@classytic/arc 1.1.0 → 2.1.2

package/dist/audit/index.js

@@ -1,319 +0,0 @@
-import fp from 'fastify-plugin';
-
-// src/audit/auditPlugin.ts
-
-// src/audit/stores/interface.ts
-function createAuditEntry(resource, documentId, action, context, data) {
-  const changes = data?.before && data?.after ? detectChanges(data.before, data.after) : void 0;
-  return {
-    id: generateAuditId(),
-    resource,
-    documentId,
-    action,
-    userId: context.user?._id?.toString() ?? context.user?.id,
-    organizationId: context.organizationId,
-    before: data?.before,
-    after: data?.after,
-    changes,
-    requestId: context.requestId,
-    ipAddress: context.ipAddress,
-    userAgent: context.userAgent,
-    metadata: data?.metadata,
-    timestamp: /* @__PURE__ */ new Date()
-  };
-}
-function detectChanges(before, after) {
-  const changes = [];
-  const allKeys = /* @__PURE__ */ new Set([...Object.keys(before), ...Object.keys(after)]);
-  for (const key of allKeys) {
-    if (key.startsWith("_") || key === "updatedAt") continue;
-    const oldVal = JSON.stringify(before[key]);
-    const newVal = JSON.stringify(after[key]);
-    if (oldVal !== newVal) {
-      changes.push(key);
-    }
-  }
-  return changes;
-}
-function generateAuditId() {
-  const timestamp = Date.now().toString(36);
-  const random = Math.random().toString(36).substring(2, 10);
-  return `aud_${timestamp}${random}`;
-}
-
-// src/audit/stores/memory.ts
-var MemoryAuditStore = class {
-  name = "memory";
-  entries = [];
-  maxEntries;
-  constructor(options = {}) {
-    this.maxEntries = options.maxEntries ?? 1e3;
-  }
-  async log(entry) {
-    this.entries.unshift(entry);
-    if (this.entries.length > this.maxEntries) {
-      this.entries = this.entries.slice(0, this.maxEntries);
-    }
-  }
-  async query(options = {}) {
-    let results = [...this.entries];
-    if (options.resource) {
-      results = results.filter((e) => e.resource === options.resource);
-    }
-    if (options.documentId) {
-      results = results.filter((e) => e.documentId === options.documentId);
-    }
-    if (options.userId) {
-      results = results.filter((e) => e.userId === options.userId);
-    }
-    if (options.organizationId) {
-      results = results.filter((e) => e.organizationId === options.organizationId);
-    }
-    if (options.action) {
-      const actions = Array.isArray(options.action) ? options.action : [options.action];
-      results = results.filter((e) => actions.includes(e.action));
-    }
-    if (options.from) {
-      results = results.filter((e) => e.timestamp >= options.from);
-    }
-    if (options.to) {
-      results = results.filter((e) => e.timestamp <= options.to);
-    }
-    const offset = options.offset ?? 0;
-    const limit = options.limit ?? 100;
-    results = results.slice(offset, offset + limit);
-    return results;
-  }
-  async close() {
-    this.entries = [];
-  }
-  /** Get all entries (for testing) */
-  getAll() {
-    return [...this.entries];
-  }
-  /** Clear all entries (for testing) */
-  clear() {
-    this.entries = [];
-  }
-};
-
-// src/audit/stores/mongodb.ts
-var MongoAuditStore = class {
-  constructor(options) {
-    this.options = options;
-    const collectionName = options.collection ?? "audit_logs";
-    this.collection = options.connection.collection(collectionName);
-    this.ttlDays = options.ttlDays ?? 90;
-  }
-  name = "mongodb";
-  collection;
-  initialized = false;
-  ttlDays;
-  async ensureIndexes() {
-    if (this.initialized) return;
-    try {
-      await this.collection.createIndex({
-        resource: 1,
-        documentId: 1,
-        timestamp: -1
-      });
-      await this.collection.createIndex({ userId: 1, timestamp: -1 });
-      await this.collection.createIndex({ organizationId: 1, timestamp: -1 });
-      if (this.ttlDays > 0) {
-        await this.collection.createIndex(
-          { timestamp: 1 },
-          { expireAfterSeconds: this.ttlDays * 24 * 60 * 60 }
-        );
-      }
-      this.initialized = true;
-    } catch {
-      this.initialized = true;
-    }
-  }
-  async log(entry) {
-    await this.ensureIndexes();
-    await this.collection.insertOne({
-      _id: entry.id,
-      resource: entry.resource,
-      documentId: entry.documentId,
-      action: entry.action,
-      userId: entry.userId,
-      organizationId: entry.organizationId,
-      before: entry.before,
-      after: entry.after,
-      changes: entry.changes,
-      requestId: entry.requestId,
-      ipAddress: entry.ipAddress,
-      userAgent: entry.userAgent,
-      metadata: entry.metadata,
-      timestamp: entry.timestamp
-    });
-  }
-  async query(options = {}) {
-    await this.ensureIndexes();
-    const query = {};
-    if (options.resource) {
-      query.resource = options.resource;
-    }
-    if (options.documentId) {
-      query.documentId = options.documentId;
-    }
-    if (options.userId) {
