npm - @digilogiclabs/platform-core - Versions diffs - 1.6.0 → 1.8.0 - Mend

@digilogiclabs/platform-core 1.6.0 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/dist/auth.d.mts +174 -1
package/dist/auth.d.ts +174 -1
package/dist/auth.js +233 -3
package/dist/auth.js.map +1 -1
package/dist/auth.mjs +220 -2
package/dist/auth.mjs.map +1 -1
package/dist/{index-CkyVz0hQ.d.mts → env-jqNJdZVt.d.mts} +360 -2
package/dist/{index-CkyVz0hQ.d.ts → env-jqNJdZVt.d.ts} +360 -2
package/dist/{index-CepDdu7h.d.mts → index-DzQ0Js5Z.d.mts} +13 -1
package/dist/{index-CepDdu7h.d.ts → index-DzQ0Js5Z.d.ts} +13 -1
package/dist/index.d.mts +98 -3
package/dist/index.d.ts +98 -3
package/dist/index.js +969 -15
package/dist/index.js.map +1 -1
package/dist/index.mjs +955 -15
package/dist/index.mjs.map +1 -1
package/dist/migrations/index.d.mts +1 -1
package/dist/migrations/index.d.ts +1 -1
package/dist/migrations/index.js +72 -1
package/dist/migrations/index.js.map +1 -1
package/dist/migrations/index.mjs +72 -1
package/dist/migrations/index.mjs.map +1 -1
package/package.json +1 -1

