@geekmidas/constructs 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (97) hide show
  1. package/dist/{Authorizer-BgjU8-z6.mjs → Authorizer-4unKN3Xn.mjs} +1 -1
  2. package/dist/{Authorizer-BgjU8-z6.mjs.map → Authorizer-4unKN3Xn.mjs.map} +1 -1
  3. package/dist/{Authorizer-BXxBee2P.cjs → Authorizer-Dx57psuM.cjs} +1 -1
  4. package/dist/{Authorizer-BXxBee2P.cjs.map → Authorizer-Dx57psuM.cjs.map} +1 -1
  5. package/dist/{EndpointBuilder-AnXrzD5x.mjs → EndpointBuilder-DCuWPL1Y.mjs} +3 -3
  6. package/dist/{EndpointBuilder-AnXrzD5x.mjs.map → EndpointBuilder-DCuWPL1Y.mjs.map} +1 -1
  7. package/dist/{EndpointBuilder-D78r9OdH.cjs → EndpointBuilder-cRdLfmZM.cjs} +3 -3
  8. package/dist/{EndpointBuilder-D78r9OdH.cjs.map → EndpointBuilder-cRdLfmZM.cjs.map} +1 -1
  9. package/dist/{EndpointFactory-DM7M-dXl.mjs → EndpointFactory-B-8ff3mx.mjs} +2 -2
  10. package/dist/{EndpointFactory-DM7M-dXl.mjs.map → EndpointFactory-B-8ff3mx.mjs.map} +1 -1
  11. package/dist/{EndpointFactory-JAAwZkm1.cjs → EndpointFactory-Cq9dzVVZ.cjs} +2 -2
  12. package/dist/{EndpointFactory-JAAwZkm1.cjs.map → EndpointFactory-Cq9dzVVZ.cjs.map} +1 -1
  13. package/dist/{HonoEndpointAdaptor-o9kpq82r.d.mts → HonoEndpointAdaptor-CFMUv0Tq.d.mts} +3 -3
  14. package/dist/{HonoEndpointAdaptor-D8wm9wxr.d.cts.map → HonoEndpointAdaptor-CFMUv0Tq.d.mts.map} +1 -1
  15. package/dist/{HonoEndpointAdaptor-D8wm9wxr.d.cts → HonoEndpointAdaptor-DfqWGhi6.d.cts} +3 -3
  16. package/dist/{HonoEndpointAdaptor-o9kpq82r.d.mts.map → HonoEndpointAdaptor-DfqWGhi6.d.cts.map} +1 -1
  17. package/dist/{Subscriber-DzWR7J0h.mjs → Subscriber-0vyZuG15.mjs} +1 -1
  18. package/dist/{Subscriber-DzWR7J0h.mjs.map → Subscriber-0vyZuG15.mjs.map} +1 -1
  19. package/dist/{Subscriber-Dch2_sA6.cjs → Subscriber-hQ0Q-_XB.cjs} +1 -1
  20. package/dist/{Subscriber-Dch2_sA6.cjs.map → Subscriber-hQ0Q-_XB.cjs.map} +1 -1
  21. package/dist/{SubscriberBuilder-C-2L2FCF.mjs → SubscriberBuilder-CSXdu_z7.mjs} +2 -2
  22. package/dist/{SubscriberBuilder-C-2L2FCF.mjs.map → SubscriberBuilder-CSXdu_z7.mjs.map} +1 -1
  23. package/dist/{SubscriberBuilder-89waFhqt.cjs → SubscriberBuilder-gjF65o4i.cjs} +2 -2
  24. package/dist/{SubscriberBuilder-89waFhqt.cjs.map → SubscriberBuilder-gjF65o4i.cjs.map} +1 -1
  25. package/dist/adaptors/aws.d.cts +1 -1
  26. package/dist/adaptors/aws.d.mts +1 -1
  27. package/dist/adaptors/hono.d.cts +2 -2
  28. package/dist/adaptors/hono.d.mts +2 -2
  29. package/dist/adaptors/testing.d.cts +1 -1
  30. package/dist/adaptors/testing.d.mts +1 -1
  31. package/dist/crons/Cron.d.cts +1 -1
  32. package/dist/crons/Cron.d.mts +1 -1
  33. package/dist/crons/CronBuilder.d.cts +1 -1
  34. package/dist/crons/CronBuilder.d.mts +1 -1
  35. package/dist/crons/index.d.cts +5 -5
  36. package/dist/crons/index.d.cts.map +1 -1
  37. package/dist/crons/index.d.mts +5 -5
  38. package/dist/endpoints/AmazonApiGatewayEndpointAdaptor.d.cts +1 -1
  39. package/dist/endpoints/AmazonApiGatewayEndpointAdaptor.d.mts +1 -1
  40. package/dist/endpoints/AmazonApiGatewayV1EndpointAdaptor.d.cts +1 -1
  41. package/dist/endpoints/AmazonApiGatewayV1EndpointAdaptor.d.mts +1 -1
  42. package/dist/endpoints/AmazonApiGatewayV2EndpointAdaptor.d.cts +1 -1
  43. package/dist/endpoints/AmazonApiGatewayV2EndpointAdaptor.d.mts +1 -1
  44. package/dist/endpoints/Authorizer.cjs +1 -1
  45. package/dist/endpoints/Authorizer.mjs +1 -1
  46. package/dist/endpoints/Endpoint.d.cts +1 -1
  47. package/dist/endpoints/Endpoint.d.mts +1 -1
  48. package/dist/endpoints/EndpointBuilder.cjs +3 -3
  49. package/dist/endpoints/EndpointBuilder.d.cts +1 -1
  50. package/dist/endpoints/EndpointBuilder.d.mts +1 -1
  51. package/dist/endpoints/EndpointBuilder.mjs +3 -3
  52. package/dist/endpoints/EndpointFactory.cjs +4 -4
  53. package/dist/endpoints/EndpointFactory.d.cts +1 -1
  54. package/dist/endpoints/EndpointFactory.d.mts +1 -1
  55. package/dist/endpoints/EndpointFactory.mjs +4 -4
  56. package/dist/endpoints/HonoEndpointAdaptor.d.cts +2 -2
  57. package/dist/endpoints/HonoEndpointAdaptor.d.mts +2 -2
  58. package/dist/endpoints/TestEndpointAdaptor.d.cts +1 -1
  59. package/dist/endpoints/TestEndpointAdaptor.d.mts +1 -1
  60. package/dist/endpoints/audit.d.cts +1 -1
  61. package/dist/endpoints/audit.d.mts +1 -1
  62. package/dist/endpoints/helpers.d.cts +1 -1
  63. package/dist/endpoints/helpers.d.mts +1 -1
  64. package/dist/endpoints/index.cjs +4 -4
  65. package/dist/endpoints/index.d.cts +3 -3
  66. package/dist/endpoints/index.d.mts +3 -3
  67. package/dist/endpoints/index.mjs +4 -4
  68. package/dist/endpoints/lazyAccessors.d.cts +1 -1
  69. package/dist/endpoints/lazyAccessors.d.mts +1 -1
  70. package/dist/endpoints/processAudits.d.cts +1 -1
  71. package/dist/endpoints/processAudits.d.mts +1 -1
  72. package/dist/endpoints/rls.cjs +1 -1
  73. package/dist/endpoints/rls.d.cts +1 -1
  74. package/dist/endpoints/rls.d.mts +1 -1
  75. package/dist/endpoints/rls.mjs +1 -1
  76. package/dist/functions/index.d.cts +1 -1
  77. package/dist/functions/index.d.mts +1 -1
  78. package/dist/index-9GWQn-cQ.d.mts +12 -0
  79. package/dist/{index-BEqSUHHX.d.mts.map → index-9GWQn-cQ.d.mts.map} +1 -1
  80. package/dist/{index-BEqSUHHX.d.mts → index-BqE9HtpM.d.cts} +2 -2
  81. package/dist/{index-CQca-Mgc.d.cts.map → index-BqE9HtpM.d.cts.map} +1 -1
  82. package/dist/{rls-C0cWOnk4.mjs → rls-7XXX7DvY.mjs} +1 -1
  83. package/dist/{rls-C0cWOnk4.mjs.map → rls-7XXX7DvY.mjs.map} +1 -1
  84. package/dist/{rls-BrywnrQb.cjs → rls-DxFqdIA0.cjs} +1 -1
  85. package/dist/{rls-BrywnrQb.cjs.map → rls-DxFqdIA0.cjs.map} +1 -1
  86. package/dist/subscribers/Subscriber.cjs +1 -1
  87. package/dist/subscribers/Subscriber.mjs +1 -1
  88. package/dist/subscribers/SubscriberBuilder.cjs +2 -2
  89. package/dist/subscribers/SubscriberBuilder.mjs +2 -2
  90. package/dist/subscribers/index.cjs +2 -2
  91. package/dist/subscribers/index.d.cts +2 -2
  92. package/dist/subscribers/index.d.mts +2 -2
  93. package/dist/subscribers/index.d.mts.map +1 -1
  94. package/dist/subscribers/index.mjs +2 -2
  95. package/package.json +10 -10
  96. package/tsconfig.tsbuildinfo +1 -1
  97. package/dist/index-CQca-Mgc.d.cts +0 -12
package/dist/{Authorizer-BgjU8-z6.mjs → Authorizer-4unKN3Xn.mjs} RENAMED
@@ -65,4 +65,4 @@ function getSecurityScheme(name, customSchemes) {
65
65
 
66
66
  //#endregion
67
67
  export { BUILT_IN_SECURITY_SCHEMES, createAuthorizer, getSecurityScheme, isBuiltInSecurityScheme };
68
- //# sourceMappingURL=Authorizer-BgjU8-z6.mjs.map
68
+ //# sourceMappingURL=Authorizer-4unKN3Xn.mjs.map
package/dist/{Authorizer-BgjU8-z6.mjs.map → Authorizer-4unKN3Xn.mjs.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"Authorizer-BgjU8-z6.mjs","names":["name: string","options?: Omit<Authorizer, 'name'>","customSchemes?: Record<string, SecurityScheme>"],"sources":["../src/endpoints/Authorizer.ts"],"sourcesContent":["/**\n * OpenAPI 3.1 compliant security scheme definition.\n * @see https://spec.openapis.org/oas/v3.1.0#security-scheme-object\n */\nexport interface SecurityScheme {\n\t/** The type of the security scheme */\n\ttype: 'apiKey' | 'http' | 'mutualTLS' | 'oauth2' | 'openIdConnect';\n\t/** A description for security scheme */\n\tdescription?: string;\n\t/** Required for apiKey. The name of the header, query or cookie parameter */\n\tname?: string;\n\t/** Required for apiKey. The location of the API key */\n\tin?: 'query' | 'header' | 'cookie';\n\t/** Required for http. The name of the HTTP Authorization scheme (e.g., 'bearer') */\n\tscheme?: string;\n\t/** Optional for http bearer. A hint to the format of the bearer token */\n\tbearerFormat?: string;\n\t/** Required for oauth2. An object containing configuration for the flow types */\n\tflows?: OAuthFlows;\n\t/** Required for openIdConnect. The URL to discover OAuth2 configuration */\n\topenIdConnectUrl?: string;\n\t/** Vendor extensions (e.g., x-amazon-apigateway-authtype) */\n\t[key: `x-${string}`]: unknown;\n}\n\n/**\n * OAuth2 flow configuration\n */\nexport interface OAuthFlows {\n\timplicit?: OAuthFlow;\n\tpassword?: OAuthFlow;\n\tclientCredentials?: OAuthFlow;\n\tauthorizationCode?: OAuthFlow;\n}\n\nexport interface OAuthFlow {\n\tauthorizationUrl?: string;\n\ttokenUrl?: string;\n\trefreshUrl?: string;\n\tscopes: Record<string, string>;\n}\n\n/**\n * Built-in security schemes available by default.\n * Users can use these without defining them via .securitySchemes().\n */\nexport const BUILT_IN_SECURITY_SCHEMES = {\n\tjwt: {\n\t\ttype: 'http',\n\t\tscheme: 'bearer',\n\t\tbearerFormat: 'JWT',\n\t\tdescription: 'JWT Bearer token authentication',\n\t},\n\tbearer: {\n\t\ttype: 'http',\n\t\tscheme: 'bearer',\n\t\tdescription: 'Bearer token authentication',\n\t},\n\tapiKey: {\n\t\ttype: 'apiKey',\n\t\tin: 'header',\n\t\tname: 'X-API-Key',\n\t\tdescription: 'API key authentication via header',\n\t},\n\toauth2: {\n\t\ttype: 'oauth2',\n\t\tflows: {},\n\t\tdescription: 'OAuth 2.0 authentication',\n\t},\n\toidc: {\n\t\ttype: 'openIdConnect',\n\t\topenIdConnectUrl: '',\n\t\tdescription: 'OpenID Connect authentication',\n\t},\n\tiam: {\n\t\ttype: 'apiKey',\n\t\tin: 'header',\n\t\tname: 'Authorization',\n\t\tdescription: 'AWS IAM Signature Version 4 authentication',\n\t\t'x-amazon-apigateway-authtype': 'awsSigv4',\n\t},\n} as const satisfies Record<string, SecurityScheme>;\n\n/** Names of built-in security schemes */\nexport type BuiltInSecuritySchemeId = keyof typeof BUILT_IN_SECURITY_SCHEMES;\n\n/**\n * Represents an authorizer configuration for endpoints\n */\nexport interface Authorizer {\n\t/**\n\t * Unique identifier for the authorizer\n\t */\n\tname: string;\n\t/**\n\t * The OpenAPI security scheme definition for this authorizer\n\t */\n\tsecurityScheme?: SecurityScheme;\n\t/**\n\t * Type of authorizer (e.g., 'iam', 'jwt', 'custom')\n\t * @deprecated Use securityScheme.type instead\n\t */\n\ttype?: string;\n\t/**\n\t * Description of what this authorizer does\n\t * @deprecated Use securityScheme.description instead\n\t */\n\tdescription?: string;\n\t/**\n\t * Additional metadata specific to the authorizer type\n\t * @deprecated Use securityScheme with x-* extensions instead\n\t */\n\tmetadata?: Record<string, unknown>;\n}\n\n/**\n * Helper to create an authorizer configuration\n */\nexport function createAuthorizer(\n\tname: string,\n\toptions?: Omit<Authorizer, 'name'>,\n): Authorizer {\n\treturn {\n\t\tname,\n\t\t...options,\n\t};\n}\n\n/**\n * Check if a name is a built-in security scheme\n */\nexport function isBuiltInSecurityScheme(\n\tname: string,\n): name is BuiltInSecuritySchemeId {\n\treturn name in BUILT_IN_SECURITY_SCHEMES;\n}\n\n/**\n * Get a security scheme by name (built-in or custom)\n */\nexport function getSecurityScheme(\n\tname: string,\n\tcustomSchemes?: Record<string, SecurityScheme>,\n): SecurityScheme | undefined {\n\tif (customSchemes && name in customSchemes) {\n\t\treturn customSchemes[name];\n\t}\n\tif (isBuiltInSecurityScheme(name)) {\n\t\treturn BUILT_IN_SECURITY_SCHEMES[name];\n\t}\n\treturn undefined;\n}\n"],"mappings":";;;;;AA8CA,MAAa,4BAA4B;CACxC,KAAK;EACJ,MAAM;EACN,QAAQ;EACR,cAAc;EACd,aAAa;CACb;CACD,QAAQ;EACP,MAAM;EACN,QAAQ;EACR,aAAa;CACb;CACD,QAAQ;EACP,MAAM;EACN,IAAI;EACJ,MAAM;EACN,aAAa;CACb;CACD,QAAQ;EACP,MAAM;EACN,OAAO,CAAE;EACT,aAAa;CACb;CACD,MAAM;EACL,MAAM;EACN,kBAAkB;EAClB,aAAa;CACb;CACD,KAAK;EACJ,MAAM;EACN,IAAI;EACJ,MAAM;EACN,aAAa;EACb,gCAAgC;CAChC;AACD;;;;AAqCD,SAAgB,iBACfA,MACAC,SACa;AACb,QAAO;EACN;EACA,GAAG;CACH;AACD;;;;AAKD,SAAgB,wBACfD,MACkC;AAClC,QAAO,QAAQ;AACf;;;;AAKD,SAAgB,kBACfA,MACAE,eAC6B;AAC7B,KAAI,iBAAiB,QAAQ,cAC5B,QAAO,cAAc;AAEtB,KAAI,wBAAwB,KAAK,CAChC,QAAO,0BAA0B;AAElC;AACA"}
1
+ {"version":3,"file":"Authorizer-4unKN3Xn.mjs","names":["name: string","options?: Omit<Authorizer, 'name'>","customSchemes?: Record<string, SecurityScheme>"],"sources":["../src/endpoints/Authorizer.ts"],"sourcesContent":["/**\n * OpenAPI 3.1 compliant security scheme definition.\n * @see https://spec.openapis.org/oas/v3.1.0#security-scheme-object\n */\nexport interface SecurityScheme {\n\t/** The type of the security scheme */\n\ttype: 'apiKey' | 'http' | 'mutualTLS' | 'oauth2' | 'openIdConnect';\n\t/** A description for security scheme */\n\tdescription?: string;\n\t/** Required for apiKey. The name of the header, query or cookie parameter */\n\tname?: string;\n\t/** Required for apiKey. The location of the API key */\n\tin?: 'query' | 'header' | 'cookie';\n\t/** Required for http. The name of the HTTP Authorization scheme (e.g., 'bearer') */\n\tscheme?: string;\n\t/** Optional for http bearer. A hint to the format of the bearer token */\n\tbearerFormat?: string;\n\t/** Required for oauth2. An object containing configuration for the flow types */\n\tflows?: OAuthFlows;\n\t/** Required for openIdConnect. The URL to discover OAuth2 configuration */\n\topenIdConnectUrl?: string;\n\t/** Vendor extensions (e.g., x-amazon-apigateway-authtype) */\n\t[key: `x-${string}`]: unknown;\n}\n\n/**\n * OAuth2 flow configuration\n */\nexport interface OAuthFlows {\n\timplicit?: OAuthFlow;\n\tpassword?: OAuthFlow;\n\tclientCredentials?: OAuthFlow;\n\tauthorizationCode?: OAuthFlow;\n}\n\nexport interface OAuthFlow {\n\tauthorizationUrl?: string;\n\ttokenUrl?: string;\n\trefreshUrl?: string;\n\tscopes: Record<string, string>;\n}\n\n/**\n * Built-in security schemes available by default.\n * Users can use these without defining them via .securitySchemes().\n */\nexport const BUILT_IN_SECURITY_SCHEMES = {\n\tjwt: {\n\t\ttype: 'http',\n\t\tscheme: 'bearer',\n\t\tbearerFormat: 'JWT',\n\t\tdescription: 'JWT Bearer token authentication',\n\t},\n\tbearer: {\n\t\ttype: 'http',\n\t\tscheme: 'bearer',\n\t\tdescription: 'Bearer token authentication',\n\t},\n\tapiKey: {\n\t\ttype: 'apiKey',\n\t\tin: 'header',\n\t\tname: 'X-API-Key',\n\t\tdescription: 'API key authentication via header',\n\t},\n\toauth2: {\n\t\ttype: 'oauth2',\n\t\tflows: {},\n\t\tdescription: 'OAuth 2.0 authentication',\n\t},\n\toidc: {\n\t\ttype: 'openIdConnect',\n\t\topenIdConnectUrl: '',\n\t\tdescription: 'OpenID Connect authentication',\n\t},\n\tiam: {\n\t\ttype: 'apiKey',\n\t\tin: 'header',\n\t\tname: 'Authorization',\n\t\tdescription: 'AWS IAM Signature Version 4 authentication',\n\t\t'x-amazon-apigateway-authtype': 'awsSigv4',\n\t},\n} as const satisfies Record<string, SecurityScheme>;\n\n/** Names of built-in security schemes */\nexport type BuiltInSecuritySchemeId = keyof typeof BUILT_IN_SECURITY_SCHEMES;\n\n/**\n * Represents an authorizer configuration for endpoints\n */\nexport interface Authorizer {\n\t/**\n\t * Unique identifier for the authorizer\n\t */\n\tname: string;\n\t/**\n\t * The OpenAPI security scheme definition for this authorizer\n\t */\n\tsecurityScheme?: SecurityScheme;\n\t/**\n\t * Type of authorizer (e.g., 'iam', 'jwt', 'custom')\n\t * @deprecated Use securityScheme.type instead\n\t */\n\ttype?: string;\n\t/**\n\t * Description of what this authorizer does\n\t * @deprecated Use securityScheme.description instead\n\t */\n\tdescription?: string;\n\t/**\n\t * Additional metadata specific to the authorizer type\n\t * @deprecated Use securityScheme with x-* extensions instead\n\t */\n\tmetadata?: Record<string, unknown>;\n}\n\n/**\n * Helper to create an authorizer configuration\n */\nexport function createAuthorizer(\n\tname: string,\n\toptions?: Omit<Authorizer, 'name'>,\n): Authorizer {\n\treturn {\n\t\tname,\n\t\t...options,\n\t};\n}\n\n/**\n * Check if a name is a built-in security scheme\n */\nexport function isBuiltInSecurityScheme(\n\tname: string,\n): name is BuiltInSecuritySchemeId {\n\treturn name in BUILT_IN_SECURITY_SCHEMES;\n}\n\n/**\n * Get a security scheme by name (built-in or custom)\n */\nexport function getSecurityScheme(\n\tname: string,\n\tcustomSchemes?: Record<string, SecurityScheme>,\n): SecurityScheme | undefined {\n\tif (customSchemes && name in customSchemes) {\n\t\treturn customSchemes[name];\n\t}\n\tif (isBuiltInSecurityScheme(name)) {\n\t\treturn BUILT_IN_SECURITY_SCHEMES[name];\n\t}\n\treturn undefined;\n}\n"],"mappings":";;;;;AA8CA,MAAa,4BAA4B;CACxC,KAAK;EACJ,MAAM;EACN,QAAQ;EACR,cAAc;EACd,aAAa;CACb;CACD,QAAQ;EACP,MAAM;EACN,QAAQ;EACR,aAAa;CACb;CACD,QAAQ;EACP,MAAM;EACN,IAAI;EACJ,MAAM;EACN,aAAa;CACb;CACD,QAAQ;EACP,MAAM;EACN,OAAO,CAAE;EACT,aAAa;CACb;CACD,MAAM;EACL,MAAM;EACN,kBAAkB;EAClB,aAAa;CACb;CACD,KAAK;EACJ,MAAM;EACN,IAAI;EACJ,MAAM;EACN,aAAa;EACb,gCAAgC;CAChC;AACD;;;;AAqCD,SAAgB,iBACfA,MACAC,SACa;AACb,QAAO;EACN;EACA,GAAG;CACH;AACD;;;;AAKD,SAAgB,wBACfD,MACkC;AAClC,QAAO,QAAQ;AACf;;;;AAKD,SAAgB,kBACfA,MACAE,eAC6B;AAC7B,KAAI,iBAAiB,QAAQ,cAC5B,QAAO,cAAc;AAEtB,KAAI,wBAAwB,KAAK,CAChC,QAAO,0BAA0B;AAElC;AACA"}
