@bajustone/fortress 1.0.0-rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +1011 -0
- package/LICENSE +21 -0
- package/README.md +760 -0
- package/SECURITY.md +197 -0
- package/bin/fortress.ts +667 -0
- package/dist/auth-service-BcyQ2PuZ.d.cts +307 -0
- package/dist/auth-service-BkzZkWfH.d.ts +307 -0
- package/dist/config-B2366s_G.d.ts +665 -0
- package/dist/config-GtlVt6ZD.d.cts +665 -0
- package/dist/convert-routes-BLCQT57f.d.ts +72 -0
- package/dist/convert-routes-BdMvP2_X.d.cts +72 -0
- package/dist/crypto.cjs +61 -0
- package/dist/crypto.d.cts +36 -0
- package/dist/crypto.d.ts +36 -0
- package/dist/crypto.js +35 -0
- package/dist/drift-BT1wtMDJ.d.cts +22 -0
- package/dist/drift-k9LiYpRP.d.ts +22 -0
- package/dist/drizzle/pg.cjs +481 -0
- package/dist/drizzle/pg.d.cts +15 -0
- package/dist/drizzle/pg.d.ts +15 -0
- package/dist/drizzle/pg.js +454 -0
- package/dist/drizzle.cjs +1442 -0
- package/dist/drizzle.d.cts +85 -0
- package/dist/drizzle.d.ts +85 -0
- package/dist/drizzle.js +1411 -0
- package/dist/express.cjs +1357 -0
- package/dist/express.d.cts +333 -0
- package/dist/express.d.ts +333 -0
- package/dist/express.js +1314 -0
- package/dist/fetcher.cjs +77 -0
- package/dist/fetcher.d.cts +7 -0
- package/dist/fetcher.d.ts +7 -0
- package/dist/fetcher.js +41 -0
- package/dist/fortress-BmSvFfqK.d.cts +1089 -0
- package/dist/fortress-uA-_cheR.d.ts +1089 -0
- package/dist/hono.cjs +1530 -0
- package/dist/hono.d.cts +514 -0
- package/dist/hono.d.ts +514 -0
- package/dist/hono.js +1483 -0
- package/dist/index-CxEkfCA0.d.cts +77 -0
- package/dist/index-CxEkfCA0.d.ts +77 -0
- package/dist/index-D054pcb-.d.cts +146 -0
- package/dist/index-jAMbbUAY.d.ts +146 -0
- package/dist/index.cjs +9046 -0
- package/dist/index.d.cts +717 -0
- package/dist/index.d.ts +717 -0
- package/dist/index.js +8935 -0
- package/dist/jwt.cjs +255 -0
- package/dist/jwt.d.cts +90 -0
- package/dist/jwt.d.ts +90 -0
- package/dist/jwt.js +227 -0
- package/dist/otel.cjs +108 -0
- package/dist/otel.d.cts +62 -0
- package/dist/otel.d.ts +62 -0
- package/dist/otel.js +73 -0
- package/dist/plugins/account-lockout.cjs +322 -0
- package/dist/plugins/account-lockout.d.cts +42 -0
- package/dist/plugins/account-lockout.d.ts +42 -0
- package/dist/plugins/account-lockout.js +295 -0
- package/dist/plugins/admin.cjs +2378 -0
- package/dist/plugins/admin.d.cts +72 -0
- package/dist/plugins/admin.d.ts +72 -0
- package/dist/plugins/admin.js +2351 -0
- package/dist/plugins/api-key.cjs +792 -0
- package/dist/plugins/api-key.d.cts +121 -0
- package/dist/plugins/api-key.d.ts +121 -0
- package/dist/plugins/api-key.js +765 -0
- package/dist/plugins/audit-log.cjs +493 -0
- package/dist/plugins/audit-log.d.cts +86 -0
- package/dist/plugins/audit-log.d.ts +86 -0
- package/dist/plugins/audit-log.js +468 -0
- package/dist/plugins/data-isolation.cjs +211 -0
- package/dist/plugins/data-isolation.d.cts +49 -0
- package/dist/plugins/data-isolation.d.ts +49 -0
- package/dist/plugins/data-isolation.js +186 -0
- package/dist/plugins/email-verification.cjs +273 -0
- package/dist/plugins/email-verification.d.cts +44 -0
- package/dist/plugins/email-verification.d.ts +44 -0
- package/dist/plugins/email-verification.js +246 -0
- package/dist/plugins/magic-link.cjs +231 -0
- package/dist/plugins/magic-link.d.cts +39 -0
- package/dist/plugins/magic-link.d.ts +39 -0
- package/dist/plugins/magic-link.js +204 -0
- package/dist/plugins/oauth.cjs +1696 -0
- package/dist/plugins/oauth.d.cts +406 -0
- package/dist/plugins/oauth.d.ts +406 -0
- package/dist/plugins/oauth.js +1669 -0
- package/dist/plugins/openapi.cjs +1185 -0
- package/dist/plugins/openapi.d.cts +6 -0
- package/dist/plugins/openapi.d.ts +6 -0
- package/dist/plugins/openapi.js +1158 -0
- package/dist/plugins/rate-limit/express.cjs +55 -0
- package/dist/plugins/rate-limit/express.d.cts +64 -0
- package/dist/plugins/rate-limit/express.d.ts +64 -0
- package/dist/plugins/rate-limit/express.js +30 -0
- package/dist/plugins/rate-limit/hono.cjs +51 -0
- package/dist/plugins/rate-limit/hono.d.cts +59 -0
- package/dist/plugins/rate-limit/hono.d.ts +59 -0
- package/dist/plugins/rate-limit/hono.js +26 -0
- package/dist/plugins/rate-limit/sveltekit.cjs +49 -0
- package/dist/plugins/rate-limit/sveltekit.d.cts +59 -0
- package/dist/plugins/rate-limit/sveltekit.d.ts +59 -0
- package/dist/plugins/rate-limit/sveltekit.js +24 -0
- package/dist/plugins/rate-limit.cjs +354 -0
- package/dist/plugins/rate-limit.d.cts +140 -0
- package/dist/plugins/rate-limit.d.ts +140 -0
- package/dist/plugins/rate-limit.js +325 -0
- package/dist/plugins/social-login.cjs +905 -0
- package/dist/plugins/social-login.d.cts +114 -0
- package/dist/plugins/social-login.d.ts +114 -0
- package/dist/plugins/social-login.js +880 -0
- package/dist/plugins/tenancy.cjs +780 -0
- package/dist/plugins/tenancy.d.cts +108 -0
- package/dist/plugins/tenancy.d.ts +108 -0
- package/dist/plugins/tenancy.js +753 -0
- package/dist/plugins/two-factor.cjs +555 -0
- package/dist/plugins/two-factor.d.cts +67 -0
- package/dist/plugins/two-factor.d.ts +67 -0
- package/dist/plugins/two-factor.js +526 -0
- package/dist/plugins/webauthn.cjs +786 -0
- package/dist/plugins/webauthn.d.cts +72 -0
- package/dist/plugins/webauthn.d.ts +72 -0
- package/dist/plugins/webauthn.js +766 -0
