@exyconn/common 2.1.0 → 2.3.2

package/dist/index.mjs

@@ -4,6 +4,7 @@ import path, { resolve } from 'path';
 import mongoose from 'mongoose';
 import jwt from 'jsonwebtoken';
 import { existsSync, readFileSync } from 'fs';
+import rateLimit from 'express-rate-limit';
 import axios from 'axios';
 import { createContext, useState, useCallback, useMemo, useRef, useEffect, useContext } from 'react';
 import { jsx, jsxs } from 'react/jsx-runtime';
@@ -21,20 +22,50 @@ var __export = (target, all) => {
 // src/server/index.ts
 var server_exports = {};
 __export(server_exports, {
+  ConfigBuilder: () => ConfigBuilder,
+  DEFAULT_AUTH_CONFIG: () => DEFAULT_AUTH_CONFIG,
+  DEFAULT_CORS_CONFIG: () => DEFAULT_CORS_CONFIG,
+  DEFAULT_CORS_ORIGINS: () => DEFAULT_CORS_ORIGINS,
+  DEFAULT_DATABASE_CONFIG: () => DEFAULT_DATABASE_CONFIG,
+  DEFAULT_LOGGING_CONFIG: () => DEFAULT_LOGGING_CONFIG,
+  DEFAULT_RATE_LIMIT_CONFIG: () => DEFAULT_RATE_LIMIT_CONFIG,
+  DEFAULT_RATE_LIMIT_TIERS: () => DEFAULT_RATE_LIMIT_TIERS,
+  DEFAULT_SERVER_CONFIG: () => DEFAULT_SERVER_CONFIG,
+  EXYCONN_CORS_CONFIG: () => EXYCONN_CORS_CONFIG,
+  PERMISSIVE_CORS_CONFIG: () => PERMISSIVE_CORS_CONFIG,
+  RATE_LIMIT_CONFIG: () => RATE_LIMIT_CONFIG,
+  RateLimiterBuilder: () => RateLimiterBuilder,
+  STRICT_CORS_CONFIG: () => STRICT_CORS_CONFIG,
   StatusCode: () => StatusCode,
   StatusMessage: () => StatusMessage,
   authenticateApiKey: () => authenticateApiKey,
   authenticateJWT: () => authenticateJWT,
   badRequestResponse: () => badRequestResponse,
+  buildConfig: () => buildConfig,
   buildFilter: () => buildFilter,
   buildPagination: () => buildPagination,
   buildPaginationMeta: () => buildPaginationMeta,
   checkPackageServer: () => checkPackageServer,
   conflictResponse: () => conflictResponse,
   connectDB: () => connectDB,
+  corsOptions: () => corsOptions,
+  createApiKeyGenerator: () => createApiKeyGenerator,
+  createApiRateLimiter: () => createApiRateLimiter,
+  createBrandCorsOptions: () => createBrandCorsOptions,
+  createConfig: () => createConfig,
+  createCorsOptions: () => createCorsOptions,
+  createDdosRateLimiter: () => createDdosRateLimiter,
   createLogger: () => createLogger,
   createMorganStream: () => createMorganStream,
+  createMultiBrandCorsOptions: () => createMultiBrandCorsOptions,
+  createPrefixedKeyGenerator: () => createPrefixedKeyGenerator,
+  createRateLimiter: () => createRateLimiter,
+  createStandardRateLimiter: () => createStandardRateLimiter,
+  createStrictRateLimiter: () => createStrictRateLimiter,
+  createUserKeyGenerator: () => createUserKeyGenerator,
   createdResponse: () => createdResponse,
+  ddosProtectionLimiter: () => ddosProtectionLimiter,
+  defaultKeyGenerator: () => defaultKeyGenerator,
   disconnectDB: () => disconnectDB,
   errorResponse: () => errorResponse,
   extractColumns: () => extractColumns,
@@ -43,6 +74,10 @@ __export(server_exports, {
   formatPackageCheckResult: () => formatPackageCheckResult,
   generateNcuCommand: () => generateNcuCommand,
   getConnectionStatus: () => getConnectionStatus,
+  getDatabaseOptions: () => getDatabaseOptions,
+  isDevelopment: () => isDevelopment,
+  isProduction: () => isProduction,
+  isTest: () => isTest,
   logger: () => logger,
   noContentResponse: () => noContentResponse,
