@cedarjs/api 0.0.4

package/dist/cache/clients/RedisClient.js

@@ -0,0 +1,49 @@
+import BaseClient from "./BaseClient.js";
+class RedisClient extends BaseClient {
+  client;
+  logger;
+  redisOptions;
+  constructor(options) {
+    const { logger, ...redisOptions } = options;
+    super();
+    this.logger = logger;
+    this.redisOptions = redisOptions;
+  }
+  async connect() {
+    const { createClient } = await import("redis");
+    this.client = createClient(this.redisOptions);
+    this.client.on(
+      "error",
+      (err) => this.logger?.error(err) || console.error(err)
+    );
+    await this.client.connect();
+  }
+  // @NOTE: disconnect intentionally not implemented for Redis
+  // Because node-redis recovers gracefully from connection loss
+  async get(key) {
+    if (!this.client) {
+      await this.connect();
+    }
+    const result = await this.client?.get(key);
+    return result ? JSON.parse(result) : null;
+  }
+  async set(key, value, options) {
+    const setOptions = {};
+    if (!this.client) {
+      await this.connect();
+    }
+    if (options.expires) {
+      setOptions.EX = options.expires;
+    }
+    return this.client?.set(key, JSON.stringify(value), setOptions);
+  }
+  async del(key) {
+    if (!this.client) {
+      await this.connect();
+    }
+    return !!await this.client?.del([key]);
+  }
+}
+export {
+  RedisClient as default
+};

package/dist/cache/errors.d.ts

@@ -0,0 +1,4 @@
+export declare class CacheTimeoutError extends Error {
+    constructor();
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/cache/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/cache/errors.ts"],"names":[],"mappings":"AAAA,qBAAa,iBAAkB,SAAQ,KAAK;;CAK3C"}

package/dist/cache/errors.js

@@ -0,0 +1,9 @@
+class CacheTimeoutError extends Error {
+  constructor() {
+    super("Timed out waiting for response from the cache server");
+    this.name = "CacheTimeoutError";
+  }
+}
+export {
+  CacheTimeoutError
+};

package/dist/cache/index.d.ts

@@ -0,0 +1,35 @@
+import type { Logger } from '../logger/index.js';
+import type BaseClient from './clients/BaseClient.js';
+export { default as MemcachedClient } from './clients/MemcachedClient.js';
+export { default as RedisClient } from './clients/RedisClient.js';
+export { default as InMemoryClient } from './clients/InMemoryClient.js';
+export interface CreateCacheOptions {
+    logger?: Logger;
+    timeout?: number;
+    prefix?: string;
+    fields?: {
+        id: string;
+        updatedAt: string;
+    };
+}
+export interface CacheOptions {
+    expires?: number;
+}
+export interface CacheFindManyOptions<TFindManyArgs extends Record<string, unknown>> extends CacheOptions {
+    conditions?: TFindManyArgs;
+}
+export type CacheKey = string | string[];
+export type LatestQuery = Record<string, unknown>;
+type GenericDelegate = {
+    findMany: (...args: any) => any;
+    findFirst: (...args: any) => any;
+};
+export declare const cacheKeySeparator = "-";
+export declare const formatCacheKey: (key: CacheKey, prefix?: string) => string;
+export declare const createCache: (cacheClient: BaseClient, options?: CreateCacheOptions) => {
+    cache: <TResult>(key: CacheKey, input: () => TResult | Promise<TResult>, options?: CacheOptions) => Promise<any>;
+    cacheFindMany: <TDelegate extends GenericDelegate>(key: CacheKey, model: TDelegate, options?: CacheFindManyOptions<Parameters<TDelegate["findMany"]>[0]>) => Promise<any>;
+    cacheClient: BaseClient;
+    deleteCacheKey: (key: CacheKey) => Promise<any>;
+};
+//# sourceMappingURL=index.d.ts.map

