@exyconn/common 2.1.0 → 2.3.3

package/dist/server/index.js

@@ -6,6 +6,7 @@ var path = require('path');
 var mongoose = require('mongoose');
 var jwt = require('jsonwebtoken');
 var fs = require('fs');
+var rateLimit = require('express-rate-limit');
 
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 
@@ -14,6 +15,7 @@ var DailyRotateFile__default = /*#__PURE__*/_interopDefault(DailyRotateFile);
 var path__default = /*#__PURE__*/_interopDefault(path);
 var mongoose__default = /*#__PURE__*/_interopDefault(mongoose);
 var jwt__default = /*#__PURE__*/_interopDefault(jwt);
+var rateLimit__default = /*#__PURE__*/_interopDefault(rateLimit);
 
 // src/server/enums/status.ts
 var StatusCode = /* @__PURE__ */ ((StatusCode2) => {
@@ -426,6 +428,629 @@ var requireOrganization = (req, res, next) => {
   next();
 };
 
+// src/server/middleware/queryParser.middleware.ts
+var queryParser = (req, _, next) => {
+  const { page, limit, sort, sortBy, sortOrder, search, filter, ...otherParams } = req.query;
+  const parsed = {
+    page: Math.max(Number(page) || 1, 1),
+    limit: Math.min(Number(limit) || 10, 100),
+    filter: {}
+  };
+  if (typeof sort === "string") {
+    const [field, order] = sort.split(":");
+    parsed.sort = {
+      field,
+      order: order === "asc" ? "asc" : "desc"
+    };
+  } else if (typeof sortBy === "string") {
+    parsed.sort = {
+      field: sortBy,
+      order: sortOrder === "asc" ? "asc" : "desc"
+    };
+  }
+  if (typeof search === "string") {
+    parsed.search = search;
+  }
+  if (typeof filter === "object" && filter !== null) {
+    Object.entries(filter).forEach(([key, value]) => {
+      if (value !== "all") {
+        parsed.filter[key] = value;
+      }
+    });
+  }
+  Object.entries(otherParams).forEach(([key, value]) => {
+    if (typeof value === "string" && value !== "all" && !["page", "limit", "sort", "sortBy", "sortOrder", "search"].includes(key)) {
+      parsed.filter[key] = value;
+    }
+  });
+  req.parsedQuery = parsed;
+  next();
+};
+
+// src/server/middleware/utils/schemaMeta.util.ts
+var getZodTypeName = (schema) => {
+  const typeName = schema._def?.typeName;
+  switch (typeName) {
+    case "ZodString":
+      return "string";
+    case "ZodNumber":
+      return "number";
+    case "ZodBoolean":
+      return "boolean";
+    case "ZodDate":
+      return "date";
+    case "ZodArray":
+      return "array";
+    case "ZodObject":
+      return "object";
+    case "ZodOptional":
+    case "ZodNullable":
+      return schema._def?.innerType ? getZodTypeName(schema._def.innerType) : "unknown";
+    case "ZodDefault":
+      return schema._def?.innerType ? getZodTypeName(schema._def.innerType) : "unknown";
+    case "ZodEnum":
+      return "enum";
+    case "ZodUnion":
+      return "union";
+    default:
+      return "unknown";
+  }
+};
+var isZodRequired = (schema) => {
+  const typeName = schema._def?.typeName;
+  return typeName !== "ZodOptional" && typeName !== "ZodNullable";
+};
+var extractSchemaMeta = (model, zodSchema) => {
+  const columns = [];
+  if (zodSchema && zodSchema.shape) {
+    const shape = zodSchema.shape;
+    for (const [key, value] of Object.entries(shape)) {
+      if (key.startsWith("_")) continue;
+      columns.push({
+        name: key,
+        datatype: getZodTypeName(value),
+        required: isZodRequired(value)
+      });
+    }
+    return columns;
+  }
+  try {
+    const schema = model.schema;
+    const paths = schema.paths;
+    for (const [key, pathInfo] of Object.entries(paths)) {
+      if (key.startsWith("_") || key === "__v") continue;
+      const schemaType = pathInfo;
+      columns.push({
+        name: key,
+        datatype: (schemaType.instance || "unknown").toLowerCase(),
+        required: schemaType.isRequired || false
+      });
+    }
+  } catch {
+  }
+  return columns;
+};
+
+// src/server/middleware/pagination.middleware.ts
+var queryPagination = (model, options = {}, withOrgId = true) => {
+  return async (req, res, next) => {
+    try {
+      const { page, limit, sort, search, filter } = req.parsedQuery;
+      const query = {};
+      Object.entries(filter).forEach(([key, value]) => {
+        if (options.regexFilterFields?.includes(key)) {
+          query[key] = { $regex: value, $options: "i" };
+        } else {
+          query[key] = value;
+        }
+      });
+      const organizationId = req.headers["x-organization-id"];
+      if (organizationId && typeof organizationId === "string" && withOrgId) {
+        query.organizationId = organizationId;
+      }
+      if (search && options.searchFields?.length) {
+        query.$or = options.searchFields.map((field) => ({
+          [field]: { $regex: search, $options: "i" }
+        }));
+      }
+      const sortQuery = sort ? { [sort.field]: sort.order } : { createdAt: "desc" };
+      const skip = (page - 1) * limit;
+      const [data, total] = await Promise.all([
+        model.find(query).sort(sortQuery).skip(skip).limit(limit),
+        model.countDocuments(query)
+      ]);
+      res.paginatedResult = {
+        data,
+        meta: {
+          page,
+          limit,
+          total,
+          totalPages: Math.ceil(total / limit)
+        },
+        columns: extractSchemaMeta(model, options.validatorSchema)
+      };
+      next();
+    } catch (error) {
+      next(error);
+    }
+  };
+};
+var isZodError = (error) => {
+  return error !== null && typeof error === "object" && "errors" in error && Array.isArray(error.errors);
+};
+var getOrgId = (req, orgField = "organizationId") => {
+  const orgReq = req;
+  return orgReq.organizationId || req.headers["x-organization-id"] || req.query[orgField];
+};
+var buildOrgFilter = (req, config) => {
+  const filter = {};
+  if (config.withOrganization !== false) {
+    const orgId = getOrgId(req, config.orgField);
+    if (orgId) {
+      filter[config.orgField || "organizationId"] = orgId;
+    }
+  }
+  return filter;
+};
+var formatZodError = (error) => {
+  return error.errors.map((e) => `${e.path.join(".")}: ${e.message}`).join(", ");
+};
