@estopia/shared 1.0.0 → 1.0.1

package/dist/broker/eventTypes.d.ts

@@ -0,0 +1,20 @@
+export interface UserRegisteredEvent {
+    userId: string;
+    email: string;
+    verificationCode: string;
+}
+export interface PasswordResetEvent {
+    userId: string;
+    email: string;
+    resetToken: string;
+}
+export type EventPayloads = UserRegisteredEvent | PasswordResetEvent;
+export interface EventMap {
+    USER_REGISTERED: UserRegisteredEvent;
+    PASSWORD_RESET: PasswordResetEvent;
+}
+export declare const EVENTS: {
+    readonly USER_REGISTERED: "user.registered";
+    readonly PASSWORD_RESET: "password.reset";
+};
+//# sourceMappingURL=eventTypes.d.ts.map

package/dist/broker/eventTypes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"eventTypes.d.ts","sourceRoot":"","sources":["../../src/broker/eventTypes.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,aAAa,GAAG,mBAAmB,GAAG,kBAAkB,CAAC;AAErE,MAAM,WAAW,QAAQ;IACvB,eAAe,EAAE,mBAAmB,CAAC;IACrC,cAAc,EAAE,kBAAkB,CAAC;CACpC;AAED,eAAO,MAAM,MAAM;;;CAGT,CAAC"}

package/dist/broker/eventTypes.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EVENTS = void 0;
+exports.EVENTS = {
+    USER_REGISTERED: 'user.registered',
+    PASSWORD_RESET: 'password.reset',
+};
+//# sourceMappingURL=eventTypes.js.map

package/dist/broker/eventTypes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"eventTypes.js","sourceRoot":"","sources":["../../src/broker/eventTypes.ts"],"names":[],"mappings":";;;AAmBa,QAAA,MAAM,GAAG;IACpB,eAAe,EAAE,iBAAiB;IAClC,cAAc,EAAE,gBAAgB;CACxB,CAAC"}

package/dist/broker/publisher.d.ts

@@ -0,0 +1,16 @@
+import { EventMap } from './eventTypes';
+export declare class EventPublisher {
+    private url;
+    private connection?;
+    private channel?;
+    private exchange;
+    constructor(url: string);
+    connect(): Promise<void>;
+    /**
+     * Publish an event. The payload type is keyed by the same keys used in your EventPayloads map.
+     * Ensures the routing key exists in EVENTS and that the publisher is connected.
+     */
+    publish<K extends keyof EventMap>(eventName: K, payload: EventMap[K]): Promise<void>;
+    close(): Promise<void>;
+}
+//# sourceMappingURL=publisher.d.ts.map

package/dist/broker/publisher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"publisher.d.ts","sourceRoot":"","sources":["../../src/broker/publisher.ts"],"names":[],"mappings":"AACA,OAAO,EAAiB,QAAQ,EAAU,MAAM,cAAc,CAAC;AAE/D,qBAAa,cAAc;IAKb,OAAO,CAAC,GAAG;IAJvB,OAAO,CAAC,UAAU,CAAC,CAAM;IACzB,OAAO,CAAC,OAAO,CAAC,CAAM;IACtB,OAAO,CAAC,QAAQ,CAAoB;gBAEhB,GAAG,EAAE,MAAM;IAEzB,OAAO;IAOb;;;OAGG;IACG,OAAO,CAAC,CAAC,SAAS,MAAM,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IA8CpE,KAAK;CAcZ"}

