webapp-factory 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +145 -0
- package/dist/access-control/adapters/in-memory-relations.d.ts +7 -0
- package/dist/access-control/adapters/in-memory-relations.d.ts.map +1 -0
- package/dist/access-control/adapters/in-memory-relations.js +6 -0
- package/dist/access-control/adapters/in-memory-relations.js.map +1 -0
- package/dist/access-control/core/enforcement.d.ts +13 -0
- package/dist/access-control/core/enforcement.d.ts.map +1 -0
- package/dist/access-control/core/enforcement.js +38 -0
- package/dist/access-control/core/enforcement.js.map +1 -0
- package/dist/access-control/core/errors.d.ts +30 -0
- package/dist/access-control/core/errors.d.ts.map +1 -0
- package/dist/access-control/core/errors.js +46 -0
- package/dist/access-control/core/errors.js.map +1 -0
- package/dist/access-control/core/pdp.d.ts +14 -0
- package/dist/access-control/core/pdp.d.ts.map +1 -0
- package/dist/access-control/core/pdp.js +79 -0
- package/dist/access-control/core/pdp.js.map +1 -0
- package/dist/access-control/core/ports.d.ts +68 -0
- package/dist/access-control/core/ports.d.ts.map +1 -0
- package/dist/access-control/core/ports.js +6 -0
- package/dist/access-control/core/ports.js.map +1 -0
- package/dist/access-control/core/rbac.d.ts +10 -0
- package/dist/access-control/core/rbac.d.ts.map +1 -0
- package/dist/access-control/core/rbac.js +78 -0
- package/dist/access-control/core/rbac.js.map +1 -0
- package/dist/access-control/core/rebac.d.ts +15 -0
- package/dist/access-control/core/rebac.d.ts.map +1 -0
- package/dist/access-control/core/rebac.js +48 -0
- package/dist/access-control/core/rebac.js.map +1 -0
- package/dist/access-control/index.d.ts +15 -0
- package/dist/access-control/index.d.ts.map +1 -0
- package/dist/access-control/index.js +20 -0
- package/dist/access-control/index.js.map +1 -0
- package/dist/access-control/nestjs/access-control.module.d.ts +34 -0
- package/dist/access-control/nestjs/access-control.module.d.ts.map +1 -0
- package/dist/access-control/nestjs/access-control.module.js +80 -0
- package/dist/access-control/nestjs/access-control.module.js.map +1 -0
- package/dist/audit/adapters/in-memory-store.d.ts +3 -0
- package/dist/audit/adapters/in-memory-store.d.ts.map +1 -0
- package/dist/audit/adapters/in-memory-store.js +66 -0
- package/dist/audit/adapters/in-memory-store.js.map +1 -0
- package/dist/audit/adapters/pg-store.d.ts +22 -0
- package/dist/audit/adapters/pg-store.d.ts.map +1 -0
- package/dist/audit/adapters/pg-store.js +119 -0
- package/dist/audit/adapters/pg-store.js.map +1 -0
- package/dist/audit/core/audit-log.d.ts +41 -0
- package/dist/audit/core/audit-log.d.ts.map +1 -0
- package/dist/audit/core/audit-log.js +78 -0
- package/dist/audit/core/audit-log.js.map +1 -0
- package/dist/audit/core/errors.d.ts +22 -0
- package/dist/audit/core/errors.d.ts.map +1 -0
- package/dist/audit/core/errors.js +35 -0
- package/dist/audit/core/errors.js.map +1 -0
- package/dist/audit/core/hash.d.ts +9 -0
- package/dist/audit/core/hash.d.ts.map +1 -0
- package/dist/audit/core/hash.js +45 -0
- package/dist/audit/core/hash.js.map +1 -0
- package/dist/audit/core/ports.d.ts +68 -0
- package/dist/audit/core/ports.d.ts.map +1 -0
- package/dist/audit/core/ports.js +6 -0
- package/dist/audit/core/ports.js.map +1 -0
- package/dist/audit/index.d.ts +13 -0
- package/dist/audit/index.d.ts.map +1 -0
- package/dist/audit/index.js +16 -0
- package/dist/audit/index.js.map +1 -0
- package/dist/auth/adapters/argon2id-hasher.d.ts +15 -0
- package/dist/auth/adapters/argon2id-hasher.d.ts.map +1 -0
- package/dist/auth/adapters/argon2id-hasher.js +61 -0
- package/dist/auth/adapters/argon2id-hasher.js.map +1 -0
- package/dist/auth/adapters/in-memory-stores.d.ts +14 -0
- package/dist/auth/adapters/in-memory-stores.d.ts.map +1 -0
- package/dist/auth/adapters/in-memory-stores.js +78 -0
- package/dist/auth/adapters/in-memory-stores.js.map +1 -0
- package/dist/auth/core/auth-service.d.ts +40 -0
- package/dist/auth/core/auth-service.d.ts.map +1 -0
- package/dist/auth/core/auth-service.js +106 -0
- package/dist/auth/core/auth-service.js.map +1 -0
- package/dist/auth/core/credentials.d.ts +15 -0
- package/dist/auth/core/credentials.d.ts.map +1 -0
- package/dist/auth/core/credentials.js +15 -0
- package/dist/auth/core/credentials.js.map +1 -0
- package/dist/auth/core/crypto-util.d.ts +7 -0
- package/dist/auth/core/crypto-util.d.ts.map +1 -0
- package/dist/auth/core/crypto-util.js +15 -0
- package/dist/auth/core/crypto-util.js.map +1 -0
- package/dist/auth/core/errors.d.ts +33 -0
- package/dist/auth/core/errors.d.ts.map +1 -0
- package/dist/auth/core/errors.js +48 -0
- package/dist/auth/core/errors.js.map +1 -0
- package/dist/auth/core/jwt.d.ts +5 -0
- package/dist/auth/core/jwt.d.ts.map +1 -0
- package/dist/auth/core/jwt.js +40 -0
- package/dist/auth/core/jwt.js.map +1 -0
- package/dist/auth/core/ports.d.ts +95 -0
- package/dist/auth/core/ports.d.ts.map +1 -0
- package/dist/auth/core/ports.js +7 -0
- package/dist/auth/core/ports.js.map +1 -0
- package/dist/auth/core/single-use.d.ts +10 -0
- package/dist/auth/core/single-use.d.ts.map +1 -0
- package/dist/auth/core/single-use.js +47 -0
- package/dist/auth/core/single-use.js.map +1 -0
- package/dist/auth/core/tokens.d.ts +14 -0
- package/dist/auth/core/tokens.d.ts.map +1 -0
- package/dist/auth/core/tokens.js +85 -0
- package/dist/auth/core/tokens.js.map +1 -0
- package/dist/auth/index.d.ts +18 -0
- package/dist/auth/index.d.ts.map +1 -0
- package/dist/auth/index.js +22 -0
- package/dist/auth/index.js.map +1 -0
- package/dist/auth/nestjs/auth.module.d.ts +17 -0
- package/dist/auth/nestjs/auth.module.d.ts.map +1 -0
- package/dist/auth/nestjs/auth.module.js +18 -0
- package/dist/auth/nestjs/auth.module.js.map +1 -0
- package/dist/cache/adapters/in-memory-store.d.ts +6 -0
- package/dist/cache/adapters/in-memory-store.d.ts.map +1 -0
- package/dist/cache/adapters/in-memory-store.js +65 -0
- package/dist/cache/adapters/in-memory-store.js.map +1 -0
- package/dist/cache/adapters/redis-store.d.ts +32 -0
- package/dist/cache/adapters/redis-store.d.ts.map +1 -0
- package/dist/cache/adapters/redis-store.js +59 -0
- package/dist/cache/adapters/redis-store.js.map +1 -0
- package/dist/cache/core/cache.d.ts +31 -0
- package/dist/cache/core/cache.d.ts.map +1 -0
- package/dist/cache/core/cache.js +89 -0
- package/dist/cache/core/cache.js.map +1 -0
- package/dist/cache/core/errors.d.ts +17 -0
- package/dist/cache/core/errors.d.ts.map +1 -0
- package/dist/cache/core/errors.js +27 -0
- package/dist/cache/core/errors.js.map +1 -0
- package/dist/cache/core/lock.d.ts +21 -0
- package/dist/cache/core/lock.d.ts.map +1 -0
- package/dist/cache/core/lock.js +47 -0
- package/dist/cache/core/lock.js.map +1 -0
- package/dist/cache/core/ports.d.ts +33 -0
- package/dist/cache/core/ports.d.ts.map +1 -0
- package/dist/cache/core/ports.js +6 -0
- package/dist/cache/core/ports.js.map +1 -0
- package/dist/cache/core/pubsub.d.ts +14 -0
- package/dist/cache/core/pubsub.d.ts.map +1 -0
- package/dist/cache/core/pubsub.js +13 -0
- package/dist/cache/core/pubsub.js.map +1 -0
- package/dist/cache/core/serializer.d.ts +4 -0
- package/dist/cache/core/serializer.d.ts.map +1 -0
- package/dist/cache/core/serializer.js +6 -0
- package/dist/cache/core/serializer.js.map +1 -0
- package/dist/cache/index.d.ts +14 -0
- package/dist/cache/index.d.ts.map +1 -0
- package/dist/cache/index.js +19 -0
- package/dist/cache/index.js.map +1 -0
- package/dist/config/adapters/reporters.d.ts +17 -0
- package/dist/config/adapters/reporters.d.ts.map +1 -0
- package/dist/config/adapters/reporters.js +35 -0
- package/dist/config/adapters/reporters.js.map +1 -0
- package/dist/config/adapters/secret-resolvers.d.ts +21 -0
- package/dist/config/adapters/secret-resolvers.d.ts.map +1 -0
- package/dist/config/adapters/secret-resolvers.js +60 -0
- package/dist/config/adapters/secret-resolvers.js.map +1 -0
- package/dist/config/adapters/zod-schema.d.ts +20 -0
- package/dist/config/adapters/zod-schema.d.ts.map +1 -0
- package/dist/config/adapters/zod-schema.js +35 -0
- package/dist/config/adapters/zod-schema.js.map +1 -0
- package/dist/config/core/env-loader.d.ts +47 -0
- package/dist/config/core/env-loader.d.ts.map +1 -0
- package/dist/config/core/env-loader.js +155 -0
- package/dist/config/core/env-loader.js.map +1 -0
