npm - @cloudwerk/security - Versions diffs - 0.1.0 - Mend

@cloudwerk/security 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/LICENSE +21 -0
package/dist/client.d.ts +207 -0
package/dist/client.js +145 -0
package/dist/client.js.map +1 -0
package/dist/index.d.ts +424 -0
package/dist/index.js +492 -0
package/dist/index.js.map +1 -0
package/dist/middleware.d.ts +3 -0
package/dist/middleware.js +492 -0
package/dist/middleware.js.map +1 -0
package/dist/types-DtbmXdeT.d.ts +404 -0
package/package.json +44 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Squirrelsoft Dev Tools
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/client.d.ts ADDED Viewed

@@ -0,0 +1,207 @@
+import { S as SecureFetchOptions } from './types-DtbmXdeT.js';
+/**
+ * @cloudwerk/security - Client-Side CSRF Helpers
+ *
+ * Utilities for working with CSRF tokens in browser code.
+ */
+/**
+ * Get the CSRF token from cookies.
+ *
+ * Reads the CSRF token cookie set by the server.
+ *
+ * @param cookieName - Name of the CSRF cookie
+ * @returns The CSRF token or null if not found
+ *
+ * @example
+ * ```typescript
+ * import { getCsrfToken } from '@cloudwerk/security/client'
+ *
+ * const token = getCsrfToken()
+ * if (token) {
+ *   // Include token in your request
+ *   fetch('/api/users', {
+ *     method: 'POST',
+ *     headers: {
+ *       'X-CSRF-Token': token,
+ *     },
+ *     body: JSON.stringify(data),
+ *   })
+ * }
+ * ```
+ */
+declare function getCsrfToken(cookieName?: string): string | null;
+/**
+ * Add CSRF token to a headers object.
+ *
+ * Creates a new Headers object with the CSRF token added.
+ *
+ * @param headers - Existing headers to extend (optional)
+ * @param options - Configuration options
+ * @returns Headers object with CSRF token added
+ *
+ * @example
+ * ```typescript
+ * import { withCsrfToken } from '@cloudwerk/security/client'
+ *
+ * const headers = withCsrfToken({
+ *   'Content-Type': 'application/json',
+ * })
+ *
+ * fetch('/api/users', {
+ *   method: 'POST',
+ *   headers,
+ *   body: JSON.stringify(data),
+ * })
+ * ```
+ */
+declare function withCsrfToken(headers?: HeadersInit, options?: {
+    cookieName?: string;
+    headerName?: string;
+}): Headers;
+/**
+ * Create a hidden input element with the CSRF token.
+ *
+ * Useful for including CSRF tokens in traditional form submissions.
+ *
+ * @param fieldName - Name of the form field
+ * @param cookieName - Name of the CSRF cookie
+ * @returns HTML input element string or empty string if no token
+ *
+ * @example
+ * ```typescript
+ * import { csrfInput } from '@cloudwerk/security/client'
+ *
+ * // In your form template
+ * const formHtml = `
+ *   <form method="POST" action="/submit">
+ *     ${csrfInput()}
+ *     <input type="text" name="email" />
+ *     <button type="submit">Submit</button>
+ *   </form>
+ * `
+ * ```
+ */
+declare function csrfInput(fieldName?: string, cookieName?: string): string;
+/**
+ * @cloudwerk/security - Secure Fetch Wrapper
+ *
+ * A fetch wrapper that automatically includes CSRF tokens and
+ * X-Requested-With headers for secure AJAX requests.
+ */
+/**
+ * Configure secure fetch defaults.
+ *
+ * Set global configuration options that apply to all secureFetch calls.
+ *
+ * @param options - Configuration options
+ *
+ * @example
+ * ```typescript
+ * import { configureSecureFetch } from '@cloudwerk/security/client'
+ *
+ * // Set up once at app initialization
+ * configureSecureFetch({
+ *   baseUrl: '/api',
+ *   credentials: 'include',
+ * })
+ * ```
+ */
+declare function configureSecureFetch(options: SecureFetchOptions): void;
+/**
+ * Reset secure fetch configuration to defaults.
