@bajustone/fortress 1.0.0-rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +1011 -0
- package/LICENSE +21 -0
- package/README.md +760 -0
- package/SECURITY.md +197 -0
- package/bin/fortress.ts +667 -0
- package/dist/auth-service-BcyQ2PuZ.d.cts +307 -0
- package/dist/auth-service-BkzZkWfH.d.ts +307 -0
- package/dist/config-B2366s_G.d.ts +665 -0
- package/dist/config-GtlVt6ZD.d.cts +665 -0
- package/dist/convert-routes-BLCQT57f.d.ts +72 -0
- package/dist/convert-routes-BdMvP2_X.d.cts +72 -0
- package/dist/crypto.cjs +61 -0
- package/dist/crypto.d.cts +36 -0
- package/dist/crypto.d.ts +36 -0
- package/dist/crypto.js +35 -0
- package/dist/drift-BT1wtMDJ.d.cts +22 -0
- package/dist/drift-k9LiYpRP.d.ts +22 -0
- package/dist/drizzle/pg.cjs +481 -0
- package/dist/drizzle/pg.d.cts +15 -0
- package/dist/drizzle/pg.d.ts +15 -0
- package/dist/drizzle/pg.js +454 -0
- package/dist/drizzle.cjs +1442 -0
- package/dist/drizzle.d.cts +85 -0
- package/dist/drizzle.d.ts +85 -0
- package/dist/drizzle.js +1411 -0
- package/dist/express.cjs +1357 -0
- package/dist/express.d.cts +333 -0
- package/dist/express.d.ts +333 -0
- package/dist/express.js +1314 -0
- package/dist/fetcher.cjs +77 -0
- package/dist/fetcher.d.cts +7 -0
- package/dist/fetcher.d.ts +7 -0
- package/dist/fetcher.js +41 -0
- package/dist/fortress-BmSvFfqK.d.cts +1089 -0
- package/dist/fortress-uA-_cheR.d.ts +1089 -0
- package/dist/hono.cjs +1530 -0
- package/dist/hono.d.cts +514 -0
- package/dist/hono.d.ts +514 -0
- package/dist/hono.js +1483 -0
- package/dist/index-CxEkfCA0.d.cts +77 -0
- package/dist/index-CxEkfCA0.d.ts +77 -0
- package/dist/index-D054pcb-.d.cts +146 -0
- package/dist/index-jAMbbUAY.d.ts +146 -0
- package/dist/index.cjs +9046 -0
- package/dist/index.d.cts +717 -0
- package/dist/index.d.ts +717 -0
- package/dist/index.js +8935 -0
- package/dist/jwt.cjs +255 -0
- package/dist/jwt.d.cts +90 -0
- package/dist/jwt.d.ts +90 -0
- package/dist/jwt.js +227 -0
- package/dist/otel.cjs +108 -0
- package/dist/otel.d.cts +62 -0
- package/dist/otel.d.ts +62 -0
- package/dist/otel.js +73 -0
- package/dist/plugins/account-lockout.cjs +322 -0
- package/dist/plugins/account-lockout.d.cts +42 -0
- package/dist/plugins/account-lockout.d.ts +42 -0
- package/dist/plugins/account-lockout.js +295 -0
- package/dist/plugins/admin.cjs +2378 -0
- package/dist/plugins/admin.d.cts +72 -0
- package/dist/plugins/admin.d.ts +72 -0
- package/dist/plugins/admin.js +2351 -0
- package/dist/plugins/api-key.cjs +792 -0
- package/dist/plugins/api-key.d.cts +121 -0
- package/dist/plugins/api-key.d.ts +121 -0
- package/dist/plugins/api-key.js +765 -0
- package/dist/plugins/audit-log.cjs +493 -0
- package/dist/plugins/audit-log.d.cts +86 -0
- package/dist/plugins/audit-log.d.ts +86 -0
- package/dist/plugins/audit-log.js +468 -0
- package/dist/plugins/data-isolation.cjs +211 -0
- package/dist/plugins/data-isolation.d.cts +49 -0
- package/dist/plugins/data-isolation.d.ts +49 -0
- package/dist/plugins/data-isolation.js +186 -0
- package/dist/plugins/email-verification.cjs +273 -0
- package/dist/plugins/email-verification.d.cts +44 -0
- package/dist/plugins/email-verification.d.ts +44 -0
- package/dist/plugins/email-verification.js +246 -0
- package/dist/plugins/magic-link.cjs +231 -0
- package/dist/plugins/magic-link.d.cts +39 -0
- package/dist/plugins/magic-link.d.ts +39 -0
- package/dist/plugins/magic-link.js +204 -0
- package/dist/plugins/oauth.cjs +1696 -0
- package/dist/plugins/oauth.d.cts +406 -0
- package/dist/plugins/oauth.d.ts +406 -0
- package/dist/plugins/oauth.js +1669 -0
- package/dist/plugins/openapi.cjs +1185 -0
- package/dist/plugins/openapi.d.cts +6 -0
- package/dist/plugins/openapi.d.ts +6 -0
- package/dist/plugins/openapi.js +1158 -0
- package/dist/plugins/rate-limit/express.cjs +55 -0
- package/dist/plugins/rate-limit/express.d.cts +64 -0
- package/dist/plugins/rate-limit/express.d.ts +64 -0
- package/dist/plugins/rate-limit/express.js +30 -0
- package/dist/plugins/rate-limit/hono.cjs +51 -0
- package/dist/plugins/rate-limit/hono.d.cts +59 -0
- package/dist/plugins/rate-limit/hono.d.ts +59 -0
- package/dist/plugins/rate-limit/hono.js +26 -0
- package/dist/plugins/rate-limit/sveltekit.cjs +49 -0
- package/dist/plugins/rate-limit/sveltekit.d.cts +59 -0
- package/dist/plugins/rate-limit/sveltekit.d.ts +59 -0
- package/dist/plugins/rate-limit/sveltekit.js +24 -0
- package/dist/plugins/rate-limit.cjs +354 -0
- package/dist/plugins/rate-limit.d.cts +140 -0
- package/dist/plugins/rate-limit.d.ts +140 -0
- package/dist/plugins/rate-limit.js +325 -0
- package/dist/plugins/social-login.cjs +905 -0
- package/dist/plugins/social-login.d.cts +114 -0
- package/dist/plugins/social-login.d.ts +114 -0
- package/dist/plugins/social-login.js +880 -0
- package/dist/plugins/tenancy.cjs +780 -0
- package/dist/plugins/tenancy.d.cts +108 -0
- package/dist/plugins/tenancy.d.ts +108 -0
- package/dist/plugins/tenancy.js +753 -0
- package/dist/plugins/two-factor.cjs +555 -0
- package/dist/plugins/two-factor.d.cts +67 -0
- package/dist/plugins/two-factor.d.ts +67 -0
- package/dist/plugins/two-factor.js +526 -0
- package/dist/plugins/webauthn.cjs +786 -0
- package/dist/plugins/webauthn.d.cts +72 -0
- package/dist/plugins/webauthn.d.ts +72 -0
- package/dist/plugins/webauthn.js +766 -0
