webapp-factory 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +145 -0
- package/dist/access-control/adapters/in-memory-relations.d.ts +7 -0
- package/dist/access-control/adapters/in-memory-relations.d.ts.map +1 -0
- package/dist/access-control/adapters/in-memory-relations.js +6 -0
- package/dist/access-control/adapters/in-memory-relations.js.map +1 -0
- package/dist/access-control/core/enforcement.d.ts +13 -0
- package/dist/access-control/core/enforcement.d.ts.map +1 -0
- package/dist/access-control/core/enforcement.js +38 -0
- package/dist/access-control/core/enforcement.js.map +1 -0
- package/dist/access-control/core/errors.d.ts +30 -0
- package/dist/access-control/core/errors.d.ts.map +1 -0
- package/dist/access-control/core/errors.js +46 -0
- package/dist/access-control/core/errors.js.map +1 -0
- package/dist/access-control/core/pdp.d.ts +14 -0
- package/dist/access-control/core/pdp.d.ts.map +1 -0
- package/dist/access-control/core/pdp.js +79 -0
- package/dist/access-control/core/pdp.js.map +1 -0
- package/dist/access-control/core/ports.d.ts +68 -0
- package/dist/access-control/core/ports.d.ts.map +1 -0
- package/dist/access-control/core/ports.js +6 -0
- package/dist/access-control/core/ports.js.map +1 -0
- package/dist/access-control/core/rbac.d.ts +10 -0
- package/dist/access-control/core/rbac.d.ts.map +1 -0
- package/dist/access-control/core/rbac.js +78 -0
- package/dist/access-control/core/rbac.js.map +1 -0
- package/dist/access-control/core/rebac.d.ts +15 -0
- package/dist/access-control/core/rebac.d.ts.map +1 -0
- package/dist/access-control/core/rebac.js +48 -0
- package/dist/access-control/core/rebac.js.map +1 -0
- package/dist/access-control/index.d.ts +15 -0
- package/dist/access-control/index.d.ts.map +1 -0
- package/dist/access-control/index.js +20 -0
- package/dist/access-control/index.js.map +1 -0
- package/dist/access-control/nestjs/access-control.module.d.ts +34 -0
- package/dist/access-control/nestjs/access-control.module.d.ts.map +1 -0
- package/dist/access-control/nestjs/access-control.module.js +80 -0
- package/dist/access-control/nestjs/access-control.module.js.map +1 -0
- package/dist/audit/adapters/in-memory-store.d.ts +3 -0
- package/dist/audit/adapters/in-memory-store.d.ts.map +1 -0
- package/dist/audit/adapters/in-memory-store.js +66 -0
- package/dist/audit/adapters/in-memory-store.js.map +1 -0
- package/dist/audit/adapters/pg-store.d.ts +22 -0
- package/dist/audit/adapters/pg-store.d.ts.map +1 -0
- package/dist/audit/adapters/pg-store.js +119 -0
- package/dist/audit/adapters/pg-store.js.map +1 -0
- package/dist/audit/core/audit-log.d.ts +41 -0
- package/dist/audit/core/audit-log.d.ts.map +1 -0
- package/dist/audit/core/audit-log.js +78 -0
- package/dist/audit/core/audit-log.js.map +1 -0
- package/dist/audit/core/errors.d.ts +22 -0
- package/dist/audit/core/errors.d.ts.map +1 -0
- package/dist/audit/core/errors.js +35 -0
- package/dist/audit/core/errors.js.map +1 -0
- package/dist/audit/core/hash.d.ts +9 -0
- package/dist/audit/core/hash.d.ts.map +1 -0
- package/dist/audit/core/hash.js +45 -0
- package/dist/audit/core/hash.js.map +1 -0
- package/dist/audit/core/ports.d.ts +68 -0
- package/dist/audit/core/ports.d.ts.map +1 -0
- package/dist/audit/core/ports.js +6 -0
- package/dist/audit/core/ports.js.map +1 -0
- package/dist/audit/index.d.ts +13 -0
- package/dist/audit/index.d.ts.map +1 -0
- package/dist/audit/index.js +16 -0
- package/dist/audit/index.js.map +1 -0
- package/dist/auth/adapters/argon2id-hasher.d.ts +15 -0
- package/dist/auth/adapters/argon2id-hasher.d.ts.map +1 -0
- package/dist/auth/adapters/argon2id-hasher.js +61 -0
- package/dist/auth/adapters/argon2id-hasher.js.map +1 -0
- package/dist/auth/adapters/in-memory-stores.d.ts +14 -0
- package/dist/auth/adapters/in-memory-stores.d.ts.map +1 -0
- package/dist/auth/adapters/in-memory-stores.js +78 -0
- package/dist/auth/adapters/in-memory-stores.js.map +1 -0
- package/dist/auth/core/auth-service.d.ts +40 -0
- package/dist/auth/core/auth-service.d.ts.map +1 -0
- package/dist/auth/core/auth-service.js +106 -0
- package/dist/auth/core/auth-service.js.map +1 -0
- package/dist/auth/core/credentials.d.ts +15 -0
- package/dist/auth/core/credentials.d.ts.map +1 -0
- package/dist/auth/core/credentials.js +15 -0
- package/dist/auth/core/credentials.js.map +1 -0
- package/dist/auth/core/crypto-util.d.ts +7 -0
- package/dist/auth/core/crypto-util.d.ts.map +1 -0
- package/dist/auth/core/crypto-util.js +15 -0
- package/dist/auth/core/crypto-util.js.map +1 -0
- package/dist/auth/core/errors.d.ts +33 -0
- package/dist/auth/core/errors.d.ts.map +1 -0
- package/dist/auth/core/errors.js +48 -0
- package/dist/auth/core/errors.js.map +1 -0
- package/dist/auth/core/jwt.d.ts +5 -0
- package/dist/auth/core/jwt.d.ts.map +1 -0
- package/dist/auth/core/jwt.js +40 -0
- package/dist/auth/core/jwt.js.map +1 -0
- package/dist/auth/core/ports.d.ts +95 -0
- package/dist/auth/core/ports.d.ts.map +1 -0
- package/dist/auth/core/ports.js +7 -0
- package/dist/auth/core/ports.js.map +1 -0
- package/dist/auth/core/single-use.d.ts +10 -0
- package/dist/auth/core/single-use.d.ts.map +1 -0
- package/dist/auth/core/single-use.js +47 -0
- package/dist/auth/core/single-use.js.map +1 -0
- package/dist/auth/core/tokens.d.ts +14 -0
- package/dist/auth/core/tokens.d.ts.map +1 -0
- package/dist/auth/core/tokens.js +85 -0
- package/dist/auth/core/tokens.js.map +1 -0
- package/dist/auth/index.d.ts +18 -0
- package/dist/auth/index.d.ts.map +1 -0
- package/dist/auth/index.js +22 -0
- package/dist/auth/index.js.map +1 -0
- package/dist/auth/nestjs/auth.module.d.ts +17 -0
- package/dist/auth/nestjs/auth.module.d.ts.map +1 -0
- package/dist/auth/nestjs/auth.module.js +18 -0
- package/dist/auth/nestjs/auth.module.js.map +1 -0
- package/dist/cache/adapters/in-memory-store.d.ts +6 -0
- package/dist/cache/adapters/in-memory-store.d.ts.map +1 -0
- package/dist/cache/adapters/in-memory-store.js +65 -0
- package/dist/cache/adapters/in-memory-store.js.map +1 -0
- package/dist/cache/adapters/redis-store.d.ts +32 -0
- package/dist/cache/adapters/redis-store.d.ts.map +1 -0
- package/dist/cache/adapters/redis-store.js +59 -0
- package/dist/cache/adapters/redis-store.js.map +1 -0
- package/dist/cache/core/cache.d.ts +31 -0
- package/dist/cache/core/cache.d.ts.map +1 -0
- package/dist/cache/core/cache.js +89 -0
- package/dist/cache/core/cache.js.map +1 -0
- package/dist/cache/core/errors.d.ts +17 -0
- package/dist/cache/core/errors.d.ts.map +1 -0
- package/dist/cache/core/errors.js +27 -0
- package/dist/cache/core/errors.js.map +1 -0
- package/dist/cache/core/lock.d.ts +21 -0
- package/dist/cache/core/lock.d.ts.map +1 -0
- package/dist/cache/core/lock.js +47 -0
- package/dist/cache/core/lock.js.map +1 -0
- package/dist/cache/core/ports.d.ts +33 -0
- package/dist/cache/core/ports.d.ts.map +1 -0
- package/dist/cache/core/ports.js +6 -0
- package/dist/cache/core/ports.js.map +1 -0
- package/dist/cache/core/pubsub.d.ts +14 -0
- package/dist/cache/core/pubsub.d.ts.map +1 -0
- package/dist/cache/core/pubsub.js +13 -0
- package/dist/cache/core/pubsub.js.map +1 -0
- package/dist/cache/core/serializer.d.ts +4 -0
- package/dist/cache/core/serializer.d.ts.map +1 -0
- package/dist/cache/core/serializer.js +6 -0
- package/dist/cache/core/serializer.js.map +1 -0
- package/dist/cache/index.d.ts +14 -0
- package/dist/cache/index.d.ts.map +1 -0
- package/dist/cache/index.js +19 -0
- package/dist/cache/index.js.map +1 -0
- package/dist/config/adapters/reporters.d.ts +17 -0
- package/dist/config/adapters/reporters.d.ts.map +1 -0
- package/dist/config/adapters/reporters.js +35 -0
- package/dist/config/adapters/reporters.js.map +1 -0
- package/dist/config/adapters/secret-resolvers.d.ts +21 -0
- package/dist/config/adapters/secret-resolvers.d.ts.map +1 -0
- package/dist/config/adapters/secret-resolvers.js +60 -0
- package/dist/config/adapters/secret-resolvers.js.map +1 -0
- package/dist/config/adapters/zod-schema.d.ts +20 -0
- package/dist/config/adapters/zod-schema.d.ts.map +1 -0
- package/dist/config/adapters/zod-schema.js +35 -0
- package/dist/config/adapters/zod-schema.js.map +1 -0
