@fnd-platform/api 1.0.0-alpha.1

package/lib/lib/response.d.ts

@@ -0,0 +1,131 @@
+/**
+ * Response helper functions for Lambda handlers.
+ *
+ * These helpers provide consistent response formatting with
+ * a standard envelope structure and CORS headers.
+ *
+ * @packageDocumentation
+ */
+import type { APIGatewayProxyResult } from 'aws-lambda';
+/**
+ * Success response envelope structure.
+ */
+export interface SuccessResponse<T = unknown> {
+  success: true;
+  data: T;
+}
+/**
+ * Error response envelope structure.
+ */
+export interface ErrorResponse {
+  success: false;
+  error: {
+    code: string;
+    message: string;
+    details?: unknown;
+  };
+}
+/**
+ * Creates a successful API response.
+ *
+ * @param data - Response body data
+ * @param statusCode - HTTP status code (default: 200)
+ * @returns API Gateway proxy result with success envelope
+ *
+ * @example
+ * ```typescript
+ * return success({ user: { id: '123', name: 'John' } });
+ * // { statusCode: 200, body: '{"success":true,"data":{"user":{...}}}' }
+ *
+ * return success({ id: '123' }, 201);
+ * // { statusCode: 201, body: '{"success":true,"data":{"id":"123"}}' }
+ * ```
+ */
+export declare function success<T>(data: T, statusCode?: number): APIGatewayProxyResult;
+/**
+ * Creates an error API response.
+ *
+ * @param err - Error object or message string
+ * @param statusCode - HTTP status code (default: 500)
+ * @returns API Gateway proxy result with error envelope
+ *
+ * @example
+ * ```typescript
+ * return error('Something went wrong');
+ * // { statusCode: 500, body: '{"success":false,"error":{"code":"INTERNAL_ERROR",...}}' }
+ *
+ * return error(new NotFoundError('User not found'), 404);
+ * // { statusCode: 404, body: '{"success":false,"error":{"code":"NOT_FOUND",...}}' }
+ * ```
+ */
+export declare function error(err: Error | string, statusCode?: number): APIGatewayProxyResult;
+/**
+ * Creates a 404 Not Found response.
+ *
+ * @param message - Error message (default: 'Resource not found')
+ * @returns API Gateway proxy result with 404 status
+ *
+ * @example
+ * ```typescript
+ * return notFound('User not found');
+ * // { statusCode: 404, body: '{"success":false,"error":{"code":"NOT_FOUND",...}}' }
+ * ```
+ */
+export declare function notFound(message?: string): APIGatewayProxyResult;
+/**
+ * Creates a 401 Unauthorized response.
+ *
+ * @param message - Error message (default: 'Unauthorized')
+ * @returns API Gateway proxy result with 401 status
+ *
+ * @example
+ * ```typescript
+ * return unauthorized('Invalid token');
+ * // { statusCode: 401, body: '{"success":false,"error":{"code":"UNAUTHORIZED",...}}' }
+ * ```
+ */
+export declare function unauthorized(message?: string): APIGatewayProxyResult;
+/**
+ * Creates a 403 Forbidden response.
+ *
+ * @param message - Error message (default: 'Forbidden')
+ * @returns API Gateway proxy result with 403 status
+ *
+ * @example
+ * ```typescript
+ * return forbidden('Admin access required');
+ * // { statusCode: 403, body: '{"success":false,"error":{"code":"FORBIDDEN",...}}' }
+ * ```
+ */
+export declare function forbidden(message?: string): APIGatewayProxyResult;
+/**
+ * Creates a 400 Bad Request response.
+ *
+ * @param message - Error message (default: 'Bad request')
+ * @param details - Optional validation error details
+ * @returns API Gateway proxy result with 400 status
+ *
+ * @example
+ * ```typescript
+ * return badRequest('Invalid email format');
+ * // { statusCode: 400, body: '{"success":false,"error":{"code":"VALIDATION_ERROR",...}}' }
+ *
+ * return badRequest('Validation failed', { fields: ['email', 'name'] });
+ * // { statusCode: 400, body: '{"success":false,"error":{"code":"VALIDATION_ERROR",...,"details":{...}}}' }
+ * ```
+ */
+export declare function badRequest(message?: string, details?: unknown): APIGatewayProxyResult;
+/**
+ * Creates a 201 Created response.
+ *
+ * @param data - Created resource data
+ * @returns API Gateway proxy result with 201 status
+ *
+ * @example
+ * ```typescript
+ * return created({ id: '123', name: 'New Item' });
+ * // { statusCode: 201, body: '{"success":true,"data":{"id":"123","name":"New Item"}}' }
+ * ```
+ */
+export declare function created<T>(data: T): APIGatewayProxyResult;
+//# sourceMappingURL=response.d.ts.map

