npm - @geekmidas/constructs - Versions diffs - 0.1.0 → 0.2.0 - Mend

@geekmidas/constructs 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (182) hide show

package/src/endpoints/EndpointFactory.ts CHANGED Viewed

@@ -17,6 +17,7 @@ import type {
 import type { AuthorizeFn, SessionFn } from './Endpoint';
 import { EndpointBuilder } from './EndpointBuilder';
 import type { ActorExtractor } from './audit';
+import type { RlsConfig } from './rls';
 const DEFAULT_LOGGER = new ConsoleLogger() as any;
@@ -40,6 +41,9 @@ export class EndpointFactory<
     string,
     SecurityScheme
   >,
+  TRlsConfig extends
+    | RlsConfig<TServices, TSession, TLogger>
+    | undefined = undefined,
 > {
   // @ts-ignore
   private defaultServices: TServices;
@@ -65,6 +69,7 @@ export class EndpointFactory<
     | undefined;
   private defaultActorExtractor?: ActorExtractor<TServices, TSession, TLogger>;
   private customSecuritySchemes: TSecuritySchemes = {} as TSecuritySchemes;
+  private defaultRlsConfig?: TRlsConfig;
   constructor({
     basePath,
@@ -80,6 +85,7 @@ export class EndpointFactory<
     defaultDatabaseService,
     defaultActorExtractor,
     customSecuritySchemes = {} as TSecuritySchemes,
+    defaultRlsConfig,
   }: EndpointFactoryOptions<
     TServices,
     TBasePath,
@@ -92,7 +98,8 @@ export class EndpointFactory<
     TAuditStorageServiceName,
     TDatabase,
     TDatabaseServiceName,
-    TSecuritySchemes
+    TSecuritySchemes,
+    TRlsConfig
   > = {}) {
     // Initialize default services
     this.defaultServices = uniqBy(
@@ -111,6 +118,7 @@ export class EndpointFactory<
     this.defaultDatabaseService = defaultDatabaseService;
     this.defaultActorExtractor = defaultActorExtractor;
     this.customSecuritySchemes = customSecuritySchemes;
+    this.defaultRlsConfig = defaultRlsConfig;
   }
   static joinPaths<TBasePath extends string, P extends string>(
@@ -184,7 +192,8 @@ export class EndpointFactory<
       TAuditAction,
       TDatabase,
       TDatabaseServiceName,
-      TSecuritySchemes
+      TSecuritySchemes,
+      TRlsConfig
     >({
       defaultServices: this.defaultServices,
       basePath: this.basePath,
@@ -198,6 +207,7 @@ export class EndpointFactory<
       defaultDatabaseService: this.defaultDatabaseService,
       defaultActorExtractor: this.defaultActorExtractor,
       customSecuritySchemes: this.customSecuritySchemes,
+      defaultRlsConfig: this.defaultRlsConfig,
     });
   }
@@ -326,7 +336,8 @@ export class EndpointFactory<
       TAuditAction,
       TDatabase,
       TDatabaseServiceName,
-      TSecuritySchemes
+      TSecuritySchemes,
+      TRlsConfig
     >({
       defaultServices: this.defaultServices,
       basePath: this.basePath,
@@ -341,6 +352,7 @@ export class EndpointFactory<
       defaultDatabaseService: this.defaultDatabaseService,
       defaultActorExtractor: this.defaultActorExtractor,
       customSecuritySchemes: this.customSecuritySchemes,
+      defaultRlsConfig: this.defaultRlsConfig,
     });
   }
@@ -376,7 +388,8 @@ export class EndpointFactory<
       TAuditAction,
       TDatabase,
       TDatabaseServiceName,
-      TSecuritySchemes
+      TSecuritySchemes,
+      TRlsConfig
     >({
       defaultServices: this.defaultServices,
       basePath: newBasePath,
@@ -390,6 +403,7 @@ export class EndpointFactory<
       defaultDatabaseService: this.defaultDatabaseService,
       defaultActorExtractor: this.defaultActorExtractor,
       customSecuritySchemes: this.customSecuritySchemes,
+      defaultRlsConfig: this.defaultRlsConfig,
     });
   }
@@ -424,7 +438,8 @@ export class EndpointFactory<
       TAuditAction,
       TDatabase,
       TDatabaseServiceName,
-      TSecuritySchemes
+      TSecuritySchemes,
+      TRlsConfig
     >({
       defaultServices: this.defaultServices,
       basePath: this.basePath,
@@ -438,6 +453,7 @@ export class EndpointFactory<
       defaultDatabaseService: this.defaultDatabaseService,
       defaultActorExtractor: this.defaultActorExtractor,
       customSecuritySchemes: this.customSecuritySchemes,
+      defaultRlsConfig: this.defaultRlsConfig,
     });
   }
@@ -472,7 +488,8 @@ export class EndpointFactory<
       TAuditAction,
       TDatabase,
       TDatabaseServiceName,
-      TSecuritySchemes
+      TSecuritySchemes,
+      TRlsConfig
     >({
       defaultServices: [...services, ...this.defaultServices],
       basePath: this.basePath,
@@ -486,6 +503,7 @@ export class EndpointFactory<
       defaultDatabaseService: this.defaultDatabaseService,
       defaultActorExtractor: this.defaultActorExtractor,
       customSecuritySchemes: this.customSecuritySchemes,
+      defaultRlsConfig: this.defaultRlsConfig,
     });
   }
@@ -519,7 +537,8 @@ export class EndpointFactory<
       TAuditAction,
       TDatabase,
       TDatabaseServiceName,
-      TSecuritySchemes
+      TSecuritySchemes,
+      TRlsConfig
     >({
       defaultServices: this.defaultServices,
       basePath: this.basePath,
@@ -547,6 +566,7 @@ export class EndpointFactory<
         L
       >,
       customSecuritySchemes: this.customSecuritySchemes,
+      defaultRlsConfig: this.defaultRlsConfig,
     });
   }
@@ -583,7 +603,8 @@ export class EndpointFactory<
       TAuditAction,
       TDatabase,
       TDatabaseServiceName,
-      TSecuritySchemes
+      TSecuritySchemes,
+      TRlsConfig
     >({
       defaultServices: this.defaultServices,
       basePath: this.basePath,
@@ -597,6 +618,7 @@ export class EndpointFactory<
       defaultDatabaseService: this.defaultDatabaseService,
       defaultActorExtractor: this.defaultActorExtractor,
       customSecuritySchemes: this.customSecuritySchemes,
+      defaultRlsConfig: this.defaultRlsConfig,
     });
   }
@@ -630,7 +652,8 @@ export class EndpointFactory<
       TAuditAction,
       TDatabase,
       TDatabaseServiceName,
-      TSecuritySchemes
+      TSecuritySchemes,
+      TRlsConfig
     >({
       defaultServices: this.defaultServices,
       basePath: this.basePath,
@@ -653,6 +676,7 @@ export class EndpointFactory<
         TLogger
       >,
       customSecuritySchemes: this.customSecuritySchemes,
+      defaultRlsConfig: this.defaultRlsConfig,
     });
   }
@@ -690,7 +714,8 @@ export class EndpointFactory<
       TAuditAction,
       T,
       TName,
-      TSecuritySchemes
+      TSecuritySchemes,
+      TRlsConfig
     >({
       defaultServices: this.defaultServices,
       basePath: this.basePath,
@@ -707,6 +732,7 @@ export class EndpointFactory<
       defaultAuditorStorage: this.defaultAuditorStorage,
       defaultDatabaseService: service,
       customSecuritySchemes: this.customSecuritySchemes,
+      defaultRlsConfig: this.defaultRlsConfig,
     });
   }
@@ -745,7 +771,8 @@ export class EndpointFactory<
       ExtractStorageAuditAction<T>,
       TDatabase,
       TDatabaseServiceName,
-      TSecuritySchemes
+      TSecuritySchemes,
+      TRlsConfig
     >({
       defaultServices: this.defaultServices,
       basePath: this.basePath,
@@ -764,6 +791,7 @@ export class EndpointFactory<
         TLogger
       >,
       customSecuritySchemes: this.customSecuritySchemes,
+      defaultRlsConfig: this.defaultRlsConfig,
     });
   }
@@ -801,7 +829,8 @@ export class EndpointFactory<
       TAuditAction,
       TDatabase,
       TDatabaseServiceName,
-      TSecuritySchemes
+      TSecuritySchemes,
+      TRlsConfig
     >({
       defaultServices: this.defaultServices,
       basePath: this.basePath,
@@ -815,6 +844,75 @@ export class EndpointFactory<
       defaultDatabaseService: this.defaultDatabaseService,
       defaultActorExtractor: extractor,
       customSecuritySchemes: this.customSecuritySchemes,
+      defaultRlsConfig: this.defaultRlsConfig,
+    });
+  }
+  /**
+   * Set the RLS (Row-Level Security) configuration for endpoints created from this factory.
