value, hash);\r\n// }\r\n\r\n// static jwt = {\r\n// sign: (payload: object, options?: any) =>\r\n// HiSecure.getInstance().authManager!.sign(payload, options),\r\n\r\n// verify: (token: string) =>\r\n// HiSecure.getInstance().authManager!.verify(token),\r\n\r\n// google: {\r\n// verifyIdToken: (idToken: string) =>\r\n// HiSecure.getInstance().authManager!.verifyGoogleIdToken(idToken)\r\n// }\r\n// };\r\n\r\n// // Global Middleware - globalLevel\r\n// static middleware(options?: SecureOptions | \"api\" | \"strict\" | \"public\") {\r\n// const instance = this.getInstance();\r\n\r\n// if (typeof options === \"string\") {\r\n// logger.info(\"Global middleware preset applied\", {\r\n// layer: \"hisecure-core\",\r\n// preset: options\r\n// });\r\n\r\n// const presets: any = {\r\n// api: { cors: true, rateLimit: \"relaxed\", sanitize: true },\r\n// strict: { cors: true, rateLimit: \"strict\", sanitize: true, auth: true },\r\n// public: { cors: true, rateLimit: true, sanitize: false }\r\n// };\r\n\r\n// return instance.createMiddlewareChain(presets[options] || {});\r\n// }\r\n\r\n// return instance.createMiddlewareChain(options || {});\r\n// }\r\n\r\n// // Internal Setup\r\n\r\n// private setupAdapters() {\r\n// logger.info(\"Adapters setup started\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n\r\n// this.hashingPrimary =\r\n// this.config.hashing.primary === \"argon2\"\r\n// ? new ArgonAdapter()\r\n// : new BcryptAdapter(this.config.hashing.saltRounds);\r\n\r\n// this.hashingFallback =\r\n// this.config.hashing.fallback === \"bcrypt\"\r\n// ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n// : null;\r\n\r\n// logger.info(\"Hashing adapters configured\", {\r\n// layer: \"hisecure-core\",\r\n// primary: this.config.hashing.primary,\r\n// fallback: this.config.hashing.fallback ?? null\r\n// });\r\n\r\n// this.rateLimiterPrimary = this.config.rateLimiter.useAdaptiveMode\r\n// ? new RLFlexibleAdapter()\r\n// : new ExpressRLAdapter();\r\n\r\n// this.rateLimiterFallback = new ExpressRLAdapter();\r\n\r\n// logger.info(\"Rate limiter adapters configured\", {\r\n// layer: \"hisecure-core\",\r\n// adaptive: this.config.rateLimiter.useAdaptiveMode\r\n// });\r\n\r\n// this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);\r\n// this.sanitizerFallback = new XSSAdapter(this.config.sanitizer);\r\n\r\n// logger.info(\"Sanitizer adapters configured\", {\r\n// layer: \"hisecure-core\",\r\n// primary: \"sanitize-html\",\r\n// fallback: \"xss\"\r\n// });\r\n// }\r\n\r\n// private setupManagers() {\r\n// this.hashManager = new HashManager(\r\n// this.config.hashing,\r\n// this.hashingPrimary,\r\n// this.hashingFallback\r\n// );\r\n\r\n// this.rateLimitManager = new RateLimitManager(\r\n// this.config.rateLimiter,\r\n// this.rateLimiterPrimary,\r\n// this.rateLimiterFallback\r\n// );\r\n\r\n// this.validatorManager = new ValidatorManager(\r\n// new ZodAdapter(),\r\n// new ExpressValidatorAdapter()\r\n// );\r\n\r\n// this.sanitizerManager = new SanitizerManager(\r\n// this.sanitizerPrimary,\r\n// this.sanitizerFallback\r\n// );\r\n\r\n// logger.info(\"Core managers initialized\", {\r\n// layer: \"hisecure-core\",\r\n// managers: [\"hash\", \"rate-limit\", \"validator\", \"sanitizer\"]\r\n// });\r\n// }\r\n\r\n// private setupDynamicManagers() {\r\n// this.jsonManager = new JsonManager();\r\n// this.corsManager = new CorsManager();\r\n\r\n// if (this.config.auth.enabled) {\r\n// this.authManager = new AuthManager({\r\n// jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,\r\n// jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n// googleClientId:\r\n// process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId\r\n// });\r\n\r\n// logger.info(\"Authentication enabled\", {\r\n// layer: \"hisecure-core\",\r\n// google: !!this.config.auth.googleClientId\r\n// });\r\n// } else {\r\n// logger.info(\"Authentication disabled\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n// }\r\n// }\r\n\r\n// private createMiddlewareChain(options: SecureOptions): any[] {\r\n// const chain: any[] = [];\r\n\r\n// chain.push(this.jsonManager.middleware(this.config.json));\r\n// chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n\r\n// if (this.config.enableHelmet) chain.push(helmet());\r\n// if (this.config.enableHPP) chain.push(hpp());\r\n\r\n// if (this.config.enableCompression)\r\n// chain.push(compression(this.config.compression));\r\n\r\n// if (options.cors) chain.push(this.corsManager.middleware(this.config.cors));\r\n// if (options.sanitize)\r\n// chain.push(this.sanitizerManager.middleware());\r\n\r\n// if (options.rateLimit)\r\n// chain.push(this.rateLimitManager.middleware({}));\r\n\r\n// if (options.auth && this.authManager)\r\n// chain.push(this.authManager.protect());\r\n\r\n// chain.push(errorHandler);\r\n// return chain;\r\n// }\r\n// }\r\n\r\n\r\n\r\n\r\n\r\n\r\nimport { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\nimport { defaultConfig } from \"./config.js\";\r\nimport { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\nimport { deepMerge } from \"../utils/deepMerge.js\";\r\nimport { deepFreeze } from \"../utils/deepFreeze.js\";\r\nimport { logger } from \"../logging\";\r\n\r\n// Adapters\r\nimport { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\nimport { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\nimport { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\nimport { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\nimport { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\nimport { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\nimport { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\nimport { XSSAdapter } from \"../adapters/XSSAdapter.js\";\r\n\r\n// Managers\r\nimport { HashManager } from \"../managers/HashManager.js\";\r\nimport { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\nimport { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\nimport { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\nimport { JsonManager } from \"../managers/JsonManager.js\";\r\nimport { CorsManager } from \"../managers/CorsManager.js\";\r\nimport { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// Middlewares\r\nimport helmet from \"helmet\";\r\nimport hpp from \"hpp\";\r\nimport compression from \"compression\";\r\nimport { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// Types\r\nimport { SecureOptions, ValidationSchema } from \"./types/SecureOptions.js\";\r\n\r\ntype MiddlewarePreset = \"strict\" | \"api\" | \"public\";\r\n\r\nexport class HiSecure {\r\n private static instance: HiSecure | null = null;\r\n\r\n private readonly config: HiSecureConfig;\r\n private initialized = false;\r\n\r\n private hashManager!: HashManager;\r\n private rateLimitManager!: RateLimitManager;\r\n private validatorManager!: ValidatorManager;\r\n private sanitizerManager!: SanitizerManager;\r\n private jsonManager!: JsonManager;\r\n private corsManager!: CorsManager;\r\n private authManager?: AuthManager;\r\n\r\n private constructor(config: HiSecureConfig) {\r\n this.config = config;\r\n }\r\n\r\n // ================= INIT (ONLY ONCE) =================\r\n static init(userConfig?: Partial<HiSecureConfig>): HiSecure {\r\n if (HiSecure.instance) return HiSecure.instance;\r\n\r\n const finalConfig = deepMerge(defaultConfig, userConfig ?? {});\r\n const instance = new HiSecure(finalConfig);\r\n HiSecure.instance = instance;\r\n instance.bootstrap();\r\n return instance;\r\n }\r\n\r\n private static get(): HiSecure {\r\n if (!HiSecure.instance) {\r\n throw new Error(\"HiSecure not initialized. Call HiSecure.init() first.