wirejs-resources 0.1.1-alpha → 0.1.2-alpha

package/lib/index.js

@@ -1,4 +1,5 @@
 export { FileService } from './services/file.js';
 export { AuthenticationService } from './services/authentication.js';
 export { CookieJar } from './adapters/cookie-jar.js';
-export { withContext, requiresContext, Context } from './adapters/context.js';
+export { withContext, requiresContext, Context } from './adapters/context.js';
+export { Resource } from './resource.js';

package/lib/resource.js

@@ -0,0 +1,32 @@
+export class Resource {
+	/**
+	 * @type {Resource | string}
+	 */
+	scope;
+
+	/**
+	 * @type {string}
+	 */
+	id;
+
+	/**
+	 * 
+	 * @param {Resource | string} scope
+	 * @param {string} id 
+	 */
+	constructor(scope, id) {
+		this.scope = scope;
+		this.id = id;
+	}
+
+	get absoluteId() {
+		const sanitizedId = encodeURIComponent(this.id);
+		if (typeof this.scope === 'string') {
+			return `${encodeURIComponent(this.scope)}/${sanitizedId}`;
+		} else if (typeof this.scope?.id === 'string') {
+			return `${this.scope.absoluteId}/${sanitizedId}`;
+		} else {
+			throw new Error("Resources must defined within a scope. Provide either a namespace string or parent resource.");
+		}
+	}
+}

package/lib/resources/secret.js

@@ -1,48 +1,50 @@
-import process from 'process';
-import fs from 'fs';
-import path from 'path';
 import crypto from 'crypto';
+import { Resource } from '../resource.js';
+import { FileService } from '../services/file.js';
 
-const CWD = process.cwd();
+const FILENAME = 'secret';
 
-/**
- * @type {Map<string, Secret>}
- */
-const secrets = new Map();
+export class Secret extends Resource {
+	/**
+	 * @type {FileService}
+	 */
+	#fileService;
 
-export class Secret {
-	#id;
+	/**
+	 * @type {Promise<any>}
+	 */
+	#initPromise;
 
 	/**
+	 * @param {Resource | string}
 	 * @param {string} id 
-	 * @param {string} [value]
 	 */
-	constructor(id, value) {
-		this.#id = id;
-		secrets.set(id, this);
-		if (!fs.existsSync(this.#filename())) {
-			fs.mkdirSync(path.dirname(this.#filename()), { recursive: true });
-			fs.writeFileSync(
-				this.#filename(),
-				value ?? crypto.randomBytes(64).toString('base64url')
-			);
-		}
-	}
-
-	#filename() {
-		const sanitizedId = this.id.replace('~', '-').replace(/\.+/g, '.');
-		return path.join(CWD, 'temp', 'wirejs-services', 'secrets', sanitizedId);
-	}
-
-	get id() {
-		return this.#id;
+	constructor(scope, id) {
+		super(scope, id);
+		this.#fileService = new FileService(this, 'files');
+		
+		this.#initPromise = this.#fileService.write(
+			FILENAME,
+			JSON.stringify(crypto.randomBytes(64).toString('base64url')),
+			{ onlyIfNotExists: true }
+		).catch(error => {
+			if (!this.#fileService.isAlreadyExistsError(error)) throw error;
+		});
 	}
 
+	/**
+	 * @returns {any}
+	 */
 	async read() {
-		return fs.promises.readFile(this.#filename(), 'utf8');
+		await this.#initPromise;
+		return JSON.parse(await this.#fileService.read(FILENAME));
 	}
 
-	async write(value) {
-		fs.promises.writeFile(this.#filename(), value);
+	/**
+	 * @param {any} data 
+	 */
+	async write(data) {
+		await this.#initPromise;
+		await this.#fileService.write(FILENAME, JSON.stringify(data));
 	}
 }

package/lib/services/authentication.js

@@ -1,18 +1,40 @@
-import process from 'process';
-import fs from 'fs';
-import path from 'path';
+import { scrypt, randomBytes } from 'crypto';
 
 import * as jose from 'jose';
-import bcrypt from 'bcrypt';
 
+import { Resource } from '../resource.js';
 import { Secret } from '../resources/secret.js';
+import { FileService } from './file.js';
 import { CookieJar } from '../adapters/cookie-jar.js';
 import { withContext } from '../adapters/context.js';
 
-const CWD = process.cwd();
-const SALT_ROUNDS = 10;
 