   notFoundResponse: () => notFoundResponse,
@@ -52,13 +87,16 @@ __export(server_exports, {
   pickFields: () => pickFields,
   printPackageCheckSummary: () => printPackageCheckSummary,
   rateLimitResponse: () => rateLimitResponse,
+  rateLimiter: () => rateLimiter,
   requireOrganization: () => requireOrganization,
   sanitizeDocument: () => sanitizeDocument,
   sanitizeUser: () => sanitizeUser,
   simpleLogger: () => simpleLogger,
+  standardRateLimiter: () => standardRateLimiter,
   statusCode: () => statusCode,
   statusMessage: () => statusMessage,
   stream: () => stream,
+  strictRateLimiter: () => strictRateLimiter,
   successResponse: () => successResponse,
   successResponseArr: () => successResponseArr,
   unauthorizedResponse: () => unauthorizedResponse,
@@ -770,6 +808,666 @@ var packageCheckServer = {
   print: printPackageCheckSummary
 };
 
+// src/server/configs/cors.config.ts
+var DEFAULT_CORS_CONFIG = {
+  productionOrigins: [],
+  developmentOrigins: [
+    "http://localhost:3000",
+    "http://localhost:4000",
+    "http://localhost:5000",
+    "http://localhost:5173",
+    "http://localhost:8080",
+    "http://127.0.0.1:3000",
+    "http://127.0.0.1:4000",
+    "http://127.0.0.1:5000",
+    "http://127.0.0.1:5173",
+    "http://127.0.0.1:8080"
+  ],
+  allowedSubdomains: [],
+  originPatterns: [],
+  allowNoOrigin: true,
+  allowAllInDev: true,
+  credentials: true,
+  methods: ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS", "HEAD"],
+  allowedHeaders: [
+    "Content-Type",
+    "Authorization",
+    "X-Requested-With",
+    "Accept",
+    "Origin",
+    "X-API-Key",
+    "X-Organization-Id",
+    "X-Request-Id"
+  ],
+  exposedHeaders: [
+    "Content-Range",
+    "X-Content-Range",
+    "X-Total-Count",
+    "X-Request-Id"
+  ],
+  maxAge: 86400
+  // 24 hours
+};
+var createCorsOptions = (config = {}) => {
+  const finalConfig = { ...DEFAULT_CORS_CONFIG, ...config };
+  const {
+    productionOrigins,
+    developmentOrigins,
+    allowedSubdomains,
+    originPatterns,
+    allowNoOrigin,
+    allowAllInDev,
+    customValidator,
+    credentials,
+    methods,
+    allowedHeaders,
+    exposedHeaders,
+    maxAge
+  } = finalConfig;
+  const allOrigins = /* @__PURE__ */ new Set([...productionOrigins, ...developmentOrigins]);
+  const originHandler = (origin, callback) => {
+    if (!origin) {
+      callback(null, allowNoOrigin);
+      return;
+    }
+    if (allOrigins.has(origin)) {
+      callback(null, true);
+      return;
+    }
+    if (allowedSubdomains.some((subdomain) => origin.endsWith(subdomain))) {
+      callback(null, true);
+      return;
+    }
+    if (originPatterns.some((pattern) => pattern.test(origin))) {
+      callback(null, true);
+      return;
+    }
+    if (customValidator && customValidator(origin)) {
+      callback(null, true);
+      return;
+    }
+    if (process.env.NODE_ENV !== "production" && allowAllInDev) {
+      callback(null, true);
+      return;
+    }
+    if (process.env.NODE_ENV === "production") {
+      callback(new Error(`Origin ${origin} not allowed by CORS`));
+      return;
+    }
+    callback(null, true);
+  };
+  return {
+    origin: originHandler,
+    credentials,
+    methods,
+    allowedHeaders,
+    exposedHeaders,
+    maxAge
