Files
agentic-dev/packages/auth/src/infrastructure/services/authentication.service.ts
Danijel Martinek 2ceaa08944 chore(template-reset): update snapshots, fix lint, rebuild state
- Regenerate audit + realtime core-package e2e snapshots (template
  Phase-label changes altered file hashes)
- Fix pre-existing lint error in auth authentication.service.ts:
  rename unused params to _user / _sessionId, drop stale eslint-disable
  comments that were on wrong lines
- Mark story tasks 1-9 done; rebuild _state.json

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 10:17:50 +02:00

111 lines
3.8 KiB
TypeScript

import crypto from "node:crypto";
import type { SanitizedConfig } from "payload";
import type { IAuthenticationService } from "../../application/services/authentication.service.interface";
import type { Cookie } from "../../entities/models/cookie";
import type { Session } from "../../entities/models/session";
import type { User } from "../../entities/models/user";
// ---------------------------------------------------------------------------
// Deferred methods
// ---------------------------------------------------------------------------
// `createSession`, `validateSession`, and `invalidateSession` require Payload's
// internal JWT-based auth session machinery, which does not map cleanly to a
// generic session interface without deep integration with Payload's REST/local
// API and cookie infrastructure.
//
// TODO: Implement these three methods once the session
// cookie strategy is settled. Until then they throw NotImplementedError to
// keep the production-shaped file in place without silently no-oping.
//
// The mock (`authentication.service.mock.ts`) handles all test paths.
class NotImplementedError extends Error {
constructor(method: string) {
super(`NotImplemented: AuthenticationService.${method}`);
this.name = "NotImplementedError";
}
}
const SALT_LENGTH = 16;
const KEY_LENGTH = 64;
const ITERATIONS = 100_000;
const DIGEST = "sha512";
const SEPARATOR = ":";
export class AuthenticationService implements IAuthenticationService {
constructor(private _config: SanitizedConfig) {}
generateUserId(): string {
return crypto.randomUUID();
}
async hashPassword(password: string): Promise<string> {
const salt = crypto.randomBytes(SALT_LENGTH).toString("hex");
const hash = await new Promise<string>((resolve, reject) => {
crypto.pbkdf2(
password,
salt,
ITERATIONS,
KEY_LENGTH,
DIGEST,
(err, derivedKey) => {
if (err) reject(err);
else resolve(derivedKey.toString("hex"));
},
);
});
return `${salt}${SEPARATOR}${hash}`;
}
async verifyPassword(storedHash: string, password: string): Promise<boolean> {
const parts = storedHash.split(SEPARATOR);
if (parts.length !== 2) return false;
const salt = parts[0]!;
const expectedHash = parts[1]!;
const actualHash = await new Promise<string>((resolve, reject) => {
crypto.pbkdf2(
password,
salt,
ITERATIONS,
KEY_LENGTH,
DIGEST,
(err, derivedKey) => {
if (err) reject(err);
else resolve(derivedKey.toString("hex"));
},
);
});
return crypto.timingSafeEqual(
Buffer.from(expectedHash, "hex"),
Buffer.from(actualHash, "hex"),
);
}
// TODO: Implement using Payload's local.login / JWT session issuance.
// Payload creates sessions via its REST auth endpoint; mapping that to a
// generic { session: Session; cookie: Cookie } shape requires understanding
// the JWT payload structure and the cookie name/attributes Payload uses.
async createSession(
_user: User,
): Promise<{ session: Session; cookie: Cookie }> {
throw new NotImplementedError("createSession");
}
// TODO: Implement using Payload's JWT verify mechanism.
// Need to call Payload's local API to verify the token and retrieve the user.
async validateSession(
_sessionId: string,
): Promise<{ user: User; session: Session }> {
throw new NotImplementedError("validateSession");
}
// TODO: Implement by clearing the session token.
// Payload does not have a server-side session store by default; invalidation
// is typically done client-side by clearing the cookie.
async invalidateSession(
_sessionId: string,
): Promise<{ blankCookie: Cookie }> {
throw new NotImplementedError("invalidateSession");
}
}