npm - @forklaunch/core - Versions diffs - 0.10.4 → 0.11.1 - Mend

@forklaunch/core 0.10.4 → 0.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/lib/http/index.js CHANGED Viewed

@@ -70,6 +70,7 @@ __export(http_exports, {
   put: () => put,
   recordMetric: () => recordMetric,
   trace: () => trace3,
+  typedAuthHandler: () => typedAuthHandler,
   typedHandler: () => typedHandler
 });
 module.exports = __toCommonJS(http_exports);
@@ -92,7 +93,7 @@ function cors(corsOptions) {
 }
 // src/http/router/expressLikeRouter.ts
-var import_common5 = require("@forklaunch/common");
+var import_common6 = require("@forklaunch/common");
 // src/http/guards/isForklaunchRouter.ts
 function isForklaunchRouter(maybeForklaunchRouter) {
@@ -138,7 +139,47 @@ function isTypedHandler(maybeTypedHandler) {
 }
 // src/http/middleware/request/auth.middleware.ts
+var import_common2 = require("@forklaunch/common");
 var import_jose = require("jose");
+// src/http/discriminateAuthMethod.ts
+function discriminateAuthMethod(auth) {
+  if ("basic" in auth) {
+    return {
+      type: "basic",
+      auth: {
+        decodeResource: auth.decodeResource,
+        login: auth.basic.login
+      }
+    };
+  } else if ("jwt" in auth) {
+    return {
+      type: "jwt",
+      auth: {
+        decodeResource: auth.decodeResource
+      }
+    };
+  } else {
+    return {
+      type: "jwt",
+      auth: {
+        decodeResource: auth.decodeResource
+      }
+    };
+  }
+}
+// src/http/guards/hasPermissionChecks.ts
+function hasPermissionChecks(maybePermissionedAuth) {
+  return typeof maybePermissionedAuth === "object" && maybePermissionedAuth !== null && "mapPermissions" in maybePermissionedAuth && ("allowedPermissions" in maybePermissionedAuth || "forbiddenPermissions" in maybePermissionedAuth);
+}
+// src/http/guards/hasRoleChecks.ts
+function hasRoleChecks(maybeRoledAuth) {
+  return typeof maybeRoledAuth === "object" && maybeRoledAuth !== null && "mapRoles" in maybeRoledAuth && ("allowedRoles" in maybeRoledAuth || "forbiddenRoles" in maybeRoledAuth);
+}
+// src/http/middleware/request/auth.middleware.ts
 var invalidAuthorizationTokenFormat = [
   401,
   "Invalid Authorization token format."
@@ -169,51 +210,52 @@ async function checkAuthorizationToken(authorizationMethod, authorizationToken,
   }
   const [tokenPrefix, token] = authorizationToken.split(" ");
   let resourceId;
-  switch (authorizationMethod.method) {
+  const { type, auth } = discriminateAuthMethod(authorizationMethod);
+  switch (type) {
     case "jwt": {
-      if (tokenPrefix !== "Bearer") {
+      if (tokenPrefix !== (authorizationMethod.tokenPrefix ?? "Bearer")) {
         return invalidAuthorizationTokenFormat;
       }
       try {
-        const decodedJwt = await (0, import_jose.jwtVerify)(
+        const decodedJwt = await auth?.decodeResource?.(token) ?? (await (0, import_jose.jwtVerify)(
           token,
-          new TextEncoder().encode(
-            // TODO: Check this at application startup if there is any route with jwt checking
-            process.env.JWT_SECRET
-          )
-        );
-        if (!decodedJwt.payload.sub) {
+          new TextEncoder().encode(process.env.JWT_SECRET)
+        )).payload;
+        if (!decodedJwt) {
           return invalidAuthorizationSubject;
         }
-        resourceId = decodedJwt.payload.sub;
+        resourceId = decodedJwt;
       } catch (error) {
-        req.openTelemetryCollector.error(error);
+        req?.openTelemetryCollector.error(error);
         return invalidAuthorizationToken;
       }
       break;
     }
     case "basic": {
-      if (authorizationToken !== "Basic") {
