npm - ts-packages - Versions diffs - 2.0.0 → 3.0.0 - Mend

ts-packages 2.0.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (286) hide show

package/packages/security/src/core/jwt/jwtManager.ts CHANGED Viewed

@@ -6,10 +6,9 @@ import type {
 	JWTConfig,
 	RefreshToken,
 	TokenPair,
-	TokenValidationOptions,
 } from '../../interfaces/jwt.interface'
 import { signToken } from './signToken'
-import { safeVerifyToken, verifyToken } from './verify'
+import { safeVerifyToken } from './verify'
 import {
 	BadRequestError,
@@ -25,7 +24,7 @@ export class JWTManager implements ITokenManager {
 	private refreshExpiry: string | number
 	private cache?: LRUCache<
 		string,
-		{ valid: boolean; payload: JwtPayload | string; timestamp: number }
+		{ valid: boolean; payload: JwtPayload; timestamp: number }
 	>
 	private cacheTTL: number
@@ -34,16 +33,14 @@ export class JWTManager implements ITokenManager {
 		this.refreshSecret = config.refreshSecret
 		this.accessExpiry = config.accessExpiry || '15m'
 		this.refreshExpiry = config.refreshExpiry || '7d'
-		this.cacheTTL = 5 * 60 * 1000 // 5 minutes default TTL
+		this.cacheTTL = 5 * 60 * 1000 // 5 minutes
 		if (config.enableCaching) {
 			this.cache = new LRUCache(config.maxCacheSize || 100)
 		}
 	}
-	/**
-	 * Generate both access and refresh tokens
-	 */
+	/** Generate both access and refresh tokens */
 	async generateTokens(payload: Record<string, unknown>): Promise<TokenPair> {
 		try {
 			this.validatePayload(payload)
@@ -51,335 +48,186 @@ export class JWTManager implements ITokenManager {
 			const accessToken = await this.generateAccessToken(payload)
 			const refreshToken = await this.generateRefreshToken(payload)
-			return {
-				accessToken,
-				refreshToken,
-			}
+			return { accessToken, refreshToken }
 		} catch (error) {
-			if (
-				error instanceof BadRequestError ||
-				error instanceof ValidationError
-			) {
+			if (error instanceof BadRequestError || error instanceof ValidationError)
 				throw error
-			}
-			throw new BadRequestError('Failed to generate tokens')
+			throw new BadRequestError(
+				{ reason: 'Failed to generate tokens' },
+				error instanceof Error ? error : undefined,
+			)
 		}
 	}
-	/**
-	 * Generate access token
-	 */
+	/** Generate access token */
 	async generateAccessToken(
 		payload: Record<string, unknown>,
 	): Promise<AccessToken> {
 		try {
 			this.validatePayload(payload)
 			const token = signToken(payload, this.accessSecret, this.accessExpiry, {
 				algorithm: 'HS256',
 			})
 			return token as unknown as AccessToken
 		} catch (error) {
-			if (
-				error instanceof BadRequestError ||
-				error instanceof ValidationError
-			) {
+			if (error instanceof BadRequestError || error instanceof ValidationError)
 				throw error
-			}
-			throw new BadRequestError('Failed to generate access token')
+			throw new BadRequestError(
+				{ reason: 'Failed to generate access token' },
+				error instanceof Error ? error : undefined,
+			)
 		}
 	}
-	/**
-	 * Generate refresh token
-	 */
+	/** Generate refresh token */
 	async generateRefreshToken(
 		payload: Record<string, unknown>,
 	): Promise<RefreshToken> {
 		try {
 			this.validatePayload(payload)
 			const token = signToken(payload, this.refreshSecret, this.refreshExpiry, {
 				algorithm: 'HS256',
 			})
 			return token as unknown as RefreshToken
 		} catch (error) {
-			if (
-				error instanceof BadRequestError ||
-				error instanceof ValidationError
-			) {
+			if (error instanceof BadRequestError || error instanceof ValidationError)
 				throw error
-			}
-			throw new BadRequestError('Failed to generate refresh token')
+			throw new BadRequestError(
+				{ reason: 'Failed to generate refresh token' },
+				error instanceof Error ? error : undefined,
+			)
 		}
 	}
-	/**
-	 * Verify access token
-	 */
-	async verifyAccessToken(token: string): Promise<JwtPayload | string> {
-		try {
-			if (!token || typeof token !== 'string') {
-				throw new ValidationError('Access token must be a non-empty string')
-			}
-			const cacheKey = `access_${token}`
-			if (this.cache) {
-				const cached = this.cache.get(cacheKey)
-				if (cached && Date.now() - cached.timestamp <= this.cacheTTL) {
-					if (!cached.valid) {
-						throw new UnauthorizedError('Access token is invalid or expired')
