npm - wabe - Versions diffs - 0.6.12 → 0.6.13 - Mend

wabe 0.6.12 → 0.6.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (147) hide show

package/package.json +4 -1
package/dev/index.ts +0 -215
package/generated/schema.graphql +0 -1945
package/generated/wabe.ts +0 -448
package/src/authentication/OTP.test.ts +0 -69
package/src/authentication/OTP.ts +0 -64
package/src/authentication/Session.test.ts +0 -629
package/src/authentication/Session.ts +0 -517
package/src/authentication/cookies.ts +0 -10
package/src/authentication/defaultAuthentication.ts +0 -209
package/src/authentication/index.ts +0 -4
package/src/authentication/interface.ts +0 -177
package/src/authentication/oauth/GitHub.test.ts +0 -91
package/src/authentication/oauth/GitHub.ts +0 -121
package/src/authentication/oauth/Google.test.ts +0 -91
package/src/authentication/oauth/Google.ts +0 -101
package/src/authentication/oauth/Oauth2Client.test.ts +0 -219
package/src/authentication/oauth/Oauth2Client.ts +0 -135
package/src/authentication/oauth/index.ts +0 -2
package/src/authentication/oauth/utils.test.ts +0 -33
package/src/authentication/oauth/utils.ts +0 -27
package/src/authentication/providers/EmailOTP.test.ts +0 -127
package/src/authentication/providers/EmailOTP.ts +0 -95
package/src/authentication/providers/EmailPassword.test.ts +0 -263
package/src/authentication/providers/EmailPassword.ts +0 -138
package/src/authentication/providers/EmailPasswordSRP.test.ts +0 -208
package/src/authentication/providers/EmailPasswordSRP.ts +0 -191
package/src/authentication/providers/GitHub.ts +0 -24
package/src/authentication/providers/Google.ts +0 -24
package/src/authentication/providers/OAuth.test.ts +0 -185
package/src/authentication/providers/OAuth.ts +0 -106
package/src/authentication/providers/PhonePassword.test.ts +0 -221
package/src/authentication/providers/PhonePassword.ts +0 -136
package/src/authentication/providers/QRCodeOTP.test.ts +0 -77
package/src/authentication/providers/QRCodeOTP.ts +0 -69
package/src/authentication/providers/index.ts +0 -6
package/src/authentication/resolvers/refreshResolver.test.ts +0 -30
package/src/authentication/resolvers/refreshResolver.ts +0 -19
package/src/authentication/resolvers/signInWithResolver.inte.test.ts +0 -59
package/src/authentication/resolvers/signInWithResolver.test.ts +0 -306
package/src/authentication/resolvers/signInWithResolver.ts +0 -106
package/src/authentication/resolvers/signOutResolver.test.ts +0 -38
package/src/authentication/resolvers/signOutResolver.ts +0 -18
package/src/authentication/resolvers/signUpWithResolver.test.ts +0 -180
package/src/authentication/resolvers/signUpWithResolver.ts +0 -68
package/src/authentication/resolvers/verifyChallenge.test.ts +0 -230
package/src/authentication/resolvers/verifyChallenge.ts +0 -78
package/src/authentication/roles.test.ts +0 -49
package/src/authentication/roles.ts +0 -40
package/src/authentication/security.ts +0 -278
package/src/authentication/utils.test.ts +0 -97
package/src/authentication/utils.ts +0 -39
package/src/cache/InMemoryCache.test.ts +0 -62
package/src/cache/InMemoryCache.ts +0 -45
package/src/cron/index.test.ts +0 -17
package/src/cron/index.ts +0 -43
package/src/database/DatabaseController.test.ts +0 -613
package/src/database/DatabaseController.ts +0 -1415
package/src/database/index.test.ts +0 -1551
package/src/database/index.ts +0 -9
package/src/database/interface.ts +0 -308
package/src/email/DevAdapter.ts +0 -7
package/src/email/EmailController.test.ts +0 -29
package/src/email/EmailController.ts +0 -13
package/src/email/index.ts +0 -2
package/src/email/interface.ts +0 -36
package/src/email/templates/sendOtpCode.ts +0 -120
package/src/file/FileController.ts +0 -28
package/src/file/FileDevAdapter.ts +0 -51
package/src/file/hookDeleteFile.ts +0 -25
package/src/file/hookReadFile.ts +0 -66
package/src/file/hookUploadFile.ts +0 -52