- package/dist/config/core/env-loader.d.ts +47 -0
- package/dist/config/core/env-loader.d.ts.map +1 -0
- package/dist/config/core/env-loader.js +155 -0
- package/dist/config/core/env-loader.js.map +1 -0
- package/dist/config/core/errors.d.ts +34 -0
- package/dist/config/core/errors.d.ts.map +1 -0
- package/dist/config/core/errors.js +49 -0
- package/dist/config/core/errors.js.map +1 -0
- package/dist/config/core/freeze.d.ts +7 -0
- package/dist/config/core/freeze.d.ts.map +1 -0
- package/dist/config/core/freeze.js +20 -0
- package/dist/config/core/freeze.js.map +1 -0
- package/dist/config/core/load-config.d.ts +43 -0
- package/dist/config/core/load-config.d.ts.map +1 -0
- package/dist/config/core/load-config.js +74 -0
- package/dist/config/core/load-config.js.map +1 -0
- package/dist/config/core/merge.d.ts +19 -0
- package/dist/config/core/merge.d.ts.map +1 -0
- package/dist/config/core/merge.js +31 -0
- package/dist/config/core/merge.js.map +1 -0
- package/dist/config/core/ports.d.ts +58 -0
- package/dist/config/core/ports.d.ts.map +1 -0
- package/dist/config/core/ports.js +2 -0
- package/dist/config/core/ports.js.map +1 -0
- package/dist/config/core/secret-resolver.d.ts +16 -0
- package/dist/config/core/secret-resolver.d.ts.map +1 -0
- package/dist/config/core/secret-resolver.js +73 -0
- package/dist/config/core/secret-resolver.js.map +1 -0
- package/dist/config/core/secret.d.ts +21 -0
- package/dist/config/core/secret.d.ts.map +1 -0
- package/dist/config/core/secret.js +40 -0
- package/dist/config/core/secret.js.map +1 -0
- package/dist/config/index.d.ts +16 -0
- package/dist/config/index.d.ts.map +1 -0
- package/dist/config/index.js +23 -0
- package/dist/config/index.js.map +1 -0
- package/dist/config/nestjs/config-kit.module.d.ts +37 -0
- package/dist/config/nestjs/config-kit.module.d.ts.map +1 -0
- package/dist/config/nestjs/config-kit.module.js +24 -0
- package/dist/config/nestjs/config-kit.module.js.map +1 -0
- package/dist/http/adapters/zod-schema.d.ts +11 -0
- package/dist/http/adapters/zod-schema.d.ts.map +1 -0
- package/dist/http/adapters/zod-schema.js +74 -0
- package/dist/http/adapters/zod-schema.js.map +1 -0
- package/dist/http/core/context.d.ts +25 -0
- package/dist/http/core/context.d.ts.map +1 -0
- package/dist/http/core/context.js +60 -0
- package/dist/http/core/context.js.map +1 -0
- package/dist/http/core/errors.d.ts +41 -0
- package/dist/http/core/errors.d.ts.map +1 -0
- package/dist/http/core/errors.js +99 -0
- package/dist/http/core/errors.js.map +1 -0
- package/dist/http/core/kernel.d.ts +54 -0
- package/dist/http/core/kernel.d.ts.map +1 -0
- package/dist/http/core/kernel.js +122 -0
- package/dist/http/core/kernel.js.map +1 -0
- package/dist/http/core/openapi.d.ts +37 -0
- package/dist/http/core/openapi.d.ts.map +1 -0
- package/dist/http/core/openapi.js +99 -0
- package/dist/http/core/openapi.js.map +1 -0
- package/dist/http/core/pagination.d.ts +17 -0
- package/dist/http/core/pagination.d.ts.map +1 -0
- package/dist/http/core/pagination.js +108 -0
- package/dist/http/core/pagination.js.map +1 -0
- package/dist/http/core/ports.d.ts +106 -0
- package/dist/http/core/ports.d.ts.map +1 -0
- package/dist/http/core/ports.js +6 -0
- package/dist/http/core/ports.js.map +1 -0
- package/dist/http/core/redaction.d.ts +8 -0
- package/dist/http/core/redaction.d.ts.map +1 -0
- package/dist/http/core/redaction.js +45 -0
- package/dist/http/core/redaction.js.map +1 -0
- package/dist/http/core/router.d.ts +37 -0
- package/dist/http/core/router.d.ts.map +1 -0
- package/dist/http/core/router.js +120 -0
- package/dist/http/core/router.js.map +1 -0
- package/dist/http/core/security.d.ts +43 -0
- package/dist/http/core/security.d.ts.map +1 -0
- package/dist/http/core/security.js +66 -0
- package/dist/http/core/security.js.map +1 -0
- package/dist/http/core/validation.d.ts +9 -0
- package/dist/http/core/validation.d.ts.map +1 -0
- package/dist/http/core/validation.js +36 -0
- package/dist/http/core/validation.js.map +1 -0
- package/dist/http/index.d.ts +20 -0
- package/dist/http/index.d.ts.map +1 -0
- package/dist/http/index.js +29 -0
- package/dist/http/index.js.map +1 -0
- package/dist/http/nestjs/http-kernel.module.d.ts +37 -0
- package/dist/http/nestjs/http-kernel.module.d.ts.map +1 -0
- package/dist/http/nestjs/http-kernel.module.js +77 -0
- package/dist/http/nestjs/http-kernel.module.js.map +1 -0
- package/dist/http/nodejs/http-adapter.d.ts +11 -0
- package/dist/http/nodejs/http-adapter.d.ts.map +1 -0
- package/dist/http/nodejs/http-adapter.js +60 -0
- package/dist/http/nodejs/http-adapter.js.map +1 -0
- package/dist/i18n/core/catalog.d.ts +23 -0
- package/dist/i18n/core/catalog.d.ts.map +1 -0
- package/dist/i18n/core/catalog.js +31 -0
- package/dist/i18n/core/catalog.js.map +1 -0
- package/dist/i18n/core/errors.d.ts +14 -0
- package/dist/i18n/core/errors.d.ts.map +1 -0
- package/dist/i18n/core/errors.js +22 -0
- package/dist/i18n/core/errors.js.map +1 -0
- package/dist/i18n/core/i18n.d.ts +20 -0
- package/dist/i18n/core/i18n.d.ts.map +1 -0
- package/dist/i18n/core/i18n.js +48 -0
- package/dist/i18n/core/i18n.js.map +1 -0
- package/dist/i18n/core/message.d.ts +8 -0
- package/dist/i18n/core/message.d.ts.map +1 -0
- package/dist/i18n/core/message.js +38 -0
- package/dist/i18n/core/message.js.map +1 -0
- package/dist/i18n/core/negotiate.d.ts +13 -0
- package/dist/i18n/core/negotiate.d.ts.map +1 -0
- package/dist/i18n/core/negotiate.js +46 -0
- package/dist/i18n/core/negotiate.js.map +1 -0
- package/dist/i18n/core/ports.d.ts +35 -0
- package/dist/i18n/core/ports.d.ts.map +1 -0
- package/dist/i18n/core/ports.js +6 -0
- package/dist/i18n/core/ports.js.map +1 -0
- package/dist/i18n/index.d.ts +14 -0
- package/dist/i18n/index.d.ts.map +1 -0
- package/dist/i18n/index.js +18 -0
- package/dist/i18n/index.js.map +1 -0
- package/dist/i18n/nestjs/i18n.module.d.ts +16 -0
- package/dist/i18n/nestjs/i18n.module.d.ts.map +1 -0
- package/dist/i18n/nestjs/i18n.module.js +17 -0
- package/dist/i18n/nestjs/i18n.module.js.map +1 -0
- package/dist/index.d.ts +31 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +31 -0
- package/dist/index.js.map +1 -0
- package/dist/jobs/adapters/in-memory-idempotency.d.ts +9 -0
- package/dist/jobs/adapters/in-memory-idempotency.d.ts.map +1 -0
- package/dist/jobs/adapters/in-memory-idempotency.js +34 -0
- package/dist/jobs/adapters/in-memory-idempotency.js.map +1 -0
- package/dist/jobs/adapters/in-memory-queue-store.d.ts +7 -0
- package/dist/jobs/adapters/in-memory-queue-store.d.ts.map +1 -0
- package/dist/jobs/adapters/in-memory-queue-store.js +70 -0
- package/dist/jobs/adapters/in-memory-queue-store.js.map +1 -0
- package/dist/jobs/adapters/redis-queue-store.d.ts +28 -0
- package/dist/jobs/adapters/redis-queue-store.d.ts.map +1 -0
- package/dist/jobs/adapters/redis-queue-store.js +86 -0
- package/dist/jobs/adapters/redis-queue-store.js.map +1 -0
- package/dist/jobs/core/backoff.d.ts +15 -0
- package/dist/jobs/core/backoff.d.ts.map +1 -0
- package/dist/jobs/core/backoff.js +20 -0
- package/dist/jobs/core/backoff.js.map +1 -0
- package/dist/jobs/core/cron.d.ts +13 -0
- package/dist/jobs/core/cron.d.ts.map +1 -0
- package/dist/jobs/core/cron.js +101 -0
- package/dist/jobs/core/cron.js.map +1 -0
- package/dist/jobs/core/errors.d.ts +18 -0
- package/dist/jobs/core/errors.d.ts.map +1 -0
- package/dist/jobs/core/errors.js +30 -0
- package/dist/jobs/core/errors.js.map +1 -0
- package/dist/jobs/core/ports.d.ts +80 -0
- package/dist/jobs/core/ports.d.ts.map +1 -0
- package/dist/jobs/core/ports.js +6 -0
- package/dist/jobs/core/ports.js.map +1 -0
- package/dist/jobs/core/queue.d.ts +16 -0
- package/dist/jobs/core/queue.d.ts.map +1 -0
- package/dist/jobs/core/queue.js +29 -0
- package/dist/jobs/core/queue.js.map +1 -0
- package/dist/jobs/core/registry.d.ts +4 -0
- package/dist/jobs/core/registry.d.ts.map +1 -0
- package/dist/jobs/core/registry.js +11 -0
- package/dist/jobs/core/registry.js.map +1 -0
- package/dist/jobs/core/scheduler.d.ts +30 -0
- package/dist/jobs/core/scheduler.d.ts.map +1 -0
- package/dist/jobs/core/scheduler.js +53 -0
- package/dist/jobs/core/scheduler.js.map +1 -0
