jsonauthtoken 3.0.3 → 3.0.4-beta-2

package/dist/web.index.js

@@ -0,0 +1,599 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/web.index.ts
+var web_index_exports = {};
+__export(web_index_exports, {
+  JAT: () => JAT,
+  P2KG: () => P2KG,
+  default: () => web_index_default,
+  getSupportedAlgorithm: () => getSupportedAlgorithm
+});
+module.exports = __toCommonJS(web_index_exports);
+
+// src/config/name.config.ts
+var RUNTIME = ["node", "web"];
+var WEB_RUNTIME = ["web"];
+
+// src/config/algo.config.ts
+var SUPPORTED_ALGORITHM = {
+  node: [
+    { name: "AES-256-GCM", value: "aes-256-gcm", type: "symmetric" },
+    { name: "RSA+A256GCM", value: "rsa+a256gcm", type: "asymmetric" }
+  ],
+  web: [
+    { name: "AES-GCM", value: "AES-GCM", type: "symmetric" },
+    { name: "RSA+AES-GCM", value: "RSA+AES-GCM", type: "asymmetric" }
+  ]
+};
+function RUNTIME_DEFAULT_ALGORITHM(runtime) {
+  const algos = {
+    node: { name: "AES-256-GCM", value: "aes-256-gcm", type: "symmetric" },
+    web: { name: "AES-GCM", value: "AES-GCM", type: "symmetric" }
+  };
+  return algos[runtime];
+}
+
+// src/lib/encoading.lib.ts
+function encoading(runtime, data) {
+  const json = JSON.stringify(data);
+  let base64;
+  if (runtime === "node") {
+    base64 = Buffer.from(json).toString("base64");
+  } else {
+    base64 = btoa(unescape(encodeURIComponent(json)));
+  }
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+var encoading_lib_default = encoading;
+
+// src/lib/decoading.lib.ts
+var decoading = (runtime, str) => {
+  const base64 = str.replace(/-/g, "+").replace(/_/g, "/");
+  const padding = "=".repeat((4 - base64.length % 4) % 4);
+  const base64WithPadding = base64 + padding;
+  let decoded;
+  if (runtime === "node") {
+    decoded = Buffer.from(base64WithPadding, "base64").toString("utf8");
+  } else {
+    decoded = decodeURIComponent(escape(atob(base64WithPadding)));
+  }
+  return JSON.parse(decoded);
+};
+var decoading_lib_default = decoading;
+
+// src/lib/functions.lib.ts
+function tokenFormatCreate(meta, encrypted) {
+  return `${encoading_lib_default(meta.runtime, meta)}:${encrypted}`;
+}
+function tokenFormatVerify(runtime, token) {
+  const index = token.indexOf(":");
+  if (index === -1) {
+    throw new Error("Invalid token format");
+  }
+  const metaPart = token.substring(0, index);
+  const encryptedPart = token.substring(index + 1);
+  const meta = decoading_lib_default(runtime, metaPart);
+  if (!meta) {
+    throw new Error("Invalid token format");
+  }
+  const algorithm = SUPPORTED_ALGORITHM[meta.runtime]?.find((e) => e.name === meta.algo);
+  if (!algorithm) {
+    throw new Error("Invalid token format");
+  }
+  if (algorithm.type !== meta.type) {
+    throw new Error("Invalid token format");
+  }
+  if (meta.type === "asymmetric") {
+    if (!meta.encryptedKey) {
+      throw new Error("Invalid token format");
+    }
+  }
+  if (!meta.iv) {
+    throw new Error("Invalid token format");
+  }
+  if (!RUNTIME.includes(meta.runtime)) {
+    throw new Error("Invalid token format");
+  }
+  if (meta.runtime === "node") {
+    if (!meta.tag) {
+      throw new Error("Invalid token format");
+    }
+  }
+  if (!meta.v) {
+    throw new Error("Invalid token format");
+  }
+  return { meta, encrypted: encryptedPart };
+}
+function isExpired(timeStamp) {
+  let currentTime = Math.floor(Date.now() / 1e3);
+  if (timeStamp < currentTime) {
+    return true;
+  } else {
+    return false;
+  }
+}
+function print({ dev = false, color = "green" }, ...args) {
+  if (!dev) return;
+  const colors = {
+    red: "\x1B[31m",
+    green: "\x1B[32m",
+    yellow: "\x1B[33m",