+  };
+};
+var createBrandCorsOptions = (brandDomain, additionalConfig = {}) => {
+  const productionOrigins = [
+    `https://${brandDomain}`,
+    `https://www.${brandDomain}`
+  ];
+  const allowedSubdomains = [`.${brandDomain}`];
+  return createCorsOptions({
+    productionOrigins,
+    allowedSubdomains,
+    ...additionalConfig
+  });
+};
+var createMultiBrandCorsOptions = (domains, additionalConfig = {}) => {
+  const productionOrigins = domains.flatMap((domain) => [
+    `https://${domain}`,
+    `https://www.${domain}`
+  ]);
+  const allowedSubdomains = domains.map((domain) => `.${domain}`);
+  return createCorsOptions({
+    productionOrigins,
+    allowedSubdomains,
+    ...additionalConfig
+  });
+};
+var EXYCONN_CORS_CONFIG = {
+  productionOrigins: [
+    "https://exyconn.com",
+    "https://www.exyconn.com",
+    "https://botify.life",
+    "https://www.botify.life",
+    "https://partywings.fun",
+    "https://www.partywings.fun",
+    "https://sibera.work",
+    "https://www.sibera.work",
+    "https://spentiva.com",
+    "https://www.spentiva.com"
+  ],
+  allowedSubdomains: [
+    ".exyconn.com",
+    ".botify.life",
+    ".partywings.fun",
+    ".sibera.work",
+    ".spentiva.com"
+  ],
+  developmentOrigins: [
+    "http://localhost:3000",
+    "http://localhost:4000",
+    "http://localhost:4001",
+    "http://localhost:4002",
+    "http://localhost:4003",
+    "http://localhost:4004",
+    "http://localhost:4005",
+    "http://localhost:5173",
+    "http://127.0.0.1:3000",
+    "http://127.0.0.1:4000",
+    "http://127.0.0.1:5173"
+  ]
+};
+var STRICT_CORS_CONFIG = {
+  allowNoOrigin: false,
+  allowAllInDev: false,
+  methods: ["GET", "POST", "PUT", "DELETE"]
+};
+var PERMISSIVE_CORS_CONFIG = {
+  allowNoOrigin: true,
+  allowAllInDev: true,
+  originPatterns: [/localhost/, /127\.0\.0\.1/]
+};
+var corsOptions = createCorsOptions(EXYCONN_CORS_CONFIG);
+var DEFAULT_RATE_LIMIT_TIERS = {
+  STANDARD: {
+    windowMs: 15 * 60 * 1e3,
+    // 15 minutes
+    maxRequests: 100,
+    message: "Too many requests, please try again later.",
+    skipSuccessfulRequests: false,
+    skipFailedRequests: false
+  },
+  STRICT: {
+    windowMs: 15 * 60 * 1e3,
+    // 15 minutes
+    maxRequests: 20,
+    message: "Too many requests, please try again later.",
+    skipSuccessfulRequests: false,
+    skipFailedRequests: false
+  },
+  DDOS: {
+    windowMs: 60 * 1e3,
+    // 1 minute
+    maxRequests: 60,
+    message: "Rate limit exceeded. Please slow down.",
+    skipSuccessfulRequests: false,
+    skipFailedRequests: false
+  },
+  // Additional presets
+  VERY_STRICT: {
+    windowMs: 60 * 60 * 1e3,
+    // 1 hour
+    maxRequests: 5,
+    message: "Too many attempts. Please try again in an hour.",
+    skipSuccessfulRequests: false,
+    skipFailedRequests: false
+  },
+  RELAXED: {
+    windowMs: 15 * 60 * 1e3,
+    // 15 minutes
+    maxRequests: 500,
+    message: "Rate limit exceeded.",
+    skipSuccessfulRequests: false,
+    skipFailedRequests: false
+  },
+  API: {
+    windowMs: 60 * 1e3,
+    // 1 minute
+    maxRequests: 30,
+    message: "API rate limit exceeded.",
+    skipSuccessfulRequests: false,
+    skipFailedRequests: false
+  }
+};
+var defaultKeyGenerator = (req) => {
+  const forwarded = req.headers["x-forwarded-for"];