\");\r\n }\r\n return HiSecure.instance;\r\n }\r\n\r\n private bootstrap(): void {\r\n if (this.initialized) return;\r\n\r\n logger.info(\"Framework initialization started\", {\r\n layer: \"hisecure-core\",\r\n lib: LIB_NAME,\r\n version: LIB_VERSION\r\n });\r\n\r\n // ===== Core Managers =====\r\n this.hashManager = new HashManager(\r\n this.config.hashing,\r\n this.config.hashing.primary === \"argon2\"\r\n ? new ArgonAdapter()\r\n : new BcryptAdapter(this.config.hashing.saltRounds),\r\n this.config.hashing.fallback\r\n ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n : null\r\n );\r\n\r\n this.rateLimitManager = new RateLimitManager(\r\n this.config.rateLimiter,\r\n this.config.rateLimiter.useAdaptiveMode\r\n ? new RLFlexibleAdapter()\r\n : new ExpressRLAdapter(),\r\n new ExpressRLAdapter()\r\n );\r\n\r\n this.validatorManager = new ValidatorManager(\r\n new ZodAdapter(),\r\n new ExpressValidatorAdapter()\r\n );\r\n\r\n this.sanitizerManager = new SanitizerManager(\r\n new SanitizeHtmlAdapter(this.config.sanitizer),\r\n new XSSAdapter(this.config.sanitizer)\r\n );\r\n\r\n this.jsonManager = new JsonManager();\r\n this.corsManager = new CorsManager();\r\n\r\n // ===== AUTH (OPTIONAL) =====\r\n if (this.config.auth?.enabled) {\r\n this.authManager = new AuthManager({\r\n jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,\r\n jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n googleClientId:\r\n process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId\r\n });\r\n\r\n logger.info(\"Authentication enabled\", { layer: \"hisecure-core\" });\r\n } else {\r\n logger.info(\"Authentication disabled\", { layer: \"hisecure-core\" });\r\n }\r\n\r\n deepFreeze(this.config);\r\n this.initialized = true;\r\n\r\n logger.info(\"Framework initialized successfully\", {\r\n layer: \"hisecure-core\"\r\n });\r\n }\r\n\r\n // ================= AUTH =================\r\n static auth(options?: { required?: boolean; roles?: string[] }) {\r\n const i = HiSecure.get();\r\n if (!i.authManager) throw new Error(\"Auth not enabled\");\r\n return i.authManager.protect(options);\r\n }\r\n\r\n // ================= JWT =================\r\n static jwt = {\r\n sign(payload: object, options?: any) {\r\n const i = HiSecure.get();\r\n if (!i.authManager) throw new Error(\"Auth not enabled\");\r\n return i.authManager.sign(payload, options);\r\n },\r\n\r\n verify(token: string) {\r\n const i = HiSecure.get();\r\n if (!i.authManager) throw new Error(\"Auth not enabled\");\r\n return i.authManager.verify(token);\r\n },\r\n\r\n google: {\r\n verifyIdToken(idToken: string) {\r\n const i = HiSecure.get();\r\n if (!i.authManager)\r\n throw new Error(\"Auth not enabled (Google)\");\r\n return i.authManager.verifyGoogleIdToken(idToken);\r\n }\r\n }\r\n };\r\n\r\n // ================= OTHER UTILS =================\r\n static validate(schema: ValidationSchema) {\r\n return HiSecure.get().validatorManager.validate(schema);\r\n }\r\n\r\n static sanitize(options?: any) {\r\n return HiSecure.get().sanitizerManager.middleware(options);\r\n }\r\n\r\n static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n const i = HiSecure.get();\r\n\r\n if (typeof preset === \"string\") {\r\n const presets = {\r\n strict: { mode: \"strict\" },\r\n relaxed: { mode: \"relaxed\" },\r\n api: { mode: \"api\" }\r\n } as const;\r\n\r\n return i.rateLimitManager.middleware(presets[preset]);\r\n }\r\n\r\n return i.rateLimitManager.middleware({ options: preset });\r\n }\r\n\r\n static cors(options?: any) {\r\n return HiSecure.get().corsManager.middleware(options);\r\n }\r\n\r\n static json(options?: any) {\r\n const i = HiSecure.get();\r\n return [i.jsonManager.middleware(options), i.jsonManager.urlencoded()];\r\n }\r\n\r\n static async hash(value: string): Promise<string> {\r\n const { hash } = await HiSecure.get().hashManager.hash(value, {\r\n allowFallback: true\r\n });\r\n return hash;\r\n }\r\n\r\n static verify(value: string, hash: string): Promise<boolean> {\r\n return HiSecure.get().hashManager.verify(value, hash);\r\n }\r\n\r\n // ================= GLOBAL MIDDLEWARE =================\r\n static middleware(options?: SecureOptions | MiddlewarePreset) {\r\n const i = HiSecure.get();\r\n\r\n const presets: Record<MiddlewarePreset, SecureOptions> = {\r\n strict: { cors: true, rateLimit: \"strict\", sanitize: true, auth: true },\r\n api: { cors: true, rateLimit: \"relaxed\", sanitize: true },\r\n public: { cors: true, rateLimit: true }\r\n };\r\n\r\n const finalOptions =\r\n typeof options === \"string\" ? presets[options] : options ?? {};\r\n\r\n return i.createChain(finalOptions);\r\n }\r\n\r\n private createChain(options: SecureOptions): any[] {\r\n const chain: any[] = [];\r\n\r\n chain.push(this.jsonManager.middleware(this.config.json));\r\n chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n\r\n if (this.config.enableHelmet) chain.push(helmet());\r\n if (this.config.enableHPP) chain.push(hpp());\r\n if (this.config.enableCompression)\r\n chain.push(compression(this.config.compression));\r\n\r\n if (options.cors) chain.push(this.corsManager.middleware());\r\n if (options.sanitize) chain.push(this.sanitizerManager.middleware());\r\n if (options.rateLimit)\r\n chain.push(this.rateLimitManager.middleware({}));\r\n if (options.auth && this.authManager)\r\n chain.push(this.authManager.protect());\r\n\r\n chain.push(errorHandler);\r\n return chain;\r\n }\r\n}\r\n"]}
|
|
1
|
+
{"version":3,"file":"HiSecure.js","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":";;;;;;AACA,2CAA4C;AAC5C,iDAAuD;AACvD,wDAAkD;AAClD,0DAAoD;AACpD,wCAAoC;AAEpC,WAAW;AACX,iEAA2D;AAC3D,mEAA6D;AAC7D,2EAAqE;AACrE,yEAAmE;AACnE,6DAAuD;AACvD,uFAAiF;AACjF,+EAAyE;AACzE,6DAAuD;AAEvD,WAAW;AACX,+DAAyD;AACzD,yEAAmE;AACnE,yEAAmE;AACnE,yEAAmE;AACnE,+DAAyD;AACzD,+DAAyD;AACzD,+DAAyD;AAEzD,cAAc;AACd,oDAA4B;AAC5B,8CAAsB;AACtB,8DAAsC;AACtC,oEAA8D;AAO9D,MAAa,QAAQ;IAcnB,YAAoB,MAAsB;QAVlC,gBAAW,GAAG,KAAK,CAAC;QAW1B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,UAAoC;QAC9C,IAAI,QAAQ,CAAC,QAAQ;YAAE,OAAO,QAAQ,CAAC,QAAQ,CAAC;QAEhD,MAAM,WAAW,GAAG,IAAA,wBAAS,EAAC,yBAAa,EAAE,UAAU,IAAI,EAAE,CAAC,CAAC;QAC/D,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC3C,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,QAAQ,CAAC,SAAS,EAAE,CAAC;QACrB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,MAAM,CAAC,GAAG;QAChB,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO,QAAQ,CAAC,QAAQ,CAAC;IAC3B,CAAC;IAEO,SAAS;QACf,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;YAC9C,KAAK,EAAE,eAAe;YACtB,GAAG,EAAE,uBAAQ;YACb,OAAO,EAAE,0BAAW;SACrB,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAChC,IAAI,CAAC,MAAM,CAAC,OAAO,EACnB