npm - @geekmidas/constructs - Versions diffs - 0.0.20 → 0.0.22 - Mend

@geekmidas/constructs 0.0.20 → 0.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (205) hide show

package/dist/subscribers/index.cjs CHANGED Viewed

@@ -1,6 +1,6 @@
 require('../Construct-BYSPikVm.cjs');
-const require_Subscriber = require('../Subscriber-Bdh8rMSL.cjs');
-const require_SubscriberBuilder = require('../SubscriberBuilder-DieD_60p.cjs');
+const require_Subscriber = require('../Subscriber-D-FPWts6.cjs');
+const require_SubscriberBuilder = require('../SubscriberBuilder-BfE2cL1q.cjs');
 //#region src/subscribers/index.ts
 const s = new require_SubscriberBuilder.SubscriberBuilder();

package/dist/subscribers/index.d.cts CHANGED Viewed

@@ -1,10 +1,10 @@
-import "../Construct-dI_rgdSp.cjs";
-import { Subscriber } from "../Subscriber-BhzqUzs-.cjs";
-import { SubscriberBuilder } from "../SubscriberBuilder-BCVkp-ga.cjs";
-import * as _geekmidas_logger9 from "@geekmidas/logger";
+import "../Construct-Dkd8Kvc9.cjs";
+import { Subscriber } from "../Subscriber-DMSzvO_J.cjs";
+import { SubscriberBuilder } from "../SubscriberBuilder-BxJM3Hz_.cjs";
+import * as _geekmidas_logger4 from "@geekmidas/logger";
 //#region src/subscribers/index.d.ts
-declare const s: SubscriberBuilder<[], _geekmidas_logger9.Logger, undefined, undefined, string, []>;
+declare const s: SubscriberBuilder<[], _geekmidas_logger4.Logger, undefined, undefined, string, []>;
 //#endregion
 export { Subscriber, SubscriberBuilder, s };
 //# sourceMappingURL=index.d.cts.map

package/dist/subscribers/index.d.mts CHANGED Viewed

@@ -1,10 +1,10 @@
-import "../Construct-ZPqE0vhn.mjs";
-import { Subscriber } from "../Subscriber-s6yfjeOc.mjs";
-import { SubscriberBuilder } from "../SubscriberBuilder-aCua5_wA.mjs";
-import * as _geekmidas_logger6 from "@geekmidas/logger";
+import "../Construct-DDR0295I.mjs";
+import { Subscriber } from "../Subscriber-itwm7ugy.mjs";
+import { SubscriberBuilder } from "../SubscriberBuilder-9j3JCu8-.mjs";
+import * as _geekmidas_logger9 from "@geekmidas/logger";
 //#region src/subscribers/index.d.ts
-declare const s: SubscriberBuilder<[], _geekmidas_logger6.Logger, undefined, undefined, string, []>;
+declare const s: SubscriberBuilder<[], _geekmidas_logger9.Logger, undefined, undefined, string, []>;
 //#endregion
 export { Subscriber, SubscriberBuilder, s };
 //# sourceMappingURL=index.d.mts.map

package/dist/subscribers/index.mjs CHANGED Viewed

@@ -1,6 +1,6 @@
 import "../Construct-LWeB1rSQ.mjs";
-import { Subscriber } from "../Subscriber-CJOWwaw1.mjs";
-import { SubscriberBuilder } from "../SubscriberBuilder-BWQmiYd8.mjs";
+import { Subscriber } from "../Subscriber-CGb8LjZa.mjs";
+import { SubscriberBuilder } from "../SubscriberBuilder-BcAspHv9.mjs";
 //#region src/subscribers/index.ts
 const s = new SubscriberBuilder();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@geekmidas/constructs",
-  "version": "0.0.20",
+  "version": "0.0.22",
   "private": false,
   "type": "module",
   "exports": {
@@ -52,7 +52,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/geekmidas/toolbox.git"
+    "url": "https://github.com/geekmidas/toolbox"
   },
   "publishConfig": {
     "registry": "https://registry.npmjs.org/",
@@ -67,12 +67,12 @@
     "lodash.uniqby": "~4.7.0",
     "openapi-types": "~12.1.3",
     "@geekmidas/audit": "0.0.8",
-    "@geekmidas/schema": "0.0.2",
-    "@geekmidas/rate-limit": "0.1.0",
     "@geekmidas/cache": "0.0.7",
     "@geekmidas/events": "0.0.2",
     "@geekmidas/errors": "0.0.1",
     "@geekmidas/logger": "0.0.1",
+    "@geekmidas/rate-limit": "0.1.0",
+    "@geekmidas/schema": "0.0.2",
     "@geekmidas/services": "0.0.1"
   },
   "devDependencies": {
@@ -84,7 +84,7 @@
     "@types/pg": "~8.15.6",
     "kysely": "~0.28.8",
     "pg": "~8.16.3",
-    "zod": "~4.1.12",
+    "zod": "~4.1.13",
     "@geekmidas/testkit": "0.0.17"
   },
   "peerDependencies": {