-        return invalidAuthorizationTokenFormat;
-      }
-      const [username, password] = Buffer.from(token, "base64").toString("utf-8").split(":");
-      if (!username || !password) {
+      if (tokenPrefix !== (authorizationMethod.tokenPrefix ?? "Basic")) {
         return invalidAuthorizationTokenFormat;
       }
-      if (!authorizationMethod.login(username, password)) {
-        return invalidAuthorizationLogin;
+      if (auth.decodeResource) {
+        resourceId = await auth.decodeResource(token);
+      } else {
+        const [username, password] = Buffer.from(token, "base64").toString("utf-8").split(":");
+        if (!username || !password) {
+          return invalidAuthorizationTokenFormat;
+        }
+        if (!auth.login(username, password)) {
+          return invalidAuthorizationLogin;
+        }
+        resourceId = {
+          sub: username
+        };
       }
-      resourceId = username;
       break;
     }
-    case "other":
-      if (tokenPrefix !== authorizationMethod.tokenPrefix) {
-        return invalidAuthorizationTokenFormat;
-      }
-      resourceId = authorizationMethod.decodeResource(token);
-      break;
+    default:
+      (0, import_common2.isNever)(type);
+      return [401, "Invalid Authorization method."];
   }
-  if (authorizationMethod.allowedPermissions || authorizationMethod.forbiddenPermissions) {
+  if (hasPermissionChecks(authorizationMethod)) {
     if (!authorizationMethod.mapPermissions) {
       return [500, "No permission mapping function provided."];
     }
@@ -221,49 +263,49 @@ async function checkAuthorizationToken(authorizationMethod, authorizationToken,
       resourceId,
       req
     );
-    if (authorizationMethod.allowedPermissions) {
+    if ("allowedPermissions" in authorizationMethod && authorizationMethod.allowedPermissions) {
       if (resourcePermissions.intersection(authorizationMethod.allowedPermissions).size === 0) {
         return invalidAuthorizationTokenPermissions;
       }
     }
-    if (authorizationMethod.forbiddenPermissions) {
+    if ("forbiddenPermissions" in authorizationMethod && authorizationMethod.forbiddenPermissions) {
       if (resourcePermissions.intersection(
         authorizationMethod.forbiddenPermissions
       ).size !== 0) {
         return invalidAuthorizationTokenPermissions;
       }
     }
-  }
-  if (authorizationMethod.allowedRoles || authorizationMethod.forbiddenRoles) {
+  } else if (hasRoleChecks(authorizationMethod)) {
     if (!authorizationMethod.mapRoles) {
       return [500, "No role mapping function provided."];
     }
     const resourceRoles = await authorizationMethod.mapRoles(resourceId, req);
-    if (authorizationMethod.allowedRoles) {
+    if ("allowedRoles" in authorizationMethod && authorizationMethod.allowedRoles) {
       if (resourceRoles.intersection(authorizationMethod.allowedRoles).size === 0) {
         return invalidAuthorizationTokenRoles;
       }
     }
-    if (authorizationMethod.forbiddenRoles) {
+    if ("forbiddenRoles" in authorizationMethod && authorizationMethod.forbiddenRoles) {
       if (resourceRoles.intersection(authorizationMethod.forbiddenRoles).size !== 0) {
         return invalidAuthorizationTokenRoles;
       }
     }
+  } else {
+    return [401, "Invalid Authorization method."];
   }
-  return [401, "Invalid Authorization method."];
 }
 async function parseRequestAuth(req, res, next) {
   const auth = req.contractDetails.auth;
   if (auth) {
     const [error, message] = await checkAuthorizationToken(
       auth,
-      req.headers[(auth.method === "other" ? auth.headerName : void 0) ?? "Authorization"],