-					}
-					return cached.payload
-				}
-			}
-			const decoded = verifyToken(token, this.accessSecret)
-			if (this.cache) {
-				this.cache.set(cacheKey, {
-					valid: true,
-					payload: decoded,
-					timestamp: Date.now(),
-				})
-			}
-			return decoded
-		} catch (error) {
-			if (
-				error instanceof ValidationError ||
-				error instanceof UnauthorizedError
-			) {
-				throw error
-			}
-			if (error instanceof Error && error.name === 'TokenExpiredError') {
-				throw new UnauthorizedError('Access token has expired')
-			}
-			if (error instanceof Error && error.name === 'JsonWebTokenError') {
-				throw new UnauthorizedError('Access token is invalid')
-			}
-			throw new UnauthorizedError('Failed to verify access token')
-		}
+	/** Verify access token */
+	async verifyAccessToken(token: string): Promise<JwtPayload> {
+		return this.verifyTokenWithCache(token, this.accessSecret, 'access')
 	}
-	/**
-	 * Verify refresh token
-	 */
-	async verifyRefreshToken(token: string): Promise<JwtPayload | string> {
-		try {
-			if (!token || typeof token !== 'string') {
-				throw new ValidationError('Refresh token must be a non-empty string')
-			}
-			const cacheKey = `refresh_${token}`
-			if (this.cache) {
-				const cached = this.cache.get(cacheKey)
-				if (cached) {
-					if (!cached.valid) {
-						throw new UnauthorizedError('Refresh token is invalid or expired')
-					}
-					return cached.payload
-				}
-			}
-			const decoded = verifyToken(token, this.refreshSecret)
-			if (this.cache) {
-				this.cache.set(cacheKey, {
-					valid: true,
-					payload: decoded,
-					timestamp: Date.now(),
-				})
-			}
-			return decoded
-		} catch (error) {
-			if (
-				error instanceof ValidationError ||
-				error instanceof UnauthorizedError
-			) {
-				throw error
-			}
-			if (error instanceof Error && error.name === 'TokenExpiredError') {
-				throw new UnauthorizedError('Refresh token has expired')
-			}
-			if (error instanceof Error && error.name === 'JsonWebTokenError') {
-				throw new UnauthorizedError('Refresh token is invalid')
-			}
-			throw new UnauthorizedError('Failed to verify refresh token')
-		}
+	/** Verify refresh token */
+	async verifyRefreshToken(token: string): Promise<JwtPayload> {
+		return this.verifyTokenWithCache(token, this.refreshSecret, 'refresh')
 	}
-	/**
-	 * Decode token without verification
-	 */
+	/** Decode token without verification */
 	decodeToken(token: string, complete = false): JwtPayload | string | null {
-		try {
-			if (!token || typeof token !== 'string') {
-				throw new ValidationError('Token must be a non-empty string')
-			}
-			return jwt.decode(token, { complete }) as JwtPayload | string | null
-		} catch (error) {
-			if (error instanceof ValidationError) {
-				throw error
-			}
-			return null
-		}
+		if (!token || typeof token !== 'string') return null
+		return jwt.decode(token, { complete }) as JwtPayload | string | null
 	}
-	/**
-	 * Extract token from Authorization header
-	 */
+	/** Extract token from Authorization header */
 	extractTokenFromHeader(authHeader: string): string | null {
-		try {
-			if (!authHeader || typeof authHeader !== 'string') {
-				return null
-			}
-			const parts = authHeader.split(' ')
-			if (parts.length !== 2 || parts[0] !== 'Bearer') {
-				return null
-			}
-			return parts[1]
-		} catch {
-			return null
-		}
+		if (!authHeader || typeof authHeader !== 'string') return null
+		const parts = authHeader.split(' ')
+		if (parts.length !== 2 || parts[0] !== 'Bearer') return null
+		return parts[1]
 	}
-	/**
-	 * Validate token without throwing exceptions
-	 */
-	validateToken(
-		token: string,
-		secret: Secret,
-		_options: TokenValidationOptions = {},
-	): boolean {
-		try {
-			if (!token || typeof token !== 'string') {
-				return false
-			}
-			const result = safeVerifyToken(token, secret)
-			return result.valid
-		} catch {
-			return false
-		}
+	/** Validate token without throwing exceptions */
+	validateToken(token: string, secret: Secret): boolean {
+		if (!token || typeof token !== 'string') return false
+		return safeVerifyToken(token, secret).valid
 	}
-	/**
-	 * Rotate refresh token
-	 */
+	/** Rotate refresh token */
 	async rotateRefreshToken(oldToken: string): Promise<RefreshToken> {
-		try {
