vortez 5.0.0-dev.15 → 5.0.0-dev.16

package/build/Template.d.ts

@@ -1,5 +1,5 @@
 /**
- * @author NetFeez <codefeez.dev@gmail.com>
+ * @author NetFeez <netfeez.dev@gmail.com>
  * @description Add the HNetFeez-Labs template engine to the Vortez.
  * @license Apache-2.0
  */

package/build/Template.js

@@ -1,5 +1,5 @@
 /**
- * @author NetFeez <codefeez.dev@gmail.com>
+ * @author NetFeez <netfeez.dev@gmail.com>
  * @description Add the HNetFeez-Labs template engine to the Vortez.
  * @license Apache-2.0
  */

package/build/Vortez.d.ts

@@ -1,5 +1,5 @@
 /**
- * @author NetFeez <codefeez.dev@gmail.com>
+ * @author NetFeez <netfeez.dev@gmail.com>
  * @description Provides the Vortez functionalities and utilities for building robust applications.
  * @module NetFeez-Labs.Vortez
  * @license Apache-2.0

package/build/Vortez.js

@@ -1,5 +1,5 @@
 /**
- * @author NetFeez <codefeez.dev@gmail.com>
+ * @author NetFeez <netfeez.dev@gmail.com>
  * @description Provides the Vortez functionalities and utilities for building robust applications.
  * @module NetFeez-Labs.Vortez
  * @license Apache-2.0

package/build/beta/Beta.d.ts

@@ -1,8 +1,8 @@
 /**
- * @author NetFeez <codefeez.dev@gmail.com>
+ * @author NetFeez <netfeez.dev@gmail.com>
  * @description Provides the beta functions and utilities.
  * @module NetFeez-Labs.Vortez
  * @license Apache-2.0
  */
-export { JwtManager } from './JwtManager.js';
+export { JwtManager } from './JwtManager/JwtManager.js';
 export { Mail } from './Mail.js';

package/build/beta/Beta.js

@@ -1,9 +1,9 @@
 /**
- * @author NetFeez <codefeez.dev@gmail.com>
+ * @author NetFeez <netfeez.dev@gmail.com>
  * @description Provides the beta functions and utilities.
  * @module NetFeez-Labs.Vortez
  * @license Apache-2.0
  */
-export { JwtManager } from './JwtManager.js';
+export { JwtManager } from './JwtManager/JwtManager.js';
 export { Mail } from './Mail.js';
 //# sourceMappingURL=Beta.js.map

package/build/beta/Beta.js.map

@@ -1 +1 @@
-{"version":3,"file":"Beta.js","sourceRoot":"","sources":["../../src/beta/Beta.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC"}
+{"version":3,"file":"Beta.js","sourceRoot":"","sources":["../../src/beta/Beta.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC"}

package/build/beta/JwtManager/Jwt.d.ts

@@ -0,0 +1,32 @@
+import type JwtManager from './JwtManager.js';
+export declare class Jwt implements Jwt.Jwt {
+    readonly header: Jwt.Header;
+    readonly payload: Jwt.Payload;
+    readonly signature: string;
+    protected readonly manager: JwtManager;
+    constructor(header: Jwt.Header, payload: Jwt.Payload, signature: string, manager: JwtManager);
+    /**
+     * Checks if the JWT has expired based on the `exp` claim in the payload. If the `exp` claim is not present, it returns `false`, indicating that the token is not considered expired. If the `exp` claim is present, it compares the current time (in seconds since the Unix epoch) with the expiration time specified in the `exp` claim and returns `true` if the token has expired, or `false` otherwise.
+     * @returns `true` if the JWT has expired; otherwise, `false`.
+     */
+    expired(): boolean;
+    toJSON(): Jwt.Jwt;
+    toString(): string;
+}
+export declare namespace Jwt {
+    interface Jwt {
+        header: Header;
+        payload: Payload;
+        signature: string;
+    }
+    interface Header {
+        alg: JwtManager.AlgorithmName;
+        typ: 'jwt';
+        exp?: number;
+        [key: string]: any;
+    }
+    interface Payload {
+        [key: string]: any;
+    }
+}
+export default Jwt;