package/dist/cache/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cache/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAEhD,OAAO,KAAK,UAAU,MAAM,yBAAyB,CAAA;AAGrD,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,8BAA8B,CAAA;AACzE,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,0BAA0B,CAAA;AACjE,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,6BAA6B,CAAA;AAEvE,MAAM,WAAW,kBAAkB;IACjC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,MAAM,CAAC,EAAE;QACP,EAAE,EAAE,MAAM,CAAA;QACV,SAAS,EAAE,MAAM,CAAA;KAClB,CAAA;CACF;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,oBAAoB,CACnC,aAAa,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAC7C,SAAQ,YAAY;IACpB,UAAU,CAAC,EAAE,aAAa,CAAA;CAC3B;AAED,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG,MAAM,EAAE,CAAA;AACxC,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;AAEjD,KAAK,eAAe,GAAG;IACrB,QAAQ,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,KAAK,GAAG,CAAA;IAC/B,SAAS,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,KAAK,GAAG,CAAA;CACjC,CAAA;AAQD,eAAO,MAAM,iBAAiB,MAAM,CAAA;AAEpC,eAAO,MAAM,cAAc,QAAS,QAAQ,WAAW,MAAM,WAkB5D,CAAA;AAMD,eAAO,MAAM,WAAW,gBACT,UAAU,YACb,kBAAkB;YAQP,OAAO,OACrB,QAAQ,SACN,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,YAC7B,YAAY,KACrB,OAAO,CAAC,GAAG,CAAC;oBAqDc,SAAS,SAAS,eAAe,OACvD,QAAQ,SACN,SAAS,YACP,oBAAoB,CAAC,UAAU,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;;0BAgDlC,QAAQ;CA0B5C,CAAA"}

package/dist/cache/index.js

@@ -0,0 +1,132 @@
+import { CacheTimeoutError } from "./errors.js";
+import { default as default2 } from "./clients/MemcachedClient.js";
+import { default as default3 } from "./clients/RedisClient.js";
+import { default as default4 } from "./clients/InMemoryClient.js";
+const DEFAULT_LATEST_FIELDS = { id: "id", updatedAt: "updatedAt" };
+const wait = (ms) => {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+};
+const cacheKeySeparator = "-";
+const formatCacheKey = (key, prefix) => {
+  let output;
+  if (Array.isArray(key)) {
+    output = key.join(cacheKeySeparator);
+  } else {
+    output = key;
+  }
+  if (prefix && !output.toString().match(new RegExp("^" + prefix + cacheKeySeparator))) {
+    output = `${prefix}${cacheKeySeparator}${output}`;
+  }
+  return output;
+};
+const serialize = (input) => {
+  return JSON.parse(JSON.stringify(input));
+};
+const createCache = (cacheClient, options) => {
+  const client = cacheClient;
+  const logger = options?.logger;
+  const timeout = options?.timeout || 1e3;
+  const prefix = options?.prefix;
+  const fields = options?.fields || DEFAULT_LATEST_FIELDS;
+  const cache = async (key, input, options2) => {
+    const cacheKey = formatCacheKey(key, prefix);
+    try {
+      const result = await Promise.race([
+        client.get(cacheKey),
+        wait(timeout).then(() => {
+          throw new CacheTimeoutError();
+        })
+      ]);
+      if (result) {
+        logger?.debug(`[Cache] HIT key '${cacheKey}'`);
+        return result;
+      }
+    } catch (e) {
+      logger?.error(`[Cache] Error GET '${cacheKey}': ${e.message}`);
+      if (e instanceof CacheTimeoutError && client.disconnect) {
+        logger?.error(`[Cache] Disconnecting current instance...`);
+        await client.disconnect();
+      }
+      return serialize(await input());
+    }
+    let data;
+    try {
+      data = await input();
+      await Promise.race([
+        client.set(cacheKey, data, options2 || {}),
+        wait(timeout).then(() => {
+          throw new CacheTimeoutError();
+        })
+      ]);
+      logger?.debug(
+        `[Cache] MISS '${cacheKey}', SET ${JSON.stringify(data).length} bytes`
+      );
+      return serialize(data);
+    } catch (e) {
+      logger?.error(`[Cache] Error SET '${cacheKey}': ${e.message}`);
+      return serialize(data || await input());
+    }
+  };
+  const cacheFindMany = async (key, model, options2 = {}) => {
+    const { conditions, ...rest } = options2;
+    const cacheKey = formatCacheKey(key, prefix);
+    let latest, latestCacheKey;
+    const { PrismaClientValidationError } = await import("@prisma/client");
+    try {
+      latest = await model.findFirst({
+        ...conditions,
+        orderBy: { [fields.updatedAt]: "desc" },
+        select: { [fields.id]: true, [fields.updatedAt]: true }
+      });
+    } catch (e) {
+      if (e instanceof PrismaClientValidationError) {
+        logger?.error(
+          `[Cache] cacheFindMany error: model does not contain \`${fields.id}\` or \`${fields.updatedAt}\` fields`
+        );
+      } else {
+        logger?.error(`[Cache] cacheFindMany error: ${e.message}`);
+      }
+      return serialize(await model.findMany(conditions));
+    }
+    if (latest) {
+      latestCacheKey = `${cacheKey}${cacheKeySeparator}${latest.id}${cacheKeySeparator}${latest[fields.updatedAt].getTime()}`;
+    } else {
+      logger?.debug(
+        `[Cache] cacheFindMany: No data to cache for key \`${key}\`, skipping`
+      );
+      return serialize(await model.findMany(conditions));
+    }
+    return cache(latestCacheKey, () => model.findMany(conditions), rest);
+  };
+  const deleteCacheKey = async (key) => {
+    let result;
+    const cacheKey = formatCacheKey(key, prefix);
+    try {
+      await Promise.race([
+        result = client.del(cacheKey),
+        wait(timeout).then(() => {
+          throw new CacheTimeoutError();
+        })
+      ]);
+      logger?.debug(`[Cache] DEL '${cacheKey}'`);
+      return result;
+    } catch (e) {
+      logger?.error(`[Cache] Error DEL '${cacheKey}': ${e.message}`);
+      return false;
+    }
+  };
+  return {
+    cache,
+    cacheFindMany,
+    cacheClient: client,
+    deleteCacheKey
+  };
+};
+export {
+  default4 as InMemoryClient,
+  default2 as MemcachedClient,
+  default3 as RedisClient,
+  cacheKeySeparator,
+  createCache,
+  formatCacheKey
+};

