@dangao/bun-server 0.1.3 → 0.1.4

package/dist/index.js

@@ -1,4 +1,20 @@
 // @bun
+var __legacyDecorateClassTS = function(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function")
+    r = Reflect.decorate(decorators, target, key, desc);
+  else
+    for (var i = decorators.length - 1;i >= 0; i--)
+      if (d = decorators[i])
+        r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __legacyDecorateParamTS = (index, decorator) => (target, key) => decorator(target, key, index);
+var __legacyMetadataTS = (k, v) => {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function")
+    return Reflect.metadata(k, v);
+};
+
 // src/request/body-parser.ts
 class BodyParser {
   static async parse(request) {
@@ -141,9 +157,12 @@ class Context {
     this.statusCode = code;
   }
   createResponse(body, init) {
+    if (body instanceof Response) {
+      return body;
+    }
     const headers = new Headers(this.responseHeaders);
     if (body !== undefined && body !== null) {
-      if (typeof body === "object" && !(body instanceof Response) && !(body instanceof ArrayBuffer)) {
+      if (typeof body === "object" && !(body instanceof ArrayBuffer) && !(body instanceof Blob)) {
         headers.set("Content-Type", "application/json");
         const jsonString = JSON.stringify(body);
         return new Response(jsonString, {
@@ -271,15 +290,19 @@ class Route {
   method;
   path;
   handler;
+  controllerClass;
+  methodName;
   pattern;
   paramNames;
   middlewarePipeline;
   staticKey;
   isStatic;
-  constructor(method, path, handler, middlewares = []) {
+  constructor(method, path, handler, middlewares = [], controllerClass, methodName) {
     this.method = method;
     this.path = path;
     this.handler = handler;
+    this.controllerClass = controllerClass;
+    this.methodName = methodName;
     const { pattern, paramNames } = this.parsePath(path);
     this.pattern = pattern;
     this.paramNames = paramNames;
@@ -328,8 +351,15 @@ class Router {
   routes = [];
   staticRoutes = new Map;
   dynamicRoutes = [];
-  register(method, path, handler, middlewares = []) {
-    const route = new Route(method, path, handler, middlewares);
+  normalizePath(path) {
+    if (path.length > 1 && path.endsWith("/")) {
+      return path.slice(0, -1);
+    }
+    return path;
+  }
+  register(method, path, handler, middlewares = [], controllerClass, methodName) {
+    const normalizedPath = this.normalizePath(path);
+    const route = new Route(method, normalizedPath, handler, middlewares, controllerClass, methodName);
     this.routes.push(route);
     const staticKey = route.getStaticKey();
     if (staticKey) {
@@ -368,14 +398,21 @@ class Router {
   }
   async handle(context) {
     const method = context.method;
-    const route = this.findRoute(method, context.path);
+    const path = this.normalizePath(context.path);
+    const route = this.findRoute(method, path);
     if (!route) {
       return;
     }
-    const match = route.match(method, context.path);
+    const match = route.match(method, path);
     if (match.matched) {
       context.params = match.params;
     }
+    if (route.controllerClass && route.methodName) {
+      context.routeHandler = {
+        controller: route.controllerClass,
+        method: route.methodName
+      };
+    }
     return await route.execute(context);
   }
   getRoutes() {
@@ -401,8 +438,8 @@ class RouteRegistry {
     }
     return RouteRegistry.instance;
   }
-  register(method, path, handler, middlewares = []) {
-    this.router.register(method, path, handler, middlewares);
+  register(method, path, handler, middlewares = [], controllerClass, methodName) {
+    this.router.register(method, path, handler, middlewares, controllerClass, methodName);
   }
   get(path, handler, middlewares = []) {
     this.router.get(path, handler, middlewares);
@@ -1487,6 +1524,9 @@ class ControllerRegistry {
           }
           const result = method.apply(controllerInstance, params);
           const responseData = await Promise.resolve(result);
+          if (responseData instanceof Response) {
+            return responseData;
+          }
           return context.createResponse(responseData);
         } catch (error) {
           if (error instanceof ValidationError) {
@@ -1512,7 +1552,7 @@ class ControllerRegistry {
       if (propertyKey) {
         middlewares.push(...getMethodMiddlewares(prototype, propertyKey));
       }
-      registry.register(route.method, fullPath, handler, middlewares);
+      registry.register(route.method, fullPath, handler, middlewares, controllerClass, propertyKey);
     }
   }
   combinePaths(basePath, methodPath) {
@@ -1526,6 +1566,9 @@ class ControllerRegistry {
   getContainer() {
     return this.container;
   }
+  getRegisteredControllers() {
+    return Array.from(this.controllerContainers.keys());
+  }
   clear() {
     this.controllers.clear();
     this.container.clear();
@@ -1685,7 +1728,9 @@ function getModuleMetadata(moduleClass) {
     imports: metadata.imports ?? [],
     controllers: metadata.controllers ?? [],
     providers: metadata.providers ?? [],
-    exports: metadata.exports ?? []
+    exports: metadata.exports ?? [],
+    extensions: metadata.extensions ?? [],
+    middlewares: metadata.middlewares ?? []
   };
 }
 
@@ -1744,7 +1789,9 @@ class ModuleRegistry {
