@forklaunch/core 0.17.2 → 0.18.0

package/lib/http/index.mjs

@@ -428,6 +428,11 @@ async function discriminateAuthMethod(auth, openTelemetryCollector) {
   return authMethod;
 }
 
+// src/http/guards/hasFeatureChecks.ts
+function hasFeatureChecks(maybeFeatureAuth) {
+  return typeof maybeFeatureAuth === "object" && maybeFeatureAuth !== null && "requiredFeatures" in maybeFeatureAuth && Array.isArray(maybeFeatureAuth.requiredFeatures) && maybeFeatureAuth.requiredFeatures.length > 0;
+}
+
 // src/http/guards/hasPermissionChecks.ts
 function hasPermissionChecks(maybePermissionedAuth) {
   return typeof maybePermissionedAuth === "object" && maybePermissionedAuth !== null && ("allowedPermissions" in maybePermissionedAuth || "forbiddenPermissions" in maybePermissionedAuth);
@@ -443,6 +448,11 @@ function hasScopeChecks(maybePermissionedAuth) {
   return typeof maybePermissionedAuth === "object" && maybePermissionedAuth !== null && "requiredScope" in maybePermissionedAuth && maybePermissionedAuth.requiredScope != null;
 }
 
+// src/http/guards/hasSubscriptionChecks.ts
+function hasSubscriptionChecks(maybeSubscriptionAuth) {
+  return typeof maybeSubscriptionAuth === "object" && maybeSubscriptionAuth !== null && "requireActiveSubscription" in maybeSubscriptionAuth && maybeSubscriptionAuth.requireActiveSubscription === true;
+}
+
 // src/http/telemetry/pinoLogger.ts
 import { isNever } from "@forklaunch/common";
 import { trace as trace2 } from "@opentelemetry/api";
@@ -625,6 +635,14 @@ var invalidAuthorizationTokenRoles = [
   403,
   "Invalid Authorization roles."
 ];
+var invalidAuthorizationTokenFeatures = [
+  403,
+  "Required features not available."
+];
+var invalidAuthorizationSubscription = [
+  403,
+  "Active subscription required."
+];
 var invalidAuthorizationToken = [
   403,
   "Invalid Authorization token."
@@ -832,6 +850,34 @@ async function checkAuthorizationToken(req, authorizationMethod, authorizationTo
   } else {
     return invalidAuthorizationMethod;
   }
+  if (hasSubscriptionChecks(collapsedAuthorizationMethod)) {
+    if (!collapsedAuthorizationMethod.surfaceSubscription) {
+      return [500, "No subscription surfacing function provided."];
+    }
+    const subscription = await collapsedAuthorizationMethod.surfaceSubscription(
+      sessionPayload,
+      req
+    );
+    if (!subscription) {
+      return invalidAuthorizationSubscription;
+    }
+  }
+  if (hasFeatureChecks(collapsedAuthorizationMethod)) {
+    if (!collapsedAuthorizationMethod.surfaceFeatures) {
+      return [500, "No features surfacing function provided."];
+    }
+    const availableFeatures = await collapsedAuthorizationMethod.surfaceFeatures(
+      sessionPayload,
+      req
+    );
+    const requiredFeatures = collapsedAuthorizationMethod.requiredFeatures ?? [];
+    const missingFeatures = requiredFeatures.filter(
+      (feature) => !availableFeatures.has(feature)
+    );
+    if (missingFeatures.length > 0) {
+      return invalidAuthorizationTokenFeatures;
+    }
+  }
 }
 async function parseRequestAuth(req, res, next) {
   const auth = req.contractDetails.auth;
@@ -1323,7 +1369,8 @@ function resolveRouteMiddlewares(params) {
       params.requestSchema,
       params.responseSchemas,
       params.openTelemetryCollector,
-      () => params.routerOptions
+      // Use dynamic lookup from router instance instead of captured params
+      () => params.router ? params.router.routerOptions : params.routerOptions
     ),
     ...params.postEnrichMiddleware,
     parse,
@@ -1599,7 +1646,8 @@ var ForklaunchExpressLikeRouter = class _ForklaunchExpressLikeRouter {
       routerOptions: this.routerOptions,
       postEnrichMiddleware: this.postEnrichMiddleware,
       includeCreateContext: false,
-      handlers
+      handlers,
+      router: this
     });
     registrationMethod.bind(this.internal)(
       path,