npm - ts-packages - Versions diffs - 1.0.0 → 2.0.0 - Mend

ts-packages 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (752) hide show

package/packages/security/dist/cjs/core/crypto/cryptoManager.d.ts ADDED Viewed

@@ -0,0 +1,111 @@
+/**
+ * Configuration options for CryptoManager
+ */
+export interface CryptoManagerConfig {
+    defaultAlgorithm?: string;
+    defaultEncoding?: BufferEncoding;
+    hmacAlgorithm?: string;
+}
+/**
+ * CryptoManager - Class-based wrapper for all cryptographic operations
+ * Provides a consistent interface for encryption, decryption, HMAC generation, and secure random generation
+ */
+export declare class CryptoManager {
+    private config;
+    constructor(config?: CryptoManagerConfig);
+    /**
+     * Update configuration
+     */
+    updateConfig(config: Partial<CryptoManagerConfig>): void;
+    /**
+     * Get current configuration
+     */
+    getConfig(): Required<CryptoManagerConfig>;
+    /**
+     * Encrypt data using the default or specified algorithm
+     */
+    encrypt(plaintext: string, key: string, _options?: {
+        algorithm?: string;
+        encoding?: BufferEncoding;
+        iv?: string;
+    }): string;
+    /**
+     * Decrypt data using the default or specified algorithm
+     */
+    decrypt(encryptedData: string, key: string, _options?: {
+        algorithm?: string;
+        encoding?: BufferEncoding;
+        iv?: string;
+    }): string;
+    /**
+     * Generate HMAC signature
+     */
+    generateHmac(data: string, secret: string, _options?: {
+        algorithm?: string;
+        encoding?: BufferEncoding;
+    }): string;
+    /**
+     * Generate cryptographically secure random bytes
+     */
+    generateSecureRandom(length: number, _encoding?: BufferEncoding): string;
+    /**
+     * Verify HMAC signature
+     */
+    verifyHmac(data: string, secret: string, signature: string, _options?: {
+        algorithm?: string;
+        encoding?: BufferEncoding;
+    }): boolean;
+    /**
+     * Create a key derivation function using PBKDF2
+     */
+    deriveKey(password: string, salt: string, iterations?: number, keyLength?: number): Promise<string>;
+    /**
+     * Hash data using SHA-256
+     */
+    sha256(data: string, encoding?: BufferEncoding): string;
+    /**
+     * Hash data using SHA-512
+     */
+    sha512(data: string, encoding?: BufferEncoding): string;
+    /**
+     * Generate a secure key pair for asymmetric encryption
+     */
+    generateKeyPair(options?: {
+        modulusLength?: number;
+        publicKeyEncoding?: {
+            type: string;
+            format: string;
+        };
+        privateKeyEncoding?: {
+            type: string;
+            format: string;
+        };
+    }): Promise<{
+        publicKey: string;
+        privateKey: string;
+    }>;
+    /**
+     * Encrypt data using RSA public key
+     */
+    rsaEncrypt(data: string, publicKey: string): Promise<string>;
+    /**
+     * Decrypt data using RSA private key
+     */
+    rsaDecrypt(encryptedData: string, privateKey: string): Promise<string>;
+    /**
+     * Create digital signature using RSA private key
+     */
+    rsaSign(data: string, privateKey: string, algorithm?: string): Promise<string>;
+    /**
+     * Verify digital signature using RSA public key
+     */
+    rsaVerify(data: string, signature: string, publicKey: string, algorithm?: string): Promise<boolean>;
+}
+/**
+ * Create a CryptoManager instance with default configuration
+ */
+export declare const createCryptoManager: (config?: CryptoManagerConfig) => CryptoManager;
+/**
+ * Default CryptoManager instance
+ */
+export declare const cryptoManager: CryptoManager;

