shelving 1.159.4 → 1.160.0

package/db/ValidationProvider.d.ts

@@ -1,4 +1,4 @@
-import type { DataSchema, DataSchemas } from "../schema/DataSchema.js";
+import { type DataSchema, type DataSchemas } from "../schema/DataSchema.js";
 import type { Schema } from "../schema/Schema.js";
 import type { Database, DataKey } from "../util/data.js";
 import type { Identifier, Items, OptionalItem } from "../util/item.js";

package/db/ValidationProvider.js

@@ -1,7 +1,7 @@
 import { ValueError } from "../error/ValueError.js";
 import { Feedback } from "../feedback/Feedback.js";
-import { getNamedMessage } from "../index.js";
-import { updateData } from "../util/update.js";
+import { PARTIAL } from "../schema/DataSchema.js";
+import { getNamedMessage } from "../util/error.js";
 import { validateData } from "../util/validate.js";
 import { AsyncThroughProvider, ThroughProvider } from "./ThroughProvider.js";
 /** Validate a synchronous source provider (source can have any type because validation guarantees the type). */
@@ -32,8 +32,7 @@ export class ValidationProvider extends ThroughProvider {
         super.setItem(collection, id, validateData(data, this.getSchema(collection).props));
     }
     updateItem(collection, id, updates) {
-        validateData(updateData({}, updates), this.getSchema(collection).props, true);
-        super.updateItem(collection, id, updates);
+        super.updateItem(collection, id, _validateUpdates(collection, updates, this.getSchema(collection), this.updateItem));
     }
     deleteItem(collection, id) {
         super.deleteItem(collection, id);
@@ -48,8 +47,7 @@ export class ValidationProvider extends ThroughProvider {
         super.setQuery(collection, query, this.getSchema(collection).validate(data));
     }
     updateQuery(collection, query, updates) {
-        validateData(updateData({}, updates), this.getSchema(collection).props, true);
-        super.updateQuery(collection, query, updates);
+        super.updateQuery(collection, query, _validateUpdates(collection, updates, this.getSchema(collection), this.updateQuery));
     }
     deleteQuery(collection, query) {
         super.deleteQuery(collection, query);
@@ -88,8 +86,7 @@ export class AsyncValidationProvider extends AsyncThroughProvider {
         return super.setItem(collection, id, validateData(data, this.getSchema(collection).props));
     }
     updateItem(collection, id, updates) {
-        validateData(updateData({}, updates), this.getSchema(collection).props, true);
-        return super.updateItem(collection, id, updates);
+        return super.updateItem(collection, id, _validateUpdates(collection, updates, this.getSchema(collection), this.updateItem));
     }
     deleteItem(collection, id) {
         return super.deleteItem(collection, id);
@@ -109,8 +106,7 @@ export class AsyncValidationProvider extends AsyncThroughProvider {
         return super.setQuery(collection, query, validateData(data, this.getSchema(collection).props));
     }
     updateQuery(collection, query, updates) {
-        validateData(updateData({}, updates), this.getSchema(collection).props, true);
-        return super.updateQuery(collection, query, updates);
+        return super.updateQuery(collection, query, _validateUpdates(collection, updates, this.getSchema(collection), this.updateQuery));
     }
     deleteQuery(collection, query) {
         return super.deleteQuery(collection, query);
@@ -150,3 +146,13 @@ function* _yieldValidItems(collection, items, validators, caller) {
     if (messages.length)
         throw new ValueError(`Invalid data for "${collection}"\n${messages.join("\n")}`, { items, caller });
 }
+function _validateUpdates(collection, updates, schema, caller) {
+    try {
+        return validateData(updates, PARTIAL(schema).props);
+    }
+    catch (thrown) {
+        if (!(thrown instanceof Feedback))
+            throw thrown;
+        throw new ValueError(`Invalid updates for "${collection}"\n${thrown.message}`, { updates, caller });
+    }
+}

package/package.json

@@ -11,7 +11,7 @@
 		"state-management",
 		"query-builder"
 	],
-	"version": "1.159.4",
+	"version": "1.160.0",
 	"repository": "https://github.com/dhoulb/shelving",
 	"author": "Dave Houlbrooke <dave@shax.com>",
 	"license": "0BSD",