+   * This enables automatic PostgreSQL session variable setting for RLS policies.
+   *
+   * @example
+   * ```typescript
+   * const api = new EndpointFactory()
+   *   .database(databaseService)
+   *   .session(extractSession)
+   *   .rls({
+   *     extractor: ({ session }) => ({
+   *       user_id: session.userId,
+   *       tenant_id: session.tenantId,
+   *     }),
+   *     prefix: 'app',
+   *   });
+   * ```
+   */
+  rls<TConfig extends RlsConfig<TServices, TSession, TLogger>>(
+    config: TConfig,
+  ): EndpointFactory<
+    TServices,
+    TBasePath,
+    TLogger,
+    TSession,
+    TEventPublisher,
+    TEventPublisherServiceName,
+    TAuthorizers,
+    TAuditStorage,
+    TAuditStorageServiceName,
+    TAuditAction,
+    TDatabase,
+    TDatabaseServiceName,
+    TSecuritySchemes,
+    TConfig
+  > {
+    return new EndpointFactory<
+      TServices,
+      TBasePath,
+      TLogger,
+      TSession,
+      TEventPublisher,
+      TEventPublisherServiceName,
+      TAuthorizers,
+      TAuditStorage,
+      TAuditStorageServiceName,
+      TAuditAction,
+      TDatabase,
+      TDatabaseServiceName,
+      TSecuritySchemes,
+      TConfig
+    >({
+      defaultServices: this.defaultServices,
+      basePath: this.basePath,
+      defaultAuthorizeFn: this.defaultAuthorizeFn,
+      defaultLogger: this.defaultLogger,
+      defaultSessionExtractor: this.defaultSessionExtractor,
+      defaultEventPublisher: this.defaultEventPublisher,
+      availableAuthorizers: this.availableAuthorizers,
+      defaultAuthorizerName: this.defaultAuthorizerName,
+      defaultAuditorStorage: this.defaultAuditorStorage,
+      defaultDatabaseService: this.defaultDatabaseService,
+      defaultActorExtractor: this.defaultActorExtractor,
+      customSecuritySchemes: this.customSecuritySchemes,
+      defaultRlsConfig: config,
     });
   }
@@ -906,6 +1004,11 @@ export class EndpointFactory<
     // Set custom security schemes
     builder._customSecuritySchemes = this.customSecuritySchemes;
+    // Set RLS config if configured
+    if (this.defaultRlsConfig) {
+      builder._rlsConfig = this.defaultRlsConfig as any;
+    }
     return builder;
   }
@@ -977,6 +1080,9 @@ export interface EndpointFactoryOptions<
     string,
     SecurityScheme
   >,
+  TRlsConfig extends
+    | RlsConfig<TServices, TSession, TLogger>
+    | undefined = undefined,
 > {
   defaultServices?: TServices;
   basePath?: TBasePath;
@@ -991,6 +1097,7 @@ export interface EndpointFactoryOptions<
   defaultDatabaseService?: Service<TDatabaseServiceName, TDatabase>;
   defaultActorExtractor?: ActorExtractor<TServices, TSession, TLogger>;
   customSecuritySchemes?: TSecuritySchemes;
+  defaultRlsConfig?: TRlsConfig;
 }
 export const e = new EndpointFactory();

package/src/endpoints/HonoEndpointAdaptor.ts CHANGED Viewed

@@ -19,6 +19,7 @@ import {
 import { getEndpointsFromRoutes } from './helpers';
 import { parseHonoQuery } from './parseHonoQuery';
+import { withRlsContext } from '@geekmidas/db/rls';
 import { wrapError } from '@geekmidas/errors';
 import {
   type Service,
@@ -374,6 +375,19 @@ export class HonoEndpoint<
             logger.warn('No auditor storage service available');
           }
+          // Extract RLS context if configured and not bypassed
+          const rlsActive =
+            endpoint.rlsConfig && !endpoint.rlsBypass && rawDb !== undefined;
+          const rlsContext = rlsActive
+            ? await endpoint.rlsConfig!.extractor({
+                services,
+                session,
+                header,
+                cookie,
+                logger,
+              })
+            : undefined;
           // Execute handler with automatic audit transaction support
           const result = await executeWithAuditTransaction(
             auditContext,
@@ -383,49 +397,64 @@ export class HonoEndpoint<
                 auditContext?.storage?.databaseServiceName &&
                 auditContext.storage.databaseServiceName ===
                   endpoint.databaseService?.serviceName;
-              const db = sameDatabase
+              const baseDb = sameDatabase
                 ? (auditor?.getTransaction?.() ?? rawDb)
                 : rawDb;
-              const responseBuilder = new ResponseBuilder();
-              const response = await endpoint.handler(
-                {
-                  services,
-                  logger,
-                  body: c.req.valid('json'),
-                  query: c.req.valid('query'),
-                  params: c.req.valid('param'),
-                  session,
-                  header,
-                  cookie,
-                  auditor,
-                  db,
-                } as unknown as EndpointContext<
-                  TInput,
-                  TServices,
-                  TLogger,
-                  TSession,
-                  TAuditAction,
-                  TDatabase,
-                  TAuditStorage
-                >,
-                responseBuilder,
-              );
-              // Check if response has metadata
-              let data = response;
-              let metadata = responseBuilder.getMetadata();
+              // Helper to execute handler with given db
+              const executeHandler = async (db: TDatabase | undefined) => {
+                const responseBuilder = new ResponseBuilder();
+                const response = await endpoint.handler(
+                  {
+                    services,
+                    logger,
+                    body: c.req.valid('json'),
+                    query: c.req.valid('query'),
+                    params: c.req.valid('param'),
+                    session,
+                    header,
+                    cookie,
+                    auditor,
+                    db,
+                  } as unknown as EndpointContext<
+                    TInput,
+                    TServices,
+                    TLogger,
+                    TSession,
+                    TAuditAction,
+                    TDatabase,
+                    TAuditStorage
+                  >,
+                  responseBuilder,
+                );
+                // Check if response has metadata
+                let data = response;
+                let metadata = responseBuilder.getMetadata();
+                if (Endpoint.hasMetadata(response)) {
+                  data = response.data;
+                  metadata = response.metadata;
+                }
-              if (Endpoint.hasMetadata(response)) {
-                data = response.data;
-                metadata = response.metadata;
+                const output = endpoint.outputSchema
+                  ? await endpoint.parseOutput(data)
+                  : undefined;
+                return { output, metadata, responseBuilder };
+              };
+              // If RLS is active, wrap handler with RLS context
+              if (rlsActive && rlsContext && baseDb) {
+                return withRlsContext(
+                  baseDb as any,
+                  rlsContext,
+                  async (trx) => executeHandler(trx as TDatabase),
+                  { prefix: endpoint.rlsConfig!.prefix },
+                );
               }
-              const output = endpoint.outputSchema
-                ? await endpoint.parseOutput(data)
-                : undefined;
-              return { output, metadata, responseBuilder };
+              return executeHandler(baseDb as TDatabase | undefined);
             },
             // Process declarative audits after handler (inside transaction)
             async (result, auditor) => {

package/src/endpoints/index.ts CHANGED Viewed

@@ -10,5 +10,12 @@ export {
 } from './Endpoint';
 export { EndpointBuilder } from './EndpointBuilder';
 export { type MappedAudit, type ActorExtractor } from './audit';
+export {
+  type RlsConfig,
+  type RlsContext,
+  type RlsContextExtractor,
+  RLS_BYPASS,
+  type RlsBypass,
+} from './rls';
 export const e = new EndpointFactory();

package/src/endpoints/rls.ts ADDED Viewed

@@ -0,0 +1,67 @@
+import type { Logger } from '@geekmidas/logger';
+import type { Service, ServiceRecord } from '@geekmidas/services';
+import type { CookieFn, HeaderFn } from './Endpoint';
+/**
+ * RLS context - key-value pairs to set as PostgreSQL session variables.
+ * Keys become `prefix.key` (e.g., `app.user_id`).
+ */
+export interface RlsContext {
+  [key: string]: string | number | boolean | null | undefined;
+}
+/**
+ * Function type for extracting RLS context from request context.
