@bajustone/fortress 1.0.0-rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +1011 -0
- package/LICENSE +21 -0
- package/README.md +760 -0
- package/SECURITY.md +197 -0
- package/bin/fortress.ts +667 -0
- package/dist/auth-service-BcyQ2PuZ.d.cts +307 -0
- package/dist/auth-service-BkzZkWfH.d.ts +307 -0
- package/dist/config-B2366s_G.d.ts +665 -0
- package/dist/config-GtlVt6ZD.d.cts +665 -0
- package/dist/convert-routes-BLCQT57f.d.ts +72 -0
- package/dist/convert-routes-BdMvP2_X.d.cts +72 -0
- package/dist/crypto.cjs +61 -0
- package/dist/crypto.d.cts +36 -0
- package/dist/crypto.d.ts +36 -0
- package/dist/crypto.js +35 -0
- package/dist/drift-BT1wtMDJ.d.cts +22 -0
- package/dist/drift-k9LiYpRP.d.ts +22 -0
- package/dist/drizzle/pg.cjs +481 -0
- package/dist/drizzle/pg.d.cts +15 -0
- package/dist/drizzle/pg.d.ts +15 -0
- package/dist/drizzle/pg.js +454 -0
- package/dist/drizzle.cjs +1442 -0
- package/dist/drizzle.d.cts +85 -0
- package/dist/drizzle.d.ts +85 -0
- package/dist/drizzle.js +1411 -0
- package/dist/express.cjs +1357 -0
- package/dist/express.d.cts +333 -0
- package/dist/express.d.ts +333 -0
- package/dist/express.js +1314 -0
- package/dist/fetcher.cjs +77 -0
- package/dist/fetcher.d.cts +7 -0
- package/dist/fetcher.d.ts +7 -0
- package/dist/fetcher.js +41 -0
- package/dist/fortress-BmSvFfqK.d.cts +1089 -0
- package/dist/fortress-uA-_cheR.d.ts +1089 -0
- package/dist/hono.cjs +1530 -0
- package/dist/hono.d.cts +514 -0
- package/dist/hono.d.ts +514 -0
- package/dist/hono.js +1483 -0
- package/dist/index-CxEkfCA0.d.cts +77 -0
- package/dist/index-CxEkfCA0.d.ts +77 -0
- package/dist/index-D054pcb-.d.cts +146 -0
- package/dist/index-jAMbbUAY.d.ts +146 -0
- package/dist/index.cjs +9046 -0
- package/dist/index.d.cts +717 -0
- package/dist/index.d.ts +717 -0
- package/dist/index.js +8935 -0
- package/dist/jwt.cjs +255 -0
- package/dist/jwt.d.cts +90 -0
- package/dist/jwt.d.ts +90 -0
- package/dist/jwt.js +227 -0
- package/dist/otel.cjs +108 -0
- package/dist/otel.d.cts +62 -0
- package/dist/otel.d.ts +62 -0
- package/dist/otel.js +73 -0
- package/dist/plugins/account-lockout.cjs +322 -0
- package/dist/plugins/account-lockout.d.cts +42 -0
- package/dist/plugins/account-lockout.d.ts +42 -0
- package/dist/plugins/account-lockout.js +295 -0
- package/dist/plugins/admin.cjs +2378 -0
- package/dist/plugins/admin.d.cts +72 -0
- package/dist/plugins/admin.d.ts +72 -0
- package/dist/plugins/admin.js +2351 -0
- package/dist/plugins/api-key.cjs +792 -0
- package/dist/plugins/api-key.d.cts +121 -0
- package/dist/plugins/api-key.d.ts +121 -0
- package/dist/plugins/api-key.js +765 -0
- package/dist/plugins/audit-log.cjs +493 -0
- package/dist/plugins/audit-log.d.cts +86 -0
- package/dist/plugins/audit-log.d.ts +86 -0
- package/dist/plugins/audit-log.js +468 -0
- package/dist/plugins/data-isolation.cjs +211 -0
- package/dist/plugins/data-isolation.d.cts +49 -0
- package/dist/plugins/data-isolation.d.ts +49 -0
- package/dist/plugins/data-isolation.js +186 -0
- package/dist/plugins/email-verification.cjs +273 -0
- package/dist/plugins/email-verification.d.cts +44 -0
- package/dist/plugins/email-verification.d.ts +44 -0
- package/dist/plugins/email-verification.js +246 -0
- package/dist/plugins/magic-link.cjs +231 -0
- package/dist/plugins/magic-link.d.cts +39 -0
- package/dist/plugins/magic-link.d.ts +39 -0
- package/dist/plugins/magic-link.js +204 -0
- package/dist/plugins/oauth.cjs +1696 -0
- package/dist/plugins/oauth.d.cts +406 -0
- package/dist/plugins/oauth.d.ts +406 -0
- package/dist/plugins/oauth.js +1669 -0
- package/dist/plugins/openapi.cjs +1185 -0
- package/dist/plugins/openapi.d.cts +6 -0
- package/dist/plugins/openapi.d.ts +6 -0
- package/dist/plugins/openapi.js +1158 -0
- package/dist/plugins/rate-limit/express.cjs +55 -0
- package/dist/plugins/rate-limit/express.d.cts +64 -0
- package/dist/plugins/rate-limit/express.d.ts +64 -0
- package/dist/plugins/rate-limit/express.js +30 -0
- package/dist/plugins/rate-limit/hono.cjs +51 -0
- package/dist/plugins/rate-limit/hono.d.cts +59 -0
- package/dist/plugins/rate-limit/hono.d.ts +59 -0
- package/dist/plugins/rate-limit/hono.js +26 -0
- package/dist/plugins/rate-limit/sveltekit.cjs +49 -0
- package/dist/plugins/rate-limit/sveltekit.d.cts +59 -0
- package/dist/plugins/rate-limit/sveltekit.d.ts +59 -0
- package/dist/plugins/rate-limit/sveltekit.js +24 -0
- package/dist/plugins/rate-limit.cjs +354 -0
- package/dist/plugins/rate-limit.d.cts +140 -0
- package/dist/plugins/rate-limit.d.ts +140 -0
- package/dist/plugins/rate-limit.js +325 -0
- package/dist/plugins/social-login.cjs +905 -0
- package/dist/plugins/social-login.d.cts +114 -0
- package/dist/plugins/social-login.d.ts +114 -0
- package/dist/plugins/social-login.js +880 -0
