@c15t/backend 2.0.0-rc.5 → 2.0.0-rc.6

package/dist/583.js

@@ -0,0 +1,540 @@
+import { inspectPolicies, resolvePolicyDecision, resolvePolicySync, validatePolicyI18nConfig } from "@c15t/schema/types";
+import { deepMergeTranslations, selectLanguage } from "@c15t/translations";
+import { baseTranslations } from "@c15t/translations/all";
+import { SignJWT, errors, jwtVerify } from "jose";
+import { createGVLResolver, getMetrics } from "./302.js";
+const DEFAULT_PROFILE = 'default';
+const warnedKeys = new Set();
+function isSupportedBaseLanguage(lang) {
+    return lang in baseTranslations;
+}
+function warnOnce(logger, key, message, metadata) {
+    if (!logger || warnedKeys.has(key)) return;
+    warnedKeys.add(key);
+    logger.warn(message, metadata);
+}
+function normalizeLanguage(value) {
+    if (!value) return;
+    const normalized = value.split(',')[0]?.split(';')[0]?.trim().toLowerCase();
+    if (!normalized) return;
+    return normalized.split('-')[0] ?? void 0;
+}
+function normalizeProfiles(params) {
+    const profiles = params.i18n?.messages;
+    const legacy = params.customTranslations;
+    if (profiles && Object.keys(profiles).length > 0) {
+        if (legacy && Object.keys(legacy).length > 0) warnOnce(params.logger, 'i18n.customTranslations.ignored', '`customTranslations` is deprecated and ignored when `i18n.messages` is configured.');
+        return profiles;
+    }
+    if (legacy && Object.keys(legacy).length > 0) {
+        warnOnce(params.logger, 'i18n.customTranslations.deprecated', '`customTranslations` is deprecated. Use `i18n.messages` instead.');
+        return {
+            [DEFAULT_PROFILE]: {
+                translations: legacy
+            }
+        };
+    }
+    return {};
+}
+function buildCandidates(input) {
+    const raw = [
+        {
+            language: input.language,
+            reason: 'profile_language'
+        },
+        {
+            language: input.fallbackLanguage,
+            reason: 'profile_fallback'
+        }
+    ];
+    const dedupe = new Set();
+    return raw.filter((candidate)=>{
+        const key = candidate.language;
+        if (dedupe.has(key)) return false;
+        dedupe.add(key);
+        return true;
+    });
+}
+function getProfileLanguages(profiles, profile) {
+    return Object.keys(profiles[profile]?.translations ?? {}).sort();
+}
+function getSelectableLanguages(input) {
+    return getProfileLanguages(input.profiles, input.profile);
+}
+function resolveFallbackLanguage(input) {
+    const configuredFallbackLanguage = normalizeLanguage(input.profile?.fallbackLanguage) ?? 'en';
+    const profileLanguages = Object.keys(input.profile?.translations ?? {}).sort();
+    if (profileLanguages.includes(configuredFallbackLanguage)) return configuredFallbackLanguage;
+    if (profileLanguages.includes('en')) return 'en';
+    return profileLanguages[0] ?? configuredFallbackLanguage;
+}
+function resolveActiveProfile(input) {
+    const requestedProfile = input.policyProfile ?? input.defaultProfile;
+    if (input.profiles[requestedProfile]) return requestedProfile;
+    if (input.policyProfile) warnOnce(input.logger, `i18n.profile.missing:${requestedProfile}`, `Policy i18n profile '${requestedProfile}' does not exist. Falling back to default profile '${input.defaultProfile}'.`);
+    return input.defaultProfile;
+}
+function validateMessages(options) {
+    return validatePolicyI18nConfig({
+        customTranslations: options.customTranslations,
+        i18n: options.i18n,
+        policies: options.policies
+    });
+}
+function getTranslationsData(acceptLanguage, customTranslations, options) {
+    const profiles = normalizeProfiles({
+        customTranslations,
+        i18n: options?.i18n,
+        logger: options?.logger
+    });
+    const defaultProfile = options?.i18n?.defaultProfile ?? DEFAULT_PROFILE;
+    const profile = resolveActiveProfile({
+        profiles,
+        defaultProfile,
+        policyProfile: options?.policyI18n?.messageProfile,
+        logger: options?.logger
+    });
+    const configuredLanguages = Object.keys(profiles).length > 0 ? getSelectableLanguages({
