@sschepis/resolang
Version:
ResoLang - Core quantum resonance computation library
382 lines (335 loc) • 8.72 kB
text/typescript
/**
* Authentication System for the Prime Resonance Network
* Handles multi-factor authentication with quantum signature support
*/
import { IIdentity } from "./interfaces";
import { IdentityId, Timestamp } from "./types";
import { BaseSerializable } from "../core/interfaces";
import { globalAuditTrail, AuditEventType, AuditSeverity } from "./audit-trail";
/**
* Authentication methods
*/
export enum AuthMethod {
PASSWORD = 0,
BIOMETRIC = 1,
HARDWARE_KEY = 2,
QUANTUM_SIGNATURE = 3,
MULTI_FACTOR = 4
}
/**
* Session status
*/
export enum SessionStatus {
ACTIVE = 0,
EXPIRED = 1,
REVOKED = 2,
SUSPENDED = 3
}
/**
* Authentication challenge
*/
export class AuthChallenge {
id: string;
method: AuthMethod;
challenge: string;
createdAt: Timestamp;
expiresAt: Timestamp;
attempts: i32;
maxAttempts: i32;
constructor(method: AuthMethod, challenge: string, validityMs: i64 = 300000) {
this.id = "challenge-" + Date.now().toString() + "-" + Math.random().toString();
this.method = method;
this.challenge = challenge;
this.createdAt = Date.now();
this.expiresAt = this.createdAt + validityMs;
this.attempts = 0;
this.maxAttempts = 3;
}
/**
* Check if challenge is expired
*/
isExpired(): boolean {
return Date.now() > this.expiresAt;
}
/**
* Check if challenge is valid
*/
isValid(): boolean {
return !this.isExpired() && this.attempts < this.maxAttempts;
}
/**
* Record an attempt
*/
recordAttempt(): void {
this.attempts++;
}
/**
* Verify challenge response
*/
verify(response: string): boolean {
if (!this.isValid()) {
return false;
}
this.recordAttempt();
// Simple verification - in real implementation this would be more sophisticated
return response == this.challenge;
}
}
/**
* Authentication session
*/
export class AuthSession {
id: string;
identityId: IdentityId;
method: AuthMethod;
status: SessionStatus;
createdAt: Timestamp;
lastAccessAt: Timestamp;
expiresAt: Timestamp;
ipAddress: string;
userAgent: string;
metadata: Map<string, string>;
constructor(
identityId: IdentityId,
method: AuthMethod,
validityMs: i64 = 3600000, // 1 hour
ipAddress: string = "",
userAgent: string = ""
) {
this.id = "session-" + Date.now().toString() + "-" + Math.random().toString();
this.identityId = identityId;
this.method = method;
this.status = SessionStatus.ACTIVE;
this.createdAt = Date.now();
this.lastAccessAt = this.createdAt;
this.expiresAt = this.createdAt + validityMs;
this.ipAddress = ipAddress;
this.userAgent = userAgent;
this.metadata = new Map<string, string>();
}
/**
* Check if session is expired
*/
isExpired(): boolean {
return Date.now() > this.expiresAt;
}
/**
* Check if session is valid
*/
isValid(): boolean {
return this.status == SessionStatus.ACTIVE && !this.isExpired();
}
/**
* Refresh session
*/
refresh(additionalMs: i64 = 3600000): void {
if (this.isValid()) {
this.lastAccessAt = Date.now();
this.expiresAt = this.lastAccessAt + additionalMs;
}
}
/**
* Revoke session
*/
revoke(): void {
this.status = SessionStatus.REVOKED;
}
/**
* Suspend session
*/
suspend(): void {
this.status = SessionStatus.SUSPENDED;
}
/**
* Set metadata
*/
setMetadata(key: string, value: string): void {
this.metadata.set(key, value);
}
/**
* Get metadata
*/
getMetadata(key: string): string | null {
return this.metadata.has(key) ? this.metadata.get(key) : null;
}
}
/**
* Quantum authenticator for advanced security
*/
export class QuantumAuthenticator {
private challenges: Map<string, AuthChallenge>;
private sessions: Map<string, AuthSession>;
constructor() {
this.challenges = new Map<string, AuthChallenge>();
this.sessions = new Map<string, AuthSession>();
}
/**
* Create authentication challenge
*/
createChallenge(method: AuthMethod): AuthChallenge {
// Generate challenge based on method
let challengeData = "";