package/util/jwt.d.ts

@@ -1,13 +1,36 @@
 import { type Bytes, type PossibleBytes } from "./bytes.js";
 import type { Data } from "./data.js";
+import { type PossibleDate } from "./date.js";
 import type { AnyCaller } from "./function.js";
+export interface TokenClaims extends Data {
+    /**
+     * "Issued at" date (defaults to "now").
+     * - Not used for validation, but always set in the token payload.
+     * - Can be used to determine when the token was issued, and possibly revoke tokens issued before a certain date.
+     */
+    readonly iat?: PossibleDate;
+    /**
+     * "Not before" date.
+     * - When validating the token, tokens before this date will be rejected
+     */
+    readonly nbf?: PossibleDate;
+    /**
+     * Expiry in milliseconds (defaults to "30 days").
+     * - When validating the token, tokens after this date will be rejected
+     */
+    readonly exp?: number;
+}
 /**
  * Encode a JWT and return the string token.
  * - Currently only supports HMAC SHA-512 signing.
  *
+ * @param claims The payload claims to include in the JWT.
+ * @param secret The secret key to sign the JWT with.
+ * @param expiry The expiry time in milliseconds (defaults to 30 days).
+ *
  * @throws ValueError If the input parameters, e.g. `secret` or `issuer`, are invalid.
  */
-export declare function encodeToken(claims: Data, secret: PossibleBytes): Promise<string>;
+export declare function encodeToken({ nbf, iat, exp, ...claims }: TokenClaims, secret: PossibleBytes): Promise<string>;
 /** Parts that make up a JSON Web Token. */
 export type TokenData = {
     header: string;

package/util/jwt.js

@@ -3,11 +3,11 @@ import { ValueError } from "../error/ValueError.js";
 import { decodeBase64URLBytes, decodeBase64URLString, encodeBase64URL } from "./base64.js";
 import { getBytes, requireBytes } from "./bytes.js";
 import { DAY, MINUTE, SECOND } from "./constants.js";
+import { requireDate } from "./date.js";
 // Constants.
 const HASH = "SHA-512";
 const ALGORITHM = { name: "HMAC", hash: HASH };
 const HEADER = { alg: "HS512", typ: "JWT" };
-const EXPIRY_MS = DAY * 10;
 const SKEW_MS = MINUTE; // Allow 1 minute clock skew.
 const SECRET_BYTES = 64; // Minimum 64 bytes / 512 bits
 function _getKey(caller, secret, ...usages) {
@@ -23,15 +23,22 @@ function _getKey(caller, secret, ...usages) {
  * Encode a JWT and return the string token.
  * - Currently only supports HMAC SHA-512 signing.
  *
+ * @param claims The payload claims to include in the JWT.
+ * @param secret The secret key to sign the JWT with.
+ * @param expiry The expiry time in milliseconds (defaults to 30 days).
+ *
  * @throws ValueError If the input parameters, e.g. `secret` or `issuer`, are invalid.
  */
-export async function encodeToken(claims, secret) {
+export async function encodeToken({ nbf = "now", iat = "now", exp = DAY * 30, ...claims }, secret) {
     // Encode header.
     const header = encodeBase64URL(JSON.stringify(HEADER));
     // Encode payload.
-    const now = Math.floor(Date.now() / 1000);
-    const exp = Math.floor(now + EXPIRY_MS / 1000);
-    const payload = encodeBase64URL(JSON.stringify({ nbf: now, iat: now, exp, ...claims }));
+    const payload = encodeBase64URL(JSON.stringify({
+        nbf: requireDate(nbf).getTime() / 1000, // By JWT convention, times are in seconds.
+        iat: requireDate(iat).getTime() / 1000, // By JWT convention, times are in seconds.
+        exp: (Date.now() + exp) / 1000, // By JWT convention, times are in seconds.
+        ...claims,
+    }));
     // Create signature.
     const key = await _getKey(encodeToken, secret, "sign");
     const signature = encodeBase64URL(await crypto.subtle.sign("HMAC", key, requireBytes(`${header}.${payload}`)));
@@ -93,12 +100,10 @@ export async function verifyToken(token, secret, caller = verifyToken) {
     if (!isValid)
         throw new UnauthorizedError("JWT signature does not match", { received: token, caller });
     // Validate payload.
-    const { nbf, iat, exp } = payloadData;
+    const { nbf, exp } = payloadData;
     const now = Date.now();
     if (typeof nbf === "number" && now < nbf * SECOND - SKEW_MS)
         throw new UnauthorizedError("JWT cannot be used yet", { received: payloadData, expected: now, caller });
-    if (typeof iat === "number" && now < iat * SECOND - SKEW_MS)
-        throw new UnauthorizedError("JWT not issued yet", { received: payloadData, expected: now, caller });
     if (typeof exp === "number" && now > exp * SECOND + SKEW_MS)
         throw new UnauthorizedError("JWT has expired", { received: payloadData, expected: now, caller });
     return payloadData;