package/src/file/index.test.ts +0 -1031
package/src/file/index.ts +0 -2
package/src/file/interface.ts +0 -63
package/src/file/security.ts +0 -156
package/src/graphql/GraphQLSchema.test.ts +0 -5099
package/src/graphql/GraphQLSchema.ts +0 -886
package/src/graphql/index.ts +0 -2
package/src/graphql/parseGraphqlSchema.ts +0 -85
package/src/graphql/parser.test.ts +0 -203
package/src/graphql/parser.ts +0 -707
package/src/graphql/pointerAndRelationFunction.ts +0 -191
package/src/graphql/resolvers.ts +0 -464
package/src/graphql/tests/aggregation.test.ts +0 -1115
package/src/graphql/tests/e2e.test.ts +0 -590
package/src/graphql/tests/scalars.test.ts +0 -250
package/src/graphql/types.ts +0 -227
package/src/hooks/HookObject.test.ts +0 -122
package/src/hooks/HookObject.ts +0 -165
package/src/hooks/authentication.ts +0 -67
package/src/hooks/createUser.test.ts +0 -77
package/src/hooks/createUser.ts +0 -10
package/src/hooks/defaultFields.test.ts +0 -176
package/src/hooks/defaultFields.ts +0 -32
package/src/hooks/deleteSession.test.ts +0 -181
package/src/hooks/deleteSession.ts +0 -20
package/src/hooks/hashFieldHook.test.ts +0 -152
package/src/hooks/hashFieldHook.ts +0 -89
package/src/hooks/index.test.ts +0 -258
package/src/hooks/index.ts +0 -420
package/src/hooks/permissions.test.ts +0 -412
package/src/hooks/permissions.ts +0 -93
package/src/hooks/protected.test.ts +0 -551
package/src/hooks/protected.ts +0 -74
package/src/hooks/searchableFields.test.ts +0 -147
package/src/hooks/searchableFields.ts +0 -86
package/src/hooks/session.test.ts +0 -134
package/src/hooks/session.ts +0 -76
package/src/hooks/setEmail.test.ts +0 -216
package/src/hooks/setEmail.ts +0 -33
package/src/hooks/setupAcl.test.ts +0 -618
package/src/hooks/setupAcl.ts +0 -25
package/src/hooks/virtualFields.test.ts +0 -228
package/src/hooks/virtualFields.ts +0 -48
package/src/index.ts +0 -9
package/src/schema/Schema.test.ts +0 -482
package/src/schema/Schema.ts +0 -839
package/src/schema/defaultResolvers.ts +0 -93
package/src/schema/index.ts +0 -1
package/src/schema/resolvers/meResolver.test.ts +0 -62
package/src/schema/resolvers/meResolver.ts +0 -10
package/src/schema/resolvers/resetPassword.test.ts +0 -341
package/src/schema/resolvers/resetPassword.ts +0 -63
package/src/schema/resolvers/sendEmail.test.ts +0 -118
package/src/schema/resolvers/sendEmail.ts +0 -21
package/src/schema/resolvers/sendOtpCode.test.ts +0 -141
package/src/schema/resolvers/sendOtpCode.ts +0 -52
package/src/security.test.ts +0 -4136
package/src/server/defaultSessionHandler.test.ts +0 -62
package/src/server/defaultSessionHandler.ts +0 -104
package/src/server/generateCodegen.ts +0 -433
package/src/server/index.test.ts +0 -843
package/src/server/index.ts +0 -336
package/src/server/interface.ts +0 -11
package/src/server/routes/authHandler.ts +0 -171
package/src/server/routes/index.ts +0 -48
package/src/utils/crypto.test.ts +0 -41
package/src/utils/crypto.ts +0 -105
package/src/utils/database.ts +0 -8
package/src/utils/export.ts +0 -12
package/src/utils/helper.ts +0 -204
package/src/utils/index.test.ts +0 -11
package/src/utils/index.ts +0 -196
package/src/utils/preload.ts +0 -8
package/src/utils/testHelper.ts +0 -124
package/tsconfig.json +0 -32

package/src/authentication/Session.ts DELETED Viewed

@@ -1,517 +0,0 @@
-import jwt, { verify, type SignOptions } from 'jsonwebtoken'
-import crypto from 'node:crypto'
-import type { WabeContext } from '../server/interface'
-import type { WabeConfig, WabeTypes } from '../server'
-import { contextWithRoot } from '../utils/export'
-import { encryptDeterministicToken, decryptDeterministicToken } from '../utils/crypto'
-const getJwtSecret = <T extends WabeTypes>(context: WabeContext<T>): string => {
-	const secret = context.wabe.config.authentication?.session?.jwtSecret
-	if (!secret) throw new Error('Authentication session requires jwtSecret')
-	return secret
