@culturefy/shared 1.0.38 → 1.0.40

package/build/src/middlewares/verify-middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/verify-middleware.ts"],"names":[],"mappings":";;;;AAGA,oCAAwC;AAGxC,4CAAuC;AACvC,2CAAuC;AACvC,8CAA+C;AAE/C,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAA;AAEpD,MAAM,iBAAiB,GAAG,CAAC,MAAiC,EAAE,EAAE;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM;QAAE,OAAO,GAAG,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,GAAG,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEK,MAAM,QAAQ,GAAgB,CACnC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE9D,IAAI,CAAC,KAAK,IAAI,CAAC,CAAA,MAAA,mBAAO,aAAP,mBAAO,uBAAP,mBAAO,CAAG,KAAK,CAAC,0CAAE,QAAQ,CAAA,EAAE,CAAC;QAC1C,OAAO,IAAA,oBAAY,EAAC,GAAG,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,gBAAgB,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAEjD,UAAU;IACV,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7D,MAAM,EAAE,GAAG,OAAO,CAAC,uBAAuB,KAAK,KAAK,CAAC,CAAC;IACtD,MAAM,EAAE,GAAG,OAAO,CAAC,uBAAuB,KAAK,KAAK,CAAC,CAAC;IAEtD,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;QACf,OAAO,IAAA,oBAAY,EAAC,GAAG,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,mFAAmF;IACnF,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAA,sBAAS,EAAC,EAAE,CAAC,CAAC;IACpB,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,IAAA,oBAAY,EAAC,GAAG,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;IACnF,CAAC;IAED,IAAI,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CAAA,EAAE,CAAC;QACZ,OAAO,IAAA,oBAAY,EAAC,GAAG,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,mDAAmD;IACnD,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;QAC9C,yFAAyF;QACzF,OAAO,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,gBAAgB,EAAE,EAAE,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAClF,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GACT,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;QAC1D,CAAC,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,gBAAgB,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;QAClF,CAAC,CAAC,GAAG,KAAK,gBAAgB,CAAC;IAE7B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAA,oBAAY,EAAC,GAAG,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACjF,CAAC;IAGD,IAAA,qBAAW,EAAC,GAAG,EAAE,IAAI,EAAC,KAAK,CAAC,CAAC;IAE7B,uBAAuB;IACvB,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IAC1B,MAAM,QAAQ,GAAG,MAAA,CAAC,CAAC,OAAO,mCAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAEvF,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM,EAAE,MAAA,CAAC,CAAC,GAAG,mCAAI,IAAI;QACrB,UAAU,EAAE,MAAA,MAAA,CAAC,CAAC,OAAO,mCAAI,QAAQ,mCAAI,IAAI;QACzC,QAAQ;QACR,KAAK,EAAE,MAAA,MAAA,CAAC,CAAC,KAAK,mCAAI,CAAC,CAAC,kBAAkB,mCAAI,IAAI;QAC9C,IAAI,EAAE,MAAA,CAAC,CAAC,IAAI,mCAAI,SAAS;QACzB,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,CAAC,CAAC,eAAe,0CAAG,gBAAgB,CAAC,0CAAE,KAAK,mCAAI,MAAA,CAAC,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;QAClF,GAAG,EAAE,CAAC,CAAC,GAAG;KACX,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AAtEW,QAAA,QAAQ,YAsEnB;AAIF,SAAe,kBAAkB,CAC/B,GAAgB,EAChB,GAAsB,EACtB,KAAa,EACb,gBAAwB,EACxB,EAAsB,EACtB,CAAM,EACN,IAAqC;;;;QAErC,uCAAuC;QACvC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,OAAO,IAAA,oBAAY,EAAC,GAAG,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;QACnF,CAAC;QAED,4BAA4B;QAC5B,IAAI,OAAO,GAAuB,MAAA,mBAAO,CAAC,KAAK,CAAC,CAAC,IAAI,0CAAE,KAAK,CAAC;QAC7D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,EAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;gBAC/E,OAAO,GAAG,CAAC,CAAS,aAAT,CAAC,uBAAD,CAAC,CAAU,OAAO,KAAI,QAAQ,IAAI,SAAS,CAAC;YACzD,CAAC;YAAC,WAAM,CAAC;gBACP,OAAO,GAAG,SAAS,CAAC;YACtB,CAAC;QACH,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAA,oBAAY,EAAC,GAAG,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC,CAAC;QAC1F,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,iDAAiD,EAAE;YAC1D,OAAO;YACP,gBAAgB;YAChB,EAAE;SACH,CAAC,CAAC;QAGH,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO;oBACP,QAAQ,EAAE,gBAAgB;oBAC1B,aAAa,EAAE,EAAE;iBAClB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC/B,MAAA,GAAG,CAAC,IAAI,oDAAG,wBAAwB,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;gBAC1D,OAAO,IAAA,oBAAY,EAAC,GAAG,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC;YACpF,CAAC;YAGD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAkC,CAAC;YACtD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAmC,CAAC;YACvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO,IAAA,oBAAY,EAAC,GAAG,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC,CAAC;YAC9F,CAAC;YAED,2CAA2C;YAC3C,IAAA,qBAAW,EAAC,GAAG,EAAE,uBAAuB,KAAK,KAAK,EAAE,KAAK,CAAC,CAAC;YAC3D,IAAA,qBAAW,EAAC,GAAG,EAAE,uBAAuB,KAAK,KAAK,EAAE,KAAK,CAAC,CAAC;YAE3D,4BAA4B;YAC5B,IAAI,EAAO,CAAC;YACZ,IAAI,CAAC;gBAAC,EAAE,GAAG,IAAA,sBAAS,EAAC,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,WAAM,CAAC;gBAAC,OAAO,IAAA,oBAAY,EAAC,GAAG,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC;YAAC,CAAC;YAE9H,MAAM,MAAM,GACV,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;gBAC5D,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,GAAG,KAAK,gBAAgB,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;gBACrF,EAAE,CAAC,GAAG,KAAK,gBAAgB,CAAC;YAC9B,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,IAAA,oBAAY,EAAC,GAAG,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC;YACjF,CAAC;YAED,oDAAoD;YACpD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;YAC1B,MAAM,SAAS,GAAG,MAAA,EAAE,CAAC,OAAO,mCAAI,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC3F,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;gBACxB,KAAK;gBACL,MAAM,EAAE,MAAA,EAAE,CAAC,GAAG,mCAAI,IAAI;gBACtB,UAAU,EAAE,MAAA,MAAA,EAAE,CAAC,OAAO,mCAAI,SAAS,mCAAI,IAAI;gBAC3C,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,MAAA,MAAA,EAAE,CAAC,KAAK,mCAAI,EAAE,CAAC,kBAAkB,mCAAI,IAAI;gBAChD,IAAI,EAAE,MAAA,EAAE,CAAC,IAAI,mCAAI,SAAS;gBAC1B,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,EAAE,CAAC,eAAe,0CAAG,gBAAgB,CAAC,0CAAE,KAAK,mCAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;gBACpF,GAAG,EAAE,EAAE,CAAC,GAAG;aACZ,CAAC;YAEF,kCAAkC;YAClC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAA,GAAG,CAAC,KAAK,oDAAG,mBAAmB,EAAE,CAAQ,CAAC,CAAC;YAC3C,OAAO,IAAA,oBAAY,EAAC,GAAG,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC;QACvF,CAAC;IACH,CAAC;CAAA"}