+function createCrudControllers(config) {
+  const {
+    model,
+    resourceName,
+    createSchema,
+    updateSchema,
+    searchFields = [],
+    regexFilterFields = [],
+    withOrganization = true,
+    orgField = "organizationId",
+    transformCreate,
+    transformUpdate,
+    afterCreate,
+    afterUpdate,
+    afterDelete,
+    excludeFields = [],
+    populateFields = [],
+    buildQuery
+  } = config;
+  const getAll = async (req, res, _next) => {
+    try {
+      const paginatedRes = res;
+      if (paginatedRes.paginatedResult) {
+        successResponse(res, paginatedRes.paginatedResult, `${resourceName} list fetched successfully`);
+        return;
+      }
+      const page = parseInt(req.query.page) || 1;
+      const limit = parseInt(req.query.limit) || 10;
+      const sortField = req.query.sortBy || "createdAt";
+      const sortOrder = req.query.sortOrder || "desc";
+      const search = req.query.search;
+      let query = {};
+      if (withOrganization) {
+        const orgId = getOrgId(req, orgField);
+        if (orgId) {
+          query[orgField] = orgId;
+        }
+      }
+      if (search && searchFields.length > 0) {
+        query.$or = searchFields.map((field) => ({
+          [field]: { $regex: search, $options: "i" }
+        }));
+      }
+      const filterableParams = Object.keys(req.query).filter(
+        (key) => !["page", "limit", "sortBy", "sortOrder", "search"].includes(key)
+      );
+      filterableParams.forEach((key) => {
+        const value = req.query[key];
+        if (value !== void 0 && value !== "" && value !== "all") {
+          if (regexFilterFields.includes(key)) {
+            query[key] = { $regex: value, $options: "i" };
+          } else {
+            query[key] = value;
+          }
+        }
+      });
+      if (buildQuery) {
+        query = buildQuery(req, query);
+      }
+      const sortQuery = { [sortField]: sortOrder };
+      const skip = (page - 1) * limit;
+      let projection = {};
+      if (excludeFields.length > 0) {
+        projection = excludeFields.reduce(
+          (acc, field) => ({ ...acc, [field]: 0 }),
+          {}
+        );
+      }
+      let dbQuery = model.find(query, projection);
+      if (populateFields.length > 0) {
+        populateFields.forEach((field) => {
+          dbQuery = dbQuery.populate(field);
+        });
+      }
+      const [data, total] = await Promise.all([
+        dbQuery.sort(sortQuery).skip(skip).limit(limit),
+        model.countDocuments(query)
+      ]);
+      successResponse(
+        res,
+        {
+          data,
+          meta: {
+            page,
+            limit,
+            total,
+            totalPages: Math.ceil(total / limit)
+          },
+          columns: extractSchemaMeta(model, createSchema)
+        },
+        `${resourceName} list fetched successfully`
+      );
+    } catch (error) {
+      logger.error(`Error in getAll ${resourceName}`, {
+        error: error instanceof Error ? error.message : "Unknown error"
+      });
+      errorResponse(res, `Failed to fetch ${resourceName.toLowerCase()} list`);
+    }
+  };
+  const getById = async (req, res, _next) => {
+    try {
+      const { id } = req.params;
+      if (!id || !mongoose.Types.ObjectId.isValid(id)) {
+        badRequestResponse(res, "Invalid ID format");
+        return;
+      }
+      const query = {
+        _id: new mongoose.Types.ObjectId(id),
+        ...buildOrgFilter(req, { ...config, withOrganization, orgField })
+      };
+      let dbQuery = model.findOne(query);
+      if (populateFields.length > 0) {
+        populateFields.forEach((field) => {
+          dbQuery = dbQuery.populate(field);
+        });
+      }
+      const doc = await dbQuery;
+      if (!doc) {
+        notFoundResponse(res, `${resourceName} not found`);
+        return;
+      }
+      successResponse(res, doc, `${resourceName} fetched successfully`);
+    } catch (error) {
+      logger.error(`Error in getById ${resourceName}`, {
+        error: error instanceof Error ? error.message : "Unknown error",
+        id: req.params.id
+      });
+      errorResponse(res, `Failed to fetch ${resourceName.toLowerCase()}`);
+    }
+  };
+  const create = async (req, res, _next) => {
+    try {
+      let input = req.body;
+      if (createSchema) {
+        try {
+          input = createSchema.parse(input);
+        } catch (error) {
+          if (isZodError(error)) {
+            badRequestResponse(res, formatZodError(error));
+            return;
+          }
+          throw error;
+        }
+      }
+      if (transformCreate) {
+        input = transformCreate(input, req);
+      }
+      if (withOrganization) {
+        const orgId = getOrgId(req, orgField);
+        if (orgId) {
+          input[orgField] = orgId;
+        }
+      }
+      const doc = new model(input);
+      await doc.save();
+      if (afterCreate) {
+        await afterCreate(doc, req);
+      }
+      logger.info(`${resourceName} created successfully`, {
+        id: doc._id,
+        [orgField]: input[orgField]
+      });
+      createdResponse(res, doc, `${resourceName} created successfully`);
+    } catch (error) {
+      logger.error(`Error in create ${resourceName}`, {
+        error: error instanceof Error ? error.message : "Unknown error"
+      });
+      if (error.code === 11e3) {
+        badRequestResponse(res, `A ${resourceName.toLowerCase()} with this data already exists`);
+        return;
+      }
+      errorResponse(res, `Failed to create ${resourceName.toLowerCase()}`);
+    }
+  };
+  const update = async (req, res, _next) => {
+    try {
+      const { id } = req.params;
+      if (!id || !mongoose.Types.ObjectId.isValid(id)) {
+        badRequestResponse(res, "Invalid ID format");
+        return;
+      }
+      let input = req.body;
+      if (updateSchema) {
+        try {
+          input = updateSchema.parse(input);
+        } catch (error) {
+          if (isZodError(error)) {
+            badRequestResponse(res, formatZodError(error));
+            return;
+          }
+          throw error;