package/packages/security/dist/cjs/core/crypto/cryptoManager.js ADDED Viewed

@@ -0,0 +1,191 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cryptoManager = exports.createCryptoManager = exports.CryptoManager = void 0;
+const index_1 = require("./index");
+/**
+ * Default configuration
+ */
+const DEFAULT_CONFIG = {
+    defaultAlgorithm: 'aes-256-gcm',
+    defaultEncoding: 'utf8',
+    hmacAlgorithm: 'sha256',
+};
+/**
+ * CryptoManager - Class-based wrapper for all cryptographic operations
+ * Provides a consistent interface for encryption, decryption, HMAC generation, and secure random generation
+ */
+class CryptoManager {
+    constructor(config = {}) {
+        this.config = { ...DEFAULT_CONFIG, ...config };
+    }
+    /**
+     * Update configuration
+     */
+    updateConfig(config) {
+        this.config = { ...this.config, ...config };
+    }
+    /**
+     * Get current configuration
+     */
+    getConfig() {
+        return { ...this.config };
+    }
+    /**
+     * Encrypt data using the default or specified algorithm
+     */
+    encrypt(plaintext, key, _options) {
+        // For now, use the basic encrypt function
+        // TODO: Enhance to support different algorithms and options
+        return (0, index_1.encrypt)(plaintext, key);
+    }
+    /**
+     * Decrypt data using the default or specified algorithm
+     */
+    decrypt(encryptedData, key, _options) {
+        // For now, use the basic decrypt function
+        // TODO: Enhance to support different algorithms and options
+        return (0, index_1.decrypt)(encryptedData, key);
+    }
+    /**
+     * Generate HMAC signature
+     */
+    generateHmac(data, secret, _options) {
+        // Use the basic HMAC sign function for now
+        // TODO: Add support for different algorithms
+        return (0, index_1.hmacSign)(data, secret);
+    }
+    /**
+     * Generate cryptographically secure random bytes
+     */
+    generateSecureRandom(length, _encoding = 'hex') {
+        // Use the basic random token function
+        return (0, index_1.randomToken)(length);
+    }
+    /**
+     * Verify HMAC signature
+     */
+    verifyHmac(data, secret, signature, _options) {
+        // Use the basic HMAC verify function
+        return (0, index_1.hmacVerify)(data, secret, signature);
+    }
+    /**
+     * Create a key derivation function using PBKDF2
+     */
+    deriveKey(password, salt, iterations = 100000, keyLength = 32) {
+        return new Promise((resolve, reject) => {
+            const crypto = require('crypto');
+            crypto.pbkdf2(password, salt, iterations, keyLength, 'sha256', (err, derivedKey) => {
+                if (err) {
+                    reject(err);
+                }
+                else {
+                    resolve(derivedKey.toString('hex'));
+                }
+            });
+        });
+    }
+    /**
+     * Hash data using SHA-256
+     */
+    sha256(data, encoding = 'hex') {
+        const crypto = require('crypto');
+        return crypto.createHash('sha256').update(data).digest(encoding);
+    }
+    /**
+     * Hash data using SHA-512
+     */
+    sha512(data, encoding = 'hex') {
+        const crypto = require('crypto');
+        return crypto.createHash('sha512').update(data).digest(encoding);
+    }
+    /**
+     * Generate a secure key pair for asymmetric encryption
+     */
+    generateKeyPair(options) {
+        return new Promise((resolve, _reject) => {
+            const crypto = require('crypto');
+            const keyPair = crypto.generateKeyPairSync('rsa', {
+                modulusLength: options?.modulusLength || 2048,
+                publicKeyEncoding: options?.publicKeyEncoding || {
+                    type: 'spki',
+                    format: 'pem',
+                },
+                privateKeyEncoding: options?.privateKeyEncoding || {
+                    type: 'pkcs8',
+                    format: 'pem',
+                },
+            });
+            resolve(keyPair);
+        });
+    }
+    /**
+     * Encrypt data using RSA public key
+     */
+    rsaEncrypt(data, publicKey) {
+        return new Promise((resolve, _reject) => {
+            const crypto = require('crypto');
+            const buffer = Buffer.from(data, 'utf8');
+            const encrypted = crypto.publicEncrypt(publicKey, buffer);
+            resolve(encrypted.toString('base64'));
+        });
+    }
+    /**
+     * Decrypt data using RSA private key
+     */
+    rsaDecrypt(encryptedData, privateKey) {
+        return new Promise((resolve, _reject) => {
+            const crypto = require('crypto');
+            const buffer = Buffer.from(encryptedData, 'base64');
+            const decrypted = crypto.privateDecrypt(privateKey, buffer);
+            resolve(decrypted.toString('utf8'));
+        });
+    }
+    /**
+     * Create digital signature using RSA private key
+     */
+    rsaSign(data, privateKey, algorithm = 'sha256') {
+        return new Promise((resolve, reject) => {
+            const crypto = require('crypto');
+            const sign = crypto.createSign(algorithm);
+            sign.update(data);
+            sign.end();
+            try {
+                const signature = sign.sign(privateKey, 'base64');
+                resolve(signature);
+            }
+            catch (error) {
+                reject(error);
+            }
+        });
+    }
+    /**
+     * Verify digital signature using RSA public key
+     */
+    rsaVerify(data, signature, publicKey, algorithm = 'sha256') {
+        return new Promise((resolve, reject) => {
+            const crypto = require('crypto');
+            const verify = crypto.createVerify(algorithm);
+            verify.update(data);
+            verify.end();
+            try {
+                const isValid = verify.verify(publicKey, signature, 'base64');
+                resolve(isValid);
+            }
+            catch (error) {
+                reject(error);
+            }
+        });
+    }
+}
+exports.CryptoManager = CryptoManager;
+/**
+ * Create a CryptoManager instance with default configuration
+ */
+const createCryptoManager = (config) => {
+    return new CryptoManager(config);
+};
+exports.createCryptoManager = createCryptoManager;
+/**
+ * Default CryptoManager instance
+ */
+exports.cryptoManager = new CryptoManager();