- package/dist/plugins/webhook.cjs +819 -0
- package/dist/plugins/webhook.d.cts +254 -0
- package/dist/plugins/webhook.d.ts +254 -0
- package/dist/plugins/webhook.js +789 -0
- package/dist/protect-D1v_0upK.d.cts +123 -0
- package/dist/protect-DsxV_-dJ.d.ts +123 -0
- package/dist/sveltekit.cjs +1258 -0
- package/dist/sveltekit.d.cts +420 -0
- package/dist/sveltekit.d.ts +420 -0
- package/dist/sveltekit.js +1207 -0
- package/dist/testing.cjs +4294 -0
- package/dist/testing.d.cts +197 -0
- package/dist/testing.d.ts +197 -0
- package/dist/testing.js +4264 -0
- package/dist/types-et0R8tsC.d.cts +217 -0
- package/dist/types-et0R8tsC.d.ts +217 -0
- package/docs/adapter-typed-helpers.md +192 -0
- package/docs/admin-recipes.md +227 -0
- package/docs/architecture.md +434 -0
- package/docs/ci/github-actions.yml +59 -0
- package/docs/ci.md +109 -0
- package/docs/compatibility.md +115 -0
- package/docs/deployment.md +305 -0
- package/docs/hardening.md +118 -0
- package/docs/host-owned-routes.md +154 -0
- package/docs/migrations/0001-schema-version.md +54 -0
- package/docs/migrations/0002-initial-schema.md +84 -0
- package/docs/migrations/upgrade-guide.md +160 -0
- package/docs/observability.md +394 -0
- package/docs/plugins/account-lockout.md +131 -0
- package/docs/plugins/admin.md +402 -0
- package/docs/plugins/api-key.md +327 -0
- package/docs/plugins/audit-log.md +261 -0
- package/docs/plugins/data-isolation.md +186 -0
- package/docs/plugins/email-verification.md +121 -0
- package/docs/plugins/magic-link.md +123 -0
- package/docs/plugins/oauth.md +544 -0
- package/docs/plugins/openapi.md +250 -0
- package/docs/plugins/rate-limit.md +223 -0
- package/docs/plugins/social-login.md +337 -0
- package/docs/plugins/tenancy.md +122 -0
- package/docs/plugins/two-factor.md +191 -0
- package/docs/plugins/webauthn.md +188 -0
- package/docs/plugins/webhook.md +242 -0
- package/docs/policy-as-code.md +156 -0
- package/docs/route-manifest.md +46 -0
- package/docs/security.md +261 -0
- package/docs/threat-model.md +161 -0
- package/examples/README.md +119 -0
- package/examples/express-app/index.ts +747 -0
- package/examples/hono-app/docker-compose.yml +14 -0
- package/examples/hono-app/index.ts +1009 -0
- package/examples/policy/fortress.policy.json +47 -0
- package/examples/sveltekit-app/README.md +125 -0
- package/examples/sveltekit-app/src/app.d.ts +16 -0
- package/examples/sveltekit-app/src/hooks.server.ts +23 -0
- package/examples/sveltekit-app/src/lib/server/fortress.ts +81 -0
- package/examples/sveltekit-app/src/routes/api/echo/[id]/+server.ts +32 -0
- package/examples/sveltekit-app/src/routes/api/fortress/[...path]/+server.ts +15 -0
- package/examples/sveltekit-app/src/routes/dashboard/+page.server.ts +20 -0
- package/examples/sveltekit-app/src/routes/login/+page.server.ts +48 -0
- package/examples/sveltekit-app/src/routes/oauth/consent/+page.server.ts +69 -0
- package/examples/sveltekit-app/src/routes/oauth/consent/+page.svelte +83 -0
- package/migrations/pg/0001_schema_version.down.sql +2 -0
- package/migrations/pg/0001_schema_version.sql +8 -0
- package/migrations/pg/0002_initial_schema.down.sql +36 -0
- package/migrations/pg/0002_initial_schema.sql +376 -0
- package/migrations/pg/0003_auth_continuation.down.sql +6 -0
- package/migrations/pg/0003_auth_continuation.sql +30 -0
- package/migrations/pg/0004_tenant_default_unique.down.sql +1 -0
- package/migrations/pg/0004_tenant_default_unique.sql +14 -0
- package/migrations/pg/0005_hot_indexes_timestamptz.down.sql +71 -0
- package/migrations/pg/0005_hot_indexes_timestamptz.sql +71 -0
- package/migrations/pg/0006_canonical_email.down.sql +3 -0
- package/migrations/pg/0006_canonical_email.sql +8 -0
- package/migrations/pg/0007_audit_chain_anchor.down.sql +1 -0
- package/migrations/pg/0007_audit_chain_anchor.sql +8 -0
- package/migrations/pg/0008_two_factor_hardening.down.sql +8 -0
- package/migrations/pg/0008_two_factor_hardening.sql +8 -0
- package/migrations/pg/0009_encrypt_totp_secrets.down.sql +2 -0
- package/migrations/pg/0009_encrypt_totp_secrets.sql +5 -0
- package/migrations/pg/0010_bigint_append_only_ids.down.sql +2 -0
- package/migrations/pg/0010_bigint_append_only_ids.sql +23 -0
- package/migrations/sqlite/0001_schema_version.down.sql +2 -0
- package/migrations/sqlite/0001_schema_version.sql +8 -0
- package/migrations/sqlite/0002_initial_schema.down.sql +36 -0
- package/migrations/sqlite/0002_initial_schema.sql +376 -0
- package/migrations/sqlite/0003_auth_continuation.down.sql +27 -0
- package/migrations/sqlite/0003_auth_continuation.sql +45 -0
- package/migrations/sqlite/0004_tenant_default_unique.down.sql +1 -0
- package/migrations/sqlite/0004_tenant_default_unique.sql +13 -0
- package/migrations/sqlite/0005_hot_indexes_timestamptz.down.sql +10 -0
- package/migrations/sqlite/0005_hot_indexes_timestamptz.sql +10 -0
- package/migrations/sqlite/0006_canonical_email.down.sql +3 -0
- package/migrations/sqlite/0006_canonical_email.sql +8 -0
- package/migrations/sqlite/0007_audit_chain_anchor.down.sql +1 -0
- package/migrations/sqlite/0007_audit_chain_anchor.sql +8 -0
- package/migrations/sqlite/0008_two_factor_hardening.down.sql +14 -0
- package/migrations/sqlite/0008_two_factor_hardening.sql +7 -0
- package/migrations/sqlite/0009_encrypt_totp_secrets.down.sql +2 -0