       metadata,
       container,
       controllersRegistered: false,
-      attachedParents: new Set
+      attachedParents: new Set,
+      extensions: metadata.extensions ?? [],
+      middlewares: metadata.middlewares ?? []
     };
     this.registerControllers(ref);
     this.moduleRefs.set(moduleClass, ref);
@@ -1796,6 +1843,27 @@ class ModuleRegistry {
     for (const exportedToken of moduleRef.metadata.exports) {
       this.registerExport(parentContainer, moduleRef, exportedToken);
     }
+    for (const imported of moduleRef.metadata.imports) {
+      const importedRef = this.moduleRefs.get(imported);
+      if (importedRef) {
+        moduleRef.extensions.push(...importedRef.extensions);
+        moduleRef.middlewares.push(...importedRef.middlewares);
+      }
+    }
+  }
+  getModuleExtensions(moduleClass) {
+    const moduleRef = this.moduleRefs.get(moduleClass);
+    if (!moduleRef) {
+      return [];
+    }
+    return moduleRef.extensions;
+  }
+  getModuleMiddlewares(moduleClass) {
+    const moduleRef = this.moduleRefs.get(moduleClass);
+    if (!moduleRef) {
+      return [];
+    }
+    return moduleRef.middlewares;
   }
   registerExport(parentContainer, moduleRef, token) {
     if (!moduleRef.container.isRegistered(token)) {
@@ -1868,6 +1936,14 @@ class Application {
   registerModule(moduleClass) {
     const registry = ModuleRegistry.getInstance();
     registry.register(moduleClass, this.getContainer());
+    const extensions = registry.getModuleExtensions(moduleClass);
+    for (const extension of extensions) {
+      this.registerExtension(extension);
+    }
+    const middlewares = registry.getModuleMiddlewares(moduleClass);
+    for (const middleware of middlewares) {
+      this.use(middleware);
+    }
   }
   registerWebSocketGateway(gatewayClass) {
     this.websocketRegistry.register(gatewayClass);
@@ -1993,8 +2069,1048 @@ class ResponseBuilder {
     });
   }
 }
+// src/extensions/logger-module.ts
+class LoggerModule {
+  static forRoot(options = {}) {
+    const extensions = [];
+    const middlewares = [];
+    const loggerExtension = new LoggerExtension(options.logger);
+    extensions.push(loggerExtension);
+    if (options.enableRequestLogging !== false) {
+      const requestLoggingMiddleware = createLoggerMiddleware({
+        prefix: options.requestLoggingPrefix
+      });
+      middlewares.push(requestLoggingMiddleware);
+    }
+    const existingMetadata = Reflect.getMetadata(MODULE_METADATA_KEY, LoggerModule) || {};
+    const metadata = {
+      ...existingMetadata,
+      extensions,
+      middlewares
+    };
+    Reflect.defineMetadata(MODULE_METADATA_KEY, metadata, LoggerModule);
+    return LoggerModule;
+  }
+}
+LoggerModule = __legacyDecorateClassTS([
+  Module({
+    extensions: [],
+    middlewares: []
+  })
+], LoggerModule);
+
 // src/extensions/index.ts
 import { LoggerManager as LoggerManager7, LogLevel as LogLevel2, SimpleLogger as SimpleLogger2 } from "@dangao/logsmith";
+// src/swagger/decorators.ts
+import"reflect-metadata";
+var API_TAG_METADATA_KEY = Symbol("swagger:api-tag");
+var API_OPERATION_METADATA_KEY = Symbol("swagger:api-operation");
+var API_PARAM_METADATA_KEY = Symbol("swagger:api-param");
+var API_BODY_METADATA_KEY = Symbol("swagger:api-body");
+var API_RESPONSE_METADATA_KEY = Symbol("swagger:api-response");
+function ApiTags(...tags) {
+  return function(target, propertyKey) {
+    if (propertyKey === undefined) {
+      Reflect.defineMetadata(API_TAG_METADATA_KEY, tags, target);
+    } else {
+      const existingTags = Reflect.getMetadata(API_TAG_METADATA_KEY, target, propertyKey) || [];
+      Reflect.defineMetadata(API_TAG_METADATA_KEY, [...existingTags, ...tags], target, propertyKey);
+    }
+  };
+}
+function ApiOperation(metadata) {
+  return function(target, propertyKey) {
+    Reflect.defineMetadata(API_OPERATION_METADATA_KEY, metadata, target, propertyKey);
+  };
+}
+function ApiParam(metadata) {
+  return function(target, propertyKey, parameterIndex) {
+    const existingParams = Reflect.getMetadata(API_PARAM_METADATA_KEY, target, propertyKey) || [];
+    existingParams.push({ index: parameterIndex, metadata });
+    Reflect.defineMetadata(API_PARAM_METADATA_KEY, existingParams, target, propertyKey);
+  };
+}
+function ApiBody(metadata) {
+  return function(target, propertyKey) {
+    Reflect.defineMetadata(API_BODY_METADATA_KEY, metadata, target, propertyKey);
+  };
+}
+function ApiResponse(metadata) {
+  return function(target, propertyKey) {
+    const existingResponses = Reflect.getMetadata(API_RESPONSE_METADATA_KEY, target, propertyKey) || [];
+    existingResponses.push(metadata);
+    Reflect.defineMetadata(API_RESPONSE_METADATA_KEY, existingResponses, target, propertyKey);
+  };
+}
+function getApiTags(target, propertyKey) {
+  if (propertyKey === undefined) {
+    return Reflect.getMetadata(API_TAG_METADATA_KEY, target) || [];
+  }
+  return Reflect.getMetadata(API_TAG_METADATA_KEY, target, propertyKey) || [];
+}
+function getApiOperation(target, propertyKey) {
+  return Reflect.getMetadata(API_OPERATION_METADATA_KEY, target, propertyKey);
+}
+function getApiParams(target, propertyKey) {
+  return Reflect.getMetadata(API_PARAM_METADATA_KEY, target, propertyKey) || [];
+}
+function getApiBody(target, propertyKey) {
+  return Reflect.getMetadata(API_BODY_METADATA_KEY, target, propertyKey);
