@dereekb/nestjs 13.2.2 → 13.3.0

package/index.cjs.js

@@ -6,206 +6,722 @@ var querystring = require('querystring');
 var bodyParser = require('body-parser');
 var util = require('@dereekb/util');
 var config = require('@nestjs/config');
+var crypto = require('crypto');
 
 /**
- * Returns true if the request is from localhost:4200.
- */
-const IsRequestFromLocalHost = common.createParamDecorator((data, context) => {
+ * Returns true if the request is from localhost.
+ */ var IsRequestFromLocalHost = common.createParamDecorator(function(data, context) {
     return isLocalhost(context);
 });
 function isLocalhost(context) {
-    const req = context.switchToHttp().getRequest();
-    const origin = req.headers['origin'] ?? '';
+    var _req_headers_origin;
+    var req = context.switchToHttp().getRequest();
+    var origin = (_req_headers_origin = req.headers['origin']) !== null && _req_headers_origin !== void 0 ? _req_headers_origin : '';
     return origin.startsWith('http://localhost') || origin.startsWith('https://localhost');
 }
 
-const ParseRawBody = common.createParamDecorator(async (_, context) => {
-    const req = context.switchToHttp().getRequest();
-    if (!req.readable) {
-        console.error('RawBody request was not readable. This is generally due to bad configuration.');
-        throw new common.BadRequestException('Invalid body');
-    }
-    const body = await rawbody(req);
-    return body;
+function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) {
+    try {
+        var info = gen[key](arg);
+        var value = info.value;
+    } catch (error) {
+        reject(error);
+        return;
+    }
+    if (info.done) {
+        resolve(value);
+    } else {
+        Promise.resolve(value).then(_next, _throw);
+    }
+}
+function _async_to_generator(fn) {
+    return function() {
+        var self = this, args = arguments;
+        return new Promise(function(resolve, reject) {
+            var gen = fn.apply(self, args);
+            function _next(value) {
+                asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value);
+            }
+            function _throw(err) {
+                asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err);
+            }
+            _next(undefined);
+        });
+    };
+}
+function _ts_generator(thisArg, body) {
+    var f, y, t, _ = {
+        label: 0,
+        sent: function() {
+            if (t[0] & 1) throw t[1];
+            return t[1];
+        },
+        trys: [],
+        ops: []
+    }, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype), d = Object.defineProperty;
+    return d(g, "next", {
+        value: verb(0)
+    }), d(g, "throw", {
+        value: verb(1)
+    }), d(g, "return", {
+        value: verb(2)
+    }), typeof Symbol === "function" && d(g, Symbol.iterator, {
+        value: function() {
+            return this;
+        }
+    }), g;
+    function verb(n) {
+        return function(v) {
+            return step([
+                n,
+                v
+            ]);
+        };
+    }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while(g && (g = 0, op[0] && (_ = 0)), _)try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [
+                op[0] & 2,
+                t.value
+            ];
+            switch(op[0]){
+                case 0:
+                case 1:
+                    t = op;
+                    break;
+                case 4:
+                    _.label++;
+                    return {
+                        value: op[1],
+                        done: false
+                    };
+                case 5:
+                    _.label++;
+                    y = op[1];
+                    op = [
+                        0
+                    ];
+                    continue;
+                case 7:
+                    op = _.ops.pop();
+                    _.trys.pop();
+                    continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) {
+                        _ = 0;
+                        continue;
+                    }
+                    if (op[0] === 3 && (!t || op[1] > t[0] && op[1] < t[3])) {
+                        _.label = op[1];
+                        break;
+                    }
+                    if (op[0] === 6 && _.label < t[1]) {
+                        _.label = t[1];
+                        t = op;
+                        break;
+                    }
+                    if (t && _.label < t[2]) {
+                        _.label = t[2];
+                        _.ops.push(op);
+                        break;
+                    }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop();
+                    continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) {
+            op = [
+                6,
+                e
+            ];
+            y = 0;
+        } finally{
+            f = t = 0;
+        }
+        if (op[0] & 5) throw op[1];
+        return {
+            value: op[0] ? op[1] : void 0,
+            done: true
+        };
