@forklaunch/core 1.3.6 → 1.3.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/{apiDefinition.types-CN-qa49j.d.mts → apiDefinition.types-CtTiIWvC.d.mts} +17 -25
- package/lib/{apiDefinition.types-CAOGkjXe.d.ts → apiDefinition.types-fBjxhhaM.d.ts} +17 -25
- package/lib/http/index.d.mts +13 -2
- package/lib/http/index.d.ts +13 -2
- package/lib/http/index.js +74 -27
- package/lib/http/index.js.map +1 -1
- package/lib/http/index.mjs +74 -27
- package/lib/http/index.mjs.map +1 -1
- package/lib/services/index.d.mts +2 -12
- package/lib/services/index.d.ts +2 -12
- package/lib/services/index.js +2 -7
- package/lib/services/index.js.map +1 -1
- package/lib/services/index.mjs +2 -5
- package/lib/services/index.mjs.map +1 -1
- package/lib/ws/index.d.mts +1 -1
- package/lib/ws/index.d.ts +1 -1
- package/package.json +3 -3
package/lib/http/index.mjs
CHANGED
|
@@ -28,6 +28,31 @@ import {
|
|
|
28
28
|
toRecord
|
|
29
29
|
} from "@forklaunch/common";
|
|
30
30
|
|
|
31
|
+
// src/http/guards/hasPermissionChecks.ts
|
|
32
|
+
function hasPermissionChecks(maybePermissionedAuth) {
|
|
33
|
+
if (typeof maybePermissionedAuth !== "object" || maybePermissionedAuth === null) {
|
|
34
|
+
return false;
|
|
35
|
+
}
|
|
36
|
+
const hasAllowedPermissions = "allowedPermissions" in maybePermissionedAuth && maybePermissionedAuth.allowedPermissions instanceof Set && maybePermissionedAuth.allowedPermissions.size > 0;
|
|
37
|
+
const hasForbiddenPermissions = "forbiddenPermissions" in maybePermissionedAuth && maybePermissionedAuth.forbiddenPermissions instanceof Set && maybePermissionedAuth.forbiddenPermissions.size > 0;
|
|
38
|
+
return hasAllowedPermissions || hasForbiddenPermissions;
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
// src/http/guards/hasRoleChecks.ts
|
|
42
|
+
function hasRoleChecks(maybeRoledAuth) {
|
|
43
|
+
if (typeof maybeRoledAuth !== "object" || maybeRoledAuth === null) {
|
|
44
|
+
return false;
|
|
45
|
+
}
|
|
46
|
+
const hasAllowedRoles = "allowedRoles" in maybeRoledAuth && maybeRoledAuth.allowedRoles instanceof Set && maybeRoledAuth.allowedRoles.size > 0;
|
|
47
|
+
const hasForbiddenRoles = "forbiddenRoles" in maybeRoledAuth && maybeRoledAuth.forbiddenRoles instanceof Set && maybeRoledAuth.forbiddenRoles.size > 0;
|
|
48
|
+
return hasAllowedRoles || hasForbiddenRoles;
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
// src/http/guards/hasScopeChecks.ts
|
|
52
|
+
function hasScopeChecks(maybePermissionedAuth) {
|
|
53
|
+
return typeof maybePermissionedAuth === "object" && maybePermissionedAuth !== null && "requiredScope" in maybePermissionedAuth && maybePermissionedAuth.requiredScope != null;
|
|
54
|
+
}
|
|
55
|
+
|
|
31
56
|
// src/http/guards/isForklaunchRouter.ts
|
|
32
57
|
function isForklaunchRouter(maybeForklaunchRouter) {
|
|
33
58
|