+ *
+ * @template TServices - Available service dependencies
+ * @template TSession - Session data type
+ * @template TLogger - Logger type
+ *
+ * @example
+ * ```ts
+ * const extractor: RlsContextExtractor<[], UserSession> = ({ session }) => ({
+ *   user_id: session.userId,
+ *   tenant_id: session.tenantId,
+ *   roles: session.roles.join(','),
+ * });
+ * ```
+ */
+export type RlsContextExtractor<
+  TServices extends Service[] = [],
+  TSession = unknown,
+  TLogger extends Logger = Logger,
+> = (ctx: {
+  services: ServiceRecord<TServices>;
+  session: TSession;
+  header: HeaderFn;
+  cookie: CookieFn;
+  logger: TLogger;
+}) => RlsContext | Promise<RlsContext>;
+/**
+ * Configuration for RLS on an endpoint or factory.
+ *
+ * @template TServices - Available service dependencies
+ * @template TSession - Session data type
+ * @template TLogger - Logger type
+ */
+export interface RlsConfig<
+  TServices extends Service[] = [],
+  TSession = unknown,
+  TLogger extends Logger = Logger,
+> {
+  /** Function to extract RLS context from request */
+  extractor: RlsContextExtractor<TServices, TSession, TLogger>;
+  /** Prefix for PostgreSQL session variables (default: 'app') */
+  prefix?: string;
+}
+/**
+ * Symbol used to bypass RLS for an endpoint.
+ */
+export const RLS_BYPASS = Symbol.for('geekmidas.rls.bypass');
+/**
+ * Type for RLS bypass marker.
+ */
+export type RlsBypass = typeof RLS_BYPASS;

package/dist/AmazonApiGatewayEndpointAdaptor-CPqlw2Rx.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"AmazonApiGatewayEndpointAdaptor-CPqlw2Rx.cjs","names":["envParser: EnvironmentParser<{}>","endpoint: Endpoint<\n TRoute,\n TMethod,\n TInput,\n TOutSchema,\n TServices,\n TLogger,\n TSession,\n TEventPublisher,\n TEventPublisherServiceName,\n TAuditStorage,\n TAuditStorageServiceName,\n TAuditAction\n >","UnprocessableEntityError","UnauthorizedError","event: Event<TEvent, TInput, TServices, TLogger, TSession>","ResponseBuilder","metadata","output","result","lambdaResponse: AmazonApiGatewayEndpointHandlerResponse","setCookieHeaders: string[]"],"sources":["../src/endpoints/AmazonApiGatewayEndpointAdaptor.ts"],"sourcesContent":["import type { AuditStorage, AuditableAction } from '@geekmidas/audit';\nimport type { Logger } from '@geekmidas/logger';\nimport type { StandardSchemaV1 } from '@standard-schema/spec';\nimport type { HttpMethod } from '../types';\nimport { Endpoint, type EndpointSchemas, ResponseBuilder } from './Endpoint';\n\nimport type { EnvironmentParser } from '@geekmidas/envkit';\nimport middy, { type MiddlewareObj } from '@middy/core';\nimport type {\n APIGatewayProxyEvent,\n APIGatewayProxyEventV2,\n Context,\n} from 'aws-lambda';\nimport set from 'lodash.set';\n\nimport {\n UnauthorizedError,\n UnprocessableEntityError,\n wrapError,\n} from '@geekmidas/errors';\nimport type { EventPublisher } from '@geekmidas/events';\nimport {\n type Service,\n ServiceDiscovery,\n type ServiceRecord,\n} from '@geekmidas/services';\n\nimport type {\n InferComposableStandardSchema,\n InferStandardSchema,\n} from '@geekmidas/schema';\nimport { publishConstructEvents } from '../publisher';\nimport type { CookieFn, HeaderFn } from './Endpoint';\nimport type { MappedAudit } from './audit';\nimport {\n createAuditContext,\n executeWithAuditTransaction,\n} from './processAudits';\n\n// Helper function to publish events\n\nexport abstract class AmazonApiGatewayEndpoint<\n THandler extends\n | AmazonApiGatewayV1EndpointHandler\n | AmazonApiGatewayV2EndpointHandler,\n TEvent extends HandlerEvent<THandler>,\n TRoute extends string,\n TMethod extends HttpMethod,\n TInput extends EndpointSchemas = {},\n TOutSchema extends StandardSchemaV1 | undefined = undefined,\n TServices extends Service[] = [],\n TLogger extends Logger = Logger,\n TSession = unknown,\n TEventPublisher extends EventPublisher<any> | undefined = undefined,\n TEventPublisherServiceName extends string = string,\n TAuditStorage extends AuditStorage | undefined = undefined,\n TAuditStorageServiceName extends string = string,\n TAuditAction extends AuditableAction<string, unknown> = AuditableAction<\n string,\n unknown\n >,\n> {\n constructor(\n protected envParser: EnvironmentParser<{}>,\n protected readonly endpoint: Endpoint<\n TRoute,\n TMethod,\n TInput,\n TOutSchema,\n TServices,\n TLogger,\n TSession,\n TEventPublisher,\n TEventPublisherServiceName,\n TAuditStorage,\n TAuditStorageServiceName,\n TAuditAction\n >,\n ) {}\n\n private error(): Middleware<TEvent, TInput, TServices, TLogger> {\n return {\n onError: (req) => {\n (req.event.logger || this.endpoint.logger).error(\n req.error || {},\n 'Error processing request',\n );\n const wrappedError = wrapError(req.error);\n\n // Set the response with the proper status code from the HttpError\n req.response = {\n statusCode: wrappedError.statusCode,\n body: wrappedError.body,\n };\n },\n };\n }\n abstract getInput(e: TEvent): GetInputResponse;\n\n private input(): Middleware<TEvent, TInput, TServices, TLogger> {\n return {\n before: async (req) => {\n try {\n const { body, query, params } = this.getInput(req.event);\n const headers = req.event.headers as Record<string, string>;\n const header = Endpoint.createHeaders(headers);\n const cookie = Endpoint.createCookies(headers.cookie);\n\n set(req.event, 'body', await this.endpoint.parseInput(body, 'body'));\n\n set(\n req.event,\n 'query',\n await this.endpoint.parseInput(query, 'query'),\n );\n set(\n req.event,\n 'params',\n await this.endpoint.parseInput(params, 'params'),\n );\n set(req.event, 'header', header);\n set(req.event, 'cookie', cookie);\n } catch (error) {\n // Convert validation errors to 422 Unprocessable Entity\n if (error && typeof error === 'object' && Array.isArray(error)) {\n throw new UnprocessableEntityError('Validation failed', error);\n }\n throw error;\n }\n },\n };\n }\n\n abstract getLoggerContext(data: TEvent, context: Context): LoggerContext;\n\n private logger(): Middleware<TEvent, TInput, TServices, TLogger> {\n return {\n before: (req) => {\n req.event.logger = this.endpoint.logger.child({\n route: this.endpoint.route,\n host: req.event.headers?.host,\n method: this.endpoint.method,\n ...this.getLoggerContext(req.event, req.context),\n }) as TLogger;\n },\n };\n }\n private services(): Middleware<TEvent, TInput, TServices, TLogger> {\n return {\n before: async (req) => {\n const logger = req.event.logger as TLogger;\n const serviceDiscovery = ServiceDiscovery.getInstance<\n ServiceRecord<TServices>,\n TLogger\n >(logger, this.envParser);\n\n const services = await serviceDiscovery.register(\n this.endpoint.services,\n );\n\n req.event.services = services;\n },\n };\n }\n\n private authorize(): Middleware<TEvent, TInput, TServices, TLogger> {\n return {\n before: async (req) => {\n const logger = req.event.logger as TLogger;\n const services = req.event.services;\n const header = req.event.header;\n const cookie = req.event.cookie;\n const session = req.event.session as TSession;\n\n const isAuthorized = await this.endpoint.authorize({\n header,\n cookie,\n services,\n logger,\n session,\n });\n\n if (!isAuthorized) {\n logger.warn('Unauthorized access attempt');\n throw new UnauthorizedError(\n 'Unauthorized access to the endpoint',\n 'You do not have permission to access this resource.',\n );\n }\n },\n };\n }\n\n private database(): Middleware<TEvent, TInput, TServices, TLogger> {\n return {\n before: async (req) => {\n if (!this.endpoint.databaseService) {\n return;\n }\n\n const logger = req.event.logger as TLogger;\n const serviceDiscovery = ServiceDiscovery.getInstance<\n ServiceRecord<TServices>,\n TLogger\n >(logger, this.envParser);\n\n const db = await serviceDiscovery\n .register([this.endpoint.databaseService])\n .then(\n (s) =>\n s[this.endpoint.databaseService!.serviceName as keyof typeof s],\n );\n\n (req.event as any).db = db;\n },\n };\n }\n\n private session(): Middleware<TEvent, TInput, TServices, TLogger> {\n return {\n before: async (req) => {\n const logger = req.event.logger as TLogger;\n const services = req.event.services;\n const db = (req.event as any).db;\n req.event.session = (await this.endpoint.getSession({\n logger,\n services,\n header: req.event.header,\n cookie: req.event.cookie,\n ...(db !== undefined && { db }),\n } as any)) as TSession;\n },\n };\n }\n\n private events(): Middleware<TEvent, TInput, TServices, TLogger> {\n return {\n after: async (req) => {\n const event = req.event;\n const response = (event as any)\n .__response as InferStandardSchema<TOutSchema>;\n const statusCode = req.response?.statusCode ?? this.endpoint.status;\n\n // Only publish events on successful responses (2xx status codes)\n // Note: Audits are processed inside the handler's transaction\n if (Endpoint.isSuccessStatus(statusCode)) {\n const logger = event.logger as TLogger;\n const serviceDiscovery = ServiceDiscovery.getInstance<\n ServiceRecord<TServices>,\n TLogger\n >(logger, this.envParser);\n\n // Publish events\n await publishConstructEvents(\n this.endpoint,\n response,\n serviceDiscovery,\n logger,\n );\n }\n },\n };\n }\n\n private async _handler(\n event: Event<TEvent, TInput, TServices, TLogger, TSession>,\n ) {\n const input = this.endpoint.refineInput(event);\n const logger = event.logger as TLogger;\n const serviceDiscovery = ServiceDiscovery.getInstance<\n ServiceRecord<TServices>,\n TLogger\n >(logger, this.envParser);\n\n // Create audit context if audit storage is configured\n const auditContext = await createAuditContext(\n this.endpoint,\n serviceDiscovery,\n logger,\n {\n session: event.session,\n header: event.header,\n cookie: event.cookie,\n services: event.services as Record<string, unknown>,\n },\n );\n\n // Warn if declarative audits are configured but no audit storage\n const audits = this.endpoint.audits as MappedAudit<\n TAuditAction,\n TOutSchema\n >[];\n if (!auditContext && audits?.length) {\n logger.warn('No auditor storage service available');\n }\n\n // Get pre-resolved database from middleware\n const rawDb = (event as any).db;\n\n // Execute handler with automatic audit transaction support\n const result = await executeWithAuditTransaction(\n auditContext,\n async (auditor) => {\n // Use audit transaction as db only if the storage uses the same database service\n const sameDatabase =\n auditContext?.storage?.databaseServiceName &&\n auditContext.storage.databaseServiceName ===\n this.endpoint.databaseService?.serviceName;\n const db = sameDatabase\n ? (auditor?.getTransaction?.() ?? rawDb)\n : rawDb;\n\n const responseBuilder = new ResponseBuilder();\n const response = await this.endpoint.handler(\n {\n header: event.header,\n cookie: event.cookie,\n logger: event.logger,\n services: event.services,\n session: event.session,\n auditor,\n db,\n ...input,\n } as any,\n responseBuilder,\n );\n\n // Check if response has metadata\n let data = response;\n let metadata = responseBuilder.getMetadata();\n\n if (Endpoint.hasMetadata(response)) {\n data = response.data;\n metadata = response.metadata;\n }\n\n const output = this.endpoint.outputSchema\n ? await this.endpoint.parseOutput(data)\n : undefined;\n\n return { output, metadata, responseBuilder };\n },\n // Process declarative audits after handler (inside transaction)\n async (result, auditor) => {\n if (!audits?.length) return;\n\n for (const audit of audits) {\n if (audit.when && !audit.when(result.output as any)) {\n continue;\n }\n const payload = audit.payload(result.output as any);\n const entityId = audit.entityId?.(result.output as any);\n auditor.audit(audit.type as any, payload as any, {\n table: audit.table,\n entityId,\n });\n }\n },\n // Pass rawDb so storage can reuse existing transactions\n { db: rawDb },\n );\n\n const { output, metadata } = result;\n const body = output !== undefined ? JSON.stringify(output) : undefined;\n\n // Store response for middleware access\n (event as any).