package/packages/security/dist/cjs/core/crypto/decrypt.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export declare const decrypt: (data: string, secret: string) => string;

package/packages/security/dist/cjs/core/crypto/decrypt.js ADDED Viewed

@@ -0,0 +1,21 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decrypt = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const ALGO = 'AES-256-GCM';
+const decrypt = (data, secret) => {
+    const [ivHex, encryptedHex] = data.split(':');
+    const iv = Buffer.from(ivHex, 'hex');
+    const encrypted = Buffer.from(encryptedHex, 'hex');
+    const key = crypto_1.default.createHash('sha256').update(secret).digest();
+    const decipher = crypto_1.default.createDecipheriv(ALGO, key, iv);
+    const decrypted = Buffer.concat([
+        decipher.update(encrypted),
+        decipher.final(),
+    ]);
+    return decrypted.toString('utf8');
+};
+exports.decrypt = decrypt;

package/packages/security/dist/cjs/core/crypto/encrypt.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export declare const encrypt: (text: string, secret: string) => string;

package/packages/security/dist/cjs/core/crypto/encrypt.js ADDED Viewed

@@ -0,0 +1,16 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encrypt = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const ALGO = 'AES-256-GCM';
+const encrypt = (text, secret) => {
+    const key = crypto_1.default.createHash('sha256').update(secret).digest();
+    const iv = crypto_1.default.randomBytes(16);
+    const cipher = crypto_1.default.createCipheriv(ALGO, key, iv);
+    const encrypted = Buffer.concat([cipher.update(text, 'utf8'), cipher.final()]);
+    return `${iv.toString('hex')}:${encrypted.toString('hex')}`;
+};
+exports.encrypt = encrypt;

package/packages/security/dist/cjs/core/crypto/hmac.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Sign message using HMAC SHA-256
+ */
+export declare const hmacSign: (message: string, secret: string) => string;
+/**
+ * Verify HMAC signature
+ */
+export declare const hmacVerify: (message: string, secret: string, signature: string) => boolean;

package/packages/security/dist/cjs/core/crypto/hmac.js ADDED Viewed

@@ -0,0 +1,24 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hmacVerify = exports.hmacSign = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+/**
+ * Sign message using HMAC SHA-256
+ */
+const hmacSign = (message, secret) => {
+    return crypto_1.default.createHmac('sha256', secret).update(message).digest('hex');
+};
+exports.hmacSign = hmacSign;
+/**
+ * Verify HMAC signature
+ */
+const hmacVerify = (message, secret, signature) => {
+    const expected = (0, exports.hmacSign)(message, secret);
+    if (signature.length !== expected.length)
+        return false;
+    return crypto_1.default.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
+};
+exports.hmacVerify = hmacVerify;