-      query.userId = options.userId;
-    }
-    if (options.organizationId) {
-      query.organizationId = options.organizationId;
-    }
-    if (options.action) {
-      const actions = Array.isArray(options.action) ? options.action : [options.action];
-      query.action = actions.length === 1 ? actions[0] : { $in: actions };
-    }
-    if (options.from || options.to) {
-      query.timestamp = {};
-      if (options.from) {
-        query.timestamp.$gte = options.from;
-      }
-      if (options.to) {
-        query.timestamp.$lte = options.to;
-      }
-    }
-    const offset = options.offset ?? 0;
-    const limit = options.limit ?? 100;
-    const docs = await this.collection.find(query).sort({ timestamp: -1 }).skip(offset).limit(limit).toArray();
-    return docs.map((doc) => ({
-      id: String(doc._id),
-      resource: doc.resource,
-      documentId: doc.documentId,
-      action: doc.action,
-      userId: doc.userId,
-      organizationId: doc.organizationId,
-      before: doc.before,
-      after: doc.after,
-      changes: doc.changes,
-      requestId: doc.requestId,
-      ipAddress: doc.ipAddress,
-      userAgent: doc.userAgent,
-      metadata: doc.metadata,
-      timestamp: doc.timestamp
-    }));
-  }
-};
-
-// src/audit/auditPlugin.ts
-var auditPlugin = async (fastify, opts = {}) => {
-  const {
-    enabled = false,
-    stores: storeTypes = ["memory"],
-    mongoConnection,
-    mongoCollection = "audit_logs",
-    ttlDays = 90,
-    customStores = []
-  } = opts;
-  if (!enabled) {
-    fastify.decorate("audit", createNoopLogger());
-    fastify.decorateRequest("auditContext", void 0);
-    fastify.log?.debug?.("Audit plugin disabled");
-    return;
-  }
-  const stores = [...customStores];
-  for (const type of storeTypes) {
-    switch (type) {
-      case "memory":
-        stores.push(new MemoryAuditStore());
-        break;
-      case "mongodb":
-        if (!mongoConnection) {
-          throw new Error("Audit: mongoConnection required for mongodb store");
-        }
-        stores.push(new MongoAuditStore({
-          // eslint-disable-next-line @typescript-eslint/no-explicit-any
-          connection: mongoConnection,
-          collection: mongoCollection,
-          ttlDays
-        }));
-        break;
-    }
-  }
-  if (stores.length === 0) {
-    throw new Error("Audit: at least one store must be configured");
-  }
-  async function logToStores(entry) {
-    await Promise.all(stores.map((store) => store.log(entry)));
-  }
-  const audit = {
-    async create(resource, documentId, data, context) {
-      const entry = createAuditEntry(resource, documentId, "create", context ?? {}, {
-        after: data
-      });
-      await logToStores(entry);
-    },
-    async update(resource, documentId, before, after, context) {
-      const entry = createAuditEntry(resource, documentId, "update", context ?? {}, {
-        before,
-        after
-      });
-      await logToStores(entry);
-    },
-    async delete(resource, documentId, data, context) {
-      const entry = createAuditEntry(resource, documentId, "delete", context ?? {}, {
-        before: data
-      });
-      await logToStores(entry);
-    },
-    async restore(resource, documentId, data, context) {
-      const entry = createAuditEntry(resource, documentId, "restore", context ?? {}, {
-        after: data
-      });
-      await logToStores(entry);
-    },
-    async custom(resource, documentId, action, data, context) {
-      const entry = createAuditEntry(resource, documentId, "custom", context ?? {}, {
-        metadata: { customAction: action, ...data }
-      });
-      await logToStores(entry);
-    },
-    async query(options) {
-      for (const store of stores) {
-        if (store.query) {
-          return store.query(options);
-        }
-      }
-      return [];
-    }
-  };
-  fastify.decorate("audit", audit);
-  fastify.decorateRequest("auditContext", void 0);
-  fastify.addHook("onRequest", async (request) => {
-    const user = request.user;
-    const context = request.context;
-    request.auditContext = {
-      user,
-      organizationId: context?.organizationId ?? void 0,
-      requestId: request.id,
-      ipAddress: request.ip,
-      userAgent: request.headers["user-agent"]
-    };
-  });
-  fastify.addHook("onClose", async () => {
-    await Promise.all(stores.map((store) => store.close?.()));
-  });
-  fastify.log?.info?.({ stores: storeTypes }, "Audit plugin enabled");
-};
-function createNoopLogger() {
-  const noop = async () => {
-  };
-  return {
-    create: noop,
-    update: noop,
-    delete: noop,
-    restore: noop,
-    custom: noop,
-    query: async () => []
-  };
-}
-var auditPlugin_default = fp(auditPlugin, {
-  name: "arc-audit",
-  fastify: "5.x"
-});
-
-export { MemoryAuditStore, MongoAuditStore, auditPlugin_default as auditPlugin, auditPlugin as auditPluginFn, createAuditEntry };