+  const ip = forwarded ? Array.isArray(forwarded) ? forwarded[0] : forwarded.split(",")[0].trim() : req.ip || req.socket.remoteAddress || "unknown";
+  return ip;
+};
+var createPrefixedKeyGenerator = (prefix) => (req) => {
+  return `${prefix}:${defaultKeyGenerator(req)}`;
+};
+var createUserKeyGenerator = (getUserId) => (req) => {
+  const userId = getUserId(req);
+  return userId || defaultKeyGenerator(req);
+};
+var createApiKeyGenerator = (headerName = "x-api-key") => (req) => {
+  const apiKey = req.headers[headerName.toLowerCase()];
+  return apiKey || defaultKeyGenerator(req);
+};
+var createRateLimitResponse = (message, retryAfter) => ({
+  status: "error",
+  statusCode: 429,
+  message,
+  ...retryAfter
+});
+var createRateLimiter = (tierConfig, options = {}) => {
+  const {
+    standardHeaders = true,
+    legacyHeaders = false,
+    keyGenerator = defaultKeyGenerator,
+    skip,
+    handler
+  } = options;
+  return rateLimit({
+    windowMs: tierConfig.windowMs,
+    max: tierConfig.maxRequests,
+    message: createRateLimitResponse(tierConfig.message),
+    standardHeaders,
+    legacyHeaders,
+    keyGenerator,
+    skip,
+    handler,
+    skipSuccessfulRequests: tierConfig.skipSuccessfulRequests,
+    skipFailedRequests: tierConfig.skipFailedRequests
+  });
+};
+var createStandardRateLimiter = (config = {}, options = {}) => {
+  const tierConfig = { ...DEFAULT_RATE_LIMIT_TIERS.STANDARD, ...config };
+  return createRateLimiter(tierConfig, options);
+};
+var createStrictRateLimiter = (config = {}, options = {}) => {
+  const tierConfig = { ...DEFAULT_RATE_LIMIT_TIERS.STRICT, ...config };
+  return createRateLimiter(tierConfig, options);
+};
+var createDdosRateLimiter = (config = {}, options = {}) => {
+  const tierConfig = { ...DEFAULT_RATE_LIMIT_TIERS.DDOS, ...config };
+  return createRateLimiter(tierConfig, options);
+};
+var createApiRateLimiter = (config = {}, options = {}) => {
+  const tierConfig = { ...DEFAULT_RATE_LIMIT_TIERS.API, ...config };
+  return createRateLimiter(tierConfig, {
+    keyGenerator: createApiKeyGenerator(),
+    ...options
+  });
+};
+var RateLimiterBuilder = class {
+  constructor(preset = "STANDARD") {
+    const presetConfig = DEFAULT_RATE_LIMIT_TIERS[preset];
+    this.config = {
+      windowMs: presetConfig.windowMs,
+      maxRequests: presetConfig.maxRequests,
+      message: presetConfig.message,
+      skipSuccessfulRequests: presetConfig.skipSuccessfulRequests ?? false,
+      skipFailedRequests: presetConfig.skipFailedRequests ?? false
+    };
+    this.options = {};
+  }
+  /**
+   * Set window duration
+   */
+  windowMs(ms) {
+    this.config.windowMs = ms;
+    return this;
+  }
+  /**
+   * Set window duration in minutes
+   */
+  windowMinutes(minutes) {
+    this.config.windowMs = minutes * 60 * 1e3;
+    return this;
+  }
+  /**
+   * Set window duration in hours
+   */
+  windowHours(hours) {
+    this.config.windowMs = hours * 60 * 60 * 1e3;
+    return this;
+  }
+  /**
+   * Set maximum requests
+   */
+  max(requests) {
+    this.config.maxRequests = requests;
+    return this;
+  }
+  /**
+   * Set error message
+   */
+  message(msg) {
+    this.config.message = msg;
+    return this;
+  }
+  /**
+   * Skip successful requests
+   */