+        }
+      }
+      if (transformUpdate) {
+        input = transformUpdate(input, req);
+      }
+      const query = {
+        _id: new mongoose.Types.ObjectId(id),
+        ...buildOrgFilter(req, { ...config, withOrganization, orgField })
+      };
+      const doc = await model.findOneAndUpdate(query, { $set: input }, { new: true });
+      if (!doc) {
+        notFoundResponse(res, `${resourceName} not found`);
+        return;
+      }
+      if (afterUpdate) {
+        await afterUpdate(doc, req);
+      }
+      logger.info(`${resourceName} updated successfully`, { id });
+      successResponse(res, doc, `${resourceName} updated successfully`);
+    } catch (error) {
+      logger.error(`Error in update ${resourceName}`, {
+        error: error instanceof Error ? error.message : "Unknown error",
+        id: req.params.id
+      });
+      errorResponse(res, `Failed to update ${resourceName.toLowerCase()}`);
+    }
+  };
+  const deleteOne = async (req, res, _next) => {
+    try {
+      const { id } = req.params;
+      if (!id || !mongoose.Types.ObjectId.isValid(id)) {
+        badRequestResponse(res, "Invalid ID format");
+        return;
+      }
+      const query = {
+        _id: new mongoose.Types.ObjectId(id),
+        ...buildOrgFilter(req, { ...config, withOrganization, orgField })
+      };
+      const result = await model.deleteOne(query);
+      if (result.deletedCount === 0) {
+        notFoundResponse(res, `${resourceName} not found`);
+        return;
+      }
+      if (afterDelete) {
+        await afterDelete(id, req);
+      }
+      logger.info(`${resourceName} deleted successfully`, { id });
+      noContentResponse(res, null, `${resourceName} deleted successfully`);
+    } catch (error) {
+      logger.error(`Error in delete ${resourceName}`, {
+        error: error instanceof Error ? error.message : "Unknown error",
+        id: req.params.id
+      });
+      errorResponse(res, `Failed to delete ${resourceName.toLowerCase()}`);
+    }
+  };
+  const bulkDelete = async (req, res, _next) => {
+    try {
+      const bulkReq = req;
+      const { deleteIds = [], deleteAll = false } = bulkReq;
+      const baseFilter = buildOrgFilter(req, { ...config, withOrganization, orgField });
+      let filter;
+      if (deleteAll) {
+        filter = baseFilter;
+      } else if (deleteIds.length > 0) {
+        filter = {
+          ...baseFilter,
+          _id: { $in: deleteIds.map((id) => new mongoose.Types.ObjectId(id)) }
+        };
+      } else {
+        badRequestResponse(res, "No IDs provided for deletion");
+        return;
+      }
+      const result = await model.deleteMany(filter);
+      if (afterDelete && deleteIds.length > 0) {
+        await Promise.all(deleteIds.map((id) => afterDelete(id, req)));
+      }
+      logger.info(`${resourceName}(s) bulk deleted successfully`, {
+        deletedCount: result.deletedCount,
+        deleteAll
+      });
+      successResponse(
+        res,
+        { deletedCount: result.deletedCount },
+        `${result.deletedCount} ${resourceName.toLowerCase()}(s) deleted successfully`
+      );
+    } catch (error) {
+      logger.error(`Error in bulkDelete ${resourceName}`, {
+        error: error instanceof Error ? error.message : "Unknown error"
+      });
+      errorResponse(res, `Failed to delete ${resourceName.toLowerCase()}(s)`);
+    }
+  };
+  return {
+    getAll,
+    getById,
+    create,
+    update,
+    deleteOne,
+    bulkDelete
+  };
+}
+function createPaginationMiddleware(model, config = {}) {
+  const {
+    searchFields = [],
+    regexFilterFields = [],
+    withOrganization = true,
+    orgField = "organizationId"
+  } = config;
+  return async (req, res, next) => {
+    try {
+      const page = parseInt(req.query.page) || 1;
+      const limit = parseInt(req.query.limit) || 10;
+      const sortField = req.query.sortBy || "createdAt";
+      const sortOrder = req.query.sortOrder || "desc";
+      const search = req.query.search;
+      const query = {};
+      if (withOrganization) {
+        const orgId = getOrgId(req, orgField);
+        if (orgId) {
+          query[orgField] = orgId;
+        }
+      }
+      if (search && searchFields.length > 0) {
+        query.$or = searchFields.map((field) => ({
+          [field]: { $regex: search, $options: "i" }
+        }));
+      }
+      const filterableParams = Object.keys(req.query).filter(
+        (key) => !["page", "limit", "sortBy", "sortOrder", "search"].includes(key)
+      );
+      filterableParams.forEach((key) => {
+        const value = req.query[key];
+        if (value !== void 0 && value !== "" && value !== "all") {
+          if (regexFilterFields.includes(key)) {
+            query[key] = { $regex: value, $options: "i" };
+          } else {
+            query[key] = value;
+          }
+        }
+      });
+      const sortQuery = { [sortField]: sortOrder };
+      const skip = (page - 1) * limit;
+      const [data, total] = await Promise.all([
+        model.find(query).sort(sortQuery).skip(skip).limit(limit),
+        model.countDocuments(query)
+      ]);
+      const paginatedRes = res;
+      paginatedRes.paginatedResult = {
+        data,
+        meta: {
+          page,
+          limit,
+          total,
+          totalPages: Math.ceil(total / limit)
+        },
+        columns: extractSchemaMeta(model, config.createSchema)
+      };
+      next();
+    } catch (error) {
+      next(error);
+    }
+  };
+}
+var parseBulkDelete = (req, res, next) => {
+  try {
+    const bulkReq = req;
+    let ids = [];
+    if (Array.isArray(req.body)) {
+      ids = req.body;
+    } else if (req.body && Array.isArray(req.body.ids)) {
+      ids = req.body.ids;
+    } else if (req.body && typeof req.body === "object") {
+      if (Array.isArray(req.body.data)) {
+        ids = req.body.data;
+      }
+    }
+    if (ids.length === 0) {
+      return badRequestResponse(
+        res,
+        'Request body must contain an array of IDs. Use ["*"] to delete all records or ["id1", "id2"] to delete specific records.'
