@bajustone/fortress 1.0.0-rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +1011 -0
- package/LICENSE +21 -0
- package/README.md +760 -0
- package/SECURITY.md +197 -0
- package/bin/fortress.ts +667 -0
- package/dist/auth-service-BcyQ2PuZ.d.cts +307 -0
- package/dist/auth-service-BkzZkWfH.d.ts +307 -0
- package/dist/config-B2366s_G.d.ts +665 -0
- package/dist/config-GtlVt6ZD.d.cts +665 -0
- package/dist/convert-routes-BLCQT57f.d.ts +72 -0
- package/dist/convert-routes-BdMvP2_X.d.cts +72 -0
- package/dist/crypto.cjs +61 -0
- package/dist/crypto.d.cts +36 -0
- package/dist/crypto.d.ts +36 -0
- package/dist/crypto.js +35 -0
- package/dist/drift-BT1wtMDJ.d.cts +22 -0
- package/dist/drift-k9LiYpRP.d.ts +22 -0
- package/dist/drizzle/pg.cjs +481 -0
- package/dist/drizzle/pg.d.cts +15 -0
- package/dist/drizzle/pg.d.ts +15 -0
- package/dist/drizzle/pg.js +454 -0
- package/dist/drizzle.cjs +1442 -0
- package/dist/drizzle.d.cts +85 -0
- package/dist/drizzle.d.ts +85 -0
- package/dist/drizzle.js +1411 -0
- package/dist/express.cjs +1357 -0
- package/dist/express.d.cts +333 -0
- package/dist/express.d.ts +333 -0
- package/dist/express.js +1314 -0
- package/dist/fetcher.cjs +77 -0
- package/dist/fetcher.d.cts +7 -0
- package/dist/fetcher.d.ts +7 -0
- package/dist/fetcher.js +41 -0
- package/dist/fortress-BmSvFfqK.d.cts +1089 -0
- package/dist/fortress-uA-_cheR.d.ts +1089 -0
- package/dist/hono.cjs +1530 -0
- package/dist/hono.d.cts +514 -0
- package/dist/hono.d.ts +514 -0
- package/dist/hono.js +1483 -0
- package/dist/index-CxEkfCA0.d.cts +77 -0
- package/dist/index-CxEkfCA0.d.ts +77 -0
- package/dist/index-D054pcb-.d.cts +146 -0
- package/dist/index-jAMbbUAY.d.ts +146 -0
- package/dist/index.cjs +9046 -0
- package/dist/index.d.cts +717 -0
- package/dist/index.d.ts +717 -0
- package/dist/index.js +8935 -0
- package/dist/jwt.cjs +255 -0
- package/dist/jwt.d.cts +90 -0
- package/dist/jwt.d.ts +90 -0
- package/dist/jwt.js +227 -0
- package/dist/otel.cjs +108 -0
- package/dist/otel.d.cts +62 -0
- package/dist/otel.d.ts +62 -0
- package/dist/otel.js +73 -0
- package/dist/plugins/account-lockout.cjs +322 -0
- package/dist/plugins/account-lockout.d.cts +42 -0
- package/dist/plugins/account-lockout.d.ts +42 -0
- package/dist/plugins/account-lockout.js +295 -0
- package/dist/plugins/admin.cjs +2378 -0
- package/dist/plugins/admin.d.cts +72 -0
- package/dist/plugins/admin.d.ts +72 -0
- package/dist/plugins/admin.js +2351 -0
- package/dist/plugins/api-key.cjs +792 -0
- package/dist/plugins/api-key.d.cts +121 -0
- package/dist/plugins/api-key.d.ts +121 -0
- package/dist/plugins/api-key.js +765 -0
- package/dist/plugins/audit-log.cjs +493 -0
- package/dist/plugins/audit-log.d.cts +86 -0
- package/dist/plugins/audit-log.d.ts +86 -0
- package/dist/plugins/audit-log.js +468 -0
- package/dist/plugins/data-isolation.cjs +211 -0
- package/dist/plugins/data-isolation.d.cts +49 -0
- package/dist/plugins/data-isolation.d.ts +49 -0
- package/dist/plugins/data-isolation.js +186 -0
- package/dist/plugins/email-verification.cjs +273 -0
- package/dist/plugins/email-verification.d.cts +44 -0
- package/dist/plugins/email-verification.d.ts +44 -0
- package/dist/plugins/email-verification.js +246 -0
- package/dist/plugins/magic-link.cjs +231 -0
- package/dist/plugins/magic-link.d.cts +39 -0
- package/dist/plugins/magic-link.d.ts +39 -0
- package/dist/plugins/magic-link.js +204 -0
- package/dist/plugins/oauth.cjs +1696 -0
- package/dist/plugins/oauth.d.cts +406 -0
- package/dist/plugins/oauth.d.ts +406 -0
- package/dist/plugins/oauth.js +1669 -0
- package/dist/plugins/openapi.cjs +1185 -0
- package/dist/plugins/openapi.d.cts +6 -0
- package/dist/plugins/openapi.d.ts +6 -0
- package/dist/plugins/openapi.js +1158 -0
- package/dist/plugins/rate-limit/express.cjs +55 -0
- package/dist/plugins/rate-limit/express.d.cts +64 -0
- package/dist/plugins/rate-limit/express.d.ts +64 -0
- package/dist/plugins/rate-limit/express.js +30 -0
- package/dist/plugins/rate-limit/hono.cjs +51 -0
- package/dist/plugins/rate-limit/hono.d.cts +59 -0
- package/dist/plugins/rate-limit/hono.d.ts +59 -0
- package/dist/plugins/rate-limit/hono.js +26 -0
- package/dist/plugins/rate-limit/sveltekit.cjs +49 -0
- package/dist/plugins/rate-limit/sveltekit.d.cts +59 -0
- package/dist/plugins/rate-limit/sveltekit.d.ts +59 -0
- package/dist/plugins/rate-limit/sveltekit.js +24 -0
- package/dist/plugins/rate-limit.cjs +354 -0
- package/dist/plugins/rate-limit.d.cts +140 -0
- package/dist/plugins/rate-limit.d.ts +140 -0
- package/dist/plugins/rate-limit.js +325 -0
- package/dist/plugins/social-login.cjs +905 -0
- package/dist/plugins/social-login.d.cts +114 -0
- package/dist/plugins/social-login.d.ts +114 -0
- package/dist/plugins/social-login.js +880 -0
- package/dist/plugins/tenancy.cjs +780 -0
- package/dist/plugins/tenancy.d.cts +108 -0
- package/dist/plugins/tenancy.d.ts +108 -0
- package/dist/plugins/tenancy.js +753 -0
- package/dist/plugins/two-factor.cjs +555 -0
- package/dist/plugins/two-factor.d.cts +67 -0
- package/dist/plugins/two-factor.d.ts +67 -0
- package/dist/plugins/two-factor.js +526 -0
- package/dist/plugins/webauthn.cjs +786 -0
- package/dist/plugins/webauthn.d.cts +72 -0
- package/dist/plugins/webauthn.d.ts +72 -0
- package/dist/plugins/webauthn.js +766 -0
- package/dist/plugins/webhook.cjs +819 -0
- package/dist/plugins/webhook.d.cts +254 -0
- package/dist/plugins/webhook.d.ts +254 -0
- package/dist/plugins/webhook.js +789 -0
- package/dist/protect-D1v_0upK.d.cts +123 -0
- package/dist/protect-DsxV_-dJ.d.ts +123 -0
- package/dist/sveltekit.cjs +1258 -0
- package/dist/sveltekit.d.cts +420 -0
- package/dist/sveltekit.d.ts +420 -0
- package/dist/sveltekit.js +1207 -0
- package/dist/testing.cjs +4294 -0
- package/dist/testing.d.cts +197 -0
- package/dist/testing.d.ts +197 -0
- package/dist/testing.js +4264 -0
- package/dist/types-et0R8tsC.d.cts +217 -0
- package/dist/types-et0R8tsC.d.ts +217 -0
- package/docs/adapter-typed-helpers.md +192 -0
- package/docs/admin-recipes.md +227 -0
- package/docs/architecture.md +434 -0
- package/docs/ci/github-actions.yml +59 -0
- package/docs/ci.md +109 -0
- package/docs/compatibility.md +115 -0
- package/docs/deployment.md +305 -0
- package/docs/hardening.md +118 -0
- package/docs/host-owned-routes.md +154 -0
- package/docs/migrations/0001-schema-version.md +54 -0
- package/docs/migrations/0002-initial-schema.md +84 -0
