npm - @digilogiclabs/platform-core - Versions diffs - 1.6.0 → 1.7.0 - Mend

@digilogiclabs/platform-core 1.6.0 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/auth.d.mts +174 -1
package/dist/auth.d.ts +174 -1
package/dist/auth.js +108 -3
package/dist/auth.js.map +1 -1
package/dist/auth.mjs +101 -2
package/dist/auth.mjs.map +1 -1
package/dist/{index-CkyVz0hQ.d.mts → env-DerQ7Da-.d.mts} +2 -2
package/dist/{index-CkyVz0hQ.d.ts → env-DerQ7Da-.d.ts} +2 -2
package/dist/index.d.mts +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.js +5 -1
package/dist/index.js.map +1 -1
package/dist/index.mjs +5 -1
package/dist/index.mjs.map +1 -1
package/package.json +1 -1

package/dist/auth.mjs CHANGED Viewed

@@ -168,7 +168,11 @@ function buildKeycloakCallbacks(config) {
      * Compatible with Auth.js v5 JWT callback signature.
      */
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    async jwt({ token, user, account }) {
+    async jwt({
+      token,
+      user,
+      account
+    }) {
       if (user) {
         token.id = token.sub ?? user.id;
       }
@@ -729,6 +733,44 @@ function resolveIdentifier(session, clientIp) {
   return { identifier: `ip:${clientIp ?? "unknown"}`, isAuthenticated: false };
 }
+// src/auth/rate-limit-store-redis.ts
+function createRedisRateLimitStore(redis, options = {}) {
+  const prefix = options.keyPrefix ?? "";
+  return {
+    async increment(key, windowMs, now) {
+      const fullKey = `${prefix}${key}`;
+      const windowStart = now - windowMs;
+      const windowSeconds = Math.ceil(windowMs / 1e3) + 60;
+      await redis.zremrangebyscore(fullKey, 0, windowStart);
+      const current = await redis.zcard(fullKey);
+      const member = `${now}:${Math.random().toString(36).slice(2, 10)}`;
+      await redis.zadd(fullKey, now, member);
+      await redis.expire(fullKey, windowSeconds);
+      return { count: current + 1 };
+    },
+    async isBlocked(key) {
+      const fullKey = `${prefix}${key}`;
+      const value = await redis.get(fullKey);
+      if (!value) {
+        return { blocked: false, ttlMs: 0 };
+      }
+      const ttlSeconds = await redis.ttl(fullKey);
+      if (ttlSeconds <= 0) {
+        return { blocked: false, ttlMs: 0 };
+      }
+      return { blocked: true, ttlMs: ttlSeconds * 1e3 };
+    },
+    async setBlock(key, durationSeconds) {
+      const fullKey = `${prefix}${key}`;
+      await redis.setex(fullKey, durationSeconds, "1");
+    },
+    async reset(key) {
+      const fullKey = `${prefix}${key}`;
+      await redis.del(fullKey);
+    }
+  };
+}
 // src/auth/audit.ts
 var StandardAuditActions = {
   // Authentication
@@ -1013,6 +1055,57 @@ function buildPagination(page, limit, total) {
   };
 }
+// src/auth/nextjs-api.ts
+async function enforceRateLimit(request, operation, rule, options) {
+  const identifier = options?.identifier ?? (options?.userId ? `user:${options.userId}` : void 0) ?? `ip:${extractClientIp((name) => request.headers.get(name))}`;
+  const isAuthenticated = !!options?.userId;
+  const result = await checkRateLimit(operation, identifier, rule, {
+    ...options?.rateLimitOptions,
+    isAuthenticated
+  });
+  if (!result.allowed) {
+    const headers = buildRateLimitResponseHeaders(result);
+    return new Response(
+      JSON.stringify({
+        error: "Rate limit exceeded. Please try again later.",
+        retryAfter: result.retryAfterSeconds
+      }),
+      {
+        status: 429,
+        headers: { "Content-Type": "application/json", ...headers }
+      }
+    );
+  }
+  return null;
+}
+function errorResponse(error, options) {
+  const isDev = options?.isDevelopment ?? process.env.NODE_ENV === "development";
+  const { status, body } = classifyError(error, isDev);
+  return new Response(JSON.stringify(body), {
+    status,
+    headers: { "Content-Type": "application/json" }
+  });
+}
+function zodErrorResponse(error) {
+  const firstIssue = error.issues[0];
+  const message = firstIssue ? `${firstIssue.path.join(".") || "input"}: ${firstIssue.message}` : "Validation error";
+  return new Response(JSON.stringify({ error: message }), {
+    status: 400,
+    headers: { "Content-Type": "application/json" }
+  });
+}
+function extractBearerToken(request) {
+  const auth = request.headers.get("authorization");
+  if (!auth?.startsWith("Bearer ")) return null;
+  return auth.slice(7).trim() || null;
+}
+function isValidBearerToken(request, secret) {
+  if (!secret) return false;
+  const token = extractBearerToken(request);
+  if (!token) return false;
+  return constantTimeEqual(token, secret);
+}
 // src/env.ts
 function getRequiredEnv(key) {
   const value = process.env[key];
@@ -1141,12 +1234,16 @@ export {
   createAuditLogger,
   createFeatureFlags,
   createMemoryRateLimitStore,
+  createRedisRateLimitStore,
   createSafeTextSchema,
   detectStage,
+  enforceRateLimit,
+  errorResponse,
   escapeHtml,
   extractAuditIp,
   extractAuditRequestId,
   extractAuditUserAgent,
+  extractBearerToken,
   extractClientIp,
   getBoolEnv,
   getCorrelationId,
@@ -1163,6 +1260,7 @@ export {
   isAllowlisted,
   isApiError,
   isTokenExpired,
+  isValidBearerToken,
   parseKeycloakRoles,
   refreshKeycloakToken,
   resetRateLimitForKey,
@@ -1170,6 +1268,7 @@ export {
   resolveRateLimitIdentifier,
   sanitizeApiError,
   stripHtml,
-  validateEnvVars
+  validateEnvVars,
+  zodErrorResponse
 };
 //# sourceMappingURL=auth.mjs.map