@cored3v/web-core 1.0.0 → 1.0.2

package/README.md

@@ -1 +1,9 @@
-This is a package to protect source code against unauthorised use
+# @cored3v/web-core
+
+A reusable, production-ready **Express.js application core** that provides
+bootstrapping, configuration, authentication, database lifecycle management,
+and **license-based execution enforcement**.
+
+This package is designed to protect source code by teams and consultants against unauthorised use.
+
+The package supports both ESModule and CommonJS imports.

package/dist/{app → cjs/app}/createApp.d.ts

@@ -1,4 +1,4 @@
-import { CreateAppOptions } from "../types";
+import { CreateAppOptions } from "../types.js";
 export declare function createApp(opts: CreateAppOptions): Promise<{
     app: import("express-serve-static-core").Express;
     start: () => Promise<void>;

package/dist/{app → cjs/app}/createApp.js

@@ -39,16 +39,16 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createApp = createApp;
 const express_1 = __importStar(require("express"));
 const http_1 = __importDefault(require("http"));
-const config_1 = require("../config");
-const verify_1 = require("../license/verify");
-const security_1 = require("./security");
-const db_1 = require("../db");
-const jwt_1 = require("../auth/jwt");
+const index_js_1 = require("../config/index.js");
+const verify_js_1 = require("../license/verify.js");
+const security_js_1 = require("./security.js");
+const index_js_2 = require("../db/index.js");
+const jwt_js_1 = require("../auth/jwt.js");
 async function createApp(opts) {
     // 1) CONFIG
-    const config = (0, config_1.loadConfig)();
+    const config = (0, index_js_1.loadConfig)();
     // 2) LICENSE GATE
-    await (0, verify_1.verifyLicense)({
+    await (0, verify_js_1.verifyLicense)({
         appId: opts.appId,
         licensePath: config.get("LICENSE_PATH", "./license.json"),
     });
@@ -59,13 +59,13 @@ async function createApp(opts) {
     if (opts.http?.trustProxy)
         app.set("trust proxy", true);
     // 4) CORE MIDDLEWARE
-    (0, security_1.applySecurity)(app);
+    (0, security_js_1.applySecurity)(app);
     app.use(express_1.default.json());
     app.use(express_1.default.urlencoded({ extended: false }));
     // 5) DB (non-optional if declared)
-    const db = await (0, db_1.initDb)(opts.db);
+    const db = await (0, index_js_2.initDb)(opts.db);
     // 6) AUTH
-    const auth = (0, jwt_1.initJwtAuth)(config);
+    const auth = (0, jwt_js_1.initJwtAuth)(config);
     // 7) ROUTES
     if (opts.routes) {
         opts.routes({ app, router, db, auth, config });

package/dist/{auth → cjs/auth}/jwt.d.ts

@@ -1,4 +1,4 @@
-import { Config } from "../types";
+import { Config } from "../types.js";
 export declare function initJwtAuth(config: Config): {
     middleware(): (req: any, _res: any, next: any) => any;
 };

package/dist/{config → cjs/config}/index.d.ts

@@ -1,2 +1,2 @@
-import { Config } from "../types";
+import { Config } from "../types.js";
 export declare function loadConfig(): Config;

package/dist/{config → cjs/config}/index.js

@@ -8,6 +8,6 @@ function loadConfig() {
             if (val === undefined)
                 return fallback;
             return val;
-        }
+        },
     };
 }

package/dist/{db → cjs/db}/index.js

@@ -1,14 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.initDb = initDb;
-const postgres_1 = require("./postgres");
+const postgres_js_1 = require("./postgres.js");
 async function initDb(opts) {
     if (!opts)
         return null;
     if (opts.type === "postgres") {
         if (!opts.uri)
             throw new Error("Postgres URI required");
-        return (0, postgres_1.initPostgres)(opts.uri);
+        return (0, postgres_js_1.initPostgres)(opts.uri);
     }
     throw new Error("Unsupported DB");
 }