package/build/src/types/app.d.ts

@@ -0,0 +1,29 @@
+export type IAppId = "3238hxa2";
+export interface IDomainMappings {
+    domains: Record<string, string[]>;
+    clientId: string;
+    appId: string;
+    name: string;
+    exclude: Record<string, string[]>;
+    cookie: {
+        prefix: string;
+        domain: {
+            local: string | null;
+            dev: string;
+            staging: string;
+            prod: string;
+        };
+        path: string;
+        sameSite: string;
+        secure: boolean;
+        httpOnly: boolean;
+        maxAgeSec: {
+            sid: number;
+            rt: number;
+        };
+    };
+    auth?: {
+        realm: string;
+        clientId: string;
+    };
+}

package/build/src/types/app.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=app.js.map

package/build/src/types/app.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"app.js","sourceRoot":"","sources":["../../../src/types/app.ts"],"names":[],"mappings":""}

package/build/src/types/middleware.d.ts

@@ -0,0 +1,3 @@
+import { HttpRequest, HttpResponseInit, InvocationContext } from "@azure/functions";
+export type IMiddleware = (req: HttpRequest, ctx: InvocationContext, next: () => Promise<HttpResponseInit>) => Promise<HttpResponseInit>;
+export type IHandler = (req: HttpRequest, ctx: InvocationContext) => Promise<HttpResponseInit>;