- package/migrations/sqlite/0009_encrypt_totp_secrets.sql +5 -0
- package/migrations/sqlite/0010_bigint_append_only_ids.down.sql +1 -0
- package/migrations/sqlite/0010_bigint_append_only_ids.sql +2 -0
- package/package.json +398 -0
- package/src/adapters/database/index.ts +63 -0
- package/src/adapters/database/types.ts +22 -0
- package/src/changelog-script.test.ts +21 -0
- package/src/cli.test.ts +79 -0
- package/src/core/auth/auth-admin.test.ts +247 -0
- package/src/core/auth/auth-endpoints.ts +558 -0
- package/src/core/auth/auth-observer.test.ts +191 -0
- package/src/core/auth/auth-service.ts +1464 -0
- package/src/core/auth/email.test.ts +17 -0
- package/src/core/auth/email.ts +11 -0
- package/src/core/auth/hooks.test.ts +251 -0
- package/src/core/auth/impersonation.test.ts +179 -0
- package/src/core/auth/jwt.test.ts +184 -0
- package/src/core/auth/jwt.ts +239 -0
- package/src/core/auth/login-timing.test.ts +77 -0
- package/src/core/auth/password-policy.test.ts +253 -0
- package/src/core/auth/password-policy.ts +220 -0
- package/src/core/auth/password.test.ts +42 -0
- package/src/core/auth/password.ts +62 -0
- package/src/core/auth/post-auth-gate.test.ts +258 -0
- package/src/core/auth/post-auth-gate.ts +228 -0
- package/src/core/auth/refresh-token.test.ts +86 -0
- package/src/core/auth/refresh-token.ts +105 -0
- package/src/core/auth/timing-safe.ts +23 -0
- package/src/core/config.ts +212 -0
- package/src/core/endpoint.ts +149 -0
- package/src/core/errors.ts +199 -0
- package/src/core/fetcher-interop.test.ts +106 -0
- package/src/core/fortress.test.ts +354 -0
- package/src/core/fortress.ts +550 -0
- package/src/core/http/call.test.ts +148 -0
- package/src/core/http/call.ts +149 -0
- package/src/core/http/cookie-serialize.test.ts +198 -0
- package/src/core/http/cookie-serialize.ts +107 -0
- package/src/core/http/csrf.test.ts +140 -0
- package/src/core/http/csrf.ts +173 -0
- package/src/core/http/dispatch.ts +652 -0
- package/src/core/http/error-response.test.ts +69 -0
- package/src/core/http/error-response.ts +93 -0
- package/src/core/http/fortress-rbac.test.ts +43 -0
- package/src/core/http/fortress-rbac.ts +127 -0
- package/src/core/http/handle-request.test.ts +441 -0
- package/src/core/http/handle-request.ts +354 -0
- package/src/core/http/match.test.ts +122 -0
- package/src/core/http/match.ts +126 -0
- package/src/core/http/outbound.test.ts +34 -0
- package/src/core/http/outbound.ts +105 -0
- package/src/core/http/plugin-middleware.ts +67 -0
- package/src/core/http/principal.test.ts +345 -0
- package/src/core/http/principal.ts +86 -0
- package/src/core/http/protect.test.ts +220 -0
- package/src/core/http/protect.ts +394 -0
- package/src/core/http/token-extraction.test.ts +59 -0
- package/src/core/http/token-extraction.ts +53 -0
- package/src/core/iam/explain.test.ts +177 -0
- package/src/core/iam/explain.ts +302 -0
- package/src/core/iam/iam-endpoints.ts +779 -0
- package/src/core/iam/iam-service.test.ts +829 -0
- package/src/core/iam/iam-service.ts +1137 -0
- package/src/core/iam/permission-cache.test.ts +115 -0
- package/src/core/iam/permission-cache.ts +71 -0
- package/src/core/iam/permission-check-observer.test.ts +90 -0
- package/src/core/iam/permission-evaluator.test.ts +291 -0
- package/src/core/iam/permission-evaluator.ts +198 -0
- package/src/core/iam/permission-sync.test.ts +166 -0
- package/src/core/iam/permission-sync.ts +192 -0
- package/src/core/iam/resource-sync.test.ts +70 -0
- package/src/core/iam/resource-sync.ts +182 -0
- package/src/core/iam/service-account-http.test.ts +529 -0
- package/src/core/iam/service-account.test.ts +282 -0
- package/src/core/internal-adapter.test.ts +389 -0
- package/src/core/internal-adapter.ts +435 -0
- package/src/core/json-schema.ts +50 -0
- package/src/core/manifest/__snapshots__/route-manifest.test.ts.snap +192 -0
- package/src/core/manifest/drift.ts +103 -0
- package/src/core/manifest/route-manifest.test.ts +142 -0
- package/src/core/manifest/route-manifest.ts +154 -0
- package/src/core/migrate.test.ts +72 -0
- package/src/core/migrations/engine.test.ts +308 -0
- package/src/core/migrations/engine.ts +548 -0
- package/src/core/migrations/migrations.ts +1771 -0
- package/src/core/migrations/pg-migration.integration-test.ts +353 -0
- package/src/core/migrations/upgrade-fixture.test.ts +378 -0
- package/src/core/observability/db-instrumentation.ts +205 -0
- package/src/core/observability/listener-list.test.ts +124 -0
- package/src/core/observability/listener-list.ts +73 -0
- package/src/core/observability/logger.test.ts +43 -0
- package/src/core/observability/logger.ts +49 -0
- package/src/core/observability/spans.test.ts +193 -0
- package/src/core/observability/types.ts +80 -0
- package/src/core/openapi-drift.test.ts +41 -0
- package/src/core/openapi.ts +47 -0
- package/src/core/plugin-methods-map.ts +75 -0
- package/src/core/plugin-runner.test.ts +233 -0
- package/src/core/plugin-runner.ts +276 -0
- package/src/core/plugin.ts +210 -0
- package/src/core/policy/apply.ts +272 -0
- package/src/core/policy/diff.ts +288 -0
- package/src/core/policy/loader.test.ts +63 -0
- package/src/core/policy/loader.ts +214 -0
- package/src/core/policy/policy.test.ts +232 -0
- package/src/core/policy/types.ts +105 -0
