@digitaldefiance/node-express-suite 3.11.32 → 3.12.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@digitaldefiance/node-express-suite",
-  "version": "3.11.32",
+  "version": "3.12.0",
   "homepage": "https://github.com/Digital-Defiance/node-express-suite",
   "repository": {
     "type": "git",

package/src/controllers/openapi.d.ts

@@ -0,0 +1,67 @@
+import { CoreLanguageCode } from '@digitaldefiance/i18n-lib';
+import { PlatformID } from '@digitaldefiance/node-ecies-lib';
+import '../openapi/schemas';
+import { IApiMessageResponse } from '@digitaldefiance/suite-core-lib';
+import { ApiErrorResponse, ApiRequestHandler, TypedHandlers } from '../types';
+import { BaseController } from './base';
+import { IApplication } from '../interfaces';
+/**
+ * OpenAPI specification response
+ */
+export interface IOpenAPIResponse extends IApiMessageResponse {
+    openapi: string;
+    info: {
+        title: string;
+        version: string;
+        description: string;
+    };
+    servers: Array<{
+        url: string;
+        description: string;
+    }>;
+    paths: Record<string, any>;
+    components: {
+        schemas: Record<string, any>;
+        securitySchemes: Record<string, any>;
+    };
+    [key: string]: unknown;
+}
+type DocsApiResponse = IOpenAPIResponse | ApiErrorResponse;
+interface DocsHandlers extends TypedHandlers {
+    getDocs: ApiRequestHandler<IOpenAPIResponse | ApiErrorResponse>;
+}
+/**
+ * Controller for API documentation endpoint.
+ *
+ * Provides the OpenAPI specification.
+ * The specification is built dynamically from registered controllers
+ * using their route definitions and OpenAPI metadata.
+ *
+ * ## Endpoints
+ *
+ * ### GET /api/openapi
+ * Returns the OpenAPI specification in JSON format.
+ *
+ * **Response:**
+ * - OpenAPI 3.0.3 specification with all endpoints
+ * - Request/response schemas for each endpoint
+ * - Authentication requirements per endpoint
+ * - Example requests and responses
+ *
+ * @requirements 10.1, 10.2, 10.3, 10.4
+ */
+export declare class OpenApiController<TID extends PlatformID = Buffer> extends BaseController<DocsApiResponse, DocsHandlers, CoreLanguageCode, TID> {
+    private static readonly API_VERSION;
+    private readonly builder;
+    constructor(application: IApplication<TID>);
+    protected initRouteDefinitions(): void;
+    /**
+     * GET /api/openapi
+     * Returns the OpenAPI specification in JSON format.
+     *
+     * @requirements 10.1, 10.2, 10.3, 10.4
+     */
+    private handleGetOpenApi;
+}
+export {};
+//# sourceMappingURL=openapi.d.ts.map

package/src/controllers/openapi.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openapi.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/controllers/openapi.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAE7D,OAAO,oBAAoB,CAAC;AAC5B,OAAO,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AACtE,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EAEjB,aAAa,EACd,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAC;AAExC,OAAO,EAAE,YAAY,EAAuB,MAAM,eAAe,CAAC;AAGlE;;GAEG;AACH,MAAM,WAAW,gBAAiB,SAAQ,mBAAmB;IAC3D,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,OAAO,EAAE,KAAK,CAAC;QACb,GAAG,EAAE,MAAM,CAAC;QACZ,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC,CAAC;IACH,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC3B,UAAU,EAAE;QACV,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC7B,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;KACtC,CAAC;IACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,KAAK,eAAe,GAAG,gBAAgB,GAAG,gBAAgB,CAAC;AAE3D,UAAU,YAAa,SAAQ,aAAa;IAC1C,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,GAAG,gBAAgB,CAAC,CAAC;CACjE;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,qBAAa,iBAAiB,CAC5B,GAAG,SAAS,UAAU,GAAG,MAAM,CAC/B,SAAQ,cAAc,CAAC,eAAe,EAAE,YAAY,EAAE,gBAAgB,EAAE,GAAG,CAAC;IAC5E,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAY;IAC/C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAiB;gBAE7B,WAAW,EAAE,YAAY,CAAC,GAAG,CAAC;IAW1C,SAAS,CAAC,oBAAoB,IAAI,IAAI;IAgCtC;;;;;OAKG;YACW,gBAAgB;CAiB/B"}