- package/dist/jobs/core/serializer.d.ts +3 -0
- package/dist/jobs/core/serializer.d.ts.map +1 -0
- package/dist/jobs/core/serializer.js +5 -0
- package/dist/jobs/core/serializer.js.map +1 -0
- package/dist/jobs/core/worker.d.ts +28 -0
- package/dist/jobs/core/worker.d.ts.map +1 -0
- package/dist/jobs/core/worker.js +118 -0
- package/dist/jobs/core/worker.js.map +1 -0
- package/dist/jobs/index.d.ts +18 -0
- package/dist/jobs/index.d.ts.map +1 -0
- package/dist/jobs/index.js +23 -0
- package/dist/jobs/index.js.map +1 -0
- package/dist/mailer/adapters/dev-inbox.d.ts +17 -0
- package/dist/mailer/adapters/dev-inbox.d.ts.map +1 -0
- package/dist/mailer/adapters/dev-inbox.js +29 -0
- package/dist/mailer/adapters/dev-inbox.js.map +1 -0
- package/dist/mailer/adapters/i18n-renderer.d.ts +13 -0
- package/dist/mailer/adapters/i18n-renderer.d.ts.map +1 -0
- package/dist/mailer/adapters/i18n-renderer.js +27 -0
- package/dist/mailer/adapters/i18n-renderer.js.map +1 -0
- package/dist/mailer/adapters/in-memory-templates.d.ts +6 -0
- package/dist/mailer/adapters/in-memory-templates.d.ts.map +1 -0
- package/dist/mailer/adapters/in-memory-templates.js +6 -0
- package/dist/mailer/adapters/in-memory-templates.js.map +1 -0
- package/dist/mailer/adapters/transports.d.ts +19 -0
- package/dist/mailer/adapters/transports.d.ts.map +1 -0
- package/dist/mailer/adapters/transports.js +38 -0
- package/dist/mailer/adapters/transports.js.map +1 -0
- package/dist/mailer/core/errors.d.ts +23 -0
- package/dist/mailer/core/errors.d.ts.map +1 -0
- package/dist/mailer/core/errors.js +40 -0
- package/dist/mailer/core/errors.js.map +1 -0
- package/dist/mailer/core/failover.d.ts +3 -0
- package/dist/mailer/core/failover.d.ts.map +1 -0
- package/dist/mailer/core/failover.js +30 -0
- package/dist/mailer/core/failover.js.map +1 -0
- package/dist/mailer/core/mailer.d.ts +25 -0
- package/dist/mailer/core/mailer.d.ts.map +1 -0
- package/dist/mailer/core/mailer.js +61 -0
- package/dist/mailer/core/mailer.js.map +1 -0
- package/dist/mailer/core/ports.d.ts +54 -0
- package/dist/mailer/core/ports.d.ts.map +1 -0
- package/dist/mailer/core/ports.js +6 -0
- package/dist/mailer/core/ports.js.map +1 -0
- package/dist/mailer/core/render.d.ts +4 -0
- package/dist/mailer/core/render.d.ts.map +1 -0
- package/dist/mailer/core/render.js +29 -0
- package/dist/mailer/core/render.js.map +1 -0
- package/dist/mailer/index.d.ts +17 -0
- package/dist/mailer/index.d.ts.map +1 -0
- package/dist/mailer/index.js +21 -0
- package/dist/mailer/index.js.map +1 -0
- package/dist/mailer/nestjs/mailer.module.d.ts +17 -0
- package/dist/mailer/nestjs/mailer.module.d.ts.map +1 -0
- package/dist/mailer/nestjs/mailer.module.js +15 -0
- package/dist/mailer/nestjs/mailer.module.js.map +1 -0
- package/dist/observability/core/context.d.ts +9 -0
- package/dist/observability/core/context.d.ts.map +1 -0
- package/dist/observability/core/context.js +15 -0
- package/dist/observability/core/context.js.map +1 -0
- package/dist/observability/core/health.d.ts +40 -0
- package/dist/observability/core/health.d.ts.map +1 -0
- package/dist/observability/core/health.js +51 -0
- package/dist/observability/core/health.js.map +1 -0
- package/dist/observability/core/logger.d.ts +22 -0
- package/dist/observability/core/logger.d.ts.map +1 -0
- package/dist/observability/core/logger.js +45 -0
- package/dist/observability/core/logger.js.map +1 -0
- package/dist/observability/core/metrics.d.ts +63 -0
- package/dist/observability/core/metrics.d.ts.map +1 -0
- package/dist/observability/core/metrics.js +172 -0
- package/dist/observability/core/metrics.js.map +1 -0
- package/dist/observability/core/redaction.d.ts +10 -0
- package/dist/observability/core/redaction.d.ts.map +1 -0
- package/dist/observability/core/redaction.js +48 -0
- package/dist/observability/core/redaction.js.map +1 -0
- package/dist/observability/core/tracing.d.ts +52 -0
- package/dist/observability/core/tracing.d.ts.map +1 -0
- package/dist/observability/core/tracing.js +88 -0
- package/dist/observability/core/tracing.js.map +1 -0
- package/dist/observability/index.d.ts +14 -0
- package/dist/observability/index.d.ts.map +1 -0
- package/dist/observability/index.js +19 -0
- package/dist/observability/index.js.map +1 -0
- package/dist/observability/nestjs/observability.module.d.ts +35 -0
- package/dist/observability/nestjs/observability.module.d.ts.map +1 -0
- package/dist/observability/nestjs/observability.module.js +87 -0
- package/dist/observability/nestjs/observability.module.js.map +1 -0
- package/dist/persistence/adapters/in-memory-driver.d.ts +18 -0
- package/dist/persistence/adapters/in-memory-driver.d.ts.map +1 -0
- package/dist/persistence/adapters/in-memory-driver.js +229 -0
- package/dist/persistence/adapters/in-memory-driver.js.map +1 -0
- package/dist/persistence/adapters/pg-driver.d.ts +21 -0
- package/dist/persistence/adapters/pg-driver.d.ts.map +1 -0
- package/dist/persistence/adapters/pg-driver.js +42 -0
- package/dist/persistence/adapters/pg-driver.js.map +1 -0
- package/dist/persistence/adapters/testcontainer-harness.d.ts +37 -0
- package/dist/persistence/adapters/testcontainer-harness.d.ts.map +1 -0
- package/dist/persistence/adapters/testcontainer-harness.js +79 -0
- package/dist/persistence/adapters/testcontainer-harness.js.map +1 -0
- package/dist/persistence/core/errors.d.ts +36 -0
- package/dist/persistence/core/errors.d.ts.map +1 -0
- package/dist/persistence/core/errors.js +58 -0
- package/dist/persistence/core/errors.js.map +1 -0
- package/dist/persistence/core/migrations.d.ts +16 -0
- package/dist/persistence/core/migrations.d.ts.map +1 -0
- package/dist/persistence/core/migrations.js +95 -0
- package/dist/persistence/core/migrations.js.map +1 -0
- package/dist/persistence/core/pool.d.ts +4 -0
- package/dist/persistence/core/pool.d.ts.map +1 -0
- package/dist/persistence/core/pool.js +180 -0
- package/dist/persistence/core/pool.js.map +1 -0
- package/dist/persistence/core/ports.d.ts +91 -0
- package/dist/persistence/core/ports.d.ts.map +1 -0
- package/dist/persistence/core/ports.js +6 -0
- package/dist/persistence/core/ports.js.map +1 -0
- package/dist/persistence/core/repository.d.ts +18 -0
- package/dist/persistence/core/repository.d.ts.map +1 -0
- package/dist/persistence/core/repository.js +113 -0
- package/dist/persistence/core/repository.js.map +1 -0
- package/dist/persistence/core/sql.d.ts +13 -0
- package/dist/persistence/core/sql.d.ts.map +1 -0
- package/dist/persistence/core/sql.js +35 -0
- package/dist/persistence/core/sql.js.map +1 -0
- package/dist/persistence/index.d.ts +14 -0
- package/dist/persistence/index.d.ts.map +1 -0
- package/dist/persistence/index.js +22 -0
- package/dist/persistence/index.js.map +1 -0
- package/dist/persistence/pg.d.ts +7 -0
- package/dist/persistence/pg.d.ts.map +1 -0
- package/dist/persistence/pg.js +7 -0
- package/dist/persistence/pg.js.map +1 -0
- package/dist/privacy/adapters/audit-sink.d.ts +19 -0
- package/dist/privacy/adapters/audit-sink.d.ts.map +1 -0
- package/dist/privacy/adapters/audit-sink.js +13 -0
- package/dist/privacy/adapters/audit-sink.js.map +1 -0
- package/dist/privacy/adapters/in-memory-consent-store.d.ts +7 -0
- package/dist/privacy/adapters/in-memory-consent-store.d.ts.map +1 -0
- package/dist/privacy/adapters/in-memory-consent-store.js +18 -0
- package/dist/privacy/adapters/in-memory-consent-store.js.map +1 -0
- package/dist/privacy/adapters/pg-consent-store.d.ts +26 -0
- package/dist/privacy/adapters/pg-consent-store.d.ts.map +1 -0
- package/dist/privacy/adapters/pg-consent-store.js +43 -0
- package/dist/privacy/adapters/pg-consent-store.js.map +1 -0
- package/dist/privacy/core/consent.d.ts +35 -0
- package/dist/privacy/core/consent.d.ts.map +1 -0
- package/dist/privacy/core/consent.js +49 -0
- package/dist/privacy/core/consent.js.map +1 -0
- package/dist/privacy/core/erasure.d.ts +22 -0
- package/dist/privacy/core/erasure.d.ts.map +1 -0
- package/dist/privacy/core/erasure.js +35 -0
- package/dist/privacy/core/erasure.js.map +1 -0
- package/dist/privacy/core/errors.d.ts +18 -0
- package/dist/privacy/core/errors.d.ts.map +1 -0
