@blimu/backend 0.7.0 → 1.1.1

package/dist/services/users.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/services/users.ts"],"sourcesContent":["import { CoreClient } from '../client';\nimport * as Schema from '../schema';\n\nexport class UsersService {\n  constructor(private core: CoreClient) {}\n\n  /**\n   * GET /v1/users*\n   * @summary List users*\n   * @description Retrieves a paginated list of users in your environment. Supports search functionality to filter users by email, name, or lookup key.*/\n  list(\n    query?: Schema.UsersListQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.UserList> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/users`,\n      query,\n      ...(init || {}),\n    });\n  }\n\n  /**\n   * POST /v1/users*\n   * @summary Create a user*\n   * @description Creates a new user in your environment. The lookupKey is a unique identifier that you can use to reference the user in your system. It should be stable and not change over time.*/\n  create(\n    body: Schema.UserCreateBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.User> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/users`,\n      body: body as any,\n      ...(init || {}),\n    });\n  }\n\n  /**\n   * DELETE /v1/users/{userId}*\n   * @summary Delete a user*\n   * @description Deletes a user by their ID or lookup key. This operation is permanent and cannot be undone. Deleting a user will also remove all role assignments for that user.*/\n  delete(\n    userId: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<unknown> {\n    return this.core.request({\n      method: 'DELETE',\n      path: `/v1/users/${encodeURIComponent(userId)}`,\n      ...(init || {}),\n    });\n  }\n\n  /**\n   * GET /v1/users/{userId}*\n   * @summary Get a user by ID*\n   * @description Retrieves a single user by their ID or lookup key. Returns user information including email, name, and metadata.*/\n  read(\n    userId: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.User> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/users/${encodeURIComponent(userId)}`,\n      ...(init || {}),\n    });\n  }\n\n  /**\n   * PUT /v1/users/{userId}*\n   * @summary Update a user*\n   * @description Updates an existing user. You can modify email, name, and other user properties. The lookupKey can be updated but should remain stable.*/\n  update(\n    userId: string,\n    body: Schema.UserUpdateBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.User> {\n    return this.core.request({\n      method: 'PUT',\n      path: `/v1/users/${encodeURIComponent(userId)}`,\n      body: body as any,\n      ...(init || {}),\n    });\n  }\n\n  /**\n   * GET /v1/users/{userId}/effective-user-resources-roles*\n   * @summary List effective user resources roles*\n   * @description Retrieves all resources and roles for a user, including inherited roles from parent resources. The response indicates whether each role is directly assigned or inherited through resource hierarchies.*/\n  listEffectiveUserResourcesRoles(\n    userId: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.UserResourceList> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/users/${encodeURIComponent(userId)}/effective-user-resources-roles`,\n      ...(init || {}),\n    });\n  }\n}\n"],"mappings":";AAGO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAkB;AAAlB;AAAA,EAAmB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMvC,KACE,OACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KACE,QACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gCACE,QACA,MACkC;AAClC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;","names":[]}

package/dist/token-verifier.d.mts

@@ -0,0 +1,35 @@
+interface JWK {
+    kty: string;
+    use: string;
+    kid: string;
+    alg: string;
+    n: string;
+    e: string;
+}
+interface JWKSet {
+    keys: JWK[];
+}
+interface VerifyTokenOptions {
+    url?: string;
+    secretKey?: string;
+    token: string;
+    runtimeApiUrl?: string;
+}
+interface TokenVerifierOptions {
+    runtimeApiUrl?: string;
+    cacheTTL?: number;
+}
+declare class TokenVerifier {
+    private readonly cache;
+    private readonly cacheTTL;
+    private readonly runtimeApiUrl;
+    constructor(options?: TokenVerifierOptions);
+    private fetchJWKSet;
+    private jwkToKeyObject;
+    private getPublicKey;
+    verifyToken<T = any>(options: VerifyTokenOptions): Promise<T>;
+    clearCache(secretKeyOrUrl?: string): void;
+}
+declare function verifyToken<T = any>(options: VerifyTokenOptions): Promise<T>;
+
+export { type JWK, type JWKSet, TokenVerifier, type TokenVerifierOptions, type VerifyTokenOptions, verifyToken };

package/dist/token-verifier.d.ts

@@ -1,4 +1,4 @@
-export interface JWK {
+interface JWK {