+        profiles,
+        profile
+    }) : Object.keys(baseTranslations);
+    const fallbackLanguage = Object.keys(profiles).length > 0 ? resolveFallbackLanguage({
+        profile: profiles[profile]
+    }) : 'en';
+    const policyLanguage = normalizeLanguage(options?.policyI18n?.language);
+    const requestedLanguage = policyLanguage ?? selectLanguage(configuredLanguages, {
+        header: acceptLanguage,
+        fallback: fallbackLanguage
+    });
+    const candidates = buildCandidates({
+        language: requestedLanguage,
+        fallbackLanguage
+    });
+    const selectedCandidate = candidates.find((candidate)=>!!profiles[profile]?.translations[candidate.language]);
+    if (selectedCandidate && 'profile_language' !== selectedCandidate.reason) warnOnce(options?.logger, `i18n.fallback:${profile}:${requestedLanguage}:${selectedCandidate.language}`, `Policy translation fallback used (${selectedCandidate.reason}).`, {
+        requestedProfile: profile,
+        requestedLanguage,
+        resolvedProfile: profile,
+        resolvedLanguage: selectedCandidate.language
+    });
+    let language = selectedCandidate?.language ?? requestedLanguage;
+    if (!selectedCandidate && !isSupportedBaseLanguage(language)) {
+        warnOnce(options?.logger, `i18n.base-fallback:${language}`, `No translation found for '${language}'. Falling back to base English translations.`);
+        language = 'en';
+    }
+    const base = isSupportedBaseLanguage(language) ? baseTranslations[language] : baseTranslations.en;
+    const custom = selectedCandidate ? profiles[profile]?.translations[selectedCandidate.language] : void 0;
+    const translations = custom ? deepMergeTranslations(base, custom) : base;
+    return {
+        translations: translations,
+        language
+    };
+}
+function policy_inspectPolicies(policies, options) {
+    return inspectPolicies(policies, options);
+}
+async function policy_resolvePolicyDecision(params) {
+    return resolvePolicyDecision({
+        policies: params.policies,
+        countryCode: params.countryCode,
+        regionCode: params.regionCode,
+        jurisdiction: params.jurisdiction,
+        iabEnabled: params.iabEnabled
+    });
+}
+function policy_resolvePolicySync(params) {
+    return resolvePolicySync({
+        policies: params.policies,
+        countryCode: params.countryCode,
+        regionCode: params.regionCode,
+        jurisdiction: params.jurisdiction,
+        iabEnabled: params.iabEnabled
+    });
+}
+const POLICY_SNAPSHOT_JWT_HEADER = {
+    alg: 'HS256',
+    typ: 'JWT'
+};
+const DEFAULT_POLICY_SNAPSHOT_ISSUER = 'c15t';
+const DEFAULT_POLICY_SNAPSHOT_AUDIENCE = 'c15t-policy-snapshot';
+function resolveSnapshotIssuer(options) {
+    return options?.issuer?.trim() || DEFAULT_POLICY_SNAPSHOT_ISSUER;
+}
+function resolveSnapshotAudience(params) {
+    const configuredAudience = params.options?.audience?.trim();
+    if (configuredAudience) return configuredAudience;
+    return params.tenantId ? `${DEFAULT_POLICY_SNAPSHOT_AUDIENCE}:${params.tenantId}` : DEFAULT_POLICY_SNAPSHOT_AUDIENCE;
+}
+function getSigningKey(secret) {
+    return new TextEncoder().encode(secret);
+}
+function isPolicySnapshotPayload(payload) {
+    return 'string' == typeof payload.policyId && 'string' == typeof payload.fingerprint && 'string' == typeof payload.matchedBy && 'string' == typeof payload.jurisdiction && 'string' == typeof payload.model && 'string' == typeof payload.iss && 'string' == typeof payload.aud && 'string' == typeof payload.sub && 'number' == typeof payload.iat && 'number' == typeof payload.exp;
+}
+async function createPolicySnapshotToken(params) {
+    const { options } = params;
+    if (!options?.signingKey) return;
+    const iat = Math.floor(Date.now() / 1000);
+    const ttlSeconds = options.ttlSeconds ?? 1800;
+    const exp = iat + ttlSeconds;
+    const iss = resolveSnapshotIssuer(options);
+    const aud = resolveSnapshotAudience({
+        options,
+        tenantId: params.tenantId
+    });
+    const payload = {
+        iss,
+        aud,
+        sub: params.policyId,
+        tenantId: params.tenantId,