package/dist/auth.mjs CHANGED Viewed

@@ -168,7 +168,11 @@ function buildKeycloakCallbacks(config) {
      * Compatible with Auth.js v5 JWT callback signature.
      */
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    async jwt({ token, user, account }) {
+    async jwt({
+      token,
+      user,
+      account
+    }) {
       if (user) {
         token.id = token.sub ?? user.id;
       }
@@ -729,6 +733,44 @@ function resolveIdentifier(session, clientIp) {
   return { identifier: `ip:${clientIp ?? "unknown"}`, isAuthenticated: false };
 }
+// src/auth/rate-limit-store-redis.ts
+function createRedisRateLimitStore(redis, options = {}) {
+  const prefix = options.keyPrefix ?? "";
+  return {
+    async increment(key, windowMs, now) {
+      const fullKey = `${prefix}${key}`;
+      const windowStart = now - windowMs;
+      const windowSeconds = Math.ceil(windowMs / 1e3) + 60;
+      await redis.zremrangebyscore(fullKey, 0, windowStart);
+      const current = await redis.zcard(fullKey);
+      const member = `${now}:${Math.random().toString(36).slice(2, 10)}`;
+      await redis.zadd(fullKey, now, member);
+      await redis.expire(fullKey, windowSeconds);
+      return { count: current + 1 };
+    },
+    async isBlocked(key) {
+      const fullKey = `${prefix}${key}`;
+      const value = await redis.get(fullKey);
+      if (!value) {
+        return { blocked: false, ttlMs: 0 };
+      }
+      const ttlSeconds = await redis.ttl(fullKey);
+      if (ttlSeconds <= 0) {
+        return { blocked: false, ttlMs: 0 };
+      }
+      return { blocked: true, ttlMs: ttlSeconds * 1e3 };
+    },
+    async setBlock(key, durationSeconds) {
+      const fullKey = `${prefix}${key}`;
+      await redis.setex(fullKey, durationSeconds, "1");
+    },
+    async reset(key) {
+      const fullKey = `${prefix}${key}`;
+      await redis.del(fullKey);
+    }
+  };
+}
 // src/auth/audit.ts
 var StandardAuditActions = {
   // Authentication
@@ -1013,6 +1055,170 @@ function buildPagination(page, limit, total) {
   };
 }
+// src/auth/nextjs-api.ts
+async function enforceRateLimit(request, operation, rule, options) {
+  const identifier = options?.identifier ?? (options?.userId ? `user:${options.userId}` : void 0) ?? `ip:${extractClientIp((name) => request.headers.get(name))}`;
+  const isAuthenticated = !!options?.userId;
+  const result = await checkRateLimit(operation, identifier, rule, {
+    ...options?.rateLimitOptions,
+    isAuthenticated
+  });
+  if (!result.allowed) {
+    const headers = buildRateLimitResponseHeaders(result);
+    return new Response(
+      JSON.stringify({
+        error: "Rate limit exceeded. Please try again later.",
+        retryAfter: result.retryAfterSeconds
+      }),
+      {
+        status: 429,
+        headers: { "Content-Type": "application/json", ...headers }
+      }
+    );
+  }
+  return null;
+}
+function errorResponse(error, options) {
+  const isDev = options?.isDevelopment ?? process.env.NODE_ENV === "development";
+  const { status, body } = classifyError(error, isDev);
+  return new Response(JSON.stringify(body), {
+    status,
+    headers: { "Content-Type": "application/json" }
+  });
+}
+function zodErrorResponse(error) {
+  const firstIssue = error.issues[0];
+  const message = firstIssue ? `${firstIssue.path.join(".") || "input"}: ${firstIssue.message}` : "Validation error";
+  return new Response(JSON.stringify({ error: message }), {
+    status: 400,
+    headers: { "Content-Type": "application/json" }
+  });
+}
+function extractBearerToken(request) {
+  const auth = request.headers.get("authorization");
+  if (!auth?.startsWith("Bearer ")) return null;
+  return auth.slice(7).trim() || null;
+}
+function isValidBearerToken(request, secret) {
+  if (!secret) return false;
+  const token = extractBearerToken(request);
+  if (!token) return false;
+  return constantTimeEqual(token, secret);
+}
+// src/auth/beta-client.ts
+var DEFAULT_CONFIG = {
+  baseUrl: "",
+  settingsEndpoint: "/api/beta-settings",
+  validateEndpoint: "/api/validate-beta-code",
+  storageKey: "beta_code",
+  failSafeDefaults: {
+    betaMode: true,
+    requireInviteCode: true,
+    betaMessage: ""
+  }
+};
+function createBetaClient(config = {}) {
+  const cfg = {
+    ...DEFAULT_CONFIG,
+    ...config,
+    failSafeDefaults: {
+      ...DEFAULT_CONFIG.failSafeDefaults,
+      ...config.failSafeDefaults
+    }
+  };
+  return {
+    fetchSettings: () => fetchBetaSettings(cfg),
+    validateCode: (code) => validateBetaCode(code, cfg),
+    storeCode: (code) => storeBetaCode(code, cfg),
+    getStoredCode: () => getStoredBetaCode(cfg),
+    clearStoredCode: () => clearStoredBetaCode(cfg)
+  };
+}
+async function fetchBetaSettings(config = {}) {
+  const cfg = { ...DEFAULT_CONFIG, ...config };
+  try {
+    const response = await fetch(
+      `${cfg.baseUrl}${cfg.settingsEndpoint}`,
+      {
+        method: "GET",
+        headers: { "Content-Type": "application/json" },
+        cache: "no-store"
+      }
+    );
+    if (!response.ok) {
+      throw new Error(`Failed to fetch beta settings: ${response.status}`);
+    }
+    const data = await response.json();
+    return {
+      betaMode: data.betaMode ?? cfg.failSafeDefaults.betaMode ?? true,
+      requireInviteCode: data.requireInviteCode ?? cfg.failSafeDefaults.requireInviteCode ?? true,
+      betaMessage: data.betaMessage ?? cfg.failSafeDefaults.betaMessage ?? ""
+    };
+  } catch (error) {
+    console.error("Error fetching beta settings:", error);
+    return {
+      betaMode: cfg.failSafeDefaults.betaMode ?? true,
+      requireInviteCode: cfg.failSafeDefaults.requireInviteCode ?? true,
+      betaMessage: cfg.failSafeDefaults.betaMessage ?? ""
+    };
+  }
+}
+async function validateBetaCode(code, config = {}) {
+  const cfg = { ...DEFAULT_CONFIG, ...config };
+  if (!code || code.trim().length < 3) {
+    return {
+      valid: false,
+      message: "Please enter a valid invite code."
+    };
+  }
+  try {
+    const response = await fetch(
+      `${cfg.baseUrl}${cfg.validateEndpoint}`,
+      {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ code: code.trim().toUpperCase() })
+      }
+    );
+    if (response.status === 429) {
+      return {
+        valid: false,
+        message: "Too many attempts. Please try again later."
+      };
+    }
+    if (!response.ok) {
+      throw new Error(`Validation request failed: ${response.status}`);
+    }
+    return await response.json();
+  } catch (error) {
+    console.error("Error validating invite code:", error);
+    return {
+      valid: false,
+      message: "Unable to validate code. Please try again."
+    };
+  }
+}
+function storeBetaCode(code, config = {}) {
+  const key = config.storageKey ?? DEFAULT_CONFIG.storageKey;
+  if (typeof window !== "undefined") {
+    sessionStorage.setItem(key, code.trim().toUpperCase());
+  }
+}
+function getStoredBetaCode(config = {}) {
+  const key = config.storageKey ?? DEFAULT_CONFIG.storageKey;
+  if (typeof window !== "undefined") {
+    return sessionStorage.getItem(key);
+  }
+  return null;
+}
+function clearStoredBetaCode(config = {}) {
+  const key = config.storageKey ?? DEFAULT_CONFIG.storageKey;
+  if (typeof window !== "undefined") {
+    sessionStorage.removeItem(key);
+  }
+}
 // src/env.ts
 function getRequiredEnv(key) {
   const value = process.env[key];
@@ -1134,20 +1340,27 @@ export {
   checkEnvVars,
   checkRateLimit,
   classifyError,
+  clearStoredBetaCode,
   constantTimeEqual,
   containsHtml,
   containsUrls,
   createAuditActor,
   createAuditLogger,
+  createBetaClient,
   createFeatureFlags,
   createMemoryRateLimitStore,
+  createRedisRateLimitStore,
   createSafeTextSchema,
   detectStage,
+  enforceRateLimit,
+  errorResponse,
   escapeHtml,
   extractAuditIp,
   extractAuditRequestId,
   extractAuditUserAgent,
+  extractBearerToken,
   extractClientIp,
+  fetchBetaSettings,
   getBoolEnv,
   getCorrelationId,
   getEndSessionEndpoint,
@@ -1156,6 +1369,7 @@ export {
   getOptionalEnv,
   getRateLimitStatus,
   getRequiredEnv,
+  getStoredBetaCode,
   getTokenEndpoint,
   hasAllRoles,
   hasAnyRole,
@@ -1163,13 +1377,17 @@ export {
   isAllowlisted,
   isApiError,
   isTokenExpired,
+  isValidBearerToken,
   parseKeycloakRoles,
   refreshKeycloakToken,
   resetRateLimitForKey,
   resolveIdentifier,
   resolveRateLimitIdentifier,
   sanitizeApiError,
+  storeBetaCode,
   stripHtml,
-  validateEnvVars
+  validateBetaCode,
+  validateEnvVars,
+  zodErrorResponse
 };
 //# sourceMappingURL=auth.mjs.map