feat: add security package

packages/api-gateway/package.json

@@ -25,7 +25,7 @@
     "@newrelic/winston-enricher": "^2.1.0",
     "@sentry/node": "^7.3.0",
     "@standardnotes/analytics": "workspace:*",
-    "@standardnotes/auth": "3.19.4",
+    "@standardnotes/security": "workspace:*",
     "@standardnotes/domain-events": "workspace:*",
     "@standardnotes/domain-events-infra": "workspace:*",
     "@standardnotes/time": "^1.7.1",

packages/api-gateway/src/Controller/AuthMiddleware.ts

@@ -1,4 +1,4 @@
-import { CrossServiceTokenData } from '@standardnotes/auth'
+import { CrossServiceTokenData } from '@standardnotes/security'
 import { TimerInterface } from '@standardnotes/time'
 import { NextFunction, Request, Response } from 'express'
 import { inject, injectable } from 'inversify'

packages/api-gateway/src/Controller/SubscriptionTokenAuthMiddleware.ts

@@ -1,4 +1,4 @@
-import { OfflineUserTokenData, CrossServiceTokenData } from '@standardnotes/auth'
+import { OfflineUserTokenData, CrossServiceTokenData } from '@standardnotes/security'
 import { NextFunction, Request, Response } from 'express'
 import { inject, injectable } from 'inversify'
 import { BaseMiddleware } from 'inversify-express-utils'

packages/auth/package.json

@@ -35,7 +35,7 @@
     "@sentry/node": "^7.3.0",
     "@standardnotes/analytics": "workspace:*",
     "@standardnotes/api": "^1.1.19",
-    "@standardnotes/auth": "^3.19.4",
+    "@standardnotes/security": "workspace:*",
     "@standardnotes/common": "^1.23.1",
     "@standardnotes/domain-events": "workspace:*",
     "@standardnotes/domain-events-infra": "workspace:*",

packages/auth/src/Bootstrap/Container.ts

@@ -143,7 +143,7 @@ import {
   TokenEncoder,
   TokenEncoderInterface,
   ValetTokenData,
-} from '@standardnotes/auth'
+} from '@standardnotes/security'
 import { FileUploadedEventHandler } from '../Domain/Handler/FileUploadedEventHandler'
 import { CreateValetToken } from '../Domain/UseCase/CreateValetToken/CreateValetToken'
 import { CreateListedAccount } from '../Domain/UseCase/CreateListedAccount/CreateListedAccount'

packages/auth/src/Controller/ApiGatewayAuthMiddleware.spec.ts

@@ -3,7 +3,7 @@ import 'reflect-metadata'
 import { ApiGatewayAuthMiddleware } from './ApiGatewayAuthMiddleware'
 import { NextFunction, Request, Response } from 'express'
 import { Logger } from 'winston'
-import { CrossServiceTokenData, TokenDecoderInterface } from '@standardnotes/auth'
+import { CrossServiceTokenData, TokenDecoderInterface } from '@standardnotes/security'
 import { RoleName } from '@standardnotes/common'
 
 describe('ApiGatewayAuthMiddleware', () => {

packages/auth/src/Controller/ApiGatewayAuthMiddleware.ts

@@ -1,4 +1,4 @@
-import { CrossServiceTokenData, TokenDecoderInterface } from '@standardnotes/auth'
+import { CrossServiceTokenData, TokenDecoderInterface } from '@standardnotes/security'
 import { NextFunction, Request, Response } from 'express'
 import { inject, injectable } from 'inversify'
 import { BaseMiddleware } from 'inversify-express-utils'

packages/auth/src/Controller/ApiGatewayOfflineAuthMiddleware.spec.ts

@@ -3,7 +3,7 @@ import 'reflect-metadata'
 import { ApiGatewayOfflineAuthMiddleware } from './ApiGatewayOfflineAuthMiddleware'
 import { NextFunction, Request, Response } from 'express'
 import { Logger } from 'winston'
-import { OfflineUserTokenData, TokenDecoderInterface } from '@standardnotes/auth'
+import { OfflineUserTokenData, TokenDecoderInterface } from '@standardnotes/security'
 
 describe('ApiGatewayOfflineAuthMiddleware', () => {
   let tokenDecoder: TokenDecoderInterface<OfflineUserTokenData>

packages/auth/src/Controller/ApiGatewayOfflineAuthMiddleware.ts

@@ -1,4 +1,4 @@
-import { OfflineUserTokenData, TokenDecoderInterface } from '@standardnotes/auth'
+import { OfflineUserTokenData, TokenDecoderInterface } from '@standardnotes/security'
 import { NextFunction, Request, Response } from 'express'
 import { inject, injectable } from 'inversify'
 import { BaseMiddleware } from 'inversify-express-utils'

packages/auth/src/Controller/OfflineController.spec.ts

@@ -11,7 +11,7 @@ import { CreateOfflineSubscriptionTokenResponse } from '../Domain/UseCase/Create
 import { AuthenticateOfflineSubscriptionToken } from '../Domain/UseCase/AuthenticateOfflineSubscriptionToken/AuthenticateOfflineSubscriptionToken'
 import { OfflineUserSubscription } from '../Domain/Subscription/OfflineUserSubscription'
 import { GetUserOfflineSubscription } from '../Domain/UseCase/GetUserOfflineSubscription/GetUserOfflineSubscription'
-import { OfflineUserTokenData, TokenEncoderInterface } from '@standardnotes/auth'
+import { OfflineUserTokenData, TokenEncoderInterface } from '@standardnotes/security'
 import { SubscriptionName } from '@standardnotes/common'
 import { Logger } from 'winston'
 

packages/auth/src/Controller/OfflineController.ts

@@ -14,7 +14,7 @@ import { AuthenticateOfflineSubscriptionToken } from '../Domain/UseCase/Authenti
 import { CreateOfflineSubscriptionToken } from '../Domain/UseCase/CreateOfflineSubscriptionToken/CreateOfflineSubscriptionToken'
 import { GetUserOfflineSubscription } from '../Domain/UseCase/GetUserOfflineSubscription/GetUserOfflineSubscription'
 import { Logger } from 'winston'
-import { OfflineUserTokenData, TokenEncoderInterface } from '@standardnotes/auth'
+import { OfflineUserTokenData, TokenEncoderInterface } from '@standardnotes/security'
 