package/dist/{Authorizer-BXxBee2P.cjs → Authorizer-Dx57psuM.cjs} RENAMED
@@ -89,4 +89,4 @@ Object.defineProperty(exports, 'isBuiltInSecurityScheme', {
89
89
  return isBuiltInSecurityScheme;
90
90
  }
91
91
  });
92
- //# sourceMappingURL=Authorizer-BXxBee2P.cjs.map
92
+ //# sourceMappingURL=Authorizer-Dx57psuM.cjs.map
package/dist/{Authorizer-BXxBee2P.cjs.map → Authorizer-Dx57psuM.cjs.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"Authorizer-BXxBee2P.cjs","names":["name: string","options?: Omit<Authorizer, 'name'>","customSchemes?: Record<string, SecurityScheme>"],"sources":["../src/endpoints/Authorizer.ts"],"sourcesContent":["/**\n * OpenAPI 3.1 compliant security scheme definition.\n * @see https://spec.openapis.org/oas/v3.1.0#security-scheme-object\n */\nexport interface SecurityScheme {\n\t/** The type of the security scheme */\n\ttype: 'apiKey' | 'http' | 'mutualTLS' | 'oauth2' | 'openIdConnect';\n\t/** A description for security scheme */\n\tdescription?: string;\n\t/** Required for apiKey. The name of the header, query or cookie parameter */\n\tname?: string;\n\t/** Required for apiKey. The location of the API key */\n\tin?: 'query' | 'header' | 'cookie';\n\t/** Required for http. The name of the HTTP Authorization scheme (e.g., 'bearer') */\n\tscheme?: string;\n\t/** Optional for http bearer. A hint to the format of the bearer token */\n\tbearerFormat?: string;\n\t/** Required for oauth2. An object containing configuration for the flow types */\n\tflows?: OAuthFlows;\n\t/** Required for openIdConnect. The URL to discover OAuth2 configuration */\n\topenIdConnectUrl?: string;\n\t/** Vendor extensions (e.g., x-amazon-apigateway-authtype) */\n\t[key: `x-${string}`]: unknown;\n}\n\n/**\n * OAuth2 flow configuration\n */\nexport interface OAuthFlows {\n\timplicit?: OAuthFlow;\n\tpassword?: OAuthFlow;\n\tclientCredentials?: OAuthFlow;\n\tauthorizationCode?: OAuthFlow;\n}\n\nexport interface OAuthFlow {\n\tauthorizationUrl?: string;\n\ttokenUrl?: string;\n\trefreshUrl?: string;\n\tscopes: Record<string, string>;\n}\n\n/**\n * Built-in security schemes available by default.\n * Users can use these without defining them via .securitySchemes().\n */\nexport const BUILT_IN_SECURITY_SCHEMES = {\n\tjwt: {\n\t\ttype: 'http',\n\t\tscheme: 'bearer',\n\t\tbearerFormat: 'JWT',\n\t\tdescription: 'JWT Bearer token authentication',\n\t},\n\tbearer: {\n\t\ttype: 'http',\n\t\tscheme: 'bearer',\n\t\tdescription: 'Bearer token authentication',\n\t},\n\tapiKey: {\n\t\ttype: 'apiKey',\n\t\tin: 'header',\n\t\tname: 'X-API-Key',\n\t\tdescription: 'API key authentication via header',\n\t},\n\toauth2: {\n\t\ttype: 'oauth2',\n\t\tflows: {},\n\t\tdescription: 'OAuth 2.0 authentication',\n\t},\n\toidc: {\n\t\ttype: 'openIdConnect',\n\t\topenIdConnectUrl: '',\n\t\tdescription: 'OpenID Connect authentication',\n\t},\n\tiam: {\n\t\ttype: 'apiKey',\n\t\tin: 'header',\n\t\tname: 'Authorization',\n\t\tdescription: 'AWS IAM Signature Version 4 authentication',\n\t\t'x-amazon-apigateway-authtype': 'awsSigv4',\n\t},\n} as const satisfies Record<string, SecurityScheme>;\n\n/** Names of built-in security schemes */\nexport type BuiltInSecuritySchemeId = keyof typeof BUILT_IN_SECURITY_SCHEMES;\n\n/**\n * Represents an authorizer configuration for endpoints\n */\nexport interface Authorizer {\n\t/**\n\t * Unique identifier for the authorizer\n\t */\n\tname: string;\n\t/**\n\t * The OpenAPI security scheme definition for this authorizer\n\t */\n\tsecurityScheme?: SecurityScheme;\n\t/**\n\t * Type of authorizer (e.g., 'iam', 'jwt', 'custom')\n\t * @deprecated Use securityScheme.type instead\n\t */\n\ttype?: string;\n\t/**\n\t * Description of what this authorizer does\n\t * @deprecated Use securityScheme.description instead\n\t */\n\tdescription?: string;\n\t/**\n\t * Additional metadata specific to the authorizer type\n\t * @deprecated Use securityScheme with x-* extensions instead\n\t */\n\tmetadata?: Record<string, unknown>;\n}\n\n/**\n * Helper to create an authorizer configuration\n */\nexport function createAuthorizer(\n\tname: string,\n\toptions?: Omit<Authorizer, 'name'>,\n): Authorizer {\n\treturn {\n\t\tname,\n\t\t...options,\n\t};\n}\n\n/**\n * Check if a name is a built-in security scheme\n */\nexport function isBuiltInSecurityScheme(\n\tname: string,\n): name is BuiltInSecuritySchemeId {\n\treturn name in BUILT_IN_SECURITY_SCHEMES;\n}\n\n/**\n * Get a security scheme by name (built-in or custom)\n */\nexport function getSecurityScheme(\n\tname: string,\n\tcustomSchemes?: Record<string, SecurityScheme>,\n): SecurityScheme | undefined {\n\tif (customSchemes && name in customSchemes) {\n\t\treturn customSchemes[name];\n\t}\n\tif (isBuiltInSecurityScheme(name)) {\n\t\treturn BUILT_IN_SECURITY_SCHEMES[name];\n\t}\n\treturn undefined;\n}\n"],"mappings":";;;;;;AA8CA,MAAa,4BAA4B;CACxC,KAAK;EACJ,MAAM;EACN,QAAQ;EACR,cAAc;EACd,aAAa;CACb;CACD,QAAQ;EACP,MAAM;EACN,QAAQ;EACR,aAAa;CACb;CACD,QAAQ;EACP,MAAM;EACN,IAAI;EACJ,MAAM;EACN,aAAa;CACb;CACD,QAAQ;EACP,MAAM;EACN,OAAO,CAAE;EACT,aAAa;CACb;CACD,MAAM;EACL,MAAM;EACN,kBAAkB;EAClB,aAAa;CACb;CACD,KAAK;EACJ,MAAM;EACN,IAAI;EACJ,MAAM;EACN,aAAa;EACb,gCAAgC;CAChC;AACD;;;;AAqCD,SAAgB,iBACfA,MACAC,SACa;AACb,QAAO;EACN;EACA,GAAG;CACH;AACD;;;;AAKD,SAAgB,wBACfD,MACkC;AAClC,QAAO,QAAQ;AACf;;;;AAKD,SAAgB,kBACfA,MACAE,eAC6B;AAC7B,KAAI,iBAAiB,QAAQ,cAC5B,QAAO,cAAc;AAEtB,KAAI,wBAAwB,KAAK,CAChC,QAAO,0BAA0B;AAElC;AACA"}
1
+ {"version":3,"file":"Authorizer-Dx57psuM.cjs","names":["name: string","options?: Omit<Authorizer, 'name'>","customSchemes?: Record<string, SecurityScheme>"],"sources":["../src/endpoints/Authorizer.ts"],"sourcesContent":["/**\n * OpenAPI 3.1 compliant security scheme definition.\n * @see https://spec.openapis.org/oas/v3.1.0#security-scheme-object\n */\nexport interface SecurityScheme {\n\t/** The type of the security scheme */\n\ttype: 'apiKey' | 'http' | 'mutualTLS' | 'oauth2' | 'openIdConnect';\n\t/** A description for security scheme */\n\tdescription?: string;\n\t/** Required for apiKey. The name of the header, query or cookie parameter */\n\tname?: string;\n\t/** Required for apiKey. The location of the API key */\n\tin?: 'query' | 'header' | 'cookie';\n\t/** Required for http. The name of the HTTP Authorization scheme (e.g., 'bearer') */\n\tscheme?: string;\n\t/** Optional for http bearer. A hint to the format of the bearer token */\n\tbearerFormat?: string;\n\t/** Required for oauth2. An object containing configuration for the flow types */\n\tflows?: OAuthFlows;\n\t/** Required for openIdConnect. The URL to discover OAuth2 configuration */\n\topenIdConnectUrl?: string;\n\t/** Vendor extensions (e.g., x-amazon-apigateway-authtype) */\n\t[key: `x-${string}`]: unknown;\n}\n\n/**\n * OAuth2 flow configuration\n */\nexport interface OAuthFlows {\n\timplicit?: OAuthFlow;\n\tpassword?: OAuthFlow;\n\tclientCredentials?: OAuthFlow;\n\tauthorizationCode?: OAuthFlow;\n}\n\nexport interface OAuthFlow {\n\tauthorizationUrl?: string;\n\ttokenUrl?: string;\n\trefreshUrl?: string;\n\tscopes: Record<string, string>;\n}\n\n/**\n * Built-in security schemes available by default.\n * Users can use these without defining them via .securitySchemes().\n */\nexport const BUILT_IN_SECURITY_SCHEMES = {\n\tjwt: {\n\t\ttype: 'http',\n\t\tscheme: 'bearer',\n\t\tbearerFormat: 'JWT',\n\t\tdescription: 'JWT Bearer token authentication',\n\t},\n\tbearer: {\n\t\ttype: 'http',\n\t\tscheme: 'bearer',\n\t\tdescription: 'Bearer token authentication',\n\t},\n\tapiKey: {\n\t\ttype: 'apiKey',\n\t\tin: 'header',\n\t\tname: 'X-API-Key',\n\t\tdescription: 'API key authentication via header',\n\t},\n\toauth2: {\n\t\ttype: 'oauth2',\n\t\tflows: {},\n\t\tdescription: 'OAuth 2.0 authentication',\n\t},\n\toidc: {\n\t\ttype: 'openIdConnect',\n\t\topenIdConnectUrl: '',\n\t\tdescription: 'OpenID Connect authentication',\n\t},\n\tiam: {\n\t\ttype: 'apiKey',\n\t\tin: 'header',\n\t\tname: 'Authorization',\n\t\tdescription: 'AWS IAM Signature Version 4 authentication',\n\t\t'x-amazon-apigateway-authtype': 'awsSigv4',\n\t},\n} as const satisfies Record<string, SecurityScheme>;\n\n/** Names of built-in security schemes */\nexport type BuiltInSecuritySchemeId = keyof typeof BUILT_IN_SECURITY_SCHEMES;\n\n/**\n * Represents an authorizer configuration for endpoints\n */\nexport interface Authorizer {\n\t/**\n\t * Unique identifier for the authorizer\n\t */\n\tname: string;\n\t/**\n\t * The OpenAPI security scheme definition for this authorizer\n\t */\n\tsecurityScheme?: SecurityScheme;\n\t/**\n\t * Type of authorizer (e.g., 'iam', 'jwt', 'custom')\n\t * @deprecated Use securityScheme.type instead\n\t */\n\ttype?: string;\n\t/**\n\t * Description of what this authorizer does\n\t * @deprecated Use securityScheme.description instead\n\t */\n\tdescription?: string;\n\t/**\n\t * Additional metadata specific to the authorizer type\n\t * @deprecated Use securityScheme with x-* extensions instead\n\t */\n\tmetadata?: Record<string, unknown>;\n}\n\n/**\n * Helper to create an authorizer configuration\n */\nexport function createAuthorizer(\n\tname: string,\n\toptions?: Omit<Authorizer, 'name'>,\n): Authorizer {\n\treturn {\n\t\tname,\n\t\t...options,\n\t};\n}\n\n/**\n * Check if a name is a built-in security scheme\n */\nexport function isBuiltInSecurityScheme(\n\tname: string,\n): name is BuiltInSecuritySchemeId {\n\treturn name in BUILT_IN_SECURITY_SCHEMES;\n}\n\n/**\n * Get a security scheme by name (built-in or custom)\n */\nexport function getSecurityScheme(\n\tname: string,\n\tcustomSchemes?: Record<string, SecurityScheme>,\n): SecurityScheme | undefined {\n\tif (customSchemes && name in customSchemes) {\n\t\treturn customSchemes[name];\n\t}\n\tif (isBuiltInSecurityScheme(name)) {\n\t\treturn BUILT_IN_SECURITY_SCHEMES[name];\n\t}\n\treturn undefined;\n}\n"],"mappings":";;;;;;AA8CA,MAAa,4BAA4B;CACxC,KAAK;EACJ,MAAM;EACN,QAAQ;EACR,cAAc;EACd,aAAa;CACb;CACD,QAAQ;EACP,MAAM;EACN,QAAQ;EACR,aAAa;CACb;CACD,QAAQ;EACP,MAAM;EACN,IAAI;EACJ,MAAM;EACN,aAAa;CACb;CACD,QAAQ;EACP,MAAM;EACN,OAAO,CAAE;EACT,aAAa;CACb;CACD,MAAM;EACL,MAAM;EACN,kBAAkB;EAClB,aAAa;CACb;CACD,KAAK;EACJ,MAAM;EACN,IAAI;EACJ,MAAM;EACN,aAAa;EACb,gCAAgC;CAChC;AACD;;;;AAqCD,SAAgB,iBACfA,MACAC,SACa;AACb,QAAO;EACN;EACA,GAAG;CACH;AACD;;;;AAKD,SAAgB,wBACfD,MACkC;AAClC,QAAO,QAAQ;AACf;;;;AAKD,SAAgB,kBACfA,MACAE,eAC6B;AAC7B,KAAI,iBAAiB,QAAQ,cAC5B,QAAO,cAAc;AAEtB,KAAI,wBAAwB,KAAK,CAChC,QAAO,0BAA0B;AAElC;AACA"}
package/dist/{EndpointBuilder-AnXrzD5x.mjs → EndpointBuilder-DCuWPL1Y.mjs} RENAMED
@@ -1,8 +1,8 @@
1
1
  import { ConstructType } from "./Construct-CAVc_gyw.mjs";
2
2
  import { BaseFunctionBuilder } from "./BaseFunctionBuilder-yIM62QAr.mjs";
3
3
  import { Endpoint } from "./Endpoint-DWqfgcrY.mjs";
4
- import { getSecurityScheme } from "./Authorizer-BgjU8-z6.mjs";
5
- import { RLS_BYPASS } from "./rls-C0cWOnk4.mjs";
4
+ import { getSecurityScheme } from "./Authorizer-4unKN3Xn.mjs";
5
+ import { RLS_BYPASS } from "./rls-7XXX7DvY.mjs";
6
6
  import uniqBy from "lodash.uniqby";
7
7
 
8
8
  //#region src/endpoints/EndpointBuilder.ts
@@ -255,4 +255,4 @@ var EndpointBuilder = class extends BaseFunctionBuilder {
255
255
 
256
256
  //#endregion
257
257
  export { EndpointBuilder };
258
- //# sourceMappingURL=EndpointBuilder-AnXrzD5x.mjs.map
258
+ //# sourceMappingURL=EndpointBuilder-DCuWPL1Y.mjs.map
package/dist/{EndpointBuilder-AnXrzD5x.mjs.map → EndpointBuilder-DCuWPL1Y.mjs.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"EndpointBuilder-AnXrzD5x.mjs","names":["route: TRoute","method: TMethod","publisher: Service<TEventPublisherServiceName, TEventPublisher>","storage: Service<TAuditStorageServiceName, TAuditStorage>","service: Service<TDatabaseServiceName, TDatabase>","description: string","status: SuccessStatus","event: TEvent","tags: string[]","memorySize: number","publisher: Service<TName, T>","schema: T","config: RateLimitConfig","name: TAuthorizers[number] | 'none'","services: T","logger: T","storage: Service<TName, T>","extractor: ActorExtractor<TServices, TSession, TLogger>","audits: MappedAudit<TAuditAction, OutSchema>[]","service: Service<TName, T>","config: RlsConfig<TServices, TSession, TLogger> | false | RlsBypass","_schema: any","fn: EndpointHandler<\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTDatabase,\n\t\t\tTAuditStorage,\n\t\t\tTAuditAction\n\t\t>","authorizer: Authorizer | undefined"],"sources":["../src/endpoints/EndpointBuilder.ts"],"sourcesContent":["import type {\n\tAuditableAction,\n\tAuditStorage,\n\tExtractStorageAuditAction,\n} from '@geekmidas/audit';\nimport type { EventPublisher, MappedEvent } from '@geekmidas/events';\nimport type { Logger } from '@geekmidas/logger';\nimport type { RateLimitConfig } from '@geekmidas/rate-limit';\nimport type { Service } from '@geekmidas/services';\nimport type { StandardSchemaV1 } from '@standard-schema/spec';\nimport uniqBy from 'lodash.uniqby';\nimport { ConstructType } from '../Construct';\nimport { BaseFunctionBuilder } from '../functions';\nimport type { HttpMethod } from '../types';\nimport type { Authorizer, SecurityScheme } from './Authorizer';\nimport { getSecurityScheme } from './Authorizer';\nimport type { ActorExtractor, MappedAudit } from './audit';\nimport type {\n\tAuthorizeFn,\n\tEndpointHandler,\n\tSessionFn,\n\tSuccessStatus,\n} from './Endpoint';\nimport { Endpoint, type EndpointSchemas } from './Endpoint';\nimport type { RlsBypass, RlsConfig } from './rls';\nimport { RLS_BYPASS } from './rls';\n\nexport class EndpointBuilder<\n\tTRoute extends string,\n\tTMethod extends HttpMethod,\n\tTInput extends EndpointSchemas = {},\n\tTServices extends Service[] = [],\n\tTLogger extends Logger = Logger,\n\tOutSchema extends StandardSchemaV1 | undefined = undefined,\n\tTSession = unknown,\n\tTEventPublisher extends EventPublisher<any> | undefined = undefined,\n\tTEventPublisherServiceName extends string = string,\n\tTAuthorizers extends readonly string[] = readonly string[],\n\tTAuditStorage extends AuditStorage | undefined = undefined,\n\tTAuditStorageServiceName extends string = string,\n\tTAuditAction extends AuditableAction<string, unknown> = AuditableAction<\n\t\tstring,\n\t\tunknown\n\t>,\n\tTDatabase = undefined,\n\tTDatabaseServiceName extends string = string,\n> extends BaseFunctionBuilder<\n\tTInput,\n\tOutSchema,\n\tTServices,\n\tTLogger,\n\tTEventPublisher,\n\tTEventPublisherServiceName,\n\tTAuditStorage,\n\tTAuditStorageServiceName,\n\tTDatabase,\n\tTDatabaseServiceName\n> {\n\tprotected schemas: TInput = {} as TInput;\n\tprotected _description?: string;\n\tprotected _status?: SuccessStatus;\n\tprotected _tags?: string[];\n\tprotected _memorySize?: number;\n\t_getSession: SessionFn<TServices, TLogger, TSession, TDatabase> = () =>\n\t\t({}) as TSession;\n\t_authorize: AuthorizeFn<TServices, TLogger, TSession> = () => true;\n\t_rateLimit?: RateLimitConfig;\n\t_availableAuthorizers: Authorizer[] = [];\n\t_authorizerName?: TAuthorizers[number];\n\t_actorExtractor?: ActorExtractor<TServices, TSession, TLogger>;\n\t_audits: MappedAudit<TAuditAction, OutSchema>[] = [];\n\t_customSecuritySchemes: Record<string, SecurityScheme> = {};\n\t_rlsConfig?: RlsConfig<TServices, TSession, TLogger>;\n\t_rlsBypass?: boolean;\n\n\tconstructor(\n\t\treadonly route: TRoute,\n\t\treadonly method: TMethod,\n\t) {\n\t\tsuper(ConstructType.Endpoint);\n\t}\n\n\t// Internal setter for EndpointFactory to set default publisher\n\t_setPublisher(\n\t\tpublisher: Service<TEventPublisherServiceName, TEventPublisher>,\n\t) {\n\t\tthis._publisher = publisher;\n\t}\n\n\t// Internal setter for EndpointFactory to set default auditor storage\n\t_setAuditorStorage(\n\t\tstorage: Service<TAuditStorageServiceName, TAuditStorage>,\n\t) {\n\t\tthis._auditorStorage = storage;\n\t}\n\n\t// Internal setter for EndpointFactory to set default database service\n\t_setDatabaseService(service: Service<TDatabaseServiceName, TDatabase>) {\n\t\tthis._databaseService = service;\n\t}\n\n\tdescription(description: string): this {\n\t\tthis._description = description;\n\t\treturn this;\n\t}\n\n\tstatus(status: SuccessStatus): this {\n\t\tthis._status = status;\n\t\treturn this;\n\t}\n\n\toverride event<TEvent extends