+    blue: "\x1B[34m",
+    magenta: "\x1B[35m",
+    cyan: "\x1B[36m",
+    white: "\x1B[37m",
+    reset: "\x1B[0m"
+  };
+  if (typeof window !== "undefined") {
+    console.log(`%c[jsonauthtoken]`, `color:${color}`, ...args);
+  } else {
+    const colorCode = colors[color] ?? colors.green;
+    console.log(`${colorCode}[jsonauthtoken]`, ...args, "\x1B[0m");
+  }
+}
+
+// src/lib/timeformat.ts
+function jatTimeFormatter(input) {
+  if (typeof input === "number") {
+    if (input <= 0) {
+      throw new Error("Expiration time must be greater than zero.");
+    }
+    return Math.floor(Date.now() / 1e3) + input;
+  }
+  const regex = /^(\d+)(S|MIN|H|D|M|Y)$/i;
+  const match = input.match(regex);
+  if (!match) {
+    throw new Error("Invalid format. Use number or formats like 1S, 1MIN, 1H, 1D, 1M, or 1Y.");
+  }
+  const amount = parseInt(match[1], 10);
+  const unit = match[2].toUpperCase();
+  let seconds;
+  switch (unit) {
+    case "S":
+      seconds = amount;
+      break;
+    case "MIN":
+      seconds = amount * 60;
+      break;
+    case "H":
+      seconds = amount * 60 * 60;
+      break;
+    case "D":
+      seconds = amount * 24 * 60 * 60;
+      break;
+    case "M":
+      seconds = amount * 30 * 24 * 60 * 60;
+      break;
+    case "Y":
+      seconds = amount * 365 * 24 * 60 * 60;
+      break;
+    default:
+      throw new Error(`Unsupported time unit: ${unit}`);
+  }
+  return Math.floor(Date.now() / 1e3) + seconds;
+}
+
+// src/runtime/web.runtime.ts
+var WebCrypto = class {
+  textEncoder = new TextEncoder();
+  textDecoder = new TextDecoder();
+  // Import AES key from password string
+  async __importAESKey(password) {
+    const passwordBuffer = this.textEncoder.encode(password);
+    const hashBuffer = await crypto.subtle.digest("SHA-256", passwordBuffer);
+    return await crypto.subtle.importKey(
+      "raw",
+      hashBuffer,
+      { name: "AES-GCM" },
+      false,
+      ["encrypt", "decrypt"]
+    );
+  }
+  //uint8Array to Base64
+  __uint8ArrayToBase64(uint8Array) {
+    let binary = "";
+    const len = uint8Array.byteLength;
+    for (let i = 0; i < len; i++) {
+      binary += String.fromCharCode(uint8Array[i]);
+    }
+    return btoa(binary);
+  }
+  //base64 to Uint8Array
+  __base64ToUint8Array(base64) {
+    const binaryString = atob(base64);
+    const len = binaryString.length;
+    const bytes = new Uint8Array(len);
+    for (let i = 0; i < len; i++) {
+      bytes[i] = binaryString.charCodeAt(i);
+    }
+    return bytes;
+  }
+  // ArrayBuffer to Base64
+  __arrayBufferToBase64(buffer) {
+    const bytes = new Uint8Array(buffer);
+    let binary = "";
+    for (let i = 0; i < bytes.length; i++) {
+      binary += String.fromCharCode(bytes[i]);
+    }
+    return btoa(binary);
+  }
+  //Base64 to ArrayBuffer
+  __base64ToArrayBuffer(base64) {
+    const binary = atob(base64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+      bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes.buffer;
+  }
+  //PEM to ArrayBuffer
+  __pemToArrayBuffer(pem, type) {
+    const pemHeader = `-----BEGIN ${type} KEY-----`;
+    const pemFooter = `-----END ${type} KEY-----`;
+    const pemContents = pem.replace(pemHeader, "").replace(pemFooter, "").replace(/\\n/g, "").replace(/\s/g, "");
+    return this.__base64ToArrayBuffer(pemContents);
+  }
+  //ArrayBuffer to PEM
+  __arrayBufferToPem(buffer, type) {
+    const base64 = this.__arrayBufferToBase64(buffer);
+    const pemContents = base64.match(/.{1,64}/g)?.join("\n") || base64;
+    return `-----BEGIN ${type} KEY-----
+${pemContents}
+-----END ${type} KEY-----`;
+  }
+  // Import RSA public key from PEM