package/lib/lib/response.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"response.d.ts","sourceRoot":"","sources":["../../src/lib/response.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AASxD;;GAEG;AACH,MAAM,WAAW,eAAe,CAAC,CAAC,GAAG,OAAO;IAC1C,OAAO,EAAE,IAAI,CAAC;IACd,IAAI,EAAE,CAAC,CAAC;CACT;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,KAAK,CAAC;IACf,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;CACH;AAcD;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,UAAU,SAAM,GAAG,qBAAqB,CAO3E;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,KAAK,CAAC,GAAG,EAAE,KAAK,GAAG,MAAM,EAAE,UAAU,SAAM,GAAG,qBAAqB,CAelF;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,QAAQ,CAAC,OAAO,SAAuB,GAAG,qBAAqB,CAE9E;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,YAAY,CAAC,OAAO,SAAiB,GAAG,qBAAqB,CAE5E;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,SAAS,CAAC,OAAO,SAAc,GAAG,qBAAqB,CAEtE;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,UAAU,CAAC,OAAO,SAAgB,EAAE,OAAO,CAAC,EAAE,OAAO,GAAG,qBAAqB,CAE5F;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,qBAAqB,CAEzD"}

package/lib/lib/response.js

@@ -0,0 +1,163 @@
+"use strict";
+/**
+ * Response helper functions for Lambda handlers.
+ *
+ * These helpers provide consistent response formatting with
+ * a standard envelope structure and CORS headers.
+ *
+ * @packageDocumentation
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.success = success;
+exports.error = error;
+exports.notFound = notFound;
+exports.unauthorized = unauthorized;
+exports.forbidden = forbidden;
+exports.badRequest = badRequest;
+exports.created = created;
+const errors_1 = require("./errors");
+/**
+ * Default headers included in all responses.
+ * Includes Content-Type and CORS headers.
+ */
+function defaultHeaders() {
+    return {
+        'Content-Type': 'application/json',
+        'Access-Control-Allow-Origin': '*',
+        'Access-Control-Allow-Headers': 'Content-Type,Authorization',
+    };
+}
+/**
+ * Creates a successful API response.
+ *
+ * @param data - Response body data
+ * @param statusCode - HTTP status code (default: 200)
+ * @returns API Gateway proxy result with success envelope
+ *
+ * @example
+ * ```typescript
+ * return success({ user: { id: '123', name: 'John' } });
+ * // { statusCode: 200, body: '{"success":true,"data":{"user":{...}}}' }
+ *
+ * return success({ id: '123' }, 201);
+ * // { statusCode: 201, body: '{"success":true,"data":{"id":"123"}}' }
+ * ```
+ */
+function success(data, statusCode = 200) {
+    const body = { success: true, data };
+    return {
+        statusCode,
+        headers: defaultHeaders(),
+        body: JSON.stringify(body),
+    };
+}
+/**
+ * Creates an error API response.
+ *
+ * @param err - Error object or message string
+ * @param statusCode - HTTP status code (default: 500)
+ * @returns API Gateway proxy result with error envelope
+ *
+ * @example
+ * ```typescript
+ * return error('Something went wrong');
+ * // { statusCode: 500, body: '{"success":false,"error":{"code":"INTERNAL_ERROR",...}}' }
+ *
+ * return error(new NotFoundError('User not found'), 404);