package/build/src/types/middleware.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=middleware.js.map

package/build/src/types/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../src/types/middleware.ts"],"names":[],"mappings":""}

package/build/src/utils/cookies.d.ts

@@ -0,0 +1,2 @@
+import { InvocationContext } from "@azure/functions";
+export declare function setCookieKV(ctx: InvocationContext, key: string, value: string): void;

package/build/src/utils/cookies.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setCookieKV = setCookieKV;
+function setCookieKV(ctx, key, value) {
+    var _a, _b;
+    var _c, _d;
+    // Object-cookie bag (preferred)
+    const CTX_COOKIES_OBJ = Symbol.for("cfy.resCookies.obj");
+    // @ts-ignore
+    const objBag = ((_a = (_c = ctx)[CTX_COOKIES_OBJ]) !== null && _a !== void 0 ? _a : (_c[CTX_COOKIES_OBJ] = []));
+    objBag.push({
+        name: key,
+        value,
+        path: "/",
+        httpOnly: true,
+        secure: true, // drop to false if testing on http://
+        sameSite: "None", // use "Lax" for same-site
+        maxAge: 300, // seconds
+    });
+    // (Optional) Keep your string fallback too:
+    const CTX_COOKIES = Symbol.for("cfy.resCookies");
+    const strBag = ((_b = (_d = ctx)[CTX_COOKIES]) !== null && _b !== void 0 ? _b : (_d[CTX_COOKIES] = []));
+    strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/; HttpOnly; SameSite=None; Secure; Max-Age=300`);
+}
+//# sourceMappingURL=cookies.js.map

package/build/src/utils/cookies.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../../src/utils/cookies.ts"],"names":[],"mappings":";;AAEA,kCAqBC;AArBD,SAAgB,WAAW,CAAC,GAAsB,EAAE,GAAW,EAAE,KAAa;;;IAC5E,gCAAgC;IAChC,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IACzD,aAAa;IACb,MAAM,MAAM,GAAG,aAAE,GAAW,EAAC,eAAe,wCAAf,eAAe,IAAM,EAAkB,EAAC,CAAC;IACtE,MAAM,CAAC,IAAI,CAAC;QACR,IAAI,EAAE,GAAG;QACT,KAAK;QACL,IAAI,EAAE,GAAG;QACT,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,IAAI,EAAQ,sCAAsC;QAC1D,QAAQ,EAAE,MAAM,EAAI,0BAA0B;QAC9C,MAAM,EAAE,GAAG,EAAS,UAAU;KACjC,CAAC,CAAC;IAEH,4CAA4C;IAC5C,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,aAAE,GAAW,EAAC,WAAW,wCAAX,WAAW,IAAM,EAAc,EAAC,CAAC;IAC9D,MAAM,CAAC,IAAI,CACP,GAAG,kBAAkB,CAAC,GAAG,CAAC,IAAI,kBAAkB,CAAC,KAAK,CAAC,wDAAwD,CAClH,CAAC;AACJ,CAAC"}

package/build/src/utils/index.d.ts

@@ -3,3 +3,4 @@ export * from './response';
 export * from './initializers';
 export * from './mapper';
 export * from './jwt';
+export * from './middleware';

package/build/src/utils/index.js

@@ -6,4 +6,5 @@ tslib_1.__exportStar(require("./response"), exports);
 tslib_1.__exportStar(require("./initializers"), exports);
 tslib_1.__exportStar(require("./mapper"), exports);
 tslib_1.__exportStar(require("./jwt"), exports);
+tslib_1.__exportStar(require("./middleware"), exports);
 //# sourceMappingURL=index.js.map

package/build/src/utils/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/utils/index.ts"],"names":[],"mappings":";;;AAAA,oDAA0B;AAC1B,qDAA2B;AAC3B,yDAA+B;AAC/B,mDAAyB;AACzB,gDAAsB"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/utils/index.ts"],"names":[],"mappings":";;;AAAA,oDAA0B;AAC1B,qDAA2B;AAC3B,yDAA+B;AAC/B,mDAAyB;AACzB,gDAAsB;AACtB,uDAA6B"}

