@bajustone/fortress 1.0.0-rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +1011 -0
- package/LICENSE +21 -0
- package/README.md +760 -0
- package/SECURITY.md +197 -0
- package/bin/fortress.ts +667 -0
- package/dist/auth-service-BcyQ2PuZ.d.cts +307 -0
- package/dist/auth-service-BkzZkWfH.d.ts +307 -0
- package/dist/config-B2366s_G.d.ts +665 -0
- package/dist/config-GtlVt6ZD.d.cts +665 -0
- package/dist/convert-routes-BLCQT57f.d.ts +72 -0
- package/dist/convert-routes-BdMvP2_X.d.cts +72 -0
- package/dist/crypto.cjs +61 -0
- package/dist/crypto.d.cts +36 -0
- package/dist/crypto.d.ts +36 -0
- package/dist/crypto.js +35 -0
- package/dist/drift-BT1wtMDJ.d.cts +22 -0
- package/dist/drift-k9LiYpRP.d.ts +22 -0
- package/dist/drizzle/pg.cjs +481 -0
- package/dist/drizzle/pg.d.cts +15 -0
- package/dist/drizzle/pg.d.ts +15 -0
- package/dist/drizzle/pg.js +454 -0
- package/dist/drizzle.cjs +1442 -0
- package/dist/drizzle.d.cts +85 -0
- package/dist/drizzle.d.ts +85 -0
- package/dist/drizzle.js +1411 -0
- package/dist/express.cjs +1357 -0
- package/dist/express.d.cts +333 -0
- package/dist/express.d.ts +333 -0
- package/dist/express.js +1314 -0
- package/dist/fetcher.cjs +77 -0
- package/dist/fetcher.d.cts +7 -0
- package/dist/fetcher.d.ts +7 -0
- package/dist/fetcher.js +41 -0
- package/dist/fortress-BmSvFfqK.d.cts +1089 -0
- package/dist/fortress-uA-_cheR.d.ts +1089 -0
- package/dist/hono.cjs +1530 -0
- package/dist/hono.d.cts +514 -0
- package/dist/hono.d.ts +514 -0
- package/dist/hono.js +1483 -0
- package/dist/index-CxEkfCA0.d.cts +77 -0
- package/dist/index-CxEkfCA0.d.ts +77 -0
- package/dist/index-D054pcb-.d.cts +146 -0
- package/dist/index-jAMbbUAY.d.ts +146 -0
- package/dist/index.cjs +9046 -0
- package/dist/index.d.cts +717 -0
- package/dist/index.d.ts +717 -0
- package/dist/index.js +8935 -0
- package/dist/jwt.cjs +255 -0
- package/dist/jwt.d.cts +90 -0
- package/dist/jwt.d.ts +90 -0
- package/dist/jwt.js +227 -0
- package/dist/otel.cjs +108 -0
- package/dist/otel.d.cts +62 -0
- package/dist/otel.d.ts +62 -0
- package/dist/otel.js +73 -0
- package/dist/plugins/account-lockout.cjs +322 -0
- package/dist/plugins/account-lockout.d.cts +42 -0
- package/dist/plugins/account-lockout.d.ts +42 -0
- package/dist/plugins/account-lockout.js +295 -0
- package/dist/plugins/admin.cjs +2378 -0
- package/dist/plugins/admin.d.cts +72 -0
- package/dist/plugins/admin.d.ts +72 -0
- package/dist/plugins/admin.js +2351 -0
- package/dist/plugins/api-key.cjs +792 -0
- package/dist/plugins/api-key.d.cts +121 -0
- package/dist/plugins/api-key.d.ts +121 -0
- package/dist/plugins/api-key.js +765 -0
- package/dist/plugins/audit-log.cjs +493 -0
- package/dist/plugins/audit-log.d.cts +86 -0
- package/dist/plugins/audit-log.d.ts +86 -0
- package/dist/plugins/audit-log.js +468 -0
- package/dist/plugins/data-isolation.cjs +211 -0
- package/dist/plugins/data-isolation.d.cts +49 -0
- package/dist/plugins/data-isolation.d.ts +49 -0
- package/dist/plugins/data-isolation.js +186 -0
- package/dist/plugins/email-verification.cjs +273 -0
- package/dist/plugins/email-verification.d.cts +44 -0
- package/dist/plugins/email-verification.d.ts +44 -0
- package/dist/plugins/email-verification.js +246 -0
- package/dist/plugins/magic-link.cjs +231 -0
- package/dist/plugins/magic-link.d.cts +39 -0
- package/dist/plugins/magic-link.d.ts +39 -0
- package/dist/plugins/magic-link.js +204 -0
- package/dist/plugins/oauth.cjs +1696 -0
- package/dist/plugins/oauth.d.cts +406 -0
- package/dist/plugins/oauth.d.ts +406 -0
- package/dist/plugins/oauth.js +1669 -0
- package/dist/plugins/openapi.cjs +1185 -0
- package/dist/plugins/openapi.d.cts +6 -0
- package/dist/plugins/openapi.d.ts +6 -0
- package/dist/plugins/openapi.js +1158 -0
- package/dist/plugins/rate-limit/express.cjs +55 -0
- package/dist/plugins/rate-limit/express.d.cts +64 -0
- package/dist/plugins/rate-limit/express.d.ts +64 -0
- package/dist/plugins/rate-limit/express.js +30 -0
- package/dist/plugins/rate-limit/hono.cjs +51 -0
- package/dist/plugins/rate-limit/hono.d.cts +59 -0
- package/dist/plugins/rate-limit/hono.d.ts +59 -0
- package/dist/plugins/rate-limit/hono.js +26 -0
- package/dist/plugins/rate-limit/sveltekit.cjs +49 -0
- package/dist/plugins/rate-limit/sveltekit.d.cts +59 -0
- package/dist/plugins/rate-limit/sveltekit.d.ts +59 -0
- package/dist/plugins/rate-limit/sveltekit.js +24 -0
- package/dist/plugins/rate-limit.cjs +354 -0
- package/dist/plugins/rate-limit.d.cts +140 -0
- package/dist/plugins/rate-limit.d.ts +140 -0
- package/dist/plugins/rate-limit.js +325 -0
- package/dist/plugins/social-login.cjs +905 -0
- package/dist/plugins/social-login.d.cts +114 -0
- package/dist/plugins/social-login.d.ts +114 -0
- package/dist/plugins/social-login.js +880 -0
- package/dist/plugins/tenancy.cjs +780 -0
- package/dist/plugins/tenancy.d.cts +108 -0
- package/dist/plugins/tenancy.d.ts +108 -0
- package/dist/plugins/tenancy.js +753 -0
- package/dist/plugins/two-factor.cjs +555 -0
- package/dist/plugins/two-factor.d.cts +67 -0
- package/dist/plugins/two-factor.d.ts +67 -0
- package/dist/plugins/two-factor.js +526 -0
- package/dist/plugins/webauthn.cjs +786 -0
- package/dist/plugins/webauthn.d.cts +72 -0
- package/dist/plugins/webauthn.d.ts +72 -0
- package/dist/plugins/webauthn.js +766 -0
- package/dist/plugins/webhook.cjs +819 -0
- package/dist/plugins/webhook.d.cts +254 -0
- package/dist/plugins/webhook.d.ts +254 -0
- package/dist/plugins/webhook.js +789 -0
- package/dist/protect-D1v_0upK.d.cts +123 -0
- package/dist/protect-DsxV_-dJ.d.ts +123 -0
- package/dist/sveltekit.cjs +1258 -0
- package/dist/sveltekit.d.cts +420 -0
- package/dist/sveltekit.d.ts +420 -0
- package/dist/sveltekit.js +1207 -0
- package/dist/testing.cjs +4294 -0
- package/dist/testing.d.cts +197 -0