- package/dist/privacy/core/errors.js +30 -0
- package/dist/privacy/core/errors.js.map +1 -0
- package/dist/privacy/core/export.d.ts +20 -0
- package/dist/privacy/core/export.d.ts.map +1 -0
- package/dist/privacy/core/export.js +30 -0
- package/dist/privacy/core/export.js.map +1 -0
- package/dist/privacy/core/ports.d.ts +48 -0
- package/dist/privacy/core/ports.d.ts.map +1 -0
- package/dist/privacy/core/ports.js +6 -0
- package/dist/privacy/core/ports.js.map +1 -0
- package/dist/privacy/core/registry.d.ts +17 -0
- package/dist/privacy/core/registry.d.ts.map +1 -0
- package/dist/privacy/core/registry.js +31 -0
- package/dist/privacy/core/registry.js.map +1 -0
- package/dist/privacy/index.d.ts +16 -0
- package/dist/privacy/index.d.ts.map +1 -0
- package/dist/privacy/index.js +21 -0
- package/dist/privacy/index.js.map +1 -0
- package/dist/rate-limit/adapters/in-memory-store.d.ts +7 -0
- package/dist/rate-limit/adapters/in-memory-store.d.ts.map +1 -0
- package/dist/rate-limit/adapters/in-memory-store.js +50 -0
- package/dist/rate-limit/adapters/in-memory-store.js.map +1 -0
- package/dist/rate-limit/adapters/redis-store.d.ts +11 -0
- package/dist/rate-limit/adapters/redis-store.d.ts.map +1 -0
- package/dist/rate-limit/adapters/redis-store.js +93 -0
- package/dist/rate-limit/adapters/redis-store.js.map +1 -0
- package/dist/rate-limit/core/enforcer.d.ts +23 -0
- package/dist/rate-limit/core/enforcer.d.ts.map +1 -0
- package/dist/rate-limit/core/enforcer.js +27 -0
- package/dist/rate-limit/core/enforcer.js.map +1 -0
- package/dist/rate-limit/core/errors.d.ts +19 -0
- package/dist/rate-limit/core/errors.d.ts.map +1 -0
- package/dist/rate-limit/core/errors.js +32 -0
- package/dist/rate-limit/core/errors.js.map +1 -0
- package/dist/rate-limit/core/ports.d.ts +50 -0
- package/dist/rate-limit/core/ports.d.ts.map +1 -0
- package/dist/rate-limit/core/ports.js +6 -0
- package/dist/rate-limit/core/ports.js.map +1 -0
- package/dist/rate-limit/core/sliding-window.d.ts +9 -0
- package/dist/rate-limit/core/sliding-window.d.ts.map +1 -0
- package/dist/rate-limit/core/sliding-window.js +24 -0
- package/dist/rate-limit/core/sliding-window.js.map +1 -0
- package/dist/rate-limit/core/token-bucket.d.ts +9 -0
- package/dist/rate-limit/core/token-bucket.d.ts.map +1 -0
- package/dist/rate-limit/core/token-bucket.js +24 -0
- package/dist/rate-limit/core/token-bucket.js.map +1 -0
- package/dist/rate-limit/index.d.ts +15 -0
- package/dist/rate-limit/index.d.ts.map +1 -0
- package/dist/rate-limit/index.js +19 -0
- package/dist/rate-limit/index.js.map +1 -0
- package/dist/rate-limit/nestjs/rate-limit.module.d.ts +25 -0
- package/dist/rate-limit/nestjs/rate-limit.module.d.ts.map +1 -0
- package/dist/rate-limit/nestjs/rate-limit.module.js +63 -0
- package/dist/rate-limit/nestjs/rate-limit.module.js.map +1 -0
- package/dist/rate-limit/nodejs/middleware.d.ts +16 -0
- package/dist/rate-limit/nodejs/middleware.d.ts.map +1 -0
- package/dist/rate-limit/nodejs/middleware.js +26 -0
- package/dist/rate-limit/nodejs/middleware.js.map +1 -0
- package/dist/test-kit/adapters/infra-bootstrap.d.ts +40 -0
- package/dist/test-kit/adapters/infra-bootstrap.d.ts.map +1 -0
- package/dist/test-kit/adapters/infra-bootstrap.js +64 -0
- package/dist/test-kit/adapters/infra-bootstrap.js.map +1 -0
- package/dist/test-kit/core/contract.d.ts +49 -0
- package/dist/test-kit/core/contract.d.ts.map +1 -0
- package/dist/test-kit/core/contract.js +52 -0
- package/dist/test-kit/core/contract.js.map +1 -0
- package/dist/test-kit/core/errors.d.ts +12 -0
- package/dist/test-kit/core/errors.d.ts.map +1 -0
- package/dist/test-kit/core/errors.js +19 -0
- package/dist/test-kit/core/errors.js.map +1 -0
- package/dist/test-kit/core/factories.d.ts +24 -0
- package/dist/test-kit/core/factories.d.ts.map +1 -0
- package/dist/test-kit/core/factories.js +57 -0
- package/dist/test-kit/core/factories.js.map +1 -0
- package/dist/test-kit/core/http-client.d.ts +46 -0
- package/dist/test-kit/core/http-client.d.ts.map +1 -0
- package/dist/test-kit/core/http-client.js +63 -0
- package/dist/test-kit/core/http-client.js.map +1 -0
- package/dist/test-kit/index.d.ts +10 -0
- package/dist/test-kit/index.d.ts.map +1 -0
- package/dist/test-kit/index.js +14 -0
- package/dist/test-kit/index.js.map +1 -0
- package/dist/test-kit/infra.d.ts +6 -0
- package/dist/test-kit/infra.d.ts.map +1 -0
- package/dist/test-kit/infra.js +6 -0
- package/dist/test-kit/infra.js.map +1 -0
- package/package.json +170 -0
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Foutentaxonomie voor audit-log.
|
|
3
|
+
*/
|
|
4
|
+
export class AuditError extends Error {
|
|
5
|
+
code;
|
|
6
|
+
constructor(message, code) {
|
|
7
|
+
super(message);
|
|
8
|
+
this.name = new.target.name;
|
|
9
|
+
this.code = code;
|
|
10
|
+
Object.setPrototypeOf(this, new.target.prototype);
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
/** Ontbrekend/ongeldig verplicht veld bij append of query (US-1001 AC3, US-1003 AC3). */
|
|
14
|
+
export class AuditValidationError extends AuditError {
|
|
15
|
+
field;
|
|
16
|
+
constructor(field, reason) {
|
|
17
|
+
super(`Ongeldig audit-veld "${field}": ${reason}`, 'AUDIT_VALIDATION');
|
|
18
|
+
this.field = field;
|
|
19
|
+
}
|
|
20
|
+
}
|
|
21
|
+
/** Onbekend event-type (niet in de geïnjecteerde registry) (US-1001 AC2). */
|
|
22
|
+
export class UnknownEventTypeError extends AuditError {
|
|
23
|
+
action;
|
|
24
|
+
constructor(action) {
|
|
25
|
+
super(`Onbekend event-type (action): "${action}"`, 'UNKNOWN_EVENT_TYPE');
|
|
26
|
+
this.action = action;
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
/** Poging tot mutatie van een append-only record (US-1002 AC3). */
|
|
30
|
+
export class ImmutabilityError extends AuditError {
|
|
31
|
+
constructor() {
|
|
32
|
+
super('Audit-records zijn append-only; wijzigen/verwijderen is niet toegestaan', 'AUDIT_IMMUTABLE');
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
//# sourceMappingURL=errors.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/audit/core/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,OAAO,UAAW,SAAQ,KAAK;IAC1B,IAAI,CAAS;IACtB,YAAY,OAAe,EAAE,IAAY;QACvC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;QAC5B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAED,yFAAyF;AACzF,MAAM,OAAO,oBAAqB,SAAQ,UAAU;IACzC,KAAK,CAAS;IACvB,YAAY,KAAa,EAAE,MAAc;QACvC,KAAK,CAAC,wBAAwB,KAAK,MAAM,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC;QACvE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;CACF;AAED,6EAA6E;AAC7E,MAAM,OAAO,qBAAsB,SAAQ,UAAU;IAC1C,MAAM,CAAS;IACxB,YAAY,MAAc;QACxB,KAAK,CAAC,kCAAkC,MAAM,GAAG,EAAE,oBAAoB,CAAC,CAAC;QACzE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAED,mEAAmE;AACnE,MAAM,OAAO,iBAAkB,SAAQ,UAAU;IAC/C;QACE,KAAK,CAAC,yEAAyE,EAAE,iBAAiB,CAAC,CAAC;IACtG,CAAC;CACF"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import type { ComputeHash, Hasher } from './ports.js';
|
|
2
|
+
/** prevHash van het eerste record (genesis). */
|
|
3
|
+
export declare const GENESIS = "";
|
|
4
|
+
export declare function sha256Hasher(): Hasher;
|
|
5
|
+
/** Canonieke JSON met recursief gesorteerde object-keys (stabiele serialisatie). */
|
|
6
|
+
export declare function canonicalJson(value: unknown): string;
|
|
7
|
+
/** Bouwt een {@link ComputeHash} uit een {@link Hasher}. */
|
|
8
|
+
export declare function makeComputeHash(hasher: Hasher): ComputeHash;
|
|
9
|
+
//# sourceMappingURL=hash.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hash.d.ts","sourceRoot":"","sources":["../../../src/audit/core/hash.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAmB,WAAW,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAEvE,gDAAgD;AAChD,eAAO,MAAM,OAAO,KAAK,CAAC;AAE1B,wBAAgB,YAAY,IAAI,MAAM,CAKrC;AAED,oFAAoF;AACpF,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAEpD;AAcD,4DAA4D;AAC5D,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,CAa3D"}
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* US-1002 — Hash-keten: elk record hasht zijn eigen inhoud plus de hash van het vorige record.
|
|
3
|
+
* Serialisatie is canoniek (gesorteerde keys) zodat de hash stabiel en reproduceerbaar is.