- package/src/core/schema-builder.test.ts +660 -0
- package/src/core/schema-builder.ts +881 -0
- package/src/core/standard-schema.ts +56 -0
- package/src/core/types.ts +258 -0
- package/src/core/validation.test.ts +195 -0
- package/src/core/validation.ts +192 -0
- package/src/drizzle/adapter.test.ts +425 -0
- package/src/drizzle/adapter.ts +474 -0
- package/src/drizzle/index.ts +31 -0
- package/src/drizzle/pg/adapter.integration-test.ts +456 -0
- package/src/drizzle/pg/index.ts +13 -0
- package/src/drizzle/pg/pg.integration-test.ts +1539 -0
- package/src/drizzle/pg/schema.ts +539 -0
- package/src/drizzle/pg-error-map.test.ts +218 -0
- package/src/drizzle/pg-error-map.ts +151 -0
- package/src/drizzle/schema.ts +544 -0
- package/src/drizzle/sqlite-serialization.test.ts +106 -0
- package/src/express/express-api-key-user-routes.test.ts +241 -0
- package/src/express/express.test.ts +442 -0
- package/src/express/handle.ts +191 -0
- package/src/express/index.ts +62 -0
- package/src/express/middleware.ts +551 -0
- package/src/express/protect.ts +154 -0
- package/src/express/validated.test.ts +86 -0
- package/src/express/validated.ts +99 -0
- package/src/fetcher/index.ts +81 -0
- package/src/hono/convert-routes.test.ts +220 -0
- package/src/hono/convert-routes.ts +196 -0
- package/src/hono/converters.test.ts +50 -0
- package/src/hono/converters.ts +43 -0
- package/src/hono/handle.ts +79 -0
- package/src/hono/helpers.ts +2 -0
- package/src/hono/hono-api-key-user-routes.test.ts +225 -0
- package/src/hono/hono-handlers.test.ts +861 -0
- package/src/hono/hono.test.ts +454 -0
- package/src/hono/index.ts +101 -0
- package/src/hono/middleware/auth.ts +236 -0
- package/src/hono/middleware/auth.types.test.ts +94 -0
- package/src/hono/middleware/csrf.test.ts +127 -0
- package/src/hono/middleware/csrf.ts +68 -0
- package/src/hono/middleware/error-handler.ts +12 -0
- package/src/hono/middleware/plugin-middleware.ts +35 -0
- package/src/hono/middleware/rbac.ts +131 -0
- package/src/hono/middleware/security-headers.test.ts +88 -0
- package/src/hono/middleware/security-headers.ts +68 -0
- package/src/hono/openapi.ts +237 -0
- package/src/hono/protect.ts +87 -0
- package/src/hono/validated.test.ts +123 -0
- package/src/hono/validated.ts +62 -0
- package/src/index.ts +309 -0
- package/src/integration.test.ts +718 -0
- package/src/internal/changelog.ts +56 -0
- package/src/otel/index.ts +158 -0
- package/src/otel/otel-types.test.ts +35 -0
- package/src/otel/otel.test.ts +235 -0
- package/src/plugins/account-lockout/account-lockout.test.ts +367 -0
- package/src/plugins/account-lockout/index.ts +267 -0
- package/src/plugins/admin/admin-api-key.test.ts +438 -0
- package/src/plugins/admin/index.ts +1612 -0
- package/src/plugins/api-key/api-key.test.ts +684 -0
- package/src/plugins/api-key/core.ts +336 -0
- package/src/plugins/api-key/index.ts +315 -0
- package/src/plugins/audit-log/audit-log.test.ts +749 -0
- package/src/plugins/audit-log/index.ts +680 -0
- package/src/plugins/data-isolation/data-isolation.test.ts +197 -0
- package/src/plugins/data-isolation/index.ts +157 -0
- package/src/plugins/email-verification/email-verification.test.ts +199 -0
- package/src/plugins/email-verification/index.ts +190 -0
- package/src/plugins/magic-link/index.ts +129 -0
- package/src/plugins/magic-link/magic-link.test.ts +156 -0
- package/src/plugins/oauth/id-token.ts +86 -0
- package/src/plugins/oauth/index.ts +2145 -0
- package/src/plugins/oauth/jwks.test.ts +32 -0
- package/src/plugins/oauth/jwks.ts +182 -0
- package/src/plugins/oauth/oauth.test.ts +2220 -0
- package/src/plugins/oauth/pkce.ts +58 -0
- package/src/plugins/openapi/index.ts +298 -0
- package/src/plugins/openapi/openapi.test.ts +425 -0
- package/src/plugins/openapi/spec-builder.ts +287 -0
- package/src/plugins/rate-limit/express.test.ts +89 -0
- package/src/plugins/rate-limit/express.ts +86 -0
- package/src/plugins/rate-limit/hono.test.ts +60 -0
- package/src/plugins/rate-limit/hono.ts +74 -0
- package/src/plugins/rate-limit/index.ts +383 -0
- package/src/plugins/rate-limit/memory-store.ts +61 -0
- package/src/plugins/rate-limit/rate-limit.test.ts +756 -0
- package/src/plugins/rate-limit/sveltekit.test.ts +58 -0
- package/src/plugins/rate-limit/sveltekit.ts +66 -0
- package/src/plugins/social-login/index.ts +715 -0
- package/src/plugins/social-login/providers/apple.ts +34 -0
- package/src/plugins/social-login/providers/discord.ts +26 -0
- package/src/plugins/social-login/providers/github.ts +54 -0
- package/src/plugins/social-login/providers/google.ts +23 -0
- package/src/plugins/social-login/providers/index.ts +22 -0
- package/src/plugins/social-login/providers/microsoft.ts +35 -0
- package/src/plugins/social-login/providers/oidc.ts +37 -0
- package/src/plugins/social-login/providers/providers.test.ts +211 -0
- package/src/plugins/social-login/social-login.test.ts +675 -0
- package/src/plugins/social-login/types.ts +80 -0
- package/src/plugins/tenancy/index.ts +544 -0
- package/src/plugins/tenancy/tenancy.test.ts +323 -0
- package/src/plugins/two-factor/index.ts +569 -0
- package/src/plugins/two-factor/two-factor.test.ts +235 -0
- package/src/plugins/webauthn/index.ts +554 -0
- package/src/plugins/webauthn/webauthn.test.ts +472 -0
- package/src/plugins/webhook/builtin-events.ts +29 -0
