@cored3v/web-core 1.0.1 → 1.0.3

package/README.md

@@ -1,7 +1,107 @@
 # @cored3v/web-core
 
-A reusable, production-ready **Express.js application core** that provides
-bootstrapping, configuration, authentication, database lifecycle management,
-and **license-based execution enforcement**.
+A generic, production-ready application core for Node.js, designed to provide reusable **bootstrapping, configuration, authentication, and license-based execution enforcement** across multiple frameworks.
 
-This package is designed to protect source code by teams and consultants against unauthorised use.
+It supports **Express.js**, **Next.js**, **Nuxt (H3)**, and generic Node.js environments.
+
+## Features
+
+- **License Enforcement**: Protect your source code by enforcing valid license keys.
+- **JWT Authentication**: Built-in JWT verification helper and middleware.
+- **Database Management**: Automatic Postgres connection pooling and lifecycle management.
+- **Security Defaults**: Pre-configured Helmet and CORS for Express.
+- **Multi-Framework**: First-class adapters for Express, Next.js, and H3.
+
+## Installation
+
+```bash
+npm install @cored3v/web-core
+# or
+yarn add @cored3v/web-core
+```
+
+## Usage
+
+### Next.js (App Router & Middleware)
+
+Use `createNextApp` to integrate core services.
+
+**`src/lib/core.ts`**
+```typescript
+import { createNextApp } from "@cored3v/web-core";
+
+// Initialize once (singleton pattern recommended)
+export const core = await createNextApp({
+  appId: "my-next-app"
+});
+```
+
+**`src/app/api/hello/route.ts`**
+```typescript
+import { core } from "@/lib/core";
+import { NextResponse } from "next/server";
+
+export async function GET(request: Request) {
+  // Verify Session
+  const user = await core.verifySession(request);
+  if (!user) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  return NextResponse.json({ message: "Hello World", user });
+}
+```
+
+### Express.js
+
+Use `createApp` to bootstrap a full Express server.
+
+```typescript
+import { createApp } from "@cored3v/web-core";
+
+await createApp({
+  appId: "my-express-app",
+  http: { port: 3000 },
+  routes: ({ app, router, auth, db }) => {
+    
+    // Protected Route
+    router.get("/secure", auth.middleware(), (req, res) => {
+      res.json({ message: "Secure Data", user: req.user });
+    });
+
+  }
+}).then(({ start }) => start());
+```
+
+### Nuxt / H3 / Nitro
+
+Use `createH3App` for H3-based servers.
+
+```typescript
+import { createH3App } from "@cored3v/web-core";
+
+const core = await createH3App({ appId: "my-nuxt-app" });
+
+export default eventHandler(async (event) => {
+  const user = await core.verifySession(event);
+  if (!user) {
+    throw createError({ statusCode: 401, statusMessage: "Unauthorized" });
+  }
+  return { message: "Success", user };
+});
+```
+
+## Configuration
+
+The library uses `dotenv` to load configuration. Ensure you have a `.env` file or environment variables set.
+
+| Variable | Description | Required | Default |
+|----------|-------------|----------|---------|
+| `LICENSE_PATH` | Path to the `license.json` file | No | `./license.json` |
+| `JWT_SECRET` | Secret key for JWT verification | **Yes** | - |
+| `DATABASE_URL` | Postgres Connection String | No | - |
+| `PORT` | Http Port (Express only) | No | `3000` |
+
+## License
+
+Private / Proprietary.

package/dist/{app → cjs/app}/createApp.d.ts

@@ -1,4 +1,4 @@
-import { CreateAppOptions } from "../types";
+import { CreateAppOptions } from "../types.js";
 export declare function createApp(opts: CreateAppOptions): Promise<{
     app: import("express-serve-static-core").Express;
     start: () => Promise<void>;

package/dist/{app → cjs/app}/createApp.js

@@ -39,16 +39,16 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createApp = createApp;
 const express_1 = __importStar(require("express"));
 const http_1 = __importDefault(require("http"));
-const config_1 = require("../config");
-const verify_1 = require("../license/verify");
-const security_1 = require("./security");
-const db_1 = require("../db");
-const jwt_1 = require("../auth/jwt");
+const index_js_1 = require("../config/index.js");
+const verify_js_1 = require("../license/verify.js");
+const security_js_1 = require("./security.js");
+const index_js_2 = require("../db/index.js");
+const jwt_js_1 = require("../auth/jwt.js");
 async function createApp(opts) {
     // 1) CONFIG
-    const config = (0, config_1.loadConfig)();
+    const config = (0, index_js_1.loadConfig)();
     // 2) LICENSE GATE
-    await (0, verify_1.verifyLicense)({
+    await (0, verify_js_1.verifyLicense)({
         appId: opts.appId,
         licensePath: config.get("LICENSE_PATH", "./license.json"),
     });
@@ -59,13 +59,13 @@ async function createApp(opts) {
     if (opts.http?.trustProxy)
         app.set("trust proxy", true);
     // 4) CORE MIDDLEWARE
-    (0, security_1.applySecurity)(app);
+    (0, security_js_1.applySecurity)(app);
     app.use(express_1.default.json());
     app.use(express_1.default.urlencoded({ extended: false }));
     // 5) DB (non-optional if declared)
-    const db = await (0, db_1.initDb)(opts.db);
+    const db = await (0, index_js_2.initDb)(opts.db);
     // 6) AUTH
-    const auth = (0, jwt_1.initJwtAuth)(config);
+    const auth = (0, jwt_js_1.initJwtAuth)(config);
     // 7) ROUTES
     if (opts.routes) {
         opts.routes({ app, router, db, auth, config });

