npm - @blimu/backend - Versions diffs - 1.1.0 → 1.1.3 - Mend

@blimu/backend 1.1.0 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (145) hide show

package/README.md +6 -13
package/dist/__tests__/token-verifier.test.cjs +17662 -0
package/dist/__tests__/token-verifier.test.cjs.map +1 -0
package/dist/__tests__/token-verifier.test.d.mts +2 -0
package/dist/__tests__/token-verifier.test.d.ts +2 -0
package/dist/__tests__/token-verifier.test.mjs +17661 -0
package/dist/__tests__/token-verifier.test.mjs.map +1 -0
package/dist/auth-strategies.cjs +42 -0
package/dist/auth-strategies.cjs.map +1 -0
package/dist/auth-strategies.d.mts +16 -0
package/dist/auth-strategies.d.ts +16 -0
package/dist/auth-strategies.mjs +17 -0
package/dist/auth-strategies.mjs.map +1 -0
package/dist/client.cjs +483 -0
package/dist/client.cjs.map +1 -0
package/dist/client.d.mts +26 -18
package/dist/client.d.ts +26 -18
package/dist/client.mjs +447 -39
package/dist/client.mjs.map +1 -1
package/dist/{main.js → index.cjs} +294 -399
package/dist/index.cjs.map +1 -0
package/dist/index.d.mts +15 -33
package/dist/index.d.ts +15 -33
package/dist/index.mjs +440 -330
package/dist/index.mjs.map +1 -1
package/dist/{schema-B1usIXCr.d.mts → schema-BbKn_i-U.d.mts} +82 -93
package/dist/{schema-B1usIXCr.d.ts → schema-BbKn_i-U.d.ts} +82 -93
package/dist/{schema.js → schema.cjs} +2 -1
package/dist/schema.cjs.map +1 -0
package/dist/schema.d.mts +1 -2
package/dist/schema.d.ts +1 -2
package/dist/{schema.zod-CRNAHxbc.d.mts → schema.zod-DtXVS-1g.d.mts} +38 -48
package/dist/{schema.zod-CRNAHxbc.d.ts → schema.zod-DtXVS-1g.d.ts} +38 -48
package/dist/{schema.zod.js → schema.zod.cjs} +175 -248
package/dist/schema.zod.cjs.map +1 -0
package/dist/schema.zod.d.mts +1 -1
package/dist/schema.zod.d.ts +1 -1
package/dist/schema.zod.mjs +173 -242
package/dist/schema.zod.mjs.map +1 -1
package/dist/services/{bulk_resources.js → bulk_resources.cjs} +4 -2
package/dist/services/bulk_resources.cjs.map +1 -0
package/dist/services/bulk_resources.d.mts +4 -6
package/dist/services/bulk_resources.d.ts +4 -6
package/dist/services/bulk_resources.mjs +2 -1
package/dist/services/bulk_resources.mjs.map +1 -1
package/dist/services/{bulk_roles.js → bulk_roles.cjs} +4 -2
package/dist/services/bulk_roles.cjs.map +1 -0
package/dist/services/bulk_roles.d.mts +3 -5
package/dist/services/bulk_roles.d.ts +3 -5
package/dist/services/bulk_roles.mjs +2 -1
package/dist/services/bulk_roles.mjs.map +1 -1
package/dist/services/{entitlements.js → entitlements.cjs} +6 -4
package/dist/services/entitlements.cjs.map +1 -0
package/dist/services/entitlements.d.mts +4 -6
package/dist/services/entitlements.d.ts +4 -6
package/dist/services/entitlements.mjs +4 -3
package/dist/services/entitlements.mjs.map +1 -1
package/dist/services/{plans.js → plans.cjs} +6 -4
package/dist/services/plans.cjs.map +1 -0
package/dist/services/plans.d.mts +6 -8
package/dist/services/plans.d.ts +6 -8
package/dist/services/plans.mjs +4 -3
package/dist/services/plans.mjs.map +1 -1
package/dist/services/{resource_members.js → resource_members.cjs} +4 -2
package/dist/services/resource_members.cjs.map +1 -0
package/dist/services/resource_members.d.mts +4 -6
package/dist/services/resource_members.d.ts +4 -6
package/dist/services/resource_members.mjs +2 -1
package/dist/services/resource_members.mjs.map +1 -1
package/dist/services/{resources.js → resources.cjs} +8 -6
package/dist/services/resources.cjs.map +1 -0
package/dist/services/resources.d.mts +8 -10
package/dist/services/resources.d.ts +8 -10
package/dist/services/resources.mjs +6 -5
package/dist/services/resources.mjs.map +1 -1
package/dist/services/{roles.js → roles.cjs} +6 -4
package/dist/services/roles.cjs.map +1 -0
package/dist/services/roles.d.mts +4 -6
package/dist/services/roles.d.ts +4 -6
package/dist/services/roles.mjs +4 -3
package/dist/services/roles.mjs.map +1 -1
package/dist/services/{usage.js → usage.cjs} +8 -6
package/dist/services/usage.cjs.map +1 -0