- package/src/plugins/webhook/delivery.test.ts +51 -0
- package/src/plugins/webhook/delivery.ts +154 -0
- package/src/plugins/webhook/hooks.ts +89 -0
- package/src/plugins/webhook/index.ts +445 -0
- package/src/plugins/webhook/queue/database.ts +67 -0
- package/src/plugins/webhook/queue/in-memory.test.ts +48 -0
- package/src/plugins/webhook/queue/in-memory.ts +71 -0
- package/src/plugins/webhook/queue/types.ts +51 -0
- package/src/plugins/webhook/registry.test.ts +48 -0
- package/src/plugins/webhook/registry.ts +64 -0
- package/src/plugins/webhook/signing.ts +45 -0
- package/src/plugins/webhook/ssrf.ts +198 -0
- package/src/plugins/webhook/types.ts +138 -0
- package/src/plugins/webhook/webhook.test.ts +324 -0
- package/src/sveltekit/actions.ts +233 -0
- package/src/sveltekit/catch-all.ts +43 -0
- package/src/sveltekit/cookies.ts +136 -0
- package/src/sveltekit/handle.ts +356 -0
- package/src/sveltekit/helpers.ts +69 -0
- package/src/sveltekit/index.ts +74 -0
- package/src/sveltekit/protect.ts +80 -0
- package/src/sveltekit/sveltekit-types.test.ts +31 -0
- package/src/sveltekit/sveltekit.test.ts +799 -0
- package/src/sveltekit/types.ts +134 -0
- package/src/sveltekit/validated.test.ts +117 -0
- package/src/sveltekit/validated.ts +78 -0
- package/src/testing/adapter-conformance.test.ts +408 -0
- package/src/testing/checks.test.ts +124 -0
- package/src/testing/checks.ts +304 -0
- package/src/testing/index.ts +107 -0
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
/** Core operators that all DatabaseAdapter implementations MUST support */
|
|
2
|
+
type CoreOperator = '=' | '!=' | 'in' | 'gt' | 'lt' | 'gte' | 'lte' | 'isNull';
|
|
3
|
+
/** A single condition in a database query, joined with AND by the adapter. */
|
|
4
|
+
interface WhereClause {
|
|
5
|
+
field: string;
|
|
6
|
+
/**
|
|
7
|
+
* Open string — core uses CoreOperator values.
|
|
8
|
+
* Adapters MAY support additional operators: 'like', 'between', etc.
|
|
9
|
+
* Adapters throw on unsupported operators at runtime.
|
|
10
|
+
*/
|
|
11
|
+
operator: CoreOperator | (string & {});
|
|
12
|
+
value: unknown;
|
|
13
|
+
}
|
|
14
|
+
/** Scope rules for row-level data isolation */
|
|
15
|
+
interface ScopeRule {
|
|
16
|
+
/** WHERE clauses auto-injected on findOne, findMany, count, update, delete */
|
|
17
|
+
filters: WhereClause[];
|
|
18
|
+
/** Default values auto-injected on create (e.g., { siteId: 3 }) */
|
|
19
|
+
defaults: Record<string, unknown>;
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
/**
|
|
23
|
+
* Generic CRUD database adapter interface fortress uses to talk to any
|
|
24
|
+
* datastore. Implement seven required methods (create, findOne, findMany,
|
|
25
|
+
* update, delete, count, transaction) and optionally `rawQuery` for
|
|
26
|
+
* performance-critical multi-table operations.
|
|
27
|
+
*/
|
|
28
|
+
interface DatabaseAdapter {
|
|
29
|
+
create: <T>(params: {
|
|
30
|
+
model: string;
|
|
31
|
+
data: Record<string, unknown>;
|
|
32
|
+
}) => Promise<T>;
|
|
33
|
+
findOne: <T>(params: {
|
|
34
|
+
model: string;
|
|
35
|
+
where: WhereClause[];
|
|
36
|
+
}) => Promise<T | null>;
|
|
37
|
+
findMany: <T>(params: {
|
|
38
|
+
model: string;
|
|
39
|
+
where?: WhereClause[];
|
|
40
|
+
limit?: number;
|
|
41
|
+
offset?: number;
|
|
42
|
+
sortBy?: {
|
|
43
|
+
field: string;
|
|
44
|
+
direction: 'asc' | 'desc';
|
|
45
|
+
};
|
|
46
|
+
}) => Promise<T[]>;
|
|
47
|
+
/**
|
|
48
|
+
* Update rows matching the where clause.
|
|
49
|
+
* Returns the updated row, or null if no rows matched the where clause.
|
|
50
|
+
*/
|
|
51
|
+
update: <T>(params: {
|
|
52
|
+
model: string;
|
|
53
|
+
where: WhereClause[];
|
|
54
|
+
data: Record<string, unknown>;
|
|
55
|
+
}) => Promise<T | null>;
|
|
56
|
+
delete: (params: {
|
|
57
|
+
model: string;
|
|
58
|
+
where: WhereClause[];
|
|
59
|
+
}) => Promise<void>;
|
|
60
|
+
count: (params: {
|
|
61
|
+
model: string;
|
|
62
|
+
where?: WhereClause[];
|
|
63
|
+
}) => Promise<number>;
|
|
64
|
+
transaction: <T>(fn: (tx: DatabaseAdapter) => Promise<T>) => Promise<T>;
|
|
65
|
+
/**
|
|
66
|
+
* Optional: raw query for performance-critical multi-table operations.
|
|
67
|
+
* Adapters that implement this get optimized IAM queries.
|
|
68
|
+
* Others fall back to multiple findMany calls.
|
|
69
|
+
* @param sql SQL string using `?` positional placeholders on every dialect
|
|
70
|
+
* @param params Positional parameters matching the `?` placeholders
|
|
71
|
+
*/
|
|
72
|
+
rawQuery?: <T>(sql: string, params?: unknown[]) => Promise<T[]>;
|
|
73
|
+
/** Database dialect hint for adapters that implement rawQuery */
|
|
74
|
+
readonly dialect?: 'sqlite' | 'pg';
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
export type { CoreOperator as C, DatabaseAdapter as D, ScopeRule as S, WhereClause as W };
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
/** Core operators that all DatabaseAdapter implementations MUST support */
|
|
2
|
+
type CoreOperator = '=' | '!=' | 'in' | 'gt' | 'lt' | 'gte' | 'lte' | 'isNull';
|
|
3
|
+
/** A single condition in a database query, joined with AND by the adapter. */
|
|
4
|
+
interface WhereClause {
|
|
5
|
+
field: string;
|
|
6
|
+
/**
|
|
7
|
+
* Open string — core uses CoreOperator values.