package/src/crons/Cron.ts CHANGED Viewed

@@ -1,13 +1,13 @@
+import type { AuditableAction } from '@geekmidas/audit';
+import type { EventPublisher } from '@geekmidas/events';
 import type { Logger } from '@geekmidas/logger';
+import type { ComposableStandardSchema } from '@geekmidas/schema';
+import type { Service } from '@geekmidas/services';
 import type { StandardSchemaV1 } from '@standard-schema/spec';
 import { ConstructType } from '../Construct';
 import { Function, type FunctionHandler } from '../functions';
-import type { EventPublisher } from '@geekmidas/events';
-import type { ComposableStandardSchema } from '@geekmidas/schema';
-import type { Service } from '@geekmidas/services';
 export class Cron<
   TInput extends ComposableStandardSchema | undefined = undefined,
   TServices extends Service[] = [],
@@ -22,13 +22,14 @@ export class Cron<
   TServices,
   TLogger,
   OutSchema,
-  FunctionHandler<TInput, TServices, TLogger, OutSchema, TDatabase>,
   TEventPublisher,
   TEventPublisherServiceName,
   undefined,
   string,
   TDatabase,
-  TDatabaseServiceName
+  TDatabaseServiceName,
+  AuditableAction<string, unknown>,
+  FunctionHandler<TInput, TServices, TLogger, OutSchema, TDatabase>
 > {
   static isCron(obj: any): obj is Cron<any, any, any, any> {
     return Boolean(

package/src/endpoints/AmazonApiGatewayEndpointAdaptor.ts CHANGED Viewed

@@ -191,17 +191,44 @@ export abstract class AmazonApiGatewayEndpoint<
     };
   }
+  private database(): Middleware<TEvent, TInput, TServices, TLogger> {
+    return {
+      before: async (req) => {
+        if (!this.endpoint.databaseService) {
+          return;
+        }
+        const logger = req.event.logger as TLogger;
+        const serviceDiscovery = ServiceDiscovery.getInstance<
+          ServiceRecord<TServices>,
+          TLogger
+        >(logger, this.envParser);
+        const db = await serviceDiscovery
+          .register([this.endpoint.databaseService])
+          .then(
+            (s) =>
+              s[this.endpoint.databaseService!.serviceName as keyof typeof s],
+          );
+        (req.event as any).db = db;
+      },
+    };
+  }
   private session(): Middleware<TEvent, TInput, TServices, TLogger> {
     return {
       before: async (req) => {
         const logger = req.event.logger as TLogger;
         const services = req.event.services;
+        const db = (req.event as any).db;
         req.event.session = (await this.endpoint.getSession({
           logger,
           services,
           header: req.event.header,
           cookie: req.event.cookie,
-        })) as TSession;
+          ...(db !== undefined && { db }),
+        } as any)) as TSession;
       },
     };
   }
@@ -267,15 +294,8 @@ export abstract class AmazonApiGatewayEndpoint<
       logger.warn('No auditor storage service available');
     }
-    // Resolve database service if configured
-    const rawDb = this.endpoint.databaseService
-      ? await serviceDiscovery
-          .register([this.endpoint.databaseService])
-          .then(
-            (s) =>
-              s[this.endpoint.databaseService!.serviceName as keyof typeof s],
-          )
-      : undefined;
+    // Get pre-resolved database from middleware
+    const rawDb = (event as any).db;
     // Execute handler with automatic audit transaction support
     const result = await executeWithAuditTransaction(
@@ -382,6 +402,7 @@ export abstract class AmazonApiGatewayEndpoint<
       .use(this.error())
       .use(this.services())
       .use(this.input())
+      .use(this.database())
       .use(this.session())
       .use(this.authorize())
       .use(this.events()) as unknown as THandler;