 @controller('/offline')
 export class OfflineController extends BaseHttpController {

packages/auth/src/Controller/SessionsController.spec.ts

@@ -10,7 +10,7 @@ import { GetActiveSessionsForUser } from '../Domain/UseCase/GetActiveSessionsFor
 import { AuthenticateRequest } from '../Domain/UseCase/AuthenticateRequest'
 import { User } from '../Domain/User/User'
 import { Role } from '../Domain/Role/Role'
-import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/auth'
+import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/security'
 import { GetUserAnalyticsId } from '../Domain/UseCase/GetUserAnalyticsId/GetUserAnalyticsId'
 
 describe('SessionsController', () => {

packages/auth/src/Controller/SessionsController.ts

@@ -16,7 +16,7 @@ import { Role } from '../Domain/Role/Role'
 import { User } from '../Domain/User/User'
 import { ProjectorInterface } from '../Projection/ProjectorInterface'
 import { SessionProjector } from '../Projection/SessionProjector'
-import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/auth'
+import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/security'
 import { RoleName } from '@standardnotes/common'
 import { GetUserAnalyticsId } from '../Domain/UseCase/GetUserAnalyticsId/GetUserAnalyticsId'
 

packages/auth/src/Controller/SubscriptionInvitesController.ts

@@ -1,4 +1,4 @@
-import { Role } from '@standardnotes/auth'
+import { Role } from '@standardnotes/security'
 import { Request, Response } from 'express'
 import { inject } from 'inversify'
 import {

packages/auth/src/Controller/SubscriptionTokensController.spec.ts

@@ -12,7 +12,7 @@ import { ProjectorInterface } from '../Projection/ProjectorInterface'
 import { Role } from '../Domain/Role/Role'
 import { SettingServiceInterface } from '../Domain/Setting/SettingServiceInterface'
 import { Setting } from '../Domain/Setting/Setting'
-import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/auth'
+import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/security'
 import { GetUserAnalyticsId } from '../Domain/UseCase/GetUserAnalyticsId/GetUserAnalyticsId'
 
 describe('SubscriptionTokensController', () => {

packages/auth/src/Controller/SubscriptionTokensController.ts

@@ -1,4 +1,4 @@
-import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/auth'
+import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/security'
 import { ErrorTag, RoleName } from '@standardnotes/common'
 import { SettingName } from '@standardnotes/settings'
 import { Request, Response } from 'express'

packages/auth/src/Domain/Auth/AuthResponseFactory20161215.spec.ts

@@ -1,6 +1,6 @@
 import 'reflect-metadata'
 
-import { SessionTokenData, TokenEncoderInterface } from '@standardnotes/auth'
+import { SessionTokenData, TokenEncoderInterface } from '@standardnotes/security'
 import { Logger } from 'winston'
 
 import { ProjectorInterface } from '../../Projection/ProjectorInterface'

packages/auth/src/Domain/Auth/AuthResponseFactory20161215.ts

@@ -1,4 +1,4 @@
-import { SessionTokenData, TokenEncoderInterface } from '@standardnotes/auth'
+import { SessionTokenData, TokenEncoderInterface } from '@standardnotes/security'
 import { Uuid } from '@standardnotes/common'
 import * as crypto from 'crypto'
 

packages/auth/src/Domain/Auth/AuthResponseFactory20190520.spec.ts

@@ -1,4 +1,4 @@
-import { SessionTokenData, TokenEncoderInterface } from '@standardnotes/auth'
+import { SessionTokenData, TokenEncoderInterface } from '@standardnotes/security'
 import 'reflect-metadata'
 import { Logger } from 'winston'
 

packages/auth/src/Domain/Auth/AuthResponseFactory20200115.spec.ts

@@ -1,6 +1,6 @@
 import 'reflect-metadata'
 
-import { SessionTokenData, TokenEncoderInterface } from '@standardnotes/auth'
+import { SessionTokenData, TokenEncoderInterface } from '@standardnotes/security'
 import { SessionBody } from '@standardnotes/responses'
 import { Logger } from 'winston'
 

packages/auth/src/Domain/Auth/AuthResponseFactory20200115.ts

@@ -2,7 +2,7 @@ import {
   // eslint-disable-next-line @typescript-eslint/no-unused-vars
   SessionTokenData,
   TokenEncoderInterface,
-} from '@standardnotes/auth'
+} from '@standardnotes/security'
 import { Uuid } from '@standardnotes/common'
 import { SessionBody } from '@standardnotes/responses'
 import { inject, injectable } from 'inversify'

packages/auth/src/Domain/Auth/AuthenticationMethodResolver.spec.ts

@@ -1,6 +1,6 @@
 import 'reflect-metadata'
 
-import { SessionTokenData, TokenDecoderInterface } from '@standardnotes/auth'
+import { SessionTokenData, TokenDecoderInterface } from '@standardnotes/security'
 
 import { RevokedSession } from '../Session/RevokedSession'
 import { Session } from '../Session/Session'

packages/auth/src/Domain/Auth/AuthenticationMethodResolver.ts

@@ -1,4 +1,4 @@
-import { SessionTokenData, TokenDecoderInterface } from '@standardnotes/auth'
+import { SessionTokenData, TokenDecoderInterface } from '@standardnotes/security'
 import { inject, injectable } from 'inversify'
 import TYPES from '../../Bootstrap/Types'
 import { SessionServiceInterface } from '../Session/SessionServiceInterface'

packages/auth/src/Domain/Feature/FeatureService.spec.ts

@@ -1,6 +1,6 @@
 import 'reflect-metadata'
 
-import { Role } from '@standardnotes/auth'
+import { Role } from '@standardnotes/security'
 import { RoleName, SubscriptionName } from '@standardnotes/common'
 
 import { RoleToSubscriptionMapInterface } from '../Role/RoleToSubscriptionMapInterface'

packages/auth/src/Domain/Handler/ExtensionKeyGrantedEventHandler.ts

@@ -1,6 +1,6 @@
 import { DomainEventHandlerInterface, ExtensionKeyGrantedEvent } from '@standardnotes/domain-events'
 import { SettingName } from '@standardnotes/settings'
-import { OfflineFeaturesTokenData } from '@standardnotes/auth'
+import { OfflineFeaturesTokenData } from '@standardnotes/security'
 import { ContentDecoderInterface } from '@standardnotes/common'
 import { inject, injectable } from 'inversify'
 import { Logger } from 'winston'

packages/auth/src/Domain/Handler/SubscriptionSyncRequestedEventHandler.ts

@@ -1,4 +1,4 @@
-import { OfflineFeaturesTokenData } from '@standardnotes/auth'
+import { OfflineFeaturesTokenData } from '@standardnotes/security'
 import { DomainEventHandlerInterface, SubscriptionSyncRequestedEvent } from '@standardnotes/domain-events'
 import { inject, injectable } from 'inversify'
 import { Logger } from 'winston'

packages/auth/src/Domain/UseCase/CreateValetToken/CreateValetToken.spec.ts

@@ -1,6 +1,6 @@
 import 'reflect-metadata'
 