- package/dist/plugins/webhook.cjs +819 -0
- package/dist/plugins/webhook.d.cts +254 -0
- package/dist/plugins/webhook.d.ts +254 -0
- package/dist/plugins/webhook.js +789 -0
- package/dist/protect-D1v_0upK.d.cts +123 -0
- package/dist/protect-DsxV_-dJ.d.ts +123 -0
- package/dist/sveltekit.cjs +1258 -0
- package/dist/sveltekit.d.cts +420 -0
- package/dist/sveltekit.d.ts +420 -0
- package/dist/sveltekit.js +1207 -0
- package/dist/testing.cjs +4294 -0
- package/dist/testing.d.cts +197 -0
- package/dist/testing.d.ts +197 -0
- package/dist/testing.js +4264 -0
- package/dist/types-et0R8tsC.d.cts +217 -0
- package/dist/types-et0R8tsC.d.ts +217 -0
- package/docs/adapter-typed-helpers.md +192 -0
- package/docs/admin-recipes.md +227 -0
- package/docs/architecture.md +434 -0
- package/docs/ci/github-actions.yml +59 -0
- package/docs/ci.md +109 -0
- package/docs/compatibility.md +115 -0
- package/docs/deployment.md +305 -0
- package/docs/hardening.md +118 -0
- package/docs/host-owned-routes.md +154 -0
- package/docs/migrations/0001-schema-version.md +54 -0
- package/docs/migrations/0002-initial-schema.md +84 -0
- package/docs/migrations/upgrade-guide.md +160 -0
- package/docs/observability.md +394 -0
- package/docs/plugins/account-lockout.md +131 -0
- package/docs/plugins/admin.md +402 -0
- package/docs/plugins/api-key.md +327 -0
- package/docs/plugins/audit-log.md +261 -0
- package/docs/plugins/data-isolation.md +186 -0
- package/docs/plugins/email-verification.md +121 -0
- package/docs/plugins/magic-link.md +123 -0
- package/docs/plugins/oauth.md +544 -0
- package/docs/plugins/openapi.md +250 -0
- package/docs/plugins/rate-limit.md +223 -0
- package/docs/plugins/social-login.md +337 -0
- package/docs/plugins/tenancy.md +122 -0
- package/docs/plugins/two-factor.md +191 -0
- package/docs/plugins/webauthn.md +188 -0
- package/docs/plugins/webhook.md +242 -0
- package/docs/policy-as-code.md +156 -0
- package/docs/route-manifest.md +46 -0
- package/docs/security.md +261 -0
- package/docs/threat-model.md +161 -0
- package/examples/README.md +119 -0
- package/examples/express-app/index.ts +747 -0
- package/examples/hono-app/docker-compose.yml +14 -0
- package/examples/hono-app/index.ts +1009 -0
- package/examples/policy/fortress.policy.json +47 -0
- package/examples/sveltekit-app/README.md +125 -0
- package/examples/sveltekit-app/src/app.d.ts +16 -0
- package/examples/sveltekit-app/src/hooks.server.ts +23 -0
- package/examples/sveltekit-app/src/lib/server/fortress.ts +81 -0
- package/examples/sveltekit-app/src/routes/api/echo/[id]/+server.ts +32 -0
- package/examples/sveltekit-app/src/routes/api/fortress/[...path]/+server.ts +15 -0
- package/examples/sveltekit-app/src/routes/dashboard/+page.server.ts +20 -0
- package/examples/sveltekit-app/src/routes/login/+page.server.ts +48 -0
- package/examples/sveltekit-app/src/routes/oauth/consent/+page.server.ts +69 -0
- package/examples/sveltekit-app/src/routes/oauth/consent/+page.svelte +83 -0
- package/migrations/pg/0001_schema_version.down.sql +2 -0
- package/migrations/pg/0001_schema_version.sql +8 -0
- package/migrations/pg/0002_initial_schema.down.sql +36 -0
- package/migrations/pg/0002_initial_schema.sql +376 -0
- package/migrations/pg/0003_auth_continuation.down.sql +6 -0
- package/migrations/pg/0003_auth_continuation.sql +30 -0
- package/migrations/pg/0004_tenant_default_unique.down.sql +1 -0
- package/migrations/pg/0004_tenant_default_unique.sql +14 -0
- package/migrations/pg/0005_hot_indexes_timestamptz.down.sql +71 -0
- package/migrations/pg/0005_hot_indexes_timestamptz.sql +71 -0
- package/migrations/pg/0006_canonical_email.down.sql +3 -0
- package/migrations/pg/0006_canonical_email.sql +8 -0
- package/migrations/pg/0007_audit_chain_anchor.down.sql +1 -0
- package/migrations/pg/0007_audit_chain_anchor.sql +8 -0
- package/migrations/pg/0008_two_factor_hardening.down.sql +8 -0
- package/migrations/pg/0008_two_factor_hardening.sql +8 -0
- package/migrations/pg/0009_encrypt_totp_secrets.down.sql +2 -0
- package/migrations/pg/0009_encrypt_totp_secrets.sql +5 -0
- package/migrations/pg/0010_bigint_append_only_ids.down.sql +2 -0
- package/migrations/pg/0010_bigint_append_only_ids.sql +23 -0
- package/migrations/sqlite/0001_schema_version.down.sql +2 -0
- package/migrations/sqlite/0001_schema_version.sql +8 -0
- package/migrations/sqlite/0002_initial_schema.down.sql +36 -0
- package/migrations/sqlite/0002_initial_schema.sql +376 -0
- package/migrations/sqlite/0003_auth_continuation.down.sql +27 -0
- package/migrations/sqlite/0003_auth_continuation.sql +45 -0
- package/migrations/sqlite/0004_tenant_default_unique.down.sql +1 -0
- package/migrations/sqlite/0004_tenant_default_unique.sql +13 -0
- package/migrations/sqlite/0005_hot_indexes_timestamptz.down.sql +10 -0
- package/migrations/sqlite/0005_hot_indexes_timestamptz.sql +10 -0
- package/migrations/sqlite/0006_canonical_email.down.sql +3 -0
- package/migrations/sqlite/0006_canonical_email.sql +8 -0
- package/migrations/sqlite/0007_audit_chain_anchor.down.sql +1 -0
- package/migrations/sqlite/0007_audit_chain_anchor.sql +8 -0
- package/migrations/sqlite/0008_two_factor_hardening.down.sql +14 -0
- package/migrations/sqlite/0008_two_factor_hardening.sql +7 -0