MappedEvent<TEventPublisher, OutSchema>>(\n\t\tevent: TEvent,\n\t): this {\n\t\tthis._events.push(event);\n\t\treturn this;\n\t}\n\n\ttags(tags: string[]): this {\n\t\tthis._tags = tags;\n\t\treturn this;\n\t}\n\n\tmemorySize(memorySize: number): this {\n\t\tthis._memorySize = memorySize;\n\t\treturn this;\n\t}\n\n\toverride publisher<T extends EventPublisher<any>, TName extends string>(\n\t\tpublisher: Service<TName, T>,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tT,\n\t\tTName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._publisher = publisher as unknown as Service<\n\t\t\tTEventPublisherServiceName,\n\t\t\tTEventPublisher\n\t\t>;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tT,\n\t\t\tTName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\tbody<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tOmit<TInput, 'body'> & { body: T },\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis.schemas.body = schema as unknown as T;\n\t\t// @ts-expect-error\n\t\treturn this;\n\t}\n\n\tsearch<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tOmit<TInput, 'query'> & { query: T },\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis.schemas.query = schema as unknown as T;\n\t\t// @ts-expect-error\n\t\treturn this;\n\t}\n\n\tquery<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tOmit<TInput, 'query'> & { query: T },\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\treturn this.search(schema);\n\t}\n\n\tparams<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tOmit<TInput, 'params'> & { params: T },\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis.schemas.params = schema as unknown as T;\n\t\t// @ts-expect-error\n\t\treturn this;\n\t}\n\n\trateLimit(config: RateLimitConfig): this {\n\t\tthis._rateLimit = config;\n\t\treturn this;\n\t}\n\n\tauthorizer(\n\t\tname: TAuthorizers[number] | 'none',\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\t// Special case: 'none' explicitly marks endpoint as having no authorizer\n\t\tif (name === 'none') {\n\t\t\tthis._authorizerName = undefined;\n\t\t\treturn this;\n\t\t}\n\n\t\t// Validate that the authorizer exists in available authorizers\n\t\tconst authorizerExists = this._availableAuthorizers.some(\n\t\t\t(a) => a.name === name,\n\t\t);\n\t\tif (!authorizerExists && this._availableAuthorizers.length > 0) {\n\t\t\tconst available = this._availableAuthorizers\n\t\t\t\t.map((a) => a.name)\n\t\t\t\t.join(', ');\n\t\t\tthrow new Error(\n\t\t\t\t`Authorizer \"${name as string}\" not found in available authorizers: ${available}`,\n\t\t\t);\n\t\t}\n\t\tthis._authorizerName = name;\n\t\treturn this;\n\t}\n\n\tservices<T extends Service[]>(\n\t\tservices: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\t[...TServices, ...T],\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._services = uniqBy(\n\t\t\t[...this._services, ...services],\n\t\t\t(s) => s.serviceName,\n\t\t) as TServices;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\t[...TServices, ...T],\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\tlogger<T extends Logger>(\n\t\tlogger: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tT,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._logger = logger as unknown as TLogger;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tT,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\toutput<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tT,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis.outputSchema = schema as unknown as OutSchema;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tT,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\t/**\n\t * Set the auditor storage service for this endpoint.\n\t * This enables audit functionality and makes `auditor` available in the handler context.\n\t * The audit action type is automatically inferred from the storage's generic parameter.\n\t */\n\toverride auditor<T extends AuditStorage<any>, TName extends string>(\n\t\tstorage: Service<TName, T>,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tT,\n\t\tTName,\n\t\tExtractStorageAuditAction<T>,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._auditorStorage = storage as unknown as Service<\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditStorage\n\t\t>;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tT,\n\t\t\tTName,\n\t\t\tExtractStorageAuditAction<T>,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\t/**\n\t * Set the actor extractor function for audit records.\n\t * The actor is extracted from the request context and attached to all audits.\n\t */\n\tactor(\n\t\textractor: ActorExtractor<TServices, TSession, TLogger>,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._actorExtractor = extractor;\n\t\treturn this;\n\t}\n\n\t/**\n\t * Add declarative audit definitions that are processed after the handler executes.\n\t * Similar to `.event()` for events, but for audits.\n\t *\n\t * @example\n\t * ```typescript\n\t * .audit<AppAuditAction>([\n\t * {\n\t * type: 'user.created',\n\t * payload: (response) => ({ userId: response.id, email: response.email }),\n\t * when: (response) => response.active,\n\t * entityId: (response) => response.id,\n\t * table: 'users',\n\t * },\n\t * ])\n\t * ```\n\t */\n\taudit(audits: MappedAudit<TAuditAction, OutSchema>[]): this {\n\t\tthis._audits = audits;\n\t\treturn this;\n\t}\n\n\t/**\n\t * Set the database service for this endpoint.\n\t * The database will be available in the handler context as `db`.\n\t * When audit storage is configured and uses the same database,\n\t * `db` will automatically be the transaction for ACID compliance.\n\t *\n\t * @example\n\t * ```typescript\n\t * .database(databaseService)\n\t * .handle(async ({ db }) => {\n\t * // db is the raw database or transaction (when auditor uses same db)\n\t * return await db.selectFrom('users').selectAll().execute();\n\t * })\n\t * ```\n\t */\n\toverride database<T, TName extends string>(\n\t\tservice: Service<TName, T>,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tT,\n\t\tTName\n\t> {\n\t\tthis._databaseService = service as unknown as Service<\n\t\t\tTDatabaseServiceName,\n\t\t\tTDatabase\n\t\t>;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tT,\n\t\t\tTName\n\t\t>;\n\t}\n\n\t/**\n\t * Configure RLS (Row-Level Security) context for this endpoint.\n\t * Pass `false` or `RLS_BYPASS` to explicitly bypass RLS for this endpoint.\n\t *\n\t * @example\n\t * ```typescript\n\t * // Custom RLS config for this endpoint\n\t * .rls({\n\t * extractor: ({ session }) => ({\n\t * user_id: session.userId,\n\t * tenant_id: session.tenantId,\n\t * }),\n\t * prefix: 'app',\n\t * })\n\t *\n\t * // Bypass RLS (for admin endpoints)\n\t * .rls(false)\n\t * ```\n\t */\n\trls(\n\t\tconfig: RlsConfig<TServices, TSession, TLogger> | false | RlsBypass,\n\t): this {\n\t\tif (config === false || config === RLS_BYPASS) {\n\t\t\tthis._rlsBypass = true;\n\t\t\tthis._rlsConfig = undefined;\n\t\t} else {\n\t\t\tthis._rlsConfig = config;\n\t\t\tthis._rlsBypass = false;\n\t\t}\n\t\treturn this;\n\t}\n\n\t/**\n\t * Explicitly bypass RLS for this endpoint.\n\t * Useful for admin operations that need unrestricted database access.\n\t *\n\t * @example\n\t * ```typescript\n\t * .rlsBypass()\n\t * .handle(async ({ db }) => {\n\t * // Full access, no RLS filtering\n\t * return db.selectFrom('orders').selectAll().execute();\n\t * })\n\t * ```\n\t */\n\trlsBypass(): this {\n\t\tthis._rlsBypass = true;\n\t\tthis._rlsConfig = undefined;\n\t\treturn this;\n\t}\n\n\t// EndpointBuilder doesn't have a generic input method - it uses body, query, params instead\n\tinput(_schema: any): any {\n\t\tthrow new Error(\n\t\t\t'EndpointBuilder does not support generic input. Use body(), query(), or params() instead.',\n\t\t);\n\t}\n\n\thandle(\n\t\tfn: EndpointHandler<\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTDatabase,\n\t\t\tTAuditStorage,\n\t\t\tTAuditAction\n\t\t>,\n\t): Endpoint<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tOutSchema,\n\t\tTServices,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\t// Find authorizer metadata if name is set\n\t\t// If the authorizer name is set but not in availableAuthorizers, create a simple authorizer object\n\t\tlet authorizer: Authorizer | undefined;\n\t\tif (this._authorizerName) {\n\t\t\tconst existingAuthorizer = this._availableAuthorizers.find(\n\t\t\t\t(a) => a.name === this._authorizerName,\n\t\t\t);\n\n\t\t\tif (existingAuthorizer) {\n\t\t\t\tauthorizer = existingAuthorizer;\n\t\t\t} else {\n\t\t\t\t// Create authorizer with security scheme if available (built-in or custom)\n\t\t\t\tconst securityScheme = getSecurityScheme(\n\t\t\t\t\tthis._authorizerName as string,\n\t\t\t\t\tthis._customSecuritySchemes,\n\t\t\t\t);\n\t\t\t\tauthorizer = {\n\t\t\t\t\tname: this._authorizerName as string,\n\t\t\t\t\tsecurityScheme,\n\t\t\t\t};\n\t\t\t}\n\t\t}\n\n\t\treturn new Endpoint({\n\t\t\tfn,\n\t\t\tmethod: this.method,\n\t\t\troute: this.route,\n\t\t\tdescription: this._description,\n\t\t\ttags: this._tags,\n\t\t\tinput: this.schemas,\n\t\t\toutput: this.outputSchema,\n\t\t\tservices: this._services,\n\t\t\tlogger: this._logger,\n\t\t\ttimeout: this._timeout,\n\t\t\tmemorySize: this._memorySize,\n\t\t\tauthorize: this._authorize,\n\t\t\tstatus: this._status,\n\t\t\tgetSession: this._getSession,\n\t\t\trateLimit: this._rateLimit,\n\t\t\tpublisherService: this._publisher,\n\t\t\tevents: this._events,\n\t\t\tauthorizer,\n\t\t\tauditorStorageService: this._auditorStorage,\n\t\t\tactorExtractor: this._actorExtractor,\n\t\t\taudits: this._audits,\n\t\t\tdatabaseService: this._databaseService,\n\t\t\trlsConfig: this._rlsConfig,\n\t\t\trlsBypass: this._rlsBypass,\n\t\t});\n\t}\n}\n"],"mappings":";;;;;;;;AA2BA,IAAa,kBAAb,cAmBU,oBAWR;CACD,AAAU,UAAkB,CAAE;CAC9B,AAAU;CACV,AAAU;CACV,AAAU;CACV,AAAU;CACV,cAAkE,OAChE,CAAE;CACJ,aAAwD,MAAM;CAC9D;CACA,wBAAsC,CAAE;CACxC;CACA;CACA,UAAkD,CAAE;CACpD,yBAAyD,CAAE;CAC3D;CACA;CAEA,YACUA,OACAC,QACR;AACD,QAAM,cAAc,SAAS;EAHpB;EACA;CAGT;CAGD,cACCC,WACC;AACD,OAAK,aAAa;CAClB;CAGD,mBACCC,SACC;AACD,OAAK,kBAAkB;CACvB;CAGD,oBAAoBC,SAAmD;AACtE,OAAK,mBAAmB;CACxB;CAED,YAAYC,aAA2B;AACtC,OAAK,eAAe;AACpB,SAAO;CACP;CAED,OAAOC,QAA6B;AACnC,OAAK,UAAU;AACf,SAAO;CACP;CAED,AAAS,MACRC,OACO;AACP,OAAK,QAAQ,KAAK,MAAM;AACxB,SAAO;CACP;CAED,KAAKC,MAAsB;AAC1B,OAAK,QAAQ;AACb,SAAO;CACP;CAED,WAAWC,YAA0B;AACpC,OAAK,cAAc;AACnB,SAAO;CACP;CAED,AAAS,UACRC,WAiBC;AACD,OAAK,aAAa;AAKlB,SAAO;CAiBP;CAED,KACCC,QAiBC;AACD,OAAK,QAAQ,OAAO;AAEpB,SAAO;CACP;CAED,OACCA,QAiBC;AACD,OAAK,QAAQ,QAAQ;AAErB,SAAO;CACP;CAED,MACCA,QAiBC;AACD,SAAO,KAAK,OAAO,OAAO;CAC1B;CAED,OACCA,QAiBC;AACD,OAAK,QAAQ,SAAS;AAEtB,SAAO;CACP;CAED,UAAUC,QAA+B;AACxC,OAAK,aAAa;AAClB,SAAO;CACP;CAED,WACCC,MAiBC;AAED,MAAI,SAAS,QAAQ;AACpB,QAAK;AACL,UAAO;EACP;EAGD,MAAM,mBAAmB,KAAK,sBAAsB,KACnD,CAAC,MAAM,EAAE,SAAS,KAClB;AACD,OAAK,oBAAoB,KAAK,sBAAsB,SAAS,GAAG;GAC/D,MAAM,YAAY,KAAK,sBACrB,IAAI,CAAC,MAAM,EAAE,KAAK,CAClB,KAAK,KAAK;AACZ,SAAM,IAAI,OACR,cAAc,KAAe,wCAAwC,UAAU;EAEjF;AACD,OAAK,kBAAkB;AACvB,SAAO;CACP;CAED,SACCC,UAiBC;AACD,OAAK,YAAY,OAChB,CAAC,GAAG,KAAK,WAAW,GAAG,QAAS,GAChC,CAAC,MAAM,EAAE,YACT;AAED,SAAO;CAiBP;CAED,OACCC,QAiBC;AACD,OAAK,UAAU;AAEf,SAAO;CAiBP;CAED,OACCJ,QAiBC;AACD,OAAK,eAAe;AAEpB,SAAO;CAiBP;;;;;;CAOD,AAAS,QACRK,SAiBC;AACD,OAAK,kBAAkB;AAKvB,SAAO;CAiBP;;;;;CAMD,MACCC,WAiBC;AACD,OAAK,kBAAkB;AACvB,SAAO;CACP;;;;;;;;;;;;;;;;;;CAmBD,MAAMC,QAAsD;AAC3D,OAAK,UAAU;AACf,SAAO;CACP;;;;;;;;;;;;;;;;CAiBD,AAAS,SACRC,SAiBC;AACD,OAAK,mBAAmB;AAKxB,SAAO;CAiBP;;;;;;;;;;;;;;;;;;;;CAqBD,IACCC,QACO;AACP,MAAI,WAAW,SAAS,WAAW,YAAY;AAC9C,QAAK,aAAa;AAClB,QAAK;EACL,OAAM;AACN,QAAK,aAAa;AAClB,QAAK,aAAa;EAClB;AACD,SAAO;CACP;;;;;;;;;;;;;;CAeD,YAAkB;AACjB,OAAK,aAAa;AAClB,OAAK;AACL,SAAO;CACP;CAGD,MAAMC,SAAmB;AACxB,QAAM,IAAI,MACT;CAED;CAED,OACCC,IAyBC;EAGD,IAAIC;AACJ,MAAI,KAAK,iBAAiB;GACzB,MAAM,qBAAqB,KAAK,sBAAsB,KACrD,CAAC,MAAM,EAAE,SAAS,KAAK,gBACvB;AAED,OAAI,mBACH,cAAa;QACP;IAEN,MAAM,iBAAiB,kBACtB,KAAK,iBACL,KAAK,uBACL;AACD,iBAAa;KACZ,MAAM,KAAK;KACX;IACA;GACD;EACD;AAED,SAAO,IAAI,SAAS;GACnB;GACA,QAAQ,KAAK;GACb,OAAO,KAAK;GACZ,aAAa,KAAK;GAClB,MAAM,KAAK;GACX,OAAO,KAAK;GACZ,QAAQ,KAAK;GACb,UAAU,KAAK;GACf,QAAQ,KAAK;GACb,SAAS,KAAK;GACd,YAAY,KAAK;GACjB,WAAW,KAAK;GAChB,QAAQ,KAAK;GACb,YAAY,KAAK;GACjB,WAAW,KAAK;GAChB,kBAAkB,KAAK;GACvB,QAAQ,KAAK;GACb;GACA,uBAAuB,KAAK;GAC5B,gBAAgB,KAAK;GACrB,QAAQ,KAAK;GACb,iBAAiB,KAAK;GACtB,WAAW,KAAK;GAChB,WAAW,KAAK;EAChB;CACD;AACD"}
1
+ {"version":3,"file":"EndpointBuilder-DCuWPL1Y.mjs","names":["route: TRoute","method: TMethod","publisher: Service<TEventPublisherServiceName, TEventPublisher>","storage: Service<TAuditStorageServiceName, TAuditStorage>","service: Service<TDatabaseServiceName, TDatabase>","description: string","status: SuccessStatus","event: TEvent","tags: string[]","memorySize: number","publisher: Service<TName, T>","schema: T","config: RateLimitConfig","name: TAuthorizers[number] | 'none'","services: T","logger: T","storage: Service<TName, T>","extractor: ActorExtractor<TServices, TSession, TLogger>","audits: MappedAudit<TAuditAction, OutSchema>[]","service: Service<TName, T>","config: RlsConfig<TServices, TSession, TLogger> | false | RlsBypass","_schema: any","fn: EndpointHandler<\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTDatabase,\n\t\t\tTAuditStorage,\n\t\t\tTAuditAction\n\t\t>","authorizer: Authorizer | undefined"],"sources":["../src/endpoints/EndpointBuilder.ts"],"sourcesContent":["import type {\n\tAuditableAction,\n\tAuditStorage,\n\tExtractStorageAuditAction,\n} from '@geekmidas/audit';\nimport type { EventPublisher, MappedEvent } from '@geekmidas/events';\nimport type { Logger } from '@geekmidas/logger';\nimport type { RateLimitConfig } from '@geekmidas/rate-limit';\nimport type { Service } from '@geekmidas/services';\nimport type { StandardSchemaV1 } from '@standard-schema/spec';\nimport uniqBy from 'lodash.uniqby';\nimport { ConstructType } from '../Construct';\nimport { BaseFunctionBuilder } from '../functions';\nimport type { HttpMethod } from '../types';\nimport type { Authorizer, SecurityScheme } from './Authorizer';\nimport { getSecurityScheme } from './Authorizer';\nimport type { ActorExtractor, MappedAudit } from './audit';\nimport type {\n\tAuthorizeFn,\n\tEndpointHandler,\n\tSessionFn,\n\tSuccessStatus,\n} from './Endpoint';\nimport { Endpoint, type EndpointSchemas } from './Endpoint';\nimport type { RlsBypass, RlsConfig } from './rls';\nimport { RLS_BYPASS } from './rls';\n\nexport class EndpointBuilder<\n\tTRoute extends string,\n\tTMethod extends HttpMethod,\n\tTInput extends EndpointSchemas = {},\n\tTServices extends Service[] = [],\n\tTLogger extends Logger = Logger,\n\tOutSchema extends StandardSchemaV1 | undefined = undefined,\n\tTSession = unknown,\n\tTEventPublisher extends EventPublisher<any> | undefined = undefined,\n\tTEventPublisherServiceName extends string = string,\n\tTAuthorizers extends readonly string[] = readonly string[],\n\tTAuditStorage extends AuditStorage | undefined = undefined,\n\tTAuditStorageServiceName extends string = string,\n\tTAuditAction extends AuditableAction<string, unknown> = AuditableAction<\n\t\tstring,\n\t\tunknown\n\t>,\n\tTDatabase = undefined,\n\tTDatabaseServiceName extends string = string,\n> extends BaseFunctionBuilder<\n\tTInput,\n\tOutSchema,\n\tTServices,\n\tTLogger,\n\tTEventPublisher,\n\tTEventPublisherServiceName,\n\tTAuditStorage,\n\tTAuditStorageServiceName,\n\tTDatabase,\n\tTDatabaseServiceName\n> {\n\tprotected schemas: TInput = {} as TInput;\n\tprotected _description?: string;\n\tprotected _status?: SuccessStatus;\n\tprotected _tags?: string[];\n\tprotected _memorySize?: number;\n\t_getSession: SessionFn<TServices, TLogger, TSession, TDatabase> = () =>\n\t\t({}) as TSession;\n\t_authorize: AuthorizeFn<TServices, TLogger, TSession> = () => true;\n\t_rateLimit?: RateLimitConfig;\n\t_availableAuthorizers: Authorizer[] = [];\n\t_authorizerName?: TAuthorizers[number];\n\t_actorExtractor?: ActorExtractor<TServices, TSession, TLogger>;\n\t_audits: MappedAudit<TAuditAction, OutSchema>[] = [];\n\t_customSecuritySchemes: Record<string, SecurityScheme> = {};\n\t_rlsConfig?: RlsConfig<TServices, TSession, TLogger>;\n\t_rlsBypass?: boolean;\n\n\tconstructor(\n\t\treadonly route: TRoute,\n\t\treadonly method: TMethod,\n\t) {\n\t\tsuper(ConstructType.Endpoint);\n\t}\n\n\t// Internal setter for EndpointFactory to set default publisher\n\t_setPublisher(\n\t\tpublisher: Service<TEventPublisherServiceName, TEventPublisher>,\n\t) {\n\t\tthis._publisher = publisher;\n\t}\n\n\t// Internal setter for EndpointFactory to set default auditor storage\n\t_setAuditorStorage(\n\t\tstorage: Service<TAuditStorageServiceName, TAuditStorage>,\n\t) {\n\t\tthis._auditorStorage = storage;\n\t}\n\n\t// Internal setter for EndpointFactory to set default database service\n\t_setDatabaseService(service: Service<TDatabaseServiceName, TDatabase>) {\n\t\tthis._databaseService = service;\n\t}\n\n\tdescription(description: string): this {\n\t\tthis._description = description;\n\t\treturn this;\n\t}\n\n\tstatus(status: SuccessStatus): this {\n\t\tthis._status = status;\n\t\treturn this;\n\t}\n\n\toverride event<TEvent extends MappedEvent<TEventPublisher, OutSchema>>(\n\t\tevent: TEvent,\n\t): this {\n\t\tthis._events.push(event);\n\t\treturn this;\n\t}\n\n\ttags(tags: string[]): this {\n\t\tthis._tags = tags;\n\t\treturn this;\n\t}\n\n\tmemorySize(memorySize: number): this {\n\t\tthis._memorySize = memorySize;\n\t\treturn this;\n\t}\n\n\toverride publisher<T extends EventPublisher<any>, TName extends string>(\n\t\tpublisher: Service<TName, T>,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tT,\n\t\tTName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._publisher = publisher as unknown as Service<\n\t\t\tTEventPublisherServiceName,\n\t\t\tTEventPublisher\n\t\t>;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tT,\n\t\t\tTName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\tbody<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tOmit<TInput, 'body'> & { body: T },\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis.schemas.body = schema as unknown as T;\n\t\t// @ts-expect-error\n\t\treturn this;\n\t}\n\n\tsearch<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tOmit<TInput, 'query'> & { query: T },\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis.schemas.query = schema as unknown as T;\n\t\t// @ts-expect-error\n\t\treturn this;\n\t}\n\n\tquery<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tOmit<TInput, 'query'> & { query: T },\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\treturn this.search(schema);\n\t}\n\n\tparams<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tOmit<TInput, 'params'> & { params: T },\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis.schemas.params = schema as unknown as T;\n\t\t// @ts-expect-error\n\t\treturn this;\n\t}\n\n\trateLimit(config: RateLimitConfig): this {\n\t\tthis._rateLimit = config;\n\t\treturn this;\n\t}\n\n\tauthorizer(\n\t\tname: TAuthorizers[number] | 'none',\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\t// Special case: 'none' explicitly marks endpoint as having no authorizer\n\t\tif (name === 'none') {\n\t\t\tthis._authorizerName = undefined;\n\t\t\treturn this;\n\t\t}\n\n\t\t// Validate that the authorizer exists in available authorizers\n\t\tconst authorizerExists = this._availableAuthorizers.some(\n\t\t\t(a) => a.name === name,\n\t\t);\n\t\tif (!authorizerExists && this._availableAuthorizers.length > 0) {\n\t\t\tconst available = this._availableAuthorizers\n\t\t\t\t.map((a) => a.name)\n\t\t\t\t.join(', ');\n\t\t\tthrow new Error(\n\t\t\t\t`Authorizer \"${name as string}\" not found in available authorizers: ${available}`,\n\t\t\t);\n\t\t}\n\t\tthis._authorizerName = name;\n\t\treturn this;\n\t}\n\n\tservices<T extends Service[]>(\n\t\tservices: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\t[...TServices, ...T],\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._services = uniqBy(\n\t\t\t[...this._services, ...services],\n\t\t\t(s) => s.serviceName,\n\t\t) as TServices;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\t[...TServices, ...T],\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\tlogger<T extends Logger>(\n\t\tlogger: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tT,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._logger = logger as unknown as TLogger;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tT,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\toutput<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tT,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis.outputSchema = schema as unknown as OutSchema;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tT,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\t/**\n\t * Set the auditor storage service for this endpoint.\n\t * This enables audit functionality and makes `auditor` available in the handler context.\n\t * The audit action type is automatically inferred from the storage's generic parameter.\n\t */\n\toverride auditor<T extends AuditStorage<any>, TName extends string>(\n\t\tstorage: Service<TName, T>,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tT,\n\t\tTName,\n\t\tExtractStorageAuditAction<T>,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._auditorStorage = storage as unknown as Service<\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditStorage\n\t\t>;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tT,\n\t\t\tTName,\n\t\t\tExtractStorageAuditAction<T>,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\t/**\n\t * Set the actor extractor function for audit records.\n\t * The actor is extracted from the request context and attached to all audits.\n\t */\n\tactor(\n\t\textractor: ActorExtractor<TServices, TSession, TLogger>,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._actorExtractor = extractor;\n\t\treturn this;\n\t}\n\n\t/**\n\t * Add declarative audit definitions that are processed after the handler executes.\n\t * Similar to `.event()` for events, but for audits.\n\t *\n\t * @example\n\t * ```typescript\n\t * .audit<AppAuditAction>([\n\t * {\n\t * type: 'user.created',\n\t * payload: (response) => ({ userId: response.id, email: response.email }),\n\t * when: (response) => response.active,\n\t * entityId: (response) => response.id,\n\t * table: 'users',\n\t * },\n\t * ])\n\t * ```\n\t */\n\taudit(audits: MappedAudit<TAuditAction, OutSchema>[]): this {\n\t\tthis._audits = audits;\n\t\treturn this;\n\t}\n\n\t/**\n\t * Set the database service for this endpoint.\n\t * The database will be available in the handler context as `db`.\n\t * When audit storage is configured and uses the same database,\n\t * `db` will automatically be the transaction for ACID compliance.\n\t *\n\t * @example\n\t * ```typescript\n\t * .database(databaseService)\n\t * .handle(async ({ db }) => {\n\t * // db is the raw database or transaction (when auditor uses same db)\n\t * return await db.selectFrom('users').selectAll().execute();\n\t * })\n\t * ```\n\t */\n\toverride database<T, TName extends string>(\n\t\tservice: Service<TName, T>,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tT,\n\t\tTName\n\t> {\n\t\tthis._databaseService = service as unknown as Service<\n\t\t\tTDatabaseServiceName,\n\t\t\tTDatabase\n\t\t>;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tT,\n\t\t\tTName\n\t\t>;\n\t}\n\n\t/**\n\t * Configure RLS (Row-Level Security) context for this endpoint.\n\t * Pass `false` or `RLS_BYPASS` to explicitly bypass RLS for this endpoint.\n\t *\n\t * @example\n\t * ```typescript\n\t * // Custom RLS config for this endpoint\n\t * .rls({\n\t * extractor: ({ session }) => ({\n\t * user_id: session.userId,\n\t * tenant_id: session.tenantId,\n\t * }),\n\t * prefix: 'app',\n\t * })\n\t *\n\t * // Bypass RLS (for admin endpoints)\n\t * .rls(false)\n\t * ```\n\t */\n\trls(\n\t\tconfig: RlsConfig<TServices, TSession, TLogger> | false | RlsBypass,\n\t): this {\n\t\tif (config === false || config === RLS_BYPASS) {\n\t\t\tthis._rlsBypass = true;\n\t\t\tthis._rlsConfig = undefined;\n\t\t} else {\n\t\t\tthis._rlsConfig = config;\n\t\t\tthis._rlsBypass = false;\n\t\t}\n\t\treturn this;\n\t}\n\n\t/**\n\t * Explicitly bypass RLS for this endpoint.\n\t * Useful for admin operations that need unrestricted database access.\n\t *\n\t * @example\n\t * ```typescript\n\t * .rlsBypass()\n\t * .handle(async ({ db }) => {\n\t * // Full access, no RLS filtering\n\t * return db.selectFrom('orders').selectAll().execute();\n\t * })\n\t * ```\n\t */\n\trlsBypass(): this {\n\t\tthis._rlsBypass = true;\n\t\tthis._rlsConfig = undefined;\n\t\treturn this;\n\t}\n\n\t// EndpointBuilder doesn't have a generic input method - it uses body, query, params instead\n\tinput(_schema: any): any {\n\t\tthrow new Error(\n\t\t\t'EndpointBuilder does not support generic input. Use body(), query(), or params() instead.',\n\t\t);\n\t}\n\n\thandle(\n\t\tfn: EndpointHandler<\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTDatabase,\n\t\t\tTAuditStorage,\n\t\t\tTAuditAction\n\t\t>,\n\t): Endpoint<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tOutSchema,\n\t\tTServices,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\t// Find authorizer metadata if name is set\n\t\t// If the authorizer name is set but not in availableAuthorizers, create a simple authorizer object\n\t\tlet authorizer: Authorizer | undefined;\n\t\tif (this._authorizerName) {\n\t\t\tconst existingAuthorizer = this._availableAuthorizers.find(\n\t\t\t\t(a) => a.name === this._authorizerName,\n\t\t\t);\n\n\t\t\tif (existingAuthorizer) {\n\t\t\t\tauthorizer = existingAuthorizer;\n\t\t\t} else {\n\t\t\t\t// Create authorizer with security scheme if available (built-in or custom)\n\t\t\t\tconst securityScheme = getSecurityScheme(\n\t\t\t\t\tthis._authorizerName as string,\n\t\t\t\t\tthis._customSecuritySchemes,\n\t\t\t\t);\n\t\t\t\tauthorizer = {\n\t\t\t\t\tname: this._authorizerName as string,\n\t\t\t\t\tsecurityScheme,\n\t\t\t\t};\n\t\t\t}\n\t\t}\n\n\t\treturn new Endpoint({\n\t\t\tfn,\n\t\t\tmethod: this.method,\n\t\t\troute: this.route,\n\t\t\tdescription: this._description,\n\t\t\ttags: this._tags,\n\t\t\tinput: this.schemas,\n\t\t\toutput: this.outputSchema,\n\t\t\tservices: this._services,\n\t\t\tlogger: this._logger,\n\t\t\ttimeout: this._timeout,\n\t\t\tmemorySize: this._memorySize,\n\t\t\tauthorize: this._authorize,\n\t\t\tstatus: this._status,\n\t\t\tgetSession: this._getSession,\n\t\t\trateLimit: this._rateLimit,\n\t\t\tpublisherService: this._publisher,\n\t\t\tevents: this._events,\n\t\t\tauthorizer,\n\t\t\tauditorStorageService: this._auditorStorage,\n\t\t\tactorExtractor: this._actorExtractor,\n\t\t\taudits: this._audits,\n\t\t\tdatabaseService: this._databaseService,\n\t\t\trlsConfig: this._rlsConfig,\n\t\t\trlsBypass: this._rlsBypass,\n\t\t});\n\t}\n}\n"],"mappings":";;;;;;;;AA2BA,IAAa,kBAAb,cAmBU,oBAWR;CACD,AAAU,UAAkB,CAAE;CAC9B,AAAU;CACV,AAAU;CACV,AAAU;CACV,AAAU;CACV,cAAkE,OAChE,CAAE;CACJ,aAAwD,MAAM;CAC9D;CACA,wBAAsC,CAAE;CACxC;CACA;CACA,UAAkD,CAAE;CACpD,yBAAyD,CAAE;CAC3D;CACA;CAEA,YACUA,OACAC,QACR;AACD,QAAM,cAAc,SAAS;EAHpB;EACA;CAGT;CAGD,cACCC,WACC;AACD,OAAK,aAAa;CAClB;CAGD,mBACCC,SACC;AACD,OAAK,kBAAkB;CACvB;CAGD,oBAAoBC,SAAmD;AACtE,OAAK,mBAAmB;CACxB;CAED,YAAYC,aAA2B;AACtC,OAAK,eAAe;AACpB,SAAO;CACP;CAED,OAAOC,QAA6B;AACnC,OAAK,UAAU;AACf,SAAO;CACP;CAED,AAAS,MACRC,OACO;AACP,OAAK,QAAQ,KAAK,MAAM;AACxB,SAAO;CACP;CAED,KAAKC,MAAsB;AAC1B,OAAK,QAAQ;AACb,SAAO;CACP;CAED,WAAWC,YAA0B;AACpC,OAAK,cAAc;AACnB,SAAO;CACP;CAED,AAAS,UACRC,WAiBC;AACD,OAAK,aAAa;AAKlB,SAAO;CAiBP;CAED,KACCC,QAiBC;AACD,OAAK,QAAQ,OAAO;AAEpB,SAAO;CACP;CAED,OACCA,QAiBC;AACD,OAAK,QAAQ,QAAQ;AAErB,SAAO;CACP;CAED,MACCA,QAiBC;AACD,SAAO,KAAK,OAAO,OAAO;CAC1B;CAED,OACCA,QAiBC;AACD,OAAK,QAAQ,SAAS;AAEtB,SAAO;CACP;CAED,UAAUC,QAA+B;AACxC,OAAK,aAAa;AAClB,SAAO;CACP;CAED,WACCC,MAiBC;AAED,MAAI,SAAS,QAAQ;AACpB,QAAK;AACL,UAAO;EACP;EAGD,MAAM,mBAAmB,KAAK,sBAAsB,KACnD,CAAC,MAAM,EAAE,SAAS,KAClB;AACD,OAAK,oBAAoB,KAAK,sBAAsB,SAAS,GAAG;GAC/D,MAAM,YAAY,KAAK,sBACrB,IAAI,CAAC,MAAM,EAAE,KAAK,CAClB,KAAK,KAAK;AACZ,SAAM,IAAI,OACR,cAAc,KAAe,wCAAwC,UAAU;EAEjF;AACD,OAAK,kBAAkB;AACvB,SAAO;CACP;CAED,SACCC,UAiBC;AACD,OAAK,YAAY,OAChB,CAAC,GAAG,KAAK,WAAW,GAAG,QAAS,GAChC,CAAC,MAAM,EAAE,YACT;AAED,SAAO;CAiBP;CAED,OACCC,QAiBC;AACD,OAAK,UAAU;AAEf,SAAO;CAiBP;CAED,OACCJ,QAiBC;AACD,OAAK,eAAe;AAEpB,SAAO;CAiBP;;;;;;CAOD,AAAS,QACRK,SAiBC;AACD,OAAK,kBAAkB;AAKvB,SAAO;CAiBP;;;;;CAMD,MACCC,WAiBC;AACD,OAAK,kBAAkB;AACvB,SAAO;CACP;;;;;;;;;;;;;;;;;;CAmBD,MAAMC,QAAsD;AAC3D,OAAK,UAAU;AACf,SAAO;CACP;;;;;;;;;;;;;;;;CAiBD,AAAS,SACRC,SAiBC;AACD,OAAK,mBAAmB;AAKxB,SAAO;CAiBP;;;;;;;;;;;;;;;;;;;;CAqBD,IACCC,QACO;AACP,MAAI,WAAW,SAAS,WAAW,YAAY;AAC9C,QAAK,aAAa;AAClB,QAAK;EACL,OAAM;AACN,QAAK,aAAa;AAClB,QAAK,aAAa;EAClB;AACD,SAAO;CACP;;;;;;;;;;;;;;CAeD,YAAkB;AACjB,OAAK,aAAa;AAClB,OAAK;AACL,SAAO;CACP;CAGD,MAAMC,SAAmB;AACxB,QAAM,IAAI,MACT;CAED;CAED,OACCC,IAyBC;EAGD,IAAIC;AACJ,MAAI,KAAK,iBAAiB;GACzB,MAAM,qBAAqB,KAAK,sBAAsB,KACrD,CAAC,MAAM,EAAE,SAAS,KAAK,gBACvB;AAED,OAAI,mBACH,cAAa;QACP;IAEN,MAAM,iBAAiB,kBACtB,KAAK,iBACL,KAAK,uBACL;AACD,iBAAa;KACZ,MAAM,KAAK;KACX;IACA;GACD;EACD;AAED,SAAO,IAAI,SAAS;GACnB;GACA,QAAQ,KAAK;GACb,OAAO,KAAK;GACZ,aAAa,KAAK;GAClB,MAAM,KAAK;GACX,OAAO,KAAK;GACZ,QAAQ,KAAK;GACb,UAAU,KAAK;GACf,QAAQ,KAAK;GACb,SAAS,KAAK;GACd,YAAY,KAAK;GACjB,WAAW,KAAK;GAChB,QAAQ,KAAK;GACb,YAAY,KAAK;GACjB,WAAW,KAAK;GAChB,kBAAkB,KAAK;GACvB,QAAQ,KAAK;GACb;GACA,uBAAuB,KAAK;GAC5B,gBAAgB,KAAK;GACrB,QAAQ,KAAK;GACb,iBAAiB,KAAK;GACtB,WAAW,KAAK;GAChB,WAAW,KAAK;EAChB;CACD;AACD"}
package/dist/{EndpointBuilder-D78r9OdH.cjs → EndpointBuilder-cRdLfmZM.cjs} RENAMED
@@ -2,8 +2,8 @@ const require_chunk = require('./chunk-CUT6urMc.cjs');
2
2
  const require_Construct = require('./Construct-C5Oko4YC.cjs');
3
3
  const require_BaseFunctionBuilder = require('./BaseFunctionBuilder-D2eLZ4eD.cjs');
4
4
  const require_Endpoint = require('./Endpoint-0ueQu3sb.cjs');
5
- const require_Authorizer = require('./Authorizer-BXxBee2P.cjs');
6
- const require_rls = require('./rls-BrywnrQb.cjs');
5
+ const require_Authorizer = require('./Authorizer-Dx57psuM.cjs');
6
+ const require_rls = require('./rls-DxFqdIA0.cjs');
7
7
  const lodash_uniqby = require_chunk.__toESM(require("lodash.uniqby"));
8
8
 
9
9
  //#region src/endpoints/EndpointBuilder.ts
@@ -261,4 +261,4 @@ Object.defineProperty(exports, 'EndpointBuilder', {
261
261
  return EndpointBuilder;
262
262
  }
263
263
  });
264
- //# sourceMappingURL=EndpointBuilder-D78r9OdH.cjs.map
264
+ //# sourceMappingURL=EndpointBuilder-cRdLfmZM.cjs.map
