hi-secure 1.0.34 → 1.0.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/JWTAdapter.d.ts.map +1 -1
- package/dist/adapters/JWTAdapter.js +0 -95
- package/dist/adapters/JWTAdapter.js.map +1 -1
- package/dist/core/HiSecure.d.ts.map +1 -1
- package/dist/core/HiSecure.js +0 -13
- package/dist/core/HiSecure.js.map +1 -1
- package/dist/core/useSecure.d.ts.map +1 -1
- package/dist/core/useSecure.js +0 -38
- package/dist/core/useSecure.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +0 -12
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
- package/src/adapters/JWTAdapter.ts +0 -115
- package/src/core/HiSecure.ts +0 -335
- package/src/core/useSecure.ts +0 -51
- package/src/index.ts +0 -21
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JWTAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"JWTAdapter.d.ts","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,GAAsC,MAAM,cAAc,CAAC;AAOlE,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,SAAS,CAAC,EAAE,GAAG,CAAC,SAAS,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC9B;AAWD,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,SAAS,CAAC,CAAY;IAC9B,OAAO,CAAC,SAAS,CAAgB;IACjC,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,QAAQ,CAAC,CAAoB;gBAEzB,OAAO,EAAE,iBAAiB;IAmBtC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW;IAuC3C,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;KAAE;CAgCjE"}
|
|
@@ -1,98 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
// import jwt from "jsonwebtoken";
|
|
3
|
-
// import { randomUUID } from "crypto";
|
|
4
|
-
// import { AdapterError } from "../core/errors/AdapterError";
|
|
5
|
-
// import { logger } from "../logging";
|
|
6
2
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
7
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
8
4
|
};
|
|
9
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
6
|
exports.JWTAdapter = void 0;
|
|
11
|
-
// export interface JWTAdapterOptions {
|
|
12
|
-
// secret: string;
|
|
13
|
-
// expiresIn?: string | number;
|
|
14
|
-
// algorithm?: jwt.Algorithm;
|
|
15
|
-
// issuer?: string;
|
|
16
|
-
// audience?: string | string[];
|
|
17
|
-
// }
|
|
18
|
-
// export interface SignOptions {
|
|
19
|
-
// expiresIn?: string | number;
|
|
20
|
-
// jti?: string;
|
|
21
|
-
// subject?: string;
|
|
22
|
-
// issuer?: string;
|
|
23
|
-
// audience?: string | string[];
|
|
24
|
-
// }
|
|
25
|
-
// export class JWTAdapter {
|
|
26
|
-
// private secret: string;
|
|
27
|
-
// private expiresIn?: string | number;
|
|
28
|
-
// private algorithm: jwt.Algorithm;
|
|
29
|
-
// private issuer?: string;
|
|
30
|
-
// private audience?: string | string[];
|
|
31
|
-
// constructor(options: JWTAdapterOptions) {
|
|
32
|
-
// if (!options.secret) {
|
|
33
|
-
// throw new AdapterError("JWT secret is required");
|
|
34
|
-
// }
|
|
35
|
-
// if (options.secret.length < 32) {
|
|
36
|
-
// logger.warn("Weak JWT secret detected", {
|
|
37
|
-
// adapter: "jwt",
|
|
38
|
-
// operation: "init",
|
|
39
|
-
// secretLength: options.secret.length
|
|
40
|
-
// });
|
|
41
|
-
// }
|
|
42
|
-
// this.secret = options.secret;
|
|
43
|
-
// this.expiresIn = options.expiresIn;
|
|
44
|
-
// this.algorithm = options.algorithm || "HS256";
|
|
45
|
-
// this.issuer = options.issuer;
|
|
46
|
-
// this.audience = options.audience;
|
|
47
|
-
// }
|
|
48
|
-
// sign(payload: object, options?: SignOptions) {
|
|
49
|
-
// try {
|
|
50
|
-
// const jwtOptions: jwt.SignOptions = {
|
|
51
|
-
// algorithm: this.algorithm,
|
|
52
|
-
// issuer: options?.issuer || this.issuer,
|
|
53
|
-
// audience: options?.audience || this.audience,
|
|
54
|
-
// jwtid: options?.jti || randomUUID(),
|
|
55
|
-
// subject: options?.subject
|
|
56
|
-
// };
|
|
57
|
-
// if (options?.expiresIn !== undefined) {
|
|
58
|
-
// jwtOptions.expiresIn = options.expiresIn as any;
|
|
59
|
-
// } else if (this.expiresIn !== undefined) {
|
|
60
|
-
// jwtOptions.expiresIn = this.expiresIn as any;
|
|
61
|
-
// }
|
|
62
|
-
// return jwt.sign(payload, this.secret, jwtOptions);
|
|
63
|
-
// } catch (err: any) {
|
|
64
|
-
// logger.error("JWT signing failed", {
|
|
65
|
-
// adapter: "jwt",
|
|
66
|
-
// operation: "sign",
|
|
67
|
-
// reason: err?.message
|
|
68
|
-
// });
|
|
69
|
-
// throw new AdapterError("JWT sign failed");
|
|
70
|
-
// }
|
|
71
|
-
// }
|
|
72
|
-
// verify(token: string, options?: { audience?: string | string[] }) {
|
|
73
|
-
// try {
|
|
74
|
-
// const verifyOptions: jwt.VerifyOptions = {
|
|
75
|
-
// algorithms: [this.algorithm],
|
|
76
|
-
// issuer: this.issuer,
|
|
77
|
-
// audience: (options?.audience || this.audience) as string
|
|
78
|
-
// };
|
|
79
|
-
// return jwt.verify(token, this.secret, verifyOptions);
|
|
80
|
-
// } catch (err: any) {
|
|
81
|
-
// logger.error("JWT verification failed", {
|
|
82
|
-
// adapter: "jwt",
|
|
83
|
-
// operation: "verify",
|
|
84
|
-
// reason: err?.message
|
|
85
|
-
// });
|
|
86
|
-
// if (err?.name === "TokenExpiredError") {
|
|
87
|
-
// throw new AdapterError("JWT token has expired");
|
|
88
|
-
// }
|
|
89
|
-
// if (err?.name === "JsonWebTokenError") {
|
|
90
|
-
// throw new AdapterError("Invalid JWT token");
|
|
91
|
-
// }
|
|
92
|
-
// throw new AdapterError("JWT verification failed");
|
|
93
|
-
// }
|
|
94
|
-
// }
|
|
95
|
-
// }
|
|
96
7
|
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
97
8
|
const crypto_1 = require("crypto");
|
|
98
9
|
const AdapterError_1 = require("../core/errors/AdapterError");
|
|
@@ -123,27 +34,22 @@ class JWTAdapter {
|
|
|
123
34
|
this.audience = options.audience;
|
|
124
35
|
this.expiresIn = options.expiresIn;
|
|
125
36
|
}
|
|
126
|
-
// ================= SIGN =================
|
|
127
37
|
sign(payload, options) {
|
|
128
38
|
try {
|
|
129
39
|
const jwtOptions = {
|
|
130
40
|
algorithm: this.algorithm,
|
|
131
41
|
jwtid: options?.jti ?? (0, crypto_1.randomUUID)()
|
|
132
42
|
};
|
|
133
|
-
// ✅ subject ONLY if string
|
|
134
43
|
if (typeof options?.subject === "string") {
|
|
135
44
|
jwtOptions.subject = options.subject;
|
|
136
45
|
}
|
|
137
|
-
// ✅ issuer
|
|
138
46
|
const issuer = options?.issuer ?? this.issuer;
|
|
139
47
|
if (typeof issuer === "string") {
|
|
140
48
|
jwtOptions.issuer = issuer;
|
|
141
49
|
}
|
|
142
|
-
// ✅ audience
|
|
143
50
|
const audience = normalizeAudience(options?.audience ?? this.audience);
|
|
144
51
|
if (audience)
|
|
145
52
|
jwtOptions.audience = audience;
|
|
146
|
-
// ✅ expiresIn
|
|
147
53
|
const expires = options?.expiresIn !== undefined
|
|
148
54
|
? options.expiresIn
|
|
149
55
|
: this.expiresIn;
|
|
@@ -161,7 +67,6 @@ class JWTAdapter {
|
|
|
161
67
|
throw new AdapterError_1.AdapterError("JWT sign failed");
|
|
162
68
|
}
|
|
163
69
|
}
|
|
164
|
-
// ================= VERIFY =================
|
|
165
70
|
verify(token, options) {
|
|
166
71
|
try {
|
|
167
72
|
const verifyOptions = {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JWTAdapter.js","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":";AAAA,kCAAkC;AAClC,uCAAuC;AACvC,8DAA8D;AAC9D,uCAAuC;;;;;;AAEvC,uCAAuC;AACvC,sBAAsB;AACtB,mCAAmC;AACnC,iCAAiC;AACjC,uBAAuB;AACvB,oCAAoC;AACpC,IAAI;AAEJ,iCAAiC;AACjC,mCAAmC;AACnC,oBAAoB;AACpB,wBAAwB;AACxB,uBAAuB;AACvB,oCAAoC;AACpC,IAAI;AAEJ,4BAA4B;AAC5B,8BAA8B;AAC9B,2CAA2C;AAC3C,wCAAwC;AACxC,+BAA+B;AAC/B,4CAA4C;AAE5C,gDAAgD;AAChD,iCAAiC;AACjC,gEAAgE;AAChE,YAAY;AAEZ,4CAA4C;AAC5C,wDAAwD;AACxD,kCAAkC;AAClC,qCAAqC;AACrC,sDAAsD;AACtD,kBAAkB;AAClB,YAAY;AAEZ,wCAAwC;AACxC,8CAA8C;AAC9C,yDAAyD;AACzD,wCAAwC;AACxC,4CAA4C;AAC5C,QAAQ;AAER,qDAAqD;AACrD,gBAAgB;AAChB,oDAAoD;AACpD,6CAA6C;AAC7C,0DAA0D;AAC1D,gEAAgE;AAChE,uDAAuD;AACvD,4CAA4C;AAC5C,iBAAiB;AAEjB,sDAAsD;AACtD,mEAAmE;AACnE,yDAAyD;AACzD,gEAAgE;AAChE,gBAAgB;AAEhB,iEAAiE;AAEjE,+BAA+B;AAC/B,mDAAmD;AACnD,kCAAkC;AAClC,qCAAqC;AACrC,uCAAuC;AACvC,kBAAkB;AAElB,yDAAyD;AACzD,YAAY;AACZ,QAAQ;AAER,0EAA0E;AAC1E,gBAAgB;AAChB,yDAAyD;AACzD,gDAAgD;AAChD,uCAAuC;AACvC,2EAA2E;AAC3E,iBAAiB;AAEjB,oEAAoE;AAEpE,+BAA+B;AAC/B,wDAAwD;AACxD,kCAAkC;AAClC,uCAAuC;AACvC,uCAAuC;AACvC,kBAAkB;AAElB,uDAAuD;AACvD,mEAAmE;AACnE,gBAAgB;AAEhB,uDAAuD;AACvD,+DAA+D;AAC/D,gBAAgB;AAEhB,iEAAiE;AACjE,YAAY;AACZ,QAAQ;AACR,IAAI;AAIJ,gEAAkE;AAClE,mCAAoC;AACpC,8DAA2D;AAC3D,wCAAoC;AAoBpC,SAAS,iBAAiB,CACxB,GAAuB;IAEvB,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAA4B,CAAC;IACxD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAa,UAAU;IAOrB,YAAY,OAA0B;QACpC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,MAAM,IAAI,2BAAY,CAAC,wBAAwB,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC/B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACtC,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;aACpC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAsB,CAAC;IAClD,CAAC;IAED,2CAA2C;IAC3C,IAAI,CAAC,OAAe,EAAE,OAAqB;QACzC,IAAI,CAAC;YACH,MAAM,UAAU,GAAoB;gBAClC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,IAAA,mBAAU,GAAE;aACpC,CAAC;YAEF,2BAA2B;YAC3B,IAAI,OAAO,OAAO,EAAE,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACzC,UAAU,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;YACvC,CAAC;YAED,WAAW;YACX,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC;YAC9C,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;gBAC/B,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC;YAC7B,CAAC;YAED,aAAa;YACb,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ;gBAAE,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE7C,cAAc;YACd,MAAM,OAAO,GACX,OAAO,EAAE,SAAS,KAAK,SAAS;gBAC9B,CAAC,CAAE,OAAO,CAAC,SAAuB;gBAClC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;YAErB,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;gBAC1B,UAAU,CAAC,SAAS,GAAG,OAAO,CAAC;YACjC,CAAC;YAED,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,gBAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBACjC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,IAAI,2BAAY,CAAC,iBAAiB,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,MAAM,CAAC,KAAa,EAAE,OAA0C;QAC9D,IAAI,CAAC;YACH,MAAM,aAAa,GAAsB;gBACvC,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;aAC7B,CAAC;YAEF,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACpC,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YACrC,CAAC;YAED,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ;gBAAE,aAAa,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAEhD,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,gBAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,GAAG,EAAE,OAAO;aACrB,CAAC,CAAC;YAEH,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAAY,CAAC,uBAAuB,CAAC,CAAC;YAClD,CAAC;YAED,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC;YAC9C,CAAC;YAED,MAAM,IAAI,2BAAY,CAAC,yBAAyB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;CACF;AAvGD,gCAuGC","sourcesContent":["// import jwt from \"jsonwebtoken\";\r\n// import { randomUUID } from \"crypto\";\r\n// import { AdapterError } from \"../core/errors/AdapterError\";\r\n// import { logger } from \"../logging\";\r\n\r\n// export interface JWTAdapterOptions {\r\n// secret: string;\r\n// expiresIn?: string | number;\r\n// algorithm?: jwt.Algorithm;\r\n// issuer?: string;\r\n// audience?: string | string[];\r\n// }\r\n\r\n// export interface SignOptions {\r\n// expiresIn?: string | number;\r\n// jti?: string;\r\n// subject?: string;\r\n// issuer?: string;\r\n// audience?: string | string[];\r\n// }\r\n\r\n// export class JWTAdapter {\r\n// private secret: string;\r\n// private expiresIn?: string | number;\r\n// private algorithm: jwt.Algorithm;\r\n// private issuer?: string;\r\n// private audience?: string | string[];\r\n\r\n// constructor(options: JWTAdapterOptions) {\r\n// if (!options.secret) {\r\n// throw new AdapterError(\"JWT secret is required\");\r\n// }\r\n\r\n// if (options.secret.length < 32) {\r\n// logger.warn(\"Weak JWT secret detected\", {\r\n// adapter: \"jwt\",\r\n// operation: \"init\",\r\n// secretLength: options.secret.length\r\n// });\r\n// }\r\n\r\n// this.secret = options.secret;\r\n// this.expiresIn = options.expiresIn;\r\n// this.algorithm = options.algorithm || \"HS256\";\r\n// this.issuer = options.issuer;\r\n// this.audience = options.audience;\r\n// }\r\n\r\n// sign(payload: object, options?: SignOptions) {\r\n// try {\r\n// const jwtOptions: jwt.SignOptions = {\r\n// algorithm: this.algorithm,\r\n// issuer: options?.issuer || this.issuer,\r\n// audience: options?.audience || this.audience,\r\n// jwtid: options?.jti || randomUUID(),\r\n// subject: options?.subject\r\n// };\r\n\r\n// if (options?.expiresIn !