+      );
+    }
+    if (ids.length === 1 && ids[0] === "*") {
+      bulkReq.deleteAll = true;
+      bulkReq.deleteIds = [];
+      logger.info("Bulk delete: Deleting all records");
+      return next();
+    }
+    const validIds = [];
+    const invalidIds = [];
+    for (const id of ids) {
+      if (typeof id === "string" && mongoose.Types.ObjectId.isValid(id)) {
+        validIds.push(id);
+      } else {
+        invalidIds.push(id);
+      }
+    }
+    if (invalidIds.length > 0) {
+      return badRequestResponse(
+        res,
+        `Invalid ID format(s): ${invalidIds.slice(0, 5).join(", ")}${invalidIds.length > 5 ? "..." : ""}. All IDs must be valid MongoDB ObjectIds.`
+      );
+    }
+    if (validIds.length === 0) {
+      return badRequestResponse(res, "No valid IDs provided for deletion.");
+    }
+    bulkReq.deleteAll = false;
+    bulkReq.deleteIds = validIds;
+    logger.info(`Bulk delete: Deleting ${validIds.length} record(s)`);
+    next();
+  } catch (error) {
+    logger.error("Error in parseBulkDelete middleware", error);
+    return badRequestResponse(res, "Failed to parse delete request");
+  }
+};
+var buildDeleteFilter = (req, organizationId) => {
+  const filter = {
+    organizationId: new mongoose.Types.ObjectId(organizationId)
+  };
+  if (!req.deleteAll && req.deleteIds && req.deleteIds.length > 0) {
+    filter._id = {
+      $in: req.deleteIds.map((id) => new mongoose.Types.ObjectId(id))
+    };
+  }
+  return filter;
+};
+var createBulkDeleteHandler = (Model2, modelName) => {
+  return async (req, res) => {
+    const bulkReq = req;
+    const organizationId = req.headers["x-organization-id"];
+    if (!organizationId) {
+      return badRequestResponse(res, "Organization ID is required");
+    }
+    try {
+      const filter = buildDeleteFilter(bulkReq, organizationId);
+      const result = await Model2.deleteMany(filter);
+      const deletedCount = result.deletedCount || 0;
+      logger.info(`Bulk delete completed: ${deletedCount} ${modelName}(s) deleted`, {
+        organizationId,
+        deleteAll: bulkReq.deleteAll,
+        requestedIds: bulkReq.deleteIds?.length || "all",
+        deletedCount
+      });
+      return res.status(200).json({
+        message: `Successfully deleted ${deletedCount} ${modelName}(s)`,
+        data: {
+          deletedCount,
+          deleteAll: bulkReq.deleteAll
+        },
+        status: "success",
+        statusCode: 200
+      });
+    } catch (error) {
+      logger.error(`Error in bulk delete ${modelName}`, error);
+      return res.status(500).json({
+        message: `Failed to delete ${modelName}(s)`,
+        data: null,
+        status: "error",
+        statusCode: 500
+      });
+    }
+  };
+};
+
 // src/server/utils/filter-builder.ts
 var buildFilter = (options) => {
   const {
@@ -720,44 +1345,749 @@ var packageCheckServer = {
   print: printPackageCheckSummary
 };
 
+// src/server/configs/cors.config.ts
+var DEFAULT_CORS_CONFIG = {
+  productionOrigins: [],
+  developmentOrigins: [
+    "http://localhost:3000",
+    "http://localhost:4000",
+    "http://localhost:5000",
+    "http://localhost:5173",
+    "http://localhost:8080",
+    "http://127.0.0.1:3000",
+    "http://127.0.0.1:4000",
+    "http://127.0.0.1:5000",
+    "http://127.0.0.1:5173",
+    "http://127.0.0.1:8080"
+  ],
+  allowedSubdomains: [],
+  originPatterns: [],
+  allowNoOrigin: true,
+  allowAllInDev: true,
+  credentials: true,
+  methods: ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS", "HEAD"],
+  allowedHeaders: [
+    "Content-Type",
+    "Authorization",
+    "X-Requested-With",
+    "Accept",
+    "Origin",
+    "X-API-Key",
+    "X-Organization-Id",
+    "X-Request-Id"
+  ],
+  exposedHeaders: [
+    "Content-Range",
+    "X-Content-Range",
+    "X-Total-Count",
+    "X-Request-Id"
+  ],
+  maxAge: 86400
+  // 24 hours
+};
+var createCorsOptions = (config = {}) => {
+  const finalConfig = { ...DEFAULT_CORS_CONFIG, ...config };
+  const {
+    productionOrigins,
+    developmentOrigins,
+    allowedSubdomains,
+    originPatterns,
+    allowNoOrigin,
+    allowAllInDev,
+    customValidator,
+    credentials,
+    methods,
+    allowedHeaders,
+    exposedHeaders,
+    maxAge
+  } = finalConfig;
+  const allOrigins = /* @__PURE__ */ new Set([...productionOrigins, ...developmentOrigins]);
+  const originHandler = (origin, callback) => {
+    if (!origin) {
+      callback(null, allowNoOrigin);
+      return;
+    }
+    if (allOrigins.has(origin)) {
+      callback(null, true);
+      return;
+    }
+    if (allowedSubdomains.some((subdomain) => origin.endsWith(subdomain))) {
+      callback(null, true);
+      return;
+    }
+    if (originPatterns.some((pattern) => pattern.test(origin))) {
+      callback(null, true);
+      return;
+    }
+    if (customValidator && customValidator(origin)) {
+      callback(null, true);
+      return;
+    }
+    if (process.env.NODE_ENV !== "production" && allowAllInDev) {
+      callback(null, true);
+      return;
+    }
+    if (process.env.NODE_ENV === "production") {