package/dist/auth/index.d.ts

@@ -1,47 +0,0 @@
-import { FastifyPluginAsync } from 'fastify';
-import { g as AuthHelpers, h as AuthPluginOptions } from '../index-B4t03KQ0.js';
-import 'mongoose';
-import '../types-B99TBmFV.js';
-
-/**
- * Auth Plugin - Flexible, Database-Agnostic Authentication
- *
- * Arc provides JWT infrastructure and calls your authenticator.
- * You control ALL authentication logic.
- *
- * Design principles:
- * - Arc handles plumbing (JWT sign/verify utilities)
- * - App handles business logic (how to authenticate, where users live)
- * - Works with any database (Prisma, MongoDB, Postgres, none)
- * - Supports multiple auth strategies (JWT, API keys, sessions, etc.)
- *
- * @example
- * ```typescript
- * // In createApp
- * auth: {
- *   jwt: { secret: process.env.JWT_SECRET },
- *   authenticate: async (request, { jwt }) => {
- *     // Your auth logic - Arc never touches your database
- *     const token = request.headers.authorization?.split(' ')[1];
- *     if (!token) return null;
- *     const decoded = jwt.verify(token);
- *     return userRepo.findById(decoded.id);
- *   },
- * }
- * ```
- */
-
-declare module 'fastify' {
-    interface FastifyInstance {
-        /** Authenticate middleware - use in preHandler for protected routes */
-        authenticate: (request: FastifyRequest, reply: FastifyReply) => Promise<void>;
-        /** Authorize middleware factory - checks if user has required roles */
-        authorize: (...roles: string[]) => (request: FastifyRequest, reply: FastifyReply) => Promise<void>;
-        /** Auth helpers - issueTokens, jwt utilities */
-        auth: AuthHelpers;
-    }
-}
-declare const authPlugin: FastifyPluginAsync<AuthPluginOptions>;
-declare const _default: FastifyPluginAsync<AuthPluginOptions>;
-
-export { AuthPluginOptions, _default as authPlugin, authPlugin as authPluginFn };