- package/docs/migrations/upgrade-guide.md +160 -0
- package/docs/observability.md +394 -0
- package/docs/plugins/account-lockout.md +131 -0
- package/docs/plugins/admin.md +402 -0
- package/docs/plugins/api-key.md +327 -0
- package/docs/plugins/audit-log.md +261 -0
- package/docs/plugins/data-isolation.md +186 -0
- package/docs/plugins/email-verification.md +121 -0
- package/docs/plugins/magic-link.md +123 -0
- package/docs/plugins/oauth.md +544 -0
- package/docs/plugins/openapi.md +250 -0
- package/docs/plugins/rate-limit.md +223 -0
- package/docs/plugins/social-login.md +337 -0
- package/docs/plugins/tenancy.md +122 -0
- package/docs/plugins/two-factor.md +191 -0
- package/docs/plugins/webauthn.md +188 -0
- package/docs/plugins/webhook.md +242 -0
- package/docs/policy-as-code.md +156 -0
- package/docs/route-manifest.md +46 -0
- package/docs/security.md +261 -0
- package/docs/threat-model.md +161 -0
- package/examples/README.md +119 -0
- package/examples/express-app/index.ts +747 -0
- package/examples/hono-app/docker-compose.yml +14 -0
- package/examples/hono-app/index.ts +1009 -0
- package/examples/policy/fortress.policy.json +47 -0
- package/examples/sveltekit-app/README.md +125 -0
- package/examples/sveltekit-app/src/app.d.ts +16 -0
- package/examples/sveltekit-app/src/hooks.server.ts +23 -0
- package/examples/sveltekit-app/src/lib/server/fortress.ts +81 -0
- package/examples/sveltekit-app/src/routes/api/echo/[id]/+server.ts +32 -0
- package/examples/sveltekit-app/src/routes/api/fortress/[...path]/+server.ts +15 -0
- package/examples/sveltekit-app/src/routes/dashboard/+page.server.ts +20 -0
- package/examples/sveltekit-app/src/routes/login/+page.server.ts +48 -0
- package/examples/sveltekit-app/src/routes/oauth/consent/+page.server.ts +69 -0
- package/examples/sveltekit-app/src/routes/oauth/consent/+page.svelte +83 -0
- package/migrations/pg/0001_schema_version.down.sql +2 -0
- package/migrations/pg/0001_schema_version.sql +8 -0
- package/migrations/pg/0002_initial_schema.down.sql +36 -0
- package/migrations/pg/0002_initial_schema.sql +376 -0
- package/migrations/pg/0003_auth_continuation.down.sql +6 -0
- package/migrations/pg/0003_auth_continuation.sql +30 -0
- package/migrations/pg/0004_tenant_default_unique.down.sql +1 -0
- package/migrations/pg/0004_tenant_default_unique.sql +14 -0
- package/migrations/pg/0005_hot_indexes_timestamptz.down.sql +71 -0
- package/migrations/pg/0005_hot_indexes_timestamptz.sql +71 -0
- package/migrations/pg/0006_canonical_email.down.sql +3 -0
- package/migrations/pg/0006_canonical_email.sql +8 -0
- package/migrations/pg/0007_audit_chain_anchor.down.sql +1 -0
- package/migrations/pg/0007_audit_chain_anchor.sql +8 -0
- package/migrations/pg/0008_two_factor_hardening.down.sql +8 -0
- package/migrations/pg/0008_two_factor_hardening.sql +8 -0
- package/migrations/pg/0009_encrypt_totp_secrets.down.sql +2 -0
- package/migrations/pg/0009_encrypt_totp_secrets.sql +5 -0
- package/migrations/pg/0010_bigint_append_only_ids.down.sql +2 -0
- package/migrations/pg/0010_bigint_append_only_ids.sql +23 -0
- package/migrations/sqlite/0001_schema_version.down.sql +2 -0
- package/migrations/sqlite/0001_schema_version.sql +8 -0
- package/migrations/sqlite/0002_initial_schema.down.sql +36 -0
- package/migrations/sqlite/0002_initial_schema.sql +376 -0
- package/migrations/sqlite/0003_auth_continuation.down.sql +27 -0
- package/migrations/sqlite/0003_auth_continuation.sql +45 -0
- package/migrations/sqlite/0004_tenant_default_unique.down.sql +1 -0
- package/migrations/sqlite/0004_tenant_default_unique.sql +13 -0
- package/migrations/sqlite/0005_hot_indexes_timestamptz.down.sql +10 -0
- package/migrations/sqlite/0005_hot_indexes_timestamptz.sql +10 -0
- package/migrations/sqlite/0006_canonical_email.down.sql +3 -0
- package/migrations/sqlite/0006_canonical_email.sql +8 -0
- package/migrations/sqlite/0007_audit_chain_anchor.down.sql +1 -0
- package/migrations/sqlite/0007_audit_chain_anchor.sql +8 -0
- package/migrations/sqlite/0008_two_factor_hardening.down.sql +14 -0
- package/migrations/sqlite/0008_two_factor_hardening.sql +7 -0
- package/migrations/sqlite/0009_encrypt_totp_secrets.down.sql +2 -0
- package/migrations/sqlite/0009_encrypt_totp_secrets.sql +5 -0
- package/migrations/sqlite/0010_bigint_append_only_ids.down.sql +1 -0
- package/migrations/sqlite/0010_bigint_append_only_ids.sql +2 -0
- package/package.json +398 -0
- package/src/adapters/database/index.ts +63 -0
- package/src/adapters/database/types.ts +22 -0
- package/src/changelog-script.test.ts +21 -0
- package/src/cli.test.ts +79 -0
- package/src/core/auth/auth-admin.test.ts +247 -0
- package/src/core/auth/auth-endpoints.ts +558 -0
- package/src/core/auth/auth-observer.test.ts +191 -0
- package/src/core/auth/auth-service.ts +1464 -0
- package/src/core/auth/email.test.ts +17 -0
- package/src/core/auth/email.ts +11 -0
- package/src/core/auth/hooks.test.ts +251 -0
- package/src/core/auth/impersonation.test.ts +179 -0
- package/src/core/auth/jwt.test.ts +184 -0
- package/src/core/auth/jwt.ts +239 -0
- package/src/core/auth/login-timing.test.ts +77 -0
- package/src/core/auth/password-policy.test.ts +253 -0
- package/src/core/auth/password-policy.ts +220 -0
- package/src/core/auth/password.test.ts +42 -0
- package/src/core/auth/password.ts +62 -0
- package/src/core/auth/post-auth-gate.test.ts +258 -0
- package/src/core/auth/post-auth-gate.ts +228 -0
- package/src/core/auth/refresh-token.test.ts +86 -0
- package/src/core/auth/refresh-token.ts +105 -0
- package/src/core/auth/timing-safe.ts +23 -0
- package/src/core/config.ts +212 -0
- package/src/core/endpoint.ts +149 -0
- package/src/core/errors.ts +199 -0
- package/src/core/fetcher-interop.test.ts +106 -0
- package/src/core/fortress.test.ts +354 -0
- package/src/core/fortress.ts +550 -0
- package/src/core/http/call.test.ts +148 -0
- package/src/core/http/call.ts +149 -0
- package/src/core/http/cookie-serialize.test.ts +198 -0
- package/src/core/http/cookie-serialize.ts +107 -0
- package/src/core/http/csrf.test.ts +140 -0
- package/src/core/http/csrf.ts +173 -0
- package/src/core/http/dispatch.ts +652 -0
- package/src/core/http/error-response.test.ts +69 -0
- package/src/core/http/error-response.ts +93 -0
- package/src/core/http/fortress-rbac.test.ts +43 -0
- package/src/core/http/fortress-rbac.ts +127 -0
- package/src/core/http/handle-request.test.ts +441 -0