+ */
+declare function resetSecureFetch(): void;
+/**
+ * A secure fetch wrapper that automatically adds CSRF tokens and
+ * X-Requested-With headers.
+ *
+ * This wrapper:
+ * - Adds X-CSRF-Token header from the CSRF cookie
+ * - Adds X-Requested-With: XMLHttpRequest header (forces CORS preflight)
+ * - Sets credentials to 'same-origin' by default
+ *
+ * @param input - URL or Request object
+ * @param init - Fetch options
+ * @returns Promise resolving to Response
+ *
+ * @example
+ * ```typescript
+ * import { secureFetch } from '@cloudwerk/security/client'
+ *
+ * // POST request with automatic security headers
+ * const response = await secureFetch('/api/users', {
+ *   method: 'POST',
+ *   headers: { 'Content-Type': 'application/json' },
+ *   body: JSON.stringify({ name: 'Alice' }),
+ * })
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Works with FormData too
+ * const formData = new FormData()
+ * formData.append('file', fileInput.files[0])
+ *
+ * const response = await secureFetch('/api/upload', {
+ *   method: 'POST',
+ *   body: formData,
+ * })
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // DELETE request
+ * const response = await secureFetch(`/api/users/${userId}`, {
+ *   method: 'DELETE',
+ * })
+ * ```
+ */
+declare function secureFetch(input: RequestInfo | URL, init?: RequestInit): Promise<Response>;
+/**
+ * Convenience method for GET requests.
+ *
+ * @param url - URL to fetch
+ * @param init - Additional fetch options
+ * @returns Promise resolving to Response
+ */
+declare function secureGet(url: string, init?: Omit<RequestInit, 'method'>): Promise<Response>;
+/**
+ * Convenience method for POST requests.
+ *
+ * @param url - URL to fetch
+ * @param body - Request body
+ * @param init - Additional fetch options
+ * @returns Promise resolving to Response
+ */
+declare function securePost(url: string, body?: BodyInit | Record<string, unknown> | null, init?: Omit<RequestInit, 'method' | 'body'>): Promise<Response>;
+/**
+ * Convenience method for PUT requests.
+ *
+ * @param url - URL to fetch
+ * @param body - Request body
+ * @param init - Additional fetch options
+ * @returns Promise resolving to Response
+ */
+declare function securePut(url: string, body?: BodyInit | Record<string, unknown> | null, init?: Omit<RequestInit, 'method' | 'body'>): Promise<Response>;
+/**
+ * Convenience method for PATCH requests.
+ *
+ * @param url - URL to fetch
+ * @param body - Request body
+ * @param init - Additional fetch options
+ * @returns Promise resolving to Response
+ */
+declare function securePatch(url: string, body?: BodyInit | Record<string, unknown> | null, init?: Omit<RequestInit, 'method' | 'body'>): Promise<Response>;
+/**
+ * Convenience method for DELETE requests.
+ *
+ * @param url - URL to fetch
+ * @param init - Additional fetch options
+ * @returns Promise resolving to Response
+ */
+declare function secureDelete(url: string, init?: Omit<RequestInit, 'method'>): Promise<Response>;
+export { SecureFetchOptions, configureSecureFetch, csrfInput, getCsrfToken, resetSecureFetch, secureDelete, secureFetch, secureGet, securePatch, securePost, securePut, withCsrfToken };

package/dist/client.js ADDED Viewed

@@ -0,0 +1,145 @@