|
|
4
|
+
*/
|
|
5
|
+
import { createHash } from 'node:crypto';
|
|
6
|
+
/** prevHash van het eerste record (genesis). */
|
|
7
|
+
export const GENESIS = '';
|
|
8
|
+
export function sha256Hasher() {
|
|
9
|
+
return {
|
|
10
|
+
algorithm: 'sha256',
|
|
11
|
+
hash: (data) => createHash('sha256').update(data).digest('hex'),
|
|
12
|
+
};
|
|
13
|
+
}
|
|
14
|
+
/** Canonieke JSON met recursief gesorteerde object-keys (stabiele serialisatie). */
|
|
15
|
+
export function canonicalJson(value) {
|
|
16
|
+
return JSON.stringify(sortKeys(value));
|
|
17
|
+
}
|
|
18
|
+
function sortKeys(value) {
|
|
19
|
+
if (Array.isArray(value))
|
|
20
|
+
return value.map(sortKeys);
|
|
21
|
+
if (value && typeof value === 'object') {
|
|
22
|
+
const out = {};
|
|
23
|
+
for (const key of Object.keys(value).sort()) {
|
|
24
|
+
out[key] = sortKeys(value[key]);
|
|
25
|
+
}
|
|
26
|
+
return out;
|
|
27
|
+
}
|
|
28
|
+
return value;
|
|
29
|
+
}
|
|
30
|
+
/** Bouwt een {@link ComputeHash} uit een {@link Hasher}. */
|
|
31
|
+
export function makeComputeHash(hasher) {
|
|
32
|
+
return (sequence, prevHash, input) => {
|
|
33
|
+
const payload = [
|
|
34
|
+
String(sequence),
|
|
35
|
+
input.actor,
|
|
36
|
+
input.action,
|
|
37
|
+
input.target,
|
|
38
|
+
String(input.timestamp),
|
|
39
|
+
canonicalJson(input.meta),
|
|
40
|
+
prevHash,
|
|
41
|
+
].join('\n');
|
|
42
|
+
return hasher.hash(payload);
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
//# sourceMappingURL=hash.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hash.js","sourceRoot":"","sources":["../../../src/audit/core/hash.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzC,gDAAgD;AAChD,MAAM,CAAC,MAAM,OAAO,GAAG,EAAE,CAAC;AAE1B,MAAM,UAAU,YAAY;IAC1B,OAAO;QACL,SAAS,EAAE,QAAQ;QACnB,IAAI,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;KAChE,CAAC;AACJ,CAAC;AAED,oFAAoF;AACpF,MAAM,UAAU,aAAa,CAAC,KAAc;IAC1C,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACrD,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvC,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,KAAgC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YACvE,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAE,KAAiC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,4DAA4D;AAC5D,MAAM,UAAU,eAAe,CAAC,MAAc;IAC5C,OAAO,CAAC,QAAgB,EAAE,QAAgB,EAAE,KAAsB,EAAU,EAAE;QAC5E,MAAM,OAAO,GAAG;YACd,MAAM,CAAC,QAAQ,CAAC;YAChB,KAAK,CAAC,KAAK;YACX,KAAK,CAAC,MAAM;YACZ,KAAK,CAAC,MAAM;YACZ,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC;YACvB,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC;YACzB,QAAQ;SACT,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACb,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Poorten & types voor de audit-log-kit. Event-types, de store (repository), de klok en het
|
|
3
|
+
* hash-algoritme worden geïnjecteerd; de kit bevat geen domeinkennis.
|
|
4
|
+
*/
|
|
5
|
+
export type Clock = () => number;
|
|
6
|
+
/** Eén onveranderlijk audit-record in de hash-keten. */
|
|
7
|
+
export interface AuditRecord {
|
|
8
|
+
/** Monotone, unieke volgnummer. */
|
|
9
|
+
sequence: number;
|
|
10
|
+
actor: string;
|
|
11
|
+
action: string;
|
|
12
|
+
target: string;
|
|
13
|
+
/** Server-timestamp (ms epoch) via de Clock-port. */
|
|
14
|
+
timestamp: number;
|
|
15
|
+
meta: Record<string, unknown>;
|
|
16
|
+
/** Hash van het vorige record (leeg voor het eerste). */
|
|
17
|
+
prevHash: string;
|
|
18
|
+
/** Hash over de eigen inhoud + prevHash. */
|
|
19
|
+
hash: string;
|
|
20
|
+
}
|
|
21
|
+
/** Invoer voor één append (server vult sequence/timestamp/hash in). */
|
|
22
|
+
export interface AuditEventInput {
|
|
23
|
+
actor: string;
|
|
24
|
+
action: string;
|
|
25
|
+
target: string;
|
|
26
|
+
timestamp: number;
|
|
27
|
+
meta: Record<string, unknown>;
|
|
28
|
+
}
|
|
29
|
+
/** Berekent de record-hash uit (sequence, prevHash, input). Puur; door de kit aangeleverd. */
|
|
30
|
+
export type ComputeHash = (sequence: number, prevHash: string, input: AuditEventInput) => string;
|
|
31
|
+
export interface QueryFilter {
|
|
32
|
+
actor?: string;
|
|
33
|
+
action?: string;
|
|
34
|
+
target?: string;
|
|
35
|
+
/** Tijdsbereik (ms epoch), inclusief. */
|
|
36
|
+
fromMs?: number;
|
|
37
|
+
toMs?: number;
|
|
38
|
+
}
|
|
39
|
+
export interface QueryPagination {
|
|
40
|
+
/** Sequence waarna wordt doorgepagineerd (exclusief). */
|
|
41
|
+
cursor?: number;
|
|
42
|
+
pageSize: number;
|
|
43
|
+
}
|
|
44
|
+
export interface QueryResult {
|
|
45
|
+
items: AuditRecord[];
|
|
46
|
+
/** Sequence voor de volgende pagina, of `null` als er geen is. */
|
|
47
|
+
nextCursor: number | null;
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Append-only store-poort. Bevat bewust géén update/delete van losse records (immutability); alleen
|
|
51
|
+
* `purgeOlderThan` voor gecontroleerde retentie. `append` assembleert de keten atomair.
|
|
52
|
+
*/
|
|
53
|
+
export interface AuditStore {
|
|
54
|
+
/** Atomair: bepaal sequence + prevHash, bereken de hash en voeg het record toe. */
|
|
55
|
+
append(input: AuditEventInput, computeHash: ComputeHash): Promise<AuditRecord>;
|
|
56
|
+
query(filter: QueryFilter, pagination: QueryPagination): Promise<QueryResult>;
|
|
57
|
+
/** Alle records oplopend op sequence (voor verificatie/export). */
|
|
58
|
+
all(): Promise<AuditRecord[]>;
|
|
59
|
+
/** Retentie: verwijder records met timestamp < cutoff. Retourneert de afgevoerde records. */
|
|
60
|
+
purgeOlderThan(cutoffMs: number): Promise<AuditRecord[]>;
|
|
61
|
+
count(): Promise<number>;
|
|
62
|
+
}
|
|
63
|
+
/** Injecteerbaar hash-algoritme (default sha256). */
|
|
64
|
+
export interface Hasher {
|
|
65
|
+
algorithm: string;
|
|
66
|
+
hash(data: string): string;
|
|
67
|
+
}
|
|
68
|
+
//# sourceMappingURL=ports.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ports.d.ts","sourceRoot":"","sources":["../../../src/audit/core/ports.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC;AAEjC,wDAAwD;AACxD,MAAM,WAAW,WAAW;IAC1B,mCAAmC;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,qDAAqD;IACrD,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,yDAAyD;IACzD,QAAQ,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,IAAI,EAAE,MAAM,CAAC;CACd;AAED,uEAAuE;AACvE,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/B;AAED,8FAA8F;AAC9F,MAAM,MAAM,WAAW,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,KAAK,MAAM,CAAC;AAEjG,MAAM,WAAW,WAAW;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yCAAyC;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,WAAW,EAAE,CAAC;IACrB,kEAAkE;IAClE,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,mFAAmF;IACnF,MAAM,CAAC,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAC/E,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,eAAe,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAC9E,mEAAmE;IACnE,GAAG,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IAC9B,6FAA6F;IAC7F,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IACzD,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;CAC1B;AAED,qDAAqD;AACrD,MAAM,WAAW,MAAM;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;CAC5B"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ports.js","sourceRoot":"","sources":["../../../src/audit/core/ports.ts"],"names":[],"mappings":"AAAA;;;GAGG"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `audit-log` kit — domein-loos, onveranderlijk logboek: append-only events (actor/action/target/meta)
|
|
3
|
+
* met een hash-keten (tamper-evidence), read-only gefilterde/gepagineerde query, en retentie +
|
|
4
|
+
* geverifieerde NDJSON-export. Pluggable store (in-memory + Postgres append-only); event-types worden
|
|
5
|
+
* geïnjecteerd.
|
|
6
|
+
*/
|
|
7
|
+
export { createAuditLog, type AuditLog, type AuditLogOptions, type AppendInput, type VerifyResult, type ExportResult, type ExportSummary, } from './core/audit-log.js';
|
|
8
|
+
export { sha256Hasher, canonicalJson, makeComputeHash, GENESIS } from './core/hash.js';
|
|
9
|
+
export type { Clock, AuditRecord, AuditEventInput, AuditStore, QueryFilter, QueryPagination, QueryResult, Hasher, ComputeHash, } from './core/ports.js';
|
|
10
|
+
export { AuditError, AuditValidationError, UnknownEventTypeError, ImmutabilityError, } from './core/errors.js';
|
|
11
|
+
export { inMemoryAuditStore } from './adapters/in-memory-store.js';
|
|
12
|
+
export { pgAuditStore, auditMigration, type SqlExecutor, type SqlExec, type PgAuditStoreOptions, } from './adapters/pg-store.js';
|
|
13
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/audit/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EACL,cAAc,EACd,KAAK,QAAQ,EACb,KAAK,eAAe,EACpB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,KAAK,aAAa,GACnB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAGvF,YAAY,EACV,KAAK,EACL,WAAW,EACX,eAAe,EACf,UAAU,EACV,WAAW,EACX,eAAe,EACf,WAAW,EACX,MAAM,EACN,WAAW,GACZ,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACL,UAAU,EACV,oBAAoB,EACpB,qBAAqB,EACrB,iBAAiB,GAClB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EACL,YAAY,EACZ,cAAc,EACd,KAAK,WAAW,EAChB,KAAK,OAAO,EACZ,KAAK,mBAAmB,GACzB,MAAM,wBAAwB,CAAC"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `audit-log` kit — domein-loos, onveranderlijk logboek: append-only events (actor/action/target/meta)
|
|
3
|
+
* met een hash-keten (tamper-evidence), read-only gefilterde/gepagineerde query, en retentie +
|
|
4
|
+
* geverifieerde NDJSON-export. Pluggable store (in-memory + Postgres append-only); event-types worden
|
|
5
|
+
* geïnjecteerd.