package/src/controllers/openapi.js

@@ -0,0 +1,89 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OpenApiController = void 0;
+// Import to trigger schema registration
+require("../openapi/schemas");
+const types_1 = require("../types");
+const base_1 = require("./base");
+const openapi_1 = require("../openapi");
+const registry_1 = require("../registry");
+/**
+ * Controller for API documentation endpoint.
+ *
+ * Provides the OpenAPI specification.
+ * The specification is built dynamically from registered controllers
+ * using their route definitions and OpenAPI metadata.
+ *
+ * ## Endpoints
+ *
+ * ### GET /api/openapi
+ * Returns the OpenAPI specification in JSON format.
+ *
+ * **Response:**
+ * - OpenAPI 3.0.3 specification with all endpoints
+ * - Request/response schemas for each endpoint
+ * - Authentication requirements per endpoint
+ * - Example requests and responses
+ *
+ * @requirements 10.1, 10.2, 10.3, 10.4
+ */
+class OpenApiController extends base_1.BaseController {
+    static API_VERSION = '0.12.0';
+    builder;
+    constructor(application) {
+        super(application);
+        this.builder = new openapi_1.OpenAPIBuilder({
+            title: 'Express Suite API',
+            version: OpenApiController.API_VERSION,
+            description: 'REST API for an Express Suite Servier',
+            servers: [{ url: '/api', description: 'API server' }],
+        });
+    }
+    initRouteDefinitions() {
+        this.routeDefinitions = [
+            (0, types_1.routeConfig)('get', '/', {
+                handlerKey: 'getDocs',
+                useAuthentication: false,
+                useCryptoAuthentication: false,
+                openapi: {
+                    summary: 'Get OpenAPI specification',
+                    description: 'Returns the OpenAPI specification in JSON format.',
+                    tags: ['Documentation'],
+                    responses: {
+                        200: {
+                            schema: 'OpenAPISpec',
+                            description: 'OpenAPI specification',
+                        },
+                    },
+                },
+            }),
+        ];
+        // Register this controller
+        registry_1.ControllerRegistry.register('/openapi', 'OpenApiController', this.routeDefinitions);
+        this.handlers = {
+            getDocs: this.handleGetOpenApi.bind(this),
+        };
+    }
+    /**
+     * GET /api/openapi
+     * Returns the OpenAPI specification in JSON format.
+     *
+     * @requirements 10.1, 10.2, 10.3, 10.4
+     */
+    async handleGetOpenApi() {
+        const spec = this.builder.build();
+        return {
+            statusCode: 200,
+            response: {
+                message: 'OpenAPI specification',
+                openapi: spec.openapi,
+                info: spec.info,
+                servers: spec.servers,
+                paths: spec.paths,
+                components: spec.components,
+            },
+        };
+    }
+}
+exports.OpenApiController = OpenApiController;
+//# sourceMappingURL=openapi.js.map

package/src/controllers/openapi.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"openapi.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/controllers/openapi.ts"],"names":[],"mappings":";;;AAGA,wCAAwC;AACxC,8BAA4B;AAE5B,oCAKkB;AAClB,iCAAwC;AACxC,wCAA4C;AAE5C,0CAAiD;AA8BjD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAa,iBAEX,SAAQ,qBAAoE;IACpE,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC;IAC9B,OAAO,CAAiB;IAEzC,YAAY,WAA8B;QACxC,KAAK,CAAC,WAAW,CAAC,CAAC;QAEnB,IAAI,CAAC,OAAO,GAAG,IAAI,wBAAc,CAAC;YAChC,KAAK,EAAE,mBAAmB;YAC1B,OAAO,EAAE,iBAAiB,CAAC,WAAW;YACtC,WAAW,EAAE,uCAAuC;YACpD,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;SACtD,CAAC,CAAC;IACL,CAAC;IAES,oBAAoB;QAC5B,IAAI,CAAC,gBAAgB,GAAG;YACtB,IAAA,mBAAW,EAAC,KAAK,EAAE,GAAG,EAAE;gBACtB,UAAU,EAAE,SAAS;gBACrB,iBAAiB,EAAE,KAAK;gBACxB,uBAAuB,EAAE,KAAK;gBAC9B,OAAO,EAAE;oBACP,OAAO,EAAE,2BAA2B;oBACpC,WAAW,EAAE,mDAAmD;oBAChE,IAAI,EAAE,CAAC,eAAe,CAAC;oBACvB,SAAS,EAAE;wBACT,GAAG,EAAE;4BACH,MAAM,EAAE,aAAa;4BACrB,WAAW,EAAE,uBAAuB;yBACrC;qBACF;iBACF;aACF,CAAC;SACH,CAAC;QAEF,2BAA2B;QAC3B,6BAAkB,CAAC,QAAQ,CACzB,UAAU,EACV,mBAAmB,EACnB,IAAI,CAAC,gBAAgB,CACtB,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG;YACd,OAAO,EAAE,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;SAC1C,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,gBAAgB;QAG5B,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QAElC,OAAO;YACL,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE;gBACR,OAAO,EAAE,uBAAuB;gBAChC,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,UAAU,EAAE,IAAI,CAAC,UAAU;aAC5B;SACF,CAAC;IACJ,CAAC;;AAvEH,8CAwEC"}