package/dist/broker/publisher.js

@@ -0,0 +1,124 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EventPublisher = void 0;
+const amqplib = __importStar(require("amqplib"));
+const eventTypes_1 = require("./eventTypes");
+class EventPublisher {
+    url;
+    connection;
+    channel;
+    exchange = 'estopia.events';
+    constructor(url) {
+        this.url = url;
+    }
+    async connect() {
+        if (this.connection && this.channel)
+            return; // already connected
+        this.connection = await amqplib.connect(this.url);
+        this.channel = await this.connection.createChannel();
+        await this.channel.assertExchange(this.exchange, 'topic', { durable: true });
+    }
+    /**
+     * Publish an event. The payload type is keyed by the same keys used in your EventPayloads map.
+     * Ensures the routing key exists in EVENTS and that the publisher is connected.
+     */
+    async publish(eventName, payload) {
+        // Auto-connect if needed
+        if (!this.channel) {
+            await this.connect();
+        }
+        const routingKey = eventTypes_1.EVENTS[eventName];
+        if (!routingKey || typeof routingKey !== 'string') {
+            throw new Error(`No routing key configured for event ${String(eventName)}`);
+        }
+        let body;
+        try {
+            body = Buffer.from(JSON.stringify(payload));
+        }
+        catch (err) {
+            throw new Error('Failed to serialize payload for publish');
+        }
+        // Basic retry with exponential backoff
+        const maxRetries = 3;
+        const baseBackoffMs = 200;
+        for (let attempt = 0; attempt <= maxRetries; attempt++) {
+            try {
+                // channel.publish is synchronous; wrap in try/catch in case of closed channel
+                this.channel.publish(this.exchange, routingKey, body, { persistent: true });
+                return;
+            }
+            catch (err) {
+                // if last attempt, rethrow
+                if (attempt === maxRetries)
+                    throw err;
+                // try reconnect + backoff
+                try {
+                    // reset connection and attempt reconnect
+                    await this.close();
+                }
+                catch (_) { }
+                try {
+                    await this.connect();
+                }
+                catch (_) {
+                    // failed to reconnect, will backoff and retry loop
+                }
+                const backoff = baseBackoffMs * Math.pow(2, attempt);
+                await new Promise((res) => setTimeout(res, backoff));
+            }
+        }
+    }
+    async close() {
+        try {
+            if (this.channel)
+                await this.channel.close();
+        }
+        catch (e) {
+            // ignore
+        }
+        try {
+            if (this.connection)
+                await this.connection.close();
+        }
+        catch (e) {
+            // ignore
+        }
+        this.channel = undefined;
+        this.connection = undefined;
+    }
+}
+exports.EventPublisher = EventPublisher;
+//# sourceMappingURL=publisher.js.map

package/dist/broker/publisher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"publisher.js","sourceRoot":"","sources":["../../src/broker/publisher.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AACnC,6CAA+D;AAE/D,MAAa,cAAc;IAKL;IAJZ,UAAU,CAAO;IACjB,OAAO,CAAO;IACd,QAAQ,GAAG,gBAAgB,CAAC;IAEpC,YAAoB,GAAW;QAAX,QAAG,GAAH,GAAG,CAAQ;IAAG,CAAC;IAEnC,KAAK,CAAC,OAAO;QACX,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO,CAAC,oBAAoB;QACjE,IAAI,CAAC,UAAU,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClD,IAAI,CAAC,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;QACrD,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAO,CAA2B,SAAY,EAAE,OAAoB;QACxE,yBAAyB;QACzB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QACvB,CAAC;QAED,MAAM,UAAU,GAAG,mBAAM,CAAC,SAAgC,CAAC,CAAC;QAC5D,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CAAC,uCAAuC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAC9E,CAAC;QAED,IAAI,IAAY,CAAC;QACjB,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QAED,uCAAuC;QACvC,MAAM,UAAU,GAAG,CAAC,CAAC;QACrB,MAAM,aAAa,GAAG,GAAG,CAAC;QAE1B,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;YACvD,IAAI,CAAC;gBACH,8EAA8E;gBAC9E,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC5E,OAAO;YACT,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,2BAA2B;gBAC3B,IAAI,OAAO,KAAK,UAAU;oBAAE,MAAM,GAAG,CAAC;gBACtC,0BAA0B;gBAC1B,IAAI,CAAC;oBACH,yCAAyC;oBACzC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC,CAAA,CAAC;gBACd,IAAI,CAAC;oBACH,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;gBACvB,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,mDAAmD;gBACrD,CAAC;gBACD,MAAM,OAAO,GAAG,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;gBACrD,MAAM,IAAI,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,OAAO;gBAAE,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QAC/C,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,SAAS;QACX,CAAC;QACD,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,UAAU;gBAAE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACrD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,SAAS;QACX,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;QACzB,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;IAC9B,CAAC;CACF;AA9ED,wCA8EC"}