+        policyId: params.policyId,
+        fingerprint: params.fingerprint,
+        matchedBy: params.matchedBy,
+        country: params.country,
+        region: params.region,
+        jurisdiction: params.jurisdiction,
+        language: params.language,
+        model: params.model,
+        policyI18n: params.policyI18n,
+        expiryDays: params.expiryDays,
+        scopeMode: params.scopeMode,
+        uiMode: params.uiMode,
+        bannerUi: params.bannerUi,
+        dialogUi: params.dialogUi,
+        categories: params.categories,
+        preselectedCategories: params.preselectedCategories,
+        gpc: params.gpc,
+        proofConfig: params.proofConfig,
+        iat,
+        exp
+    };
+    const token = await new SignJWT(payload).setProtectedHeader(POLICY_SNAPSHOT_JWT_HEADER).setIssuedAt(iat).setExpirationTime(exp).sign(getSigningKey(options.signingKey));
+    return {
+        token,
+        payload
+    };
+}
+async function verifyPolicySnapshotToken(params) {
+    const { token, options, tenantId } = params;
+    if (!options?.signingKey) return {
+        valid: false,
+        reason: 'missing'
+    };
+    if (!token) return {
+        valid: false,
+        reason: 'missing'
+    };
+    if (3 !== token.split('.').length) return {
+        valid: false,
+        reason: 'malformed'
+    };
+    try {
+        const { payload, protectedHeader } = await jwtVerify(token, getSigningKey(options.signingKey), {
+            issuer: resolveSnapshotIssuer(options),
+            audience: resolveSnapshotAudience({
+                options,
+                tenantId
+            })
+        });
+        const header = protectedHeader;
+        if ('HS256' !== header.alg || 'JWT' !== header.typ) return {
+            valid: false,
+            reason: 'invalid'
+        };
+        if (!isPolicySnapshotPayload(payload)) return {
+            valid: false,
+            reason: 'invalid'
+        };
+        if (payload.sub !== payload.policyId) return {
+            valid: false,
+            reason: 'invalid'
+        };
+        if ((tenantId ?? void 0) !== (payload.tenantId ?? void 0)) return {
+            valid: false,
+            reason: 'invalid'
+        };
+        return {
+            valid: true,
+            payload
+        };
+    } catch (error) {
+        if (error instanceof errors.JWTExpired) return {
+            valid: false,
+            reason: 'expired'
+        };
+        return {
+            valid: false,
+            reason: 'invalid'
+        };
+    }
+}
+function normalizeHeader(value) {
+    if (!value) return null;
+    return Array.isArray(value) ? value[0] ?? null : value;
+}
+function getGeoHeaders(headers) {
+    const countryCode = normalizeHeader(headers.get('x-c15t-country')) ?? normalizeHeader(headers.get('cf-ipcountry')) ?? normalizeHeader(headers.get('x-vercel-ip-country')) ?? normalizeHeader(headers.get('x-amz-cf-ipcountry')) ?? normalizeHeader(headers.get('x-country-code'));
+    const regionCode = normalizeHeader(headers.get('x-c15t-region')) ?? normalizeHeader(headers.get('x-vercel-ip-country-region')) ?? normalizeHeader(headers.get('x-region-code'));
+    return {
+        countryCode,
+        regionCode
+    };
+}
+function checkJurisdiction(countryCode, regionCode) {
+    const jurisdictions = {
+        EU: new Set([
+            'AT',
+            'BE',
+            'BG',
+            'HR',
+            'CY',
+            'CZ',
+            'DK',
+            'EE',
+            'FI',
+            'FR',
+            'DE',
+            'GR',
+            'HU',
+            'IE',
+            'IT',
+            'LV',
+            'LT',
+            'LU',
+            'MT',
+            'NL',
+            'PL',
+            'PT',
+            'RO',
+            'SK',
+            'SI',
+            'ES',
+            'SE'
+        ]),
+        EEA: new Set([
+            'IS',
+            'NO',
+            'LI'
+        ]),
+        UK: new Set([
+            'GB'
+        ]),
+        CH: new Set([
+            'CH'
+        ]),
+        BR: new Set([
+            'BR'
+        ]),
+        CA: new Set([