+    }
+}
+/**
+ * NestJS parameter decorator that reads the raw request body directly from the incoming stream.
+ *
+ * Requires the request to still be readable (i.e., no prior body-parsing middleware has consumed it).
+ *
+ * @throws {BadRequestException} When the request stream is not readable
+ *
+ * @example
+ * ```typescript
+ * @Post('webhook')
+ * handleWebhook(@ParseRawBody() body: RawBodyBuffer) { ... }
+ * ```
+ */ var ParseRawBody = common.createParamDecorator(function(_, context) {
+    return _async_to_generator(function() {
+        var req, body;
+        return _ts_generator(this, function(_state) {
+            switch(_state.label){
+                case 0:
+                    req = context.switchToHttp().getRequest();
+                    if (!req.readable) {
+                        console.error('RawBody request was not readable. This is generally due to bad configuration.');
+                        throw new common.BadRequestException('Invalid body');
+                    }
+                    return [
+                        4,
+                        rawbody(req)
+                    ];
+                case 1:
+                    body = _state.sent();
+                    return [
+                        2,
+                        body
+                    ];
+            }
+        });
+    })();
 });
-const RawBody = common.createParamDecorator(async (_, context) => {
-    const req = context.switchToHttp().getRequest();
-    const body = req.body;
-    if (!Buffer.isBuffer(body)) {
-        console.error('RawBody expected a buffer set to req.body.');
-        throw new common.InternalServerErrorException('failed parsing body');
-    }
-    return body;
+/**
+ * NestJS parameter decorator that retrieves the already-parsed raw body buffer from `req.body`.
+ *
+ * Expects that a prior middleware (e.g., raw body middleware) has already set `req.body` to a Buffer.
+ *
+ * @throws {InternalServerErrorException} When `req.body` is not a Buffer
+ *
+ * @example
+ * ```typescript
+ * @Post('webhook')
+ * handleWebhook(@RawBody() body: RawBodyBuffer) { ... }
+ * ```
+ */ var RawBody = common.createParamDecorator(function(_, context) {
+    return _async_to_generator(function() {
+        var req, body;
+        return _ts_generator(this, function(_state) {
+            req = context.switchToHttp().getRequest();
+            body = req.body;
+            if (!Buffer.isBuffer(body)) {
+                console.error('RawBody expected a buffer set to req.body.');
+                throw new common.InternalServerErrorException('failed parsing body');
+            }
+            return [
+                2,
+                body
+            ];
+        });
+    })();
 });
-const ParsedQueryRawBody = common.createParamDecorator(async (_, context) => {
-    const req = context.switchToHttp().getRequest();
-    req.body = RawBodyToParsedQueryString(req.body);
-    return req.body;
+/**
+ * NestJS parameter decorator that parses the raw body buffer as a URL-encoded query string
+ * and replaces `req.body` with the parsed result.
+ *
+ * @example
+ * ```typescript
+ * @Post('form')
+ * handleForm(@ParsedQueryRawBody() body: ParsedUrlQuery) { ... }
+ * ```
+ */ var ParsedQueryRawBody = common.createParamDecorator(function(_, context) {
+    return _async_to_generator(function() {
+        var req;
+        return _ts_generator(this, function(_state) {
+            req = context.switchToHttp().getRequest();
+            req.body = RawBodyToParsedQueryString(req.body);
+            return [
+                2,
+                req.body
+            ];
+        });
+    })();
 });
-function RawBodyToJson(rawBody) {
-    const string = RawBodyToString(rawBody);
+/**
+ * Parses a raw body buffer as JSON.
+ *
+ * @param rawBody - The raw body buffer to parse
+ * @returns The parsed JSON object
+ * @throws {SyntaxError} When the body is not valid JSON
+ *
+ * @example
+ * ```typescript
+ * const data = RawBodyToJson<{ id: string }>(rawBody);
+ * ```
+ */ function RawBodyToJson(rawBody) {
+    var string = RawBodyToString(rawBody);
     return JSON.parse(string);
 }
-function RawBodyToParsedQueryString(rawBody) {
-    const string = RawBodyToString(rawBody);
+/**
+ * Parses a raw body buffer as a URL-encoded query string.
+ *
+ * @param rawBody - The raw body buffer to parse
+ * @returns The parsed query parameters
+ *
+ * @example
+ * ```typescript
+ * const params = RawBodyToParsedQueryString(rawBody); // { key: "value" }
+ * ```
+ */ function RawBodyToParsedQueryString(rawBody) {
+    var string = RawBodyToString(rawBody);
     return querystring.parse(string);
 }
-function RawBodyToString(rawBody) {
+/**
+ * Converts a raw body buffer to a trimmed UTF-8 string.
+ *
+ * @param rawBody - The raw body buffer to convert
+ * @returns The decoded and trimmed string content
+ *
+ * @example
+ * ```typescript
+ * const text = RawBodyToString(rawBody);
+ * ```
+ */ function RawBodyToString(rawBody) {
     return rawBody.toString('utf8').trim();
 }
 