+}
+function getApiResponses(target, propertyKey) {
+  return Reflect.getMetadata(API_RESPONSE_METADATA_KEY, target, propertyKey) || [];
+}
+// src/swagger/generator.ts
+class SwaggerGenerator {
+  options;
+  constructor(options) {
+    this.options = options;
+  }
+  generate() {
+    const document = {
+      openapi: "3.0.0",
+      info: {
+        title: this.options.info.title,
+        version: this.options.info.version,
+        description: this.options.info.description,
+        contact: this.options.info.contact,
+        license: this.options.info.license
+      },
+      servers: this.options.servers,
+      tags: this.options.tags,
+      paths: {}
+    };
+    const controllerRegistry = ControllerRegistry.getInstance();
+    const controllers = controllerRegistry.getRegisteredControllers();
+    if (controllers.length === 0) {
+      return document;
+    }
+    for (const controllerClass of controllers) {
+      const controllerMetadata = getControllerMetadata(controllerClass);
+      if (!controllerMetadata) {
+        console.log(`[SwaggerGenerator] No metadata for controller: ${controllerClass.name}`);
+        continue;
+      }
+      const basePath = controllerMetadata.path;
+      const prototype = controllerClass.prototype;
+      const routes = getRouteMetadata(prototype);
+      if (!routes || routes.length === 0) {
+        continue;
+      }
+      const controllerTags = getApiTags(controllerClass);
+      for (const route of routes) {
+        let propertyKey = route.propertyKey;
+        if (!propertyKey && route.handler) {
+          propertyKey = route.handler.name;
+          if (!propertyKey || propertyKey === "") {
+            const propertyNames = Object.getOwnPropertyNames(prototype);
+            for (const key of propertyNames) {
+              if (key === "constructor")
+                continue;
+              const descriptor = Object.getOwnPropertyDescriptor(prototype, key);
+              if (descriptor && descriptor.value === route.handler) {
+                propertyKey = key;
+                break;
+              }
+            }
+          }
+        }
+        if (!propertyKey) {
+          continue;
+        }
+        const method = route.method.toLowerCase();
+        let methodPath = route.path;
+        if (methodPath && !methodPath.startsWith("/")) {
+          methodPath = "/" + methodPath;
+        }
+        const swaggerPath = (basePath + methodPath).replace(/:([^/]+)/g, "{$1}");
+        const fullPath = this.normalizePath(swaggerPath);
+        const operationMetadata = getApiOperation(prototype, propertyKey);
+        const methodTags = getApiTags(prototype, propertyKey);
+        const params = getApiParams(prototype, propertyKey);
+        const body = getApiBody(prototype, propertyKey);
+        const responses = getApiResponses(prototype, propertyKey);
+        const tags = [...new Set([...controllerTags, ...methodTags])];
+        const pathItem = {
+          summary: operationMetadata?.summary,
+          description: operationMetadata?.description,
+          operationId: operationMetadata?.operationId || propertyKey,
+          tags: tags.length > 0 ? tags : undefined,
+          deprecated: operationMetadata?.deprecated
+        };
+        const pathParams = [];
+        const pathParamMatches = fullPath.matchAll(/\{([^}]+)\}/g);
+        for (const match of pathParamMatches) {
+          const paramName = match[1];
+          const existingParam = params.find((p) => p.metadata.name === paramName && p.metadata.in === "path");
+          if (!existingParam) {
+            pathParams.push({
+              name: paramName,
+              in: "path",
+              required: true,
+              schema: { type: "string" }
+            });
+          }
+        }
+        for (const param of params) {
+          pathParams.push({
+            name: param.metadata.name,
+            in: param.metadata.in,
+            description: param.metadata.description,
+            required: param.metadata.required,
+            schema: param.metadata.schema
+          });
+        }
+        if (pathParams.length > 0) {
+          pathItem.parameters = pathParams;
+        }
+        if (body) {
+          pathItem.requestBody = {
+            description: body.description,
+            required: body.required,
+            content: {
+              "application/json": {
+                schema: body.schema,
+                examples: body.examples
+              }
+            }
+          };
+        }
+        if (responses.length > 0) {
+          pathItem.responses = {};
+          for (const response of responses) {
+            pathItem.responses[String(response.status)] = {
+              description: response.description,
+              content: {
+                "application/json": {
+                  schema: response.schema,
+                  examples: response.examples
+                }
+              }
+            };
+          }
+        } else {
+          pathItem.responses = {
+            "200": {
+              description: "Success"
+            }
+          };
+        }
+        if (!document.paths[fullPath]) {
+          document.paths[fullPath] = {};
+        }
+        document.paths[fullPath][method] = pathItem;
+      }
+    }