package/build/src/utils/middleware.d.ts

@@ -0,0 +1,12 @@
+import { HttpRequest, HttpResponseInit, InvocationContext } from "@azure/functions";
+import { IHandler, IMiddleware } from "../types/middleware";
+/**
+ * Compose Azure Functions middlewares (Koa-style).
+ * Each middleware gets (req, ctx, next) and must either:
+ *  - `return await next()` to pass-through, or
+ *  - `return <HttpResponseInit>` to short-circuit.
+ *
+ * Any headers/cookies accumulated on ctx via Symbol.for("cfy.resHeaders"/"cfy.resCookies")
+ * are merged into the final response.
+ */
+export declare function withMW(middlewares: IMiddleware[], handler: IHandler): (req: HttpRequest, ctx: InvocationContext) => Promise<HttpResponseInit>;

package/build/src/utils/middleware.js

@@ -0,0 +1,64 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.withMW = withMW;
+const tslib_1 = require("tslib");
+/**
+ * Compose Azure Functions middlewares (Koa-style).
+ * Each middleware gets (req, ctx, next) and must either:
+ *  - `return await next()` to pass-through, or
+ *  - `return <HttpResponseInit>` to short-circuit.
+ *
+ * Any headers/cookies accumulated on ctx via Symbol.for("cfy.resHeaders"/"cfy.resCookies")
+ * are merged into the final response.
+ */
+// ---- withMW (kept small; merges any ctx headers/cookies if you use them) ----
+function withMW(middlewares, handler) {
+    return (req, ctx) => tslib_1.__awaiter(this, void 0, void 0, function* () {
+        var _a, _b, _c;
+        const stack = [...middlewares, (r, c) => tslib_1.__awaiter(this, void 0, void 0, function* () { return handler(r, c); })];
+        let index = -1;
+        const dispatch = (i) => tslib_1.__awaiter(this, void 0, void 0, function* () {
+            if (i <= index)
+                throw new Error("next() called multiple times");
+            index = i;
+            const fn = stack[i];
+            if (!fn)
+                throw new Error("No handler in middleware stack");
+            // next always returns a HttpResponseInit
+            const next = () => dispatch(i + 1);
+            const result = yield fn(req, ctx, next);
+            if (result === undefined) {
+                throw new Error("Middleware must return a response or `return await next()`");
+            }
+            return result;
+        });
+        const res = yield dispatch(0);
+        // optional: merge bags if you set them elsewhere
+        const CTX_HEADERS = Symbol.for("cfy.resHeaders");
+        const CTX_COOKIES = Symbol.for("cfy.resCookies"); // string[]
+        const CTX_COOKIES_OBJ = Symbol.for("cfy.resCookies.obj"); // HttpCookie[]
+        const merged = Object.assign(Object.assign({}, res), { headers: Object.assign({}, ((_a = res.headers) !== null && _a !== void 0 ? _a : {})) });
+        // merge cookies as objects (preferred by Azure Functions)
+        // @ts-ignore
+        const objCookies = ctx[CTX_COOKIES_OBJ];
+        if (objCookies === null || objCookies === void 0 ? void 0 : objCookies.length) {
+            merged.cookies = [...((_b = res.cookies) !== null && _b !== void 0 ? _b : []), ...objCookies];
+        }
+        // (optional) header fallback for environments that expect Set-Cookie header(s)
+        const cookies = ctx[CTX_COOKIES];
+        if (cookies === null || cookies === void 0 ? void 0 : cookies.length) {
+            const h = merged.headers;
+            const existing = (_c = h["Set-Cookie"]) !== null && _c !== void 0 ? _c : h["set-cookie"];
+            h["Set-Cookie"] = existing
+                ? (Array.isArray(existing) ? existing.concat(cookies) : [existing, ...cookies])
+                : cookies;
+        }
+        // merge extra headers if you use that bag
+        const extra = ctx[CTX_HEADERS];
+        if (extra)
+            for (const [k, v] of Object.entries(extra))
+                merged.headers[k] = v;
+        return merged;
+    });
+}
+//# sourceMappingURL=middleware.js.map