+// src/client/csrf.ts
+var DEFAULT_CSRF_COOKIE_NAME = "cloudwerk.csrf-token";
+var DEFAULT_CSRF_HEADER_NAME = "X-CSRF-Token";
+function getCsrfToken(cookieName = DEFAULT_CSRF_COOKIE_NAME) {
+  if (typeof document === "undefined") {
+    return null;
+  }
+  const cookies = document.cookie.split(";");
+  for (const cookie of cookies) {
+    const [name, ...valueParts] = cookie.split("=");
+    if (name?.trim() === cookieName) {
+      const value = valueParts.join("=").trim();
+      try {
+        return decodeURIComponent(value);
+      } catch {
+        return value;
+      }
+    }
+  }
+  return null;
+}
+function withCsrfToken(headers, options = {}) {
+  const {
+    cookieName = DEFAULT_CSRF_COOKIE_NAME,
+    headerName = DEFAULT_CSRF_HEADER_NAME
+  } = options;
+  const newHeaders = new Headers(headers);
+  const token = getCsrfToken(cookieName);
+  if (token) {
+    newHeaders.set(headerName, token);
+  }
+  return newHeaders;
+}
+function csrfInput(fieldName = "csrf_token", cookieName = DEFAULT_CSRF_COOKIE_NAME) {
+  const token = getCsrfToken(cookieName);
+  if (!token) {
+    return "";
+  }
+  const escapedToken = token.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+  return `<input type="hidden" name="${fieldName}" value="${escapedToken}" />`;
+}
+// src/client/fetch.ts
+var globalConfig = {};
+function configureSecureFetch(options) {
+  globalConfig = { ...globalConfig, ...options };
+}
+function resetSecureFetch() {
+  globalConfig = {};
+}
+var MUTATION_METHODS = ["POST", "PUT", "PATCH", "DELETE"];
+async function secureFetch(input, init) {
+  const config = globalConfig;
+  let url;
+  if (input instanceof URL) {
+    url = input.toString();
+  } else if (typeof input === "string") {
+    if (config.baseUrl && !input.startsWith("http://") && !input.startsWith("https://")) {
+      url = `${config.baseUrl.replace(/\/$/, "")}/${input.replace(/^\//, "")}`;
+    } else {
+      url = input;
+    }
+  } else {
+    url = input.url;
+  }
+  const method = (init?.method ?? "GET").toUpperCase();
+  const headers = new Headers(init?.headers);
+  if (MUTATION_METHODS.includes(method)) {
+    const csrfCookieName = config.csrfCookieName ?? "cloudwerk.csrf-token";
+    const csrfHeaderName = config.csrfHeaderName ?? "X-CSRF-Token";
+    const csrfToken = getCsrfToken(csrfCookieName);
+    if (csrfToken && !headers.has(csrfHeaderName)) {
+      headers.set(csrfHeaderName, csrfToken);
+    }
+    const requestedWithValue = config.requestedWithValue ?? "XMLHttpRequest";
+    if (!headers.has("X-Requested-With")) {
+      headers.set("X-Requested-With", requestedWithValue);
+    }
+  }
+  const fetchOptions = {
+    ...init,
+    headers,
+    credentials: init?.credentials ?? config.credentials ?? "same-origin"
+  };
+  return fetch(url, fetchOptions);
+}
+function secureGet(url, init) {
+  return secureFetch(url, { ...init, method: "GET" });
+}
+function securePost(url, body, init) {
+  let finalBody;
+  const headers = new Headers(init?.headers);
+  if (body && typeof body === "object" && !(body instanceof FormData) && !(body instanceof URLSearchParams) && !(body instanceof Blob) && !(body instanceof ArrayBuffer) && !(body instanceof ReadableStream)) {