__response = output;\n\n // Build response with metadata\n const lambdaResponse: AmazonApiGatewayEndpointHandlerResponse = {\n statusCode: metadata.status ?? this.endpoint.status,\n body,\n };\n\n // Add custom headers\n if (metadata.headers && Object.keys(metadata.headers).length > 0) {\n lambdaResponse.headers = { ...metadata.headers };\n }\n\n // Format cookies as Set-Cookie headers\n if (metadata.cookies && metadata.cookies.size > 0) {\n const setCookieHeaders: string[] = [];\n for (const [name, { value, options }] of metadata.cookies) {\n setCookieHeaders.push(\n Endpoint.formatCookieHeader(name, value, options),\n );\n }\n\n if (setCookieHeaders.length > 0) {\n lambdaResponse.multiValueHeaders = {\n ...lambdaResponse.multiValueHeaders,\n 'Set-Cookie': setCookieHeaders,\n };\n }\n }\n\n return lambdaResponse;\n }\n\n get handler() {\n const handler = this._handler.bind(this);\n return middy(handler)\n .use(this.logger())\n .use(this.error())\n .use(this.services())\n .use(this.input())\n .use(this.database())\n .use(this.session())\n .use(this.authorize())\n .use(this.events()) as unknown as THandler;\n }\n}\n\nexport type Event<\n TEvent extends APIGatewayProxyEvent | APIGatewayProxyEventV2,\n TInput extends EndpointSchemas = {},\n TServices extends Service[] = [],\n TLogger extends Logger = Logger,\n TSession = unknown,\n> = {\n services: ServiceRecord<TServices>;\n logger: TLogger;\n header: HeaderFn;\n cookie: CookieFn;\n session: TSession;\n} & TEvent &\n InferComposableStandardSchema<TInput>;\n\ntype Middleware<\n TEvent extends APIGatewayProxyEvent | APIGatewayProxyEventV2,\n TInput extends EndpointSchemas = {},\n TServices extends Service[] = [],\n TLogger extends Logger = Logger,\n TSession = unknown,\n> = MiddlewareObj<Event<TEvent, TInput, TServices, TLogger, TSession>>;\n\nexport type AmazonApiGatewayEndpointHandlerResponse = {\n statusCode: number;\n body: string | undefined;\n headers?: Record<string, string>;\n multiValueHeaders?: Record<string, string[]>;\n};\n\nexport type LoggerContext = {\n fn: {\n name: string;\n version: string;\n };\n req: {\n id: string | undefined;\n awsRequestId: string;\n path: string;\n ip: string | undefined;\n userAgent: string | undefined;\n };\n};\n\nexport type GetInputResponse = {\n body: any;\n query: any;\n params: any;\n};\n\nexport type AmazonApiGatewayV1EndpointHandler = (\n event: APIGatewayProxyEvent,\n context: Context,\n) => Promise<AmazonApiGatewayEndpointHandlerResponse>;\n\nexport type AmazonApiGatewayV2EndpointHandler = (\n event: APIGatewayProxyEventV2,\n context: Context,\n) => Promise<AmazonApiGatewayEndpointHandlerResponse>;\n\nexport type HandlerEvent<T extends Function> = T extends (\n event: infer E,\n context: Context,\n) => any\n ? E\n : never;\n"],"mappings":";;;;;;;;;;AAyCA,IAAsB,2BAAtB,MAoBE;CACA,YACYA,WACSC,UAcnB;EAfU;EACS;CAcjB;CAEJ,AAAQ,QAAwD;AAC9D,SAAO,EACL,SAAS,CAAC,QAAQ;AAChB,IAAC,IAAI,MAAM,UAAU,KAAK,SAAS,QAAQ,MACzC,IAAI,SAAS,CAAE,GACf,2BACD;GACD,MAAM,eAAe,kCAAU,IAAI,MAAM;AAGzC,OAAI,WAAW;IACb,YAAY,aAAa;IACzB,MAAM,aAAa;GACpB;EACF,EACF;CACF;CAGD,AAAQ,QAAwD;AAC9D,SAAO,EACL,QAAQ,OAAO,QAAQ;AACrB,OAAI;IACF,MAAM,EAAE,MAAM,OAAO,QAAQ,GAAG,KAAK,SAAS,IAAI,MAAM;IACxD,MAAM,UAAU,IAAI,MAAM;IAC1B,MAAM,SAAS,0BAAS,cAAc,QAAQ;IAC9C,MAAM,SAAS,0BAAS,cAAc,QAAQ,OAAO;AAErD,4BAAI,IAAI,OAAO,QAAQ,MAAM,KAAK,SAAS,WAAW,MAAM,OAAO,CAAC;AAEpE,4BACE,IAAI,OACJ,SACA,MAAM,KAAK,SAAS,WAAW,OAAO,QAAQ,CAC/C;AACD,4BACE,IAAI,OACJ,UACA,MAAM,KAAK,SAAS,WAAW,QAAQ,SAAS,CACjD;AACD,4BAAI,IAAI,OAAO,UAAU,OAAO;AAChC,4BAAI,IAAI,OAAO,UAAU,OAAO;GACjC,SAAQ,OAAO;AAEd,QAAI,gBAAgB,UAAU,YAAY,MAAM,QAAQ,MAAM,CAC5D,OAAM,IAAIC,4CAAyB,qBAAqB;AAE1D,UAAM;GACP;EACF,EACF;CACF;CAID,AAAQ,SAAyD;AAC/D,SAAO,EACL,QAAQ,CAAC,QAAQ;AACf,OAAI,MAAM,SAAS,KAAK,SAAS,OAAO,MAAM;IAC5C,OAAO,KAAK,SAAS;IACrB,MAAM,IAAI,MAAM,SAAS;IACzB,QAAQ,KAAK,SAAS;IACtB,GAAG,KAAK,iBAAiB,IAAI,OAAO,IAAI,QAAQ;GACjD,EAAC;EACH,EACF;CACF;CACD,AAAQ,WAA2D;AACjE,SAAO,EACL,QAAQ,OAAO,QAAQ;GACrB,MAAM,SAAS,IAAI,MAAM;GACzB,MAAM,mBAAmB,sCAAiB,YAGxC,QAAQ,KAAK,UAAU;GAEzB,MAAM,WAAW,MAAM,iBAAiB,SACtC,KAAK,SAAS,SACf;AAED,OAAI,MAAM,WAAW;EACtB,EACF;CACF;CAED,AAAQ,YAA4D;AAClE,SAAO,EACL,QAAQ,OAAO,QAAQ;GACrB,MAAM,SAAS,IAAI,MAAM;GACzB,MAAM,WAAW,IAAI,MAAM;GAC3B,MAAM,SAAS,IAAI,MAAM;GACzB,MAAM,SAAS,IAAI,MAAM;GACzB,MAAM,UAAU,IAAI,MAAM;GAE1B,MAAM,eAAe,MAAM,KAAK,SAAS,UAAU;IACjD;IACA;IACA;IACA;IACA;GACD,EAAC;AAEF,QAAK,cAAc;AACjB,WAAO,KAAK,8BAA8B;AAC1C,UAAM,IAAIC,qCACR,uCACA;GAEH;EACF,EACF;CACF;CAED,AAAQ,WAA2D;AACjE,SAAO,EACL,QAAQ,OAAO,QAAQ;AACrB,QAAK,KAAK,SAAS,gBACjB;GAGF,MAAM,SAAS,IAAI,MAAM;GACzB,MAAM,mBAAmB,sCAAiB,YAGxC,QAAQ,KAAK,UAAU;GAEzB,MAAM,KAAK,MAAM,iBACd,SAAS,CAAC,KAAK,SAAS,eAAgB,EAAC,CACzC,KACC,CAAC,MACC,EAAE,KAAK,SAAS,gBAAiB,aACpC;AAEH,GAAC,IAAI,MAAc,KAAK;EACzB,EACF;CACF;CAED,AAAQ,UAA0D;AAChE,SAAO,EACL,QAAQ,OAAO,QAAQ;GACrB,MAAM,SAAS,IAAI,MAAM;GACzB,MAAM,WAAW,IAAI,MAAM;GAC3B,MAAM,KAAM,IAAI,MAAc;AAC9B,OAAI,MAAM,UAAW,MAAM,KAAK,SAAS,WAAW;IAClD;IACA;IACA,QAAQ,IAAI,MAAM;IAClB,QAAQ,IAAI,MAAM;IAClB,GAAI,iBAAoB,EAAE,GAAI;GAC/B,EAAQ;EACV,EACF;CACF;CAED,AAAQ,SAAyD;AAC/D,SAAO,EACL,OAAO,OAAO,QAAQ;GACpB,MAAM,QAAQ,IAAI;GAClB,MAAM,WAAY,MACf;GACH,MAAM,aAAa,IAAI,UAAU,cAAc,KAAK,SAAS;AAI7D,OAAI,0BAAS,gBAAgB,WAAW,EAAE;IACxC,MAAM,SAAS,MAAM;IACrB,MAAM,mBAAmB,sCAAiB,YAGxC,QAAQ,KAAK,UAAU;AAGzB,UAAM,yCACJ,KAAK,UACL,UACA,kBACA,OACD;GACF;EACF,EACF;CACF;CAED,MAAc,SACZC,OACA;EACA,MAAM,QAAQ,KAAK,SAAS,YAAY,MAAM;EAC9C,MAAM,SAAS,MAAM;EACrB,MAAM,mBAAmB,sCAAiB,YAGxC,QAAQ,KAAK,UAAU;EAGzB,MAAM,eAAe,MAAM,yCACzB,KAAK,UACL,kBACA,QACA;GACE,SAAS,MAAM;GACf,QAAQ,MAAM;GACd,QAAQ,MAAM;GACd,UAAU,MAAM;EACjB,EACF;EAGD,MAAM,SAAS,KAAK,SAAS;AAI7B,OAAK,gBAAgB,QAAQ,OAC3B,QAAO,KAAK,uCAAuC;EAIrD,MAAM,QAAS,MAAc;EAG7B,MAAM,SAAS,MAAM,kDACnB,cACA,OAAO,YAAY;GAEjB,MAAM,eACJ,cAAc,SAAS,uBACvB,aAAa,QAAQ,wBACnB,KAAK,SAAS,iBAAiB;GACnC,MAAM,KAAK,eACN,SAAS,kBAAkB,IAAI,QAChC;GAEJ,MAAM,kBAAkB,IAAIC;GAC5B,MAAM,WAAW,MAAM,KAAK,SAAS,QACnC;IACE,QAAQ,MAAM;IACd,QAAQ,MAAM;IACd,QAAQ,MAAM;IACd,UAAU,MAAM;IAChB,SAAS,MAAM;IACf;IACA;IACA,GAAG;GACJ,GACD,gBACD;GAGD,IAAI,OAAO;GACX,IAAIC,aAAW,gBAAgB,aAAa;AAE5C,OAAI,0BAAS,YAAY,SAAS,EAAE;AAClC,WAAO,SAAS;AAChB,iBAAW,SAAS;GACrB;GAED,MAAMC,WAAS,KAAK,SAAS,eACzB,MAAM,KAAK,SAAS,YAAY,KAAK;AAGzC,UAAO;IAAE;IAAQ;IAAU;GAAiB;EAC7C,GAED,OAAOC,UAAQ,YAAY;AACzB,QAAK,QAAQ,OAAQ;AAErB,QAAK,MAAM,SAAS,QAAQ;AAC1B,QAAI,MAAM,SAAS,MAAM,KAAKA,SAAO,OAAc,CACjD;IAEF,MAAM,UAAU,MAAM,QAAQA,SAAO,OAAc;IACnD,MAAM,WAAW,MAAM,WAAWA,SAAO,OAAc;AACvD,YAAQ,MAAM,MAAM,MAAa,SAAgB;KAC/C,OAAO,MAAM;KACb;IACD,EAAC;GACH;EACF,GAED,EAAE,IAAI,MAAO,EACd;EAED,MAAM,EAAE,QAAQ,UAAU,GAAG;EAC7B,MAAM,OAAO,oBAAuB,KAAK,UAAU,OAAO;AAG1D,EAAC,MAAc,aAAa;EAG5B,MAAMC,iBAA0D;GAC9D,YAAY,SAAS,UAAU,KAAK,SAAS;GAC7C;EACD;AAGD,MAAI,SAAS,WAAW,OAAO,KAAK,SAAS,QAAQ,CAAC,SAAS,EAC7D,gBAAe,UAAU,EAAE,GAAG,SAAS,QAAS;AAIlD,MAAI,SAAS,WAAW,SAAS,QAAQ,OAAO,GAAG;GACjD,MAAMC,mBAA6B,CAAE;AACrC,QAAK,MAAM,CAAC,MAAM,EAAE,OAAO,SAAS,CAAC,IAAI,SAAS,QAChD,kBAAiB,KACf,0BAAS,mBAAmB,MAAM,OAAO,QAAQ,CAClD;AAGH,OAAI,iBAAiB,SAAS,EAC5B,gBAAe,oBAAoB;IACjC,GAAG,eAAe;IAClB,cAAc;GACf;EAEJ;AAED,SAAO;CACR;CAED,IAAI,UAAU;EACZ,MAAM,UAAU,KAAK,SAAS,KAAK,KAAK;AACxC,SAAO,0BAAM,QAAQ,CAClB,IAAI,KAAK,QAAQ,CAAC,CAClB,IAAI,KAAK,OAAO,CAAC,CACjB,IAAI,KAAK,UAAU,CAAC,CACpB,IAAI,KAAK,OAAO,CAAC,CACjB,IAAI,KAAK,UAAU,CAAC,CACpB,IAAI,KAAK,SAAS,CAAC,CACnB,IAAI,KAAK,WAAW,CAAC,CACrB,IAAI,KAAK,QAAQ,CAAC;CACtB;AACF"}