- package/dist/testing.d.ts +197 -0
- package/dist/testing.js +4264 -0
- package/dist/types-et0R8tsC.d.cts +217 -0
- package/dist/types-et0R8tsC.d.ts +217 -0
- package/docs/adapter-typed-helpers.md +192 -0
- package/docs/admin-recipes.md +227 -0
- package/docs/architecture.md +434 -0
- package/docs/ci/github-actions.yml +59 -0
- package/docs/ci.md +109 -0
- package/docs/compatibility.md +115 -0
- package/docs/deployment.md +305 -0
- package/docs/hardening.md +118 -0
- package/docs/host-owned-routes.md +154 -0
- package/docs/migrations/0001-schema-version.md +54 -0
- package/docs/migrations/0002-initial-schema.md +84 -0
- package/docs/migrations/upgrade-guide.md +160 -0
- package/docs/observability.md +394 -0
- package/docs/plugins/account-lockout.md +131 -0
- package/docs/plugins/admin.md +402 -0
- package/docs/plugins/api-key.md +327 -0
- package/docs/plugins/audit-log.md +261 -0
- package/docs/plugins/data-isolation.md +186 -0
- package/docs/plugins/email-verification.md +121 -0
- package/docs/plugins/magic-link.md +123 -0
- package/docs/plugins/oauth.md +544 -0
- package/docs/plugins/openapi.md +250 -0
- package/docs/plugins/rate-limit.md +223 -0
- package/docs/plugins/social-login.md +337 -0
- package/docs/plugins/tenancy.md +122 -0
- package/docs/plugins/two-factor.md +191 -0
- package/docs/plugins/webauthn.md +188 -0
- package/docs/plugins/webhook.md +242 -0
- package/docs/policy-as-code.md +156 -0
- package/docs/route-manifest.md +46 -0
- package/docs/security.md +261 -0
- package/docs/threat-model.md +161 -0
- package/examples/README.md +119 -0
- package/examples/express-app/index.ts +747 -0
- package/examples/hono-app/docker-compose.yml +14 -0
- package/examples/hono-app/index.ts +1009 -0
- package/examples/policy/fortress.policy.json +47 -0
- package/examples/sveltekit-app/README.md +125 -0
- package/examples/sveltekit-app/src/app.d.ts +16 -0
- package/examples/sveltekit-app/src/hooks.server.ts +23 -0
- package/examples/sveltekit-app/src/lib/server/fortress.ts +81 -0
- package/examples/sveltekit-app/src/routes/api/echo/[id]/+server.ts +32 -0
- package/examples/sveltekit-app/src/routes/api/fortress/[...path]/+server.ts +15 -0
- package/examples/sveltekit-app/src/routes/dashboard/+page.server.ts +20 -0
- package/examples/sveltekit-app/src/routes/login/+page.server.ts +48 -0
- package/examples/sveltekit-app/src/routes/oauth/consent/+page.server.ts +69 -0
- package/examples/sveltekit-app/src/routes/oauth/consent/+page.svelte +83 -0
- package/migrations/pg/0001_schema_version.down.sql +2 -0
- package/migrations/pg/0001_schema_version.sql +8 -0
- package/migrations/pg/0002_initial_schema.down.sql +36 -0
- package/migrations/pg/0002_initial_schema.sql +376 -0
- package/migrations/pg/0003_auth_continuation.down.sql +6 -0
- package/migrations/pg/0003_auth_continuation.sql +30 -0
- package/migrations/pg/0004_tenant_default_unique.down.sql +1 -0
- package/migrations/pg/0004_tenant_default_unique.sql +14 -0
- package/migrations/pg/0005_hot_indexes_timestamptz.down.sql +71 -0
- package/migrations/pg/0005_hot_indexes_timestamptz.sql +71 -0
- package/migrations/pg/0006_canonical_email.down.sql +3 -0
- package/migrations/pg/0006_canonical_email.sql +8 -0
- package/migrations/pg/0007_audit_chain_anchor.down.sql +1 -0
- package/migrations/pg/0007_audit_chain_anchor.sql +8 -0
- package/migrations/pg/0008_two_factor_hardening.down.sql +8 -0
- package/migrations/pg/0008_two_factor_hardening.sql +8 -0
- package/migrations/pg/0009_encrypt_totp_secrets.down.sql +2 -0
- package/migrations/pg/0009_encrypt_totp_secrets.sql +5 -0
- package/migrations/pg/0010_bigint_append_only_ids.down.sql +2 -0
- package/migrations/pg/0010_bigint_append_only_ids.sql +23 -0
- package/migrations/sqlite/0001_schema_version.down.sql +2 -0
- package/migrations/sqlite/0001_schema_version.sql +8 -0
- package/migrations/sqlite/0002_initial_schema.down.sql +36 -0
- package/migrations/sqlite/0002_initial_schema.sql +376 -0
- package/migrations/sqlite/0003_auth_continuation.down.sql +27 -0
- package/migrations/sqlite/0003_auth_continuation.sql +45 -0
- package/migrations/sqlite/0004_tenant_default_unique.down.sql +1 -0
- package/migrations/sqlite/0004_tenant_default_unique.sql +13 -0
- package/migrations/sqlite/0005_hot_indexes_timestamptz.down.sql +10 -0
- package/migrations/sqlite/0005_hot_indexes_timestamptz.sql +10 -0
- package/migrations/sqlite/0006_canonical_email.down.sql +3 -0
- package/migrations/sqlite/0006_canonical_email.sql +8 -0
- package/migrations/sqlite/0007_audit_chain_anchor.down.sql +1 -0
- package/migrations/sqlite/0007_audit_chain_anchor.sql +8 -0
- package/migrations/sqlite/0008_two_factor_hardening.down.sql +14 -0
- package/migrations/sqlite/0008_two_factor_hardening.sql +7 -0
- package/migrations/sqlite/0009_encrypt_totp_secrets.down.sql +2 -0
- package/migrations/sqlite/0009_encrypt_totp_secrets.sql +5 -0
- package/migrations/sqlite/0010_bigint_append_only_ids.down.sql +1 -0
- package/migrations/sqlite/0010_bigint_append_only_ids.sql +2 -0
- package/package.json +398 -0
- package/src/adapters/database/index.ts +63 -0
- package/src/adapters/database/types.ts +22 -0
- package/src/changelog-script.test.ts +21 -0
- package/src/cli.test.ts +79 -0
- package/src/core/auth/auth-admin.test.ts +247 -0
- package/src/core/auth/auth-endpoints.ts +558 -0
- package/src/core/auth/auth-observer.test.ts +191 -0
- package/src/core/auth/auth-service.ts +1464 -0
- package/src/core/auth/email.test.ts +17 -0
- package/src/core/auth/email.ts +11 -0
- package/src/core/auth/hooks.test.ts +251 -0
- package/src/core/auth/impersonation.test.ts +179 -0
- package/src/core/auth/jwt.test.ts +184 -0
- package/src/core/auth/jwt.ts +239 -0
- package/src/core/auth/login-timing.test.ts +77 -0
- package/src/core/auth/password-policy.test.ts +253 -0