- package/migrations/sqlite/0009_encrypt_totp_secrets.down.sql +2 -0
- package/migrations/sqlite/0009_encrypt_totp_secrets.sql +5 -0
- package/migrations/sqlite/0010_bigint_append_only_ids.down.sql +1 -0
- package/migrations/sqlite/0010_bigint_append_only_ids.sql +2 -0
- package/package.json +398 -0
- package/src/adapters/database/index.ts +63 -0
- package/src/adapters/database/types.ts +22 -0
- package/src/changelog-script.test.ts +21 -0
- package/src/cli.test.ts +79 -0
- package/src/core/auth/auth-admin.test.ts +247 -0
- package/src/core/auth/auth-endpoints.ts +558 -0
- package/src/core/auth/auth-observer.test.ts +191 -0
- package/src/core/auth/auth-service.ts +1464 -0
- package/src/core/auth/email.test.ts +17 -0
- package/src/core/auth/email.ts +11 -0
- package/src/core/auth/hooks.test.ts +251 -0
- package/src/core/auth/impersonation.test.ts +179 -0
- package/src/core/auth/jwt.test.ts +184 -0
- package/src/core/auth/jwt.ts +239 -0
- package/src/core/auth/login-timing.test.ts +77 -0
- package/src/core/auth/password-policy.test.ts +253 -0
- package/src/core/auth/password-policy.ts +220 -0
- package/src/core/auth/password.test.ts +42 -0
- package/src/core/auth/password.ts +62 -0
- package/src/core/auth/post-auth-gate.test.ts +258 -0
- package/src/core/auth/post-auth-gate.ts +228 -0
- package/src/core/auth/refresh-token.test.ts +86 -0
- package/src/core/auth/refresh-token.ts +105 -0
- package/src/core/auth/timing-safe.ts +23 -0
- package/src/core/config.ts +212 -0
- package/src/core/endpoint.ts +149 -0
- package/src/core/errors.ts +199 -0
- package/src/core/fetcher-interop.test.ts +106 -0
- package/src/core/fortress.test.ts +354 -0
- package/src/core/fortress.ts +550 -0
- package/src/core/http/call.test.ts +148 -0
- package/src/core/http/call.ts +149 -0
- package/src/core/http/cookie-serialize.test.ts +198 -0
- package/src/core/http/cookie-serialize.ts +107 -0
- package/src/core/http/csrf.test.ts +140 -0
- package/src/core/http/csrf.ts +173 -0
- package/src/core/http/dispatch.ts +652 -0
- package/src/core/http/error-response.test.ts +69 -0
- package/src/core/http/error-response.ts +93 -0
- package/src/core/http/fortress-rbac.test.ts +43 -0
- package/src/core/http/fortress-rbac.ts +127 -0
- package/src/core/http/handle-request.test.ts +441 -0
- package/src/core/http/handle-request.ts +354 -0
- package/src/core/http/match.test.ts +122 -0
- package/src/core/http/match.ts +126 -0
- package/src/core/http/outbound.test.ts +34 -0
- package/src/core/http/outbound.ts +105 -0
- package/src/core/http/plugin-middleware.ts +67 -0
- package/src/core/http/principal.test.ts +345 -0
- package/src/core/http/principal.ts +86 -0
- package/src/core/http/protect.test.ts +220 -0
- package/src/core/http/protect.ts +394 -0
- package/src/core/http/token-extraction.test.ts +59 -0
- package/src/core/http/token-extraction.ts +53 -0
- package/src/core/iam/explain.test.ts +177 -0
- package/src/core/iam/explain.ts +302 -0
- package/src/core/iam/iam-endpoints.ts +779 -0
- package/src/core/iam/iam-service.test.ts +829 -0
- package/src/core/iam/iam-service.ts +1137 -0
- package/src/core/iam/permission-cache.test.ts +115 -0
- package/src/core/iam/permission-cache.ts +71 -0
- package/src/core/iam/permission-check-observer.test.ts +90 -0
- package/src/core/iam/permission-evaluator.test.ts +291 -0
- package/src/core/iam/permission-evaluator.ts +198 -0
- package/src/core/iam/permission-sync.test.ts +166 -0
- package/src/core/iam/permission-sync.ts +192 -0
- package/src/core/iam/resource-sync.test.ts +70 -0
- package/src/core/iam/resource-sync.ts +182 -0
- package/src/core/iam/service-account-http.test.ts +529 -0
- package/src/core/iam/service-account.test.ts +282 -0
- package/src/core/internal-adapter.test.ts +389 -0
- package/src/core/internal-adapter.ts +435 -0
- package/src/core/json-schema.ts +50 -0
- package/src/core/manifest/__snapshots__/route-manifest.test.ts.snap +192 -0
- package/src/core/manifest/drift.ts +103 -0
- package/src/core/manifest/route-manifest.test.ts +142 -0
- package/src/core/manifest/route-manifest.ts +154 -0
- package/src/core/migrate.test.ts +72 -0
- package/src/core/migrations/engine.test.ts +308 -0
- package/src/core/migrations/engine.ts +548 -0
- package/src/core/migrations/migrations.ts +1771 -0
- package/src/core/migrations/pg-migration.integration-test.ts +353 -0
- package/src/core/migrations/upgrade-fixture.test.ts +378 -0
- package/src/core/observability/db-instrumentation.ts +205 -0
- package/src/core/observability/listener-list.test.ts +124 -0
- package/src/core/observability/listener-list.ts +73 -0
- package/src/core/observability/logger.test.ts +43 -0
- package/src/core/observability/logger.ts +49 -0
- package/src/core/observability/spans.test.ts +193 -0
- package/src/core/observability/types.ts +80 -0
- package/src/core/openapi-drift.test.ts +41 -0
- package/src/core/openapi.ts +47 -0
- package/src/core/plugin-methods-map.ts +75 -0
- package/src/core/plugin-runner.test.ts +233 -0
- package/src/core/plugin-runner.ts +276 -0
- package/src/core/plugin.ts +210 -0
- package/src/core/policy/apply.ts +272 -0
- package/src/core/policy/diff.ts +288 -0
- package/src/core/policy/loader.test.ts +63 -0
- package/src/core/policy/loader.ts +214 -0
- package/src/core/policy/policy.test.ts +232 -0