package/src/endpoints/Endpoint.ts CHANGED Viewed

@@ -109,7 +109,7 @@ export class Endpoint<
   /** Default headers to apply to all responses */
   public readonly defaultHeaders: Record<string, string> = {};
   /** Function to extract session data from the request context */
-  public getSession: SessionFn<TServices, TLogger, TSession> = () =>
+  public getSession: SessionFn<TServices, TLogger, TSession, TDatabase> = () =>
     ({}) as TSession;
   /** Function to determine if the request is authorized */
   public authorize: AuthorizeFn<TServices, TLogger, TSession> = () => true;
@@ -122,7 +122,7 @@ export class Endpoint<
   /** Declarative audit definitions */
   public audits: MappedAudit<TAuditAction, OutSchema>[] = [];
   /** Database service for this endpoint */
-  public databaseService?: Service<TDatabaseServiceName, TDatabase>;
+  public declare databaseService?: Service<TDatabaseServiceName, TDatabase>;
   /** The endpoint handler function */
   private endpointFn!: EndpointHandler<
     TInput,
@@ -752,7 +752,7 @@ export interface EndpointOptions<
   /** Logger instance */
   logger: TLogger;
   /** Optional session extraction function */
-  getSession: SessionFn<TServices, TLogger, TSession> | undefined;
+  getSession: SessionFn<TServices, TLogger, TSession, TDatabase> | undefined;
   /** Optional rate limiting configuration */
   rateLimit?: RateLimitConfig;
   /** Success HTTP status code */
@@ -826,7 +826,10 @@ export type AuthorizeFn<
   ctx: AuthorizeContext<TServices, TLogger, TSession>,
 ) => Promise<boolean> | boolean;
-export type SessionContext<
+/**
+ * Base session context without database
+ */
+type BaseSessionContext<
   TServices extends Service[] = [],
   TLogger extends Logger = Logger,
 > = {
@@ -835,29 +838,61 @@ export type SessionContext<
   header: HeaderFn;
   cookie: CookieFn;
 };
+/**
+ * Conditional database context for session - only present when database service is configured
+ */
+type SessionDatabaseContext<TDatabase = undefined> = TDatabase extends undefined
+  ? {}
+  : {
+      /**
+       * Database instance for session extraction.
+       * Available when a database service is configured via `.database()`.
+       * Useful for looking up user data from the database based on auth tokens.
+       */
+      db: TDatabase;
+    };
+export type SessionContext<
+  TServices extends Service[] = [],
+  TLogger extends Logger = Logger,
+  TDatabase = undefined,
+> = BaseSessionContext<TServices, TLogger> & SessionDatabaseContext<TDatabase>;
 /**
  * Function type for extracting session data from a request.
  *
  * @template TServices - Available service dependencies
  * @template TLogger - Logger type
  * @template TSession - Session data type to extract
+ * @template TDatabase - Database type (when database service is configured)
  *
- * @param ctx - Context containing services, logger, and headers
+ * @param ctx - Context containing services, logger, headers, and optionally database
  * @returns The extracted session data
  *
  * @example
  * ```typescript
+ * // Without database
  * const getSession: SessionFn<Services, Logger, UserSession> = async ({ header, services }) => {
  *   const token = header('authorization');
  *   return await services.auth.verifyToken(token);
  * };
+ *
+ * // With database
+ * const getSession: SessionFn<Services, Logger, UserSession, Database> = async ({ header, db }) => {
+ *   const token = header('authorization');
+ *   const user = await db.selectFrom('users').where('token', '=', token).executeTakeFirst();
+ *   return { userId: user?.id };
+ * };
  * ```
  */
 export type SessionFn<
   TServices extends Service[] = [],
   TLogger extends Logger = Logger,
   TSession = unknown,
-> = (ctx: SessionContext<TServices, TLogger>) => Promise<TSession> | TSession;
+  TDatabase = undefined,
+> = (
+  ctx: SessionContext<TServices, TLogger, TDatabase>,
+) => Promise<TSession> | TSession;
 /**
  * Utility type that converts Express-style route parameters to OpenAPI format.