+    finalBody = JSON.stringify(body);
+    if (!headers.has("Content-Type")) {
+      headers.set("Content-Type", "application/json");
+    }
+  } else {
+    finalBody = body;
+  }
+  return secureFetch(url, { ...init, method: "POST", body: finalBody, headers });
+}
+function securePut(url, body, init) {
+  let finalBody;
+  const headers = new Headers(init?.headers);
+  if (body && typeof body === "object" && !(body instanceof FormData) && !(body instanceof URLSearchParams) && !(body instanceof Blob) && !(body instanceof ArrayBuffer) && !(body instanceof ReadableStream)) {
+    finalBody = JSON.stringify(body);
+    if (!headers.has("Content-Type")) {
+      headers.set("Content-Type", "application/json");
+    }
+  } else {
+    finalBody = body;
+  }
+  return secureFetch(url, { ...init, method: "PUT", body: finalBody, headers });
+}
+function securePatch(url, body, init) {
+  let finalBody;
+  const headers = new Headers(init?.headers);
+  if (body && typeof body === "object" && !(body instanceof FormData) && !(body instanceof URLSearchParams) && !(body instanceof Blob) && !(body instanceof ArrayBuffer) && !(body instanceof ReadableStream)) {
+    finalBody = JSON.stringify(body);
+    if (!headers.has("Content-Type")) {
+      headers.set("Content-Type", "application/json");
+    }
+  } else {
+    finalBody = body;
+  }
+  return secureFetch(url, { ...init, method: "PATCH", body: finalBody, headers });
+}
+function secureDelete(url, init) {
+  return secureFetch(url, { ...init, method: "DELETE" });
+}
+export {
+  configureSecureFetch,
+  csrfInput,
+  getCsrfToken,
+  resetSecureFetch,
+  secureDelete,
+  secureFetch,
+  secureGet,
+  securePatch,
+  securePost,
+  securePut,
+  withCsrfToken
+};
+//# sourceMappingURL=client.js.map

package/dist/client.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/client/csrf.ts","../src/client/fetch.ts"],"sourcesContent":["/**\n * @cloudwerk/security - Client-Side CSRF Helpers\n *\n * Utilities for working with CSRF tokens in browser code.\n */\n\n/** Default CSRF cookie name */\nconst DEFAULT_CSRF_COOKIE_NAME = 'cloudwerk.csrf-token'\n\n/** Default CSRF header name */\nconst DEFAULT_CSRF_HEADER_NAME = 'X-CSRF-Token'\n\n/**\n * Get the CSRF token from cookies.\n *\n * Reads the CSRF token cookie set by the server.\n *\n * @param cookieName - Name of the CSRF cookie\n * @returns The CSRF token or null if not found\n *\n * @example\n * ```typescript\n * import { getCsrfToken } from '@cloudwerk/security/client'\n *\n * const token = getCsrfToken()\n * if (token) {\n * // Include token in your request\n * fetch('/api/users', {\n * method: 'POST',\n * headers: {\n * 'X-CSRF-Token': token,\n * },\n * body: JSON.stringify(data),\n * })\n * }\n * ```\n */\nexport function getCsrfToken(cookieName: string = DEFAULT_CSRF_COOKIE_NAME): string | null {\n if (typeof document === 'undefined') {\n return null\n }\n\n const cookies = document.cookie.split(';')\n for (const cookie of cookies) {\n const [name, ...valueParts] = cookie.split('=')\n if (name?.trim() === cookieName) {\n const value = valueParts.join('=').trim()\n // Handle URL-encoded cookie values\n try {\n return decodeURIComponent(value)\n } catch {\n return value\n }\n }\n }\n\n return null\n}\n\n/**\n * Add CSRF token to a headers object.