package/dist/AmazonApiGatewayEndpointAdaptor-Cm4iD199.mjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"AmazonApiGatewayEndpointAdaptor-Cm4iD199.mjs","names":["envParser: EnvironmentParser<{}>","endpoint: Endpoint<\n TRoute,\n TMethod,\n TInput,\n TOutSchema,\n TServices,\n TLogger,\n TSession,\n TEventPublisher,\n TEventPublisherServiceName,\n TAuditStorage,\n TAuditStorageServiceName,\n TAuditAction\n >","event: Event<TEvent, TInput, TServices, TLogger, TSession>","metadata","output","result","lambdaResponse: AmazonApiGatewayEndpointHandlerResponse","setCookieHeaders: string[]"],"sources":["../src/endpoints/AmazonApiGatewayEndpointAdaptor.ts"],"sourcesContent":["import type { AuditStorage, AuditableAction } from '@geekmidas/audit';\nimport type { Logger } from '@geekmidas/logger';\nimport type { StandardSchemaV1 } from '@standard-schema/spec';\nimport type { HttpMethod } from '../types';\nimport { Endpoint, type EndpointSchemas, ResponseBuilder } from './Endpoint';\n\nimport type { EnvironmentParser } from '@geekmidas/envkit';\nimport middy, { type MiddlewareObj } from '@middy/core';\nimport type {\n APIGatewayProxyEvent,\n APIGatewayProxyEventV2,\n Context,\n} from 'aws-lambda';\nimport set from 'lodash.set';\n\nimport {\n UnauthorizedError,\n UnprocessableEntityError,\n wrapError,\n} from '@geekmidas/errors';\nimport type { EventPublisher } from '@geekmidas/events';\nimport {\n type Service,\n ServiceDiscovery,\n type ServiceRecord,\n} from '@geekmidas/services';\n\nimport type {\n InferComposableStandardSchema,\n InferStandardSchema,\n} from '@geekmidas/schema';\nimport { publishConstructEvents } from '../publisher';\nimport type { CookieFn, HeaderFn } from './Endpoint';\nimport type { MappedAudit } from './audit';\nimport {\n createAuditContext,\n executeWithAuditTransaction,\n} from './processAudits';\n\n// Helper function to publish events\n\nexport abstract class AmazonApiGatewayEndpoint<\n THandler extends\n | AmazonApiGatewayV1EndpointHandler\n | AmazonApiGatewayV2EndpointHandler,\n TEvent extends HandlerEvent<THandler>,\n TRoute extends string,\n TMethod extends HttpMethod,\n TInput extends EndpointSchemas = {},\n TOutSchema extends StandardSchemaV1 | undefined = undefined,\n TServices extends Service[] = [],\n TLogger extends Logger = Logger,\n TSession = unknown,\n TEventPublisher extends EventPublisher<any> | undefined = undefined,\n TEventPublisherServiceName extends string = string,\n TAuditStorage extends AuditStorage | undefined = undefined,\n TAuditStorageServiceName extends string = string,\n TAuditAction extends AuditableAction<string, unknown> = AuditableAction<\n string,\n unknown\n >,\n> {\n constructor(\n protected envParser: EnvironmentParser<{}>,\n protected readonly endpoint: Endpoint<\n TRoute,\n TMethod,\n TInput,\n TOutSchema,\n TServices,\n TLogger,\n TSession,\n TEventPublisher,\n TEventPublisherServiceName,\n TAuditStorage,\n TAuditStorageServiceName,\n TAuditAction\n >,\n ) {}\n\n private error(): Middleware<TEvent, TInput, TServices, TLogger> {\n return {\n onError: (req) => {\n (req.event.logger || this.endpoint.logger).error(\n req.error || {},\n 'Error processing request',\n );\n const wrappedError = wrapError(req.error);\n\n // Set the response with the proper status code from the HttpError\n req.response = {\n statusCode: wrappedError.statusCode,\n body: wrappedError.body,\n };\n },\n };\n }\n abstract getInput(e: TEvent): GetInputResponse;\n\n private input(): Middleware<TEvent, TInput, TServices, TLogger> {\n return {\n before: async (req) => {\n try {\n const { body, query, params } = this.getInput(req.event);\n const headers = req.event.headers as Record<string, string>;\n const header = Endpoint.createHeaders(headers);\n const cookie = Endpoint.createCookies(headers.cookie);\n\n set(req.event, 'body', await this.endpoint.parseInput(body, 'body'));\n\n set(\n req.event,\n 'query',\n await this.endpoint.parseInput(query, 'query'),\n );\n set(\n req.event,\n 'params',\n await this.endpoint.parseInput(params, 'params'),\n );\n set(req.event, 'header', header);\n set(req.event, 'cookie', cookie);\n } catch (error) {\n // Convert validation errors to 422 Unprocessable Entity\n if (error && typeof error === 'object' && Array.isArray(error)) {\n throw new UnprocessableEntityError('Validation failed', error);\n }\n throw error;\n }\n },\n };\n }\n\n abstract getLoggerContext(data: TEvent, context: Context): LoggerContext;\n\n private logger(): Middleware<TEvent, TInput, TServices, TLogger> {\n return {\n before: (req) => {\n req.event.logger = this.endpoint.logger.child({\n route: this.endpoint.route,\n host: req.event.headers?.host,\n method: this.endpoint.method,\n ...this.getLoggerContext(req.event, req.context),\n }) as TLogger;\n },\n };\n }\n private services(): Middleware<TEvent, TInput, TServices, TLogger> {\n return {\n before: async (req) => {\n const logger = req.event.logger as TLogger;\n const serviceDiscovery = ServiceDiscovery.getInstance<\n ServiceRecord<TServices>,\n TLogger\n >(logger, this.envParser);\n\n const services = await serviceDiscovery.register(\n this.endpoint.services,\n );\n\n req.event.services = services;\n },\n };\n }\n\n private authorize(): Middleware<TEvent, TInput, TServices, TLogger> {\n return {\n before: async (req) => {\n const logger = req.event.logger as TLogger;\n const services = req.event.services;\n const header = req.event.header;\n const cookie = req.event.cookie;\n const session = req.event.session as TSession;\n\n const isAuthorized = await this.endpoint.authorize({\n header,\n cookie,\n services,\n logger,\n session,\n });\n\n if (!isAuthorized) {\n logger.warn('Unauthorized access attempt');\n throw new UnauthorizedError(\n 'Unauthorized access to the endpoint',\n 'You do not have permission to access this resource.',\n );\n }\n },\n };\n }\n\n private database(): Middleware<TEvent, TInput, TServices, TLogger> {\n return {\n before: async (req) => {\n if (!this.endpoint.databaseService) {\n return;\n }\n\n const logger = req.event.logger as TLogger;\n const serviceDiscovery = ServiceDiscovery.getInstance<\n ServiceRecord<TServices>,\n TLogger\n >(logger, this.envParser);\n\n const db = await serviceDiscovery\n .register([this.endpoint.databaseService])\n .then(\n (s) =>\n s[this.endpoint.databaseService!.serviceName as keyof typeof s],\n );\n\n (req.event as any).db = db;\n },\n };\n }\n\n private session(): Middleware<TEvent, TInput, TServices, TLogger> {\n return {\n before: async (req) => {\n const logger = req.event.logger as TLogger;\n const services = req.event.services;\n const db = (req.event as any).db;\n req.event.session = (await this.endpoint.getSession({\n logger,\n services,\n header: req.event.header,\n cookie: req.event.cookie,\n ...(db !== undefined && { db }),\n } as any)) as TSession;\n },\n };\n }\n\n private events(): Middleware<TEvent, TInput, TServices, TLogger> {\n return {\n after: async (req) => {\n const event = req.event;\n const response = (event as any)\n .__response as InferStandardSchema<TOutSchema>;\n const statusCode = req.response?.statusCode ?? this.endpoint.status;\n\n // Only publish events on successful responses (2xx status codes)\n // Note: Audits are processed inside the handler's transaction\n if (Endpoint.isSuccessStatus(statusCode)) {\n const logger = event.logger as TLogger;\n const serviceDiscovery = ServiceDiscovery.getInstance<\n ServiceRecord<TServices>,\n TLogger\n >(logger, this.envParser);\n\n // Publish events\n await publishConstructEvents(\n this.endpoint,\n response,\n serviceDiscovery,\n logger,\n );\n }\n },\n };\n }\n\n private async _handler(\n event: Event<TEvent, TInput, TServices, TLogger, TSession>,\n ) {\n const input = this.endpoint.refineInput(event);\n const logger = event.logger as TLogger;\n const serviceDiscovery = ServiceDiscovery.getInstance<\n ServiceRecord<TServices>,\n TLogger\n >(logger, this.envParser);\n\n // Create audit context if audit storage is configured\n const auditContext = await createAuditContext(\n this.endpoint,\n serviceDiscovery,\n logger,\n {\n session: event.session,\n header: event.header,\n cookie: event.cookie,\n services: event.services as Record<string, unknown>,\n },\n );\n\n // Warn if declarative audits are configured but no audit storage\n const audits = this.endpoint.audits as MappedAudit<\n TAuditAction,\n TOutSchema\n >[];\n if (!auditContext && audits?.length) {\n logger.warn('No auditor storage service available');\n }\n\n // Get pre-resolved database from middleware\n const rawDb = (event as any).db;\n\n // Execute handler with automatic audit transaction support\n const result = await executeWithAuditTransaction(\n auditContext,\n async (auditor) => {\n // Use audit transaction as db only if the storage uses the same database service\n const sameDatabase =\n auditContext?.storage?.databaseServiceName &&\n auditContext.storage.databaseServiceName ===\n this.endpoint.databaseService?.serviceName;\n const db = sameDatabase\n ? (auditor?.getTransaction?.() ?? rawDb)\n : rawDb;\n\n const responseBuilder = new ResponseBuilder();\n const response = await this.endpoint.handler(\n {\n header: event.header,\n cookie: event.cookie,\n logger: event.logger,\n services: event.services,\n session: event.session,\n auditor,\n db,\n ...input,\n } as any,\n responseBuilder,\n );\n\n // Check if response has metadata\n let data = response;\n let metadata = responseBuilder.getMetadata();\n\n if (Endpoint.hasMetadata(response)) {\n data = response.data;\n metadata = response.metadata;\n }\n\n const output = this.endpoint.outputSchema\n ? await this.endpoint.parseOutput(data)\n : undefined;\n\n return { output, metadata, responseBuilder };\n },\n // Process declarative audits after handler (inside transaction)\n async (result, auditor) => {\n if (!audits?.length) return;\n\n for (const audit of audits) {\n if (audit.when && !audit.when(result.output as any)) {\n continue;\n }\n const payload = audit.payload(result.output as any);\n const entityId = audit.entityId?.(result.output as any);\n auditor.audit(audit.type as any, payload as any, {\n table: audit.table,\n entityId,\n });\n }\n },\n // Pass rawDb so storage can reuse existing transactions\n { db: rawDb },\n );\n\n const { output, metadata } = result;\n const body = output !== undefined ? JSON.stringify(output) : undefined;\n\n // Store response for middleware access\n (event as any).__response = output;\n\n // Build response with metadata\n const lambdaResponse: AmazonApiGatewayEndpointHandlerResponse = {\n statusCode: metadata.status ?? this.endpoint.status,\n body,\n };\n\n // Add custom headers\n if (metadata.headers && Object.keys(metadata.headers).length > 0) {\n lambdaResponse.headers = { ...metadata.headers };\n }\n\n // Format cookies as Set-Cookie headers\n if (metadata.cookies && metadata.cookies.size > 0) {\n const setCookieHeaders: string[] = [];\n for (const [name, { value, options }] of metadata.cookies) {\n setCookieHeaders.push(\n Endpoint.formatCookieHeader(name, value, options),\n );\n }\n\n if (setCookieHeaders.length > 0) {\n lambdaResponse.multiValueHeaders = {\n ...lambdaResponse.multiValueHeaders,\n 'Set-Cookie': setCookieHeaders,\n };\n }\n }\n\n return lambdaResponse;\n }\n\n get handler() {\n const handler = this._handler.bind(this);\n return middy(handler)\n .use(this.logger())\n .use(this.error())\n .use(this.services())\n .use(this.input())\n .use(this.database())\n .use(this.session())\n .use(this.authorize())\n .use(this.events()) as unknown as THandler;\n }\n}\n\nexport type Event<\n TEvent extends APIGatewayProxyEvent | APIGatewayProxyEventV2,\n TInput extends EndpointSchemas = {},\n TServices extends Service[] = [],\n TLogger extends Logger = Logger,\n TSession = unknown,\n> = {\n services: ServiceRecord<TServices>;\n logger: TLogger;\n header: HeaderFn;\n cookie: CookieFn;\n session: TSession;\n} & TEvent &\n InferComposableStandardSchema<TInput>;\n\ntype Middleware<\n TEvent extends APIGatewayProxyEvent | APIGatewayProxyEventV2,\n TInput extends EndpointSchemas = {},\n TServices extends Service[] = [],\n TLogger extends Logger = Logger,\n TSession = unknown,\n> = MiddlewareObj<Event<TEvent, TInput, TServices, TLogger, TSession>>;\n\nexport type AmazonApiGatewayEndpointHandlerResponse = {\n statusCode: number;\n body: string | undefined;\n headers?: Record<string, string>;\n multiValueHeaders?: Record<string, string[]>;\n};\n\nexport type LoggerContext = {\n fn: {\n name: string;\n version: string;\n };\n req: {\n id: string | undefined;\n awsRequestId: string;\n path: string;\n ip: string | undefined;\n userAgent: string | undefined;\n };\n};\n\nexport type GetInputResponse = {\n body: any;\n query: any;\n params: any;\n};\n\nexport type AmazonApiGatewayV1EndpointHandler = (\n event: APIGatewayProxyEvent,\n context: Context,\n) => Promise<AmazonApiGatewayEndpointHandlerResponse>;\n\nexport type AmazonApiGatewayV2EndpointHandler = (\n event: APIGatewayProxyEventV2,\n context: Context,\n) => Promise<AmazonApiGatewayEndpointHandlerResponse>;\n\nexport type HandlerEvent<T extends Function> = T extends (\n event: infer E,\n context: Context,\n) => any\n ? E\n : never;\n"],"mappings":";;;;;;;;;AAyCA,IAAsB,2BAAtB,MAoBE;CACA,YACYA,WACSC,UAcnB;EAfU;EACS;CAcjB;CAEJ,AAAQ,QAAwD;AAC9D,SAAO,EACL,SAAS,CAAC,QAAQ;AAChB,IAAC,IAAI,MAAM,UAAU,KAAK,SAAS,QAAQ,MACzC,IAAI,SAAS,CAAE,GACf,2BACD;GACD,MAAM,eAAe,UAAU,IAAI,MAAM;AAGzC,OAAI,WAAW;IACb,YAAY,aAAa;IACzB,MAAM,aAAa;GACpB;EACF,EACF;CACF;CAGD,AAAQ,QAAwD;AAC9D,SAAO,EACL,QAAQ,OAAO,QAAQ;AACrB,OAAI;IACF,MAAM,EAAE,MAAM,OAAO,QAAQ,GAAG,KAAK,SAAS,IAAI,MAAM;IACxD,MAAM,UAAU,IAAI,MAAM;IAC1B,MAAM,SAAS,SAAS,cAAc,QAAQ;IAC9C,MAAM,SAAS,SAAS,cAAc,QAAQ,OAAO;AAErD,QAAI,IAAI,OAAO,QAAQ,MAAM,KAAK,SAAS,WAAW,MAAM,OAAO,CAAC;AAEpE,QACE,IAAI,OACJ,SACA,MAAM,KAAK,SAAS,WAAW,OAAO,QAAQ,CAC/C;AACD,QACE,IAAI,OACJ,UACA,MAAM,KAAK,SAAS,WAAW,QAAQ,SAAS,CACjD;AACD,QAAI,IAAI,OAAO,UAAU,OAAO;AAChC,QAAI,IAAI,OAAO,UAAU,OAAO;GACjC,SAAQ,OAAO;AAEd,QAAI,gBAAgB,UAAU,YAAY,MAAM,QAAQ,MAAM,CAC5D,OAAM,IAAI,yBAAyB,qBAAqB;AAE1D,UAAM;GACP;EACF,EACF;CACF;CAID,AAAQ,SAAyD;AAC/D,SAAO,EACL,QAAQ,CAAC,QAAQ;AACf,OAAI,MAAM,SAAS,KAAK,SAAS,OAAO,MAAM;IAC5C,OAAO,KAAK,SAAS;IACrB,MAAM,IAAI,MAAM,SAAS;IACzB,QAAQ,KAAK,SAAS;IACtB,GAAG,KAAK,iBAAiB,IAAI,OAAO,IAAI,QAAQ;GACjD,EAAC;EACH,EACF;CACF;CACD,AAAQ,WAA2D;AACjE,SAAO,EACL,QAAQ,OAAO,QAAQ;GACrB,MAAM,SAAS,IAAI,MAAM;GACzB,MAAM,mBAAmB,iBAAiB,YAGxC,QAAQ,KAAK,UAAU;GAEzB,MAAM,WAAW,MAAM,iBAAiB,SACtC,KAAK,SAAS,SACf;AAED,OAAI,MAAM,WAAW;EACtB,EACF;CACF;CAED,AAAQ,YAA4D;AAClE,SAAO,EACL,QAAQ,OAAO,QAAQ;GACrB,MAAM,SAAS,IAAI,MAAM;GACzB,MAAM,WAAW,IAAI,MAAM;GAC3B,MAAM,SAAS,IAAI,MAAM;GACzB,MAAM,SAAS,IAAI,MAAM;GACzB,MAAM,UAAU,IAAI,MAAM;GAE1B,MAAM,eAAe,MAAM,KAAK,SAAS,UAAU;IACjD;IACA;IACA;IACA;IACA;GACD,EAAC;AAEF,QAAK,cAAc;AACjB,WAAO,KAAK,8BAA8B;AAC1C,UAAM,IAAI,kBACR,uCACA;GAEH;EACF,EACF;CACF;CAED,AAAQ,WAA2D;AACjE,SAAO,EACL,QAAQ,OAAO,QAAQ;AACrB,QAAK,KAAK,SAAS,gBACjB;GAGF,MAAM,SAAS,IAAI,MAAM;GACzB,MAAM,mBAAmB,iBAAiB,YAGxC,QAAQ,KAAK,UAAU;GAEzB,MAAM,KAAK,MAAM,iBACd,SAAS,CAAC,KAAK,SAAS,eAAgB,EAAC,CACzC,KACC,CAAC,MACC,EAAE,KAAK,SAAS,gBAAiB,aACpC;AAEH,GAAC,IAAI,MAAc,KAAK;EACzB,EACF;CACF;CAED,AAAQ,UAA0D;AAChE,SAAO,EACL,QAAQ,OAAO,QAAQ;GACrB,MAAM,SAAS,IAAI,MAAM;GACzB,MAAM,WAAW,IAAI,MAAM;GAC3B,MAAM,KAAM,IAAI,MAAc;AAC9B,OAAI,MAAM,UAAW,MAAM,KAAK,SAAS,WAAW;IAClD;IACA;IACA,QAAQ,IAAI,MAAM;IAClB,QAAQ,IAAI,MAAM;IAClB,GAAI,iBAAoB,EAAE,GAAI;GAC/B,EAAQ;EACV,EACF;CACF;CAED,AAAQ,SAAyD;AAC/D,SAAO,EACL,OAAO,OAAO,QAAQ;GACpB,MAAM,QAAQ,IAAI;GAClB,MAAM,WAAY,MACf;GACH,MAAM,aAAa,IAAI,UAAU,cAAc,KAAK,SAAS;AAI7D,OAAI,SAAS,gBAAgB,WAAW,EAAE;IACxC,MAAM,SAAS,MAAM;IACrB,MAAM,mBAAmB,iBAAiB,YAGxC,QAAQ,KAAK,UAAU;AAGzB,UAAM,uBACJ,KAAK,UACL,UACA,kBACA,OACD;GACF;EACF,EACF;CACF;CAED,MAAc,SACZC,OACA;EACA,MAAM,QAAQ,KAAK,SAAS,YAAY,MAAM;EAC9C,MAAM,SAAS,MAAM;EACrB,MAAM,mBAAmB,iBAAiB,YAGxC,QAAQ,KAAK,UAAU;EAGzB,MAAM,eAAe,MAAM,mBACzB,KAAK,UACL,kBACA,QACA;GACE,SAAS,MAAM;GACf,QAAQ,MAAM;GACd,QAAQ,MAAM;GACd,UAAU,MAAM;EACjB,EACF;EAGD,MAAM,SAAS,KAAK,SAAS;AAI7B,OAAK,gBAAgB,QAAQ,OAC3B,QAAO,KAAK,uCAAuC;EAIrD,MAAM,QAAS,MAAc;EAG7B,MAAM,SAAS,MAAM,4BACnB,cACA,OAAO,YAAY;GAEjB,MAAM,eACJ,cAAc,SAAS,uBACvB,aAAa,QAAQ,wBACnB,KAAK,SAAS,iBAAiB;GACnC,MAAM,KAAK,eACN,SAAS,kBAAkB,IAAI,QAChC;GAEJ,MAAM,kBAAkB,IAAI;GAC5B,MAAM,WAAW,MAAM,KAAK,SAAS,QACnC;IACE,QAAQ,MAAM;IACd,QAAQ,MAAM;IACd,QAAQ,MAAM;IACd,UAAU,MAAM;IAChB,SAAS,MAAM;IACf;IACA;IACA,GAAG;GACJ,GACD,gBACD;GAGD,IAAI,OAAO;GACX,IAAIC,aAAW,gBAAgB,aAAa;AAE5C,OAAI,SAAS,YAAY,SAAS,EAAE;AAClC,WAAO,SAAS;AAChB,iBAAW,SAAS;GACrB;GAED,MAAMC,WAAS,KAAK,SAAS,eACzB,MAAM,KAAK,SAAS,YAAY,KAAK;AAGzC,UAAO;IAAE;IAAQ;IAAU;GAAiB;EAC7C,GAED,OAAOC,UAAQ,YAAY;AACzB,QAAK,QAAQ,OAAQ;AAErB,QAAK,MAAM,SAAS,QAAQ;AAC1B,QAAI,MAAM,SAAS,MAAM,KAAKA,SAAO,OAAc,CACjD;IAEF,MAAM,UAAU,MAAM,QAAQA,SAAO,OAAc;IACnD,MAAM,WAAW,MAAM,WAAWA,SAAO,OAAc;AACvD,YAAQ,MAAM,MAAM,MAAa,SAAgB;KAC/C,OAAO,MAAM;KACb;IACD,EAAC;GACH;EACF,GAED,EAAE,IAAI,MAAO,EACd;EAED,MAAM,EAAE,QAAQ,UAAU,GAAG;EAC7B,MAAM,OAAO,oBAAuB,KAAK,UAAU,OAAO;AAG1D,EAAC,MAAc,aAAa;EAG5B,MAAMC,iBAA0D;GAC9D,YAAY,SAAS,UAAU,KAAK,SAAS;GAC7C;EACD;AAGD,MAAI,SAAS,WAAW,OAAO,KAAK,SAAS,QAAQ,CAAC,SAAS,EAC7D,gBAAe,UAAU,EAAE,GAAG,SAAS,QAAS;AAIlD,MAAI,SAAS,WAAW,SAAS,QAAQ,OAAO,GAAG;GACjD,MAAMC,mBAA6B,CAAE;AACrC,QAAK,MAAM,CAAC,MAAM,EAAE,OAAO,SAAS,CAAC,IAAI,SAAS,QAChD,kBAAiB,KACf,SAAS,mBAAmB,MAAM,OAAO,QAAQ,CAClD;AAGH,OAAI,iBAAiB,SAAS,EAC5B,gBAAe,oBAAoB;IACjC,GAAG,eAAe;IAClB,cAAc;GACf;EAEJ;AAED,SAAO;CACR;CAED,IAAI,UAAU;EACZ,MAAM,UAAU,KAAK,SAAS,KAAK,KAAK;AACxC,SAAO,MAAM,QAAQ,CAClB,IAAI,KAAK,QAAQ,CAAC,CAClB,IAAI,KAAK,OAAO,CAAC,CACjB,IAAI,KAAK,UAAU,CAAC,CACpB,IAAI,KAAK,OAAO,CAAC,CACjB,IAAI,KAAK,UAAU,CAAC,CACpB,IAAI,KAAK,SAAS,CAAC,CACnB,IAAI,KAAK,WAAW,CAAC,CACrB,IAAI,KAAK,QAAQ,CAAC;CACtB;AACF"}