package/dist/cjs/app/security.d.ts

@@ -0,0 +1,11 @@
+import { Express } from "express";
+import cors from "cors";
+export declare const securityConfig: {
+    helmet: (req: import("http").IncomingMessage, res: import("http").ServerResponse, next: (err?: unknown) => void) => void;
+    cors: (req: cors.CorsRequest, res: {
+        statusCode?: number | undefined;
+        setHeader(key: string, value: string): any;
+        end(): any;
+    }, next: (err?: any) => any) => void;
+};
+export declare function applySecurity(app: Express): void;

package/dist/{app → cjs/app}/security.js

@@ -3,10 +3,15 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.securityConfig = void 0;
 exports.applySecurity = applySecurity;
 const helmet_1 = __importDefault(require("helmet"));
 const cors_1 = __importDefault(require("cors"));
+exports.securityConfig = {
+    helmet: (0, helmet_1.default)(),
+    cors: (0, cors_1.default)()
+};
 function applySecurity(app) {
-    app.use((0, helmet_1.default)());
-    app.use((0, cors_1.default)());
+    app.use(exports.securityConfig.helmet);
+    app.use(exports.securityConfig.cors);
 }

package/dist/cjs/auth/jwt.d.ts

@@ -0,0 +1,7 @@
+import jwt from "jsonwebtoken";
+import { Config } from "../types.js";
+export declare function verifyToken(token: string, secret: string): string | jwt.JwtPayload;
+export declare function initJwtAuth(config: Config): {
+    verify(token: string): string | jwt.JwtPayload;
+    middleware(): (req: any, _res: any, next: any) => any;
+};

package/dist/{auth → cjs/auth}/jwt.js

@@ -3,13 +3,20 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyToken = verifyToken;
 exports.initJwtAuth = initJwtAuth;
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+function verifyToken(token, secret) {
+    return jsonwebtoken_1.default.verify(token, secret);
+}
 function initJwtAuth(config) {
     const secret = config.get("JWT_SECRET");
     if (!secret)
         throw new Error("JWT_SECRET missing");
     return {
+        verify(token) {
+            return verifyToken(token, secret);
+        },
         middleware() {
             return (req, _res, next) => {
                 const h = req.headers.authorization;
@@ -17,7 +24,7 @@ function initJwtAuth(config) {
                     return next();
                 try {
                     const token = h.replace("Bearer ", "");
-                    req.user = jsonwebtoken_1.default.verify(token, secret);
+                    req.user = verifyToken(token, secret);
                 }
                 catch { }
                 next();

package/dist/{config → cjs/config}/index.d.ts

@@ -1,2 +1,2 @@
-import { Config } from "../types";
+import { Config } from "../types.js";
 export declare function loadConfig(): Config;

package/dist/{config → cjs/config}/index.js

@@ -8,6 +8,6 @@ function loadConfig() {
             if (val === undefined)
                 return fallback;
             return val;
-        }
+        },
     };
 }

package/dist/{db → cjs/db}/index.js

@@ -1,14 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.initDb = initDb;
-const postgres_1 = require("./postgres");
+const postgres_js_1 = require("./postgres.js");
 async function initDb(opts) {
     if (!opts)
         return null;
     if (opts.type === "postgres") {
         if (!opts.uri)
             throw new Error("Postgres URI required");
-        return (0, postgres_1.initPostgres)(opts.uri);
+        return (0, postgres_js_1.initPostgres)(opts.uri);
     }
     throw new Error("Unsupported DB");
 }

package/dist/cjs/frameworks/h3.d.ts

@@ -0,0 +1,21 @@
+import { CreateFrameworkAppOptions } from "./types.js";
+export declare function createH3App(opts: CreateFrameworkAppOptions): Promise<{
+    db: {
+        query: {
+            <T extends import("pg").Submittable>(queryStream: T): T;
+            <R extends any[] = any[], I = any[]>(queryConfig: import("pg").QueryArrayConfig<I>, values?: import("pg").QueryConfigValues<I>): Promise<import("pg").QueryArrayResult<R>>;
+            <R extends import("pg").QueryResultRow = any, I = any>(queryConfig: import("pg").QueryConfig<I>): Promise<import("pg").QueryResult<R>>;
+            <R extends import("pg").QueryResultRow = any, I = any[]>(queryTextOrConfig: string | import("pg").QueryConfig<I>, values?: import("pg").QueryConfigValues<I>): Promise<import("pg").QueryResult<R>>;
+            <R extends any[] = any[], I = any[]>(queryConfig: import("pg").QueryArrayConfig<I>, callback: (err: Error, result: import("pg").QueryArrayResult<R>) => void): void;
+            <R extends import("pg").QueryResultRow = any, I = any[]>(queryTextOrConfig: string | import("pg").QueryConfig<I>, callback: (err: Error, result: import("pg").QueryResult<R>) => void): void;
+            <R extends import("pg").QueryResultRow = any, I = any[]>(queryText: string, values: import("pg").QueryConfigValues<I>, callback: (err: Error, result: import("pg").QueryResult<R>) => void): void;
+        };
+        close: () => Promise<void>;
+    } | null;
+    auth: {
+        verify(token: string): string | import("jsonwebtoken").JwtPayload;
+        middleware(): (req: any, _res: any, next: any) => any;
+    };
+    config: import("../types.js").Config;
+    verifySession: (event: any) => Promise<string | import("jsonwebtoken").JwtPayload | null>;
+}>;

