npm - ts-packages - Versions diffs - 2.0.0 → 3.0.0 - Mend

ts-packages 2.0.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (286) hide show

package/packages/security/dist/cjs/core/crypto/cryptoManager.js CHANGED Viewed

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.cryptoManager = exports.createCryptoManager = exports.CryptoManager = void 0;
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
 const index_1 = require("./index");
 /**
  * Default configuration
@@ -34,17 +35,27 @@ class CryptoManager {
      * Encrypt data using the default or specified algorithm
      */
     encrypt(plaintext, key, _options) {
-        // For now, use the basic encrypt function
-        // TODO: Enhance to support different algorithms and options
-        return (0, index_1.encrypt)(plaintext, key);
+        try {
+            return (0, index_1.encrypt)(plaintext, key);
+        }
+        catch (error) {
+            throw new errors_utils_1.CryptoIntegrityError({
+                reason: 'Encryption failed',
+            }, error instanceof Error ? error : undefined);
+        }
     }
     /**
      * Decrypt data using the default or specified algorithm
      */
     decrypt(encryptedData, key, _options) {
-        // For now, use the basic decrypt function
-        // TODO: Enhance to support different algorithms and options
-        return (0, index_1.decrypt)(encryptedData, key);
+        try {
+            return (0, index_1.decrypt)(encryptedData, key);
+        }
+        catch (error) {
+            throw new errors_utils_1.CryptoIntegrityError({
+                reason: 'Decryption failed',
+            }, error instanceof Error ? error : undefined);
+        }
     }
     /**
      * Generate HMAC signature
@@ -74,9 +85,11 @@ class CryptoManager {
     deriveKey(password, salt, iterations = 100000, keyLength = 32) {
         return new Promise((resolve, reject) => {
             const crypto = require('crypto');
-            crypto.pbkdf2(password, salt, iterations, keyLength, 'sha256', (err, derivedKey) => {
-                if (err) {
-                    reject(err);
+            crypto.pbkdf2(password, salt, iterations, keyLength, 'sha256', (error, derivedKey) => {
+                if (error) {
+                    reject(new errors_utils_1.CryptoIntegrityError({
+                        reason: 'Key derivation failed',
+                    }, error instanceof Error ? error : undefined));
                 }
                 else {
                     resolve(derivedKey.toString('hex'));
@@ -146,15 +159,17 @@ class CryptoManager {
     rsaSign(data, privateKey, algorithm = 'sha256') {
         return new Promise((resolve, reject) => {
             const crypto = require('crypto');
-            const sign = crypto.createSign(algorithm);
-            sign.update(data);
-            sign.end();
             try {
+                const sign = crypto.createSign(algorithm);
+                sign.update(data);
+                sign.end();
                 const signature = sign.sign(privateKey, 'base64');
                 resolve(signature);
             }
             catch (error) {
-                reject(error);
+                reject(new errors_utils_1.CryptoIntegrityError({
+                    reason: 'RSA signing failed',
+                }, error instanceof Error ? error : undefined));
             }
         });
     }
@@ -164,15 +179,17 @@ class CryptoManager {
     rsaVerify(data, signature, publicKey, algorithm = 'sha256') {
         return new Promise((resolve, reject) => {
             const crypto = require('crypto');
-            const verify = crypto.createVerify(algorithm);
-            verify.update(data);
-            verify.end();
             try {
+                const verify = crypto.createVerify(algorithm);
+                verify.update(data);
+                verify.end();
                 const isValid = verify.verify(publicKey, signature, 'base64');
                 resolve(isValid);
             }
             catch (error) {
-                reject(error);
+                reject(new errors_utils_1.CryptoIntegrityError({
+                    reason: 'RSA verification failed',
+                }, error instanceof Error ? error : undefined));
             }
         });
     }