package/dist/broker/subscriber.d.ts

@@ -0,0 +1,14 @@
+import { EventMap } from './eventTypes';
+type EventHandler<T> = (payload: T) => Promise<void> | void;
+export declare class EventSubscriber {
+    private url;
+    private connection?;
+    private channel?;
+    private exchange;
+    constructor(url: string);
+    connect(): Promise<void>;
+    subscribe<K extends keyof EventMap>(eventName: K, handler: EventHandler<EventMap[K]>): Promise<void>;
+    close(): Promise<void>;
+}
+export {};
+//# sourceMappingURL=subscriber.d.ts.map

package/dist/broker/subscriber.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"subscriber.d.ts","sourceRoot":"","sources":["../../src/broker/subscriber.ts"],"names":[],"mappings":"AACA,OAAO,EAAU,QAAQ,EAAE,MAAM,cAAc,CAAC;AAEhD,KAAK,YAAY,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AAE5D,qBAAa,eAAe;IAKd,OAAO,CAAC,GAAG;IAJvB,OAAO,CAAC,UAAU,CAAC,CAAM;IACzB,OAAO,CAAC,OAAO,CAAC,CAAM;IACtB,OAAO,CAAC,QAAQ,CAAoB;gBAEhB,GAAG,EAAE,MAAM;IAEzB,OAAO;IAOP,SAAS,CAAC,CAAC,SAAS,MAAM,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE,OAAO,EAAE,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAyBpF,KAAK;CAMZ"}

package/dist/broker/subscriber.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EventSubscriber = void 0;
+const amqplib = require('amqplib');
+const eventTypes_1 = require("./eventTypes");
+class EventSubscriber {
+    url;
+    connection;
+    channel;
+    exchange = 'estopia.events';
+    constructor(url) {
+        this.url = url;
+    }
+    async connect() {
+        if (this.connection && this.channel)
+            return;
+        this.connection = await amqplib.connect(this.url);
+        this.channel = await this.connection.createChannel();
+        await this.channel.assertExchange(this.exchange, 'topic', { durable: true });
+    }
+    async subscribe(eventName, handler) {
+        if (!this.channel)
+            throw new Error('Subscriber not connected');
+        const q = await this.channel.assertQueue('', { exclusive: true });
+        const routing = eventTypes_1.EVENTS[eventName];
+        await this.channel.bindQueue(q.queue, this.exchange, routing);
+        await this.channel.consume(q.queue, (msg) => {
+            if (msg) {
+                let payload;
+                try {
+                    payload = JSON.parse(msg.content.toString());
+                }
+                catch (err) {
+                    // malformed message -> nack and requeue false
+                    this.channel?.nack(msg, false, false);
+                    return;
+                }
+                Promise.resolve(handler(payload))
+                    .then(() => this.channel?.ack(msg))
+                    .catch(() => this.channel?.nack(msg, false, true));
+            }
+        });
+    }
+    async close() {
+        try {
+            if (this.channel)
+                await this.channel.close();
+        }
+        catch (e) { }
+        try {
+            if (this.connection)
+                await this.connection.close();
+        }
+        catch (e) { }
+        this.channel = undefined;
+        this.connection = undefined;
+    }
+}
+exports.EventSubscriber = EventSubscriber;
+//# sourceMappingURL=subscriber.js.map

package/dist/broker/subscriber.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"subscriber.js","sourceRoot":"","sources":["../../src/broker/subscriber.ts"],"names":[],"mappings":";;;AAAA,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;AACnC,6CAAgD;AAIhD,MAAa,eAAe;IAKN;IAJZ,UAAU,CAAO;IACjB,OAAO,CAAO;IACd,QAAQ,GAAG,gBAAgB,CAAC;IAEpC,YAAoB,GAAW;QAAX,QAAG,GAAH,GAAG,CAAQ;IAAG,CAAC;IAEnC,KAAK,CAAC,OAAO;QACX,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;QAC5C,IAAI,CAAC,UAAU,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClD,IAAI,CAAC,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;QACrD,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,KAAK,CAAC,SAAS,CAA2B,SAAY,EAAE,OAAkC;QACxF,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAE/D,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACpE,MAAM,OAAO,GAAG,mBAAM,CAAC,SAAgC,CAAC,CAAC;QACzD,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAE5D,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,GAAe,EAAE,EAAE;YACtD,IAAI,GAAG,EAAE,CAAC;gBACR,IAAI,OAAoB,CAAC;gBACzB,IAAI,CAAC;oBACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC/C,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,8CAA8C;oBAC9C,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;oBACtC,OAAO;gBACT,CAAC;gBAED,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;qBAC9B,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;qBAClC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;YACvD,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC;YAAC,IAAI,IAAI,CAAC,OAAO;gBAAE,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QAAC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;QACnE,IAAI,CAAC;YAAC,IAAI,IAAI,CAAC,UAAU;gBAAE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QAAC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;QACzE,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;QACzB,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;IAC9B,CAAC;CACF;AA7CD,0CA6CC"}