     kty: string;
     use: string;
     kid: string;
@@ -6,20 +6,20 @@ export interface JWK {
     n: string;
     e: string;
 }
-export interface JWKSet {
+interface JWKSet {
     keys: JWK[];
 }
-export interface VerifyTokenOptions {
+interface VerifyTokenOptions {
     url?: string;
     secretKey?: string;
     token: string;
     runtimeApiUrl?: string;
 }
-export interface TokenVerifierOptions {
+interface TokenVerifierOptions {
     runtimeApiUrl?: string;
     cacheTTL?: number;
 }
-export declare class TokenVerifier {
+declare class TokenVerifier {
     private readonly cache;
     private readonly cacheTTL;
     private readonly runtimeApiUrl;
@@ -30,4 +30,6 @@ export declare class TokenVerifier {
     verifyToken<T = any>(options: VerifyTokenOptions): Promise<T>;
     clearCache(secretKeyOrUrl?: string): void;
 }
-export declare function verifyToken<T = any>(options: VerifyTokenOptions): Promise<T>;
+declare function verifyToken<T = any>(options: VerifyTokenOptions): Promise<T>;
+
+export { type JWK, type JWKSet, TokenVerifier, type TokenVerifierOptions, type VerifyTokenOptions, verifyToken };

package/dist/token-verifier.js

@@ -1,182 +1,238 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/token-verifier.ts
+var token_verifier_exports = {};
+__export(token_verifier_exports, {
+  TokenVerifier: () => TokenVerifier,
+  verifyToken: () => verifyToken
 });
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.TokenVerifier = void 0;
-exports.verifyToken = verifyToken;
-const crypto = __importStar(require("crypto"));
-const jwt = __importStar(require("jsonwebtoken"));
-class TokenVerifier {
-    constructor(options) {
-        this.cache = new Map();
-        this.cacheTTL = options?.cacheTTL ?? 60 * 60 * 1000;
-        const blimuAuthApiUrl = typeof process !== 'undefined' && process.env.BLIMU_AUTH_API_URL
-            ? process.env.BLIMU_AUTH_API_URL
-            : undefined;
-        this.runtimeApiUrl = blimuAuthApiUrl ?? 'https://api.blimu.dev';
+module.exports = __toCommonJS(token_verifier_exports);
+
+// src/client.ts
+var import_fetch = require("@blimu/fetch");
+
+// src/token-verifier.ts
+var crypto = __toESM(require("crypto"));
+var jwt = __toESM(require("jsonwebtoken"));
+var TokenVerifier = class {
+  cache = /* @__PURE__ */ new Map();
+  cacheTTL;
+  runtimeApiUrl;
+  constructor(options) {
+    this.cacheTTL = options?.cacheTTL ?? 60 * 60 * 1e3;
+    const blimuAuthApiUrl = typeof process !== "undefined" && process.env.BLIMU_AUTH_API_URL ? process.env.BLIMU_AUTH_API_URL : void 0;
+    this.runtimeApiUrl = blimuAuthApiUrl ?? "https://api.blimu.dev";
+  }
+  /**
+   * Fetch JWK Set from runtime-api
+   */
+  async fetchJWKSet(endpoint, headers) {
+    console.log(`[TokenVerifier] \u{1F4E1} Fetching JWK Set from: ${endpoint}`);
+    if (headers) {
+      console.log(
+        `[TokenVerifier] \u{1F4E1} Request headers: ${JSON.stringify(Object.keys(headers).map((k) => `${k}: ${k === "x-api-key" ? "***" : headers[k]}`))}`
+      );
     }
-    async fetchJWKSet(endpoint, headers) {
-        console.log(`[TokenVerifier] 📡 Fetching JWK Set from: ${endpoint}`);
-        if (headers) {
-            console.log(`[TokenVerifier] 📡 Request headers: ${JSON.stringify(Object.keys(headers).map((k) => `${k}: ${k === 'x-api-key' ? '***' : headers[k]}`))}`);
-        }
-        const response = await fetch(endpoint, {
-            method: 'GET',
-            headers: {
-                'Content-Type': 'application/json',
-                ...headers,
-            },
-        });
-        console.log(`[TokenVerifier] 📡 Response status: ${response.status} ${response.statusText}`);
-        if (!response.ok) {
-            const errorText = await response.text();
-            console.error(`[TokenVerifier] ❌ Failed to fetch JWKs: ${response.status} ${errorText}`);
-            throw new Error(`Failed to fetch JWKs from ${endpoint}: ${response.status} ${errorText}`);
-        }
-        const jwkSet = (await response.json());
-        console.log(`[TokenVerifier] ✅ Successfully fetched JWK Set with ${jwkSet.keys.length} keys`);
-        return jwkSet;
+    const response = await fetch(endpoint, {
+      method: "GET",
+      headers: {
+        "Content-Type": "application/json",
+        ...headers
+      }
+    });
+    console.log(
+      `[TokenVerifier] \u{1F4E1} Response status: ${response.status} ${response.statusText}`
+    );
+    if (!response.ok) {
+      const errorText = await response.text();
+      console.error(
+        `[TokenVerifier] \u274C Failed to fetch JWKs: ${response.status} ${errorText}`
+      );
+      throw new import_fetch.FetchError("Failed to fetch JWKs", response.status, errorText);
     }
-    jwkToKeyObject(jwk) {