package/packages/security/dist/cjs/core/jwt/decode.js CHANGED Viewed

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.decodeToken = decodeToken;
 exports.decodeTokenStrict = decodeTokenStrict;
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
 // src/jwt/decodeToken.ts
 const jsonwebtoken_1 = require("jsonwebtoken");
 /**
@@ -19,7 +20,9 @@ function decodeToken(token) {
 function decodeTokenStrict(token) {
     const decoded = (0, jsonwebtoken_1.decode)(token);
     if (!decoded || typeof decoded === 'string') {
-        throw new Error('Invalid JWT payload structure');
+        throw new errors_utils_1.BadRequestError({
+            reason: 'Invalid JWT payload structure',
+        });
     }
     return decoded;
 }

package/packages/security/dist/cjs/core/jwt/generateTokens.js CHANGED Viewed

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.generateTokens = void 0;
 exports.rotateRefreshToken = rotateRefreshToken;
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
 const signToken_1 = require("./signToken");
 const verify_1 = require("./verify");
 // Helper function to create branded tokens
@@ -24,7 +25,9 @@ exports.generateTokens = generateTokens;
 function rotateRefreshToken(oldToken, secret) {
     const decoded = (0, verify_1.verifyToken)(oldToken, secret);
     if (typeof decoded === 'string') {
-        throw new Error('Invalid token payload — expected JWT payload object');
+        throw new errors_utils_1.TokenMalformedError({
+            reason: 'Invalid token payload — expected JWT payload object',
+        });
     }
     const payload = { ...decoded };
     delete payload.iat;

package/packages/security/dist/cjs/core/jwt/jwtManager.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { type JwtPayload, type Secret } from 'jsonwebtoken';
-import type { AccessToken, ITokenManager, JWTConfig, RefreshToken, TokenPair, TokenValidationOptions } from '../../interfaces/jwt.interface';
+import type { AccessToken, ITokenManager, JWTConfig, RefreshToken, TokenPair } from '../../interfaces/jwt.interface';
 export declare class JWTManager implements ITokenManager {
     private accessSecret;
     private refreshSecret;
@@ -8,60 +8,36 @@ export declare class JWTManager implements ITokenManager {
     private cache?;
     private cacheTTL;
     constructor(config: JWTConfig);
-    /**
-     * Generate both access and refresh tokens
-     */
+    /** Generate both access and refresh tokens */
     generateTokens(payload: Record<string, unknown>): Promise<TokenPair>;
-    /**
-     * Generate access token
-     */
+    /** Generate access token */
     generateAccessToken(payload: Record<string, unknown>): Promise<AccessToken>;
-    /**
-     * Generate refresh token
-     */
+    /** Generate refresh token */
     generateRefreshToken(payload: Record<string, unknown>): Promise<RefreshToken>;
-    /**
-     * Verify access token
-     */
-    verifyAccessToken(token: string): Promise<JwtPayload | string>;
-    /**
-     * Verify refresh token
-     */
-    verifyRefreshToken(token: string): Promise<JwtPayload | string>;
-    /**
-     * Decode token without verification
-     */
+    /** Verify access token */
+    verifyAccessToken(token: string): Promise<JwtPayload>;
+    /** Verify refresh token */
+    verifyRefreshToken(token: string): Promise<JwtPayload>;
+    /** Decode token without verification */
     decodeToken(token: string, complete?: boolean): JwtPayload | string | null;
-    /**
-     * Extract token from Authorization header
-     */
+    /** Extract token from Authorization header */
     extractTokenFromHeader(authHeader: string): string | null;
-    /**
-     * Validate token without throwing exceptions
-     */
-    validateToken(token: string, secret: Secret, _options?: TokenValidationOptions): boolean;
-    /**
-     * Rotate refresh token
-     */
+    /** Validate token without throwing exceptions */
+    validateToken(token: string, secret: Secret): boolean;
+    /** Rotate refresh token */
     rotateRefreshToken(oldToken: string): Promise<RefreshToken>;
-    /**
-     * Check if token is expired
-     */
+    /** Check if token is expired */
     isTokenExpired(token: string): boolean;
-    /**
-     * Get token expiration date
-     */
+    /** Get token expiration date */
     getTokenExpiration(token: string): Date | null;
-    /**
-     * Clear token cache
-     */
+    /** Clear token cache */
     clearCache(): void;
-    /**
-     * Get cache statistics
-     */
+    /** Get cache statistics */
     getCacheStats(): {
         size: number;
         maxSize: number;
     } | null;
+    /** Private helper methods */
     private validatePayload;
+    private verifyTokenWithCache;
 }