- package/src/core/auth/password-policy.ts +220 -0
- package/src/core/auth/password.test.ts +42 -0
- package/src/core/auth/password.ts +62 -0
- package/src/core/auth/post-auth-gate.test.ts +258 -0
- package/src/core/auth/post-auth-gate.ts +228 -0
- package/src/core/auth/refresh-token.test.ts +86 -0
- package/src/core/auth/refresh-token.ts +105 -0
- package/src/core/auth/timing-safe.ts +23 -0
- package/src/core/config.ts +212 -0
- package/src/core/endpoint.ts +149 -0
- package/src/core/errors.ts +199 -0
- package/src/core/fetcher-interop.test.ts +106 -0
- package/src/core/fortress.test.ts +354 -0
- package/src/core/fortress.ts +550 -0
- package/src/core/http/call.test.ts +148 -0
- package/src/core/http/call.ts +149 -0
- package/src/core/http/cookie-serialize.test.ts +198 -0
- package/src/core/http/cookie-serialize.ts +107 -0
- package/src/core/http/csrf.test.ts +140 -0
- package/src/core/http/csrf.ts +173 -0
- package/src/core/http/dispatch.ts +652 -0
- package/src/core/http/error-response.test.ts +69 -0
- package/src/core/http/error-response.ts +93 -0
- package/src/core/http/fortress-rbac.test.ts +43 -0
- package/src/core/http/fortress-rbac.ts +127 -0
- package/src/core/http/handle-request.test.ts +441 -0
- package/src/core/http/handle-request.ts +354 -0
- package/src/core/http/match.test.ts +122 -0
- package/src/core/http/match.ts +126 -0
- package/src/core/http/outbound.test.ts +34 -0
- package/src/core/http/outbound.ts +105 -0
- package/src/core/http/plugin-middleware.ts +67 -0
- package/src/core/http/principal.test.ts +345 -0
- package/src/core/http/principal.ts +86 -0
- package/src/core/http/protect.test.ts +220 -0
- package/src/core/http/protect.ts +394 -0
- package/src/core/http/token-extraction.test.ts +59 -0
- package/src/core/http/token-extraction.ts +53 -0
- package/src/core/iam/explain.test.ts +177 -0
- package/src/core/iam/explain.ts +302 -0
- package/src/core/iam/iam-endpoints.ts +779 -0
- package/src/core/iam/iam-service.test.ts +829 -0
- package/src/core/iam/iam-service.ts +1137 -0
- package/src/core/iam/permission-cache.test.ts +115 -0
- package/src/core/iam/permission-cache.ts +71 -0
- package/src/core/iam/permission-check-observer.test.ts +90 -0
- package/src/core/iam/permission-evaluator.test.ts +291 -0
- package/src/core/iam/permission-evaluator.ts +198 -0
- package/src/core/iam/permission-sync.test.ts +166 -0
- package/src/core/iam/permission-sync.ts +192 -0
- package/src/core/iam/resource-sync.test.ts +70 -0
- package/src/core/iam/resource-sync.ts +182 -0
- package/src/core/iam/service-account-http.test.ts +529 -0
- package/src/core/iam/service-account.test.ts +282 -0
- package/src/core/internal-adapter.test.ts +389 -0
- package/src/core/internal-adapter.ts +435 -0
- package/src/core/json-schema.ts +50 -0
- package/src/core/manifest/__snapshots__/route-manifest.test.ts.snap +192 -0
- package/src/core/manifest/drift.ts +103 -0
- package/src/core/manifest/route-manifest.test.ts +142 -0
- package/src/core/manifest/route-manifest.ts +154 -0
- package/src/core/migrate.test.ts +72 -0
- package/src/core/migrations/engine.test.ts +308 -0
- package/src/core/migrations/engine.ts +548 -0
- package/src/core/migrations/migrations.ts +1771 -0
- package/src/core/migrations/pg-migration.integration-test.ts +353 -0
- package/src/core/migrations/upgrade-fixture.test.ts +378 -0
- package/src/core/observability/db-instrumentation.ts +205 -0
- package/src/core/observability/listener-list.test.ts +124 -0
- package/src/core/observability/listener-list.ts +73 -0
- package/src/core/observability/logger.test.ts +43 -0
- package/src/core/observability/logger.ts +49 -0
- package/src/core/observability/spans.test.ts +193 -0
- package/src/core/observability/types.ts +80 -0
- package/src/core/openapi-drift.test.ts +41 -0
- package/src/core/openapi.ts +47 -0
- package/src/core/plugin-methods-map.ts +75 -0
- package/src/core/plugin-runner.test.ts +233 -0
- package/src/core/plugin-runner.ts +276 -0
- package/src/core/plugin.ts +210 -0
- package/src/core/policy/apply.ts +272 -0
- package/src/core/policy/diff.ts +288 -0
- package/src/core/policy/loader.test.ts +63 -0
- package/src/core/policy/loader.ts +214 -0
- package/src/core/policy/policy.test.ts +232 -0
- package/src/core/policy/types.ts +105 -0
- package/src/core/schema-builder.test.ts +660 -0
- package/src/core/schema-builder.ts +881 -0
- package/src/core/standard-schema.ts +56 -0
- package/src/core/types.ts +258 -0
- package/src/core/validation.test.ts +195 -0
- package/src/core/validation.ts +192 -0
- package/src/drizzle/adapter.test.ts +425 -0
- package/src/drizzle/adapter.ts +474 -0
- package/src/drizzle/index.ts +31 -0
- package/src/drizzle/pg/adapter.integration-test.ts +456 -0
- package/src/drizzle/pg/index.ts +13 -0
- package/src/drizzle/pg/pg.integration-test.ts +1539 -0
- package/src/drizzle/pg/schema.ts +539 -0
- package/src/drizzle/pg-error-map.test.ts +218 -0
- package/src/drizzle/pg-error-map.ts +151 -0
- package/src/drizzle/schema.ts +544 -0
- package/src/drizzle/sqlite-serialization.test.ts +106 -0
- package/src/express/express-api-key-user-routes.test.ts +241 -0
- package/src/express/express.test.ts +442 -0
- package/src/express/handle.ts +191 -0
- package/src/express/index.ts +62 -0
- package/src/express/middleware.ts +551 -0
- package/src/express/protect.ts +154 -0
- package/src/express/validated.test.ts +86 -0
- package/src/express/validated.ts +99 -0
- package/src/fetcher/index.ts +81 -0
- package/src/hono/convert-routes.test.ts +220 -0
- package/src/hono/convert-routes.ts +196 -0
- package/src/hono/converters.test.ts +50 -0
- package/src/hono/converters.ts +43 -0
- package/src/hono/handle.ts +79 -0
- package/src/hono/helpers.ts +2 -0
- package/src/hono/hono-api-key-user-routes.test.ts +225 -0