-        return crypto.createPublicKey({
-            key: {
-                kty: jwk.kty,
-                n: jwk.n,
-                e: jwk.e,
-                alg: jwk.alg,
-            },
-            format: 'jwk',
-        });
+    const jwkSet = await response.json();
+    console.log(
+      `[TokenVerifier] \u2705 Successfully fetched JWK Set with ${jwkSet.keys.length} keys`
+    );
+    return jwkSet;
+  }
+  /**
+   * Convert JWK to KeyObject
+   */
+  jwkToKeyObject(jwk) {
+    return crypto.createPublicKey({
+      key: {
+        kty: jwk.kty,
+        n: jwk.n,
+        e: jwk.e,
+        alg: jwk.alg
+      },
+      format: "jwk"
+    });
+  }
+  /**
+   * Get public key for a specific key ID
+   */
+  async getPublicKey(kid, cacheKey, endpoint, headers) {
+    const cached = this.cache.get(cacheKey);
+    if (cached && cached.expiresAt > Date.now()) {
+      console.log(`[TokenVerifier] \u2705 Using cached key for kid: ${kid}`);
+      return cached.key;
     }
-    async getPublicKey(kid, cacheKey, endpoint, headers) {
-        const cached = this.cache.get(cacheKey);
-        if (cached && cached.expiresAt > Date.now()) {
-            console.log(`[TokenVerifier] ✅ Using cached key for kid: ${kid}`);
-            return cached.key;
-        }
-        console.log(`[TokenVerifier] 🔍 Cache miss or expired. Fetching new key for kid: ${kid}`);
-        const jwkSet = await this.fetchJWKSet(endpoint, headers);
-        const jwk = jwkSet.keys.find((k) => k.kid === kid);
-        if (!jwk) {
-            const availableKids = jwkSet.keys.map((k) => k.kid).join(', ');
-            console.error(`[TokenVerifier] ❌ Key with kid '${kid}' not found in JWK Set. Available kids: ${availableKids}`);
-            throw new Error(`Key with kid '${kid}' not found in JWK Set. Available kids: ${availableKids}`);
-        }
-        console.log(`[TokenVerifier] ✅ Found key with kid: ${kid}`);
-        const keyObject = this.jwkToKeyObject(jwk);
-        this.cache.set(cacheKey, {
-            key: keyObject,
-            kid,
-            expiresAt: Date.now() + this.cacheTTL,
-        });
-        return keyObject;
+    console.log(
+      `[TokenVerifier] \u{1F50D} Cache miss or expired. Fetching new key for kid: ${kid}`
+    );
+    const jwkSet = await this.fetchJWKSet(endpoint, headers);
+    const jwk = jwkSet.keys.find((k) => k.kid === kid);
+    if (!jwk) {
+      const availableKids = jwkSet.keys.map((k) => k.kid).join(", ");
+      console.error(
+        `[TokenVerifier] \u274C Key with kid '${kid}' not found in JWK Set. Available kids: ${availableKids}`
+      );
+      throw new Error(
+        `Key with kid '${kid}' not found in JWK Set. Available kids: ${availableKids}`
+      );
     }
-    async verifyToken(options) {
-        const { url, secretKey, token, runtimeApiUrl } = options;
-        if (!url && !secretKey) {
-            throw new Error('Either url or secretKey must be provided');
-        }
-        if (url && secretKey) {
-            throw new Error('Cannot provide both url and secretKey');
-        }
-        const decoded = jwt.decode(token, { complete: true });
-        if (!decoded || typeof decoded === 'string') {
-            throw new Error('Invalid token format');
-        }
-        const header = decoded.header;
-        if (!header.kid) {
-            throw new Error('Token missing kid in header');
-        }
-        let endpoint;
-        let cacheKey;
-        let headers;
-        if (secretKey) {
-            const apiUrl = runtimeApiUrl ?? this.runtimeApiUrl;
-            endpoint = `${apiUrl}/v1/auth/.well-known/jwks.json`;
-            cacheKey = secretKey;
-            headers = {
-                'x-api-key': secretKey,
-            };
-            console.log(`[TokenVerifier] 🔍 Verifying token with kid: ${header.kid}, endpoint: ${endpoint}`);
-        }
-        else {
-            endpoint = url;
-            cacheKey = url;
-            console.log(`[TokenVerifier] 🔍 Verifying token with kid: ${header.kid}, endpoint: ${endpoint}`);
-        }
-        let publicKey;
-        try {
-            publicKey = await this.getPublicKey(header.kid, cacheKey, endpoint, headers);
-            console.log(`[TokenVerifier] ✅ Successfully retrieved public key for kid: ${header.kid}`);
-        }
-        catch (error) {
-            console.error(`[TokenVerifier] ❌ Failed to get public key (first attempt): ${error instanceof Error ? error.message : String(error)}`);
-            this.clearCache(cacheKey);
-            console.log(`[TokenVerifier] 🔄 Retrying after cache clear...`);
-            try {
-                publicKey = await this.getPublicKey(header.kid, cacheKey, endpoint, headers);