-}
-const JWT_ALGORITHM = 'HS256'
-const safeVerify = (
-	token: string,
-	secret: string,
-	options: Pick<SignOptions, 'audience' | 'issuer'> = {},
-) => {
-	try {
-		return !!verify(token, secret, {
-			...options,
-			algorithms: [JWT_ALGORITHM],
-		})
-	} catch {
-		return false
-	}
-}
-const getTokenSecret = <T extends WabeTypes>(context: WabeContext<T>): string =>
-	context.wabe.config.authentication?.session?.tokenSecret ?? getJwtSecret(context)
-const getTokenEncryptionKey = <T extends WabeTypes>(context: WabeContext<T>) =>
-	crypto.createHash('sha256').update(getTokenSecret(context)).digest()
-const getJwtVerifyOptions = <T extends WabeTypes>(context: WabeContext<T>) => {
-	const opts: Pick<SignOptions, 'audience' | 'issuer'> = {}
-	const audience = context.wabe.config.authentication?.session?.jwtAudience
-	const issuer = context.wabe.config.authentication?.session?.jwtIssuer
-	if (audience) opts.audience = audience
-	if (issuer) opts.issuer = issuer
-	return opts
-}
-export class Session<T extends WabeTypes> {
-	private accessToken: string | undefined = undefined
-	private refreshToken: string | undefined = undefined
-	getAccessTokenExpireAt(config: WabeConfig<T>) {
-		const customExpiresInMs = config?.authentication?.session?.accessTokenExpiresInMs
-		if (!customExpiresInMs) return new Date(Date.now() + 1000 * 60 * 15) // 15 minutes in ms
-		return new Date(Date.now() + customExpiresInMs)
-	}
-	_getRefreshTokenExpiresInMs(config: WabeConfig<T>) {
-		const customExpiresInMs = config?.authentication?.session?.refreshTokenExpiresInMs
-		if (!customExpiresInMs) return 1000 * 60 * 60 * 24 * 7 // 7 days in ms
-		return customExpiresInMs
-	}
-	getRefreshTokenExpireAt(config: WabeConfig<T>) {
-		const expiresInMs = this._getRefreshTokenExpiresInMs(config)
-		return new Date(Date.now() + expiresInMs)
-	}
-	async meFromAccessToken(
-		{ accessToken, csrfToken }: { accessToken: string; csrfToken: string },
-		context: WabeContext<T>,
-	): Promise<{
-		sessionId: string | null
-		user: T['types']['User'] | null
-		accessToken: string | null
-		refreshToken?: string | null
-	}> {
-		const verifyOptions = getJwtVerifyOptions(context)
-		if (!safeVerify(accessToken, getJwtSecret(context), verifyOptions)) {
-			return {
-				sessionId: null,
-				user: null,
-				accessToken: null,
-				refreshToken: null,
-			}
-		}
-		const encryptedAccessToken = encryptDeterministicToken(
-			accessToken,
-			getTokenEncryptionKey(context),
-		)
-		const sessions = await context.wabe.controllers.database.getObjects({
-			className: '_Session',
-			// @ts-expect-error
-			where: {
-				accessTokenEncrypted: { equalTo: encryptedAccessToken },
-				OR: [
-					{
-						accessTokenExpiresAt: {
-							greaterThanOrEqualTo: new Date(),
-						},
-					},
-					{
-						refreshTokenExpiresAt: {
-							greaterThanOrEqualTo: new Date(),
-						},
-					},
-				],
-			},
-			select: {
-				// @ts-expect-error
-				id: true,
-				// @ts-expect-error Generic
-				user: true,
-				// @ts-expect-error Generic
-				accessTokenExpiresAt: true,
-				// @ts-expect-error Generic
-				refreshTokenExpiresAt: true,
-				// @ts-expect-error Generic
-				refreshTokenEncrypted: true,
-			},
-			first: 1,
-			context,
-		})
-		if (sessions.length === 0)
-			return {
-				sessionId: null,
-				user: null,
-				accessToken: null,
-				refreshToken: null,
-			}
-		const session = sessions[0]
-		if (!session || !session?.user)
-			return {
-				sessionId: null,
-				user: null,
-				accessToken: null,
-				refreshToken: null,
-			}
-		// CSRF check only for cookie-based sessions (enabled by default unless explicitly disabled)
-		if (
-			context.wabe.config.authentication?.session?.cookieSession &&
-			context.wabe.config.security?.disableCSRFProtection !== true
-		) {
-			const [receivedHmacHex, receivedRandomValue] = csrfToken.split('.')