package/dist/cjs/frameworks/h3.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createH3App = createH3App;
+const index_js_1 = require("../config/index.js");
+const verify_js_1 = require("../license/verify.js");
+const jwt_js_1 = require("../auth/jwt.js");
+const index_js_2 = require("../db/index.js");
+// H3 is often used in Nuxt or Nitro. We don't import h3 directly to avoid hard dependency,
+// but we assume the user passes the event or app instance if needed.
+// For now, we return a setup object similar to Next.js
+async function createH3App(opts) {
+    const config = (0, index_js_1.loadConfig)();
+    // License Check
+    await (0, verify_js_1.verifyLicense)({
+        appId: opts.appId,
+        licensePath: config.get("LICENSE_PATH", "./license.json"),
+    });
+    const db = await (0, index_js_2.initDb)({ type: "postgres" });
+    const auth = (0, jwt_js_1.initJwtAuth)(config);
+    return {
+        db,
+        auth,
+        config,
+        verifySession: async (event) => {
+            // H3 event structure abstraction
+            const h = event.node?.req?.headers?.authorization || event.headers?.get("authorization");
+            if (!h)
+                return null;
+            try {
+                const token = h.replace("Bearer ", "");
+                return auth.verify(token);
+            }
+            catch {
+                return null;
+            }
+        }
+    };
+}

package/dist/cjs/frameworks/next.d.ts

@@ -0,0 +1,21 @@
+import { CreateFrameworkAppOptions } from "./types.js";
+export declare function createNextApp(opts: CreateFrameworkAppOptions): Promise<{
+    db: {
+        query: {
+            <T extends import("pg").Submittable>(queryStream: T): T;
+            <R extends any[] = any[], I = any[]>(queryConfig: import("pg").QueryArrayConfig<I>, values?: import("pg").QueryConfigValues<I>): Promise<import("pg").QueryArrayResult<R>>;
+            <R extends import("pg").QueryResultRow = any, I = any>(queryConfig: import("pg").QueryConfig<I>): Promise<import("pg").QueryResult<R>>;
+            <R extends import("pg").QueryResultRow = any, I = any[]>(queryTextOrConfig: string | import("pg").QueryConfig<I>, values?: import("pg").QueryConfigValues<I>): Promise<import("pg").QueryResult<R>>;
+            <R extends any[] = any[], I = any[]>(queryConfig: import("pg").QueryArrayConfig<I>, callback: (err: Error, result: import("pg").QueryArrayResult<R>) => void): void;
+            <R extends import("pg").QueryResultRow = any, I = any[]>(queryTextOrConfig: string | import("pg").QueryConfig<I>, callback: (err: Error, result: import("pg").QueryResult<R>) => void): void;
+            <R extends import("pg").QueryResultRow = any, I = any[]>(queryText: string, values: import("pg").QueryConfigValues<I>, callback: (err: Error, result: import("pg").QueryResult<R>) => void): void;
+        };
+        close: () => Promise<void>;
+    } | null;
+    auth: {
+        verify(token: string): string | import("jsonwebtoken").JwtPayload;
+        middleware(): (req: any, _res: any, next: any) => any;
+    };
+    config: import("../types.js").Config;
+    verifySession: (req: Request) => Promise<string | import("jsonwebtoken").JwtPayload | null>;
+}>;

package/dist/cjs/frameworks/next.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createNextApp = createNextApp;
+const index_js_1 = require("../config/index.js");
+const verify_js_1 = require("../license/verify.js");
+const jwt_js_1 = require("../auth/jwt.js");
+const index_js_2 = require("../db/index.js");
+async function createNextApp(opts) {
+    const config = (0, index_js_1.loadConfig)();
+    // License Check
+    await (0, verify_js_1.verifyLicense)({
+        appId: opts.appId,
+        licensePath: config.get("LICENSE_PATH", "./license.json"),
+    });
+    const db = await (0, index_js_2.initDb)({ type: "postgres" }); // Defaulting to existing DB logic
+    const auth = (0, jwt_js_1.initJwtAuth)(config);
+    return {
+        db,
+        auth,
+        config,
+        verifySession: async (req) => {
+            const h = req.headers.get("authorization");
+            if (!h)
+                return null;
+            try {
+                const token = h.replace("Bearer ", "");
+                return auth.verify(token);
+            }
+            catch {
+                return null;
+            }
+        }
+    };
+}