package/build/src/utils/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../src/utils/middleware.ts"],"names":[],"mappings":";;AAaA,wBAwDC;;AAlED;;;;;;;;GAQG;AACH,gFAAgF;AAChF,SAAgB,MAAM,CAAC,WAA0B,EAAE,OAAiB;IAClE,OAAO,CAAO,GAAgB,EAAE,GAAsB,EAA6B,EAAE;;QACjF,MAAM,KAAK,GAAkB,CAAC,GAAG,WAAW,EAAE,CAAO,CAAC,EAAE,CAAC,EAAE,EAAE,wDAAC,OAAA,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA,GAAA,CAAC,CAAC;QAE7E,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC;QACf,MAAM,QAAQ,GAAG,CAAO,CAAS,EAA6B,EAAE;YAC5D,IAAI,CAAC,IAAI,KAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;YAChE,KAAK,GAAG,CAAC,CAAC;YAEV,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACpB,IAAI,CAAC,EAAE;gBAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAE3D,yCAAyC;YACzC,MAAM,IAAI,GAAG,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACnC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YAExC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;YAClF,CAAC;YACD,OAAO,MAAM,CAAC;QAClB,CAAC,CAAA,CAAC;QAEF,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,CAAC,CAAC,CAAC;QAE9B,iDAAiD;QACjD,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QACjD,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAO,WAAW;QACnE,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC,eAAe;QAEzE,MAAM,MAAM,mCAA0B,GAAG,KAAE,OAAO,oBAAO,CAAC,MAAA,GAAG,CAAC,OAAO,mCAAI,EAAE,CAAC,IAAI,CAAC;QAEjF,0DAA0D;QAC1D,aAAa;QACb,MAAM,UAAU,GAAI,GAAW,CAAC,eAAe,CAA6B,CAAC;QAC7E,IAAI,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,EAAE,CAAC;YACrB,MAAM,CAAC,OAAO,GAAG,CAAC,GAAG,CAAC,MAAA,GAAG,CAAC,OAAO,mCAAI,EAAE,CAAC,EAAE,GAAG,UAAU,CAAC,CAAC;QAC7D,CAAC;QAED,+EAA+E;QAC/E,MAAM,OAAO,GAAI,GAAW,CAAC,WAAW,CAAyB,CAAC;QAClE,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,EAAE,CAAC;YAClB,MAAM,CAAC,GAAG,MAAM,CAAC,OAAc,CAAC;YAChC,MAAM,QAAQ,GAAG,MAAA,CAAC,CAAC,YAAY,CAAC,mCAAI,CAAC,CAAC,YAAY,CAAC,CAAC;YACpD,CAAC,CAAC,YAAY,CAAC,GAAG,QAAQ;gBACtB,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,GAAG,OAAO,CAAC,CAAC;gBAC/E,CAAC,CAAC,OAAO,CAAC;QAClB,CAAC;QAED,0CAA0C;QAC1C,MAAM,KAAK,GAAI,GAAW,CAAC,WAAW,CAAkD,CAAC;QACzF,IAAI,KAAK;YAAE,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;gBAAG,MAAM,CAAC,OAAe,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAEtF,OAAO,MAAM,CAAC;IAGlB,CAAC,CAAA,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@culturefy/shared",
   "description": "Shared utilities for culturefy serverless services",
-  "version": "1.0.38",
+  "version": "1.0.40",
   "main": "build/cjs/index.js",
   "module": "build/esm/index.js",
   "types": "build/src/index.d.ts",

package/src/constants/app.ts

@@ -0,0 +1,40 @@
+import { IAppId, IDomainMappings } from "../types/app";
+
+export const APP_MAP: Record<IAppId, IDomainMappings> = {
+  '3238hxa2': {
+      appId: "3238hxa2",
+      name: "superadmin",
+      clientId: "cfy-superadmin-web",
+      domains: {
+          local: ["localhost:5173", "127.0.0.1:5173"],
+          dev: ["accounts.dev.culturefy.app"],
+          staging: ["accounts.staging.culturefy.app"],
+          prod: ["accounts.culturefy.app"]
+      },
+
+      auth: {
+          realm: "superadmin",
+          clientId: "cfy-superadmin-web",
+      },
+
+      exclude: {
+          prod: [] // e.g. add "app.culturefy.app" to prevent misrouting
+      },
+      cookie: {
+          prefix: "__Secure-auth",
+          domain: {
+              local: null, // host-bound in local
+              dev: ".culturefy.dev", // adjust to your dev root
+              staging: ".culturefy.staging", // adjust to your staging root
+              prod: ".culturefy.app"
+          },
+          path: "/",
+          sameSite: "None",
+          secure: true,
+          httpOnly: true,
+          maxAgeSec: { sid: 15 * 60, rt: 30 * 24 * 60 * 60 } // 15m / 30d
+      }
+
+  },
+
+};

package/src/constants/index.ts

@@ -0,0 +1 @@
+export * from './app';