package/dist/cjs/auth/index.d.ts

@@ -0,0 +1,51 @@
+export * from './parseJWT.js';
+import type { APIGatewayProxyEvent, Context as LambdaContext } from 'aws-lambda';
+import type { Decoded } from './parseJWT.js';
+export type { Decoded };
+export declare const AUTH_PROVIDER_HEADER = "auth-provider";
+export declare const getAuthProviderHeader: (event: APIGatewayProxyEvent | Request) => string | null | undefined;
+export interface AuthorizationHeader {
+    schema: 'Bearer' | 'Basic' | string;
+    token: string;
+}
+export type AuthorizationCookies = {
+    parsedCookie: Record<string, string | undefined>;
+    rawCookie: string;
+    type: string | undefined;
+} | null;
+export declare const parseAuthorizationCookie: (event: APIGatewayProxyEvent | Request) => AuthorizationCookies;
+/**
+ * Split the `Authorization` header into a schema and token part.
+ */
+export declare const parseAuthorizationHeader: (event: APIGatewayProxyEvent | Request) => AuthorizationHeader;
+/** @MARK Note that we do not send LambdaContext when making fetch requests
+ *
+ * This part is incomplete, as we need to decide how we will make the breaking change to
+ * 1. getCurrentUser
+ * 2. authDecoders
+
+ */
+export type AuthContextPayload = [
+    Decoded,
+    {
+        type: string;
+    } & AuthorizationHeader,
+    {
+        event: APIGatewayProxyEvent | Request;
+        context?: LambdaContext;
+    }
+];
+export type Decoder = (token: string, type: string, req: {
+    event: APIGatewayProxyEvent | Request;
+    context?: LambdaContext;
+}) => Promise<Decoded>;
+/**
+ * Get the authorization information from the request headers and request context.
+ * @returns [decoded, { type, schema, token }, { event, context }]
+ **/
+export declare const getAuthenticationContext: ({ authDecoder, event, context, }: {
+    authDecoder?: Decoder | Decoder[];
+    event: APIGatewayProxyEvent | Request;
+    context: LambdaContext;
+}) => Promise<undefined | AuthContextPayload>;
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAA;AAE7B,OAAO,KAAK,EAAE,oBAAoB,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,YAAY,CAAA;AAKhF,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAA;AAC5C,YAAY,EAAE,OAAO,EAAE,CAAA;AAGvB,eAAO,MAAM,oBAAoB,kBAAkB,CAAA;AAEnD,eAAO,MAAM,qBAAqB,UACzB,oBAAoB,GAAG,OAAO,8BAStC,CAAA;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAA;IACnC,KAAK,EAAE,MAAM,CAAA;CACd;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAA;IAChD,SAAS,EAAE,MAAM,CAAA;IACjB,IAAI,EAAE,MAAM,GAAG,SAAS,CAAA;CACzB,GAAG,IAAI,CAAA;AAER,eAAO,MAAM,wBAAwB,UAC5B,oBAAoB,GAAG,OAAO,KACpC,oBAiBF,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,wBAAwB,UAC5B,oBAAoB,GAAG,OAAO,KACpC,mBAUF,CAAA;AAED;;;;;;GAMG;AAEH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO;IACP;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,GAAG,mBAAmB;IAEtC;QACE,KAAK,EAAE,oBAAoB,GAAG,OAAO,CAAA;QACrC,OAAO,CAAC,EAAE,aAAa,CAAA;KACxB;CACF,CAAA;AAED,MAAM,MAAM,OAAO,GAAG,CACpB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,GAAG,EAAE;IACH,KAAK,EAAE,oBAAoB,GAAG,OAAO,CAAA;IACrC,OAAO,CAAC,EAAE,aAAa,CAAA;CACxB,KACE,OAAO,CAAC,OAAO,CAAC,CAAA;AAErB;;;IAGI;AACJ,eAAO,MAAM,wBAAwB,qCAIlC;IACD,WAAW,CAAC,EAAE,OAAO,GAAG,OAAO,EAAE,CAAA;IACjC,KAAK,EAAE,oBAAoB,GAAG,OAAO,CAAA;IACrC,OAAO,EAAE,aAAa,CAAA;CACvB,KAAG,OAAO,CAAC,SAAS,GAAG,kBAAkB,CA6DzC,CAAA"}