-                console.log(`[TokenVerifier] ✅ Successfully retrieved public key for kid: ${header.kid} (retry)`);
-            }
-            catch (retryError) {
-                console.error(`[TokenVerifier] ❌ Failed to get public key (retry): ${retryError instanceof Error ? retryError.message : String(retryError)}`);
-                throw retryError;
-            }
-        }
-        try {
-            const payload = jwt.verify(token, publicKey, {
-                algorithms: ['RS256'],
-            });
-            console.log(`[TokenVerifier] ✅ Token verified successfully`);
-            return payload;
-        }
-        catch (error) {
-            console.error(`[TokenVerifier] ❌ JWT verification failed: ${error instanceof Error ? error.message : String(error)}`);
-            throw error;
-        }
+    console.log(`[TokenVerifier] \u2705 Found key with kid: ${kid}`);
+    const keyObject = this.jwkToKeyObject(jwk);
+    this.cache.set(cacheKey, {
+      key: keyObject,
+      kid,
+      expiresAt: Date.now() + this.cacheTTL
+    });
+    return keyObject;
+  }
+  /**
+   * Verify JWT token using JWKs from runtime-api
+   */
+  async verifyToken(options) {
+    const { url, secretKey, token, runtimeApiUrl } = options;
+    if (!url && !secretKey) {
+      throw new Error("Either url or secretKey must be provided");
     }
-    clearCache(secretKeyOrUrl) {
-        if (secretKeyOrUrl) {
-            this.cache.delete(secretKeyOrUrl);
-        }
-        else {
-            this.cache.clear();
-        }
+    if (url && secretKey) {
+      throw new Error("Cannot provide both url and secretKey");
     }
-}
-exports.TokenVerifier = TokenVerifier;
+    const decoded = jwt.decode(token, { complete: true });
+    if (!decoded || typeof decoded === "string") {
+      throw new Error("Invalid token format");
+    }
+    const header = decoded.header;
+    if (!header.kid) {
+      throw new Error("Token missing kid in header");
+    }
+    let endpoint;
+    let cacheKey;
+    let headers;
+    if (secretKey) {
+      const apiUrl = runtimeApiUrl ?? this.runtimeApiUrl;
+      endpoint = `${apiUrl}/v1/auth/.well-known/jwks.json`;
+      cacheKey = secretKey;
+      headers = {
+        "x-api-key": secretKey
+      };
+      console.log(
+        `[TokenVerifier] \u{1F50D} Verifying token with kid: ${header.kid}, endpoint: ${endpoint}`
+      );
+    } else {
+      endpoint = url;
+      cacheKey = url;
+      console.log(
+        `[TokenVerifier] \u{1F50D} Verifying token with kid: ${header.kid}, endpoint: ${endpoint}`
+      );
+    }
+    let publicKey;
+    try {
+      publicKey = await this.getPublicKey(
+        header.kid,
+        cacheKey,
+        endpoint,
+        headers
+      );
+      console.log(
+        `[TokenVerifier] \u2705 Successfully retrieved public key for kid: ${header.kid}`
+      );
+    } catch (error) {
+      console.error(
+        `[TokenVerifier] \u274C Failed to get public key (first attempt): ${error instanceof Error ? error.message : String(error)}`
+      );
+      this.clearCache(cacheKey);
+      console.log(`[TokenVerifier] \u{1F504} Retrying after cache clear...`);
+      try {
+        publicKey = await this.getPublicKey(
+          header.kid,
+          cacheKey,
+          endpoint,
+          headers
+        );
+        console.log(
+          `[TokenVerifier] \u2705 Successfully retrieved public key for kid: ${header.kid} (retry)`
+        );
+      } catch (retryError) {
+        console.error(
+          `[TokenVerifier] \u274C Failed to get public key (retry): ${retryError instanceof Error ? retryError.message : String(retryError)}`
+        );
+        throw retryError;
+      }
+    }
+    try {
+      const payload = jwt.verify(token, publicKey, {
+        algorithms: ["RS256"]
+      });
+      console.log(`[TokenVerifier] \u2705 Token verified successfully`);
+      return payload;
+    } catch (error) {
+      console.error(
+        `[TokenVerifier] \u274C JWT verification failed: ${error instanceof Error ? error.message : String(error)}`
+      );
+      throw error;
+    }
+  }
+  /**
+   * Clear cache (useful for testing or key rotation)
+   */
+  clearCache(secretKeyOrUrl) {
+    if (secretKeyOrUrl) {
+      this.cache.delete(secretKeyOrUrl);
+    } else {
+      this.cache.clear();
+    }
+  }
+};
 async function verifyToken(options) {
-    const verifier = new TokenVerifier();
-    return verifier.verifyToken(options);
+  const verifier = new TokenVerifier();
+  return verifier.verifyToken(options);
 }
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  TokenVerifier,
+  verifyToken
+});
 //# sourceMappingURL=token-verifier.js.map

package/dist/token-verifier.js.map

@@ -1 +1 @@