package/dist/{EndpointBuilder-D78r9OdH.cjs.map → EndpointBuilder-cRdLfmZM.cjs.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"EndpointBuilder-D78r9OdH.cjs","names":["BaseFunctionBuilder","route: TRoute","method: TMethod","ConstructType","publisher: Service<TEventPublisherServiceName, TEventPublisher>","storage: Service<TAuditStorageServiceName, TAuditStorage>","service: Service<TDatabaseServiceName, TDatabase>","description: string","status: SuccessStatus","event: TEvent","tags: string[]","memorySize: number","publisher: Service<TName, T>","schema: T","config: RateLimitConfig","name: TAuthorizers[number] | 'none'","services: T","logger: T","storage: Service<TName, T>","extractor: ActorExtractor<TServices, TSession, TLogger>","audits: MappedAudit<TAuditAction, OutSchema>[]","service: Service<TName, T>","config: RlsConfig<TServices, TSession, TLogger> | false | RlsBypass","RLS_BYPASS","_schema: any","fn: EndpointHandler<\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTDatabase,\n\t\t\tTAuditStorage,\n\t\t\tTAuditAction\n\t\t>","authorizer: Authorizer | undefined","Endpoint"],"sources":["../src/endpoints/EndpointBuilder.ts"],"sourcesContent":["import type {\n\tAuditableAction,\n\tAuditStorage,\n\tExtractStorageAuditAction,\n} from '@geekmidas/audit';\nimport type { EventPublisher, MappedEvent } from '@geekmidas/events';\nimport type { Logger } from '@geekmidas/logger';\nimport type { RateLimitConfig } from '@geekmidas/rate-limit';\nimport type { Service } from '@geekmidas/services';\nimport type { StandardSchemaV1 } from '@standard-schema/spec';\nimport uniqBy from 'lodash.uniqby';\nimport { ConstructType } from '../Construct';\nimport { BaseFunctionBuilder } from '../functions';\nimport type { HttpMethod } from '../types';\nimport type { Authorizer, SecurityScheme } from './Authorizer';\nimport { getSecurityScheme } from './Authorizer';\nimport type { ActorExtractor, MappedAudit } from './audit';\nimport type {\n\tAuthorizeFn,\n\tEndpointHandler,\n\tSessionFn,\n\tSuccessStatus,\n} from './Endpoint';\nimport { Endpoint, type EndpointSchemas } from './Endpoint';\nimport type { RlsBypass, RlsConfig } from './rls';\nimport { RLS_BYPASS } from './rls';\n\nexport class EndpointBuilder<\n\tTRoute extends string,\n\tTMethod extends HttpMethod,\n\tTInput extends EndpointSchemas = {},\n\tTServices extends Service[] = [],\n\tTLogger extends Logger = Logger,\n\tOutSchema extends StandardSchemaV1 | undefined = undefined,\n\tTSession = unknown,\n\tTEventPublisher extends EventPublisher<any> | undefined = undefined,\n\tTEventPublisherServiceName extends string = string,\n\tTAuthorizers extends readonly string[] = readonly string[],\n\tTAuditStorage extends AuditStorage | undefined = undefined,\n\tTAuditStorageServiceName extends string = string,\n\tTAuditAction extends AuditableAction<string, unknown> = AuditableAction<\n\t\tstring,\n\t\tunknown\n\t>,\n\tTDatabase = undefined,\n\tTDatabaseServiceName extends string = string,\n> extends BaseFunctionBuilder<\n\tTInput,\n\tOutSchema,\n\tTServices,\n\tTLogger,\n\tTEventPublisher,\n\tTEventPublisherServiceName,\n\tTAuditStorage,\n\tTAuditStorageServiceName,\n\tTDatabase,\n\tTDatabaseServiceName\n> {\n\tprotected schemas: TInput = {} as TInput;\n\tprotected _description?: string;\n\tprotected _status?: SuccessStatus;\n\tprotected _tags?: string[];\n\tprotected _memorySize?: number;\n\t_getSession: SessionFn<TServices, TLogger, TSession, TDatabase> = () =>\n\t\t({}) as TSession;\n\t_authorize: AuthorizeFn<TServices, TLogger, TSession> = () => true;\n\t_rateLimit?: RateLimitConfig;\n\t_availableAuthorizers: Authorizer[] = [];\n\t_authorizerName?: TAuthorizers[number];\n\t_actorExtractor?: ActorExtractor<TServices, TSession, TLogger>;\n\t_audits: MappedAudit<TAuditAction, OutSchema>[] = [];\n\t_customSecuritySchemes: Record<string, SecurityScheme> = {};\n\t_rlsConfig?: RlsConfig<TServices, TSession, TLogger>;\n\t_rlsBypass?: boolean;\n\n\tconstructor(\n\t\treadonly route: TRoute,\n\t\treadonly method: TMethod,\n\t) {\n\t\tsuper(ConstructType.Endpoint);\n\t}\n\n\t// Internal setter for EndpointFactory to set default publisher\n\t_setPublisher(\n\t\tpublisher: Service<TEventPublisherServiceName, TEventPublisher>,\n\t) {\n\t\tthis._publisher = publisher;\n\t}\n\n\t// Internal setter for EndpointFactory to set default auditor storage\n\t_setAuditorStorage(\n\t\tstorage: Service<TAuditStorageServiceName, TAuditStorage>,\n\t) {\n\t\tthis._auditorStorage = storage;\n\t}\n\n\t// Internal setter for EndpointFactory to set default database service\n\t_setDatabaseService(service: Service<TDatabaseServiceName, TDatabase>) {\n\t\tthis._databaseService = service;\n\t}\n\n\tdescription(description: string): this {\n\t\tthis._description = description;\n\t\treturn this;\n\t}\n\n\tstatus(status: SuccessStatus): this {\n\t\tthis._status = status;\n\t\treturn this;\n\t}\n\n\toverride event<TEvent extends MappedEvent<TEventPublisher, OutSchema>>(\n\t\tevent: TEvent,\n\t): this {\n\t\tthis._events.push(event);\n\t\treturn this;\n\t}\n\n\ttags(tags: string[]): this {\n\t\tthis._tags = tags;\n\t\treturn this;\n\t}\n\n\tmemorySize(memorySize: number): this {\n\t\tthis._memorySize = memorySize;\n\t\treturn this;\n\t}\n\n\toverride publisher<T extends EventPublisher<any>, TName extends string>(\n\t\tpublisher: Service<TName, T>,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tT,\n\t\tTName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._publisher = publisher as unknown as Service<\n\t\t\tTEventPublisherServiceName,\n\t\t\tTEventPublisher\n\t\t>;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tT,\n\t\t\tTName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\tbody<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tOmit<TInput, 'body'> & { body: T },\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis.schemas.body = schema as unknown as T;\n\t\t// @ts-expect-error\n\t\treturn this;\n\t}\n\n\tsearch<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tOmit<TInput, 'query'> & { query: T },\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis.schemas.query = schema as unknown as T;\n\t\t// @ts-expect-error\n\t\treturn this;\n\t}\n\n\tquery<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tOmit<TInput, 'query'> & { query: T },\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\treturn this.search(schema);\n\t}\n\n\tparams<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tOmit<TInput, 'params'> & { params: T },\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis.schemas.params = schema as unknown as T;\n\t\t// @ts-expect-error\n\t\treturn this;\n\t}\n\n\trateLimit(config: RateLimitConfig): this {\n\t\tthis._rateLimit = config;\n\t\treturn this;\n\t}\n\n\tauthorizer(\n\t\tname: TAuthorizers[number] | 'none',\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\t// Special case: 'none' explicitly marks endpoint as having no authorizer\n\t\tif (name === 'none') {\n\t\t\tthis._authorizerName = undefined;\n\t\t\treturn this;\n\t\t}\n\n\t\t// Validate that the authorizer exists in available authorizers\n\t\tconst authorizerExists = this._availableAuthorizers.some(\n\t\t\t(a) => a.name === name,\n\t\t);\n\t\tif (!authorizerExists && this._availableAuthorizers.length > 0) {\n\t\t\tconst available = this._availableAuthorizers\n\t\t\t\t.map((a) => a.name)\n\t\t\t\t.join(', ');\n\t\t\tthrow new Error(\n\t\t\t\t`Authorizer \"${name as string}\" not found in available authorizers: ${available}`,\n\t\t\t);\n\t\t}\n\t\tthis._authorizerName = name;\n\t\treturn this;\n\t}\n\n\tservices<T extends Service[]>(\n\t\tservices: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\t[...TServices, ...T],\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._services = uniqBy(\n\t\t\t[...this._services, ...services],\n\t\t\t(s) => s.serviceName,\n\t\t) as TServices;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\t[...TServices, ...T],\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\tlogger<T extends Logger>(\n\t\tlogger: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tT,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._logger = logger as unknown as TLogger;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tT,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\toutput<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tT,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis.outputSchema = schema as unknown as OutSchema;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tT,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\t/**\n\t * Set the auditor storage service for this endpoint.\n\t * This enables audit functionality and makes `auditor` available in the handler context.\n\t * The audit action type is automatically inferred from the storage's generic parameter.\n\t */\n\toverride auditor<T extends AuditStorage<any>, TName extends string>(\n\t\tstorage: Service<TName, T>,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tT,\n\t\tTName,\n\t\tExtractStorageAuditAction<T>,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._auditorStorage = storage as unknown as Service<\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditStorage\n\t\t>;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tT,\n\t\t\tTName,\n\t\t\tExtractStorageAuditAction<T>,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\t/**\n\t * Set the actor extractor function for audit records.\n\t * The actor is extracted from the request context and attached to all audits.\n\t */\n\tactor(\n\t\textractor: ActorExtractor<TServices, TSession, TLogger>,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._actorExtractor = extractor;\n\t\treturn this;\n\t}\n\n\t/**\n\t * Add declarative audit definitions that are processed after the handler executes.\n\t * Similar to `.event()` for events, but for audits.\n\t *\n\t * @example\n\t * ```typescript\n\t * .audit<AppAuditAction>([\n\t * {\n\t * type: 'user.created',\n\t * payload: (response) => ({ userId: response.id, email: response.email }),\n\t * when: (response) => response.active,\n\t * entityId: (response) => response.id,\n\t * table: 'users',\n\t * },\n\t * ])\n\t * ```\n\t */\n\taudit(audits: MappedAudit<TAuditAction, OutSchema>[]): this {\n\t\tthis._audits = audits;\n\t\treturn this;\n\t}\n\n\t/**\n\t * Set the database service for this endpoint.\n\t * The database will be available in the handler context as `db`.\n\t * When audit storage is configured and uses the same database,\n\t * `db` will automatically be the transaction for ACID compliance.\n\t *\n\t * @example\n\t * ```typescript\n\t * .database(databaseService)\n\t * .handle(async ({ db }) => {\n\t * // db is the raw database or transaction (when auditor uses same db)\n\t * return await db.selectFrom('users').selectAll().execute();\n\t * })\n\t * ```\n\t */\n\toverride database<T, TName extends string>(\n\t\tservice: Service<TName, T>,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tT,\n\t\tTName\n\t> {\n\t\tthis._databaseService = service as unknown as Service<\n\t\t\tTDatabaseServiceName,\n\t\t\tTDatabase\n\t\t>;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tT,\n\t\t\tTName\n\t\t>;\n\t}\n\n\t/**\n\t * Configure RLS (Row-Level Security) context for this endpoint.\n\t * Pass `false` or `RLS_BYPASS` to explicitly bypass RLS for this endpoint.\n\t *\n\t * @example\n\t * ```typescript\n\t * // Custom RLS config for this endpoint\n\t * .rls({\n\t * extractor: ({ session }) => ({\n\t * user_id: session.userId,\n\t * tenant_id: session.tenantId,\n\t * }),\n\t * prefix: 'app',\n\t * })\n\t *\n\t * // Bypass RLS (for admin endpoints)\n\t * .rls(false)\n\t * ```\n\t */\n\trls(\n\t\tconfig: RlsConfig<TServices, TSession, TLogger> | false | RlsBypass,\n\t): this {\n\t\tif (config === false || config === RLS_BYPASS) {\n\t\t\tthis._rlsBypass = true;\n\t\t\tthis._rlsConfig = undefined;\n\t\t} else {\n\t\t\tthis._rlsConfig = config;\n\t\t\tthis._rlsBypass = false;\n\t\t}\n\t\treturn this;\n\t}\n\n\t/**\n\t * Explicitly bypass RLS for this endpoint.\n\t * Useful for admin operations that need unrestricted database access.\n\t *\n\t * @example\n\t * ```typescript\n\t * .rlsBypass()\n\t * .handle(async ({ db }) => {\n\t * // Full access, no RLS filtering\n\t * return db.selectFrom('orders').selectAll().execute();\n\t * })\n\t * ```\n\t */\n\trlsBypass(): this {\n\t\tthis._rlsBypass = true;\n\t\tthis._rlsConfig = undefined;\n\t\treturn this;\n\t}\n\n\t// EndpointBuilder doesn't have a generic input method - it uses body, query, params instead\n\tinput(_schema: any): any {\n\t\tthrow new Error(\n\t\t\t'EndpointBuilder does not support generic input. Use body(), query(), or params() instead.',\n\t\t);\n\t}\n\n\thandle(\n\t\tfn: EndpointHandler<\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTDatabase,\n\t\t\tTAuditStorage,\n\t\t\tTAuditAction\n\t\t>,\n\t): Endpoint<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tOutSchema,\n\t\tTServices,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\t// Find authorizer metadata if name is set\n\t\t// If the authorizer name is set but not in availableAuthorizers, create a simple authorizer object\n\t\tlet authorizer: Authorizer | undefined;\n\t\tif (this._authorizerName) {\n\t\t\tconst existingAuthorizer = this._availableAuthorizers.find(\n\t\t\t\t(a) => a.name === this._authorizerName,\n\t\t\t);\n\n\t\t\tif (existingAuthorizer) {\n\t\t\t\tauthorizer = existingAuthorizer;\n\t\t\t} else {\n\t\t\t\t// Create authorizer with security scheme if available (built-in or custom)\n\t\t\t\tconst securityScheme = getSecurityScheme(\n\t\t\t\t\tthis._authorizerName as string,\n\t\t\t\t\tthis._customSecuritySchemes,\n\t\t\t\t);\n\t\t\t\tauthorizer = {\n\t\t\t\t\tname: this._authorizerName as string,\n\t\t\t\t\tsecurityScheme,\n\t\t\t\t};\n\t\t\t}\n\t\t}\n\n\t\treturn new Endpoint({\n\t\t\tfn,\n\t\t\tmethod: this.method,\n\t\t\troute: this.route,\n\t\t\tdescription: this._description,\n\t\t\ttags: this._tags,\n\t\t\tinput: this.schemas,\n\t\t\toutput: this.outputSchema,\n\t\t\tservices: this._services,\n\t\t\tlogger: this._logger,\n\t\t\ttimeout: this._timeout,\n\t\t\tmemorySize: this._memorySize,\n\t\t\tauthorize: this._authorize,\n\t\t\tstatus: this._status,\n\t\t\tgetSession: this._getSession,\n\t\t\trateLimit: this._rateLimit,\n\t\t\tpublisherService: this._publisher,\n\t\t\tevents: this._events,\n\t\t\tauthorizer,\n\t\t\tauditorStorageService: this._auditorStorage,\n\t\t\tactorExtractor: this._actorExtractor,\n\t\t\taudits: this._audits,\n\t\t\tdatabaseService: this._databaseService,\n\t\t\trlsConfig: this._rlsConfig,\n\t\t\trlsBypass: this._rlsBypass,\n\t\t});\n\t}\n}\n"],"mappings":";;;;;;;;;AA2BA,IAAa,kBAAb,cAmBUA,gDAWR;CACD,AAAU,UAAkB,CAAE;CAC9B,AAAU;CACV,AAAU;CACV,AAAU;CACV,AAAU;CACV,cAAkE,OAChE,CAAE;CACJ,aAAwD,MAAM;CAC9D;CACA,wBAAsC,CAAE;CACxC;CACA;CACA,UAAkD,CAAE;CACpD,yBAAyD,CAAE;CAC3D;CACA;CAEA,YACUC,OACAC,QACR;AACD,QAAMC,gCAAc,SAAS;EAHpB;EACA;CAGT;CAGD,cACCC,WACC;AACD,OAAK,aAAa;CAClB;CAGD,mBACCC,SACC;AACD,OAAK,kBAAkB;CACvB;CAGD,oBAAoBC,SAAmD;AACtE,OAAK,mBAAmB;CACxB;CAED,YAAYC,aAA2B;AACtC,OAAK,eAAe;AACpB,SAAO;CACP;CAED,OAAOC,QAA6B;AACnC,OAAK,UAAU;AACf,SAAO;CACP;CAED,AAAS,MACRC,OACO;AACP,OAAK,QAAQ,KAAK,MAAM;AACxB,SAAO;CACP;CAED,KAAKC,MAAsB;AAC1B,OAAK,QAAQ;AACb,SAAO;CACP;CAED,WAAWC,YAA0B;AACpC,OAAK,cAAc;AACnB,SAAO;CACP;CAED,AAAS,UACRC,WAiBC;AACD,OAAK,aAAa;AAKlB,SAAO;CAiBP;CAED,KACCC,QAiBC;AACD,OAAK,QAAQ,OAAO;AAEpB,SAAO;CACP;CAED,OACCA,QAiBC;AACD,OAAK,QAAQ,QAAQ;AAErB,SAAO;CACP;CAED,MACCA,QAiBC;AACD,SAAO,KAAK,OAAO,OAAO;CAC1B;CAED,OACCA,QAiBC;AACD,OAAK,QAAQ,SAAS;AAEtB,SAAO;CACP;CAED,UAAUC,QAA+B;AACxC,OAAK,aAAa;AAClB,SAAO;CACP;CAED,WACCC,MAiBC;AAED,MAAI,SAAS,QAAQ;AACpB,QAAK;AACL,UAAO;EACP;EAGD,MAAM,mBAAmB,KAAK,sBAAsB,KACnD,CAAC,MAAM,EAAE,SAAS,KAClB;AACD,OAAK,oBAAoB,KAAK,sBAAsB,SAAS,GAAG;GAC/D,MAAM,YAAY,KAAK,sBACrB,IAAI,CAAC,MAAM,EAAE,KAAK,CAClB,KAAK,KAAK;AACZ,SAAM,IAAI,OACR,cAAc,KAAe,wCAAwC,UAAU;EAEjF;AACD,OAAK,kBAAkB;AACvB,SAAO;CACP;CAED,SACCC,UAiBC;AACD,OAAK,YAAY,2BAChB,CAAC,GAAG,KAAK,WAAW,GAAG,QAAS,GAChC,CAAC,MAAM,EAAE,YACT;AAED,SAAO;CAiBP;CAED,OACCC,QAiBC;AACD,OAAK,UAAU;AAEf,SAAO;CAiBP;CAED,OACCJ,QAiBC;AACD,OAAK,eAAe;AAEpB,SAAO;CAiBP;;;;;;CAOD,AAAS,QACRK,SAiBC;AACD,OAAK,kBAAkB;AAKvB,SAAO;CAiBP;;;;;CAMD,MACCC,WAiBC;AACD,OAAK,kBAAkB;AACvB,SAAO;CACP;;;;;;;;;;;;;;;;;;CAmBD,MAAMC,QAAsD;AAC3D,OAAK,UAAU;AACf,SAAO;CACP;;;;;;;;;;;;;;;;CAiBD,AAAS,SACRC,SAiBC;AACD,OAAK,mBAAmB;AAKxB,SAAO;CAiBP;;;;;;;;;;;;;;;;;;;;CAqBD,IACCC,QACO;AACP,MAAI,WAAW,SAAS,WAAWC,wBAAY;AAC9C,QAAK,aAAa;AAClB,QAAK;EACL,OAAM;AACN,QAAK,aAAa;AAClB,QAAK,aAAa;EAClB;AACD,SAAO;CACP;;;;;;;;;;;;;;CAeD,YAAkB;AACjB,OAAK,aAAa;AAClB,OAAK;AACL,SAAO;CACP;CAGD,MAAMC,SAAmB;AACxB,QAAM,IAAI,MACT;CAED;CAED,OACCC,IAyBC;EAGD,IAAIC;AACJ,MAAI,KAAK,iBAAiB;GACzB,MAAM,qBAAqB,KAAK,sBAAsB,KACrD,CAAC,MAAM,EAAE,SAAS,KAAK,gBACvB;AAED,OAAI,mBACH,cAAa;QACP;IAEN,MAAM,iBAAiB,qCACtB,KAAK,iBACL,KAAK,uBACL;AACD,iBAAa;KACZ,MAAM,KAAK;KACX;IACA;GACD;EACD;AAED,SAAO,IAAIC,0BAAS;GACnB;GACA,QAAQ,KAAK;GACb,OAAO,KAAK;GACZ,aAAa,KAAK;GAClB,MAAM,KAAK;GACX,OAAO,KAAK;GACZ,QAAQ,KAAK;GACb,UAAU,KAAK;GACf,QAAQ,KAAK;GACb,SAAS,KAAK;GACd,YAAY,KAAK;GACjB,WAAW,KAAK;GAChB,QAAQ,KAAK;GACb,YAAY,KAAK;GACjB,WAAW,KAAK;GAChB,kBAAkB,KAAK;GACvB,QAAQ,KAAK;GACb;GACA,uBAAuB,KAAK;GAC5B,gBAAgB,KAAK;GACrB,QAAQ,KAAK;GACb,iBAAiB,KAAK;GACtB,WAAW,KAAK;GAChB,WAAW,KAAK;EAChB;CACD;AACD"}
1