return maybeForklaunchRouter != null && typeof maybeForklaunchRouter === "object" && "basePath" in maybeForklaunchRouter && "routes" in maybeForklaunchRouter && Array.isArray(maybeForklaunchRouter.routes);
|
|
@@ -242,31 +267,6 @@ function discriminateResponseBodies(schemaValidator, responses) {
|
|
|
242
267
|
// src/http/router/routerSharedLogic.ts
|
|
243
268
|
import { isRecord as isRecord2 } from "@forklaunch/common";
|
|
244
269
|
|
|
245
|
-
// src/http/guards/hasPermissionChecks.ts
|
|
246
|
-
function hasPermissionChecks(maybePermissionedAuth) {
|
|
247
|
-
if (typeof maybePermissionedAuth !== "object" || maybePermissionedAuth === null) {
|
|
248
|
-
return false;
|
|
249
|
-
}
|
|
250
|
-
const hasAllowedPermissions = "allowedPermissions" in maybePermissionedAuth && maybePermissionedAuth.allowedPermissions instanceof Set && maybePermissionedAuth.allowedPermissions.size > 0;
|
|
251
|
-
const hasForbiddenPermissions = "forbiddenPermissions" in maybePermissionedAuth && maybePermissionedAuth.forbiddenPermissions instanceof Set && maybePermissionedAuth.forbiddenPermissions.size > 0;
|
|
252
|
-
return hasAllowedPermissions || hasForbiddenPermissions;
|
|
253
|
-
}
|
|
254
|
-
|
|
255
|
-
// src/http/guards/hasRoleChecks.ts
|
|
256
|
-
function hasRoleChecks(maybeRoledAuth) {
|
|
257
|
-
if (typeof maybeRoledAuth !== "object" || maybeRoledAuth === null) {
|
|
258
|
-
return false;
|
|
259
|
-
}
|
|
260
|
-
const hasAllowedRoles = "allowedRoles" in maybeRoledAuth && maybeRoledAuth.allowedRoles instanceof Set && maybeRoledAuth.allowedRoles.size > 0;
|
|
261
|
-
const hasForbiddenRoles = "forbiddenRoles" in maybeRoledAuth && maybeRoledAuth.forbiddenRoles instanceof Set && maybeRoledAuth.forbiddenRoles.size > 0;
|
|
262
|
-
return hasAllowedRoles || hasForbiddenRoles;
|
|
263
|
-
}
|
|
264
|
-
|
|
265
|
-
// src/http/guards/hasScopeChecks.ts
|
|
266
|
-
function hasScopeChecks(maybePermissionedAuth) {
|
|
267
|
-
return typeof maybePermissionedAuth === "object" && maybePermissionedAuth !== null && "requiredScope" in maybePermissionedAuth && maybePermissionedAuth.requiredScope != null;
|
|
268
|
-
}
|
|
269
|
-
|
|
270
270
|
// src/http/guards/hasVersionedSchema.ts
|
|
271
271
|
function hasVersionedSchema(contractDetails) {
|
|
272
272
|
return typeof contractDetails === "object" && contractDetails !== null && "versions" in contractDetails && contractDetails.versions !== null;
|
|
@@ -1890,6 +1890,46 @@ var ForklaunchExpressLikeRouter = class _ForklaunchExpressLikeRouter {
|
|
|
1890
1890
|
);
|
|
1891
1891
|
});
|
|
1892
1892
|
}
|
|
1893
|
+
/**
|
|
1894
|
+
* Validates that all protected routes have the required surfacing functions
|
|
1895
|
+
* available (from the route, router, or application level).
|
|
1896
|
+
* Call this at listen() time when the full option chain is assembled.