+ * // { statusCode: 404, body: '{"success":false,"error":{"code":"NOT_FOUND",...}}' }
+ * ```
+ */
+function error(err, statusCode = 500) {
+    const message = typeof err === 'string' ? err : err.message;
+    const code = err instanceof errors_1.ApiError ? err.code : 'INTERNAL_ERROR';
+    const details = err instanceof errors_1.ApiError ? err.details : undefined;
+    const body = {
+        success: false,
+        error: { code, message, details },
+    };
+    return {
+        statusCode,
+        headers: defaultHeaders(),
+        body: JSON.stringify(body),
+    };
+}
+/**
+ * Creates a 404 Not Found response.
+ *
+ * @param message - Error message (default: 'Resource not found')
+ * @returns API Gateway proxy result with 404 status
+ *
+ * @example
+ * ```typescript
+ * return notFound('User not found');
+ * // { statusCode: 404, body: '{"success":false,"error":{"code":"NOT_FOUND",...}}' }
+ * ```
+ */
+function notFound(message = 'Resource not found') {
+    return error(new errors_1.NotFoundError(message), 404);
+}
+/**
+ * Creates a 401 Unauthorized response.
+ *
+ * @param message - Error message (default: 'Unauthorized')
+ * @returns API Gateway proxy result with 401 status
+ *
+ * @example
+ * ```typescript
+ * return unauthorized('Invalid token');
+ * // { statusCode: 401, body: '{"success":false,"error":{"code":"UNAUTHORIZED",...}}' }
+ * ```
+ */
+function unauthorized(message = 'Unauthorized') {
+    return error(new errors_1.UnauthorizedError(message), 401);
+}
+/**
+ * Creates a 403 Forbidden response.
+ *
+ * @param message - Error message (default: 'Forbidden')
+ * @returns API Gateway proxy result with 403 status
+ *
+ * @example
+ * ```typescript
+ * return forbidden('Admin access required');
+ * // { statusCode: 403, body: '{"success":false,"error":{"code":"FORBIDDEN",...}}' }
+ * ```
+ */
+function forbidden(message = 'Forbidden') {
+    return error(new errors_1.ForbiddenError(message), 403);
+}
+/**
+ * Creates a 400 Bad Request response.
+ *
+ * @param message - Error message (default: 'Bad request')
+ * @param details - Optional validation error details
+ * @returns API Gateway proxy result with 400 status
+ *
+ * @example
+ * ```typescript
+ * return badRequest('Invalid email format');
+ * // { statusCode: 400, body: '{"success":false,"error":{"code":"VALIDATION_ERROR",...}}' }
+ *
+ * return badRequest('Validation failed', { fields: ['email', 'name'] });
+ * // { statusCode: 400, body: '{"success":false,"error":{"code":"VALIDATION_ERROR",...,"details":{...}}}' }
+ * ```
+ */
+function badRequest(message = 'Bad request', details) {
+    return error(new errors_1.ValidationError(message, details), 400);
+}
+/**
+ * Creates a 201 Created response.
+ *
+ * @param data - Created resource data
+ * @returns API Gateway proxy result with 201 status
+ *
+ * @example
+ * ```typescript
+ * return created({ id: '123', name: 'New Item' });
+ * // { statusCode: 201, body: '{"success":true,"data":{"id":"123","name":"New Item"}}' }
+ * ```
+ */
+function created(data) {
+    return success(data, 201);
+}
+//# sourceMappingURL=response.js.map