package/build/beta/JwtManager/Jwt.js

@@ -0,0 +1,33 @@
+import JwtUtils from './JwtUtils.js';
+export class Jwt {
+    header;
+    payload;
+    signature;
+    manager;
+    constructor(header, payload, signature, manager) {
+        this.header = header;
+        this.payload = payload;
+        this.signature = signature;
+        this.manager = manager;
+    }
+    /**
+     * Checks if the JWT has expired based on the `exp` claim in the payload. If the `exp` claim is not present, it returns `false`, indicating that the token is not considered expired. If the `exp` claim is present, it compares the current time (in seconds since the Unix epoch) with the expiration time specified in the `exp` claim and returns `true` if the token has expired, or `false` otherwise.
+     * @returns `true` if the JWT has expired; otherwise, `false`.
+     */
+    expired() {
+        if (!this.header.exp)
+            return false;
+        const now = Math.floor(Date.now() / 1000);
+        return now >= this.header.exp;
+    }
+    toJSON() {
+        return { header: this.header, payload: this.payload, signature: this.signature };
+    }
+    toString() {
+        const encodedHeader = JwtUtils.objectToBase64Url(this.header);
+        const encodedPayload = JwtUtils.objectToBase64Url(this.payload);
+        return `${encodedHeader}.${encodedPayload}.${this.signature}`;
+    }
+}
+export default Jwt;
+//# sourceMappingURL=Jwt.js.map

package/build/beta/JwtManager/Jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Jwt.js","sourceRoot":"","sources":["../../../src/beta/JwtManager/Jwt.ts"],"names":[],"mappings":"AAEA,OAAO,QAAQ,MAAM,eAAe,CAAC;AAErC,MAAM,OAAO,GAAG;IAEQ;IACA;IACA;IACG;IAJvB,YACoB,MAAkB,EAClB,OAAoB,EACpB,SAAiB,EACd,OAAmB;QAHtB,WAAM,GAAN,MAAM,CAAY;QAClB,YAAO,GAAP,OAAO,CAAa;QACpB,cAAS,GAAT,SAAS,CAAQ;QACd,YAAO,GAAP,OAAO,CAAY;IACvC,CAAC;IACJ;;;OAGG;IACI,OAAO;QACV,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG;YAAE,OAAO,KAAK,CAAC;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,OAAO,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;IAClC,CAAC;IAEM,MAAM;QACT,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;IACrF,CAAC;IACM,QAAQ;QACX,MAAM,aAAa,GAAG,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,cAAc,GAAG,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChE,OAAO,GAAG,aAAa,IAAI,cAAc,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;IAClE,CAAC;CACJ;AAiBD,eAAe,GAAG,CAAC"}

package/build/beta/JwtManager/JwtManager.d.ts

@@ -0,0 +1,49 @@
+import RSA from "./algorithm/RSA.js";
+import HMAC from "./algorithm/HMAC.js";
+import ECDSA from "./algorithm/ECDSA.js";
+import RSAPSS from "./algorithm/RSAPSS.js";
+import _KeyGenerator from "./KeyGenerator.js";
+import _JwtUtils from "./JwtUtils.js";
+import _Algorithm from "./algorithm/Algorithm.js";
+import _Jwt from "./Jwt.js";
+export { KeyGenerator } from "./KeyGenerator.js";
+export { Algorithm } from "./algorithm/Algorithm.js";
+export { JwtUtils } from "./JwtUtils.js";
+export { Jwt } from "./Jwt.js";
+export declare const AlgorithmMap: {
+    HS: typeof HMAC;
+    RS: typeof RSA;
+    PS: typeof RSAPSS;
+    ES: typeof ECDSA;
+};
+export declare class JwtManager {
+    readonly algorithmName: JwtManager.AlgorithmName;
+    protected readonly algorithm: JwtManager.Algorithm;
+    constructor(algorithmName: JwtManager.AlgorithmName, key: JwtManager.Algorithm.Key | JwtManager.Algorithm.KeyOptions);
+    /**
+     * Signs the given payload with the specified header using the configured algorithm and key.
+     * @param payload The payload to be signed, represented as a JavaScript object.
+     * @param header The header to be included in the JWT, represented as a JavaScript object. The `alg` property will be automatically set based on the manager's algorithm.
+     * @returns The complete JWT as a string, consisting of the base64url-encoded header, payload, and signature.
+     */
+    sign(payload: JwtManager.Jwt.Payload, header: Partial<JwtManager.Jwt.Header>): string;
+    parse(token: string): JwtManager.Jwt;
+    toJSON(): object;
+    toString(): string;
+    /**
+     * Determines the appropriate algorithm class based on the provided options and creates an instance of it.
+     * @param algorithm The name of the algorithm to be used for signing and verifying JWTs (e.g., "HS256", "RS384", "ES512").
+     * @param key The secret key or private key to be used for signing and verifying JWTs.
+     * @returns An instance of the corresponding Algorithm subclass.
+     */
+    protected static getAlgorithm(algorithm: JwtManager.AlgorithmName, key: JwtManager.Algorithm.Key | JwtManager.Algorithm.KeyOptions): JwtManager.Algorithm;
+}
+export declare namespace JwtManager {
+    export import Algorithm = _Algorithm;
+    export import KeyGenerator = _KeyGenerator;
+    export import JwtUtils = _JwtUtils;
+    export import Jwt = _Jwt;
+    type AlgPrefix = 'HS' | 'RS' | 'ES' | 'PS';
+    type AlgorithmName = `${AlgPrefix}${JwtManager.Algorithm.HashLength}`;
+}
+export default JwtManager;