+      req.headers[auth.headerName ?? "Authorization"] || req.headers[auth.headerName ?? "authorization"],
       req
     ) ?? [];
     if (error != null) {
       res.type("text/plain");
       res.status(error).send(message);
-      next?.(new Error(message));
+      return;
     }
   }
   next?.();
@@ -300,10 +342,10 @@ function createContext(schemaValidator) {
 }
 // src/http/middleware/request/enrichDetails.middleware.ts
-var import_common4 = require("@forklaunch/common");
+var import_common5 = require("@forklaunch/common");
 // src/http/telemetry/openTelemetryCollector.ts
-var import_common3 = require("@forklaunch/common");
+var import_common4 = require("@forklaunch/common");
 var import_opentelemetry_instrumentation_hyper_express = require("@forklaunch/opentelemetry-instrumentation-hyper-express");
 var import_api3 = require("@opentelemetry/api");
 var import_exporter_logs_otlp_http = require("@opentelemetry/exporter-logs-otlp-http");
@@ -325,7 +367,7 @@ function isForklaunchRequest(request) {
 }
 // src/http/telemetry/pinoLogger.ts
-var import_common2 = require("@forklaunch/common");
+var import_common3 = require("@forklaunch/common");
 var import_api2 = require("@opentelemetry/api");
 var import_api_logs = require("@opentelemetry/api-logs");
 var import_pino = __toESM(require("pino"));
@@ -357,7 +399,7 @@ function mapSeverity(level) {
     case "fatal":
       return 21;
     default:
-      (0, import_common2.isNever)(level);
+      (0, import_common3.isNever)(level);
       return 0;
   }
 }
@@ -391,7 +433,7 @@ var PinoLogger = class _PinoLogger {
         return false;
       }
       return true;
-    }).map(import_common2.safeStringify);
+    }).map(import_common3.safeStringify);
     const activeSpan = import_api2.trace.getActiveSpan();
     if (activeSpan) {
       const activeSpanContext = activeSpan.spanContext();
@@ -497,24 +539,24 @@ var OpenTelemetryCollector = class {
     return this.metrics[metricId];
   }
 };
-import_dotenv.default.config({ path: (0, import_common3.getEnvVar)("DOTENV_FILE_PATH") });
+import_dotenv.default.config({ path: (0, import_common4.getEnvVar)("DOTENV_FILE_PATH") });
 new import_sdk_node.NodeSDK({
   resource: (0, import_resources.resourceFromAttributes)({
-    [import_semantic_conventions2.ATTR_SERVICE_NAME]: (0, import_common3.getEnvVar)("OTEL_SERVICE_NAME")
+    [import_semantic_conventions2.ATTR_SERVICE_NAME]: (0, import_common4.getEnvVar)("OTEL_SERVICE_NAME")
   }),
   traceExporter: new import_exporter_trace_otlp_http.OTLPTraceExporter({
-    url: `${(0, import_common3.getEnvVar)("OTEL_EXPORTER_OTLP_ENDPOINT") ?? "http://localhost:4318"}/v1/traces`
+    url: `${(0, import_common4.getEnvVar)("OTEL_EXPORTER_OTLP_ENDPOINT") ?? "http://localhost:4318"}/v1/traces`
   }),
   metricReader: new import_sdk_metrics.PeriodicExportingMetricReader({
     exporter: new import_exporter_metrics_otlp_http.OTLPMetricExporter({
-      url: `${(0, import_common3.getEnvVar)("OTEL_EXPORTER_OTLP_ENDPOINT") ?? "http://localhost:4318"}/v1/metrics`
+      url: `${(0, import_common4.getEnvVar)("OTEL_EXPORTER_OTLP_ENDPOINT") ?? "http://localhost:4318"}/v1/metrics`
     }),
     exportIntervalMillis: 5e3
   }),
   logRecordProcessors: [
     new import_sdk_logs.BatchLogRecordProcessor(
       new import_exporter_logs_otlp_http.OTLPLogExporter({
-        url: `${(0, import_common3.getEnvVar)("OTEL_EXPORTER_OTLP_ENDPOINT") ?? "http://localhost:4318"}/v1/logs`
+        url: `${(0, import_common4.getEnvVar)("OTEL_EXPORTER_OTLP_ENDPOINT") ?? "http://localhost:4318"}/v1/logs`
       })
     )
   ],
@@ -523,7 +565,7 @@ new import_sdk_node.NodeSDK({