package/packages/security/dist/cjs/core/jwt/jwtManager.js CHANGED Viewed

@@ -15,35 +15,26 @@ class JWTManager {
         this.refreshSecret = config.refreshSecret;
         this.accessExpiry = config.accessExpiry || '15m';
         this.refreshExpiry = config.refreshExpiry || '7d';
-        this.cacheTTL = 5 * 60 * 1000; // 5 minutes default TTL
+        this.cacheTTL = 5 * 60 * 1000; // 5 minutes
         if (config.enableCaching) {
             this.cache = new js_extensions_1.LRUCache(config.maxCacheSize || 100);
         }
     }
-    /**
-     * Generate both access and refresh tokens
-     */
+    /** Generate both access and refresh tokens */
     async generateTokens(payload) {
         try {
             this.validatePayload(payload);
             const accessToken = await this.generateAccessToken(payload);
             const refreshToken = await this.generateRefreshToken(payload);
-            return {
-                accessToken,
-                refreshToken,
-            };
+            return { accessToken, refreshToken };
         }
         catch (error) {
-            if (error instanceof errors_utils_1.BadRequestError ||
-                error instanceof errors_utils_1.ValidationError) {
+            if (error instanceof errors_utils_1.BadRequestError || error instanceof errors_utils_1.ValidationError)
                 throw error;
-            }
-            throw new errors_utils_1.BadRequestError('Failed to generate tokens');
+            throw new errors_utils_1.BadRequestError({ reason: 'Failed to generate tokens' }, error instanceof Error ? error : undefined);
         }
     }
-    /**
-     * Generate access token
-     */
+    /** Generate access token */
     async generateAccessToken(payload) {
         try {
             this.validatePayload(payload);
@@ -53,16 +44,12 @@ class JWTManager {
             return token;
         }
         catch (error) {
-            if (error instanceof errors_utils_1.BadRequestError ||
-                error instanceof errors_utils_1.ValidationError) {
+            if (error instanceof errors_utils_1.BadRequestError || error instanceof errors_utils_1.ValidationError)
                 throw error;
-            }
-            throw new errors_utils_1.BadRequestError('Failed to generate access token');
+            throw new errors_utils_1.BadRequestError({ reason: 'Failed to generate access token' }, error instanceof Error ? error : undefined);
         }
     }
-    /**
-     * Generate refresh token
-     */
+    /** Generate refresh token */
     async generateRefreshToken(payload) {
         try {
             this.validatePayload(payload);
@@ -72,232 +59,130 @@ class JWTManager {
             return token;
         }
         catch (error) {
-            if (error instanceof errors_utils_1.BadRequestError ||
-                error instanceof errors_utils_1.ValidationError) {
+            if (error instanceof errors_utils_1.BadRequestError || error instanceof errors_utils_1.ValidationError)
                 throw error;
-            }
-            throw new errors_utils_1.BadRequestError('Failed to generate refresh token');
+            throw new errors_utils_1.BadRequestError({ reason: 'Failed to generate refresh token' }, error instanceof Error ? error : undefined);
         }
     }
-    /**
-     * Verify access token
-     */
+    /** Verify access token */
     async verifyAccessToken(token) {
-        try {
-            if (!token || typeof token !== 'string') {
-                throw new errors_utils_1.ValidationError('Access token must be a non-empty string');
-            }
-            const cacheKey = `access_${token}`;
-            if (this.cache) {
-                const cached = this.cache.get(cacheKey);
-                if (cached && Date.now() - cached.timestamp <= this.cacheTTL) {
-                    if (!cached.valid) {
-                        throw new errors_utils_1.UnauthorizedError('Access token is invalid or expired');
-                    }
-                    return cached.payload;
-                }
-            }
-            const decoded = (0, verify_1.verifyToken)(token, this.accessSecret);
-            if (this.cache) {
-                this.cache.set(cacheKey, {
-                    valid: true,
-                    payload: decoded,
-                    timestamp: Date.now(),
-                });
-            }
-            return decoded;
-        }
-        catch (error) {
-            if (error instanceof errors_utils_1.ValidationError ||
-                error instanceof errors_utils_1.UnauthorizedError) {
-                throw error;
-            }
-            if (error instanceof Error && error.name === 'TokenExpiredError') {
-                throw new errors_utils_1.UnauthorizedError('Access token has expired');
-            }