+    return document;
+  }
+  normalizePath(path) {
+    path = path.replace(/\/+/g, "/");
+    if (!path.startsWith("/")) {
+      path = "/" + path;
+    }
+    if (path.length > 1 && path.endsWith("/")) {
+      path = path.slice(0, -1);
+    }
+    return path;
+  }
+}
+// src/swagger/swagger-extension.ts
+class SwaggerExtension {
+  options;
+  generator;
+  constructor(options) {
+    this.options = options;
+  }
+  register(_container) {
+    this.generator = new SwaggerGenerator(this.options);
+  }
+  getGenerator() {
+    if (!this.generator) {
+      this.generator = new SwaggerGenerator(this.options);
+    }
+    return this.generator;
+  }
+  generateJSON() {
+    return JSON.stringify(this.getGenerator().generate(), null, 2);
+  }
+}
+// src/swagger/ui.ts
+var SWAGGER_UI_HTML = (jsonUrl, title) => `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>${title} - Swagger UI</title>
+  <link rel="stylesheet" type="text/css" href="https://unpkg.com/swagger-ui-dist@5.9.0/swagger-ui.css" />
+  <style>
+    html {
+      box-sizing: border-box;
+      overflow: -moz-scrollbars-vertical;
+      overflow-y: scroll;
+    }
+    *, *:before, *:after {
+      box-sizing: inherit;
+    }
+    body {
+      margin:0;
+      background: #fafafa;
+    }
+  </style>
+</head>
+<body>
+  <div id="swagger-ui"></div>
+  <script src="https://unpkg.com/swagger-ui-dist@5.9.0/swagger-ui-bundle.js"></script>
+  <script src="https://unpkg.com/swagger-ui-dist@5.9.0/swagger-ui-standalone-preset.js"></script>
+  <script>
+    window.onload = function() {
+      const ui = SwaggerUIBundle({
+        url: "${jsonUrl}",
+        dom_id: '#swagger-ui',
+        deepLinking: true,
+        presets: [
+          SwaggerUIBundle.presets.apis,
+          SwaggerUIStandalonePreset
+        ],
+        plugins: [
+          SwaggerUIBundle.plugins.DownloadUrl
+        ],
+        layout: "StandaloneLayout"
+      });
+    };
+  </script>
+</body>
+</html>`;
+function createSwaggerUIMiddleware(extension, options = {}) {
+  const uiPath = options.uiPath || "/swagger";
+  const jsonPath = options.jsonPath || "/swagger.json";
+  const title = options.title || "API Documentation";
+  return async (ctx, next) => {
+    const url = new URL(ctx.request.url);
+    const pathname = url.pathname;
+    if (pathname === uiPath || pathname === `${uiPath}/`) {
+      const html = SWAGGER_UI_HTML(jsonPath, title);
+      return new Response(html, {
+        headers: {
+          "Content-Type": "text/html; charset=utf-8"
+        }
+      });
+    }
+    if (pathname === jsonPath) {
+      const json = extension.generateJSON();
+      return new Response(json, {
+        headers: {
+          "Content-Type": "application/json; charset=utf-8"
+        }
+      });
+    }
+    return await next();
+  };
+}
+
+// src/swagger/swagger-module.ts
+class SwaggerModule {
+  static forRoot(options) {
+    const extensions = [];
+    const middlewares = [];
+    const swaggerExtension = new SwaggerExtension({
+      info: options.info,
+      servers: options.servers,
+      basePath: options.basePath,
+      tags: options.tags
+    });
+    extensions.push(swaggerExtension);
+    if (options.enableUI !== false) {
+      const uiMiddleware = createSwaggerUIMiddleware(swaggerExtension, {
+        uiPath: options.uiPath || "/swagger",
+        jsonPath: options.jsonPath || "/swagger.json",
+        title: options.uiTitle || options.info.title || "API Documentation"
+      });
+      middlewares.push(uiMiddleware);
+    }
+    const existingMetadata = Reflect.getMetadata(MODULE_METADATA_KEY, SwaggerModule) || {};
+    const metadata = {
+      ...existingMetadata,
+      extensions,
+      middlewares
+    };
+    Reflect.defineMetadata(MODULE_METADATA_KEY, metadata, SwaggerModule);
+    return SwaggerModule;
+  }
+}
+SwaggerModule = __legacyDecorateClassTS([
+  Module({
+    extensions: [],
+    middlewares: []
+  })
+], SwaggerModule);
+// src/security/context.ts
+class SecurityContextImpl {
+  _authentication = null;
+  get authentication() {
+    return this._authentication;
+  }
+  setAuthentication(authentication) {
+    this._authentication = authentication;
+  }
+  isAuthenticated() {
+    return this._authentication?.authenticated ?? false;
+  }
+  getPrincipal() {
+    return this._authentication?.principal ?? null;
+  }
+  getAuthorities() {
+    return this._authentication?.authorities ?? [];
+  }
+  clear() {
+    this._authentication = null;
+  }
+}
+
+class SecurityContextHolder {
+  static contexts = new Map;
+  static getContext() {
+    const threadId = Bun.main ? 0 : Date.now();
+    if (!this.contexts.has(threadId)) {
+      this.contexts.set(threadId, new SecurityContextImpl);
+    }
+    return this.contexts.get(threadId);
+  }
+  static clearContext() {
+    const threadId = Bun.main ? 0 : Date.now();
+    this.contexts.delete(threadId);
+  }
+}
+// src/security/authentication-manager.ts
+class AuthenticationManager {
+  providers = [];
+  registerProvider(provider) {
+    this.providers.push(provider);
+  }
+  async authenticate(request) {
+    const type = request.type || "default";
+    const provider = this.providers.find((p) => p.supports(type));
+    if (!provider) {
+      throw new Error(`No authentication provider found for type: ${type}`);
+    }