- package/dist/plugins/tenancy.cjs +780 -0
- package/dist/plugins/tenancy.d.cts +108 -0
- package/dist/plugins/tenancy.d.ts +108 -0
- package/dist/plugins/tenancy.js +753 -0
- package/dist/plugins/two-factor.cjs +555 -0
- package/dist/plugins/two-factor.d.cts +67 -0
- package/dist/plugins/two-factor.d.ts +67 -0
- package/dist/plugins/two-factor.js +526 -0
- package/dist/plugins/webauthn.cjs +786 -0
- package/dist/plugins/webauthn.d.cts +72 -0
- package/dist/plugins/webauthn.d.ts +72 -0
- package/dist/plugins/webauthn.js +766 -0
- package/dist/plugins/webhook.cjs +819 -0
- package/dist/plugins/webhook.d.cts +254 -0
- package/dist/plugins/webhook.d.ts +254 -0
- package/dist/plugins/webhook.js +789 -0
- package/dist/protect-D1v_0upK.d.cts +123 -0
- package/dist/protect-DsxV_-dJ.d.ts +123 -0
- package/dist/sveltekit.cjs +1258 -0
- package/dist/sveltekit.d.cts +420 -0
- package/dist/sveltekit.d.ts +420 -0
- package/dist/sveltekit.js +1207 -0
- package/dist/testing.cjs +4294 -0
- package/dist/testing.d.cts +197 -0
- package/dist/testing.d.ts +197 -0
- package/dist/testing.js +4264 -0
- package/dist/types-et0R8tsC.d.cts +217 -0
- package/dist/types-et0R8tsC.d.ts +217 -0
- package/docs/adapter-typed-helpers.md +192 -0
- package/docs/admin-recipes.md +227 -0
- package/docs/architecture.md +434 -0
- package/docs/ci/github-actions.yml +59 -0
- package/docs/ci.md +109 -0
- package/docs/compatibility.md +115 -0
- package/docs/deployment.md +305 -0
- package/docs/hardening.md +118 -0
- package/docs/host-owned-routes.md +154 -0
- package/docs/migrations/0001-schema-version.md +54 -0
- package/docs/migrations/0002-initial-schema.md +84 -0
- package/docs/migrations/upgrade-guide.md +160 -0
- package/docs/observability.md +394 -0
- package/docs/plugins/account-lockout.md +131 -0
- package/docs/plugins/admin.md +402 -0
- package/docs/plugins/api-key.md +327 -0
- package/docs/plugins/audit-log.md +261 -0
- package/docs/plugins/data-isolation.md +186 -0
- package/docs/plugins/email-verification.md +121 -0
- package/docs/plugins/magic-link.md +123 -0
- package/docs/plugins/oauth.md +544 -0
- package/docs/plugins/openapi.md +250 -0
- package/docs/plugins/rate-limit.md +223 -0
- package/docs/plugins/social-login.md +337 -0
- package/docs/plugins/tenancy.md +122 -0
- package/docs/plugins/two-factor.md +191 -0
- package/docs/plugins/webauthn.md +188 -0
- package/docs/plugins/webhook.md +242 -0
- package/docs/policy-as-code.md +156 -0
- package/docs/route-manifest.md +46 -0
- package/docs/security.md +261 -0
- package/docs/threat-model.md +161 -0
- package/examples/README.md +119 -0
- package/examples/express-app/index.ts +747 -0
- package/examples/hono-app/docker-compose.yml +14 -0
- package/examples/hono-app/index.ts +1009 -0
- package/examples/policy/fortress.policy.json +47 -0
- package/examples/sveltekit-app/README.md +125 -0
- package/examples/sveltekit-app/src/app.d.ts +16 -0
- package/examples/sveltekit-app/src/hooks.server.ts +23 -0
- package/examples/sveltekit-app/src/lib/server/fortress.ts +81 -0
- package/examples/sveltekit-app/src/routes/api/echo/[id]/+server.ts +32 -0
- package/examples/sveltekit-app/src/routes/api/fortress/[...path]/+server.ts +15 -0
- package/examples/sveltekit-app/src/routes/dashboard/+page.server.ts +20 -0
- package/examples/sveltekit-app/src/routes/login/+page.server.ts +48 -0
- package/examples/sveltekit-app/src/routes/oauth/consent/+page.server.ts +69 -0
- package/examples/sveltekit-app/src/routes/oauth/consent/+page.svelte +83 -0
- package/migrations/pg/0001_schema_version.down.sql +2 -0
- package/migrations/pg/0001_schema_version.sql +8 -0
- package/migrations/pg/0002_initial_schema.down.sql +36 -0
- package/migrations/pg/0002_initial_schema.sql +376 -0
- package/migrations/pg/0003_auth_continuation.down.sql +6 -0
- package/migrations/pg/0003_auth_continuation.sql +30 -0
- package/migrations/pg/0004_tenant_default_unique.down.sql +1 -0
- package/migrations/pg/0004_tenant_default_unique.sql +14 -0
- package/migrations/pg/0005_hot_indexes_timestamptz.down.sql +71 -0
- package/migrations/pg/0005_hot_indexes_timestamptz.sql +71 -0
- package/migrations/pg/0006_canonical_email.down.sql +3 -0
- package/migrations/pg/0006_canonical_email.sql +8 -0
- package/migrations/pg/0007_audit_chain_anchor.down.sql +1 -0
- package/migrations/pg/0007_audit_chain_anchor.sql +8 -0
- package/migrations/pg/0008_two_factor_hardening.down.sql +8 -0
- package/migrations/pg/0008_two_factor_hardening.sql +8 -0
- package/migrations/pg/0009_encrypt_totp_secrets.down.sql +2 -0
- package/migrations/pg/0009_encrypt_totp_secrets.sql +5 -0
- package/migrations/pg/0010_bigint_append_only_ids.down.sql +2 -0
- package/migrations/pg/0010_bigint_append_only_ids.sql +23 -0
- package/migrations/sqlite/0001_schema_version.down.sql +2 -0