- package/dist/config/core/errors.d.ts +34 -0
- package/dist/config/core/errors.d.ts.map +1 -0
- package/dist/config/core/errors.js +49 -0
- package/dist/config/core/errors.js.map +1 -0
- package/dist/config/core/freeze.d.ts +7 -0
- package/dist/config/core/freeze.d.ts.map +1 -0
- package/dist/config/core/freeze.js +20 -0
- package/dist/config/core/freeze.js.map +1 -0
- package/dist/config/core/load-config.d.ts +43 -0
- package/dist/config/core/load-config.d.ts.map +1 -0
- package/dist/config/core/load-config.js +74 -0
- package/dist/config/core/load-config.js.map +1 -0
- package/dist/config/core/merge.d.ts +19 -0
- package/dist/config/core/merge.d.ts.map +1 -0
- package/dist/config/core/merge.js +31 -0
- package/dist/config/core/merge.js.map +1 -0
- package/dist/config/core/ports.d.ts +58 -0
- package/dist/config/core/ports.d.ts.map +1 -0
- package/dist/config/core/ports.js +2 -0
- package/dist/config/core/ports.js.map +1 -0
- package/dist/config/core/secret-resolver.d.ts +16 -0
- package/dist/config/core/secret-resolver.d.ts.map +1 -0
- package/dist/config/core/secret-resolver.js +73 -0
- package/dist/config/core/secret-resolver.js.map +1 -0
- package/dist/config/core/secret.d.ts +21 -0
- package/dist/config/core/secret.d.ts.map +1 -0
- package/dist/config/core/secret.js +40 -0
- package/dist/config/core/secret.js.map +1 -0
- package/dist/config/index.d.ts +16 -0
- package/dist/config/index.d.ts.map +1 -0
- package/dist/config/index.js +23 -0
- package/dist/config/index.js.map +1 -0
- package/dist/config/nestjs/config-kit.module.d.ts +37 -0
- package/dist/config/nestjs/config-kit.module.d.ts.map +1 -0
- package/dist/config/nestjs/config-kit.module.js +24 -0
- package/dist/config/nestjs/config-kit.module.js.map +1 -0
- package/dist/http/adapters/zod-schema.d.ts +11 -0
- package/dist/http/adapters/zod-schema.d.ts.map +1 -0
- package/dist/http/adapters/zod-schema.js +74 -0
- package/dist/http/adapters/zod-schema.js.map +1 -0
- package/dist/http/core/context.d.ts +25 -0
- package/dist/http/core/context.d.ts.map +1 -0
- package/dist/http/core/context.js +60 -0
- package/dist/http/core/context.js.map +1 -0
- package/dist/http/core/errors.d.ts +41 -0
- package/dist/http/core/errors.d.ts.map +1 -0
- package/dist/http/core/errors.js +99 -0
- package/dist/http/core/errors.js.map +1 -0
- package/dist/http/core/kernel.d.ts +54 -0
- package/dist/http/core/kernel.d.ts.map +1 -0
- package/dist/http/core/kernel.js +122 -0
- package/dist/http/core/kernel.js.map +1 -0
- package/dist/http/core/openapi.d.ts +37 -0
- package/dist/http/core/openapi.d.ts.map +1 -0
- package/dist/http/core/openapi.js +99 -0
- package/dist/http/core/openapi.js.map +1 -0
- package/dist/http/core/pagination.d.ts +17 -0
- package/dist/http/core/pagination.d.ts.map +1 -0
- package/dist/http/core/pagination.js +108 -0
- package/dist/http/core/pagination.js.map +1 -0
- package/dist/http/core/ports.d.ts +106 -0
- package/dist/http/core/ports.d.ts.map +1 -0
- package/dist/http/core/ports.js +6 -0
- package/dist/http/core/ports.js.map +1 -0
- package/dist/http/core/redaction.d.ts +8 -0
- package/dist/http/core/redaction.d.ts.map +1 -0
- package/dist/http/core/redaction.js +45 -0
- package/dist/http/core/redaction.js.map +1 -0
- package/dist/http/core/router.d.ts +37 -0
- package/dist/http/core/router.d.ts.map +1 -0
- package/dist/http/core/router.js +120 -0
- package/dist/http/core/router.js.map +1 -0
- package/dist/http/core/security.d.ts +43 -0
- package/dist/http/core/security.d.ts.map +1 -0
- package/dist/http/core/security.js +66 -0
- package/dist/http/core/security.js.map +1 -0
- package/dist/http/core/validation.d.ts +9 -0
- package/dist/http/core/validation.d.ts.map +1 -0
- package/dist/http/core/validation.js +36 -0
- package/dist/http/core/validation.js.map +1 -0
- package/dist/http/index.d.ts +20 -0
- package/dist/http/index.d.ts.map +1 -0
- package/dist/http/index.js +29 -0
- package/dist/http/index.js.map +1 -0
- package/dist/http/nestjs/http-kernel.module.d.ts +37 -0
- package/dist/http/nestjs/http-kernel.module.d.ts.map +1 -0
- package/dist/http/nestjs/http-kernel.module.js +77 -0
- package/dist/http/nestjs/http-kernel.module.js.map +1 -0
- package/dist/http/nodejs/http-adapter.d.ts +11 -0
- package/dist/http/nodejs/http-adapter.d.ts.map +1 -0
- package/dist/http/nodejs/http-adapter.js +60 -0
- package/dist/http/nodejs/http-adapter.js.map +1 -0
- package/dist/i18n/core/catalog.d.ts +23 -0
- package/dist/i18n/core/catalog.d.ts.map +1 -0
- package/dist/i18n/core/catalog.js +31 -0
- package/dist/i18n/core/catalog.js.map +1 -0
- package/dist/i18n/core/errors.d.ts +14 -0
- package/dist/i18n/core/errors.d.ts.map +1 -0
- package/dist/i18n/core/errors.js +22 -0
- package/dist/i18n/core/errors.js.map +1 -0
- package/dist/i18n/core/i18n.d.ts +20 -0
- package/dist/i18n/core/i18n.d.ts.map +1 -0
- package/dist/i18n/core/i18n.js +48 -0
- package/dist/i18n/core/i18n.js.map +1 -0
- package/dist/i18n/core/message.d.ts +8 -0
- package/dist/i18n/core/message.d.ts.map +1 -0
- package/dist/i18n/core/message.js +38 -0
- package/dist/i18n/core/message.js.map +1 -0
- package/dist/i18n/core/negotiate.d.ts +13 -0
- package/dist/i18n/core/negotiate.d.ts.map +1 -0
- package/dist/i18n/core/negotiate.js +46 -0
- package/dist/i18n/core/negotiate.js.map +1 -0
- package/dist/i18n/core/ports.d.ts +35 -0
- package/dist/i18n/core/ports.d.ts.map +1 -0
- package/dist/i18n/core/ports.js +6 -0
- package/dist/i18n/core/ports.js.map +1 -0
- package/dist/i18n/index.d.ts +14 -0
- package/dist/i18n/index.d.ts.map +1 -0
- package/dist/i18n/index.js +18 -0
- package/dist/i18n/index.js.map +1 -0
- package/dist/i18n/nestjs/i18n.module.d.ts +16 -0
- package/dist/i18n/nestjs/i18n.module.d.ts.map +1 -0
- package/dist/i18n/nestjs/i18n.module.js +17 -0
- package/dist/i18n/nestjs/i18n.module.js.map +1 -0
- package/dist/index.d.ts +31 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +31 -0
- package/dist/index.js.map +1 -0
- package/dist/jobs/adapters/in-memory-idempotency.d.ts +9 -0
- package/dist/jobs/adapters/in-memory-idempotency.d.ts.map +1 -0
- package/dist/jobs/adapters/in-memory-idempotency.js +34 -0
- package/dist/jobs/adapters/in-memory-idempotency.js.map +1 -0
- package/dist/jobs/adapters/in-memory-queue-store.d.ts +7 -0
- package/dist/jobs/adapters/in-memory-queue-store.d.ts.map +1 -0
- package/dist/jobs/adapters/in-memory-queue-store.js +70 -0
- package/dist/jobs/adapters/in-memory-queue-store.js.map +1 -0
- package/dist/jobs/adapters/redis-queue-store.d.ts +28 -0
- package/dist/jobs/adapters/redis-queue-store.d.ts.map +1 -0
- package/dist/jobs/adapters/redis-queue-store.js +86 -0
- package/dist/jobs/adapters/redis-queue-store.js.map +1 -0
- package/dist/jobs/core/backoff.d.ts +15 -0
- package/dist/jobs/core/backoff.d.ts.map +1 -0
- package/dist/jobs/core/backoff.js +20 -0
- package/dist/jobs/core/backoff.js.map +1 -0
- package/dist/jobs/core/cron.d.ts +13 -0
- package/dist/jobs/core/cron.d.ts.map +1 -0
- package/dist/jobs/core/cron.js +101 -0
- package/dist/jobs/core/cron.js.map +1 -0
- package/dist/jobs/core/errors.d.ts +18 -0
- package/dist/jobs/core/errors.d.ts.map +1 -0
- package/dist/jobs/core/errors.js +30 -0
- package/dist/jobs/core/errors.js.map +1 -0
- package/dist/jobs/core/ports.d.ts +80 -0
- package/dist/jobs/core/ports.d.ts.map +1 -0
- package/dist/jobs/core/ports.js +6 -0
- package/dist/jobs/core/ports.js.map +1 -0
- package/dist/jobs/core/queue.d.ts +16 -0
- package/dist/jobs/core/queue.d.ts.map +1 -0
- package/dist/jobs/core/queue.js +29 -0
- package/dist/jobs/core/queue.js.map +1 -0
- package/dist/jobs/core/registry.d.ts +4 -0
- package/dist/jobs/core/registry.d.ts.map +1 -0
- package/dist/jobs/core/registry.js +11 -0
- package/dist/jobs/core/registry.js.map +1 -0
- package/dist/jobs/core/scheduler.d.ts +30 -0
- package/dist/jobs/core/scheduler.d.ts.map +1 -0
- package/dist/jobs/core/scheduler.js +53 -0
- package/dist/jobs/core/scheduler.js.map +1 -0
- package/dist/jobs/core/serializer.d.ts +3 -0
- package/dist/jobs/core/serializer.d.ts.map +1 -0
- package/dist/jobs/core/serializer.js +5 -0
- package/dist/jobs/core/serializer.js.map +1 -0
- package/dist/jobs/core/worker.d.ts +28 -0
- package/dist/jobs/core/worker.d.ts.map +1 -0
- package/dist/jobs/core/worker.js +118 -0
- package/dist/jobs/core/worker.js.map +1 -0
- package/dist/jobs/index.d.ts +18 -0