- package/src/core/http/handle-request.ts +354 -0
- package/src/core/http/match.test.ts +122 -0
- package/src/core/http/match.ts +126 -0
- package/src/core/http/outbound.test.ts +34 -0
- package/src/core/http/outbound.ts +105 -0
- package/src/core/http/plugin-middleware.ts +67 -0
- package/src/core/http/principal.test.ts +345 -0
- package/src/core/http/principal.ts +86 -0
- package/src/core/http/protect.test.ts +220 -0
- package/src/core/http/protect.ts +394 -0
- package/src/core/http/token-extraction.test.ts +59 -0
- package/src/core/http/token-extraction.ts +53 -0
- package/src/core/iam/explain.test.ts +177 -0
- package/src/core/iam/explain.ts +302 -0
- package/src/core/iam/iam-endpoints.ts +779 -0
- package/src/core/iam/iam-service.test.ts +829 -0
- package/src/core/iam/iam-service.ts +1137 -0
- package/src/core/iam/permission-cache.test.ts +115 -0
- package/src/core/iam/permission-cache.ts +71 -0
- package/src/core/iam/permission-check-observer.test.ts +90 -0
- package/src/core/iam/permission-evaluator.test.ts +291 -0
- package/src/core/iam/permission-evaluator.ts +198 -0
- package/src/core/iam/permission-sync.test.ts +166 -0
- package/src/core/iam/permission-sync.ts +192 -0
- package/src/core/iam/resource-sync.test.ts +70 -0
- package/src/core/iam/resource-sync.ts +182 -0
- package/src/core/iam/service-account-http.test.ts +529 -0
- package/src/core/iam/service-account.test.ts +282 -0
- package/src/core/internal-adapter.test.ts +389 -0
- package/src/core/internal-adapter.ts +435 -0
- package/src/core/json-schema.ts +50 -0
- package/src/core/manifest/__snapshots__/route-manifest.test.ts.snap +192 -0
- package/src/core/manifest/drift.ts +103 -0
- package/src/core/manifest/route-manifest.test.ts +142 -0
- package/src/core/manifest/route-manifest.ts +154 -0
- package/src/core/migrate.test.ts +72 -0
- package/src/core/migrations/engine.test.ts +308 -0
- package/src/core/migrations/engine.ts +548 -0
- package/src/core/migrations/migrations.ts +1771 -0
- package/src/core/migrations/pg-migration.integration-test.ts +353 -0
- package/src/core/migrations/upgrade-fixture.test.ts +378 -0
- package/src/core/observability/db-instrumentation.ts +205 -0
- package/src/core/observability/listener-list.test.ts +124 -0
- package/src/core/observability/listener-list.ts +73 -0
- package/src/core/observability/logger.test.ts +43 -0
- package/src/core/observability/logger.ts +49 -0
- package/src/core/observability/spans.test.ts +193 -0
- package/src/core/observability/types.ts +80 -0
- package/src/core/openapi-drift.test.ts +41 -0
- package/src/core/openapi.ts +47 -0
- package/src/core/plugin-methods-map.ts +75 -0
- package/src/core/plugin-runner.test.ts +233 -0
- package/src/core/plugin-runner.ts +276 -0
- package/src/core/plugin.ts +210 -0
- package/src/core/policy/apply.ts +272 -0
- package/src/core/policy/diff.ts +288 -0
- package/src/core/policy/loader.test.ts +63 -0
- package/src/core/policy/loader.ts +214 -0
- package/src/core/policy/policy.test.ts +232 -0
- package/src/core/policy/types.ts +105 -0
- package/src/core/schema-builder.test.ts +660 -0
- package/src/core/schema-builder.ts +881 -0
- package/src/core/standard-schema.ts +56 -0
- package/src/core/types.ts +258 -0
- package/src/core/validation.test.ts +195 -0
- package/src/core/validation.ts +192 -0
- package/src/drizzle/adapter.test.ts +425 -0
- package/src/drizzle/adapter.ts +474 -0
- package/src/drizzle/index.ts +31 -0
- package/src/drizzle/pg/adapter.integration-test.ts +456 -0
- package/src/drizzle/pg/index.ts +13 -0
- package/src/drizzle/pg/pg.integration-test.ts +1539 -0
- package/src/drizzle/pg/schema.ts +539 -0
- package/src/drizzle/pg-error-map.test.ts +218 -0
- package/src/drizzle/pg-error-map.ts +151 -0
- package/src/drizzle/schema.ts +544 -0
- package/src/drizzle/sqlite-serialization.test.ts +106 -0
- package/src/express/express-api-key-user-routes.test.ts +241 -0
- package/src/express/express.test.ts +442 -0
- package/src/express/handle.ts +191 -0
- package/src/express/index.ts +62 -0
- package/src/express/middleware.ts +551 -0
- package/src/express/protect.ts +154 -0
- package/src/express/validated.test.ts +86 -0
- package/src/express/validated.ts +99 -0
- package/src/fetcher/index.ts +81 -0
- package/src/hono/convert-routes.test.ts +220 -0
- package/src/hono/convert-routes.ts +196 -0
- package/src/hono/converters.test.ts +50 -0
- package/src/hono/converters.ts +43 -0
- package/src/hono/handle.ts +79 -0
- package/src/hono/helpers.ts +2 -0
- package/src/hono/hono-api-key-user-routes.test.ts +225 -0
- package/src/hono/hono-handlers.test.ts +861 -0
- package/src/hono/hono.test.ts +454 -0
- package/src/hono/index.ts +101 -0
- package/src/hono/middleware/auth.ts +236 -0
- package/src/hono/middleware/auth.types.test.ts +94 -0
- package/src/hono/middleware/csrf.test.ts +127 -0
- package/src/hono/middleware/csrf.ts +68 -0
- package/src/hono/middleware/error-handler.ts +12 -0
- package/src/hono/middleware/plugin-middleware.ts +35 -0
- package/src/hono/middleware/rbac.ts +131 -0
- package/src/hono/middleware/security-headers.test.ts +88 -0
- package/src/hono/middleware/security-headers.ts +68 -0
- package/src/hono/openapi.ts +237 -0
- package/src/hono/protect.ts +87 -0
- package/src/hono/validated.test.ts +123 -0
- package/src/hono/validated.ts +62 -0
- package/src/index.ts +309 -0
- package/src/integration.test.ts +718 -0
- package/src/internal/changelog.ts +56 -0
- package/src/otel/index.ts +158 -0
- package/src/otel/otel-types.test.ts +35 -0
- package/src/otel/otel.test.ts +235 -0
- package/src/plugins/account-lockout/account-lockout.test.ts +367 -0
- package/src/plugins/account-lockout/index.ts +267 -0
- package/src/plugins/admin/admin-api-key.test.ts +438 -0
- package/src/plugins/admin/index.ts +1612 -0
- package/src/plugins/api-key/api-key.test.ts +684 -0
- package/src/plugins/api-key/core.ts +336 -0
- package/src/plugins/api-key/index.ts +315 -0
- package/src/plugins/audit-log/audit-log.test.ts +749 -0
- package/src/plugins/audit-log/index.ts +680 -0
- package/src/plugins/data-isolation/data-isolation.test.ts +197 -0
- package/src/plugins/data-isolation/index.ts +157 -0
- package/src/plugins/email-verification/email-verification.test.ts +199 -0
- package/src/plugins/email-verification/index.ts +190 -0
- package/src/plugins/magic-link/index.ts +129 -0
- package/src/plugins/magic-link/magic-link.test.ts +156 -0
- package/src/plugins/oauth/id-token.ts +86 -0