== undefined) {\r\n// jwtOptions.expiresIn = options.expiresIn as any;\r\n// } else if (this.expiresIn !== undefined) {\r\n// jwtOptions.expiresIn = this.expiresIn as any;\r\n// }\r\n\r\n// return jwt.sign(payload, this.secret, jwtOptions);\r\n\r\n// } catch (err: any) {\r\n// logger.error(\"JWT signing failed\", {\r\n// adapter: \"jwt\",\r\n// operation: \"sign\",\r\n// reason: err?.message\r\n// });\r\n\r\n// throw new AdapterError(\"JWT sign failed\");\r\n// }\r\n// }\r\n\r\n// verify(token: string, options?: { audience?: string | string[] }) {\r\n// try {\r\n// const verifyOptions: jwt.VerifyOptions = {\r\n// algorithms: [this.algorithm],\r\n// issuer: this.issuer,\r\n// audience: (options?.audience || this.audience) as string\r\n// };\r\n\r\n// return jwt.verify(token, this.secret, verifyOptions);\r\n\r\n// } catch (err: any) {\r\n// logger.error(\"JWT verification failed\", {\r\n// adapter: \"jwt\",\r\n// operation: \"verify\",\r\n// reason: err?.message\r\n// });\r\n\r\n// if (err?.name === \"TokenExpiredError\") {\r\n// throw new AdapterError(\"JWT token has expired\");\r\n// }\r\n\r\n// if (err?.name === \"JsonWebTokenError\") {\r\n// throw new AdapterError(\"Invalid JWT token\");\r\n// }\r\n\r\n// throw new AdapterError(\"JWT verification failed\");\r\n// }\r\n// }\r\n// }\r\n\r\n\r\n\r\nimport jwt, { SignOptions as JwtSignOptions } from \"jsonwebtoken\";\r\nimport { randomUUID } from \"crypto\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { logger } from \"../logging\";\r\n\r\ntype ExpiresIn = JwtSignOptions[\"expiresIn\"];\r\n\r\nexport interface JWTAdapterOptions {\r\n secret: string;\r\n expiresIn?: string | number;\r\n algorithm?: jwt.Algorithm;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nexport interface SignOptions {\r\n expiresIn?: string | number;\r\n jti?: string;\r\n subject?: string;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nfunction normalizeAudience(\r\n aud?: string | string[]\r\n): string | [string, ...string[]] | undefined {\r\n if (!aud) return undefined;\r\n if (typeof aud === \"string\") return aud;\r\n if (aud.length > 0) return aud as [string, ...string[]];\r\n return undefined;\r\n}\r\n\r\nexport class JWTAdapter {\r\n private secret: string;\r\n private expiresIn?: ExpiresIn;\r\n private algorithm: jwt.Algorithm;\r\n private issuer?: string;\r\n private audience?: string | string[];\r\n\r\n constructor(options: JWTAdapterOptions) {\r\n if (!options.secret) {\r\n throw new AdapterError(\"JWT secret is required\");\r\n }\r\n\r\n if (options.secret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n adapter: \"jwt\",\r\n secretLength: options.secret.length\r\n });\r\n }\r\n\r\n this.secret = options.secret;\r\n this.algorithm = options.algorithm ?? \"HS256\";\r\n this.issuer = options.issuer;\r\n this.audience = options.audience;\r\n this.expiresIn = options.expiresIn as ExpiresIn;\r\n }\r\n\r\n // ================= SIGN =================\r\n sign(payload: object, options?: SignOptions) {\r\n try {\r\n const jwtOptions: jwt.SignOptions = {\r\n algorithm: this.algorithm,\r\n jwtid: options?.jti ?? randomUUID()\r\n };\r\n\r\n // ✅ subject ONLY if string\r\n if (typeof options?.subject === \"string\") {\r\n jwtOptions.subject = options.subject;\r\n }\r\n\r\n // ✅ issuer\r\n const issuer = options?.issuer ?? this.issuer;\r\n if (typeof issuer === \"string\") {\r\n jwtOptions.issuer = issuer;\r\n }\r\n\r\n // ✅ audience\r\n const audience = normalizeAudience(options?.audience ?? this.audience);\r\n if (audience) jwtOptions.audience = audience;\r\n\r\n // ✅ expiresIn\r\n const expires =\r\n options?.expiresIn !== undefined\r\n ? (options.expiresIn as ExpiresIn)\r\n : this.expiresIn;\r\n\r\n if (expires !== undefined) {\r\n jwtOptions.expiresIn = expires;\r\n }\r\n\r\n return jwt.sign(payload, this.secret, jwtOptions);\r\n } catch (err: any) {\r\n logger.error(\"JWT signing failed\", {\r\n adapter: \"jwt\",\r\n operation: \"sign\",\r\n reason: err?.message\r\n });\r\n throw new AdapterError(\"JWT sign failed\");\r\n }\r\n }\r\n\r\n // ================= VERIFY =================\r\n verify(token: string, options?: { audience?: string | string[] }) {\r\n try {\r\n const verifyOptions: jwt.VerifyOptions = {\r\n algorithms: [this.algorithm]\r\n };\r\n\r\n if (typeof this.issuer === \"string\") {\r\n verifyOptions.issuer = this.issuer;\r\n }\r\n\r\n const audience = normalizeAudience(options?.audience ?? this.audience);\r\n if (audience) verifyOptions.audience = audience;\r\n\r\n return jwt.verify(token, this.secret, verifyOptions);\r\n } catch (err: any) {\r\n logger.error(\"JWT verification failed\", {\r\n adapter: \"jwt\",\r\n operation: \"verify\",\r\n reason: err?.message\r\n });\r\n\r\n if (err?.name === \"TokenExpiredError\") {\r\n throw new AdapterError(\"JWT token has expired\");\r\n }\r\n\r\n if (err?.name === \"JsonWebTokenError\") {\r\n throw new AdapterError(\"Invalid JWT token\");\r\n }\r\n\r\n throw new AdapterError(\"JWT verification failed\");\r\n }\r\n }\r\n}\r\n"]}
|
|
1
|
+
{"version":3,"file":"JWTAdapter.js","sourceRoot":"","sources":["../../src/adapters/JWTAdapter.ts"],"names":[],"mappings":";;;;;;AAAA,gEAAkE;AAClE,mCAAoC;AACpC,8DAA2D;AAC3D,wCAAoC;AAoBpC,SAAS,iBAAiB,CACxB,GAAuB;IAEvB,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAA4B,CAAC;IACxD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAa,UAAU;IAOrB,YAAY,OAA0B;QACpC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,MAAM,IAAI,2BAAY,CAAC,wBAAwB,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC/B,gBAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACtC,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;aACpC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC;QAC9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAsB,CAAC;IAClD,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,OAAqB;QACzC,IAAI,CAAC;YACH,MAAM,UAAU,GAAoB;gBAClC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,IAAA,mBAAU,GAAE;aACpC,CAAC;YAEF,IAAI,OAAO,OAAO,EAAE,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACzC,UAAU,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;YACvC,CAAC;YAED,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC;YAC9C,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;gBAC/B,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC;YAC7B,CAAC;YAED,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ;gBAAE,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAE7C,MAAM,OAAO,GACX,OAAO,EAAE,SAAS,KAAK,SAAS;gBAC9B,CAAC,CAAE,OAAO,CAAC,SAAuB;gBAClC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;YAErB,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;gBAC1B,UAAU,CAAC,SAAS,GAAG,OAAO,CAAC;YACjC,CAAC;YAED,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,gBAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBACjC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,GAAG,EAAE,OAAO;aACrB,CAAC,CAAC;YACH,MAAM,IAAI,2BAAY,CAAC,iBAAiB,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAAa,EAAE,OAA0C;QAC9D,IAAI,CAAC;YACH,MAAM,aAAa,GAAsB;gBACvC,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;aAC7B,CAAC;YAEF,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACpC,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YACrC,CAAC;YAED,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ;gBAAE,aAAa,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAEhD,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,gBAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,GAAG,EAAE,OAAO;aACrB,CAAC,CAAC;YAEH,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAAY,CAAC,uBAAuB,CAAC,CAAC;YAClD,CAAC;YAED,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACtC,MAAM,IAAI,2BAAY,CAAC,mBAAmB,CAAC,CAAC;YAC9C,CAAC;YAED,MAAM,IAAI,2BAAY,CAAC,yBAAyB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;CACF;AAjGD,gCAiGC","sourcesContent":["import jwt, { SignOptions as JwtSignOptions } from \"jsonwebtoken\";\r\nimport { randomUUID } from \"crypto\";\r\nimport { AdapterError } from \"../core/errors/AdapterError\";\r\nimport { logger } from \"../logging\";\r\n\r\ntype ExpiresIn = JwtSignOptions[\"expiresIn\"];\r\n\r\nexport interface JWTAdapterOptions {\r\n secret: string;\r\n expiresIn?: string | number;\r\n algorithm?: jwt.Algorithm;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nexport interface SignOptions {\r\n expiresIn?: string | number;\r\n jti?: string;\r\n subject?: string;\r\n issuer?: string;\r\n audience?: string | string[];\r\n}\r\n\r\nfunction normalizeAudience(\r\n aud?: string | string[]\r\n): string | [string, ...string[]] | undefined {\r\n if (!aud) return undefined;\r\n if (typeof aud === \"string\") return aud;\r\n if (aud.length > 0) return aud as [string, ...string[]];\r\n return undefined;\r\n}\r\n\r\nexport class JWTAdapter {\r\n private secret: string;\r\n private expiresIn?: ExpiresIn;\r\n private algorithm: jwt.Algorithm;\r\n private issuer?: string;\r\n private audience?: string | string[];\r\n\r\n constructor(options: JWTAdapterOptions) {\r\n if (!options.secret) {\r\n throw new AdapterError(\"JWT secret is required\");\r\n }\r\n\r\n if (options.secret.length < 32) {\r\n logger.warn(\"Weak JWT secret detected\", {\r\n adapter: \"jwt\",\r\n secretLength: options.secret.length\r\n });\r\n }\r\n\r\n this.secret = options.secret;\r\n this.algorithm = options.algorithm ?? \"HS256\";\r\n this.issuer = options.issuer;\r\n this.audience = options.audience;\r\n this.expiresIn = options.expiresIn as ExpiresIn;\r\n }\r\n\r\n sign(payload: object, options?: SignOptions) {\r\n try {\r\n const jwtOptions: jwt.SignOptions = {\r\n algorithm: this.algorithm,\r\n jwtid: options?.jti ?? randomUUID()\r\n };\r\n\r\n if (typeof options?.subject === \"string\") {\r\n jwtOptions.subject = options.subject;\r\n }\r\n\r\n const issuer = options?.issuer ?? this.issuer;\r\n if (typeof issuer === \"string\") {\r\n jwtOptions.issuer = issuer;\r\n }\r\n\r\n const audience = normalizeAudience(options?.audience ?? this.audience);\r\n if (audience) jwtOptions.audience = audience;\r\n\r\n const expires =\r\n options?.expiresIn !== undefined\r\n ? (options.expiresIn as ExpiresIn)\r\n : this.expiresIn;\r\n\r\n if (expires !== undefined) {\r\n jwtOptions.expiresIn = expires;\r\n }\r\n\r\n return jwt.sign(payload, this.secret, jwtOptions);\r\n } catch (err: any) {\r\n logger.error(\"JWT signing failed\", {\r\n adapter: \"jwt\",\r\n operation: \"sign\",\r\n reason: err?.message\r\n });\r\n throw new AdapterError(\"JWT sign failed\");\r\n }\r\n }\r\n\r\n verify(token: string, options?: { audience?: string | string[] }) {\r\n try {\r\n const verifyOptions: jwt.VerifyOptions = {\r\n algorithms: [this.algorithm]\r\n };\r\n\r\n if (typeof this.issuer === \"string\") {\r\n verifyOptions.issuer = this.issuer;\r\n }\r\n\r\n const audience = normalizeAudience(options?.audience ?? this.audience);\r\n if (audience) verifyOptions.audience = audience;\r\n\r\n return jwt.verify(token, this.secret, verifyOptions);\r\n } catch (err: any) {\r\n logger.error(\"JWT verification failed\", {\r\n adapter: \"jwt\",\r\n operation: \"verify\",\r\n reason: err?.message\r\n });\r\n\r\n if (err?.name === \"TokenExpiredError\") {\r\n throw new AdapterError(\"JWT token has expired\");\r\n }\r\n\r\n if (err?.name === \"JsonWebTokenError\") {\r\n throw new AdapterError(\"Invalid JWT token\");\r\n }\r\n\r\n throw new AdapterError(\"JWT verification failed\");\r\n }\r\n }\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"HiSecure.d.ts","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"HiSecure.d.ts","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAiC3D,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAE3E,KAAK,gBAAgB,GAAG,QAAQ,GAAG,KAAK,GAAG,QAAQ,CAAC;AAEpD,qBAAa,QAAQ;IACnB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAyB;IAEhD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiB;IACxC,OAAO,CAAC,WAAW,CAAS;IAE5B,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,gBAAgB,CAAoB;IAC5C,OAAO,CAAC,gBAAgB,CAAoB;IAC5C,OAAO,CAAC,gBAAgB,CAAoB;IAC5C,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,WAAW,CAAC,CAAc;IAElC,OAAO;IAIP,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,QAAQ;IAU3D,OAAO,CAAC,MAAM,CAAC,GAAG;IAOlB,OAAO,CAAC,SAAS;IA6DjB,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE;IAM9D,MAAM,CAAC,GAAG;sBACM,MAAM,YAAY,GAAG;sBAMrB,MAAM;;mCAOK,MAAM;;MAO/B;IAEF,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,gBAAgB;IAIxC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,GAAG;IAI7B,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,QAAQ,GAAG,SAAS,GAAG,KAAK,GAAG,MAAM;IAgB9D,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG;kBA7JO,CAAC;;;iBAID,CAAC;IA6JjC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG;WAKZ,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAOjD,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAI5D,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,aAAa,GAAG,gBAAgB;IAe5D,OAAO,CAAC,WAAW;CAqBpB"}