- package/dist/jobs/index.d.ts.map +1 -0
- package/dist/jobs/index.js +23 -0
- package/dist/jobs/index.js.map +1 -0
- package/dist/mailer/adapters/dev-inbox.d.ts +17 -0
- package/dist/mailer/adapters/dev-inbox.d.ts.map +1 -0
- package/dist/mailer/adapters/dev-inbox.js +29 -0
- package/dist/mailer/adapters/dev-inbox.js.map +1 -0
- package/dist/mailer/adapters/i18n-renderer.d.ts +13 -0
- package/dist/mailer/adapters/i18n-renderer.d.ts.map +1 -0
- package/dist/mailer/adapters/i18n-renderer.js +27 -0
- package/dist/mailer/adapters/i18n-renderer.js.map +1 -0
- package/dist/mailer/adapters/in-memory-templates.d.ts +6 -0
- package/dist/mailer/adapters/in-memory-templates.d.ts.map +1 -0
- package/dist/mailer/adapters/in-memory-templates.js +6 -0
- package/dist/mailer/adapters/in-memory-templates.js.map +1 -0
- package/dist/mailer/adapters/transports.d.ts +19 -0
- package/dist/mailer/adapters/transports.d.ts.map +1 -0
- package/dist/mailer/adapters/transports.js +38 -0
- package/dist/mailer/adapters/transports.js.map +1 -0
- package/dist/mailer/core/errors.d.ts +23 -0
- package/dist/mailer/core/errors.d.ts.map +1 -0
- package/dist/mailer/core/errors.js +40 -0
- package/dist/mailer/core/errors.js.map +1 -0
- package/dist/mailer/core/failover.d.ts +3 -0
- package/dist/mailer/core/failover.d.ts.map +1 -0
- package/dist/mailer/core/failover.js +30 -0
- package/dist/mailer/core/failover.js.map +1 -0
- package/dist/mailer/core/mailer.d.ts +25 -0
- package/dist/mailer/core/mailer.d.ts.map +1 -0
- package/dist/mailer/core/mailer.js +61 -0
- package/dist/mailer/core/mailer.js.map +1 -0
- package/dist/mailer/core/ports.d.ts +54 -0
- package/dist/mailer/core/ports.d.ts.map +1 -0
- package/dist/mailer/core/ports.js +6 -0
- package/dist/mailer/core/ports.js.map +1 -0
- package/dist/mailer/core/render.d.ts +4 -0
- package/dist/mailer/core/render.d.ts.map +1 -0
- package/dist/mailer/core/render.js +29 -0
- package/dist/mailer/core/render.js.map +1 -0
- package/dist/mailer/index.d.ts +17 -0
- package/dist/mailer/index.d.ts.map +1 -0
- package/dist/mailer/index.js +21 -0
- package/dist/mailer/index.js.map +1 -0
- package/dist/mailer/nestjs/mailer.module.d.ts +17 -0
- package/dist/mailer/nestjs/mailer.module.d.ts.map +1 -0
- package/dist/mailer/nestjs/mailer.module.js +15 -0
- package/dist/mailer/nestjs/mailer.module.js.map +1 -0
- package/dist/observability/core/context.d.ts +9 -0
- package/dist/observability/core/context.d.ts.map +1 -0
- package/dist/observability/core/context.js +15 -0
- package/dist/observability/core/context.js.map +1 -0
- package/dist/observability/core/health.d.ts +40 -0
- package/dist/observability/core/health.d.ts.map +1 -0
- package/dist/observability/core/health.js +51 -0
- package/dist/observability/core/health.js.map +1 -0
- package/dist/observability/core/logger.d.ts +22 -0
- package/dist/observability/core/logger.d.ts.map +1 -0
- package/dist/observability/core/logger.js +45 -0
- package/dist/observability/core/logger.js.map +1 -0
- package/dist/observability/core/metrics.d.ts +63 -0
- package/dist/observability/core/metrics.d.ts.map +1 -0
- package/dist/observability/core/metrics.js +172 -0
- package/dist/observability/core/metrics.js.map +1 -0
- package/dist/observability/core/redaction.d.ts +10 -0
- package/dist/observability/core/redaction.d.ts.map +1 -0
- package/dist/observability/core/redaction.js +48 -0
- package/dist/observability/core/redaction.js.map +1 -0
- package/dist/observability/core/tracing.d.ts +52 -0
- package/dist/observability/core/tracing.d.ts.map +1 -0
- package/dist/observability/core/tracing.js +88 -0
- package/dist/observability/core/tracing.js.map +1 -0
- package/dist/observability/index.d.ts +14 -0
- package/dist/observability/index.d.ts.map +1 -0
- package/dist/observability/index.js +19 -0
- package/dist/observability/index.js.map +1 -0
- package/dist/observability/nestjs/observability.module.d.ts +35 -0
- package/dist/observability/nestjs/observability.module.d.ts.map +1 -0
- package/dist/observability/nestjs/observability.module.js +87 -0
- package/dist/observability/nestjs/observability.module.js.map +1 -0
- package/dist/persistence/adapters/in-memory-driver.d.ts +18 -0
- package/dist/persistence/adapters/in-memory-driver.d.ts.map +1 -0
- package/dist/persistence/adapters/in-memory-driver.js +229 -0
- package/dist/persistence/adapters/in-memory-driver.js.map +1 -0
- package/dist/persistence/adapters/pg-driver.d.ts +21 -0
- package/dist/persistence/adapters/pg-driver.d.ts.map +1 -0
- package/dist/persistence/adapters/pg-driver.js +42 -0
- package/dist/persistence/adapters/pg-driver.js.map +1 -0
- package/dist/persistence/adapters/testcontainer-harness.d.ts +37 -0
- package/dist/persistence/adapters/testcontainer-harness.d.ts.map +1 -0
- package/dist/persistence/adapters/testcontainer-harness.js +79 -0
- package/dist/persistence/adapters/testcontainer-harness.js.map +1 -0
- package/dist/persistence/core/errors.d.ts +36 -0
- package/dist/persistence/core/errors.d.ts.map +1 -0
- package/dist/persistence/core/errors.js +58 -0
- package/dist/persistence/core/errors.js.map +1 -0
- package/dist/persistence/core/migrations.d.ts +16 -0
- package/dist/persistence/core/migrations.d.ts.map +1 -0
- package/dist/persistence/core/migrations.js +95 -0
- package/dist/persistence/core/migrations.js.map +1 -0
- package/dist/persistence/core/pool.d.ts +4 -0
- package/dist/persistence/core/pool.d.ts.map +1 -0
- package/dist/persistence/core/pool.js +180 -0
- package/dist/persistence/core/pool.js.map +1 -0
- package/dist/persistence/core/ports.d.ts +91 -0
- package/dist/persistence/core/ports.d.ts.map +1 -0
- package/dist/persistence/core/ports.js +6 -0
- package/dist/persistence/core/ports.js.map +1 -0
- package/dist/persistence/core/repository.d.ts +18 -0
- package/dist/persistence/core/repository.d.ts.map +1 -0
- package/dist/persistence/core/repository.js +113 -0
- package/dist/persistence/core/repository.js.map +1 -0
- package/dist/persistence/core/sql.d.ts +13 -0
- package/dist/persistence/core/sql.d.ts.map +1 -0
- package/dist/persistence/core/sql.js +35 -0
- package/dist/persistence/core/sql.js.map +1 -0
- package/dist/persistence/index.d.ts +14 -0
- package/dist/persistence/index.d.ts.map +1 -0
- package/dist/persistence/index.js +22 -0
- package/dist/persistence/index.js.map +1 -0
- package/dist/persistence/pg.d.ts +7 -0
- package/dist/persistence/pg.d.ts.map +1 -0
- package/dist/persistence/pg.js +7 -0
- package/dist/persistence/pg.js.map +1 -0
- package/dist/privacy/adapters/audit-sink.d.ts +19 -0
- package/dist/privacy/adapters/audit-sink.d.ts.map +1 -0
- package/dist/privacy/adapters/audit-sink.js +13 -0
- package/dist/privacy/adapters/audit-sink.js.map +1 -0
- package/dist/privacy/adapters/in-memory-consent-store.d.ts +7 -0
- package/dist/privacy/adapters/in-memory-consent-store.d.ts.map +1 -0
- package/dist/privacy/adapters/in-memory-consent-store.js +18 -0
- package/dist/privacy/adapters/in-memory-consent-store.js.map +1 -0
- package/dist/privacy/adapters/pg-consent-store.d.ts +26 -0
- package/dist/privacy/adapters/pg-consent-store.d.ts.map +1 -0
- package/dist/privacy/adapters/pg-consent-store.js +43 -0
- package/dist/privacy/adapters/pg-consent-store.js.map +1 -0
- package/dist/privacy/core/consent.d.ts +35 -0
- package/dist/privacy/core/consent.d.ts.map +1 -0
- package/dist/privacy/core/consent.js +49 -0
- package/dist/privacy/core/consent.js.map +1 -0
- package/dist/privacy/core/erasure.d.ts +22 -0
- package/dist/privacy/core/erasure.d.ts.map +1 -0
- package/dist/privacy/core/erasure.js +35 -0
- package/dist/privacy/core/erasure.js.map +1 -0
- package/dist/privacy/core/errors.d.ts +18 -0
- package/dist/privacy/core/errors.d.ts.map +1 -0
- package/dist/privacy/core/errors.js +30 -0
- package/dist/privacy/core/errors.js.map +1 -0
- package/dist/privacy/core/export.d.ts +20 -0
- package/dist/privacy/core/export.d.ts.map +1 -0
- package/dist/privacy/core/export.js +30 -0
- package/dist/privacy/core/export.js.map +1 -0
- package/dist/privacy/core/ports.d.ts +48 -0
- package/dist/privacy/core/ports.d.ts.map +1 -0
- package/dist/privacy/core/ports.js +6 -0
- package/dist/privacy/core/ports.js.map +1 -0
- package/dist/privacy/core/registry.d.ts +17 -0
- package/dist/privacy/core/registry.d.ts.map +1 -0
- package/dist/privacy/core/registry.js +31 -0