package/src/endpoints/EndpointBuilder.ts CHANGED Viewed

@@ -58,7 +58,8 @@ export class EndpointBuilder<
   protected _status?: SuccessStatus;
   protected _tags?: string[];
   protected _memorySize?: number;
-  _getSession: SessionFn<TServices, TLogger, TSession> = () => ({}) as TSession;
+  _getSession: SessionFn<TServices, TLogger, TSession, TDatabase> = () =>
+    ({}) as TSession;
   _authorize: AuthorizeFn<TServices, TLogger, TSession> = () => true;
   _rateLimit?: RateLimitConfig;
   _availableAuthorizers: Authorizer[] = [];
@@ -615,8 +616,11 @@ export class EndpointBuilder<
     TDatabaseServiceName
   > {
     // Find authorizer metadata if name is set
+    // If the authorizer name is set but not in availableAuthorizers, create a simple authorizer object
     const authorizer = this._authorizerName
-      ? this._availableAuthorizers.find((a) => a.name === this._authorizerName)
+      ? (this._availableAuthorizers.find(
+          (a) => a.name === this._authorizerName,
+        ) ?? { name: this._authorizerName })
       : undefined;
     return new Endpoint({

package/src/endpoints/EndpointFactory.ts CHANGED Viewed

@@ -40,7 +40,12 @@ export class EndpointFactory<
   private defaultEventPublisher:
     | Service<TEventPublisherServiceName, TEventPublisher>
     | undefined;
-  private defaultSessionExtractor?: SessionFn<TServices, TLogger, TSession>;
+  private defaultSessionExtractor?: SessionFn<
+    TServices,
+    TLogger,
+    TSession,
+    TDatabase
+  >;
   private defaultLogger: TLogger = DEFAULT_LOGGER;
   private availableAuthorizers: Authorizer[] = [];
   private defaultAuthorizerName?: TAuthorizers[number];
@@ -181,6 +186,70 @@ export class EndpointFactory<
     });
   }
+  /**
+   * Set the default authorizer for all endpoints created from this factory.
+   * Individual endpoints can override this by calling `.authorizer()` on the builder.
+   * Use `'none'` to explicitly disable authorization for all endpoints.
+   */
+  authorizer(
+    name: TAuthorizers[number] | 'none',
+  ): EndpointFactory<
+    TServices,
+    TBasePath,
+    TLogger,
+    TSession,
+    TEventPublisher,
+    TEventPublisherServiceName,
+    TAuthorizers,
+    TAuditStorage,
+    TAuditStorageServiceName,
+    TAuditAction,
+    TDatabase,
+    TDatabaseServiceName
+  > {
+    // Validate that the authorizer exists in available authorizers
+    if (name !== 'none' && this.availableAuthorizers.length > 0) {
+      const authorizerExists = this.availableAuthorizers.some(
+        (a) => a.name === name,
+      );
+      if (!authorizerExists) {
+        const available = this.availableAuthorizers
+          .map((a) => a.name)
+          .join(', ');
+        throw new Error(
+          `Authorizer "${name as string}" not found in available authorizers: ${available}`,
+        );
+      }
+    }
+    return new EndpointFactory<
+      TServices,
+      TBasePath,
+      TLogger,
+      TSession,
+      TEventPublisher,
+      TEventPublisherServiceName,
+      TAuthorizers,
+      TAuditStorage,
+      TAuditStorageServiceName,
+      TAuditAction,
+      TDatabase,
+      TDatabaseServiceName
+    >({
+      defaultServices: this.defaultServices,
+      basePath: this.basePath,
+      defaultAuthorizeFn: this.defaultAuthorizeFn,
+      defaultLogger: this.defaultLogger,
+      defaultSessionExtractor: this.defaultSessionExtractor,
+      defaultEventPublisher: this.defaultEventPublisher,
+      availableAuthorizers: this.availableAuthorizers,
+      defaultAuthorizerName: name === 'none' ? undefined : name,
+      defaultAuditorStorage: this.defaultAuditorStorage,
+      defaultDatabaseService: this.defaultDatabaseService,
+      defaultActorExtractor: this.defaultActorExtractor,
+    });
+  }
   // Create a sub-router with a path prefix
   route<TPath extends string>(
     path: TPath,
@@ -423,7 +492,7 @@ export class EndpointFactory<
   }
   session<T>(
-    session: SessionFn<TServices, TLogger, T>,
+    session: SessionFn<TServices, TLogger, T, TDatabase>,
   ): EndpointFactory<
     TServices,
     TBasePath,
@@ -513,7 +582,11 @@ export class EndpointFactory<
       basePath: this.basePath,
       defaultAuthorizeFn: this.defaultAuthorizeFn,
       defaultLogger: this.defaultLogger,
-      defaultSessionExtractor: this.defaultSessionExtractor,
+      // Reset session extractor when database changes - user should call .session() after .database()
+      // to get proper type inference for the new database type
+      defaultSessionExtractor: this.defaultSessionExtractor as unknown as
+        | SessionFn<TServices, TLogger, TSession, T>
+        | undefined,
       defaultEventPublisher: this.defaultEventPublisher,
       availableAuthorizers: this.availableAuthorizers,
       defaultAuthorizerName: this.defaultAuthorizerName,
@@ -781,7 +854,7 @@ export interface EndpointFactoryOptions<
   basePath?: TBasePath;
   defaultAuthorizeFn?: AuthorizeFn<TServices, TLogger, TSession>;
   defaultLogger?: TLogger;
-  defaultSessionExtractor?: SessionFn<TServices, TLogger, TSession>;
+  defaultSessionExtractor?: SessionFn<TServices, TLogger, TSession, TDatabase>;
   defaultEventPublisher?: Service<TEventPublisherServiceName, TEventPublisher>;
   defaultEvents?: MappedEvent<TEventPublisher, undefined>[];
   availableAuthorizers?: Authorizer[];