package/build/beta/JwtManager/JwtManager.js

@@ -0,0 +1,74 @@
+import RSA from "./algorithm/RSA.js";
+import HMAC from "./algorithm/HMAC.js";
+import ECDSA from "./algorithm/ECDSA.js";
+import RSAPSS from "./algorithm/RSAPSS.js";
+import _KeyGenerator from "./KeyGenerator.js";
+import _JwtUtils from "./JwtUtils.js";
+import _Algorithm from "./algorithm/Algorithm.js";
+import _Jwt from "./Jwt.js";
+export { KeyGenerator } from "./KeyGenerator.js";
+export { Algorithm } from "./algorithm/Algorithm.js";
+export { JwtUtils } from "./JwtUtils.js";
+export { Jwt } from "./Jwt.js";
+export const AlgorithmMap = {
+    HS: HMAC,
+    RS: RSA,
+    PS: RSAPSS,
+    ES: ECDSA
+};
+export class JwtManager {
+    algorithmName;
+    algorithm;
+    constructor(algorithmName, key) {
+        this.algorithmName = algorithmName;
+        this.algorithm = JwtManager.getAlgorithm(algorithmName, key);
+    }
+    /**
+     * Signs the given payload with the specified header using the configured algorithm and key.
+     * @param payload The payload to be signed, represented as a JavaScript object.
+     * @param header The header to be included in the JWT, represented as a JavaScript object. The `alg` property will be automatically set based on the manager's algorithm.
+     * @returns The complete JWT as a string, consisting of the base64url-encoded header, payload, and signature.
+     */
+    sign(payload, header) {
+        header = { ...header, alg: this.algorithmName };
+        const encodedHeader = JwtManager.JwtUtils.objectToBase64Url(header);
+        const encodedPayload = JwtManager.JwtUtils.objectToBase64Url(payload);
+        const content = `${encodedHeader}.${encodedPayload}`;
+        const signature = this.algorithm.sign(content);
+        return `${content}.${signature}`;
+    }
+    parse(token) {
+        const parts = token.split('.');
+        if (parts.length !== 3)
+            throw new Error('Invalid JWT format');
+        const [encodedHeader, encodedPayload, signature] = parts;
+        const verified = this.algorithm.verify(`${encodedHeader}.${encodedPayload}`, signature);
+        if (!verified)
+            throw new Error('Invalid JWT signature');
+        const header = JwtManager.JwtUtils.base64UrlToObject(encodedHeader);
+        const payload = JwtManager.JwtUtils.base64UrlToObject(encodedPayload);
+        return new JwtManager.Jwt(header, payload, signature, this);
+    }
+    toJSON() { return { algorithm: this.algorithmName }; }
+    toString() { return `Jwt manager with algorithm ${this.algorithmName}`; }
+    /**
+     * Determines the appropriate algorithm class based on the provided options and creates an instance of it.
+     * @param algorithm The name of the algorithm to be used for signing and verifying JWTs (e.g., "HS256", "RS384", "ES512").
+     * @param key The secret key or private key to be used for signing and verifying JWTs.
+     * @returns An instance of the corresponding Algorithm subclass.
+     */
+    static getAlgorithm(algorithm, key) {
+        const prefix = JwtManager.JwtUtils.getAlgPrefix(algorithm);
+        const hashLength = JwtManager.JwtUtils.getHashLength(algorithm);
+        const alg = AlgorithmMap[prefix];
+        return new alg(hashLength, key);
+    }
+}
+(function (JwtManager) {
+    JwtManager.Algorithm = _Algorithm;
+    JwtManager.KeyGenerator = _KeyGenerator;
+    JwtManager.JwtUtils = _JwtUtils;
+    JwtManager.Jwt = _Jwt;
+})(JwtManager || (JwtManager = {}));
+export default JwtManager;
+//# sourceMappingURL=JwtManager.js.map