package/dist/database/cockroach.d.ts

@@ -0,0 +1,11 @@
+import { CockroachConfig } from './types';
+import { Kysely } from 'kysely';
+import { DB } from './dataTypes';
+/**
+ * Creates and tests a new connection pool for a CockroachDB cluster.
+ * * @param config - The connection configuration for CockroachDB.
+ * @returns A promise that resolves to a connected Pool instance.
+ * @throws Will throw an error if the connection fails.
+ */
+export declare function createCockroachDBConnection(config: CockroachConfig): Promise<Kysely<DB>>;
+//# sourceMappingURL=cockroach.d.ts.map

package/dist/database/cockroach.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cockroach.d.ts","sourceRoot":"","sources":["../../src/database/cockroach.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAmB,MAAM,QAAQ,CAAC;AACjD,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AAEjC;;;;;GAKG;AACH,wBAAsB,2BAA2B,CAAC,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAe9F"}

package/dist/database/cockroach.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createCockroachDBConnection = createCockroachDBConnection;
+const pg_1 = require("pg");
+const kysely_1 = require("kysely");
+/**
+ * Creates and tests a new connection pool for a CockroachDB cluster.
+ * * @param config - The connection configuration for CockroachDB.
+ * @returns A promise that resolves to a connected Pool instance.
+ * @throws Will throw an error if the connection fails.
+ */
+async function createCockroachDBConnection(config) {
+    try {
+        const db = new kysely_1.Kysely({
+            dialect: new kysely_1.PostgresDialect({
+                pool: new pg_1.Pool(config)
+            })
+        });
+        console.log('Successfully connected to CockroachDB.');
+        return db;
+    }
+    catch (error) {
+        console.error('Failed to connect to CockroachDB:', error);
+        throw error;
+    }
+}
+//# sourceMappingURL=cockroach.js.map

package/dist/database/cockroach.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cockroach.js","sourceRoot":"","sources":["../../src/database/cockroach.ts"],"names":[],"mappings":";;AAWA,kEAeC;AA1BD,2BAA0B;AAE1B,mCAAiD;AAGjD;;;;;GAKG;AACI,KAAK,UAAU,2BAA2B,CAAC,MAAuB;IACvE,IAAI,CAAC;QAEH,MAAM,EAAE,GAAG,IAAI,eAAM,CAAK;YACxB,OAAO,EAAE,IAAI,wBAAe,CAAC;gBAC3B,IAAI,EAAE,IAAI,SAAI,CAAC,MAAM,CAAC;aACvB,CAAC;SACH,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;QACtD,OAAO,EAAE,CAAC;IACZ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,mCAAmC,EAAE,KAAK,CAAC,CAAC;QAC1D,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/database/dataTypes.d.ts