+  skipSuccessful(skip = true) {
+    this.config.skipSuccessfulRequests = skip;
+    return this;
+  }
+  /**
+   * Skip failed requests
+   */
+  skipFailed(skip = true) {
+    this.config.skipFailedRequests = skip;
+    return this;
+  }
+  /**
+   * Set key generator
+   */
+  keyBy(generator) {
+    this.options.keyGenerator = generator;
+    return this;
+  }
+  /**
+   * Key by IP (default)
+   */
+  keyByIp() {
+    this.options.keyGenerator = defaultKeyGenerator;
+    return this;
+  }
+  /**
+   * Key by API key
+   */
+  keyByApiKey(headerName) {
+    this.options.keyGenerator = createApiKeyGenerator(headerName);
+    return this;
+  }
+  /**
+   * Skip certain requests
+   */
+  skipWhen(predicate) {
+    this.options.skip = predicate;
+    return this;
+  }
+  /**
+   * Build the rate limiter
+   */
+  build() {
+    return createRateLimiter(this.config, this.options);
+  }
+};
+var rateLimiter = (preset) => {
+  return new RateLimiterBuilder(preset);
+};
+var RATE_LIMIT_CONFIG = {
+  STANDARD: DEFAULT_RATE_LIMIT_TIERS.STANDARD,
+  STRICT: DEFAULT_RATE_LIMIT_TIERS.STRICT,
+  DDOS: DEFAULT_RATE_LIMIT_TIERS.DDOS
+};
+var standardRateLimiter = createStandardRateLimiter();
+var strictRateLimiter = createStrictRateLimiter();
+var ddosProtectionLimiter = createDdosRateLimiter();
+
+// src/server/configs/server.config.ts
+var DEFAULT_SERVER_CONFIG = {
+  name: "app-server",
+  version: "1.0.0",
+  environment: process.env.NODE_ENV || "development",
+  port: parseInt(process.env.PORT || "3000", 10),
+  host: process.env.HOST || "0.0.0.0",
+  basePath: "/api",
+  debug: process.env.DEBUG === "true",
+  trustProxy: true
+};
+var DEFAULT_DATABASE_CONFIG = {
+  uri: process.env.DATABASE_URL || process.env.MONGODB_URI || "",
+  name: process.env.DATABASE_NAME || "app_db",
+  maxPoolSize: process.env.NODE_ENV === "production" ? 50 : 10,
+  minPoolSize: process.env.NODE_ENV === "production" ? 10 : 5,
+  socketTimeoutMS: 45e3,
+  serverSelectionTimeoutMS: 1e4,
+  maxIdleTimeMS: 1e4,
+  retryWrites: true,
+  retryReads: true,
+  writeConcern: "majority"
+};
+var DEFAULT_AUTH_CONFIG = {
+  jwtSecret: process.env.JWT_SECRET || "",
+  jwtExpiresIn: process.env.JWT_EXPIRES_IN || "7d",
+  refreshTokenExpiresIn: process.env.REFRESH_TOKEN_EXPIRES_IN || "30d",
+  enableRefreshTokens: true,
+  apiKeyHeader: "x-api-key",
+  orgHeader: "x-organization-id"
+};
+var DEFAULT_LOGGING_CONFIG = {
+  level: process.env.LOG_LEVEL || "info",
+  logsDir: process.env.LOGS_DIR || "logs",
+  maxSize: "20m",
+  maxFiles: "14d",
+  errorMaxFiles: "30d",
+  console: true,
+  file: process.env.NODE_ENV === "production",
+  json: process.env.NODE_ENV === "production"
+};
+var DEFAULT_CORS_ORIGINS = {
+  production: [],
+  development: [
+    "http://localhost:3000",
+    "http://localhost:4000",
+    "http://localhost:5173",
+    "http://127.0.0.1:3000",
+    "http://127.0.0.1:4000",
+    "http://127.0.0.1:5173"
+  ],
+  patterns: []
+};
+var DEFAULT_RATE_LIMIT_CONFIG = {
+  enabled: true,
+  standard: {
+    windowMs: 15 * 60 * 1e3,
+    // 15 minutes
+    maxRequests: 100,
+    message: "Too many requests, please try again later."
+  },
+  strict: {
+    windowMs: 15 * 60 * 1e3,
+    // 15 minutes
+    maxRequests: 20,
+    message: "Too many requests, please try again later."