+ {"version":3,"file":"EndpointBuilder-cRdLfmZM.cjs","names":["BaseFunctionBuilder","route: TRoute","method: TMethod","ConstructType","publisher: Service<TEventPublisherServiceName, TEventPublisher>","storage: Service<TAuditStorageServiceName, TAuditStorage>","service: Service<TDatabaseServiceName, TDatabase>","description: string","status: SuccessStatus","event: TEvent","tags: string[]","memorySize: number","publisher: Service<TName, T>","schema: T","config: RateLimitConfig","name: TAuthorizers[number] | 'none'","services: T","logger: T","storage: Service<TName, T>","extractor: ActorExtractor<TServices, TSession, TLogger>","audits: MappedAudit<TAuditAction, OutSchema>[]","service: Service<TName, T>","config: RlsConfig<TServices, TSession, TLogger> | false | RlsBypass","RLS_BYPASS","_schema: any","fn: EndpointHandler<\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTDatabase,\n\t\t\tTAuditStorage,\n\t\t\tTAuditAction\n\t\t>","authorizer: Authorizer | undefined","Endpoint"],"sources":["../src/endpoints/EndpointBuilder.ts"],"sourcesContent":["import type {\n\tAuditableAction,\n\tAuditStorage,\n\tExtractStorageAuditAction,\n} from '@geekmidas/audit';\nimport type { EventPublisher, MappedEvent } from '@geekmidas/events';\nimport type { Logger } from '@geekmidas/logger';\nimport type { RateLimitConfig } from '@geekmidas/rate-limit';\nimport type { Service } from '@geekmidas/services';\nimport type { StandardSchemaV1 } from '@standard-schema/spec';\nimport uniqBy from 'lodash.uniqby';\nimport { ConstructType } from '../Construct';\nimport { BaseFunctionBuilder } from '../functions';\nimport type { HttpMethod } from '../types';\nimport type { Authorizer, SecurityScheme } from './Authorizer';\nimport { getSecurityScheme } from './Authorizer';\nimport type { ActorExtractor, MappedAudit } from './audit';\nimport type {\n\tAuthorizeFn,\n\tEndpointHandler,\n\tSessionFn,\n\tSuccessStatus,\n} from './Endpoint';\nimport { Endpoint, type EndpointSchemas } from './Endpoint';\nimport type { RlsBypass, RlsConfig } from './rls';\nimport { RLS_BYPASS } from './rls';\n\nexport class EndpointBuilder<\n\tTRoute extends string,\n\tTMethod extends HttpMethod,\n\tTInput extends EndpointSchemas = {},\n\tTServices extends Service[] = [],\n\tTLogger extends Logger = Logger,\n\tOutSchema extends StandardSchemaV1 | undefined = undefined,\n\tTSession = unknown,\n\tTEventPublisher extends EventPublisher<any> | undefined = undefined,\n\tTEventPublisherServiceName extends string = string,\n\tTAuthorizers extends readonly string[] = readonly string[],\n\tTAuditStorage extends AuditStorage | undefined = undefined,\n\tTAuditStorageServiceName extends string = string,\n\tTAuditAction extends AuditableAction<string, unknown> = AuditableAction<\n\t\tstring,\n\t\tunknown\n\t>,\n\tTDatabase = undefined,\n\tTDatabaseServiceName extends string = string,\n> extends BaseFunctionBuilder<\n\tTInput,\n\tOutSchema,\n\tTServices,\n\tTLogger,\n\tTEventPublisher,\n\tTEventPublisherServiceName,\n\tTAuditStorage,\n\tTAuditStorageServiceName,\n\tTDatabase,\n\tTDatabaseServiceName\n> {\n\tprotected schemas: TInput = {} as TInput;\n\tprotected _description?: string;\n\tprotected _status?: SuccessStatus;\n\tprotected _tags?: string[];\n\tprotected _memorySize?: number;\n\t_getSession: SessionFn<TServices, TLogger, TSession, TDatabase> = () =>\n\t\t({}) as TSession;\n\t_authorize: AuthorizeFn<TServices, TLogger, TSession> = () => true;\n\t_rateLimit?: RateLimitConfig;\n\t_availableAuthorizers: Authorizer[] = [];\n\t_authorizerName?: TAuthorizers[number];\n\t_actorExtractor?: ActorExtractor<TServices, TSession, TLogger>;\n\t_audits: MappedAudit<TAuditAction, OutSchema>[] = [];\n\t_customSecuritySchemes: Record<string, SecurityScheme> = {};\n\t_rlsConfig?: RlsConfig<TServices, TSession, TLogger>;\n\t_rlsBypass?: boolean;\n\n\tconstructor(\n\t\treadonly route: TRoute,\n\t\treadonly method: TMethod,\n\t) {\n\t\tsuper(ConstructType.Endpoint);\n\t}\n\n\t// Internal setter for EndpointFactory to set default publisher\n\t_setPublisher(\n\t\tpublisher: Service<TEventPublisherServiceName, TEventPublisher>,\n\t) {\n\t\tthis._publisher = publisher;\n\t}\n\n\t// Internal setter for EndpointFactory to set default auditor storage\n\t_setAuditorStorage(\n\t\tstorage: Service<TAuditStorageServiceName, TAuditStorage>,\n\t) {\n\t\tthis._auditorStorage = storage;\n\t}\n\n\t// Internal setter for EndpointFactory to set default database service\n\t_setDatabaseService(service: Service<TDatabaseServiceName, TDatabase>) {\n\t\tthis._databaseService = service;\n\t}\n\n\tdescription(description: string): this {\n\t\tthis._description = description;\n\t\treturn this;\n\t}\n\n\tstatus(status: SuccessStatus): this {\n\t\tthis._status = status;\n\t\treturn this;\n\t}\n\n\toverride event<TEvent extends MappedEvent<TEventPublisher, OutSchema>>(\n\t\tevent: TEvent,\n\t): this {\n\t\tthis._events.push(event);\n\t\treturn this;\n\t}\n\n\ttags(tags: string[]): this {\n\t\tthis._tags = tags;\n\t\treturn this;\n\t}\n\n\tmemorySize(memorySize: number): this {\n\t\tthis._memorySize = memorySize;\n\t\treturn this;\n\t}\n\n\toverride publisher<T extends EventPublisher<any>, TName extends string>(\n\t\tpublisher: Service<TName, T>,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tT,\n\t\tTName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._publisher = publisher as unknown as Service<\n\t\t\tTEventPublisherServiceName,\n\t\t\tTEventPublisher\n\t\t>;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tT,\n\t\t\tTName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\tbody<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tOmit<TInput, 'body'> & { body: T },\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis.schemas.body = schema as unknown as T;\n\t\t// @ts-expect-error\n\t\treturn this;\n\t}\n\n\tsearch<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tOmit<TInput, 'query'> & { query: T },\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis.schemas.query = schema as unknown as T;\n\t\t// @ts-expect-error\n\t\treturn this;\n\t}\n\n\tquery<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tOmit<TInput, 'query'> & { query: T },\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\treturn this.search(schema);\n\t}\n\n\tparams<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tOmit<TInput, 'params'> & { params: T },\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis.schemas.params = schema as unknown as T;\n\t\t// @ts-expect-error\n\t\treturn this;\n\t}\n\n\trateLimit(config: RateLimitConfig): this {\n\t\tthis._rateLimit = config;\n\t\treturn this;\n\t}\n\n\tauthorizer(\n\t\tname: TAuthorizers[number] | 'none',\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\t// Special case: 'none' explicitly marks endpoint as having no authorizer\n\t\tif (name === 'none') {\n\t\t\tthis._authorizerName = undefined;\n\t\t\treturn this;\n\t\t}\n\n\t\t// Validate that the authorizer exists in available authorizers\n\t\tconst authorizerExists = this._availableAuthorizers.some(\n\t\t\t(a) => a.name === name,\n\t\t);\n\t\tif (!authorizerExists && this._availableAuthorizers.length > 0) {\n\t\t\tconst available = this._availableAuthorizers\n\t\t\t\t.map((a) => a.name)\n\t\t\t\t.join(', ');\n\t\t\tthrow new Error(\n\t\t\t\t`Authorizer \"${name as string}\" not found in available authorizers: ${available}`,\n\t\t\t);\n\t\t}\n\t\tthis._authorizerName = name;\n\t\treturn this;\n\t}\n\n\tservices<T extends Service[]>(\n\t\tservices: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\t[...TServices, ...T],\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._services = uniqBy(\n\t\t\t[...this._services, ...services],\n\t\t\t(s) => s.serviceName,\n\t\t) as TServices;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\t[...TServices, ...T],\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\tlogger<T extends Logger>(\n\t\tlogger: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tT,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._logger = logger as unknown as TLogger;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tT,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\toutput<T extends StandardSchemaV1>(\n\t\tschema: T,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tT,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis.outputSchema = schema as unknown as OutSchema;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tT,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\t/**\n\t * Set the auditor storage service for this endpoint.\n\t * This enables audit functionality and makes `auditor` available in the handler context.\n\t * The audit action type is automatically inferred from the storage's generic parameter.\n\t */\n\toverride auditor<T extends AuditStorage<any>, TName extends string>(\n\t\tstorage: Service<TName, T>,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tT,\n\t\tTName,\n\t\tExtractStorageAuditAction<T>,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._auditorStorage = storage as unknown as Service<\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditStorage\n\t\t>;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tT,\n\t\t\tTName,\n\t\t\tExtractStorageAuditAction<T>,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>;\n\t}\n\n\t/**\n\t * Set the actor extractor function for audit records.\n\t * The actor is extracted from the request context and attached to all audits.\n\t */\n\tactor(\n\t\textractor: ActorExtractor<TServices, TSession, TLogger>,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tthis._actorExtractor = extractor;\n\t\treturn this;\n\t}\n\n\t/**\n\t * Add declarative audit definitions that are processed after the handler executes.\n\t * Similar to `.event()` for events, but for audits.\n\t *\n\t * @example\n\t * ```typescript\n\t * .audit<AppAuditAction>([\n\t * {\n\t * type: 'user.created',\n\t * payload: (response) => ({ userId: response.id, email: response.email }),\n\t * when: (response) => response.active,\n\t * entityId: (response) => response.id,\n\t * table: 'users',\n\t * },\n\t * ])\n\t * ```\n\t */\n\taudit(audits: MappedAudit<TAuditAction, OutSchema>[]): this {\n\t\tthis._audits = audits;\n\t\treturn this;\n\t}\n\n\t/**\n\t * Set the database service for this endpoint.\n\t * The database will be available in the handler context as `db`.\n\t * When audit storage is configured and uses the same database,\n\t * `db` will automatically be the transaction for ACID compliance.\n\t *\n\t * @example\n\t * ```typescript\n\t * .database(databaseService)\n\t * .handle(async ({ db }) => {\n\t * // db is the raw database or transaction (when auditor uses same db)\n\t * return await db.selectFrom('users').selectAll().execute();\n\t * })\n\t * ```\n\t */\n\toverride database<T, TName extends string>(\n\t\tservice: Service<TName, T>,\n\t): EndpointBuilder<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tTServices,\n\t\tTLogger,\n\t\tOutSchema,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tT,\n\t\tTName\n\t> {\n\t\tthis._databaseService = service as unknown as Service<\n\t\t\tTDatabaseServiceName,\n\t\t\tTDatabase\n\t\t>;\n\n\t\treturn this as unknown as EndpointBuilder<\n\t\t\tTRoute,\n\t\t\tTMethod,\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tT,\n\t\t\tTName\n\t\t>;\n\t}\n\n\t/**\n\t * Configure RLS (Row-Level Security) context for this endpoint.\n\t * Pass `false` or `RLS_BYPASS` to explicitly bypass RLS for this endpoint.\n\t *\n\t * @example\n\t * ```typescript\n\t * // Custom RLS config for this endpoint\n\t * .rls({\n\t * extractor: ({ session }) => ({\n\t * user_id: session.userId,\n\t * tenant_id: session.tenantId,\n\t * }),\n\t * prefix: 'app',\n\t * })\n\t *\n\t * // Bypass RLS (for admin endpoints)\n\t * .rls(false)\n\t * ```\n\t */\n\trls(\n\t\tconfig: RlsConfig<TServices, TSession, TLogger> | false | RlsBypass,\n\t): this {\n\t\tif (config === false || config === RLS_BYPASS) {\n\t\t\tthis._rlsBypass = true;\n\t\t\tthis._rlsConfig = undefined;\n\t\t} else {\n\t\t\tthis._rlsConfig = config;\n\t\t\tthis._rlsBypass = false;\n\t\t}\n\t\treturn this;\n\t}\n\n\t/**\n\t * Explicitly bypass RLS for this endpoint.\n\t * Useful for admin operations that need unrestricted database access.\n\t *\n\t * @example\n\t * ```typescript\n\t * .rlsBypass()\n\t * .handle(async ({ db }) => {\n\t * // Full access, no RLS filtering\n\t * return db.selectFrom('orders').selectAll().execute();\n\t * })\n\t * ```\n\t */\n\trlsBypass(): this {\n\t\tthis._rlsBypass = true;\n\t\tthis._rlsConfig = undefined;\n\t\treturn this;\n\t}\n\n\t// EndpointBuilder doesn't have a generic input method - it uses body, query, params instead\n\tinput(_schema: any): any {\n\t\tthrow new Error(\n\t\t\t'EndpointBuilder does not support generic input. Use body(), query(), or params() instead.',\n\t\t);\n\t}\n\n\thandle(\n\t\tfn: EndpointHandler<\n\t\t\tTInput,\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tOutSchema,\n\t\t\tTSession,\n\t\t\tTDatabase,\n\t\t\tTAuditStorage,\n\t\t\tTAuditAction\n\t\t>,\n\t): Endpoint<\n\t\tTRoute,\n\t\tTMethod,\n\t\tTInput,\n\t\tOutSchema,\n\t\tTServices,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\t// Find authorizer metadata if name is set\n\t\t// If the authorizer name is set but not in availableAuthorizers, create a simple authorizer object\n\t\tlet authorizer: Authorizer | undefined;\n\t\tif (this._authorizerName) {\n\t\t\tconst existingAuthorizer = this._availableAuthorizers.find(\n\t\t\t\t(a) => a.name === this._authorizerName,\n\t\t\t);\n\n\t\t\tif (existingAuthorizer) {\n\t\t\t\tauthorizer = existingAuthorizer;\n\t\t\t} else {\n\t\t\t\t// Create authorizer with security scheme if available (built-in or custom)\n\t\t\t\tconst securityScheme = getSecurityScheme(\n\t\t\t\t\tthis._authorizerName as string,\n\t\t\t\t\tthis._customSecuritySchemes,\n\t\t\t\t);\n\t\t\t\tauthorizer = {\n\t\t\t\t\tname: this._authorizerName as string,\n\t\t\t\t\tsecurityScheme,\n\t\t\t\t};\n\t\t\t}\n\t\t}\n\n\t\treturn new Endpoint({\n\t\t\tfn,\n\t\t\tmethod: this.method,\n\t\t\troute: this.route,\n\t\t\tdescription: this._description,\n\t\t\ttags: this._tags,\n\t\t\tinput: this.schemas,\n\t\t\toutput: this.outputSchema,\n\t\t\tservices: this._services,\n\t\t\tlogger: this._logger,\n\t\t\ttimeout: this._timeout,\n\t\t\tmemorySize: this._memorySize,\n\t\t\tauthorize: this._authorize,\n\t\t\tstatus: this._status,\n\t\t\tgetSession: this._getSession,\n\t\t\trateLimit: this._rateLimit,\n\t\t\tpublisherService: this._publisher,\n\t\t\tevents: this._events,\n\t\t\tauthorizer,\n\t\t\tauditorStorageService: this._auditorStorage,\n\t\t\tactorExtractor: this._actorExtractor,\n\t\t\taudits: this._audits,\n\t\t\tdatabaseService: this._databaseService,\n\t\t\trlsConfig: this._rlsConfig,\n\t\t\trlsBypass: this._rlsBypass,\n\t\t});\n\t}\n}\n"],"mappings":";;;;;;;;;AA2BA,IAAa,kBAAb,cAmBUA,gDAWR;CACD,AAAU,UAAkB,CAAE;CAC9B,AAAU;CACV,AAAU;CACV,AAAU;CACV,AAAU;CACV,cAAkE,OAChE,CAAE;CACJ,aAAwD,MAAM;CAC9D;CACA,wBAAsC,CAAE;CACxC;CACA;CACA,UAAkD,CAAE;CACpD,yBAAyD,CAAE;CAC3D;CACA;CAEA,YACUC,OACAC,QACR;AACD,QAAMC,gCAAc,SAAS;EAHpB;EACA;CAGT;CAGD,cACCC,WACC;AACD,OAAK,aAAa;CAClB;CAGD,mBACCC,SACC;AACD,OAAK,kBAAkB;CACvB;CAGD,oBAAoBC,SAAmD;AACtE,OAAK,mBAAmB;CACxB;CAED,YAAYC,aAA2B;AACtC,OAAK,eAAe;AACpB,SAAO;CACP;CAED,OAAOC,QAA6B;AACnC,OAAK,UAAU;AACf,SAAO;CACP;CAED,AAAS,MACRC,OACO;AACP,OAAK,QAAQ,KAAK,MAAM;AACxB,SAAO;CACP;CAED,KAAKC,MAAsB;AAC1B,OAAK,QAAQ;AACb,SAAO;CACP;CAED,WAAWC,YAA0B;AACpC,OAAK,cAAc;AACnB,SAAO;CACP;CAED,AAAS,UACRC,WAiBC;AACD,OAAK,aAAa;AAKlB,SAAO;CAiBP;CAED,KACCC,QAiBC;AACD,OAAK,QAAQ,OAAO;AAEpB,SAAO;CACP;CAED,OACCA,QAiBC;AACD,OAAK,QAAQ,QAAQ;AAErB,SAAO;CACP;CAED,MACCA,QAiBC;AACD,SAAO,KAAK,OAAO,OAAO;CAC1B;CAED,OACCA,QAiBC;AACD,OAAK,QAAQ,SAAS;AAEtB,SAAO;CACP;CAED,UAAUC,QAA+B;AACxC,OAAK,aAAa;AAClB,SAAO;CACP;CAED,WACCC,MAiBC;AAED,MAAI,SAAS,QAAQ;AACpB,QAAK;AACL,UAAO;EACP;EAGD,MAAM,mBAAmB,KAAK,sBAAsB,KACnD,CAAC,MAAM,EAAE,SAAS,KAClB;AACD,OAAK,oBAAoB,KAAK,sBAAsB,SAAS,GAAG;GAC/D,MAAM,YAAY,KAAK,sBACrB,IAAI,CAAC,MAAM,EAAE,KAAK,CAClB,KAAK,KAAK;AACZ,SAAM,IAAI,OACR,cAAc,KAAe,wCAAwC,UAAU;EAEjF;AACD,OAAK,kBAAkB;AACvB,SAAO;CACP;CAED,SACCC,UAiBC;AACD,OAAK,YAAY,2BAChB,CAAC,GAAG,KAAK,WAAW,GAAG,QAAS,GAChC,CAAC,MAAM,EAAE,YACT;AAED,SAAO;CAiBP;CAED,OACCC,QAiBC;AACD,OAAK,UAAU;AAEf,SAAO;CAiBP;CAED,OACCJ,QAiBC;AACD,OAAK,eAAe;AAEpB,SAAO;CAiBP;;;;;;CAOD,AAAS,QACRK,SAiBC;AACD,OAAK,kBAAkB;AAKvB,SAAO;CAiBP;;;;;CAMD,MACCC,WAiBC;AACD,OAAK,kBAAkB;AACvB,SAAO;CACP;;;;;;;;;;;;;;;;;;CAmBD,MAAMC,QAAsD;AAC3D,OAAK,UAAU;AACf,SAAO;CACP;;;;;;;;;;;;;;;;CAiBD,AAAS,SACRC,SAiBC;AACD,OAAK,mBAAmB;AAKxB,SAAO;CAiBP;;;;;;;;;;;;;;;;;;;;CAqBD,IACCC,QACO;AACP,MAAI,WAAW,SAAS,WAAWC,wBAAY;AAC9C,QAAK,aAAa;AAClB,QAAK;EACL,OAAM;AACN,QAAK,aAAa;AAClB,QAAK,aAAa;EAClB;AACD,SAAO;CACP;;;;;;;;;;;;;;CAeD,YAAkB;AACjB,OAAK,aAAa;AAClB,OAAK;AACL,SAAO;CACP;CAGD,MAAMC,SAAmB;AACxB,QAAM,IAAI,MACT;CAED;CAED,OACCC,IAyBC;EAGD,IAAIC;AACJ,MAAI,KAAK,iBAAiB;GACzB,MAAM,qBAAqB,KAAK,sBAAsB,KACrD,CAAC,MAAM,EAAE,SAAS,KAAK,gBACvB;AAED,OAAI,mBACH,cAAa;QACP;IAEN,MAAM,iBAAiB,qCACtB,KAAK,iBACL,KAAK,uBACL;AACD,iBAAa;KACZ,MAAM,KAAK;KACX;IACA;GACD;EACD;AAED,SAAO,IAAIC,0BAAS;GACnB;GACA,QAAQ,KAAK;GACb,OAAO,KAAK;GACZ,aAAa,KAAK;GAClB,MAAM,KAAK;GACX,OAAO,KAAK;GACZ,QAAQ,KAAK;GACb,UAAU,KAAK;GACf,QAAQ,KAAK;GACb,SAAS,KAAK;GACd,YAAY,KAAK;GACjB,WAAW,KAAK;GAChB,QAAQ,KAAK;GACb,YAAY,KAAK;GACjB,WAAW,KAAK;GAChB,kBAAkB,KAAK;GACvB,QAAQ,KAAK;GACb;GACA,uBAAuB,KAAK;GAC5B,gBAAgB,KAAK;GACrB,QAAQ,KAAK;GACb,iBAAiB,KAAK;GACtB,WAAW,KAAK;GAChB,WAAW,KAAK;EAChB;CACD;AACD"}
package/dist/{EndpointFactory-DM7M-dXl.mjs → EndpointFactory-B-8ff3mx.mjs} RENAMED
@@ -1,4 +1,4 @@
1
- import { EndpointBuilder } from "./EndpointBuilder-AnXrzD5x.mjs";
1
+ import { EndpointBuilder } from "./EndpointBuilder-DCuWPL1Y.mjs";
2
2
  import { ConsoleLogger } from "@geekmidas/logger/console";
3
3
  import uniqBy from "lodash.uniqby";
4
4
 