@@ -0,0 +1,99 @@
+/**
+ * This file was generated by kysely-codegen.
+ * Please do not edit it manually.
+ */
+import type { ColumnType } from "kysely";
+export type AppType = "medAndroid" | "medIOS" | "web";
+export type FactorAuthType = "email" | "whatsapp";
+export type Generated<T> = T extends ColumnType<infer S, infer I, infer U> ? ColumnType<S, I | undefined, U> : ColumnType<T, T | undefined, T>;
+export type Int8 = ColumnType<string, bigint | number | string, bigint | number | string>;
+export type Timestamp = ColumnType<Date, Date | string, Date | string>;
+export type VerificationType = "email" | "password_reset" | "phone";
+export interface AuthApps {
+    id: Generated<Int8>;
+    name: string;
+    secret: string;
+    user_id: Int8;
+}
+export interface FactorAuthentication {
+    code: string;
+    data: string;
+    expiry_at: Timestamp;
+    id: Generated<Int8>;
+    is_verified: Generated<boolean | null>;
+    type: FactorAuthType;
+    user_id: Int8;
+}
+export interface NotificationSettings {
+    added_to_dm: Generated<boolean | null>;
+    direct_call: Generated<boolean | null>;
+    direct_message: Generated<boolean | null>;
+    group_dm_mention: Generated<boolean | null>;
+    group_dm_message: Generated<boolean | null>;
+    id: Generated<Int8>;
+    server_everyone_mention: Generated<boolean | null>;
+    server_mention: Generated<boolean | null>;
+    server_reply: Generated<boolean | null>;
+    user_id: Int8;
+}
+export interface Passkeys {
+    counter: Int8;
+    id: Generated<Int8>;
+    key_id: Buffer;
+    name: string | null;
+    public_key: Buffer;
+    transports: string[] | null;
+    user_id: Int8;
+}
+export interface Pgmigrations {
+    id: Generated<Int8>;
+    name: string;
+    run_on: Timestamp;
+}
+export interface SecureTokens {
+    created_at: Generated<Timestamp>;
+    expiry_at: Timestamp;
+    id: Generated<Int8>;
+    token_uuid: string;
+    user_id: Int8;
+}
+export interface Tokens {
+    app: AppType | null;
+    created_at: Generated<Timestamp>;
+    expiry_at: Timestamp;
+    fcm_token: string | null;
+    id: Generated<Int8>;
+    refresh_token: string;
+    user_id: Int8;
+}
+export interface Users {
+    created_at: Generated<Timestamp>;
+    disabled: Generated<boolean | null>;
+    icon_url: string | null;
+    id: Generated<Int8>;
+    is_admin: Generated<boolean | null>;
+    password_hash: string;
+    username: string;
+}
+export interface UserVerifications {
+    created_at: Generated<Timestamp>;
+    data: string | null;
+    expiry_at: Timestamp;
+    id: Generated<Int8>;
+    is_verified: Generated<boolean | null>;
+    ownership_code: string;
+    type: VerificationType;
+    user_id: Int8;
+}
+export interface DB {
+    auth_apps: AuthApps;
+    factor_authentication: FactorAuthentication;
+    notification_settings: NotificationSettings;
+    passkeys: Passkeys;
+    pgmigrations: Pgmigrations;
+    secure_tokens: SecureTokens;
+    tokens: Tokens;
+    user_verifications: UserVerifications;
+    users: Users;
+}
+//# sourceMappingURL=dataTypes.d.ts.map