-import { TokenEncoderInterface, ValetTokenData } from '@standardnotes/auth'
+import { TokenEncoderInterface, ValetTokenData } from '@standardnotes/security'
 import { CreateValetToken } from './CreateValetToken'
 import { TimerInterface } from '@standardnotes/time'
 import { UserSubscription } from '../../Subscription/UserSubscription'

packages/auth/src/Domain/UseCase/CreateValetToken/CreateValetToken.ts

@@ -1,7 +1,7 @@
 import { inject, injectable } from 'inversify'
 import { SubscriptionName } from '@standardnotes/common'
 import { TimerInterface } from '@standardnotes/time'
-import { TokenEncoderInterface, ValetTokenData } from '@standardnotes/auth'
+import { TokenEncoderInterface, ValetTokenData } from '@standardnotes/security'
 import { CreateValetTokenPayload, CreateValetTokenResponseData } from '@standardnotes/responses'
 import { SubscriptionSettingName } from '@standardnotes/settings'
 

packages/auth/src/Domain/UseCase/VerifyMFA.spec.ts

@@ -7,7 +7,7 @@ import { VerifyMFA } from './VerifyMFA'
 import { Setting } from '../Setting/Setting'
 import { SettingServiceInterface } from '../Setting/SettingServiceInterface'
 import { SettingName } from '@standardnotes/settings'
-import { SelectorInterface } from '@standardnotes/auth'
+import { SelectorInterface } from '@standardnotes/security'
 import { LockRepositoryInterface } from '../User/LockRepositoryInterface'
 
 describe('VerifyMFA', () => {

packages/auth/src/Domain/UseCase/VerifyMFA.ts

@@ -12,7 +12,7 @@ import { UseCaseInterface } from './UseCaseInterface'
 import { VerifyMFADTO } from './VerifyMFADTO'
 import { VerifyMFAResponse } from './VerifyMFAResponse'
 import { SettingServiceInterface } from '../Setting/SettingServiceInterface'
-import { SelectorInterface } from '@standardnotes/auth'
+import { SelectorInterface } from '@standardnotes/security'
 import { LockRepositoryInterface } from '../User/LockRepositoryInterface'
 
 @injectable()

packages/auth/src/Domain/User/KeyParamsFactory.spec.ts

@@ -1,6 +1,6 @@
 import 'reflect-metadata'
 
-import { SelectorInterface } from '@standardnotes/auth'
+import { SelectorInterface } from '@standardnotes/security'
 import { ProtocolVersion } from '@standardnotes/common'
 
 import { KeyParamsFactory } from './KeyParamsFactory'

packages/auth/src/Domain/User/KeyParamsFactory.ts

@@ -6,7 +6,7 @@ import { inject, injectable } from 'inversify'
 import TYPES from '../../Bootstrap/Types'
 import { KeyParamsFactoryInterface } from './KeyParamsFactoryInterface'
 import { User } from './User'
-import { SelectorInterface } from '@standardnotes/auth'
+import { SelectorInterface } from '@standardnotes/security'
 
 @injectable()
 export class KeyParamsFactory implements KeyParamsFactoryInterface {

packages/domain-events/package.json

@@ -24,7 +24,7 @@
     "test:unit": "jest spec --coverage --passWithNoTests"
   },
   "dependencies": {
-    "@standardnotes/auth": "^3.19.4",
+    "@standardnotes/security": "workspace:*",
     "@standardnotes/common": "^1.23.1",
     "@standardnotes/features": "^1.47.0",
     "@standardnotes/predicates": "workspace:*",

packages/files/package.json

@@ -27,7 +27,7 @@
   },
   "dependencies": {
     "@sentry/node": "^7.3.0",
-    "@standardnotes/auth": "^3.19.4",
+    "@standardnotes/security": "workspace:*",
     "@standardnotes/common": "^1.23.1",
     "@standardnotes/domain-events": "workspace:*",
     "@standardnotes/domain-events-infra": "workspace:*",

packages/files/src/Bootstrap/Container.ts

@@ -7,7 +7,7 @@ import { Env } from './Env'
 import TYPES from './Types'
 import { UploadFileChunk } from '../Domain/UseCase/UploadFileChunk/UploadFileChunk'
 import { ValetTokenAuthMiddleware } from '../Controller/ValetTokenAuthMiddleware'
-import { TokenDecoder, TokenDecoderInterface, ValetTokenData } from '@standardnotes/auth'
+import { TokenDecoder, TokenDecoderInterface, ValetTokenData } from '@standardnotes/security'
 import { Timer, TimerInterface } from '@standardnotes/time'
 import { DomainEventFactoryInterface } from '../Domain/Event/DomainEventFactoryInterface'
 import { DomainEventFactory } from '../Domain/Event/DomainEventFactory'

packages/files/src/Controller/ValetTokenAuthMiddleware.spec.ts

@@ -3,7 +3,7 @@ import 'reflect-metadata'
 import { ValetTokenAuthMiddleware } from './ValetTokenAuthMiddleware'
 import { NextFunction, Request, Response } from 'express'
 import { Logger } from 'winston'
-import { TokenDecoderInterface, ValetTokenData } from '@standardnotes/auth'
+import { TokenDecoderInterface, ValetTokenData } from '@standardnotes/security'
 
 describe('ValetTokenAuthMiddleware', () => {
   let tokenDecoder: TokenDecoderInterface<ValetTokenData>

packages/files/src/Controller/ValetTokenAuthMiddleware.ts

@@ -1,4 +1,4 @@
-import { TokenDecoderInterface, ValetTokenData } from '@standardnotes/auth'
+import { TokenDecoderInterface, ValetTokenData } from '@standardnotes/security'
 import { NextFunction, Request, Response } from 'express'
 import { inject, injectable } from 'inversify'
 import { BaseMiddleware } from 'inversify-express-utils'

packages/security/.eslintignore

@@ -0,0 +1 @@
+dist

packages/security/.eslintrc

@@ -0,0 +1,6 @@
+{
+  "extends": "../../.eslintrc",
+  "parserOptions": {
+    "project": "./linter.tsconfig.json"
+  }
+}