- package/dist/privacy/core/registry.js.map +1 -0
- package/dist/privacy/index.d.ts +16 -0
- package/dist/privacy/index.d.ts.map +1 -0
- package/dist/privacy/index.js +21 -0
- package/dist/privacy/index.js.map +1 -0
- package/dist/rate-limit/adapters/in-memory-store.d.ts +7 -0
- package/dist/rate-limit/adapters/in-memory-store.d.ts.map +1 -0
- package/dist/rate-limit/adapters/in-memory-store.js +50 -0
- package/dist/rate-limit/adapters/in-memory-store.js.map +1 -0
- package/dist/rate-limit/adapters/redis-store.d.ts +11 -0
- package/dist/rate-limit/adapters/redis-store.d.ts.map +1 -0
- package/dist/rate-limit/adapters/redis-store.js +93 -0
- package/dist/rate-limit/adapters/redis-store.js.map +1 -0
- package/dist/rate-limit/core/enforcer.d.ts +23 -0
- package/dist/rate-limit/core/enforcer.d.ts.map +1 -0
- package/dist/rate-limit/core/enforcer.js +27 -0
- package/dist/rate-limit/core/enforcer.js.map +1 -0
- package/dist/rate-limit/core/errors.d.ts +19 -0
- package/dist/rate-limit/core/errors.d.ts.map +1 -0
- package/dist/rate-limit/core/errors.js +32 -0
- package/dist/rate-limit/core/errors.js.map +1 -0
- package/dist/rate-limit/core/ports.d.ts +50 -0
- package/dist/rate-limit/core/ports.d.ts.map +1 -0
- package/dist/rate-limit/core/ports.js +6 -0
- package/dist/rate-limit/core/ports.js.map +1 -0
- package/dist/rate-limit/core/sliding-window.d.ts +9 -0
- package/dist/rate-limit/core/sliding-window.d.ts.map +1 -0
- package/dist/rate-limit/core/sliding-window.js +24 -0
- package/dist/rate-limit/core/sliding-window.js.map +1 -0
- package/dist/rate-limit/core/token-bucket.d.ts +9 -0
- package/dist/rate-limit/core/token-bucket.d.ts.map +1 -0
- package/dist/rate-limit/core/token-bucket.js +24 -0
- package/dist/rate-limit/core/token-bucket.js.map +1 -0
- package/dist/rate-limit/index.d.ts +15 -0
- package/dist/rate-limit/index.d.ts.map +1 -0
- package/dist/rate-limit/index.js +19 -0
- package/dist/rate-limit/index.js.map +1 -0
- package/dist/rate-limit/nestjs/rate-limit.module.d.ts +25 -0
- package/dist/rate-limit/nestjs/rate-limit.module.d.ts.map +1 -0
- package/dist/rate-limit/nestjs/rate-limit.module.js +63 -0
- package/dist/rate-limit/nestjs/rate-limit.module.js.map +1 -0
- package/dist/rate-limit/nodejs/middleware.d.ts +16 -0
- package/dist/rate-limit/nodejs/middleware.d.ts.map +1 -0
- package/dist/rate-limit/nodejs/middleware.js +26 -0
- package/dist/rate-limit/nodejs/middleware.js.map +1 -0
- package/dist/test-kit/adapters/infra-bootstrap.d.ts +40 -0
- package/dist/test-kit/adapters/infra-bootstrap.d.ts.map +1 -0
- package/dist/test-kit/adapters/infra-bootstrap.js +64 -0
- package/dist/test-kit/adapters/infra-bootstrap.js.map +1 -0
- package/dist/test-kit/core/contract.d.ts +49 -0
- package/dist/test-kit/core/contract.d.ts.map +1 -0
- package/dist/test-kit/core/contract.js +52 -0
- package/dist/test-kit/core/contract.js.map +1 -0
- package/dist/test-kit/core/errors.d.ts +12 -0
- package/dist/test-kit/core/errors.d.ts.map +1 -0
- package/dist/test-kit/core/errors.js +19 -0
- package/dist/test-kit/core/errors.js.map +1 -0
- package/dist/test-kit/core/factories.d.ts +24 -0
- package/dist/test-kit/core/factories.d.ts.map +1 -0
- package/dist/test-kit/core/factories.js +57 -0
- package/dist/test-kit/core/factories.js.map +1 -0
- package/dist/test-kit/core/http-client.d.ts +46 -0
- package/dist/test-kit/core/http-client.d.ts.map +1 -0
- package/dist/test-kit/core/http-client.js +63 -0
- package/dist/test-kit/core/http-client.js.map +1 -0
- package/dist/test-kit/index.d.ts +10 -0
- package/dist/test-kit/index.d.ts.map +1 -0
- package/dist/test-kit/index.js +14 -0
- package/dist/test-kit/index.js.map +1 -0
- package/dist/test-kit/infra.d.ts +6 -0
- package/dist/test-kit/infra.d.ts.map +1 -0
- package/dist/test-kit/infra.js +6 -0
- package/dist/test-kit/infra.js.map +1 -0
- package/package.json +170 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"crypto-util.d.ts","sourceRoot":"","sources":["../../../src/auth/core/crypto-util.ts"],"names":[],"mappings":"AAGA,wDAAwD;AACxD,wBAAgB,WAAW,IAAI,MAAM,CAEpC;AAED,mFAAmF;AACnF,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED,2BAA2B;AAC3B,wBAAgB,KAAK,IAAI,MAAM,CAE9B"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
/** Gedeelde crypto-helpers: onraadbare tokens en hashing van tokens voor opslag. */
|
|
2
|
+
import { createHash, randomBytes, randomUUID } from 'node:crypto';
|
|
3
|
+
/** Cryptografisch random, url-safe token (32 bytes). */
|
|
4
|
+
export function randomToken() {
|
|
5
|
+
return randomBytes(32).toString('base64url');
|
|
6
|
+
}
|
|
7
|
+
/** SHA-256-hash (hex) van een token, zodat het klare token nooit persistent is. */
|
|
8
|
+
export function hashToken(token) {
|
|
9
|
+
return createHash('sha256').update(token).digest('hex');
|
|
10
|
+
}
|
|
11
|
+
/** Random id (UUID v4). */
|
|
12
|
+
export function newId() {
|
|
13
|
+
return randomUUID();
|
|
14
|
+
}
|
|
15
|
+
//# sourceMappingURL=crypto-util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"crypto-util.js","sourceRoot":"","sources":["../../../src/auth/core/crypto-util.ts"],"names":[],"mappings":"AAAA,oFAAoF;AACpF,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAElE,wDAAwD;AACxD,MAAM,UAAU,WAAW;IACzB,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC/C,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC1D,CAAC;AAED,2BAA2B;AAC3B,MAAM,UAAU,KAAK;IACnB,OAAO,UAAU,EAAE,CAAC;AACtB,CAAC"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Foutentaxonomie voor de auth-kit. Fouten lekken nooit wachtwoord-, hash-, key- of PII-materiaal
|
|
3
|
+
* en vermijden user-enumeration (dezelfde generieke fout voor "onbekend" en "ongeldig").
|
|
4
|
+
*/
|
|
5
|
+
export declare class AuthError extends Error {
|
|
6
|
+
readonly code: string;
|
|
7
|
+
constructor(message: string, code: string);
|
|
8
|
+
}
|
|
9
|
+
/** Generieke, niet-lekkende credential-fout (geen onderscheid onbekend/verkeerd wachtwoord). */
|
|
10
|
+
export declare class InvalidCredentialsError extends AuthError {
|
|
11
|
+
constructor();
|
|
12
|
+
}
|
|
13
|
+
/** Hash-string met een onbekend/niet-ondersteund algoritme (US-0401 AC3). */
|
|
14
|
+
export declare class UnsupportedHashError extends AuthError {
|
|
15
|
+
constructor();
|
|
16
|
+
}
|
|
17
|
+
export type TokenErrorReason = 'invalid' | 'expired' | 'revoked' | 'reuse';
|
|
18
|
+
/** Token-verificatie/‑refresh mislukt; benoemt de reden zonder key/claim-materiaal. */
|
|
19
|
+
export declare class TokenError extends AuthError {
|
|
20
|
+
readonly reason: TokenErrorReason;
|
|
21
|
+
constructor(reason: TokenErrorReason);
|
|
22
|
+
}
|
|
23
|
+
export type SingleUseReason = 'invalid' | 'expired' | 'consumed';
|
|
24
|
+
/** Single-use-token inwisseling mislukt; `invalid` onthult niets (geen enumeration). */
|
|
25
|
+
export declare class SingleUseTokenError extends AuthError {
|
|
26
|
+
readonly reason: SingleUseReason;
|
|
27
|
+
constructor(reason: SingleUseReason);
|
|
28
|
+
}
|
|
29
|
+
/** Fail-fast bij een ontbrekende/contract-schendende geïnjecteerde port (US-0404 AC3). */
|
|
30
|
+
export declare class AuthConfigurationError extends AuthError {
|
|
31
|
+
constructor(portName: string, reason: string);
|
|
32
|
+
}
|
|
33
|
+
//# sourceMappingURL=errors.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/auth/core/errors.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,qBAAa,SAAU,SAAQ,KAAK;IAClC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBACV,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM;CAM1C;AAED,gGAAgG;AAChG,qBAAa,uBAAwB,SAAQ,SAAS;;CAIrD;AAED,6EAA6E;AAC7E,qBAAa,oBAAqB,SAAQ,SAAS;;CAIlD;AAED,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,GAAG,OAAO,CAAC;AAE3E,uFAAuF;AACvF,qBAAa,UAAW,SAAQ,SAAS;IACvC,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;gBACtB,MAAM,EAAE,gBAAgB;CAIrC;AAED,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;AAEjE,wFAAwF;AACxF,qBAAa,mBAAoB,SAAQ,SAAS;IAChD,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC;gBACrB,MAAM,EAAE,eAAe;CAIpC;AAED,0FAA0F;AAC1F,qBAAa,sBAAuB,SAAQ,SAAS;gBACvC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;CAG7C"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Foutentaxonomie voor de auth-kit. Fouten lekken nooit wachtwoord-, hash-, key- of PII-materiaal
|
|
3
|
+
* en vermijden user-enumeration (dezelfde generieke fout voor "onbekend" en "ongeldig").