+      callback(new Error(`Origin ${origin} not allowed by CORS`));
+      return;
+    }
+    callback(null, true);
+  };
+  return {
+    origin: originHandler,
+    credentials,
+    methods,
+    allowedHeaders,
+    exposedHeaders,
+    maxAge
+  };
+};
+var createBrandCorsOptions = (brandDomain, additionalConfig = {}) => {
+  const productionOrigins = [
+    `https://${brandDomain}`,
+    `https://www.${brandDomain}`
+  ];
+  const allowedSubdomains = [`.${brandDomain}`];
+  return createCorsOptions({
+    productionOrigins,
+    allowedSubdomains,
+    ...additionalConfig
+  });
+};
+var createMultiBrandCorsOptions = (domains, additionalConfig = {}) => {
+  const productionOrigins = domains.flatMap((domain) => [
+    `https://${domain}`,
+    `https://www.${domain}`
+  ]);
+  const allowedSubdomains = domains.map((domain) => `.${domain}`);
+  return createCorsOptions({
+    productionOrigins,
+    allowedSubdomains,
+    ...additionalConfig
+  });
+};
+var EXYCONN_CORS_CONFIG = {
+  productionOrigins: [
+    "https://exyconn.com",
+    "https://www.exyconn.com",
+    "https://botify.life",
+    "https://www.botify.life",
+    "https://partywings.fun",
+    "https://www.partywings.fun",
+    "https://sibera.work",
+    "https://www.sibera.work",
+    "https://spentiva.com",
+    "https://www.spentiva.com"
+  ],
+  allowedSubdomains: [
+    ".exyconn.com",
+    ".botify.life",
+    ".partywings.fun",
+    ".sibera.work",
+    ".spentiva.com"
+  ],
+  developmentOrigins: [
+    "http://localhost:3000",
+    "http://localhost:4000",
+    "http://localhost:4001",
+    "http://localhost:4002",
+    "http://localhost:4003",
+    "http://localhost:4004",
+    "http://localhost:4005",
+    "http://localhost:5173",
+    "http://127.0.0.1:3000",
+    "http://127.0.0.1:4000",
+    "http://127.0.0.1:5173"
+  ]
+};
+var STRICT_CORS_CONFIG = {
+  allowNoOrigin: false,
+  allowAllInDev: false,
+  methods: ["GET", "POST", "PUT", "DELETE"]
+};
+var PERMISSIVE_CORS_CONFIG = {
+  allowNoOrigin: true,
+  allowAllInDev: true,
+  originPatterns: [/localhost/, /127\.0\.0\.1/]
+};
+var corsOptions = createCorsOptions(EXYCONN_CORS_CONFIG);
+var DEFAULT_RATE_LIMIT_TIERS = {
+  STANDARD: {
+    windowMs: 15 * 60 * 1e3,
+    // 15 minutes
+    maxRequests: 100,
+    message: "Too many requests, please try again later.",
+    skipSuccessfulRequests: false,
+    skipFailedRequests: false
+  },
+  STRICT: {
+    windowMs: 15 * 60 * 1e3,
+    // 15 minutes
+    maxRequests: 20,
+    message: "Too many requests, please try again later.",
+    skipSuccessfulRequests: false,
+    skipFailedRequests: false
+  },
+  DDOS: {
+    windowMs: 60 * 1e3,
+    // 1 minute
+    maxRequests: 60,
+    message: "Rate limit exceeded. Please slow down.",
+    skipSuccessfulRequests: false,
+    skipFailedRequests: false
+  },
+  // Additional presets
+  VERY_STRICT: {
+    windowMs: 60 * 60 * 1e3,
+    // 1 hour
+    maxRequests: 5,
+    message: "Too many attempts. Please try again in an hour.",
+    skipSuccessfulRequests: false,
+    skipFailedRequests: false
+  },
+  RELAXED: {
+    windowMs: 15 * 60 * 1e3,
+    // 15 minutes
+    maxRequests: 500,
+    message: "Rate limit exceeded.",
+    skipSuccessfulRequests: false,
+    skipFailedRequests: false
+  },
+  API: {
+    windowMs: 60 * 1e3,
+    // 1 minute
+    maxRequests: 30,
+    message: "API rate limit exceeded.",
+    skipSuccessfulRequests: false,
+    skipFailedRequests: false
+  }
+};
+var defaultKeyGenerator = (req) => {
+  const forwarded = req.headers["x-forwarded-for"];
+  const ip = forwarded ? Array.isArray(forwarded) ? forwarded[0] : forwarded.split(",")[0].trim() : req.ip || req.socket.remoteAddress || "unknown";
+  return ip;
+};
+var createPrefixedKeyGenerator = (prefix) => (req) => {
+  return `${prefix}:${defaultKeyGenerator(req)}`;
+};
+var createUserKeyGenerator = (getUserId) => (req) => {
+  const userId = getUserId(req);
+  return userId || defaultKeyGenerator(req);
+};
+var createApiKeyGenerator = (headerName = "x-api-key") => (req) => {
+  const apiKey = req.headers[headerName.toLowerCase()];
+  return apiKey || defaultKeyGenerator(req);
+};
+var createRateLimitResponse = (message, retryAfter) => ({
+  status: "error",
+  statusCode: 429,
+  message,
+  ...retryAfter
+});
+var createRateLimiter = (tierConfig, options = {}) => {
+  const {
+    standardHeaders = true,
+    legacyHeaders = false,
+    keyGenerator = defaultKeyGenerator,
+    skip,
+    handler
+  } = options;
+  return rateLimit__default.default({
+    windowMs: tierConfig.windowMs,
+    max: tierConfig.maxRequests,
+    message: createRateLimitResponse(tierConfig.message),
+    standardHeaders,
+    legacyHeaders,
+    keyGenerator,
+    skip,
+    handler,
+    skipSuccessfulRequests: tierConfig.skipSuccessfulRequests,
+    skipFailedRequests: tierConfig.skipFailedRequests
+  });
+};
+var createStandardRateLimiter = (config = {}, options = {}) => {
+  const tierConfig = { ...DEFAULT_RATE_LIMIT_TIERS.STANDARD, ...config };
+  return createRateLimiter(tierConfig, options);