- package/migrations/sqlite/0001_schema_version.sql +8 -0
- package/migrations/sqlite/0002_initial_schema.down.sql +36 -0
- package/migrations/sqlite/0002_initial_schema.sql +376 -0
- package/migrations/sqlite/0003_auth_continuation.down.sql +27 -0
- package/migrations/sqlite/0003_auth_continuation.sql +45 -0
- package/migrations/sqlite/0004_tenant_default_unique.down.sql +1 -0
- package/migrations/sqlite/0004_tenant_default_unique.sql +13 -0
- package/migrations/sqlite/0005_hot_indexes_timestamptz.down.sql +10 -0
- package/migrations/sqlite/0005_hot_indexes_timestamptz.sql +10 -0
- package/migrations/sqlite/0006_canonical_email.down.sql +3 -0
- package/migrations/sqlite/0006_canonical_email.sql +8 -0
- package/migrations/sqlite/0007_audit_chain_anchor.down.sql +1 -0
- package/migrations/sqlite/0007_audit_chain_anchor.sql +8 -0
- package/migrations/sqlite/0008_two_factor_hardening.down.sql +14 -0
- package/migrations/sqlite/0008_two_factor_hardening.sql +7 -0
- package/migrations/sqlite/0009_encrypt_totp_secrets.down.sql +2 -0
- package/migrations/sqlite/0009_encrypt_totp_secrets.sql +5 -0
- package/migrations/sqlite/0010_bigint_append_only_ids.down.sql +1 -0
- package/migrations/sqlite/0010_bigint_append_only_ids.sql +2 -0
- package/package.json +398 -0
- package/src/adapters/database/index.ts +63 -0
- package/src/adapters/database/types.ts +22 -0
- package/src/changelog-script.test.ts +21 -0
- package/src/cli.test.ts +79 -0
- package/src/core/auth/auth-admin.test.ts +247 -0
- package/src/core/auth/auth-endpoints.ts +558 -0
- package/src/core/auth/auth-observer.test.ts +191 -0
- package/src/core/auth/auth-service.ts +1464 -0
- package/src/core/auth/email.test.ts +17 -0
- package/src/core/auth/email.ts +11 -0
- package/src/core/auth/hooks.test.ts +251 -0
- package/src/core/auth/impersonation.test.ts +179 -0
- package/src/core/auth/jwt.test.ts +184 -0
- package/src/core/auth/jwt.ts +239 -0
- package/src/core/auth/login-timing.test.ts +77 -0
- package/src/core/auth/password-policy.test.ts +253 -0
- package/src/core/auth/password-policy.ts +220 -0
- package/src/core/auth/password.test.ts +42 -0
- package/src/core/auth/password.ts +62 -0
- package/src/core/auth/post-auth-gate.test.ts +258 -0
- package/src/core/auth/post-auth-gate.ts +228 -0
- package/src/core/auth/refresh-token.test.ts +86 -0
- package/src/core/auth/refresh-token.ts +105 -0
- package/src/core/auth/timing-safe.ts +23 -0
- package/src/core/config.ts +212 -0
- package/src/core/endpoint.ts +149 -0
- package/src/core/errors.ts +199 -0
- package/src/core/fetcher-interop.test.ts +106 -0
- package/src/core/fortress.test.ts +354 -0
- package/src/core/fortress.ts +550 -0
- package/src/core/http/call.test.ts +148 -0
- package/src/core/http/call.ts +149 -0
- package/src/core/http/cookie-serialize.test.ts +198 -0
- package/src/core/http/cookie-serialize.ts +107 -0
- package/src/core/http/csrf.test.ts +140 -0
- package/src/core/http/csrf.ts +173 -0
- package/src/core/http/dispatch.ts +652 -0
- package/src/core/http/error-response.test.ts +69 -0
- package/src/core/http/error-response.ts +93 -0
- package/src/core/http/fortress-rbac.test.ts +43 -0
- package/src/core/http/fortress-rbac.ts +127 -0
- package/src/core/http/handle-request.test.ts +441 -0
- package/src/core/http/handle-request.ts +354 -0
- package/src/core/http/match.test.ts +122 -0
- package/src/core/http/match.ts +126 -0
- package/src/core/http/outbound.test.ts +34 -0
- package/src/core/http/outbound.ts +105 -0
- package/src/core/http/plugin-middleware.ts +67 -0
- package/src/core/http/principal.test.ts +345 -0
- package/src/core/http/principal.ts +86 -0
- package/src/core/http/protect.test.ts +220 -0
- package/src/core/http/protect.ts +394 -0
- package/src/core/http/token-extraction.test.ts +59 -0
- package/src/core/http/token-extraction.ts +53 -0
- package/src/core/iam/explain.test.ts +177 -0
- package/src/core/iam/explain.ts +302 -0
- package/src/core/iam/iam-endpoints.ts +779 -0
- package/src/core/iam/iam-service.test.ts +829 -0
- package/src/core/iam/iam-service.ts +1137 -0
- package/src/core/iam/permission-cache.test.ts +115 -0
- package/src/core/iam/permission-cache.ts +71 -0
- package/src/core/iam/permission-check-observer.test.ts +90 -0
- package/src/core/iam/permission-evaluator.test.ts +291 -0
- package/src/core/iam/permission-evaluator.ts +198 -0
- package/src/core/iam/permission-sync.test.ts +166 -0
- package/src/core/iam/permission-sync.ts +192 -0
- package/src/core/iam/resource-sync.test.ts +70 -0
- package/src/core/iam/resource-sync.ts +182 -0
- package/src/core/iam/service-account-http.test.ts +529 -0
- package/src/core/iam/service-account.test.ts +282 -0
- package/src/core/internal-adapter.test.ts +389 -0
- package/src/core/internal-adapter.ts +435 -0