- package/src/plugins/oauth/index.ts +2145 -0
- package/src/plugins/oauth/jwks.test.ts +32 -0
- package/src/plugins/oauth/jwks.ts +182 -0
- package/src/plugins/oauth/oauth.test.ts +2220 -0
- package/src/plugins/oauth/pkce.ts +58 -0
- package/src/plugins/openapi/index.ts +298 -0
- package/src/plugins/openapi/openapi.test.ts +425 -0
- package/src/plugins/openapi/spec-builder.ts +287 -0
- package/src/plugins/rate-limit/express.test.ts +89 -0
- package/src/plugins/rate-limit/express.ts +86 -0
- package/src/plugins/rate-limit/hono.test.ts +60 -0
- package/src/plugins/rate-limit/hono.ts +74 -0
- package/src/plugins/rate-limit/index.ts +383 -0
- package/src/plugins/rate-limit/memory-store.ts +61 -0
- package/src/plugins/rate-limit/rate-limit.test.ts +756 -0
- package/src/plugins/rate-limit/sveltekit.test.ts +58 -0
- package/src/plugins/rate-limit/sveltekit.ts +66 -0
- package/src/plugins/social-login/index.ts +715 -0
- package/src/plugins/social-login/providers/apple.ts +34 -0
- package/src/plugins/social-login/providers/discord.ts +26 -0
- package/src/plugins/social-login/providers/github.ts +54 -0
- package/src/plugins/social-login/providers/google.ts +23 -0
- package/src/plugins/social-login/providers/index.ts +22 -0
- package/src/plugins/social-login/providers/microsoft.ts +35 -0
- package/src/plugins/social-login/providers/oidc.ts +37 -0
- package/src/plugins/social-login/providers/providers.test.ts +211 -0
- package/src/plugins/social-login/social-login.test.ts +675 -0
- package/src/plugins/social-login/types.ts +80 -0
- package/src/plugins/tenancy/index.ts +544 -0
- package/src/plugins/tenancy/tenancy.test.ts +323 -0
- package/src/plugins/two-factor/index.ts +569 -0
- package/src/plugins/two-factor/two-factor.test.ts +235 -0
- package/src/plugins/webauthn/index.ts +554 -0
- package/src/plugins/webauthn/webauthn.test.ts +472 -0
- package/src/plugins/webhook/builtin-events.ts +29 -0
- package/src/plugins/webhook/delivery.test.ts +51 -0
- package/src/plugins/webhook/delivery.ts +154 -0
- package/src/plugins/webhook/hooks.ts +89 -0
- package/src/plugins/webhook/index.ts +445 -0
- package/src/plugins/webhook/queue/database.ts +67 -0
- package/src/plugins/webhook/queue/in-memory.test.ts +48 -0
- package/src/plugins/webhook/queue/in-memory.ts +71 -0
- package/src/plugins/webhook/queue/types.ts +51 -0
- package/src/plugins/webhook/registry.test.ts +48 -0
- package/src/plugins/webhook/registry.ts +64 -0
- package/src/plugins/webhook/signing.ts +45 -0
- package/src/plugins/webhook/ssrf.ts +198 -0
- package/src/plugins/webhook/types.ts +138 -0
- package/src/plugins/webhook/webhook.test.ts +324 -0
- package/src/sveltekit/actions.ts +233 -0
- package/src/sveltekit/catch-all.ts +43 -0
- package/src/sveltekit/cookies.ts +136 -0
- package/src/sveltekit/handle.ts +356 -0
- package/src/sveltekit/helpers.ts +69 -0
- package/src/sveltekit/index.ts +74 -0
- package/src/sveltekit/protect.ts +80 -0
- package/src/sveltekit/sveltekit-types.test.ts +31 -0
- package/src/sveltekit/sveltekit.test.ts +799 -0
- package/src/sveltekit/types.ts +134 -0
- package/src/sveltekit/validated.test.ts +117 -0
- package/src/sveltekit/validated.ts +78 -0
- package/src/testing/adapter-conformance.test.ts +408 -0
- package/src/testing/checks.test.ts +124 -0
- package/src/testing/checks.ts +304 -0
- package/src/testing/index.ts +107 -0
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __defProp = Object.defineProperty;
|
|
3
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
+
var __export = (target, all) => {
|
|
7
|
+
for (var name in all)
|
|
8
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
+
};
|
|
10
|
+
var __copyProps = (to, from, except, desc) => {
|
|
11
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
+
for (let key of __getOwnPropNames(from))
|
|
13
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
+
}
|
|
16
|
+
return to;
|
|
17
|
+
};
|
|
18
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
+
|
|
20
|
+
// src/plugins/rate-limit/express.ts
|
|
21
|
+
var express_exports = {};
|
|
22
|
+
__export(express_exports, {
|
|
23
|
+
expressRateLimit: () => expressRateLimit
|
|
24
|
+
});
|
|
25
|
+
module.exports = __toCommonJS(express_exports);
|
|
26
|
+
function defaultExtractIp(req) {
|
|
27
|
+
if (req.ip)
|
|
28
|
+
return req.ip;
|
|
29
|
+
const xff = req.headers["x-forwarded-for"];
|
|
30
|
+
if (typeof xff === "string")
|
|
31
|
+
return xff.split(",")[0].trim();
|
|
32
|
+
if (Array.isArray(xff) && xff.length > 0)
|
|
33
|
+
return xff[0].split(",")[0].trim();
|
|
34
|
+
const xri = req.headers["x-real-ip"];
|
|
35
|
+
return typeof xri === "string" ? xri : void 0;
|
|
36
|
+
}
|
|
37
|
+
function expressRateLimit(fortress, ruleName, options = {}) {
|
|
38
|
+
const methods = fortress.plugins["rate-limit"];
|
|
39
|
+
if (!methods?.check) {
|
|
40
|
+
throw new Error(
|
|
41
|
+
"rate-limit plugin is not registered \u2014 add rateLimit({...}) to your FortressConfig.plugins"
|
|
42
|
+
);
|
|
43
|
+
}
|
|
44
|
+
const extractIp = options.extractIp ?? defaultExtractIp;
|
|
45
|
+
const keyByUser = options.keyByUser ?? true;
|
|
46
|
+
return (req, _res, next) => {
|
|
47
|
+
const ip = extractIp(req);
|
|
48
|
+
const userId = keyByUser ? req.fortressUserId : void 0;
|
|
49
|
+
methods.check(ruleName, { ip, userId }).then(() => next()).catch(next);
|
|
50
|
+
};
|
|
51
|
+
}
|
|
52
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
53
|
+
0 && (module.exports = {
|
|
54
|
+
expressRateLimit
|
|
55
|
+
});
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
import { F as Fortress } from '../../fortress-BmSvFfqK.cjs';
|
|
2
|
+
import '../../index-D054pcb-.cjs';
|
|
3
|
+
import '../../config-GtlVt6ZD.cjs';
|
|
4
|
+
import '../../index-CxEkfCA0.cjs';
|
|
5
|
+
import '../../jwt.cjs';
|
|
6
|
+
import '../../types-et0R8tsC.cjs';
|
|
7
|
+
import '../../auth-service-BcyQ2PuZ.cjs';
|
|
8
|
+
import '../api-key.cjs';
|
|
9
|
+
import '../audit-log.cjs';
|
|
10
|
+
import '../data-isolation.cjs';
|
|
11
|
+
import '../email-verification.cjs';
|
|
12
|
+
import '../magic-link.cjs';
|
|
13
|
+
import '../oauth.cjs';
|
|
14
|
+
import '../social-login.cjs';
|
|
15
|
+
import '../tenancy.cjs';
|
|
16
|
+
import '../two-factor.cjs';
|
|
17
|
+
import '../webauthn.cjs';
|
|
18
|
+
import '@simplewebauthn/server';
|
|
19
|
+
|
|
20
|
+
/**
|
|
21
|
+
* Express middleware wrapper for the rate-limit plugin.