+    return await provider.authenticate(request);
+  }
+  getProviders() {
+    return [...this.providers];
+  }
+}
+// src/security/access-decision-manager.ts
+class RoleBasedAccessDecisionManager {
+  decide(authentication, requiredAuthorities) {
+    if (requiredAuthorities.length === 0) {
+      return true;
+    }
+    if (!authentication.authenticated) {
+      return false;
+    }
+    const userAuthorities = authentication.authorities || [];
+    return requiredAuthorities.some((required) => userAuthorities.includes(required));
+  }
+}
+// src/auth/decorators.ts
+import"reflect-metadata";
+var AUTH_METADATA_KEY = Symbol("@dangao/bun-server:auth");
+function Auth(config = {}) {
+  return (target, propertyKey) => {
+    const metadata = Reflect.getMetadata(AUTH_METADATA_KEY, target) || {};
+    metadata[propertyKey] = {
+      required: config.required !== false,
+      roles: config.roles || [],
+      allowAnonymous: config.allowAnonymous || false
+    };
+    Reflect.defineMetadata(AUTH_METADATA_KEY, metadata, target);
+  };
+}
+function getAuthMetadata(target, propertyKey) {
+  const metadata = Reflect.getMetadata(AUTH_METADATA_KEY, target);
+  return metadata?.[propertyKey];
+}
+function requiresAuth(target, propertyKey) {
+  const config = getAuthMetadata(target, propertyKey);
+  return config?.required !== false;
+}
+function checkRoles(target, propertyKey, userRoles = []) {
+  const config = getAuthMetadata(target, propertyKey);
+  if (!config?.roles || config.roles.length === 0) {
+    return true;
+  }
+  return config.roles.some((role) => userRoles.includes(role));
+}
+
+// src/security/filter.ts
+function createSecurityFilter(config) {
+  const {
+    authenticationManager,
+    accessDecisionManager = new RoleBasedAccessDecisionManager,
+    excludePaths = [],
+    defaultAuthRequired = true,
+    extractToken
+  } = config;
+  return async (ctx, next) => {
+    const path = ctx.request.url.split("?")[0];
+    if (excludePaths.some((exclude) => path.startsWith(exclude))) {
+      return await next();
+    }
+    const securityContext = SecurityContextHolder.getContext();
+    try {
+      const token = extractToken ? extractToken(ctx) : extractTokenFromHeader(ctx);
+      if (token) {
+        const request = {
+          principal: "",
+          credentials: token,
+          type: "jwt"
+        };
+        const authentication = await authenticationManager.authenticate(request);
+        if (authentication) {
+          securityContext.setAuthentication(authentication);
+        }
+      }
+      const handler = ctx.routeHandler;
+      if (handler) {
+        const controller = handler.controller;
+        const method = handler.method;
+        if (requiresAuth(controller, method)) {
+          const authentication = securityContext.authentication;
+          if (!authentication || !authentication.authenticated) {
+            throw new UnauthorizedException("Authentication required");
+          }
+          const requiredRoles = getRequiredRoles(controller, method);
+          if (requiredRoles.length > 0) {
+            const hasAccess = accessDecisionManager.decide(authentication, requiredRoles);
+            if (!hasAccess) {
+              const userRoles = authentication.authorities || [];
+              throw new ForbiddenException(`Insufficient permissions. Required roles: ${requiredRoles.join(", ")}, User roles: ${userRoles.join(", ")}`);
+            }
+          }
+        }
+      } else if (defaultAuthRequired && !securityContext.isAuthenticated()) {
+        throw new UnauthorizedException("Authentication required");
+      }
+      ctx.security = securityContext;
+      ctx.auth = {
+        isAuthenticated: securityContext.isAuthenticated(),
+        user: securityContext.getPrincipal(),
+        payload: securityContext.authentication?.details
+      };
+      return await next();
+    } finally {}
+  };
+}
+function extractTokenFromHeader(ctx) {
+  const authHeader = ctx.getHeader("authorization");
+  if (!authHeader) {
+    return null;
+  }
+  const parts = authHeader.split(" ");
+  if (parts.length !== 2 || parts[0] !== "Bearer") {
+    return null;
+  }
+  return parts[1];
+}
+function getRequiredRoles(target, propertyKey) {
+  const metadata = getAuthMetadata(target, propertyKey);
+  return metadata?.roles || [];
+}
+// src/security/providers/jwt-provider.ts
+class JwtAuthenticationProvider {
+  jwtUtil;
+  supportedTypes = ["jwt", "bearer"];
+  constructor(jwtUtil) {
+    this.jwtUtil = jwtUtil;
+  }
+  supports(type) {
+    return this.supportedTypes.includes(type.toLowerCase());
+  }
+  async authenticate(request) {
+    const token = request.credentials;
+    if (!token) {
+      return null;
+    }
+    const payload = this.jwtUtil.verify(token);
+    if (!payload) {
+      return null;
+    }
+    const principal = {
+      id: payload.sub,
+      username: payload.username || payload.sub,
+      roles: payload.roles || []
+    };
+    const authorities = principal.roles || [];
+    return {
+      authenticated: true,
+      principal,
+      credentials: { type: "jwt", data: token },
+      authorities,
+      details: payload
+    };
+  }
+}
+// src/security/providers/oauth2-provider.ts
+class OAuth2AuthenticationProvider {
+  oauth2Service;
+  supportedTypes = ["oauth2", "authorization_code"];
+  constructor(oauth2Service) {