+};
+var createStrictRateLimiter = (config = {}, options = {}) => {
+  const tierConfig = { ...DEFAULT_RATE_LIMIT_TIERS.STRICT, ...config };
+  return createRateLimiter(tierConfig, options);
+};
+var createDdosRateLimiter = (config = {}, options = {}) => {
+  const tierConfig = { ...DEFAULT_RATE_LIMIT_TIERS.DDOS, ...config };
+  return createRateLimiter(tierConfig, options);
+};
+var createApiRateLimiter = (config = {}, options = {}) => {
+  const tierConfig = { ...DEFAULT_RATE_LIMIT_TIERS.API, ...config };
+  return createRateLimiter(tierConfig, {
+    keyGenerator: createApiKeyGenerator(),
+    ...options
+  });
+};
+var RateLimiterBuilder = class {
+  constructor(preset = "STANDARD") {
+    const presetConfig = DEFAULT_RATE_LIMIT_TIERS[preset];
+    this.config = {
+      windowMs: presetConfig.windowMs,
+      maxRequests: presetConfig.maxRequests,
+      message: presetConfig.message,
+      skipSuccessfulRequests: presetConfig.skipSuccessfulRequests ?? false,
+      skipFailedRequests: presetConfig.skipFailedRequests ?? false
+    };
+    this.options = {};
+  }
+  /**
+   * Set window duration
+   */
+  windowMs(ms) {
+    this.config.windowMs = ms;
+    return this;
+  }
+  /**
+   * Set window duration in minutes
+   */
+  windowMinutes(minutes) {
+    this.config.windowMs = minutes * 60 * 1e3;
+    return this;
+  }
+  /**
+   * Set window duration in hours
+   */
+  windowHours(hours) {
+    this.config.windowMs = hours * 60 * 60 * 1e3;
+    return this;
+  }
+  /**
+   * Set maximum requests
+   */
+  max(requests) {
+    this.config.maxRequests = requests;
+    return this;
+  }
+  /**
+   * Set error message
+   */
+  message(msg) {
+    this.config.message = msg;
+    return this;
+  }
+  /**
+   * Skip successful requests
+   */
+  skipSuccessful(skip = true) {
+    this.config.skipSuccessfulRequests = skip;
+    return this;
+  }
+  /**
+   * Skip failed requests
+   */
+  skipFailed(skip = true) {
+    this.config.skipFailedRequests = skip;
+    return this;
+  }
+  /**
+   * Set key generator
+   */
+  keyBy(generator) {
+    this.options.keyGenerator = generator;
+    return this;
+  }
+  /**
+   * Key by IP (default)
+   */
+  keyByIp() {
+    this.options.keyGenerator = defaultKeyGenerator;
+    return this;
+  }
+  /**
+   * Key by API key
+   */
+  keyByApiKey(headerName) {
+    this.options.keyGenerator = createApiKeyGenerator(headerName);
+    return this;
+  }
+  /**
+   * Skip certain requests
+   */
+  skipWhen(predicate) {
+    this.options.skip = predicate;
+    return this;
+  }
+  /**
+   * Build the rate limiter
+   */
+  build() {
+    return createRateLimiter(this.config, this.options);
+  }
+};
+var rateLimiter = (preset) => {
+  return new RateLimiterBuilder(preset);
+};
+var RATE_LIMIT_CONFIG = {
+  STANDARD: DEFAULT_RATE_LIMIT_TIERS.STANDARD,
+  STRICT: DEFAULT_RATE_LIMIT_TIERS.STRICT,
+  DDOS: DEFAULT_RATE_LIMIT_TIERS.DDOS
+};
+var standardRateLimiter = createStandardRateLimiter();
+var strictRateLimiter = createStrictRateLimiter();
+var ddosProtectionLimiter = createDdosRateLimiter();
+
+// src/server/configs/server.config.ts
+var DEFAULT_SERVER_CONFIG = {
+  name: "app-server",
+  version: "1.0.0",
+  environment: process.env.NODE_ENV || "development",
+  port: parseInt(process.env.PORT || "3000", 10),
+  host: process.env.HOST || "0.0.0.0",
+  basePath: "/api",
+  debug: process.env.DEBUG === "true",
+  trustProxy: true
+};
+var DEFAULT_DATABASE_CONFIG = {
+  uri: process.env.DATABASE_URL || process.env.MONGODB_URI || "",
+  name: process.env.DATABASE_NAME || "app_db",
+  maxPoolSize: process.env.NODE_ENV === "production" ? 50 : 10,
+  minPoolSize: process.env.NODE_ENV === "production" ? 10 : 5,
+  socketTimeoutMS: 45e3,
+  serverSelectionTimeoutMS: 1e4,
+  maxIdleTimeMS: 1e4,
+  retryWrites: true,
+  retryReads: true,
+  writeConcern: "majority"
+};
+var DEFAULT_AUTH_CONFIG = {
+  jwtSecret: process.env.JWT_SECRET || "",
+  jwtExpiresIn: process.env.JWT_EXPIRES_IN || "7d",
+  refreshTokenExpiresIn: process.env.REFRESH_TOKEN_EXPIRES_IN || "30d",
+  enableRefreshTokens: true,
+  apiKeyHeader: "x-api-key",
+  orgHeader: "x-organization-id"
+};
+var DEFAULT_LOGGING_CONFIG = {
+  level: process.env.LOG_LEVEL || "info",
+  logsDir: process.env.LOGS_DIR || "logs",
+  maxSize: "20m",
+  maxFiles: "14d",
+  errorMaxFiles: "30d",
+  console: true,
+  file: process.env.NODE_ENV === "production",
+  json: process.env.NODE_ENV === "production"
+};
+var DEFAULT_CORS_ORIGINS = {
+  production: [],
+  development: [
+    "http://localhost:3000",
+    "http://localhost:4000",
+    "http://localhost:5173",
+    "http://127.0.0.1:3000",
+    "http://127.0.0.1:4000",
+    "http://127.0.0.1:5173"
+  ],
+  patterns: []
+};
+var DEFAULT_RATE_LIMIT_CONFIG = {
+  enabled: true,
+  standard: {
+    windowMs: 15 * 60 * 1e3,
+    // 15 minutes
+    maxRequests: 100,
+    message: "Too many requests, please try again later."
+  },
+  strict: {
+    windowMs: 15 * 60 * 1e3,
+    // 15 minutes
+    maxRequests: 20,
+    message: "Too many requests, please try again later."