package/dist/cjs/index.d.mts

@@ -0,0 +1,2 @@
+export { createApp } from "./app/createApp.js";
+export * from "./types.js";

package/dist/cjs/index.mjs

@@ -0,0 +1,3 @@
+"use strict";
+export { createApp } from "./app/createApp.js";
+export * from "./types.js";

package/dist/{license → cjs/license}/crypto.js

@@ -7,7 +7,13 @@ exports.verifySignature = verifySignature;
 const crypto_1 = __importDefault(require("crypto"));
 const PUBLIC_KEY = `
 -----BEGIN PUBLIC KEY-----
-REPLACE WITH YOUR RSA PUBLIC KEY
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsU0BSgfcYaHOuWuNRQEw
+t3HyMf+UY+RAVGf0bDmdXIyp5fPol5K86jol45lIaxdbkMpPqODmr/lU0dDBOIwy
+wlhbAQb0nLsIMQf3M6lNw6OtI0EnlZd2xhfisfu1XH9UBbn7Q6W2+i22rZhKC3yY
+8E7Dntgl7IkItjEFFpnbA4tCY6yTGhGfAx/4O977Vw2ET6m5SVcFVlKs0OxekRc0
+7rcgCTwSjHPkMumVc7zv+rfZPkhULN76ju26gcuR19xd+gNq3qLGgJ9hcDITmuwP
+FE212I94elpNRNbrX7MUqVX3o7trE5CqxH42NuGP20edSWcKqpvqLFPSnlsSvhUp
+MQIDAQAB
 -----END PUBLIC KEY-----
 `;
 function verifySignature(payload, signature) {

package/dist/{license → cjs/license}/verify.js

@@ -5,7 +5,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.verifyLicense = verifyLicense;
 const fs_1 = __importDefault(require("fs"));
-const crypto_1 = require("./crypto");
+const crypto_js_1 = require("./crypto.js");
 async function verifyLicense(opts) {
     if (!fs_1.default.existsSync(opts.licensePath)) {
         throw new Error("License file not found");
@@ -18,7 +18,7 @@ async function verifyLicense(opts) {
     if (new Date(raw.expiresAt) < new Date()) {
         throw new Error("License expired");
     }
-    if (!(0, crypto_1.verifySignature)(payload, signature)) {
+    if (!(0, crypto_js_1.verifySignature)(payload, signature)) {
         throw new Error("Invalid license signature");
     }
 }

package/dist/cjs/package.json

@@ -0,0 +1 @@
+{"type": "commonjs"}

package/dist/esm/app/createApp.d.ts

@@ -0,0 +1,6 @@
+import { CreateAppOptions } from "../types.js";
+export declare function createApp(opts: CreateAppOptions): Promise<{
+    app: import("express-serve-static-core").Express;
+    start: () => Promise<void>;
+    shutdown: () => Promise<void>;
+}>;

package/dist/esm/app/createApp.js

@@ -0,0 +1,52 @@
+import express, { Router } from "express";
+import http from "http";
+import { loadConfig } from "../config/index.js";
+import { verifyLicense } from "../license/verify.js";
+import { applySecurity } from "./security.js";
+import { initDb } from "../db/index.js";
+import { initJwtAuth } from "../auth/jwt.js";
+export async function createApp(opts) {
+    // 1) CONFIG
+    const config = loadConfig();
+    // 2) LICENSE GATE
+    await verifyLicense({
+        appId: opts.appId,
+        licensePath: config.get("LICENSE_PATH", "./license.json"),
+    });
+    // 3) EXPRESS INIT
+    const app = express();
+    const server = http.createServer(app);
+    const router = Router();
+    if (opts.http?.trustProxy)
+        app.set("trust proxy", true);
+    // 4) CORE MIDDLEWARE
+    applySecurity(app);
+    app.use(express.json());
+    app.use(express.urlencoded({ extended: false }));
+    // 5) DB (non-optional if declared)
+    const db = await initDb(opts.db);
+    // 6) AUTH
+    const auth = initJwtAuth(config);
+    // 7) ROUTES
+    if (opts.routes) {
+        opts.routes({ app, router, db, auth, config });
+    }
+    app.use(router);
+    // 8) ERROR HANDLER
+    app.use((err, _req, res, _next) => {
+        console.error(err);
+        res.status(500).json({ error: "Internal Server Error from web-core" });
+    });
+    // 9) LIFE CYCLE
+    async function start() {
+        const port = opts.http?.port ?? config.get("PORT", 3000);
+        await new Promise((resolve) => server.listen(port, resolve));
+        console.log(`[web-core] listening on ${port}`);
+    }
+    async function shutdown() {
+        if (db?.close)
+            await db.close();
+        server.close();
+    }
+    return { app, start, shutdown };
+}