- package/src/hono/hono-handlers.test.ts +861 -0
- package/src/hono/hono.test.ts +454 -0
- package/src/hono/index.ts +101 -0
- package/src/hono/middleware/auth.ts +236 -0
- package/src/hono/middleware/auth.types.test.ts +94 -0
- package/src/hono/middleware/csrf.test.ts +127 -0
- package/src/hono/middleware/csrf.ts +68 -0
- package/src/hono/middleware/error-handler.ts +12 -0
- package/src/hono/middleware/plugin-middleware.ts +35 -0
- package/src/hono/middleware/rbac.ts +131 -0
- package/src/hono/middleware/security-headers.test.ts +88 -0
- package/src/hono/middleware/security-headers.ts +68 -0
- package/src/hono/openapi.ts +237 -0
- package/src/hono/protect.ts +87 -0
- package/src/hono/validated.test.ts +123 -0
- package/src/hono/validated.ts +62 -0
- package/src/index.ts +309 -0
- package/src/integration.test.ts +718 -0
- package/src/internal/changelog.ts +56 -0
- package/src/otel/index.ts +158 -0
- package/src/otel/otel-types.test.ts +35 -0
- package/src/otel/otel.test.ts +235 -0
- package/src/plugins/account-lockout/account-lockout.test.ts +367 -0
- package/src/plugins/account-lockout/index.ts +267 -0
- package/src/plugins/admin/admin-api-key.test.ts +438 -0
- package/src/plugins/admin/index.ts +1612 -0
- package/src/plugins/api-key/api-key.test.ts +684 -0
- package/src/plugins/api-key/core.ts +336 -0
- package/src/plugins/api-key/index.ts +315 -0
- package/src/plugins/audit-log/audit-log.test.ts +749 -0
- package/src/plugins/audit-log/index.ts +680 -0
- package/src/plugins/data-isolation/data-isolation.test.ts +197 -0
- package/src/plugins/data-isolation/index.ts +157 -0
- package/src/plugins/email-verification/email-verification.test.ts +199 -0
- package/src/plugins/email-verification/index.ts +190 -0
- package/src/plugins/magic-link/index.ts +129 -0
- package/src/plugins/magic-link/magic-link.test.ts +156 -0
- package/src/plugins/oauth/id-token.ts +86 -0
- package/src/plugins/oauth/index.ts +2145 -0
- package/src/plugins/oauth/jwks.test.ts +32 -0
- package/src/plugins/oauth/jwks.ts +182 -0
- package/src/plugins/oauth/oauth.test.ts +2220 -0
- package/src/plugins/oauth/pkce.ts +58 -0
- package/src/plugins/openapi/index.ts +298 -0
- package/src/plugins/openapi/openapi.test.ts +425 -0
- package/src/plugins/openapi/spec-builder.ts +287 -0
- package/src/plugins/rate-limit/express.test.ts +89 -0
- package/src/plugins/rate-limit/express.ts +86 -0
- package/src/plugins/rate-limit/hono.test.ts +60 -0
- package/src/plugins/rate-limit/hono.ts +74 -0
- package/src/plugins/rate-limit/index.ts +383 -0
- package/src/plugins/rate-limit/memory-store.ts +61 -0
- package/src/plugins/rate-limit/rate-limit.test.ts +756 -0
- package/src/plugins/rate-limit/sveltekit.test.ts +58 -0
- package/src/plugins/rate-limit/sveltekit.ts +66 -0
- package/src/plugins/social-login/index.ts +715 -0
- package/src/plugins/social-login/providers/apple.ts +34 -0
- package/src/plugins/social-login/providers/discord.ts +26 -0
- package/src/plugins/social-login/providers/github.ts +54 -0
- package/src/plugins/social-login/providers/google.ts +23 -0
- package/src/plugins/social-login/providers/index.ts +22 -0
- package/src/plugins/social-login/providers/microsoft.ts +35 -0
- package/src/plugins/social-login/providers/oidc.ts +37 -0
- package/src/plugins/social-login/providers/providers.test.ts +211 -0
- package/src/plugins/social-login/social-login.test.ts +675 -0
- package/src/plugins/social-login/types.ts +80 -0
- package/src/plugins/tenancy/index.ts +544 -0
- package/src/plugins/tenancy/tenancy.test.ts +323 -0
- package/src/plugins/two-factor/index.ts +569 -0
- package/src/plugins/two-factor/two-factor.test.ts +235 -0
- package/src/plugins/webauthn/index.ts +554 -0
- package/src/plugins/webauthn/webauthn.test.ts +472 -0
- package/src/plugins/webhook/builtin-events.ts +29 -0
- package/src/plugins/webhook/delivery.test.ts +51 -0
- package/src/plugins/webhook/delivery.ts +154 -0
- package/src/plugins/webhook/hooks.ts +89 -0
- package/src/plugins/webhook/index.ts +445 -0
- package/src/plugins/webhook/queue/database.ts +67 -0
- package/src/plugins/webhook/queue/in-memory.test.ts +48 -0
- package/src/plugins/webhook/queue/in-memory.ts +71 -0
- package/src/plugins/webhook/queue/types.ts +51 -0
- package/src/plugins/webhook/registry.test.ts +48 -0
- package/src/plugins/webhook/registry.ts +64 -0
- package/src/plugins/webhook/signing.ts +45 -0
- package/src/plugins/webhook/ssrf.ts +198 -0
- package/src/plugins/webhook/types.ts +138 -0
- package/src/plugins/webhook/webhook.test.ts +324 -0
- package/src/sveltekit/actions.ts +233 -0
- package/src/sveltekit/catch-all.ts +43 -0
- package/src/sveltekit/cookies.ts +136 -0
- package/src/sveltekit/handle.ts +356 -0
- package/src/sveltekit/helpers.ts +69 -0
- package/src/sveltekit/index.ts +74 -0
- package/src/sveltekit/protect.ts +80 -0
- package/src/sveltekit/sveltekit-types.test.ts +31 -0
- package/src/sveltekit/sveltekit.test.ts +799 -0
- package/src/sveltekit/types.ts +134 -0
- package/src/sveltekit/validated.test.ts +117 -0
- package/src/sveltekit/validated.ts +78 -0
- package/src/testing/adapter-conformance.test.ts +408 -0
- package/src/testing/checks.test.ts +124 -0
- package/src/testing/checks.ts +304 -0
- package/src/testing/index.ts +107 -0
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
import type { InferOutput } from './validated';
|
|
2
|
+
import { Hono } from 'hono';
|
|
3
|
+
import { describe, expect, expectTypeOf, it } from 'vitest';
|
|
4
|
+
import { obj, str } from '../core/schema-builder';
|
|
5
|
+
import { createErrorHandler } from './middleware/error-handler';
|
|
6
|
+
import { vBody, vParam, vQuery } from './validated';
|
|
7
|
+
|
|
8
|
+
const CreateUserBody = obj({ name: str(), email: str() }, 'name', 'email');
|
|
9
|
+