|
package/dist/core/HiSecure.js
CHANGED
|
@@ -1,10 +1,4 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
// import { HiSecureConfig } from "./types/HiSecureConfig.js";
|
|
3
|
-
// import { defaultConfig } from "./config.js";
|
|
4
|
-
// import { LIB_NAME, LIB_VERSION } from "./constants.js";
|
|
5
|
-
// import { deepMerge } from "../utils/deepMerge.js";
|
|
6
|
-
// import { deepFreeze } from "../utils/deepFreeze.js";
|
|
7
|
-
// import { logger } from "../logging";
|
|
8
2
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
9
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
10
4
|
};
|
|
@@ -42,7 +36,6 @@ class HiSecure {
|
|
|
42
36
|
this.initialized = false;
|
|
43
37
|
this.config = config;
|
|
44
38
|
}
|
|
45
|
-
// ================= INIT (ONLY ONCE) =================
|
|
46
39
|
static init(userConfig) {
|
|
47
40
|
if (HiSecure.instance)
|
|
48
41
|
return HiSecure.instance;
|
|
@@ -66,7 +59,6 @@ class HiSecure {
|
|
|
66
59
|
lib: constants_js_1.LIB_NAME,
|
|
67
60
|
version: constants_js_1.LIB_VERSION
|
|
68
61
|
});
|
|
69
|
-
// ===== Core Managers =====
|
|
70
62
|
this.hashManager = new HashManager_js_1.HashManager(this.config.hashing, this.config.hashing.primary === "argon2"
|
|
71
63
|
? new ArgonAdapter_js_1.ArgonAdapter()
|
|
72
64
|
: new BcryptAdapter_js_1.BcryptAdapter(this.config.hashing.saltRounds), this.config.hashing.fallback
|
|
@@ -79,7 +71,6 @@ class HiSecure {
|
|
|
79
71
|
this.sanitizerManager = new SanitizerManager_js_1.SanitizerManager(new SanitizeHtmlAdapter_js_1.SanitizeHtmlAdapter(this.config.sanitizer), new XSSAdapter_js_1.XSSAdapter(this.config.sanitizer));
|
|
80
72
|
this.jsonManager = new JsonManager_js_1.JsonManager();
|
|
81
73
|
this.corsManager = new CorsManager_js_1.CorsManager();
|
|
82
|
-
// ===== AUTH (OPTIONAL) =====
|
|
83
74
|
if (this.config.auth?.enabled) {
|
|
84
75
|
this.authManager = new AuthManager_js_1.AuthManager({
|
|
85
76
|
jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret,
|
|
@@ -97,14 +88,12 @@ class HiSecure {
|
|
|
97
88
|
layer: "hisecure-core"
|
|
98
89
|
});
|
|
99
90
|
}
|
|
100
|
-
// ================= AUTH =================
|
|
101
91
|
static auth(options) {
|
|
102
92
|
const i = HiSecure.get();
|
|
103
93
|
if (!i.authManager)
|
|
104
94
|
throw new Error("Auth not enabled");
|
|
105
95
|
return i.authManager.protect(options);
|
|
106
96
|
}
|
|
107
|
-
// ================= OTHER UTILS =================
|
|
108
97
|
static validate(schema) {
|
|
109
98
|
return HiSecure.get().validatorManager.validate(schema);
|
|
110
99
|
}
|
|
@@ -139,7 +128,6 @@ class HiSecure {
|
|
|
139
128
|
static verify(value, hash) {
|
|
140
129
|
return HiSecure.get().hashManager.verify(value, hash);
|
|
141
130
|
}
|
|
142
|
-
// ================= GLOBAL MIDDLEWARE =================
|
|
143
131
|
static middleware(options) {
|
|
144
132
|
const i = HiSecure.get();
|
|
145
133
|
const presets = {
|
|
@@ -174,7 +162,6 @@ class HiSecure {
|
|
|
174
162
|
}
|
|
175
163
|
exports.HiSecure = HiSecure;
|
|
176
164
|
HiSecure.instance = null;
|
|
177
|
-
// ================= JWT =================
|
|
178
165
|
HiSecure.jwt = {
|
|
179
166
|
sign(payload, options) {
|
|
180
167
|
const i = HiSecure.get();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"HiSecure.js","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":";AAAA,8DAA8D;AAC9D,+CAA+C;AAC/C,0DAA0D;AAC1D,qDAAqD;AACrD,uDAAuD;AACvD,uCAAuC;;;;;;AAoUvC,2CAA4C;AAC5C,iDAAuD;AACvD,wDAAkD;AAClD,0DAAoD;AACpD,wCAAoC;AAEpC,WAAW;AACX,iEAA2D;AAC3D,mEAA6D;AAC7D,2EAAqE;AACrE,yEAAmE;AACnE,6DAAuD;AACvD,uFAAiF;AACjF,+EAAyE;AACzE,6DAAuD;AAEvD,WAAW;AACX,+DAAyD;AACzD,yEAAmE;AACnE,yEAAmE;AACnE,yEAAmE;AACnE,+DAAyD;AACzD,+DAAyD;AACzD,+DAAyD;AAEzD,cAAc;AACd,oDAA4B;AAC5B,8CAAsB;AACtB,8DAAsC;AACtC,oEAA8D;AAO9D,MAAa,QAAQ;IAcnB,YAAoB,MAAsB;QAVlC,gBAAW,GAAG,KAAK,CAAC;QAW1B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,uDAAuD;IACvD,MAAM,CAAC,IAAI,CAAC,UAAoC;QAC9C,IAAI,QAAQ,CAAC,QAAQ;YAAE,OAAO,QAAQ,CAAC,QAAQ,CAAC;QAEhD,MAAM,WAAW,GAAG,IAAA,wBAAS,EAAC,yBAAa,EAAE,UAAU,IAAI,EAAE,CAAC,CAAC;QAC/D,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC3C,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,QAAQ,CAAC,SAAS,EAAE,CAAC;QACrB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,MAAM,CAAC,GAAG;QAChB,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO,QAAQ,CAAC,QAAQ,CAAC;IAC3B,CAAC;IAEO,SAAS;QACf,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;YAC9C,KAAK,EAAE,eAAe;YACtB,GAAG,EAAE,uBAAQ;YACb,OAAO,EAAE,0BAAW;SACrB,CAAC,CAAC;QAEH,4BAA4B;QAC5B,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAChC,IAAI,CAAC,MAAM,CAAC,OAAO,EACnB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,KAAK,QAAQ;YACtC,CAAC,CAAC,IAAI,8BAAY,EAAE;YACpB,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EACrD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ;YAC1B,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;YACnD,CAAC,CAAC,IAAI,CACT,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe;YACrC,CAAC,CAAC,IAAI,wCAAiB,EAAE;YACzB,CAAC,CAAC,IAAI,sCAAgB,EAAE,EAC1B,IAAI,sCAAgB,EAAE,CACvB,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,0BAAU,EAAE,EAChB,IAAI,oDAAuB,EAAE,CAC9B,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,4CAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAC9C,IAAI,0BAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CACtC,CAAC;QAEF,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QAErC,8BAA8B;QAC9B,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;YAC9B,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAAC;gBACjC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU;gBAChE,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBAC3C,cAAc,EACZ,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc;aAClE,CAAC,CAAC;YAEH,gBAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,IAAA,0BAAU,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAExB,gBAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE;YAChD,KAAK,EAAE,eAAe;SACvB,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,MAAM,CAAC,IAAI,CAAC,OAAkD;QAC5D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;IA0BD,kDAAkD;IAClD,MAAM,CAAC,QAAQ,CAAC,MAAwB;QACtC,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,OAAa;QAC3B,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,CAAC,SAAS,CAAC,MAA6C;QAC5D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QAEzB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG;gBACd,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC1B,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;gBAC5B,GAAG,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE;aACZ,CAAC;YAEX,OAAO,CAAC,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,CAAC,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACvB,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACvB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAa;QAC7B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE;YAC5D,aAAa,EAAE,IAAI;SACpB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,KAAa,EAAE,IAAY;QACvC,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,wDAAwD;IACxD,MAAM,CAAC,UAAU,CAAC,OAA0C;QAC1D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QAEzB,MAAM,OAAO,GAA4C;YACvD,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;YACvE,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE;YACzD,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;SACxC,CAAC;QAEF,MAAM,YAAY,GAChB,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC;QAEjE,OAAO,CAAC,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;IACrC,CAAC;IAEO,WAAW,CAAC,OAAsB;QACxC,MAAM,KAAK,GAAU,EAAE,CAAC;QAExB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAEhE,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,gBAAM,GAAE,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,aAAG,GAAE,CAAC,CAAC;QAC7C,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB;YAC/B,KAAK,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;QAEnD,IAAI,OAAO,CAAC,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;QAC5D,IAAI,OAAO,CAAC,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC,CAAC;QACrE,IAAI,OAAO,CAAC,SAAS;YACnB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QACnD,IAAI,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW;YAClC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;QAEzC,KAAK,CAAC,IAAI,CAAC,8BAAY,CAAC,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;;AAnNH,4BAoNC;AAnNgB,iBAAQ,GAAoB,IAAI,AAAxB,CAAyB;AAyGhD,0CAA0C;AACnC,YAAG,GAAG;IACX,IAAI,CAAC,OAAe,EAAE,OAAa;QACjC,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,CAAC,KAAa;QAClB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,EAAE;QACN,aAAa,CAAC,OAAe;YAC3B,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,CAAC,WAAW;gBAChB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAC/C,OAAO,CAAC,CAAC,WAAW,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACpD,CAAC;KACF;CACF,AArBS,CAqBR","sourcesContent":["// import { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\n// import { defaultConfig } from \"./config.js\";\r\n// import { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\n// import { deepMerge } from \"../utils/deepMerge.js\";\r\n// import { deepFreeze } from \"../utils/deepFreeze.js\";\r\n// import { logger } from \"../logging\";\r\n\r\n// // Adapters\r\n// import { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\n// import { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\n// import { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\n// import { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\n// import { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\n// import { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\n// import { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\n// import { XSSAdapter } from \"../adapters/XSSAdapter.js\";\r\n\r\n// // Managers\r\n// import { HashManager } from \"../managers/HashManager.js\";\r\n// import { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\n// import { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\n// import { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\n// import { JsonManager } from \"../managers/JsonManager.js\";\r\n// import { CorsManager } from \"../managers/CorsManager.js\";\r\n// import { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// // Middlewares\r\n// import helmet from \"helmet\";\r\n// import hpp from \"hpp\";\r\n// import compression from \"compression\";\r\n// import { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// // Types\r\n// import { SecureOptions, ValidationSchema } from \"./types/SecureOptions.js\";\r\n\r\n// export class HiSecure {\r\n// private static instance: HiSecure | null = null;\r\n// private config: HiSecureConfig;\r\n// private initialized = false;\r\n\r\n// // Managers\r\n// public hashManager!: HashManager;\r\n// public rateLimitManager!: RateLimitManager;\r\n// public validatorManager!: ValidatorManager;\r\n// public sanitizerManager!: SanitizerManager;\r\n// public jsonManager!: JsonManager;\r\n// public corsManager!: CorsManager;\r\n// public authManager?: AuthManager;\r\n\r\n// // Internal adapters\r\n// private hashingPrimary: any;\r\n// private hashingFallback: any;\r\n// private rateLimiterPrimary: any;\r\n// private rateLimiterFallback: any;\r\n// private sanitizerPrimary: any;\r\n// private sanitizerFallback: any;\r\n\r\n// private constructor(userConfig: Partial<HiSecureConfig> = {}) {\r\n// this.config = deepMerge(defaultConfig, userConfig);\r\n// }\r\n\r\n// // Singleton & Init\r\n\r\n// static getInstance(config?: Partial<HiSecureConfig>): HiSecure {\r\n// if (!HiSecure.instance) {\r\n// logger.info(\"Creating HiSecure singleton\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n// HiSecure.instance = new HiSecure(config);\r\n// HiSecure.instance.init();\r\n// }\r\n// return HiSecure.instance;\r\n// }\r\n\r\n// static resetInstance(): void {\r\n// HiSecure.instance = null;\r\n// }\r\n\r\n// init(): void {\r\n// if (this.initialized) {\r\n// logger.warn(\"Initialization skipped (already initialized)\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n// return;\r\n// }\r\n\r\n// logger.info(\"Framework initialization started\", {\r\n// layer: \"hisecure-core\",\r\n// lib: LIB_NAME,\r\n// version: LIB_VERSION\r\n// });\r\n\r\n// this.setupAdapters();\r\n// this.setupManagers();\r\n// this.setupDynamicManagers();\r\n\r\n// deepFreeze(this.config);\r\n// this.initialized = true;\r\n\r\n// logger.info(\"Framework initialized successfully\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n// }\r\n\r\n// // Public Fluent API\r\n// static auth(options?: { required?: boolean; roles?: string[] }) {\r\n// const instance = this.getInstance();\r\n// if (!instance.authManager) {\r\n// throw new Error(\"Auth not enabled. Set auth.enabled=true in config.\");\r\n// }\r\n// return instance.authManager.protect(options);\r\n// }\r\n\r\n// static validate(schema: ValidationSchema) {\r\n// return this.getInstance().validatorManager.validate(schema);\r\n// }\r\n\r\n// static sanitize(options?: any) {\r\n// return this.getInstance().sanitizerManager.middleware(options);\r\n// }\r\n\r\n// static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n// const instance = this.getInstance();\r\n\r\n// if (typeof preset === \"string\") {\r\n// logger.info(\"Rate limit preset applied\", {\r\n// layer: \"hisecure-core\",\r\n// preset\r\n// });\r\n\r\n// const presets: any = {\r\n// strict: { mode: \"strict\" },\r\n// relaxed: { mode: \"relaxed\" },\r\n// api: { mode: \"api\" }\r\n// };\r\n// return instance.rateLimitManager.middleware(presets[preset]);\r\n// }\r\n\r\n// return instance.rateLimitManager.middleware({ options: preset });\r\n// }\r\n\r\n// static cors(options?: any) {\r\n// return this.getInstance().corsManager.middleware(options);\r\n// }\r\n\r\n// static json(options?: any) {\r\n// const instance = this.getInstance();\r\n// return [\r\n// instance.jsonManager.middleware(options),\r\n// instance.jsonManager.urlencoded()\r\n// ];\r\n// }\r\n\r\n// // Utilities\r\n\r\n// static async hash(value: string): Promise<string> {\r\n// const instance = this.getInstance();\r\n// const result = await instance.hashManager.hash(value, { allowFallback: true });\r\n// return result.hash;\r\n// }\r\n\r\n// static async verify(value: string, hash: string): Promise<boolean> {\r\n// return this.getInstance().hashManager.verify(value, hash);\r\n// }\r\n\r\n// static jwt = {\r\n// sign: (payload: object, options?: any) =>\r\n// HiSecure.getInstance().authManager!.sign(payload, options),\r\n\r\n// verify: (token: string) =>\r\n// HiSecure.getInstance().authManager!.verify(token),\r\n\r\n// google: {\r\n// verifyIdToken: (idToken: string) =>\r\n// HiSecure.getInstance().authManager!.verifyGoogleIdToken(idToken)\r\n// }\r\n// };\r\n\r\n// // Global Middleware - globalLevel\r\n// static middleware(options?: SecureOptions | \"api\" | \"strict\" | \"public\") {\r\n// const instance = this.getInstance();\r\n\r\n// if (typeof options === \"string\") {\r\n// logger.info(\"Global middleware preset applied\", {\r\n// layer: \"hisecure-core\",\r\n// preset: options\r\n// });\r\n\r\n// const presets: any = {\r\n// api: { cors: true, rateLimit: \"relaxed\", sanitize: true },\r\n// strict: { cors: true, rateLimit: \"strict\", sanitize: true, auth: true },\r\n// public: { cors: true, rateLimit: true, sanitize: false }\r\n// };\r\n\r\n// return instance.createMiddlewareChain(presets[options] || {});\r\n// }\r\n\r\n// return instance.createMiddlewareChain(options || {});\r\n// }\r\n\r\n// // Internal Setup\r\n\r\n// private setupAdapters() {\r\n// logger.info(\"Adapters setup started\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n\r\n// this.hashingPrimary =\r\n// this.config.hashing.primary === \"argon2\"\r\n// ? new ArgonAdapter()\r\n// : new BcryptAdapter(this.config.hashing.saltRounds);\r\n\r\n// this.hashingFallback =\r\n// this.config.hashing.fallback === \"bcrypt\"\r\n// ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n// : null;\r\n\r\n// logger.info(\"Hashing adapters configured\", {\r\n// layer: \"hisecure-core\",\r\n// primary: this.config.hashing.primary,\r\n// fallback: this.config.hashing.fallback ?? null\r\n// });\r\n\r\n// this.rateLimiterPrimary = this.config.rateLimiter.useAdaptiveMode\r\n// ? new RLFlexibleAdapter()\r\n// : new ExpressRLAdapter();\r\n\r\n// this.rateLimiterFallback = new ExpressRLAdapter();\r\n\r\n// logger.info(\"Rate limiter adapters configured\", {\r\n// layer: \"hisecure-core\",\r\n// adaptive: this.config.rateLimiter.useAdaptiveMode\r\n// });\r\n\r\n// this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);\r\n// this.sanitizerFallback = new XSSAdapter(this.config.sanitizer);\r\n\r\n// logger.info(\"Sanitizer adapters configured\", {\r\n// layer: \"hisecure-core\",\r\n// primary: \"sanitize-html\",\r\n// fallback: \"xss\"\r\n// });\r\n// }\r\n\r\n// private setupManagers() {\r\n// this.hashManager = new HashManager(\r\n// this.config.hashing,\r\n// this.hashingPrimary,\r\n// this.hashingFallback\r\n// );\r\n\r\n// this.rateLimitManager = new RateLimitManager(\r\n// this.config.rateLimiter,\r\n// this.rateLimiterPrimary,\r\n// this.rateLimiterFallback\r\n// );\r\n\r\n// this.validatorManager = new ValidatorManager(\r\n// new ZodAdapter(),\r\n// new ExpressValidatorAdapter()\r\n// );\r\n\r\n// this.sanitizerManager = new SanitizerManager(\r\n// this.sanitizerPrimary,\r\n// this.sanitizerFallback\r\n// );\r\n\r\n// logger.info(\"Core managers initialized\", {\r\n// layer: \"hisecure-core\",\r\n// managers: [\"hash\", \"rate-limit\", \"validator\", \"sanitizer\"]\r\n// });\r\n// }\r\n\r\n// private setupDynamicManagers() {\r\n// this.jsonManager = new JsonManager();\r\n// this.corsManager = new CorsManager();\r\n\r\n// if (this.config.auth.enabled) {\r\n// this.authManager = new AuthManager({\r\n// jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,\r\n// jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n// googleClientId:\r\n// process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId\r\n// });\r\n\r\n// logger.info(\"Authentication enabled\", {\r\n// layer: \"hisecure-core\",\r\n// google: !!this.config.auth.googleClientId\r\n// });\r\n// } else {\r\n// logger.info(\"Authentication disabled\", {\r\n// layer: \"hisecure-core\"\r\n// });\r\n// }\r\n// }\r\n\r\n// private createMiddlewareChain(options: SecureOptions): any[] {\r\n// const chain: any[] = [];\r\n\r\n// chain.push(this.jsonManager.middleware(this.config.json));\r\n// chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n\r\n// if (this.config.enableHelmet) chain.push(helmet());\r\n// if (this.config.enableHPP) chain.push(hpp());\r\n\r\n// if (this.config.enableCompression)\r\n// chain.push(compression(this.config.compression));\r\n\r\n// if (options.cors) chain.push(this.corsManager.middleware(this.config.cors));\r\n// if (options.sanitize)\r\n// chain.push(this.sanitizerManager.middleware());\r\n\r\n// if (options.rateLimit)\r\n// chain.push(this.rateLimitManager.middleware({}));\r\n\r\n// if (options.auth && this.authManager)\r\n// chain.push(this.authManager.protect());\r\n\r\n// chain.push(errorHandler);\r\n// return chain;\r\n// }\r\n// }\r\n\r\n\r\n\r\n\r\n\r\n\r\nimport { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\nimport { defaultConfig } from \"./config.js\";\r\nimport { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\nimport { deepMerge } from \"../utils/deepMerge.js\";\r\nimport { deepFreeze } from \"../utils/deepFreeze.js\";\r\nimport { logger } from \"../logging\";\r\n\r\n// Adapters\r\nimport { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\nimport { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\nimport { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\nimport { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\nimport { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\nimport { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\nimport { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\nimport { XSSAdapter } from \"../adapters/XSSAdapter.js\";\r\n\r\n// Managers\r\nimport { HashManager } from \"../managers/HashManager.js\";\r\nimport { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\nimport { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\nimport { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\nimport { JsonManager } from \"../managers/JsonManager.js\";\r\nimport { CorsManager } from \"../managers/CorsManager.js\";\r\nimport { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// Middlewares\r\nimport helmet from \"helmet\";\r\nimport hpp from \"hpp\";\r\nimport compression from \"compression\";\r\nimport { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// Types\r\nimport { SecureOptions, ValidationSchema } from \"./types/SecureOptions.js\";\r\n\r\ntype MiddlewarePreset = \"strict\" | \"api\" | \"public\";\r\n\r\nexport class HiSecure {\r\n private static instance: HiSecure | null = null;\r\n\r\n private readonly config: HiSecureConfig;\r\n private initialized = false;\r\n\r\n private hashManager!: HashManager;\r\n private rateLimitManager!: RateLimitManager;\r\n private validatorManager!: ValidatorManager;\r\n private sanitizerManager!: SanitizerManager;\r\n private jsonManager!: JsonManager;\r\n private corsManager!: CorsManager;\r\n private authManager?: AuthManager;\r\n\r\n private constructor(config: HiSecureConfig) {\r\n this.config = config;\r\n }\r\n\r\n // ================= INIT (ONLY ONCE) =================\r\n static init(userConfig?: Partial<HiSecureConfig>): HiSecure {\r\n if (HiSecure.instance) return HiSecure.instance;\r\n\r\n const finalConfig = deepMerge(defaultConfig, userConfig ?? {});\r\n const instance = new HiSecure(finalConfig);\r\n HiSecure.instance = instance;\r\n instance.bootstrap();\r\n return instance;\r\n }\r\n\r\n private static get(): HiSecure {\r\n if (!HiSecure.instance) {\r\n throw new Error(\"HiSecure not initialized. Call HiSecure.init() first.