-/******************************************************************************
-Copyright (c) Microsoft Corporation.
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
-OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-***************************************************************************** */
-/* global Reflect, Promise, SuppressedError, Symbol, Iterator */
-
-
-function __decorate(decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-}
-
-function __param(paramIndex, decorator) {
-    return function (target, key) { decorator(target, key, paramIndex); }
-}
-
-typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) {
-    var e = new Error(message);
-    return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
+function _type_of$2(obj) {
+    "@swc/helpers - typeof";
+    return obj && typeof Symbol !== "undefined" && obj.constructor === Symbol ? "symbol" : typeof obj;
+}
+function __decorate(decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if ((typeof Reflect === "undefined" ? "undefined" : _type_of$2(Reflect)) === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+function __param(paramIndex, decorator) {
+    return function(target, key) {
+        decorator(target, key, paramIndex);
+    };
+}
+typeof SuppressedError === "function" ? SuppressedError : function(error, suppressed, message) {
+    var e = new Error(message);
+    return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
 };
 
-exports.JsonBodyMiddleware = class JsonBodyMiddleware {
-    use(req, res, next) {
-        bodyParser.json()(req, res, next);
+function _class_call_check$7(instance, Constructor) {
+    if (!(instance instanceof Constructor)) {
+        throw new TypeError("Cannot call a class as a function");
     }
-};
+}
+function _defineProperties$5(target, props) {
+    for(var i = 0; i < props.length; i++){
+        var descriptor = props[i];
+        descriptor.enumerable = descriptor.enumerable || false;
+        descriptor.configurable = true;
+        if ("value" in descriptor) descriptor.writable = true;
+        Object.defineProperty(target, descriptor.key, descriptor);
+    }
+}
+function _create_class$5(Constructor, protoProps, staticProps) {
+    if (protoProps) _defineProperties$5(Constructor.prototype, protoProps);
+    return Constructor;
+}
+/**
+ * NestJS middleware that applies JSON body parsing to incoming requests using `body-parser`.
+ *
+ * Useful when the global body parser is disabled and JSON parsing needs to be applied selectively to specific routes.
+ *
+ * @example
+ * ```typescript
+ * consumer.apply(JsonBodyMiddleware).forRoutes('api');
+ * ```
+ */ exports.JsonBodyMiddleware = /*#__PURE__*/ function() {
+    function JsonBodyMiddleware() {
+        _class_call_check$7(this, JsonBodyMiddleware);
+    }
+    _create_class$5(JsonBodyMiddleware, [
+        {
+            key: "use",
+            value: function use(req, res, next) {
+                bodyParser.json()(req, res, next);
+            }
+        }
+    ]);
+    return JsonBodyMiddleware;
+}();
 exports.JsonBodyMiddleware = __decorate([
     common.Injectable()
 ], exports.JsonBodyMiddleware);
 
-exports.RawBodyMiddleware = class RawBodyMiddleware {
-    use(req, res, next) {
-        bodyParser.raw({ type: '*/*' })(req, res, next);
+function _class_call_check$6(instance, Constructor) {
+    if (!(instance instanceof Constructor)) {
+        throw new TypeError("Cannot call a class as a function");
     }
-};
+}
+function _defineProperties$4(target, props) {
+    for(var i = 0; i < props.length; i++){
+        var descriptor = props[i];
+        descriptor.enumerable = descriptor.enumerable || false;
+        descriptor.configurable = true;
+        if ("value" in descriptor) descriptor.writable = true;
+        Object.defineProperty(target, descriptor.key, descriptor);
+    }
+}
+function _create_class$4(Constructor, protoProps, staticProps) {
+    if (protoProps) _defineProperties$4(Constructor.prototype, protoProps);
+    return Constructor;
+}
+exports.RawBodyMiddleware = /*#__PURE__*/ function() {
+    function RawBodyMiddleware() {
+        _class_call_check$6(this, RawBodyMiddleware);
+    }
+    _create_class$4(RawBodyMiddleware, [
+        {
+            key: "use",
+            value: function use(req, res, next) {
+                bodyParser.raw({
+                    type: '*/*'
+                })(req, res, next);
+            }
+        }
+    ]);
+    return RawBodyMiddleware;
+}();
 exports.RawBodyMiddleware = __decorate([
     common.Injectable()
 ], exports.RawBodyMiddleware);
 