+    this.oauth2Service = oauth2Service;
+  }
+  supports(type) {
+    return this.supportedTypes.includes(type.toLowerCase());
+  }
+  async authenticate(request) {
+    const credentials = request.credentials;
+    if (!credentials || credentials.grantType !== "authorization_code") {
+      return null;
+    }
+    const tokenResponse = await this.oauth2Service.exchangeCodeForToken(credentials);
+    if (!tokenResponse) {
+      return null;
+    }
+    const userInfo = {
+      id: "user-1",
+      username: "user",
+      roles: ["user"]
+    };
+    const principal = {
+      id: userInfo.id,
+      username: userInfo.username,
+      roles: userInfo.roles
+    };
+    return {
+      authenticated: true,
+      principal,
+      credentials: {
+        type: "oauth2",
+        data: tokenResponse
+      },
+      authorities: principal.roles || [],
+      details: tokenResponse
+    };
+  }
+}
+// src/auth/jwt.ts
+class JWTUtil {
+  config;
+  constructor(config) {
+    this.config = {
+      secret: config.secret,
+      accessTokenExpiresIn: config.accessTokenExpiresIn ?? 3600,
+      refreshTokenExpiresIn: config.refreshTokenExpiresIn ?? 86400 * 7,
+      algorithm: config.algorithm ?? "HS256"
+    };
+  }
+  generateAccessToken(payload) {
+    const now = Math.floor(Date.now() / 1000);
+    const tokenPayload = {
+      ...payload,
+      sub: payload.sub,
+      iat: now,
+      exp: now + this.config.accessTokenExpiresIn
+    };
+    return this.sign(tokenPayload);
+  }
+  generateRefreshToken(payload) {
+    const now = Math.floor(Date.now() / 1000);
+    const tokenPayload = {
+      ...payload,
+      sub: payload.sub,
+      iat: now,
+      exp: now + this.config.refreshTokenExpiresIn
+    };
+    return this.sign(tokenPayload);
+  }
+  verify(token) {
+    try {
+      const parts = token.split(".");
+      if (parts.length !== 3) {
+        return null;
+      }
+      const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString("utf-8"));
+      const signature = this.signature(parts[0] + "." + parts[1]);
+      if (signature !== parts[2]) {
+        return null;
+      }
+      if (payload.exp && payload.exp < Math.floor(Date.now() / 1000)) {
+        return null;
+      }
+      return payload;
+    } catch {
+      return null;
+    }
+  }
+  sign(payload) {
+    const header = {
+      alg: this.config.algorithm,
+      typ: "JWT"
+    };
+    const encodedHeader = this.base64UrlEncode(JSON.stringify(header));
+    const encodedPayload = this.base64UrlEncode(JSON.stringify(payload));
+    const signature = this.signature(encodedHeader + "." + encodedPayload);
+    return `${encodedHeader}.${encodedPayload}.${signature}`;
+  }
+  signature(data) {
+    const encoder = new TextEncoder;
+    const keyData = encoder.encode(this.config.secret);
+    const messageData = encoder.encode(data);
+    const hash = this.hmacSha256(keyData, messageData);
+    return this.base64UrlEncode(Buffer.from(hash).toString("base64"));
+  }
+  hmacSha256(key, data) {
+    const blockSize = 64;
+    let keyBuffer;
+    if (key.length > blockSize) {
+      const hasher = new Bun.CryptoHasher("sha256");
+      hasher.update(key);
+      keyBuffer = new Uint8Array(hasher.digest());
+    } else {
+      keyBuffer = new Uint8Array(blockSize);
+      keyBuffer.set(key);
+    }
+    const oKeyPad = new Uint8Array(blockSize);
+    const iKeyPad = new Uint8Array(blockSize);
+    for (let i = 0;i < blockSize; i++) {
+      oKeyPad[i] = keyBuffer[i] ^ 92;
+      iKeyPad[i] = keyBuffer[i] ^ 54;
+    }
+    const innerData = new Uint8Array(iKeyPad.length + data.length);
+    innerData.set(iKeyPad);
+    innerData.set(data, iKeyPad.length);
+    const innerHasher = new Bun.CryptoHasher("sha256");
+    innerHasher.update(innerData);
+    const innerHash = new Uint8Array(innerHasher.digest());
+    const outerData = new Uint8Array(oKeyPad.length + innerHash.length);
+    outerData.set(oKeyPad);
+    outerData.set(innerHash, oKeyPad.length);
+    const outerHasher = new Bun.CryptoHasher("sha256");
+    outerHasher.update(outerData);
+    return new Uint8Array(outerHasher.digest());
+  }
+  base64UrlEncode(str) {
+    return Buffer.from(str).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+  }
+}
+
+// src/auth/oauth2.ts
+class OAuth2Service {
+  jwtUtil;
+  clients;
+  codes;
+  codeConfig;
+  userProvider;
+  constructor(jwtUtil, clients = [], codeConfig = {}, userProvider) {
+    this.jwtUtil = jwtUtil;
+    this.clients = new Map;
+    this.codes = new Map;
+    this.codeConfig = {
+      expiresIn: codeConfig.expiresIn ?? 600,
+      length: codeConfig.length ?? 32
+    };
+    for (const client of clients) {
+      this.clients.set(client.clientId, client);
+    }
+    this.userProvider = userProvider;
+    setInterval(() => this.cleanupExpiredCodes(), 60000);
+  }
+  registerClient(client) {
+    this.clients.set(client.clientId, client);
+  }
+  validateAuthorizationRequest(request) {
+    const client = this.clients.get(request.clientId);
+    if (!client) {
+      return { valid: false, error: "invalid_client" };
+    }
+    if (request.responseType !== "code") {
+      return { valid: false, error: "unsupported_response_type" };
+    }
+    if (!client.redirectUris.includes(request.redirectUri)) {
+      return { valid: false, error: "invalid_redirect_uri" };