package/dist/cjs/frameworks/types.d.ts

@@ -0,0 +1,24 @@
+import { Config } from "../types.js";
+export interface WebCoreRequest {
+    headers: Record<string, string | string[] | undefined>;
+    url?: string;
+    method?: string;
+    body?: any;
+}
+export interface WebCoreResponse {
+    status(code: number): WebCoreResponse;
+    json(body: any): WebCoreResponse;
+    send(body: any): WebCoreResponse;
+    setHeader(key: string, value: string): WebCoreResponse;
+}
+export interface WebCoreContext {
+    config: Config;
+    auth: {
+        verify(token: string): any;
+    };
+    db?: any;
+}
+export interface CreateFrameworkAppOptions {
+    appId: string;
+    config?: Record<string, any>;
+}

package/dist/{index.js → cjs/index.cjs}

@@ -14,7 +14,11 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createApp = void 0;
+exports.createH3App = exports.createNextApp = exports.createApp = void 0;
 var createApp_1 = require("./app/createApp");
 Object.defineProperty(exports, "createApp", { enumerable: true, get: function () { return createApp_1.createApp; } });
+var next_1 = require("./frameworks/next");
+Object.defineProperty(exports, "createNextApp", { enumerable: true, get: function () { return next_1.createNextApp; } });
+var h3_1 = require("./frameworks/h3");
+Object.defineProperty(exports, "createH3App", { enumerable: true, get: function () { return h3_1.createH3App; } });
 __exportStar(require("./types"), exports);

package/dist/cjs/index.d.cts

@@ -0,0 +1,4 @@
+export { createApp } from "./app/createApp";
+export { createNextApp } from "./frameworks/next";
+export { createH3App } from "./frameworks/h3";
+export * from "./types";

package/dist/cjs/index.d.mts

@@ -0,0 +1,4 @@
+export { createApp } from "./app/createApp.js";
+export { createNextApp } from "./frameworks/next.js";
+export { createH3App } from "./frameworks/h3.js";
+export * from "./types.js";

package/dist/cjs/index.mjs

@@ -0,0 +1,5 @@
+"use strict";
+export { createApp } from "./app/createApp.js";
+export { createNextApp } from "./frameworks/next.js";
+export { createH3App } from "./frameworks/h3.js";
+export * from "./types.js";

package/dist/{license → cjs/license}/verify.js

@@ -5,7 +5,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.verifyLicense = verifyLicense;
 const fs_1 = __importDefault(require("fs"));
-const crypto_1 = require("./crypto");
+const crypto_js_1 = require("./crypto.js");
 async function verifyLicense(opts) {
     if (!fs_1.default.existsSync(opts.licensePath)) {
         throw new Error("License file not found");
@@ -18,7 +18,7 @@ async function verifyLicense(opts) {
     if (new Date(raw.expiresAt) < new Date()) {
         throw new Error("License expired");
     }
-    if (!(0, crypto_1.verifySignature)(payload, signature)) {
+    if (!(0, crypto_js_1.verifySignature)(payload, signature)) {
         throw new Error("Invalid license signature");
     }
 }

package/dist/cjs/package.json

@@ -0,0 +1 @@
+{"type": "commonjs"}

package/dist/cjs/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/esm/app/createApp.d.ts

@@ -0,0 +1,6 @@
+import { CreateAppOptions } from "../types.js";
+export declare function createApp(opts: CreateAppOptions): Promise<{
+    app: import("express-serve-static-core").Express;
+    start: () => Promise<void>;
+    shutdown: () => Promise<void>;
+}>;

package/dist/esm/app/createApp.js

@@ -0,0 +1,52 @@
+import express, { Router } from "express";
+import http from "http";
+import { loadConfig } from "../config/index.js";
+import { verifyLicense } from "../license/verify.js";
+import { applySecurity } from "./security.js";
+import { initDb } from "../db/index.js";
+import { initJwtAuth } from "../auth/jwt.js";
+export async function createApp(opts) {
+    // 1) CONFIG
+    const config = loadConfig();
+    // 2) LICENSE GATE
+    await verifyLicense({
+        appId: opts.appId,
+        licensePath: config.get("LICENSE_PATH", "./license.json"),
+    });
+    // 3) EXPRESS INIT
+    const app = express();
+    const server = http.createServer(app);
+    const router = Router();
+    if (opts.http?.trustProxy)
+        app.set("trust proxy", true);
+    // 4) CORE MIDDLEWARE
+    applySecurity(app);
+    app.use(express.json());
+    app.use(express.urlencoded({ extended: false }));
+    // 5) DB (non-optional if declared)
+    const db = await initDb(opts.db);
+    // 6) AUTH
+    const auth = initJwtAuth(config);
+    // 7) ROUTES
+    if (opts.routes) {
+        opts.routes({ app, router, db, auth, config });
+    }
+    app.use(router);
+    // 8) ERROR HANDLER
+    app.use((err, _req, res, _next) => {
+        console.error(err);
+        res.status(500).json({ error: "Internal Server Error from web-core" });
+    });
+    // 9) LIFE CYCLE
+    async function start() {
+        const port = opts.http?.port ?? config.get("PORT", 3000);
+        await new Promise((resolve) => server.listen(port, resolve));
+        console.log(`[web-core] listening on ${port}`);
+    }
+    async function shutdown() {
+        if (db?.close)
+            await db.close();
+        server.close();
+    }
+    return { app, start, shutdown };
+}