package/dist/auth/index.js

@@ -1,174 +0,0 @@
-import fp from 'fastify-plugin';
-
-// src/auth/authPlugin.ts
-function parseExpiresIn(input, defaultValue) {
-  if (!input) return defaultValue;
-  if (/^\d+$/.test(input)) return parseInt(input, 10);
-  const match = /^(\d+)\s*([smhd])$/i.exec(input);
-  if (!match) return defaultValue;
-  const value = parseInt(match[1], 10);
-  const unit = match[2].toLowerCase();
-  const multipliers = { s: 1, m: 60, h: 3600, d: 86400 };
-  return value * (multipliers[unit] ?? 1);
-}
-function extractBearerToken(request) {
-  const auth = request.headers.authorization;
-  if (!auth?.startsWith("Bearer ")) return null;
-  return auth.slice(7);
-}
-var authPlugin = async (fastify, opts = {}) => {
-  const { jwt: jwtConfig, authenticate: appAuthenticator, onFailure, userProperty = "user" } = opts;
-  let jwtContext = null;
-  if (jwtConfig?.secret) {
-    if (jwtConfig.secret.length < 32) {
-      throw new Error(
-        `JWT secret must be at least 32 characters (current: ${jwtConfig.secret.length}).
-Use a strong random secret for production.`
-      );
-    }
-    const jwtPlugin = await import('@fastify/jwt');
-    await fastify.register(jwtPlugin.default ?? jwtPlugin, {
-      secret: jwtConfig.secret,
-      sign: {
-        expiresIn: jwtConfig.expiresIn ?? "15m",
-        ...jwtConfig.sign ?? {}
-      },
-      verify: { ...jwtConfig.verify ?? {} }
-    });
-    const fastifyWithJwt = fastify;
-    jwtContext = {
-      verify: (token) => {
-        return fastifyWithJwt.jwt.verify(token);
-      },
-      sign: (payload, options) => {
-        return fastifyWithJwt.jwt.sign(payload, options);
-      },
-      decode: (token) => {
-        try {
-          return fastifyWithJwt.jwt.decode(token);
-        } catch {
-          return null;
-        }
-      }
-    };
-    fastify.log.info("Auth: JWT infrastructure enabled");
-  }
-  const authContext = {
-    jwt: jwtContext,
-    fastify
-  };
-  const authenticate = async (request, reply) => {
-    try {
-      let user = null;
-      if (appAuthenticator) {
-        user = await appAuthenticator(request, authContext);
-      } else if (jwtContext) {
-        const token = extractBearerToken(request);
-        if (token) {
-          const decoded = jwtContext.verify(token);
-          user = decoded;
-        }
-      } else {
-        throw new Error(
-          "No authenticator configured. Provide auth.authenticate function or auth.jwt.secret."
-        );
-      }
-      if (!user) {
-        throw new Error("Authentication required");
-      }
-      request[userProperty] = user;
-    } catch (err) {
-      const error = err instanceof Error ? err : new Error(String(err));
-      if (onFailure) {
-        await onFailure(request, reply, error);
-        return;
-      }
-      const message = process.env.NODE_ENV === "production" ? "Authentication required" : error.message;
-      reply.code(401).send({
-        success: false,
-        error: "Unauthorized",
-        message
-      });
-    }
-  };
-  const refreshSecret = jwtConfig?.refreshSecret ?? jwtConfig?.secret;
-  const accessExpiresIn = jwtConfig?.expiresIn ?? "15m";
-  const refreshExpiresIn = jwtConfig?.refreshExpiresIn ?? "7d";
-  const issueTokens = (payload, options) => {
-    if (!jwtContext) {
-      throw new Error("JWT not configured. Provide auth.jwt.secret to use issueTokens.");
-    }
-    const accessTtl = options?.expiresIn ?? accessExpiresIn;
-    const refreshTtl = options?.refreshExpiresIn ?? refreshExpiresIn;
-    const accessToken = jwtContext.sign(payload, { expiresIn: accessTtl });
-    const refreshPayload = payload.id ? { id: payload.id, type: "refresh" } : payload._id ? { id: payload._id, type: "refresh" } : { ...payload, type: "refresh" };
-    let refreshToken;
-    if (refreshSecret) {
-      const fastifyWithJwt = fastify;
-      refreshToken = fastifyWithJwt.jwt.sign(refreshPayload, {
-        expiresIn: refreshTtl,
-        // Use refresh secret if different from main secret
-        ...refreshSecret !== jwtConfig?.secret ? { secret: refreshSecret } : {}
-      });
-    }
-    return {
-      accessToken,
-      refreshToken,
-      expiresIn: parseExpiresIn(accessTtl, 900),
-      refreshExpiresIn: refreshToken ? parseExpiresIn(refreshTtl, 604800) : void 0,
-      tokenType: "Bearer"
-    };
-  };
-  const verifyRefreshToken = (token) => {
-    if (!jwtContext) {
-      throw new Error("JWT not configured. Provide auth.jwt.secret to use verifyRefreshToken.");
-    }
-    const fastifyWithJwt = fastify;
-    return fastifyWithJwt.jwt.verify(token, {
-      ...refreshSecret !== jwtConfig?.secret ? { secret: refreshSecret } : {}
-    });
-  };
-  const authorize = (...allowedRoles) => {
-    return async (request, reply) => {
-      const user = request[userProperty];
-      if (!user) {
-        reply.code(401).send({
-          success: false,
-          error: "Unauthorized",
-          message: "No user context"
-        });
-        return;
-      }
-      const userRoles = user.roles ?? [];
-      if (allowedRoles.length === 1 && allowedRoles[0] === "*") {
-        return;
-      }
-      const hasRole = allowedRoles.some((role) => userRoles.includes(role));
-      if (!hasRole) {
-        reply.code(403).send({
-          success: false,
-          error: "Forbidden",
-          message: `Requires one of: ${allowedRoles.join(", ")}`
-        });
-        return;
-      }
-    };
-  };
-  const authHelpers = {
-    jwt: jwtContext,
-    issueTokens,
-    verifyRefreshToken
-  };
-  fastify.decorate("authenticate", authenticate);
-  fastify.decorate("authorize", authorize);
-  fastify.decorate("auth", authHelpers);
-  fastify.log.info(
-    `Auth: Plugin registered (jwt=${!!jwtContext}, customAuth=${!!appAuthenticator})`
-  );
-};
-var authPlugin_default = fp(authPlugin, {
-  name: "arc-auth",
-  fastify: "5.x"
-});
-
-export { authPlugin_default as authPlugin, authPlugin as authPluginFn };

package/dist/cli/commands/docs.d.ts

@@ -1,11 +0,0 @@
-/**
- * Arc CLI - Docs Command
- *
- * Export OpenAPI specification from registered resources
- */
-declare function exportDocs(args: string[]): Promise<void>;
-declare const _default: {
-    exportDocs: typeof exportDocs;
-};
-
-export { _default as default, exportDocs };