packages/security/CHANGELOG.md

@@ -0,0 +1,365 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
+
+## [3.19.5](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.19.4...@standardnotes/auth@3.19.5) (2022-07-04)
+
+### Bug Fixes
+
+* add missing reflect-metadata package to all packages ([ce3a5bb](https://github.com/standardnotes/snjs/commit/ce3a5bbf3f1d2276ac4abc3eec3c6a44c8c3ba9b))
+
+## [3.19.4](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.19.3...@standardnotes/auth@3.19.4) (2022-06-27)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.19.3](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.19.2...@standardnotes/auth@3.19.3) (2022-06-15)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.19.2](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.19.1...@standardnotes/auth@3.19.2) (2022-05-30)
+
+### Bug Fixes
+
+* add session access and refresh expiration dates to cross service token data ([8ad0eee](https://github.com/standardnotes/snjs/commit/8ad0eee04acfbba03e62881e1c17e77baedbea04))
+
+## [3.19.1](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.19.0...@standardnotes/auth@3.19.1) (2022-05-27)
+
+### Bug Fixes
+
+* make analytics id optional in the cross service token data ([f5445d4](https://github.com/standardnotes/snjs/commit/f5445d4fb69158de676c4f4d108dc675ded8b9a1))
+
+# [3.19.0](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.17...@standardnotes/auth@3.19.0) (2022-05-24)
+
+### Features
+
+* add user analytics id to cross service token data ([046c951](https://github.com/standardnotes/snjs/commit/046c951cac4b1d9a80904da97d5fc279a629e965))
+
+## [3.18.17](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.16...@standardnotes/auth@3.18.17) (2022-05-22)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.18.16](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.15...@standardnotes/auth@3.18.16) (2022-05-17)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.18.15](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.14...@standardnotes/auth@3.18.15) (2022-05-16)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.18.14](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.13...@standardnotes/auth@3.18.14) (2022-05-16)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.18.13](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.11...@standardnotes/auth@3.18.13) (2022-05-04)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.18.12](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.11...@standardnotes/auth@3.18.12) (2022-05-04)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.18.11](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.10...@standardnotes/auth@3.18.11) (2022-04-22)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.18.10](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.9...@standardnotes/auth@3.18.10) (2022-04-21)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.18.9](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.8...@standardnotes/auth@3.18.9) (2022-04-20)
+
+### Bug Fixes
+
+* valet token data optional property ([f926ecb](https://github.com/standardnotes/snjs/commit/f926ecbd5481e9cc98cbfadf57260e1d4a5e54fc))
+
+## [3.18.8](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.7...@standardnotes/auth@3.18.8) (2022-04-20)
+
+### Bug Fixes
+
+* valet token data property name ([990fca7](https://github.com/standardnotes/snjs/commit/990fca7bdab43d06339ffa25b907c850fd0afb22))
+
+## [3.18.7](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.6...@standardnotes/auth@3.18.7) (2022-04-15)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.18.6](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.5...@standardnotes/auth@3.18.6) (2022-04-15)
+
+### Bug Fixes
+
+* add subscription uuids to valet token and file removed events for cleanup purposes ([e05deb9](https://github.com/standardnotes/snjs/commit/e05deb9cd3fbc69e90fd2dbcae5a62582febe5fa))
+
+## [3.18.5](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.4...@standardnotes/auth@3.18.5) (2022-04-11)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.18.4](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.3...@standardnotes/auth@3.18.4) (2022-04-01)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.18.3](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.2...@standardnotes/auth@3.18.3) (2022-03-31)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.18.2](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.1...@standardnotes/auth@3.18.2) (2022-03-31)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.18.1](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.0...@standardnotes/auth@3.18.1) (2022-03-30)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+# [3.18.0](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.11...@standardnotes/auth@3.18.0) (2022-03-23)
+
+### Features
+
+* add deterministic value selector ([#671](https://github.com/standardnotes/snjs/issues/671)) ([570d2ae](https://github.com/standardnotes/snjs/commit/570d2aeae842540c64ae33bbcbef8242f2b85e5f))
+
+## [3.17.11](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.10...@standardnotes/auth@3.17.11) (2022-03-22)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.17.10](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.9...@standardnotes/auth@3.17.10) (2022-03-21)
+
+### Bug Fixes
+
+* add readonly access information about the session in cross service token ([9363eeb](https://github.com/standardnotes/snjs/commit/9363eeb83dcc953b14b040e68045a6019f498e12))
+
+## [3.17.9](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.8...@standardnotes/auth@3.17.9) (2022-03-21)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.17.8](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.7...@standardnotes/auth@3.17.8) (2022-03-18)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.17.7](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.5...@standardnotes/auth@3.17.7) (2022-03-16)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.17.6](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.5...@standardnotes/auth@3.17.6) (2022-03-16)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.17.5](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.4...@standardnotes/auth@3.17.5) (2022-03-11)
+
+### Bug Fixes
+
+* add unencrypted file size to valet token resources ([06b0a4a](https://github.com/standardnotes/snjs/commit/06b0a4a998980048b3b9e0e146321de0c198f069))
+
+## [3.17.4](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.3...@standardnotes/auth@3.17.4) (2022-03-09)
+
+### Bug Fixes