- package/src/core/policy/types.ts +105 -0
- package/src/core/schema-builder.test.ts +660 -0
- package/src/core/schema-builder.ts +881 -0
- package/src/core/standard-schema.ts +56 -0
- package/src/core/types.ts +258 -0
- package/src/core/validation.test.ts +195 -0
- package/src/core/validation.ts +192 -0
- package/src/drizzle/adapter.test.ts +425 -0
- package/src/drizzle/adapter.ts +474 -0
- package/src/drizzle/index.ts +31 -0
- package/src/drizzle/pg/adapter.integration-test.ts +456 -0
- package/src/drizzle/pg/index.ts +13 -0
- package/src/drizzle/pg/pg.integration-test.ts +1539 -0
- package/src/drizzle/pg/schema.ts +539 -0
- package/src/drizzle/pg-error-map.test.ts +218 -0
- package/src/drizzle/pg-error-map.ts +151 -0
- package/src/drizzle/schema.ts +544 -0
- package/src/drizzle/sqlite-serialization.test.ts +106 -0
- package/src/express/express-api-key-user-routes.test.ts +241 -0
- package/src/express/express.test.ts +442 -0
- package/src/express/handle.ts +191 -0
- package/src/express/index.ts +62 -0
- package/src/express/middleware.ts +551 -0
- package/src/express/protect.ts +154 -0
- package/src/express/validated.test.ts +86 -0
- package/src/express/validated.ts +99 -0
- package/src/fetcher/index.ts +81 -0
- package/src/hono/convert-routes.test.ts +220 -0
- package/src/hono/convert-routes.ts +196 -0
- package/src/hono/converters.test.ts +50 -0
- package/src/hono/converters.ts +43 -0
- package/src/hono/handle.ts +79 -0
- package/src/hono/helpers.ts +2 -0
- package/src/hono/hono-api-key-user-routes.test.ts +225 -0
- package/src/hono/hono-handlers.test.ts +861 -0
- package/src/hono/hono.test.ts +454 -0
- package/src/hono/index.ts +101 -0
- package/src/hono/middleware/auth.ts +236 -0
- package/src/hono/middleware/auth.types.test.ts +94 -0
- package/src/hono/middleware/csrf.test.ts +127 -0
- package/src/hono/middleware/csrf.ts +68 -0
- package/src/hono/middleware/error-handler.ts +12 -0
- package/src/hono/middleware/plugin-middleware.ts +35 -0
- package/src/hono/middleware/rbac.ts +131 -0
- package/src/hono/middleware/security-headers.test.ts +88 -0
- package/src/hono/middleware/security-headers.ts +68 -0
- package/src/hono/openapi.ts +237 -0
- package/src/hono/protect.ts +87 -0
- package/src/hono/validated.test.ts +123 -0
- package/src/hono/validated.ts +62 -0
- package/src/index.ts +309 -0
- package/src/integration.test.ts +718 -0
- package/src/internal/changelog.ts +56 -0
- package/src/otel/index.ts +158 -0
- package/src/otel/otel-types.test.ts +35 -0
- package/src/otel/otel.test.ts +235 -0
- package/src/plugins/account-lockout/account-lockout.test.ts +367 -0
- package/src/plugins/account-lockout/index.ts +267 -0
- package/src/plugins/admin/admin-api-key.test.ts +438 -0
- package/src/plugins/admin/index.ts +1612 -0
- package/src/plugins/api-key/api-key.test.ts +684 -0
- package/src/plugins/api-key/core.ts +336 -0
- package/src/plugins/api-key/index.ts +315 -0
- package/src/plugins/audit-log/audit-log.test.ts +749 -0
- package/src/plugins/audit-log/index.ts +680 -0
- package/src/plugins/data-isolation/data-isolation.test.ts +197 -0
- package/src/plugins/data-isolation/index.ts +157 -0
- package/src/plugins/email-verification/email-verification.test.ts +199 -0
- package/src/plugins/email-verification/index.ts +190 -0
- package/src/plugins/magic-link/index.ts +129 -0
- package/src/plugins/magic-link/magic-link.test.ts +156 -0
- package/src/plugins/oauth/id-token.ts +86 -0
- package/src/plugins/oauth/index.ts +2145 -0
- package/src/plugins/oauth/jwks.test.ts +32 -0
- package/src/plugins/oauth/jwks.ts +182 -0
- package/src/plugins/oauth/oauth.test.ts +2220 -0
- package/src/plugins/oauth/pkce.ts +58 -0
- package/src/plugins/openapi/index.ts +298 -0
- package/src/plugins/openapi/openapi.test.ts +425 -0
- package/src/plugins/openapi/spec-builder.ts +287 -0
- package/src/plugins/rate-limit/express.test.ts +89 -0
- package/src/plugins/rate-limit/express.ts +86 -0
- package/src/plugins/rate-limit/hono.test.ts +60 -0
- package/src/plugins/rate-limit/hono.ts +74 -0
- package/src/plugins/rate-limit/index.ts +383 -0
- package/src/plugins/rate-limit/memory-store.ts +61 -0
- package/src/plugins/rate-limit/rate-limit.test.ts +756 -0
- package/src/plugins/rate-limit/sveltekit.test.ts +58 -0
- package/src/plugins/rate-limit/sveltekit.ts +66 -0
- package/src/plugins/social-login/index.ts +715 -0
- package/src/plugins/social-login/providers/apple.ts +34 -0
- package/src/plugins/social-login/providers/discord.ts +26 -0
- package/src/plugins/social-login/providers/github.ts +54 -0
- package/src/plugins/social-login/providers/google.ts +23 -0
- package/src/plugins/social-login/providers/index.ts +22 -0
- package/src/plugins/social-login/providers/microsoft.ts +35 -0
- package/src/plugins/social-login/providers/oidc.ts +37 -0
- package/src/plugins/social-login/providers/providers.test.ts +211 -0
- package/src/plugins/social-login/social-login.test.ts +675 -0
- package/src/plugins/social-login/types.ts +80 -0
- package/src/plugins/tenancy/index.ts +544 -0
- package/src/plugins/tenancy/tenancy.test.ts +323 -0
- package/src/plugins/two-factor/index.ts +569 -0
- package/src/plugins/two-factor/two-factor.test.ts +235 -0
- package/src/plugins/webauthn/index.ts +554 -0
- package/src/plugins/webauthn/webauthn.test.ts +472 -0