package/packages/security/dist/cjs/core/crypto/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export { decrypt } from './decrypt';
+export { encrypt } from './encrypt';
+export { hmacSign, hmacVerify } from './hmac';
+export { randomToken, generateStrongPassword } from './random';
+export * from './cryptoManager';

package/packages/security/dist/cjs/core/crypto/index.js ADDED Viewed

@@ -0,0 +1,28 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateStrongPassword = exports.randomToken = exports.hmacVerify = exports.hmacSign = exports.encrypt = exports.decrypt = void 0;
+var decrypt_1 = require("./decrypt");
+Object.defineProperty(exports, "decrypt", { enumerable: true, get: function () { return decrypt_1.decrypt; } });
+var encrypt_1 = require("./encrypt");
+Object.defineProperty(exports, "encrypt", { enumerable: true, get: function () { return encrypt_1.encrypt; } });
+var hmac_1 = require("./hmac");
+Object.defineProperty(exports, "hmacSign", { enumerable: true, get: function () { return hmac_1.hmacSign; } });
+Object.defineProperty(exports, "hmacVerify", { enumerable: true, get: function () { return hmac_1.hmacVerify; } });
+var random_1 = require("./random");
+Object.defineProperty(exports, "randomToken", { enumerable: true, get: function () { return random_1.randomToken; } });
+Object.defineProperty(exports, "generateStrongPassword", { enumerable: true, get: function () { return random_1.generateStrongPassword; } });
+__exportStar(require("./cryptoManager"), exports);

package/packages/security/dist/cjs/core/crypto/random.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Generate cryptographically secure random string
+ */
+export declare const randomToken: (length?: number) => string;
+/**
+ * Generate a strong random password
+ */
+export declare const generateStrongPassword: (length?: number) => string;

package/packages/security/dist/cjs/core/crypto/random.js ADDED Viewed

@@ -0,0 +1,21 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateStrongPassword = exports.randomToken = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+/**
+ * Generate cryptographically secure random string
+ */
+const randomToken = (length = 32) => {
+    return crypto_1.default.randomBytes(length).toString('hex');
+};
+exports.randomToken = randomToken;
+/**
+ * Generate a strong random password
+ */
+const generateStrongPassword = (length = 16) => {
+    return crypto_1.default.randomBytes(length).toString('hex').slice(0, length);
+};
+exports.generateStrongPassword = generateStrongPassword;

package/packages/security/dist/cjs/core/jwt/decode.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { type JwtPayload } from 'jsonwebtoken';
+/**
+ * Flexible decode
+ * Returns: null | string | JwtPayload
+ * Mirrors jsonwebtoken.decode()
+ */
+export declare function decodeToken(token: string): null | string | JwtPayload;
+/**
+ * Strict decode
+ * Always returns JwtPayload or throws error
+ */
+export declare function decodeTokenStrict(token: string): JwtPayload;

package/packages/security/dist/cjs/core/jwt/decode.js ADDED Viewed

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decodeToken = decodeToken;
+exports.decodeTokenStrict = decodeTokenStrict;
+// src/jwt/decodeToken.ts
+const jsonwebtoken_1 = require("jsonwebtoken");
+/**
+ * Flexible decode
+ * Returns: null | string | JwtPayload
+ * Mirrors jsonwebtoken.decode()
+ */
+function decodeToken(token) {
+    return (0, jsonwebtoken_1.decode)(token);
+}
+/**
+ * Strict decode
+ * Always returns JwtPayload or throws error
+ */
+function decodeTokenStrict(token) {
+    const decoded = (0, jsonwebtoken_1.decode)(token);
+    if (!decoded || typeof decoded === 'string') {
+        throw new Error('Invalid JWT payload structure');
+    }
+    return decoded;
+}

package/packages/security/dist/cjs/core/jwt/extractToken.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+export interface TokenSources {
+    header?: string | undefined | null;
+    cookies?: Record<string, string> | undefined;
+    query?: Record<string, string | undefined> | undefined;
+    body?: Record<string, unknown> | undefined;
+    wsMessage?: string | Record<string, unknown> | undefined;
+}
+/**
+ * Universal token extractor
+ */
+export declare function extractToken(sources: TokenSources): string | null;