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,KAAK,QAAQ;YACtC,CAAC,CAAC,IAAI,8BAAY,EAAE;YACpB,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EACrD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ;YAC1B,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;YACnD,CAAC,CAAC,IAAI,CACT,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe;YACrC,CAAC,CAAC,IAAI,wCAAiB,EAAE;YACzB,CAAC,CAAC,IAAI,sCAAgB,EAAE,EAC1B,IAAI,sCAAgB,EAAE,CACvB,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,0BAAU,EAAE,EAChB,IAAI,oDAAuB,EAAE,CAC9B,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,4CAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAC9C,IAAI,0BAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CACtC,CAAC;QAEF,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QAErC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;YAC9B,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAAC;gBACjC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU;gBAChE,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBAC3C,cAAc,EACZ,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc;aAClE,CAAC,CAAC;YAEH,gBAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,IAAA,0BAAU,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAExB,gBAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE;YAChD,KAAK,EAAE,eAAe;SACvB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAkD;QAC5D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;IAyBD,MAAM,CAAC,QAAQ,CAAC,MAAwB;QACtC,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,OAAa;QAC3B,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,CAAC,SAAS,CAAC,MAA6C;QAC5D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QAEzB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG;gBACd,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC1B,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;gBAC5B,GAAG,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE;aACZ,CAAC;YAEX,OAAO,CAAC,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,CAAC,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACvB,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACvB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAa;QAC7B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE;YAC5D,aAAa,EAAE,IAAI;SACpB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,KAAa,EAAE,IAAY;QACvC,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,OAA0C;QAC1D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QAEzB,MAAM,OAAO,GAA4C;YACvD,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;YACvE,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE;YACzD,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;SACxC,CAAC;QAEF,MAAM,YAAY,GAChB,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC;QAEjE,OAAO,CAAC,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;IACrC,CAAC;IAEO,WAAW,CAAC,OAAsB;QACxC,MAAM,KAAK,GAAU,EAAE,CAAC;QAExB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAEhE,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,gBAAM,GAAE,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,aAAG,GAAE,CAAC,CAAC;QAC7C,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB;YAC/B,KAAK,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;QAEnD,IAAI,OAAO,CAAC,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;QAC5D,IAAI,OAAO,CAAC,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC,CAAC;QACrE,IAAI,OAAO,CAAC,SAAS;YACnB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QACnD,IAAI,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW;YAClC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;QAEzC,KAAK,CAAC,IAAI,CAAC,8BAAY,CAAC,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;;AA5MH,4BA6MC;AA5MgB,iBAAQ,GAAoB,IAAI,AAAxB,CAAyB;AAqGzC,YAAG,GAAG;IACX,IAAI,CAAC,OAAe,EAAE,OAAa;QACjC,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,CAAC,KAAa;QAClB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,EAAE;QACN,aAAa,CAAC,OAAe;YAC3B,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,CAAC,WAAW;gBAChB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAC/C,OAAO,CAAC,CAAC,WAAW,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACpD,CAAC;KACF;CACF,AArBS,CAqBR","sourcesContent":["import { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\nimport { defaultConfig } from \"./config.js\";\r\nimport { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\nimport { deepMerge } from \"../utils/deepMerge.js\";\r\nimport { deepFreeze } from \"../utils/deepFreeze.js\";\r\nimport { logger } from \"../logging\";\r\n\r\n// Adapters\r\nimport { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\nimport { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\nimport { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\nimport { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\nimport { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\nimport { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\nimport { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\nimport { XSSAdapter } from \"../adapters/XSSAdapter.js\";\r\n\r\n// Managers\r\nimport { HashManager } from \"../managers/HashManager.js\";\r\nimport { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\nimport { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\nimport { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\nimport { JsonManager } from \"../managers/JsonManager.js\";\r\nimport { CorsManager } from \"../managers/CorsManager.js\";\r\nimport { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// Middlewares\r\nimport helmet from \"helmet\";\r\nimport hpp from \"hpp\";\r\nimport compression from \"compression\";\r\nimport { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// Types\r\nimport { SecureOptions, ValidationSchema } from \"./types/SecureOptions.js\";\r\n\r\ntype MiddlewarePreset = \"strict\" | \"api\" | \"public\";\r\n\r\nexport class HiSecure {\r\n private static instance: HiSecure | null = null;\r\n\r\n private readonly config: HiSecureConfig;\r\n private initialized = false;\r\n\r\n private hashManager!: HashManager;\r\n private rateLimitManager!: RateLimitManager;\r\n private validatorManager!: ValidatorManager;\r\n private sanitizerManager!: SanitizerManager;\r\n private jsonManager!: JsonManager;\r\n private corsManager!: CorsManager;\r\n private authManager?: AuthManager;\r\n\r\n private constructor(config: HiSecureConfig) {\r\n this.config = config;\r\n }\r\n\r\n static init(userConfig?: Partial<HiSecureConfig>): HiSecure {\r\n if (HiSecure.instance) return HiSecure.instance;\r\n\r\n const finalConfig = deepMerge(defaultConfig, userConfig ?? {});\r\n const instance = new HiSecure(finalConfig);\r\n HiSecure.instance = instance;\r\n instance.bootstrap();\r\n return instance;\r\n }\r\n\r\n private static get(): HiSecure {\r\n if (!HiSecure.instance) {\r\n throw new Error(\"HiSecure not initialized. Call HiSecure.init() first.