- package/src/plugins/webhook/builtin-events.ts +29 -0
- package/src/plugins/webhook/delivery.test.ts +51 -0
- package/src/plugins/webhook/delivery.ts +154 -0
- package/src/plugins/webhook/hooks.ts +89 -0
- package/src/plugins/webhook/index.ts +445 -0
- package/src/plugins/webhook/queue/database.ts +67 -0
- package/src/plugins/webhook/queue/in-memory.test.ts +48 -0
- package/src/plugins/webhook/queue/in-memory.ts +71 -0
- package/src/plugins/webhook/queue/types.ts +51 -0
- package/src/plugins/webhook/registry.test.ts +48 -0
- package/src/plugins/webhook/registry.ts +64 -0
- package/src/plugins/webhook/signing.ts +45 -0
- package/src/plugins/webhook/ssrf.ts +198 -0
- package/src/plugins/webhook/types.ts +138 -0
- package/src/plugins/webhook/webhook.test.ts +324 -0
- package/src/sveltekit/actions.ts +233 -0
- package/src/sveltekit/catch-all.ts +43 -0
- package/src/sveltekit/cookies.ts +136 -0
- package/src/sveltekit/handle.ts +356 -0
- package/src/sveltekit/helpers.ts +69 -0
- package/src/sveltekit/index.ts +74 -0
- package/src/sveltekit/protect.ts +80 -0
- package/src/sveltekit/sveltekit-types.test.ts +31 -0
- package/src/sveltekit/sveltekit.test.ts +799 -0
- package/src/sveltekit/types.ts +134 -0
- package/src/sveltekit/validated.test.ts +117 -0
- package/src/sveltekit/validated.ts +78 -0
- package/src/testing/adapter-conformance.test.ts +408 -0
- package/src/testing/checks.test.ts +124 -0
- package/src/testing/checks.ts +304 -0
- package/src/testing/index.ts +107 -0
|
@@ -0,0 +1,197 @@
|
|
|
1
|
+
import { D as DatabaseAdapter } from './index-CxEkfCA0.cjs';
|
|
2
|
+
import { F as Fortress, a as RouteClassification, R as RouteManifestEntry, M as MigrationDialect, b as MigrationDrift } from './fortress-BmSvFfqK.cjs';
|
|
3
|
+
import { R as RouteManifestDrift } from './drift-BT1wtMDJ.cjs';
|
|
4
|
+
import './index-D054pcb-.cjs';
|
|
5
|
+
import './config-GtlVt6ZD.cjs';
|
|
6
|
+
import './jwt.cjs';
|
|
7
|
+
import './types-et0R8tsC.cjs';
|
|
8
|
+
import './auth-service-BcyQ2PuZ.cjs';
|
|
9
|
+
import './plugins/api-key.cjs';
|
|
10
|
+
import './plugins/audit-log.cjs';
|
|
11
|
+
import './plugins/data-isolation.cjs';
|
|
12
|
+
import './plugins/email-verification.cjs';
|
|
13
|
+
import './plugins/magic-link.cjs';
|
|
14
|
+
import './plugins/oauth.cjs';
|
|
15
|
+
import './plugins/social-login.cjs';
|
|
16
|
+
import './plugins/tenancy.cjs';
|
|
17
|
+
import './plugins/two-factor.cjs';
|
|
18
|
+
import './plugins/webauthn.cjs';
|
|
19
|
+
import '@simplewebauthn/server';
|
|
20
|
+
|
|
21
|
+
/**
|
|
22
|
+
* CI-ready check utilities for Fortress projects (P1-10).
|
|
23
|
+
*
|
|
24
|
+
* Wraps the drift detectors and manifests Fortress already builds for
|
|
25
|
+
* itself so consumer apps can wire them into their own CI pipeline. The
|
|
26
|
+
* functions are framework-agnostic — they consume a `Fortress` instance
|
|
27
|
+
* and / or a `DatabaseAdapter` and return structured results suitable
|
|
28
|
+
* for `expect(...)`-style assertions or printing alongside a non-zero
|
|
29
|
+
* exit code.
|
|
30
|
+
*
|
|
31
|
+
* Re-exported from `@bajustone/fortress/testing` alongside the existing
|
|
32
|
+
* `createTestAdapter` helper.
|
|
33
|
+
*
|
|
34
|
+
* @module
|
|
35
|
+
*/
|
|
36
|
+
|
|
37
|
+
/**
|
|
38
|
+
* Combined result returned by every `check*` helper.
|
|
39
|
+
*
|
|
40
|
+
* `ok: true` ⇒ the check passed cleanly; `messages` is informational
|
|
41
|
+
* only. `ok: false` ⇒ at least one finding requires attention; the
|
|
42
|
+
* messages describe what.
|
|
43
|
+
*/
|
|
44
|
+
interface CheckResult {
|
|
45
|
+
ok: boolean;
|
|
46
|
+
messages: string[];
|
|
47
|
+
}
|
|
48
|
+
/**
|
|
49
|
+
* Run the route-manifest drift detector and return a {@link CheckResult}.
|
|
50
|
+
* Suitable for CI: a non-empty {@link RouteManifestDrift} flips
|
|
51
|
+
* `ok: false` and emits one message per drift category.
|
|
52
|
+
*/
|
|
53
|
+
declare function checkRouteManifestDrift(fortress: Fortress): CheckResult & {
|
|
54
|
+
drift: RouteManifestDrift;
|
|
55
|
+
};
|
|
56
|
+
/**
|
|
57
|
+
* Options for {@link checkPublicRoutes}.
|
|
58
|
+
*/
|
|
59
|
+
interface PublicRouteCheckOptions {
|
|
60
|
+
/**
|
|
61
|
+
* Explicit allow-list of `'<METHOD> <path>'` entries that are *allowed*
|
|
62
|
+
* to be `public` or `oauth-protocol`. Anything classified as `public`
|
|
63
|
+
* but **not** on this list is reported as a finding so a stray
|
|
64
|
+
* `.security('none')` on a sensitive route fails the build.
|
|
65
|
+
*
|
|
66
|
+
* Defaults to Fortress's own intentional public surface (auth open
|
|
67
|
+
* routes + OAuth protocol endpoints) so consumers only need to add
|
|
68
|
+
* their own public routes.
|
|
69
|
+
*/
|
|
70
|
+
allow?: string[];
|
|
71
|
+
/**
|
|
72
|
+
* Additional classifications considered "public-equivalent" for the
|
|
73
|
+
* purposes of the allow-list. Defaults to `['public', 'oauth-protocol']`
|
|
74
|
+
* because OAuth protocol endpoints are reachable without a Fortress
|
|
75
|
+
* session by design (the handler self-authenticates).
|
|
76
|
+
*/
|
|
77
|
+
classifications?: RouteClassification[];
|
|
78
|
+
}
|
|
79
|
+
/**
|
|
80
|
+
* Assert that no Fortress-managed route is unintentionally public.