package/dist/esm/app/security.d.ts

@@ -0,0 +1,11 @@
+import { Express } from "express";
+import cors from "cors";
+export declare const securityConfig: {
+    helmet: (req: import("http").IncomingMessage, res: import("http").ServerResponse, next: (err?: unknown) => void) => void;
+    cors: (req: cors.CorsRequest, res: {
+        statusCode?: number | undefined;
+        setHeader(key: string, value: string): any;
+        end(): any;
+    }, next: (err?: any) => any) => void;
+};
+export declare function applySecurity(app: Express): void;

package/dist/esm/app/security.js

@@ -0,0 +1,10 @@
+import helmet from "helmet";
+import cors from "cors";
+export const securityConfig = {
+    helmet: helmet(),
+    cors: cors()
+};
+export function applySecurity(app) {
+    app.use(securityConfig.helmet);
+    app.use(securityConfig.cors);
+}

package/dist/esm/auth/jwt.d.ts

@@ -0,0 +1,7 @@
+import jwt from "jsonwebtoken";
+import { Config } from "../types.js";
+export declare function verifyToken(token: string, secret: string): string | jwt.JwtPayload;
+export declare function initJwtAuth(config: Config): {
+    verify(token: string): string | jwt.JwtPayload;
+    middleware(): (req: any, _res: any, next: any) => any;
+};

package/dist/esm/auth/jwt.js

@@ -0,0 +1,27 @@
+import jwt from "jsonwebtoken";
+export function verifyToken(token, secret) {
+    return jwt.verify(token, secret);
+}
+export function initJwtAuth(config) {
+    const secret = config.get("JWT_SECRET");
+    if (!secret)
+        throw new Error("JWT_SECRET missing");
+    return {
+        verify(token) {
+            return verifyToken(token, secret);
+        },
+        middleware() {
+            return (req, _res, next) => {
+                const h = req.headers.authorization;
+                if (!h)
+                    return next();
+                try {
+                    const token = h.replace("Bearer ", "");
+                    req.user = verifyToken(token, secret);
+                }
+                catch { }
+                next();
+            };
+        },
+    };
+}

package/dist/esm/config/index.d.ts

@@ -0,0 +1,2 @@
+import { Config } from "../types.js";
+export declare function loadConfig(): Config;

package/dist/esm/config/index.js

@@ -0,0 +1,10 @@
+export function loadConfig() {
+    return {
+        get(key, fallback) {
+            const val = process.env[key];
+            if (val === undefined)
+                return fallback;
+            return val;
+        },
+    };
+}

package/dist/esm/db/index.d.ts

@@ -0,0 +1,15 @@
+export declare function initDb(opts?: {
+    type: "postgres";
+    uri?: string;
+}): Promise<{
+    query: {
+        <T extends import("pg").Submittable>(queryStream: T): T;
+        <R extends any[] = any[], I = any[]>(queryConfig: import("pg").QueryArrayConfig<I>, values?: import("pg").QueryConfigValues<I>): Promise<import("pg").QueryArrayResult<R>>;
+        <R extends import("pg").QueryResultRow = any, I = any>(queryConfig: import("pg").QueryConfig<I>): Promise<import("pg").QueryResult<R>>;
+        <R extends import("pg").QueryResultRow = any, I = any[]>(queryTextOrConfig: string | import("pg").QueryConfig<I>, values?: import("pg").QueryConfigValues<I>): Promise<import("pg").QueryResult<R>>;
+        <R extends any[] = any[], I = any[]>(queryConfig: import("pg").QueryArrayConfig<I>, callback: (err: Error, result: import("pg").QueryArrayResult<R>) => void): void;
+        <R extends import("pg").QueryResultRow = any, I = any[]>(queryTextOrConfig: string | import("pg").QueryConfig<I>, callback: (err: Error, result: import("pg").QueryResult<R>) => void): void;
+        <R extends import("pg").QueryResultRow = any, I = any[]>(queryText: string, values: import("pg").QueryConfigValues<I>, callback: (err: Error, result: import("pg").QueryResult<R>) => void): void;
+    };
+    close: () => Promise<void>;
+} | null>;

package/dist/esm/db/index.js

@@ -0,0 +1,11 @@
+import { initPostgres } from "./postgres.js";
+export async function initDb(opts) {
+    if (!opts)
+        return null;
+    if (opts.type === "postgres") {
+        if (!opts.uri)
+            throw new Error("Postgres URI required");
+        return initPostgres(opts.uri);
+    }
+    throw new Error("Unsupported DB");
+}