-const DEFAULT_BASE_WEBHOOK_PATH = '/webhook';
-const DEFAULT_WEBHOOK_MIDDLEWARE_ROUTE_INFO = {
-    path: `${DEFAULT_BASE_WEBHOOK_PATH}/*`,
+function _assert_this_initialized(self) {
+    if (self === void 0) {
+        throw new ReferenceError("this hasn't been initialised - super() hasn't been called");
+    }
+    return self;
+}
+function _call_super(_this, derived, args) {
+    derived = _get_prototype_of(derived);
+    return _possible_constructor_return(_this, _is_native_reflect_construct() ? Reflect.construct(derived, args || [], _get_prototype_of(_this).constructor) : derived.apply(_this, args));
+}
+function _class_call_check$5(instance, Constructor) {
+    if (!(instance instanceof Constructor)) {
+        throw new TypeError("Cannot call a class as a function");
+    }
+}
+function _defineProperties$3(target, props) {
+    for(var i = 0; i < props.length; i++){
+        var descriptor = props[i];
+        descriptor.enumerable = descriptor.enumerable || false;
+        descriptor.configurable = true;
+        if ("value" in descriptor) descriptor.writable = true;
+        Object.defineProperty(target, descriptor.key, descriptor);
+    }
+}
+function _create_class$3(Constructor, protoProps, staticProps) {
+    if (protoProps) _defineProperties$3(Constructor.prototype, protoProps);
+    return Constructor;
+}
+function _define_property$3(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _get(target, property, receiver) {
+    if (typeof Reflect !== "undefined" && Reflect.get) {
+        _get = Reflect.get;
+    } else {
+        _get = function get(target, property, receiver) {
+            var base = _super_prop_base(target, property);
+            if (!base) return;
+            var desc = Object.getOwnPropertyDescriptor(base, property);
+            if (desc.get) {
+                return desc.get.call(receiver || target);
+            }
+            return desc.value;
+        };
+    }
+    return _get(target, property, receiver || target);
+}
+function _get_prototype_of(o) {
+    _get_prototype_of = Object.setPrototypeOf ? Object.getPrototypeOf : function getPrototypeOf(o) {
+        return o.__proto__ || Object.getPrototypeOf(o);
+    };
+    return _get_prototype_of(o);
+}
+function _inherits(subClass, superClass) {
+    if (typeof superClass !== "function" && superClass !== null) {
+        throw new TypeError("Super expression must either be null or a function");
+    }
+    subClass.prototype = Object.create(superClass && superClass.prototype, {
+        constructor: {
+            value: subClass,
+            writable: true,
+            configurable: true
+        }
+    });
+    if (superClass) _set_prototype_of(subClass, superClass);
+}
+function _possible_constructor_return(self, call) {
+    if (call && (_type_of$1(call) === "object" || typeof call === "function")) {
+        return call;
+    }
+    return _assert_this_initialized(self);
+}
+function _set_prototype_of(o, p) {
+    _set_prototype_of = Object.setPrototypeOf || function setPrototypeOf(o, p) {
+        o.__proto__ = p;
+        return o;
+    };
+    return _set_prototype_of(o, p);
+}
+function _super_prop_base(object, property) {
+    while(!Object.prototype.hasOwnProperty.call(object, property)){
+        object = _get_prototype_of(object);
+        if (object === null) break;
+    }
+    return object;
+}
+function _type_of$1(obj) {
+    "@swc/helpers - typeof";
+    return obj && typeof Symbol !== "undefined" && obj.constructor === Symbol ? "symbol" : typeof obj;
+}
+function _is_native_reflect_construct() {
+    try {
+        var result = !Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function() {}));
+    } catch (_) {}
+    return (_is_native_reflect_construct = function() {
+        return !!result;
+    })();
+}
+var DEFAULT_BASE_WEBHOOK_PATH = '/webhook';
+var DEFAULT_WEBHOOK_MIDDLEWARE_ROUTE_INFO = {
+    path: "".concat(DEFAULT_BASE_WEBHOOK_PATH, "/{*path}"),
     method: common.RequestMethod.POST
 };
 /**
  * Convenience class that configures a nestjs module (typically the root app module) to apply the proper middleware for handling webhooks.
- */
-class AppModuleWithWebhooksEnabled {
-    configure(consumer) {
-        consumeWebhooksWithRawBodyMiddleware(consumer);
+ */ var AppModuleWithWebhooksEnabled = /*#__PURE__*/ function() {
+    function AppModuleWithWebhooksEnabled() {
+        _class_call_check$5(this, AppModuleWithWebhooksEnabled);
     }
-}
+    _create_class$3(AppModuleWithWebhooksEnabled, [
+        {
+            key: "configure",
+            value: function configure(consumer) {
+                consumeWebhooksWithRawBodyMiddleware(consumer);
+            }
+        }
+    ]);
+    return AppModuleWithWebhooksEnabled;
+}();
 /**
  * Convenience class that extends AppWithWebhooksEnabled.
- */
-exports.ConfigureWebhookMiddlewareModule = class ConfigureWebhookMiddlewareModule extends AppModuleWithWebhooksEnabled {
-    logger = new common.Logger('ConfigureWebhookMiddlewareModule');
-    configure(consumer) {
-        super.configure(consumer);
-        this.logger.debug('Configured webhook routes with proper middleware.');
+ */ exports.ConfigureWebhookMiddlewareModule = /*#__PURE__*/ function(AppModuleWithWebhooksEnabled) {
+    _inherits(ConfigureWebhookMiddlewareModule, AppModuleWithWebhooksEnabled);
+    function ConfigureWebhookMiddlewareModule() {
+        _class_call_check$5(this, ConfigureWebhookMiddlewareModule);
+        var _this;
+        _this = _call_super(this, ConfigureWebhookMiddlewareModule, arguments), _define_property$3(_this, "logger", new common.Logger('ConfigureWebhookMiddlewareModule'));
+        return _this;
     }
-};
+    _create_class$3(ConfigureWebhookMiddlewareModule, [
+        {
+            key: "configure",
+            value: function configure(consumer) {
+                _get(_get_prototype_of(ConfigureWebhookMiddlewareModule.prototype), "configure", this).call(this, consumer);
+                this.logger.debug('Configured webhook routes with proper middleware.');
+            }
+        }
+    ]);
+    return ConfigureWebhookMiddlewareModule;
+}(AppModuleWithWebhooksEnabled);
 exports.ConfigureWebhookMiddlewareModule = __decorate([
     common.Module({})
 ], exports.ConfigureWebhookMiddlewareModule);
 /**
- * Configures a MiddlewareConsumer to use RawBodyMiddleware for all POST requests to /webhook/*. All other routes are consumed with the JsonBodyMiddleware.
+ * Configures a MiddlewareConsumer to use RawBodyMiddleware for all POST requests to /webhook/{*path}. All other routes are consumed with the JsonBodyMiddleware.
  *
  * This is required for various webhooks that require the full body to properly parse content.
  *
  * Be sure to also set bodyParsing: false in the nest app options.
  *
  * @param consumer
- */
-function consumeWebhooksWithRawBodyMiddleware(consumer) {
+ */ function consumeWebhooksWithRawBodyMiddleware(consumer) {
     // Configure the app to not parse the body for our webhook routes.
     // https://stackoverflow.com/questions/54346465/access-raw-body-of-stripe-webhook-in-nest-js
-    consumer.apply(exports.RawBodyMiddleware).forRoutes(DEFAULT_WEBHOOK_MIDDLEWARE_ROUTE_INFO).apply(exports.JsonBodyMiddleware).forRoutes('*');
+    consumer.apply(exports.RawBodyMiddleware).forRoutes(DEFAULT_WEBHOOK_MIDDLEWARE_ROUTE_INFO).apply(exports.JsonBodyMiddleware).forRoutes('{*path}');
 }
 