|
|
8
|
+
* Adapters MAY support additional operators: 'like', 'between', etc.
|
|
9
|
+
* Adapters throw on unsupported operators at runtime.
|
|
10
|
+
*/
|
|
11
|
+
operator: CoreOperator | (string & {});
|
|
12
|
+
value: unknown;
|
|
13
|
+
}
|
|
14
|
+
/** Scope rules for row-level data isolation */
|
|
15
|
+
interface ScopeRule {
|
|
16
|
+
/** WHERE clauses auto-injected on findOne, findMany, count, update, delete */
|
|
17
|
+
filters: WhereClause[];
|
|
18
|
+
/** Default values auto-injected on create (e.g., { siteId: 3 }) */
|
|
19
|
+
defaults: Record<string, unknown>;
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
/**
|
|
23
|
+
* Generic CRUD database adapter interface fortress uses to talk to any
|
|
24
|
+
* datastore. Implement seven required methods (create, findOne, findMany,
|
|
25
|
+
* update, delete, count, transaction) and optionally `rawQuery` for
|
|
26
|
+
* performance-critical multi-table operations.
|
|
27
|
+
*/
|
|
28
|
+
interface DatabaseAdapter {
|
|
29
|
+
create: <T>(params: {
|
|
30
|
+
model: string;
|
|
31
|
+
data: Record<string, unknown>;
|
|
32
|
+
}) => Promise<T>;
|
|
33
|
+
findOne: <T>(params: {
|
|
34
|
+
model: string;
|
|
35
|
+
where: WhereClause[];
|
|
36
|
+
}) => Promise<T | null>;
|
|
37
|
+
findMany: <T>(params: {
|
|
38
|
+
model: string;
|
|
39
|
+
where?: WhereClause[];
|
|
40
|
+
limit?: number;
|
|
41
|
+
offset?: number;
|
|
42
|
+
sortBy?: {
|
|
43
|
+
field: string;
|
|
44
|
+
direction: 'asc' | 'desc';
|
|
45
|
+
};
|
|
46
|
+
}) => Promise<T[]>;
|
|
47
|
+
/**
|
|
48
|
+
* Update rows matching the where clause.
|
|
49
|
+
* Returns the updated row, or null if no rows matched the where clause.
|
|
50
|
+
*/
|
|
51
|
+
update: <T>(params: {
|
|
52
|
+
model: string;
|
|
53
|
+
where: WhereClause[];
|
|
54
|
+
data: Record<string, unknown>;
|
|
55
|
+
}) => Promise<T | null>;
|
|
56
|
+
delete: (params: {
|
|
57
|
+
model: string;
|
|
58
|
+
where: WhereClause[];
|
|
59
|
+
}) => Promise<void>;
|
|
60
|
+
count: (params: {
|
|
61
|
+
model: string;
|
|
62
|
+
where?: WhereClause[];
|
|
63
|
+
}) => Promise<number>;
|
|
64
|
+
transaction: <T>(fn: (tx: DatabaseAdapter) => Promise<T>) => Promise<T>;
|
|
65
|
+
/**
|
|
66
|
+
* Optional: raw query for performance-critical multi-table operations.
|
|
67
|
+
* Adapters that implement this get optimized IAM queries.
|
|
68
|
+
* Others fall back to multiple findMany calls.
|
|
69
|
+
* @param sql SQL string using `?` positional placeholders on every dialect
|
|
70
|
+
* @param params Positional parameters matching the `?` placeholders
|
|
71
|
+
*/
|
|
72
|
+
rawQuery?: <T>(sql: string, params?: unknown[]) => Promise<T[]>;
|
|
73
|
+
/** Database dialect hint for adapters that implement rawQuery */
|
|
74
|
+
readonly dialect?: 'sqlite' | 'pg';
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
export type { CoreOperator as C, DatabaseAdapter as D, ScopeRule as S, WhereClause as W };
|
|
@@ -0,0 +1,146 @@
|
|
|
1
|
+
import { J as JSONSchema, E as EndpointDefinition, C as ComponentSchemas, F as FortressPlugin } from './config-GtlVt6ZD.cjs';
|
|
2
|
+
|
|
3
|
+
/** Minimal OpenAPI 3.1 spec shape produced by {@link buildOpenAPISpec}. */
|
|
4
|
+
interface OpenAPISpec {
|
|
5
|
+
openapi: string;
|
|
6
|
+
info: {
|
|
7
|
+
title: string;
|
|
8
|
+
version: string;
|
|
9
|
+
description?: string;
|
|
10
|
+
};
|
|
11
|
+
servers?: Array<{
|
|
12
|
+
url: string;
|
|
13
|
+
description?: string;
|
|
14
|
+
}>;
|
|
15
|
+
tags?: Array<{
|
|
16
|
+
name: string;
|
|
17
|
+
description?: string;
|
|
18
|
+
}>;
|
|
19
|
+
paths: Record<string, Record<string, OpenAPIOperation>>;
|
|
20
|
+
components: {
|
|
21
|
+
schemas: Record<string, JSONSchema>;
|
|
22
|
+
securitySchemes: Record<string, OpenAPISecurityScheme>;
|
|
23
|
+
};
|
|
24
|
+
}
|
|
25
|
+
interface OpenAPIOperation {
|
|
26
|
+
operationId?: string;
|
|
27
|
+
summary?: string;
|
|
28
|
+
description?: string;
|
|
29
|
+
tags?: string[];
|
|
30
|
+
deprecated?: boolean;
|
|
31
|
+
security?: Array<Record<string, string[]>>;
|
|
32
|
+
parameters?: OpenAPIParameter[];
|
|
33
|
+
requestBody?: {
|
|
34
|
+
required?: boolean;
|
|
35
|
+
content: {
|
|
36
|
+
'application/json': {
|
|
37
|
+
schema: JSONSchema;
|
|
38
|
+
};
|
|
39
|
+
};
|
|
40
|
+
};
|
|
41
|
+
responses: Record<string, {
|
|
42
|
+
description: string;
|
|
43
|
+
content?: {
|
|
44
|
+
'application/json': {
|
|
45
|
+
schema: JSONSchema;
|
|
46
|
+
};
|
|
47
|
+
};
|
|
48
|
+
}>;
|
|
49
|
+
}
|
|
50
|
+
interface OpenAPIParameter {
|
|
51
|
+
name: string;
|
|
52
|
+
in: 'query' | 'path';
|
|
53
|
+
required?: boolean;
|
|
54
|
+
description?: string;
|
|
55
|
+
schema: JSONSchema;
|
|
56
|
+
}
|
|
57
|
+
interface OpenAPISecurityScheme {
|
|
58
|
+
type: string;
|
|
59
|
+
scheme?: string;
|
|
60
|
+
bearerFormat?: string;
|
|
61
|
+
name?: string;
|
|
62
|
+
in?: string;
|
|
63
|
+
}
|
|
64
|
+
/** Options accepted by {@link buildOpenAPISpec}. */
|
|
65
|
+
interface SpecBuilderOptions {
|
|
66
|
+
title: string;
|
|
67
|
+
version: string;
|
|
68
|
+
description?: string;
|
|
69
|
+
servers?: Array<{
|
|
70
|
+
url: string;
|
|
71
|
+
description?: string;
|
|
72
|
+
}>;
|
|
73
|
+
/** Optional top-level OpenAPI tags. */
|
|
74
|
+
tags?: Array<{
|
|
75
|
+
name: string;
|
|
76
|
+
description?: string;
|
|
77
|
+
}>;
|
|
78
|
+
/**
|
|
79
|
+
* Operation ID strategy. Defaults to the historical Fortress method+path
|
|
80
|
+
* generator. `fortress.toOpenAPI()` defaults this to `'handler'` so host
|
|
81
|
+
* specs match the endpoint contract names consumers already chose.