package/dist/cjs/auth/index.js

@@ -0,0 +1,129 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var auth_exports = {};
+__export(auth_exports, {
+  AUTH_PROVIDER_HEADER: () => AUTH_PROVIDER_HEADER,
+  getAuthProviderHeader: () => getAuthProviderHeader,
+  getAuthenticationContext: () => getAuthenticationContext,
+  parseAuthorizationCookie: () => parseAuthorizationCookie,
+  parseAuthorizationHeader: () => parseAuthorizationHeader
+});
+module.exports = __toCommonJS(auth_exports);
+__reExport(auth_exports, require("./parseJWT.js"), module.exports);
+var cookie = __toESM(require("cookie"), 1);
+var import_event = require("../event.js");
+const AUTH_PROVIDER_HEADER = "auth-provider";
+const getAuthProviderHeader = (event) => {
+  const authProviderKey = Object.keys(event?.headers ?? {}).find(
+    (key) => key.toLowerCase() === AUTH_PROVIDER_HEADER
+  );
+  if (authProviderKey) {
+    return (0, import_event.getEventHeader)(event, authProviderKey);
+  }
+  return void 0;
+};
+const parseAuthorizationCookie = (event) => {
+  const cookieHeader = (0, import_event.getEventHeader)(event, "Cookie");
+  if (!cookieHeader) {
+    return null;
+  }
+  const parsedCookie = cookie.parse(cookieHeader);
+  return {
+    parsedCookie,
+    rawCookie: cookieHeader,
+    // When not unauthenticated, this will be null/undefined
+    // Remember that the cookie header could contain other (unrelated) values!
+    type: parsedCookie[AUTH_PROVIDER_HEADER]
+  };
+};
+const parseAuthorizationHeader = (event) => {
+  const parts = (0, import_event.getEventHeader)(event, "Authorization")?.split(" ");
+  if (parts?.length !== 2) {
+    throw new Error("The `Authorization` header is not valid.");
+  }
+  const [schema, token] = parts;
+  if (!schema.length || !token.length) {
+    throw new Error("The `Authorization` header is not valid.");
+  }
+  return { schema, token };
+};
+const getAuthenticationContext = async ({
+  authDecoder,
+  event,
+  context
+}) => {
+  const cookieHeader = parseAuthorizationCookie(event);
+  const typeFromHeader = getAuthProviderHeader(event);
+  if (!typeFromHeader && !cookieHeader) {
+    return void 0;
+  }
+  let token;
+  let type;
+  let schema;
+  if (cookieHeader?.type) {
+    token = cookieHeader.rawCookie;
+    type = cookieHeader.type;
+    schema = "cookie";
+  } else if (typeFromHeader) {
+    const parsedAuthHeader = parseAuthorizationHeader(event);
+    token = parsedAuthHeader.token;
+    type = typeFromHeader;
+    schema = parsedAuthHeader.schema;
+  }
+  if (!token || !type || !schema) {
+    return void 0;
+  }
+  let authDecoders = [];
+  if (Array.isArray(authDecoder)) {
+    authDecoders = authDecoder;
+  } else if (authDecoder) {
+    authDecoders = [authDecoder];
+  }
+  let decoded = null;
+  let i = 0;
+  while (!decoded && i < authDecoders.length) {
+    decoded = await authDecoders[i](token, type, {
+      // @MARK: When called from middleware, the decoder will pass Request, not Lambda event
+      event,
+      context
+    });
+    i++;
+  }
+  return [decoded, { type, schema, token }, { event, context }];
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AUTH_PROVIDER_HEADER,
+  getAuthProviderHeader,
+  getAuthenticationContext,
+  parseAuthorizationCookie,
+  parseAuthorizationHeader,
+  ...require("./parseJWT.js")
+});