+function _type_of(obj) {
+    "@swc/helpers - typeof";
+    return obj && typeof Symbol !== "undefined" && obj.constructor === Symbol ? "symbol" : typeof obj;
+}
 /**
  * Merges two module metadata entries together.
  *
  * @param base
  * @param additional
  * @returns
- */
-function mergeModuleMetadata(base, additional = {}) {
+ */ function mergeModuleMetadata(base) {
+    var additional = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : {};
     return {
-        controllers: util.mergeArrays([base.controllers, additional.controllers]),
-        imports: util.mergeArrays([base.imports, additional.imports]),
-        exports: util.mergeArrays([base.exports, additional.exports]),
-        providers: util.mergeArrays([base.providers, additional.providers])
+        controllers: util.mergeArrays([
+            base.controllers,
+            additional.controllers
+        ]),
+        imports: util.mergeArrays([
+            base.imports,
+            additional.imports
+        ]),
+        exports: util.mergeArrays([
+            base.exports,
+            additional.exports
+        ]),
+        providers: util.mergeArrays([
+            base.providers,
+            additional.providers
+        ])
     };
 }
 function injectionTokensFromProviders(providers) {
-    return util.asArray(providers).map((x) => {
-        return typeof x === 'object' ? x.provide : x;
+    return util.asArray(providers).map(function(x) {
+        return (typeof x === "undefined" ? "undefined" : _type_of(x)) === 'object' ? x.provide : x;
     });
 }
 
 /**
  * Environment variable that specfies the ClientWebAppUrl for your application
- */
-const CLIENT_WEB_APP_URL_ENV_VAR = 'CLIENT_WEB_APP_URL';
+ */ var CLIENT_WEB_APP_URL_ENV_VAR = 'CLIENT_WEB_APP_URL';
 
-class ClientAppServiceConfig {
-    client;
-    static assertValidConfig(config) {
-        if (!config.client.clientWebAppUrl) {
-            throw new Error('No client app url specified.');
-        }
+function _class_call_check$4(instance, Constructor) {
+    if (!(instance instanceof Constructor)) {
+        throw new TypeError("Cannot call a class as a function");
     }
 }
-
+function _defineProperties$2(target, props) {
+    for(var i = 0; i < props.length; i++){
+        var descriptor = props[i];
+        descriptor.enumerable = descriptor.enumerable || false;
+        descriptor.configurable = true;
+        if ("value" in descriptor) descriptor.writable = true;
+        Object.defineProperty(target, descriptor.key, descriptor);
+    }
+}
+function _create_class$2(Constructor, protoProps, staticProps) {
+    if (staticProps) _defineProperties$2(Constructor, staticProps);
+    return Constructor;
+}
+function _define_property$2(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
 /**
- * Provides information about companion apps and websites for the project.
- */
-exports.ClientAppService = class ClientAppService {
-    _config;
-    constructor(config) {
-        this._config = config;
+ * Abstract service configuration that provides access to the client application config.
+ *
+ * Subclass this to supply environment-specific client URLs to NestJS services.
+ */ var ClientAppServiceConfig = /*#__PURE__*/ function() {
+    function ClientAppServiceConfig() {
+        _class_call_check$4(this, ClientAppServiceConfig);
+        _define_property$2(this, "client", void 0);
     }
-    get config() {
-        return this._config;
+    _create_class$2(ClientAppServiceConfig, null, [
+        {
+            key: "assertValidConfig",
+            value: /**
+     * Validates that the configuration contains a non-empty client web app URL.
+     *
+     * @param config - The configuration to validate
+     * @throws {Error} When `clientWebAppUrl` is not specified
+     */ function assertValidConfig(config) {
+                if (!config.client.clientWebAppUrl) {
+                    throw new Error('No client app url specified.');
+                }
+            }
+        }
+    ]);
+    return ClientAppServiceConfig;
+} 
+();
+
+function _class_call_check$3(instance, Constructor) {
+    if (!(instance instanceof Constructor)) {
+        throw new TypeError("Cannot call a class as a function");
     }
-    get webAppUrl() {
-        return this.config.client.clientWebAppUrl;
+}
+function _defineProperties$1(target, props) {
+    for(var i = 0; i < props.length; i++){
+        var descriptor = props[i];
+        descriptor.enumerable = descriptor.enumerable || false;
+        descriptor.configurable = true;
+        if ("value" in descriptor) descriptor.writable = true;
+        Object.defineProperty(target, descriptor.key, descriptor);
     }
-    get webAppHost() {
-        return this.webAppUrl.split('://', 2)[1];
+}
+function _create_class$1(Constructor, protoProps, staticProps) {
+    if (protoProps) _defineProperties$1(Constructor.prototype, protoProps);
+    return Constructor;
+}
+function _define_property$1(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
     }
-};
+    return obj;
+}
+/**
+ * Provides information about companion apps and websites for the project.
+ */ exports.ClientAppService = /*#__PURE__*/ function() {
+    function ClientAppService(config) {
+        _class_call_check$3(this, ClientAppService);
+        _define_property$1(this, "_config", void 0);
+        this._config = config;
+    }
+    _create_class$1(ClientAppService, [
+        {
+            key: "config",
+            get: function get() {
+                return this._config;
+            }
+        },
+        {
+            key: "webAppUrl",
+            get: function get() {
+                return this.config.client.clientWebAppUrl;
+            }
+        },
+        {
+            key: "webAppHost",
+            get: function get() {
+                return this.webAppUrl.split('://', 2)[1];
+            }
+        }
+    ]);
+    return ClientAppService;
+}();
 exports.ClientAppService = __decorate([
     common.Injectable(),
     __param(0, common.Inject(ClientAppServiceConfig))
 ], exports.ClientAppService);
 