-			if (!receivedHmacHex || !receivedRandomValue)
-				return {
-					sessionId: null,
-					user: null,
-					accessToken: null,
-					refreshToken: null,
-				}
-			const currentSessionId = session.id
-			const message = `${currentSessionId.length}!${currentSessionId}!${receivedRandomValue?.length}!${receivedRandomValue}`
-			const csrfSecret =
-				context.wabe.config.authentication?.session?.csrfSecret || getJwtSecret(context)
-			const expectedHmac = crypto.createHmac('sha256', csrfSecret).update(message).digest('hex')
-			const isValid = crypto.timingSafeEqual(
-				Buffer.from(receivedHmacHex || '', 'hex'),
-				Buffer.from(expectedHmac, 'hex'),
-			)
-			if (!isValid)
-				return {
-					sessionId: null,
-					user: null,
-					accessToken: null,
-					refreshToken: null,
-				}
-		}
-		// User check
-		const user = session.user
-		const userWithRole = await context.wabe.controllers.database.getObject({
-			className: 'User',
-			select: {
-				// @ts-expect-error
-				role: true,
-			},
-			context,
-			id: user.id,
-		})
-		// If access token is expired and refresh token is not expired
-		if (
-			new Date(session.accessTokenExpiresAt) < new Date() &&
-			new Date(session.refreshTokenExpiresAt) >= new Date() &&
-			session.refreshTokenEncrypted
-		) {
-			const decryptedRefreshToken = decryptDeterministicToken(
-				session.refreshTokenEncrypted as string,
-				getTokenEncryptionKey(context),
-			)
-			if (!decryptedRefreshToken)
-				return {
-					sessionId: null,
-					user: null,
-					accessToken: null,
-					refreshToken: null,
-				}
-			const { accessToken: newAccessToken, refreshToken: newRefreshToken } = await this.refresh(
-				accessToken,
-				decryptedRefreshToken,
-				context,
-			)
-			return {
-				sessionId: session.id,
-				user: {
-					...user,
-					role: userWithRole?.role,
-				},
-				accessToken: newAccessToken,
-				refreshToken: newRefreshToken,
-			}
-		}
-		return {
-			sessionId: session.id,
-			user: {
-				...user,
-				role: userWithRole?.role,
-			},
-			accessToken,
-			refreshToken: decryptDeterministicToken(
-				session.refreshTokenEncrypted as string,
-				getTokenEncryptionKey(context),
-			),
-		}
-	}
-	async create(userId: string, context: WabeContext<T>) {
-		const jwtTokenFields = context.wabe.config.authentication?.session?.jwtTokenFields
-		const nowSeconds = Math.floor(Date.now() / 1000)
-		const result = jwtTokenFields
-			? await context.wabe.controllers.database.getObject({
-					className: 'User',
-					select: jwtTokenFields,
-					context,
-					id: userId,
-				})
-			: undefined
-		const secretKey = getJwtSecret(context)
-		const signOptions: SignOptions = {
-			jwtid: crypto.randomUUID(),
-			algorithm: JWT_ALGORITHM,
-		}
-		const audience = context.wabe.config.authentication?.session?.jwtAudience
-		const issuer = context.wabe.config.authentication?.session?.jwtIssuer
-		if (audience) signOptions.audience = audience
-		if (issuer) signOptions.issuer = issuer
-		this.accessToken = jwt.sign(
-			{
-				userId,
-				user: result,
-				iat: nowSeconds,
-				exp: Math.floor(this.getAccessTokenExpireAt(context.wabe.config).getTime() / 1000),
-			},
-			secretKey,
-			{ ...signOptions, algorithm: JWT_ALGORITHM },
-		)
-		this.refreshToken = jwt.sign(
-			{
-				userId,