package/packages/security/dist/cjs/core/jwt/extractToken.js ADDED Viewed

@@ -0,0 +1,54 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractToken = extractToken;
+/**
+ * Universal token extractor
+ */
+function extractToken(sources) {
+    const { header, cookies, query, body, wsMessage } = sources;
+    // 1. Authorization: Bearer <token>
+    if (header) {
+        const parts = header.split(' ');
+        if (parts.length === 2 && parts[0] === 'Bearer')
+            return parts[1];
+    }
+    // 2. Cookies: token / accessToken
+    if (cookies) {
+        if (cookies['token'])
+            return cookies['token'];
+        if (cookies['accessToken'])
+            return cookies['accessToken'];
+    }
+    // 3. Query params: ?token=xxx
+    if (query?.token)
+        return query.token;
+    // 4. Body: { token: "" }
+    if (body?.token && typeof body.token === 'string')
+        return body.token;
+    // 5. WebSocket message extraction (NEW)
+    if (wsMessage) {
+        try {
+            let msg = wsMessage;
+            // If it's a JSON string → parse safely
+            if (typeof wsMessage === 'string') {
+                msg = JSON.parse(wsMessage);
+            }
+            // Ensure msg is an object before property access
+            if (typeof msg === 'object' && msg !== null) {
+                const m = msg;
+                if (typeof m['token'] === 'string')
+                    return m['token'];
+                const auth = m['auth'];
+                if (typeof auth === 'object' && auth !== null) {
+                    const a = auth;
+                    if (typeof a['token'] === 'string')
+                        return a['token'];
+                }
+            }
+        }
+        catch {
+            // Ignore parse errors gracefully
+        }
+    }
+    return null;
+}

package/packages/security/dist/cjs/core/jwt/generateTokens.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import type { Secret } from 'jsonwebtoken';
+import type { RefreshToken, TokenPair } from './types';
+export declare const generateTokens: (payload: Record<string, unknown>, accessSecret: Secret, refreshSecret: Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => TokenPair;
+export declare function rotateRefreshToken(oldToken: string, secret: Secret): RefreshToken;

package/packages/security/dist/cjs/core/jwt/generateTokens.js ADDED Viewed

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateTokens = void 0;
+exports.rotateRefreshToken = rotateRefreshToken;
+const signToken_1 = require("./signToken");
+const verify_1 = require("./verify");
+// Helper function to create branded tokens
+/* const createBrandedToken = <T extends string>(token: string, _brand: T): T => {
+    return token as T
+} */
+const generateTokens = (payload, accessSecret, refreshSecret, accessExpiry = '15m', refreshExpiry = '7d') => {
+    const accessToken = (0, signToken_1.signToken)(payload, accessSecret, accessExpiry, {
+        algorithm: 'HS256',
+    });
+    const refreshToken = (0, signToken_1.signToken)(payload, refreshSecret, refreshExpiry, {
+        algorithm: 'HS256',
+    });
+    return {
+        accessToken: accessToken,
+        refreshToken: refreshToken,
+    };
+};
+exports.generateTokens = generateTokens;
+function rotateRefreshToken(oldToken, secret) {
+    const decoded = (0, verify_1.verifyToken)(oldToken, secret);
+    if (typeof decoded === 'string') {
+        throw new Error('Invalid token payload — expected JWT payload object');
+    }
+    const payload = { ...decoded };
+    delete payload.iat;
+    delete payload.exp;
+    const newToken = (0, signToken_1.signToken)(payload, secret, '7d');
+    return newToken;
+}

package/packages/security/dist/cjs/core/jwt/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+export * from './decode';
+export * from './extractToken';
+export * from './generateTokens';
+export * from './parseDuration';
+export * from './signToken';
+export * from './types';
+export * from './validateToken';
+export * from './verify';

package/packages/security/dist/cjs/core/jwt/index.js ADDED Viewed

@@ -0,0 +1,24 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./decode"), exports);
+__exportStar(require("./extractToken"), exports);
+__exportStar(require("./generateTokens"), exports);
+__exportStar(require("./parseDuration"), exports);
+__exportStar(require("./signToken"), exports);
+__exportStar(require("./types"), exports);
+__exportStar(require("./validateToken"), exports);
+__exportStar(require("./verify"), exports);