package/build/beta/JwtManager/JwtManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"JwtManager.js","sourceRoot":"","sources":["../../../src/beta/JwtManager/JwtManager.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,oBAAoB,CAAC;AACrC,OAAO,IAAI,MAAM,qBAAqB,CAAC;AACvC,OAAO,KAAK,MAAM,sBAAsB,CAAC;AACzC,OAAO,MAAM,MAAM,uBAAuB,CAAC;AAE3C,OAAO,aAAa,MAAM,mBAAmB,CAAC;AAC9C,OAAO,SAAS,MAAM,eAAe,CAAC;AACtC,OAAO,UAAU,MAAM,0BAA0B,CAAC;AAClD,OAAO,IAAI,MAAM,UAAU,CAAC;AAE5B,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAE/B,MAAM,CAAC,MAAM,YAAY,GAAG;IACxB,EAAE,EAAE,IAAI;IACR,EAAE,EAAE,GAAG;IACP,EAAE,EAAE,MAAM;IACV,EAAE,EAAE,KAAK;CACZ,CAAC;AAEF,MAAM,OAAO,UAAU;IAGC;IAFD,SAAS,CAAuB;IACnD,YACoB,aAAuC,EACvD,GAA+D;QAD/C,kBAAa,GAAb,aAAa,CAA0B;QAEvD,IAAI,CAAC,SAAS,GAAG,UAAU,CAAC,YAAY,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IAAC,CAAC;IACnE;;;;;OAKG;IACI,IAAI,CAAC,OAA+B,EAAE,MAAsC;QAC/E,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC;QAEhD,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,cAAc,GAAG,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAEtE,MAAM,OAAO,GAAG,GAAG,aAAa,IAAI,cAAc,EAAE,CAAC;QACrD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,GAAG,OAAO,IAAI,SAAS,EAAE,CAAC;IACrC,CAAC;IACM,KAAK,CAAC,KAAa;QACtB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC9D,MAAM,CAAC,aAAa,EAAE,cAAc,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;QAEzD,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,aAAa,IAAI,cAAc,EAAE,EAAE,SAAS,CAAC,CAAC;QACxF,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAExD,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAwB,aAAa,CAAC,CAAC;QAC3F,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAyB,cAAc,CAAC,CAAC;QAC9F,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,KAAa,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;IAC9D,QAAQ,KAAa,OAAO,8BAA8B,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;IAEjF;;;;;OAKG;IACO,MAAM,CAAC,YAAY,CAAC,SAAmC,EAAE,GAA+D;QAC9H,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAEhE,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QACjC,OAAO,IAAI,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACpC,CAAC;CACJ;AACD,WAAiB,UAAU;IACT,oBAAS,GAAG,UAAU,CAAC;IACvB,uBAAY,GAAG,aAAa,CAAC;IAC7B,mBAAQ,GAAG,SAAS,CAAC;IACrB,cAAG,GAAG,IAAI,CAAC;AAI7B,CAAC,EARgB,UAAU,KAAV,UAAU,QAQ1B;AACD,eAAe,UAAU,CAAC"}

package/build/beta/JwtManager/JwtUtils.d.ts

@@ -0,0 +1,32 @@
+import type Algorithm from "./algorithm/Algorithm.js";
+import type JwtManager from "./JwtManager.js";
+export declare class JwtUtils {
+    /**
+     * Converts a JavaScript object to a base64url-encoded string.
+     * @param obj The object to be converted.
+     * @returns The base64url-encoded string representation of the object.
+     */
+    static objectToBase64Url(obj: object): string;
+    /**
+     * Converts a base64url-encoded string back to a JavaScript object.
+     * @param base64Url The base64url-encoded string to be converted.
+     * @returns The JavaScript object represented by the base64url string.
+     */
+    static base64UrlToObject<T>(base64Url: string): T;
+    /**
+     * Extracts the algorithm prefix from the given algorithm name and validates it.
+     * @param alg The algorithm name (e.g., "HS256", "RS384", "ES512").
+     * @returns The algorithm prefix (e.g., "HS", "RS", "ES", "PS").
+     * @throws An error if the algorithm is unsupported.
+     */
+    static getAlgPrefix(alg: JwtManager.AlgorithmName): JwtManager.AlgPrefix;
+    /**
+     * Extracts the hash length from the given algorithm name and validates it.
+     * @param alg The algorithm name (e.g., "HS256", "RS384", "ES512").
+     * @returns The hash length as a string ("256", "384", or "512").
+     * @throws An error if the algorithm is unsupported or if the hash length is invalid.
+     */
+    static getHashLength(alg: JwtManager.AlgorithmName): Algorithm.HashLength;
+}
+export declare namespace JwtUtils { }
+export default JwtUtils;