package/dist/esm/db/postgres.d.ts

@@ -0,0 +1,12 @@
+export declare function initPostgres(uri: string): Promise<{
+    query: {
+        <T extends import("pg").Submittable>(queryStream: T): T;
+        <R extends any[] = any[], I = any[]>(queryConfig: import("pg").QueryArrayConfig<I>, values?: import("pg").QueryConfigValues<I>): Promise<import("pg").QueryArrayResult<R>>;
+        <R extends import("pg").QueryResultRow = any, I = any>(queryConfig: import("pg").QueryConfig<I>): Promise<import("pg").QueryResult<R>>;
+        <R extends import("pg").QueryResultRow = any, I = any[]>(queryTextOrConfig: string | import("pg").QueryConfig<I>, values?: import("pg").QueryConfigValues<I>): Promise<import("pg").QueryResult<R>>;
+        <R extends any[] = any[], I = any[]>(queryConfig: import("pg").QueryArrayConfig<I>, callback: (err: Error, result: import("pg").QueryArrayResult<R>) => void): void;
+        <R extends import("pg").QueryResultRow = any, I = any[]>(queryTextOrConfig: string | import("pg").QueryConfig<I>, callback: (err: Error, result: import("pg").QueryResult<R>) => void): void;
+        <R extends import("pg").QueryResultRow = any, I = any[]>(queryText: string, values: import("pg").QueryConfigValues<I>, callback: (err: Error, result: import("pg").QueryResult<R>) => void): void;
+    };
+    close: () => Promise<void>;
+}>;

package/dist/esm/db/postgres.js

@@ -0,0 +1,9 @@
+import { Client } from "pg";
+export async function initPostgres(uri) {
+    const client = new Client({ connectionString: uri });
+    await client.connect();
+    return {
+        query: client.query.bind(client),
+        close: () => client.end(),
+    };
+}

package/dist/esm/frameworks/h3.d.ts

@@ -0,0 +1,21 @@
+import { CreateFrameworkAppOptions } from "./types.js";
+export declare function createH3App(opts: CreateFrameworkAppOptions): Promise<{
+    db: {
+        query: {
+            <T extends import("pg").Submittable>(queryStream: T): T;
+            <R extends any[] = any[], I = any[]>(queryConfig: import("pg").QueryArrayConfig<I>, values?: import("pg").QueryConfigValues<I>): Promise<import("pg").QueryArrayResult<R>>;
+            <R extends import("pg").QueryResultRow = any, I = any>(queryConfig: import("pg").QueryConfig<I>): Promise<import("pg").QueryResult<R>>;
+            <R extends import("pg").QueryResultRow = any, I = any[]>(queryTextOrConfig: string | import("pg").QueryConfig<I>, values?: import("pg").QueryConfigValues<I>): Promise<import("pg").QueryResult<R>>;
+            <R extends any[] = any[], I = any[]>(queryConfig: import("pg").QueryArrayConfig<I>, callback: (err: Error, result: import("pg").QueryArrayResult<R>) => void): void;
+            <R extends import("pg").QueryResultRow = any, I = any[]>(queryTextOrConfig: string | import("pg").QueryConfig<I>, callback: (err: Error, result: import("pg").QueryResult<R>) => void): void;
+            <R extends import("pg").QueryResultRow = any, I = any[]>(queryText: string, values: import("pg").QueryConfigValues<I>, callback: (err: Error, result: import("pg").QueryResult<R>) => void): void;
+        };
+        close: () => Promise<void>;
+    } | null;
+    auth: {
+        verify(token: string): string | import("jsonwebtoken").JwtPayload;
+        middleware(): (req: any, _res: any, next: any) => any;
+    };
+    config: import("../types.js").Config;
+    verifySession: (event: any) => Promise<string | import("jsonwebtoken").JwtPayload | null>;
+}>;

package/dist/esm/frameworks/h3.js

@@ -0,0 +1,35 @@
+import { loadConfig } from "../config/index.js";
+import { verifyLicense } from "../license/verify.js";
+import { initJwtAuth } from "../auth/jwt.js";
+import { initDb } from "../db/index.js";
+// H3 is often used in Nuxt or Nitro. We don't import h3 directly to avoid hard dependency,
+// but we assume the user passes the event or app instance if needed.
+// For now, we return a setup object similar to Next.js
+export async function createH3App(opts) {
+    const config = loadConfig();
+    // License Check
+    await verifyLicense({
+        appId: opts.appId,
+        licensePath: config.get("LICENSE_PATH", "./license.json"),
+    });
+    const db = await initDb({ type: "postgres" });
+    const auth = initJwtAuth(config);
+    return {
+        db,
+        auth,
+        config,
+        verifySession: async (event) => {
+            // H3 event structure abstraction
+            const h = event.node?.req?.headers?.authorization || event.headers?.get("authorization");
+            if (!h)
+                return null;
+            try {
+                const token = h.replace("Bearer ", "");
+                return auth.verify(token);
+            }
+            catch {
+                return null;
+            }
+        }
+    };
+}

