@codai/cbd

/** * Enhanced Security Framework * JWT authentication, RBAC, API key management, request signing, encryption, audit logging */ import { EventEmitter } from 'events'; interface SecurityConfig { jwtSecret: string; jwtExpirationTime: string; apiKeyLength: number; encryptionAlgorithm: string; auditLogging: boolean; rateLimiting: RateLimitConfig; rbac: RBACConfig; encryption: EncryptionConfig; } interface RateLimitConfig { enabled: boolean; windowMs: number; maxRequests: number; skipSuccessfulRequests: boolean; skipFailedRequests: boolean; } interface RBACConfig { enabled: boolean; defaultRole: string; roles: Role[]; resources: Resource[]; permissions: Permission[]; } interface EncryptionConfig { algorithm: string; keyLength: number; ivLength: number; saltLength: number; iterations: number; } interface Role { name: string; description: string; permissions: string[]; inherits?: string[]; priority: number; } interface Resource { name: string; type: 'collection' | 'document' | 'api' | 'system'; path: string; actions: string[]; } interface Permission { name: string; resource: string; actions: string[]; conditions?: any[]; } interface AuthenticationResult { success: boolean; user?: User; token?: string; expiresAt?: Date; permissions?: string[]; error?: string; } interface User { id: string; username: string; email: string; roles: string[]; permissions: string[]; isActive: boolean; lastLogin?: Date; metadata?: any; } interface APIKey { id: string; name: string; key: string; hashedKey: string; userId: string; permissions: string[]; rateLimit?: number; expiresAt?: Date; isActive: boolean; createdAt: Date; lastUsed?: Date; usageCount: number; } interface AuditLogEntry { id: string; timestamp: Date; userId?: string; action: string; resource: string; method: string; ip: string; userAgent: string; success: boolean; details?: any; duration: number; } declare class EnhancedSecurityFramework extends EventEmitter { private config; private userStore; private apiKeyStore; private sessionStore; private auditLog; private rateLimitStore; private encryptionKeys; private rbacEngine; private jwtHandler; private encryptionManager; constructor(config: SecurityConfig); private initializeSecurity; /** * JWT Authentication */ authenticateUser(username: string, password: string, options?: { rememberMe?: boolean; clientInfo?: any; }): Promise<AuthenticationResult>; /** * API Key Management */ generateAPIKey(userId: string, name: string, options?: { permissions?: string[]; rateLimit?: number; expiresAt?: Date; }): Promise<APIKey>; /** * Role-Based Access Control (RBAC) */ checkPermission(userId: string, resource: string, action: string, context?: any): Promise<{ granted: boolean; reason?: string; matchedPermissions?: string[]; }>; /** * Request Signing & Validation */ signRequest(method: string, url: string, body: any, apiKey: string, timestamp?: number): Promise<{ signature: string; timestamp: number; nonce: string; }>; validateRequestSignature(method: string, url: string, body: any, apiKey: string, signature: string, timestamp: number, nonce: string): Promise<{ valid: boolean; reason?: string; }>; /** * Data Encryption at Rest */ encryptData(data: any, keyId?: string): Promise<{ encryptedData: string; keyId: string; algorithm: string; iv: string; }>; decryptData(encryptedData: string, keyId: string, iv: string): Promise<any>; /** * Audit Logging */ getAuditLogs(filters?: { userId?: string; action?: string; resource?: string; startDate?: Date; endDate?: Date; success?: boolean; limit?: number; offset?: number; }): Promise<{ logs: AuditLogEntry[]; total: number; filtered: number; }>; private verifyPassword; private parseExpirationTime; private generateSessionId; private generateRandomKey; private logAuditEvent; private initializeEncryptionKeys; private setupAuditLogging; private setupRateLimitCleanup; private setupSessionCleanup; } export { EnhancedSecurityFramework, SecurityConfig, User, APIKey, AuditLogEntry, AuthenticationResult, Role, Resource, Permission }; //# sourceMappingURL=security-framework.d.ts.map