\");\r\n }\r\n return HiSecure.instance;\r\n }\r\n\r\n private bootstrap(): void {\r\n if (this.initialized) return;\r\n\r\n logger.info(\"Framework initialization started\", {\r\n layer: \"hisecure-core\",\r\n lib: LIB_NAME,\r\n version: LIB_VERSION\r\n });\r\n\r\n // ===== Core Managers =====\r\n this.hashManager = new HashManager(\r\n this.config.hashing,\r\n this.config.hashing.primary === \"argon2\"\r\n ? new ArgonAdapter()\r\n : new BcryptAdapter(this.config.hashing.saltRounds),\r\n this.config.hashing.fallback\r\n ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n : null\r\n );\r\n\r\n this.rateLimitManager = new RateLimitManager(\r\n this.config.rateLimiter,\r\n this.config.rateLimiter.useAdaptiveMode\r\n ? new RLFlexibleAdapter()\r\n : new ExpressRLAdapter(),\r\n new ExpressRLAdapter()\r\n );\r\n\r\n this.validatorManager = new ValidatorManager(\r\n new ZodAdapter(),\r\n new ExpressValidatorAdapter()\r\n );\r\n\r\n this.sanitizerManager = new SanitizerManager(\r\n new SanitizeHtmlAdapter(this.config.sanitizer),\r\n new XSSAdapter(this.config.sanitizer)\r\n );\r\n\r\n this.jsonManager = new JsonManager();\r\n this.corsManager = new CorsManager();\r\n\r\n // ===== AUTH (OPTIONAL) =====\r\n if (this.config.auth?.enabled) {\r\n this.authManager = new AuthManager({\r\n jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,\r\n jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n googleClientId:\r\n process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId\r\n });\r\n\r\n logger.info(\"Authentication enabled\", { layer: \"hisecure-core\" });\r\n } else {\r\n logger.info(\"Authentication disabled\", { layer: \"hisecure-core\" });\r\n }\r\n\r\n deepFreeze(this.config);\r\n this.initialized = true;\r\n\r\n logger.info(\"Framework initialized successfully\", {\r\n layer: \"hisecure-core\"\r\n });\r\n }\r\n\r\n // ================= AUTH =================\r\n static auth(options?: { required?: boolean; roles?: string[] }) {\r\n const i = HiSecure.get();\r\n if (!i.authManager) throw new Error(\"Auth not enabled\");\r\n return i.authManager.protect(options);\r\n }\r\n\r\n // ================= JWT =================\r\n static jwt = {\r\n sign(payload: object, options?: any) {\r\n const i = HiSecure.get();\r\n if (!i.authManager) throw new Error(\"Auth not enabled\");\r\n return i.authManager.sign(payload, options);\r\n },\r\n\r\n verify(token: string) {\r\n const i = HiSecure.get();\r\n if (!i.authManager) throw new Error(\"Auth not enabled\");\r\n return i.authManager.verify(token);\r\n },\r\n\r\n google: {\r\n verifyIdToken(idToken: string) {\r\n const i = HiSecure.get();\r\n if (!i.authManager)\r\n throw new Error(\"Auth not enabled (Google)\");\r\n return i.authManager.verifyGoogleIdToken(idToken);\r\n }\r\n }\r\n };\r\n\r\n // ================= OTHER UTILS =================\r\n static validate(schema: ValidationSchema) {\r\n return HiSecure.get().validatorManager.validate(schema);\r\n }\r\n\r\n static sanitize(options?: any) {\r\n return HiSecure.get().sanitizerManager.middleware(options);\r\n }\r\n\r\n static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n const i = HiSecure.get();\r\n\r\n if (typeof preset === \"string\") {\r\n const presets = {\r\n strict: { mode: \"strict\" },\r\n relaxed: { mode: \"relaxed\" },\r\n api: { mode: \"api\" }\r\n } as const;\r\n\r\n return i.rateLimitManager.middleware(presets[preset]);\r\n }\r\n\r\n return i.rateLimitManager.middleware({ options: preset });\r\n }\r\n\r\n static cors(options?: any) {\r\n return HiSecure.get().corsManager.middleware(options);\r\n }\r\n\r\n static json(options?: any) {\r\n const i = HiSecure.get();\r\n return [i.jsonManager.middleware(options), i.jsonManager.urlencoded()];\r\n }\r\n\r\n static async hash(value: string): Promise<string> {\r\n const { hash } = await HiSecure.get().hashManager.hash(value, {\r\n allowFallback: true\r\n });\r\n return hash;\r\n }\r\n\r\n static verify(value: string, hash: string): Promise<boolean> {\r\n return HiSecure.get().hashManager.verify(value, hash);\r\n }\r\n\r\n // ================= GLOBAL MIDDLEWARE =================\r\n static middleware(options?: SecureOptions | MiddlewarePreset) {\r\n const i = HiSecure.get();\r\n\r\n const presets: Record<MiddlewarePreset, SecureOptions> = {\r\n strict: { cors: true, rateLimit: \"strict\", sanitize: true, auth: true },\r\n api: { cors: true, rateLimit: \"relaxed\", sanitize: true },\r\n public: { cors: true, rateLimit: true }\r\n };\r\n\r\n const finalOptions =\r\n typeof options === \"string\" ? presets[options] : options ?? {};\r\n\r\n return i.createChain(finalOptions);\r\n }\r\n\r\n private createChain(options: SecureOptions): any[] {\r\n const chain: any[] = [];\r\n\r\n chain.push(this.jsonManager.middleware(this.config.json));\r\n chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n\r\n if (this.config.enableHelmet) chain.push(helmet());\r\n if (this.config.enableHPP) chain.push(hpp());\r\n if (this.config.enableCompression)\r\n chain.push(compression(this.config.compression));\r\n\r\n if (options.cors) chain.push(this.corsManager.middleware());\r\n if (options.sanitize) chain.push(this.sanitizerManager.middleware());\r\n if (options.rateLimit)\r\n chain.push(this.rateLimitManager.middleware({}));\r\n if (options.auth && this.authManager)\r\n chain.push(this.authManager.protect());\r\n\r\n chain.push(errorHandler);\r\n return chain;\r\n }\r\n}\r\n"]}
|
|
1
|
+
{"version":3,"file":"HiSecure.js","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":";;;;;;AACA,2CAA4C;AAC5C,iDAAuD;AACvD,wDAAkD;AAClD,0DAAoD;AACpD,wCAAoC;AAEpC,WAAW;AACX,iEAA2D;AAC3D,mEAA6D;AAC7D,2EAAqE;AACrE,yEAAmE;AACnE,6DAAuD;AACvD,uFAAiF;AACjF,+EAAyE;AACzE,6DAAuD;AAEvD,WAAW;AACX,+DAAyD;AACzD,yEAAmE;AACnE,yEAAmE;AACnE,yEAAmE;AACnE,+DAAyD;AACzD,+DAAyD;AACzD,+DAAyD;AAEzD,cAAc;AACd,oDAA4B;AAC5B,8CAAsB;AACtB,8DAAsC;AACtC,oEAA8D;AAO9D,MAAa,QAAQ;IAcnB,YAAoB,MAAsB;QAVlC,gBAAW,GAAG,KAAK,CAAC;QAW1B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,UAAoC;QAC9C,IAAI,QAAQ,CAAC,QAAQ;YAAE,OAAO,QAAQ,CAAC,QAAQ,CAAC;QAEhD,MAAM,WAAW,GAAG,IAAA,wBAAS,EAAC,yBAAa,EAAE,UAAU,IAAI,EAAE,CAAC,CAAC;QAC/D,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC3C,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,QAAQ,CAAC,SAAS,EAAE,CAAC;QACrB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,MAAM,CAAC,GAAG;QAChB,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO,QAAQ,CAAC,QAAQ,CAAC;IAC3B,CAAC;IAEO,SAAS;QACf,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,gBAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;YAC9C,KAAK,EAAE,eAAe;YACtB,GAAG,EAAE,uBAAQ;YACb,OAAO,EAAE,0BAAW;SACrB,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAChC,IAAI,CAAC,MAAM,CAAC,OAAO,EACnB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,KAAK,QAAQ;YACtC,CAAC,CAAC,IAAI,8BAAY,EAAE;YACpB,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EACrD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ;YAC1B,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;YACnD,CAAC,CAAC,IAAI,CACT,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe;YACrC,CAAC,CAAC,IAAI,wCAAiB,EAAE;YACzB,CAAC,CAAC,IAAI,sCAAgB,EAAE,EAC1B,IAAI,sCAAgB,EAAE,CACvB,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,0BAAU,EAAE,EAChB,IAAI,oDAAuB,EAAE,CAC9B,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CAC1C,IAAI,4CAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAC9C,IAAI,0BAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CACtC,CAAC;QAEF,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QAErC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;YAC9B,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAAC;gBACjC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU;gBAChE,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBAC3C,cAAc,EACZ,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc;aAClE,CAAC,CAAC;YAEH,gBAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,gBAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,IAAA,0BAAU,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAExB,gBAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE;YAChD,KAAK,EAAE,eAAe;SACvB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAkD;QAC5D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;IAyBD,MAAM,CAAC,QAAQ,CAAC,MAAwB;QACtC,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,OAAa;QAC3B,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,CAAC,SAAS,CAAC,MAA6C;QAC5D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QAEzB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG;gBACd,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC1B,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;gBAC5B,GAAG,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE;aACZ,CAAC;YAEX,OAAO,CAAC,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,CAAC,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACvB,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACvB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAa;QAC7B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE;YAC5D,aAAa,EAAE,IAAI;SACpB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,KAAa,EAAE,IAAY;QACvC,OAAO,QAAQ,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,OAA0C;QAC1D,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QAEzB,MAAM,OAAO,GAA4C;YACvD,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;YACvE,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE;YACzD,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;SACxC,CAAC;QAEF,MAAM,YAAY,GAChB,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC;QAEjE,OAAO,CAAC,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;IACrC,CAAC;IAEO,WAAW,CAAC,OAAsB;QACxC,MAAM,KAAK,GAAU,EAAE,CAAC;QAExB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAEhE,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,gBAAM,GAAE,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,aAAG,GAAE,CAAC,CAAC;QAC7C,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB;YAC/B,KAAK,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;QAEnD,IAAI,OAAO,CAAC,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;QAC5D,IAAI,OAAO,CAAC,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC,CAAC;QACrE,IAAI,OAAO,CAAC,SAAS;YACnB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QACnD,IAAI,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW;YAClC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;QAEzC,KAAK,CAAC,IAAI,CAAC,8BAAY,CAAC,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;;AA5MH,4BA6MC;AA5MgB,iBAAQ,GAAoB,IAAI,AAAxB,CAAyB;AAqGzC,YAAG,GAAG;IACX,IAAI,CAAC,OAAe,EAAE,OAAa;QACjC,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,CAAC,KAAa;QAClB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxD,OAAO,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,EAAE;QACN,aAAa,CAAC,OAAe;YAC3B,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,CAAC,WAAW;gBAChB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAC/C,OAAO,CAAC,CAAC,WAAW,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACpD,CAAC;KACF;CACF,AArBS,CAqBR","sourcesContent":["import { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\nimport { defaultConfig } from \"./config.js\";\r\nimport { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\nimport { deepMerge } from \"../utils/deepMerge.js\";\r\nimport { deepFreeze } from \"../utils/deepFreeze.js\";\r\nimport { logger } from \"../logging\";\r\n\r\n// Adapters\r\nimport { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\nimport { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\nimport { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\nimport { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\nimport { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\nimport { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\nimport { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\nimport { XSSAdapter } from \"../adapters/XSSAdapter.js\";\r\n\r\n// Managers\r\nimport { HashManager } from \"../managers/HashManager.js\";\r\nimport { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\nimport { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\nimport { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\nimport { JsonManager } from \"../managers/JsonManager.js\";\r\nimport { CorsManager } from \"../managers/CorsManager.js\";\r\nimport { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// Middlewares\r\nimport helmet from \"helmet\";\r\nimport hpp from \"hpp\";\r\nimport compression from \"compression\";\r\nimport { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// Types\r\nimport { SecureOptions, ValidationSchema } from \"./types/SecureOptions.js\";\r\n\r\ntype MiddlewarePreset = \"strict\" | \"api\" | \"public\";\r\n\r\nexport class HiSecure {\r\n private static instance: HiSecure | null = null;\r\n\r\n private readonly config: HiSecureConfig;\r\n private initialized = false;\r\n\r\n private hashManager!: HashManager;\r\n private rateLimitManager!: RateLimitManager;\r\n private validatorManager!: ValidatorManager;\r\n private sanitizerManager!: SanitizerManager;\r\n private jsonManager!: JsonManager;\r\n private corsManager!: CorsManager;\r\n private authManager?: AuthManager;\r\n\r\n private constructor(config: HiSecureConfig) {\r\n this.config = config;\r\n }\r\n\r\n static init(userConfig?: Partial<HiSecureConfig>): HiSecure {\r\n if (HiSecure.instance) return HiSecure.instance;\r\n\r\n const finalConfig = deepMerge(defaultConfig, userConfig ?? {});\r\n const instance = new HiSecure(finalConfig);\r\n HiSecure.instance = instance;\r\n instance.bootstrap();\r\n return instance;\r\n }\r\n\r\n private static get(): HiSecure {\r\n if (!HiSecure.instance) {\r\n throw new Error(\"HiSecure not initialized. Call HiSecure.init() first.