security update

chr15k · chr15k · commit 069afe5b05e3 · 2025-06-14T23:20:45.000-04:00
diff --git a/src/Builders/BasicAuthBuilder.php b/src/Builders/BasicAuthBuilder.php
@@ -8,32 +8,33 @@
 use Chr15k\AuthGenerator\Contracts\Generator;
 use Chr15k\AuthGenerator\DataTransfer\BasicAuthData;
 use Chr15k\AuthGenerator\Generators\BasicAuth as BasicAuthGenerator;
+use SensitiveParameter;
 
-final readonly class BasicAuthBuilder implements Builder
+final class BasicAuthBuilder implements Builder
 {
-    private BasicAuthData $data;
-
-    public function __construct()
-    {
-        $this->data = new BasicAuthData;
+    public function __construct(
+        private string $username = '',
+        private string $password = ''
+    ) {
+        //
     }
 
     /**
      * Set the username for Basic Auth.
      */
     public function username(string $username): self
     {
-        $this->data->username = $username;
+        $this->username = $username;
 
         return $this;
     }
 
     /**
      * Set the password for Basic Auth.
      */
-    public function password(string $password): self
+    public function password(#[SensitiveParameter] string $password): self
     {
-        $this->data->password = $password;
+        $this->password = $password;
 
         return $this;
     }
@@ -43,7 +44,12 @@ public function password(string $password): self
      */
     public function build(): Generator
     {
-        return new BasicAuthGenerator($this->data);
+        $data = new BasicAuthData(
+            username: $this->username,
+            password: $this->password
+        );
+
+        return new BasicAuthGenerator($data);
     }
 
     /**
diff --git a/src/Builders/BearerTokenBuilder.php b/src/Builders/BearerTokenBuilder.php
@@ -9,31 +9,25 @@
 use Chr15k\AuthGenerator\DataTransfer\BearerTokenData;
 use Chr15k\AuthGenerator\Generators\BearerToken as BearerTokenGenerator;
 
-final readonly class BearerTokenBuilder implements Builder
+final class BearerTokenBuilder implements Builder
 {
-    private BearerTokenData $data;
-
-    public function __construct()
-    {
-        $this->data = new BearerTokenData;
+    public function __construct(
+        private int $length = 32,
+        private string $prefix = 'brr_'
+    ) {
+        //
     }
 
-    /**
-     * Set the token length.
-     */
     public function length(int $length): self
     {
-        $this->data->length = $length;
+        $this->length = $length;
 
         return $this;
     }
 
-    /**
-     * Set the token prefix.
-     */
     public function prefix(string $prefix): self
     {
-        $this->data->prefix = $prefix;
+        $this->prefix = $prefix;
 
         return $this;
     }
@@ -43,7 +37,12 @@ public function prefix(string $prefix): self
      */
     public function build(): Generator
     {
-        return new BearerTokenGenerator($this->data);
+        $data = new BearerTokenData(
+            length: $this->length,
+            prefix: $this->prefix
+        );
+
+        return new BearerTokenGenerator($data);
     }
 
     /**
diff --git a/src/Builders/JWTBuilder.php b/src/Builders/JWTBuilder.php
@@ -9,6 +9,7 @@
 use Chr15k\AuthGenerator\DataTransfer\JWTData;
 use Chr15k\AuthGenerator\Enums\Algorithm;
 use Chr15k\AuthGenerator\Generators\JWT as JWTGenerator;
+use SensitiveParameter;
 
 final class JWTBuilder implements Builder
 {
@@ -44,7 +45,7 @@ final class JWTBuilder implements Builder
     /**
      * Set the signing key for the JWT.
      */
-    public function key(string $key, bool $isBase64Encoded = false): self
+    public function key(#[SensitiveParameter] string $key, bool $isBase64Encoded = false): self
     {
         $this->key = $key;
         $this->keyBase64Encoded = $isBase64Encoded;
diff --git a/src/DataTransfer/BasicAuthData.php b/src/DataTransfer/BasicAuthData.php
@@ -4,14 +4,16 @@
 
 namespace Chr15k\AuthGenerator\DataTransfer;
 
+use SensitiveParameter;
+
 /**
  * @internal
  */
-final class BasicAuthData
+final readonly class BasicAuthData
 {
     public function __construct(
         public string $username = '',
-        public string $password = ''
+        #[SensitiveParameter] public string $password = ''
     ) {
         //
     }
diff --git a/src/DataTransfer/BearerTokenData.php b/src/DataTransfer/BearerTokenData.php
@@ -7,7 +7,7 @@
 /**
  * @internal
  */
-final class BearerTokenData
+final readonly class BearerTokenData
 {
     public function __construct(
         public int $length = 32,
diff --git a/src/DataTransfer/JWTData.php b/src/DataTransfer/JWTData.php
@@ -5,6 +5,7 @@
 namespace Chr15k\AuthGenerator\DataTransfer;
 
 use Chr15k\AuthGenerator\Enums\Algorithm;
+use SensitiveParameter;
 
 /**
  * @internal
@@ -16,7 +17,7 @@
      * @param  array<string, string>  $headers
      */
     public function __construct(
-        public string $key = '',
+        #[SensitiveParameter] public string $key = '',
         public array $payload = [],
         public array $headers = [],
         public Algorithm $algorithm = Algorithm::HS256,

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@`
`7`	`7`	`/**`
`8`	`8`	`* @internal`
`9`	`9`	`*/`
`10`		`-final class BearerTokenData`
	`10`	`+final readonly class BearerTokenData`
`11`	`11`	`{`
`12`	`12`	`public function __construct(`
`13`	`13`	`public int $length = 32,`