\n *\n * Creates a new Headers object with the CSRF token added.\n *\n * @param headers - Existing headers to extend (optional)\n * @param options - Configuration options\n * @returns Headers object with CSRF token added\n *\n * @example\n * ```typescript\n * import { withCsrfToken } from '@cloudwerk/security/client'\n *\n * const headers = withCsrfToken({\n * 'Content-Type': 'application/json',\n * })\n *\n * fetch('/api/users', {\n * method: 'POST',\n * headers,\n * body: JSON.stringify(data),\n * })\n * ```\n */\nexport function withCsrfToken(\n headers?: HeadersInit,\n options: {\n cookieName?: string\n headerName?: string\n } = {}\n): Headers {\n const {\n cookieName = DEFAULT_CSRF_COOKIE_NAME,\n headerName = DEFAULT_CSRF_HEADER_NAME,\n } = options\n\n const newHeaders = new Headers(headers)\n\n const token = getCsrfToken(cookieName)\n if (token) {\n newHeaders.set(headerName, token)\n }\n\n return newHeaders\n}\n\n/**\n * Create a hidden input element with the CSRF token.\n *\n * Useful for including CSRF tokens in traditional form submissions.\n *\n * @param fieldName - Name of the form field\n * @param cookieName - Name of the CSRF cookie\n * @returns HTML input element string or empty string if no token\n *\n * @example\n * ```typescript\n * import { csrfInput } from '@cloudwerk/security/client'\n *\n * // In your form template\n * const formHtml = `\n * <form method=\"POST\" action=\"/submit\">\n * ${csrfInput()}\n * <input type=\"text\" name=\"email\" />\n * <button type=\"submit\">Submit</button>\n * </form>\n * `\n * ```\n */\nexport function csrfInput(\n fieldName: string = 'csrf_token',\n cookieName: string = DEFAULT_CSRF_COOKIE_NAME\n): string {\n const token = getCsrfToken(cookieName)\n if (!token) {\n return ''\n }\n\n // Escape HTML entities in token\n const escapedToken = token\n .replace(/&/g, '&')\n .replace(/\"/g, '"')\n .replace(/</g, '<')\n .replace(/>/g, '>')\n\n return `<input type=\"hidden\" name=\"${fieldName}\" value=\"${escapedToken}\" />`\n}\n","/**\n * @cloudwerk/security - Secure Fetch Wrapper\n *\n * A fetch wrapper that automatically includes CSRF tokens and\n * X-Requested-With headers for secure AJAX requests.\n */\n\nimport type { SecureFetchOptions } from '../types.js'\nimport { getCsrfToken } from './csrf.js'\n\n/** Global configuration for secure fetch */\nlet globalConfig: SecureFetchOptions = {}\n\n/**\n * Configure secure fetch defaults.\n *\n * Set global configuration options that apply to all secureFetch calls.\n *\n * @param options - Configuration options\n *\n * @example\n * ```typescript\n * import { configureSecureFetch } from '@cloudwerk/security/client'\n *\n * // Set up once at app initialization\n * configureSecureFetch({\n * baseUrl: '/api',\n * credentials: 'include',\n * })\n * ```\n */\nexport function configureSecureFetch(options: SecureFetchOptions): void {\n globalConfig = { ...globalConfig, ...options }\n}\n\n/**\n * Reset secure fetch configuration to defaults.\n */\nexport function resetSecureFetch(): void {\n globalConfig = {}\n}\n\n/**\n * HTTP methods that require CSRF protection.