package/build/beta/JwtManager/JwtUtils.js

@@ -0,0 +1,50 @@
+export class JwtUtils {
+    /**
+     * Converts a JavaScript object to a base64url-encoded string.
+     * @param obj The object to be converted.
+     * @returns The base64url-encoded string representation of the object.
+     */
+    static objectToBase64Url(obj) {
+        const jsonString = JSON.stringify(obj);
+        const buffer = Buffer.from(jsonString, 'utf-8');
+        return buffer.toString('base64url');
+    }
+    /**
+     * Converts a base64url-encoded string back to a JavaScript object.
+     * @param base64Url The base64url-encoded string to be converted.
+     * @returns The JavaScript object represented by the base64url string.
+     */
+    static base64UrlToObject(base64Url) {
+        const buffer = Buffer.from(base64Url, 'base64url');
+        const jsonString = buffer.toString('utf-8');
+        return JSON.parse(jsonString);
+    }
+    /**
+     * Extracts the algorithm prefix from the given algorithm name and validates it.
+     * @param alg The algorithm name (e.g., "HS256", "RS384", "ES512").
+     * @returns The algorithm prefix (e.g., "HS", "RS", "ES", "PS").
+     * @throws An error if the algorithm is unsupported.
+     */
+    static getAlgPrefix(alg) {
+        const prefix = alg.slice(0, 2);
+        if (!['HS', 'RS', 'ES', 'PS'].includes(prefix)) {
+            throw new Error(`Unsupported algorithm: ${alg}`);
+        }
+        return prefix;
+    }
+    /**
+     * Extracts the hash length from the given algorithm name and validates it.
+     * @param alg The algorithm name (e.g., "HS256", "RS384", "ES512").
+     * @returns The hash length as a string ("256", "384", or "512").
+     * @throws An error if the algorithm is unsupported or if the hash length is invalid.
+     */
+    static getHashLength(alg) {
+        const hashLength = alg.slice(2);
+        if (!['256', '384', '512'].includes(hashLength)) {
+            throw new Error(`Unsupported algorithm: ${alg}`);
+        }
+        return hashLength;
+    }
+}
+export default JwtUtils;
+//# sourceMappingURL=JwtUtils.js.map

package/build/beta/JwtManager/JwtUtils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"JwtUtils.js","sourceRoot":"","sources":["../../../src/beta/JwtManager/JwtUtils.ts"],"names":[],"mappings":"AAGA,MAAM,OAAO,QAAQ;IACjB;;;;OAIG;IACI,MAAM,CAAC,iBAAiB,CAAC,GAAW;QACvC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAChD,OAAO,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACxC,CAAC;IACD;;;;OAIG;IACI,MAAM,CAAC,iBAAiB,CAAI,SAAiB;QAChD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QACnD,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAM,CAAC;IACvC,CAAC;IACD;;;;;OAKG;IACI,MAAM,CAAC,YAAY,CAAC,GAA6B;QACpD,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/B,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,MAA8B,CAAC;IAC1C,CAAC;IACD;;;;;OAKG;IACI,MAAM,CAAC,aAAa,CAAC,GAA6B;QACrD,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,UAAkC,CAAC;IAC9C,CAAC;CACJ;AAED,eAAe,QAAQ,CAAC"}