\");\r\n }\r\n return HiSecure.instance;\r\n }\r\n\r\n private bootstrap(): void {\r\n if (this.initialized) return;\r\n\r\n logger.info(\"Framework initialization started\", {\r\n layer: \"hisecure-core\",\r\n lib: LIB_NAME,\r\n version: LIB_VERSION\r\n });\r\n\r\n this.hashManager = new HashManager(\r\n this.config.hashing,\r\n this.config.hashing.primary === \"argon2\"\r\n ? new ArgonAdapter()\r\n : new BcryptAdapter(this.config.hashing.saltRounds),\r\n this.config.hashing.fallback\r\n ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n : null\r\n );\r\n\r\n this.rateLimitManager = new RateLimitManager(\r\n this.config.rateLimiter,\r\n this.config.rateLimiter.useAdaptiveMode\r\n ? new RLFlexibleAdapter()\r\n : new ExpressRLAdapter(),\r\n new ExpressRLAdapter()\r\n );\r\n\r\n this.validatorManager = new ValidatorManager(\r\n new ZodAdapter(),\r\n new ExpressValidatorAdapter()\r\n );\r\n\r\n this.sanitizerManager = new SanitizerManager(\r\n new SanitizeHtmlAdapter(this.config.sanitizer),\r\n new XSSAdapter(this.config.sanitizer)\r\n );\r\n\r\n this.jsonManager = new JsonManager();\r\n this.corsManager = new CorsManager();\r\n\r\n if (this.config.auth?.enabled) {\r\n this.authManager = new AuthManager({\r\n jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,\r\n jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n googleClientId:\r\n process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId\r\n });\r\n\r\n logger.info(\"Authentication enabled\", { layer: \"hisecure-core\" });\r\n } else {\r\n logger.info(\"Authentication disabled\", { layer: \"hisecure-core\" });\r\n }\r\n\r\n deepFreeze(this.config);\r\n this.initialized = true;\r\n\r\n logger.info(\"Framework initialized successfully\", {\r\n layer: \"hisecure-core\"\r\n });\r\n }\r\n\r\n static auth(options?: { required?: boolean; roles?: string[] }) {\r\n const i = HiSecure.get();\r\n if (!i.authManager) throw new Error(\"Auth not enabled\");\r\n return i.authManager.protect(options);\r\n }\r\n\r\n static jwt = {\r\n sign(payload: object, options?: any) {\r\n const i = HiSecure.get();\r\n if (!i.authManager) throw new Error(\"Auth not enabled\");\r\n return i.authManager.sign(payload, options);\r\n },\r\n\r\n verify(token: string) {\r\n const i = HiSecure.get();\r\n if (!i.authManager) throw new Error(\"Auth not enabled\");\r\n return i.authManager.verify(token);\r\n },\r\n\r\n google: {\r\n verifyIdToken(idToken: string) {\r\n const i = HiSecure.get();\r\n if (!i.authManager)\r\n throw new Error(\"Auth not enabled (Google)\");\r\n return i.authManager.verifyGoogleIdToken(idToken);\r\n }\r\n }\r\n };\r\n\r\n static validate(schema: ValidationSchema) {\r\n return HiSecure.get().validatorManager.validate(schema);\r\n }\r\n\r\n static sanitize(options?: any) {\r\n return HiSecure.get().sanitizerManager.middleware(options);\r\n }\r\n\r\n static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n const i = HiSecure.get();\r\n\r\n if (typeof preset === \"string\") {\r\n const presets = {\r\n strict: { mode: \"strict\" },\r\n relaxed: { mode: \"relaxed\" },\r\n api: { mode: \"api\" }\r\n } as const;\r\n\r\n return i.rateLimitManager.middleware(presets[preset]);\r\n }\r\n\r\n return i.rateLimitManager.middleware({ options: preset });\r\n }\r\n\r\n static cors(options?: any) {\r\n return HiSecure.get().corsManager.middleware(options);\r\n }\r\n\r\n static json(options?: any) {\r\n const i = HiSecure.get();\r\n return [i.jsonManager.middleware(options), i.jsonManager.urlencoded()];\r\n }\r\n\r\n static async hash(value: string): Promise<string> {\r\n const { hash } = await HiSecure.get().hashManager.hash(value, {\r\n allowFallback: true\r\n });\r\n return hash;\r\n }\r\n\r\n static verify(value: string, hash: string): Promise<boolean> {\r\n return HiSecure.get().hashManager.verify(value, hash);\r\n }\r\n\r\n static middleware(options?: SecureOptions | MiddlewarePreset) {\r\n const i = HiSecure.get();\r\n\r\n const presets: Record<MiddlewarePreset, SecureOptions> = {\r\n strict: { cors: true, rateLimit: \"strict\", sanitize: true, auth: true },\r\n api: { cors: true, rateLimit: \"relaxed\", sanitize: true },\r\n public: { cors: true, rateLimit: true }\r\n };\r\n\r\n const finalOptions =\r\n typeof options === \"string\" ? presets[options] : options ?? {};\r\n\r\n return i.createChain(finalOptions);\r\n }\r\n\r\n private createChain(options: SecureOptions): any[] {\r\n const chain: any[] = [];\r\n\r\n chain.push(this.jsonManager.middleware(this.config.json));\r\n chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n\r\n if (this.config.enableHelmet) chain.push(helmet());\r\n if (this.config.enableHPP) chain.push(hpp());\r\n if (this.config.enableCompression)\r\n chain.push(compression(this.config.compression));\r\n\r\n if (options.cors) chain.push(this.corsManager.middleware());\r\n if (options.sanitize) chain.push(this.sanitizerManager.middleware());\r\n if (options.rateLimit)\r\n chain.push(this.rateLimitManager.middleware({}));\r\n if (options.auth && this.authManager)\r\n chain.push(this.authManager.protect());\r\n\r\n chain.push(errorHandler);\r\n return chain;\r\n }\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useSecure.d.ts","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"useSecure.d.ts","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAEzD;;GAEG;AACH,wBAAgB,SAAS,CACvB,OAAO,CAAC,EAAE,aAAa,GAAG,KAAK,GAAG,QAAQ,GAAG,QAAQ,SAItD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,CAAC,EAAE,aAAa,SAsClD"}
|
package/dist/core/useSecure.js
CHANGED
|
@@ -1,45 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
// import { HiSecure } from "./HiSecure.js";
|
|
3
|
-
// import { SecureOptions } from "./types/SecureOptions.js";
|
|
4
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
5
3
|
exports.useSecure = useSecure;
|
|
6
4
|
exports.secureRoute = secureRoute;
|
|
7
|
-
// /**
|
|
8
|
-
// * @deprecated Use HiSecure.middleware() or fluent API instead
|
|
9
|
-
// */
|
|
10
|
-
// export function useSecure(options?: SecureOptions | "api" | "strict" | "public") {
|
|
11
|
-
// console.warn("useSecure() is deprecated. Use HiSecure.middleware() or fluent API methods.");
|
|
12
|
-
// return HiSecure.middleware(options);
|
|
13
|
-
// }
|
|
14
|
-
// // Legacy support - route-level security
|
|
15
|
-
// export function secureRoute(options?: SecureOptions) {
|
|
16
|
-
// const chain: any[] = [];
|
|
17
|
-
// if (options?.cors) {
|
|
18
|
-
// chain.push(HiSecure.cors(
|
|
19
|
-
// typeof options.cors === 'object' ? options.cors : undefined
|
|
20
|
-
// ));
|
|
21
|
-
// }
|
|
22
|
-
// if (options?.rateLimit) {
|
|
23
|
-
// chain.push(HiSecure.rateLimit(
|
|
24
|
-
// typeof options.rateLimit === 'object' ? options.rateLimit :
|
|
25
|
-
// options.rateLimit === "strict" ? "strict" : "relaxed"
|
|
26
|
-
// ));
|
|
27
|
-
// }
|
|
28
|
-
// if (options?.sanitize) {
|
|
29
|
-
// chain.push(HiSecure.sanitize(
|
|
30
|
-
// typeof options.sanitize === 'object' ? options.sanitize : undefined
|
|
31
|
-
// ));
|
|
32
|
-
// }
|
|
33
|
-
// if (options?.validate) {
|
|
34
|
-
// chain.push(HiSecure.validate(options.validate));
|
|
35
|
-
// }
|
|
36
|
-
// if (options?.auth) {
|
|
37
|
-
// chain.push(HiSecure.auth(
|
|
38
|
-
// typeof options.auth === 'object' ? options.auth : undefined
|
|
39
|
-
// ));
|
|
40
|
-
// }
|
|
41
|
-
// return chain;
|
|
42
|
-
// }
|
|
43
5
|
const HiSecure_js_1 = require("./HiSecure.js");