\");\r\n }\r\n return HiSecure.instance;\r\n }\r\n\r\n private bootstrap(): void {\r\n if (this.initialized) return;\r\n\r\n logger.info(\"Framework initialization started\", {\r\n layer: \"hisecure-core\",\r\n lib: LIB_NAME,\r\n version: LIB_VERSION\r\n });\r\n\r\n this.hashManager = new HashManager(\r\n this.config.hashing,\r\n this.config.hashing.primary === \"argon2\"\r\n ? new ArgonAdapter()\r\n : new BcryptAdapter(this.config.hashing.saltRounds),\r\n this.config.hashing.fallback\r\n ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n : null\r\n );\r\n\r\n this.rateLimitManager = new RateLimitManager(\r\n this.config.rateLimiter,\r\n this.config.rateLimiter.useAdaptiveMode\r\n ? new RLFlexibleAdapter()\r\n : new ExpressRLAdapter(),\r\n new ExpressRLAdapter()\r\n );\r\n\r\n this.validatorManager = new ValidatorManager(\r\n new ZodAdapter(),\r\n new ExpressValidatorAdapter()\r\n );\r\n\r\n this.sanitizerManager = new SanitizerManager(\r\n new SanitizeHtmlAdapter(this.config.sanitizer),\r\n new XSSAdapter(this.config.sanitizer)\r\n );\r\n\r\n this.jsonManager = new JsonManager();\r\n this.corsManager = new CorsManager();\r\n\r\n if (this.config.auth?.enabled) {\r\n this.authManager = new AuthManager({\r\n jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,\r\n jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n googleClientId:\r\n process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId\r\n });\r\n\r\n logger.info(\"Authentication enabled\", { layer: \"hisecure-core\" });\r\n } else {\r\n logger.info(\"Authentication disabled\", { layer: \"hisecure-core\" });\r\n }\r\n\r\n deepFreeze(this.config);\r\n this.initialized = true;\r\n\r\n logger.info(\"Framework initialized successfully\", {\r\n layer: \"hisecure-core\"\r\n });\r\n }\r\n\r\n static auth(options?: { required?: boolean; roles?: string[] }) {\r\n const i = HiSecure.get();\r\n if (!i.authManager) throw new Error(\"Auth not enabled\");\r\n return i.authManager.protect(options);\r\n }\r\n\r\n static jwt = {\r\n sign(payload: object, options?: any) {\r\n const i = HiSecure.get();\r\n if (!i.authManager) throw new Error(\"Auth not enabled\");\r\n return i.authManager.sign(payload, options);\r\n },\r\n\r\n verify(token: string) {\r\n const i = HiSecure.get();\r\n if (!i.authManager) throw new Error(\"Auth not enabled\");\r\n return i.authManager.verify(token);\r\n },\r\n\r\n google: {\r\n verifyIdToken(idToken: string) {\r\n const i = HiSecure.get();\r\n if (!i.authManager)\r\n throw new Error(\"Auth not enabled (Google)\");\r\n return i.authManager.verifyGoogleIdToken(idToken);\r\n }\r\n }\r\n };\r\n\r\n static validate(schema: ValidationSchema) {\r\n return HiSecure.get().validatorManager.validate(schema);\r\n }\r\n\r\n static sanitize(options?: any) {\r\n return HiSecure.get().sanitizerManager.middleware(options);\r\n }\r\n\r\n static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n const i = HiSecure.get();\r\n\r\n if (typeof preset === \"string\") {\r\n const presets = {\r\n strict: { mode: \"strict\" },\r\n relaxed: { mode: \"relaxed\" },\r\n api: { mode: \"api\" }\r\n } as const;\r\n\r\n return i.rateLimitManager.middleware(presets[preset]);\r\n }\r\n\r\n return i.rateLimitManager.middleware({ options: preset });\r\n }\r\n\r\n static cors(options?: any) {\r\n return HiSecure.get().corsManager.middleware(options);\r\n }\r\n\r\n static json(options?: any) {\r\n const i = HiSecure.get();\r\n return [i.jsonManager.middleware(options), i.jsonManager.urlencoded()];\r\n }\r\n\r\n static async hash(value: string): Promise<string> {\r\n const { hash } = await HiSecure.get().hashManager.hash(value, {\r\n allowFallback: true\r\n });\r\n return hash;\r\n }\r\n\r\n static verify(value: string, hash: string): Promise<boolean> {\r\n return HiSecure.get().hashManager.verify(value, hash);\r\n }\r\n\r\n static middleware(options?: SecureOptions | MiddlewarePreset) {\r\n const i = HiSecure.get();\r\n\r\n const presets: Record<MiddlewarePreset, SecureOptions> = {\r\n strict: { cors: true, rateLimit: \"strict\", sanitize: true, auth: true },\r\n api: { cors: true, rateLimit: \"relaxed\", sanitize: true },\r\n public: { cors: true, rateLimit: true }\r\n };\r\n\r\n const finalOptions =\r\n typeof options === \"string\" ? presets[options] : options ?? {};\r\n\r\n return i.createChain(finalOptions);\r\n }\r\n\r\n private createChain(options: SecureOptions): any[] {\r\n const chain: any[] = [];\r\n\r\n chain.push(this.jsonManager.middleware(this.config.json));\r\n chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n\r\n if (this.config.enableHelmet) chain.push(helmet());\r\n if (this.config.enableHPP) chain.push(hpp());\r\n if (this.config.enableCompression)\r\n chain.push(compression(this.config.compression));\r\n\r\n if (options.cors) chain.push(this.corsManager.middleware());\r\n if (options.sanitize) chain.push(this.sanitizerManager.middleware());\r\n if (options.rateLimit)\r\n chain.push(this.rateLimitManager.middleware({}));\r\n if (options.auth && this.authManager)\r\n chain.push(this.authManager.protect());\r\n\r\n chain.push(errorHandler);\r\n return chain;\r\n }\r\n}\r\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useSecure.d.ts","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"useSecure.d.ts","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAEzD;;GAEG;AACH,wBAAgB,SAAS,CACvB,OAAO,CAAC,EAAE,aAAa,GAAG,KAAK,GAAG,QAAQ,GAAG,QAAQ,SAItD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,CAAC,EAAE,aAAa,SAsClD"}
|
package/dist/core/useSecure.js
CHANGED
|
@@ -1,45 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
// import { HiSecure } from "./HiSecure.js";
|
|
3
|
-
// import { SecureOptions } from "./types/SecureOptions.js";
|
|
4
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
5
3
|
exports.useSecure = useSecure;
|
|
6
4
|
exports.secureRoute = secureRoute;
|
|
7
|
-
// /**
|
|
8
|
-
// * @deprecated Use HiSecure.middleware() or fluent API instead
|
|
9
|
-
// */
|
|
10
|
-
// export function useSecure(options?: SecureOptions | "api" | "strict" | "public") {
|
|
11
|
-
// console.warn("useSecure() is deprecated. Use HiSecure.middleware() or fluent API methods.");
|
|
12
|
-
// return HiSecure.middleware(options);
|
|
13
|
-
// }
|
|
14
|
-
// // Legacy support - route-level security
|
|
15
|
-
// export function secureRoute(options?: SecureOptions) {
|
|
16
|
-
// const chain: any[] = [];
|
|
17
|
-
// if (options?.cors) {
|
|
18
|
-
// chain.push(HiSecure.cors(
|
|
19
|
-
// typeof options.cors === 'object' ? options.cors : undefined
|
|
20
|
-
// ));
|
|
21
|
-
// }
|
|
22
|
-
// if (options?.rateLimit) {
|
|
23
|
-
// chain.push(HiSecure.rateLimit(
|
|
24
|
-
// typeof options.rateLimit === 'object' ? options.rateLimit :
|
|
25
|
-
// options.rateLimit === "strict" ? "strict" : "relaxed"
|
|
26
|
-
// ));
|
|
27
|
-
// }
|
|
28
|
-
// if (options?.sanitize) {
|
|
29
|
-
// chain.push(HiSecure.sanitize(
|
|
30
|
-
// typeof options.sanitize === 'object' ? options.sanitize : undefined
|
|
31
|
-
// ));
|
|
32
|
-
// }
|
|
33
|
-
// if (options?.validate) {
|
|
34
|
-
// chain.push(HiSecure.validate(options.validate));
|
|
35
|
-
// }
|
|
36
|
-
// if (options?.auth) {
|
|
37
|
-
// chain.push(HiSecure.auth(
|
|
38
|
-
// typeof options.auth === 'object' ? options.auth : undefined
|
|
39
|
-
// ));
|
|
40
|
-
// }
|
|
41
|
-
// return chain;
|
|
42
|
-
// }
|
|
43
5
|
const HiSecure_js_1 = require("./HiSecure.js");
|
|
44
6
|
/**
|
|
45
7
|
* @deprecated Use HiSecure.middleware()
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useSecure.js","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"useSecure.js","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":";;AAMA,8BAKC;AAKD,kCAsCC;AAtDD,+CAAyC;AAGzC;;GAEG;AACH,SAAgB,SAAS,CACvB,OAAqD;IAErD,OAAO,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;IAC9E,OAAO,sBAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,OAAuB;IACjD,MAAM,KAAK,GAAU,EAAE,CAAC;IAExB,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAE3B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CACR,sBAAQ,CAAC,SAAS,CAChB,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ;YACnC,CAAC,CAAC,OAAO,CAAC,SAAS;YACnB,CAAC,CAAC,OAAO,CAAC,SAAS,KAAK,QAAQ;gBAChC,CAAC,CAAC,QAAQ;gBACV,CAAC,CAAC,SAAS,CACd,CACF,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CACR,sBAAQ,CAAC,IAAI,CACX,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAC5D,CACF,CAAC;IACJ,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC","sourcesContent":["import { HiSecure } from \"./HiSecure.js\";\r\nimport { SecureOptions } from \"./types/SecureOptions.js\";\r\n\r\n/**\r\n * @deprecated Use HiSecure.middleware()\r\n */\r\nexport function useSecure(\r\n options?: SecureOptions | \"api\" | \"strict\" | \"public\"\r\n) {\r\n console.warn(\"useSecure() is deprecated. Use HiSecure.middleware() instead.\");\r\n return HiSecure.middleware(options);\r\n}\r\n\r\n/**\r\n * Legacy route-level security\r\n */\r\nexport function secureRoute(options?: SecureOptions) {\r\n const chain: any[] = [];\r\n\r\n if (!options) return chain;\r\n\r\n if (options.cors) {\r\n chain.push(HiSecure.cors());\r\n }\r\n\r\n if (options.rateLimit) {\r\n chain.push(\r\n HiSecure.rateLimit(\r\n typeof options.rateLimit === \"object\"\r\n ? options.rateLimit\r\n : options.rateLimit === \"strict\"\r\n ? \"strict\"\r\n : \"relaxed\"\r\n )\r\n );\r\n }\r\n\r\n if (options.sanitize) {\r\n chain.push(HiSecure.sanitize());\r\n }\r\n\r\n if (options.validate) {\r\n chain.push(HiSecure.validate(options.validate));\r\n }\r\n\r\n if (options.auth) {\r\n chain.push(\r\n HiSecure.auth(\r\n typeof options.auth === \"object\" ? options.auth : undefined\r\n )\r\n );\r\n }\r\n\r\n return chain;\r\n}\r\n"]}
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAE7D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAG/D,OAAO,EACL,QAAQ,EACR,SAAS,EACT,WAAW,EACZ,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,18 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
// import { HiSecure } from "./core/HiSecure.js";
|
|
3
|
-
// import { useSecure, secureRoute } from "./core/useSecure.js";
|
|
4
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
5
3
|
exports.secureRoute = exports.useSecure = exports.HiSecure = exports.header = exports.param = exports.query = exports.body = exports.z = void 0;
|
|
6
|
-
// export { z } from "zod";
|
|
7
|
-
// export { body, query, param, header } from "express-validator";
|
|
8
|
-
// const hiSecure = HiSecure.getInstance();
|
|
9
|
-
// export {
|
|
10
|
-
// HiSecure,
|
|
11
|
-
// hiSecure,
|
|
12
|
-
// useSecure,
|
|
13
|
-
// secureRoute
|
|
14
|
-
// };
|
|
15
|
-
// export default hiSecure;
|
|
16
4
|
const HiSecure_js_1 = require("./core/HiSecure.js");
|
|
17
5
|
Object.defineProperty(exports, "HiSecure", { enumerable: true, get: function () { return HiSecure_js_1.HiSecure; } });
|
|
18
6
|
const useSecure_js_1 = require("./core/useSecure.js");
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,oDAA8C;AAQ5C,yFARO,sBAAQ,OAQP;AAPV,sDAA6D;AAQ3D,0FARO,wBAAS,OAQP;AACT,4FATkB,0BAAW,OASlB;AAPb,2BAAwB;AAAf,wFAAA,CAAC,OAAA;AACV,uDAA+D;AAAtD,yGAAA,IAAI,OAAA;AAAE,0GAAA,KAAK,OAAA;AAAE,0GAAA,KAAK,OAAA;AAAE,2GAAA,MAAM,OAAA","sourcesContent":["import { HiSecure } from \"./core/HiSecure.js\";\r\nimport { useSecure, secureRoute } from \"./core/useSecure.js\";\r\n\r\nexport { z } from \"zod\";\r\nexport { body, query, param, header } from \"express-validator\";\r\n\r\n\r\nexport {\r\n HiSecure,\r\n useSecure,\r\n secureRoute\r\n};\r\n\r\n"]}