+    }
+    return { valid: true };
+  }
+  generateAuthorizationCode(clientId, redirectUri, userId, scope) {
+    const code = this.generateRandomString(this.codeConfig.length);
+    const expiresAt = Date.now() + this.codeConfig.expiresIn * 1000;
+    this.codes.set(code, {
+      code,
+      clientId,
+      redirectUri,
+      userId,
+      scope,
+      expiresAt
+    });
+    return code;
+  }
+  async exchangeCodeForToken(request) {
+    if (request.grantType !== "authorization_code") {
+      return null;
+    }
+    const codeData = this.codes.get(request.code);
+    if (!codeData) {
+      return null;
+    }
+    if (codeData.expiresAt < Date.now()) {
+      this.codes.delete(request.code);
+      return null;
+    }
+    const client = this.clients.get(request.clientId);
+    if (!client || client.clientSecret !== request.clientSecret) {
+      return null;
+    }
+    if (codeData.redirectUri !== request.redirectUri) {
+      return null;
+    }
+    this.codes.delete(request.code);
+    let userInfo = null;
+    if (this.userProvider) {
+      userInfo = await this.userProvider(codeData.userId);
+    }
+    if (!userInfo) {
+      userInfo = {
+        id: codeData.userId,
+        username: codeData.userId
+      };
+    }
+    const payload = {
+      sub: userInfo.id,
+      username: userInfo.username,
+      roles: userInfo.roles
+    };
+    const accessToken = this.jwtUtil.generateAccessToken(payload);
+    const refreshToken = this.jwtUtil.generateRefreshToken(payload);
+    return {
+      accessToken,
+      tokenType: "Bearer",
+      expiresIn: this.jwtUtil["config"].accessTokenExpiresIn,
+      refreshToken,
+      scope: codeData.scope
+    };
+  }
+  async refreshToken(refreshToken) {
+    const payload = this.jwtUtil.verify(refreshToken);
+    if (!payload || !payload.sub) {
+      return null;
+    }
+    let userInfo = null;
+    if (this.userProvider) {
+      userInfo = await this.userProvider(payload.sub);
+    }
+    if (!userInfo) {
+      userInfo = {
+        id: payload.sub,
+        username: payload.username || payload.sub,
+        roles: payload.roles
+      };
+    }
+    const newPayload = {
+      sub: userInfo.id,
+      username: userInfo.username,
+      roles: userInfo.roles
+    };
+    const accessToken = this.jwtUtil.generateAccessToken(newPayload);
+    const newRefreshToken = this.jwtUtil.generateRefreshToken(newPayload);
+    return {
+      accessToken,
+      tokenType: "Bearer",
+      expiresIn: this.jwtUtil["config"].accessTokenExpiresIn,
+      refreshToken: newRefreshToken
+    };
+  }
+  generateRandomString(length) {
+    const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+    let result = "";
+    for (let i = 0;i < length; i++) {
+      result += chars.charAt(Math.floor(Math.random() * chars.length));
+    }
+    return result;
+  }
+  cleanupExpiredCodes() {
+    const now = Date.now();
+    for (const [code, data] of this.codes.entries()) {
+      if (data.expiresAt < now) {
+        this.codes.delete(code);
+      }
+    }
+  }
+}
+// src/auth/controller.ts
+var OAUTH2_SERVICE_TOKEN = Symbol("OAUTH2_SERVICE");
+var JWT_UTIL_TOKEN = Symbol("JWT_UTIL");
+
+class OAuth2Controller {
+  oauth2Service;
+  constructor(oauth2Service) {
+    this.oauth2Service = oauth2Service;
+  }
+  authorize(clientId, redirectUri, state, scope) {
+    const query = {
+      client_id: clientId,
+      redirect_uri: redirectUri,
+      ...state && { state },
+      ...scope && { scope }
+    };
+    const request = {
+      clientId: query.client_id || "",
+      redirectUri: query.redirect_uri || "",
+      responseType: "code",
+      scope: query.scope,
+      state: query.state
+    };
+    const validation = this.oauth2Service.validateAuthorizationRequest(request);
+    if (!validation.valid) {
+      throw new Error(`Invalid authorization request: ${validation.error}`);
+    }
+    const userId = "user-1";
+    const code = this.oauth2Service.generateAuthorizationCode(request.clientId, request.redirectUri, userId, request.scope);
+    const redirectUrl = new URL(request.redirectUri);
+    redirectUrl.searchParams.set("code", code);
+    if (request.state) {
+      redirectUrl.searchParams.set("state", request.state);
+    }
+    return ResponseBuilder.redirect(redirectUrl.toString());
+  }
+  async token(body) {
+    const request = {
+      code: body.code || "",
+      clientId: body.client_id || "",
+      clientSecret: body.client_secret || "",
+      redirectUri: body.redirect_uri || "",
+      grantType: body.grant_type || "authorization_code",
+      refreshToken: body.refresh_token
+    };
+    if (request.grantType === "authorization_code") {
+      const tokenResponse = await this.oauth2Service.exchangeCodeForToken(request);
+      if (!tokenResponse) {
+        return {
+          error: "invalid_grant",
+          error_description: "Invalid authorization code"
+        };
+      }
+      return tokenResponse;
+    }
+    if (request.grantType === "refresh_token" && request.refreshToken) {
+      const tokenResponse = await this.oauth2Service.refreshToken(request.refreshToken);
+      if (!tokenResponse) {
+        return {
+          error: "invalid_grant",
+          error_description: "Invalid refresh token"
+        };
+      }
+      return tokenResponse;