const IdParam = obj({ id: str('User ID') }, 'id');
|
|
10
|
+
const SearchQuery = obj({ q: str('Search query'), page: str() }, 'q');
|
|
11
|
+
|
|
12
|
+
function createApp(): Hono {
|
|
13
|
+
const app = new Hono();
|
|
14
|
+
app.onError(createErrorHandler());
|
|
15
|
+
|
|
16
|
+
app.post('/users', async (c) => {
|
|
17
|
+
const body = await vBody(c, CreateUserBody);
|
|
18
|
+
return c.json(body);
|
|
19
|
+
});
|
|
20
|
+
|
|
21
|
+
app.get('/users/:id', async (c) => {
|
|
22
|
+
const params = await vParam(c, IdParam);
|
|
23
|
+
return c.json(params);
|
|
24
|
+
});
|
|
25
|
+
|
|
26
|
+
app.get('/search', async (c) => {
|
|
27
|
+
const query = await vQuery(c, SearchQuery);
|
|
28
|
+
return c.json(query);
|
|
29
|
+
});
|
|
30
|
+
|
|
31
|
+
return app;
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
describe('vBody', () => {
|
|
35
|
+
it('returns parsed JSON body when valid', async () => {
|
|
36
|
+
const app = createApp();
|
|
37
|
+
const res = await app.request('/users', {
|
|
38
|
+
method: 'POST',
|
|
39
|
+
headers: { 'Content-Type': 'application/json' },
|
|
40
|
+
body: JSON.stringify({ name: 'Alice', email: 'alice@test.com' }),
|
|
41
|
+
});
|
|
42
|
+
expect(res.status).toBe(200);
|
|
43
|
+
const data = await res.json();
|
|
44
|
+
expect(data).toEqual({ name: 'Alice', email: 'alice@test.com' });
|
|
45
|
+
});
|
|
46
|
+
|
|
47
|
+
it('returns 422 VALIDATION_ERROR when body is missing required fields', async () => {
|
|
48
|
+
const app = createApp();
|
|
49
|
+
const res = await app.request('/users', {
|
|
50
|
+
method: 'POST',
|
|
51
|
+
headers: { 'Content-Type': 'application/json' },
|
|
52
|
+
body: JSON.stringify({ name: 'Alice' }),
|
|
53
|
+
});
|
|
54
|
+
expect(res.status).toBe(422);
|
|
55
|
+
const data = await res.json();
|
|
56
|
+
expect(data.code).toBe('VALIDATION_ERROR');
|
|
57
|
+
expect(Array.isArray(data.details)).toBe(true);
|
|
58
|
+
expect(data.details.some((i: { location: string }) => i.location === 'body')).toBe(true);
|
|
59
|
+
});
|
|
60
|
+
|
|
61
|
+
it('returns 422 when body is not parseable JSON', async () => {
|
|
62
|
+
const app = createApp();
|
|
63
|
+
const res = await app.request('/users', {
|
|
64
|
+
method: 'POST',
|
|
65
|
+
headers: { 'Content-Type': 'application/json' },
|
|
66
|
+
body: 'not json',
|
|
67
|
+
});
|
|
68
|
+
expect(res.status).toBe(422);
|
|
69
|
+
const data = await res.json();
|
|
70
|
+
expect(data.code).toBe('VALIDATION_ERROR');
|
|
71
|
+
});
|
|
72
|
+
});
|
|
73
|
+
|
|
74
|
+
describe('vParam', () => {
|
|
75
|
+
it('returns route params when valid', async () => {
|
|
76
|
+
const app = createApp();
|
|
77
|
+
const res = await app.request('/users/42');
|
|
78
|
+
expect(res.status).toBe(200);
|
|
79
|
+
const data = await res.json();
|
|
80
|
+
expect(data.id).toBe('42');
|
|
81
|
+
});
|
|
82
|
+
});
|
|
83
|
+
|
|
84
|
+
describe('vQuery', () => {
|
|
85
|
+
it('returns query parameters when valid', async () => {
|
|
86
|
+
const app = createApp();
|
|
87
|
+
const res = await app.request('/search?q=hello');
|
|
88
|
+
expect(res.status).toBe(200);
|
|
89
|
+
const data = await res.json();
|
|
90
|
+
expect(data.q).toBe('hello');
|
|
91
|
+
});
|
|
92
|
+
|
|
93
|
+
it('returns 422 when required query field is missing', async () => {
|
|
94
|
+
const app = createApp();
|
|
95
|
+
const res = await app.request('/search');
|
|
96
|
+
expect(res.status).toBe(422);
|
|
97
|
+
const data = await res.json();
|
|
98
|
+
expect(data.code).toBe('VALIDATION_ERROR');
|
|
99
|
+
expect(data.details.some((i: { location: string }) => i.location === 'query')).toBe(true);
|
|
100
|
+
});
|
|
101
|
+
});
|
|
102
|
+
|
|
103
|
+
describe('type inference', () => {
|
|
104
|
+
it('infers vBody return type from schema', () => {
|
|
105
|
+
const fn = (c: any) => vBody(c, CreateUserBody);
|
|
106
|
+
expectTypeOf(fn).returns.resolves.toEqualTypeOf<{ name: string; email: string }>();
|
|
107
|
+
});
|
|
108
|
+
|
|
109
|
+
it('infers vParam return type from schema', () => {
|
|
110
|
+
const fn = (c: any) => vParam(c, IdParam);
|
|
111
|
+
expectTypeOf(fn).returns.resolves.toEqualTypeOf<{ id: string }>();
|
|
112
|
+
});
|
|
113
|
+
|
|
114
|
+
it('infers vQuery return type from schema', () => {
|
|
115
|
+
const fn = (c: any) => vQuery(c, SearchQuery);
|
|
116
|
+
expectTypeOf(fn).returns.resolves.toEqualTypeOf<{ q: string; page?: string }>();
|
|
117
|
+
});
|
|
118
|
+
|
|
119
|
+
it('exports InferOutput utility type', () => {
|
|
120
|
+
type Expected = InferOutput<typeof CreateUserBody>;
|
|
121
|
+
expectTypeOf<Expected>().toEqualTypeOf<{ name: string; email: string }>();
|
|
122
|
+
});
|
|
123
|
+
});
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Typed extraction-and-validation helpers for Hono handlers.
|
|
3
|
+
*
|
|
4
|
+
* These helpers extract request data (body, params, query) **and validate
|
|
5
|
+
* it at runtime** against the supplied Standard Schema. On success they
|
|
6
|
+
* return the parsed value with full TypeScript inference; on failure they
|
|
7
|
+
* throw `FortressError('VALIDATION_ERROR', 422)` — the same shape every
|
|
8
|
+
* fortress-managed endpoint produces — so the existing Hono error handler
|
|
9
|
+
* formats it identically.
|
|
10
|
+
*
|
|
11
|
+
* Works with any Standard Schema V1 library: Zod, Valibot, ArkType, or
|
|
12
|
+
* fortress's built-in schema builders.
|
|
13
|
+
*
|
|
14
|
+
* @example
|
|
15
|
+
* ```ts
|
|
16
|
+
* import { vBody, vParam, vQuery } from '@bajustone/fortress/hono';
|
|
17
|
+
*
|
|
18
|
+
* app.post('/users/:id', async (c) => {
|
|
19
|
+
* const body = await vBody(c, CreateUserBody);
|
|
20
|
+
* const { id } = await vParam(c, IdParam);
|
|
21
|
+
* const { page } = await vQuery(c, PaginationQuery);
|
|
22
|
+
* // ...