|
package/package.json
CHANGED
|
@@ -1,112 +1,3 @@
|
|
|
1
|
-
// import jwt from "jsonwebtoken";
|
|
2
|
-
// import { randomUUID } from "crypto";
|
|
3
|
-
// import { AdapterError } from "../core/errors/AdapterError";
|
|
4
|
-
// import { logger } from "../logging";
|
|
5
|
-
|
|
6
|
-
// export interface JWTAdapterOptions {
|
|
7
|
-
// secret: string;
|
|
8
|
-
// expiresIn?: string | number;
|
|
9
|
-
// algorithm?: jwt.Algorithm;
|
|
10
|
-
// issuer?: string;
|
|
11
|
-
// audience?: string | string[];
|
|
12
|
-
// }
|
|
13
|
-
|
|
14
|
-
// export interface SignOptions {
|
|
15
|
-
// expiresIn?: string | number;
|
|
16
|
-
// jti?: string;
|
|
17
|
-
// subject?: string;
|
|
18
|
-
// issuer?: string;
|
|
19
|
-
// audience?: string | string[];
|
|
20
|
-
// }
|
|
21
|
-
|
|
22
|
-
// export class JWTAdapter {
|
|
23
|
-
// private secret: string;
|
|
24
|
-
// private expiresIn?: string | number;
|
|
25
|
-
// private algorithm: jwt.Algorithm;
|
|
26
|
-
// private issuer?: string;
|
|
27
|
-
// private audience?: string | string[];
|
|
28
|
-
|
|
29
|
-
// constructor(options: JWTAdapterOptions) {
|
|
30
|
-
// if (!options.secret) {
|
|
31
|
-
// throw new AdapterError("JWT secret is required");
|
|
32
|
-
// }
|
|
33
|
-
|
|
34
|
-
// if (options.secret.length < 32) {
|
|
35
|
-
// logger.warn("Weak JWT secret detected", {
|
|
36
|
-
// adapter: "jwt",
|
|
37
|
-
// operation: "init",
|
|
38
|
-
// secretLength: options.secret.length
|
|
39
|
-
// });
|
|
40
|
-
// }
|
|
41
|
-
|
|
42
|
-
// this.secret = options.secret;
|
|
43
|
-
// this.expiresIn = options.expiresIn;
|
|
44
|
-
// this.algorithm = options.algorithm || "HS256";
|
|
45
|
-
// this.issuer = options.issuer;
|
|
46
|
-
// this.audience = options.audience;
|
|
47
|
-
// }
|
|
48
|
-
|
|
49
|
-
// sign(payload: object, options?: SignOptions) {
|
|
50
|
-
// try {
|
|
51
|
-
// const jwtOptions: jwt.SignOptions = {
|
|
52
|
-
// algorithm: this.algorithm,
|
|
53
|
-
// issuer: options?.issuer || this.issuer,
|
|
54
|
-
// audience: options?.audience || this.audience,
|
|
55
|
-
// jwtid: options?.jti || randomUUID(),
|
|
56
|
-
// subject: options?.subject
|
|
57
|
-
// };
|
|
58
|
-
|
|
59
|
-
// if (options?.expiresIn !== undefined) {
|
|
60
|
-
// jwtOptions.expiresIn = options.expiresIn as any;
|
|
61
|
-
// } else if (this.expiresIn !== undefined) {
|
|
62
|
-
// jwtOptions.expiresIn = this.expiresIn as any;
|
|
63
|
-
// }
|
|
64
|
-
|
|
65
|
-
// return jwt.sign(payload, this.secret, jwtOptions);
|
|
66
|
-
|
|
67
|
-
// } catch (err: any) {
|
|
68
|
-
// logger.error("JWT signing failed", {
|
|
69
|
-
// adapter: "jwt",
|
|
70
|
-
// operation: "sign",
|
|
71
|
-
// reason: err?.message
|
|
72
|
-
// });
|
|
73
|
-
|
|
74
|
-
// throw new AdapterError("JWT sign failed");
|
|
75
|
-
// }
|
|
76
|
-
// }
|
|
77
|
-
|
|
78
|
-
// verify(token: string, options?: { audience?: string | string[] }) {
|
|
79
|
-
// try {
|
|
80
|
-
// const verifyOptions: jwt.VerifyOptions = {
|
|
81
|
-
// algorithms: [this.algorithm],
|
|
82
|
-
// issuer: this.issuer,
|
|
83
|
-
// audience: (options?.audience || this.audience) as string
|
|
84
|
-
// };
|
|
85
|
-
|
|
86
|
-
// return jwt.verify(token, this.secret, verifyOptions);
|
|
87
|
-
|
|
88
|
-
// } catch (err: any) {
|
|
89
|
-
// logger.error("JWT verification failed", {
|
|
90
|
-
// adapter: "jwt",
|
|
91
|
-
// operation: "verify",
|
|
92
|
-
// reason: err?.message
|
|
93
|
-
// });
|
|
94
|
-
|
|
95
|
-
// if (err?.name === "TokenExpiredError") {
|
|
96
|
-
// throw new AdapterError("JWT token has expired");
|
|
97
|
-
// }
|
|
98
|
-
|
|
99
|
-
// if (err?.name === "JsonWebTokenError") {
|
|
100
|
-
// throw new AdapterError("Invalid JWT token");
|
|
101
|
-
// }
|
|
102
|
-
|
|
103
|
-
// throw new AdapterError("JWT verification failed");
|
|
104
|
-
// }
|
|
105
|
-
// }
|
|
106
|
-
// }
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
1
|
import jwt, { SignOptions as JwtSignOptions } from "jsonwebtoken";
|
|
111
2
|
import { randomUUID } from "crypto";
|
|
112
3
|
import { AdapterError } from "../core/errors/AdapterError";
|
|
@@ -165,7 +56,6 @@ export class JWTAdapter {
|
|
|
165
56
|
this.expiresIn = options.expiresIn as ExpiresIn;
|
|
166
57
|
}
|
|
167
58
|
|
|
168
|
-
// ================= SIGN =================
|
|
169
59
|
sign(payload: object, options?: SignOptions) {
|
|
170
60
|
try {
|
|
171
61
|
const jwtOptions: jwt.SignOptions = {
|
|
@@ -173,22 +63,18 @@ export class JWTAdapter {
|
|
|
173
63
|
jwtid: options?.jti ?? randomUUID()
|
|
174
64
|
};
|
|
175
65
|
|
|
176
|
-
// ✅ subject ONLY if string
|
|
177
66
|
if (typeof options?.subject === "string") {
|
|
178
67
|
jwtOptions.subject = options.subject;
|
|
179
68
|
}
|
|
180
69
|
|
|
181
|
-
// ✅ issuer
|
|
182
70
|
const issuer = options?.issuer ?? this.issuer;
|
|
183
71
|
if (typeof issuer === "string") {
|
|
184
72
|
jwtOptions.issuer = issuer;
|
|
185
73
|
}
|
|
186
74
|
|
|
187
|
-
// ✅ audience
|
|
188
75
|
const audience = normalizeAudience(options?.audience ?? this.audience);
|
|
189
76
|
if (audience) jwtOptions.audience = audience;
|
|
190
77
|
|
|
191
|
-
// ✅ expiresIn
|
|
192
78
|
const expires =
|
|
193
79
|
options?.expiresIn !== undefined
|
|
194
80
|
? (options.expiresIn as ExpiresIn)
|
|
@@ -209,7 +95,6 @@ export class JWTAdapter {
|
|
|
209
95
|
}
|
|
210
96
|
}
|
|
211
97
|
|
|
212
|
-
// ================= VERIFY =================
|
|
213
98
|
verify(token: string, options?: { audience?: string | string[] }) {
|
|
214
99
|
try {
|
|
215
100
|
const verifyOptions: jwt.VerifyOptions = {
|
package/src/core/HiSecure.ts
CHANGED
|
@@ -1,331 +1,3 @@
|
|
|
1
|
-
// import { HiSecureConfig } from "./types/HiSecureConfig.js";
|
|
2
|
-
// import { defaultConfig } from "./config.js";
|
|
3
|
-
// import { LIB_NAME, LIB_VERSION } from "./constants.js";
|
|
4
|
-
// import { deepMerge } from "../utils/deepMerge.js";
|
|
5
|
-
// import { deepFreeze } from "../utils/deepFreeze.js";
|
|
6
|
-
// import { logger } from "../logging";
|
|
7
|
-
|
|
8
|
-
// // Adapters
|
|
9
|
-
// import { ArgonAdapter } from "../adapters/ArgonAdapter.js";
|
|
10
|
-
// import { BcryptAdapter } from "../adapters/BcryptAdapter.js";
|
|
11
|
-
// import { RLFlexibleAdapter } from "../adapters/RLFlexibleAdapter.js";
|
|
12
|
-
// import { ExpressRLAdapter } from "../adapters/ExpressRLAdapter.js";
|
|
13
|
-
// import { ZodAdapter } from "../adapters/ZodAdapter.js";
|
|
14
|
-
// import { ExpressValidatorAdapter } from "../adapters/ExpressValidatorAdapter.js";
|
|
15
|
-
// import { SanitizeHtmlAdapter } from "../adapters/SanitizeHtmlAdapter.js";
|
|
16
|
-
// import { XSSAdapter } from "../adapters/XSSAdapter.js";
|
|
17
|
-
|
|
18
|
-
// // Managers
|
|
19
|
-
// import { HashManager } from "../managers/HashManager.js";
|
|
20
|
-
// import { RateLimitManager } from "../managers/RateLimitManager.js";
|
|
21
|
-
// import { ValidatorManager } from "../managers/ValidatorManager.js";
|
|
22
|
-
// import { SanitizerManager } from "../managers/SanitizerManager.js";
|
|
23
|
-
// import { JsonManager } from "../managers/JsonManager.js";
|
|
24
|
-
// import { CorsManager } from "../managers/CorsManager.js";
|
|
25
|
-
// import { AuthManager } from "../managers/AuthManager.js";
|
|
26
|
-
|
|
27
|
-
// // Middlewares
|
|
28
|
-
// import helmet from "helmet";
|
|
29
|
-
// import hpp from "hpp";
|
|
30
|
-
// import compression from "compression";
|
|
31
|
-
// import { errorHandler } from "../middlewares/errorHandler.js";
|
|
32
|
-
|
|
33
|
-
// // Types
|
|
34
|
-
// import { SecureOptions, ValidationSchema } from "./types/SecureOptions.js";
|
|
35
|
-
|
|
36
|
-
// export class HiSecure {
|
|
37
|
-
// private static instance: HiSecure | null = null;
|
|
38
|
-
// private config: HiSecureConfig;
|
|
39
|
-
// private initialized = false;
|
|
40
|
-
|
|
41
|
-
// // Managers
|
|
42
|
-
// public hashManager!: HashManager;
|
|
43
|
-
// public rateLimitManager!: RateLimitManager;
|
|
44
|
-
// public validatorManager!: ValidatorManager;
|
|
45
|
-
// public sanitizerManager!: SanitizerManager;
|
|
46
|
-
// public jsonManager!: JsonManager;
|
|
47
|
-
// public corsManager!: CorsManager;
|
|
48
|
-
// public authManager?: AuthManager;
|
|
49
|
-
|
|
50
|
-
// // Internal adapters
|
|
51
|
-
// private hashingPrimary: any;
|
|
52
|
-
// private hashingFallback: any;
|
|
53
|
-
// private rateLimiterPrimary: any;
|
|
54
|
-
// private rateLimiterFallback: any;
|
|
55
|
-
// private sanitizerPrimary: any;
|
|
56
|
-
// private sanitizerFallback: any;
|
|
57
|
-
|
|
58
|
-
// private constructor(userConfig: Partial<HiSecureConfig> = {}) {
|
|
59
|
-
// this.config = deepMerge(defaultConfig, userConfig);
|
|
60
|
-
// }
|
|
61
|
-
|
|
62
|
-
// // Singleton & Init
|
|
63
|
-
|
|
64
|
-
// static getInstance(config?: Partial<HiSecureConfig>): HiSecure {
|
|
65
|
-
// if (!HiSecure.instance) {
|
|
66
|
-
// logger.info("Creating HiSecure singleton", {
|
|
67
|
-
// layer: "hisecure-core"
|
|
68
|
-
// });
|
|
69
|
-
// HiSecure.instance = new HiSecure(config);
|
|
70
|
-
// HiSecure.instance.init();
|
|
71
|
-
// }
|
|
72
|
-
// return HiSecure.instance;
|
|
73
|
-
// }
|
|
74
|
-
|
|
75
|
-
// static resetInstance(): void {
|
|
76
|
-
// HiSecure.instance = null;
|
|
77
|
-
// }
|
|
78
|
-
|
|
79
|
-
// init(): void {
|
|
80
|
-
// if (this.initialized) {
|
|
81
|
-
// logger.warn("Initialization skipped (already initialized)", {
|
|
82
|
-
// layer: "hisecure-core"
|
|
83
|
-
// });
|
|
84
|
-
// return;
|
|
85
|
-
// }
|
|
86
|
-
|
|
87
|
-
// logger.info("Framework initialization started", {
|
|
88
|
-
// layer: "hisecure-core",
|
|
89
|
-
// lib: LIB_NAME,
|
|
90
|
-
// version: LIB_VERSION
|
|
91
|
-
// });
|
|
92
|
-
|
|
93
|
-
// this.setupAdapters();
|
|
94
|
-
// this.setupManagers();
|
|
95
|
-
// this.setupDynamicManagers();
|
|
96
|
-
|
|
97
|
-
// deepFreeze(this.config);
|
|
98
|
-
// this.initialized = true;
|
|
99
|
-
|
|
100
|
-
// logger.info("Framework initialized successfully", {
|
|
101
|
-
// layer: "hisecure-core"
|
|
102
|
-
// });
|
|
103
|
-
// }
|
|
104
|
-
|
|
105
|
-
// // Public Fluent API
|
|
106
|
-
// static auth(options?: { required?: boolean; roles?: string[] }) {
|
|
107
|
-
// const instance = this.getInstance();
|
|
108
|
-
// if (!instance.authManager) {
|
|
109
|
-
// throw new Error("Auth not enabled. Set auth.enabled=true in config.");
|
|
110
|
-
// }
|
|
111
|
-
// return instance.authManager.protect(options);
|
|
112
|
-
// }
|
|
113
|
-
|
|
114
|
-
// static validate(schema: ValidationSchema) {
|
|
115
|
-
// return this.getInstance().validatorManager.validate(schema);
|
|
116
|
-
// }
|
|
117
|
-
|
|
118
|
-
// static sanitize(options?: any) {
|
|
119
|
-
// return this.getInstance().sanitizerManager.middleware(options);
|
|
120
|
-
// }
|
|
121
|
-
|
|
122
|
-
// static rateLimit(preset: "strict" | "relaxed" | "api" | object) {
|
|
123
|
-
// const instance = this.getInstance();
|
|
124
|
-
|
|
125
|
-
// if (typeof preset === "string") {
|
|
126
|
-
// logger.info("Rate limit preset applied", {
|
|
127
|
-
// layer: "hisecure-core",
|
|
128
|
-
// preset
|
|
129
|
-
// });
|
|
130
|
-
|
|
131
|
-
// const presets: any = {
|
|
132
|
-
// strict: { mode: "strict" },
|
|
133
|
-
// relaxed: { mode: "relaxed" },
|
|
134
|
-
// api: { mode: "api" }
|
|
135
|
-
// };
|
|
136
|
-
// return instance.rateLimitManager.middleware(presets[preset]);
|
|
137
|
-
// }
|
|
138
|
-
|
|
139
|
-
// return instance.rateLimitManager.middleware({ options: preset });
|
|
140
|
-
// }
|
|
141
|
-
|
|
142
|
-
// static cors(options?: any) {
|
|
143
|
-
// return this.getInstance().corsManager.middleware(options);
|
|
144
|
-
// }
|
|
145
|
-
|
|
146
|
-
// static json(options?: any) {
|
|
147
|
-
// const instance = this.getInstance();
|
|
148
|
-
// return [
|
|
149
|
-