- package/src/core/json-schema.ts +50 -0
- package/src/core/manifest/__snapshots__/route-manifest.test.ts.snap +192 -0
- package/src/core/manifest/drift.ts +103 -0
- package/src/core/manifest/route-manifest.test.ts +142 -0
- package/src/core/manifest/route-manifest.ts +154 -0
- package/src/core/migrate.test.ts +72 -0
- package/src/core/migrations/engine.test.ts +308 -0
- package/src/core/migrations/engine.ts +548 -0
- package/src/core/migrations/migrations.ts +1771 -0
- package/src/core/migrations/pg-migration.integration-test.ts +353 -0
- package/src/core/migrations/upgrade-fixture.test.ts +378 -0
- package/src/core/observability/db-instrumentation.ts +205 -0
- package/src/core/observability/listener-list.test.ts +124 -0
- package/src/core/observability/listener-list.ts +73 -0
- package/src/core/observability/logger.test.ts +43 -0
- package/src/core/observability/logger.ts +49 -0
- package/src/core/observability/spans.test.ts +193 -0
- package/src/core/observability/types.ts +80 -0
- package/src/core/openapi-drift.test.ts +41 -0
- package/src/core/openapi.ts +47 -0
- package/src/core/plugin-methods-map.ts +75 -0
- package/src/core/plugin-runner.test.ts +233 -0
- package/src/core/plugin-runner.ts +276 -0
- package/src/core/plugin.ts +210 -0
- package/src/core/policy/apply.ts +272 -0
- package/src/core/policy/diff.ts +288 -0
- package/src/core/policy/loader.test.ts +63 -0
- package/src/core/policy/loader.ts +214 -0
- package/src/core/policy/policy.test.ts +232 -0
- package/src/core/policy/types.ts +105 -0
- package/src/core/schema-builder.test.ts +660 -0
- package/src/core/schema-builder.ts +881 -0
- package/src/core/standard-schema.ts +56 -0
- package/src/core/types.ts +258 -0
- package/src/core/validation.test.ts +195 -0
- package/src/core/validation.ts +192 -0
- package/src/drizzle/adapter.test.ts +425 -0
- package/src/drizzle/adapter.ts +474 -0
- package/src/drizzle/index.ts +31 -0
- package/src/drizzle/pg/adapter.integration-test.ts +456 -0
- package/src/drizzle/pg/index.ts +13 -0
- package/src/drizzle/pg/pg.integration-test.ts +1539 -0
- package/src/drizzle/pg/schema.ts +539 -0
- package/src/drizzle/pg-error-map.test.ts +218 -0
- package/src/drizzle/pg-error-map.ts +151 -0
- package/src/drizzle/schema.ts +544 -0
- package/src/drizzle/sqlite-serialization.test.ts +106 -0
- package/src/express/express-api-key-user-routes.test.ts +241 -0
- package/src/express/express.test.ts +442 -0
- package/src/express/handle.ts +191 -0
- package/src/express/index.ts +62 -0
- package/src/express/middleware.ts +551 -0
- package/src/express/protect.ts +154 -0
- package/src/express/validated.test.ts +86 -0
- package/src/express/validated.ts +99 -0
- package/src/fetcher/index.ts +81 -0
- package/src/hono/convert-routes.test.ts +220 -0
- package/src/hono/convert-routes.ts +196 -0
- package/src/hono/converters.test.ts +50 -0
- package/src/hono/converters.ts +43 -0
- package/src/hono/handle.ts +79 -0
- package/src/hono/helpers.ts +2 -0
- package/src/hono/hono-api-key-user-routes.test.ts +225 -0
- package/src/hono/hono-handlers.test.ts +861 -0
- package/src/hono/hono.test.ts +454 -0
- package/src/hono/index.ts +101 -0
- package/src/hono/middleware/auth.ts +236 -0
- package/src/hono/middleware/auth.types.test.ts +94 -0
- package/src/hono/middleware/csrf.test.ts +127 -0
- package/src/hono/middleware/csrf.ts +68 -0
- package/src/hono/middleware/error-handler.ts +12 -0
- package/src/hono/middleware/plugin-middleware.ts +35 -0
- package/src/hono/middleware/rbac.ts +131 -0
- package/src/hono/middleware/security-headers.test.ts +88 -0
- package/src/hono/middleware/security-headers.ts +68 -0
- package/src/hono/openapi.ts +237 -0
- package/src/hono/protect.ts +87 -0
- package/src/hono/validated.test.ts +123 -0
- package/src/hono/validated.ts +62 -0
- package/src/index.ts +309 -0
- package/src/integration.test.ts +718 -0
- package/src/internal/changelog.ts +56 -0
- package/src/otel/index.ts +158 -0
- package/src/otel/otel-types.test.ts +35 -0
- package/src/otel/otel.test.ts +235 -0
- package/src/plugins/account-lockout/account-lockout.test.ts +367 -0
- package/src/plugins/account-lockout/index.ts +267 -0
- package/src/plugins/admin/admin-api-key.test.ts +438 -0
- package/src/plugins/admin/index.ts +1612 -0
- package/src/plugins/api-key/api-key.test.ts +684 -0
- package/src/plugins/api-key/core.ts +336 -0
- package/src/plugins/api-key/index.ts +315 -0
- package/src/plugins/audit-log/audit-log.test.ts +749 -0
- package/src/plugins/audit-log/index.ts +680 -0
- package/src/plugins/data-isolation/data-isolation.test.ts +197 -0
- package/src/plugins/data-isolation/index.ts +157 -0
- package/src/plugins/email-verification/email-verification.test.ts +199 -0
- package/src/plugins/email-verification/index.ts +190 -0