package/src/decorators/auth.d.ts

@@ -0,0 +1,128 @@
+/**
+ * @fileoverview Authentication decorators for Express Suite.
+ * Provides @RequireAuth, @RequireCryptoAuth, @Public, and @AuthFailureStatus decorators.
+ * Supports both class-level and method-level application.
+ * @module decorators/auth
+ */
+import 'reflect-metadata';
+import { AuthMetadata } from '../interfaces/openApi/decoratorOptions';
+/**
+ * Decorator that requires JWT authentication for a route or all routes in a controller.
+ * Can be applied at class level (affects all methods) or method level.
+ * Automatically adds 401 response to OpenAPI spec.
+ *
+ * @returns Class or method decorator
+ *
+ * @example
+ * ```typescript
+ * // Class-level - all routes require auth
+ * @RequireAuth()
+ * @ApiController('/api/users')
+ * class UserController {
+ *   @Get('/')
+ *   listUsers() {}
+ * }
+ *
+ * // Method-level
+ * @ApiController('/api/items')
+ * class ItemController {
+ *   @Get('/')
+ *   listItems() {} // Public
+ *
+ *   @RequireAuth()
+ *   @Post('/')
+ *   createItem() {} // Requires auth
+ * }
+ * ```
+ */
+export declare function RequireAuth(): ClassDecorator & MethodDecorator;
+/**
+ * Decorator that requires ECIES crypto authentication for a route or all routes in a controller.
+ * Can be applied at class level (affects all methods) or method level.
+ * Automatically adds 401 response to OpenAPI spec.
+ *
+ * @returns Class or method decorator
+ *
+ * @example
+ * ```typescript
+ * // Class-level - all routes require crypto auth
+ * @RequireCryptoAuth()
+ * @ApiController('/api/secure')
+ * class SecureController {
+ *   @Get('/data')
+ *   getData() {}
+ * }
+ *
+ * // Method-level
+ * @ApiController('/api/items')
+ * class ItemController {
+ *   @RequireCryptoAuth()
+ *   @Post('/encrypted')
+ *   createEncrypted() {} // Requires crypto auth
+ * }
+ * ```
+ */
+export declare function RequireCryptoAuth(): ClassDecorator & MethodDecorator;
+/**
+ * Decorator that explicitly marks a route as public (no authentication required).
+ * Useful for overriding class-level authentication requirements.
+ * Can be applied at class level or method level.
+ *
+ * @returns Class or method decorator
+ *
+ * @example
+ * ```typescript
+ * @RequireAuth() // All routes require auth by default
+ * @ApiController('/api/users')
+ * class UserController {
+ *   @Get('/:id')
+ *   getUser() {} // Requires auth (inherited)
+ *
+ *   @Public()
+ *   @Get('/public-profile/:id')
+ *   getPublicProfile() {} // No auth required (overridden)
+ * }
+ * ```
+ */
+export declare function Public(): ClassDecorator & MethodDecorator;
+/**
+ * Decorator that sets a custom status code for authentication failures.
+ * Can be applied at class level (affects all methods) or method level.
+ *
+ * @param statusCode - HTTP status code to return on auth failure (default is 401)
+ * @returns Class or method decorator
+ *
+ * @example
+ * ```typescript
+ * @RequireAuth()
+ * @AuthFailureStatus(403) // Return 403 instead of 401 for all routes
+ * @ApiController('/api/admin')
+ * class AdminController {
+ *   @Get('/dashboard')
+ *   getDashboard() {}
+ *
+ *   @AuthFailureStatus(404) // Return 404 for this specific route
+ *   @Get('/secret')
+ *   getSecret() {}
+ * }
+ * ```
+ */
+export declare function AuthFailureStatus(statusCode: number): ClassDecorator & MethodDecorator;
+/**
+ * Gets the effective auth metadata for a method, merging class-level and method-level settings.
+ * Method-level settings override class-level settings.
+ *
+ * @param target - The class constructor
+ * @param propertyKey - The method name
+ * @returns The merged auth metadata
+ */
+export declare function getEffectiveAuthMetadata(target: object, propertyKey: string | symbol): AuthMetadata;
+/**
+ * Checks if a route requires authentication based on merged metadata.
+ *
+ * @param target - The class constructor
+ * @param propertyKey - The method name
+ * @returns True if the route requires any form of authentication
+ */
+export declare function requiresAuthentication(target: object, propertyKey: string | symbol): boolean;
+//# sourceMappingURL=auth.d.ts.map