+
+* add deleting as a valid operation in valet token ([13a22d9](https://github.com/standardnotes/snjs/commit/13a22d9734f898d0cd2475fbe53a021be2c20a5f))
+
+## [3.17.3](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.1...@standardnotes/auth@3.17.3) (2022-02-28)
+
+### Bug Fixes
+
+* add pseudo change to get lerna to trigger ([41e6817](https://github.com/standardnotes/snjs/commit/41e6817bbf726b0932cdf16f58622328b9e42803))
+
+## [3.17.2](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.1...@standardnotes/auth@3.17.2) (2022-02-28)
+
+### Bug Fixes
+
+* add pseudo change to get lerna to trigger ([41e6817](https://github.com/standardnotes/snjs/commit/41e6817bbf726b0932cdf16f58622328b9e42803))
+
+## [3.17.1](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.0...@standardnotes/auth@3.17.1) (2022-02-27)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+# [3.17.0](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.16.5...@standardnotes/auth@3.17.0) (2022-02-25)
+
+### Features
+
+* extract core functionalities to separate packages ([#610](https://github.com/standardnotes/snjs/issues/610)) ([801547a](https://github.com/standardnotes/snjs/commit/801547a71614ad51a92fb249eaa184ed46a44aac))
+
+## [3.16.5](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.16.4...@standardnotes/auth@3.16.5) (2022-02-24)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.16.4](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.16.3...@standardnotes/auth@3.16.4) (2022-02-22)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.16.3](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.16.2...@standardnotes/auth@3.16.3) (2022-02-22)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.16.2](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.16.1...@standardnotes/auth@3.16.2) (2022-02-18)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.16.1](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.16.0...@standardnotes/auth@3.16.1) (2022-02-16)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+# [3.16.0](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.15.5...@standardnotes/auth@3.16.0) (2022-02-10)
+
+### Features
+
+* remove role name and subscription name from auth in favor of common ([14ec74c](https://github.com/standardnotes/snjs/commit/14ec74c3d98febf1117073f32442504cfad428e8))
+
+## [3.15.5](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.15.4...@standardnotes/auth@3.15.5) (2022-02-10)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.15.4](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.15.3...@standardnotes/auth@3.15.4) (2022-02-07)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+## [3.15.3](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.15.2...@standardnotes/auth@3.15.3) (2022-01-19)
+
+### Bug Fixes
+
+* add upload bytes information to valet token ([6d35f2b](https://github.com/standardnotes/snjs/commit/6d35f2b3774b1d0dad60c3ad00d2a958b81a52cb))
+
+## [3.15.2](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.15.1...@standardnotes/auth@3.15.2) (2022-01-17)
+
+### Bug Fixes
+
+* remove valet token valid until date in favor of jwt expiration ([7973fb1](https://github.com/standardnotes/snjs/commit/7973fb1695f3b02fa9b8888c6c5d0ff10b1979ee))
+
+## [3.15.1](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.15.0...@standardnotes/auth@3.15.1) (2022-01-17)
+
+### Bug Fixes
+
+* token encoders ([e0be0f4](https://github.com/standardnotes/snjs/commit/e0be0f4f0677615c3e347843eea33f08e9920eae))
+
+# [3.15.0](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.14.1...@standardnotes/auth@3.15.0) (2022-01-17)
+
+### Features
+
+* refactor token data names ([#559](https://github.com/standardnotes/snjs/issues/559)) ([2c615c9](https://github.com/standardnotes/snjs/commit/2c615c9b6f733195684163a58df606f5a8ffde59))
+
+## [3.14.1](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.14.0...@standardnotes/auth@3.14.1) (2022-01-15)
+
+**Note:** Version bump only for package @standardnotes/auth
+
+# [3.14.0](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.13.1...@standardnotes/auth@3.14.0) (2022-01-15)
+
+### Features
+
+* add crypter, decoder and encoder to auth package ([#553](https://github.com/standardnotes/snjs/issues/553)) ([940e0a5](https://github.com/standardnotes/snjs/commit/940e0a56a84e5f057a94a526289ae79e1ea46f70))
+
+## [3.13.1](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.13.0...@standardnotes/auth@3.13.1) (2022-01-14)
+
+### Bug Fixes
+
+* cross-package dependencies and content type imports ([#556](https://github.com/standardnotes/snjs/issues/556)) ([26ba1e0](https://github.com/standardnotes/snjs/commit/26ba1e0c38e7e0ae572996125150a4c3d27f1c0a))
+
+# [3.13.0](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.12.0...@standardnotes/auth@3.13.0) (2022-01-13)
+
+### Bug Fixes
+
+* correct gitignore paths ([cefc0cf](https://github.com/standardnotes/snjs/commit/cefc0cfcf98e3e5378e055b8c46931b53b23195e))
+* include dist in static components ([d17ce0f](https://github.com/standardnotes/snjs/commit/d17ce0f67045c6e4c97bf4577709aa58794e72e6))
+
+### Features
+
+* add token decoder ([#551](https://github.com/standardnotes/snjs/issues/551)) ([7240588](https://github.com/standardnotes/snjs/commit/724058864be08d0d78d4d8c232864aed125ea6e0))
+
+# [3.12.0](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.11.0...@standardnotes/auth@3.12.0) (2021-12-23)
+
+### Features
+
+* remove not used AuthMethods type ([98cb8e2](https://github.com/standardnotes/snjs/commit/98cb8e2bdf152c2b9e4f349fb77b537f8ac416e3))
+
+# 3.11.0 (2021-12-23)
+
+### Features
+
+* rename email backup setting to email backup frequency ([25e7b46](https://github.com/standardnotes/snjs/commit/25e7b4620834711ac7f513ae893898c5eab1af53))
+
+## 3.10.3 (2021-12-23)
+
+### Bug Fixes
+
+* lock package versions ([8aa2ce6](https://github.com/standardnotes/snjs/commit/8aa2ce676b57598ab72840adf851869d8e769022))
+
+## 3.10.2 (2021-12-23)
+
+### Bug Fixes
+
+* add publishing from package version by lerna ([80433d0](https://github.com/standardnotes/snjs/commit/80433d044f258095753482b8322d73aba3d9a9e4))
+
+## 3.10.1 (2021-12-23)
+
+### Bug Fixes
+
+* remove the ammend commit from lerna versioning ([f0400d9](https://github.com/standardnotes/snjs/commit/f0400d9a2f5a04eaece2e4c16da71166a2ddb251))
+
+# 3.10.0 (2021-12-23)
+
+### Features
+
+* add one drive backup frequency setting ([#522](https://github.com/standardnotes/snjs/issues/522)) ([c27827f](https://github.com/standardnotes/snjs/commit/c27827f8c7969dd32511c9c75122ece372132c83))