|
|
22
|
+
*
|
|
23
|
+
* Thin adapter that extracts the client IP (and optional authenticated
|
|
24
|
+
* userId) from an Express request and delegates to
|
|
25
|
+
* `fortress.plugins['rate-limit'].check(rule, keys)`. A `FortressError` with
|
|
26
|
+
* code `RATE_LIMITED` is passed to `next(err)` on exceed — the Express error
|
|
27
|
+
* middleware (`createErrorMiddleware` from `@bajustone/fortress/express`)
|
|
28
|
+
* renders a proper 429 with `Retry-After`.
|
|
29
|
+
*
|
|
30
|
+
* @example
|
|
31
|
+
* ```ts
|
|
32
|
+
* import express from 'express';
|
|
33
|
+
* import { expressRateLimit } from '@bajustone/fortress/plugins/rate-limit/express';
|
|
34
|
+
*
|
|
35
|
+
* const app = express();
|
|
36
|
+
* app.use('/api', expressRateLimit(fortress, 'api'));
|
|
37
|
+
* ```
|
|
38
|
+
*
|
|
39
|
+
* @module
|
|
40
|
+
*/
|
|
41
|
+
|
|
42
|
+
/** Shape fortress reads from; compatible with any modern Express request. */
|
|
43
|
+
interface MinimalExpressRequest {
|
|
44
|
+
ip?: string;
|
|
45
|
+
headers: Record<string, string | string[] | undefined>;
|
|
46
|
+
fortressUserId?: string;
|
|
47
|
+
}
|
|
48
|
+
interface ExpressRateLimitOptions {
|
|
49
|
+
/**
|
|
50
|
+
* Include the authenticated user in the key (requires fortress auth
|
|
51
|
+
* middleware to have run first, populating `req.fortressUserId`). Defaults
|
|
52
|
+
* to `true` — falls back to IP-only when no user is present.
|
|
53
|
+
*/
|
|
54
|
+
keyByUser?: boolean;
|
|
55
|
+
/** Override IP extraction. Default uses `req.ip` then forwarding headers. */
|
|
56
|
+
extractIp?: (req: MinimalExpressRequest) => string | undefined;
|
|
57
|
+
}
|
|
58
|
+
/**
|
|
59
|
+
* Returns an Express middleware that rate-limits requests against the named
|
|
60
|
+
* rule defined in your `rateLimit({ rules: { ... } })` config.
|
|
61
|
+
*/
|
|
62
|
+
declare function expressRateLimit(fortress: Fortress, ruleName: string, options?: ExpressRateLimitOptions): (req: MinimalExpressRequest, _res: unknown, next: (err?: unknown) => void) => void;
|
|
63
|
+
|
|
64
|
+
export { type ExpressRateLimitOptions, type MinimalExpressRequest, expressRateLimit };
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
import { F as Fortress } from '../../fortress-uA-_cheR.js';
|
|
2
|
+
import '../../index-jAMbbUAY.js';
|
|
3
|
+
import '../../config-B2366s_G.js';
|
|
4
|
+
import '../../index-CxEkfCA0.js';
|
|
5
|
+
import '../../jwt.js';
|
|
6
|
+
import '../../types-et0R8tsC.js';
|
|
7
|
+
import '../../auth-service-BkzZkWfH.js';
|
|
8
|
+
import '../api-key.js';
|
|
9
|
+
import '../audit-log.js';
|
|
10
|
+
import '../data-isolation.js';
|
|
11
|
+
import '../email-verification.js';
|
|
12
|
+
import '../magic-link.js';
|
|
13
|
+
import '../oauth.js';
|
|
14
|
+
import '../social-login.js';
|
|
15
|
+
import '../tenancy.js';
|
|
16
|
+
import '../two-factor.js';
|
|
17
|
+
import '../webauthn.js';
|
|
18
|
+
import '@simplewebauthn/server';
|
|
19
|
+
|
|
20
|
+
/**
|
|
21
|
+
* Express middleware wrapper for the rate-limit plugin.
|
|
22
|
+
*
|
|
23
|
+
* Thin adapter that extracts the client IP (and optional authenticated
|
|
24
|
+
* userId) from an Express request and delegates to
|
|
25
|
+
* `fortress.plugins['rate-limit'].check(rule, keys)`. A `FortressError` with
|
|
26
|
+
* code `RATE_LIMITED` is passed to `next(err)` on exceed — the Express error
|
|
27
|
+
* middleware (`createErrorMiddleware` from `@bajustone/fortress/express`)
|
|
28
|
+
* renders a proper 429 with `Retry-After`.
|
|
29
|
+
*
|
|
30
|
+
* @example
|
|
31
|
+
* ```ts
|
|
32
|
+
* import express from 'express';
|
|
33
|
+
* import { expressRateLimit } from '@bajustone/fortress/plugins/rate-limit/express';
|
|
34
|
+
*
|
|
35
|
+
* const app = express();
|
|
36
|
+
* app.use('/api', expressRateLimit(fortress, 'api'));
|
|
37
|
+
* ```
|
|
38
|
+
*
|
|
39
|
+
* @module
|
|
40
|
+
*/
|
|
41
|
+
|
|
42
|
+
/** Shape fortress reads from; compatible with any modern Express request. */
|
|
43
|
+
interface MinimalExpressRequest {
|
|
44
|
+
ip?: string;
|
|
45
|
+
headers: Record<string, string | string[] | undefined>;
|
|
46
|
+
fortressUserId?: string;
|
|
47
|
+
}
|
|
48
|
+
interface ExpressRateLimitOptions {
|
|
49
|
+
/**
|
|
50
|
+
* Include the authenticated user in the key (requires fortress auth
|
|
51
|
+
* middleware to have run first, populating `req.fortressUserId`). Defaults
|
|
52
|
+
* to `true` — falls back to IP-only when no user is present.
|
|
53
|
+
*/
|
|
54
|
+
keyByUser?: boolean;
|
|
55
|
+
/** Override IP extraction. Default uses `req.ip` then forwarding headers. */
|
|
56
|
+
extractIp?: (req: MinimalExpressRequest) => string | undefined;
|
|
57
|
+
}
|
|
58
|
+
/**
|
|
59
|
+
* Returns an Express middleware that rate-limits requests against the named
|
|
60
|
+
* rule defined in your `rateLimit({ rules: { ... } })` config.