- package/src/plugins/magic-link/index.ts +129 -0
- package/src/plugins/magic-link/magic-link.test.ts +156 -0
- package/src/plugins/oauth/id-token.ts +86 -0
- package/src/plugins/oauth/index.ts +2145 -0
- package/src/plugins/oauth/jwks.test.ts +32 -0
- package/src/plugins/oauth/jwks.ts +182 -0
- package/src/plugins/oauth/oauth.test.ts +2220 -0
- package/src/plugins/oauth/pkce.ts +58 -0
- package/src/plugins/openapi/index.ts +298 -0
- package/src/plugins/openapi/openapi.test.ts +425 -0
- package/src/plugins/openapi/spec-builder.ts +287 -0
- package/src/plugins/rate-limit/express.test.ts +89 -0
- package/src/plugins/rate-limit/express.ts +86 -0
- package/src/plugins/rate-limit/hono.test.ts +60 -0
- package/src/plugins/rate-limit/hono.ts +74 -0
- package/src/plugins/rate-limit/index.ts +383 -0
- package/src/plugins/rate-limit/memory-store.ts +61 -0
- package/src/plugins/rate-limit/rate-limit.test.ts +756 -0
- package/src/plugins/rate-limit/sveltekit.test.ts +58 -0
- package/src/plugins/rate-limit/sveltekit.ts +66 -0
- package/src/plugins/social-login/index.ts +715 -0
- package/src/plugins/social-login/providers/apple.ts +34 -0
- package/src/plugins/social-login/providers/discord.ts +26 -0
- package/src/plugins/social-login/providers/github.ts +54 -0
- package/src/plugins/social-login/providers/google.ts +23 -0
- package/src/plugins/social-login/providers/index.ts +22 -0
- package/src/plugins/social-login/providers/microsoft.ts +35 -0
- package/src/plugins/social-login/providers/oidc.ts +37 -0
- package/src/plugins/social-login/providers/providers.test.ts +211 -0
- package/src/plugins/social-login/social-login.test.ts +675 -0
- package/src/plugins/social-login/types.ts +80 -0
- package/src/plugins/tenancy/index.ts +544 -0
- package/src/plugins/tenancy/tenancy.test.ts +323 -0
- package/src/plugins/two-factor/index.ts +569 -0
- package/src/plugins/two-factor/two-factor.test.ts +235 -0
- package/src/plugins/webauthn/index.ts +554 -0
- package/src/plugins/webauthn/webauthn.test.ts +472 -0
- package/src/plugins/webhook/builtin-events.ts +29 -0
- package/src/plugins/webhook/delivery.test.ts +51 -0
- package/src/plugins/webhook/delivery.ts +154 -0
- package/src/plugins/webhook/hooks.ts +89 -0
- package/src/plugins/webhook/index.ts +445 -0
- package/src/plugins/webhook/queue/database.ts +67 -0
- package/src/plugins/webhook/queue/in-memory.test.ts +48 -0
- package/src/plugins/webhook/queue/in-memory.ts +71 -0
- package/src/plugins/webhook/queue/types.ts +51 -0
- package/src/plugins/webhook/registry.test.ts +48 -0
- package/src/plugins/webhook/registry.ts +64 -0
- package/src/plugins/webhook/signing.ts +45 -0
- package/src/plugins/webhook/ssrf.ts +198 -0
- package/src/plugins/webhook/types.ts +138 -0
- package/src/plugins/webhook/webhook.test.ts +324 -0
- package/src/sveltekit/actions.ts +233 -0
- package/src/sveltekit/catch-all.ts +43 -0
- package/src/sveltekit/cookies.ts +136 -0
- package/src/sveltekit/handle.ts +356 -0
- package/src/sveltekit/helpers.ts +69 -0
- package/src/sveltekit/index.ts +74 -0
- package/src/sveltekit/protect.ts +80 -0
- package/src/sveltekit/sveltekit-types.test.ts +31 -0
- package/src/sveltekit/sveltekit.test.ts +799 -0
- package/src/sveltekit/types.ts +134 -0
- package/src/sveltekit/validated.test.ts +117 -0
- package/src/sveltekit/validated.ts +78 -0
- package/src/testing/adapter-conformance.test.ts +408 -0
- package/src/testing/checks.test.ts +124 -0
- package/src/testing/checks.ts +304 -0
- package/src/testing/index.ts +107 -0
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
import { J as JSONSchema, E as EndpointDefinition } from './config-B2366s_G.js';
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* Convert external route definitions (e.g., from @hono/zod-openapi createRoute)
|
|
5
|
+
* into Fortress EndpointDefinitions.
|
|
6
|
+
*
|
|
7
|
+
* Schema-library agnostic — the user provides a converter function
|
|
8
|
+
* that turns their schema objects into JSON Schema.
|
|
9
|
+
*
|
|
10
|
+
* @example
|
|
11
|
+
* ```ts
|
|
12
|
+
* import { z } from 'zod';
|
|
13
|
+
* import { convertRoutes } from '@bajustone/fortress/hono';
|
|
14
|
+
* import { loginRoute, listUsersRoute } from './modules/auth/routes';
|
|
15
|
+
*
|
|
16
|
+
* const endpoints = convertRoutes(
|
|
17
|
+
* [loginRoute, listUsersRoute],
|
|
18
|
+
* { prefix: '/api/v1/auth', schemaConverter: z.toJSONSchema },
|
|
19
|
+
* );
|
|
20
|
+
* ```
|
|
21
|
+
*/
|
|
22
|
+
|
|
23
|
+
/** A function that converts a schema object (Zod, Valibot, etc.) to JSON Schema. */
|
|
24
|
+
type ToJSONSchemaConverter = (schema: unknown) => JSONSchema;
|
|
25
|
+
/**
|
|
26
|
+
* Generic route shape matching what `createRoute` from `@hono/zod-openapi` returns.
|
|
27
|
+
* No dependency on any specific framework or schema library.