|
|
81
|
+
*
|
|
82
|
+
* Walks the route manifest, collects every entry classified as `public`
|
|
83
|
+
* or `oauth-protocol` (configurable), and reports any entry not present
|
|
84
|
+
* in the allow-list. Defaults cover Fortress's own intentional public
|
|
85
|
+
* surface so consumers only need to add their own.
|
|
86
|
+
*/
|
|
87
|
+
declare function checkPublicRoutes(fortress: Fortress, options?: PublicRouteCheckOptions): CheckResult & {
|
|
88
|
+
unexpected: RouteManifestEntry[];
|
|
89
|
+
};
|
|
90
|
+
/**
|
|
91
|
+
* Run the migration drift detector and return a {@link CheckResult}.
|
|
92
|
+
* Reports missing version table, pending migrations, an unknown
|
|
93
|
+
* future version (DB ahead of the bundled catalog), missing
|
|
94
|
+
* Fortress-owned tables, and present-but-stale tables missing columns.
|
|
95
|
+
*/
|
|
96
|
+
declare function checkMigrationDrift(db: DatabaseAdapter, dialect?: MigrationDialect): Promise<CheckResult & {
|
|
97
|
+
drift: MigrationDrift;
|
|
98
|
+
}>;
|
|
99
|
+
/**
|
|
100
|
+
* Inputs to {@link smokeTestAuth}.
|
|
101
|
+
*/
|
|
102
|
+
interface AuthSmokeTestOptions {
|
|
103
|
+
/** Email used for the register/login round-trip. */
|
|
104
|
+
email?: string;
|
|
105
|
+
/** Password to register the smoke-test user with. */
|
|
106
|
+
password?: string;
|
|
107
|
+
/** Optional display name. */
|
|
108
|
+
name?: string;
|
|
109
|
+
}
|
|
110
|
+
/**
|
|
111
|
+
* End-to-end auth smoke test: create user → login → verify access token → refresh → logout.
|
|
112
|
+
* Designed to run against a fortress instance backed by
|
|
113
|
+
* {@link createTestAdapter} or any disposable DB. Returns a
|
|
114
|
+
* {@link CheckResult} so it composes with the other checks for a single
|
|
115
|
+
* CI gate.
|
|
116
|
+
*
|
|
117
|
+
* Calls the direct `fortress.auth.*` service methods so auth persistence,
|
|
118
|
+
* hashing, token verification, refresh rotation, and revocation run without
|
|
119
|
+
* a network roundtrip.
|
|
120
|
+
*/
|
|
121
|
+
declare function smokeTestAuth(fortress: Fortress, options?: AuthSmokeTestOptions): Promise<CheckResult>;
|
|
122
|
+
/**
|
|
123
|
+
* Inputs to {@link runFortressChecks}.
|
|
124
|
+
*/
|
|
125
|
+
interface RunFortressChecksOptions {
|
|
126
|
+
fortress: Fortress;
|
|
127
|
+
/** Optional DB adapter for the migration check. Defaults to `fortress.config.database`. */
|
|
128
|
+
db?: DatabaseAdapter;
|
|
129
|
+
/** Skip the migration drift check (e.g. if you bring your own migration tool). */
|
|
130
|
+
skipMigrations?: boolean;
|
|
131
|
+
/** Skip the auth smoke test (e.g. in environments without a writable DB). */
|
|
132
|
+
skipAuthSmokeTest?: boolean;
|
|
133
|
+
/** Public-route allow-list overrides. */
|
|
134
|
+
publicRoutes?: PublicRouteCheckOptions;
|
|
135
|
+
/** Smoke-test overrides. */
|
|
136
|
+
smokeTest?: AuthSmokeTestOptions;
|
|
137
|
+
}
|
|
138
|
+
/**
|
|
139
|
+
* Aggregate result returned by {@link runFortressChecks}.
|
|
140
|
+
*/
|
|
141
|
+
interface FortressChecksResult {
|
|
142
|
+
ok: boolean;
|
|
143
|
+
manifest: ReturnType<typeof checkRouteManifestDrift>;
|
|
144
|
+
publicRoutes: ReturnType<typeof checkPublicRoutes>;
|
|
145
|
+
migrations?: Awaited<ReturnType<typeof checkMigrationDrift>>;
|
|
146
|
+
authSmokeTest?: Awaited<ReturnType<typeof smokeTestAuth>>;
|
|
147
|
+
/** All non-ok messages flattened in run order. */
|
|
148
|
+
messages: string[];
|
|
149
|
+
}
|
|
150
|
+
/**
|
|
151
|
+
* Run every CI check Fortress ships in one shot. Suitable for a single
|
|
152
|
+
* `fortress check` step in CI:
|
|
153
|
+
*
|
|
154
|
+
* ```ts
|
|
155
|
+
* import { runFortressChecks } from '@bajustone/fortress/testing';
|
|
156
|
+
*
|
|
157
|
+
* const result = await runFortressChecks({ fortress });
|
|
158
|
+
* if (!result.ok) {
|
|
159
|
+
* console.error(result.messages.join('\\n'));
|
|
160
|
+
* process.exit(1);
|
|
161
|
+
* }
|
|
162
|
+
* ```
|
|
163
|
+
*/
|
|
164
|
+
declare function runFortressChecks(options: RunFortressChecksOptions): Promise<FortressChecksResult>;
|
|
165
|
+
|
|
166
|
+
/**
|
|
167
|
+
* In-memory SQLite test adapter for fortress.
|
|
168
|
+
*
|
|
169
|
+
* Spins up a fresh `bun:sqlite` database with the full fortress schema and
|
|
170
|
+
* returns a {@link DatabaseAdapter} ready to pass into `createFortress` from
|
|
171
|
+
* unit tests. Designed for fast, isolated test runs — every call creates a
|
|
172
|
+
* new database, so tests cannot leak state into each other.
|
|
173
|
+
*
|
|
174
|
+
* @example
|
|
175
|
+
* ```ts
|
|
176
|
+
* import { createTestAdapter } from '@bajustone/fortress/testing';
|
|
177
|
+
*
|
|
178
|
+
* const db = createTestAdapter();
|
|
179
|
+
* const fortress = createFortress({ database: db, jwt: { key: 'test' } });
|
|
180
|
+
* ```
|
|
181
|
+
*
|
|
182
|
+
* @module
|
|
183
|
+
*/
|
|
184
|
+
|
|
185
|
+
/**
|
|
186
|
+
* Create a test DatabaseAdapter using in-memory SQLite.