+function _class_call_check$2(instance, Constructor) {
+    if (!(instance instanceof Constructor)) {
+        throw new TypeError("Cannot call a class as a function");
+    }
+}
 function clientAppConfigFactory(configService) {
-    const config = {
+    var config = {
         client: {
             clientWebAppUrl: configService.get(CLIENT_WEB_APP_URL_ENV_VAR)
         }
@@ -213,37 +729,49 @@ function clientAppConfigFactory(configService) {
     ClientAppServiceConfig.assertValidConfig(config);
     return config;
 }
-exports.ClientAppModule = class ClientAppModule {
+exports.ClientAppModule = function ClientAppModule() {
+    _class_call_check$2(this, ClientAppModule);
 };
 exports.ClientAppModule = __decorate([
     common.Module({
-        imports: [config.ConfigModule],
+        imports: [
+            config.ConfigModule
+        ],
         providers: [
             {
                 provide: ClientAppServiceConfig,
-                inject: [config.ConfigService],
+                inject: [
+                    config.ConfigService
+                ],
                 useFactory: clientAppConfigFactory
             }
         ],
-        exports: [exports.ClientAppService]
+        exports: [
+            exports.ClientAppService
+        ]
     })
 ], exports.ClientAppModule);
 
+function _class_call_check$1(instance, Constructor) {
+    if (!(instance instanceof Constructor)) {
+        throw new TypeError("Cannot call a class as a function");
+    }
+}
 /**
  * A server environment configuration.
  *
  * Explicitly states whether or not this is a production environment, and optionally some other config.
  *
  * This config is not meant to replace other typical configurations, like .env files, but instead is part of the build system.
- */
-class ServerEnvironmentConfig {
-}
+ */ var ServerEnvironmentConfig = function ServerEnvironmentConfig() {
+    _class_call_check$1(this, ServerEnvironmentConfig);
+} 
+;
 
 // MARK: Tokens
 /**
  * Token to access a configured ServerEnvironmentServiceConfig for the app.
- */
-const SERVER_ENV_TOKEN = 'SERVER_ENV_TOKEN';
+ */ var SERVER_ENV_TOKEN = 'SERVER_ENV_TOKEN';
 function serverEnvTokenProvider(env) {
     return {
         provide: SERVER_ENV_TOKEN,
@@ -253,34 +781,274 @@ function serverEnvTokenProvider(env) {
 
 /**
  * Checks process.env.NODE_ENV for "test"
- */
-function isTestNodeEnv() {
+ */ function isTestNodeEnv() {
     return process.env['NODE_ENV'] === 'test';
 }
 
-exports.ServerEnvironmentService = class ServerEnvironmentService {
-    env;
-    constructor(env) {
-        this.env = env;
-    }
-    get isTestingEnv() {
-        return isTestNodeEnv();
+function _class_call_check(instance, Constructor) {
+    if (!(instance instanceof Constructor)) {
+        throw new TypeError("Cannot call a class as a function");
     }
-    get isProduction() {
-        return this.env.production;
+}
+function _defineProperties(target, props) {
+    for(var i = 0; i < props.length; i++){
+        var descriptor = props[i];
+        descriptor.enumerable = descriptor.enumerable || false;
+        descriptor.configurable = true;
+        if ("value" in descriptor) descriptor.writable = true;
+        Object.defineProperty(target, descriptor.key, descriptor);
     }
-    get isStaging() {
-        return Boolean(this.env.staging);
+}
+function _create_class(Constructor, protoProps, staticProps) {
+    if (protoProps) _defineProperties(Constructor.prototype, protoProps);
+    return Constructor;
+}
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
     }
-    get developerToolsEnabled() {
-        return Boolean(!this.isProduction && this.env.developerToolsEnabled);
+    return obj;
+}
+exports.ServerEnvironmentService = /*#__PURE__*/ function() {
+    function ServerEnvironmentService(env) {
+        _class_call_check(this, ServerEnvironmentService);
+        _define_property(this, "env", void 0);
+        this.env = env;
     }
-};
+    _create_class(ServerEnvironmentService, [
+        {
+            key: "isTestingEnv",
+            get: function get() {
+                return isTestNodeEnv();
+            }
+        },
+        {
+            key: "isProduction",
+            get: function get() {
+                return this.env.production;
+            }
+        },
+        {
+            key: "isStaging",
+            get: function get() {
+                return Boolean(this.env.staging);
+            }
+        },
+        {
+            key: "developerToolsEnabled",
+            get: function get() {
+                return Boolean(!this.isProduction && this.env.developerToolsEnabled);
+            }
+        },
+        {
+            key: "appUrl",
+            get: function get() {
+                return this.env.appUrl;
+            }
+        }
+    ]);
+    return ServerEnvironmentService;
+}();
 exports.ServerEnvironmentService = __decorate([
     common.Injectable(),
     __param(0, common.Inject(SERVER_ENV_TOKEN))
 ], exports.ServerEnvironmentService);
 