package/lib/lib/response.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"response.js","sourceRoot":"","sources":["../../src/lib/response.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AA2DH,0BAOC;AAkBD,sBAeC;AAcD,4BAEC;AAcD,oCAEC;AAcD,8BAEC;AAkBD,gCAEC;AAcD,0BAEC;AApLD,qCAMkB;AAsBlB;;;GAGG;AACH,SAAS,cAAc;IACrB,OAAO;QACL,cAAc,EAAE,kBAAkB;QAClC,6BAA6B,EAAE,GAAG;QAClC,8BAA8B,EAAE,4BAA4B;KAC7D,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,SAAgB,OAAO,CAAI,IAAO,EAAE,UAAU,GAAG,GAAG;IAClD,MAAM,IAAI,GAAuB,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACzD,OAAO;QACL,UAAU;QACV,OAAO,EAAE,cAAc,EAAE;QACzB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;KAC3B,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,SAAgB,KAAK,CAAC,GAAmB,EAAE,UAAU,GAAG,GAAG;IACzD,MAAM,OAAO,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC;IAC5D,MAAM,IAAI,GAAG,GAAG,YAAY,iBAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,gBAAgB,CAAC;IACnE,MAAM,OAAO,GAAG,GAAG,YAAY,iBAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;IAElE,MAAM,IAAI,GAAkB;QAC1B,OAAO,EAAE,KAAK;QACd,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE;KAClC,CAAC;IAEF,OAAO;QACL,UAAU;QACV,OAAO,EAAE,cAAc,EAAE;QACzB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;KAC3B,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,QAAQ,CAAC,OAAO,GAAG,oBAAoB;IACrD,OAAO,KAAK,CAAC,IAAI,sBAAa,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC;AAChD,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,YAAY,CAAC,OAAO,GAAG,cAAc;IACnD,OAAO,KAAK,CAAC,IAAI,0BAAiB,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC;AACpD,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,SAAS,CAAC,OAAO,GAAG,WAAW;IAC7C,OAAO,KAAK,CAAC,IAAI,uBAAc,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC;AACjD,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,SAAgB,UAAU,CAAC,OAAO,GAAG,aAAa,EAAE,OAAiB;IACnE,OAAO,KAAK,CAAC,IAAI,wBAAe,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,OAAO,CAAI,IAAO;IAChC,OAAO,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;AAC5B,CAAC"}

package/lib/middleware/auth.d.ts

@@ -0,0 +1,57 @@
+/**
+ * Authentication middleware for Lambda handlers.
+ *
+ * @packageDocumentation
+ */
+import type { APIGatewayProxyEvent } from 'aws-lambda';
+import type { Middleware } from '../types/middleware';
+import type { AuthenticatedEvent } from '../types/api';
+/**
+ * Authentication configuration options.
+ */
+export interface AuthOptions {
+  /**
+   * Required roles (Cognito groups) for access.
+   * User must have at least one of the specified roles.
+   */
+  roles?: string[];
+  /**
+   * Paths to skip authentication for.
+   * Useful for health checks or public endpoints.
+   * @default []
+   */
+  skipPaths?: string[];
+}
+/**
+ * Middleware that validates JWT tokens from Cognito.
+ *
+ * In production, API Gateway validates JWT tokens. This middleware
+ * validates that the claims are present and checks role requirements.
+ *
+ * @param options - Authentication configuration
+ * @returns Middleware that validates authentication
+ *
+ * @example
+ * ```typescript
+ * // Basic auth - any authenticated user
+ * const handler = compose(
+ *   withErrorHandler(),
+ *   withAuth()
+ * )(async (event) => {
+ *   const userId = event.requestContext.authorizer.claims.sub;
+ *   return success({ userId });
+ * });
+ *
+ * // Role-based auth - admin only
+ * const adminHandler = compose(
+ *   withErrorHandler(),
+ *   withAuth({ roles: ['admin'] })
+ * )(async (event) => {
+ *   return success({ message: 'Admin access granted' });
+ * });
+ * ```
+ */
+export declare function withAuth(
+  options?: AuthOptions
+): Middleware<APIGatewayProxyEvent, AuthenticatedEvent>;
+//# sourceMappingURL=auth.d.ts.map

package/lib/middleware/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/middleware/auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AACvD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAGvD;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IAEjB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAgB,QAAQ,CACtB,OAAO,GAAE,WAAgB,GACxB,UAAU,CAAC,oBAAoB,EAAE,kBAAkB,CAAC,CA4BtD"}