|
|
4
|
+
*/
|
|
5
|
+
export class AuthError extends Error {
|
|
6
|
+
code;
|
|
7
|
+
constructor(message, code) {
|
|
8
|
+
super(message);
|
|
9
|
+
this.name = new.target.name;
|
|
10
|
+
this.code = code;
|
|
11
|
+
Object.setPrototypeOf(this, new.target.prototype);
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
/** Generieke, niet-lekkende credential-fout (geen onderscheid onbekend/verkeerd wachtwoord). */
|
|
15
|
+
export class InvalidCredentialsError extends AuthError {
|
|
16
|
+
constructor() {
|
|
17
|
+
super('Ongeldige inloggegevens', 'INVALID_CREDENTIALS');
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
/** Hash-string met een onbekend/niet-ondersteund algoritme (US-0401 AC3). */
|
|
21
|
+
export class UnsupportedHashError extends AuthError {
|
|
22
|
+
constructor() {
|
|
23
|
+
super('Niet-ondersteund hash-formaat', 'UNSUPPORTED_HASH');
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
/** Token-verificatie/‑refresh mislukt; benoemt de reden zonder key/claim-materiaal. */
|
|
27
|
+
export class TokenError extends AuthError {
|
|
28
|
+
reason;
|
|
29
|
+
constructor(reason) {
|
|
30
|
+
super(`Token ${reason}`, `TOKEN_${reason.toUpperCase()}`);
|
|
31
|
+
this.reason = reason;
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
/** Single-use-token inwisseling mislukt; `invalid` onthult niets (geen enumeration). */
|
|
35
|
+
export class SingleUseTokenError extends AuthError {
|
|
36
|
+
reason;
|
|
37
|
+
constructor(reason) {
|
|
38
|
+
super(`Single-use token ${reason}`, `SINGLE_USE_${reason.toUpperCase()}`);
|
|
39
|
+
this.reason = reason;
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
/** Fail-fast bij een ontbrekende/contract-schendende geïnjecteerde port (US-0404 AC3). */
|
|
43
|
+
export class AuthConfigurationError extends AuthError {
|
|
44
|
+
constructor(portName, reason) {
|
|
45
|
+
super(`Auth-configuratie ongeldig: port "${portName}" ${reason}`, 'AUTH_CONFIGURATION');
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
//# sourceMappingURL=errors.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/auth/core/errors.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,OAAO,SAAU,SAAQ,KAAK;IACzB,IAAI,CAAS;IACtB,YAAY,OAAe,EAAE,IAAY;QACvC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;QAC5B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAED,gGAAgG;AAChG,MAAM,OAAO,uBAAwB,SAAQ,SAAS;IACpD;QACE,KAAK,CAAC,yBAAyB,EAAE,qBAAqB,CAAC,CAAC;IAC1D,CAAC;CACF;AAED,6EAA6E;AAC7E,MAAM,OAAO,oBAAqB,SAAQ,SAAS;IACjD;QACE,KAAK,CAAC,+BAA+B,EAAE,kBAAkB,CAAC,CAAC;IAC7D,CAAC;CACF;AAID,uFAAuF;AACvF,MAAM,OAAO,UAAW,SAAQ,SAAS;IAC9B,MAAM,CAAmB;IAClC,YAAY,MAAwB;QAClC,KAAK,CAAC,SAAS,MAAM,EAAE,EAAE,SAAS,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAC1D,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAID,wFAAwF;AACxF,MAAM,OAAO,mBAAoB,SAAQ,SAAS;IACvC,MAAM,CAAkB;IACjC,YAAY,MAAuB;QACjC,KAAK,CAAC,oBAAoB,MAAM,EAAE,EAAE,cAAc,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAC1E,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAED,0FAA0F;AAC1F,MAAM,OAAO,sBAAuB,SAAQ,SAAS;IACnD,YAAY,QAAgB,EAAE,MAAc;QAC1C,KAAK,CAAC,qCAAqC,QAAQ,KAAK,MAAM,EAAE,EAAE,oBAAoB,CAAC,CAAC;IAC1F,CAAC;CACF"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
/** Onderteken een payload als HS256-JWT. */
|
|
2
|
+
export declare function signJwt(payload: Record<string, unknown>, secret: string): string;
|
|
3
|
+
/** Verifieer de handtekening en retourneer de payload. Gooit `TokenError('invalid')` bij een fout. */
|
|
4
|
+
export declare function verifyJwt(token: string, secret: string): Record<string, unknown>;
|
|
5
|
+
//# sourceMappingURL=jwt.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../src/auth/core/jwt.ts"],"names":[],"mappings":"AAWA,4CAA4C;AAC5C,wBAAgB,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAMhF;AAED,sGAAsG;AACtG,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAiBhF"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Minimale HS256-JWT (self-contained, ondertekend) op basis van Node-crypto — geen externe dep. Doet
|
|
3
|
+
* uitsluitend signing + signature-verificatie; TTL/revocatie zit in de token-service.
|
|
4
|
+
*/
|
|
5
|
+
import { createHmac, timingSafeEqual } from 'node:crypto';
|
|
6
|
+
import { TokenError } from './errors.js';
|
|
7
|
+
function b64url(input) {
|
|
8
|
+
return Buffer.from(input, 'utf8').toString('base64url');
|
|
9
|
+
}
|
|
10
|
+
/** Onderteken een payload als HS256-JWT. */
|
|
11
|
+
export function signJwt(payload, secret) {
|
|
12
|
+
const header = b64url(JSON.stringify({ alg: 'HS256', typ: 'JWT' }));
|
|
13
|
+
const body = b64url(JSON.stringify(payload));
|
|
14
|
+
const data = `${header}.${body}`;
|
|
15
|
+
const signature = createHmac('sha256', secret).update(data).digest('base64url');
|
|
16
|
+
return `${data}.${signature}`;
|
|
17
|
+
}
|
|
18
|
+
/** Verifieer de handtekening en retourneer de payload. Gooit `TokenError('invalid')` bij een fout. */
|
|
19
|
+
export function verifyJwt(token, secret) {
|
|
20
|
+
const parts = token.split('.');
|
|
21
|
+
if (parts.length !== 3)
|
|
22
|
+
throw new TokenError('invalid');
|
|
23
|
+
const [header, body, signature] = parts;
|
|
24
|
+
const data = `${header}.${body}`;
|
|
25
|
+
const expected = createHmac('sha256', secret).update(data).digest();
|
|
26
|
+
const actual = Buffer.from(signature, 'base64url');
|
|
27
|
+
if (expected.length !== actual.length || !timingSafeEqual(expected, actual)) {
|
|
28
|
+
throw new TokenError('invalid');
|
|
29
|
+
}
|
|
30
|
+
try {
|
|
31
|
+
const parsed = JSON.parse(Buffer.from(body, 'base64url').toString('utf8'));
|
|
32
|
+
if (typeof parsed !== 'object' || parsed === null)
|
|
33
|
+
throw new Error('geen object');
|
|
34
|
+
return parsed;
|
|
35
|
+
}
|
|
36
|
+
catch {
|
|
37
|
+
throw new TokenError('invalid');
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
//# sourceMappingURL=jwt.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../../src/auth/core/jwt.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,SAAS,MAAM,CAAC,KAAa;IAC3B,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC1D,CAAC;AAED,4CAA4C;AAC5C,MAAM,UAAU,OAAO,CAAC,OAAgC,EAAE,MAAc;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACpE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IAC7C,MAAM,IAAI,GAAG,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC;IACjC,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAChF,OAAO,GAAG,IAAI,IAAI,SAAS,EAAE,CAAC;AAChC,CAAC;AAED,sGAAsG;AACtG,MAAM,UAAU,SAAS,CAAC,KAAa,EAAE,MAAc;IACrD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;IACxD,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,CAAC,GAAG,KAAiC,CAAC;IACpE,MAAM,IAAI,GAAG,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC;IACjC,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;IACpE,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IACnD,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC;QAC5E,MAAM,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;IAClC,CAAC;IACD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QAC3E,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC;QAClF,OAAO,MAAiC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;IAClC,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Poorten & types voor de auth-kit. Het consumerende project injecteert de hashing-engine, token-
|
|
3
|
+
* en single-use-stores, en de `UserStore`/`Mailer`-ports. De kit bevat geen gebruikers- of
|
|
4
|
+
* domeinkennis.