|
|
6
|
+
*/
|
|
7
|
+
// Service (US-1001..1004)
|
|
8
|
+
export { createAuditLog, } from './core/audit-log.js';
|
|
9
|
+
// Hash-keten
|
|
10
|
+
export { sha256Hasher, canonicalJson, makeComputeHash, GENESIS } from './core/hash.js';
|
|
11
|
+
// Fouten
|
|
12
|
+
export { AuditError, AuditValidationError, UnknownEventTypeError, ImmutabilityError, } from './core/errors.js';
|
|
13
|
+
// Adapters
|
|
14
|
+
export { inMemoryAuditStore } from './adapters/in-memory-store.js';
|
|
15
|
+
export { pgAuditStore, auditMigration, } from './adapters/pg-store.js';
|
|
16
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/audit/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,0BAA0B;AAC1B,OAAO,EACL,cAAc,GAOf,MAAM,qBAAqB,CAAC;AAE7B,aAAa;AACb,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAevF,SAAS;AACT,OAAO,EACL,UAAU,EACV,oBAAoB,EACpB,qBAAqB,EACrB,iBAAiB,GAClB,MAAM,kBAAkB,CAAC;AAE1B,WAAW;AACX,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EACL,YAAY,EACZ,cAAc,GAIf,MAAM,wBAAwB,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import type { PasswordHasher } from '../core/ports.js';
|
|
2
|
+
export interface Argon2idParams {
|
|
3
|
+
/** Geheugengrootte in KiB. Default 19456 (19 MiB, OWASP-richtlijn). */
|
|
4
|
+
memoryKiB?: number;
|
|
5
|
+
/** Iteraties (time cost). Default 2. */
|
|
6
|
+
iterations?: number;
|
|
7
|
+
/** Parallelisme (lanes). Default 1. */
|
|
8
|
+
parallelism?: number;
|
|
9
|
+
/** Lengte van de afgeleide hash in bytes. Default 32. */
|
|
10
|
+
hashLength?: number;
|
|
11
|
+
/** Saltlengte in bytes. Default 16. */
|
|
12
|
+
saltLength?: number;
|
|
13
|
+
}
|
|
14
|
+
export declare function argon2idHasher(params?: Argon2idParams): PasswordHasher;
|
|
15
|
+
//# sourceMappingURL=argon2id-hasher.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"argon2id-hasher.d.ts","sourceRoot":"","sources":["../../../src/auth/adapters/argon2id-hasher.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,cAAc,EAAgB,MAAM,kBAAkB,CAAC;AAErE,MAAM,WAAW,cAAc;IAC7B,uEAAuE;IACvE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,wCAAwC;IACxC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAiBD,wBAAgB,cAAc,CAAC,MAAM,GAAE,cAAmB,GAAG,cAAc,CA6B1E"}
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* US-0401 — argon2id-{@link PasswordHasher} bovenop `hash-wasm` (pure WASM, geen native build).
|
|
3
|
+
* Produceert een zelfbeschrijvende PHC-hashstring en berekent de rehash-policy door de parameters in
|
|
4
|
+
* de opgeslagen hash te vergelijken met de huidige config. `hash-wasm` wordt lazy geladen, zodat de
|
|
5
|
+
* kit importeerbaar blijft zonder die dep tot je daadwerkelijk hasht.
|
|
6
|
+
*/
|
|
7
|
+
import { randomBytes } from 'node:crypto';
|
|
8
|
+
import { UnsupportedHashError } from '../core/errors.js';
|
|
9
|
+
const DEFAULTS = {
|
|
10
|
+
memoryKiB: 19456,
|
|
11
|
+
iterations: 2,
|
|
12
|
+
parallelism: 1,
|
|
13
|
+
hashLength: 32,
|
|
14
|
+
saltLength: 16,
|
|
15
|
+
};
|
|
16
|
+
export function argon2idHasher(params = {}) {
|
|
17
|
+
const cfg = { ...DEFAULTS, ...params };
|
|
18
|
+
return {
|
|
19
|
+
async hash(password) {
|
|
20
|
+
const { argon2id } = await import('hash-wasm');
|
|
21
|
+
return argon2id({
|
|
22
|
+
password,
|
|
23
|
+
salt: randomBytes(cfg.saltLength),
|
|
24
|
+
parallelism: cfg.parallelism,
|
|
25
|
+
iterations: cfg.iterations,
|
|
26
|
+
memorySize: cfg.memoryKiB,
|
|
27
|
+
hashLength: cfg.hashLength,
|
|
28
|
+
outputType: 'encoded',
|
|
29
|
+
});
|
|
30
|
+
},
|
|
31
|
+
async verify(password, hash) {
|
|
32
|
+
const parsed = parsePhc(hash);
|
|
33
|
+
if (!parsed || parsed.algo !== 'argon2id') {
|
|
34
|
+
// Onbekend/niet-ondersteund formaat: expliciete, niet-lekkende fout (US-0401 AC3).
|
|
35
|
+
throw new UnsupportedHashError();
|
|
36
|
+
}
|
|
37
|
+
const { argon2Verify } = await import('hash-wasm');
|
|
38
|
+
const valid = await argon2Verify({ password, hash });
|
|
39
|
+
const needsRehash = valid && isWeaker(parsed, cfg);
|
|
40
|
+
return { valid, needsRehash };
|
|
41
|
+
},
|
|
42
|
+
};
|
|
43
|
+
}
|
|
44
|
+
function parsePhc(hash) {
|
|
45
|
+
// $argon2id$v=19$m=19456,t=2,p=1$<salt>$<hash>
|
|
46
|
+
const m = /^\$(argon2(?:id|i|d))\$v=\d+\$m=(\d+),t=(\d+),p=(\d+)\$/.exec(hash);
|
|
47
|
+
if (!m)
|
|
48
|
+
return null;
|
|
49
|
+
return {
|
|
50
|
+
algo: m[1],
|
|
51
|
+
memoryKiB: Number(m[2]),
|
|
52
|
+
iterations: Number(m[3]),
|
|
53
|
+
parallelism: Number(m[4]),
|
|
54
|
+
};
|
|
55
|
+
}
|
|
56
|
+
function isWeaker(parsed, cfg) {
|
|
57
|
+
return (parsed.memoryKiB < cfg.memoryKiB ||
|
|
58
|
+
parsed.iterations < cfg.iterations ||
|
|
59
|
+
parsed.parallelism < cfg.parallelism);
|
|
60
|
+
}
|
|
61
|
+
//# sourceMappingURL=argon2id-hasher.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"argon2id-hasher.js","sourceRoot":"","sources":["../../../src/auth/adapters/argon2id-hasher.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AAgBzD,MAAM,QAAQ,GAAG;IACf,SAAS,EAAE,KAAK;IAChB,UAAU,EAAE,CAAC;IACb,WAAW,EAAE,CAAC;IACd,UAAU,EAAE,EAAE;IACd,UAAU,EAAE,EAAE;CACf,CAAC;AASF,MAAM,UAAU,cAAc,CAAC,SAAyB,EAAE;IACxD,MAAM,GAAG,GAAG,EAAE,GAAG,QAAQ,EAAE,GAAG,MAAM,EAAE,CAAC;IAEvC,OAAO;QACL,KAAK,CAAC,IAAI,CAAC,QAAgB;YACzB,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;YAC/C,OAAO,QAAQ,CAAC;gBACd,QAAQ;gBACR,IAAI,EAAE,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC;gBACjC,WAAW,EAAE,GAAG,CAAC,WAAW;gBAC5B,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,UAAU,EAAE,GAAG,CAAC,SAAS;gBACzB,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,UAAU,EAAE,SAAS;aACtB,CAAC,CAAC;QACL,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,QAAgB,EAAE,IAAY;YACzC,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBAC1C,mFAAmF;gBACnF,MAAM,IAAI,oBAAoB,EAAE,CAAC;YACnC,CAAC;YACD,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;YACnD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;YACrD,MAAM,WAAW,GAAG,KAAK,IAAI,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACnD,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;QAChC,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ,CAAC,IAAY;IAC5B,+CAA+C;IAC/C,MAAM,CAAC,GAAG,yDAAyD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/E,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACpB,OAAO;QACL,IAAI,EAAE,CAAC,CAAC,CAAC,CAAW;QACpB,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACvB,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACxB,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;KAC1B,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ,CAAC,MAAiB,EAAE,GAAoB;IACvD,OAAO,CACL,MAAM,CAAC,SAAS,GAAG,GAAG,CAAC,SAAS;QAChC,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC,UAAU;QAClC,MAAM,CAAC,WAAW,GAAG,GAAG,CAAC,WAAW,CACrC,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Dep-vrije referentie-adapters (US-0404): in-memory implementaties van de token-, single-use-,
|
|
3
|
+
* `UserStore`- en `Mailer`-ports. Bedoeld voor tests en lokale ontwikkeling; productie-adapters
|
|
4
|
+
* (bv. bovenop persistence-kit / mailer-kit) levert het consumerende project.