package/lib/middleware/auth.js

@@ -0,0 +1,62 @@
+'use strict';
+/**
+ * Authentication middleware for Lambda handlers.
+ *
+ * @packageDocumentation
+ */
+Object.defineProperty(exports, '__esModule', { value: true });
+exports.withAuth = withAuth;
+const response_1 = require('../lib/response');
+/**
+ * Middleware that validates JWT tokens from Cognito.
+ *
+ * In production, API Gateway validates JWT tokens. This middleware
+ * validates that the claims are present and checks role requirements.
+ *
+ * @param options - Authentication configuration
+ * @returns Middleware that validates authentication
+ *
+ * @example
+ * ```typescript
+ * // Basic auth - any authenticated user
+ * const handler = compose(
+ *   withErrorHandler(),
+ *   withAuth()
+ * )(async (event) => {
+ *   const userId = event.requestContext.authorizer.claims.sub;
+ *   return success({ userId });
+ * });
+ *
+ * // Role-based auth - admin only
+ * const adminHandler = compose(
+ *   withErrorHandler(),
+ *   withAuth({ roles: ['admin'] })
+ * )(async (event) => {
+ *   return success({ message: 'Admin access granted' });
+ * });
+ * ```
+ */
+function withAuth(options = {}) {
+  const { roles, skipPaths = [] } = options;
+  return (handler) => async (event, context) => {
+    // Skip auth for certain paths
+    if (skipPaths.some((path) => event.path?.includes(path))) {
+      return handler(event, context);
+    }
+    // Get claims from API Gateway authorizer
+    const claims = event.requestContext?.authorizer?.claims;
+    if (!claims || !claims.sub) {
+      return (0, response_1.unauthorized)('Missing or invalid authentication');
+    }
+    // Check role requirements
+    if (roles && roles.length > 0) {
+      const userGroups = claims['cognito:groups'] || [];
+      const hasRequiredRole = roles.some((role) => userGroups.includes(role));
+      if (!hasRequiredRole) {
+        return (0, response_1.forbidden)(`Required role: ${roles.join(' or ')}`);
+      }
+    }
+    return handler(event, context);
+  };
+}
+//# sourceMappingURL=auth.js.map

package/lib/middleware/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/middleware/auth.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAsDH,4BA8BC;AA/ED,8CAA0D;AAoB1D;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,SAAgB,QAAQ,CACtB,UAAuB,EAAE;IAEzB,MAAM,EAAE,KAAK,EAAE,SAAS,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC;IAE1C,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAC3C,8BAA8B;QAC9B,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACzD,OAAO,OAAO,CAAC,KAA2B,EAAE,OAAO,CAAC,CAAC;QACvD,CAAC;QAED,yCAAyC;QACzC,MAAM,MAAM,GAAI,KAAK,CAAC,cAAsB,EAAE,UAAU,EAAE,MAAM,CAAC;QAEjE,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAC3B,OAAO,IAAA,uBAAY,EAAC,mCAAmC,CAAC,CAAC;QAC3D,CAAC;QAED,0BAA0B;QAC1B,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,UAAU,GAAa,MAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;YAC5D,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAExE,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,OAAO,IAAA,oBAAS,EAAC,kBAAkB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC,KAA2B,EAAE,OAAO,CAAC,CAAC;IACvD,CAAC,CAAC;AACJ,CAAC"}

package/lib/middleware/cors.d.ts

@@ -0,0 +1,51 @@
+/**
+ * CORS middleware for Lambda handlers.
+ *
+ * @packageDocumentation
+ */
+import type { Middleware } from '../types/middleware';
+/**
+ * CORS configuration options.
+ */
+export interface CorsOptions {
+  /**
+   * Allowed origin(s). Use '*' for any origin.
+   * @default '*'
+   */
+  origin?: string | string[];
+  /**
+   * Allowed HTTP methods.
+   * @default ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS']
+   */
+  methods?: string[];
+  /**
+   * Allowed request headers.
+   * @default ['Content-Type', 'Authorization']
+   */
+  headers?: string[];
+  /**
+   * Whether to include credentials.
+   * @default false
+   */
+  credentials?: boolean;
+}
+/**
+ * Middleware that adds CORS headers to responses.
+ *
+ * Also handles OPTIONS preflight requests automatically.
+ *
+ * @param options - CORS configuration
+ * @returns Middleware that adds CORS headers
+ *
+ * @example
+ * ```typescript
+ * const handler = compose(
+ *   withCors({ origin: 'https://example.com', credentials: true }),
+ *   withErrorHandler()
+ * )(async (event) => {
+ *   return success({ data: 'value' });
+ * });
+ * ```
+ */
+export declare function withCors(options?: CorsOptions): Middleware;
+//# sourceMappingURL=cors.d.ts.map