|
|
61
|
+
*/
|
|
62
|
+
declare function expressRateLimit(fortress: Fortress, ruleName: string, options?: ExpressRateLimitOptions): (req: MinimalExpressRequest, _res: unknown, next: (err?: unknown) => void) => void;
|
|
63
|
+
|
|
64
|
+
export { type ExpressRateLimitOptions, type MinimalExpressRequest, expressRateLimit };
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
// src/plugins/rate-limit/express.ts
|
|
2
|
+
function defaultExtractIp(req) {
|
|
3
|
+
if (req.ip)
|
|
4
|
+
return req.ip;
|
|
5
|
+
const xff = req.headers["x-forwarded-for"];
|
|
6
|
+
if (typeof xff === "string")
|
|
7
|
+
return xff.split(",")[0].trim();
|
|
8
|
+
if (Array.isArray(xff) && xff.length > 0)
|
|
9
|
+
return xff[0].split(",")[0].trim();
|
|
10
|
+
const xri = req.headers["x-real-ip"];
|
|
11
|
+
return typeof xri === "string" ? xri : void 0;
|
|
12
|
+
}
|
|
13
|
+
function expressRateLimit(fortress, ruleName, options = {}) {
|
|
14
|
+
const methods = fortress.plugins["rate-limit"];
|
|
15
|
+
if (!methods?.check) {
|
|
16
|
+
throw new Error(
|
|
17
|
+
"rate-limit plugin is not registered \u2014 add rateLimit({...}) to your FortressConfig.plugins"
|
|
18
|
+
);
|
|
19
|
+
}
|
|
20
|
+
const extractIp = options.extractIp ?? defaultExtractIp;
|
|
21
|
+
const keyByUser = options.keyByUser ?? true;
|
|
22
|
+
return (req, _res, next) => {
|
|
23
|
+
const ip = extractIp(req);
|
|
24
|
+
const userId = keyByUser ? req.fortressUserId : void 0;
|
|
25
|
+
methods.check(ruleName, { ip, userId }).then(() => next()).catch(next);
|
|
26
|
+
};
|
|
27
|
+
}
|
|
28
|
+
export {
|
|
29
|
+
expressRateLimit
|
|
30
|
+
};
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __defProp = Object.defineProperty;
|
|
3
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
+
var __export = (target, all) => {
|
|
7
|
+
for (var name in all)
|
|
8
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
+
};
|
|
10
|
+
var __copyProps = (to, from, except, desc) => {
|
|
11
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
+
for (let key of __getOwnPropNames(from))
|
|
13
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
+
}
|
|
16
|
+
return to;
|
|
17
|
+
};
|
|
18
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
+
|
|
20
|
+
// src/plugins/rate-limit/hono.ts
|
|
21
|
+
var hono_exports = {};
|
|
22
|
+
__export(hono_exports, {
|
|
23
|
+
honoRateLimit: () => honoRateLimit
|
|
24
|
+
});
|
|
25
|
+
module.exports = __toCommonJS(hono_exports);
|
|
26
|
+
function defaultExtractIp(c) {
|
|
27
|
+
const xff = c.req.header("x-forwarded-for");
|
|
28
|
+
if (xff)
|
|
29
|
+
return xff.split(",")[0].trim();
|
|
30
|
+
return c.req.header("x-real-ip");
|
|
31
|
+
}
|
|
32
|
+
function honoRateLimit(fortress, ruleName, options = {}) {
|
|
33
|
+
const methods = fortress.plugins["rate-limit"];
|
|
34
|
+
if (!methods?.check) {
|
|
35
|
+
throw new Error(
|
|
36
|
+
"rate-limit plugin is not registered \u2014 add rateLimit({...}) to your FortressConfig.plugins"
|
|
37
|
+
);
|
|
38
|
+
}
|
|
39
|
+
const extractIp = options.extractIp ?? defaultExtractIp;
|
|
40
|
+
const keyByUser = options.keyByUser ?? true;
|
|
41
|
+
return async (c, next) => {
|
|
42
|
+
const ip = extractIp(c);
|
|
43
|
+
const userId = keyByUser ? c.get("fortressUserId") : void 0;
|
|
44
|
+
await methods.check(ruleName, { ip, userId });
|
|
45
|
+
await next();
|
|
46
|
+
};
|
|
47
|
+
}
|
|
48
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
49
|
+
0 && (module.exports = {
|
|
50
|
+
honoRateLimit
|
|
51
|
+
});
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
import { Context, MiddlewareHandler } from 'hono';
|
|
2
|
+
import { F as Fortress } from '../../fortress-BmSvFfqK.cjs';
|
|
3
|
+
import '../../index-D054pcb-.cjs';
|
|
4
|
+
import '../../config-GtlVt6ZD.cjs';
|
|
5
|
+
import '../../index-CxEkfCA0.cjs';
|
|
6
|
+
import '../../jwt.cjs';
|
|
7
|
+
import '../../types-et0R8tsC.cjs';
|
|
8
|
+
import '../../auth-service-BcyQ2PuZ.cjs';
|
|
9
|
+
import '../api-key.cjs';
|
|
10
|
+
import '../audit-log.cjs';
|
|
11
|
+
import '../data-isolation.cjs';
|
|
12
|
+
import '../email-verification.cjs';
|
|
13
|
+
import '../magic-link.cjs';
|
|
14
|
+
import '../oauth.cjs';
|
|
15
|
+
import '../social-login.cjs';
|
|
16
|
+
import '../tenancy.cjs';
|
|
17
|
+
import '../two-factor.cjs';
|
|
18
|
+
import '../webauthn.cjs';
|
|
19
|
+
import '@simplewebauthn/server';
|
|
20
|
+
|
|
21
|
+
/**
|
|
22
|
+
* Hono middleware wrapper for the rate-limit plugin.
|
|
23
|
+
*
|
|
24
|
+
* Thin adapter that extracts the client IP (and optional authenticated
|
|
25
|
+
* userId) from a Hono context and delegates to
|
|
26
|
+
* `fortress.plugins['rate-limit'].check(rule, keys)`. A `FortressError` with
|
|
27
|
+
* code `RATE_LIMITED` is thrown when the limit is exceeded — pair this with
|
|
28
|
+
* `createHonoMiddleware(fortress).errorHandler` (or any handler that calls
|
|
29
|
+
* `errorToResponse`) to render a proper 429 with `Retry-After`.
|
|
30
|
+
*
|
|
31
|
+
* @example
|
|
32
|
+
* ```ts
|
|
33
|
+
* import { Hono } from 'hono';
|
|
34
|
+
* import { honoRateLimit } from '@bajustone/fortress/plugins/rate-limit/hono';
|
|
35
|
+
*
|
|
36
|
+
* const app = new Hono();
|
|
37
|
+
* app.use('/api/*', honoRateLimit(fortress, 'api'));
|
|
38
|
+
* ```
|
|
39
|
+
*
|
|
40
|
+
* @module
|
|
41
|
+
*/
|
|
42
|
+
|
|
43
|
+
interface HonoRateLimitOptions {
|
|
44
|
+
/**
|
|
45
|
+
* Include the authenticated user in the key (requires fortress auth
|
|
46
|
+
* middleware to have run first, populating `fortressUserId`). Defaults to
|
|
47
|
+
* `true` — falls back to IP-only when no user is present.
|
|
48
|
+
*/
|
|
49
|
+
keyByUser?: boolean;
|
|
50
|
+
/** Override IP extraction. Default reads `X-Forwarded-For` then `X-Real-IP`. */
|
|
51
|
+
extractIp?: (c: Context) => string | undefined;
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* Returns a Hono middleware that rate-limits requests against the named rule
|
|
55
|
+
* defined in your `rateLimit({ rules: { ... } })` config.