package/dist/database/dataTypes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dataTypes.d.ts","sourceRoot":"","sources":["../../src/database/dataTypes.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEzC,MAAM,MAAM,OAAO,GAAG,YAAY,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEtD,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,UAAU,CAAC;AAElD,MAAM,MAAM,SAAS,CAAC,CAAC,IAAI,CAAC,SAAS,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,CAAC,GACtE,UAAU,CAAC,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,CAAC,GAC/B,UAAU,CAAC,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,CAAC,CAAC;AAEpC,MAAM,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC,CAAC;AAE1F,MAAM,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,EAAE,IAAI,GAAG,MAAM,CAAC,CAAC;AAEvE,MAAM,MAAM,gBAAgB,GAAG,OAAO,GAAG,gBAAgB,GAAG,OAAO,CAAC;AAEpE,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,IAAI,CAAC;CACf;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,SAAS,CAAC;IACrB,EAAE,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;IACpB,WAAW,EAAE,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IACvC,IAAI,EAAE,cAAc,CAAC;IACrB,OAAO,EAAE,IAAI,CAAC;CACf;AAED,MAAM,WAAW,oBAAoB;IACnC,WAAW,EAAE,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IACvC,WAAW,EAAE,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IACvC,cAAc,EAAE,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IAC1C,gBAAgB,EAAE,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IAC5C,gBAAgB,EAAE,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IAC5C,EAAE,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;IACpB,uBAAuB,EAAE,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IACnD,cAAc,EAAE,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IAC1C,YAAY,EAAE,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IACxC,OAAO,EAAE,IAAI,CAAC;CACf;AAED,MAAM,WAAW,QAAQ;IACvB,OAAO,EAAE,IAAI,CAAC;IACd,EAAE,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC5B,OAAO,EAAE,IAAI,CAAC;CACf;AAED,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,SAAS,CAAC;CACnB;AAED,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IACjC,SAAS,EAAE,SAAS,CAAC;IACrB,EAAE,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,IAAI,CAAC;CACf;AAED,MAAM,WAAW,MAAM;IACrB,GAAG,EAAE,OAAO,GAAG,IAAI,CAAC;IACpB,UAAU,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IACjC,SAAS,EAAE,SAAS,CAAC;IACrB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,EAAE,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,IAAI,CAAC;CACf;AAED,MAAM,WAAW,KAAK;IACpB,UAAU,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IACjC,QAAQ,EAAE,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IACpC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,EAAE,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;IACpB,QAAQ,EAAE,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IACpC,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IACjC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,SAAS,EAAE,SAAS,CAAC;IACrB,EAAE,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;IACpB,WAAW,EAAE,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IACvC,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,gBAAgB,CAAC;IACvB,OAAO,EAAE,IAAI,CAAC;CACf;AAED,MAAM,WAAW,EAAE;IACjB,SAAS,EAAE,QAAQ,CAAC;IACpB,qBAAqB,EAAE,oBAAoB,CAAC;IAC5C,qBAAqB,EAAE,oBAAoB,CAAC;IAC5C,QAAQ,EAAE,QAAQ,CAAC;IACnB,YAAY,EAAE,YAAY,CAAC;IAC3B,aAAa,EAAE,YAAY,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,KAAK,EAAE,KAAK,CAAC;CACd"}

package/dist/database/dataTypes.js

@@ -0,0 +1,7 @@
+"use strict";
+/**
+ * This file was generated by kysely-codegen.
+ * Please do not edit it manually.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=dataTypes.js.map

package/dist/database/dataTypes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dataTypes.js","sourceRoot":"","sources":["../../src/database/dataTypes.ts"],"names":[],"mappings":";AAAA;;;GAGG"}

package/{src/database/types.ts → dist/database/types.d.ts}

@@ -1,9 +1,8 @@
-import { PoolConfig as CockroachOptions } from 'pg';
-
-/**
- * Configuration for connecting to a CockroachDB cluster.
- * This extends the 'pg' PoolConfig type for full compatibility.
- */
-export interface CockroachConfig extends CockroachOptions {
-  // You can add custom properties here if needed
-}
+import { PoolConfig as CockroachOptions } from 'pg';
+/**
+ * Configuration for connecting to a CockroachDB cluster.
+ * This extends the 'pg' PoolConfig type for full compatibility.
+ */
+export interface CockroachConfig extends CockroachOptions {
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/database/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/database/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,IAAI,gBAAgB,EAAE,MAAM,IAAI,CAAC;AAEpD;;;GAGG;AACH,MAAM,WAAW,eAAgB,SAAQ,gBAAgB;CAExD"}

package/dist/database/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/database/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/database/types.ts"],"names":[],"mappings":""}

package/dist/helpers/middlware/auth.d.ts

@@ -0,0 +1,10 @@
+import { EstopiaRequest } from '../../types/request';
+/**
+ * Middleware to require authentication.
+ * - Supports Authorization: Bearer <token> header (case-insensitive)
+ * - Falls back to cookies.auth_token
+ * - On success: sets req.auth = { ...payload, token } and calls next()
+ * - On failure: responds with 401 and an appropriate error message
+ */
+export declare function requireAuth(req: EstopiaRequest, res: any, next: any): any;
+//# sourceMappingURL=auth.d.ts.map

package/dist/helpers/middlware/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/helpers/middlware/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAGrD;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,cAAc,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,OA4CnE"}