\n */\nconst MUTATION_METHODS = ['POST', 'PUT', 'PATCH', 'DELETE']\n\n/**\n * A secure fetch wrapper that automatically adds CSRF tokens and\n * X-Requested-With headers.\n *\n * This wrapper:\n * - Adds X-CSRF-Token header from the CSRF cookie\n * - Adds X-Requested-With: XMLHttpRequest header (forces CORS preflight)\n * - Sets credentials to 'same-origin' by default\n *\n * @param input - URL or Request object\n * @param init - Fetch options\n * @returns Promise resolving to Response\n *\n * @example\n * ```typescript\n * import { secureFetch } from '@cloudwerk/security/client'\n *\n * // POST request with automatic security headers\n * const response = await secureFetch('/api/users', {\n * method: 'POST',\n * headers: { 'Content-Type': 'application/json' },\n * body: JSON.stringify({ name: 'Alice' }),\n * })\n * ```\n *\n * @example\n * ```typescript\n * // Works with FormData too\n * const formData = new FormData()\n * formData.append('file', fileInput.files[0])\n *\n * const response = await secureFetch('/api/upload', {\n * method: 'POST',\n * body: formData,\n * })\n * ```\n *\n * @example\n * ```typescript\n * // DELETE request\n * const response = await secureFetch(`/api/users/${userId}`, {\n * method: 'DELETE',\n * })\n * ```\n */\nexport async function secureFetch(\n input: RequestInfo | URL,\n init?: RequestInit\n): Promise<Response> {\n const config = globalConfig\n\n // Resolve URL\n let url: string\n if (input instanceof URL) {\n url = input.toString()\n } else if (typeof input === 'string') {\n // Prepend base URL if configured and URL is relative\n if (config.baseUrl && !input.startsWith('http://') && !input.startsWith('https://')) {\n url = `${config.baseUrl.replace(/\\/$/, '')}/${input.replace(/^\\//, '')}`\n } else {\n url = input\n }\n } else {\n url = input.url\n }\n\n // Determine method\n const method = (init?.method ?? 'GET').toUpperCase()\n\n // Build headers\n const headers = new Headers(init?.headers)\n\n // Add CSRF token for mutation methods\n if (MUTATION_METHODS.includes(method)) {\n const csrfCookieName = config.csrfCookieName ?? 'cloudwerk.csrf-token'\n const csrfHeaderName = config.csrfHeaderName ?? 'X-CSRF-Token'\n\n const csrfToken = getCsrfToken(csrfCookieName)\n if (csrfToken && !headers.has(csrfHeaderName)) {\n headers.set(csrfHeaderName, csrfToken)\n }\n\n // Add X-Requested-With header\n const requestedWithValue = config.requestedWithValue ?? 'XMLHttpRequest'\n if (!headers.has('X-Requested-With')) {\n headers.set('X-Requested-With', requestedWithValue)\n }\n }\n\n // Build fetch options\n const fetchOptions: RequestInit = {\n ...init,\n headers,\n credentials: init?.credentials ?? config.credentials ?? 'same-origin',\n }\n\n return fetch(url, fetchOptions)\n}\n\n/**\n * Convenience method for GET requests.\n *\n * @param url - URL to fetch\n * @param init - Additional fetch options\n * @returns Promise resolving to Response\n */\nexport function secureGet(\n url: string,\n init?: Omit<RequestInit, 'method'>\n): Promise<Response> {\n return secureFetch(url, { ...init, method: 'GET' })\n}\n\n/**\n * Convenience method for POST requests.