+// MARK: Constants
+/**
+ * AES-256-GCM encryption constants.
+ */ var ENCRYPTED_FIELD_ALGORITHM = 'aes-256-gcm';
+var ENCRYPTED_FIELD_IV_LENGTH = 12;
+var ENCRYPTED_FIELD_AUTH_TAG_LENGTH = 16;
+var ENCRYPTED_FIELD_KEY_LENGTH = 32;
+/**
+ * Validates that the given secret is a 64-character hexadecimal string (32 bytes for AES-256).
+ *
+ * @example
+ * ```typescript
+ * isValidAES256GCMEncryptionSecret('a'.repeat(64)); // true
+ * isValidAES256GCMEncryptionSecret('too-short');     // false
+ * ```
+ */ function isValidAES256GCMEncryptionSecret(secret) {
+    return secret.length === ENCRYPTED_FIELD_KEY_LENGTH * 2 && util.isHex(secret);
+}
+// MARK: Key Resolution
+/**
+ * Factory that eagerly resolves and validates the encryption key from a secret source.
+ *
+ * The getter is called immediately and the key is validated on creation. The returned
+ * function provides the resolved Buffer without re-resolving or re-validating.
+ *
+ * @example
+ * ```typescript
+ * const getKey = resolveEncryptionKey('a'.repeat(64));
+ * const key: Buffer = getKey();
+ * ```
+ *
+ * @param source - The secret source configuration.
+ * @returns A getter that returns the resolved 32-byte Buffer for AES-256 encryption.
+ * @throws Error if the resolved key is not 64 hex characters.
+ */ function resolveEncryptionKey(source) {
+    var hex = util.getValueFromGetter(source);
+    if (!isValidAES256GCMEncryptionSecret(hex)) {
+        throw new Error("resolveEncryptionKey: expected a ".concat(ENCRYPTED_FIELD_KEY_LENGTH * 2, "-character hexadecimal key, got ").concat(hex.length, " characters. Ensure the key contains only hex characters (0-9, a-f)."));
+    }
+    var key = Buffer.from(hex, 'hex');
+    return function() {
+        return key;
+    };
+}
+/**
+ * Creates an `AES256GCMEncryption` instance that captures the resolved key in a closure.
+ *
+ * @example
+ * ```typescript
+ * const encryption = createAES256GCMEncryption('a'.repeat(64));
+ *
+ * const encrypted = encryption.encryptValue({ sensitive: 'data' });
+ * const decrypted = encryption.decryptValue<{ sensitive: string }>(encrypted);
+ *
+ * const encryptedStr = encryption.encryptString('hello');
+ * const decryptedStr = encryption.decryptString(encryptedStr);
+ * // decryptedStr === 'hello'
+ * ```
+ *
+ * @param source - The hex-encoded secret or getter for the AES-256 key.
+ * @returns An `AES256GCMEncryption` instance.
+ * @throws Error if the resolved key is not 64 hex characters.
+ */ function createAES256GCMEncryption(source) {
+    var getKey = resolveEncryptionKey(source);
+    function encryptStringFn(plaintext) {
+        var key = getKey();
+        var iv = crypto.randomBytes(ENCRYPTED_FIELD_IV_LENGTH);
+        var cipher = crypto.createCipheriv(ENCRYPTED_FIELD_ALGORITHM, key, iv);
+        var encrypted = Buffer.concat([
+            cipher.update(plaintext, 'utf8'),
+            cipher.final()
+        ]);
+        var authTag = cipher.getAuthTag();
+        var combined = Buffer.concat([
+            iv,
+            encrypted,
+            authTag
+        ]);
+        return combined.toString('base64');
+    }
+    function decryptStringFn(encoded) {
+        var key = getKey();
+        var combined = Buffer.from(encoded, 'base64');
+        var iv = combined.subarray(0, ENCRYPTED_FIELD_IV_LENGTH);
+        var authTag = combined.subarray(combined.length - ENCRYPTED_FIELD_AUTH_TAG_LENGTH);
+        var ciphertext = combined.subarray(ENCRYPTED_FIELD_IV_LENGTH, combined.length - ENCRYPTED_FIELD_AUTH_TAG_LENGTH);
+        var decipher = crypto.createDecipheriv(ENCRYPTED_FIELD_ALGORITHM, key, iv);
+        decipher.setAuthTag(authTag);
+        var decrypted = Buffer.concat([
+            decipher.update(ciphertext),
+            decipher.final()
+        ]);
+        return decrypted.toString('utf8');
+    }
+    var result = {
+        encryptString: encryptStringFn,
+        decryptString: decryptStringFn,
+        encryptValue: function encryptValue(value) {
+            return encryptStringFn(JSON.stringify(value));
+        },
+        decryptValue: function decryptValue(encoded) {
+            return JSON.parse(decryptStringFn(encoded));
+        }
+    };
+    return result;
+}
+// MARK: Standalone Functions (backwards compatibility)
+/**