-				user: result,
-				iat: nowSeconds,
-				exp: Math.floor(this.getRefreshTokenExpireAt(context.wabe.config).getTime() / 1000),
-			},
-			secretKey,
-			{ ...signOptions, algorithm: JWT_ALGORITHM },
-		)
-		const accessTokenEncrypted = encryptDeterministicToken(
-			this.accessToken,
-			getTokenEncryptionKey(context),
-		)
-		const refreshTokenEncrypted = encryptDeterministicToken(
-			this.refreshToken,
-			getTokenEncryptionKey(context),
-		)
-		const res = await context.wabe.controllers.database.createObject({
-			className: '_Session',
-			context: contextWithRoot(context),
-			data: {
-				accessTokenEncrypted,
-				accessTokenExpiresAt: this.getAccessTokenExpireAt(context.wabe.config),
-				refreshTokenEncrypted,
-				refreshTokenExpiresAt: this.getRefreshTokenExpireAt(context.wabe.config),
-				user: userId,
-			},
-			// @ts-expect-error
-			select: { id: true },
-		})
-		if (!res) throw new Error('Session not created')
-		const sessionId = res.id
-		const randomValue = crypto.randomBytes(16).toString('hex')
-		const message = `${sessionId.length}!${sessionId}!${randomValue.length}!${randomValue}`
-		const csrfSecret = context.wabe.config.authentication?.session?.csrfSecret || secretKey
-		const hmac = crypto.createHmac('sha256', csrfSecret).update(message).digest('hex')
-		const csrfToken = `${hmac}.${randomValue}`
-		return {
-			accessToken: this.accessToken,
-			refreshToken: this.refreshToken,
-			csrfToken,
-			sessionId: res.id,
-		}
-	}
-	async refresh(accessToken: string, refreshToken: string, context: WabeContext<T>) {
-		const secretKey = getJwtSecret(context)
-		const verifyOptions = getJwtVerifyOptions(context)
-		if (!safeVerify(accessToken, secretKey, verifyOptions))
-			return {
-				accessToken: null,
-				refreshToken: null,
-			}
-		if (!safeVerify(refreshToken, secretKey, verifyOptions))
-			return {
-				accessToken: null,
-				refreshToken: null,
-			}
-		const accessTokenEncrypted = encryptDeterministicToken(
-			accessToken,
-			getTokenEncryptionKey(context),
-		)
-		const incomingRefreshTokenEncrypted = encryptDeterministicToken(
-			refreshToken,
-			getTokenEncryptionKey(context),
-		)
-		const session = await context.wabe.controllers.database.getObjects({
-			className: '_Session',
-			// @ts-expect-error
-			where: {
-				accessTokenEncrypted: { equalTo: accessTokenEncrypted },
-				refreshTokenEncrypted: {
-					equalTo: incomingRefreshTokenEncrypted,
-				},
-			},
-			select: {
-				// @ts-expect-error
-				id: true,
-				// @ts-expect-error
-				user: {
-					id: true,
-					role: {
-						id: true,
-						name: true,
-					},
-				},
-				// @ts-expect-error
-				refreshTokenEncrypted: true,
-				// @ts-expect-error
-				refreshTokenExpiresAt: true,
-			},
-			context: contextWithRoot(context),
-		})
-		if (!session.length)
-			return {
-				accessToken: null,
-				refreshToken: null,
-			}
-		if (!session[0]) throw new Error('Session not found')
-		const {
-			refreshTokenExpiresAt,
-			user,
-			refreshTokenEncrypted: storedRefreshTokenEncrypted,
-			id,
-		} = session[0]
-		if (new Date(refreshTokenExpiresAt) < new Date(Date.now()))
-			throw new Error('Refresh token expired')
-		const decryptedRefreshToken =
-			decryptDeterministicToken(storedRefreshTokenEncrypted, getTokenEncryptionKey(context)) ||