-            if (error instanceof Error && error.name === 'JsonWebTokenError') {
-                throw new errors_utils_1.UnauthorizedError('Access token is invalid');
-            }
-            throw new errors_utils_1.UnauthorizedError('Failed to verify access token');
-        }
+        return this.verifyTokenWithCache(token, this.accessSecret, 'access');
     }
-    /**
-     * Verify refresh token
-     */
+    /** Verify refresh token */
     async verifyRefreshToken(token) {
-        try {
-            if (!token || typeof token !== 'string') {
-                throw new errors_utils_1.ValidationError('Refresh token must be a non-empty string');
-            }
-            const cacheKey = `refresh_${token}`;
-            if (this.cache) {
-                const cached = this.cache.get(cacheKey);
-                if (cached) {
-                    if (!cached.valid) {
-                        throw new errors_utils_1.UnauthorizedError('Refresh token is invalid or expired');
-                    }
-                    return cached.payload;
-                }
-            }
-            const decoded = (0, verify_1.verifyToken)(token, this.refreshSecret);
-            if (this.cache) {
-                this.cache.set(cacheKey, {
-                    valid: true,
-                    payload: decoded,
-                    timestamp: Date.now(),
-                });
-            }
-            return decoded;
-        }
-        catch (error) {
-            if (error instanceof errors_utils_1.ValidationError ||
-                error instanceof errors_utils_1.UnauthorizedError) {
-                throw error;
-            }
-            if (error instanceof Error && error.name === 'TokenExpiredError') {
-                throw new errors_utils_1.UnauthorizedError('Refresh token has expired');
-            }
-            if (error instanceof Error && error.name === 'JsonWebTokenError') {
-                throw new errors_utils_1.UnauthorizedError('Refresh token is invalid');
-            }
-            throw new errors_utils_1.UnauthorizedError('Failed to verify refresh token');
-        }
+        return this.verifyTokenWithCache(token, this.refreshSecret, 'refresh');
     }
-    /**
-     * Decode token without verification
-     */
+    /** Decode token without verification */
     decodeToken(token, complete = false) {
-        try {
-            if (!token || typeof token !== 'string') {
-                throw new errors_utils_1.ValidationError('Token must be a non-empty string');
-            }
-            return jsonwebtoken_1.default.decode(token, { complete });
-        }
-        catch (error) {
-            if (error instanceof errors_utils_1.ValidationError) {
-                throw error;
-            }
+        if (!token || typeof token !== 'string')
             return null;
-        }
+        return jsonwebtoken_1.default.decode(token, { complete });
     }
-    /**
-     * Extract token from Authorization header
-     */
+    /** Extract token from Authorization header */
     extractTokenFromHeader(authHeader) {
-        try {
-            if (!authHeader || typeof authHeader !== 'string') {
-                return null;
-            }
-            const parts = authHeader.split(' ');
-            if (parts.length !== 2 || parts[0] !== 'Bearer') {
-                return null;
-            }
-            return parts[1];
-        }
-        catch {
+        if (!authHeader || typeof authHeader !== 'string')
             return null;
-        }
+        const parts = authHeader.split(' ');
+        if (parts.length !== 2 || parts[0] !== 'Bearer')
+            return null;
+        return parts[1];
     }
-    /**
-     * Validate token without throwing exceptions
-     */
-    validateToken(token, secret, _options = {}) {
-        try {
-            if (!token || typeof token !== 'string') {
-                return false;
-            }
-            const result = (0, verify_1.safeVerifyToken)(token, secret);
-            return result.valid;
-        }
-        catch {
+    /** Validate token without throwing exceptions */
+    validateToken(token, secret) {
+        if (!token || typeof token !== 'string')
             return false;
-        }
+        return (0, verify_1.safeVerifyToken)(token, secret).valid;
     }
-    /**
-     * Rotate refresh token
-     */
+    /** Rotate refresh token */
     async rotateRefreshToken(oldToken) {
-        try {
-            if (!oldToken || typeof oldToken !== 'string') {
-                throw new errors_utils_1.ValidationError('Old refresh token must be a non-empty string');
-            }
-            const decoded = await this.verifyRefreshToken(oldToken);
-            if (typeof decoded === 'string') {
-                throw new errors_utils_1.ValidationError('Invalid token payload — expected JWT payload object');