|
|
56
|
+
*/
|
|
57
|
+
declare function honoRateLimit(fortress: Fortress, ruleName: string, options?: HonoRateLimitOptions): MiddlewareHandler;
|
|
58
|
+
|
|
59
|
+
export { type HonoRateLimitOptions, honoRateLimit };
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
import { Context, MiddlewareHandler } from 'hono';
|
|
2
|
+
import { F as Fortress } from '../../fortress-uA-_cheR.js';
|
|
3
|
+
import '../../index-jAMbbUAY.js';
|
|
4
|
+
import '../../config-B2366s_G.js';
|
|
5
|
+
import '../../index-CxEkfCA0.js';
|
|
6
|
+
import '../../jwt.js';
|
|
7
|
+
import '../../types-et0R8tsC.js';
|
|
8
|
+
import '../../auth-service-BkzZkWfH.js';
|
|
9
|
+
import '../api-key.js';
|
|
10
|
+
import '../audit-log.js';
|
|
11
|
+
import '../data-isolation.js';
|
|
12
|
+
import '../email-verification.js';
|
|
13
|
+
import '../magic-link.js';
|
|
14
|
+
import '../oauth.js';
|
|
15
|
+
import '../social-login.js';
|
|
16
|
+
import '../tenancy.js';
|
|
17
|
+
import '../two-factor.js';
|
|
18
|
+
import '../webauthn.js';
|
|
19
|
+
import '@simplewebauthn/server';
|
|
20
|
+
|
|
21
|
+
/**
|
|
22
|
+
* Hono middleware wrapper for the rate-limit plugin.
|
|
23
|
+
*
|
|
24
|
+
* Thin adapter that extracts the client IP (and optional authenticated
|
|
25
|
+
* userId) from a Hono context and delegates to
|
|
26
|
+
* `fortress.plugins['rate-limit'].check(rule, keys)`. A `FortressError` with
|
|
27
|
+
* code `RATE_LIMITED` is thrown when the limit is exceeded — pair this with
|
|
28
|
+
* `createHonoMiddleware(fortress).errorHandler` (or any handler that calls
|
|
29
|
+
* `errorToResponse`) to render a proper 429 with `Retry-After`.
|
|
30
|
+
*
|
|
31
|
+
* @example
|
|
32
|
+
* ```ts
|
|
33
|
+
* import { Hono } from 'hono';
|
|
34
|
+
* import { honoRateLimit } from '@bajustone/fortress/plugins/rate-limit/hono';
|
|
35
|
+
*
|
|
36
|
+
* const app = new Hono();
|
|
37
|
+
* app.use('/api/*', honoRateLimit(fortress, 'api'));
|
|
38
|
+
* ```
|
|
39
|
+
*
|
|
40
|
+
* @module
|
|
41
|
+
*/
|
|
42
|
+
|
|
43
|
+
interface HonoRateLimitOptions {
|
|
44
|
+
/**
|
|
45
|
+
* Include the authenticated user in the key (requires fortress auth
|
|
46
|
+
* middleware to have run first, populating `fortressUserId`). Defaults to
|
|
47
|
+
* `true` — falls back to IP-only when no user is present.
|
|
48
|
+
*/
|
|
49
|
+
keyByUser?: boolean;
|
|
50
|
+
/** Override IP extraction. Default reads `X-Forwarded-For` then `X-Real-IP`. */
|
|
51
|
+
extractIp?: (c: Context) => string | undefined;
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* Returns a Hono middleware that rate-limits requests against the named rule
|
|
55
|
+
* defined in your `rateLimit({ rules: { ... } })` config.
|
|
56
|
+
*/
|
|
57
|
+
declare function honoRateLimit(fortress: Fortress, ruleName: string, options?: HonoRateLimitOptions): MiddlewareHandler;
|
|
58
|
+
|
|
59
|
+
export { type HonoRateLimitOptions, honoRateLimit };
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
// src/plugins/rate-limit/hono.ts
|
|
2
|
+
function defaultExtractIp(c) {
|
|
3
|
+
const xff = c.req.header("x-forwarded-for");
|
|
4
|
+
if (xff)
|
|
5
|
+
return xff.split(",")[0].trim();
|
|
6
|
+
return c.req.header("x-real-ip");
|
|
7
|
+
}
|
|
8
|
+
function honoRateLimit(fortress, ruleName, options = {}) {
|
|
9
|
+
const methods = fortress.plugins["rate-limit"];
|
|
10
|
+
if (!methods?.check) {
|
|
11
|
+
throw new Error(
|
|
12
|
+
"rate-limit plugin is not registered \u2014 add rateLimit({...}) to your FortressConfig.plugins"
|
|
13
|
+
);
|
|
14
|
+
}
|
|
15
|
+
const extractIp = options.extractIp ?? defaultExtractIp;
|
|
16
|
+
const keyByUser = options.keyByUser ?? true;
|
|
17
|
+
return async (c, next) => {
|
|
18
|
+
const ip = extractIp(c);
|
|
19
|
+
const userId = keyByUser ? c.get("fortressUserId") : void 0;
|
|
20
|
+
await methods.check(ruleName, { ip, userId });
|
|
21
|
+
await next();
|
|
22
|
+
};
|
|
23
|
+
}
|
|
24
|
+
export {
|
|
25
|
+
honoRateLimit
|
|
26
|
+
};
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __defProp = Object.defineProperty;
|
|
3
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
+
var __export = (target, all) => {
|
|
7
|
+
for (var name in all)
|
|
8
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
+
};
|
|
10
|
+
var __copyProps = (to, from, except, desc) => {
|
|
11
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
+
for (let key of __getOwnPropNames(from))
|
|
13
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
+
}
|
|
16
|
+
return to;
|
|
17
|
+
};
|
|
18
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
+
|
|
20
|
+
// src/plugins/rate-limit/sveltekit.ts
|
|
21
|
+
var sveltekit_exports = {};
|
|
22
|
+
__export(sveltekit_exports, {
|
|
23
|
+
svelteKitRateLimit: () => svelteKitRateLimit
|
|
24
|
+
});
|
|
25
|
+
module.exports = __toCommonJS(sveltekit_exports);
|
|
26
|
+
function ipFromRequest(request) {
|
|
27
|
+
const xff = request.headers.get("x-forwarded-for");
|
|
28
|
+
if (xff)
|
|
29
|
+
return xff.split(",")[0].trim();
|
|
30
|
+
return request.headers.get("x-real-ip") ?? void 0;
|
|
31
|
+
}
|
|
32
|
+
async function svelteKitRateLimit(fortress, ruleName, event, options = {}) {
|
|
33
|
+
const methods = fortress.plugins["rate-limit"];
|
|
34
|
+
if (!methods?.check) {
|
|
35
|
+
throw new Error(
|
|
36
|
+
"rate-limit plugin is not registered \u2014 add rateLimit({...}) to your FortressConfig.plugins"
|
|
37
|
+
);
|
|
38
|
+
}
|
|
39
|
+
const keyByUser = options.keyByUser ?? true;
|
|
40
|
+
const userId = keyByUser ? event.locals?.fortressUserId : void 0;
|
|
41
|
+
await methods.check(ruleName, {
|
|
42
|
+
ip: ipFromRequest(event.request),
|
|
43
|
+
userId
|
|
44
|
+
});
|
|
45
|
+
}
|
|
46
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
47
|
+
0 && (module.exports = {
|
|
48
|
+
svelteKitRateLimit
|
|
49
|
+
});
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
import { F as Fortress } from '../../fortress-BmSvFfqK.cjs';
|
|
2
|
+
import '../../index-D054pcb-.cjs';
|
|
3
|
+
import '../../config-GtlVt6ZD.cjs';
|
|
4
|
+
import '../../index-CxEkfCA0.cjs';
|
|
5
|
+
import '../../jwt.cjs';
|
|
6
|
+
import '../../types-et0R8tsC.cjs';
|
|
7
|
+
import '../../auth-service-BcyQ2PuZ.cjs';
|
|
8
|
+
import '../api-key.cjs';
|
|
9
|
+
import '../audit-log.cjs';
|
|
10
|
+
import '../data-isolation.cjs';
|
|
11
|
+
import '../email-verification.cjs';
|
|
12
|
+
import '../magic-link.cjs';
|
|
13
|
+
import '../oauth.cjs';
|
|
14
|
+
import '../social-login.cjs';
|
|
15
|
+
import '../tenancy.cjs';
|
|
16
|
+
import '../two-factor.cjs';
|
|
17
|
+
import '../webauthn.cjs';
|
|
18
|
+
import '@simplewebauthn/server';
|
|
19
|
+
|
|
20
|
+
/**
|
|
21
|
+
* SvelteKit helper for the rate-limit plugin.