|
|
187
|
+
* Automatically detects the runtime:
|
|
188
|
+
* - Bun: uses bun:sqlite
|
|
189
|
+
* - Node/Vitest: uses better-sqlite3
|
|
190
|
+
*
|
|
191
|
+
* Usage:
|
|
192
|
+
* import { createTestAdapter } from '@bajustone/fortress/testing';
|
|
193
|
+
* const fortress = createFortress({ database: createTestAdapter(), jwt: { key: 'test' } });
|
|
194
|
+
*/
|
|
195
|
+
declare function createTestAdapter(): DatabaseAdapter;
|
|
196
|
+
|
|
197
|
+
export { type AuthSmokeTestOptions, type CheckResult, type FortressChecksResult, type PublicRouteCheckOptions, type RunFortressChecksOptions, checkMigrationDrift, checkPublicRoutes, checkRouteManifestDrift, createTestAdapter, runFortressChecks, smokeTestAuth };
|
|
@@ -0,0 +1,197 @@
|
|
|
1
|
+
import { D as DatabaseAdapter } from './index-CxEkfCA0.js';
|
|
2
|
+
import { F as Fortress, a as RouteClassification, R as RouteManifestEntry, M as MigrationDialect, b as MigrationDrift } from './fortress-uA-_cheR.js';
|
|
3
|
+
import { R as RouteManifestDrift } from './drift-k9LiYpRP.js';
|
|
4
|
+
import './index-jAMbbUAY.js';
|
|
5
|
+
import './config-B2366s_G.js';
|
|
6
|
+
import './jwt.js';
|
|
7
|
+
import './types-et0R8tsC.js';
|
|
8
|
+
import './auth-service-BkzZkWfH.js';
|
|
9
|
+
import './plugins/api-key.js';
|
|
10
|
+
import './plugins/audit-log.js';
|
|
11
|
+
import './plugins/data-isolation.js';
|
|
12
|
+
import './plugins/email-verification.js';
|
|
13
|
+
import './plugins/magic-link.js';
|
|
14
|
+
import './plugins/oauth.js';
|
|
15
|
+
import './plugins/social-login.js';
|
|
16
|
+
import './plugins/tenancy.js';
|
|
17
|
+
import './plugins/two-factor.js';
|
|
18
|
+
import './plugins/webauthn.js';
|
|
19
|
+
import '@simplewebauthn/server';
|
|
20
|
+
|
|
21
|
+
/**
|
|
22
|
+
* CI-ready check utilities for Fortress projects (P1-10).
|
|
23
|
+
*
|
|
24
|
+
* Wraps the drift detectors and manifests Fortress already builds for
|
|
25
|
+
* itself so consumer apps can wire them into their own CI pipeline. The
|
|
26
|
+
* functions are framework-agnostic — they consume a `Fortress` instance
|
|
27
|
+
* and / or a `DatabaseAdapter` and return structured results suitable
|
|
28
|
+
* for `expect(...)`-style assertions or printing alongside a non-zero
|
|
29
|
+
* exit code.
|
|
30
|
+
*
|
|
31
|
+
* Re-exported from `@bajustone/fortress/testing` alongside the existing
|
|
32
|
+
* `createTestAdapter` helper.
|
|
33
|
+
*
|
|
34
|
+
* @module
|
|
35
|
+
*/
|
|
36
|
+
|
|
37
|
+
/**
|
|
38
|
+
* Combined result returned by every `check*` helper.
|
|
39
|
+
*
|
|
40
|
+
* `ok: true` ⇒ the check passed cleanly; `messages` is informational
|
|
41
|
+
* only. `ok: false` ⇒ at least one finding requires attention; the
|
|
42
|
+
* messages describe what.
|
|
43
|
+
*/
|
|
44
|
+
interface CheckResult {
|
|
45
|
+
ok: boolean;
|
|
46
|
+
messages: string[];
|
|
47
|
+
}
|
|
48
|
+
/**
|
|
49
|
+
* Run the route-manifest drift detector and return a {@link CheckResult}.
|
|
50
|
+
* Suitable for CI: a non-empty {@link RouteManifestDrift} flips
|
|
51
|
+
* `ok: false` and emits one message per drift category.
|
|
52
|
+
*/
|
|
53
|
+
declare function checkRouteManifestDrift(fortress: Fortress): CheckResult & {
|
|
54
|
+
drift: RouteManifestDrift;
|
|
55
|
+
};
|
|
56
|
+
/**
|
|
57
|
+
* Options for {@link checkPublicRoutes}.
|
|
58
|
+
*/
|
|
59
|
+
interface PublicRouteCheckOptions {
|
|
60
|
+
/**
|
|
61
|
+
* Explicit allow-list of `'<METHOD> <path>'` entries that are *allowed*
|
|
62
|
+
* to be `public` or `oauth-protocol`. Anything classified as `public`
|
|
63
|
+
* but **not** on this list is reported as a finding so a stray
|
|
64
|
+
* `.security('none')` on a sensitive route fails the build.
|
|
65
|
+
*
|
|
66
|
+
* Defaults to Fortress's own intentional public surface (auth open
|
|
67
|
+
* routes + OAuth protocol endpoints) so consumers only need to add
|
|
68
|
+
* their own public routes.
|
|
69
|
+
*/
|
|
70
|
+
allow?: string[];
|
|
71
|
+
/**
|
|
72
|
+
* Additional classifications considered "public-equivalent" for the
|
|
73
|
+
* purposes of the allow-list. Defaults to `['public', 'oauth-protocol']`
|
|
74
|
+
* because OAuth protocol endpoints are reachable without a Fortress
|
|
75
|
+
* session by design (the handler self-authenticates).
|
|
76
|
+
*/
|
|
77
|
+
classifications?: RouteClassification[];
|
|
78
|
+
}
|
|
79
|
+
/**
|
|
80
|
+
* Assert that no Fortress-managed route is unintentionally public.
|
|
81
|
+
*
|
|
82
|
+
* Walks the route manifest, collects every entry classified as `public`
|
|
83
|
+
* or `oauth-protocol` (configurable), and reports any entry not present
|
|
84
|
+
* in the allow-list. Defaults cover Fortress's own intentional public
|
|
85
|
+
* surface so consumers only need to add their own.
|
|
86
|
+
*/
|
|
87
|
+
declare function checkPublicRoutes(fortress: Fortress, options?: PublicRouteCheckOptions): CheckResult & {
|
|
88
|
+
unexpected: RouteManifestEntry[];
|
|
89
|
+
};
|
|
90
|
+
/**
|
|
91
|
+
* Run the migration drift detector and return a {@link CheckResult}.