-{"version":3,"file":"token-verifier.js","sourceRoot":"","sources":["../src/token-verifier.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0PA,kCAGC;AA7PD,+CAAiC;AACjC,kDAAoC;AAiCpC,MAAa,aAAa;IAKxB,YAAY,OAA8B;QAJzB,UAAK,GAAG,IAAI,GAAG,EAAqB,CAAC;QAKpD,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAEpD,MAAM,eAAe,GACnB,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB;YAC9D,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB;YAChC,CAAC,CAAC,SAAS,CAAC;QAGhB,IAAI,CAAC,aAAa,GAAG,eAAe,IAAI,uBAAuB,CAAC;IAClE,CAAC;IAKO,KAAK,CAAC,WAAW,CAAC,QAAgB,EAAE,OAAgC;QAC1E,OAAO,CAAC,GAAG,CAAC,6CAA6C,QAAQ,EAAE,CAAC,CAAC;QACrE,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,CAAC,GAAG,CACT,uCAAuC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAC5I,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YACrC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,GAAG,OAAO;aACX;SACF,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,uCAAuC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QAE7F,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,OAAO,CAAC,KAAK,CAAC,2CAA2C,QAAQ,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;YACzF,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,KAAK,QAAQ,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;QAC5F,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAW,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,uDAAuD,MAAM,CAAC,IAAI,CAAC,MAAM,OAAO,CAAC,CAAC;QAC9F,OAAO,MAAM,CAAC;IAChB,CAAC;IAKO,cAAc,CAAC,GAAQ;QAC7B,OAAO,MAAM,CAAC,eAAe,CAAC;YAC5B,GAAG,EAAE;gBACH,GAAG,EAAE,GAAG,CAAC,GAAG;gBACZ,CAAC,EAAE,GAAG,CAAC,CAAC;gBACR,CAAC,EAAE,GAAG,CAAC,CAAC;gBACR,GAAG,EAAE,GAAG,CAAC,GAAG;aACb;YACD,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;IACL,CAAC;IAKO,KAAK,CAAC,YAAY,CACxB,GAAW,EACX,QAAgB,EAChB,QAAgB,EAChB,OAAgC;QAGhC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,+CAA+C,GAAG,EAAE,CAAC,CAAC;YAClE,OAAO,MAAM,CAAC,GAAG,CAAC;QACpB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,uEAAuE,GAAG,EAAE,CAAC,CAAC;QAG1F,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAGzD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;QACnD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/D,OAAO,CAAC,KAAK,CACX,mCAAmC,GAAG,2CAA2C,aAAa,EAAE,CACjG,CAAC;YACF,MAAM,IAAI,KAAK,CACb,iBAAiB,GAAG,2CAA2C,aAAa,EAAE,CAC/E,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,yCAAyC,GAAG,EAAE,CAAC,CAAC;QAG5D,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QAG3C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE;YACvB,GAAG,EAAE,SAAS;YACd,GAAG;YACH,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ;SACtC,CAAC,CAAC;QAEH,OAAO,SAAS,CAAC;IACnB,CAAC;IAKD,KAAK,CAAC,WAAW,CAAU,OAA2B;QACpD,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;QAEzD,IAAI,CAAC,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QAED,IAAI,GAAG,IAAI,SAAS,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAGD,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC9B,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QAED,IAAI,QAAgB,CAAC;QACrB,IAAI,QAAgB,CAAC;QACrB,IAAI,OAA2C,CAAC;QAEhD,IAAI,SAAS,EAAE,CAAC;YAEd,MAAM,MAAM,GAAG,aAAa,IAAI,IAAI,CAAC,aAAa,CAAC;YACnD,QAAQ,GAAG,GAAG,MAAM,gCAAgC,CAAC;YACrD,QAAQ,GAAG,SAAS,CAAC;YACrB,OAAO,GAAG;gBACR,WAAW,EAAE,SAAS;aACvB,CAAC;YACF,OAAO,CAAC,GAAG,CACT,gDAAgD,MAAM,CAAC,GAAG,eAAe,QAAQ,EAAE,CACpF,CAAC;QACJ,CAAC;aAAM,CAAC;YAEN,QAAQ,GAAG,GAAI,CAAC;YAChB,QAAQ,GAAG,GAAI,CAAC;YAChB,OAAO,CAAC,GAAG,CACT,gDAAgD,MAAM,CAAC,GAAG,eAAe,QAAQ,EAAE,CACpF,CAAC;QACJ,CAAC;QAGD,IAAI,SAA2B,CAAC;QAChC,IAAI,CAAC;YACH,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC7E,OAAO,CAAC,GAAG,CAAC,gEAAgE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;QAC5F,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,+DAA+D,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACxH,CAAC;YAEF,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;YAChE,IAAI,CAAC;gBACH,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAC7E,OAAO,CAAC,GAAG,CACT,gEAAgE,MAAM,CAAC,GAAG,UAAU,CACrF,CAAC;YACJ,CAAC;YAAC,OAAO,UAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CACX,uDAAuD,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAC/H,CAAC;gBACF,MAAM,UAAU,CAAC;YACnB,CAAC;QACH,CAAC;QAGD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE;gBAC3C,UAAU,EAAE,CAAC,OAAO,CAAC;aACtB,CAAM,CAAC;YACR,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;YAC7D,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,8CAA8C,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACvG,CAAC;YACF,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAKD,UAAU,CAAC,cAAuB;QAChC,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QACpC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC;IACH,CAAC;CACF;AAnND,sCAmNC;AAKM,KAAK,UAAU,WAAW,CAAU,OAA2B;IACpE,MAAM,QAAQ,GAAG,IAAI,aAAa,EAAE,CAAC;IACrC,OAAO,QAAQ,CAAC,WAAW,CAAI,OAAO,CAAC,CAAC;AAC1C,CAAC"}