package/build/beta/JwtManager/KeyGenerator.d.ts

@@ -0,0 +1,47 @@
+import type Algorithm from "./algorithm/Algorithm.js";
+export declare class KeyGenerator {
+    /**
+     * Generates a key or key pair based on the specified type and options. The generated key(s) can be used for signing and verifying JWTs with various algorithms.
+     * @param type The type of key to generate. Supported types include:
+     * - 'secret': Generates a random secret key for HMAC algorithms (e.g., HS256). The key is a base64url-encoded string.
+     * - 'rsa': Generates an RSA key pair for RSASSA-PKCS1-v1_5 algorithms (e.g., RS256). The keys are returned in PEM format.
+     * - 'rsa-pss': Generates an RSA key pair for RSASSA-PSS algorithms (e.g., PS256). The keys are returned in PEM format.
+     * - 'ec': Generates an Elliptic Curve (EC) key pair for ECDSA algorithms (e.g., ES256). The keys are returned in PEM format.
+     * @param options Optional parameters for key generation, such as modulus length for RSA keys or named curve for EC keys.
+     * @returns An object containing the generated private key ("key
+     */
+    static generate(type: KeyGenerator.Type, options?: KeyGenerator.Options): KeyGenerator.KeyObject;
+    /**
+     * Generates an RSA key pair with the specified modulus length.
+     * If no modulus length is provided, it defaults to 2048 bits.
+     * @param modulusLength The length of the RSA modulus in bits (e.g., 2048, 4096). Defaults to 2048 if not specified.
+     * @returns An object containing the generated private key ("key") and public key ("pub") as strings, both in PEM format.
+     */
+    protected static RSA(modulusLength?: number): KeyGenerator.KeyObject;
+    /**
+     * Generates an RSA-PSS key pair with the specified modulus length.
+     * If no modulus length is provided, it defaults to 2048 bits.
+     * @param modulusLength The length of the RSA modulus in bits (e.g., 2048, 4096). Defaults to 2048 if not specified.
+     * @returns An object containing the generated private key ("key") and public key ("pub") as strings, both in PEM format.
+     */
+    protected static RSAPSS(modulusLength?: number): KeyGenerator.KeyObject;
+    /**
+     * Generates an Elliptic Curve (EC) key pair using the specified named curve.
+     * If no named curve is provided, it defaults to 'P-256'.
+     * @param namedCurve The name of the elliptic curve to use (e.g., 'P-256', 'P-384', 'P-521'). Defaults to 'P-256' if not specified.
+     * @returns An object containing the generated private key ("key") and public key ("pub") as strings, both in PEM format.
+     */
+    protected static EC(namedCurve?: string): KeyGenerator.KeyObject;
+}
+export declare namespace KeyGenerator {
+    type Type = 'secret' | 'rsa' | 'rsa-pss' | 'ec';
+    interface KeyObject {
+        key: Algorithm.Key;
+        pub: Algorithm.Key;
+    }
+    interface Options {
+        namedCurve?: string;
+        modulusLength?: number;
+    }
+}
+export default KeyGenerator;