|
|
23
|
+
* });
|
|
24
|
+
* ```
|
|
25
|
+
*
|
|
26
|
+
* Validation runs per call, so the first failing helper throws and any
|
|
27
|
+
* downstream helpers in the same handler do not run. If you need to
|
|
28
|
+
* aggregate body+query+params issues into a single response, use the
|
|
29
|
+
* framework-agnostic `validateRequest` from `@bajustone/fortress` instead.
|
|
30
|
+
*/
|
|
31
|
+
|
|
32
|
+
import type { Context } from 'hono';
|
|
33
|
+
import type { StandardSchemaV1 } from '../core/standard-schema';
|
|
34
|
+
import { validateValue } from '../core/validation';
|
|
35
|
+
|
|
36
|
+
/** Infer the output type of a Standard Schema V1 schema. */
|
|
37
|
+
export type InferOutput<T extends StandardSchemaV1> = StandardSchemaV1.InferOutput<T>;
|
|
38
|
+
|
|
39
|
+
/**
|
|
40
|
+
* Extract and validate the request body. Returns the parsed value typed as
|
|
41
|
+
* `InferOutput<T>`, or throws `FortressError('VALIDATION_ERROR', 422)`.
|
|
42
|
+
*/
|
|
43
|
+
export async function vBody<T extends StandardSchemaV1>(c: Context, schema: T): Promise<InferOutput<T>> {
|
|
44
|
+
const body = await c.req.json().catch(() => undefined);
|
|
45
|
+
return validateValue(schema, body, 'body');
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
/**
|
|
49
|
+
* Extract and validate route parameters. Returns the parsed value typed as
|
|
50
|
+
* `InferOutput<T>`, or throws `FortressError('VALIDATION_ERROR', 422)`.
|
|
51
|
+
*/
|
|
52
|
+
export async function vParam<T extends StandardSchemaV1>(c: Context, schema: T): Promise<InferOutput<T>> {
|
|
53
|
+
return validateValue(schema, c.req.param(), 'params');
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
/**
|
|
57
|
+
* Extract and validate query parameters. Returns the parsed value typed as
|
|
58
|
+
* `InferOutput<T>`, or throws `FortressError('VALIDATION_ERROR', 422)`.
|
|
59
|
+
*/
|
|
60
|
+
export async function vQuery<T extends StandardSchemaV1>(c: Context, schema: T): Promise<InferOutput<T>> {
|
|
61
|
+
return validateValue(schema, c.req.query(), 'query');
|
|
62
|
+
}
|
package/src/index.ts
ADDED
|
@@ -0,0 +1,309 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Fortress — framework-agnostic authentication and authorization for TypeScript.
|
|
3
|
+
*
|
|
4
|
+
* The main entrypoint exposes the {@link createFortress} factory, plugin and
|
|
5
|
+
* adapter interfaces, the schema builder DSL, and every public type. Combine
|
|
6
|
+
* with one of the framework adapters (`@bajustone/fortress/hono`,
|
|
7
|
+
* `@bajustone/fortress/express`, `@bajustone/fortress/sveltekit`) and a
|
|
8
|
+
* database adapter (`@bajustone/fortress/drizzle`,
|
|
9
|
+
* `@bajustone/fortress/testing`).
|
|
10
|
+
*
|
|
11
|
+
* @example
|
|
12
|
+
* ```ts
|
|
13
|
+
* import { createFortress } from '@bajustone/fortress';
|
|
14
|
+
* import { createDrizzleAdapter } from '@bajustone/fortress/drizzle';
|
|
15
|
+
*
|
|
16
|
+
* const fortress = createFortress({
|
|
17
|
+
* database: createDrizzleAdapter(db, { dialect: 'pg' }),
|
|
18
|
+
* jwt: { key: process.env.JWT_SECRET! },
|
|
19
|
+
* });
|
|
20
|
+
*
|
|
21
|
+
* const result = await fortress.auth.login('a@b.co', 'secret');
|
|
22
|
+
* ```
|
|
23
|
+
*
|
|
24
|
+
* @module
|
|
25
|
+
*/
|
|
26
|
+
|
|
27
|
+
/** Generic CRUD database adapter interface — implement to back fortress with any datastore. */
|
|
28
|
+
export type { DatabaseAdapter } from './adapters/database';
|
|
29
|
+
|
|
30
|
+
/** Where-clause primitives used by adapters and `scopeRules` to express filters. */
|
|
31
|
+
export type { CoreOperator, ScopeRule, WhereClause } from './adapters/database/types';
|
|
32
|
+
|
|
33
|
+
/** Pre-built endpoint definitions, schemas, and stable JSON wire types for core auth routes. */
|
|
34
|
+
export type {
|
|
35
|
+
AuthChallengeWire,
|
|
36
|
+
AuthImpersonationWire,
|
|
37
|
+
AuthPendingWire,
|
|
38
|
+
AuthResultWire,
|
|
39
|
+
AuthSuccessWire,
|
|
40
|
+
} from './core/auth/auth-endpoints';
|
|
41
|
+
export { authComponentSchemas, authEndpoints } from './core/auth/auth-endpoints';
|
|
42
|
+
|
|
43
|
+
/** Auth lifecycle event + listener types, emitted via `fortress.auth.addAuthObserver`. */
|
|
44
|
+
export type { AuthEvent, AuthEventListener } from './core/auth/auth-service';
|
|
45
|
+
|
|
46
|
+
/** Public JWT key-material type used by FortressConfig. */
|
|
47
|
+
export type { JwtKeyMaterial } from './core/auth/jwt';
|
|
48
|
+
|
|
49
|
+
export type {
|
|
50
|
+
PasswordBreachCheckOptions,
|
|
51
|
+
PasswordBreachDegradedEvent,
|
|
52
|
+
PasswordBreachFailureMode,
|
|
53
|
+
PasswordPolicyConfig,
|
|
54
|
+
PasswordPolicyObserver,
|
|
55
|
+
} from './core/auth/password-policy';
|
|
56
|
+
/** Top-level fortress configuration and pluggable password-hasher contract. */
|
|
57
|
+
export type { FortressConfig, PasswordHasher, SessionConfig } from './core/config';
|
|
58
|
+
/**
|
|
59
|
+
* Endpoint definition primitives — declarative `EndpointDefinition` objects
|
|
60
|
+
* carrying request/response schemas, OpenAPI metadata, and HTTP method info
|
|
61
|
+
* so framework adapters can mount routes without per-framework duplication.
|
|
62
|
+
*
|
|
63
|
+
* Plus the `InferEndpoint*` helpers that extract body/query/params/response
|
|
64
|
+
* types from an endpoint's generic parameters — the foundation of the typed
|
|
65
|
+
* `fortress.call.*` in-process client.