package/lib/middleware/cors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cors.d.ts","sourceRoot":"","sources":["../../src/middleware/cors.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEtD;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAE3B;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IAEnB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IAEnB;;;OAGG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,QAAQ,CAAC,OAAO,GAAE,WAAgB,GAAG,UAAU,CAuC9D"}

package/lib/middleware/cors.js

@@ -0,0 +1,62 @@
+'use strict';
+/**
+ * CORS middleware for Lambda handlers.
+ *
+ * @packageDocumentation
+ */
+Object.defineProperty(exports, '__esModule', { value: true });
+exports.withCors = withCors;
+/**
+ * Middleware that adds CORS headers to responses.
+ *
+ * Also handles OPTIONS preflight requests automatically.
+ *
+ * @param options - CORS configuration
+ * @returns Middleware that adds CORS headers
+ *
+ * @example
+ * ```typescript
+ * const handler = compose(
+ *   withCors({ origin: 'https://example.com', credentials: true }),
+ *   withErrorHandler()
+ * )(async (event) => {
+ *   return success({ data: 'value' });
+ * });
+ * ```
+ */
+function withCors(options = {}) {
+  const {
+    origin = '*',
+    methods = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+    headers = ['Content-Type', 'Authorization'],
+    credentials = false,
+  } = options;
+  const corsHeaders = {
+    'Access-Control-Allow-Origin': Array.isArray(origin) ? origin[0] : origin,
+    'Access-Control-Allow-Methods': methods.join(','),
+    'Access-Control-Allow-Headers': headers.join(','),
+  };
+  if (credentials) {
+    corsHeaders['Access-Control-Allow-Credentials'] = 'true';
+  }
+  return (handler) => async (event, context) => {
+    // Handle preflight requests
+    if (event.httpMethod === 'OPTIONS') {
+      return {
+        statusCode: 204,
+        headers: corsHeaders,
+        body: '',
+      };
+    }
+    const response = await handler(event, context);
+    // Merge CORS headers with response headers
+    return {
+      ...response,
+      headers: {
+        ...response.headers,
+        ...corsHeaders,
+      },
+    };
+  };
+}
+//# sourceMappingURL=cors.js.map

package/lib/middleware/cors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cors.js","sourceRoot":"","sources":["../../src/middleware/cors.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAmDH,4BAuCC;AAzDD;;;;;;;;;;;;;;;;;GAiBG;AACH,SAAgB,QAAQ,CAAC,UAAuB,EAAE;IAChD,MAAM,EACJ,MAAM,GAAG,GAAG,EACZ,OAAO,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,CAAC,EACrD,OAAO,GAAG,CAAC,cAAc,EAAE,eAAe,CAAC,EAC3C,WAAW,GAAG,KAAK,GACpB,GAAG,OAAO,CAAC;IAEZ,MAAM,WAAW,GAA2B;QAC1C,6BAA6B,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM;QACzE,8BAA8B,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QACjD,8BAA8B,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;KAClD,CAAC;IAEF,IAAI,WAAW,EAAE,CAAC;QAChB,WAAW,CAAC,kCAAkC,CAAC,GAAG,MAAM,CAAC;IAC3D,CAAC;IAED,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAC3C,4BAA4B;QAC5B,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACnC,OAAO;gBACL,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,WAAW;gBACpB,IAAI,EAAE,EAAE;aACT,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAE/C,2CAA2C;QAC3C,OAAO;YACL,GAAG,QAAQ;YACX,OAAO,EAAE;gBACP,GAAG,QAAQ,CAAC,OAAO;gBACnB,GAAG,WAAW;aACf;SACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}