|
|
28
|
+
*/
|
|
29
|
+
interface ExternalRoute {
|
|
30
|
+
method: string;
|
|
31
|
+
path: string;
|
|
32
|
+
tags?: string[];
|
|
33
|
+
summary?: string;
|
|
34
|
+
description?: string;
|
|
35
|
+
deprecated?: boolean;
|
|
36
|
+
security?: Array<Record<string, string[]>>;
|
|
37
|
+
request?: {
|
|
38
|
+
body?: {
|
|
39
|
+
content: {
|
|
40
|
+
'application/json': {
|
|
41
|
+
schema: unknown;
|
|
42
|
+
};
|
|
43
|
+
};
|
|
44
|
+
};
|
|
45
|
+
params?: unknown;
|
|
46
|
+
query?: unknown;
|
|
47
|
+
};
|
|
48
|
+
responses: Record<number | string, {
|
|
49
|
+
description: string;
|
|
50
|
+
content?: {
|
|
51
|
+
'application/json': {
|
|
52
|
+
schema: unknown;
|
|
53
|
+
};
|
|
54
|
+
};
|
|
55
|
+
}>;
|
|
56
|
+
}
|
|
57
|
+
/** Options accepted by {@link convertRoutes}. */
|
|
58
|
+
interface ConvertRoutesOptions {
|
|
59
|
+
/** Convert your schema objects to JSON Schema (e.g., `z.toJSONSchema` for Zod v4). */
|
|
60
|
+
schemaConverter: ToJSONSchemaConverter;
|
|
61
|
+
/** Path prefix to prepend (e.g., '/api/v1/auth'). */
|
|
62
|
+
prefix?: string;
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* Convert an array of external route definitions into Fortress EndpointDefinitions.
|
|
66
|
+
*
|
|
67
|
+
* The `schemaConverter` is called for every schema object encountered in request/response
|
|
68
|
+
* definitions. Fortress never imports or depends on your schema library.
|
|
69
|
+
*/
|
|
70
|
+
declare function convertRoutes(routes: ExternalRoute[], options: ConvertRoutesOptions): EndpointDefinition[];
|
|
71
|
+
|
|
72
|
+
export { type ConvertRoutesOptions as C, type ExternalRoute as E, type ToJSONSchemaConverter as T, convertRoutes as c };
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
import { J as JSONSchema, E as EndpointDefinition } from './config-GtlVt6ZD.cjs';
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* Convert external route definitions (e.g., from @hono/zod-openapi createRoute)
|
|
5
|
+
* into Fortress EndpointDefinitions.
|
|
6
|
+
*
|
|
7
|
+
* Schema-library agnostic — the user provides a converter function
|
|
8
|
+
* that turns their schema objects into JSON Schema.
|
|
9
|
+
*
|
|
10
|
+
* @example
|
|
11
|
+
* ```ts
|
|
12
|
+
* import { z } from 'zod';
|
|
13
|
+
* import { convertRoutes } from '@bajustone/fortress/hono';
|
|
14
|
+
* import { loginRoute, listUsersRoute } from './modules/auth/routes';
|
|
15
|
+
*
|
|
16
|
+
* const endpoints = convertRoutes(
|
|
17
|
+
* [loginRoute, listUsersRoute],
|
|
18
|
+
* { prefix: '/api/v1/auth', schemaConverter: z.toJSONSchema },
|
|
19
|
+
* );
|
|
20
|
+
* ```
|
|
21
|
+
*/
|
|
22
|
+
|
|
23
|
+
/** A function that converts a schema object (Zod, Valibot, etc.) to JSON Schema. */
|
|
24
|
+
type ToJSONSchemaConverter = (schema: unknown) => JSONSchema;
|
|
25
|
+
/**
|
|
26
|
+
* Generic route shape matching what `createRoute` from `@hono/zod-openapi` returns.
|
|
27
|
+
* No dependency on any specific framework or schema library.
|
|
28
|
+
*/
|
|
29
|
+
interface ExternalRoute {
|
|
30
|
+
method: string;
|
|
31
|
+
path: string;
|
|
32
|
+
tags?: string[];
|
|
33
|
+
summary?: string;
|
|
34
|
+
description?: string;
|
|
35
|
+
deprecated?: boolean;
|
|
36
|
+
security?: Array<Record<string, string[]>>;
|
|
37
|
+
request?: {
|
|
38
|
+
body?: {
|
|
39
|
+
content: {
|
|
40
|
+
'application/json': {
|
|
41
|
+
schema: unknown;
|
|
42
|
+
};
|
|
43
|
+
};
|
|
44
|
+
};
|
|
45
|
+
params?: unknown;
|
|
46
|
+
query?: unknown;
|
|
47
|
+
};
|
|
48
|
+
responses: Record<number | string, {
|
|
49
|
+
description: string;
|
|
50
|
+
content?: {
|
|
51
|
+
'application/json': {
|
|
52
|
+
schema: unknown;
|
|
53
|
+
};
|
|
54
|
+
};
|
|
55
|
+
}>;
|
|
56
|
+
}
|
|
57
|
+
/** Options accepted by {@link convertRoutes}. */
|
|
58
|
+
interface ConvertRoutesOptions {
|
|
59
|
+
/** Convert your schema objects to JSON Schema (e.g., `z.toJSONSchema` for Zod v4). */
|
|
60
|
+
schemaConverter: ToJSONSchemaConverter;
|
|
61
|
+
/** Path prefix to prepend (e.g., '/api/v1/auth'). */
|
|
62
|
+
prefix?: string;
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* Convert an array of external route definitions into Fortress EndpointDefinitions.
|
|
66
|
+
*
|
|
67
|
+
* The `schemaConverter` is called for every schema object encountered in request/response
|
|
68
|
+
* definitions. Fortress never imports or depends on your schema library.