+  },
+  ddos: {
+    windowMs: 60 * 1e3,
+    // 1 minute
+    maxRequests: 60,
+    message: "Rate limit exceeded. Please slow down.",
+    skipSuccessfulRequests: false
+  }
+};
+function deepMerge(target, source) {
+  const result = { ...target };
+  for (const key in source) {
+    if (Object.prototype.hasOwnProperty.call(source, key)) {
+      const sourceValue = source[key];
+      const targetValue = target[key];
+      if (sourceValue !== void 0 && typeof sourceValue === "object" && sourceValue !== null && !Array.isArray(sourceValue) && typeof targetValue === "object" && targetValue !== null && !Array.isArray(targetValue)) {
+        result[key] = deepMerge(
+          targetValue,
+          sourceValue
+        );
+      } else if (sourceValue !== void 0) {
+        result[key] = sourceValue;
+      }
+    }
+  }
+  return result;
+}
+var ConfigBuilder = class {
+  constructor() {
+    this.config = {
+      server: { ...DEFAULT_SERVER_CONFIG },
+      database: { ...DEFAULT_DATABASE_CONFIG },
+      auth: { ...DEFAULT_AUTH_CONFIG },
+      logging: { ...DEFAULT_LOGGING_CONFIG },
+      cors: { ...DEFAULT_CORS_ORIGINS },
+      rateLimit: { ...DEFAULT_RATE_LIMIT_CONFIG }
+    };
+  }
+  /**
+   * Set server configuration
+   */
+  setServer(config) {
+    this.config.server = deepMerge(this.config.server, config);
+    return this;
+  }
+  /**
+   * Set database configuration
+   */
+  setDatabase(config) {
+    this.config.database = deepMerge(this.config.database, config);
+    return this;
+  }
+  /**
+   * Set auth configuration
+   */
+  setAuth(config) {
+    this.config.auth = deepMerge(this.config.auth, config);
+    return this;
+  }
+  /**
+   * Set logging configuration
+   */
+  setLogging(config) {
+    this.config.logging = deepMerge(this.config.logging, config);
+    return this;
+  }
+  /**
+   * Set CORS origins
+   */
+  setCorsOrigins(config) {
+    this.config.cors = deepMerge(this.config.cors, config);
+    return this;
+  }
+  /**
+   * Add CORS production origin
+   */
+  addProductionOrigin(origin) {
+    if (!this.config.cors.production.includes(origin)) {
+      this.config.cors.production.push(origin);
+    }
+    return this;
+  }
+  /**
+   * Add CORS development origin
+   */
+  addDevelopmentOrigin(origin) {
+    if (!this.config.cors.development.includes(origin)) {
+      this.config.cors.development.push(origin);
+    }
+    return this;
+  }
+  /**
+   * Add CORS pattern
+   */
+  addCorsPattern(pattern) {
+    if (!this.config.cors.patterns.includes(pattern)) {
+      this.config.cors.patterns.push(pattern);
+    }
+    return this;
+  }
+  /**
+   * Set rate limit configuration
+   */
+  setRateLimit(config) {
+    this.config.rateLimit = deepMerge(this.config.rateLimit, config);
+    return this;
+  }
+  /**
+   * Add custom rate limit tier
+   */
+  addRateLimitTier(name, tier) {
+    if (!this.config.rateLimit.custom) {
+      this.config.rateLimit.custom = {};
+    }
+    this.config.rateLimit.custom[name] = tier;
+    return this;
+  }
+  /**
+   * Set custom configuration
+   */
+  setCustom(key, value) {
+    if (!this.config.custom) {
+      this.config.custom = {};
+    }
+    this.config.custom[key] = value;
+    return this;
+  }
+  /**
+   * Load configuration from environment variables
+   */
+  loadFromEnv() {
+    if (process.env.SERVER_NAME) this.config.server.name = process.env.SERVER_NAME;
+    if (process.env.SERVER_VERSION) this.config.server.version = process.env.SERVER_VERSION;
+    if (process.env.PORT) this.config.server.port = parseInt(process.env.PORT, 10);
+    if (process.env.HOST) this.config.server.host = process.env.HOST;
+    if (process.env.BASE_PATH) this.config.server.basePath = process.env.BASE_PATH;