+            'CA'
+        ]),
+        AU: new Set([
+            'AU'
+        ]),
+        JP: new Set([
+            'JP'
+        ]),
+        KR: new Set([
+            'KR'
+        ]),
+        US_CCPA_REGIONS: new Set([
+            'CA'
+        ]),
+        CA_QC_REGIONS: new Set([
+            'QC'
+        ])
+    };
+    let jurisdiction = 'NONE';
+    if (countryCode) {
+        const normalizedCountryCode = countryCode.toUpperCase();
+        const normalizedRegionCode = regionCode && 'string' == typeof regionCode ? (regionCode.includes('-') ? regionCode.split('-').pop() : regionCode).toUpperCase() : null;
+        if ('US' === normalizedCountryCode && normalizedRegionCode && jurisdictions.US_CCPA_REGIONS.has(normalizedRegionCode)) return 'CCPA';
+        if ('CA' === normalizedCountryCode && normalizedRegionCode && jurisdictions.CA_QC_REGIONS.has(normalizedRegionCode)) return 'QC_LAW25';
+        const jurisdictionMap = [
+            {
+                sets: [
+                    jurisdictions.UK
+                ],
+                code: 'UK_GDPR'
+            },
+            {
+                sets: [
+                    jurisdictions.EU,
+                    jurisdictions.EEA
+                ],
+                code: 'GDPR'
+            },
+            {
+                sets: [
+                    jurisdictions.CH
+                ],
+                code: 'CH'
+            },
+            {
+                sets: [
+                    jurisdictions.BR
+                ],
+                code: 'BR'
+            },
+            {
+                sets: [
+                    jurisdictions.CA
+                ],
+                code: 'PIPEDA'
+            },
+            {
+                sets: [
+                    jurisdictions.AU
+                ],
+                code: 'AU'
+            },
+            {
+                sets: [
+                    jurisdictions.JP
+                ],
+                code: 'APPI'
+            },
+            {
+                sets: [
+                    jurisdictions.KR
+                ],
+                code: 'PIPA'
+            }
+        ];
+        for (const { sets, code } of jurisdictionMap)if (sets.some((set)=>set.has(normalizedCountryCode))) {
+            jurisdiction = code;
+            break;
+        }
+    }
+    return jurisdiction;
+}
+async function getLocation(request, options) {
+    if (options.disableGeoLocation) return {
+        countryCode: null,
+        regionCode: null
+    };
+    const { countryCode, regionCode } = getGeoHeaders(request.headers);
+    return {
+        countryCode,
+        regionCode
+    };
+}
+function getJurisdiction(location, options) {
+    if (options.disableGeoLocation) return 'GDPR';
+    return checkJurisdiction(location.countryCode, location.regionCode);
+}
+function stripIabTranslations(translations) {
+    const { iab: _iab, ...rest } = translations;
+    return rest;
+}
+function resolveNoPolicyFallback() {
+    return {
+        id: 'no_banner',
+        model: 'none',
+        ui: {
+            mode: 'none'
+        }
+    };
+}
+async function resolveInitPayload(request, options, logger) {
+    const acceptLanguage = request.headers.get('accept-language') || 'en';
+    const location = await getLocation(request, options);
+    const jurisdiction = getJurisdiction(location, options);
+    const hasExplicitPolicyPack = void 0 !== options.policyPacks;
+    const isExplicitEmptyPolicyPack = hasExplicitPolicyPack && (options.policyPacks?.length ?? 0) === 0;
+    const policyDecision = isExplicitEmptyPolicyPack ? void 0 : await policy_resolvePolicyDecision({
+        policies: options.policyPacks,
+        countryCode: location.countryCode,
+        regionCode: location.regionCode,
+        jurisdiction,
+        iabEnabled: options.iab?.enabled === true
+    });
+    if (hasExplicitPolicyPack && !isExplicitEmptyPolicyPack && !policyDecision) logger?.warn('Policy packs configured but no policy matched', {
+        country: location.countryCode,
+        region: location.regionCode
+    });
+    const resolvedPolicy = hasExplicitPolicyPack ? policyDecision?.policy ?? resolveNoPolicyFallback() : void 0;