|
|
44
6
|
/**
|
|
45
7
|
* @deprecated Use HiSecure.middleware()
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useSecure.js","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"useSecure.js","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":";;AAMA,8BAKC;AAKD,kCAsCC;AAtDD,+CAAyC;AAGzC;;GAEG;AACH,SAAgB,SAAS,CACvB,OAAqD;IAErD,OAAO,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;IAC9E,OAAO,sBAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,OAAuB;IACjD,MAAM,KAAK,GAAU,EAAE,CAAC;IAExB,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAE3B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CACR,sBAAQ,CAAC,SAAS,CAChB,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ;YACnC,CAAC,CAAC,OAAO,CAAC,SAAS;YACnB,CAAC,CAAC,OAAO,CAAC,SAAS,KAAK,QAAQ;gBAChC,CAAC,CAAC,QAAQ;gBACV,CAAC,CAAC,SAAS,CACd,CACF,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CACR,sBAAQ,CAAC,IAAI,CACX,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAC5D,CACF,CAAC;IACJ,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC","sourcesContent":["import { HiSecure } from \"./HiSecure.js\";\r\nimport { SecureOptions } from \"./types/SecureOptions.js\";\r\n\r\n/**\r\n * @deprecated Use HiSecure.middleware()\r\n */\r\nexport function useSecure(\r\n options?: SecureOptions | \"api\" | \"strict\" | \"public\"\r\n) {\r\n console.warn(\"useSecure() is deprecated. Use HiSecure.middleware() instead.\");\r\n return HiSecure.middleware(options);\r\n}\r\n\r\n/**\r\n * Legacy route-level security\r\n */\r\nexport function secureRoute(options?: SecureOptions) {\r\n const chain: any[] = [];\r\n\r\n if (!options) return chain;\r\n\r\n if (options.cors) {\r\n chain.push(HiSecure.cors());\r\n }\r\n\r\n if (options.rateLimit) {\r\n chain.push(\r\n HiSecure.rateLimit(\r\n typeof options.rateLimit === \"object\"\r\n ? options.rateLimit\r\n : options.rateLimit === \"strict\"\r\n ? \"strict\"\r\n : \"relaxed\"\r\n )\r\n );\r\n }\r\n\r\n if (options.sanitize) {\r\n chain.push(HiSecure.sanitize());\r\n }\r\n\r\n if (options.validate) {\r\n chain.push(HiSecure.validate(options.validate));\r\n }\r\n\r\n if (options.auth) {\r\n chain.push(\r\n HiSecure.auth(\r\n typeof options.auth === \"object\" ? options.auth : undefined\r\n )\r\n );\r\n }\r\n\r\n return chain;\r\n}\r\n"]}
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAE7D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAG/D,OAAO,EACL,QAAQ,EACR,SAAS,EACT,WAAW,EACZ,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,18 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
// import { HiSecure } from "./core/HiSecure.js";
|
|
3
|
-
// import { useSecure, secureRoute } from "./core/useSecure.js";
|
|
4
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
5
3
|
exports.secureRoute = exports.useSecure = exports.HiSecure = exports.header = exports.param = exports.query = exports.body = exports.z = void 0;
|
|
6
|
-
// export { z } from "zod";
|
|
7
|
-
// export { body, query, param, header } from "express-validator";
|
|
8
|
-
// const hiSecure = HiSecure.getInstance();
|
|
9
|
-
// export {
|
|
10
|
-
// HiSecure,
|
|
11
|
-
// hiSecure,
|
|
12
|
-
// useSecure,
|
|
13
|
-
// secureRoute
|
|
14
|
-
// };
|
|
15
|
-
// export default hiSecure;
|
|
16
4
|
const HiSecure_js_1 = require("./core/HiSecure.js");
|
|
17
5
|
Object.defineProperty(exports, "HiSecure", { enumerable: true, get: function () { return HiSecure_js_1.HiSecure; } });
|
|
18
6
|
const useSecure_js_1 = require("./core/useSecure.js");
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,oDAA8C;AAQ5C,yFARO,sBAAQ,OAQP;AAPV,sDAA6D;AAQ3D,0FARO,wBAAS,OAQP;AACT,4FATkB,0BAAW,OASlB;AAPb,2BAAwB;AAAf,wFAAA,CAAC,OAAA;AACV,uDAA+D;AAAtD,yGAAA,IAAI,OAAA;AAAE,0GAAA,KAAK,OAAA;AAAE,0GAAA,KAAK,OAAA;AAAE,2GAAA,MAAM,OAAA","sourcesContent":["import { HiSecure } from \"./core/HiSecure.js\";\r\nimport { useSecure, secureRoute } from \"./core/useSecure.js\";\r\n\r\nexport { z } from \"zod\";\r\nexport { body, query, param, header } from \"express-validator\";\r\n\r\n\r\nexport {\r\n HiSecure,\r\n useSecure,\r\n secureRoute\r\n};\r\n\r\n"]}
|
package/package.json
CHANGED
|
@@ -1,118 +1,9 @@
|
|
|
1
|
-
// import jwt from "jsonwebtoken";
|
|
2
|
-
// import { randomUUID } from "crypto";
|
|
3
|
-
// import { AdapterError } from "../core/errors/AdapterError";
|
|
4
|
-
// import { logger } from "../logging";
|
|
5
|
-
|
|
6
|
-
// export interface JWTAdapterOptions {
|
|
7
|
-
// secret: string;
|
|
8
|
-
// expiresIn?: string | number;
|
|
9
|
-
// algorithm?: jwt.Algorithm;
|
|
10
|
-
// issuer?: string;
|
|
11
|
-
// audience?: string | string[];
|
|
12
|
-
// }
|
|
13
|
-
|
|
14
|
-
// export interface SignOptions {
|
|
15
|
-
// expiresIn?: string | number;
|
|
16
|
-
// jti?: string;
|
|
17
|
-
// subject?: string;
|
|
18
|
-
// issuer?: string;
|
|
19
|
-
// audience?: string | string[];
|
|
20
|
-
// }
|
|
21
|
-
|
|
22
|
-
// export class JWTAdapter {
|
|
23
|
-
// private secret: string;
|
|
24
|
-
// private expiresIn?: string | number;
|
|
25
|
-
// private algorithm: jwt.Algorithm;
|
|
26
|
-
// private issuer?: string;
|
|
27
|
-
// private audience?: string | string[];
|
|
28
|
-
|
|
29
|
-
// constructor(options: JWTAdapterOptions) {
|
|
30
|
-
// if (!options.secret) {
|
|
31
|
-
// throw new AdapterError("JWT secret is required");
|
|
32
|
-
// }
|
|
33
|
-
|
|
34
|
-
// if (options.secret.length < 32) {
|
|
35
|
-
// logger.warn("Weak JWT secret detected", {
|
|
36
|
-
// adapter: "jwt",
|
|
37
|
-
// operation: "init",
|
|
38
|
-
// secretLength: options.secret.length
|
|
39
|
-
// });
|
|
40
|
-
// }
|
|
41
|
-
|
|
42
|
-
// this.secret = options.secret;
|
|
43
|
-
// this.expiresIn = options.expiresIn;
|
|
44
|
-
// this.algorithm = options.algorithm || "HS256";
|
|
45
|
-
// this.issuer = options.issuer;
|
|
46
|
-
// this.audience = options.audience;
|
|
47
|
-
// }
|
|
48
|
-
|
|
49
|
-
// sign(payload: object, options?: SignOptions) {
|
|
50
|
-
// try {
|
|
51
|
-
// const jwtOptions: jwt.SignOptions = {
|
|
52
|
-
// algorithm: this.algorithm,
|
|
53
|
-
// issuer: options?.issuer || this.issuer,
|
|
54
|
-
// audience: options?.audience || this.audience,
|
|
55
|
-
// jwtid: options?.jti || randomUUID(),
|
|
56
|
-
// subject: options?.subject
|
|
57
|
-
// };
|
|
58
|
-
|
|
59
|
-
// if (options?.expiresIn !== undefined) {
|
|
60
|
-
// jwtOptions.expiresIn = options.expiresIn as any;
|
|
61
|
-
// } else if (this.expiresIn !== undefined) {
|
|
62
|
-
// jwtOptions.expiresIn = this.expiresIn as any;
|
|
63
|
-
// }
|
|
64
|
-
|
|
65
|
-
// return jwt.sign(payload, this.secret, jwtOptions);
|
|
66
|
-
|
|
67
|
-
// } catch (err: any) {
|
|
68
|
-
// logger.error("JWT signing failed", {
|
|
69
|
-
// adapter: "jwt",
|
|
70
|
-
// operation: "sign",
|
|
71
|
-
// reason: err?.message
|
|
72
|
-
// });
|
|
73
|
-
|
|
74
|
-
// throw new AdapterError("JWT sign failed");
|
|
75
|
-
// }
|
|
76
|
-
// }
|
|
77
|
-
|
|
78
|
-
// verify(token: string, options?: { audience?: string | string[] }) {
|
|
79
|
-
// try {
|
|
80
|
-
// const verifyOptions: jwt.VerifyOptions = {
|
|
81
|
-
// algorithms: [this.algorithm],