+
+## 3.9.4 (2021-12-23)
+
+### Bug Fixes
+
+* remove running tests upon deployment - ensured on PR status checks ([#523](https://github.com/standardnotes/snjs/issues/523)) ([5c795d1](https://github.com/standardnotes/snjs/commit/5c795d17b583d02955773576384e622c3ef7f418))
+
+## 3.9.3 (2021-12-23)
+
+### Bug Fixes
+
+* pr template ([#518](https://github.com/standardnotes/snjs/issues/518)) ([b445bb6](https://github.com/standardnotes/snjs/commit/b445bb64841217ae27c2514887629235be95d2a3))
+
+## 3.9.2 (2021-12-23)
+
+### Bug Fixes
+
+* checkout with personal access token ([773c1ef](https://github.com/standardnotes/snjs/commit/773c1ef91c4452ad411e928342060dcb59428e3c))
+
+## 3.9.1 (2021-12-22)
+
+### Bug Fixes
+
+* gpg signing with CI StandardNotes user ([d72f61c](https://github.com/standardnotes/snjs/commit/d72f61c23cd15b31d37340cc756d16526634b9ee))
+
+# 3.9.0 (2021-12-22)
+
+### Bug Fixes
+
+* add another missing export ([e219511](https://github.com/standardnotes/snjs/commit/e219511bfd361ac7e785c8ef407fd3323c3f6d08))
+* add missing export ([887a37e](https://github.com/standardnotes/snjs/commit/887a37ece3c6a266894ab5e54c96c7b45c1c8d68))
+* change user changed email event name ([#409](https://github.com/standardnotes/snjs/issues/409)) ([84efd16](https://github.com/standardnotes/snjs/commit/84efd161574d98a368201c7afcc1eff8ef916631))
+* create start task for auth package ([eb51014](https://github.com/standardnotes/snjs/commit/eb51014dcd94cf4a8be7db4ed7494f07dd7a4040))
+* fix lint problems and permission name export ([d303c06](https://github.com/standardnotes/snjs/commit/d303c06a0bda0d44a01d67c3fdb3a495a6a9148c))
+* forgot to bump Auth SDK version ([5fde641](https://github.com/standardnotes/snjs/commit/5fde64112cf09bdd309ad8f89e07edaf199db5fd))
+* format ([1d7d8a7](https://github.com/standardnotes/snjs/commit/1d7d8a7e39e83c858a5174db174e6f6f67a4f440))
+* format ([89705ae](https://github.com/standardnotes/snjs/commit/89705ae4d0e18b8672f2bd6e33681d38201ad56e))
+* format ([c3ee41b](https://github.com/standardnotes/snjs/commit/c3ee41b1ced73301600ead8cd70e20f0b1ca1d75))
+* linter errors ([51dee46](https://github.com/standardnotes/snjs/commit/51dee46ff8ebe13e43e7c5ca3e00a48dc25cdd54))
+* make session optional in the authentication token - legacy clients support ([e1b7e3e](https://github.com/standardnotes/snjs/commit/e1b7e3e846cf775009eb59bfbe526addf7848798))
+* naming on offline user token data ([0ebbfaa](https://github.com/standardnotes/snjs/commit/0ebbfaa7682ec0fdbccd698b6e9d13fb4dd39836))
+* remove comma ([328d2ca](https://github.com/standardnotes/snjs/commit/328d2ca19d4f9e813ad3f8ff27b2bab64a0036e4))
+* remove features dependency from auth ([4ae24b6](https://github.com/standardnotes/snjs/commit/4ae24b69cbd1df62e036666218f5961cc81e91aa))
+* replace permissions with features in auth token ([#373](https://github.com/standardnotes/snjs/issues/373)) ([739c956](https://github.com/standardnotes/snjs/commit/739c95604bd119a893d0d43dd2b35794cb5cb770))
+* versioning and package dependencies ([#509](https://github.com/standardnotes/snjs/issues/509)) ([fe1df94](https://github.com/standardnotes/snjs/commit/fe1df94eff3e90bcf9ba0cf45bdc44ac49204c71))
+
+### Features
+
+* add Auth SDK package ([#214](https://github.com/standardnotes/snjs/issues/214)) ([ae855ed](https://github.com/standardnotes/snjs/commit/ae855ed74081d7b3dbbcde30ddcd173ed41bf018))
+* add Auth Token DTO ([#218](https://github.com/standardnotes/snjs/issues/218)) ([c5a7509](https://github.com/standardnotes/snjs/commit/c5a750945fc368430ed2bdf7bc2f1c95061fdc2a))
+* add email events ([#250](https://github.com/standardnotes/snjs/issues/250)) ([fe4b444](https://github.com/standardnotes/snjs/commit/fe4b4442bd1c88e8c3e51806629c95153343b92a))
+* add extension key to auth token ([fc1b732](https://github.com/standardnotes/snjs/commit/fc1b7322825ebc3553dc8ce0c298e68baf0004c3))
+* add feature type ([0a8e2ec](https://github.com/standardnotes/snjs/commit/0a8e2ecc9f3cc527e615d9a12125ac8d5b32643b))
+* add get user subscription api call ([#411](https://github.com/standardnotes/snjs/issues/411)) ([83a8518](https://github.com/standardnotes/snjs/commit/83a8518f9232ca3d84dd5ddb102fb6f8b5448654))
+* add KeyParams model to auth package ([#248](https://github.com/standardnotes/snjs/issues/248)) ([cd9f74e](https://github.com/standardnotes/snjs/commit/cd9f74e119e670e3de47b245a6197d4a25340df4))
+* add offline user token data model ([6623498](https://github.com/standardnotes/snjs/commit/6623498690c74e547b32788b8866424e439ef794))
+* add subscription names and extract role names ([#359](https://github.com/standardnotes/snjs/issues/359)) ([df6356c](https://github.com/standardnotes/snjs/commit/df6356ccb8975b39a95c143e064f3e32f0006580))
+* added AuthMethods and extracted Uuid to auth SDK ([cffb5bf](https://github.com/standardnotes/snjs/commit/cffb5bfc4e99ab7186f57257aeba7e346a1c7c08))
+* adjust Auth SDK to the MFA implementation in Auth ([ca2f89a](https://github.com/standardnotes/snjs/commit/ca2f89a1645cad0fcf9f16bdb321773379692c03))
+* change permission and role types ([2722270](https://github.com/standardnotes/snjs/commit/27222706e4c37fa7337ddf44c2a2b1be3c96fea2))
+* extract common error tags to Auth SDK ([7df999e](https://github.com/standardnotes/snjs/commit/7df999eca44a48a74ecf3359ae1f6b914de942b6))
+* extract MFA payload to Auth SDK ([ab28d5c](https://github.com/standardnotes/snjs/commit/ab28d5ceb18e34f944362784105f0c2681667dbe))
+* extract settings and common package ([#372](https://github.com/standardnotes/snjs/issues/372)) ([4f89688](https://github.com/standardnotes/snjs/commit/4f89688054cdae88c001287c9fb3431debd0136c))
+* features instead of permissions ([#385](https://github.com/standardnotes/snjs/issues/385)) ([b53e967](https://github.com/standardnotes/snjs/commit/b53e967297bc472ed11aed79af79d0ae5b36d101))
+* Offline features token ([#452](https://github.com/standardnotes/snjs/issues/452)) ([b04d71b](https://github.com/standardnotes/snjs/commit/b04d71b62d9c6cd408c460c1458a8f14ef6f1948))
+* return array of feature ids instead of features in token ([2e2ac7b](https://github.com/standardnotes/snjs/commit/2e2ac7bae707915adcd01b35c98022720caa834c))
+* revert to returning just user role on event and auth token ([8f9341e](https://github.com/standardnotes/snjs/commit/8f9341eb49910a91a2ccaf2d70843a3ead97b707))
+* upgrade node engine versions to latest active LTS ([#462](https://github.com/standardnotes/snjs/issues/462)) ([686fc15](https://github.com/standardnotes/snjs/commit/686fc15030d302b474ebb7ef1cd4dcc48ec42359))