package/dist/esm/frameworks/next.d.ts

@@ -0,0 +1,21 @@
+import { CreateFrameworkAppOptions } from "./types.js";
+export declare function createNextApp(opts: CreateFrameworkAppOptions): Promise<{
+    db: {
+        query: {
+            <T extends import("pg").Submittable>(queryStream: T): T;
+            <R extends any[] = any[], I = any[]>(queryConfig: import("pg").QueryArrayConfig<I>, values?: import("pg").QueryConfigValues<I>): Promise<import("pg").QueryArrayResult<R>>;
+            <R extends import("pg").QueryResultRow = any, I = any>(queryConfig: import("pg").QueryConfig<I>): Promise<import("pg").QueryResult<R>>;
+            <R extends import("pg").QueryResultRow = any, I = any[]>(queryTextOrConfig: string | import("pg").QueryConfig<I>, values?: import("pg").QueryConfigValues<I>): Promise<import("pg").QueryResult<R>>;
+            <R extends any[] = any[], I = any[]>(queryConfig: import("pg").QueryArrayConfig<I>, callback: (err: Error, result: import("pg").QueryArrayResult<R>) => void): void;
+            <R extends import("pg").QueryResultRow = any, I = any[]>(queryTextOrConfig: string | import("pg").QueryConfig<I>, callback: (err: Error, result: import("pg").QueryResult<R>) => void): void;
+            <R extends import("pg").QueryResultRow = any, I = any[]>(queryText: string, values: import("pg").QueryConfigValues<I>, callback: (err: Error, result: import("pg").QueryResult<R>) => void): void;
+        };
+        close: () => Promise<void>;
+    } | null;
+    auth: {
+        verify(token: string): string | import("jsonwebtoken").JwtPayload;
+        middleware(): (req: any, _res: any, next: any) => any;
+    };
+    config: import("../types.js").Config;
+    verifySession: (req: Request) => Promise<string | import("jsonwebtoken").JwtPayload | null>;
+}>;

package/dist/esm/frameworks/next.js

@@ -0,0 +1,31 @@
+import { loadConfig } from "../config/index.js";
+import { verifyLicense } from "../license/verify.js";
+import { initJwtAuth } from "../auth/jwt.js";
+import { initDb } from "../db/index.js";
+export async function createNextApp(opts) {
+    const config = loadConfig();
+    // License Check
+    await verifyLicense({
+        appId: opts.appId,
+        licensePath: config.get("LICENSE_PATH", "./license.json"),
+    });
+    const db = await initDb({ type: "postgres" }); // Defaulting to existing DB logic
+    const auth = initJwtAuth(config);
+    return {
+        db,
+        auth,
+        config,
+        verifySession: async (req) => {
+            const h = req.headers.get("authorization");
+            if (!h)
+                return null;
+            try {
+                const token = h.replace("Bearer ", "");
+                return auth.verify(token);
+            }
+            catch {
+                return null;
+            }
+        }
+    };
+}

package/dist/esm/frameworks/types.d.ts

@@ -0,0 +1,24 @@
+import { Config } from "../types.js";
+export interface WebCoreRequest {
+    headers: Record<string, string | string[] | undefined>;
+    url?: string;
+    method?: string;
+    body?: any;
+}
+export interface WebCoreResponse {
+    status(code: number): WebCoreResponse;
+    json(body: any): WebCoreResponse;
+    send(body: any): WebCoreResponse;
+    setHeader(key: string, value: string): WebCoreResponse;
+}
+export interface WebCoreContext {
+    config: Config;
+    auth: {
+        verify(token: string): any;
+    };
+    db?: any;
+}
+export interface CreateFrameworkAppOptions {
+    appId: string;
+    config?: Record<string, any>;
+}

package/dist/esm/frameworks/types.js

@@ -0,0 +1 @@
+export {};

package/dist/esm/index.cjs

@@ -0,0 +1,24 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createH3App = exports.createNextApp = exports.createApp = void 0;
+var createApp_1 = require("./app/createApp");
+Object.defineProperty(exports, "createApp", { enumerable: true, get: function () { return createApp_1.createApp; } });
+var next_1 = require("./frameworks/next");
+Object.defineProperty(exports, "createNextApp", { enumerable: true, get: function () { return next_1.createNextApp; } });
+var h3_1 = require("./frameworks/h3");
+Object.defineProperty(exports, "createH3App", { enumerable: true, get: function () { return h3_1.createH3App; } });
+__exportStar(require("./types"), exports);

package/dist/esm/index.d.cts

@@ -0,0 +1,4 @@
+export { createApp } from "./app/createApp";
+export { createNextApp } from "./frameworks/next";
+export { createH3App } from "./frameworks/h3";
+export * from "./types";

package/dist/esm/index.d.mts

@@ -0,0 +1,4 @@
+export { createApp } from "./app/createApp.js";
+export { createNextApp } from "./frameworks/next.js";
+export { createH3App } from "./frameworks/h3.js";
+export * from "./types.js";

package/dist/esm/index.mjs

@@ -0,0 +1,4 @@
+export { createApp } from "./app/createApp.js";
+export { createNextApp } from "./frameworks/next.js";
+export { createH3App } from "./frameworks/h3.js";
+export * from "./types.js";

package/dist/esm/license/crypto.d.ts

@@ -0,0 +1 @@
+export declare function verifySignature(payload: object, signature: string): boolean;