\n *\n * @param url - URL to fetch\n * @param body - Request body\n * @param init - Additional fetch options\n * @returns Promise resolving to Response\n */\nexport function securePost(\n url: string,\n body?: BodyInit | Record<string, unknown> | null,\n init?: Omit<RequestInit, 'method' | 'body'>\n): Promise<Response> {\n let finalBody: BodyInit | null | undefined\n const headers = new Headers(init?.headers)\n\n // Auto-stringify objects and set Content-Type\n if (body && typeof body === 'object' && !(body instanceof FormData) &&\n !(body instanceof URLSearchParams) && !(body instanceof Blob) &&\n !(body instanceof ArrayBuffer) && !(body instanceof ReadableStream)) {\n finalBody = JSON.stringify(body)\n if (!headers.has('Content-Type')) {\n headers.set('Content-Type', 'application/json')\n }\n } else {\n finalBody = body as BodyInit | null | undefined\n }\n\n return secureFetch(url, { ...init, method: 'POST', body: finalBody, headers })\n}\n\n/**\n * Convenience method for PUT requests.\n *\n * @param url - URL to fetch\n * @param body - Request body\n * @param init - Additional fetch options\n * @returns Promise resolving to Response\n */\nexport function securePut(\n url: string,\n body?: BodyInit | Record<string, unknown> | null,\n init?: Omit<RequestInit, 'method' | 'body'>\n): Promise<Response> {\n let finalBody: BodyInit | null | undefined\n const headers = new Headers(init?.headers)\n\n if (body && typeof body === 'object' && !(body instanceof FormData) &&\n !(body instanceof URLSearchParams) && !(body instanceof Blob) &&\n !(body instanceof ArrayBuffer) && !(body instanceof ReadableStream)) {\n finalBody = JSON.stringify(body)\n if (!headers.has('Content-Type')) {\n headers.set('Content-Type', 'application/json')\n }\n } else {\n finalBody = body as BodyInit | null | undefined\n }\n\n return secureFetch(url, { ...init, method: 'PUT', body: finalBody, headers })\n}\n\n/**\n * Convenience method for PATCH requests.\n *\n * @param url - URL to fetch\n * @param body - Request body\n * @param init - Additional fetch options\n * @returns Promise resolving to Response\n */\nexport function securePatch(\n url: string,\n body?: BodyInit | Record<string, unknown> | null,\n init?: Omit<RequestInit, 'method' | 'body'>\n): Promise<Response> {\n let finalBody: BodyInit | null | undefined\n const headers = new Headers(init?.headers)\n\n if (body && typeof body === 'object' && !(body instanceof FormData) &&\n !(body instanceof URLSearchParams) && !(body instanceof Blob) &&\n !(body instanceof ArrayBuffer) && !(body instanceof ReadableStream)) {\n finalBody = JSON.stringify(body)\n if (!headers.has('Content-Type')) {\n headers.set('Content-Type', 'application/json')\n }\n } else {\n finalBody = body as BodyInit | null | undefined\n }\n\n return secureFetch(url, { ...init, method: 'PATCH', body: finalBody, headers })\n}\n\n/**\n * Convenience method for DELETE requests.