package/dist/esm/app/security.d.ts

@@ -0,0 +1,2 @@
+import { Express } from "express";
+export declare function applySecurity(app: Express): void;

package/dist/esm/app/security.js

@@ -0,0 +1,6 @@
+import helmet from "helmet";
+import cors from "cors";
+export function applySecurity(app) {
+    app.use(helmet());
+    app.use(cors());
+}

package/dist/esm/auth/jwt.d.ts

@@ -0,0 +1,4 @@
+import { Config } from "../types.js";
+export declare function initJwtAuth(config: Config): {
+    middleware(): (req: any, _res: any, next: any) => any;
+};

package/dist/esm/auth/jwt.js

@@ -0,0 +1,21 @@
+import jwt from "jsonwebtoken";
+export function initJwtAuth(config) {
+    const secret = config.get("JWT_SECRET");
+    if (!secret)
+        throw new Error("JWT_SECRET missing");
+    return {
+        middleware() {
+            return (req, _res, next) => {
+                const h = req.headers.authorization;
+                if (!h)
+                    return next();
+                try {
+                    const token = h.replace("Bearer ", "");
+                    req.user = jwt.verify(token, secret);
+                }
+                catch { }
+                next();
+            };
+        },
+    };
+}

package/dist/esm/config/index.d.ts

@@ -0,0 +1,2 @@
+import { Config } from "../types.js";
+export declare function loadConfig(): Config;

package/dist/esm/config/index.js

@@ -0,0 +1,10 @@
+export function loadConfig() {
+    return {
+        get(key, fallback) {
+            const val = process.env[key];
+            if (val === undefined)
+                return fallback;
+            return val;
+        },
+    };
+}

package/dist/esm/db/index.d.ts

@@ -0,0 +1,15 @@
+export declare function initDb(opts?: {
+    type: "postgres";
+    uri?: string;
+}): Promise<{
+    query: {
+        <T extends import("pg").Submittable>(queryStream: T): T;
+        <R extends any[] = any[], I = any[]>(queryConfig: import("pg").QueryArrayConfig<I>, values?: import("pg").QueryConfigValues<I>): Promise<import("pg").QueryArrayResult<R>>;
+        <R extends import("pg").QueryResultRow = any, I = any>(queryConfig: import("pg").QueryConfig<I>): Promise<import("pg").QueryResult<R>>;
+        <R extends import("pg").QueryResultRow = any, I = any[]>(queryTextOrConfig: string | import("pg").QueryConfig<I>, values?: import("pg").QueryConfigValues<I>): Promise<import("pg").QueryResult<R>>;
+        <R extends any[] = any[], I = any[]>(queryConfig: import("pg").QueryArrayConfig<I>, callback: (err: Error, result: import("pg").QueryArrayResult<R>) => void): void;
+        <R extends import("pg").QueryResultRow = any, I = any[]>(queryTextOrConfig: string | import("pg").QueryConfig<I>, callback: (err: Error, result: import("pg").QueryResult<R>) => void): void;
+        <R extends import("pg").QueryResultRow = any, I = any[]>(queryText: string, values: import("pg").QueryConfigValues<I>, callback: (err: Error, result: import("pg").QueryResult<R>) => void): void;
+    };
+    close: () => Promise<void>;
+} | null>;