|
|
5
|
+
*/
|
|
6
|
+
import type { MailMessage, Mailer, SingleUseStore, TokenStore, UserRecord, UserStore } from '../core/ports.js';
|
|
7
|
+
export declare function inMemoryTokenStore(): TokenStore;
|
|
8
|
+
export declare function inMemorySingleUseStore(): SingleUseStore;
|
|
9
|
+
export declare function inMemoryUserStore(seed?: UserRecord[]): UserStore;
|
|
10
|
+
/** In-memory mailer die verzonden berichten vasthoudt voor asserties. */
|
|
11
|
+
export declare function inMemoryMailer(): Mailer & {
|
|
12
|
+
readonly sent: MailMessage[];
|
|
13
|
+
};
|
|
14
|
+
//# sourceMappingURL=in-memory-stores.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"in-memory-stores.d.ts","sourceRoot":"","sources":["../../../src/auth/adapters/in-memory-stores.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,KAAK,EACV,WAAW,EACX,MAAM,EAGN,cAAc,EACd,UAAU,EACV,UAAU,EACV,SAAS,EACV,MAAM,kBAAkB,CAAC;AAE1B,wBAAgB,kBAAkB,IAAI,UAAU,CAwB/C;AAED,wBAAgB,sBAAsB,IAAI,cAAc,CAiBvD;AAED,wBAAgB,iBAAiB,CAAC,IAAI,GAAE,UAAU,EAAO,GAAG,SAAS,CAmBpE;AAED,yEAAyE;AACzE,wBAAgB,cAAc,IAAI,MAAM,GAAG;IAAE,QAAQ,CAAC,IAAI,EAAE,WAAW,EAAE,CAAA;CAAE,CAQ1E"}
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
export function inMemoryTokenStore() {
|
|
2
|
+
const refresh = new Map();
|
|
3
|
+
const denied = new Set();
|
|
4
|
+
return {
|
|
5
|
+
async saveRefresh(record) {
|
|
6
|
+
refresh.set(record.id, { ...record });
|
|
7
|
+
},
|
|
8
|
+
async findRefresh(id) {
|
|
9
|
+
const record = refresh.get(id);
|
|
10
|
+
return record ? { ...record } : null;
|
|
11
|
+
},
|
|
12
|
+
async markRefreshUsed(id) {
|
|
13
|
+
const record = refresh.get(id);
|
|
14
|
+
if (!record || record.usedAt !== undefined)
|
|
15
|
+
return false;
|
|
16
|
+
record.usedAt = Date.now();
|
|
17
|
+
return true;
|
|
18
|
+
},
|
|
19
|
+
async denyAccess(jti) {
|
|
20
|
+
denied.add(jti);
|
|
21
|
+
},
|
|
22
|
+
async isAccessDenied(jti) {
|
|
23
|
+
return denied.has(jti);
|
|
24
|
+
},
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
export function inMemorySingleUseStore() {
|
|
28
|
+
const store = new Map();
|
|
29
|
+
return {
|
|
30
|
+
async save(record) {
|
|
31
|
+
store.set(record.id, { ...record });
|
|
32
|
+
},
|
|
33
|
+
async find(id) {
|
|
34
|
+
const record = store.get(id);
|
|
35
|
+
return record ? { ...record } : null;
|
|
36
|
+
},
|
|
37
|
+
async markConsumed(id) {
|
|
38
|
+
const record = store.get(id);
|
|
39
|
+
if (!record || record.consumedAt !== undefined)
|
|
40
|
+
return false;
|
|
41
|
+
record.consumedAt = Date.now();
|
|
42
|
+
return true;
|
|
43
|
+
},
|
|
44
|
+
};
|
|
45
|
+
}
|
|
46
|
+
export function inMemoryUserStore(seed = []) {
|
|
47
|
+
const byId = new Map();
|
|
48
|
+
for (const user of seed)
|
|
49
|
+
byId.set(user.id, { ...user });
|
|
50
|
+
return {
|
|
51
|
+
async findByIdentifier(identifier) {
|
|
52
|
+
for (const user of byId.values()) {
|
|
53
|
+
if (user.identifier === identifier)
|
|
54
|
+
return { ...user };
|
|
55
|
+
}
|
|
56
|
+
return null;
|
|
57
|
+
},
|
|
58
|
+
async findById(id) {
|
|
59
|
+
const user = byId.get(id);
|
|
60
|
+
return user ? { ...user } : null;
|
|
61
|
+
},
|
|
62
|
+
async save(user) {
|
|
63
|
+
byId.set(user.id, { ...user });
|
|
64
|
+
return { ...user };
|
|
65
|
+
},
|
|
66
|
+
};
|
|
67
|
+
}
|
|
68
|
+
/** In-memory mailer die verzonden berichten vasthoudt voor asserties. */
|
|
69
|
+
export function inMemoryMailer() {
|
|
70
|
+
const sent = [];
|
|
71
|
+
return {
|
|
72
|
+
sent,
|
|
73
|
+
async send(message) {
|
|
74
|
+
sent.push(message);
|
|
75
|
+
},
|
|
76
|
+
};
|
|
77
|
+
}
|
|
78
|
+
//# sourceMappingURL=in-memory-stores.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"in-memory-stores.js","sourceRoot":"","sources":["../../../src/auth/adapters/in-memory-stores.ts"],"names":[],"mappings":"AAgBA,MAAM,UAAU,kBAAkB;IAChC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAyB,CAAC;IACjD,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IACjC,OAAO;QACL,KAAK,CAAC,WAAW,CAAC,MAAM;YACtB,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;QACxC,CAAC;QACD,KAAK,CAAC,WAAW,CAAC,EAAE;YAClB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC/B,OAAO,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QACvC,CAAC;QACD,KAAK,CAAC,eAAe,CAAC,EAAE;YACtB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC/B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS;gBAAE,OAAO,KAAK,CAAC;YACzD,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,KAAK,CAAC,UAAU,CAAC,GAAG;YAClB,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClB,CAAC;QACD,KAAK,CAAC,cAAc,CAAC,GAAG;YACtB,OAAO,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB;IACpC,MAAM,KAAK,GAAG,IAAI,GAAG,EAA2B,CAAC;IACjD,OAAO;QACL,KAAK,CAAC,IAAI,CAAC,MAAM;YACf,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;QACtC,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE;YACX,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC7B,OAAO,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QACvC,CAAC;QACD,KAAK,CAAC,YAAY,CAAC,EAAE;YACnB,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC7B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS;gBAAE,OAAO,KAAK,CAAC;YAC7D,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,OAAqB,EAAE;IACvD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC3C,KAAK,MAAM,IAAI,IAAI,IAAI;QAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;IACxD,OAAO;QACL,KAAK,CAAC,gBAAgB,CAAC,UAAU;YAC/B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;gBACjC,IAAI,IAAI,CAAC,UAAU,KAAK,UAAU;oBAAE,OAAO,EAAE,GAAG,IAAI,EAAE,CAAC;YACzD,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,KAAK,CAAC,QAAQ,CAAC,EAAE;YACf,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC1B,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QACnC,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,IAAI;YACb,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;YAC/B,OAAO,EAAE,GAAG,IAAI,EAAE,CAAC;QACrB,CAAC;KACF,CAAC;AACJ,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,cAAc;IAC5B,MAAM,IAAI,GAAkB,EAAE,CAAC;IAC/B,OAAO;QACL,IAAI;QACJ,KAAK,CAAC,IAAI,CAAC,OAAO;YAChB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrB,CAAC;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
import type { CredentialService } from './credentials.js';
|
|
2
|
+
import type { SingleUseTokenService } from './single-use.js';
|
|
3
|
+
import type { TokenService } from './tokens.js';
|
|
4
|
+
import type { IssuedTokens, Mailer, UserStore } from './ports.js';
|
|
5
|
+
export interface AuthPurposes {
|
|
6
|
+
emailVerify: string;
|
|
7
|
+
passwordReset: string;
|
|
8
|
+
invite: string;
|
|
9
|
+
}
|
|
10
|
+
export interface AuthServiceDeps {
|
|
11
|
+
credentials: CredentialService;
|
|
12
|
+
tokens: TokenService;
|
|
13
|
+
singleUse: SingleUseTokenService;
|
|
14
|
+
userStore: UserStore;
|
|
15
|
+
mailer: Mailer;
|
|
16
|
+
purposes?: Partial<AuthPurposes>;
|
|
17
|
+
}
|
|
18
|
+
/** Gebruiker zonder credential-materiaal (veilig om terug te geven/loggen). */
|
|
19
|
+
export interface PublicUser {
|
|
20
|
+
id: string;
|
|
21
|
+
identifier: string;
|
|
22
|
+
verified?: boolean;
|
|
23
|
+
[key: string]: unknown;
|
|
24
|
+
}
|
|
25
|
+
export declare class AuthService {
|
|
26
|
+
#private;
|
|
27
|
+
constructor(deps: AuthServiceDeps);
|
|
28
|
+
register(identifier: string, password: string): Promise<{
|
|
29
|
+
user: PublicUser;
|
|
30
|
+
verifyToken: string;
|
|
31
|
+
}>;
|
|
32
|
+
verifyEmail(token: string): Promise<PublicUser>;
|
|
33
|
+
login(identifier: string, password: string): Promise<IssuedTokens>;
|
|
34
|
+
/** Start een wachtwoord-reset. Retourneert het token als de gebruiker bestaat, anders `null` (geen enumeration). */
|
|
35
|
+
requestPasswordReset(identifier: string): Promise<string | null>;
|
|
36
|
+
resetPassword(token: string, newPassword: string): Promise<void>;
|
|
37
|
+
}
|
|
38
|
+
/** Valideert de ports fail-fast en levert een {@link AuthService} (US-0404 AC3). */
|
|
39
|
+
export declare function createAuthService(deps: AuthServiceDeps): AuthService;
|
|
40
|
+
//# sourceMappingURL=auth-service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-service.d.ts","sourceRoot":"","sources":["../../../src/auth/core/auth-service.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAC7D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,EAAc,SAAS,EAAE,MAAM,YAAY,CAAC;AAE9E,MAAM,WAAW,YAAY;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,iBAAiB,CAAC;IAC/B,MAAM,EAAE,YAAY,CAAC;IACrB,SAAS,EAAE,qBAAqB,CAAC;IACjC,SAAS,EAAE,SAAS,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;CAClC;AAED,+EAA+E;AAC/E,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAQD,qBAAa,WAAW;;gBAIV,IAAI,EAAE,eAAe;IAK3B,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,UAAU,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC;IAqBlG,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAU/C,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAcxE,oHAAoH;IAC9G,oBAAoB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAYhE,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CASvE;AAED,oFAAoF;AACpF,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,eAAe,GAAG,WAAW,CAOpE"}
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* US-0404 — Integratie: een domein-loze `AuthService` die de credential-, token- en single-use-
|
|
3
|
+
* services samenbindt met de geïnjecteerde `UserStore`- en `Mailer`-ports. Bij initialisatie worden
|
|
4
|
+
* de ports fail-fast gevalideerd (geredigeerd, geen PII/secrets). De kit kent geen concrete database
|
|
5
|
+
* of mailprovider — alleen de port-contracten.