package/dist/services/usage.d.mts +5 -7
package/dist/services/usage.d.ts +5 -7
package/dist/services/usage.mjs +6 -5
package/dist/services/usage.mjs.map +1 -1
package/dist/services/{users.js → users.cjs} +9 -7
package/dist/services/users.cjs.map +1 -0
package/dist/services/users.d.mts +3 -5
package/dist/services/users.d.ts +3 -5
package/dist/services/users.mjs +7 -6
package/dist/services/users.mjs.map +1 -1
package/dist/{token-verifier.js → token-verifier.cjs} +14 -31
package/dist/token-verifier.cjs.map +1 -0
package/dist/token-verifier.d.mts +5 -5
package/dist/token-verifier.d.ts +5 -5
package/dist/token-verifier.mjs +13 -34
package/dist/token-verifier.mjs.map +1 -1
package/dist/tsconfig.tsbuildinfo +1 -1
package/dist/{utils.js → utils.cjs} +10 -3
package/dist/utils.cjs.map +1 -0
package/dist/utils.d.mts +4 -3
package/dist/utils.d.ts +4 -3
package/dist/utils.mjs +7 -2
package/dist/utils.mjs.map +1 -1
package/package.json +37 -25
package/dist/client.js +0 -70
package/dist/client.js.map +0 -1
package/dist/index.js +0 -1042
package/dist/index.js.map +0 -1
package/dist/main.d.mts +0 -19
package/dist/main.d.ts +0 -19
package/dist/main.js.map +0 -1
package/dist/main.mjs +0 -1264
package/dist/main.mjs.map +0 -1
package/dist/schema.js.map +0 -1
package/dist/schema.zod.js.map +0 -1
package/dist/services/bulk_resources.js.map +0 -1
package/dist/services/bulk_roles.js.map +0 -1
package/dist/services/entitlements.js.map +0 -1
package/dist/services/plans.js.map +0 -1
package/dist/services/resource_members.js.map +0 -1
package/dist/services/resources.js.map +0 -1
package/dist/services/roles.js.map +0 -1
package/dist/services/usage.js.map +0 -1
package/dist/services/users.js.map +0 -1
package/dist/token-verifier.js.map +0 -1
package/dist/utils.js.map +0 -1
package/src/client.ts +0 -74
package/src/index.ts +0 -55
package/src/main.ts +0 -3
package/src/schema.ts +0 -430
package/src/schema.zod.ts +0 -558
package/src/services/bulk_resources.ts +0 -24
package/src/services/bulk_roles.ts +0 -22
package/src/services/entitlements.ts +0 -58
package/src/services/plans.ts +0 -57
package/src/services/resource_members.ts +0 -25
package/src/services/resources.ts +0 -91
package/src/services/roles.ts +0 -58
package/src/services/usage.ts +0 -93
package/src/services/users.ts +0 -100
package/src/token-verifier.ts +0 -280
package/src/utils.ts +0 -56

package/src/token-verifier.ts DELETED Viewed

@@ -1,280 +0,0 @@
-import { FetchError } from 'client';
-import * as crypto from 'crypto';
-import * as jwt from 'jsonwebtoken';
-export interface JWK {
-  kty: string;
-  use: string;
-  kid: string;
-  alg: string;
-  n: string;
-  e: string;
-}
-export interface JWKSet {
-  keys: JWK[];
-}
-interface CachedJWK {
-  key: crypto.KeyObject;
-  kid: string;
-  expiresAt: number;
-}
-export interface VerifyTokenOptions {
-  url?: string; // Direct URL to JWK endpoint (for custom scenarios)
-  secretKey?: string; // API key/secret key - uses runtimeApiUrl + JWK endpoint
-  token: string;
-  runtimeApiUrl?: string; // Optional override for runtime API URL
-}
-export interface TokenVerifierOptions {
-  runtimeApiUrl?: string; // Default from BLIMU_AUTH_API_URL env var
-  cacheTTL?: number; // Default: 1 hour
-}
-export class TokenVerifier {
-  private readonly cache = new Map<string, CachedJWK>();
-  private readonly cacheTTL: number;
-  private readonly runtimeApiUrl: string;
-  constructor(options?: TokenVerifierOptions) {
-    this.cacheTTL = options?.cacheTTL ?? 60 * 60 * 1000; // 1 hour
-    const blimuAuthApiUrl =
-      typeof process !== 'undefined' && process.env.BLIMU_AUTH_API_URL
-        ? process.env.BLIMU_AUTH_API_URL
-        : undefined;
-    // if we have secretKey, we can call runtime-api directly, otherwise we need to use customer specific auth-api
-    this.runtimeApiUrl = blimuAuthApiUrl ?? 'https://api.blimu.dev';
-  }
-  /**
-   * Fetch JWK Set from runtime-api
-   */
-  private async fetchJWKSet(
-    endpoint: string,