       applyCustomAttributesOnSpan: (span, request) => {
         span.setAttribute(
           "service.name",
-          (0, import_common3.getEnvVar)("OTEL_SERVICE_NAME") ?? "unknown"
+          (0, import_common4.getEnvVar)("OTEL_SERVICE_NAME") ?? "unknown"
         );
         if (isForklaunchRequest(request)) {
           span.setAttribute("api.name", request.contractDetails?.name);
@@ -534,10 +576,10 @@ new import_sdk_node.NodeSDK({
     new import_opentelemetry_instrumentation_hyper_express.HyperExpressInstrumentation()
   ]
 }).start();
-var httpRequestsTotalCounter = import_api3.metrics.getMeter((0, import_common3.getEnvVar)("OTEL_SERVICE_NAME") || "unknown").createCounter("http_requests_total", {
+var httpRequestsTotalCounter = import_api3.metrics.getMeter((0, import_common4.getEnvVar)("OTEL_SERVICE_NAME") || "unknown").createCounter("http_requests_total", {
   description: "Number of HTTP requests"
 });
-var httpServerDurationHistogram = import_api3.metrics.getMeter((0, import_common3.getEnvVar)("OTEL_SERVICE_NAME") || "unknown").createHistogram("http_server_duration", {
+var httpServerDurationHistogram = import_api3.metrics.getMeter((0, import_common4.getEnvVar)("OTEL_SERVICE_NAME") || "unknown").createHistogram("http_server_duration", {
   description: "Duration of HTTP server requests",
   unit: "s"
 });
@@ -556,7 +598,7 @@ function enrichDetails(path, contractDetails, requestSchema, responseSchemas, op
       const [seconds, nanoseconds] = process.hrtime(startTime);
       const durationMs = seconds + nanoseconds / 1e9;
       httpServerDurationHistogram.record(durationMs, {
-        [import_semantic_conventions.ATTR_SERVICE_NAME]: (0, import_common4.getEnvVar)("OTEL_SERVICE_NAME") || "unknown",
+        [import_semantic_conventions.ATTR_SERVICE_NAME]: (0, import_common5.getEnvVar)("OTEL_SERVICE_NAME") || "unknown",
         [ATTR_API_NAME]: req.contractDetails?.name || "unknown",
         [import_semantic_conventions.ATTR_HTTP_REQUEST_METHOD]: req.method,
         [import_semantic_conventions.ATTR_HTTP_ROUTE]: req.originalPath || "unknown",
@@ -601,7 +643,18 @@ function parse(req, res, next) {
       enumerable: true,
       configurable: false
     });
-    req.headers = parsedRequest.value.headers ?? {};
+    const parsedHeaders = parsedRequest.value.headers ?? {};
+    req.headers = Object.keys(req.headers).reduce(
+      (acc, key) => {
+        if (parsedHeaders?.[key]) {
+          acc[key] = parsedHeaders[key];
+        } else {
+          acc[key] = req.headers[key];
+        }
+        return acc;
+      },
+      {}
+    );
   }
   if (!parsedRequest.ok) {
     switch (req.contractDetails.options?.requestValidation) {
@@ -1052,8 +1105,8 @@ var ForklaunchExpressLikeRouter = class _ForklaunchExpressLikeRouter {
           handlers,
           controllerHandler
         );
-        (0, import_common5.toRecord)(this.fetchMap)[(0, import_common5.sanitizePathSlashes)(`${this.basePath}${path}`)] = localParamRequest;
-        (0, import_common5.toRecord)(this.sdk)[(0, import_common5.toPrettyCamelCase)(contractDetails.name ?? this.basePath)] = (req) => localParamRequest(`${this.basePath}${path}`, req);
+        (0, import_common6.toRecord)(this.fetchMap)[(0, import_common6.sanitizePathSlashes)(`${this.basePath}${path}`)] = localParamRequest;
+        (0, import_common6.toRecord)(this.sdk)[(0, import_common6.toPrettyCamelCase)(contractDetails.name ?? this.basePath)] = (req) => localParamRequest(`${this.basePath}${path}`, req);
         return this;
       }
     }
@@ -1140,10 +1193,10 @@ var ForklaunchExpressLikeRouter = class _ForklaunchExpressLikeRouter {
   }
   addRouterToSdk(router) {