package/src/endpoints/HonoEndpointAdaptor.ts CHANGED Viewed

@@ -298,12 +298,23 @@ export class HonoEndpoint<
           const services = await serviceDiscovery.register(endpoint.services);
+          // Resolve database service early so it's available for session extraction
+          const rawDb = endpoint.databaseService
+            ? await serviceDiscovery
+                .register([endpoint.databaseService])
+                .then(
+                  (s) =>
+                    s[endpoint.databaseService!.serviceName as keyof typeof s],
+                )
+            : undefined;
           const session = await endpoint.getSession({
             services,
             logger,
             header,
             cookie,
-          });
+            ...(rawDb !== undefined && { db: rawDb }),
+          } as any);
           const isAuthorized = await endpoint.authorize({
             header,
@@ -363,16 +374,6 @@ export class HonoEndpoint<
             logger.warn('No auditor storage service available');
           }
-          // Resolve database service if configured
-          const rawDb = endpoint.databaseService
-            ? await serviceDiscovery
-                .register([endpoint.databaseService])
-                .then(
-                  (s) =>
-                    s[endpoint.databaseService!.serviceName as keyof typeof s],
-                )
-            : undefined;
           // Execute handler with automatic audit transaction support
           const result = await executeWithAuditTransaction(
             auditContext,

package/src/endpoints/TestEndpointAdaptor.ts CHANGED Viewed

@@ -1,4 +1,8 @@
-import type { AuditActor, AuditStorage, AuditableAction } from '@geekmidas/audit';
+import type {
+  AuditActor,
+  AuditStorage,
+  AuditableAction,
+} from '@geekmidas/audit';
 import { DefaultAuditor } from '@geekmidas/audit';
 import { EnvironmentParser } from '@geekmidas/envkit';
 import type { EventPublisher } from '@geekmidas/events';
@@ -179,12 +183,17 @@ export class TestEndpointAdaptor<
       host: ctx.headers.host,
       method: this.endpoint.method,
     }) as TLogger;
+    // Get database from context for session extraction
+    const rawDb = (ctx as any).database as TDatabase;
     const session = await this.endpoint.getSession({
       logger,
       services: ctx.services,
       header,
       cookie,
-    });
+      ...(rawDb !== undefined && { db: rawDb }),
+    } as any);
     // Create audit context if audit storage is provided
     // The auditorStorage instance is required when endpoint uses .auditor()
@@ -229,10 +238,6 @@ export class TestEndpointAdaptor<
       logger.warn('No auditor storage service available');
     }
-    // Use database instance directly from context
-    // The database instance is required when endpoint uses .database()
-    const rawDb = (ctx as any).database as TDatabase;
     // Execute handler with automatic audit transaction support
     const result = await executeWithAuditTransaction(
       auditContext,

package/src/endpoints/__tests__/EndpointFactory.authorizers.spec.ts CHANGED Viewed