|
|
1897
|
+
*/
|
|
1898
|
+
validateSurfacingFunctions(router = this, parentAuth) {
|
|
1899
|
+
const routerAuth = router.routerOptions?.auth && typeof router.routerOptions.auth === "object" ? router.routerOptions.auth : void 0;
|
|
1900
|
+
const globalAuth = routerAuth ?? parentAuth;
|
|
1901
|
+
for (const route of router.routes) {
|
|
1902
|
+
const auth = route.contractDetails.auth;
|
|
1903
|
+
const access = route.contractDetails.access;
|
|
1904
|
+
if (!auth || access !== "protected") continue;
|
|
1905
|
+
const routeAuth = auth;
|
|
1906
|
+
const routeName = route.contractDetails.name;
|
|
1907
|
+
if (hasPermissionChecks(auth)) {
|
|
1908
|
+
if (!routeAuth["surfacePermissions"] && !globalAuth?.surfacePermissions) {
|
|
1909
|
+
throw new Error(
|
|
1910
|
+
`Route '${routeName}': declares allowedPermissions or forbiddenPermissions but no surfacePermissions function was provided on the route, router, or application`
|
|
1911
|
+
);
|
|
1912
|
+
}
|
|
1913
|
+
}
|
|
1914
|
+
if (hasRoleChecks(auth)) {
|
|
1915
|
+
if (!routeAuth["surfaceRoles"] && !globalAuth?.surfaceRoles) {
|
|
1916
|
+
throw new Error(
|
|
1917
|
+
`Route '${routeName}': declares allowedRoles or forbiddenRoles but no surfaceRoles function was provided on the route, router, or application`
|
|
1918
|
+
);
|
|
1919
|
+
}
|
|
1920
|
+
}
|
|
1921
|
+
if (hasScopeChecks(auth)) {
|
|
1922
|
+
if (!routeAuth["surfaceScopes"] && !globalAuth?.surfaceScopes) {
|
|
1923
|
+
throw new Error(
|
|
1924
|
+
`Route '${routeName}': declares requiredScope but no surfaceScopes function was provided on the route, router, or application`
|
|
1925
|
+
);
|
|
1926
|
+
}
|
|
1927
|
+
}
|
|
1928
|
+
}
|
|
1929
|
+
for (const subRouter of router.routers) {
|
|
1930
|
+
this.validateSurfacingFunctions(subRouter, globalAuth);
|
|
1931
|
+
}
|
|
1932
|
+
}
|
|
1893
1933
|
use = (pathOrContractDetailsOrMiddlewareOrTypedHandler, contractDetailsOrMiddlewareOrTypedHandler, ...middlewareOrMiddlewareWithTypedHandler) => {
|
|
1894
1934
|
[
|
|
1895
1935
|
pathOrContractDetailsOrMiddlewareOrTypedHandler,
|
|
@@ -2197,6 +2237,13 @@ var ForklaunchExpressLikeApplication = class extends ForklaunchExpressLikeRouter
|
|
|
2197
2237
|
this.appOptions = appOptions;
|
|
2198
2238
|
this.internal.use(cors(this.appOptions?.cors ?? {}));
|
|
2199
2239
|
}
|
|
2240
|
+
/**
|
|
2241
|
+
* Validates all registered routes across the app and all mounted routers.
|
|
2242
|
+
* Call this at the start of listen() to fail fast at startup.
|
|
2243
|
+
*/
|
|
2244
|
+
validateAllRoutes() {
|
|
2245
|
+
this.validateSurfacingFunctions();
|
|
2246
|
+
}
|
|
2200
2247
|
};
|
|
2201
2248
|
|
|
2202
2249
|
// src/http/cluster/isPortBound.ts
|
|
@@ -4055,7 +4102,7 @@ function generateOperationObject(schemaValidator, path, method, controllerName,
|
|
|
4055
4102
|
operationObject.security = [
|
|
4056
4103
|
{
|
|
4057
4104
|
basic: Array.from(
|
|
4058
|
-
"allowedPermissions" in auth ? auth.allowedPermissions
|
|
4105
|
+
"allowedPermissions" in auth && auth.allowedPermissions instanceof Set ? auth.allowedPermissions.values() : []
|
|
4059
4106
|
)
|
|
4060
4107
|
}
|
|
4061
4108
|
];
|
|
@@ -4067,7 +4114,7 @@ function generateOperationObject(schemaValidator, path, method, controllerName,
|
|
|
4067
4114
|
operationObject.security = [
|
|
4068
4115
|
{
|
|
4069
4116
|
[auth.headerName !== "Authorization" ? "bearer" : "apiKey"]: Array.from(
|
|
4070
|
-
"allowedPermissions" in auth ? auth.allowedPermissions
|
|
4117
|
+
"allowedPermissions" in auth && auth.allowedPermissions instanceof Set ? auth.allowedPermissions.values() : []
|
|
4071
4118
|
)
|
|
4072
4119
|
}
|
|
4073
4120
|
];
|