packages/security/jest.config.js

@@ -0,0 +1,11 @@
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const base = require('../../jest.config');
+
+module.exports = {
+  ...base,
+  globals: {
+    'ts-jest': {
+      tsconfig: 'tsconfig.json',
+    },
+  }
+};

packages/security/linter.tsconfig.json

@@ -0,0 +1,4 @@
+{
+  "extends": "./tsconfig.json",
+  "exclude": ["dist"]
+}

packages/security/package.json

@@ -0,0 +1,41 @@
+{
+  "name": "@standardnotes/security",
+  "version": "1.0.0",
+  "engines": {
+    "node": ">=16.0.0 <17.0.0"
+  },
+  "description": "Security SDK for Standard Notes projects",
+  "main": "dist/src/index.js",
+  "author": "Standard Notes",
+  "types": "dist/src/index.d.ts",
+  "files": [
+    "dist/src/**/*.js",
+    "dist/src/**/*.d.ts"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "license": "AGPL-3.0-or-later",
+  "scripts": {
+    "clean": "rm -fr dist",
+    "prestart": "yarn clean",
+    "start": "tsc -p tsconfig.json --watch",
+    "prebuild": "yarn clean",
+    "build": "tsc -p tsconfig.json",
+    "lint": "eslint . --ext .ts",
+    "test:unit": "jest spec --coverage"
+  },
+  "dependencies": {
+    "@standardnotes/common": "^1.23.1",
+    "jsonwebtoken": "^8.5.1",
+    "reflect-metadata": "^0.1.13"
+  },
+  "devDependencies": {
+    "@types/jest": "^27.4.1",
+    "@types/jsonwebtoken": "^8.5.8",
+    "@typescript-eslint/eslint-plugin": "^5.30.0",
+    "eslint-plugin-prettier": "^4.2.1",
+    "jest": "^27.5.1",
+    "ts-jest": "^27.1.3"
+  }
+}

packages/security/src/Domain/Decoder/TokenDecoder.spec.ts

@@ -0,0 +1,31 @@
+import 'reflect-metadata'
+
+import { TokenDecoder } from './TokenDecoder'
+
+describe('TokenDecoder', () => {
+  const jwtSecret = 'secret'
+
+  const createDecoder = () =>
+    new TokenDecoder<{ iat: number; pw_hash: string; sub: string; user_uuid: string }>(jwtSecret)
+
+  it('should decode a token', () => {
+    expect(
+      createDecoder().decodeToken(
+        'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwidXNlcl91dWlkIjoiMTIzIiwicHdfaGFzaCI6IjlmODZkMDgxODg0YzdkNjU5YTJmZWFhMGM1NWFkMDE1YTNiZjRmMWIyYjBiODIyY2QxNWQ2YzE1YjBmMDBhMDgiLCJpYXQiOjE1MTYyMzkwMjJ9.TXDPCbCAITDjcUUorHsF4S5Nxkz4eFE4F3TPCsKI89A',
+      ),
+    ).toEqual({
+      iat: 1516239022,
+      pw_hash: '9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08',
+      sub: '1234567890',
+      user_uuid: '123',
+    })
+  })
+
+  it('should not decode a session token with wrong encoding', () => {
+    expect(
+      createDecoder().decodeToken(
+        'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyqeqwJzdWIiOiIxMjM0NTY3ODkwIiwidXNlcl91dWlkIjoiMTIzIiwicHdfaGFzaCI6IjlmODZkMDgxODg0YzdkNjU5YTJmZWFhMGM1NWFkMDE1YTNiZjRmMWIyYjBiODIyY2QxNWQ2YzE1YjBmMDBhMDgiLCJpYXQiOjE1MTYyMzkwMjJ9.g32nbZ046pRwSe1iHwWEfsNNBRnAKqXshQKRtCuX1Zw',
+      ),
+    ).toBeUndefined()
+  })
+})

packages/security/src/Domain/Decoder/TokenDecoder.ts

@@ -0,0 +1,16 @@
+import { verify } from 'jsonwebtoken'
+
+import { TokenDecoderInterface } from './TokenDecoderInterface'
+export class TokenDecoder<T> implements TokenDecoderInterface<T> {
+  constructor(private jwtSecret: string) {}
+
+  decodeToken(token: string): T | undefined {
+    try {
+      return <T>verify(token, this.jwtSecret, {
+        algorithms: ['HS256'],
+      })
+    } catch (error) {
+      return undefined
+    }
+  }
+}

packages/security/src/Domain/Decoder/TokenDecoderInterface.ts

@@ -0,0 +1,3 @@
+export interface TokenDecoderInterface<T> {
+  decodeToken(token: string): T | undefined
+}

packages/security/src/Domain/Encoder/TokenEncoder.spec.ts

@@ -0,0 +1,25 @@
+import 'reflect-metadata'
+
+import { JwtPayload, verify } from 'jsonwebtoken'
+
+import { TokenEncoder } from './TokenEncoder'
+
+describe('TokenEncoder', () => {
+  const jwtSecret = 'secret'
+
+  const createEncoder = () => new TokenEncoder<{ user_uuid: string }>(jwtSecret)
+
+  it('should encode a token', () => {
+    const encodedToken = createEncoder().encodeToken({ user_uuid: '123' })
+
+    expect((verify(encodedToken, jwtSecret) as JwtPayload).user_uuid).toEqual('123')
+    expect((verify(encodedToken, jwtSecret) as JwtPayload).exp).toBeUndefined()
+  })
+
+  it('should encode an expirable token', () => {
+    const encodedToken = createEncoder().encodeExpirableToken({ user_uuid: '123' }, 123)
+
+    expect((verify(encodedToken, jwtSecret) as JwtPayload).user_uuid).toEqual('123')
+    expect((verify(encodedToken, jwtSecret) as JwtPayload).exp).toBeGreaterThan(0)
+  })
+})

packages/security/src/Domain/Encoder/TokenEncoder.ts

@@ -0,0 +1,15 @@
+import { sign } from 'jsonwebtoken'
+
+import { TokenEncoderInterface } from './TokenEncoderInterface'
+
+export class TokenEncoder<T> implements TokenEncoderInterface<T> {
+  constructor(private jwtSecret: string) {}
+
+  encodeExpirableToken(data: T, expiresIn: string | number | undefined): string {
+    return sign(data as Record<string, unknown>, this.jwtSecret, { algorithm: 'HS256', expiresIn })
+  }
+
+  encodeToken(data: T): string {
+    return sign(data as Record<string, unknown>, this.jwtSecret, { algorithm: 'HS256' })
+  }
+}

packages/security/src/Domain/Encoder/TokenEncoderInterface.ts

@@ -0,0 +1,4 @@
+export interface TokenEncoderInterface<T> {
+  encodeToken(data: T): string
+  encodeExpirableToken(data: T, expiresIn: number): string
+}

packages/security/src/Domain/Role/Role.ts

@@ -0,0 +1,6 @@
+import { Uuid, RoleName } from '@standardnotes/common'
+
+export type Role = {
+  uuid: Uuid
+  name: RoleName
+}