package/dist/cjs/auth/parseJWT.d.ts

@@ -0,0 +1,6 @@
+export type Decoded = Record<string, unknown> | null;
+export declare const parseJWT: (token: {
+    decoded: Decoded;
+    namespace?: string;
+}) => any;
+//# sourceMappingURL=parseJWT.d.ts.map

package/dist/cjs/auth/parseJWT.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parseJWT.d.ts","sourceRoot":"","sources":["../../../src/auth/parseJWT.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAA;AA8DpD,eAAO,MAAM,QAAQ,UAAW;IAC9B,OAAO,EAAE,OAAO,CAAA;IAChB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,KAAG,GAKH,CAAA"}

package/dist/cjs/auth/parseJWT.js

@@ -0,0 +1,57 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var parseJWT_exports = {};
+__export(parseJWT_exports, {
+  parseJWT: () => parseJWT
+});
+module.exports = __toCommonJS(parseJWT_exports);
+function isTokenWithRoles(token) {
+  return !!token.decoded?.roles;
+}
+function isTokenWithMetadata(token) {
+  const claim = token.namespace ? `${token.namespace}/app_metadata` : "app_metadata";
+  return !!token.decoded?.[claim];
+}
+const appMetadata = (token) => {
+  if (typeof token.decoded === "string") {
+    return {};
+  }
+  if (isTokenWithMetadata(token)) {
+    const claim = token.namespace ? `${token.namespace}/app_metadata` : "app_metadata";
+    return token.decoded?.[claim];
+  }
+  return {};
+};
+const roles = (token) => {
+  if (isTokenWithRoles(token)) {
+    return token.decoded.roles;
+  }
+  const metadata = appMetadata(token);
+  return metadata?.roles || metadata.authorization?.roles || [];
+};
+const parseJWT = (token) => {
+  return {
+    appMetadata: appMetadata(token),
+    roles: roles(token)
+  };
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  parseJWT
+});

package/dist/cjs/auth/verifiers/base64Sha1Verifier.d.ts

@@ -0,0 +1,19 @@
+import type { WebhookVerifier, VerifyOptions } from './common.js';
+export interface Base64Sha1Verifier extends WebhookVerifier {
+    type: 'base64Sha1Verifier';
+}
+export declare const verifySignature: ({ payload, secret, signature, }: {
+    payload: string | Record<string, unknown>;
+    secret: string;
+    signature: string;
+}) => boolean;
+/**
+ * Base64 SHA1 HMAC Payload Verifier
+ *
+ * Based on Svix's webhook payload verification, but using SHA1 instead
+ * @see https://docs.svix.com/receiving/verifying-payloads/how-manual
+ * @see https://github.com/svix/svix-webhooks/blob/main/javascript/src/index.ts
+ */
+declare const base64Sha1Verifier: (_options?: VerifyOptions) => Base64Sha1Verifier;
+export default base64Sha1Verifier;
+//# sourceMappingURL=base64Sha1Verifier.d.ts.map

package/dist/cjs/auth/verifiers/base64Sha1Verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base64Sha1Verifier.d.ts","sourceRoot":"","sources":["../../../../src/auth/verifiers/base64Sha1Verifier.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAEjE,MAAM,WAAW,kBAAmB,SAAQ,eAAe;IACzD,IAAI,EAAE,oBAAoB,CAAA;CAC3B;AA0BD,eAAO,MAAM,eAAe,oCAIzB;IACD,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACzC,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;CAClB,KAAG,OA0BH,CAAA;AAED;;;;;;GAMG;AACH,QAAA,MAAM,kBAAkB,cAAe,aAAa,KAAG,kBAUtD,CAAA;AAED,eAAe,kBAAkB,CAAA"}