package/dist/esm/db/index.js

@@ -0,0 +1,11 @@
+import { initPostgres } from "./postgres.js";
+export async function initDb(opts) {
+    if (!opts)
+        return null;
+    if (opts.type === "postgres") {
+        if (!opts.uri)
+            throw new Error("Postgres URI required");
+        return initPostgres(opts.uri);
+    }
+    throw new Error("Unsupported DB");
+}

package/dist/esm/db/postgres.d.ts

@@ -0,0 +1,12 @@
+export declare function initPostgres(uri: string): Promise<{
+    query: {
+        <T extends import("pg").Submittable>(queryStream: T): T;
+        <R extends any[] = any[], I = any[]>(queryConfig: import("pg").QueryArrayConfig<I>, values?: import("pg").QueryConfigValues<I>): Promise<import("pg").QueryArrayResult<R>>;
+        <R extends import("pg").QueryResultRow = any, I = any>(queryConfig: import("pg").QueryConfig<I>): Promise<import("pg").QueryResult<R>>;
+        <R extends import("pg").QueryResultRow = any, I = any[]>(queryTextOrConfig: string | import("pg").QueryConfig<I>, values?: import("pg").QueryConfigValues<I>): Promise<import("pg").QueryResult<R>>;
+        <R extends any[] = any[], I = any[]>(queryConfig: import("pg").QueryArrayConfig<I>, callback: (err: Error, result: import("pg").QueryArrayResult<R>) => void): void;
+        <R extends import("pg").QueryResultRow = any, I = any[]>(queryTextOrConfig: string | import("pg").QueryConfig<I>, callback: (err: Error, result: import("pg").QueryResult<R>) => void): void;
+        <R extends import("pg").QueryResultRow = any, I = any[]>(queryText: string, values: import("pg").QueryConfigValues<I>, callback: (err: Error, result: import("pg").QueryResult<R>) => void): void;
+    };
+    close: () => Promise<void>;
+}>;

package/dist/esm/db/postgres.js

@@ -0,0 +1,9 @@
+import { Client } from "pg";
+export async function initPostgres(uri) {
+    const client = new Client({ connectionString: uri });
+    await client.connect();
+    return {
+        query: client.query.bind(client),
+        close: () => client.end(),
+    };
+}

package/dist/esm/index.cjs

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createApp = void 0;
+var createApp_1 = require("./app/createApp");
+Object.defineProperty(exports, "createApp", { enumerable: true, get: function () { return createApp_1.createApp; } });
+__exportStar(require("./types"), exports);

package/dist/esm/index.d.cts

@@ -0,0 +1,2 @@
+export { createApp } from "./app/createApp";
+export * from "./types";

package/dist/esm/index.d.mts

@@ -0,0 +1,2 @@
+export { createApp } from "./app/createApp.js";
+export * from "./types.js";

package/dist/esm/index.mjs

@@ -0,0 +1,2 @@
+export { createApp } from "./app/createApp.js";
+export * from "./types.js";

package/dist/esm/license/crypto.d.ts

@@ -0,0 +1 @@
+export declare function verifySignature(payload: object, signature: string): boolean;