package/lib/middleware/error-handler.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Error handling middleware for Lambda handlers.
+ *
+ * @packageDocumentation
+ */
+import type { Middleware } from '../types/middleware';
+/**
+ * Options for error handler middleware.
+ */
+export interface ErrorHandlerOptions {
+  /**
+   * Whether to log errors to console.
+   * @default true
+   */
+  logErrors?: boolean;
+}
+/**
+ * Middleware that catches errors and returns appropriate error responses.
+ *
+ * This should be the outermost middleware (first in compose) to catch
+ * all errors from inner middleware and the handler.
+ *
+ * @param options - Configuration options
+ * @returns Middleware that wraps handlers with error handling
+ *
+ * @example
+ * ```typescript
+ * const handler = compose(
+ *   withErrorHandler({ logErrors: true }),
+ *   withAuth()
+ * )(async (event) => {
+ *   throw new NotFoundError('User not found');
+ * });
+ * // Returns: { statusCode: 404, body: '{"success":false,"error":{...}}' }
+ * ```
+ */
+export declare function withErrorHandler(options?: ErrorHandlerOptions): Middleware;
+//# sourceMappingURL=error-handler.d.ts.map

package/lib/middleware/error-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-handler.d.ts","sourceRoot":"","sources":["../../src/middleware/error-handler.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAItD;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,GAAE,mBAAwB,GAAG,UAAU,CAoB9E"}

package/lib/middleware/error-handler.js

@@ -0,0 +1,49 @@
+'use strict';
+/**
+ * Error handling middleware for Lambda handlers.
+ *
+ * @packageDocumentation
+ */
+Object.defineProperty(exports, '__esModule', { value: true });
+exports.withErrorHandler = withErrorHandler;
+const response_1 = require('../lib/response');
+const errors_1 = require('../lib/errors');
+/**
+ * Middleware that catches errors and returns appropriate error responses.
+ *
+ * This should be the outermost middleware (first in compose) to catch
+ * all errors from inner middleware and the handler.
+ *
+ * @param options - Configuration options
+ * @returns Middleware that wraps handlers with error handling
+ *
+ * @example
+ * ```typescript
+ * const handler = compose(
+ *   withErrorHandler({ logErrors: true }),
+ *   withAuth()
+ * )(async (event) => {
+ *   throw new NotFoundError('User not found');
+ * });
+ * // Returns: { statusCode: 404, body: '{"success":false,"error":{...}}' }
+ * ```
+ */
+function withErrorHandler(options = {}) {
+  const { logErrors = true } = options;
+  return (handler) => async (event, context) => {
+    try {
+      return await handler(event, context);
+    } catch (err) {
+      if (logErrors) {
+        console.error('Handler error:', err);
+      }
+      if (err instanceof errors_1.ApiError) {
+        return (0, response_1.error)(err, err.statusCode);
+      }
+      // Unknown errors become 500
+      const message = err instanceof Error ? err.message : 'Internal server error';
+      return (0, response_1.error)(message, 500);
+    }
+  };
+}
+//# sourceMappingURL=error-handler.js.map

package/lib/middleware/error-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-handler.js","sourceRoot":"","sources":["../../src/middleware/error-handler.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAqCH,4CAoBC;AAtDD,8CAAwC;AACxC,0CAAyC;AAazC;;;;;;;;;;;;;;;;;;;GAmBG;AACH,SAAgB,gBAAgB,CAAC,UAA+B,EAAE;IAChE,MAAM,EAAE,SAAS,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAErC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAC3C,IAAI,CAAC;YACH,OAAO,MAAM,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;YACvC,CAAC;YAED,IAAI,GAAG,YAAY,iBAAQ,EAAE,CAAC;gBAC5B,OAAO,IAAA,gBAAK,EAAC,GAAG,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;YACpC,CAAC;YAED,4BAA4B;YAC5B,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC;YAC7E,OAAO,IAAA,gBAAK,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/lib/middleware/index.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Middleware exports for @fnd-platform/api.
+ *
+ * @packageDocumentation
+ */
+export { withErrorHandler } from './error-handler';
+export type { ErrorHandlerOptions } from './error-handler';
+export { withAuth } from './auth';
+export type { AuthOptions } from './auth';
+export { withValidation } from './validation';
+export { withCors } from './cors';
+export type { CorsOptions } from './cors';
+export { withLogging } from './logging';
+export type { LoggingOptions } from './logging';
+//# sourceMappingURL=index.d.ts.map

package/lib/middleware/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,YAAY,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAE3D,OAAO,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAClC,YAAY,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAE1C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C,OAAO,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAClC,YAAY,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAE1C,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,YAAY,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC"}