     Object.entries(router.fetchMap).map(
-      ([key, value]) => (0, import_common5.toRecord)(this.fetchMap)[(0, import_common5.sanitizePathSlashes)(`${this.basePath}${key}`)] = value
+      ([key, value]) => (0, import_common6.toRecord)(this.fetchMap)[(0, import_common6.sanitizePathSlashes)(`${this.basePath}${key}`)] = value
     );
-    const existingSdk = this.sdk[router.sdkName ?? (0, import_common5.toPrettyCamelCase)(router.basePath)];
-    (0, import_common5.toRecord)(this.sdk)[router.sdkName ?? (0, import_common5.toPrettyCamelCase)(router.basePath)] = {
+    const existingSdk = this.sdk[router.sdkName ?? (0, import_common6.toPrettyCamelCase)(router.basePath)];
+    (0, import_common6.toRecord)(this.sdk)[router.sdkName ?? (0, import_common6.toPrettyCamelCase)(router.basePath)] = {
       ...typeof existingSdk === "object" ? existingSdk : {},
       ...router.sdk
     };
@@ -1518,6 +1571,11 @@ var trace3 = (_schemaValidator, path, contractDetails, ...handlers) => {
   return typedHandler(_schemaValidator, path, "trace", contractDetails, ...handlers);
 };
+// src/http/handlers/typedAuthHandler.ts
+function typedAuthHandler(_schemaValidator, _contractDetails, authHandler) {
+  return authHandler;
+}
 // src/http/httpStatusCodes.ts
 var HTTPStatuses = {
   /**
@@ -2502,19 +2560,19 @@ var getCodeForStatus = (status) => {
 var httpStatusCodes_default = HTTPStatuses;
 // src/http/mcpGenerator/mcpGenerator.ts
-var import_common7 = require("@forklaunch/common");
+var import_common8 = require("@forklaunch/common");
 var import_zod = require("@forklaunch/validator/zod");
 var import_mcp = require("@modelcontextprotocol/sdk/server/mcp.js");
 // src/http/router/unpackRouters.ts
-var import_common6 = require("@forklaunch/common");
+var import_common7 = require("@forklaunch/common");
 function unpackRouters(routers, recursiveBasePath = [], recursiveSdkPath = []) {
   return routers.reduce((acc, router) => {
     acc.push({
       fullPath: [...recursiveBasePath, router.basePath].join(""),
       sdkPath: [
         ...recursiveSdkPath,
-        (0, import_common6.toPrettyCamelCase)(router.sdkName ?? router.basePath)
+        (0, import_common7.toPrettyCamelCase)(router.sdkName ?? router.basePath)
       ].join("."),
       router
     });
@@ -2524,7 +2582,7 @@ function unpackRouters(routers, recursiveBasePath = [], recursiveSdkPath = []) {
         [...recursiveBasePath, router.basePath],
         [
           ...recursiveSdkPath,
-          (0, import_common6.toPrettyCamelCase)(router.sdkName ?? router.basePath)
+          (0, import_common7.toPrettyCamelCase)(router.sdkName ?? router.basePath)
         ]
       )
     );
@@ -2560,14 +2618,15 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, route
         ...route.contractDetails.params ? { params: schemaValidator.schemify(route.contractDetails.params) } : {},
         ...route.contractDetails.query ? { query: schemaValidator.schemify(route.contractDetails.query) } : {},
         ...route.contractDetails.requestHeaders ? {
-          headers: schemaValidator.schemify(
-            route.contractDetails.requestHeaders
-          )
+          headers: schemaValidator.schemify({
+            ...route.contractDetails.requestHeaders,
+            ...route.contractDetails.auth ? {
+              [route.contractDetails.auth.headerName ?? "authorization"]: import_zod.string.startsWith(
+                route.contractDetails.auth.tokenPrefix ?? ("basic" in route.contractDetails.auth ? "Basic " : "Bearer ")
+              )
+            } : {}
+          })
         } : {}
-        // TODO: support auth
-        //   ...(route.contractDetails.auth