|
|
69
|
+
*/
|
|
70
|
+
declare function convertRoutes(routes: ExternalRoute[], options: ConvertRoutesOptions): EndpointDefinition[];
|
|
71
|
+
|
|
72
|
+
export { type ConvertRoutesOptions as C, type ExternalRoute as E, type ToJSONSchemaConverter as T, convertRoutes as c };
|
package/dist/crypto.cjs
ADDED
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __defProp = Object.defineProperty;
|
|
3
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
+
var __export = (target, all) => {
|
|
7
|
+
for (var name in all)
|
|
8
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
+
};
|
|
10
|
+
var __copyProps = (to, from, except, desc) => {
|
|
11
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
+
for (let key of __getOwnPropNames(from))
|
|
13
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
+
}
|
|
16
|
+
return to;
|
|
17
|
+
};
|
|
18
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
+
|
|
20
|
+
// src/core/auth/password.ts
|
|
21
|
+
var password_exports = {};
|
|
22
|
+
__export(password_exports, {
|
|
23
|
+
createDefaultHasher: () => createDefaultHasher,
|
|
24
|
+
normalizePasswordInput: () => normalizePasswordInput
|
|
25
|
+
});
|
|
26
|
+
module.exports = __toCommonJS(password_exports);
|
|
27
|
+
var import_hash_wasm = require("hash-wasm");
|
|
28
|
+
function normalizePasswordInput(password) {
|
|
29
|
+
return password.normalize("NFKC");
|
|
30
|
+
}
|
|
31
|
+
function createDefaultHasher() {
|
|
32
|
+
return {
|
|
33
|
+
async hash(password) {
|
|
34
|
+
const normalizedPassword = normalizePasswordInput(password);
|
|
35
|
+
const salt = new Uint8Array(16);
|
|
36
|
+
crypto.getRandomValues(salt);
|
|
37
|
+
return (0, import_hash_wasm.argon2id)({
|
|
38
|
+
password: normalizedPassword,
|
|
39
|
+
salt,
|
|
40
|
+
parallelism: 1,
|
|
41
|
+
iterations: 3,
|
|
42
|
+
memorySize: 65536,
|
|
43
|
+
// 64 MB
|
|
44
|
+
hashLength: 32,
|
|
45
|
+
outputType: "encoded"
|
|
46
|
+
});
|
|
47
|
+
},
|
|
48
|
+
async verify(hash, password) {
|
|
49
|
+
try {
|
|
50
|
+
return await (0, import_hash_wasm.argon2Verify)({ hash, password: normalizePasswordInput(password) });
|
|
51
|
+
} catch {
|
|
52
|
+
return false;
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
};
|
|
56
|
+
}
|
|
57
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
58
|
+
0 && (module.exports = {
|
|
59
|
+
createDefaultHasher,
|
|
60
|
+
normalizePasswordInput
|
|
61
|
+
});
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
export { P as PasswordHasher } from './config-GtlVt6ZD.cjs';
|
|
2
|
+
import './index-CxEkfCA0.cjs';
|
|
3
|
+
import './jwt.cjs';
|
|
4
|
+
import './types-et0R8tsC.cjs';
|
|
5
|
+
import './auth-service-BcyQ2PuZ.cjs';
|
|
6
|
+
|
|
7
|
+
/**
|
|
8
|
+
* Password hashing primitives for fortress.
|
|
9
|
+
*
|
|
10
|
+
* Exports {@link createDefaultHasher}, a WASM-based Argon2id `PasswordHasher`
|
|
11
|
+
* that works across every runtime fortress targets (Bun, Deno, Node, Cloudflare
|
|
12
|
+
* Workers, Vercel Edge). Consumers can drop in a faster native hasher
|
|
13
|
+
* (`@node-rs/argon2`, `Bun.password`) by implementing the `PasswordHasher`
|
|
14
|
+
* contract and passing it to `createFortress({ passwordHasher })`.
|
|
15
|
+
*
|
|
16
|
+
* @module
|
|
17
|
+
*/
|
|
18
|
+
|
|
19
|
+
/**
|
|
20
|
+
* Canonicalize password input before policy checks, breach checks, hashing,
|
|
21
|
+
* and verification. NFKC collapses visually/confusably equivalent Unicode
|
|
22
|
+
* forms (for example full-width ASCII) so users are not locked out by input
|
|
23
|
+
* method differences.
|
|
24
|
+
*/
|
|
25
|
+
declare function normalizePasswordInput(password: string): string;
|
|
26
|
+
/**
|
|
27
|
+
* Default PasswordHasher using WASM-based Argon2id.
|
|
28
|
+
* Works across all runtimes (Bun, Deno, Node, edge).
|
|
29
|
+
* Consumers can swap for @node-rs/argon2 or Bun.password for native speed.
|
|
30
|
+
*/
|
|
31
|
+
declare function createDefaultHasher(): {
|
|
32
|
+
hash: (password: string) => Promise<string>;
|
|
33
|
+
verify: (hash: string, password: string) => Promise<boolean>;
|
|
34
|
+
};
|
|
35
|
+
|
|
36
|
+
export { createDefaultHasher, normalizePasswordInput };
|
package/dist/crypto.d.ts
ADDED
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
export { P as PasswordHasher } from './config-B2366s_G.js';
|
|
2
|
+
import './index-CxEkfCA0.js';
|
|
3
|
+
import './jwt.js';
|
|
4
|
+
import './types-et0R8tsC.js';
|
|
5
|
+
import './auth-service-BkzZkWfH.js';
|
|
6
|
+
|
|
7
|
+
/**
|
|
8
|
+
* Password hashing primitives for fortress.
|
|
9
|
+
*
|
|
10
|
+
* Exports {@link createDefaultHasher}, a WASM-based Argon2id `PasswordHasher`
|
|
11
|
+
* that works across every runtime fortress targets (Bun, Deno, Node, Cloudflare
|
|
12
|
+
* Workers, Vercel Edge). Consumers can drop in a faster native hasher
|
|
13
|
+
* (`@node-rs/argon2`, `Bun.password`) by implementing the `PasswordHasher`
|
|
14
|
+
* contract and passing it to `createFortress({ passwordHasher })`.