package/src/index.ts

@@ -1,4 +1,5 @@
 export * from './types';
 export * from './enums';
 export * from './utils';
-export * from './middlewares';
+export * from './middlewares';
+export * from './constants';

package/src/middlewares/verify-middleware.ts

@@ -0,0 +1,197 @@
+import { HttpResponseInit } from "@azure/functions";
+import { HttpRequest } from "@azure/functions";
+import { InvocationContext } from "@azure/functions";
+import { sendResponse } from "../utils";
+import { IMiddleware } from "../types/middleware";
+import { IAppId } from "../types/app";
+import { APP_MAP } from "../constants";
+import { jwtDecode } from "jwt-decode";
+import { setCookieKV } from "../utils/cookies";
+
+const apiURL = process.env.REFRESH_SESSION_URL || ''
+
+const parseCookieHeader = (header: string | null | undefined) => {
+  const out: Record<string, string> = {};
+  if (!header) return out;
+  for (const part of header.split(";")) {
+    const [k, ...rest] = part.trim().split("=");
+    if (!k) continue;
+    out[k] = decodeURIComponent(rest.join("=") || "");
+  }
+  return out;
+};
+
+export const verifyMw: IMiddleware = async (
+  req: HttpRequest,
+  ctx: InvocationContext,
+  next: () => Promise<HttpResponseInit>
+): Promise<HttpResponseInit> => {
+  const appId = req.headers.get("app-id") as IAppId | undefined;
+
+  if (!appId || !APP_MAP?.[appId]?.clientId) {
+    return sendResponse(400, { status: "bad_request", reason: "invalid_app" });
+  }
+  
+  const expectedClientId = APP_MAP[appId].clientId;
+
+  // cookies
+  const cookies = parseCookieHeader(req.headers.get("cookie"));
+  const at = cookies[`__Secure-session-v1.${appId}.at`];
+  const rt = cookies[`__Secure-session-v1.${appId}.rt`];
+
+  if (!at && !rt) {
+    return sendResponse(401, { status: "unauthenticated", reason: "no_tokens" });
+  }
+
+  // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)
+  let p: any;
+  try {
+    p = jwtDecode(at);
+  } catch {
+    return sendResponse(401, { status: "unauthenticated", reason: "invalid_token" });
+  }
+
+  if (!p?.sid) {
+    return sendResponse(401, { status: "unauthenticated", reason: "user_not_found" });
+  }
+
+  const now = Math.floor(Date.now() / 1000);
+  // if (typeof p.exp === "number" && p.exp <= now) {
+  if (typeof p.exp === "number" && p.exp >= now) {
+    // Delegate to refresh helper; it will handle setting cookies/state or returning an error
+    return await getNewRefreshToken(req, ctx, appId, expectedClientId, rt, p, next);
+  }
+
+  // audience checks
+  const audOk =
+    (Array.isArray(p.aud) && p.aud.includes(expectedClientId)) ||
+    (typeof p.aud === "string" && (p.aud === expectedClientId || p.aud === "account")) ||
+    p.azp === expectedClientId;
+
+  if (!audOk) {
+    return sendResponse(403, { status: "forbidden", reason: "audience_mismatch" });
+  }
+
+
+  setCookieKV(ctx, 'ew','rre');
+
+  // pass data downstream
+  (ctx as any).state ??= {};
+  const tenantId = p.cfy_tid ?? (p.iss ? new URL(p.iss).pathname.split("/").pop() : null);
+
+  (ctx as any).state.auth = {
+    appId,
+    userId: p.sub ?? null,
+    businessId: p.cfy_bid ?? tenantId ?? null,
+    tenantId,
+    email: p.email ?? p.preferred_username ?? null,
+    name: p.name ?? undefined,
+    roles: p.resource_access?.[expectedClientId]?.roles ?? p.realm_access?.roles ?? [],