-    headers?: Record<string, string>
-  ): Promise<JWKSet> {
-    console.log(`[TokenVerifier] 📡 Fetching JWK Set from: ${endpoint}`);
-    if (headers) {
-      console.log(
-        `[TokenVerifier] 📡 Request headers: ${JSON.stringify(Object.keys(headers).map((k) => `${k}: ${k === 'x-api-key' ? '***' : headers[k]}`))}`
-      );
-    }
-    const response = await fetch(endpoint, {
-      method: 'GET',
-      headers: {
-        'Content-Type': 'application/json',
-        ...headers,
-      },
-    });
-    console.log(
-      `[TokenVerifier] 📡 Response status: ${response.status} ${response.statusText}`
-    );
-    if (!response.ok) {
-      const errorText = await response.text();
-      console.error(
-        `[TokenVerifier] ❌ Failed to fetch JWKs: ${response.status} ${errorText}`
-      );
-      throw new FetchError('Failed to fetch JWKs', response.status, errorText);
-    }
-    const jwkSet = (await response.json()) as JWKSet;
-    console.log(
-      `[TokenVerifier] ✅ Successfully fetched JWK Set with ${jwkSet.keys.length} keys`
-    );
-    return jwkSet;
-  }
-  /**
-   * Convert JWK to KeyObject
-   */
-  private jwkToKeyObject(jwk: JWK): crypto.KeyObject {
-    return crypto.createPublicKey({
-      key: {
-        kty: jwk.kty,
-        n: jwk.n,
-        e: jwk.e,
-        alg: jwk.alg,
-      },
-      format: 'jwk',
-    });
-  }
-  /**
-   * Get public key for a specific key ID
-   */
-  private async getPublicKey(
-    kid: string,
-    cacheKey: string,
-    endpoint: string,
-    headers?: Record<string, string>
-  ): Promise<crypto.KeyObject> {
-    // Check cache first
-    const cached = this.cache.get(cacheKey);
-    if (cached && cached.expiresAt > Date.now()) {
-      console.log(`[TokenVerifier] ✅ Using cached key for kid: ${kid}`);
-      return cached.key;
-    }
-    console.log(
-      `[TokenVerifier] 🔍 Cache miss or expired. Fetching new key for kid: ${kid}`
-    );
-    // Fetch JWK Set
-    const jwkSet = await this.fetchJWKSet(endpoint, headers);
-    // Find the key with matching kid
-    const jwk = jwkSet.keys.find((k) => k.kid === kid);
-    if (!jwk) {
-      const availableKids = jwkSet.keys.map((k) => k.kid).join(', ');
-      console.error(
-        `[TokenVerifier] ❌ Key with kid '${kid}' not found in JWK Set. Available kids: ${availableKids}`
-      );
-      throw new Error(
-        `Key with kid '${kid}' not found in JWK Set. Available kids: ${availableKids}`
-      );
-    }
-    console.log(`[TokenVerifier] ✅ Found key with kid: ${kid}`);
-    // Convert JWK to KeyObject
-    const keyObject = this.jwkToKeyObject(jwk);
-    // Cache the key
-    this.cache.set(cacheKey, {
-      key: keyObject,
-      kid,
-      expiresAt: Date.now() + this.cacheTTL,
-    });
-    return keyObject;
-  }
-  /**
-   * Verify JWT token using JWKs from runtime-api
-   */
-  async verifyToken<T = any>(options: VerifyTokenOptions): Promise<T> {
-    const { url, secretKey, token, runtimeApiUrl } = options;
-    if (!url && !secretKey) {
-      throw new Error('Either url or secretKey must be provided');
-    }
-    if (url && secretKey) {
-      throw new Error('Cannot provide both url and secretKey');
-    }
-    // Decode token header to get kid (without verification)
-    const decoded = jwt.decode(token, { complete: true });
-    if (!decoded || typeof decoded === 'string') {
-      throw new Error('Invalid token format');
-    }
-    const header = decoded.header;
-    if (!header.kid) {
-      throw new Error('Token missing kid in header');
-    }
-    let endpoint: string;
-    let cacheKey: string;
-    let headers: Record<string, string> | undefined;
-    if (secretKey) {
-      // Use secretKey with runtimeApiUrl
-      const apiUrl = runtimeApiUrl ?? this.runtimeApiUrl;
-      endpoint = `${apiUrl}/v1/auth/.well-known/jwks.json`;
-      cacheKey = secretKey;
-      headers = {
-        'x-api-key': secretKey,
-      };
-      console.log(