-			if (!oldToken || typeof oldToken !== 'string') {
-				throw new ValidationError(
-					'Old refresh token must be a non-empty string',
-				)
-			}
-			const decoded = await this.verifyRefreshToken(oldToken)
-			if (typeof decoded === 'string') {
-				throw new ValidationError(
-					'Invalid token payload — expected JWT payload object',
-				)
-			}
-			// Create new payload without issued/expired timestamps
-			const payload: JwtPayload = { ...decoded }
-			delete payload.iat
-			delete payload.exp
+		if (!oldToken || typeof oldToken !== 'string') {
+			throw new ValidationError({
+				reason: 'Old refresh token must be a non-empty string',
+			})
+		}
-			// Generate new refresh token
-			const newToken = signToken(
-				payload,
-				this.refreshSecret,
-				this.refreshExpiry,
-			)
+		const decoded = await this.verifyRefreshToken(oldToken)
+		const payload: JwtPayload = { ...decoded }
+		delete payload.iat
+		delete payload.exp
-			return newToken as unknown as RefreshToken
-		} catch (error) {
-			if (
-				error instanceof ValidationError ||
-				error instanceof UnauthorizedError
-			) {
-				throw error
-			}
-			throw new BadRequestError('Failed to rotate refresh token')
-		}
+		const newToken = signToken(payload, this.refreshSecret, this.refreshExpiry)
+		return newToken as unknown as RefreshToken
 	}
-	/**
-	 * Check if token is expired
-	 */
+	/** Check if token is expired */
 	isTokenExpired(token: string): boolean {
 		try {
 			const decoded = this.decodeToken(token) as JwtPayload | null
-			if (!decoded || !decoded.exp) {
-				return true
-			}
-			const currentTime = Math.floor(Date.now() / 1000)
-			return decoded.exp < currentTime
+			if (!decoded || !decoded.exp) return true
+			return decoded.exp < Math.floor(Date.now() / 1000)
 		} catch {
 			return true
 		}
 	}
-	/**
-	 * Get token expiration date
-	 */
+	/** Get token expiration date */
 	getTokenExpiration(token: string): Date | null {
 		try {
 			const decoded = this.decodeToken(token) as JwtPayload | null
-			if (!decoded || !decoded.exp) {
-				return null
-			}
+			if (!decoded || !decoded.exp) return null
 			return new Date(decoded.exp * 1000)
 		} catch {
 			return null
 		}
 	}
-	/**
-	 * Clear token cache
-	 */
+	/** Clear token cache */
 	clearCache(): void {
 		this.cache?.clear()
 	}
-	/**
-	 * Get cache statistics
-	 */
+	/** Get cache statistics */
 	getCacheStats(): { size: number; maxSize: number } | null {
 		if (!this.cache) return null
-		// Note: LRUCache doesn't expose internal size, so we return maxSize only
-		return {
-			size: -1, // Size not available from LRUCache
-			maxSize: (this.cache as any).maxSize,
-		}
+		return { size: -1, maxSize: (this.cache as any).maxSize }
 	}
-	// Private helper methods
+	/** Private helper methods */
 	private validatePayload(payload: Record<string, unknown>): void {
 		if (!payload || typeof payload !== 'object') {
-			throw new ValidationError('Payload must be a non-null object')
+			throw new ValidationError({
+				reason: 'Payload must be a non-null object',
+			})
 		}
 		if (Object.keys(payload).length === 0) {
-			throw new ValidationError('Payload cannot be empty')
+			throw new ValidationError({ reason: 'Payload cannot be empty' })
 		}
 	}
+	private async verifyTokenWithCache(
+		token: string,
+		secret: Secret,
+		type: 'access' | 'refresh',
+	): Promise<JwtPayload> {
+		if (!token || typeof token !== 'string') {
+			throw new ValidationError({
+				reason: `${type} token must be a non-empty string`,
+			})
+		}
+		const cacheKey = `${type}_${token}`
+		if (this.cache) {
+			const cached = this.cache.get(cacheKey)
+			if (cached && Date.now() - cached.timestamp <= this.cacheTTL) {
+				if (!cached.valid)
+					throw new UnauthorizedError({
+						reason: `${type} token is invalid or expired`,
+					})
+				return cached.payload
+			}
+		}
+		const { valid, payload, error } = safeVerifyToken(token, secret)
+		if (!valid || !payload || typeof payload === 'string') {
+			this.cache?.set(cacheKey, {
+				valid: false,
+				payload: {} as JwtPayload,
+				timestamp: Date.now(),
+			})
+			throw new UnauthorizedError({
+				reason: `${type} token is invalid or expired`,
+				cause: error,
+			})
+		}
+		this.cache?.set(cacheKey, { valid: true, payload, timestamp: Date.now() })
+		return payload
+	}
 }