|
|
5
|
+
*/
|
|
6
|
+
/** Injecteerbare klok (ms sinds epoch); default `Date.now`. Maakt TTL-gedrag deterministisch testbaar. */
|
|
7
|
+
export type Clock = () => number;
|
|
8
|
+
export interface VerifyResult {
|
|
9
|
+
valid: boolean;
|
|
10
|
+
/** True als de hash met zwakkere parameters is gemaakt dan de huidige config. */
|
|
11
|
+
needsRehash: boolean;
|
|
12
|
+
}
|
|
13
|
+
export interface PasswordHasher {
|
|
14
|
+
hash(password: string): Promise<string>;
|
|
15
|
+
verify(password: string, hash: string): Promise<VerifyResult>;
|
|
16
|
+
}
|
|
17
|
+
export interface TokenConfig {
|
|
18
|
+
/** Signing-key (bij voorkeur als secret via config-kit geladen). */
|
|
19
|
+
secret: string;
|
|
20
|
+
accessTtlSeconds: number;
|
|
21
|
+
refreshTtlSeconds: number;
|
|
22
|
+
issuer?: string;
|
|
23
|
+
}
|
|
24
|
+
export interface RefreshRecord {
|
|
25
|
+
/** Hash van het klare refresh-token. */
|
|
26
|
+
id: string;
|
|
27
|
+
subject: string;
|
|
28
|
+
/** ms sinds epoch. */
|
|
29
|
+
expiresAt: number;
|
|
30
|
+
/** ms sinds epoch waarop dit token is ingewisseld (rotatie/hergebruik-detectie). */
|
|
31
|
+
usedAt?: number;
|
|
32
|
+
}
|
|
33
|
+
/** Opslag voor refresh-token-rotatie en access-token-revocatie. */
|
|
34
|
+
export interface TokenStore {
|
|
35
|
+
saveRefresh(record: RefreshRecord): Promise<void>;
|
|
36
|
+
findRefresh(id: string): Promise<RefreshRecord | null>;
|
|
37
|
+
/** Markeer een refresh-token als ingewisseld; retourneer `false` als het al gebruikt is. */
|
|
38
|
+
markRefreshUsed(id: string): Promise<boolean>;
|
|
39
|
+
denyAccess(jti: string, expiresAt: number): Promise<void>;
|
|
40
|
+
isAccessDenied(jti: string): Promise<boolean>;
|
|
41
|
+
}
|
|
42
|
+
export interface IssuedTokens {
|
|
43
|
+
accessToken: string;
|
|
44
|
+
refreshToken: string;
|
|
45
|
+
expiresInSeconds: number;
|
|
46
|
+
}
|
|
47
|
+
export interface VerifiedAccess {
|
|
48
|
+
subject: string;
|
|
49
|
+
claims: Record<string, unknown>;
|
|
50
|
+
jti: string;
|
|
51
|
+
}
|
|
52
|
+
export interface SingleUseRecord {
|
|
53
|
+
/** Hash van het klare token. */
|
|
54
|
+
id: string;
|
|
55
|
+
purpose: string;
|
|
56
|
+
payload: unknown;
|
|
57
|
+
expiresAt: number;
|
|
58
|
+
consumedAt?: number;
|
|
59
|
+
}
|
|
60
|
+
export interface SingleUseStore {
|
|
61
|
+
save(record: SingleUseRecord): Promise<void>;
|
|
62
|
+
find(id: string): Promise<SingleUseRecord | null>;
|
|
63
|
+
/** Atomair verbruiken; `true` als het nu net verbruikt is, `false` als het al verbruikt was. */
|
|
64
|
+
markConsumed(id: string): Promise<boolean>;
|
|
65
|
+
}
|
|
66
|
+
export interface SingleUseConfig {
|
|
67
|
+
/** TTL (seconden) per purpose, bv. `{ 'password-reset': 3600 }`. */
|
|
68
|
+
ttlByPurpose?: Record<string, number>;
|
|
69
|
+
defaultTtlSeconds?: number;
|
|
70
|
+
}
|
|
71
|
+
export interface UserRecord {
|
|
72
|
+
id: string;
|
|
73
|
+
/** Login-identifier (bv. e-mail); de kit interpreteert dit niet. */
|
|
74
|
+
identifier: string;
|
|
75
|
+
passwordHash?: string;
|
|
76
|
+
verified?: boolean;
|
|
77
|
+
[key: string]: unknown;
|
|
78
|
+
}
|
|
79
|
+
export interface UserStore {
|
|
80
|
+
findByIdentifier(identifier: string): Promise<UserRecord | null>;
|
|
81
|
+
findById(id: string): Promise<UserRecord | null>;
|
|
82
|
+
save(user: UserRecord): Promise<UserRecord>;
|
|
83
|
+
}
|
|
84
|
+
export interface MailMessage {
|
|
85
|
+
to: string;
|
|
86
|
+
subject: string;
|
|
87
|
+
text?: string;
|
|
88
|
+
html?: string;
|
|
89
|
+
/** Vrije data die een concrete mailer-adapter (mailer-kit) kan gebruiken voor templating. */
|
|
90
|
+
data?: Record<string, unknown>;
|
|
91
|
+
}
|
|
92
|
+
export interface Mailer {
|
|
93
|
+
send(message: MailMessage): Promise<void>;
|
|
94
|
+
}
|
|
95
|
+
//# sourceMappingURL=ports.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ports.d.ts","sourceRoot":"","sources":["../../../src/auth/core/ports.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,0GAA0G;AAC1G,MAAM,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC;AAIjC,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,OAAO,CAAC;IACf,iFAAiF;IACjF,WAAW,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACxC,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;CAC/D;AAID,MAAM,WAAW,WAAW;IAC1B,oEAAoE;IACpE,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,sBAAsB;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,mEAAmE;AACnE,MAAM,WAAW,UAAU;IACzB,WAAW,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClD,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IACvD,4FAA4F;IAC5F,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC9C,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1D,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,YAAY;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,GAAG,EAAE,MAAM,CAAC;CACb;AAID,MAAM,WAAW,eAAe;IAC9B,gCAAgC;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,CAAC,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,IAAI,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC;IAClD,gGAAgG;IAChG,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC5C;AAED,MAAM,WAAW,eAAe;IAC9B,oEAAoE;IACpE,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAID,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,oEAAoE;IACpE,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,SAAS;IACxB,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACjE,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACjD,IAAI,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;CAC7C;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,6FAA6F;IAC7F,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,MAAM;IACrB,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3C"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Poorten & types voor de auth-kit. Het consumerende project injecteert de hashing-engine, token-
|
|
3
|
+
* en single-use-stores, en de `UserStore`/`Mailer`-ports. De kit bevat geen gebruikers- of
|
|
4
|
+
* domeinkennis.
|
|
5
|
+
*/
|
|
6
|
+
export {};
|
|
7
|
+
//# sourceMappingURL=ports.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ports.js","sourceRoot":"","sources":["../../../src/auth/core/ports.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import type { Clock, SingleUseConfig, SingleUseStore } from './ports.js';
|
|
2
|
+
export declare class SingleUseTokenService {
|
|
3
|
+
#private;
|
|
4
|
+
constructor(config: SingleUseConfig, store: SingleUseStore, clock?: Clock);
|
|
5
|
+
/** Geef een token uit voor een purpose met bijbehorende payload; retourneert het klare token. */
|
|
6
|
+
issue(purpose: string, payload: unknown): Promise<string>;
|
|
7
|
+
/** Wissel een token exact één keer in; retourneert de payload of gooit een {@link SingleUseTokenError}. */
|
|
8
|
+
consume(token: string, purpose: string): Promise<unknown>;
|
|
9
|
+
}
|
|
10
|
+
//# sourceMappingURL=single-use.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"single-use.d.ts","sourceRoot":"","sources":["../../../src/auth/core/single-use.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAIzE,qBAAa,qBAAqB;;gBAKpB,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,GAAE,KAAgB;IAMnF,iGAAiG;IAC3F,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IAa/D,2GAA2G;IACrG,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAUhE"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* US-0403 — Single-use tokens met TTL (verify/reset/invite).
|
|
3
|
+
*
|
|
4
|
+
* Genereert onraadbare tokens per purpose, slaat alleen de gehashte variant op via de
|
|
5
|
+
* {@link SingleUseStore}-poort en wisselt exact één keer in (atomair). Ongeldige tokens leveren een
|
|
6
|
+
* generieke `invalid`-fout op (geen enumeration van purpose/payload).
|
|
7
|
+
*/
|
|
8
|
+
import { hashToken, randomToken } from './crypto-util.js';
|
|
9
|
+
import { SingleUseTokenError } from './errors.js';
|
|
10
|
+
const DEFAULT_TTL_SECONDS = 3600;
|
|
11
|
+
export class SingleUseTokenService {
|
|
12
|
+
#config;
|
|
13
|
+
#store;
|
|
14
|
+
#clock;
|
|
15
|
+
constructor(config, store, clock = Date.now) {
|
|
16
|
+
this.#config = config;
|
|
17
|
+
this.#store = store;
|
|
18
|
+
this.#clock = clock;
|
|
19
|
+
}
|
|
20
|
+
/** Geef een token uit voor een purpose met bijbehorende payload; retourneert het klare token. */
|
|
21
|
+
async issue(purpose, payload) {
|
|
22
|
+
const token = randomToken();
|
|
23
|
+
const ttl = this.#config.ttlByPurpose?.[purpose] ?? this.#config.defaultTtlSeconds ?? DEFAULT_TTL_SECONDS;
|
|
24
|
+
await this.#store.save({
|
|
25
|
+
id: hashToken(token),
|
|
26
|
+
purpose,
|
|
27
|
+
payload,
|
|
28
|
+
expiresAt: this.#clock() + ttl * 1000,
|
|
29
|
+
});
|
|
30
|
+
return token;
|
|
31
|
+
}
|
|
32
|
+
/** Wissel een token exact één keer in; retourneert de payload of gooit een {@link SingleUseTokenError}. */
|
|
33
|
+
async consume(token, purpose) {
|
|
34
|
+
const id = hashToken(token);
|
|
35
|
+
const record = await this.#store.find(id);
|
|
36
|
+
// `invalid` voor niet-bestaand én verkeerde purpose: geen enumeration.