-        `[TokenVerifier] 🔍 Verifying token with kid: ${header.kid}, endpoint: ${endpoint}`
-      );
-    } else {
-      // Use direct URL
-      endpoint = url!;
-      cacheKey = url!;
-      console.log(
-        `[TokenVerifier] 🔍 Verifying token with kid: ${header.kid}, endpoint: ${endpoint}`
-      );
-    }
-    // Get public key for this kid
-    let publicKey: crypto.KeyObject;
-    try {
-      publicKey = await this.getPublicKey(
-        header.kid,
-        cacheKey,
-        endpoint,
-        headers
-      );
-      console.log(
-        `[TokenVerifier] ✅ Successfully retrieved public key for kid: ${header.kid}`
-      );
-    } catch (error) {
-      console.error(
-        `[TokenVerifier] ❌ Failed to get public key (first attempt): ${error instanceof Error ? error.message : String(error)}`
-      );
-      // If verification fails, clear cache and retry once (handles key rotation)
-      this.clearCache(cacheKey);
-      console.log(`[TokenVerifier] 🔄 Retrying after cache clear...`);
-      try {
-        publicKey = await this.getPublicKey(
-          header.kid,
-          cacheKey,
-          endpoint,
-          headers
-        );
-        console.log(
-          `[TokenVerifier] ✅ Successfully retrieved public key for kid: ${header.kid} (retry)`
-        );
-      } catch (retryError) {
-        console.error(
-          `[TokenVerifier] ❌ Failed to get public key (retry): ${retryError instanceof Error ? retryError.message : String(retryError)}`
-        );
-        throw retryError;
-      }
-    }
-    // Verify token
-    try {
-      const payload = jwt.verify(token, publicKey, {
-        algorithms: ['RS256'],
-      }) as T;
-      console.log(`[TokenVerifier] ✅ Token verified successfully`);
-      return payload;
-    } catch (error) {
-      console.error(
-        `[TokenVerifier] ❌ JWT verification failed: ${error instanceof Error ? error.message : String(error)}`
-      );
-      throw error;
-    }
-  }
-  /**
-   * Clear cache (useful for testing or key rotation)
-   */
-  clearCache(secretKeyOrUrl?: string): void {
-    if (secretKeyOrUrl) {
-      this.cache.delete(secretKeyOrUrl);
-    } else {
-      this.cache.clear();
-    }
-  }
-}
-/**
- * Convenience function to verify a token
- */
-export async function verifyToken<T = any>(
-  options: VerifyTokenOptions
-): Promise<T> {
-  const verifier = new TokenVerifier();
-  return verifier.verifyToken<T>(options);
-}

package/src/utils.ts DELETED Viewed

@@ -1,56 +0,0 @@
-import { parseSSEStream, parseNDJSONStream } from '@blimu/fetch';
-export type PaginableQuery = { limit?: number; offset?: number } & Record<
-  string,
-  unknown
->;
-export async function* paginate<T>(
-  fetchPage: (
-    query?: any,
-    init?: Omit<RequestInit, 'method' | 'body'>
-  ) => Promise<{
-    data?: T[];
-    hasMore?: boolean;
-    limit?: number;
-    offset?: number;
-  }>,
-  initialQuery: PaginableQuery = {},
-  pageSize = 100
-): AsyncGenerator<T, void, unknown> {
-  let offset = Number(initialQuery.offset ?? 0);
-  const limit = Number(initialQuery.limit ?? pageSize);
-  // shallow copy to avoid mutating caller
-  const baseQuery: any = { ...initialQuery };
-  while (true) {
-    const page = await fetchPage({ ...baseQuery, limit, offset });
-    const items = page.data ?? [];
-    for (const item of items) {
-      yield item as T;
-    }
-    if (!page.hasMore || items.length < limit) break;
-    offset += limit;
-  }
-}
-export async function listAll<T>(
-  fetchPage: (
-    query?: any,
-    init?: Omit<RequestInit, 'method' | 'body'>
-  ) => Promise<{
-    data?: T[];
-    hasMore?: boolean;
-    limit?: number;
-    offset?: number;
-  }>,
-  query: PaginableQuery = {},
-  pageSize = 100
-): Promise<T[]> {
-  const out: T[] = [];
-  for await (const item of paginate<T>(fetchPage, query, pageSize))
-    out.push(item);
-  return out;
-}
-// Re-export streaming parsers from @blimu/fetch
-export { parseSSEStream, parseNDJSONStream };