@@ -374,4 +374,4 @@ const e = new EndpointFactory();
374
374
 
375
375
  //#endregion
376
376
  export { EndpointFactory, e };
377
- //# sourceMappingURL=EndpointFactory-DM7M-dXl.mjs.map
377
+ //# sourceMappingURL=EndpointFactory-B-8ff3mx.mjs.map
package/dist/{EndpointFactory-DM7M-dXl.mjs.map → EndpointFactory-B-8ff3mx.mjs.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"EndpointFactory-DM7M-dXl.mjs","names":["DEFAULT_LOGGER","path: P","basePath: TBasePath","authorizers: T","schemes: T","name:\n\t\t\t| BuiltInSecuritySchemeId\n\t\t\t| keyof TSecuritySchemes\n\t\t\t| TAuthorizers[number]\n\t\t\t| 'none'","path: TPath","fn: AuthorizeFn<TServices, TLogger, TSession>","services: S","logger: L","publisher: Service<TServiceName, T>","session: SessionFn<TServices, TLogger, T, TDatabase>","service: Service<TName, T>","storage: Service<TName, T>","extractor: ActorExtractor<TServices, TSession, TLogger>","config: TConfig","method: TMethod"],"sources":["../src/endpoints/EndpointFactory.ts"],"sourcesContent":["import type {\n\tAuditableAction,\n\tAuditStorage,\n\tExtractStorageAuditAction,\n} from '@geekmidas/audit';\nimport type { EventPublisher, MappedEvent } from '@geekmidas/events';\nimport type { Logger } from '@geekmidas/logger';\nimport { ConsoleLogger } from '@geekmidas/logger/console';\nimport type { Service } from '@geekmidas/services';\nimport uniqBy from 'lodash.uniqby';\nimport type { HttpMethod } from '../types';\nimport type {\n\tAuthorizer,\n\tBuiltInSecuritySchemeId,\n\tSecurityScheme,\n} from './Authorizer';\nimport type { ActorExtractor } from './audit';\nimport type { AuthorizeFn, SessionFn } from './Endpoint';\nimport { EndpointBuilder } from './EndpointBuilder';\nimport type { RlsConfig } from './rls';\n\n// Re-export SecurityScheme to make the type portable in declaration files\nexport type { SecurityScheme } from './Authorizer';\n\nconst DEFAULT_LOGGER = new ConsoleLogger() as any;\n\nexport class EndpointFactory<\n\tTServices extends Service[] = [],\n\tTBasePath extends string = '',\n\tTLogger extends Logger = Logger,\n\tTSession = unknown,\n\tTEventPublisher extends EventPublisher<any> | undefined = undefined,\n\tTEventPublisherServiceName extends string = string,\n\tTAuthorizers extends readonly string[] = readonly string[],\n\tTAuditStorage extends AuditStorage<any> | undefined = undefined,\n\tTAuditStorageServiceName extends string = string,\n\tTAuditAction extends AuditableAction<\n\t\tstring,\n\t\tunknown\n\t> = ExtractStorageAuditAction<NonNullable<TAuditStorage>>,\n\tTDatabase = undefined,\n\tTDatabaseServiceName extends string = string,\n\tTSecuritySchemes extends Record<string, SecurityScheme> = Record<\n\t\tstring,\n\t\tSecurityScheme\n\t>,\n\tTRlsConfig extends\n\t\t| RlsConfig<TServices, TSession, TLogger>\n\t\t| undefined = undefined,\n> {\n\tprivate defaultServices: TServices = [] as unknown as TServices;\n\tprivate basePath: TBasePath = '' as TBasePath;\n\tprivate defaultAuthorizeFn?: AuthorizeFn<TServices, TLogger, TSession>;\n\tprivate defaultEventPublisher:\n\t\t| Service<TEventPublisherServiceName, TEventPublisher>\n\t\t| undefined;\n\tprivate defaultSessionExtractor?: SessionFn<\n\t\tTServices,\n\t\tTLogger,\n\t\tTSession,\n\t\tTDatabase\n\t>;\n\tprivate defaultLogger: TLogger = DEFAULT_LOGGER;\n\tprivate availableAuthorizers: Authorizer[] = [];\n\tprivate defaultAuthorizerName?: TAuthorizers[number];\n\tprivate defaultAuditorStorage:\n\t\t| Service<TAuditStorageServiceName, TAuditStorage>\n\t\t| undefined;\n\tprivate defaultDatabaseService:\n\t\t| Service<TDatabaseServiceName, TDatabase>\n\t\t| undefined;\n\tprivate defaultActorExtractor?: ActorExtractor<TServices, TSession, TLogger>;\n\tprivate customSecuritySchemes: TSecuritySchemes = {} as TSecuritySchemes;\n\tprivate defaultRlsConfig?: TRlsConfig;\n\n\tconstructor({\n\t\tbasePath,\n\t\tdefaultAuthorizeFn,\n\t\tdefaultLogger,\n\t\tdefaultSessionExtractor,\n\t\t// @ts-expect-error\n\t\tdefaultServices = [] as TServices,\n\t\tdefaultEventPublisher,\n\t\tavailableAuthorizers = [],\n\t\tdefaultAuthorizerName,\n\t\tdefaultAuditorStorage,\n\t\tdefaultDatabaseService,\n\t\tdefaultActorExtractor,\n\t\tcustomSecuritySchemes = {} as TSecuritySchemes,\n\t\tdefaultRlsConfig,\n\t}: EndpointFactoryOptions<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> = {}) {\n\t\t// Initialize default services\n\t\tthis.defaultServices = uniqBy(\n\t\t\tdefaultServices,\n\t\t\t(s) => s.serviceName,\n\t\t) as TServices;\n\n\t\tthis.basePath = basePath || ('' as TBasePath);\n\t\tthis.defaultAuthorizeFn = defaultAuthorizeFn;\n\t\tthis.defaultLogger = defaultLogger || (DEFAULT_LOGGER as TLogger);\n\t\tthis.defaultSessionExtractor = defaultSessionExtractor;\n\t\tthis.defaultEventPublisher = defaultEventPublisher;\n\t\tthis.availableAuthorizers = availableAuthorizers;\n\t\tthis.defaultAuthorizerName = defaultAuthorizerName;\n\t\tthis.defaultAuditorStorage = defaultAuditorStorage;\n\t\tthis.defaultDatabaseService = defaultDatabaseService;\n\t\tthis.defaultActorExtractor = defaultActorExtractor;\n\t\tthis.customSecuritySchemes = customSecuritySchemes;\n\t\tthis.defaultRlsConfig = defaultRlsConfig;\n\t}\n\n\tstatic joinPaths<TBasePath extends string, P extends string>(\n\t\tpath: P,\n\t\tbasePath: TBasePath = '' as TBasePath,\n\t): JoinPaths<TBasePath, P> {\n\t\t// Handle empty cases\n\t\tif (!basePath && !path) return '/' as JoinPaths<TBasePath, P>;\n\t\tif (!basePath)\n\t\t\treturn (path.startsWith('/') ? path : `/${path}`) as JoinPaths<\n\t\t\t\tTBasePath,\n\t\t\t\tP\n\t\t\t>;\n\t\tif (!path)\n\t\t\treturn (\n\t\t\t\tbasePath.startsWith('/') ? basePath : `/${basePath}`\n\t\t\t) as JoinPaths<TBasePath, P>;\n\n\t\tconst base = basePath.endsWith('/') ? basePath.slice(0, -1) : basePath;\n\t\tconst segment = path.startsWith('/') ? path : `/${path}`;\n\n\t\tlet result = base + segment;\n\n\t\t// Ensure leading slash\n\t\tif (!result.startsWith('/')) {\n\t\t\tresult = `/${result}`;\n\t\t}\n\n\t\t// Normalize multiple slashes (except in the middle of the path where they might be intentional)\n\t\tresult = result.replace(/^\\/+/g, '/');\n\n\t\t// Remove trailing slash unless it's the root path \"/\"\n\t\tif (result.length > 1 && result.endsWith('/')) {\n\t\t\tresult = result.slice(0, -1);\n\t\t}\n\n\t\treturn result as JoinPaths<TBasePath, P>;\n\t}\n\n\t// Configure available authorizers\n\tauthorizers<const T extends readonly string[]>(\n\t\tauthorizers: T,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tT,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> {\n\t\tconst authorizerConfigs = authorizers.map((name) => ({\n\t\t\tname,\n\t\t}));\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tT,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: authorizerConfigs,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this.defaultActorExtractor,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\t/**\n\t * Define custom security schemes for this factory.\n\t * These extend the built-in schemes (jwt, bearer, apiKey, oauth2, oidc).\n\t *\n\t * @example\n\t * ```typescript\n\t * const router = e.securitySchemes({\n\t * awsIamSigV4: {\n\t * type: 'apiKey',\n\t * in: 'header',\n\t * name: 'Authorization',\n\t * 'x-amazon-apigateway-authtype': 'awsSigv4',\n\t * },\n\t * });\n\t * ```\n\t */\n\tsecuritySchemes<T extends Record<string, SecurityScheme>>(\n\t\tschemes: T,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes & T,\n\t\tTRlsConfig\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes & T,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this.defaultActorExtractor,\n\t\t\tcustomSecuritySchemes: {\n\t\t\t\t...this.customSecuritySchemes,\n\t\t\t\t...schemes,\n\t\t\t} as TSecuritySchemes & T,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\t/**\n\t * Set the default authorizer for all endpoints created from this factory.\n\t * Individual endpoints can override this by calling `.authorizer()` on the builder.\n\t * Use `'none'` to explicitly disable authorization for all endpoints.\n\t *\n\t * Accepts:\n\t * - Built-in security scheme names: 'jwt', 'bearer', 'apiKey', 'oauth2', 'oidc'\n\t * - Custom security scheme names defined via `.securitySchemes()`\n\t * - 'none' to disable authorization\n\t */\n\tauthorizer(\n\t\tname:\n\t\t\t| BuiltInSecuritySchemeId\n\t\t\t| keyof TSecuritySchemes\n\t\t\t| TAuthorizers[number]\n\t\t\t| 'none',\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> {\n\t\t// Validate that the authorizer exists in available authorizers (if authorizers() was called)\n\t\tif (name !== 'none' && this.availableAuthorizers.length > 0) {\n\t\t\tconst authorizerExists = this.availableAuthorizers.some(\n\t\t\t\t(a) => a.name === name,\n\t\t\t);\n\t\t\tif (!authorizerExists) {\n\t\t\t\tconst available = this.availableAuthorizers\n\t\t\t\t\t.map((a) => a.name)\n\t\t\t\t\t.join(', ');\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Authorizer \"${name as string}\" not found in available authorizers: ${available}`,\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName:\n\t\t\t\tname === 'none' ? undefined : (name as TAuthorizers[number]),\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this.defaultActorExtractor,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\t// Create a sub-router with a path prefix\n\troute<TPath extends string>(\n\t\tpath: TPath,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tJoinPaths<TBasePath, TPath>,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> {\n\t\tconst newBasePath = EndpointFactory.joinPaths(path, this.basePath);\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tJoinPaths<TBasePath, TPath>,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: newBasePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this.defaultActorExtractor,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\t// Create a new factory with authorization\n\tauthorize(\n\t\tfn: AuthorizeFn<TServices, TLogger, TSession>,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: fn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this.defaultActorExtractor,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\t// Create a new factory with services\n\tservices<S extends Service[]>(\n\t\tservices: S,\n\t): EndpointFactory<\n\t\t[...S, ...TServices],\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tundefined // Reset RLS config when services change - user should call .rls() after .services()\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\t[...S, ...TServices],\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tundefined\n\t\t>({\n\t\t\tdefaultServices: [...services, ...this.defaultServices],\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn as unknown as AuthorizeFn<\n\t\t\t\t[...S, ...TServices],\n\t\t\t\tTLogger,\n\t\t\t\tTSession\n\t\t\t>,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor as unknown as\n\t\t\t\t| SessionFn<[...S, ...TServices], TLogger, TSession, TDatabase>\n\t\t\t\t| undefined,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this.defaultActorExtractor as unknown as\n\t\t\t\t| ActorExtractor<[...S, ...TServices], TSession, TLogger>\n\t\t\t\t| undefined,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\t// Reset RLS config when services change since it depends on TServices\n\t\t\tdefaultRlsConfig: undefined,\n\t\t});\n\t}\n\n\tlogger<L extends Logger>(\n\t\tlogger: L,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tL,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tundefined // Reset RLS config when logger type changes - user should call .rls() after .logger()\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tL,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tundefined\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn as unknown as AuthorizeFn<\n\t\t\t\tTServices,\n\t\t\t\tL,\n\t\t\t\tTSession\n\t\t\t>,\n\t\t\tdefaultLogger: logger,\n\t\t\tdefaultSessionExtractor: this\n\t\t\t\t.defaultSessionExtractor as unknown as SessionFn<\n\t\t\t\tTServices,\n\t\t\t\tL,\n\t\t\t\tTSession\n\t\t\t>,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this\n\t\t\t\t.defaultActorExtractor as unknown as ActorExtractor<\n\t\t\t\tTServices,\n\t\t\t\tTSession,\n\t\t\t\tL\n\t\t\t>,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\t// Reset RLS config when logger type changes since it depends on TLogger\n\t\t\tdefaultRlsConfig: undefined,\n\t\t});\n\t}\n\n\tpublisher<\n\t\tT extends EventPublisher<any>,\n\t\tTServiceName extends string = string,\n\t>(\n\t\tpublisher: Service<TServiceName, T>,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tT,\n\t\tTServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tT,\n\t\t\tTServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: publisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this.defaultActorExtractor,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\tsession<T>(\n\t\tsession: SessionFn<TServices, TLogger, T, TDatabase>,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tT,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tundefined // Reset RLS config when session type changes - user should call .rls() after .session()\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tT,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tundefined\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn as unknown as AuthorizeFn<\n\t\t\t\tTServices,\n\t\t\t\tTLogger,\n\t\t\t\tT\n\t\t\t>,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: session,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this\n\t\t\t\t.defaultActorExtractor as unknown as ActorExtractor<\n\t\t\t\tTServices,\n\t\t\t\tT,\n\t\t\t\tTLogger\n\t\t\t>,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\t// Reset RLS config when session type changes since it depends on TSession\n\t\t\tdefaultRlsConfig: undefined,\n\t\t});\n\t}\n\n\t/**\n\t * Set the database service for endpoints created from this factory.\n\t * The database will be available in handler context as `db`.\n\t */\n\tdatabase<T, TName extends string>(\n\t\tservice: Service<TName, T>,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tT,\n\t\tTName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tT,\n\t\t\tTName,\n\t\t\tTSecuritySchemes,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\t// Reset session extractor when database changes - user should call .session() after .database()\n\t\t\t// to get proper type inference for the new database type\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor as unknown as\n\t\t\t\t| SessionFn<TServices, TLogger, TSession, T>\n\t\t\t\t| undefined,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: service,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\t/**\n\t * Set the auditor storage service for endpoints created from this factory.\n\t * This enables audit functionality and makes `auditor` available in handler context.\n\t * The audit action type is automatically inferred from the storage's generic parameter.\n\t */\n\tauditor<T extends AuditStorage<any>, TName extends string>(\n\t\tstorage: Service<TName, T>,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tT,\n\t\tTName,\n\t\tExtractStorageAuditAction<T>,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tT,\n\t\t\tTName,\n\t\t\tExtractStorageAuditAction<T>,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: storage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this\n\t\t\t\t.defaultActorExtractor as unknown as ActorExtractor<\n\t\t\t\tTServices,\n\t\t\t\tTSession,\n\t\t\t\tTLogger\n\t\t\t>,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\t/**\n\t * Set the actor extractor function for endpoints created from this factory.\n\t * The actor is extracted from the request context and attached to all audits.\n\t */\n\tactor(\n\t\textractor: ActorExtractor<TServices, TSession, TLogger>,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: extractor,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\t/**\n\t * Set the RLS (Row-Level Security) configuration for endpoints created from this factory.\n\t * This enables automatic PostgreSQL session variable setting for RLS policies.