packages/security/src/Domain/Selection/DeterministicSelector.spec.ts

@@ -0,0 +1,41 @@
+import { DeterministicSelector } from './DeterministicSelector'
+
+describe('DeterministicSelector', () => {
+  const createSelector = () => new DeterministicSelector<string>()
+
+  it('should choose always the same value based on the same input', () => {
+    const selector = createSelector()
+
+    const inputString = '875a31ce95365904ef0e0a8e6cefc1f5e99adfef81bbdb6d4499eeb10ae0ff67'
+
+    const allowedValues = ['a', 'b', 'c', 'd', 'e']
+
+    const firstValue = selector.select(inputString, allowedValues)
+
+    const secondValue = selector.select(inputString, allowedValues)
+
+    expect(firstValue).toEqual('d')
+
+    expect(firstValue).toEqual(secondValue)
+  })
+
+  it('should choose different values on different input', () => {
+    const selector = createSelector()
+
+    const allowedValues = ['a', 'b', 'c', 'd', 'e']
+
+    const firstValue = selector.select(
+      '875a31ce95365904ef0e0a8e6cefc1f5e99adfef81bbdb6d4499eeb10ae0ff67',
+      allowedValues,
+    )
+
+    const secondValue = selector.select(
+      'a75a31ce95365904ef0e0a8e6cefc1f5e99adfef81bbdb6d4499eeb10ae0ff67',
+      allowedValues,
+    )
+
+    expect(firstValue).toEqual('d')
+
+    expect(secondValue).toEqual('e')
+  })
+})

packages/security/src/Domain/Selection/DeterministicSelector.ts

@@ -0,0 +1,16 @@
+import { SelectorInterface } from './SelectorInterface'
+
+export class DeterministicSelector<T> implements SelectorInterface<T> {
+  private readonly CHAR_0_CODE = 48
+
+  select(inputKey: string, values: T[]): T {
+    const firstChar = inputKey[0]
+    const firstCharCode = firstChar.charCodeAt(0)
+
+    const normalizedCode = firstCharCode - this.CHAR_0_CODE
+
+    const index = normalizedCode % values.length
+
+    return values[index]
+  }
+}

packages/security/src/Domain/Selection/SelectorInterface.ts

@@ -0,0 +1,3 @@
+export interface SelectorInterface<T> {
+  select(inputKey: string, values: Array<T>): T
+}

packages/security/src/Domain/Subscription/Subscription.ts

@@ -0,0 +1,9 @@
+import { SubscriptionName } from '@standardnotes/common'
+
+export type Subscription = {
+  planName: SubscriptionName
+  endsAt: number
+  createdAt: number
+  updatedAt: number
+  cancelled: boolean
+}

packages/security/src/Domain/Token/CrossServiceTokenData.ts

@@ -0,0 +1,23 @@
+import { Uuid } from '@standardnotes/common'
+
+import { Role } from '../Role/Role'
+
+export type CrossServiceTokenData = {
+  user: {
+    uuid: Uuid
+    email: string
+  }
+  roles: Array<Role>
+  session?: {
+    uuid: Uuid
+    api_version: string
+    created_at: string
+    updated_at: string
+    device_info: string
+    readonly_access: boolean
+    access_expiration: string
+    refresh_expiration: string
+  }
+  extensionKey?: string
+  analyticsId?: number
+}

packages/security/src/Domain/Token/OfflineFeaturesTokenData.ts

@@ -0,0 +1,4 @@
+export type OfflineFeaturesTokenData = {
+  featuresUrl: string
+  extensionKey: string
+}

packages/security/src/Domain/Token/OfflineUserTokenData.ts

@@ -0,0 +1,4 @@
+export type OfflineUserTokenData = {
+  userEmail: string
+  featuresToken: string
+}

packages/security/src/Domain/Token/SessionTokenData.ts

@@ -0,0 +1 @@
+export type SessionTokenData = Record<string, unknown>

packages/security/src/Domain/Token/ValetTokenData.ts

@@ -0,0 +1,14 @@
+import { Uuid } from '@standardnotes/common'
+
+export type ValetTokenData = {
+  userUuid: Uuid
+  sharedSubscriptionUuid: Uuid | undefined
+  regularSubscriptionUuid: Uuid
+  permittedOperation: 'read' | 'write' | 'delete'
+  permittedResources: Array<{
+    remoteIdentifier: string
+    unencryptedFileSize?: number
+  }>
+  uploadBytesUsed: number
+  uploadBytesLimit: number
+}

packages/security/src/Domain/index.ts

@@ -0,0 +1,13 @@
+export * from './Decoder/TokenDecoder'
+export * from './Decoder/TokenDecoderInterface'
+export * from './Encoder/TokenEncoder'
+export * from './Encoder/TokenEncoderInterface'
+export * from './Role/Role'
+export * from './Selection/DeterministicSelector'
+export * from './Selection/SelectorInterface'
+export * from './Subscription/Subscription'
+export * from './Token/CrossServiceTokenData'
+export * from './Token/OfflineFeaturesTokenData'
+export * from './Token/OfflineUserTokenData'
+export * from './Token/SessionTokenData'
+export * from './Token/ValetTokenData'

packages/security/src/index.ts

@@ -0,0 +1 @@
+export * from './Domain'

packages/security/tsconfig.json

@@ -0,0 +1,11 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "composite": true,
+    "outDir": "./dist",
+  },
+  "include": [
+    "src/**/*"
+  ],
+  "references": []
+}

packages/syncing-server/package.json

@@ -27,7 +27,7 @@
     "@newrelic/winston-enricher": "^2.1.0",
     "@sentry/node": "^7.3.0",
     "@standardnotes/analytics": "workspace:*",
-    "@standardnotes/auth": "^3.19.4",
+    "@standardnotes/security": "workspace:*",
     "@standardnotes/common": "^1.23.1",
     "@standardnotes/domain-events": "workspace:*",
     "@standardnotes/domain-events-infra": "workspace:*",

packages/syncing-server/src/Controller/AuthMiddleware.ts

@@ -2,7 +2,7 @@ import { NextFunction, Request, Response } from 'express'
 import { inject, injectable } from 'inversify'
 import { BaseMiddleware } from 'inversify-express-utils'
 import { verify } from 'jsonwebtoken'
-import { CrossServiceTokenData } from '@standardnotes/auth'
+import { CrossServiceTokenData } from '@standardnotes/security'
 import * as winston from 'winston'
 import TYPES from '../Bootstrap/Types'
 

tsconfig.json

@@ -46,6 +46,9 @@
     {
       "path": "./packages/scheduler"
     },
+    {
+      "path": "./packages/security"
+    },
     {
       "path": "./packages/syncing-server"
     }