-            }
-            // Create new payload without issued/expired timestamps
-            const payload = { ...decoded };
-            delete payload.iat;
-            delete payload.exp;
-            // Generate new refresh token
-            const newToken = (0, signToken_1.signToken)(payload, this.refreshSecret, this.refreshExpiry);
-            return newToken;
-        }
-        catch (error) {
-            if (error instanceof errors_utils_1.ValidationError ||
-                error instanceof errors_utils_1.UnauthorizedError) {
-                throw error;
-            }
-            throw new errors_utils_1.BadRequestError('Failed to rotate refresh token');
+        if (!oldToken || typeof oldToken !== 'string') {
+            throw new errors_utils_1.ValidationError({
+                reason: 'Old refresh token must be a non-empty string',
+            });
         }
+        const decoded = await this.verifyRefreshToken(oldToken);
+        const payload = { ...decoded };
+        delete payload.iat;
+        delete payload.exp;
+        const newToken = (0, signToken_1.signToken)(payload, this.refreshSecret, this.refreshExpiry);
+        return newToken;
     }
-    /**
-     * Check if token is expired
-     */
+    /** Check if token is expired */
     isTokenExpired(token) {
         try {
             const decoded = this.decodeToken(token);
-            if (!decoded || !decoded.exp) {
+            if (!decoded || !decoded.exp)
                 return true;
-            }
-            const currentTime = Math.floor(Date.now() / 1000);
-            return decoded.exp < currentTime;
+            return decoded.exp < Math.floor(Date.now() / 1000);
         }
         catch {
             return true;
         }
     }
-    /**
-     * Get token expiration date
-     */
+    /** Get token expiration date */
     getTokenExpiration(token) {
         try {
             const decoded = this.decodeToken(token);
-            if (!decoded || !decoded.exp) {
+            if (!decoded || !decoded.exp)
                 return null;
-            }
             return new Date(decoded.exp * 1000);
         }
         catch {
             return null;
         }
     }
-    /**
-     * Clear token cache
-     */
+    /** Clear token cache */
     clearCache() {
         this.cache?.clear();
     }
-    /**
-     * Get cache statistics
-     */
+    /** Get cache statistics */
     getCacheStats() {
         if (!this.cache)
             return null;
-        // Note: LRUCache doesn't expose internal size, so we return maxSize only
-        return {
-            size: -1, // Size not available from LRUCache
-            maxSize: this.cache.maxSize,
-        };
+        return { size: -1, maxSize: this.cache.maxSize };
     }
-    // Private helper methods
+    /** Private helper methods */
     validatePayload(payload) {
         if (!payload || typeof payload !== 'object') {
-            throw new errors_utils_1.ValidationError('Payload must be a non-null object');
+            throw new errors_utils_1.ValidationError({
+                reason: 'Payload must be a non-null object',
+            });
         }
         if (Object.keys(payload).length === 0) {
-            throw new errors_utils_1.ValidationError('Payload cannot be empty');
+            throw new errors_utils_1.ValidationError({ reason: 'Payload cannot be empty' });
+        }
+    }
+    async verifyTokenWithCache(token, secret, type) {
+        if (!token || typeof token !== 'string') {
+            throw new errors_utils_1.ValidationError({
+                reason: `${type} token must be a non-empty string`,
+            });
+        }
+        const cacheKey = `${type}_${token}`;
+        if (this.cache) {
+            const cached = this.cache.get(cacheKey);
+            if (cached && Date.now() - cached.timestamp <= this.cacheTTL) {
+                if (!cached.valid)
+                    throw new errors_utils_1.UnauthorizedError({
+                        reason: `${type} token is invalid or expired`,
+                    });
+                return cached.payload;
+            }
+        }
+        const { valid, payload, error } = (0, verify_1.safeVerifyToken)(token, secret);
+        if (!valid || !payload || typeof payload === 'string') {
+            this.cache?.set(cacheKey, {
+                valid: false,
+                payload: {},
+                timestamp: Date.now(),
+            });
+            throw new errors_utils_1.UnauthorizedError({
+                reason: `${type} token is invalid or expired`,
+                cause: error,
+            });
         }
+        this.cache?.set(cacheKey, { valid: true, payload, timestamp: Date.now() });
+        return payload;
     }
 }
 exports.JWTManager = JWTManager;