|
|
92
|
+
* Reports missing version table, pending migrations, an unknown
|
|
93
|
+
* future version (DB ahead of the bundled catalog), missing
|
|
94
|
+
* Fortress-owned tables, and present-but-stale tables missing columns.
|
|
95
|
+
*/
|
|
96
|
+
declare function checkMigrationDrift(db: DatabaseAdapter, dialect?: MigrationDialect): Promise<CheckResult & {
|
|
97
|
+
drift: MigrationDrift;
|
|
98
|
+
}>;
|
|
99
|
+
/**
|
|
100
|
+
* Inputs to {@link smokeTestAuth}.
|
|
101
|
+
*/
|
|
102
|
+
interface AuthSmokeTestOptions {
|
|
103
|
+
/** Email used for the register/login round-trip. */
|
|
104
|
+
email?: string;
|
|
105
|
+
/** Password to register the smoke-test user with. */
|
|
106
|
+
password?: string;
|
|
107
|
+
/** Optional display name. */
|
|
108
|
+
name?: string;
|
|
109
|
+
}
|
|
110
|
+
/**
|
|
111
|
+
* End-to-end auth smoke test: create user → login → verify access token → refresh → logout.
|
|
112
|
+
* Designed to run against a fortress instance backed by
|
|
113
|
+
* {@link createTestAdapter} or any disposable DB. Returns a
|
|
114
|
+
* {@link CheckResult} so it composes with the other checks for a single
|
|
115
|
+
* CI gate.
|
|
116
|
+
*
|
|
117
|
+
* Calls the direct `fortress.auth.*` service methods so auth persistence,
|
|
118
|
+
* hashing, token verification, refresh rotation, and revocation run without
|
|
119
|
+
* a network roundtrip.
|
|
120
|
+
*/
|
|
121
|
+
declare function smokeTestAuth(fortress: Fortress, options?: AuthSmokeTestOptions): Promise<CheckResult>;
|
|
122
|
+
/**
|
|
123
|
+
* Inputs to {@link runFortressChecks}.
|
|
124
|
+
*/
|
|
125
|
+
interface RunFortressChecksOptions {
|
|
126
|
+
fortress: Fortress;
|
|
127
|
+
/** Optional DB adapter for the migration check. Defaults to `fortress.config.database`. */
|
|
128
|
+
db?: DatabaseAdapter;
|
|
129
|
+
/** Skip the migration drift check (e.g. if you bring your own migration tool). */
|
|
130
|
+
skipMigrations?: boolean;
|
|
131
|
+
/** Skip the auth smoke test (e.g. in environments without a writable DB). */
|
|
132
|
+
skipAuthSmokeTest?: boolean;
|
|
133
|
+
/** Public-route allow-list overrides. */
|
|
134
|
+
publicRoutes?: PublicRouteCheckOptions;
|
|
135
|
+
/** Smoke-test overrides. */
|
|
136
|
+
smokeTest?: AuthSmokeTestOptions;
|
|
137
|
+
}
|
|
138
|
+
/**
|
|
139
|
+
* Aggregate result returned by {@link runFortressChecks}.
|
|
140
|
+
*/
|
|
141
|
+
interface FortressChecksResult {
|
|
142
|
+
ok: boolean;
|
|
143
|
+
manifest: ReturnType<typeof checkRouteManifestDrift>;
|
|
144
|
+
publicRoutes: ReturnType<typeof checkPublicRoutes>;
|
|
145
|
+
migrations?: Awaited<ReturnType<typeof checkMigrationDrift>>;
|
|
146
|
+
authSmokeTest?: Awaited<ReturnType<typeof smokeTestAuth>>;
|
|
147
|
+
/** All non-ok messages flattened in run order. */
|
|
148
|
+
messages: string[];
|
|
149
|
+
}
|
|
150
|
+
/**
|
|
151
|
+
* Run every CI check Fortress ships in one shot. Suitable for a single
|
|
152
|
+
* `fortress check` step in CI:
|
|
153
|
+
*
|
|
154
|
+
* ```ts
|
|
155
|
+
* import { runFortressChecks } from '@bajustone/fortress/testing';
|
|
156
|
+
*
|
|
157
|
+
* const result = await runFortressChecks({ fortress });
|
|
158
|
+
* if (!result.ok) {
|
|
159
|
+
* console.error(result.messages.join('\\n'));
|
|
160
|
+
* process.exit(1);
|
|
161
|
+
* }
|
|
162
|
+
* ```
|
|
163
|
+
*/
|
|
164
|
+
declare function runFortressChecks(options: RunFortressChecksOptions): Promise<FortressChecksResult>;
|
|
165
|
+
|
|
166
|
+
/**
|
|
167
|
+
* In-memory SQLite test adapter for fortress.
|
|
168
|
+
*
|
|
169
|
+
* Spins up a fresh `bun:sqlite` database with the full fortress schema and
|
|
170
|
+
* returns a {@link DatabaseAdapter} ready to pass into `createFortress` from
|
|
171
|
+
* unit tests. Designed for fast, isolated test runs — every call creates a
|
|
172
|
+
* new database, so tests cannot leak state into each other.
|
|
173
|
+
*
|
|
174
|
+
* @example
|
|
175
|
+
* ```ts
|
|
176
|
+
* import { createTestAdapter } from '@bajustone/fortress/testing';
|
|
177
|
+
*
|
|
178
|
+
* const db = createTestAdapter();
|
|
179
|
+
* const fortress = createFortress({ database: db, jwt: { key: 'test' } });
|
|
180
|
+
* ```
|
|
181
|
+
*
|
|
182
|
+
* @module
|
|
183
|
+
*/
|
|
184
|
+
|
|
185
|
+
/**
|
|
186
|
+
* Create a test DatabaseAdapter using in-memory SQLite.
|
|
187
|
+
* Automatically detects the runtime:
|
|
188
|
+
* - Bun: uses bun:sqlite
|
|
189
|
+
* - Node/Vitest: uses better-sqlite3
|
|
190
|
+
*
|
|
191
|
+
* Usage:
|
|
192
|
+
* import { createTestAdapter } from '@bajustone/fortress/testing';
|
|
193
|
+
* const fortress = createFortress({ database: createTestAdapter(), jwt: { key: 'test' } });
|
|
194
|
+
*/
|
|
195
|
+
declare function createTestAdapter(): DatabaseAdapter;
|
|
196
|
+
|
|
197
|
+
export { type AuthSmokeTestOptions, type CheckResult, type FortressChecksResult, type PublicRouteCheckOptions, type RunFortressChecksOptions, checkMigrationDrift, checkPublicRoutes, checkRouteManifestDrift, createTestAdapter, runFortressChecks, smokeTestAuth };
|