package/build/beta/JwtManager/KeyGenerator.js

@@ -0,0 +1,92 @@
+import { generateKeyPairSync, randomBytes } from "crypto";
+export class KeyGenerator {
+    /**
+     * Generates a key or key pair based on the specified type and options. The generated key(s) can be used for signing and verifying JWTs with various algorithms.
+     * @param type The type of key to generate. Supported types include:
+     * - 'secret': Generates a random secret key for HMAC algorithms (e.g., HS256). The key is a base64url-encoded string.
+     * - 'rsa': Generates an RSA key pair for RSASSA-PKCS1-v1_5 algorithms (e.g., RS256). The keys are returned in PEM format.
+     * - 'rsa-pss': Generates an RSA key pair for RSASSA-PSS algorithms (e.g., PS256). The keys are returned in PEM format.
+     * - 'ec': Generates an Elliptic Curve (EC) key pair for ECDSA algorithms (e.g., ES256). The keys are returned in PEM format.
+     * @param options Optional parameters for key generation, such as modulus length for RSA keys or named curve for EC keys.
+     * @returns An object containing the generated private key ("key
+     */
+    static generate(type, options = {}) {
+        let privateKey;
+        let publicKey;
+        switch (type) {
+            case 'secret': {
+                const secret = randomBytes(options.modulusLength || 32).toString('base64url');
+                privateKey = publicKey = secret;
+                break;
+            }
+            case 'rsa': {
+                const { key, pub } = KeyGenerator.RSA(options.modulusLength);
+                privateKey = key;
+                publicKey = pub;
+                break;
+            }
+            case 'rsa-pss': {
+                const { key, pub } = KeyGenerator.RSAPSS(options.modulusLength);
+                privateKey = key;
+                publicKey = pub;
+                break;
+            }
+            case 'ec': {
+                const { key, pub } = KeyGenerator.EC(options.namedCurve);
+                privateKey = key;
+                publicKey = pub;
+                break;
+            }
+            default: throw new Error(`Unsupported key type: ${type}`);
+        }
+        return { key: privateKey, pub: publicKey };
+    }
+    /**
+     * Generates an RSA key pair with the specified modulus length.
+     * If no modulus length is provided, it defaults to 2048 bits.
+     * @param modulusLength The length of the RSA modulus in bits (e.g., 2048, 4096). Defaults to 2048 if not specified.
+     * @returns An object containing the generated private key ("key") and public key ("pub") as strings, both in PEM format.
+     */
+    static RSA(modulusLength = 2048) {
+        const { privateKey, publicKey } = generateKeyPairSync('rsa', {
+            modulusLength: modulusLength,
+            publicKeyEncoding: { type: 'spki', format: 'pem' },
+            privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+        });
+        return { key: privateKey, pub: publicKey };
+    }
+    /**
+     * Generates an RSA-PSS key pair with the specified modulus length.
+     * If no modulus length is provided, it defaults to 2048 bits.
+     * @param modulusLength The length of the RSA modulus in bits (e.g., 2048, 4096). Defaults to 2048 if not specified.
+     * @returns An object containing the generated private key ("key") and public key ("pub") as strings, both in PEM format.
+     */
+    static RSAPSS(modulusLength = 2048) {
+        return this.RSA(modulusLength);
+        // Standard jwt libraries typically use the same RSA key pair for both RSASSA-PKCS1-v1_5 and RSASSA-PSS algorithms, as the key generation process is the same for both.
+        // The difference lies in how the signature is created and verified, not in the key itself.
+        // Therefore, we can reuse the RSA key generation method for RSAPSS as well.
+        const { privateKey, publicKey } = generateKeyPairSync('rsa-pss', {
+            modulusLength: modulusLength,
+            publicKeyEncoding: { type: 'spki', format: 'pem' },
+            privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
+        });
+        return { key: privateKey, pub: publicKey };
+    }
+    /**
+     * Generates an Elliptic Curve (EC) key pair using the specified named curve.
+     * If no named curve is provided, it defaults to 'P-256'.
+     * @param namedCurve The name of the elliptic curve to use (e.g., 'P-256', 'P-384', 'P-521'). Defaults to 'P-256' if not specified.
+     * @returns An object containing the generated private key ("key") and public key ("pub") as strings, both in PEM format.
+     */
+    static EC(namedCurve = 'P-256') {
+        const { privateKey, publicKey } = generateKeyPairSync('ec', {
+            namedCurve: namedCurve,
+            publicKeyEncoding: { type: 'spki', format: 'pem' },
+            privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
+        });
+        return { key: privateKey, pub: publicKey };
+    }
+}
+export default KeyGenerator;
+//# sourceMappingURL=KeyGenerator.js.map

package/build/beta/JwtManager/KeyGenerator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"KeyGenerator.js","sourceRoot":"","sources":["../../../src/beta/JwtManager/KeyGenerator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAG1D,MAAM,OAAO,YAAY;IACrB;;;;;;;;;OASG;IACI,MAAM,CAAC,QAAQ,CAAC,IAAuB,EAAE,UAAgC,EAAE;QAC9E,IAAI,UAAyB,CAAC;QAC9B,IAAI,SAAwB,CAAC;QAE7B,QAAO,IAAI,EAAE,CAAC;YACV,KAAK,QAAQ,CAAC,CAAC,CAAC;gBACZ,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAC9E,UAAU,GAAG,SAAS,GAAG,MAAM,CAAC;gBAAC,MAAM;YAC3C,CAAC;YACD,KAAK,KAAK,CAAC,CAAC,CAAC;gBACT,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;gBAC7D,UAAU,GAAG,GAAG,CAAC;gBAAC,SAAS,GAAG,GAAG,CAAC;gBAAC,MAAM;YAC7C,CAAC;YACD,KAAK,SAAS,CAAC,CAAC,CAAC;gBACb,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;gBAChE,UAAU,GAAG,GAAG,CAAC;gBAAC,SAAS,GAAG,GAAG,CAAC;gBAAC,MAAM;YAC7C,CAAC;YACD,KAAK,IAAI,CAAC,CAAC,CAAC;gBACR,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,YAAY,CAAC,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBACzD,UAAU,GAAG,GAAG,CAAC;gBAAC,SAAS,GAAG,GAAG,CAAC;gBAAC,MAAM;YAC7C,CAAC;YACD,OAAO,CAAC,CAAC,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,EAAE,CAAC,CAAC;QAC9D,CAAC;QACD,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;IAC/C,CAAC;IACD;;;;;OAKG;IACO,MAAM,CAAC,GAAG,CAAC,gBAAwB,IAAI;QAC7C,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC,KAAK,EAAE;YACzD,aAAa,EAAE,aAAa;YAC5B,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE;YAClD,kBAAkB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE;SACvD,CAAC,CAAC;QACH,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;IAC/C,CAAC;IACD;;;;;OAKG;IACO,MAAM,CAAC,MAAM,CAAC,gBAAwB,IAAI;QAChD,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAC/B,uKAAuK;QACvK,2FAA2F;QAC3F,4EAA4E;QAC5E,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC,SAAS,EAAE;YAC7D,aAAa,EAAE,aAAa;YAC5B,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE;YAClD,kBAAkB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE;SACvD,CAAC,CAAC;QACH,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;IAC/C,CAAC;IACD;;;;;OAKG;IACO,MAAM,CAAC,EAAE,CAAC,aAAqB,OAAO;QAC5C,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC,IAAI,EAAE;YACxD,UAAU,EAAE,UAAU;YACtB,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE;YAClD,kBAAkB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE;SACvD,CAAC,CAAC;QACH,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;IAC/C,CAAC;CACJ;AAYD,eAAe,YAAY,CAAC"}