package/packages/security/src/core/jwt/parseDuration.ts CHANGED Viewed

@@ -1,3 +1,5 @@
+import { ValidationError } from '@naman_deep_singh/errors-utils'
 const TIME_UNITS: Record<string, number> = {
 	s: 1,
 	m: 60,
@@ -18,14 +20,14 @@ export function parseDuration(input: string | number): number {
 		const unit = match[2].toLowerCase()
 		if (!TIME_UNITS[unit]) {
-			throw new Error(`Invalid time unit: ${unit}`)
+			throw new ValidationError({ reason: `Invalid time unit: ${unit}` })
 		}
 		totalSeconds += value * TIME_UNITS[unit]
 	}
 	if (totalSeconds === 0) {
-		throw new Error(`Invalid expiry format: "${input}"`)
+		throw new ValidationError({ reason: `Invalid expiry format: "${input}"` })
 	}
 	return totalSeconds

package/packages/security/src/core/jwt/signToken.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+import { ValidationError } from '@naman_deep_singh/errors-utils'
 import { type Secret, type SignOptions, sign } from 'jsonwebtoken'
 import { parseDuration } from './parseDuration'
@@ -14,7 +15,7 @@ export const signToken = (
 	const seconds = parseDuration(expiresIn)
 	if (!seconds || seconds < 10) {
-		throw new Error('Token expiry too small')
+		throw new ValidationError({ reason: 'Token expiry too small' })
 	}
 	const tokenPayload = {

package/packages/security/src/core/jwt/validateToken.ts CHANGED Viewed

@@ -1,4 +1,5 @@
-import type { JwtPayload } from 'node_modules/@types/jsonwebtoken'
+import { ValidationError } from '@naman_deep_singh/errors-utils'
+import type { JwtPayload } from 'jsonwebtoken'
 export interface TokenRequirements {
 	requiredFields?: string[]
@@ -6,12 +7,14 @@ export interface TokenRequirements {
 	validateTypes?: Record<string, 'string' | 'number' | 'boolean'>
 }
+/**
+ * Validates a JWT payload according to the provided rules.
+ * Throws ValidationError if validation fails.
+ */
 export function validateTokenPayload(
 	payload: Record<string, unknown>,
-	rules: TokenRequirements = {
-		requiredFields: ['exp', 'iat'],
-	},
-): { valid: true } | { valid: false; error: string } {
+	rules: TokenRequirements = { requiredFields: ['exp', 'iat'] },
+): void {
 	const {
 		requiredFields = [],
 		forbiddenFields = [],
@@ -21,14 +24,18 @@ export function validateTokenPayload(
 	// 1. Required fields
 	for (const field of requiredFields) {
 		if (!(field in payload)) {
-			return { valid: false, error: `Missing required field: ${field}` }
+			throw new ValidationError({
+				reason: `Missing required field: ${field}`,
+			})
 		}
 	}
 	// 2. Forbidden fields
 	for (const field of forbiddenFields) {
 		if (field in payload) {
-			return { valid: false, error: `Forbidden field in token: ${field}` }
+			throw new ValidationError({
+				reason: `Forbidden field in token: ${field}`,
+			})
 		}
 	}
@@ -36,16 +43,17 @@ export function validateTokenPayload(
 	for (const key in validateTypes) {
 		const expectedType = validateTypes[key]
 		if (key in payload && typeof payload[key] !== expectedType) {
-			return {
-				valid: false,
-				error: `Invalid type for ${key}. Expected ${expectedType}.`,
-			}
+			throw new ValidationError({
+				reason: `Invalid type for ${key}. Expected ${expectedType}, got ${typeof payload[key]}`,
+			})
 		}
 	}
-	return { valid: true }
 }
+/**
+ * Checks if a JWT payload is expired.
+ * Returns true if expired or missing 'exp'.
+ */
 export function isTokenExpired(payload: JwtPayload): boolean {
 	if (!payload.exp) return true
 	return Date.now() >= payload.exp * 1000