|
|
66
|
+
*/
|
|
67
|
+
export type {
|
|
68
|
+
ComponentSchemas,
|
|
69
|
+
EndpointDefinition,
|
|
70
|
+
EndpointInput,
|
|
71
|
+
EndpointMeta,
|
|
72
|
+
EndpointResponse,
|
|
73
|
+
HttpMethod,
|
|
74
|
+
InferEndpointBody,
|
|
75
|
+
InferEndpointCallInput,
|
|
76
|
+
InferEndpointParams,
|
|
77
|
+
InferEndpointQuery,
|
|
78
|
+
InferEndpointResponses,
|
|
79
|
+
InferEndpointSuccessResponse,
|
|
80
|
+
SecurityRequirement,
|
|
81
|
+
} from './core/endpoint';
|
|
82
|
+
/** Single error class plus the typed factory used throughout fortress. */
|
|
83
|
+
export { Errors, FortressError } from './core/errors';
|
|
84
|
+
/** Discriminated string unions for Fortress and OAuth errors. */
|
|
85
|
+
export type { FortressErrorCode, OAuthErrorCode } from './core/errors';
|
|
86
|
+
|
|
87
|
+
/** Factory that builds a configured fortress instance and the helper for type-safe plugin method access. */
|
|
88
|
+
export { createFortress, getPluginMethods } from './core/fortress';
|
|
89
|
+
|
|
90
|
+
/** The fortress instance type returned by {@link createFortress}, plus the typed call-map helper. */
|
|
91
|
+
export type { Fortress, FortressToOpenAPIOptions, MigrateOptions, MigrateResult, TypedCall } from './core/fortress';
|
|
92
|
+
|
|
93
|
+
/** Typed in-process client builder and per-call options. */
|
|
94
|
+
export { buildCall } from './core/http/call';
|
|
95
|
+
|
|
96
|
+
export type { CallOptions } from './core/http/call';
|
|
97
|
+
|
|
98
|
+
/** Cross-adapter context passed to plugin middleware under core, Hono, and Express. */
|
|
99
|
+
export type { PluginRequestContext } from './core/http/plugin-middleware';
|
|
100
|
+
export { describeProtectedTarget, protect, resolveProtectedEndpoint } from './core/http/protect';
|
|
101
|
+
export type { ProtectedRouteContext, ProtectedRouteHandler, ProtectedRouteTarget, ProtectOptions } from './core/http/protect';
|
|
102
|
+
|
|
103
|
+
/** Permission debugging helper — "why does subject X have / not have permission Y?". */
|
|
104
|
+
export { explainPermission } from './core/iam/explain';
|
|
105
|
+
export type { PermissionExplanation, PermissionExplanationSource } from './core/iam/explain';
|
|
106
|
+
/** Pre-built endpoint definitions and component schemas for the core IAM routes. */
|
|
107
|
+
export { iamComponentSchemas, iamEndpoints } from './core/iam/iam-endpoints';
|
|
108
|
+
|
|
109
|
+
/** IAM mutation and permission-check observer contracts. */
|
|
110
|
+
export type {
|
|
111
|
+
IamEvent,
|
|
112
|
+
IamEventListener,
|
|
113
|
+
IamService,
|
|
114
|
+
PermissionCheckEvent,
|
|
115
|
+
PermissionCheckListener,
|
|
116
|
+
} from './core/iam/iam-service';
|
|
117
|
+
/** Manifest-driven RBAC permission seeding. See {@link Fortress.syncPermissionsFromManifest}. */
|
|
118
|
+
export { runPermissionSync } from './core/iam/permission-sync';
|
|
119
|
+
export type { PermissionSyncOptions, PermissionSyncResult } from './core/iam/permission-sync';
|
|
120
|
+
export { parseResourceFile } from './core/iam/resource-sync';
|
|
121
|
+
|
|
122
|
+
export type { ResourceDefinition, ResourceFile } from './core/iam/resource-sync';
|
|
123
|
+
/** JSON Schema types and the inferred TypeScript type helpers used by the schema builder. */
|
|
124
|
+
export type { FortressSchema, Infer, JSONSchema, Simplify } from './core/json-schema';
|
|
125
|
+
|
|
126
|
+
/** Canonical route-security manifest and drift checker. */
|
|
127
|
+
export { detectRouteManifestDrift, hasRouteManifestDrift } from './core/manifest/drift';
|
|
128
|
+
|
|
129
|
+
export type { DetectRouteManifestDriftOptions, RouteManifestDrift } from './core/manifest/drift';
|
|
130
|
+
|
|
131
|
+
export { buildRouteManifest } from './core/manifest/route-manifest';
|
|
132
|
+
export type { RouteClassification, RouteManifestEntry } from './core/manifest/route-manifest';
|
|
133
|
+
/** Fortress schema migration metadata and runner helpers. */
|
|
134
|
+
export { detectMigrationDrift, getMigrationStatus, hasMigrationDrift, migrateDown, migrateUp } from './core/migrations/engine';
|
|
135
|
+
export type { MigrationApplyResult, MigrationDownResult, MigrationDrift, MigrationStatus } from './core/migrations/engine';
|
|
136
|
+
|
|
137
|
+
export { FORTRESS_TABLES, fortressMigrations, getExpectedColumns, getFortressMigrations, getLatestMigrationVersion, getMigrationUpSql } from './core/migrations/migrations';
|
|
138
|
+
export type { FortressMigration, MigrationDialect } from './core/migrations/migrations';
|
|
139
|
+
export type { Unsubscribe } from './core/observability/listener-list';
|
|
140
|
+
/** Runtime-neutral logging, telemetry, and observer contracts. */
|
|
141
|
+
export type { FortressLogger } from './core/observability/logger';
|
|
142
|
+
|
|
143
|
+
export type {
|
|
144
|
+
Attributes,
|
|
145
|
+
AttributeValue,
|
|
146
|
+
Counter,
|
|
147
|
+
Histogram,
|
|
148
|
+
Meter,
|
|
149
|
+
Span,
|
|
150
|
+
TelemetryProvider,
|
|
151
|
+
Tracer,
|
|
152
|
+
} from './core/observability/types';
|
|
153
|
+
|
|
154
|
+
export { toOpenAPI } from './core/openapi';
|
|
155
|
+
|
|
156
|
+
export type { ToOpenAPIOptions } from './core/openapi';
|
|
157
|
+
/**
|
|
158
|
+
* Plugin authoring types — implement {@link FortressPlugin} to extend fortress
|
|
159
|
+
* with new models, hooks, methods, routes, middleware, scope rules, or
|
|
160
|
+
* adapter wrappers.
|
|
161
|
+
*/
|
|
162
|
+
export type {
|
|
163
|
+
AfterHookContext,
|
|
164
|
+
FieldDefinition,
|
|
165
|
+
FortressPlugin,
|
|
166
|
+
HookContext,
|
|
167
|
+
HookResult,
|
|
168
|
+
MiddlewareDefinition,
|
|
169
|
+
ModelConstraint,
|
|
170
|
+
ModelDefinition,
|
|
171
|
+
PluginContext,
|
|
172
|
+
PluginHooks,
|
|
173
|
+
PostAuthGateContext,
|
|
174
|
+
PostAuthGateDecision,
|
|
175
|
+
PostAuthGateProvider,
|
|
176
|
+
PostAuthGateVerificationContext,
|
|
177
|
+
} from './core/plugin';
|
|
178
|
+
/** Type-level mapping helpers used to expose plugin methods and typed call maps on the fortress instance. */
|
|
179
|
+
export type { CallableForEndpoints, InferPluginCallMap, InferPlugins, PluginMethodsMap } from './core/plugin-methods-map';
|
|
180
|
+
/** Declarative policy-as-code: loader, diff, and apply primitives. */
|
|
181
|
+
export { applyPolicyPlan, applyResourceOps } from './core/policy/apply';
|
|
182
|
+
export type { ApplyPolicyResult } from './core/policy/apply';
|
|
183
|
+
export { diffPolicy } from './core/policy/diff';
|
|
184
|
+
export { DEFAULT_POLICY_FILE, loadPolicy, parsePolicyDocument, resolvePolicyPath } from './core/policy/loader';
|
|
185
|
+
export type { LoadPolicyOptions } from './core/policy/loader';
|
|
186
|
+
|
|
187
|
+
export type { DiffPolicyOptions, PolicyDocument, PolicyGroup, PolicyOp, PolicyPermission, PolicyPlan, PolicyResource, PolicyRole, PolicyServiceAccount } from './core/policy/types';
|
|
188
|
+
|
|
189
|
+
/**
|
|
190
|
+
* Fluent JSON Schema builder DSL. Compose `obj`, `str`, `int`, `arr`, etc.