+  },
+  ddos: {
+    windowMs: 60 * 1e3,
+    // 1 minute
+    maxRequests: 60,
+    message: "Rate limit exceeded. Please slow down.",
+    skipSuccessfulRequests: false
+  }
+};
+function deepMerge(target, source) {
+  const result = { ...target };
+  for (const key in source) {
+    if (Object.prototype.hasOwnProperty.call(source, key)) {
+      const sourceValue = source[key];
+      const targetValue = target[key];
+      if (sourceValue !== void 0 && typeof sourceValue === "object" && sourceValue !== null && !Array.isArray(sourceValue) && typeof targetValue === "object" && targetValue !== null && !Array.isArray(targetValue)) {
+        result[key] = deepMerge(
+          targetValue,
+          sourceValue
+        );
+      } else if (sourceValue !== void 0) {
+        result[key] = sourceValue;
+      }
+    }
+  }
+  return result;
+}
+var ConfigBuilder = class {
+  constructor() {
+    this.config = {
+      server: { ...DEFAULT_SERVER_CONFIG },
+      database: { ...DEFAULT_DATABASE_CONFIG },
+      auth: { ...DEFAULT_AUTH_CONFIG },
+      logging: { ...DEFAULT_LOGGING_CONFIG },
+      cors: { ...DEFAULT_CORS_ORIGINS },
+      rateLimit: { ...DEFAULT_RATE_LIMIT_CONFIG }
+    };
+  }
+  /**
+   * Set server configuration
+   */
+  setServer(config) {
+    this.config.server = deepMerge(this.config.server, config);
+    return this;
+  }
+  /**
+   * Set database configuration
+   */
+  setDatabase(config) {
+    this.config.database = deepMerge(this.config.database, config);
+    return this;
+  }
+  /**
+   * Set auth configuration
+   */
+  setAuth(config) {
+    this.config.auth = deepMerge(this.config.auth, config);
+    return this;
+  }
+  /**
+   * Set logging configuration
+   */
+  setLogging(config) {
+    this.config.logging = deepMerge(this.config.logging, config);
+    return this;
+  }
+  /**
+   * Set CORS origins
+   */
+  setCorsOrigins(config) {
+    this.config.cors = deepMerge(this.config.cors, config);
+    return this;
+  }
+  /**
+   * Add CORS production origin
+   */
+  addProductionOrigin(origin) {
+    if (!this.config.cors.production.includes(origin)) {
+      this.config.cors.production.push(origin);
+    }
+    return this;
+  }
+  /**
+   * Add CORS development origin
+   */
+  addDevelopmentOrigin(origin) {
+    if (!this.config.cors.development.includes(origin)) {
+      this.config.cors.development.push(origin);
+    }
+    return this;
+  }
+  /**
+   * Add CORS pattern
+   */
+  addCorsPattern(pattern) {
+    if (!this.config.cors.patterns.includes(pattern)) {
+      this.config.cors.patterns.push(pattern);
+    }
+    return this;
+  }
+  /**
+   * Set rate limit configuration
+   */
+  setRateLimit(config) {
+    this.config.rateLimit = deepMerge(this.config.rateLimit, config);
+    return this;
+  }
+  /**
+   * Add custom rate limit tier
+   */
+  addRateLimitTier(name, tier) {
+    if (!this.config.rateLimit.custom) {
+      this.config.rateLimit.custom = {};
+    }
+    this.config.rateLimit.custom[name] = tier;
+    return this;
+  }
+  /**
+   * Set custom configuration
+   */
+  setCustom(key, value) {
+    if (!this.config.custom) {
+      this.config.custom = {};
+    }
+    this.config.custom[key] = value;
+    return this;
+  }
+  /**
+   * Load configuration from environment variables
+   */
+  loadFromEnv() {
+    if (process.env.SERVER_NAME) this.config.server.name = process.env.SERVER_NAME;
+    if (process.env.SERVER_VERSION) this.config.server.version = process.env.SERVER_VERSION;
+    if (process.env.PORT) this.config.server.port = parseInt(process.env.PORT, 10);
+    if (process.env.HOST) this.config.server.host = process.env.HOST;
+    if (process.env.BASE_PATH) this.config.server.basePath = process.env.BASE_PATH;
+    if (process.env.DATABASE_URL) this.config.database.uri = process.env.DATABASE_URL;
+    if (process.env.MONGODB_URI) this.config.database.uri = process.env.MONGODB_URI;
+    if (process.env.DATABASE_NAME) this.config.database.name = process.env.DATABASE_NAME;
+    if (process.env.JWT_SECRET) this.config.auth.jwtSecret = process.env.JWT_SECRET;
+    if (process.env.JWT_EXPIRES_IN) this.config.auth.jwtExpiresIn = process.env.JWT_EXPIRES_IN;
+    if (process.env.LOG_LEVEL) this.config.logging.level = process.env.LOG_LEVEL;
+    if (process.env.LOGS_DIR) this.config.logging.logsDir = process.env.LOGS_DIR;
+    if (process.env.CORS_ORIGINS) {
+      const origins = process.env.CORS_ORIGINS.split(",").map((o) => o.trim());
+      this.config.cors.production.push(...origins);
+    }
+    return this;
+  }
+  /**
+   * Validate configuration
+   */
+  validate() {
+    const errors = [];
+    if (!this.config.server.name) errors.push("Server name is required");
+    if (this.config.server.port < 1 || this.config.server.port > 65535) {
+      errors.push("Server port must be between 1 and 65535");
+    }
+    if (this.config.server.environment === "production") {
+      if (!this.config.auth.jwtSecret || this.config.auth.jwtSecret.length < 32) {
+        errors.push("JWT secret must be at least 32 characters in production");
+      }
+    }
+    return { valid: errors.length === 0, errors };
+  }
+  /**
+   * Build the final configuration
+   */
+  build() {
+    return { ...this.config };
+  }
+};
+var createConfig = () => {
+  return new ConfigBuilder();