|
|
82
|
+
*/
|
|
83
|
+
operationId?: 'methodPath' | 'handler' | ((endpoint: EndpointDefinition) => string | undefined);
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
/**
|
|
87
|
+
* OpenAPI 3.1 generator plugin for fortress.
|
|
88
|
+
*
|
|
89
|
+
* Walks every registered endpoint definition (auth, IAM, and any plugin
|
|
90
|
+
* routes), folds in their JSON Schema component definitions, and emits a
|
|
91
|
+
* complete OpenAPI 3.1 specification. Pairs with Scalar UI for an
|
|
92
|
+
* interactive docs page mounted by the framework adapters.
|
|
93
|
+
*
|
|
94
|
+
* @module
|
|
95
|
+
*/
|
|
96
|
+
|
|
97
|
+
interface OpenAPIConfig {
|
|
98
|
+
/** API title (default: 'Fortress Auth API') */
|
|
99
|
+
title?: string;
|
|
100
|
+
/** API version (default: '1.0.0') */
|
|
101
|
+
version?: string;
|
|
102
|
+
/** API description */
|
|
103
|
+
description?: string;
|
|
104
|
+
/** Server URL(s) for the spec */
|
|
105
|
+
servers?: Array<{
|
|
106
|
+
url: string;
|
|
107
|
+
description?: string;
|
|
108
|
+
}>;
|
|
109
|
+
/** Optional top-level OpenAPI tags. */
|
|
110
|
+
tags?: Array<{
|
|
111
|
+
name: string;
|
|
112
|
+
description?: string;
|
|
113
|
+
}>;
|
|
114
|
+
/** Operation ID strategy. Default: historical method+path IDs. */
|
|
115
|
+
operationId?: SpecBuilderOptions['operationId'];
|
|
116
|
+
/** Path to serve the JSON spec (default: '/openapi.json') */
|
|
117
|
+
specPath?: string;
|
|
118
|
+
/** Path to serve the Scalar UI (default: '/openapi') */
|
|
119
|
+
uiPath?: string;
|
|
120
|
+
/** Disable Scalar UI (default: false) */
|
|
121
|
+
disableUI?: boolean;
|
|
122
|
+
/** Include core auth endpoints in spec (default: true) */
|
|
123
|
+
includeCoreAuth?: boolean;
|
|
124
|
+
/** Include core IAM endpoints in spec (default: true) */
|
|
125
|
+
includeCoreIam?: boolean;
|
|
126
|
+
/** Additional component schemas to include */
|
|
127
|
+
additionalSchemas?: ComponentSchemas;
|
|
128
|
+
/** Additional endpoint definitions to include in the spec (for app-specific routes) */
|
|
129
|
+
additionalEndpoints?: EndpointDefinition[];
|
|
130
|
+
}
|
|
131
|
+
interface OpenAPIMethods {
|
|
132
|
+
[key: string]: (...args: any[]) => any;
|
|
133
|
+
generateSpec: () => Promise<OpenAPISpec>;
|
|
134
|
+
getSpec: () => Promise<Record<string, unknown>>;
|
|
135
|
+
getUI: () => string;
|
|
136
|
+
}
|
|
137
|
+
/**
|
|
138
|
+
* OpenAPI plugin factory. Returns a {@link FortressPlugin} that walks every
|
|
139
|
+
* registered endpoint definition and emits a complete OpenAPI 3.1 spec,
|
|
140
|
+
* pairable with Scalar UI for interactive documentation.