+    exp: p.exp,
+  };
+
+  return next();
+};
+
+
+
+async function getNewRefreshToken(
+  req: HttpRequest,
+  ctx: InvocationContext,
+  appId: IAppId,
+  expectedClientId: string,
+  rt: string | undefined,
+  p: any,
+  next: () => Promise<HttpResponseInit>
+): Promise<HttpResponseInit> {
+  // Attempt server-side refresh using RT
+  if (!rt) {
+    return sendResponse(401, { status: "unauthenticated", reason: "expired_no_rt" });
+  }
+
+  // Resolve realm for refresh
+  let realmId: string | undefined = APP_MAP[appId].auth?.realm;
+  if (!realmId) {
+    try {
+      const issRealm = p?.iss ? new URL(p.iss).pathname.split("/").pop() : undefined;
+      realmId = (p as any)?.cfy_tid || issRealm || undefined;
+    } catch {
+      realmId = undefined;
+    }
+  }
+
+  if (!realmId) {
+    return sendResponse(401, { status: "unauthenticated", reason: "cannot_resolve_realm" });
+  }
+
+  ctx.info("refreshing token payload ----------------------", {
+    realmId,
+    expectedClientId,
+    rt
+  });
+
+
+  // Call auth service to refresh
+  try {
+    const resp = await fetch(apiURL, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ 
+        realmId, 
+        clientId: expectedClientId, 
+        refresh_token: rt
+      })
+    });
+
+    if (!resp.ok) {
+      const text = await resp.text();
+      ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);
+      return sendResponse(401, { status: "unauthenticated", reason: "refresh_failed" });
+    }
+
+
+    const payload = await resp.json();
+    const data = payload?.data || {};
+    const newAT = data.access_token as string | undefined;
+    const newRT = data.refresh_token as string | undefined;
+    if (!newAT || !newRT) {
+      return sendResponse(401, { status: "unauthenticated", reason: "invalid_refresh_response" });
+    }
+
+    // Set refreshed cookies for client session
+    setCookieKV(ctx, `__Secure-session-v1.${appId}.at`, newAT);
+    setCookieKV(ctx, `__Secure-session-v1.${appId}.rt`, newRT);
+
+    // Decode new AT and proceed
+    let p2: any;
+    try { p2 = jwtDecode(newAT); } catch { return sendResponse(401, { status: "unauthenticated", reason: "invalid_new_token" }); }
+
+    const audOk2 =
+      (Array.isArray(p2.aud) && p2.aud.includes(expectedClientId)) ||
+      (typeof p2.aud === "string" && (p2.aud === expectedClientId || p2.aud === "account")) ||
+      p2.azp === expectedClientId;
+    if (!audOk2) {
+      return sendResponse(403, { status: "forbidden", reason: "audience_mismatch" });
+    }
+
+    // Update downstream auth state with refreshed token
+    (ctx as any).state ??= {};
+    const tenantId2 = p2.cfy_tid ?? (p2.iss ? new URL(p2.iss).pathname.split("/").pop() : null);
+    (ctx as any).state.auth = {
+      appId,
+      userId: p2.sub ?? null,
+      businessId: p2.cfy_bid ?? tenantId2 ?? null,
+      tenantId: tenantId2,
+      email: p2.email ?? p2.preferred_username ?? null,
+      name: p2.name ?? undefined,
+      roles: p2.resource_access?.[expectedClientId]?.roles ?? p2.realm_access?.roles ?? [],
+      exp: p2.exp,
+    };
+
+    // Continue pipeline after refresh
+    return next();
+  } catch (e) {
+    ctx.error?.("refresh exception", e as any);
+    return sendResponse(401, { status: "unauthenticated", reason: "refresh_exception" });
+  }
+}