+};
+var buildConfig = (partial = {}) => {
+  const builder = createConfig().loadFromEnv();
+  if (partial.server) builder.setServer(partial.server);
+  if (partial.database) builder.setDatabase(partial.database);
+  if (partial.auth) builder.setAuth(partial.auth);
+  if (partial.logging) builder.setLogging(partial.logging);
+  if (partial.cors) builder.setCorsOrigins(partial.cors);
+  if (partial.rateLimit) builder.setRateLimit(partial.rateLimit);
+  return builder.build();
+};
+var isProduction = (config) => {
+  return (config?.environment || process.env.NODE_ENV) === "production";
+};
+var isDevelopment = (config) => {
+  return (config?.environment || process.env.NODE_ENV) === "development";
+};
+var isTest = (config) => {
+  return (config?.environment || process.env.NODE_ENV) === "test";
+};
+var getDatabaseOptions = (config) => {
+  return {
+    maxPoolSize: config.maxPoolSize,
+    minPoolSize: config.minPoolSize,
+    socketTimeoutMS: config.socketTimeoutMS,
+    serverSelectionTimeoutMS: config.serverSelectionTimeoutMS,
+    maxIdleTimeMS: config.maxIdleTimeMS,
+    retryWrites: config.retryWrites,
+    retryReads: config.retryReads,
+    w: config.writeConcern
+  };
+};
+
+exports.ConfigBuilder = ConfigBuilder;
+exports.DEFAULT_AUTH_CONFIG = DEFAULT_AUTH_CONFIG;
+exports.DEFAULT_CORS_CONFIG = DEFAULT_CORS_CONFIG;
+exports.DEFAULT_CORS_ORIGINS = DEFAULT_CORS_ORIGINS;
+exports.DEFAULT_DATABASE_CONFIG = DEFAULT_DATABASE_CONFIG;
+exports.DEFAULT_LOGGING_CONFIG = DEFAULT_LOGGING_CONFIG;
+exports.DEFAULT_RATE_LIMIT_CONFIG = DEFAULT_RATE_LIMIT_CONFIG;
+exports.DEFAULT_RATE_LIMIT_TIERS = DEFAULT_RATE_LIMIT_TIERS;
+exports.DEFAULT_SERVER_CONFIG = DEFAULT_SERVER_CONFIG;
+exports.EXYCONN_CORS_CONFIG = EXYCONN_CORS_CONFIG;
+exports.PERMISSIVE_CORS_CONFIG = PERMISSIVE_CORS_CONFIG;
+exports.RATE_LIMIT_CONFIG = RATE_LIMIT_CONFIG;
+exports.RateLimiterBuilder = RateLimiterBuilder;
+exports.STRICT_CORS_CONFIG = STRICT_CORS_CONFIG;
 exports.StatusCode = StatusCode;
 exports.StatusMessage = StatusMessage;
 exports.authenticateApiKey = authenticateApiKey;
 exports.authenticateJWT = authenticateJWT;
 exports.badRequestResponse = badRequestResponse;
+exports.buildConfig = buildConfig;
+exports.buildDeleteFilter = buildDeleteFilter;
 exports.buildFilter = buildFilter;
 exports.buildPagination = buildPagination;
 exports.buildPaginationMeta = buildPaginationMeta;
 exports.checkPackageServer = checkPackageServer;
 exports.conflictResponse = conflictResponse;
 exports.connectDB = connectDB;
+exports.corsOptions = corsOptions;
+exports.createApiKeyGenerator = createApiKeyGenerator;
+exports.createApiRateLimiter = createApiRateLimiter;
+exports.createBrandCorsOptions = createBrandCorsOptions;
+exports.createBulkDeleteHandler = createBulkDeleteHandler;
+exports.createConfig = createConfig;
+exports.createCorsOptions = createCorsOptions;
+exports.createCrudControllers = createCrudControllers;
+exports.createDdosRateLimiter = createDdosRateLimiter;
 exports.createLogger = createLogger;
 exports.createMorganStream = createMorganStream;
+exports.createMultiBrandCorsOptions = createMultiBrandCorsOptions;
+exports.createPaginationMiddleware = createPaginationMiddleware;
+exports.createPrefixedKeyGenerator = createPrefixedKeyGenerator;
+exports.createRateLimiter = createRateLimiter;
+exports.createStandardRateLimiter = createStandardRateLimiter;
+exports.createStrictRateLimiter = createStrictRateLimiter;
+exports.createUserKeyGenerator = createUserKeyGenerator;
 exports.createdResponse = createdResponse;
+exports.ddosProtectionLimiter = ddosProtectionLimiter;
+exports.defaultKeyGenerator = defaultKeyGenerator;
 exports.disconnectDB = disconnectDB;
 exports.errorResponse = errorResponse;
 exports.extractColumns = extractColumns;
 exports.extractOrganization = extractOrganization;
+exports.extractSchemaMeta = extractSchemaMeta;
 exports.forbiddenResponse = forbiddenResponse;
 exports.formatPackageCheckResult = formatPackageCheckResult;
 exports.generateNcuCommand = generateNcuCommand;
 exports.getConnectionStatus = getConnectionStatus;
+exports.getDatabaseOptions = getDatabaseOptions;
+exports.isDevelopment = isDevelopment;
+exports.isProduction = isProduction;
+exports.isTest = isTest;
 exports.logger = logger;
 exports.noContentResponse = noContentResponse;
 exports.notFoundResponse = notFoundResponse;
 exports.omitFields = omitFields;
 exports.optionalAuthenticateJWT = optionalAuthenticateJWT;
 exports.packageCheckServer = packageCheckServer;
+exports.parseBulkDelete = parseBulkDelete;
 exports.pickFields = pickFields;
 exports.printPackageCheckSummary = printPackageCheckSummary;
+exports.queryPagination = queryPagination;
+exports.queryParser = queryParser;
 exports.rateLimitResponse = rateLimitResponse;
+exports.rateLimiter = rateLimiter;
 exports.requireOrganization = requireOrganization;
 exports.sanitizeDocument = sanitizeDocument;
 exports.sanitizeUser = sanitizeUser;
 exports.simpleLogger = simpleLogger;
+exports.standardRateLimiter = standardRateLimiter;
 exports.statusCode = statusCode;
 exports.statusMessage = statusMessage;
 exports.stream = stream;
+exports.strictRateLimiter = strictRateLimiter;
 exports.successResponse = successResponse;
 exports.successResponseArr = successResponseArr;
 exports.unauthorizedResponse = unauthorizedResponse;