-        //     ? { auth: route.contractDetails.auth }
-        //     : {})
       };
       mcpServer.tool(
         route.contractDetails.name,
@@ -2588,7 +2647,7 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, route
           if (discriminatedBody) {
             switch (discriminatedBody.parserType) {
               case "json": {
-                parsedBody = (0, import_common7.safeStringify)(body);
+                parsedBody = (0, import_common8.safeStringify)(body);
                 break;
               }
               case "text": {
@@ -2601,7 +2660,7 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, route
               }
               case "multipart": {
                 const formData = new FormData();
-                if ((0, import_common7.isRecord)(body)) {
+                if ((0, import_common8.isRecord)(body)) {
                   for (const key in body) {
                     if (typeof body[key] === "string" || body[key] instanceof Blob) {
                       formData.append(key, body[key]);
@@ -2616,11 +2675,11 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, route
                 break;
               }
               case "urlEncoded": {
-                if ((0, import_common7.isRecord)(body)) {
+                if ((0, import_common8.isRecord)(body)) {
                   parsedBody = new URLSearchParams(
                     Object.entries(body).map(([key, value]) => [
                       key,
-                      (0, import_common7.safeStringify)(value)
+                      (0, import_common8.safeStringify)(value)
                     ])
                   );
                 } else {
@@ -2629,8 +2688,8 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, route
                 break;
               }
               default: {
-                (0, import_common7.isNever)(discriminatedBody.parserType);
-                parsedBody = (0, import_common7.safeStringify)(body);
+                (0, import_common8.isNever)(discriminatedBody.parserType);
+                parsedBody = (0, import_common8.safeStringify)(body);
                 break;
               }
             }
@@ -2639,7 +2698,7 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, route
             const queryString = new URLSearchParams(
               Object.entries(query).map(([key, value]) => [
                 key,
-                (0, import_common7.safeStringify)(value)
+                (0, import_common8.safeStringify)(value)
               ])
             ).toString();
             url += queryString ? `?${queryString}` : "";
@@ -2669,7 +2728,7 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, route
                 content: [
                   {
                     type: "text",
-                    text: (0, import_common7.safeStringify)(await response.json())
+                    text: (0, import_common8.safeStringify)(await response.json())
                   }
                 ]
               };
@@ -2775,18 +2834,18 @@ ${parseErrors.join("\n\n")}`
 }
 // src/http/middleware/response/enrichExpressLikeSend.middleware.ts
-var import_common9 = require("@forklaunch/common");
+var import_common10 = require("@forklaunch/common");
 var import_stream = require("stream");
 // src/http/telemetry/recordMetric.ts
-var import_common8 = require("@forklaunch/common");
+var import_common9 = require("@forklaunch/common");
 var import_semantic_conventions3 = require("@opentelemetry/semantic-conventions");
 function recordMetric(req, res) {
   if (res.metricRecorded) {
     return;
   }
   httpRequestsTotalCounter.add(1, {