+  async __importPublicKey(publicKeyPem) {
+    const keyData = this.__pemToArrayBuffer(publicKeyPem, "PUBLIC");
+    return await crypto.subtle.importKey(
+      "spki",
+      keyData,
+      {
+        name: "RSA-OAEP",
+        hash: "SHA-256"
+      },
+      true,
+      ["encrypt"]
+    );
+  }
+  // Import RSA private key from PEM
+  async __importPrivateKey(privateKeyPem) {
+    const keyData = this.__pemToArrayBuffer(privateKeyPem.replace(/\\n/g, "\n"), "PRIVATE");
+    return await crypto.subtle.importKey(
+      "pkcs8",
+      keyData,
+      {
+        name: "RSA-OAEP",
+        hash: "SHA-256"
+      },
+      true,
+      ["decrypt"]
+    );
+  }
+  // AES-256-GCM Encryption
+  async _encrypt(algo, key, payload) {
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const data = this.textEncoder.encode(JSON.stringify(payload));
+    const encryptedBuffer = await crypto.subtle.encrypt(
+      {
+        name: algo,
+        iv,
+        tagLength: 128
+      },
+      key,
+      data
+    );
+    const encryptedBytes = new Uint8Array(encryptedBuffer);
+    return {
+      iv: this.__uint8ArrayToBase64(iv),
+      encrypted: this.__uint8ArrayToBase64(encryptedBytes)
+    };
+  }
+  // AES-256-GCM Decryption
+  async _decrypt(algo, key, encryptedData) {
+    const { iv, encrypted } = encryptedData;
+    const ivBuffer = this.__base64ToUint8Array(iv);
+    const encryptedBuffer = this.__base64ToUint8Array(encrypted);
+    try {
+      const decryptedBuffer = await crypto.subtle.decrypt(
+        {
+          name: algo,
+          iv: ivBuffer,
+          tagLength: 128
+        },
+        key,
+        encryptedBuffer
+      );
+      return JSON.parse(this.textDecoder.decode(decryptedBuffer));
+    } catch (error) {
+      throw new Error("Invalid Key");
+    }
+  }
+  // Generate RSA public key from private key PEM
+  async _rsaPublicKeyGeneration(privateKeyPem) {
+    const privateKey = await this.__importPrivateKey(privateKeyPem);
+    const jwk = await crypto.subtle.exportKey("jwk", privateKey);
+    delete jwk.d;
+    delete jwk.dp;
+    delete jwk.dq;
+    delete jwk.q;
+    delete jwk.qi;
+    jwk.key_ops = ["encrypt"];
+    const publicKey = await crypto.subtle.importKey(
+      "jwk",
+      jwk,
+      {
+        name: "RSA-OAEP",
+        hash: "SHA-256"
+      },
+      true,
+      ["encrypt"]
+    );
+    const exportedPublicKey = await crypto.subtle.exportKey("spki", publicKey);
+    return this.__arrayBufferToPem(exportedPublicKey, "PUBLIC");
+  }
+  async _rsaPrivatePublicKeyGeneration() {
+    const keyPair = await crypto.subtle.generateKey(
+      {
+        name: "RSA-OAEP",
+        modulusLength: 2048,
+        publicExponent: new Uint8Array([1, 0, 1]),
+        hash: "SHA-256"
+      },
+      true,
+      ["encrypt", "decrypt"]
+    );
+    const privateKeyBuffer = await crypto.subtle.exportKey("pkcs8", keyPair.privateKey);
+    const publicKeyBuffer = await crypto.subtle.exportKey("spki", keyPair.publicKey);
+    return {
+      privateKey: this.__arrayBufferToPem(privateKeyBuffer, "PRIVATE"),
+      publicKey: this.__arrayBufferToPem(publicKeyBuffer, "PUBLIC")
+    };
+  }
+  async encrypt(algo, key, payload, exp) {
+    const cryptoKey = await this.__importAESKey(key);
+    const newPayload = { payload, exp };
+    const { iv, encrypted } = await this._encrypt(algo, cryptoKey, newPayload);
+    return tokenFormatCreate(
+      {
+        runtime: "web",
+        algo: "AES-GCM",
+        type: "symmetric",
+        v: "1",
+        iv
+      },
+      encrypted
+    );
+  }
+  async decrypt(algo, key, encryptedData) {