package/src/decorators/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/decorators/auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,kBAAkB,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,MAAM,wCAAwC,CAAC;AA0EtE;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAgB,WAAW,IAAI,cAAc,GAAG,eAAe,CAQ9D;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,iBAAiB,IAAI,cAAc,GAAG,eAAe,CAQpE;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,MAAM,IAAI,cAAc,GAAG,eAAe,CAOzD;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,iBAAiB,CAC/B,UAAU,EAAE,MAAM,GACjB,cAAc,GAAG,eAAe,CAOlC;AAED;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,GAAG,MAAM,GAC3B,YAAY,CAoBd;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,GAAG,MAAM,GAC3B,OAAO,CAMT"}

package/src/decorators/auth.js

@@ -0,0 +1,230 @@
+"use strict";
+/**
+ * @fileoverview Authentication decorators for Express Suite.
+ * Provides @RequireAuth, @RequireCryptoAuth, @Public, and @AuthFailureStatus decorators.
+ * Supports both class-level and method-level application.
+ * @module decorators/auth
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RequireAuth = RequireAuth;
+exports.RequireCryptoAuth = RequireCryptoAuth;
+exports.Public = Public;
+exports.AuthFailureStatus = AuthFailureStatus;
+exports.getEffectiveAuthMetadata = getEffectiveAuthMetadata;
+exports.requiresAuthentication = requiresAuthentication;
+require("reflect-metadata");
+const metadata_keys_1 = require("./metadata-keys");
+const metadata_collector_1 = require("./metadata-collector");
+/**
+ * Response metadata for 401 Unauthorized response.
+ */
+const UNAUTHORIZED_RESPONSE = {
+    statusCode: 401,
+    description: 'Unauthorized - Authentication required',
+    schema: 'ErrorResponse',
+};
+/**
+ * Adds 401 response to OpenAPI metadata for authenticated routes.
+ * @param target - The target object (class constructor or prototype)
+ * @param propertyKey - Optional property key for method-level metadata
+ */
+function addUnauthorizedResponse(target, propertyKey) {
+    const existingResponses = (0, metadata_collector_1.getMetadataOrDefault)(metadata_keys_1.RESPONSE_METADATA, target, propertyKey, []);
+    // Check if 401 response already exists
+    const has401 = existingResponses.some((r) => r.statusCode === 401);
+    if (!has401) {
+        existingResponses.push(UNAUTHORIZED_RESPONSE);
+        (0, metadata_collector_1.setMetadata)(metadata_keys_1.RESPONSE_METADATA, existingResponses, target, propertyKey);
+    }
+}
+/**
+ * Creates a decorator that can be applied to both classes and methods.
+ * @param applyMetadata - Function to apply the metadata
+ * @returns A decorator function
+ */
+function createAuthDecorator(applyMetadata) {
+    function decorator(target, propertyKey, descriptor) {
+        if (propertyKey !== undefined && descriptor !== undefined) {
+            // Method decorator
+            applyMetadata(target.constructor, propertyKey);
+            return descriptor;
+        }
+        else {
+            // Class decorator
+            applyMetadata(target);
+            return target;
+        }
+    }
+    return decorator;
+}
+/**
+ * Decorator that requires JWT authentication for a route or all routes in a controller.
+ * Can be applied at class level (affects all methods) or method level.
+ * Automatically adds 401 response to OpenAPI spec.
+ *
+ * @returns Class or method decorator
+ *
+ * @example
+ * ```typescript
+ * // Class-level - all routes require auth
+ * @RequireAuth()
+ * @ApiController('/api/users')
+ * class UserController {
+ *   @Get('/')
+ *   listUsers() {}
+ * }
+ *
+ * // Method-level
+ * @ApiController('/api/items')
+ * class ItemController {
+ *   @Get('/')
+ *   listItems() {} // Public
+ *
+ *   @RequireAuth()
+ *   @Post('/')
+ *   createItem() {} // Requires auth
+ * }
+ * ```
+ */
+function RequireAuth() {
+    return createAuthDecorator((target, propertyKey) => {
+        const authMetadata = {
+            requireAuth: true,
+        };
+        (0, metadata_collector_1.mergeMetadata)(metadata_keys_1.AUTH_METADATA, authMetadata, target, propertyKey);
+        addUnauthorizedResponse(target, propertyKey);
+    });
+}
+/**
+ * Decorator that requires ECIES crypto authentication for a route or all routes in a controller.