+{"version":3,"sources":["../src/token-verifier.ts","../src/client.ts"],"sourcesContent":["import { FetchError } from 'client';\nimport * as crypto from 'crypto';\nimport * as jwt from 'jsonwebtoken';\n\nexport interface JWK {\n  kty: string;\n  use: string;\n  kid: string;\n  alg: string;\n  n: string;\n  e: string;\n}\n\nexport interface JWKSet {\n  keys: JWK[];\n}\n\ninterface CachedJWK {\n  key: crypto.KeyObject;\n  kid: string;\n  expiresAt: number;\n}\n\nexport interface VerifyTokenOptions {\n  url?: string; // Direct URL to JWK endpoint (for custom scenarios)\n  secretKey?: string; // API key/secret key - uses runtimeApiUrl + JWK endpoint\n  token: string;\n  runtimeApiUrl?: string; // Optional override for runtime API URL\n}\n\nexport interface TokenVerifierOptions {\n  runtimeApiUrl?: string; // Default from BLIMU_AUTH_API_URL env var\n  cacheTTL?: number; // Default: 1 hour\n}\n\nexport class TokenVerifier {\n  private readonly cache = new Map<string, CachedJWK>();\n  private readonly cacheTTL: number;\n  private readonly runtimeApiUrl: string;\n\n  constructor(options?: TokenVerifierOptions) {\n    this.cacheTTL = options?.cacheTTL ?? 60 * 60 * 1000; // 1 hour\n\n    const blimuAuthApiUrl =\n      typeof process !== 'undefined' && process.env.BLIMU_AUTH_API_URL\n        ? process.env.BLIMU_AUTH_API_URL\n        : undefined;\n\n    // if we have secretKey, we can call runtime-api directly, otherwise we need to use customer specific auth-api\n    this.runtimeApiUrl = blimuAuthApiUrl ?? 'https://api.blimu.dev';\n  }\n\n  /**\n   * Fetch JWK Set from runtime-api\n   */\n  private async fetchJWKSet(\n    endpoint: string,\n    headers?: Record<string, string>\n  ): Promise<JWKSet> {\n    console.log(`[TokenVerifier] 📡 Fetching JWK Set from: ${endpoint}`);\n    if (headers) {\n      console.log(\n        `[TokenVerifier] 📡 Request headers: ${JSON.stringify(Object.keys(headers).map((k) => `${k}: ${k === 'x-api-key' ? '***' : headers[k]}`))}`\n      );\n    }\n\n    const response = await fetch(endpoint, {\n      method: 'GET',\n      headers: {\n        'Content-Type': 'application/json',\n        ...headers,\n      },\n    });\n\n    console.log(\n      `[TokenVerifier] 📡 Response status: ${response.status} ${response.statusText}`\n    );\n\n    if (!response.ok) {\n      const errorText = await response.text();\n      console.error(\n        `[TokenVerifier] ❌ Failed to fetch JWKs: ${response.status} ${errorText}`\n      );\n      throw new FetchError('Failed to fetch JWKs', response.status, errorText);\n    }\n\n    const jwkSet = (await response.json()) as JWKSet;\n    console.log(\n      `[TokenVerifier] ✅ Successfully fetched JWK Set with ${jwkSet.keys.length} keys`\n    );\n    return jwkSet;\n  }\n\n  /**\n   * Convert JWK to KeyObject\n   */\n  private jwkToKeyObject(jwk: JWK): crypto.KeyObject {\n    return crypto.createPublicKey({\n      key: {\n        kty: jwk.kty,\n        n: jwk.n,\n        e: jwk.e,\n        alg: jwk.alg,\n      },\n      format: 'jwk',\n    });\n  }\n\n  /**\n   * Get public key for a specific key ID\n   */\n  private async getPublicKey(\n    kid: string,\n    cacheKey: string,\n    endpoint: string,\n    headers?: Record<string, string>\n  ): Promise<crypto.KeyObject> {\n    // Check cache first\n    const cached = this.cache.get(cacheKey);\n    if (cached && cached.expiresAt > Date.now()) {\n      console.log(`[TokenVerifier] ✅ Using cached key for kid: ${kid}`);\n      return cached.key;\n    }\n\n    console.log(\n      `[TokenVerifier] 🔍 Cache miss or expired. Fetching new key for kid: ${kid}`\n    );\n\n    // Fetch JWK Set\n    const jwkSet = await this.fetchJWKSet(endpoint, headers);\n\n    // Find the key with matching kid\n    const jwk = jwkSet.keys.find((k) => k.kid === kid);\n    if (!jwk) {\n      const availableKids = jwkSet.keys.map((k) => k.kid).join(', ');\n      console.error(\n        `[TokenVerifier] ❌ Key with kid '${kid}' not found in JWK Set. Available kids: ${availableKids}`\n      );\n      throw new Error(\n        `Key with kid '${kid}' not found in JWK Set. Available kids: ${availableKids}`\n      );\n    }\n\n    console.log(`[TokenVerifier] ✅ Found key with kid: ${kid}`);\n\n    // Convert JWK to KeyObject\n    const keyObject = this.jwkToKeyObject(jwk);\n\n    // Cache the key\n    this.cache.set(cacheKey, {\n      key: keyObject,\n      kid,\n      expiresAt: Date.now() + this.cacheTTL,\n    });\n\n    return keyObject;\n  }\n\n  /**\n   * Verify JWT token using JWKs from runtime-api\n   */\n  async verifyToken<T = any>(options: VerifyTokenOptions): Promise<T> {\n    const { url, secretKey, token, runtimeApiUrl } = options;\n\n    if (!url && !secretKey) {\n      throw