+    const iabOptions = options.iab;
+    const shouldIncludeIabPayload = iabOptions?.enabled === true && (!hasExplicitPolicyPack || resolvedPolicy?.model === 'iab');
+    const translationsResult = getTranslationsData(acceptLanguage, options.customTranslations, {
+        i18n: options.i18n,
+        policyI18n: resolvedPolicy?.i18n,
+        logger
+    });
+    const responseTranslations = shouldIncludeIabPayload ? translationsResult : {
+        ...translationsResult,
+        translations: stripIabTranslations(translationsResult.translations)
+    };
+    let gvl = null;
+    if (shouldIncludeIabPayload && iabOptions) {
+        const language = translationsResult.language.split('-')[0] || 'en';
+        const gvlResolver = createGVLResolver({
+            appName: options.appName || 'c15t',
+            bundled: iabOptions.bundled,
+            cacheAdapter: options.cache?.adapter,
+            vendorIds: iabOptions.vendorIds,
+            endpoint: iabOptions.endpoint
+        });
+        gvl = await gvlResolver.get(language);
+    }
+    const customVendors = shouldIncludeIabPayload ? iabOptions?.customVendors : void 0;
+    const snapshot = policyDecision ? await createPolicySnapshotToken({
+        options: options.policySnapshot,
+        tenantId: options.tenantId,
+        policyId: policyDecision.policy.id,
+        fingerprint: policyDecision.fingerprint,
+        matchedBy: policyDecision.matchedBy,
+        country: location?.countryCode ?? null,
+        region: location?.regionCode ?? null,
+        jurisdiction,
+        language: translationsResult.language,
+        model: policyDecision.policy.model,
+        policyI18n: policyDecision.policy.i18n,
+        expiryDays: policyDecision.policy.consent?.expiryDays,
+        scopeMode: policyDecision.policy.consent?.scopeMode,
+        uiMode: policyDecision.policy.ui?.mode,
+        bannerUi: policyDecision.policy.ui?.banner,
+        dialogUi: policyDecision.policy.ui?.dialog,
+        categories: policyDecision.policy.consent?.categories,
+        preselectedCategories: policyDecision.policy.consent?.preselectedCategories,
+        gpc: policyDecision.policy.consent?.gpc,
+        proofConfig: policyDecision.policy.proof
+    }) : void 0;
+    const gpc = '1' === request.headers.get('sec-gpc');
+    getMetrics()?.recordInit({
+        jurisdiction,
+        country: location?.countryCode ?? void 0,
+        region: location?.regionCode ?? void 0,
+        gpc
+    });
+    return {
+        jurisdiction,
+        location,
+        translations: responseTranslations,
+        branding: options.branding || 'c15t',
+        ...shouldIncludeIabPayload && {
+            gvl,
+            customVendors
+        },
+        ...resolvedPolicy && {
+            policy: resolvedPolicy
+        },
+        ...policyDecision && {
+            policyDecision: {
+                policyId: policyDecision.policy.id,
+                fingerprint: policyDecision.fingerprint,
+                matchedBy: policyDecision.matchedBy,
+                country: location.countryCode,
+                region: location.regionCode,
+                jurisdiction
+            }
+        },
+        ...snapshot?.token && {
+            policySnapshotToken: snapshot.token
+        },
+        ...shouldIncludeIabPayload && iabOptions?.cmpId != null && {
+            cmpId: iabOptions.cmpId
+        }
+    };
+}
+export { checkJurisdiction, getJurisdiction, getLocation, policy_inspectPolicies as inspectPolicies, policy_resolvePolicyDecision, policy_resolvePolicySync, resolveInitPayload, validateMessages, verifyPolicySnapshotToken };

package/dist/cache.cjs

@@ -13,7 +13,7 @@ var __webpack_require__ = {};
 })();
 (()=>{
     __webpack_require__.r = (exports1)=>{
-        if ('undefined' != typeof Symbol && Symbol.toStringTag) Object.defineProperty(exports1, Symbol.toStringTag, {
+        if ("u" > typeof Symbol && Symbol.toStringTag) Object.defineProperty(exports1, Symbol.toStringTag, {
             value: 'Module'
         });
         Object.defineProperty(exports1, '__esModule', {