package/dist/esm/license/crypto.js

@@ -0,0 +1,18 @@
+import crypto from "crypto";
+const PUBLIC_KEY = `
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsU0BSgfcYaHOuWuNRQEw
+t3HyMf+UY+RAVGf0bDmdXIyp5fPol5K86jol45lIaxdbkMpPqODmr/lU0dDBOIwy
+wlhbAQb0nLsIMQf3M6lNw6OtI0EnlZd2xhfisfu1XH9UBbn7Q6W2+i22rZhKC3yY
+8E7Dntgl7IkItjEFFpnbA4tCY6yTGhGfAx/4O977Vw2ET6m5SVcFVlKs0OxekRc0
+7rcgCTwSjHPkMumVc7zv+rfZPkhULN76ju26gcuR19xd+gNq3qLGgJ9hcDITmuwP
+FE212I94elpNRNbrX7MUqVX3o7trE5CqxH42NuGP20edSWcKqpvqLFPSnlsSvhUp
+MQIDAQAB
+-----END PUBLIC KEY-----
+`;
+export function verifySignature(payload, signature) {
+    const verify = crypto.createVerify("RSA-SHA256");
+    verify.update(JSON.stringify(payload));
+    verify.end();
+    return verify.verify(PUBLIC_KEY, Buffer.from(signature, "base64"));
+}

package/dist/esm/license/types.d.ts

@@ -0,0 +1,7 @@
+export interface License {
+    licenseId: string;
+    appId: string;
+    issuedTo: string;
+    expiresAt: string;
+    signature: string;
+}

package/dist/esm/license/types.js

@@ -0,0 +1 @@
+export {};

package/dist/esm/license/verify.d.ts

@@ -0,0 +1,4 @@
+export declare function verifyLicense(opts: {
+    appId: string;
+    licensePath: string;
+}): Promise<void>;

package/dist/esm/license/verify.js

@@ -0,0 +1,18 @@
+import fs from "fs";
+import { verifySignature } from "./crypto.js";
+export async function verifyLicense(opts) {
+    if (!fs.existsSync(opts.licensePath)) {
+        throw new Error("License file not found");
+    }
+    const raw = JSON.parse(fs.readFileSync(opts.licensePath, "utf8"));
+    const { signature, ...payload } = raw;
+    if (raw.appId !== opts.appId) {
+        throw new Error("License appId mismatch");
+    }
+    if (new Date(raw.expiresAt) < new Date()) {
+        throw new Error("License expired");
+    }
+    if (!verifySignature(payload, signature)) {
+        throw new Error("Invalid license signature");
+    }
+}

package/dist/esm/types.d.ts

@@ -0,0 +1,28 @@
+import { Express, Router } from "express";
+export interface CreateAppOptions {
+    appId: string;
+    http?: {
+        port?: number;
+        trustProxy?: boolean;
+    };
+    db?: {
+        type: "postgres";
+        uri?: string;
+    };
+    auth?: {
+        provider: "jwt";
+    };
+    routes?: (ctx: AppContext) => void;
+}
+export interface AppContext {
+    app: Express;
+    router: Router;
+    db: any;
+    auth: {
+        middleware(): any;
+    };
+    config: Config;
+}
+export interface Config {
+    get<T = any>(key: string, fallback?: T): T;
+}

package/dist/esm/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,14 +1,24 @@
 {
   "name": "@cored3v/web-core",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "description": "Reusable licensed Express core for web applications",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
+  "type": "module",
+  "main": "./dist/cjs/index.cjs",
+  "module": "./dist/esm/index.mjs",
+  "types": "./dist/esm/index.esm.d.ts",
   "files": [
     "dist"
   ],
+  "exports": {
+    ".": {
+      "import": "./dist/esm/index.mjs",
+      "require": "./dist/cjs/index.cjs"
+    }
+  },
   "scripts": {
-    "build": "tsc",
+    "build:esm": "tsc -p tsconfig.esm.json",
+    "build:cjs": "tsc -p tsconfig.cjs.json && echo '{\"type\": \"commonjs\"}' > dist/cjs/package.json",
+    "build": "npm run build:esm && npm run build:cjs",
     "prepublishOnly": "npm run build"
   },
   "dependencies": {
@@ -24,6 +34,9 @@
     "@types/jsonwebtoken": "^9.0.6",
     "@types/node": "^20.11.0",
     "@types/pg": "^8.16.0",
-    "typescript": "^5.4.0"
+    "pg-protocol": "^1.10.3",
+    "pg-types": "^4.1.0",
+    "typescript": "^5.4.0",
+    "undici-types": "^7.18.2"
   }
 }

package/dist/app/security.d.ts

@@ -1,2 +0,0 @@
-import { Express } from "express";
-export declare function applySecurity(app: Express): void;

package/dist/auth/jwt.d.ts

@@ -1,4 +0,0 @@
-import { Config } from "../types";
-export declare function initJwtAuth(config: Config): {
-    middleware(): (req: any, _res: any, next: any) => any;
-};

package/dist/index.d.ts

@@ -1,2 +0,0 @@
-export { createApp } from "./app/createApp";
-export * from "./types";