+    const cryptoKey = await this.__importAESKey(key);
+    return await this._decrypt(algo, cryptoKey, encryptedData);
+  }
+  // Public method: Asymmetric encryption (RSA-OAEP + AES-256-GCM)
+  async encryptRSA(payload, publicKeyPem, exp) {
+    const symmetricKey = await crypto.subtle.generateKey(
+      { name: "AES-GCM", length: 256 },
+      true,
+      ["encrypt", "decrypt"]
+    );
+    const newPayload = { payload, exp };
+    const { iv, encrypted } = await this._encrypt("AES-GCM", symmetricKey, newPayload);
+    const symmetricKeyBuffer = await crypto.subtle.exportKey("raw", symmetricKey);
+    const publicKey = await this.__importPublicKey(publicKeyPem);
+    const encryptedSymmetricKey = await crypto.subtle.encrypt(
+      {
+        name: "RSA-OAEP"
+      },
+      publicKey,
+      symmetricKeyBuffer
+    );
+    return tokenFormatCreate(
+      {
+        runtime: "web",
+        algo: "RSA+AES-GCM",
+        type: "asymmetric",
+        v: "1",
+        iv,
+        encryptedKey: this.__arrayBufferToBase64(encryptedSymmetricKey)
+      },
+      encrypted
+    );
+  }
+  // Public method: Asymmetric decryption (RSA-OAEP + AES-256-GCM)
+  async decryptRSA(privateKeyPem, encryptedKey, encryptedData) {
+    const privateKey = await this.__importPrivateKey(privateKeyPem);
+    const encryptedKeyBuffer = this.__base64ToArrayBuffer(encryptedKey);
+    const decryptedSymmetricKeyBuffer = await crypto.subtle.decrypt(
+      {
+        name: "RSA-OAEP"
+      },
+      privateKey,
+      encryptedKeyBuffer
+    );
+    const symmetricKey = await crypto.subtle.importKey(
+      "raw",
+      decryptedSymmetricKeyBuffer,
+      { name: "AES-GCM" },
+      false,
+      ["decrypt"]
+    );
+    return await this._decrypt("AES-GCM", symmetricKey, encryptedData);
+  }
+  async rsaPrivatePublicKeyGeneration() {
+    return await this._rsaPrivatePublicKeyGeneration();
+  }
+  async rsaPublicKeyGeneration(privateKeyPem) {
+    return await this._rsaPublicKeyGeneration(privateKeyPem);
+  }
+};
+
+// src/web.index.ts
+var WebCryptoModule = class {
+  dev = false;
+  runtime;
+  web = new WebCrypto();
+  constructor({ runtime, dev } = {}) {
+    try {
+      if (dev) this.dev = true;
+      if (runtime && !WEB_RUNTIME.includes(runtime)) {
+        throw new Error("Unsupported runtime");
+      }
+      this.runtime = "web";
+      print({ dev: this.dev }, "Current Runtime: ", this.runtime);
+    } catch (error) {
+      print({ dev: this.dev, color: "red" }, error);
+      throw error;
+    }
+  }
+  async createToken(algo, key, payload, exp) {
+    const algorithms = SUPPORTED_ALGORITHM[this.runtime];
+    const algoData = algorithms.find(({ name }) => {
+      return name == algo;
+    });
+    if (!algoData) {
+      throw new Error(`Algorithm ${algo} is not supported for ${this.runtime}`);
+    }
+    if (algoData.type === "asymmetric") {
+      if (algoData.value !== "RSA+AES-GCM") {
+        throw new Error(`Algorithm ${algoData.name} is not supported for asymmetric encryption`);
+      }
+      return await this.web.encryptRSA(payload, key, exp);
+    } else {
+      if (algoData.value !== "AES-GCM") {
+        throw new Error(`Algorithm ${algoData.name} is not supported for symmetric encryption`);
+      }
+      return await this.web.encrypt(algoData.value, key, payload, exp);
+    }
+  }
+  async verifyToken(token, key) {
+    const { meta, encrypted } = tokenFormatVerify(this.runtime, token);
+    const { runtime, algo, type, v, iv, tag, encryptedKey } = meta;
+    if (this.runtime !== runtime) {
+      throw new Error("Runtime not matching");
+    }
+    if (type === "asymmetric") {