-    [import_semantic_conventions3.ATTR_SERVICE_NAME]: (0, import_common8.getEnvVar)("OTEL_SERVICE_NAME"),
+    [import_semantic_conventions3.ATTR_SERVICE_NAME]: (0, import_common9.getEnvVar)("OTEL_SERVICE_NAME"),
     [ATTR_API_NAME]: req.contractDetails?.name,
     [ATTR_CORRELATION_ID]: req.context.correlationId,
     [import_semantic_conventions3.ATTR_HTTP_REQUEST_METHOD]: req.method,
@@ -2824,8 +2883,8 @@ function enrichExpressLikeSend(instance, req, res, originalOperation, originalSe
         `attachment; filename="${data.name}"`
       );
     }
-    if ((0, import_common9.isNodeJsWriteableStream)(res)) {
-      import_stream.Readable.from((0, import_common9.readableStreamToAsyncIterable)(data.stream())).pipe(
+    if ((0, import_common10.isNodeJsWriteableStream)(res)) {
+      import_stream.Readable.from((0, import_common10.readableStreamToAsyncIterable)(data.stream())).pipe(
         res
       );
     } else {
@@ -2834,7 +2893,7 @@ function enrichExpressLikeSend(instance, req, res, originalOperation, originalSe
       originalSend.call(instance, "Not a NodeJS WritableStream");
       errorSent = true;
     }
-  } else if ((0, import_common9.isAsyncGenerator)(data)) {
+  } else if ((0, import_common10.isAsyncGenerator)(data)) {
     let firstPass = true;
     const transformer = new import_stream.Transform({
       objectMode: true,
@@ -2862,7 +2921,7 @@ ${res.locals.errorMessage}`;
         if (!errorSent) {
           let data2 = "";
           for (const [key, value] of Object.entries(chunk)) {
-            data2 += `${key}: ${typeof value === "string" ? value : (0, import_common9.safeStringify)(value)}
+            data2 += `${key}: ${typeof value === "string" ? value : (0, import_common10.safeStringify)(value)}
 `;
           }
           data2 += "\n";
@@ -2870,7 +2929,7 @@ ${res.locals.errorMessage}`;
         }
       }
     });
-    if ((0, import_common9.isNodeJsWriteableStream)(res)) {
+    if ((0, import_common10.isNodeJsWriteableStream)(res)) {
       import_stream.Readable.from(data).pipe(transformer).pipe(res);
     } else {
       res.type("text/plain");
@@ -2881,7 +2940,7 @@ ${res.locals.errorMessage}`;
   } else {
     const parserType = responseBodies?.[Number(res.statusCode)]?.parserType;
     res.bodyData = data;
-    if ((0, import_common9.isRecord)(data)) {
+    if ((0, import_common10.isRecord)(data)) {
       switch (parserType) {
         case "json":
           res.bodyData = "json" in data ? data.json : data;
@@ -2902,7 +2961,7 @@ ${res.locals.errorMessage}`;
           res.bodyData = data;
           break;
         default:
-          (0, import_common9.isNever)(parserType);
+          (0, import_common10.isNever)(parserType);
           res.bodyData = data;
           break;
       }
@@ -2938,7 +2997,7 @@ ${res.locals.errorMessage}`;
 }
 // src/http/openApiV3Generator/openApiV3Generator.ts
-var import_common10 = require("@forklaunch/common");
+var import_common11 = require("@forklaunch/common");
 function toUpperCase(str) {
   return str.charAt(0).toUpperCase() + str.slice(1);
 }
@@ -2948,7 +3007,7 @@ function transformBasePath(basePath) {
   }
   return `/${basePath}`;
 }
-function generateOpenApiDocument(protocol, host, port, tags, paths, otherServers) {
+function generateOpenApiDocument(protocol, host, port, tags, paths, securitySchemes, otherServers) {
   return {
     openapi: "3.1.0",
     info: {
@@ -2956,13 +3015,7 @@ function generateOpenApiDocument(protocol, host, port, tags, paths, otherServers
       version: process.env.VERSION || "1.0.0"
     },
     components: {
-      securitySchemes: {
-        bearer: {
-          type: "http",
-          scheme: "bearer",