|
|
15
|
+
*
|
|
16
|
+
* @module
|
|
17
|
+
*/
|
|
18
|
+
|
|
19
|
+
/**
|
|
20
|
+
* Canonicalize password input before policy checks, breach checks, hashing,
|
|
21
|
+
* and verification. NFKC collapses visually/confusably equivalent Unicode
|
|
22
|
+
* forms (for example full-width ASCII) so users are not locked out by input
|
|
23
|
+
* method differences.
|
|
24
|
+
*/
|
|
25
|
+
declare function normalizePasswordInput(password: string): string;
|
|
26
|
+
/**
|
|
27
|
+
* Default PasswordHasher using WASM-based Argon2id.
|
|
28
|
+
* Works across all runtimes (Bun, Deno, Node, edge).
|
|
29
|
+
* Consumers can swap for @node-rs/argon2 or Bun.password for native speed.
|
|
30
|
+
*/
|
|
31
|
+
declare function createDefaultHasher(): {
|
|
32
|
+
hash: (password: string) => Promise<string>;
|
|
33
|
+
verify: (hash: string, password: string) => Promise<boolean>;
|
|
34
|
+
};
|
|
35
|
+
|
|
36
|
+
export { createDefaultHasher, normalizePasswordInput };
|
package/dist/crypto.js
ADDED
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
// src/core/auth/password.ts
|
|
2
|
+
import { argon2id, argon2Verify } from "hash-wasm";
|
|
3
|
+
function normalizePasswordInput(password) {
|
|
4
|
+
return password.normalize("NFKC");
|
|
5
|
+
}
|
|
6
|
+
function createDefaultHasher() {
|
|
7
|
+
return {
|
|
8
|
+
async hash(password) {
|
|
9
|
+
const normalizedPassword = normalizePasswordInput(password);
|
|
10
|
+
const salt = new Uint8Array(16);
|
|
11
|
+
crypto.getRandomValues(salt);
|
|
12
|
+
return argon2id({
|
|
13
|
+
password: normalizedPassword,
|
|
14
|
+
salt,
|
|
15
|
+
parallelism: 1,
|
|
16
|
+
iterations: 3,
|
|
17
|
+
memorySize: 65536,
|
|
18
|
+
// 64 MB
|
|
19
|
+
hashLength: 32,
|
|
20
|
+
outputType: "encoded"
|
|
21
|
+
});
|
|
22
|
+
},
|
|
23
|
+
async verify(hash, password) {
|
|
24
|
+
try {
|
|
25
|
+
return await argon2Verify({ hash, password: normalizePasswordInput(password) });
|
|
26
|
+
} catch {
|
|
27
|
+
return false;
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
};
|
|
31
|
+
}
|
|
32
|
+
export {
|
|
33
|
+
createDefaultHasher,
|
|
34
|
+
normalizePasswordInput
|
|
35
|
+
};
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { O as OpenAPISpec } from './index-D054pcb-.cjs';
|
|
2
|
+
import { R as RouteManifestEntry, F as Fortress } from './fortress-BmSvFfqK.cjs';
|
|
3
|
+
|
|
4
|
+
interface RouteManifestDrift {
|
|
5
|
+
mountedMissingFromManifest: string[];
|
|
6
|
+
manifestMissingFromMounted: string[];
|
|
7
|
+
openapiMissingFromManifest: string[];
|
|
8
|
+
manifestMissingFromOpenapi: string[];
|
|
9
|
+
rbacPermissionMismatches: Array<{
|
|
10
|
+
route: string;
|
|
11
|
+
expected?: string;
|
|
12
|
+
actual?: string;
|
|
13
|
+
}>;
|
|
14
|
+
}
|
|
15
|
+
interface DetectRouteManifestDriftOptions {
|
|
16
|
+
manifest?: RouteManifestEntry[];
|
|
17
|
+
openapi?: OpenAPISpec;
|
|
18
|
+
}
|
|
19
|
+
declare function detectRouteManifestDrift(fortress: Pick<Fortress, 'endpoints' | 'config' | 'manifest'>, options?: DetectRouteManifestDriftOptions): RouteManifestDrift;
|
|
20
|
+
declare function hasRouteManifestDrift(drift: RouteManifestDrift): boolean;
|
|
21
|
+
|
|
22
|
+
export { type DetectRouteManifestDriftOptions as D, type RouteManifestDrift as R, detectRouteManifestDrift as d, hasRouteManifestDrift as h };
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { O as OpenAPISpec } from './index-jAMbbUAY.js';
|
|
2
|
+
import { R as RouteManifestEntry, F as Fortress } from './fortress-uA-_cheR.js';
|
|
3
|
+
|
|
4
|
+
interface RouteManifestDrift {
|
|
5
|
+
mountedMissingFromManifest: string[];
|
|
6
|
+
manifestMissingFromMounted: string[];
|
|
7
|
+
openapiMissingFromManifest: string[];
|
|
8
|
+
manifestMissingFromOpenapi: string[];
|
|
9
|
+
rbacPermissionMismatches: Array<{
|
|
10
|
+
route: string;
|
|
11
|
+
expected?: string;
|
|
12
|
+
actual?: string;
|
|
13
|
+
}>;
|
|
14
|
+
}
|
|
15
|
+
interface DetectRouteManifestDriftOptions {
|
|
16
|
+
manifest?: RouteManifestEntry[];
|
|
17
|
+
openapi?: OpenAPISpec;
|
|
18
|
+
}
|
|
19
|
+
declare function detectRouteManifestDrift(fortress: Pick<Fortress, 'endpoints' | 'config' | 'manifest'>, options?: DetectRouteManifestDriftOptions): RouteManifestDrift;
|
|
20
|
+
declare function hasRouteManifestDrift(drift: RouteManifestDrift): boolean;
|
|
21
|
+
|
|
22
|
+
export { type DetectRouteManifestDriftOptions as D, type RouteManifestDrift as R, detectRouteManifestDrift as d, hasRouteManifestDrift as h };
|