Initial implementation

.gitattributes

@@ -0,0 +1 @@
+*.lockb binary diff=lockb

.github/workflows/biome.yml

@@ -0,0 +1,11 @@
+name: Biome
+on: [push, pull_request]
+jobs:
+  biome:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v1
+      - run: bun install
+      - run: bun run check
+      - run: git diff --exit-code

.github/workflows/release.yml

@@ -0,0 +1,33 @@
+name: Release
+on: release
+jobs:
+  biome:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v1
+      - run: bun install
+      - run: bun run check
+      - run: git diff --exit-code
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v1
+      - run: bun install
+      - run: bun test --coverage
+  release:
+    needs: [biome, test]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v1
+      - uses: actions/setup-node@v3
+        with:
+          node-version: '20.x'
+          registry-url: 'https://registry.npmjs.org'
+      - run: bun install
+      - run: bun run build
+      - run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/test.yml

@@ -0,0 +1,10 @@
+name: Test
+on: [push, pull_request]
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v1
+      - run: bun install
+      - run: bun test --coverage

.gitignore

@@ -0,0 +1,42 @@
+# Based on https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
+
+# Logs
+
+logs
+_.log
+
+# Caches 
+
+.cache
+
+# Runtime data
+
+pids
+_.pid
+_.seed
+*.pid.lock
+
+# Coverage directory used by tools like istanbul
+
+coverage
+*.lcov
+
+# nyc test coverage
+
+.nyc_output
+
+# Dependency directories
+
+node_modules/
+
+# Output of 'npm pack'
+
+*.tgz
+
+dist
+
+# IntelliJ based IDEs
+.idea
+
+# Finder (MacOS) folder config
+.DS_Store

.vscode/extensions.json

@@ -0,0 +1,4 @@
+{
+	"recommendations": ["biomejs.biome"],
+	"unwantedRecommendations": ["esbenp.prettier-vscode"]
+}

.vscode/settings.json

@@ -0,0 +1,13 @@
+{
+	"editor.formatOnSave": true,
+	"editor.formatOnPaste": false,
+	"editor.defaultFormatter": "biomejs.biome",
+	"[javascript]": {
+		"editor.defaultFormatter": "biomejs.biome",
+		"javascript.preferences.importModuleSpecifierEnding": "js"
+	},
+	"[typescript]": {
+		"editor.defaultFormatter": "biomejs.biome",
+		"typescript.preferences.importModuleSpecifierEnding": "js"
+	}
+}

README.md

@@ -0,0 +1,15 @@
+# owasp-logging
+
+To install dependencies:
+
+```bash
+bun install
+```
+
+To run:
+
+```bash
+bun run index.ts
+```
+
+This project was created using `bun init` in bun v1.0.14. [Bun](https://bun.sh) is a fast all-in-one JavaScript runtime.

biome.json

@@ -0,0 +1,12 @@
+{
+	"$schema": "https://biomejs.dev/schemas/1.4.0/schema.json",
+	"organizeImports": {
+		"enabled": true
+	},
+	"linter": {
+		"enabled": true,
+		"rules": {
+			"recommended": true
+		}
+	}
+}

package.json

@@ -0,0 +1,53 @@
+{
+  "name": "owasp-logging",
+  "version": "1.0.0",
+  "type": "module",
+  "license": "ISC",
+  "publishConfig": {
+    "access": "public"
+  },
+  "author": {
+    "name": "Quinn Turner"
+  },
+  "homepage": "https://github.com/quinnturner/owasp-logging#readme",
+  "bugs": {
+    "url": "https://github.com/quinnturner/owasp-logging/issues"
+  },
+  "keywords": [
+    "owasp",
+    "logging",
+    "security"
+  ],
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      },
+      "require": {
+        "types": "./dist/index.d.cts",
+        "default": "./dist/index.cjs"
+      }
+    },
+    "./package.json": "./package.json"
+  },
+  "main": "./dist/index.cjs",
+  "types": "./dist/index.d.cts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "format": "biome format ./src --write",
+    "lint": "biome lint ./src",
+    "check": "biome check --apply ./src",
+    "build": "tsup --config tsup.config.ts"
+  },
+  "devDependencies": {
+    "@biomejs/biome": "^1.4.0",
+    "bun-types": "^1.0.14",
+    "tsup": "^8.0.1",
+    "type-fest": "^4.8.2",
+    "typescript": "^5.3.2"
+  },
+  "packageManager": "bun@1.0.14"
+}