+    if (process.env.DATABASE_URL) this.config.database.uri = process.env.DATABASE_URL;
+    if (process.env.MONGODB_URI) this.config.database.uri = process.env.MONGODB_URI;
+    if (process.env.DATABASE_NAME) this.config.database.name = process.env.DATABASE_NAME;
+    if (process.env.JWT_SECRET) this.config.auth.jwtSecret = process.env.JWT_SECRET;
+    if (process.env.JWT_EXPIRES_IN) this.config.auth.jwtExpiresIn = process.env.JWT_EXPIRES_IN;
+    if (process.env.LOG_LEVEL) this.config.logging.level = process.env.LOG_LEVEL;
+    if (process.env.LOGS_DIR) this.config.logging.logsDir = process.env.LOGS_DIR;
+    if (process.env.CORS_ORIGINS) {
+      const origins = process.env.CORS_ORIGINS.split(",").map((o) => o.trim());
+      this.config.cors.production.push(...origins);
+    }
+    return this;
+  }
+  /**
+   * Validate configuration
+   */
+  validate() {
+    const errors = [];
+    if (!this.config.server.name) errors.push("Server name is required");
+    if (this.config.server.port < 1 || this.config.server.port > 65535) {
+      errors.push("Server port must be between 1 and 65535");
+    }
+    if (this.config.server.environment === "production") {
+      if (!this.config.auth.jwtSecret || this.config.auth.jwtSecret.length < 32) {
+        errors.push("JWT secret must be at least 32 characters in production");
+      }
+    }
+    return { valid: errors.length === 0, errors };
+  }
+  /**
+   * Build the final configuration
+   */
+  build() {
+    return { ...this.config };
+  }
+};
+var createConfig = () => {
+  return new ConfigBuilder();
+};
+var buildConfig = (partial = {}) => {
+  const builder = createConfig().loadFromEnv();
+  if (partial.server) builder.setServer(partial.server);
+  if (partial.database) builder.setDatabase(partial.database);
+  if (partial.auth) builder.setAuth(partial.auth);
+  if (partial.logging) builder.setLogging(partial.logging);
+  if (partial.cors) builder.setCorsOrigins(partial.cors);
+  if (partial.rateLimit) builder.setRateLimit(partial.rateLimit);
+  return builder.build();
+};
+var isProduction = (config) => {
+  return (config?.environment || process.env.NODE_ENV) === "production";
+};
+var isDevelopment = (config) => {
+  return (config?.environment || process.env.NODE_ENV) === "development";
+};
+var isTest = (config) => {
+  return (config?.environment || process.env.NODE_ENV) === "test";
+};
+var getDatabaseOptions = (config) => {
+  return {
+    maxPoolSize: config.maxPoolSize,
+    minPoolSize: config.minPoolSize,
+    socketTimeoutMS: config.socketTimeoutMS,
+    serverSelectionTimeoutMS: config.serverSelectionTimeoutMS,
+    maxIdleTimeMS: config.maxIdleTimeMS,
+    retryWrites: config.retryWrites,
+    retryReads: config.retryReads,
+    w: config.writeConcern
+  };
+};
+
 // src/client/index.ts
 var client_exports = {};
 __export(client_exports, {
@@ -806,7 +1504,7 @@ __export(client_exports, {
   createTheme: () => createTheme,
   createThemeFromBrand: () => createThemeFromBrand,
   cssVar: () => cssVar,
-  deepMerge: () => deepMerge,
+  deepMerge: () => deepMerge2,
   defaultDarkTheme: () => defaultDarkTheme,
   defaultLightTheme: () => defaultLightTheme,
   dummyBannerData: () => dummyBannerData,
@@ -4943,14 +5641,14 @@ var defaultDarkTheme = {
 };
 
 // src/client/web/theme/theme-utils.ts
-function deepMerge(target, source) {
+function deepMerge2(target, source) {
   const output = { ...target };
   for (const key in source) {
     if (Object.prototype.hasOwnProperty.call(source, key)) {
       const sourceValue = source[key];
       const targetValue = target[key];
       if (sourceValue && typeof sourceValue === "object" && !Array.isArray(sourceValue) && targetValue && typeof targetValue === "object" && !Array.isArray(targetValue)) {