|
|
82
|
-
// issuer: this.issuer,
|
|
83
|
-
// audience: (options?.audience || this.audience) as string
|
|
84
|
-
// };
|
|
85
|
-
|
|
86
|
-
// return jwt.verify(token, this.secret, verifyOptions);
|
|
87
|
-
|
|
88
|
-
// } catch (err: any) {
|
|
89
|
-
// logger.error("JWT verification failed", {
|
|
90
|
-
// adapter: "jwt",
|
|
91
|
-
// operation: "verify",
|
|
92
|
-
// reason: err?.message
|
|
93
|
-
// });
|
|
94
|
-
|
|
95
|
-
// if (err?.name === "TokenExpiredError") {
|
|
96
|
-
// throw new AdapterError("JWT token has expired");
|
|
97
|
-
// }
|
|
98
|
-
|
|
99
|
-
// if (err?.name === "JsonWebTokenError") {
|
|
100
|
-
// throw new AdapterError("Invalid JWT token");
|
|
101
|
-
// }
|
|
102
|
-
|
|
103
|
-
// throw new AdapterError("JWT verification failed");
|
|
104
|
-
// }
|
|
105
|
-
// }
|
|
106
|
-
// }
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
1
|
import jwt, { SignOptions as JwtSignOptions } from "jsonwebtoken";
|
|
111
2
|
import { randomUUID } from "crypto";
|
|
112
3
|
import { AdapterError } from "../core/errors/AdapterError";
|
|
113
4
|
import { logger } from "../logging";
|
|
114
5
|
|
|
115
|
-
type ExpiresIn = JwtSignOptions["expiresIn"];
|
|
6
|
+
type ExpiresIn = JwtSignOptions["expiresIn"];
|
|
116
7
|
|
|
117
8
|
export interface JWTAdapterOptions {
|
|
118
9
|
secret: string;
|
|
@@ -165,17 +56,21 @@ export class JWTAdapter {
|
|
|
165
56
|
this.expiresIn = options.expiresIn as ExpiresIn;
|
|
166
57
|
}
|
|
167
58
|
|
|
168
|
-
// ================= SIGN =================
|
|
169
59
|
sign(payload: object, options?: SignOptions) {
|
|
170
60
|
try {
|
|
171
61
|
const jwtOptions: jwt.SignOptions = {
|
|
172
62
|
algorithm: this.algorithm,
|
|
173
|
-
jwtid: options?.jti ?? randomUUID()
|
|
174
|
-
subject: options?.subject
|
|
63
|
+
jwtid: options?.jti ?? randomUUID()
|
|
175
64
|
};
|
|
176
65
|
|
|
66
|
+
if (typeof options?.subject === "string") {
|
|
67
|
+
jwtOptions.subject = options.subject;
|
|
68
|
+
}
|
|
69
|
+
|
|
177
70
|
const issuer = options?.issuer ?? this.issuer;
|
|
178
|
-
if (
|
|
71
|
+
if (typeof issuer === "string") {
|
|
72
|
+
jwtOptions.issuer = issuer;
|
|
73
|
+
}
|
|
179
74
|
|
|
180
75
|
const audience = normalizeAudience(options?.audience ?? this.audience);
|
|
181
76
|
if (audience) jwtOptions.audience = audience;
|
|
@@ -200,14 +95,15 @@ export class JWTAdapter {
|
|
|
200
95
|
}
|
|
201
96
|
}
|
|
202
97
|
|
|
203
|
-
// ================= VERIFY =================
|
|
204
98
|
verify(token: string, options?: { audience?: string | string[] }) {
|
|
205
99
|
try {
|
|
206
100
|
const verifyOptions: jwt.VerifyOptions = {
|
|
207
101
|
algorithms: [this.algorithm]
|
|
208
102
|
};
|
|
209
103
|
|
|
210
|
-
if (this.issuer
|
|
104
|
+
if (typeof this.issuer === "string") {
|
|
105
|
+
verifyOptions.issuer = this.issuer;
|
|
106
|
+
}
|
|
211
107
|
|
|
212
108
|
const audience = normalizeAudience(options?.audience ?? this.audience);
|
|
213
109
|
if (audience) verifyOptions.audience = audience;
|
package/src/core/HiSecure.ts
CHANGED
|
@@ -1,331 +1,3 @@
|
|
|
1
|
-
// import { HiSecureConfig } from "./types/HiSecureConfig.js";
|
|
2
|
-
// import { defaultConfig } from "./config.js";
|
|
3
|
-
// import { LIB_NAME, LIB_VERSION } from "./constants.js";
|
|
4
|
-
// import { deepMerge } from "../utils/deepMerge.js";
|
|
5
|
-
// import { deepFreeze } from "../utils/deepFreeze.js";
|
|
6
|
-
// import { logger } from "../logging";
|
|
7
|
-
|
|
8
|
-
// // Adapters
|
|
9
|
-
// import { ArgonAdapter } from "../adapters/ArgonAdapter.js";
|
|
10
|
-
// import { BcryptAdapter } from "../adapters/BcryptAdapter.js";
|
|
11
|
-
// import { RLFlexibleAdapter } from "../adapters/RLFlexibleAdapter.js";
|
|
12
|
-
// import { ExpressRLAdapter } from "../adapters/ExpressRLAdapter.js";
|
|
13
|
-
// import { ZodAdapter } from "../adapters/ZodAdapter.js";
|
|
14
|
-
// import { ExpressValidatorAdapter } from "../adapters/ExpressValidatorAdapter.js";
|
|
15
|
-
// import { SanitizeHtmlAdapter } from "../adapters/SanitizeHtmlAdapter.js";
|
|
16
|
-
// import { XSSAdapter } from "../adapters/XSSAdapter.js";
|
|
17
|
-
|
|
18
|
-
// // Managers
|
|
19
|
-
// import { HashManager } from "../managers/HashManager.js";
|
|
20
|
-
// import { RateLimitManager } from "../managers/RateLimitManager.js";
|
|
21
|
-
// import { ValidatorManager } from "../managers/ValidatorManager.js";
|
|
22
|
-
// import { SanitizerManager } from "../managers/SanitizerManager.js";
|
|
23
|
-
// import { JsonManager } from "../managers/JsonManager.js";
|
|
24
|
-
// import { CorsManager } from "../managers/CorsManager.js";
|
|
25
|
-
// import { AuthManager } from "../managers/AuthManager.js";
|
|
26
|
-
|
|
27
|
-
// // Middlewares
|
|
28
|
-
// import helmet from "helmet";
|
|
29
|
-
// import hpp from "hpp";
|
|
30
|
-
// import compression from "compression";
|
|
31
|
-
// import { errorHandler } from "../middlewares/errorHandler.js";
|
|
32
|
-
|
|
33
|
-
// // Types
|
|
34
|
-
// import { SecureOptions, ValidationSchema } from "./types/SecureOptions.js";
|
|
35
|
-
|
|
36
|
-
// export class HiSecure {
|
|
37
|
-
// private static instance: HiSecure | null = null;
|
|
38
|
-
// private config: HiSecureConfig;
|
|
39
|
-
// private initialized = false;
|
|
40
|
-
|
|
41
|
-
// // Managers
|
|
42
|
-
// public hashManager!: HashManager;
|
|
43
|
-
// public rateLimitManager!: RateLimitManager;
|
|
44
|
-
// public validatorManager!: ValidatorManager;
|
|
45
|
-
// public sanitizerManager!: SanitizerManager;
|
|
46
|
-
// public jsonManager!: JsonManager;
|
|
47
|
-
// public corsManager!: CorsManager;
|
|
48
|
-
// public authManager?: AuthManager;
|
|
49
|
-
|
|
50
|
-
// // Internal adapters
|
|
51
|
-
// private hashingPrimary: any;
|
|
52
|
-
// private hashingFallback: any;
|
|
53
|
-
// private rateLimiterPrimary: any;
|
|
54
|
-
// private rateLimiterFallback: any;
|
|
55
|
-
// private sanitizerPrimary: any;
|
|
56
|
-
// private sanitizerFallback: any;
|
|
57
|
-
|
|
58
|
-
// private constructor(userConfig: Partial<HiSecureConfig> = {}) {
|
|
59
|
-
// this.config = deepMerge(defaultConfig, userConfig);
|
|
60
|
-
// }
|
|
61
|
-
|
|
62
|
-
// // Singleton & Init
|
|
63
|
-
|
|
64
|
-
// static getInstance(config?: Partial<HiSecureConfig>): HiSecure {
|
|
65
|
-
// if (!HiSecure.instance) {
|
|
66
|
-
// logger.info("Creating HiSecure singleton", {
|
|
67
|
-
// layer: "hisecure-core"
|
|
68
|
-
// });
|
|
69
|
-
// HiSecure.instance = new HiSecure(config);
|
|
70
|
-
// HiSecure.instance.init();
|
|
71
|
-
// }
|
|
72
|
-
// return HiSecure.instance;
|
|
73
|
-
// }
|
|
74
|
-
|
|
75
|
-
// static resetInstance(): void {
|
|
76
|
-
// HiSecure.instance = null;
|
|
77
|
-
// }
|
|
78
|
-
|
|
79
|
-
// init(): void {
|
|
80
|
-
// if (this.initialized) {
|
|
81
|
-
// logger.warn("Initialization skipped (already initialized)", {
|
|
82
|
-
// layer: "hisecure-core"
|
|
83
|
-
// });
|
|
84
|
-
// return;
|
|
85
|
-
// }
|
|
86
|
-
|
|
87
|
-
// logger.info("Framework initialization started", {
|
|
88
|
-
// layer: "hisecure-core",
|
|
89
|
-