+ * Can be applied at class level (affects all methods) or method level.
+ * Automatically adds 401 response to OpenAPI spec.
+ *
+ * @returns Class or method decorator
+ *
+ * @example
+ * ```typescript
+ * // Class-level - all routes require crypto auth
+ * @RequireCryptoAuth()
+ * @ApiController('/api/secure')
+ * class SecureController {
+ *   @Get('/data')
+ *   getData() {}
+ * }
+ *
+ * // Method-level
+ * @ApiController('/api/items')
+ * class ItemController {
+ *   @RequireCryptoAuth()
+ *   @Post('/encrypted')
+ *   createEncrypted() {} // Requires crypto auth
+ * }
+ * ```
+ */
+function RequireCryptoAuth() {
+    return createAuthDecorator((target, propertyKey) => {
+        const authMetadata = {
+            requireCryptoAuth: true,
+        };
+        (0, metadata_collector_1.mergeMetadata)(metadata_keys_1.AUTH_METADATA, authMetadata, target, propertyKey);
+        addUnauthorizedResponse(target, propertyKey);
+    });
+}
+/**
+ * Decorator that explicitly marks a route as public (no authentication required).
+ * Useful for overriding class-level authentication requirements.
+ * Can be applied at class level or method level.
+ *
+ * @returns Class or method decorator
+ *
+ * @example
+ * ```typescript
+ * @RequireAuth() // All routes require auth by default
+ * @ApiController('/api/users')
+ * class UserController {
+ *   @Get('/:id')
+ *   getUser() {} // Requires auth (inherited)
+ *
+ *   @Public()
+ *   @Get('/public-profile/:id')
+ *   getPublicProfile() {} // No auth required (overridden)
+ * }
+ * ```
+ */
+function Public() {
+    return createAuthDecorator((target, propertyKey) => {
+        const authMetadata = {
+            isPublic: true,
+        };
+        (0, metadata_collector_1.mergeMetadata)(metadata_keys_1.AUTH_METADATA, authMetadata, target, propertyKey);
+    });
+}
+/**
+ * Decorator that sets a custom status code for authentication failures.
+ * Can be applied at class level (affects all methods) or method level.
+ *
+ * @param statusCode - HTTP status code to return on auth failure (default is 401)
+ * @returns Class or method decorator
+ *
+ * @example
+ * ```typescript
+ * @RequireAuth()
+ * @AuthFailureStatus(403) // Return 403 instead of 401 for all routes
+ * @ApiController('/api/admin')
+ * class AdminController {
+ *   @Get('/dashboard')
+ *   getDashboard() {}
+ *
+ *   @AuthFailureStatus(404) // Return 404 for this specific route
+ *   @Get('/secret')
+ *   getSecret() {}
+ * }
+ * ```
+ */
+function AuthFailureStatus(statusCode) {
+    return createAuthDecorator((target, propertyKey) => {
+        const authMetadata = {
+            failureStatusCode: statusCode,
+        };
+        (0, metadata_collector_1.mergeMetadata)(metadata_keys_1.AUTH_METADATA, authMetadata, target, propertyKey);
+    });
+}
+/**
+ * Gets the effective auth metadata for a method, merging class-level and method-level settings.
+ * Method-level settings override class-level settings.
+ *
+ * @param target - The class constructor
+ * @param propertyKey - The method name
+ * @returns The merged auth metadata
+ */
+function getEffectiveAuthMetadata(target, propertyKey) {
+    // Get class-level auth metadata
+    const classAuth = (0, metadata_collector_1.getMetadata)(metadata_keys_1.AUTH_METADATA, target) ?? {};
+    // Get method-level auth metadata
+    const methodAuth = (0, metadata_collector_1.getMetadata)(metadata_keys_1.AUTH_METADATA, target, propertyKey) ?? {};
+    // Method-level overrides class-level
+    const merged = { ...classAuth, ...methodAuth };
+    // If method is explicitly public, clear auth requirements
+    if (merged.isPublic) {
+        return {
+            isPublic: true,
+            failureStatusCode: merged.failureStatusCode,
+        };
+    }
+    return merged;
+}
+/**
+ * Checks if a route requires authentication based on merged metadata.
+ *
+ * @param target - The class constructor
+ * @param propertyKey - The method name
+ * @returns True if the route requires any form of authentication
+ */
+function requiresAuthentication(target, propertyKey) {
+    const auth = getEffectiveAuthMetadata(target, propertyKey);
+    if (auth.isPublic) {
+        return false;
+    }
+    return auth.requireAuth === true || auth.requireCryptoAuth === true;
+}
+//# sourceMappingURL=auth.js.map