-          bearerFormat: "JWT"
-        }
-      }
+      securitySchemes
     },
     tags,
     servers: [
@@ -2994,6 +3047,7 @@ function contentResolver(schemaValidator, body, contentType) {
 function generateSwaggerDocument(schemaValidator, protocol, host, port, routers, otherServers) {
   const tags = [];
   const paths = {};
+  const securitySchemes = {};
   unpackRouters(routers).forEach(({ fullPath, router, sdkPath }) => {
     const controllerName = transformBasePath(fullPath);
     tags.push({
@@ -3001,7 +3055,7 @@ function generateSwaggerDocument(schemaValidator, protocol, host, port, routers,
       description: `${toUpperCase(controllerName)} Operations`
     });
     router.routes.forEach((route) => {
-      const openApiPath = (0, import_common10.openApiCompliantPath)(
+      const openApiPath = (0, import_common11.openApiCompliantPath)(
         `${fullPath}${route.path === "/" ? "" : route.path}`
       );
       if (!paths[openApiPath]) {
@@ -3037,7 +3091,7 @@ function generateSwaggerDocument(schemaValidator, protocol, host, port, routers,
         summary: `${name}: ${summary}`,
         parameters: [],
         responses,
-        operationId: `${sdkPath}.${(0, import_common10.toPrettyCamelCase)(name)}`
+        operationId: `${sdkPath}.${(0, import_common11.toPrettyCamelCase)(name)}`
       };
       if (route.contractDetails.params) {
         for (const key in route.contractDetails.params) {
@@ -3090,14 +3144,39 @@ function generateSwaggerDocument(schemaValidator, protocol, host, port, routers,
           description: httpStatusCodes_default[403],
           content: contentResolver(schemaValidator, schemaValidator.string)
         };
-        if (route.contractDetails.auth.method === "jwt") {
+        if ("basic" in route.contractDetails.auth) {
+          operationObject.security = [
+            {
+              basic: Array.from(
+                "allowedPermissions" in route.contractDetails.auth ? route.contractDetails.auth.allowedPermissions?.values() || [] : []
+              )
+            }
+          ];
+          securitySchemes["basic"] = {
+            type: "http",
+            scheme: "basic"
+          };
+        } else if (route.contractDetails.auth) {
           operationObject.security = [
             {
-              bearer: Array.from(
-                route.contractDetails.auth.allowedPermissions?.values() || []
+              [route.contractDetails.auth.headerName !== "Authorization" ? "bearer" : "apiKey"]: Array.from(
+                "allowedPermissions" in route.contractDetails.auth ? route.contractDetails.auth.allowedPermissions?.values() || [] : []
               )
             }
           ];
+          if (route.contractDetails.auth.headerName && route.contractDetails.auth.headerName !== "Authorization") {
+            securitySchemes[route.contractDetails.auth.headerName] = {
+              type: "apiKey",
+              in: "header",
+              name: route.contractDetails.auth.headerName
+            };
+          } else {
+            securitySchemes["Authorization"] = {
+              type: "http",
+              scheme: "bearer",
+              bearerFormat: "JWT"
+            };
+          }
         }
       }
       if (route.method !== "middleware") {
@@ -3111,6 +3190,7 @@ function generateSwaggerDocument(schemaValidator, protocol, host, port, routers,
     port,
     tags,
     paths,
+    securitySchemes,
     otherServers
   );
 }
@@ -3177,6 +3257,7 @@ function metricsDefinitions(metrics2) {
   put,
   recordMetric,
   trace,
+  typedAuthHandler,
   typedHandler
 });
 //# sourceMappingURL=index.js.map