|
|
37
|
+
if (!record || record.purpose !== purpose)
|
|
38
|
+
throw new SingleUseTokenError('invalid');
|
|
39
|
+
if (this.#clock() > record.expiresAt)
|
|
40
|
+
throw new SingleUseTokenError('expired');
|
|
41
|
+
const consumed = await this.#store.markConsumed(id);
|
|
42
|
+
if (!consumed)
|
|
43
|
+
throw new SingleUseTokenError('consumed');
|
|
44
|
+
return record.payload;
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
//# sourceMappingURL=single-use.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"single-use.js","sourceRoot":"","sources":["../../../src/auth/core/single-use.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAGlD,MAAM,mBAAmB,GAAG,IAAI,CAAC;AAEjC,MAAM,OAAO,qBAAqB;IACvB,OAAO,CAAkB;IACzB,MAAM,CAAiB;IACvB,MAAM,CAAQ;IAEvB,YAAY,MAAuB,EAAE,KAAqB,EAAE,QAAe,IAAI,CAAC,GAAG;QACjF,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;IACtB,CAAC;IAED,iGAAiG;IACjG,KAAK,CAAC,KAAK,CAAC,OAAe,EAAE,OAAgB;QAC3C,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;QAC5B,MAAM,GAAG,GACP,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,iBAAiB,IAAI,mBAAmB,CAAC;QAChG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YACrB,EAAE,EAAE,SAAS,CAAC,KAAK,CAAC;YACpB,OAAO;YACP,OAAO;YACP,SAAS,EAAE,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,GAAG,IAAI;SACtC,CAAC,CAAC;QACH,OAAO,KAAK,CAAC;IACf,CAAC;IAED,2GAA2G;IAC3G,KAAK,CAAC,OAAO,CAAC,KAAa,EAAE,OAAe;QAC1C,MAAM,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC1C,uEAAuE;QACvE,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO;YAAE,MAAM,IAAI,mBAAmB,CAAC,SAAS,CAAC,CAAC;QACpF,IAAI,IAAI,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,SAAS;YAAE,MAAM,IAAI,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAC/E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACpD,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,mBAAmB,CAAC,UAAU,CAAC,CAAC;QACzD,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;CACF"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import type { Clock, IssuedTokens, TokenConfig, TokenStore, VerifiedAccess } from './ports.js';
|
|
2
|
+
export declare class TokenService {
|
|
3
|
+
#private;
|
|
4
|
+
constructor(config: TokenConfig, store: TokenStore, clock?: Clock);
|
|
5
|
+
issue(subject: string, claims?: Record<string, unknown>): Promise<IssuedTokens>;
|
|
6
|
+
verify(accessToken: string): Promise<VerifiedAccess>;
|
|
7
|
+
/** Wissel een refresh-token in voor een nieuw paar (rotatie). Hergebruik → `TokenError('reuse')`. */
|
|
8
|
+
refresh(refreshToken: string): Promise<IssuedTokens>;
|
|
9
|
+
/** Trek een access-token in (denylist op `jti` tot aan zijn expiry). */
|
|
10
|
+
revokeAccess(accessToken: string): Promise<void>;
|
|
11
|
+
/** Trek een refresh-token in (markeer als gebruikt). */
|
|
12
|
+
revokeRefresh(refreshToken: string): Promise<void>;
|
|
13
|
+
}
|
|
14
|
+
//# sourceMappingURL=tokens.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tokens.d.ts","sourceRoot":"","sources":["../../../src/auth/core/tokens.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EACV,KAAK,EACL,YAAY,EACZ,WAAW,EACX,UAAU,EACV,cAAc,EACf,MAAM,YAAY,CAAC;AAIpB,qBAAa,YAAY;;gBAKX,MAAM,EAAE,WAAW,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,GAAE,KAAgB;IAMrE,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAwBnF,MAAM,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAgB1D,qGAAqG;IAC/F,OAAO,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAU1D,wEAAwE;IAClE,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAStD,wDAAwD;IAClD,aAAa,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGzD"}
|
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* US-0402 — Token-service: issue/verify/refresh/revoke.
|
|
3
|
+
*
|
|
4
|
+
* Access-tokens zijn ondertekende JWT's; refresh-tokens zijn opaque en worden (gehasht) via de
|
|
5
|
+
* {@link TokenStore}-poort bijgehouden voor rotatie en hergebruik-detectie. Access-revocatie loopt via
|
|
6
|
+
* een denylist op `jti`. Signing-key/TTL's komen uit config; de core kent geen opslag of domein.
|
|
7
|
+
*/
|
|
8
|
+
import { hashToken, randomToken } from './crypto-util.js';
|
|
9
|
+
import { TokenError } from './errors.js';
|
|
10
|
+
import { signJwt, verifyJwt } from './jwt.js';
|
|
11
|
+
const RESERVED_CLAIMS = new Set(['sub', 'jti', 'iat', 'exp', 'iss']);
|
|
12
|
+
export class TokenService {
|
|
13
|
+
#config;
|
|
14
|
+
#store;
|
|
15
|
+
#clock;
|
|
16
|
+
constructor(config, store, clock = Date.now) {
|
|
17
|
+
this.#config = config;
|
|
18
|
+
this.#store = store;
|
|
19
|
+
this.#clock = clock;
|
|
20
|
+
}
|
|
21
|
+
async issue(subject, claims = {}) {
|
|
22
|
+
const now = this.#clock();
|
|
23
|
+
const jti = randomToken();
|
|
24
|
+
const nowSec = Math.floor(now / 1000);
|
|
25
|
+
const payload = {
|
|
26
|
+
...claims,
|
|
27
|
+
sub: subject,
|
|
28
|
+
jti,
|
|
29
|
+
iat: nowSec,
|
|
30
|
+
exp: nowSec + this.#config.accessTtlSeconds,
|
|
31
|
+
};
|
|
32
|
+
if (this.#config.issuer)
|
|
33
|
+
payload['iss'] = this.#config.issuer;
|
|
34
|
+
const accessToken = signJwt(payload, this.#config.secret);
|
|
35
|
+
const refreshToken = randomToken();
|
|
36
|
+
await this.#store.saveRefresh({
|
|
37
|
+
id: hashToken(refreshToken),
|
|
38
|
+
subject,
|
|
39
|
+
expiresAt: now + this.#config.refreshTtlSeconds * 1000,
|
|
40
|
+
});
|
|
41
|
+
return { accessToken, refreshToken, expiresInSeconds: this.#config.accessTtlSeconds };
|
|
42
|
+
}
|
|
43
|
+
async verify(accessToken) {
|
|
44
|
+
const payload = verifyJwt(accessToken, this.#config.secret);
|
|
45
|
+
const nowSec = Math.floor(this.#clock() / 1000);
|
|
46
|
+
if (typeof payload['exp'] === 'number' && nowSec > payload['exp']) {
|
|
47
|
+
throw new TokenError('expired');
|
|
48
|
+
}
|
|
49
|
+
const jti = String(payload['jti'] ?? '');
|
|
50
|
+
if (await this.#store.isAccessDenied(jti))
|
|
51
|
+
throw new TokenError('revoked');
|
|
52
|
+
const claims = {};
|
|
53
|
+
for (const [key, value] of Object.entries(payload)) {
|
|
54
|
+
if (!RESERVED_CLAIMS.has(key))
|
|
55
|
+
claims[key] = value;
|
|
56
|
+
}
|
|
57
|
+
return { subject: String(payload['sub'] ?? ''), claims, jti };
|
|
58
|
+
}
|
|
59
|
+
/** Wissel een refresh-token in voor een nieuw paar (rotatie). Hergebruik → `TokenError('reuse')`. */
|
|
60
|
+
async refresh(refreshToken) {
|
|
61
|
+
const id = hashToken(refreshToken);
|
|
62
|
+
const record = await this.#store.findRefresh(id);
|
|
63
|
+
if (!record)
|
|
64
|
+
throw new TokenError('invalid');
|
|
65
|
+
if (this.#clock() > record.expiresAt)
|
|
66
|
+
throw new TokenError('expired');
|
|
67
|
+
const rotated = await this.#store.markRefreshUsed(id);
|
|
68
|
+
if (!rotated)
|
|
69
|
+
throw new TokenError('reuse');
|
|
70
|
+
return this.issue(record.subject);
|
|
71
|
+
}
|
|
72
|
+
/** Trek een access-token in (denylist op `jti` tot aan zijn expiry). */
|
|
73
|
+
async revokeAccess(accessToken) {
|
|
74
|
+
const payload = verifyJwt(accessToken, this.#config.secret);
|
|
75
|
+
const expiresAt = typeof payload['exp'] === 'number'
|
|
76
|
+
? payload['exp'] * 1000
|
|
77
|
+
: this.#clock() + this.#config.accessTtlSeconds * 1000;
|
|
78
|
+
await this.#store.denyAccess(String(payload['jti'] ?? ''), expiresAt);
|
|
79
|
+
}
|
|
80
|
+
/** Trek een refresh-token in (markeer als gebruikt). */
|
|
81
|
+
async revokeRefresh(refreshToken) {
|
|
82
|
+
await this.#store.markRefreshUsed(hashToken(refreshToken));
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
//# sourceMappingURL=tokens.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tokens.js","sourceRoot":"","sources":["../../../src/auth/core/tokens.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAS9C,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAErE,MAAM,OAAO,YAAY;IACd,OAAO,CAAc;IACrB,MAAM,CAAa;IACnB,MAAM,CAAQ;IAEvB,YAAY,MAAmB,EAAE,KAAiB,EAAE,QAAe,IAAI,CAAC,GAAG;QACzE,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,OAAe,EAAE,SAAkC,EAAE;QAC/D,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;QACtC,MAAM,OAAO,GAA4B;YACvC,GAAG,MAAM;YACT,GAAG,EAAE,OAAO;YACZ,GAAG;YACH,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB;SAC5C,CAAC;QACF,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM;YAAE,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QAE9D,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC1D,MAAM,YAAY,GAAG,WAAW,EAAE,CAAC;QACnC,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;YAC5B,EAAE,EAAE,SAAS,CAAC,YAAY,CAAC;YAC3B,OAAO;YACP,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,GAAG,IAAI;SACvD,CAAC,CAAC;QAEH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,gBAAgB,EAAE,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;IACxF,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,WAAmB;QAC9B,MAAM,OAAO,GAAG,SAAS,CAAC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC;QAChD,IAAI,OAAO,OAAO,CAAC,KAAK,CAAC,KAAK,QAAQ,IAAI,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAClE,MAAM,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACzC,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC;YAAE,MAAM,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;QAE3E,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACnD,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACrD,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;IAChE,CAAC;IAED,qGAAqG;IACrG,KAAK,CAAC,OAAO,CAAC,YAAoB;QAChC,MAAM,EAAE,GAAG,SAAS,CAAC,YAAY,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,IAAI,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,SAAS;YAAE,MAAM,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;QACtE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IAED,wEAAwE;IACxE,KAAK,CAAC,YAAY,CAAC,WAAmB;QACpC,MAAM,OAAO,GAAG,SAAS,CAAC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,MAAM,SAAS,GACb,OAAO,OAAO,CAAC,KAAK,CAAC,KAAK,QAAQ;YAChC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI;YACvB,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;QAC3D,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,EAAE,SAAS,CAAC,CAAC;IACxE,CAAC;IAED,wDAAwD;IACxD,KAAK,CAAC,aAAa,CAAC,YAAoB;QACtC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC;IAC7D,CAAC;CACF"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `auth` kit — domein-loze identiteit & credentials: argon2id-hashing met rehash-policy, een token-
|
|
3
|
+
* service (JWT + opaque refresh met rotatie/revocatie), single-use TTL-tokens en de `UserStore`/
|
|
4
|
+
* `Mailer`-integratieports. Pure core + adapters; geen gebruikers- of domeinkennis.