-        output[key] = deepMerge(
+        output[key] = deepMerge2(
           targetValue,
           sourceValue
         );
@@ -5016,7 +5714,7 @@ function createThemeFromBrand(brand, baseTheme = defaultLightTheme) {
       }
     }
   };
-  return deepMerge(baseTheme, brandOverrides);
+  return deepMerge2(baseTheme, brandOverrides);
 }
 function adjustColor(hex, percent) {
   hex = hex.replace(/^#/, "");
@@ -5110,8 +5808,8 @@ async function createTheme(config = {}) {
   if (config.themeUrl) {
     const urlTheme = await loadThemeFromUrl(config.themeUrl);
     if (urlTheme) {
-      lightTheme = deepMerge(lightTheme, urlTheme);
-      darkTheme = deepMerge(darkTheme, urlTheme);
+      lightTheme = deepMerge2(lightTheme, urlTheme);
+      darkTheme = deepMerge2(darkTheme, urlTheme);
     }
   }
   if (config.brandIdentity) {
@@ -5119,10 +5817,10 @@ async function createTheme(config = {}) {
     darkTheme = createThemeFromBrand(config.brandIdentity, darkTheme);
   }
   if (config.light) {
-    lightTheme = deepMerge(lightTheme, config.light);
+    lightTheme = deepMerge2(lightTheme, config.light);
   }
   if (config.dark) {
-    darkTheme = deepMerge(darkTheme, config.dark);
+    darkTheme = deepMerge2(darkTheme, config.dark);
   }
   return { light: lightTheme, dark: darkTheme };
 }
@@ -5196,7 +5894,7 @@ function ThemeProvider({
       theme2 = createThemeFromBrand(brandIdentity, theme2);
     }
     if (lightOverrides) {
-      theme2 = deepMerge(theme2, lightOverrides);
+      theme2 = deepMerge2(theme2, lightOverrides);
     }
     return theme2;
   });
@@ -5207,7 +5905,7 @@ function ThemeProvider({
       theme2 = createThemeFromBrand(brandIdentity, theme2);
     }
     if (darkOverrides) {
-      theme2 = deepMerge(theme2, darkOverrides);
+      theme2 = deepMerge2(theme2, darkOverrides);
     }
     return theme2;
   });
@@ -5226,8 +5924,8 @@ function ThemeProvider({
     setError(null);
     loadThemeFromUrl(themeUrl).then((urlTheme) => {
       if (urlTheme) {
-        setLightTheme((prev) => deepMerge(prev, urlTheme));
-        setDarkTheme((prev) => deepMerge(prev, urlTheme));
+        setLightTheme((prev) => deepMerge2(prev, urlTheme));
+        setDarkTheme((prev) => deepMerge2(prev, urlTheme));
       }
     }).catch((err) => {
       setError(err instanceof Error ? err.message : "Failed to load theme");
@@ -5272,8 +5970,8 @@ function ThemeProvider({
     });
   }, []);
   const updateTheme = useCallback((updates) => {
-    setLightTheme((prev) => deepMerge(prev, updates));
-    setDarkTheme((prev) => deepMerge(prev, updates));
+    setLightTheme((prev) => deepMerge2(prev, updates));
+    setDarkTheme((prev) => deepMerge2(prev, updates));
   }, []);
   const resetTheme = useCallback(() => {
     let light = defaultLightTheme;
@@ -5283,10 +5981,10 @@ function ThemeProvider({
       dark = createThemeFromBrand(brandIdentity, dark);
     }
     if (lightOverrides) {
-      light = deepMerge(light, lightOverrides);
+      light = deepMerge2(light, lightOverrides);
     }
     if (darkOverrides) {
-      dark = deepMerge(dark, darkOverrides);
+      dark = deepMerge2(dark, darkOverrides);
     }
     setLightTheme(light);
     setDarkTheme(dark);
@@ -6641,7 +7339,7 @@ __export(shared_exports, {
   isSameMonth: () => isSameMonth,
   isSameWeek: () => isSameWeek,
   isSameYear: () => isSameYear,
-  isTest: () => isTest,
+  isTest: () => isTest2,
   isThisMonth: () => isThisMonth,
   isThisWeek: () => isThisWeek,
   isThisYear: () => isThisYear,
@@ -6720,7 +7418,7 @@ var isProd = () => {
 var isDev = () => {
   return process.env.NODE_ENV === "development";
 };
-var isTest = () => {
+var isTest2 = () => {
   return process.env.NODE_ENV === "test";
 };
 var validateEnv = (requiredVars) => {