UNPKG

@pulzar/core

Version:

Next-generation Node.js framework for ultra-fast web applications with zero-reflection DI, GraphQL, WebSockets, events, and edge runtime support

github.com/pulzar-framework

pulzar-framework/pulzar

96 lines 3.11 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
import { FastifyRequest, FastifyPluginAsync, preHandlerHookHandler } from "fastify"; import { JWTPayload } from "./types"; export interface JWTOptions { secrets: string[] | string; algorithm?: string; issuer?: string; audience?: string; clockTolerance?: number; privateKey?: string | Buffer; publicKey?: string | Buffer; jwksUrl?: string; } export declare class JWTGuard { private options; private secretKeys; private privateKey?; private publicKey?; private jwksKeys; constructor(options: JWTOptions); private initializeKeys; /** * Generate JWT token with crypto-safe jti */ generateToken(payload: Omit<JWTPayload, "iat" | "exp" | "jti">, expiresIn?: string): Promise<string>; /** * Verify JWT token with JWKS and key rotation support */ verifyToken(token: string): Promise<JWTPayload>; /** * Extract token from Fastify request (CSRF-safe with Origin/Referer checks) */ extractToken(req: FastifyRequest): string | null; /** * Check for CSRF risk based on Origin/Referer headers */ private isCSRFRisk; /** * Fastify preHandler hook to authenticate JWT with OAuth2-compliant errors */ authenticate(required?: boolean): preHandlerHookHandler; /** * Fastify preHandler hook to require specific roles */ requireRoles(...roles: string[]): preHandlerHookHandler; /** * Fastify preHandler hook to require specific permissions */ requirePermissions(...permissions: string[]): preHandlerHookHandler; /** * Refresh token with jti blacklist support and iat validation */ refreshToken(token: string, options?: { blacklist?: Map<string, number>; minIssuedAt?: Date; refreshWindow?: number; }): Promise<string>; /** * Clean expired entries from blacklist */ static cleanBlacklist(blacklist: Map<string, number>): number; /** * Load keys from JWKS URL */ loadJWKS(url?: string): Promise<void>; /** * Rotate keys (supports both symmetric and asymmetric) */ rotateKey(newSecret: string, newPublicKey?: string | Buffer): void; /** * Rotate asymmetric keys */ private rotateAsymmetricKey; /** * Parse expires in string to seconds */ private parseExpiresIn; /** * Convert JWT payload to User object */ private payloadToUser; } /** * Fastify plugin for JWT authentication with auto-hook option */ export declare function createJWTPlugin(options: JWTOptions & { autoHook?: boolean; }): FastifyPluginAsync; export declare const jwtGuard: JWTGuard; export declare function RequireAuth(required?: boolean): preHandlerHookHandler; export declare function RequireRoles(...roles: string[]): preHandlerHookHandler; export declare function RequirePermissions(...permissions: string[]): preHandlerHookHandler; /** * Test helper for e2e tests */ export declare function createTestJWT(subject?: string, overrides?: Partial<JWTPayload>): Promise<string>; //# sourceMappingURL=jwt.guard.d.ts.map