// lib: LIB_NAME,
|
|
90
|
-
// version: LIB_VERSION
|
|
91
|
-
// });
|
|
92
|
-
|
|
93
|
-
// this.setupAdapters();
|
|
94
|
-
// this.setupManagers();
|
|
95
|
-
// this.setupDynamicManagers();
|
|
96
|
-
|
|
97
|
-
// deepFreeze(this.config);
|
|
98
|
-
// this.initialized = true;
|
|
99
|
-
|
|
100
|
-
// logger.info("Framework initialized successfully", {
|
|
101
|
-
// layer: "hisecure-core"
|
|
102
|
-
// });
|
|
103
|
-
// }
|
|
104
|
-
|
|
105
|
-
// // Public Fluent API
|
|
106
|
-
// static auth(options?: { required?: boolean; roles?: string[] }) {
|
|
107
|
-
// const instance = this.getInstance();
|
|
108
|
-
// if (!instance.authManager) {
|
|
109
|
-
// throw new Error("Auth not enabled. Set auth.enabled=true in config.");
|
|
110
|
-
// }
|
|
111
|
-
// return instance.authManager.protect(options);
|
|
112
|
-
// }
|
|
113
|
-
|
|
114
|
-
// static validate(schema: ValidationSchema) {
|
|
115
|
-
// return this.getInstance().validatorManager.validate(schema);
|
|
116
|
-
// }
|
|
117
|
-
|
|
118
|
-
// static sanitize(options?: any) {
|
|
119
|
-
// return this.getInstance().sanitizerManager.middleware(options);
|
|
120
|
-
// }
|
|
121
|
-
|
|
122
|
-
// static rateLimit(preset: "strict" | "relaxed" | "api" | object) {
|
|
123
|
-
// const instance = this.getInstance();
|
|
124
|
-
|
|
125
|
-
// if (typeof preset === "string") {
|
|
126
|
-
// logger.info("Rate limit preset applied", {
|
|
127
|
-
// layer: "hisecure-core",
|
|
128
|
-
// preset
|
|
129
|
-
// });
|
|
130
|
-
|
|
131
|
-
// const presets: any = {
|
|
132
|
-
// strict: { mode: "strict" },
|
|
133
|
-
// relaxed: { mode: "relaxed" },
|
|
134
|
-
// api: { mode: "api" }
|
|
135
|
-
// };
|
|
136
|
-
// return instance.rateLimitManager.middleware(presets[preset]);
|
|
137
|
-
// }
|
|
138
|
-
|
|
139
|
-
// return instance.rateLimitManager.middleware({ options: preset });
|
|
140
|
-
// }
|
|
141
|
-
|
|
142
|
-
// static cors(options?: any) {
|
|
143
|
-
// return this.getInstance().corsManager.middleware(options);
|
|
144
|
-
// }
|
|
145
|
-
|
|
146
|
-
// static json(options?: any) {
|
|
147
|
-
// const instance = this.getInstance();
|
|
148
|
-
// return [
|
|
149
|
-
// instance.jsonManager.middleware(options),
|
|
150
|
-
// instance.jsonManager.urlencoded()
|
|
151
|
-
// ];
|
|
152
|
-
// }
|
|
153
|
-
|
|
154
|
-
// // Utilities
|
|
155
|
-
|
|
156
|
-
// static async hash(value: string): Promise<string> {
|
|
157
|
-
// const instance = this.getInstance();
|
|
158
|
-
// const result = await instance.hashManager.hash(value, { allowFallback: true });
|
|
159
|
-
// return result.hash;
|
|
160
|
-
// }
|
|
161
|
-
|
|
162
|
-
// static async verify(value: string, hash: string): Promise<boolean> {
|
|
163
|
-
// return this.getInstance().hashManager.verify(value, hash);
|
|
164
|
-
// }
|
|
165
|
-
|
|
166
|
-
// static jwt = {
|
|
167
|
-
// sign: (payload: object, options?: any) =>
|
|
168
|
-
// HiSecure.getInstance().authManager!.sign(payload, options),
|
|
169
|
-
|
|
170
|
-
// verify: (token: string) =>
|
|
171
|
-
// HiSecure.getInstance().authManager!.verify(token),
|
|
172
|
-
|
|
173
|
-
// google: {
|
|
174
|
-
// verifyIdToken: (idToken: string) =>
|
|
175
|
-
// HiSecure.getInstance().authManager!.verifyGoogleIdToken(idToken)
|
|
176
|
-
// }
|
|
177
|
-
// };
|
|
178
|
-
|
|
179
|
-
// // Global Middleware - globalLevel
|
|
180
|
-
// static middleware(options?: SecureOptions | "api" | "strict" | "public") {
|
|
181
|
-
// const instance = this.getInstance();
|
|
182
|
-
|
|
183
|
-
// if (typeof options === "string") {
|
|
184
|
-
// logger.info("Global middleware preset applied", {
|
|
185
|
-
// layer: "hisecure-core",
|
|
186
|
-
// preset: options
|
|
187
|
-
// });
|
|
188
|
-
|
|
189
|
-
// const presets: any = {
|
|
190
|
-
// api: { cors: true, rateLimit: "relaxed", sanitize: true },
|
|
191
|
-
// strict: { cors: true, rateLimit: "strict", sanitize: true, auth: true },
|
|
192
|
-
// public: { cors: true, rateLimit: true, sanitize: false }
|
|
193
|
-
// };
|
|
194
|
-
|
|
195
|
-
// return instance.createMiddlewareChain(presets[options] || {});
|
|
196
|
-
// }
|
|
197
|
-
|
|
198
|
-
// return instance.createMiddlewareChain(options || {});
|
|
199
|
-
// }
|
|
200
|
-
|
|
201
|
-
// // Internal Setup
|
|
202
|
-
|
|
203
|
-
// private setupAdapters() {
|
|
204
|
-
// logger.info("Adapters setup started", {
|
|
205
|
-
// layer: "hisecure-core"
|
|
206
|
-
// });
|
|
207
|
-
|
|
208
|
-
// this.hashingPrimary =
|
|
209
|
-
// this.config.hashing.primary === "argon2"
|
|
210
|
-
// ? new ArgonAdapter()
|
|
211
|
-
// : new BcryptAdapter(this.config.hashing.saltRounds);
|
|
212
|
-
|
|
213
|
-
// this.hashingFallback =
|
|
214
|
-
// this.config.hashing.fallback === "bcrypt"
|
|
215
|
-
// ? new BcryptAdapter(this.config.hashing.saltRounds)
|
|
216
|
-
// : null;
|
|
217
|
-
|
|
218
|
-
// logger.info("Hashing adapters configured", {
|
|
219
|
-
// layer: "hisecure-core",
|
|
220
|
-
// primary: this.config.hashing.primary,
|
|
221
|
-
// fallback: this.config.hashing.fallback ?? null
|
|
222
|
-
// });
|
|
223
|
-
|
|
224
|
-
// this.rateLimiterPrimary = this.config.rateLimiter.useAdaptiveMode
|
|
225
|
-
// ? new RLFlexibleAdapter()
|
|
226
|
-
// : new ExpressRLAdapter();
|
|
227
|
-
|
|
228
|
-
// this.rateLimiterFallback = new ExpressRLAdapter();
|
|
229
|
-
|
|
230
|
-
// logger.info("Rate limiter adapters configured", {
|
|
231
|
-
// layer: "hisecure-core",
|
|
232
|
-
// adaptive: this.config.rateLimiter.useAdaptiveMode
|
|
233
|
-
// });
|
|
234
|
-
|
|
235
|
-
// this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);
|
|
236
|
-
// this.sanitizerFallback = new XSSAdapter(this.config.sanitizer);
|
|
237
|
-
|
|
238
|
-
// logger.info("Sanitizer adapters configured", {
|
|
239
|
-
// layer: "hisecure-core",
|
|
240
|
-
// primary: "sanitize-html",
|
|
241
|
-
// fallback: "xss"
|
|
242
|
-
// });
|
|
243
|
-
// }
|
|
244
|
-
|
|
245
|
-
// private setupManagers() {
|
|
246
|
-
// this.hashManager = new HashManager(
|
|
247
|
-
// this.config.hashing,
|
|
248
|
-
// this.hashingPrimary,
|
|
249
|
-
// this.hashingFallback
|
|
250
|
-
// );
|
|
251
|
-
|
|
252
|
-
// this.rateLimitManager = new RateLimitManager(
|
|
253
|
-
// this.config.rateLimiter,
|
|
254
|
-
// this.rateLimiterPrimary,
|
|
255
|
-
// this.rateLimiterFallback
|
|
256
|
-
// );
|
|
257
|
-
|
|
258
|
-
// this.validatorManager = new ValidatorManager(
|
|
259
|
-
// new ZodAdapter(),
|
|
260
|
-
// new ExpressValidatorAdapter()
|
|
261
|
-
// );
|
|
262
|
-
|
|
263
|
-
// this.sanitizerManager = new SanitizerManager(
|
|
264
|
-
// this.sanitizerPrimary,
|
|
265
|
-
// this.sanitizerFallback
|
|
266
|
-
// );
|
|
267
|
-
|
|
268
|
-
// logger.info("Core managers initialized", {
|
|
269
|
-
// layer: "hisecure-core",
|
|
270
|
-
// managers: ["hash", "rate-limit", "validator", "sanitizer"]
|
|
271
|
-
// });
|
|
272
|
-
// }
|
|
273
|
-
|
|
274
|
-
// private setupDynamicManagers() {
|
|
275
|
-
// this.jsonManager = new JsonManager();
|
|
276
|
-
// this.corsManager = new CorsManager();
|
|
277
|
-
|
|
278
|
-