package/src/types/app.ts

@@ -0,0 +1,27 @@
+export type IAppId = "3238hxa2";
+
+export interface IDomainMappings {
+  domains: Record<string, string[]>;
+  clientId: string;
+  appId: string;
+  name: string;
+  exclude: Record<string, string[]>;
+  cookie: {
+      prefix: string;
+      domain: {
+          local: string | null;
+          dev: string;
+          staging: string;
+          prod: string;
+      };
+      path: string;
+      sameSite: string;
+      secure: boolean;
+      httpOnly: boolean;
+      maxAgeSec: { sid: number; rt: number };
+  };
+  auth?: {
+      realm: string;
+      clientId: string;
+  };
+}

package/src/types/middleware.ts

@@ -0,0 +1,10 @@
+import { HttpRequest, HttpResponseInit, InvocationContext } from "@azure/functions";
+
+
+export type IMiddleware = (
+  req: HttpRequest,
+  ctx: InvocationContext,
+  next: () => Promise<HttpResponseInit>
+) => Promise<HttpResponseInit>;
+
+export type IHandler = (req: HttpRequest, ctx: InvocationContext) => Promise<HttpResponseInit>;

package/src/utils/cookies.ts

@@ -0,0 +1,24 @@
+import { InvocationContext } from "@azure/functions";
+
+export function setCookieKV(ctx: InvocationContext, key: string, value: string): void {
+  // Object-cookie bag (preferred)
+  const CTX_COOKIES_OBJ = Symbol.for("cfy.resCookies.obj");
+  // @ts-ignore
+  const objBag = ((ctx as any)[CTX_COOKIES_OBJ] ??= [] as HttpCookie[]);
+  objBag.push({
+      name: key,
+      value,
+      path: "/",
+      httpOnly: true,
+      secure: true,       // drop to false if testing on http://
+      sameSite: "None",   // use "Lax" for same-site
+      maxAge: 300,        // seconds
+  });
+
+  // (Optional) Keep your string fallback too:
+  const CTX_COOKIES = Symbol.for("cfy.resCookies");
+  const strBag = ((ctx as any)[CTX_COOKIES] ??= [] as string[]);
+  strBag.push(
+      `${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/; HttpOnly; SameSite=None; Secure; Max-Age=300`
+  );
+}

package/src/utils/index.ts

@@ -2,4 +2,5 @@ export * from './secrets';
 export * from './response';
 export * from './initializers';
 export * from './mapper';
-export * from './jwt';
+export * from './jwt';
+export * from './middleware';

package/src/utils/middleware.ts

@@ -0,0 +1,70 @@
+import { app, HttpRequest, HttpResponseInit, InvocationContext } from "@azure/functions";
+import { IHandler, IMiddleware } from "../types/middleware";
+
+/**
+ * Compose Azure Functions middlewares (Koa-style).
+ * Each middleware gets (req, ctx, next) and must either:
+ *  - `return await next()` to pass-through, or
+ *  - `return <HttpResponseInit>` to short-circuit.
+ *
+ * Any headers/cookies accumulated on ctx via Symbol.for("cfy.resHeaders"/"cfy.resCookies")
+ * are merged into the final response.
+ */
+// ---- withMW (kept small; merges any ctx headers/cookies if you use them) ----
+export function withMW(middlewares: IMiddleware[], handler: IHandler) {
+  return async (req: HttpRequest, ctx: InvocationContext): Promise<HttpResponseInit> => {
+      const stack: IMiddleware[] = [...middlewares, async (r, c) => handler(r, c)];
+
+      let index = -1;
+      const dispatch = async (i: number): Promise<HttpResponseInit> => {
+          if (i <= index) throw new Error("next() called multiple times");
+          index = i;
+
+          const fn = stack[i];
+          if (!fn) throw new Error("No handler in middleware stack");
+
+          // next always returns a HttpResponseInit
+          const next = () => dispatch(i + 1);
+          const result = await fn(req, ctx, next);
+
+          if (result === undefined) {
+              throw new Error("Middleware must return a response or `return await next()`");
+          }
+          return result;
+      };
+
+      const res = await dispatch(0);
+
+      // optional: merge bags if you set them elsewhere
+      const CTX_HEADERS = Symbol.for("cfy.resHeaders");
+      const CTX_COOKIES = Symbol.for("cfy.resCookies");       // string[]
+      const CTX_COOKIES_OBJ = Symbol.for("cfy.resCookies.obj"); // HttpCookie[]
+
+      const merged: HttpResponseInit = { ...res, headers: { ...(res.headers ?? {}) } };
+
+      // merge cookies as objects (preferred by Azure Functions)
+      // @ts-ignore
+      const objCookies = (ctx as any)[CTX_COOKIES_OBJ] as HttpCookie[] | undefined;
+      if (objCookies?.length) {
+          merged.cookies = [...(res.cookies ?? []), ...objCookies];
+      }
+
+      // (optional) header fallback for environments that expect Set-Cookie header(s)
+      const cookies = (ctx as any)[CTX_COOKIES] as string[] | undefined;
+      if (cookies?.length) {
+          const h = merged.headers as any;
+          const existing = h["Set-Cookie"] ?? h["set-cookie"];
+          h["Set-Cookie"] = existing
+              ? (Array.isArray(existing) ? existing.concat(cookies) : [existing, ...cookies])
+              : cookies;
+      }
+
+      // merge extra headers if you use that bag
+      const extra = (ctx as any)[CTX_HEADERS] as Record<string, string | string[]> | undefined;
+      if (extra) for (const [k, v] of Object.entries(extra)) (merged.headers as any)[k] = v;
+
+      return merged;
+
+
+  };
+}