-			refreshToken
-		if (!decryptedRefreshToken || decryptedRefreshToken !== refreshToken)
-			throw new Error('Invalid refresh token')
-		// Always rotate tokens on refresh
-		const userId = user?.id
-		if (!userId)
-			return {
-				accessToken: null,
-				refreshToken: null,
-			}
-		const jwtTokenFields = context.wabe.config.authentication?.session?.jwtTokenFields
-		const result = jwtTokenFields
-			? await context.wabe.controllers.database.getObject({
-					className: 'User',
-					select: jwtTokenFields,
-					context,
-					id: userId,
-				})
-			: undefined
-		const nowSeconds = Math.floor(Date.now() / 1000)
-		const signOptions: SignOptions = {
-			jwtid: crypto.randomUUID(),
-			algorithm: JWT_ALGORITHM,
-		}
-		const audience = context.wabe.config.authentication?.session?.jwtAudience
-		const issuer = context.wabe.config.authentication?.session?.jwtIssuer
-		if (audience) signOptions.audience = audience
-		if (issuer) signOptions.issuer = issuer
-		const newAccessToken = jwt.sign(
-			{
-				userId,
-				user: result,
-				iat: nowSeconds,
-				exp: Math.floor(this.getAccessTokenExpireAt(context.wabe.config).getTime() / 1000),
-			},
-			secretKey,
-			{ ...signOptions, algorithm: JWT_ALGORITHM },
-		)
-		const newRefreshToken = jwt.sign(
-			{
-				userId,
-				user: result,
-				iat: nowSeconds,
-				exp: Math.floor(this.getRefreshTokenExpireAt(context.wabe.config).getTime() / 1000),
-			},
-			secretKey,
-			{ ...signOptions, algorithm: JWT_ALGORITHM },
-		)
-		const newAccessTokenEncrypted = encryptDeterministicToken(
-			newAccessToken,
-			getTokenEncryptionKey(context),
-		)
-		const newRefreshTokenEncrypted = encryptDeterministicToken(
-			newRefreshToken,
-			getTokenEncryptionKey(context),
-		)
-		await context.wabe.controllers.database.updateObject({
-			className: '_Session',
-			context: contextWithRoot(context),
-			id,
-			data: {
-				accessTokenEncrypted: newAccessTokenEncrypted,
-				accessTokenExpiresAt: this.getAccessTokenExpireAt(context.wabe.config),
-				refreshTokenEncrypted: newRefreshTokenEncrypted,
-				refreshTokenExpiresAt: this.getRefreshTokenExpireAt(context.wabe.config),
-			},
-			select: {},
-		})
-		return {
-			accessToken: newAccessToken,
-			refreshToken: newRefreshToken,
-		}
-	}
-	async delete(context: WabeContext<T>) {
-		if (!context.sessionId) return
-		await context.wabe.controllers.database.deleteObject({
-			className: '_Session',
-			context: contextWithRoot(context),
-			id: context.sessionId,
-			select: {},
-		})
-	}
-	_isRefreshTokenExpired(userRefreshTokenExpiresAt: Date, refreshTokenAgeInMs: number) {
-		const refreshTokenEmittedAt = userRefreshTokenExpiresAt.getTime() - refreshTokenAgeInMs
-		const numberOfMsSinceRefreshTokenEmitted = Date.now() - refreshTokenEmittedAt
-		return numberOfMsSinceRefreshTokenEmitted >= 0.75 * refreshTokenAgeInMs
-	}
-}

package/src/authentication/cookies.ts DELETED Viewed

@@ -1,10 +0,0 @@
-import type { WabeConfig, WabeTypes } from '../server'
-export const getSessionCookieSameSite = <T extends WabeTypes>(config: WabeConfig<T>) => {
-	const frontDomain = config.authentication?.frontDomain
-	const backDomain = config.authentication?.backDomain
-	if (frontDomain && backDomain && frontDomain !== backDomain) return 'None'
-	return 'Strict'
-}