src/authentication.test.ts

@@ -0,0 +1,143 @@
+import { describe, expect, it } from "bun:test";
+import {
+	authn_impossible_travel,
+	authn_login_fail,
+	authn_login_fail_max,
+	authn_login_lock,
+	authn_login_success,
+	authn_login_successafterfail,
+	authn_password_change,
+	authn_password_change_fail,
+	authn_token_created,
+	authn_token_delete,
+	authn_token_reuse,
+	authn_token_revoked,
+} from "./authentication.js";
+
+const userId = "user123";
+
+describe("authn_token_revoked", () => {
+	it("should return the correct string when tokenId is undefined", () => {
+		const result = authn_token_revoked(userId);
+		expect(result).toBe("authn_token_revoked:user123");
+	});
+
+	it("should return the correct string when tokenId is defined", () => {
+		const tokenId = "token456";
+		const result = authn_token_revoked(userId, tokenId);
+		expect(result).toBe("authn_token_revoked:user123,token456");
+	});
+});
+
+describe("authn_token_reuse", () => {
+	it("should return the correct string when tokenId is undefined", () => {
+		const result = authn_token_reuse(userId);
+		expect(result).toBe("authn_token_reuse:user123");
+	});
+	it("should return the correct string when tokenId is defined", () => {
+		const result = authn_token_reuse(userId, "token456");
+		expect(result).toBe("authn_token_reuse:user123,token456");
+	});
+});
+
+describe("authn_impossible_travel", () => {
+	it("should return the correct string", () => {
+		const result = authn_impossible_travel(userId, "location1", "location2");
+		expect(result).toBe("authn_impossible_travel:user123,location1,location2");
+	});
+});
+
+describe("authn_login_fail", () => {
+	it("should return the correct string", () => {
+		const result = authn_login_fail(userId);
+		expect(result).toBe("authn_login_fail:user123");
+	});
+});
+
+describe("authn_login_lock", () => {
+	it("should return the correct string when reason is undefined", () => {
+		const result = authn_login_lock(userId);
+		expect(result).toBe("authn_login_lock:user123");
+	});
+	it("should return the correct string when reason is defined", () => {
+		const result = authn_login_lock(userId, "reason");
+		expect(result).toBe("authn_login_lock:user123,reason");
+	});
+});
+
+describe("authn_login_fail_max", () => {
+	it("should return the correct string when maxLimit is undefined", () => {
+		const result = authn_login_fail_max(userId);
+		expect(result).toBe("authn_login_fail_max:user123");
+	});
+	it("should return the correct string when maxLimit is defined", () => {
+		const result = authn_login_fail_max(userId, 3);
+		expect(result).toBe("authn_login_fail_max:user123,3");
+	});
+});
+
+describe("authn_login_success", () => {
+	it("should return the correct string", () => {
+		const result = authn_login_success(userId);
+		expect(result).toBe("authn_login_success:user123");
+	});
+});
+
+describe("authn_login_successafterfail", () => {
+	it("should return the correct string when provided a number as retry", () => {
+		const result = authn_login_successafterfail(userId, 1);
+		expect(result).toBe("authn_login_successafterfail:user123,1");
+	});
+	it("should return the correct string when provided a string as retry", () => {
+		const result = authn_login_successafterfail(userId, "1");
+		expect(result).toBe("authn_login_successafterfail:user123,1");
+	});
+	it("should return the correct string when provided a bigint as retry", () => {
+		const result = authn_login_successafterfail(userId, BigInt(1));
+		expect(result).toBe("authn_login_successafterfail:user123,1");
+	});
+});
+
+describe("authn_password_change", () => {
+	it("should return the correct string", () => {
+		const result = authn_password_change(userId);
+		expect(result).toBe("authn_password_change:user123");
+	});
+});
+
+describe("authn_password_change_fail", () => {
+	it("should return the correct string", () => {
+		const result = authn_password_change_fail(userId);
+		expect(result).toBe("authn_password_change_fail:user123");
+	});
+});
+
+describe("authn_token_created", () => {
+	it("should return the correct string and perfect type when not using spread", () => {
+		const result = authn_token_created(userId, "create", "update");
+		expect(result).toBe("authn_token_created:user123,create,update");
+	});
+	it("should return the correct string and `string,string` type when using non const spread", () => {
+		const result = authn_token_created(userId, ...["create", "update"]);
+		// Note, the type of `result` is `authn_token_created:user123,${string},${string}`
+		expect(result).toBe("authn_token_created:user123,create,update");
+	});
+	it("should return the correct string and type when using const spread", () => {
+		const result = authn_token_created(
+			userId,
+			...(["create", "update"] as const),
+		);
+		expect(result).toBe("authn_token_created:user123,create,update");
+	});
+});
+
+describe("authn_token_delete", () => {
+	it("should return the correct string when tokenId is undefined", () => {
+		const result = authn_token_delete(userId);
+		expect(result).toBe("authn_token_delete:user123");
+	});
+	it("should return the correct string when tokenId is defined", () => {
+		const result = authn_token_delete("app-id");
+		expect(result).toBe("authn_token_delete:app-id");
+	});
+});