package/dist/helpers/middlware/auth.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireAuth = requireAuth;
+const validateJWTToken_1 = require("../validateJWTToken");
+/**
+ * Middleware to require authentication.
+ * - Supports Authorization: Bearer <token> header (case-insensitive)
+ * - Falls back to cookies.auth_token
+ * - On success: sets req.auth = { ...payload, token } and calls next()
+ * - On failure: responds with 401 and an appropriate error message
+ */
+function requireAuth(req, res, next) {
+    // Get Authorization header (many frameworks provide case-insensitive header lookup)
+    const authHeader = typeof req.header === 'function' ? req.header('Authorization') : undefined;
+    // Extract token from "Bearer <token>" or use header value directly
+    let token;
+    if (typeof authHeader === 'string' && authHeader.trim() !== '') {
+        const bearerMatch = authHeader.match(/^\s*Bearer\s+(.+)\s*$/i);
+        token = bearerMatch ? bearerMatch[1] : authHeader.trim();
+    }
+    // Fallback to cookie
+    if (!token && req && req.cookies && typeof req.cookies.auth_token === 'string') {
+        token = req.cookies.auth_token;
+    }
+    if (!token) {
+        return res.status(401).json({ error: 'Missing authorization token' });
+    }
+    try {
+        const payload = (0, validateJWTToken_1.validateJWTToken)(token);
+        if (!payload) {
+            return res.status(401).json({ error: 'Invalid token' });
+        }
+        // Attach auth info to request
+        req.auth = { ...payload, token };
+        return next();
+    }
+    catch (err) {
+        // Log warning if logger available, otherwise fallback to console
+        try {
+            if (req && req.logger && typeof req.logger.warn === 'function') {
+                req.logger.warn('Auth verification failed', err);
+            }
+            else {
+                // Keep message concise for logs
+                // eslint-disable-next-line no-console
+                console.warn('Auth verification failed', err);
+            }
+        }
+        catch {
+            // swallow logging errors
+        }
+        return res.status(401).json({ error: 'Invalid authorization' });
+    }
+}
+//# sourceMappingURL=auth.js.map

package/dist/helpers/middlware/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/helpers/middlware/auth.ts"],"names":[],"mappings":";;AAUA,kCA4CC;AArDD,0DAAuD;AAEvD;;;;;;GAMG;AACH,SAAgB,WAAW,CAAC,GAAmB,EAAE,GAAQ,EAAE,IAAS;IAClE,oFAAoF;IACpF,MAAM,UAAU,GAAG,OAAO,GAAG,CAAC,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAE9F,mEAAmE;IACnE,IAAI,KAAyB,CAAC;IAC9B,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAC/D,MAAM,WAAW,GAAG,UAAU,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC/D,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IAC3D,CAAC;IAED,qBAAqB;IACrB,IAAI,CAAC,KAAK,IAAI,GAAG,IAAI,GAAG,CAAC,OAAO,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC/E,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC;IACjC,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAA,mCAAgB,EAAC,KAAK,CAAC,CAAC;QACxC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,8BAA8B;QAC9B,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,OAAO,EAAE,KAAK,EAAE,CAAC;QACjC,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,iEAAiE;QACjE,IAAI,CAAC;YACH,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,IAAI,OAAO,GAAG,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBAC/D,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;YACnD,CAAC;iBAAM,CAAC;gBACN,gCAAgC;gBAChC,sCAAsC;gBACtC,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yBAAyB;QAC3B,CAAC;QACD,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAClE,CAAC;AACH,CAAC"}

package/dist/helpers/middlware/secure.d.ts

@@ -0,0 +1,11 @@
+import { Response } from 'express';
+import { EstopiaRequest } from '../../types/request';
+/**
+ * Middleware to require authentication.
+ * - Supports Authorization: Bearer <token> header (case-insensitive)
+ * - Falls back to cookies.auth_token
+ * - On success: sets req.auth = { ...payload, token } and calls next()
+ * - On failure: responds with 401 and an appropriate error message
+ */
+export declare function requireSecure(req: EstopiaRequest, res: Response, next: any): Promise<any>;
+//# sourceMappingURL=secure.d.ts.map