|
|
22
|
+
*
|
|
23
|
+
* Call from `hooks.server.ts` or inside a load/action to rate-limit a given
|
|
24
|
+
* route. Throws a `FortressError` with code `RATE_LIMITED` when the limit
|
|
25
|
+
* is exceeded — the fortress SvelteKit handle (or your own `handleError`)
|
|
26
|
+
* will render a proper 429 response via `errorToResponse`.
|
|
27
|
+
*
|
|
28
|
+
* @example
|
|
29
|
+
* ```ts
|
|
30
|
+
* // hooks.server.ts
|
|
31
|
+
* import { svelteKitRateLimit } from '@bajustone/fortress/plugins/rate-limit/sveltekit';
|
|
32
|
+
*
|
|
33
|
+
* export const handle = async ({ event, resolve }) => {
|
|
34
|
+
* if (event.url.pathname.startsWith('/api/')) {
|
|
35
|
+
* await svelteKitRateLimit(fortress, 'api', event);
|
|
36
|
+
* }
|
|
37
|
+
* return resolve(event);
|
|
38
|
+
* };
|
|
39
|
+
* ```
|
|
40
|
+
*
|
|
41
|
+
* @module
|
|
42
|
+
*/
|
|
43
|
+
|
|
44
|
+
interface SvelteKitRateLimitEvent {
|
|
45
|
+
request: Request;
|
|
46
|
+
locals?: {
|
|
47
|
+
fortressUserId?: string;
|
|
48
|
+
};
|
|
49
|
+
}
|
|
50
|
+
/**
|
|
51
|
+
* Run a rate-limit check against the named rule for the given SvelteKit
|
|
52
|
+
* request event. Returns void on pass; throws `FortressError` (RATE_LIMITED)
|
|
53
|
+
* on exceed.
|
|
54
|
+
*/
|
|
55
|
+
declare function svelteKitRateLimit(fortress: Fortress, ruleName: string, event: SvelteKitRateLimitEvent, options?: {
|
|
56
|
+
keyByUser?: boolean;
|
|
57
|
+
}): Promise<void>;
|
|
58
|
+
|
|
59
|
+
export { type SvelteKitRateLimitEvent, svelteKitRateLimit };
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
import { F as Fortress } from '../../fortress-uA-_cheR.js';
|
|
2
|
+
import '../../index-jAMbbUAY.js';
|
|
3
|
+
import '../../config-B2366s_G.js';
|
|
4
|
+
import '../../index-CxEkfCA0.js';
|
|
5
|
+
import '../../jwt.js';
|
|
6
|
+
import '../../types-et0R8tsC.js';
|
|
7
|
+
import '../../auth-service-BkzZkWfH.js';
|
|
8
|
+
import '../api-key.js';
|
|
9
|
+
import '../audit-log.js';
|
|
10
|
+
import '../data-isolation.js';
|
|
11
|
+
import '../email-verification.js';
|
|
12
|
+
import '../magic-link.js';
|
|
13
|
+
import '../oauth.js';
|
|
14
|
+
import '../social-login.js';
|
|
15
|
+
import '../tenancy.js';
|
|
16
|
+
import '../two-factor.js';
|
|
17
|
+
import '../webauthn.js';
|
|
18
|
+
import '@simplewebauthn/server';
|
|
19
|
+
|
|
20
|
+
/**
|
|
21
|
+
* SvelteKit helper for the rate-limit plugin.
|
|
22
|
+
*
|
|
23
|
+
* Call from `hooks.server.ts` or inside a load/action to rate-limit a given
|
|
24
|
+
* route. Throws a `FortressError` with code `RATE_LIMITED` when the limit
|
|
25
|
+
* is exceeded — the fortress SvelteKit handle (or your own `handleError`)
|
|
26
|
+
* will render a proper 429 response via `errorToResponse`.
|
|
27
|
+
*
|
|
28
|
+
* @example
|
|
29
|
+
* ```ts
|
|
30
|
+
* // hooks.server.ts
|
|
31
|
+
* import { svelteKitRateLimit } from '@bajustone/fortress/plugins/rate-limit/sveltekit';
|
|
32
|
+
*
|
|
33
|
+
* export const handle = async ({ event, resolve }) => {
|
|
34
|
+
* if (event.url.pathname.startsWith('/api/')) {
|
|
35
|
+
* await svelteKitRateLimit(fortress, 'api', event);
|
|
36
|
+
* }
|
|
37
|
+
* return resolve(event);
|
|
38
|
+
* };
|
|
39
|
+
* ```
|
|
40
|
+
*
|
|
41
|
+
* @module
|
|
42
|
+
*/
|
|
43
|
+
|
|
44
|
+
interface SvelteKitRateLimitEvent {
|
|
45
|
+
request: Request;
|
|
46
|
+
locals?: {
|
|
47
|
+
fortressUserId?: string;
|
|
48
|
+
};
|
|
49
|
+
}
|
|
50
|
+
/**
|
|
51
|
+
* Run a rate-limit check against the named rule for the given SvelteKit
|
|
52
|
+
* request event. Returns void on pass; throws `FortressError` (RATE_LIMITED)
|
|
53
|
+
* on exceed.
|
|
54
|
+
*/
|
|
55
|
+
declare function svelteKitRateLimit(fortress: Fortress, ruleName: string, event: SvelteKitRateLimitEvent, options?: {
|
|
56
|
+
keyByUser?: boolean;
|
|
57
|
+
}): Promise<void>;
|
|
58
|
+
|
|
59
|
+
export { type SvelteKitRateLimitEvent, svelteKitRateLimit };
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
// src/plugins/rate-limit/sveltekit.ts
|
|
2
|
+
function ipFromRequest(request) {
|
|
3
|
+
const xff = request.headers.get("x-forwarded-for");
|
|
4
|
+
if (xff)
|
|
5
|
+
return xff.split(",")[0].trim();
|
|
6
|
+
return request.headers.get("x-real-ip") ?? void 0;
|
|
7
|
+
}
|
|
8
|
+
async function svelteKitRateLimit(fortress, ruleName, event, options = {}) {
|
|
9
|
+
const methods = fortress.plugins["rate-limit"];
|
|
10
|
+
if (!methods?.check) {
|
|
11
|
+
throw new Error(
|
|
12
|
+
"rate-limit plugin is not registered \u2014 add rateLimit({...}) to your FortressConfig.plugins"
|
|
13
|
+
);
|
|
14
|
+
}
|
|
15
|
+
const keyByUser = options.keyByUser ?? true;
|
|
16
|
+
const userId = keyByUser ? event.locals?.fortressUserId : void 0;
|
|
17
|
+
await methods.check(ruleName, {
|
|
18
|
+
ip: ipFromRequest(event.request),
|
|
19
|
+
userId
|
|
20
|
+
});
|
|
21
|
+
}
|
|
22
|
+
export {
|
|
23
|
+
svelteKitRateLimit
|
|
24
|
+
};
|