package/util/validate.d.ts

@@ -4,7 +4,6 @@ import type { Constructor } from "./class.js";
 import type { Data } from "./data.js";
 import type { ImmutableDictionary } from "./dictionary.js";
 import type { AnyCaller } from "./function.js";
-import type { DeepPartial } from "./object.js";
 /** Object that can validate an unknown value with its `validate()` method. */
 export interface Validator<T> {
     /**
@@ -57,10 +56,7 @@ export declare function validateDictionary<T>(unsafeDictionary: ImmutableDiction
  * - `undefined` props in the object will be set to the default value of that prop.
  * - `undefined` props after validation will not be set in the output object.
  *
- * @param partial Whether we're validating a partial match or not. This allows props to be missing without error.
- *
  * @return Valid object.
  * @throw Feedback if one or more props did not validate.
  */
-export declare function validateData<T extends Data>(unsafeData: Data, validators: Validators<T>, partial: true): DeepPartial<T>;
-export declare function validateData<T extends Data>(unsafeData: Data, validators: Validators<T>, partial?: false): T;
+export declare function validateData<T extends Data>(unsafeData: Data, validators: Validators<T>): T;

package/util/validate.js

@@ -1,7 +1,7 @@
 import { ValueError } from "../error/ValueError.js";
 import { Feedback, ValueFeedback } from "../feedback/Feedback.js";
 import { isArray } from "./array.js";
-import { getDataKeys, getDataProps } from "./data.js";
+import { getDataProps } from "./data.js";
 import { getDictionaryItems } from "./dictionary.js";
 import { getNamedMessage } from "./error.js";
 import { isIterable } from "./iterate.js";
@@ -96,39 +96,50 @@ export function validateDictionary(unsafeDictionary, validator) {
         throw new ValueFeedback(messages.join("\n"), unsafeDictionary);
     return changed || isIterable(unsafeDictionary) ? safeDictionary : unsafeDictionary;
 }
-/** Keep track of whether we're doing a deep-partial match or not. */
-let isDeeplyPartial = false;
-export function validateData(unsafeData, validators, partial = isDeeplyPartial) {
-    let changed = false;
+/**
+ * Validate a data object with a set of validators.
+ * - Defined props in the object will be validated against the corresponding validator.
+ * - `undefined` props in the object will be set to the default value of that prop.
+ * - `undefined` props after validation will not be set in the output object.
+ *
+ * @return Valid object.
+ * @throw Feedback if one or more props did not validate.
+ */
+export function validateData(unsafeData, validators) {
+    let changes = 0;
     const safeData = {};
     const messages = [];
-    try {
-        isDeeplyPartial = partial;
-        const props = getDataProps(validators);
-        for (const [key, validator] of props) {
-            const unsafeValue = unsafeData[key];
-            if (unsafeValue === undefined && partial)
-                continue; // Silently skip `undefined` props if in partial mode.
-            try {
-                const safeValue = validator.validate(unsafeValue);
-                if (safeValue !== undefined)
-                    safeData[key] = safeValue;
-                if (!changed && safeValue !== unsafeValue)
-                    changed = true;
+    // Validate the props in `validators`.
+    const props = getDataProps(validators);
+    for (const [key, validator] of props) {
+        const unsafeValue = unsafeData[key];
+        try {
+            const safeValue = validator.validate(unsafeValue);
+            if (safeValue === undefined) {
+                // Undefined values are not included in the output object
+                if (key in unsafeData)
+                    changes++;
             }
-            catch (thrown) {
-                if (!(thrown instanceof Feedback))
-                    throw thrown;
-                messages.push(getNamedMessage(key, thrown.message));
+            else {
+                // Defined values are included in the output object.
+                safeData[key] = safeValue;
+                if (safeValue !== unsafeValue)
+                    changes++;
             }
         }
-        if (messages.length)
-            throw new ValueFeedback(messages.join("\n"), unsafeData);
-        if (changed || getDataKeys(unsafeData).length > props.length)
-            return safeData;
-        return unsafeData;
-    }
-    finally {
-        isDeeplyPartial = false;
+        catch (thrown) {
+            if (!(thrown instanceof Feedback))
+                throw thrown;
+            messages.push(getNamedMessage(key, thrown.message));
+        }
     }
+    if (messages.length)
+        throw new ValueFeedback(messages.join("\n"), unsafeData);
+    if (changes)
+        return safeData;
+    // Check that no excess keys exist.
+    for (const key of Object.keys(unsafeData))
+        if (!(key in validators))
+            return safeData;
+    return unsafeData;
 }