package/src/decorators/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/decorators/auth.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AA0GH,kCAQC;AA4BD,8CAQC;AAuBD,wBAOC;AAwBD,8CASC;AAUD,4DAuBC;AASD,wDASC;AAtQD,4BAA0B;AAE1B,mDAAmE;AACnE,6DAK8B;AAE9B;;GAEG;AACH,MAAM,qBAAqB,GAAG;IAC5B,UAAU,EAAE,GAAG;IACf,WAAW,EAAE,wCAAwC;IACrD,MAAM,EAAE,eAAe;CACxB,CAAC;AAEF;;;;GAIG;AACH,SAAS,uBAAuB,CAC9B,MAAc,EACd,WAA6B;IAE7B,MAAM,iBAAiB,GAAG,IAAA,yCAAoB,EAE5C,iCAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC;IAE9C,uCAAuC;IACvC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,GAAG,CAAC,CAAC;IACnE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,iBAAiB,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAC9C,IAAA,gCAAW,EAAC,iCAAiB,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,mBAAmB,CAC1B,aAAsE;IAUtE,SAAS,SAAS,CAChB,MAA0B,EAC1B,WAA6B,EAC7B,UAA+B;QAE/B,IAAI,WAAW,KAAK,SAAS,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC1D,mBAAmB;YACnB,aAAa,CAAC,MAAM,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;YAC/C,OAAO,UAAU,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,kBAAkB;YAClB,aAAa,CAAC,MAAgB,CAAC,CAAC;YAChC,OAAO,MAAmB,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,OAAO,SAA6C,CAAC;AACvD,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,SAAgB,WAAW;IACzB,OAAO,mBAAmB,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE;QACjD,MAAM,YAAY,GAAiB;YACjC,WAAW,EAAE,IAAI;SAClB,CAAC;QACF,IAAA,kCAAa,EAAC,6BAAa,EAAE,YAAY,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;QAChE,uBAAuB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,SAAgB,iBAAiB;IAC/B,OAAO,mBAAmB,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE;QACjD,MAAM,YAAY,GAAiB;YACjC,iBAAiB,EAAE,IAAI;SACxB,CAAC;QACF,IAAA,kCAAa,EAAC,6BAAa,EAAE,YAAY,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;QAChE,uBAAuB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAgB,MAAM;IACpB,OAAO,mBAAmB,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE;QACjD,MAAM,YAAY,GAAiB;YACjC,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,IAAA,kCAAa,EAAC,6BAAa,EAAE,YAAY,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,SAAgB,iBAAiB,CAC/B,UAAkB;IAElB,OAAO,mBAAmB,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE;QACjD,MAAM,YAAY,GAAiB;YACjC,iBAAiB,EAAE,UAAU;SAC9B,CAAC;QACF,IAAA,kCAAa,EAAC,6BAAa,EAAE,YAAY,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,wBAAwB,CACtC,MAAc,EACd,WAA4B;IAE5B,gCAAgC;IAChC,MAAM,SAAS,GAAG,IAAA,gCAAW,EAAe,6BAAa,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;IAEzE,iCAAiC;IACjC,MAAM,UAAU,GACd,IAAA,gCAAW,EAAe,6BAAa,EAAE,MAAM,EAAE,WAAW,CAAC,IAAI,EAAE,CAAC;IAEtE,qCAAqC;IACrC,MAAM,MAAM,GAAiB,EAAE,GAAG,SAAS,EAAE,GAAG,UAAU,EAAE,CAAC;IAE7D,0DAA0D;IAC1D,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;SAC5C,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,sBAAsB,CACpC,MAAc,EACd,WAA4B;IAE5B,MAAM,IAAI,GAAG,wBAAwB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC3D,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC,WAAW,KAAK,IAAI,IAAI,IAAI,CAAC,iBAAiB,KAAK,IAAI,CAAC;AACtE,CAAC"}