package/dist/esm/license/crypto.js

@@ -0,0 +1,18 @@
+import crypto from "crypto";
+const PUBLIC_KEY = `
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsU0BSgfcYaHOuWuNRQEw
+t3HyMf+UY+RAVGf0bDmdXIyp5fPol5K86jol45lIaxdbkMpPqODmr/lU0dDBOIwy
+wlhbAQb0nLsIMQf3M6lNw6OtI0EnlZd2xhfisfu1XH9UBbn7Q6W2+i22rZhKC3yY
+8E7Dntgl7IkItjEFFpnbA4tCY6yTGhGfAx/4O977Vw2ET6m5SVcFVlKs0OxekRc0
+7rcgCTwSjHPkMumVc7zv+rfZPkhULN76ju26gcuR19xd+gNq3qLGgJ9hcDITmuwP
+FE212I94elpNRNbrX7MUqVX3o7trE5CqxH42NuGP20edSWcKqpvqLFPSnlsSvhUp
+MQIDAQAB
+-----END PUBLIC KEY-----
+`;
+export function verifySignature(payload, signature) {
+    const verify = crypto.createVerify("RSA-SHA256");
+    verify.update(JSON.stringify(payload));
+    verify.end();
+    return verify.verify(PUBLIC_KEY, Buffer.from(signature, "base64"));
+}

package/dist/esm/license/types.d.ts

@@ -0,0 +1,7 @@
+export interface License {
+    licenseId: string;
+    appId: string;
+    issuedTo: string;
+    expiresAt: string;
+    signature: string;
+}

package/dist/esm/license/types.js

@@ -0,0 +1 @@
+export {};

package/dist/esm/license/verify.d.ts

@@ -0,0 +1,4 @@
+export declare function verifyLicense(opts: {
+    appId: string;
+    licensePath: string;
+}): Promise<void>;

package/dist/esm/license/verify.js

@@ -0,0 +1,18 @@
+import fs from "fs";
+import { verifySignature } from "./crypto.js";
+export async function verifyLicense(opts) {
+    if (!fs.existsSync(opts.licensePath)) {
+        throw new Error("License file not found");
+    }
+    const raw = JSON.parse(fs.readFileSync(opts.licensePath, "utf8"));
+    const { signature, ...payload } = raw;
+    if (raw.appId !== opts.appId) {
+        throw new Error("License appId mismatch");
+    }
+    if (new Date(raw.expiresAt) < new Date()) {
+        throw new Error("License expired");
+    }
+    if (!verifySignature(payload, signature)) {
+        throw new Error("Invalid license signature");
+    }
+}

package/dist/esm/types.d.ts

@@ -0,0 +1,28 @@
+import { Express, Router } from "express";
+export interface CreateAppOptions {
+    appId: string;
+    http?: {
+        port?: number;
+        trustProxy?: boolean;
+    };
+    db?: {
+        type: "postgres";
+        uri?: string;
+    };
+    auth?: {
+        provider: "jwt";
+    };
+    routes?: (ctx: AppContext) => void;
+}
+export interface AppContext {
+    app: Express;
+    router: Router;
+    db: any;
+    auth: {
+        middleware(): any;
+    };
+    config: Config;
+}
+export interface Config {
+    get<T = any>(key: string, fallback?: T): T;
+}

package/dist/esm/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,14 +1,24 @@
 {
   "name": "@cored3v/web-core",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "Reusable licensed Express core for web applications",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
+  "type": "module",
+  "main": "./dist/cjs/index.cjs",
+  "module": "./dist/esm/index.mjs",
+  "types": "./dist/esm/index.esm.d.ts",
   "files": [
     "dist"
   ],
+  "exports": {
+    ".": {
+      "import": "./dist/esm/index.mjs",
+      "require": "./dist/cjs/index.cjs"
+    }
+  },
   "scripts": {
-    "build": "tsc",
+    "build:esm": "tsc -p tsconfig.esm.json",
+    "build:cjs": "tsc -p tsconfig.cjs.json && echo '{\"type\": \"commonjs\"}' > dist/cjs/package.json",
+    "build": "npm run build:esm && npm run build:cjs",
     "prepublishOnly": "npm run build"
   },
   "dependencies": {
@@ -24,6 +34,9 @@
     "@types/jsonwebtoken": "^9.0.6",
     "@types/node": "^20.11.0",
     "@types/pg": "^8.16.0",
-    "typescript": "^5.4.0"
+    "pg-protocol": "^1.10.3",
+    "pg-types": "^4.1.0",
+    "typescript": "^5.4.0",
+    "undici-types": "^7.18.2"
   }
-}
+}