|
|
191
|
+
* to build typed endpoint inputs/outputs that double as runtime validators
|
|
192
|
+
* and OpenAPI component schemas.
|
|
193
|
+
*/
|
|
194
|
+
export {
|
|
195
|
+
anyOf,
|
|
196
|
+
arr,
|
|
197
|
+
bool,
|
|
198
|
+
date,
|
|
199
|
+
datetime,
|
|
200
|
+
defineComponents,
|
|
201
|
+
discriminatedUnion,
|
|
202
|
+
email,
|
|
203
|
+
endpoint,
|
|
204
|
+
EndpointBuilder,
|
|
205
|
+
enums,
|
|
206
|
+
ErrorEnvelope,
|
|
207
|
+
extractJsonSchema,
|
|
208
|
+
id,
|
|
209
|
+
int,
|
|
210
|
+
intersect,
|
|
211
|
+
isFortressSchema,
|
|
212
|
+
isStandardSchema,
|
|
213
|
+
literal,
|
|
214
|
+
nullable,
|
|
215
|
+
nullType,
|
|
216
|
+
num,
|
|
217
|
+
obj,
|
|
218
|
+
oneOf,
|
|
219
|
+
record,
|
|
220
|
+
recordOf,
|
|
221
|
+
ref,
|
|
222
|
+
str,
|
|
223
|
+
strFormat,
|
|
224
|
+
strict,
|
|
225
|
+
time,
|
|
226
|
+
url,
|
|
227
|
+
uuid,
|
|
228
|
+
} from './core/schema-builder';
|
|
229
|
+
|
|
230
|
+
/** Input type accepted by `endpoint(...).input()` and friends. */
|
|
231
|
+
export type { NumberOptions, SchemaInput, StringOptions } from './core/schema-builder';
|
|
232
|
+
/** Standard Schema v1 interop type — fortress schemas implement this. */
|
|
233
|
+
export type { StandardSchemaV1 } from './core/standard-schema';
|
|
234
|
+
|
|
235
|
+
/**
|
|
236
|
+
* Core domain types — users, identifiers, groups, roles, permissions, and
|
|
237
|
+
* the auth result shapes returned by sign-in / refresh / impersonate.
|
|
238
|
+
*/
|
|
239
|
+
export type {
|
|
240
|
+
AuthChallenge,
|
|
241
|
+
AuthImpersonation,
|
|
242
|
+
AuthMethod,
|
|
243
|
+
AuthPending,
|
|
244
|
+
AuthResult,
|
|
245
|
+
AuthSuccess,
|
|
246
|
+
AuthTokenPair,
|
|
247
|
+
ConditionRef,
|
|
248
|
+
ConditionValue,
|
|
249
|
+
CreateUserInput,
|
|
250
|
+
FortressUser,
|
|
251
|
+
Group,
|
|
252
|
+
LoginIdentifier,
|
|
253
|
+
LoginIdentifierType,
|
|
254
|
+
PendingReason,
|
|
255
|
+
Permission,
|
|
256
|
+
PermissionCondition,
|
|
257
|
+
PermissionContext,
|
|
258
|
+
PermissionInput,
|
|
259
|
+
RequestMeta,
|
|
260
|
+
Role,
|
|
261
|
+
RoleBinding,
|
|
262
|
+
SubjectType,
|
|
263
|
+
TokenClaims,
|
|
264
|
+
} from './core/types';
|
|
265
|
+
|
|
266
|
+
/** Runtime guards for narrowing an {@link AuthResult} (`status`-discriminated). */
|
|
267
|
+
export { assertSuccess, isImpersonation, isPending, isSuccess } from './core/types';
|
|
268
|
+
|
|
269
|
+
/**
|
|
270
|
+
* Framework-agnostic validation primitive. Validates a `{ body, query, params }`
|
|
271
|
+
* object against an `EndpointInput`, aggregates all issues, and throws
|
|
272
|
+
* `Errors.validationError` (HTTP 422, code `VALIDATION_ERROR`) on failure.
|
|
273
|
+
* Use this from any runtime — SvelteKit `+server.ts`, Next.js route handlers,
|
|
274
|
+
* Bun.serve, Deno, or custom middleware — to validate consumer-defined routes
|
|
275
|
+
* with the same shape fortress's own dispatch uses internally.
|
|
276
|
+
*/
|
|
277
|
+
export { validateRequest } from './core/validation';
|
|
278
|
+
|
|
279
|
+
/** Type-safe method surface contributed by the API key plugin. */
|
|
280
|
+
export type { ApiKeyMethods } from './plugins/api-key';
|
|
281
|
+
|
|
282
|
+
/** Type-safe method surface contributed by the audit log plugin. */
|
|
283
|
+
export type { AuditLogMethods } from './plugins/audit-log';
|
|
284
|
+
|
|
285
|
+
/** Type-safe method surface contributed by the data isolation plugin. */
|
|
286
|
+
export type { DataIsolationMethods } from './plugins/data-isolation';
|
|
287
|
+
|
|
288
|
+
/** Type-safe method surface contributed by the email verification plugin. */
|
|
289
|
+
export type { EmailVerificationMethods } from './plugins/email-verification';
|
|
290
|
+
|
|
291
|
+
/** Type-safe method surface contributed by the magic-link plugin. */
|
|
292
|
+
export type { MagicLinkMethods } from './plugins/magic-link';
|
|
293
|
+
|
|
294
|
+
/** Type-safe method surface and request/response shapes for the OAuth server plugin. */
|
|
295
|
+
export type { AuthorizeRequestParams, ClientAuth, OAuthMethods, PendingFlowRecord, TokenRequestBody } from './plugins/oauth';
|
|
296
|
+
|
|
297
|
+
export type { OpenAPISpec, SpecBuilderOptions } from './plugins/openapi/spec-builder';
|
|
298
|
+
|
|
299
|
+
/** Type-safe method surface contributed by the social login plugin. */
|
|
300
|
+
export type { SocialLoginMethods } from './plugins/social-login';
|
|
301
|
+
|
|
302
|
+
/** Type-safe method surface contributed by the tenancy plugin. */
|
|
303
|
+
export type { TenancyMethods } from './plugins/tenancy';
|
|
304
|
+
|
|
305
|
+
/** Type-safe method surface contributed by the two-factor plugin. */
|
|
306
|
+
export type { TwoFactorMethods } from './plugins/two-factor';
|
|
307
|
+
|
|
308
|
+
/** Type-safe method surface contributed by the WebAuthn plugin. */
|
|
309
|
+
export type { WebAuthnMethods } from './plugins/webauthn';
|