+ * Encrypts a JSON-serializable value to a base64-encoded string using AES-256-GCM.
+ *
+ * Format: base64(IV (12 bytes) + ciphertext + authTag (16 bytes))
+ *
+ * @example
+ * ```typescript
+ * const getKey = resolveEncryptionKey(mySecret);
+ * const encrypted = encryptValue({ sensitive: 'data' }, getKey());
+ * const decrypted = decryptValue<{ sensitive: string }>(encrypted, getKey());
+ * ```
+ *
+ * @param value - The value to encrypt (must be JSON-serializable).
+ * @param key - The 32-byte encryption key from `resolveEncryptionKey()`.
+ * @returns The encrypted value as a base64 string.
+ */ function encryptValue(value, key) {
+    var iv = crypto.randomBytes(ENCRYPTED_FIELD_IV_LENGTH);
+    var cipher = crypto.createCipheriv(ENCRYPTED_FIELD_ALGORITHM, key, iv);
+    var plaintext = JSON.stringify(value);
+    var encrypted = Buffer.concat([
+        cipher.update(plaintext, 'utf8'),
+        cipher.final()
+    ]);
+    var authTag = cipher.getAuthTag();
+    var combined = Buffer.concat([
+        iv,
+        encrypted,
+        authTag
+    ]);
+    return combined.toString('base64');
+}
+/**
+ * Decrypts a base64-encoded string back to the original value.
+ *
+ * @param encoded - The base64-encoded encrypted string (IV + ciphertext + authTag).
+ * @param key - The 32-byte encryption key Buffer from calling the getter returned by `resolveEncryptionKey()`.
+ * @returns The decrypted JSON-parsed value.
+ */ function decryptValue(encoded, key) {
+    var combined = Buffer.from(encoded, 'base64');
+    var iv = combined.subarray(0, ENCRYPTED_FIELD_IV_LENGTH);
+    var authTag = combined.subarray(combined.length - ENCRYPTED_FIELD_AUTH_TAG_LENGTH);
+    var ciphertext = combined.subarray(ENCRYPTED_FIELD_IV_LENGTH, combined.length - ENCRYPTED_FIELD_AUTH_TAG_LENGTH);
+    var decipher = crypto.createDecipheriv(ENCRYPTED_FIELD_ALGORITHM, key, iv);
+    decipher.setAuthTag(authTag);
+    var decrypted = Buffer.concat([
+        decipher.update(ciphertext),
+        decipher.final()
+    ]);
+    return JSON.parse(decrypted.toString('utf8'));
+}
+// MARK: StringEncryptionProvider
+/**
+ * Creates a `StringEncryptionProvider` backed by AES-256-GCM from a secret source.
+ *
+ * The key is resolved and validated eagerly at creation time. The provider encrypts/decrypts
+ * raw strings (no JSON serialization) — suitable for use with `selectiveFieldEncryptor`.
+ *
+ * @example
+ * ```typescript
+ * const provider = createAesStringEncryptionProvider('a'.repeat(64));
+ * const encrypted = provider.encrypt('sensitive data');
+ * const decrypted = provider.decrypt(encrypted);
+ * // decrypted === 'sensitive data'
+ * ```
+ *
+ * @param source - The hex-encoded secret or getter for the AES-256 key.
+ * @returns A `StringEncryptionProvider` that encrypts/decrypts strings via AES-256-GCM.
+ * @throws Error if the resolved key is not 64 hex characters.
+ */ function createAesStringEncryptionProvider(source) {
+    var encryption = createAES256GCMEncryption(source);
+    var result = {
+        encrypt: function encrypt(plaintext) {
+            return encryption.encryptString(plaintext);
+        },
+        decrypt: function decrypt(ciphertext) {
+            return encryption.decryptString(ciphertext);
+        }
+    };
+    return result;
+}
+
 exports.AppModuleWithWebhooksEnabled = AppModuleWithWebhooksEnabled;
 exports.CLIENT_WEB_APP_URL_ENV_VAR = CLIENT_WEB_APP_URL_ENV_VAR;
 exports.ClientAppServiceConfig = ClientAppServiceConfig;
@@ -297,8 +1065,14 @@ exports.SERVER_ENV_TOKEN = SERVER_ENV_TOKEN;
 exports.ServerEnvironmentConfig = ServerEnvironmentConfig;
 exports.clientAppConfigFactory = clientAppConfigFactory;
 exports.consumeWebhooksWithRawBodyMiddleware = consumeWebhooksWithRawBodyMiddleware;
+exports.createAES256GCMEncryption = createAES256GCMEncryption;
+exports.createAesStringEncryptionProvider = createAesStringEncryptionProvider;
+exports.decryptValue = decryptValue;
+exports.encryptValue = encryptValue;
 exports.injectionTokensFromProviders = injectionTokensFromProviders;
 exports.isLocalhost = isLocalhost;
 exports.isTestNodeEnv = isTestNodeEnv;
+exports.isValidAES256GCMEncryptionSecret = isValidAES256GCMEncryptionSecret;
 exports.mergeModuleMetadata = mergeModuleMetadata;
+exports.resolveEncryptionKey = resolveEncryptionKey;
 exports.serverEnvTokenProvider = serverEnvTokenProvider;