-const signingSecret = new Secret('wirejs-services/auth-jwt-signing-secret');
+/**
+ * @param {string} password 
+ * @param {string} [salt]
+ */
+function hash(password, salt) {
+	return new Promise((resolve, reject) => {
+		const finalSalt = salt || randomBytes(16).toString('hex');
+		scrypt(password, finalSalt, 64, (err, key) => {
+			if (err) {
+				reject(err);
+			} else {
+				resolve(`${finalSalt}$${key.toString('hex')}`);
+			}
+		})
+	});
+}
+
+/**
+ * @param {string} password 
+ * @param {string} passwordHash 
+ */
+async function verifyHash(password, passwordHash) {
+	const [saltPart, _hashPart] = passwordHash.split('$');
+	const rehashed = await hash(password, saltPart);
+	return rehashed === passwordHash;
+}
 
 /**
  * @typedef {{
@@ -77,33 +99,41 @@ const signingSecret = new Secret('wirejs-services/auth-jwt-signing-secret');
  * @property {string} [cookie] - The name of the cookie to use to store the authentication state JWT.
  */
 
-/**
- * @type {Map<string, AuthService>}
- */
-const services = new Map();
-
 const ONE_WEEK = 7 * 24 * 60 * 60; // days * hours/day * minutes/hour * seconds/minute
 
-export class AuthenticationService {
-	id;
+export class AuthenticationService extends Resource {
 	#duration;
 	#keepalive;
 	#cookieName;
+
+	/**
+	 * @type {Secret}
+	 */
+	#rawSigningSecret;
+
+	/**
+	 * @type {Promise<Uint8Array<ArrayBufferLike>> | undefined}
+	 */
 	#signingSecret;
 
 	#users;
 
 	/**
 	 * 
+	 * @param {Resource | string} scope
 	 * @param {string} id 
 	 * @param {AuthenticationServiceOptions} [options]
 	 */
-	constructor(id, { duration, keepalive, cookie } = {}) {
-		this.id = id;
+	constructor(scope, id, { duration, keepalive, cookie } = {}) {
+		super(scope, id);
+
 		this.#duration = duration || ONE_WEEK;
 		this.#keepalive = !!keepalive;
 		this.#cookieName = cookie ?? 'identity';
 
+		this.#rawSigningSecret = new Secret(this, 'jwt-signing-secret');
+		const fileService = new FileService(this, 'files');
+
 		this.#users = {
 			id,
 			
@@ -113,7 +143,7 @@ export class AuthenticationService {
 			 */
 			async get(username) {
 				try {
-					const data = await fs.promises.readFile(this.filenameFor(username));
+					const data = await fileService.read(this.filenameFor(username));
 					return JSON.parse(data);
 				} catch {
 					return undefined;
@@ -125,14 +155,7 @@ export class AuthenticationService {
 			 * @param {User} user
 			 */
 			async set(username, details) {
-				await fs.promises.mkdir(
-					path.dirname(this.filenameFor(username)),
-					{ recursive: true }
-				);
-				await fs.promises.writeFile(
-					this.filenameFor(username),
-					JSON.stringify(details)
-				);
+				await fileService.write(this.filenameFor(username), JSON.stringify(details));
 			},
 
 			/**
@@ -144,29 +167,17 @@ export class AuthenticationService {
 			},
 
 			/**
-			 * @param {string} username
+			 * @param {string} username 
 			 * @returns 
 			 */
 			filenameFor(username) {
-				const sanitizedId = this.id.replace('~', '-').replace(/\.+/g, '.');
-				const sanitizedName = username.replace('~', '-').replace(/\.+/g, '.');
-				return path.join(CWD,
-					'temp',
-					'wirejs-services',
-					'authentication',
-					sanitizedId,
-					`${sanitizedName}.json`
-				);
+				return `${username}.json`;
 			}
 		}
-				
-		if (services.has(id)) {
-			services.set(id, this);
-		}
 	}
 
 	async getSigningSecret() {
-		const secretAsString = await signingSecret.read();
+		const secretAsString = await this.#rawSigningSecret.read();
 		return new TextEncoder().encode(secretAsString);
 	}
 