|
|
141
|
+
*/
|
|
142
|
+
declare function openapi(config?: OpenAPIConfig): FortressPlugin & {
|
|
143
|
+
readonly name: 'openapi';
|
|
144
|
+
};
|
|
145
|
+
|
|
146
|
+
export { type OpenAPISpec as O, type SpecBuilderOptions as S, type OpenAPIMethods as a, type OpenAPIConfig as b, openapi as o };
|
|
@@ -0,0 +1,146 @@
|
|
|
1
|
+
import { J as JSONSchema, E as EndpointDefinition, C as ComponentSchemas, F as FortressPlugin } from './config-B2366s_G.js';
|
|
2
|
+
|
|
3
|
+
/** Minimal OpenAPI 3.1 spec shape produced by {@link buildOpenAPISpec}. */
|
|
4
|
+
interface OpenAPISpec {
|
|
5
|
+
openapi: string;
|
|
6
|
+
info: {
|
|
7
|
+
title: string;
|
|
8
|
+
version: string;
|
|
9
|
+
description?: string;
|
|
10
|
+
};
|
|
11
|
+
servers?: Array<{
|
|
12
|
+
url: string;
|
|
13
|
+
description?: string;
|
|
14
|
+
}>;
|
|
15
|
+
tags?: Array<{
|
|
16
|
+
name: string;
|
|
17
|
+
description?: string;
|
|
18
|
+
}>;
|
|
19
|
+
paths: Record<string, Record<string, OpenAPIOperation>>;
|
|
20
|
+
components: {
|
|
21
|
+
schemas: Record<string, JSONSchema>;
|
|
22
|
+
securitySchemes: Record<string, OpenAPISecurityScheme>;
|
|
23
|
+
};
|
|
24
|
+
}
|
|
25
|
+
interface OpenAPIOperation {
|
|
26
|
+
operationId?: string;
|
|
27
|
+
summary?: string;
|
|
28
|
+
description?: string;
|
|
29
|
+
tags?: string[];
|
|
30
|
+
deprecated?: boolean;
|
|
31
|
+
security?: Array<Record<string, string[]>>;
|
|
32
|
+
parameters?: OpenAPIParameter[];
|
|
33
|
+
requestBody?: {
|
|
34
|
+
required?: boolean;
|
|
35
|
+
content: {
|
|
36
|
+
'application/json': {
|
|
37
|
+
schema: JSONSchema;
|
|
38
|
+
};
|
|
39
|
+
};
|
|
40
|
+
};
|
|
41
|
+
responses: Record<string, {
|
|
42
|
+
description: string;
|
|
43
|
+
content?: {
|
|
44
|
+
'application/json': {
|
|
45
|
+
schema: JSONSchema;
|
|
46
|
+
};
|
|
47
|
+
};
|
|
48
|
+
}>;
|
|
49
|
+
}
|
|
50
|
+
interface OpenAPIParameter {
|
|
51
|
+
name: string;
|
|
52
|
+
in: 'query' | 'path';
|
|
53
|
+
required?: boolean;
|
|
54
|
+
description?: string;
|
|
55
|
+
schema: JSONSchema;
|
|
56
|
+
}
|
|
57
|
+
interface OpenAPISecurityScheme {
|
|
58
|
+
type: string;
|
|
59
|
+
scheme?: string;
|
|
60
|
+
bearerFormat?: string;
|
|
61
|
+
name?: string;
|
|
62
|
+
in?: string;
|
|
63
|
+
}
|
|
64
|
+
/** Options accepted by {@link buildOpenAPISpec}. */
|
|
65
|
+
interface SpecBuilderOptions {
|
|
66
|
+
title: string;
|
|
67
|
+
version: string;
|
|
68
|
+
description?: string;
|
|
69
|
+
servers?: Array<{
|
|
70
|
+
url: string;
|
|
71
|
+
description?: string;
|
|
72
|
+
}>;
|
|
73
|
+
/** Optional top-level OpenAPI tags. */
|
|
74
|
+
tags?: Array<{
|
|
75
|
+
name: string;
|
|
76
|
+
description?: string;
|
|
77
|
+
}>;
|
|
78
|
+
/**
|
|
79
|
+
* Operation ID strategy. Defaults to the historical Fortress method+path
|
|
80
|
+
* generator. `fortress.toOpenAPI()` defaults this to `'handler'` so host
|
|
81
|
+
* specs match the endpoint contract names consumers already chose.
|
|
82
|
+
*/
|
|
83
|
+
operationId?: 'methodPath' | 'handler' | ((endpoint: EndpointDefinition) => string | undefined);
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
/**
|
|
87
|
+
* OpenAPI 3.1 generator plugin for fortress.
|
|
88
|
+
*
|
|
89
|
+
* Walks every registered endpoint definition (auth, IAM, and any plugin
|
|
90
|
+
* routes), folds in their JSON Schema component definitions, and emits a
|
|
91
|
+
* complete OpenAPI 3.1 specification. Pairs with Scalar UI for an
|
|
92
|
+
* interactive docs page mounted by the framework adapters.
|
|
93
|
+
*
|
|
94
|
+
* @module
|
|
95
|
+
*/
|
|
96
|
+
|
|
97
|
+
interface OpenAPIConfig {
|
|
98
|
+
/** API title (default: 'Fortress Auth API') */
|
|
99
|
+
title?: string;
|
|
100
|
+
/** API version (default: '1.0.0') */
|
|
101
|
+
version?: string;
|
|
102
|
+
/** API description */
|
|
103
|
+
description?: string;
|
|
104
|
+
/** Server URL(s) for the spec */
|
|
105
|
+
servers?: Array<{
|
|
106
|
+
url: string;
|
|
107
|
+
description?: string;
|
|
108
|
+
}>;
|
|
109
|
+
/** Optional top-level OpenAPI tags. */
|
|
110
|
+
tags?: Array<{
|
|
111
|
+
name: string;
|
|
112
|
+
description?: string;
|
|
113
|
+
}>;
|
|
114
|
+
/** Operation ID strategy. Default: historical method+path IDs. */
|
|
115
|
+
operationId?: SpecBuilderOptions['operationId'];
|
|
116
|
+
/** Path to serve the JSON spec (default: '/openapi.json') */
|
|
117
|
+
specPath?: string;
|
|
118
|
+
/** Path to serve the Scalar UI (default: '/openapi') */
|
|
119
|
+
uiPath?: string;
|
|
120
|
+
/** Disable Scalar UI (default: false) */
|
|
121
|
+
disableUI?: boolean;
|
|
122
|
+
/** Include core auth endpoints in spec (default: true) */
|
|
123
|
+
includeCoreAuth?: boolean;
|
|
124
|
+
/** Include core IAM endpoints in spec (default: true) */
|
|
125
|
+
includeCoreIam?: boolean;
|
|
126
|
+
/** Additional component schemas to include */
|
|
127
|
+
additionalSchemas?: ComponentSchemas;
|
|
128
|
+
/** Additional endpoint definitions to include in the spec (for app-specific routes) */
|
|
129
|
+
additionalEndpoints?: EndpointDefinition[];
|
|
130
|
+
}
|
|
131
|
+
interface OpenAPIMethods {
|
|
132
|
+
[key: string]: (...args: any[]) => any;
|
|
133
|
+
generateSpec: () => Promise<OpenAPISpec>;
|
|
134
|
+
getSpec: () => Promise<Record<string, unknown>>;
|
|
135
|
+
getUI: () => string;
|
|
136
|
+
}
|
|
137
|
+
/**
|
|
138
|
+
* OpenAPI plugin factory. Returns a {@link FortressPlugin} that walks every
|
|
139
|
+
* registered endpoint definition and emits a complete OpenAPI 3.1 spec,
|
|
140
|
+
* pairable with Scalar UI for interactive documentation.
|
|
141
|
+
*/
|
|
142
|
+
declare function openapi(config?: OpenAPIConfig): FortressPlugin & {
|
|
143
|
+
readonly name: 'openapi';
|
|
144
|
+
};
|
|
145
|
+
|
|
146
|
+
export { type OpenAPISpec as O, type SpecBuilderOptions as S, type OpenAPIMethods as a, type OpenAPIConfig as b, openapi as o };
|