+      if (algo !== "RSA+AES-GCM") {
+        throw new Error(`Algorithm ${algo} is not supported for asymmetric encryption`);
+      }
+      return await this.web.decryptRSA(key, encryptedKey, { iv, encrypted });
+    } else {
+      if (algo !== "AES-GCM") {
+        throw new Error(`Algorithm ${algo} is not supported for symmetric encryption`);
+      }
+      return await this.web.decrypt("AES-GCM", key, { iv, encrypted });
+    }
+  }
+  async create({ key, exp, algo }, payload) {
+    try {
+      if (!key) {
+        throw new Error("key is required to create token");
+      }
+      exp = exp ? jatTimeFormatter(exp) : jatTimeFormatter("5MIN");
+      algo = algo || RUNTIME_DEFAULT_ALGORITHM("web").name;
+      return await this.createToken(algo, key, payload, exp);
+    } catch (error) {
+      print({ dev: this.dev, color: "red" }, error);
+      throw error;
+    }
+  }
+  async verify(token, key) {
+    try {
+      if (!token) {
+        throw new Error("Token is required to verify token");
+      }
+      if (!key) {
+        throw new Error("key is required to verify token");
+      }
+      const unfilterPayload = await this.verifyToken(token, key);
+      if (isExpired(unfilterPayload.exp)) {
+        throw new Error("Token expired");
+      }
+      return unfilterPayload.payload;
+    } catch (error) {
+      print({ dev: this.dev, color: "red" }, error);
+      throw error;
+    }
+  }
+};
+var PrivatePublicKeyGeneration = class {
+  web = new WebCrypto();
+  async generateKeyPair(runtime, dev) {
+    let finalRuntime = "web";
+    const development = dev === true ? true : false;
+    try {
+      if (runtime) {
+        if (!WEB_RUNTIME.includes(runtime)) {
+          throw new Error("Unsupported runtime");
+        }
+        finalRuntime = runtime;
+      }
+      const { privateKey, publicKey } = await this.web.rsaPrivatePublicKeyGeneration();
+      print({ dev: development, color: "green" }, "Current Runtime: ", finalRuntime);
+      print({ dev: development, color: "green" }, { privateKey, publicKey });
+      return { privateKey, publicKey };
+    } catch (error) {
+      print({ dev: development, color: "red" }, error);
+      throw error;
+    }
+  }
+  async generatePublicKey(privateKeyPem, runtime, dev) {
+    let finalRuntime = "web";
+    const development = dev === true ? true : false;
+    try {
+      if (runtime) {
+        if (!WEB_RUNTIME.includes(runtime)) {
+          throw new Error("Unsupported runtime");
+        }
+        finalRuntime = runtime;
+      }
+      const publicKey = await this.web.rsaPublicKeyGeneration(privateKeyPem);
+      print({ dev: development, color: "green" }, "Current Runtime: ", finalRuntime);
+      print({ dev: development, color: "green" }, publicKey);
+      return publicKey;
+    } catch (error) {
+      print({ dev: development, color: "red" }, error);
+      throw error;
+    }
+  }
+};
+var p2kgObject = new PrivatePublicKeyGeneration();
+var generateKeyPair = (options) => {
+  const { runtime, dev } = options || {};
+  return p2kgObject.generateKeyPair(runtime, dev);
+};
+var generatePublicKey = (privateKeyPem, options) => {
+  const { runtime, dev } = options || {};
+  return p2kgObject.generatePublicKey(privateKeyPem, runtime, dev);
+};
+var JAT = ({ runtime, dev } = {}) => new WebCryptoModule({ runtime, dev });
+var getSupportedAlgorithm = () => SUPPORTED_ALGORITHM["web"];
+var P2KG = {
+  generateKeyPair,
+  generatePublicKey
+};
+var jsonauthtoken = {
+  JAT,
+  P2KG
+};
+var web_index_default = jsonauthtoken;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  JAT,
+  P2KG,
+  getSupportedAlgorithm
+});