@@ -347,7 +358,7 @@ export class AuthenticationService {
 			} else {
 				await this.#users.set(inputs.username, {
 					id: inputs.username,
-					password: await bcrypt.hash(inputs.password, SALT_ROUNDS)
+					password: await hash(inputs.password)
 				});
 				await this.setBaseState(cookies, inputs.username);
 				return this.getState(cookies);
@@ -361,7 +372,7 @@ export class AuthenticationService {
 						message: `User doesn't exist.`
 					}]
 				};
-			} else if (await bcrypt.compare(inputs.password, user.password)) {
+			} else if (await verifyHash(inputs.password, user.password)) {
 				// a real authentication service will use password hashing.
 				// this is an in-memory just-for-testing user pool.
 				await this.setBaseState(cookies, inputs.username);
@@ -384,10 +395,10 @@ export class AuthenticationService {
 						message: `You're not signed in as a recognized user.`
 					}]
 				};
-			} else if (await bcrypt.compare(inputs.existingPassword, user.password)) {
+			} else if (await verifyHash(inputs.existingPassword, user.password)) {
 				await this.#users.set(user.id, {
 					...user,
-					password: await bcrypt.hash(inputs.newPassword, SALT_ROUNDS)
+					password: await hash(inputs.newPassword)
 				});
 				return {
 					message: "Password updated.",

package/lib/services/file.js

@@ -2,27 +2,19 @@ import process from 'process';
 import fs from 'fs';
 import path from 'path';
 
-const CWD = process.cwd();
+import { Resource } from '../resource.js';
 
-/**
- * @type {Map<string, FileService>}
- */
-const services = new Map();
+const CWD = process.cwd();
 
-export class FileService {
-	id;
+const ALREADY_EXISTS_CODE = 'EEXIST';
 
+export class FileService extends Resource {
 	/**
-	 * 
-	 * @param {{
-	 * 	id: string
-	 * }} options
+	 * @param {Resource | string} scope
+	 * @param {string} id
 	 */
-	constructor(id) {
-		this.id = id;
-		if (!services.has(id)) {
-			services.set(id, this);
-		}
+	constructor(scope, id) {
+		super(scope, id);
 	}
 
 	/**
@@ -30,9 +22,9 @@ export class FileService {
 	 * @returns 
 	 */
 	#fullNameFor(filename) {
-		const sanitizedId = this.id.replace('~', '-').replace(/\.+/g, '.');
+		const sanitizedId = this.absoluteId.replace('~', '-').replace(/\.+/g, '.');
 		const sanitizedName = filename.replace('~', '-').replace(/\.+/g, '.');
-		return path.join(CWD, 'temp', 'wirejs-services', 'files', sanitizedId, sanitizedName);
+		return path.join(CWD, 'temp', 'wirejs-services', sanitizedId, sanitizedName);
 	}
 
 	/**
@@ -47,12 +39,16 @@ export class FileService {
 	/**
 	 * 
 	 * @param {string} filename 
-	 * @param {string} data 
+	 * @param {string} data
+	 * @param {{
+	 * 	onlyIfNotExists?: boolean;
+	 * }} [options]
 	 */
-	async write(filename, data) {
+	async write(filename, data, { onlyIfNotExists = false } = {}) {
 		const fullname = this.#fullNameFor(filename);
+		const flag = onlyIfNotExists ? 'wx' : 'w';
 		await fs.promises.mkdir(path.dirname(fullname), { recursive: true });
-		return fs.promises.writeFile(fullname, data);
+		return fs.promises.writeFile(fullname, data, { flag });
 	}
 
 	/**
@@ -75,4 +71,8 @@ export class FileService {
 			if (prefix === undefined || name.startsWith(prefix)) yield name;
 		}
 	}
+
+	isAlreadyExistsError(error) {
+		return error.code === ALREADY_EXISTS_CODE;
+	}
 }

package/lib/types.ts

@@ -2,9 +2,11 @@ import type {
 	AuthenticationService as AuthenticationServiceBase,
 	withContext as withContextBase,
 	FileService as FileServiceBase,
-	Context as ContextBase
+	Context as ContextBase,
+	Resource as ResourceBase,
 } from './index.js';
 
+export declare class Resource extends ResourceBase {};
 export declare class Context extends ContextBase {};
 export declare class AuthenticationService extends AuthenticationServiceBase {};
 export declare class FileService extends FileServiceBase {};

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "wirejs-resources",
-	"version": "0.1.1-alpha",
+	"version": "0.1.2-alpha",
 	"description": "Basic services and server-side resources for wirejs apps",
 	"type": "module",
 	"main": "./lib/index.js",
@@ -23,7 +23,6 @@
 	},
 	"homepage": "https://github.com/svidgen/create-wirejs-app#readme",
 	"dependencies": {
-		"bcrypt": "^5.1.1",
 		"jose": "^5.9.6"
 	}
 }

package/lib/services/sendmail.js

@@ -1,12 +0,0 @@
-/**
- * @type {Map<string, SendmailService>}
- */
-const services = new Map();
-
-class SendmailService {
-	id;
-
-	constructor({ id }) {
-
-	}
-}