new Error('Either url or secretKey must be provided');\n    }\n\n    if (url && secretKey) {\n      throw new Error('Cannot provide both url and secretKey');\n    }\n\n    // Decode token header to get kid (without verification)\n    const decoded = jwt.decode(token, { complete: true });\n    if (!decoded || typeof decoded === 'string') {\n      throw new Error('Invalid token format');\n    }\n\n    const header = decoded.header;\n    if (!header.kid) {\n      throw new Error('Token missing kid in header');\n    }\n\n    let endpoint: string;\n    let cacheKey: string;\n    let headers: Record<string, string> | undefined;\n\n    if (secretKey) {\n      // Use secretKey with runtimeApiUrl\n      const apiUrl = runtimeApiUrl ?? this.runtimeApiUrl;\n      endpoint = `${apiUrl}/v1/auth/.well-known/jwks.json`;\n      cacheKey = secretKey;\n      headers = {\n        'x-api-key': secretKey,\n      };\n      console.log(\n        `[TokenVerifier] 🔍 Verifying token with kid: ${header.kid}, endpoint: ${endpoint}`\n      );\n    } else {\n      // Use direct URL\n      endpoint = url!;\n      cacheKey = url!;\n      console.log(\n        `[TokenVerifier] 🔍 Verifying token with kid: ${header.kid}, endpoint: ${endpoint}`\n      );\n    }\n\n    // Get public key for this kid\n    let publicKey: crypto.KeyObject;\n    try {\n      publicKey = await this.getPublicKey(\n        header.kid,\n        cacheKey,\n        endpoint,\n        headers\n      );\n      console.log(\n        `[TokenVerifier] ✅ Successfully retrieved public key for kid: ${header.kid}`\n      );\n    } catch (error) {\n      console.error(\n        `[TokenVerifier] ❌ Failed to get public key (first attempt): ${error instanceof Error ? error.message : String(error)}`\n      );\n      // If verification fails, clear cache and retry once (handles key rotation)\n      this.clearCache(cacheKey);\n      console.log(`[TokenVerifier] 🔄 Retrying after cache clear...`);\n      try {\n        publicKey = await this.getPublicKey(\n          header.kid,\n          cacheKey,\n          endpoint,\n          headers\n        );\n        console.log(\n          `[TokenVerifier] ✅ Successfully retrieved public key for kid: ${header.kid} (retry)`\n        );\n      } catch (retryError) {\n        console.error(\n          `[TokenVerifier] ❌ Failed to get public key (retry): ${retryError instanceof Error ? retryError.message : String(retryError)}`\n        );\n        throw retryError;\n      }\n    }\n\n    // Verify token\n    try {\n      const payload = jwt.verify(token, publicKey, {\n        algorithms: ['RS256'],\n      }) as T;\n      console.log(`[TokenVerifier] ✅ Token verified successfully`);\n      return payload;\n    } catch (error) {\n      console.error(\n        `[TokenVerifier] ❌ JWT verification failed: ${error instanceof Error ? error.message : String(error)}`\n      );\n      throw error;\n    }\n  }\n\n  /**\n   * Clear cache (useful for testing or key rotation)\n   */\n  clearCache(secretKeyOrUrl?: string): void {\n    if (secretKeyOrUrl) {\n      this.cache.delete(secretKeyOrUrl);\n    } else {\n      this.cache.clear();\n    }\n  }\n}\n\n/**\n * Convenience function to verify a token\n */\nexport async function verifyToken<T = any>(\n  options: VerifyTokenOptions\n): Promise<T> {\n  const verifier = new TokenVerifier();\n  return verifier.verifyToken<T>(options);\n}\n","import {\n  FetchClient,\n  FetchError,\n  type FetchClientConfig,\n  type AuthStrategy,\n} from '@blimu/fetch';\n\nexport type ClientOption = FetchClientConfig & { apiKey?: string };\n\n// Re-export FetchError for backward compatibility\nexport { FetchError };\n\nexport class CoreClient extends FetchClient {\n  constructor(cfg: ClientOption = {}) {\n    // Build auth strategies from OpenAPI security schemes\n    const authStrategies: AuthStrategy[] = [];\n\n    // Extract auth and security scheme properties to avoid passing them to FetchClient\n    const { auth: _existingAuth, apiKey, ...restCfg } = cfg;\n    if (cfg?.apiKey) {\n      const apiKeyValue = cfg.apiKey;\n      authStrategies.push({\n        type: 'apiKey',\n        key: () => apiKeyValue,\n        location: 'header',\n        name: 'X-API-KEY',\n      });\n    } // Build final auth config (merge existing with new strategies)\n    const finalAuthStrategies = [\n      ...(_existingAuth?.strategies || []),\n      ...authStrategies,\n    ];\n\n    // Build fetchConfig, ensuring auth comes after restCfg spread to override any existing auth\n    const fetchConfig: FetchClientConfig = {\n      ...restCfg,\n      baseURL: cfg.baseURL ?? 'https://api.blimu.dev',\n      // Explicitly set auth after restCfg to ensure it's not overwritten\n      // (restCfg might have an auth property that we want to replace)\n      ...