|
|
5
|
+
*
|
|
6
|
+
* De NestJS-adapter zit onder `webapp-factory/backend-foundation/auth/nestjs`.
|
|
7
|
+
*/
|
|
8
|
+
export { CredentialService } from './core/credentials.js';
|
|
9
|
+
export { TokenService } from './core/tokens.js';
|
|
10
|
+
export { SingleUseTokenService } from './core/single-use.js';
|
|
11
|
+
export { AuthService, createAuthService, type AuthServiceDeps, type AuthPurposes, type PublicUser, } from './core/auth-service.js';
|
|
12
|
+
export { signJwt, verifyJwt } from './core/jwt.js';
|
|
13
|
+
export { randomToken, hashToken, newId } from './core/crypto-util.js';
|
|
14
|
+
export type { Clock, PasswordHasher, VerifyResult, TokenConfig, TokenStore, RefreshRecord, IssuedTokens, VerifiedAccess, SingleUseStore, SingleUseRecord, SingleUseConfig, UserStore, UserRecord, Mailer, MailMessage, } from './core/ports.js';
|
|
15
|
+
export { AuthError, InvalidCredentialsError, UnsupportedHashError, TokenError, SingleUseTokenError, AuthConfigurationError, type TokenErrorReason, type SingleUseReason, } from './core/errors.js';
|
|
16
|
+
export { argon2idHasher, type Argon2idParams } from './adapters/argon2id-hasher.js';
|
|
17
|
+
export { inMemoryTokenStore, inMemorySingleUseStore, inMemoryUserStore, inMemoryMailer, } from './adapters/in-memory-stores.js';
|
|
18
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,UAAU,GAChB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAGnD,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAGtE,YAAY,EACV,KAAK,EACL,cAAc,EACd,YAAY,EACZ,WAAW,EACX,UAAU,EACV,aAAa,EACb,YAAY,EACZ,cAAc,EACd,cAAc,EACd,eAAe,EACf,eAAe,EACf,SAAS,EACT,UAAU,EACV,MAAM,EACN,WAAW,GACZ,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACL,SAAS,EACT,uBAAuB,EACvB,oBAAoB,EACpB,UAAU,EACV,mBAAmB,EACnB,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,KAAK,eAAe,GACrB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EAAE,cAAc,EAAE,KAAK,cAAc,EAAE,MAAM,+BAA+B,CAAC;AACpF,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,iBAAiB,EACjB,cAAc,GACf,MAAM,gCAAgC,CAAC"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `auth` kit — domein-loze identiteit & credentials: argon2id-hashing met rehash-policy, een token-
|
|
3
|
+
* service (JWT + opaque refresh met rotatie/revocatie), single-use TTL-tokens en de `UserStore`/
|
|
4
|
+
* `Mailer`-integratieports. Pure core + adapters; geen gebruikers- of domeinkennis.
|
|
5
|
+
*
|
|
6
|
+
* De NestJS-adapter zit onder `webapp-factory/backend-foundation/auth/nestjs`.
|
|
7
|
+
*/
|
|
8
|
+
// Services (US-0401..0404)
|
|
9
|
+
export { CredentialService } from './core/credentials.js';
|
|
10
|
+
export { TokenService } from './core/tokens.js';
|
|
11
|
+
export { SingleUseTokenService } from './core/single-use.js';
|
|
12
|
+
export { AuthService, createAuthService, } from './core/auth-service.js';
|
|
13
|
+
// JWT-helpers
|
|
14
|
+
export { signJwt, verifyJwt } from './core/jwt.js';
|
|
15
|
+
// Crypto-helpers
|
|
16
|
+
export { randomToken, hashToken, newId } from './core/crypto-util.js';
|
|
17
|
+
// Fouten
|
|
18
|
+
export { AuthError, InvalidCredentialsError, UnsupportedHashError, TokenError, SingleUseTokenError, AuthConfigurationError, } from './core/errors.js';
|
|
19
|
+
// Adapters
|
|
20
|
+
export { argon2idHasher } from './adapters/argon2id-hasher.js';
|
|
21
|
+
export { inMemoryTokenStore, inMemorySingleUseStore, inMemoryUserStore, inMemoryMailer, } from './adapters/in-memory-stores.js';
|
|
22
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,2BAA2B;AAC3B,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,WAAW,EACX,iBAAiB,GAIlB,MAAM,wBAAwB,CAAC;AAEhC,cAAc;AACd,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAEnD,iBAAiB;AACjB,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAqBtE,SAAS;AACT,OAAO,EACL,SAAS,EACT,uBAAuB,EACvB,oBAAoB,EACpB,UAAU,EACV,mBAAmB,EACnB,sBAAsB,GAGvB,MAAM,kBAAkB,CAAC;AAE1B,WAAW;AACX,OAAO,EAAE,cAAc,EAAuB,MAAM,+BAA+B,CAAC;AACpF,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,iBAAiB,EACjB,cAAc,GACf,MAAM,gCAAgC,CAAC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Dunne NestJS-adapter: stelt een fail-fast-gevalideerde {@link AuthService} beschikbaar via DI. De
|
|
3
|
+
* Nest-types zijn `import type` (geen runtime-dep op `@nestjs/common`; optionele peer).
|
|
4
|
+
*/
|
|
5
|
+
import type { DynamicModule, InjectionToken } from '@nestjs/common';
|
|
6
|
+
import { type AuthServiceDeps } from '../core/auth-service.js';
|
|
7
|
+
/** DI-token waaronder de auth-service beschikbaar is. */
|
|
8
|
+
export declare const AUTH_SERVICE: unique symbol;
|
|
9
|
+
export interface AuthKitModuleOptions extends AuthServiceDeps {
|
|
10
|
+
global?: boolean;
|
|
11
|
+
token?: InjectionToken;
|
|
12
|
+
}
|
|
13
|
+
export declare class AuthKitModule {
|
|
14
|
+
/** Bouwt (fail-fast) de auth-service en registreert deze onder het token. */
|
|
15
|
+
static forRoot(options: AuthKitModuleOptions): DynamicModule;
|
|
16
|
+
}
|
|
17
|
+
//# sourceMappingURL=auth.module.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.module.d.ts","sourceRoot":"","sources":["../../../src/auth/nestjs/auth.module.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAY,MAAM,gBAAgB,CAAC;AAC9E,OAAO,EAAuC,KAAK,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAEpG,yDAAyD;AACzD,eAAO,MAAM,YAAY,eAAiC,CAAC;AAE3D,MAAM,WAAW,oBAAqB,SAAQ,eAAe;IAC3D,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,cAAc,CAAC;CACxB;AAED,qBAAa,aAAa;IACxB,6EAA6E;IAC7E,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,oBAAoB,GAAG,aAAa;CAW7D"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { createAuthService } from '../core/auth-service.js';
|
|
2
|
+
/** DI-token waaronder de auth-service beschikbaar is. */
|
|
3
|
+
export const AUTH_SERVICE = Symbol.for('auth-kit.service');
|
|
4
|
+
export class AuthKitModule {
|
|
5
|
+
/** Bouwt (fail-fast) de auth-service en registreert deze onder het token. */
|
|
6
|
+
static forRoot(options) {
|
|
7
|
+
const service = createAuthService(options);
|
|
8
|
+
const token = options.token ?? AUTH_SERVICE;
|
|
9
|
+
const provider = { provide: token, useValue: service };
|
|
10
|
+
return {
|
|
11
|
+
module: AuthKitModule,
|
|
12
|
+
global: options.global ?? true,
|
|
13
|
+
providers: [provider],
|
|
14
|
+
exports: [token],
|
|
15
|
+
};
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
//# sourceMappingURL=auth.module.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.module.js","sourceRoot":"","sources":["../../../src/auth/nestjs/auth.module.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,iBAAiB,EAA0C,MAAM,yBAAyB,CAAC;AAEpG,yDAAyD;AACzD,MAAM,CAAC,MAAM,YAAY,GAAG,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;AAO3D,MAAM,OAAO,aAAa;IACxB,6EAA6E;IAC7E,MAAM,CAAC,OAAO,CAAC,OAA6B;QAC1C,MAAM,OAAO,GAAgB,iBAAiB,CAAC,OAAO,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,YAAY,CAAC;QAC5C,MAAM,QAAQ,GAAa,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;QACjE,OAAO;YACL,MAAM,EAAE,aAAa;YACrB,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,IAAI;YAC9B,SAAS,EAAE,CAAC,QAAQ,CAAC;YACrB,OAAO,EAAE,CAAC,KAAK,CAAC;SACjB,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"in-memory-store.d.ts","sourceRoot":"","sources":["../../../src/cache/adapters/in-memory-store.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAOvE,wBAAgB,kBAAkB,CAAC,OAAO,GAAE;IAAE,KAAK,CAAC,EAAE,KAAK,CAAA;CAAO,GAAG,UAAU,CAyC9E;AAED,wBAAgB,cAAc,IAAI,WAAW,CAgB5C"}
|