package/build/beta/JwtManager/algorithm/Algorithm.d.ts

@@ -0,0 +1,68 @@
+import { AsymmetricKeyType, KeyObject } from 'crypto';
+export declare abstract class Algorithm {
+    protected readonly hashLength: Algorithm.HashLength;
+    /** The private key used for signing and verification. */
+    protected readonly key: Algorithm.Key | null;
+    /** The public key used for verification. */
+    protected readonly pub: Algorithm.Key | null;
+    readonly role: Algorithm.Role;
+    constructor(hashLength: Algorithm.HashLength, secret: Algorithm.Key | Algorithm.KeyOptions);
+    protected normalizeKey(key: Algorithm.Key | Algorithm.KeyOptions): Algorithm.KeyObject;
+    /** Gets the name of the hash algorithm based on the specified hash length. */
+    get hashName(): Algorithm.ShaName;
+    /**
+     * Signs the given payload using the specific algorithm and the provided key.
+     * @param payload The payload to be signed.
+     * @returns The signature of the payload, encoded in base64.
+     */
+    abstract sign(payload: string): string;
+    /**
+     * Verifies that the provided signature matches the expected signature for the given payload.
+     * @param payload The payload whose signature is to be verified.
+     * @param signature The signature to be verified, encoded in base64.
+     * @returns `true` if the signature is valid; otherwise, `false`.
+     */
+    abstract verify(payload: string, signature: string): boolean;
+    toJSON(): object;
+    toString(): string;
+    /**
+     * Normalizes the provided key input into a consistent format, ensuring that both the private and public keys are available as Buffers.
+     * @param key The key input, which can be either a string, a Buffer, or an object containing "key" and/or "pub" properties.
+     * @returns An object containing the normalized private key ("key") and public key ("pub") as Buffers. If only one key is provided, it will be used for both.
+     */
+    static normalizeKey(key: Algorithm.Key | Algorithm.KeyOptions): Algorithm.KeyObject;
+    /**
+     * Converts a key, which can be either a string or a Buffer, into a Buffer format.
+     * @param key The key to be converted, which can be a string or a Buffer.
+     * @returns The key in Buffer format.
+     */
+    static keyToBuffer(key: Algorithm.Key): Buffer;
+    /**
+     * Asserts that the provided key is a valid Buffer. If the key is not valid, an error is thrown with the specified message.
+     * @param key The key to be validated, which can be of any type.
+     * @param message The error message to be thrown if the key is not a valid Buffer.
+     * @throws Will throw an error if the key is not provided or if it is not a Buffer.
+     */
+    static assertKey(key: any, message: string): asserts key is Buffer;
+    /**
+     * Asserts that the provided key is of the expected asymmetric key type (e.g., "rsa", "ec").
+     * If the key is not of the expected type, an error is thrown with the specified message.
+     * @param key The key to be validated, which should be a Buffer containing the key data.
+     * @param expected The expected asymmetric key type (e.g., "rsa", "ec").
+     * @param message The error message to be thrown if the key is not of the expected type.
+     * @throws Will throw an error if the key is not a valid asymmetric key of the expected type.
+     */
+    static assertKeyType(key: Algorithm.Key, expected: AsymmetricKeyType, message: string): KeyObject;
+}
+export declare namespace Algorithm {
+    type Role = 'signer' | 'verifier';
+    type HashLength = '256' | '384' | '512';
+    type ShaName = `SHA-${HashLength}`;
+    type Key = string;
+    interface KeyObject {
+        key: Key | null;
+        pub: Key | null;
+    }
+    type KeyOptions = Partial<KeyObject>;
+}
+export default Algorithm;