\n *\n * @param url - URL to fetch\n * @param init - Additional fetch options\n * @returns Promise resolving to Response\n */\nexport function secureDelete(\n url: string,\n init?: Omit<RequestInit, 'method'>\n): Promise<Response> {\n return secureFetch(url, { ...init, method: 'DELETE' })\n}\n"],"mappings":";AAOA,IAAM,2BAA2B;AAGjC,IAAM,2BAA2B;AA2B1B,SAAS,aAAa,aAAqB,0BAAyC;AACzF,MAAI,OAAO,aAAa,aAAa;AACnC,WAAO;AAAA,EACT;AAEA,QAAM,UAAU,SAAS,OAAO,MAAM,GAAG;AACzC,aAAW,UAAU,SAAS;AAC5B,UAAM,CAAC,MAAM,GAAG,UAAU,IAAI,OAAO,MAAM,GAAG;AAC9C,QAAI,MAAM,KAAK,MAAM,YAAY;AAC/B,YAAM,QAAQ,WAAW,KAAK,GAAG,EAAE,KAAK;AAExC,UAAI;AACF,eAAO,mBAAmB,KAAK;AAAA,MACjC,QAAQ;AACN,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AA0BO,SAAS,cACd,SACA,UAGI,CAAC,GACI;AACT,QAAM;AAAA,IACJ,aAAa;AAAA,IACb,aAAa;AAAA,EACf,IAAI;AAEJ,QAAM,aAAa,IAAI,QAAQ,OAAO;AAEtC,QAAM,QAAQ,aAAa,UAAU;AACrC,MAAI,OAAO;AACT,eAAW,IAAI,YAAY,KAAK;AAAA,EAClC;AAEA,SAAO;AACT;AAyBO,SAAS,UACd,YAAoB,cACpB,aAAqB,0BACb;AACR,QAAM,QAAQ,aAAa,UAAU;AACrC,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAGA,QAAM,eAAe,MAClB,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,QAAQ,EACtB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM;AAEvB,SAAO,8BAA8B,SAAS,YAAY,YAAY;AACxE;;;ACtIA,IAAI,eAAmC,CAAC;AAoBjC,SAAS,qBAAqB,SAAmC;AACtE,iBAAe,EAAE,GAAG,cAAc,GAAG,QAAQ;AAC/C;AAKO,SAAS,mBAAyB;AACvC,iBAAe,CAAC;AAClB;AAKA,IAAM,mBAAmB,CAAC,QAAQ,OAAO,SAAS,QAAQ;AA+C1D,eAAsB,YACpB,OACA,MACmB;AACnB,QAAM,SAAS;AAGf,MAAI;AACJ,MAAI,iBAAiB,KAAK;AACxB,UAAM,MAAM,SAAS;AAAA,EACvB,WAAW,OAAO,UAAU,UAAU;AAEpC,QAAI,OAAO,WAAW,CAAC,MAAM,WAAW,SAAS,KAAK,CAAC,MAAM,WAAW,UAAU,GAAG;AACnF,YAAM,GAAG,OAAO,QAAQ,QAAQ,OAAO,EAAE,CAAC,IAAI,MAAM,QAAQ,OAAO,EAAE,CAAC;AAAA,IACxE,OAAO;AACL,YAAM;AAAA,IACR;AAAA,EACF,OAAO;AACL,UAAM,MAAM;AAAA,EACd;AAGA,QAAM,UAAU,MAAM,UAAU,OAAO,YAAY;AAGnD,QAAM,UAAU,IAAI,QAAQ,MAAM,OAAO;AAGzC,MAAI,iBAAiB,SAAS,MAAM,GAAG;AACrC,UAAM,iBAAiB,OAAO,kBAAkB;AAChD,UAAM,iBAAiB,OAAO,kBAAkB;AAEhD,UAAM,YAAY,aAAa,cAAc;AAC7C,QAAI,aAAa,CAAC,QAAQ,IAAI,cAAc,GAAG;AAC7C,cAAQ,IAAI,gBAAgB,SAAS;AAAA,IACvC;AAGA,UAAM,qBAAqB,OAAO,sBAAsB;AACxD,QAAI,CAAC,QAAQ,IAAI,kBAAkB,GAAG;AACpC,cAAQ,IAAI,oBAAoB,kBAAkB;AAAA,IACpD;AAAA,EACF;AAGA,QAAM,eAA4B;AAAA,IAChC,GAAG;AAAA,IACH;AAAA,IACA,aAAa,MAAM,eAAe,OAAO,eAAe;AAAA,EAC1D;AAEA,SAAO,MAAM,KAAK,YAAY;AAChC;AASO,SAAS,UACd,KACA,MACmB;AACnB,SAAO,YAAY,KAAK,EAAE,GAAG,MAAM,QAAQ,MAAM,CAAC;AACpD;AAUO,SAAS,WACd,KACA,MACA,MACmB;AACnB,MAAI;AACJ,QAAM,UAAU,IAAI,QAAQ,MAAM,OAAO;AAGzC,MAAI,QAAQ,OAAO,SAAS,YAAY,EAAE,gBAAgB,aACtD,EAAE,gBAAgB,oBAAoB,EAAE,gBAAgB,SACxD,EAAE,gBAAgB,gBAAgB,EAAE,gBAAgB,iBAAiB;AACvE,gBAAY,KAAK,UAAU,IAAI;AAC/B,QAAI,CAAC,QAAQ,IAAI,cAAc,GAAG;AAChC,cAAQ,IAAI,gBAAgB,kBAAkB;AAAA,IAChD;AAAA,EACF,OAAO;AACL,gBAAY;AAAA,EACd;AAEA,SAAO,YAAY,KAAK,EAAE,GAAG,MAAM,QAAQ,QAAQ,MAAM,WAAW,QAAQ,CAAC;AAC/E;AAUO,SAAS,UACd,KACA,MACA,MACmB;AACnB,MAAI;AACJ,QAAM,UAAU,IAAI,QAAQ,MAAM,OAAO;AAEzC,MAAI,QAAQ,OAAO,SAAS,YAAY,EAAE,gBAAgB,aACtD,EAAE,gBAAgB,oBAAoB,EAAE,gBAAgB,SACxD,EAAE,gBAAgB,gBAAgB,EAAE,gBAAgB,iBAAiB;AACvE,gBAAY,KAAK,UAAU,IAAI;AAC/B,QAAI,CAAC,QAAQ,IAAI,cAAc,GAAG;AAChC,cAAQ,IAAI,gBAAgB,kBAAkB;AAAA,IAChD;AAAA,EACF,OAAO;AACL,gBAAY;AAAA,EACd;AAEA,SAAO,YAAY,KAAK,EAAE,GAAG,MAAM,QAAQ,OAAO,MAAM,WAAW,QAAQ,CAAC;AAC9E;AAUO,SAAS,YACd,KACA,MACA,MACmB;AACnB,MAAI;AACJ,QAAM,UAAU,IAAI,QAAQ,MAAM,OAAO;AAEzC,MAAI,QAAQ,OAAO,SAAS,YAAY,EAAE,gBAAgB,aACtD,EAAE,gBAAgB,oBAAoB,EAAE,gBAAgB,SACxD,EAAE,gBAAgB,gBAAgB,EAAE,gBAAgB,iBAAiB;AACvE,gBAAY,KAAK,UAAU,IAAI;AAC/B,QAAI,CAAC,QAAQ,IAAI,cAAc,GAAG;AAChC,cAAQ,IAAI,gBAAgB,kBAAkB;AAAA,IAChD;AAAA,EACF,OAAO;AACL,gBAAY;AAAA,EACd;AAEA,SAAO,YAAY,KAAK,EAAE,GAAG,MAAM,QAAQ,SAAS,MAAM,WAAW,QAAQ,CAAC;AAChF;AASO,SAAS,aACd,KACA,MACmB;AACnB,SAAO,YAAY,KAAK,EAAE,GAAG,MAAM,QAAQ,SAAS,CAAC;AACvD;","names":[]}