package/dist/cjs/auth/verifiers/base64Sha1Verifier.js

@@ -0,0 +1,77 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var base64Sha1Verifier_exports = {};
+__export(base64Sha1Verifier_exports, {
+  default: () => base64Sha1Verifier_default,
+  verifySignature: () => verifySignature
+});
+module.exports = __toCommonJS(base64Sha1Verifier_exports);
+var import_crypto = require("crypto");
+var import_common = require("./common.js");
+function toNormalizedJsonString(payload) {
+  return JSON.stringify(payload).replace(/[^\\]\\u[\da-f]{4}/g, (s) => {
+    return s.slice(0, 3) + s.slice(3).toUpperCase();
+  });
+}
+const createSignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET
+}) => {
+  const algorithm = "sha1";
+  const hmac = (0, import_crypto.createHmac)(algorithm, Buffer.from(secret, "base64"));
+  payload = typeof payload === "string" ? payload : toNormalizedJsonString(payload);
+  const digest = hmac.update(payload).digest();
+  return digest.toString("base64");
+};
+const verifySignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET,
+  signature
+}) => {
+  try {
+    const webhookSignature = Buffer.from(signature || "", "base64");
+    const hmac = (0, import_crypto.createHmac)("sha1", Buffer.from(secret, "base64"));
+    payload = typeof payload === "string" ? payload : toNormalizedJsonString(payload);
+    const digest = hmac.update(payload).digest();
+    if (webhookSignature.length === digest.length && (0, import_crypto.timingSafeEqual)(digest, webhookSignature)) {
+      return true;
+    }
+    throw new import_common.WebhookVerificationError();
+  } catch (error) {
+    throw new import_common.WebhookVerificationError(
+      `${import_common.VERIFICATION_ERROR_MESSAGE}: ${error.message}`
+    );
+  }
+};
+const base64Sha1Verifier = (_options) => {
+  return {
+    sign: ({ payload, secret }) => {
+      return createSignature({ payload, secret });
+    },
+    verify: ({ payload, secret, signature }) => {
+      return verifySignature({ payload, secret, signature });
+    },
+    type: "base64Sha1Verifier"
+  };
+};
+var base64Sha1Verifier_default = base64Sha1Verifier;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  verifySignature
+});

package/dist/cjs/auth/verifiers/base64Sha256Verifier.d.ts

@@ -0,0 +1,19 @@
+import type { WebhookVerifier, VerifyOptions } from './common.js';
+export interface Base64Sha256Verifier extends WebhookVerifier {
+    type: 'base64Sha256Verifier';
+}
+export declare const verifySignature: ({ payload, secret, signature, }: {
+    payload: string | Record<string, unknown>;
+    secret: string;
+    signature: string;
+}) => boolean;
+/**
+ * Base64 SHA256 HMAC Payload Verifier
+ *
+ * Based on Svix's webhook payload verification
+ * @see https://docs.svix.com/receiving/verifying-payloads/how-manual
+ * @see https://github.com/svix/svix-webhooks/blob/main/javascript/src/index.ts
+ */
+declare const base64Sha256Verifier: (_options?: VerifyOptions) => Base64Sha256Verifier;
+export default base64Sha256Verifier;
+//# sourceMappingURL=base64Sha256Verifier.d.ts.map

package/dist/cjs/auth/verifiers/base64Sha256Verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base64Sha256Verifier.d.ts","sourceRoot":"","sources":["../../../../src/auth/verifiers/base64Sha256Verifier.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAEjE,MAAM,WAAW,oBAAqB,SAAQ,eAAe;IAC3D,IAAI,EAAE,sBAAsB,CAAA;CAC7B;AA0BD,eAAO,MAAM,eAAe,oCAIzB;IACD,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACzC,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;CAClB,KAAG,OA0BH,CAAA;AAED;;;;;;GAMG;AACH,QAAA,MAAM,oBAAoB,cACb,aAAa,KACvB,oBAUF,CAAA;AAED,eAAe,oBAAoB,CAAA"}