// if (this.config.auth.enabled) {
|
|
279
|
-
// this.authManager = new AuthManager({
|
|
280
|
-
// jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,
|
|
281
|
-
// jwtExpiresIn: this.config.auth.jwtExpiresIn,
|
|
282
|
-
// googleClientId:
|
|
283
|
-
// process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId
|
|
284
|
-
// });
|
|
285
|
-
|
|
286
|
-
// logger.info("Authentication enabled", {
|
|
287
|
-
// layer: "hisecure-core",
|
|
288
|
-
// google: !!this.config.auth.googleClientId
|
|
289
|
-
// });
|
|
290
|
-
// } else {
|
|
291
|
-
// logger.info("Authentication disabled", {
|
|
292
|
-
// layer: "hisecure-core"
|
|
293
|
-
// });
|
|
294
|
-
// }
|
|
295
|
-
// }
|
|
296
|
-
|
|
297
|
-
// private createMiddlewareChain(options: SecureOptions): any[] {
|
|
298
|
-
// const chain: any[] = [];
|
|
299
|
-
|
|
300
|
-
// chain.push(this.jsonManager.middleware(this.config.json));
|
|
301
|
-
// chain.push(this.jsonManager.urlencoded(this.config.urlencoded));
|
|
302
|
-
|
|
303
|
-
// if (this.config.enableHelmet) chain.push(helmet());
|
|
304
|
-
// if (this.config.enableHPP) chain.push(hpp());
|
|
305
|
-
|
|
306
|
-
// if (this.config.enableCompression)
|
|
307
|
-
// chain.push(compression(this.config.compression));
|
|
308
|
-
|
|
309
|
-
// if (options.cors) chain.push(this.corsManager.middleware(this.config.cors));
|
|
310
|
-
// if (options.sanitize)
|
|
311
|
-
// chain.push(this.sanitizerManager.middleware());
|
|
312
|
-
|
|
313
|
-
// if (options.rateLimit)
|
|
314
|
-
// chain.push(this.rateLimitManager.middleware({}));
|
|
315
|
-
|
|
316
|
-
// if (options.auth && this.authManager)
|
|
317
|
-
// chain.push(this.authManager.protect());
|
|
318
|
-
|
|
319
|
-
// chain.push(errorHandler);
|
|
320
|
-
// return chain;
|
|
321
|
-
// }
|
|
322
|
-
// }
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
1
|
import { HiSecureConfig } from "./types/HiSecureConfig.js";
|
|
330
2
|
import { defaultConfig } from "./config.js";
|
|
331
3
|
import { LIB_NAME, LIB_VERSION } from "./constants.js";
|
|
@@ -381,7 +53,6 @@ export class HiSecure {
|
|
|
381
53
|
this.config = config;
|
|
382
54
|
}
|
|
383
55
|
|
|
384
|
-
// ================= INIT (ONLY ONCE) =================
|
|
385
56
|
static init(userConfig?: Partial<HiSecureConfig>): HiSecure {
|
|
386
57
|
if (HiSecure.instance) return HiSecure.instance;
|
|
387
58
|
|
|
@@ -408,7 +79,6 @@ export class HiSecure {
|
|
|
408
79
|
version: LIB_VERSION
|
|
409
80
|
});
|
|
410
81
|
|
|
411
|
-
// ===== Core Managers =====
|
|
412
82
|
this.hashManager = new HashManager(
|
|
413
83
|
this.config.hashing,
|
|
414
84
|
this.config.hashing.primary === "argon2"
|
|
@@ -440,7 +110,6 @@ export class HiSecure {
|
|
|
440
110
|
this.jsonManager = new JsonManager();
|
|
441
111
|
this.corsManager = new CorsManager();
|
|
442
112
|
|
|
443
|
-
// ===== AUTH (OPTIONAL) =====
|
|
444
113
|
if (this.config.auth?.enabled) {
|
|
445
114
|
this.authManager = new AuthManager({
|
|
446
115
|
jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,
|
|
@@ -462,14 +131,12 @@ export class HiSecure {
|
|
|
462
131
|
});
|
|
463
132
|
}
|
|
464
133
|
|
|
465
|
-
// ================= AUTH =================
|
|
466
134
|
static auth(options?: { required?: boolean; roles?: string[] }) {
|
|
467
135
|
const i = HiSecure.get();
|
|
468
136
|
if (!i.authManager) throw new Error("Auth not enabled");
|
|
469
137
|
return i.authManager.protect(options);
|
|
470
138
|
}
|
|
471
139
|
|
|
472
|
-
// ================= JWT =================
|
|
473
140
|
static jwt = {
|
|
474
141
|
sign(payload: object, options?: any) {
|
|
475
142
|
const i = HiSecure.get();
|
|
@@ -493,7 +160,6 @@ export class HiSecure {
|
|
|
493
160
|
}
|
|
494
161
|
};
|
|
495
162
|
|
|
496
|
-
// ================= OTHER UTILS =================
|
|
497
163
|
static validate(schema: ValidationSchema) {
|
|
498
164
|
return HiSecure.get().validatorManager.validate(schema);
|
|
499
165
|
}
|
|
@@ -538,7 +204,6 @@ export class HiSecure {
|
|
|
538
204
|
return HiSecure.get().hashManager.verify(value, hash);
|
|
539
205
|
}
|
|
540
206
|
|
|
541
|
-
// ================= GLOBAL MIDDLEWARE =================
|
|
542
207
|
static middleware(options?: SecureOptions | MiddlewarePreset) {
|
|
543
208
|
const i = HiSecure.get();
|
|
544
209
|
|
package/src/core/useSecure.ts
CHANGED
|
@@ -1,54 +1,3 @@
|
|
|
1
|
-
// import { HiSecure } from "./HiSecure.js";
|
|
2
|
-
// import { SecureOptions } from "./types/SecureOptions.js";
|
|
3
|
-
|
|
4
|
-
// /**
|
|
5
|
-
// * @deprecated Use HiSecure.middleware() or fluent API instead
|
|
6
|
-
// */
|
|
7
|
-
|
|
8
|
-
// export function useSecure(options?: SecureOptions | "api" | "strict" | "public") {
|
|
9
|
-
// console.warn("useSecure() is deprecated. Use HiSecure.middleware() or fluent API methods.");
|
|
10
|
-
// return HiSecure.middleware(options);
|
|
11
|
-
// }
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
// // Legacy support - route-level security
|
|
15
|
-
|
|
16
|
-
// export function secureRoute(options?: SecureOptions) {
|
|
17
|
-
// const chain: any[] = [];
|
|
18
|
-
|
|
19
|
-
// if (options?.cors) {
|
|
20
|
-
// chain.push(HiSecure.cors(
|
|
21
|
-
// typeof options.cors === 'object' ? options.cors : undefined
|
|
22
|
-
// ));
|
|
23
|
-
// }
|
|
24
|
-
|
|
25
|
-
// if (options?.rateLimit) {
|
|
26
|
-
// chain.push(HiSecure.rateLimit(
|
|
27
|
-
// typeof options.rateLimit === 'object' ? options.rateLimit :
|
|
28
|
-
// options.rateLimit === "strict" ? "strict" : "relaxed"
|
|
29
|
-
// ));
|
|
30
|
-
// }
|
|
31
|
-
|
|
32
|
-
// if (options?.sanitize) {
|
|
33
|
-
// chain.push(HiSecure.sanitize(
|
|
34
|
-
// typeof options.sanitize === 'object' ? options.sanitize : undefined
|
|
35
|
-
// ));
|
|
36
|
-
// }
|
|
37
|
-
|
|
38
|
-
// if (options?.validate) {
|
|
39
|
-
// chain.push(HiSecure.validate(options.validate));
|
|
40
|
-
// }
|
|
41
|
-
|
|
42
|
-
// if (options?.auth) {
|
|
43
|
-
// chain.push(HiSecure.auth(
|
|
44
|
-
// typeof options.auth === 'object' ? options.auth : undefined
|
|
45
|
-
// ));
|
|
46
|
-
// }
|
|
47
|
-
// return chain;
|
|
48
|
-
// }
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
1
|
import { HiSecure } from "./HiSecure.js";
|
|
53
2
|
import { SecureOptions } from "./types/SecureOptions.js";
|
|
54
3
|
|
package/src/index.ts
CHANGED
|
@@ -1,24 +1,3 @@
|
|
|
1
|
-
// import { HiSecure } from "./core/HiSecure.js";
|
|
2
|
-
// import { useSecure, secureRoute } from "./core/useSecure.js";
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
// export { z } from "zod";
|
|
6
|
-
// export { body, query, param, header } from "express-validator";
|
|
7
|
-
|
|
8
|
-
// const hiSecure = HiSecure.getInstance();
|
|
9
|
-
|
|
10
|
-
// export {
|
|
11
|
-
// HiSecure,
|
|
12
|
-
// hiSecure,
|
|
13
|
-
// useSecure,
|
|
14
|
-
// secureRoute
|
|
15
|
-
// };
|
|
16
|
-
|
|
17
|
-
// export default hiSecure;
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
1
|
import { HiSecure } from "./core/HiSecure.js";
|
|
23
2
|
import { useSecure, secureRoute } from "./core/useSecure.js";
|
|
24
3
|
|