switch (method) {
case AuthMethod.PASSWORD:
challengeData = "password_challenge";
break;
case AuthMethod.BIOMETRIC:
challengeData = "biometric_challenge";
break;
case AuthMethod.HARDWARE_KEY:
challengeData = "hardware_key_challenge";
break;
case AuthMethod.QUANTUM_SIGNATURE:
challengeData = "quantum_signature_challenge";
break;
case AuthMethod.MULTI_FACTOR:
challengeData = "multi_factor_challenge";
break;
}
const challenge = new AuthChallenge(method, challengeData);
this.challenges.set(challenge.id, challenge);
return challenge;
}
/**
* Verify authentication challenge
*/
verifyChallenge(challengeId: string, response: string): boolean {
const challenge = this.challenges.get(challengeId);
if (!challenge) {
return false;
}
const isValid = challenge.verify(response);
if (!challenge.isValid()) {
this.challenges.delete(challengeId);
}
return isValid;
}
/**
* Create authenticated session
*/
createSession(
identityId: IdentityId,
method: AuthMethod,
ipAddress: string = "",
userAgent: string = ""
): AuthSession {
const session = new AuthSession(identityId, method, 3600000, ipAddress, userAgent);
this.sessions.set(session.id, session);
// Log session creation
globalAuditTrail.logEvent(
AuditEventType.IDENTITY_AUTHENTICATED,
identityId,
"session",
session.id,
"Authentication session created",
AuditSeverity.INFO
);
return session;
}
/**
* Validate session
*/
validateSession(sessionId: string): AuthSession | null {
const session = this.sessions.get(sessionId);
if (!session || !session.isValid()) {
return null;
}
session.refresh();
return session;
}
/**
* Revoke session
*/
revokeSession(sessionId: string): void {
const session = this.sessions.get(sessionId);
if (session) {
session.revoke();
// Log session revocation
globalAuditTrail.logEvent(
AuditEventType.IDENTITY_DEAUTHENTICATED,
session.identityId,
"session",
sessionId,
"Authentication session revoked",
AuditSeverity.INFO
);
}
}
/**
* Clean up expired sessions and challenges
*/
cleanup(): void {
// Clean up expired challenges
const challengeIds = this.challenges.keys();
for (let i = 0; i < challengeIds.length; i++) {
const challenge = this.challenges.get(challengeIds[i]);
if (challenge && challenge.isExpired()) {
this.challenges.delete(challengeIds[i]);
}
}
// Clean up expired sessions
const sessionIds = this.sessions.keys();
for (let i = 0; i < sessionIds.length; i++) {
const session = this.sessions.get(sessionIds[i]);
if (session && session.isExpired()) {
session.status = SessionStatus.EXPIRED;
}
}
}
}
/**
* Main authentication manager
*/
export class AuthenticationManager {
private authenticator: QuantumAuthenticator;
private identityStore: Map<IdentityId, IIdentity>;
constructor(identityStore: Map<IdentityId, IIdentity>) {
this.authenticator = new QuantumAuthenticator();
this.identityStore = identityStore;
}
/**
* Authenticate an identity
*/
authenticate(
identityId: IdentityId,
method: AuthMethod,
credentials: string,
ipAddress: string = "",
userAgent: string = ""
): AuthSession | null {
const identity = this.identityStore.get(identityId);
if (!identity) {
return null;
}
// Create challenge
const challenge = this.authenticator.createChallenge(method);
// Verify credentials against challenge
if (!this.authenticator.verifyChallenge(challenge.id, credentials)) {
return null;
}
// Create session
return this.authenticator.createSession(identityId, method, ipAddress, userAgent);
}
/**
* Validate session
*/
validateSession(sessionId: string): AuthSession | null {
return this.authenticator.validateSession(sessionId);
}
/**
* Revoke session
*/
revokeSession(sessionId: string): void {
this.authenticator.revokeSession(sessionId);
}
/**
* Cleanup expired sessions
*/
cleanup(): void {
this.authenticator.cleanup();
}
}
/**
* Global authentication manager
*/
export const globalAuthManager = new AuthenticationManager(new Map<IdentityId, IIdentity>());