(finalAuthStrategies.length > 0\n        ? {\n            auth: {\n              strategies: finalAuthStrategies,\n            },\n          }\n        : {}),\n      // Hooks are passed through directly from FetchClientConfig (no mapping needed)\n    };\n\n    super(fetchConfig);\n  }\n\n  async request(\n    init: RequestInit & {\n      path: string;\n      method: string;\n      query?: Record<string, any>;\n    }\n  ) {\n    return await super.request(init);\n  }\n\n  async *requestStream<T = any>(\n    init: RequestInit & {\n      path: string;\n      method: string;\n      query?: Record<string, any>;\n      contentType: string;\n      streamingFormat?: 'sse' | 'ndjson' | 'chunked';\n    }\n  ): AsyncGenerator<T, void, unknown> {\n    yield* super.requestStream(init);\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,mBAKO;;;ADJP,aAAwB;AACxB,UAAqB;AAiCd,IAAM,gBAAN,MAAoB;AAAA,EACR,QAAQ,oBAAI,IAAuB;AAAA,EACnC;AAAA,EACA;AAAA,EAEjB,YAAY,SAAgC;AAC1C,SAAK,WAAW,SAAS,YAAY,KAAK,KAAK;AAE/C,UAAM,kBACJ,OAAO,YAAY,eAAe,QAAQ,IAAI,qBAC1C,QAAQ,IAAI,qBACZ;AAGN,SAAK,gBAAgB,mBAAmB;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,YACZ,UACA,SACiB;AACjB,YAAQ,IAAI,oDAA6C,QAAQ,EAAE;AACnE,QAAI,SAAS;AACX,cAAQ;AAAA,QACN,8CAAuC,KAAK,UAAU,OAAO,KAAK,OAAO,EAAE,IAAI,CAAC,MAAM,GAAG,CAAC,KAAK,MAAM,cAAc,QAAQ,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;AAAA,MAC3I;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,MAAM,UAAU;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,GAAG;AAAA,MACL;AAAA,IACF,CAAC;AAED,YAAQ;AAAA,MACN,8CAAuC,SAAS,MAAM,IAAI,SAAS,UAAU;AAAA,IAC/E;AAEA,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,YAAY,MAAM,SAAS,KAAK;AACtC,cAAQ;AAAA,QACN,gDAA2C,SAAS,MAAM,IAAI,SAAS;AAAA,MACzE;AACA,YAAM,IAAI,wBAAW,wBAAwB,SAAS,QAAQ,SAAS;AAAA,IACzE;AAEA,UAAM,SAAU,MAAM,SAAS,KAAK;AACpC,YAAQ;AAAA,MACN,4DAAuD,OAAO,KAAK,MAAM;AAAA,IAC3E;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,eAAe,KAA4B;AACjD,WAAc,uBAAgB;AAAA,MAC5B,KAAK;AAAA,QACH,KAAK,IAAI;AAAA,QACT,GAAG,IAAI;AAAA,QACP,GAAG,IAAI;AAAA,QACP,KAAK,IAAI;AAAA,MACX;AAAA,MACA,QAAQ;AAAA,IACV,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,aACZ,KACA,UACA,UACA,SAC2B;AAE3B,UAAM,SAAS,KAAK,MAAM,IAAI,QAAQ;AACtC,QAAI,UAAU,OAAO,YAAY,KAAK,IAAI,GAAG;AAC3C,cAAQ,IAAI,oDAA+C,GAAG,EAAE;AAChE,aAAO,OAAO;AAAA,IAChB;AAEA,YAAQ;AAAA,MACN,8EAAuE,GAAG;AAAA,IAC5E;AAGA,UAAM,SAAS,MAAM,KAAK,YAAY,UAAU,OAAO;AAGvD,UAAM,MAAM,OAAO,KAAK,KAAK,CAAC,MAAM,EAAE,QAAQ,GAAG;AACjD,QAAI,CAAC,KAAK;AACR,YAAM,gBAAgB,OAAO,KAAK,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,KAAK,IAAI;AAC7D,cAAQ;AAAA,QACN,wCAAmC,GAAG,2CAA2C,aAAa;AAAA,MAChG;AACA,YAAM,IAAI;AAAA,QACR,iBAAiB,GAAG,2CAA2C,aAAa;AAAA,MAC9E;AAAA,IACF;AAEA,YAAQ,IAAI,8CAAyC,GAAG,EAAE;AAG1D,UAAM,YAAY,KAAK,eAAe,GAAG;AAGzC,SAAK,MAAM,IAAI,UAAU;AAAA,MACvB,KAAK;AAAA,MACL;AAAA,MACA,WAAW,KAAK,IAAI,IAAI,KAAK;AAAA,IAC/B,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAqB,SAAyC;AAClE,UAAM,EAAE,KAAK,WAAW,OAAO,cAAc,IAAI;AAEjD,QAAI,CAAC,OAAO,CAAC,WAAW;AACtB,YAAM,IAAI,MAAM,0CAA0C;AAAA,IAC5D;AAEA,QAAI,OAAO,WAAW;AACpB,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACzD;AAGA,UAAM,UAAc,WAAO,OAAO,EAAE,UAAU,KAAK,CAAC;AACpD,QAAI,CAAC,WAAW,OAAO,YAAY,UAAU;AAC3C,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AAEA,UAAM,SAAS,QAAQ;AACvB,QAAI,CAAC,OAAO,KAAK;AACf,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,QAAI;AACJ,QAAI;AACJ,QAAI;AAEJ,QAAI,WAAW;AAEb,YAAM,SAAS,iBAAiB,KAAK;AACrC,iBAAW,GAAG,MAAM;AACpB,iBAAW;AACX,gBAAU;AAAA,QACR,aAAa;AAAA,MACf;AACA,cAAQ;AAAA,QACN,uDAAgD,OAAO,GAAG,eAAe,QAAQ;AAAA,MACnF;AAAA,IACF,OAAO;AAEL,iBAAW;AACX,iBAAW;AACX,cAAQ;AAAA,QACN,uDAAgD,OAAO,GAAG,eAAe,QAAQ;AAAA,MACnF;AAAA,IACF;AAGA,QAAI;AACJ,QAAI;AACF,kBAAY,MAAM,KAAK;AAAA,QACrB,OAAO;AAAA,QACP;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,cAAQ;AAAA,QACN,qEAAgE,OAAO,GAAG;AAAA,MAC5E;AAAA,IACF,SAAS,OAAO;AACd,cAAQ;AAAA,QACN,oEAA+D,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,MACvH;AAEA,WAAK,WAAW,QAAQ;AACxB,cAAQ,IAAI,yDAAkD;AAC9D,UAAI;AACF,oBAAY,MAAM,KAAK;AAAA,UACrB,OAAO;AAAA,UACP;AAAA,UACA;AAAA,UACA;AAAA,QACF;AACA,gBAAQ;AAAA,UACN,qEAAgE,OAAO,GAAG;AAAA,QAC5E;AAAA,MACF,SAAS,YAAY;AACnB,gBAAQ;AAAA,UACN,4DAAuD,sBAAsB,QAAQ,WAAW,UAAU,OAAO,UAAU,CAAC;AAAA,QAC9H;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAGA,QAAI;AACF,YAAM,UAAc,WAAO,OAAO,WAAW;AAAA,QAC3C,YAAY,CAAC,OAAO;AAAA,MACtB,CAAC;AACD,cAAQ,IAAI,oDAA+C;AAC3D,aAAO;AAAA,IACT,SAAS,OAAO;AACd,cAAQ;AAAA,QACN,mDAA8C,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,MACtG;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,WAAW,gBAA+B;AACxC,QAAI,gBAAgB;AAClB,WAAK,MAAM,OAAO,cAAc;AAAA,IAClC,OAAO;AACL,WAAK,MAAM,MAAM;AAAA,IACnB;AAAA,EACF;AACF;AAKA,eAAsB,YACpB,SACY;AACZ,QAAM,WAAW,IAAI,cAAc;AACnC,SAAO,SAAS,YAAe,OAAO;AACxC;","names":[]}