// instance.jsonManager.middleware(options),
|
|
150
|
-
// instance.jsonManager.urlencoded()
|
|
151
|
-
// ];
|
|
152
|
-
// }
|
|
153
|
-
|
|
154
|
-
// // Utilities
|
|
155
|
-
|
|
156
|
-
// static async hash(value: string): Promise<string> {
|
|
157
|
-
// const instance = this.getInstance();
|
|
158
|
-
// const result = await instance.hashManager.hash(value, { allowFallback: true });
|
|
159
|
-
// return result.hash;
|
|
160
|
-
// }
|
|
161
|
-
|
|
162
|
-
// static async verify(value: string, hash: string): Promise<boolean> {
|
|
163
|
-
// return this.getInstance().hashManager.verify(value, hash);
|
|
164
|
-
// }
|
|
165
|
-
|
|
166
|
-
// static jwt = {
|
|
167
|
-
// sign: (payload: object, options?: any) =>
|
|
168
|
-
// HiSecure.getInstance().authManager!.sign(payload, options),
|
|
169
|
-
|
|
170
|
-
// verify: (token: string) =>
|
|
171
|
-
// HiSecure.getInstance().authManager!.verify(token),
|
|
172
|
-
|
|
173
|
-
// google: {
|
|
174
|
-
// verifyIdToken: (idToken: string) =>
|
|
175
|
-
// HiSecure.getInstance().authManager!.verifyGoogleIdToken(idToken)
|
|
176
|
-
// }
|
|
177
|
-
// };
|
|
178
|
-
|
|
179
|
-
// // Global Middleware - globalLevel
|
|
180
|
-
// static middleware(options?: SecureOptions | "api" | "strict" | "public") {
|
|
181
|
-
// const instance = this.getInstance();
|
|
182
|
-
|
|
183
|
-
// if (typeof options === "string") {
|
|
184
|
-
// logger.info("Global middleware preset applied", {
|
|
185
|
-
// layer: "hisecure-core",
|
|
186
|
-
// preset: options
|
|
187
|
-
// });
|
|
188
|
-
|
|
189
|
-
// const presets: any = {
|
|
190
|
-
// api: { cors: true, rateLimit: "relaxed", sanitize: true },
|
|
191
|
-
// strict: { cors: true, rateLimit: "strict", sanitize: true, auth: true },
|
|
192
|
-
// public: { cors: true, rateLimit: true, sanitize: false }
|
|
193
|
-
// };
|
|
194
|
-
|
|
195
|
-
// return instance.createMiddlewareChain(presets[options] || {});
|
|
196
|
-
// }
|
|
197
|
-
|
|
198
|
-
// return instance.createMiddlewareChain(options || {});
|
|
199
|
-
// }
|
|
200
|
-
|
|
201
|
-
// // Internal Setup
|
|
202
|
-
|
|
203
|
-
// private setupAdapters() {
|
|
204
|
-
// logger.info("Adapters setup started", {
|
|
205
|
-
// layer: "hisecure-core"
|
|
206
|
-
// });
|
|
207
|
-
|
|
208
|
-
// this.hashingPrimary =
|
|
209
|
-
// this.config.hashing.primary === "argon2"
|
|
210
|
-
// ? new ArgonAdapter()
|
|
211
|
-
// : new BcryptAdapter(this.config.hashing.saltRounds);
|
|
212
|
-
|
|
213
|
-
// this.hashingFallback =
|
|
214
|
-
// this.config.hashing.fallback === "bcrypt"
|
|
215
|
-
// ? new BcryptAdapter(this.config.hashing.saltRounds)
|
|
216
|
-
// : null;
|
|
217
|
-
|
|
218
|
-
// logger.info("Hashing adapters configured", {
|
|
219
|
-
// layer: "hisecure-core",
|
|
220
|
-
// primary: this.config.hashing.primary,
|
|
221
|
-
// fallback: this.config.hashing.fallback ?? null
|
|
222
|
-
// });
|
|
223
|
-
|
|
224
|
-
// this.rateLimiterPrimary = this.config.rateLimiter.useAdaptiveMode
|
|
225
|
-
// ? new RLFlexibleAdapter()
|
|
226
|
-
// : new ExpressRLAdapter();
|
|
227
|
-
|
|
228
|
-
// this.rateLimiterFallback = new ExpressRLAdapter();
|
|
229
|
-
|
|
230
|
-
// logger.info("Rate limiter adapters configured", {
|
|
231
|
-
// layer: "hisecure-core",
|
|
232
|
-
// adaptive: this.config.rateLimiter.useAdaptiveMode
|
|
233
|
-
// });
|
|
234
|
-
|
|
235
|
-
// this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);
|
|
236
|
-
// this.sanitizerFallback = new XSSAdapter(this.config.sanitizer);
|
|
237
|
-
|
|
238
|
-
// logger.info("Sanitizer adapters configured", {
|
|
239
|
-
// layer: "hisecure-core",
|
|
240
|
-
// primary: "sanitize-html",
|
|
241
|
-
// fallback: "xss"
|
|
242
|
-
// });
|
|
243
|
-
// }
|
|
244
|
-
|
|
245
|
-
// private setupManagers() {
|
|
246
|
-
// this.hashManager = new HashManager(
|
|
247
|
-
// this.config.hashing,
|
|
248
|
-
// this.hashingPrimary,
|
|
249
|
-
// this.hashingFallback
|
|
250
|
-
// );
|
|
251
|
-
|
|
252
|
-
// this.rateLimitManager = new RateLimitManager(
|
|
253
|
-
// this.config.rateLimiter,
|
|
254
|
-
// this.rateLimiterPrimary,
|
|
255
|
-
// this.rateLimiterFallback
|
|
256
|
-
// );
|
|
257
|
-
|
|
258
|
-
// this.validatorManager = new ValidatorManager(
|
|
259
|
-
// new ZodAdapter(),
|
|
260
|
-
// new ExpressValidatorAdapter()
|
|
261
|
-
// );
|
|
262
|
-
|
|
263
|
-
// this.sanitizerManager = new SanitizerManager(
|
|
264
|
-
// this.sanitizerPrimary,
|
|
265
|
-
// this.sanitizerFallback
|
|
266
|
-
// );
|
|
267
|
-
|
|
268
|
-
// logger.info("Core managers initialized", {
|
|
269
|
-
// layer: "hisecure-core",
|
|
270
|
-
// managers: ["hash", "rate-limit", "validator", "sanitizer"]
|
|
271
|
-
// });
|
|
272
|
-
// }
|
|
273
|
-
|
|
274
|
-
// private setupDynamicManagers() {
|
|
275
|
-
// this.jsonManager = new JsonManager();
|
|
276
|
-
// this.corsManager = new CorsManager();
|
|
277
|
-
|
|
278
|
-
// if (this.config.auth.enabled) {
|
|
279
|
-
// this.authManager = new AuthManager({
|
|
280
|
-
// jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,
|
|
281
|
-
// jwtExpiresIn: this.config.auth.jwtExpiresIn,
|
|
282
|
-
// googleClientId:
|
|
283
|
-
// process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId
|
|
284
|
-
// });
|
|
285
|
-
|
|
286
|
-
// logger.info("Authentication enabled", {
|
|
287
|
-
// layer: "hisecure-core",
|
|
288
|
-
// google: !!this.config.auth.googleClientId
|
|
289
|
-
// });
|
|
290
|
-
// } else {
|
|
291
|
-
// logger.info("Authentication disabled", {
|
|
292
|
-
// layer: "hisecure-core"
|
|
293
|
-
// });
|
|
294
|
-
// }
|
|
295
|
-
// }
|
|
296
|
-
|
|
297
|
-
// private createMiddlewareChain(options: SecureOptions): any[] {
|
|
298
|
-
// const chain: any[] = [];
|
|
299
|
-
|
|
300
|
-
// chain.push(this.jsonManager.middleware(this.config.json));
|
|
301
|
-
// chain.push(this.jsonManager.urlencoded(this.config.urlencoded));
|
|
302
|
-
|
|
303
|
-
// if (this.config.enableHelmet) chain.push(helmet());
|
|
304
|
-
// if (this.config.enableHPP) chain.push(hpp());
|
|
305
|
-
|
|
306
|
-
// if (this.config.enableCompression)
|
|
307
|
-
// chain.push(compression(this.config.compression));
|
|
308
|
-
|
|
309
|
-
// if (options.cors) chain.push(this.corsManager.middleware(this.config.cors));
|
|
310
|
-
// if (options.sanitize)
|
|
311
|
-
// chain.push(this.sanitizerManager.middleware());
|
|
312
|
-
|
|
313
|
-
// if (options.rateLimit)
|
|
314
|
-
// chain.push(this.rateLimitManager.middleware({}));
|
|
315
|
-
|
|
316
|
-
// if (options.auth && this.authManager)
|
|
317
|
-
// chain.push(this.authManager.protect());
|
|
318
|
-
|
|
319
|
-
// chain.push(errorHandler);
|
|
320
|
-
// return chain;
|
|
321
|
-
// }
|
|
322
|
-
// }
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
1
|
import { HiSecureConfig } from "./types/HiSecureConfig.js";
|
|
330
2
|
import { defaultConfig } from "./config.js";
|
|
331
3
|
import { LIB_NAME, LIB_VERSION } from "./constants.js";
|
|
@@ -381,7 +53,6 @@ export class HiSecure {
|
|
|
381
53
|
this.config = config;
|
|
382
54
|
}
|
|
383
55
|
|
|
384
|
-
// ================= INIT (ONLY ONCE) =================
|
|
385
56
|
static init(userConfig?: Partial<HiSecureConfig>): HiSecure {
|
|
386
57
|
if (HiSecure.instance) return HiSecure.instance;
|
|
387
58
|
|
|
@@ -408,7 +79,6 @@ export class HiSecure {
|
|
|
408
79
|
version: LIB_VERSION
|
|
409
80
|
});
|
|
410
81
|
|
|
411
|
-
// ===== Core Managers =====
|
|
412
82
|
this.hashManager = new HashManager(
|
|
413
83
|
this.config.hashing,
|
|
414
84
|
this.config.hashing.primary === "argon2"
|
|
@@ -440,7 +110,6 @@ export class HiSecure {
|
|
|
440
110
|
this.jsonManager = new JsonManager();
|
|
441
111
|
this.corsManager = new CorsManager();
|
|
442
112
|
|
|
443
|
-
// ===== AUTH (OPTIONAL) =====
|
|
444
113
|
if (this.config.auth?.enabled) {
|
|
445
114
|
this.authManager = new AuthManager({
|
|
446
115
|
jwtSecret: process.env.JWT_SECRET || this.config.auth.jwtSecret!,
|
|
@@ -462,14 +131,12 @@ export class HiSecure {
|
|
|
462
131
|
});
|
|
463
132
|
}
|
|
464
133
|
|
|
465
|
-
// ================= AUTH =================
|
|
466
134
|
static auth(options?: { required?: boolean; roles?: string[] }) {
|
|
467
135
|
const i = HiSecure.get();
|
|
468
136
|
if (!i.authManager) throw new Error("Auth not enabled");
|
|
469
137
|
return i.authManager.protect(options);
|
|
470
138
|
}
|
|
471
139
|
|
|
472
|
-
// ================= JWT =================
|
|
473
140
|
static jwt = {
|
|
474
141
|
sign(payload: object, options?: any) {
|
|
475
142
|
const i = HiSecure.get();
|
|
@@ -493,7 +160,6 @@ export class HiSecure {
|
|
|
493
160
|
}
|
|
494
161
|
};
|
|
495
162
|
|
|
496
|
-
// ================= OTHER UTILS =================
|
|
497
163
|
static validate(schema: ValidationSchema) {
|
|
498
164
|
return HiSecure.get().validatorManager.validate(schema);
|
|
499
165
|
}
|
|
@@ -538,7 +204,6 @@ export class HiSecure {
|
|
|
538
204
|
return HiSecure.get().hashManager.verify(value, hash);
|
|
539
205
|
}
|
|
540
206
|
|
|
541
|
-
// ================= GLOBAL MIDDLEWARE =================
|
|
542
207
|
static middleware(options?: SecureOptions | MiddlewarePreset) {
|
|
543
208
|
const i = HiSecure.get();
|
|
544
209
|
|
package/src/core/useSecure.ts
CHANGED
|
@@ -1,54 +1,3 @@
|
|
|
1
|
-
// import { HiSecure } from "./HiSecure.js";
|
|
2
|
-
// import { SecureOptions } from "./types/SecureOptions.js";
|
|
3
|
-
|
|
4
|
-
// /**
|
|
5
|
-
// * @deprecated Use HiSecure.middleware() or fluent API instead
|
|
6
|
-
// */
|
|
7
|
-
|
|
8
|
-
// export function useSecure(options?: SecureOptions | "api" | "strict" | "public") {
|
|
9
|
-
// console.warn("useSecure() is deprecated. Use HiSecure.middleware() or fluent API methods.");
|
|
10
|
-
// return HiSecure.middleware(options);
|
|
11
|
-
// }
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
// // Legacy support - route-level security
|
|
15
|
-
|
|
16
|
-
// export function secureRoute(options?: SecureOptions) {
|
|
17
|
-
// const chain: any[] = [];
|
|
18
|
-
|
|
19
|
-
// if (options?.cors) {
|
|
20
|
-
// chain.push(HiSecure.cors(
|
|
21
|
-
// typeof options.cors === 'object' ? options.cors : undefined
|
|
22
|
-
// ));
|
|
23
|
-
// }
|
|
24
|
-
|
|
25
|
-
// if (options?.rateLimit) {
|
|
26
|
-
// chain.push(HiSecure.rateLimit(
|
|
27
|
-
// typeof options.rateLimit === 'object' ? options.rateLimit :
|
|
28
|
-
// options.rateLimit === "strict" ? "strict" : "relaxed"
|
|
29
|
-
// ));
|
|
30
|
-
// }
|
|
31
|
-
|
|
32
|
-
// if (options?.sanitize) {
|
|
33
|
-
// chain.push(HiSecure.sanitize(
|
|
34
|
-
// typeof options.sanitize === 'object' ? options.sanitize : undefined
|
|
35
|
-
// ));
|
|
36
|
-
// }
|
|
37
|
-
|
|
38
|
-
// if (options?.validate) {
|
|
39
|
-
// chain.push(HiSecure.validate(options.validate));
|
|
40
|
-
// }
|
|
41
|
-
|
|
42
|
-
// if (options?.auth) {
|
|
43
|
-
// chain.push(HiSecure.auth(
|
|
44
|
-
// typeof options.auth === 'object' ? options.auth : undefined
|
|
45
|
-
// ));
|
|
46
|
-
// }
|
|
47
|
-
// return chain;
|
|
48
|
-
// }
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
1
|
import { HiSecure } from "./HiSecure.js";
|
|
53
2
|
import { SecureOptions } from "./types/SecureOptions.js";
|
|
54
3
|
|
package/src/index.ts
CHANGED
|
@@ -1,24 +1,3 @@
|
|
|
1
|
-
// import { HiSecure } from "./core/HiSecure.js";
|
|
2
|
-
// import { useSecure, secureRoute } from "./core/useSecure.js";
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
// export { z } from "zod";
|
|
6
|
-
// export { body, query, param, header } from "express-validator";
|
|
7
|
-
|
|
8
|
-
// const hiSecure = HiSecure.getInstance();
|
|
9
|
-
|
|
10
|
-
// export {
|
|
11
|
-
// HiSecure,
|
|
12
|
-
// hiSecure,
|
|
13
|
-
// useSecure,
|
|
14
|
-
// secureRoute
|
|
15
|
-
// };
|
|
16
|
-
|
|
17
|
-
// export default hiSecure;
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
1
|
import { HiSecure } from "./core/HiSecure.js";
|
|
23
2
|
import { useSecure, secureRoute } from "./core/useSecure.js";
|
|
24
3
|
|