|
|
6
|
+
*/
|
|
7
|
+
import { AuthConfigurationError, AuthError, InvalidCredentialsError, SingleUseTokenError } from './errors.js';
|
|
8
|
+
import { newId } from './crypto-util.js';
|
|
9
|
+
const DEFAULT_PURPOSES = {
|
|
10
|
+
emailVerify: 'email-verify',
|
|
11
|
+
passwordReset: 'password-reset',
|
|
12
|
+
invite: 'invite',
|
|
13
|
+
};
|
|
14
|
+
export class AuthService {
|
|
15
|
+
#d;
|
|
16
|
+
#purposes;
|
|
17
|
+
constructor(deps) {
|
|
18
|
+
this.#d = deps;
|
|
19
|
+
this.#purposes = { ...DEFAULT_PURPOSES, ...deps.purposes };
|
|
20
|
+
}
|
|
21
|
+
async register(identifier, password) {
|
|
22
|
+
const existing = await this.#d.userStore.findByIdentifier(identifier);
|
|
23
|
+
if (existing)
|
|
24
|
+
throw new AuthError('Identifier is al in gebruik', 'IDENTIFIER_TAKEN');
|
|
25
|
+
const passwordHash = await this.#d.credentials.hash(password);
|
|
26
|
+
const user = await this.#d.userStore.save({
|
|
27
|
+
id: newId(),
|
|
28
|
+
identifier,
|
|
29
|
+
passwordHash,
|
|
30
|
+
verified: false,
|
|
31
|
+
});
|
|
32
|
+
const verifyToken = await this.#d.singleUse.issue(this.#purposes.emailVerify, { userId: user.id });
|
|
33
|
+
await this.#d.mailer.send({
|
|
34
|
+
to: identifier,
|
|
35
|
+
subject: 'Bevestig je account',
|
|
36
|
+
data: { token: verifyToken, purpose: this.#purposes.emailVerify },
|
|
37
|
+
});
|
|
38
|
+
return { user: toPublic(user), verifyToken };
|
|
39
|
+
}
|
|
40
|
+
async verifyEmail(token) {
|
|
41
|
+
const payload = (await this.#d.singleUse.consume(token, this.#purposes.emailVerify));
|
|
42
|
+
const user = await this.#d.userStore.findById(payload.userId);
|
|
43
|
+
if (!user)
|
|
44
|
+
throw new SingleUseTokenError('invalid');
|
|
45
|
+
const saved = await this.#d.userStore.save({ ...user, verified: true });
|
|
46
|
+
return toPublic(saved);
|
|
47
|
+
}
|
|
48
|
+
async login(identifier, password) {
|
|
49
|
+
const user = await this.#d.userStore.findByIdentifier(identifier);
|
|
50
|
+
if (!user || !user.passwordHash)
|
|
51
|
+
throw new InvalidCredentialsError();
|
|
52
|
+
const { valid, needsRehash } = await this.#d.credentials.verify(password, user.passwordHash);
|
|
53
|
+
if (!valid)
|
|
54
|
+
throw new InvalidCredentialsError();
|
|
55
|
+
if (needsRehash) {
|
|
56
|
+
const passwordHash = await this.#d.credentials.hash(password);
|
|
57
|
+
await this.#d.userStore.save({ ...user, passwordHash });
|
|
58
|
+
}
|
|
59
|
+
return this.#d.tokens.issue(user.id, { identifier: user.identifier });
|
|
60
|
+
}
|
|
61
|
+
/** Start een wachtwoord-reset. Retourneert het token als de gebruiker bestaat, anders `null` (geen enumeration). */
|
|
62
|
+
async requestPasswordReset(identifier) {
|
|
63
|
+
const user = await this.#d.userStore.findByIdentifier(identifier);
|
|
64
|
+
if (!user)
|
|
65
|
+
return null;
|
|
66
|
+
const token = await this.#d.singleUse.issue(this.#purposes.passwordReset, { userId: user.id });
|
|
67
|
+
await this.#d.mailer.send({
|
|
68
|
+
to: identifier,
|
|
69
|
+
subject: 'Reset je wachtwoord',
|
|
70
|
+
data: { token, purpose: this.#purposes.passwordReset },
|
|
71
|
+
});
|
|
72
|
+
return token;
|
|
73
|
+
}
|
|
74
|
+
async resetPassword(token, newPassword) {
|
|
75
|
+
const payload = (await this.#d.singleUse.consume(token, this.#purposes.passwordReset));
|
|
76
|
+
const user = await this.#d.userStore.findById(payload.userId);
|
|
77
|
+
if (!user)
|
|
78
|
+
throw new SingleUseTokenError('invalid');
|
|
79
|
+
const passwordHash = await this.#d.credentials.hash(newPassword);
|
|
80
|
+
await this.#d.userStore.save({ ...user, passwordHash });
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
/** Valideert de ports fail-fast en levert een {@link AuthService} (US-0404 AC3). */
|
|
84
|
+
export function createAuthService(deps) {
|
|
85
|
+
requirePort('UserStore', deps.userStore, ['findByIdentifier', 'findById', 'save']);
|
|
86
|
+
requirePort('Mailer', deps.mailer, ['send']);
|
|
87
|
+
requirePort('TokenService', deps.tokens, ['issue', 'verify', 'refresh']);
|
|
88
|
+
requirePort('CredentialService', deps.credentials, ['hash', 'verify']);
|
|
89
|
+
requirePort('SingleUseTokenService', deps.singleUse, ['issue', 'consume']);
|
|
90
|
+
return new AuthService(deps);
|
|
91
|
+
}
|
|
92
|
+
function requirePort(name, port, methods) {
|
|
93
|
+
if (port === null || typeof port !== 'object') {
|
|
94
|
+
throw new AuthConfigurationError(name, 'ontbreekt of is geen object');
|
|
95
|
+
}
|
|
96
|
+
for (const method of methods) {
|
|
97
|
+
if (typeof port[method] !== 'function') {
|
|
98
|
+
throw new AuthConfigurationError(name, `implementeert methode "${method}" niet`);
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
function toPublic(user) {
|
|
103
|
+
const { passwordHash: _omit, ...rest } = user;
|
|
104
|
+
return rest;
|
|
105
|
+
}
|
|
106
|
+
//# sourceMappingURL=auth-service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-service.js","sourceRoot":"","sources":["../../../src/auth/core/auth-service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,sBAAsB,EAAE,SAAS,EAAE,uBAAuB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAC9G,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AA6BzC,MAAM,gBAAgB,GAAiB;IACrC,WAAW,EAAE,cAAc;IAC3B,aAAa,EAAE,gBAAgB;IAC/B,MAAM,EAAE,QAAQ;CACjB,CAAC;AAEF,MAAM,OAAO,WAAW;IACb,EAAE,CAAkB;IACpB,SAAS,CAAe;IAEjC,YAAY,IAAqB;QAC/B,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC;QACf,IAAI,CAAC,SAAS,GAAG,EAAE,GAAG,gBAAgB,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;IAC7D,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,UAAkB,EAAE,QAAgB;QACjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;QACtE,IAAI,QAAQ;YAAE,MAAM,IAAI,SAAS,CAAC,6BAA6B,EAAE,kBAAkB,CAAC,CAAC;QAErF,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC;YACxC,EAAE,EAAE,KAAK,EAAE;YACX,UAAU;YACV,YAAY;YACZ,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QACnG,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC;YACxB,EAAE,EAAE,UAAU;YACd,OAAO,EAAE,qBAAqB;YAC9B,IAAI,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE;SAClE,CAAC,CAAC;QACH,OAAO,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,WAAW,EAAE,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,MAAM,OAAO,GAAG,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAElF,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,mBAAmB,CAAC,SAAS,CAAC,CAAC;QACpD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QACxE,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,UAAkB,EAAE,QAAgB;QAC9C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAClE,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,uBAAuB,EAAE,CAAC;QAErE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAC7F,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,uBAAuB,EAAE,CAAC;QAEhD,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC9D,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;QAC1D,CAAC;QACD,OAAO,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,oHAAoH;IACpH,KAAK,CAAC,oBAAoB,CAAC,UAAkB;QAC3C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAClE,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QACvB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAC/F,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC;YACxB,EAAE,EAAE,UAAU;YACd,OAAO,EAAE,qBAAqB;YAC9B,IAAI,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE;SACvD,CAAC,CAAC;QACH,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,KAAa,EAAE,WAAmB;QACpD,MAAM,OAAO,GAAG,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAEpF,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,mBAAmB,CAAC,SAAS,CAAC,CAAC;QACpD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACjE,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;IAC1D,CAAC;CACF;AAED,oFAAoF;AACpF,MAAM,UAAU,iBAAiB,CAAC,IAAqB;IACrD,WAAW,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,kBAAkB,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;IACnF,WAAW,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAC7C,WAAW,CAAC,cAAc,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC;IACzE,WAAW,CAAC,mBAAmB,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IACvE,WAAW,CAAC,uBAAuB,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC;IAC3E,OAAO,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,WAAW,CAAC,IAAY,EAAE,IAAa,EAAE,OAAiB;IACjE,IAAI,IAAI,KAAK,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,sBAAsB,CAAC,IAAI,EAAE,6BAA6B,CAAC,CAAC;IACxE,CAAC;IACD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,OAAQ,IAAgC,CAAC,MAAM,CAAC,KAAK,UAAU,EAAE,CAAC;YACpE,MAAM,IAAI,sBAAsB,CAAC,IAAI,EAAE,0BAA0B,MAAM,QAAQ,CAAC,CAAC;QACnF,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,IAAgB;IAChC,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC;IAC9C,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* US-0401 — Credential-service. Dunne, domein-loze wrapper rond een {@link PasswordHasher}-poort:
|
|
3
|
+
* hasht en verifieert wachtwoorden en signaleert of een hash verouderd is (rehash-policy). De
|
|
4
|
+
* concrete kostenparameters zitten in de geïnjecteerde hasher (bv. de argon2id-adapter).
|
|
5
|
+
*/
|
|
6
|
+
import type { PasswordHasher, VerifyResult } from './ports.js';
|
|
7
|
+
export declare class CredentialService {
|
|
8
|
+
#private;
|
|
9
|
+
constructor(hasher: PasswordHasher);
|
|
10
|
+
/** Hash een wachtwoord tot een zelfbeschrijvende hash-string. */
|
|
11
|
+
hash(password: string): Promise<string>;
|
|
12
|
+
/** Verifieer een wachtwoord; retourneert `{ valid, needsRehash }`. */
|
|
13
|
+
verify(password: string, hash: string): Promise<VerifyResult>;
|
|
14
|
+
}
|
|
15
|
+
//# sourceMappingURL=credentials.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../../../src/auth/core/credentials.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/D,qBAAa,iBAAiB;;gBAGhB,MAAM,EAAE,cAAc;IAIlC,iEAAiE;IACjE,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIvC,sEAAsE;IACtE,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;CAG9D"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
export class CredentialService {
|
|
2
|
+
#hasher;
|
|
3
|
+
constructor(hasher) {
|
|
4
|
+
this.#hasher = hasher;
|
|
5
|
+
}
|
|
6
|
+
/** Hash een wachtwoord tot een zelfbeschrijvende hash-string. */
|
|
7
|
+
hash(password) {
|
|
8
|
+
return this.#hasher.hash(password);
|
|
9
|
+
}
|
|
10
|
+
/** Verifieer een wachtwoord; retourneert `{ valid, needsRehash }`. */
|
|
11
|
+
verify(password, hash) {
|
|
12
|
+
return this.#hasher.verify(password, hash);
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
//# sourceMappingURL=credentials.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../../../src/auth/core/credentials.ts"],"names":[],"mappings":"AAOA,MAAM,OAAO,iBAAiB;IACnB,OAAO,CAAiB;IAEjC,YAAY,MAAsB;QAChC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACxB,CAAC;IAED,iEAAiE;IACjE,IAAI,CAAC,QAAgB;QACnB,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC;IAED,sEAAsE;IACtE,MAAM,CAAC,QAAgB,EAAE,IAAY;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC7C,CAAC;CACF"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
/** Cryptografisch random, url-safe token (32 bytes). */
|
|
2
|
+
export declare function randomToken(): string;
|
|
3
|
+
/** SHA-256-hash (hex) van een token, zodat het klare token nooit persistent is. */
|
|
4
|
+
export declare function hashToken(token: string): string;
|
|
5
|
+
/** Random id (UUID v4). */
|
|
6
|
+
export declare function newId(): string;
|
|
7
|
+
//# sourceMappingURL=crypto-util.d.ts.map
|