+    }
+    return {
+      error: "unsupported_grant_type",
+      error_description: "Unsupported grant type"
+    };
+  }
+  userinfo() {
+    return {
+      sub: "user-1",
+      username: "alice",
+      roles: ["user"]
+    };
+  }
+}
+__legacyDecorateClassTS([
+  GET("/authorize"),
+  __legacyDecorateParamTS(0, Query("client_id")),
+  __legacyDecorateParamTS(1, Query("redirect_uri")),
+  __legacyDecorateParamTS(2, Query("state")),
+  __legacyDecorateParamTS(3, Query("scope")),
+  __legacyMetadataTS("design:type", Function),
+  __legacyMetadataTS("design:paramtypes", [
+    String,
+    String,
+    String,
+    String
+  ]),
+  __legacyMetadataTS("design:returntype", undefined)
+], OAuth2Controller.prototype, "authorize", null);
+__legacyDecorateClassTS([
+  POST("/token"),
+  __legacyDecorateParamTS(0, Body()),
+  __legacyMetadataTS("design:type", Function),
+  __legacyMetadataTS("design:paramtypes", [
+    typeof Record === "undefined" ? Object : Record
+  ]),
+  __legacyMetadataTS("design:returntype", typeof Promise === "undefined" ? Object : Promise)
+], OAuth2Controller.prototype, "token", null);
+__legacyDecorateClassTS([
+  GET("/userinfo"),
+  Auth(),
+  __legacyMetadataTS("design:type", Function),
+  __legacyMetadataTS("design:paramtypes", []),
+  __legacyMetadataTS("design:returntype", undefined)
+], OAuth2Controller.prototype, "userinfo", null);
+OAuth2Controller = __legacyDecorateClassTS([
+  Controller("/oauth2"),
+  Injectable(),
+  __legacyDecorateParamTS(0, Inject(OAUTH2_SERVICE_TOKEN)),
+  __legacyMetadataTS("design:paramtypes", [
+    typeof OAuth2Service === "undefined" ? Object : OAuth2Service
+  ])
+], OAuth2Controller);
+
+// src/security/security-module.ts
+class SecurityModule {
+  static forRoot(config) {
+    const jwtUtil = new JWTUtil(config.jwt);
+    const userProvider = config.userProvider ? async (userId) => config.userProvider.findById(userId) : undefined;
+    const oauth2Service = new OAuth2Service(jwtUtil, config.oauth2Clients || [], {}, userProvider);
+    const authenticationManager = new AuthenticationManager;
+    authenticationManager.registerProvider(new JwtAuthenticationProvider(jwtUtil));
+    authenticationManager.registerProvider(new OAuth2AuthenticationProvider(oauth2Service));
+    const securityFilter = createSecurityFilter({
+      authenticationManager,
+      excludePaths: [
+        ...config.excludePaths || [],
+        ...config.enableOAuth2Endpoints !== false ? [config.oauth2Prefix || "/oauth2"] : []
+      ],
+      defaultAuthRequired: config.defaultAuthRequired ?? false
+    });
+    const controllers = [];
+    const providers = [];
+    const middlewares = [];
+    if (config.enableOAuth2Endpoints !== false) {
+      controllers.push(OAuth2Controller);
+    }
+    providers.push({
+      provide: JWT_UTIL_TOKEN,
+      useValue: jwtUtil
+    }, {
+      provide: OAUTH2_SERVICE_TOKEN,
+      useValue: oauth2Service
+    }, {
+      provide: AuthenticationManager,
+      useValue: authenticationManager
+    });
+    middlewares.push(securityFilter);
+    const existingMetadata = Reflect.getMetadata(MODULE_METADATA_KEY, SecurityModule) || {};
+    const metadata = {
+      ...existingMetadata,
+      controllers: [...existingMetadata.controllers || [], ...controllers],
+      providers: [...existingMetadata.providers || [], ...providers],
+      middlewares: [...existingMetadata.middlewares || [], ...middlewares],
+      exports: [
+        ...existingMetadata.exports || [],
+        JWT_UTIL_TOKEN,
+        OAUTH2_SERVICE_TOKEN,
+        AuthenticationManager
+      ]
+    };
+    Reflect.defineMetadata(MODULE_METADATA_KEY, metadata, SecurityModule);
+    return SecurityModule;
+  }
+}
+SecurityModule = __legacyDecorateClassTS([
+  Module({
+    controllers: [],
+    providers: [],
+    middlewares: []
+  })
+], SecurityModule);
 // src/testing/harness.ts
 import { performance as performance2 } from "perf_hooks";
 
@@ -2056,22 +3172,33 @@ class StressTester {
   }
 }
 export {
+  requiresAuth,
+  getAuthMetadata,
+  createSwaggerUIMiddleware,
   createStaticFileMiddleware,
+  createSecurityFilter,
   createRequestLoggingMiddleware,
   createLoggerMiddleware,
   createFileUploadMiddleware,
   createErrorHandlingMiddleware,
   createCorsMiddleware,
+  checkRoles,
   WebSocketGatewayRegistry,
   WebSocketGateway,
   ValidationError,
   Validate,
   UseMiddleware,
   UnauthorizedException,
+  SwaggerModule,
+  SwaggerGenerator,
+  SwaggerExtension,
   StressTester,
+  SecurityModule,
+  SecurityContextHolder,
   Router,
   RouteRegistry,
   Route,
+  RoleBasedAccessDecisionManager,
   ResponseBuilder,
   RequestWrapper,
   Query,
@@ -2084,15 +3211,23 @@ export {
   OnOpen,
   OnMessage,
   OnClose,
+  OAuth2Service,
+  OAuth2Controller,
+  OAuth2AuthenticationProvider,
+  OAUTH2_SERVICE_TOKEN,
   NotFoundException,
   ModuleRegistry,
   Module,
   MinLength,
   MiddlewarePipeline,
+  LoggerModule,
   LoggerExtension,
   LogLevel2 as LogLevel,
   Lifecycle,
   LOGGER_TOKEN,
+  JwtAuthenticationProvider,
+  JWT_UTIL_TOKEN,
+  JWTUtil,
   IsString,
   IsOptional,
   IsNumber,
@@ -2114,5 +3249,12 @@ export {
   BodyParser,
   Body,
   BadRequestException,
-  Application
+  AuthenticationManager,
+  Auth,
+  Application,
+  ApiTags,
+  ApiResponse,
+  ApiParam,
+  ApiOperation,
+  ApiBody
 };