package/dist/helpers/middlware/secure.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure.d.ts","sourceRoot":"","sources":["../../../src/helpers/middlware/secure.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAIrD;;;;;;GAMG;AACH,wBAAsB,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,gBAmChF"}

package/dist/helpers/middlware/secure.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireSecure = requireSecure;
+/**
+ * Middleware to require authentication.
+ * - Supports Authorization: Bearer <token> header (case-insensitive)
+ * - Falls back to cookies.auth_token
+ * - On success: sets req.auth = { ...payload, token } and calls next()
+ * - On failure: responds with 401 and an appropriate error message
+ */
+async function requireSecure(req, res, next) {
+    // This middleware only validates the Secure-Token cookie against the DB.
+    // It does NOT require a valid JWT — per request: "it doesn't matter if the JWT token exists".
+    // Read secure token from cookie
+    const secureToken = req && req.cookies['Secure-Token'];
+    if (!secureToken) {
+        return res.status(403).json({ error: 'Missing secure token' });
+    }
+    // Expect a Kysely DB instance to be available on app.locals.db
+    const cockroachPool = req.cockroachPool;
+    try {
+        const db = cockroachPool;
+        // Query secure_tokens table by token_uuid
+        const row = await db.selectFrom('secure_tokens').selectAll().where('token_uuid', '=', secureToken).executeTakeFirst();
+        if (!row) {
+            return res.status(403).json({ error: 'Secure token not found' });
+        }
+        // expiry_at may be a Date or string depending on driver; normalize
+        const expiry = row.expiry_at ? new Date(row.expiry_at) : null;
+        if (!expiry || expiry.getTime() <= Date.now()) {
+            return res.status(403).json({ error: 'Secure token expired' });
+        }
+        // Attach minimal auth context to request (no JWT required)
+        req.auth = { secureToken, userId: row.user_id.toString() };
+        return next();
+    }
+    catch (err) {
+        console.error('Failed to validate secure token', err?.message || err);
+        return res.status(500).json({ error: 'Failed to validate secure token' });
+    }
+}
+//# sourceMappingURL=secure.js.map

package/dist/helpers/middlware/secure.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure.js","sourceRoot":"","sources":["../../../src/helpers/middlware/secure.ts"],"names":[],"mappings":";;AAYA,sCAmCC;AA1CD;;;;;;GAMG;AACI,KAAK,UAAU,aAAa,CAAC,GAAmB,EAAE,GAAa,EAAE,IAAS;IAC/E,yEAAyE;IACzE,8FAA8F;IAE9F,gCAAgC;IAChC,MAAM,WAAW,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACvD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,+DAA+D;IAC/D,MAAM,aAAa,GAAG,GAAG,CAAC,aAAa,CAAC;IAExC,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,aAA2B,CAAC;QACvC,0CAA0C;QAC1C,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,SAAS,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC,gBAAgB,EAAE,CAAC;QAEtH,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC,CAAC;QACnE,CAAC;QAED,mEAAmE;QACnE,MAAM,MAAM,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,SAAgB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACrE,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC9C,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC,CAAC;QACjE,CAAC;QAED,2DAA2D;QAC3D,GAAG,CAAC,IAAI,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;QAC3D,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,GAAG,EAAE,OAAO,IAAI,GAAG,CAAC,CAAC;QACtE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iCAAiC,EAAE,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC"}

package/dist/helpers/validateJWTToken.d.ts

@@ -0,0 +1,16 @@
+export interface DecodedJWT {
+    userId: string;
+    jti?: string;
+    iat?: number;
+    exp?: number;
+}
+/**
+ * Verify a JWT and return the decoded payload. Throws on invalid/expired token.
+ */
+export declare function validateJWTToken(token: string): DecodedJWT;
+/**
+ * Try to verify a token and return the decoded payload, or null if invalid.
+ */
+export declare function tryValidateJWTToken(token: string): DecodedJWT | null;
+export default validateJWTToken;
+//# sourceMappingURL=validateJWTToken.d.ts.map

package/dist/helpers/validateJWTToken.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validateJWTToken.d.ts","sourceRoot":"","sources":["../../src/helpers/validateJWTToken.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAKD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAS1D;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI,CAMpE;AAED,eAAe,gBAAgB,CAAC"}