package/packages/security/dist/cjs/core/jwt/parseDuration.js CHANGED Viewed

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.parseDuration = parseDuration;
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
 const TIME_UNITS = {
     s: 1,
     m: 60,
@@ -18,12 +19,12 @@ function parseDuration(input) {
         const value = Number.parseInt(match[1], 10);
         const unit = match[2].toLowerCase();
         if (!TIME_UNITS[unit]) {
-            throw new Error(`Invalid time unit: ${unit}`);
+            throw new errors_utils_1.ValidationError({ reason: `Invalid time unit: ${unit}` });
         }
         totalSeconds += value * TIME_UNITS[unit];
     }
     if (totalSeconds === 0) {
-        throw new Error(`Invalid expiry format: "${input}"`);
+        throw new errors_utils_1.ValidationError({ reason: `Invalid expiry format: "${input}"` });
     }
     return totalSeconds;
 }

package/packages/security/dist/cjs/core/jwt/signToken.js CHANGED Viewed

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.signToken = void 0;
+const errors_utils_1 = require("@naman_deep_singh/errors-utils");
 const jsonwebtoken_1 = require("jsonwebtoken");
 const parseDuration_1 = require("./parseDuration");
 function getExpiryTimestamp(seconds) {
@@ -9,7 +10,7 @@ function getExpiryTimestamp(seconds) {
 const signToken = (payload, secret, expiresIn = '1h', options = {}) => {
     const seconds = (0, parseDuration_1.parseDuration)(expiresIn);
     if (!seconds || seconds < 10) {
-        throw new Error('Token expiry too small');
+        throw new errors_utils_1.ValidationError({ reason: 'Token expiry too small' });
     }
     const tokenPayload = {
         ...payload,

package/packages/security/dist/cjs/core/jwt/validateToken.d.ts CHANGED Viewed

@@ -1,13 +1,16 @@
-import type { JwtPayload } from 'node_modules/@types/jsonwebtoken';
+import type { JwtPayload } from 'jsonwebtoken';
 export interface TokenRequirements {
     requiredFields?: string[];
     forbiddenFields?: string[];
     validateTypes?: Record<string, 'string' | 'number' | 'boolean'>;
 }
-export declare function validateTokenPayload(payload: Record<string, unknown>, rules?: TokenRequirements): {
-    valid: true;
-} | {
-    valid: false;
-    error: string;
-};
+/**
+ * Validates a JWT payload according to the provided rules.
+ * Throws ValidationError if validation fails.
+ */
+export declare function validateTokenPayload(payload: Record<string, unknown>, rules?: TokenRequirements): void;
+/**
+ * Checks if a JWT payload is expired.
+ * Returns true if expired or missing 'exp'.
+ */
 export declare function isTokenExpired(payload: JwtPayload): boolean;