@@ -294,3 +294,144 @@ describe('EndpointFactory.authorizers', () => {
     expect(endpoint.tags).toEqual(['public', 'contact']);
   });
 });
+describe('EndpointFactory.authorizer (default)', () => {
+  it('should set default authorizer for all endpoints', () => {
+    const factory = new EndpointFactory()
+      .authorizers(['iam', 'jwt'] as const)
+      .authorizer('jwt');
+    const endpoint1 = factory.get('/users').handle(async () => ({ users: [] }));
+    const endpoint2 = factory
+      .post('/users')
+      .body(z.object({ name: z.string() }))
+      .handle(async () => ({ id: '1' }));
+    expect(endpoint1.authorizer).toEqual({ name: 'jwt' });
+    expect(endpoint2.authorizer).toEqual({ name: 'jwt' });
+  });
+  it('should allow endpoint to override factory default authorizer', () => {
+    const factory = new EndpointFactory()
+      .authorizers(['iam', 'jwt'] as const)
+      .authorizer('jwt');
+    const endpoint = factory
+      .get('/admin')
+      .authorizer('iam')
+      .handle(async () => ({ admin: true }));
+    expect(endpoint.authorizer).toEqual({ name: 'iam' });
+  });
+  it('should allow endpoint to disable authorizer with none', () => {
+    const factory = new EndpointFactory()
+      .authorizers(['iam', 'jwt'] as const)
+      .authorizer('jwt');
+    const endpoint = factory
+      .get('/public')
+      .authorizer('none')
+      .handle(async () => ({ public: true }));
+    expect(endpoint.authorizer).toBeUndefined();
+  });
+  it('should throw error when setting non-existent default authorizer', () => {
+    const factory = new EndpointFactory().authorizers(['iam', 'jwt'] as const);
+    expect(() => {
+      // @ts-expect-error - testing invalid authorizer
+      factory.authorizer('invalid');
+    }).toThrow(
+      'Authorizer "invalid" not found in available authorizers: iam, jwt',
+    );
+  });
+  it('should preserve default authorizer when chaining factory methods', () => {
+    const factory = new EndpointFactory()
+      .authorizers(['iam', 'jwt'] as const)
+      .authorizer('jwt')
+      .route('/api/v1');
+    const endpoint = factory.get('/users').handle(async () => ({ users: [] }));
+    expect(endpoint.authorizer).toEqual({ name: 'jwt' });
+    expect(endpoint.route).toBe('/api/v1/users');
+  });
+  it('should preserve default authorizer with services', () => {
+    const dbService = {
+      serviceName: 'database' as const,
+      register: async () => ({ query: async () => [] }),
+    };
+    const factory = new EndpointFactory()
+      .authorizers(['jwt'] as const)
+      .authorizer('jwt')
+      .services([dbService]);
+    const endpoint = factory.get('/users').handle(async ({ services }) => {
+      await services.database.query();
+      return { users: [] };
+    });
+    expect(endpoint.authorizer).toEqual({ name: 'jwt' });
+  });
+  it('should allow factory.authorizer("none") to clear default', () => {
+    const factory = new EndpointFactory()
+      .authorizers(['iam', 'jwt'] as const)
+      .authorizer('jwt')
+      .authorizer('none');
+    const endpoint = factory.get('/test').handle(async () => ({ test: true }));
+    expect(endpoint.authorizer).toBeUndefined();
+  });
+  it('should allow setting default authorizer without calling authorizers() first', () => {
+    // When no authorizers are defined, validation is skipped
+    const factory = new EndpointFactory().authorizer('custom');
+    const endpoint = factory.get('/test').handle(async () => ({ test: true }));
+    expect(endpoint.authorizer).toEqual({ name: 'custom' });
+  });
+  it('should work with nested route factories', () => {
+    const rootFactory = new EndpointFactory()
+      .authorizers(['iam', 'jwt', 'api-key'] as const)
+      .authorizer('jwt');
+    const apiFactory = rootFactory.route('/api');
+    const adminFactory = apiFactory.route('/admin');
+    const endpoint = adminFactory
+      .delete('/users/:id')
+      .params(z.object({ id: z.string() }))
+      .handle(async () => ({ deleted: true }));
+    expect(endpoint.route).toBe('/api/admin/users/:id');
+    expect(endpoint.authorizer).toEqual({ name: 'jwt' });
+  });
+  it('should allow sub-factory to override parent default authorizer', () => {
+    const rootFactory = new EndpointFactory()
+      .authorizers(['iam', 'jwt'] as const)
+      .authorizer('jwt');
+    const adminFactory = rootFactory.route('/admin').authorizer('iam');
+    const publicEndpoint = rootFactory
+      .get('/public')
+      .handle(async () => ({ public: true }));
+    const adminEndpoint = adminFactory
+      .get('/dashboard')
+      .handle(async () => ({ admin: true }));
+    expect(publicEndpoint.authorizer).toEqual({ name: 'jwt' });
+    expect(adminEndpoint.authorizer).toEqual({ name: 'iam' });
+  });
+});