\n\t *\n\t * @example\n\t * ```typescript\n\t * const api = new EndpointFactory()\n\t * .database(databaseService)\n\t * .session(extractSession)\n\t * .rls({\n\t * extractor: ({ session }) => ({\n\t * user_id: session.userId,\n\t * tenant_id: session.tenantId,\n\t * }),\n\t * prefix: 'app',\n\t * });\n\t * ```\n\t */\n\trls<TConfig extends RlsConfig<TServices, TSession, TLogger>>(\n\t\tconfig: TConfig,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTConfig\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tTConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this.defaultActorExtractor,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: config,\n\t\t});\n\t}\n\n\tprivate createBuilder<TMethod extends HttpMethod, TPath extends string>(\n\t\tmethod: TMethod,\n\t\tpath: TPath,\n\t): EndpointBuilder<\n\t\tJoinPaths<TBasePath, TPath>,\n\t\tTMethod,\n\t\t{},\n\t\tTServices,\n\t\tTLogger,\n\t\tundefined,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tconst fullPath = EndpointFactory.joinPaths(path, this.basePath);\n\t\tconst builder = new EndpointBuilder<\n\t\t\tJoinPaths<TBasePath, TPath>,\n\t\t\tTMethod,\n\t\t\t{},\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tundefined,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>(fullPath, method);\n\n\t\tif (this.defaultAuthorizeFn) {\n\t\t\tbuilder._authorize = this.defaultAuthorizeFn;\n\t\t}\n\t\tif (this.defaultServices.length) {\n\t\t\t// Create a copy to avoid sharing references between builders\n\t\t\tbuilder._services = [...this.defaultServices] as TServices;\n\t\t}\n\n\t\tif (this.defaultLogger) {\n\t\t\tbuilder._logger = this.defaultLogger as TLogger;\n\t\t}\n\n\t\tif (this.defaultSessionExtractor) {\n\t\t\tbuilder._getSession = this.defaultSessionExtractor as SessionFn<\n\t\t\t\tTServices,\n\t\t\t\tTLogger,\n\t\t\t\tTSession\n\t\t\t>;\n\t\t}\n\n\t\tif (this.defaultEventPublisher) {\n\t\t\tbuilder._setPublisher(this.defaultEventPublisher);\n\t\t}\n\n\t\t// Set available authorizers and default\n\t\tbuilder._availableAuthorizers = this.availableAuthorizers;\n\t\tif (this.defaultAuthorizerName) {\n\t\t\tbuilder._authorizerName = this.defaultAuthorizerName;\n\t\t}\n\n\t\t// Set auditor storage if configured\n\t\tif (this.defaultAuditorStorage) {\n\t\t\tbuilder._setAuditorStorage(this.defaultAuditorStorage as any);\n\t\t}\n\n\t\t// Set database service if configured\n\t\tif (this.defaultDatabaseService) {\n\t\t\tbuilder._setDatabaseService(this.defaultDatabaseService as any);\n\t\t}\n\n\t\t// Set actor extractor if configured\n\t\tif (this.defaultActorExtractor) {\n\t\t\tbuilder._actorExtractor = this.defaultActorExtractor;\n\t\t}\n\n\t\t// Set custom security schemes\n\t\tbuilder._customSecuritySchemes = this.customSecuritySchemes;\n\n\t\t// Set RLS config if configured\n\t\tif (this.defaultRlsConfig) {\n\t\t\tbuilder._rlsConfig = this.defaultRlsConfig as any;\n\t\t}\n\n\t\treturn builder;\n\t}\n\n\tpost<TPath extends string>(path: TPath) {\n\t\treturn this.createBuilder('POST', path);\n\t}\n\n\tget<TPath extends string>(path: TPath) {\n\t\treturn this.createBuilder('GET', path);\n\t}\n\n\tput<TPath extends string>(path: TPath) {\n\t\treturn this.createBuilder('PUT', path);\n\t}\n\n\tdelete<TPath extends string>(path: TPath) {\n\t\treturn this.createBuilder('DELETE', path);\n\t}\n\n\tpatch<TPath extends string>(path: TPath) {\n\t\treturn this.createBuilder('PATCH', path);\n\t}\n\n\toptions<TPath extends string>(path: TPath) {\n\t\treturn this.createBuilder('OPTIONS', path);\n\t}\n}\n\nexport type RemoveTrailingSlash<T extends string> = T extends `${infer Rest}/`\n\t? Rest extends ''\n\t\t? T // Keep \"/\" as is\n\t\t: Rest\n\t: T;\n\nexport type JoinPaths<\n\tTBasePath extends string,\n\tTPath extends string,\n> = RemoveTrailingSlash<\n\tTBasePath extends ''\n\t\t? TPath\n\t\t: TPath extends ''\n\t\t\t? TBasePath\n\t\t\t: TBasePath extends '/'\n\t\t\t\t? TPath extends `/${string}`\n\t\t\t\t\t? TPath\n\t\t\t\t\t: `/${TPath}`\n\t\t\t\t: TBasePath extends `${infer Base}/`\n\t\t\t\t\t? TPath extends `/${infer Rest}`\n\t\t\t\t\t\t? `${Base}/${Rest}`\n\t\t\t\t\t\t: `${Base}/${TPath}`\n\t\t\t\t\t: TPath extends `/${infer Rest}`\n\t\t\t\t\t\t? `${TBasePath}/${Rest}`\n\t\t\t\t\t\t: `${TBasePath}/${TPath}`\n>;\n\nexport interface EndpointFactoryOptions<\n\tTServices extends Service[] = [],\n\tTBasePath extends string = '',\n\tTLogger extends Logger = Logger,\n\tTSession = unknown,\n\tTEventPublisher extends EventPublisher<any> | undefined = undefined,\n\tTEventPublisherServiceName extends string = string,\n\tTAuthorizers extends readonly string[] = readonly string[],\n\tTAuditStorage extends AuditStorage | undefined = undefined,\n\tTAuditStorageServiceName extends string = string,\n\tTDatabase = undefined,\n\tTDatabaseServiceName extends string = string,\n\tTSecuritySchemes extends Record<string, SecurityScheme> = Record<\n\t\tstring,\n\t\tSecurityScheme\n\t>,\n\tTRlsConfig extends\n\t\t| RlsConfig<TServices, TSession, TLogger>\n\t\t| undefined = undefined,\n> {\n\tdefaultServices?: TServices;\n\tbasePath?: TBasePath;\n\tdefaultAuthorizeFn?: AuthorizeFn<TServices, TLogger, TSession>;\n\tdefaultLogger?: TLogger;\n\tdefaultSessionExtractor?: SessionFn<TServices, TLogger, TSession, TDatabase>;\n\tdefaultEventPublisher?: Service<TEventPublisherServiceName, TEventPublisher>;\n\tdefaultEvents?: MappedEvent<TEventPublisher, undefined>[];\n\tavailableAuthorizers?: Authorizer[];\n\tdefaultAuthorizerName?: TAuthorizers[number];\n\tdefaultAuditorStorage?: Service<TAuditStorageServiceName, TAuditStorage>;\n\tdefaultDatabaseService?: Service<TDatabaseServiceName, TDatabase>;\n\tdefaultActorExtractor?: ActorExtractor<TServices, TSession, TLogger>;\n\tcustomSecuritySchemes?: TSecuritySchemes;\n\tdefaultRlsConfig?: TRlsConfig;\n}\n\nexport const e = new EndpointFactory();\n"],"mappings":";;;;;AAwBA,MAAMA,mBAAiB,IAAI;AAE3B,IAAa,kBAAb,MAAa,gBAuBX;CACD,AAAQ,kBAA6B,CAAE;CACvC,AAAQ,WAAsB;CAC9B,AAAQ;CACR,AAAQ;CAGR,AAAQ;CAMR,AAAQ,gBAAyBA;CACjC,AAAQ,uBAAqC,CAAE;CAC/C,AAAQ;CACR,AAAQ;CAGR,AAAQ;CAGR,AAAQ;CACR,AAAQ,wBAA0C,CAAE;CACpD,AAAQ;CAER,YAAY,EACX,UACA,oBACA,eACA,yBAEA,kBAAkB,CAAE,GACpB,uBACA,uBAAuB,CAAE,GACzB,uBACA,uBACA,wBACA,uBACA,wBAAwB,CAAE,GAC1B,kBAeA,GAAG,CAAE,GAAE;AAEP,OAAK,kBAAkB,OACtB,iBACA,CAAC,MAAM,EAAE,YACT;AAED,OAAK,WAAW,YAAa;AAC7B,OAAK,qBAAqB;AAC1B,OAAK,gBAAgB,iBAAkBA;AACvC,OAAK,0BAA0B;AAC/B,OAAK,wBAAwB;AAC7B,OAAK,uBAAuB;AAC5B,OAAK,wBAAwB;AAC7B,OAAK,wBAAwB;AAC7B,OAAK,yBAAyB;AAC9B,OAAK,wBAAwB;AAC7B,OAAK,wBAAwB;AAC7B,OAAK,mBAAmB;CACxB;CAED,OAAO,UACNC,MACAC,WAAsB,IACI;AAE1B,OAAK,aAAa,KAAM,QAAO;AAC/B,OAAK,SACJ,QAAQ,KAAK,WAAW,IAAI,GAAG,QAAQ,GAAG,KAAK;AAIhD,OAAK,KACJ,QACC,SAAS,WAAW,IAAI,GAAG,YAAY,GAAG,SAAS;EAGrD,MAAM,OAAO,SAAS,SAAS,IAAI,GAAG,SAAS,MAAM,GAAG,GAAG,GAAG;EAC9D,MAAM,UAAU,KAAK,WAAW,IAAI,GAAG,QAAQ,GAAG,KAAK;EAEvD,IAAI,SAAS,OAAO;AAGpB,OAAK,OAAO,WAAW,IAAI,CAC1B,WAAU,GAAG,OAAO;AAIrB,WAAS,OAAO,QAAQ,SAAS,IAAI;AAGrC,MAAI,OAAO,SAAS,KAAK,OAAO,SAAS,IAAI,CAC5C,UAAS,OAAO,MAAM,GAAG,GAAG;AAG7B,SAAO;CACP;CAGD,YACCC,aAgBC;EACD,MAAM,oBAAoB,YAAY,IAAI,CAAC,UAAU,EACpD,KACA,GAAE;AACH,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB,KAAK;GAC5B,sBAAsB;GACtB,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,kBAAkB,KAAK;EACvB;CACD;;;;;;;;;;;;;;;;;CAkBD,gBACCC,SAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KAAK;GAC5B,uBAAuB;IACtB,GAAG,KAAK;IACR,GAAG;GACH;GACD,kBAAkB,KAAK;EACvB;CACD;;;;;;;;;;;CAYD,WACCC,MAoBC;AAED,MAAI,SAAS,UAAU,KAAK,qBAAqB,SAAS,GAAG;GAC5D,MAAM,mBAAmB,KAAK,qBAAqB,KAClD,CAAC,MAAM,EAAE,SAAS,KAClB;AACD,QAAK,kBAAkB;IACtB,MAAM,YAAY,KAAK,qBACrB,IAAI,CAAC,MAAM,EAAE,KAAK,CAClB,KAAK,KAAK;AACZ,UAAM,IAAI,OACR,cAAc,KAAe,wCAAwC,UAAU;GAEjF;EACD;AAED,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBACC,SAAS,kBAAsB;GAChC,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,kBAAkB,KAAK;EACvB;CACD;CAGD,MACCC,MAgBC;EACD,MAAM,cAAc,gBAAgB,UAAU,MAAM,KAAK,SAAS;AAClE,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU;GACV,oBAAoB,KAAK;GACzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,kBAAkB,KAAK;EACvB;CACD;CAGD,UACCC,IAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB;GACpB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,kBAAkB,KAAK;EACvB;CACD;CAGD,SACCC,UAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,CAAC,GAAG,UAAU,GAAG,KAAK,eAAgB;GACvD,UAAU,KAAK;GACf,oBAAoB,KAAK;GAKzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAG9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KAAK;GAG5B,uBAAuB,KAAK;GAE5B;EACA;CACD;CAED,OACCC,QAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GAKzB,eAAe;GACf,yBAAyB,KACvB;GAKF,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KACrB;GAKF,uBAAuB,KAAK;GAE5B;EACA;CACD;CAED,UAICC,WAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB;GACvB,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,kBAAkB,KAAK;EACvB;CACD;CAED,QACCC,SAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GAKzB,eAAe,KAAK;GACpB,yBAAyB;GACzB,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KACrB;GAKF,uBAAuB,KAAK;GAE5B;EACA;CACD;;;;;CAMD,SACCC,SAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,eAAe,KAAK;GAGpB,yBAAyB,KAAK;GAG9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB;GACxB,uBAAuB,KAAK;GAC5B,kBAAkB,KAAK;EACvB;CACD;;;;;;CAOD,QACCC,SAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB;GACvB,wBAAwB,KAAK;GAC7B,uBAAuB,KACrB;GAKF,uBAAuB,KAAK;GAC5B,kBAAkB,KAAK;EACvB;CACD;;;;;CAMD,MACCC,WAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB;GACvB,uBAAuB,KAAK;GAC5B,kBAAkB,KAAK;EACvB;CACD;;;;;;;;;;;;;;;;;;;CAoBD,IACCC,QAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,kBAAkB;EAClB;CACD;CAED,AAAQ,cACPC,QACAV,MAiBC;EACD,MAAM,WAAW,gBAAgB,UAAU,MAAM,KAAK,SAAS;EAC/D,MAAM,UAAU,IAAI,gBAgBlB,UAAU;AAEZ,MAAI,KAAK,mBACR,SAAQ,aAAa,KAAK;AAE3B,MAAI,KAAK,gBAAgB,OAExB,SAAQ,YAAY,CAAC,GAAG,KAAK,eAAgB;AAG9C,MAAI,KAAK,cACR,SAAQ,UAAU,KAAK;AAGxB,MAAI,KAAK,wBACR,SAAQ,cAAc,KAAK;AAO5B,MAAI,KAAK,sBACR,SAAQ,cAAc,KAAK,sBAAsB;AAIlD,UAAQ,wBAAwB,KAAK;AACrC,MAAI,KAAK,sBACR,SAAQ,kBAAkB,KAAK;AAIhC,MAAI,KAAK,sBACR,SAAQ,mBAAmB,KAAK,sBAA6B;AAI9D,MAAI,KAAK,uBACR,SAAQ,oBAAoB,KAAK,uBAA8B;AAIhE,MAAI,KAAK,sBACR,SAAQ,kBAAkB,KAAK;AAIhC,UAAQ,yBAAyB,KAAK;AAGtC,MAAI,KAAK,iBACR,SAAQ,aAAa,KAAK;AAG3B,SAAO;CACP;CAED,KAA2BA,MAAa;AACvC,SAAO,KAAK,cAAc,QAAQ,KAAK;CACvC;CAED,IAA0BA,MAAa;AACtC,SAAO,KAAK,cAAc,OAAO,KAAK;CACtC;CAED,IAA0BA,MAAa;AACtC,SAAO,KAAK,cAAc,OAAO,KAAK;CACtC;CAED,OAA6BA,MAAa;AACzC,SAAO,KAAK,cAAc,UAAU,KAAK;CACzC;CAED,MAA4BA,MAAa;AACxC,SAAO,KAAK,cAAc,SAAS,KAAK;CACxC;CAED,QAA8BA,MAAa;AAC1C,SAAO,KAAK,cAAc,WAAW,KAAK;CAC1C;AACD;AAiED,MAAa,IAAI,IAAI"}
1
+ {"version":3,"file":"EndpointFactory-B-8ff3mx.mjs","names":["DEFAULT_LOGGER","path: P","basePath: TBasePath","authorizers: T","schemes: T","name:\n\t\t\t| BuiltInSecuritySchemeId\n\t\t\t| keyof TSecuritySchemes\n\t\t\t| TAuthorizers[number]\n\t\t\t| 'none'","path: TPath","fn: AuthorizeFn<TServices, TLogger, TSession>","services: S","logger: L","publisher: Service<TServiceName, T>","session: SessionFn<TServices, TLogger, T, TDatabase>","service: Service<TName, T>","storage: Service<TName, T>","extractor: ActorExtractor<TServices, TSession, TLogger>","config: TConfig","method: TMethod"],"sources":["../src/endpoints/EndpointFactory.ts"],"sourcesContent":["import type {\n\tAuditableAction,\n\tAuditStorage,\n\tExtractStorageAuditAction,\n} from '@geekmidas/audit';\nimport type { EventPublisher, MappedEvent } from '@geekmidas/events';\nimport type { Logger } from '@geekmidas/logger';\nimport { ConsoleLogger } from '@geekmidas/logger/console';\nimport type { Service } from '@geekmidas/services';\nimport uniqBy from 'lodash.uniqby';\nimport type { HttpMethod } from '../types';\nimport type {\n\tAuthorizer,\n\tBuiltInSecuritySchemeId,\n\tSecurityScheme,\n} from './Authorizer';\nimport type { ActorExtractor } from './audit';\nimport type { AuthorizeFn, SessionFn } from './Endpoint';\nimport { EndpointBuilder } from './EndpointBuilder';\nimport type { RlsConfig } from './rls';\n\n// Re-export SecurityScheme to make the type portable in declaration files\nexport type { SecurityScheme } from './Authorizer';\n\nconst DEFAULT_LOGGER = new ConsoleLogger() as any;\n\nexport class EndpointFactory<\n\tTServices extends Service[] = [],\n\tTBasePath extends string = '',\n\tTLogger extends Logger = Logger,\n\tTSession = unknown,\n\tTEventPublisher extends EventPublisher<any> | undefined = undefined,\n\tTEventPublisherServiceName extends string = string,\n\tTAuthorizers extends readonly string[] = readonly string[],\n\tTAuditStorage extends AuditStorage<any> | undefined = undefined,\n\tTAuditStorageServiceName extends string = string,\n\tTAuditAction extends AuditableAction<\n\t\tstring,\n\t\tunknown\n\t> = ExtractStorageAuditAction<NonNullable<TAuditStorage>>,\n\tTDatabase = undefined,\n\tTDatabaseServiceName extends string = string,\n\tTSecuritySchemes extends Record<string, SecurityScheme> = Record<\n\t\tstring,\n\t\tSecurityScheme\n\t>,\n\tTRlsConfig extends\n\t\t| RlsConfig<TServices, TSession, TLogger>\n\t\t| undefined = undefined,\n> {\n\tprivate defaultServices: TServices = [] as unknown as TServices;\n\tprivate basePath: TBasePath = '' as TBasePath;\n\tprivate defaultAuthorizeFn?: AuthorizeFn<TServices, TLogger, TSession>;\n\tprivate defaultEventPublisher:\n\t\t| Service<TEventPublisherServiceName, TEventPublisher>\n\t\t| undefined;\n\tprivate defaultSessionExtractor?: SessionFn<\n\t\tTServices,\n\t\tTLogger,\n\t\tTSession,\n\t\tTDatabase\n\t>;\n\tprivate defaultLogger: TLogger = DEFAULT_LOGGER;\n\tprivate availableAuthorizers: Authorizer[] = [];\n\tprivate defaultAuthorizerName?: TAuthorizers[number];\n\tprivate defaultAuditorStorage:\n\t\t| Service<TAuditStorageServiceName, TAuditStorage>\n\t\t| undefined;\n\tprivate defaultDatabaseService:\n\t\t| Service<TDatabaseServiceName, TDatabase>\n\t\t| undefined;\n\tprivate defaultActorExtractor?: ActorExtractor<TServices, TSession, TLogger>;\n\tprivate customSecuritySchemes: TSecuritySchemes = {} as TSecuritySchemes;\n\tprivate defaultRlsConfig?: TRlsConfig;\n\n\tconstructor({\n\t\tbasePath,\n\t\tdefaultAuthorizeFn,\n\t\tdefaultLogger,\n\t\tdefaultSessionExtractor,\n\t\t// @ts-expect-error\n\t\tdefaultServices = [] as TServices,\n\t\tdefaultEventPublisher,\n\t\tavailableAuthorizers = [],\n\t\tdefaultAuthorizerName,\n\t\tdefaultAuditorStorage,\n\t\tdefaultDatabaseService,\n\t\tdefaultActorExtractor,\n\t\tcustomSecuritySchemes = {} as TSecuritySchemes,\n\t\tdefaultRlsConfig,\n\t}: EndpointFactoryOptions<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> = {}) {\n\t\t// Initialize default services\n\t\tthis.defaultServices = uniqBy(\n\t\t\tdefaultServices,\n\t\t\t(s) => s.serviceName,\n\t\t) as TServices;\n\n\t\tthis.basePath = basePath || ('' as TBasePath);\n\t\tthis.defaultAuthorizeFn = defaultAuthorizeFn;\n\t\tthis.defaultLogger = defaultLogger || (DEFAULT_LOGGER as TLogger);\n\t\tthis.defaultSessionExtractor = defaultSessionExtractor;\n\t\tthis.defaultEventPublisher = defaultEventPublisher;\n\t\tthis.availableAuthorizers = availableAuthorizers;\n\t\tthis.defaultAuthorizerName = defaultAuthorizerName;\n\t\tthis.defaultAuditorStorage = defaultAuditorStorage;\n\t\tthis.defaultDatabaseService = defaultDatabaseService;\n\t\tthis.defaultActorExtractor = defaultActorExtractor;\n\t\tthis.customSecuritySchemes = customSecuritySchemes;\n\t\tthis.defaultRlsConfig = defaultRlsConfig;\n\t}\n\n\tstatic joinPaths<TBasePath extends string, P extends string>(\n\t\tpath: P,\n\t\tbasePath: TBasePath = '' as TBasePath,\n\t): JoinPaths<TBasePath, P> {\n\t\t// Handle empty cases\n\t\tif (!basePath && !path) return '/' as JoinPaths<TBasePath, P>;\n\t\tif (!basePath)\n\t\t\treturn (path.startsWith('/') ? path : `/${path}`) as JoinPaths<\n\t\t\t\tTBasePath,\n\t\t\t\tP\n\t\t\t>;\n\t\tif (!path)\n\t\t\treturn (\n\t\t\t\tbasePath.startsWith('/') ? basePath : `/${basePath}`\n\t\t\t) as JoinPaths<TBasePath, P>;\n\n\t\tconst base = basePath.endsWith('/') ? basePath.slice(0, -1) : basePath;\n\t\tconst segment = path.startsWith('/') ? path : `/${path}`;\n\n\t\tlet result = base + segment;\n\n\t\t// Ensure leading slash\n\t\tif (!result.startsWith('/')) {\n\t\t\tresult = `/${result}`;\n\t\t}\n\n\t\t// Normalize multiple slashes (except in the middle of the path where they might be intentional)\n\t\tresult = result.replace(/^\\/+/g, '/');\n\n\t\t// Remove trailing slash unless it's the root path \"/\"\n\t\tif (result.length > 1 && result.endsWith('/')) {\n\t\t\tresult = result.slice(0, -1);\n\t\t}\n\n\t\treturn result as JoinPaths<TBasePath, P>;\n\t}\n\n\t// Configure available authorizers\n\tauthorizers<const T extends readonly string[]>(\n\t\tauthorizers: T,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tT,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> {\n\t\tconst authorizerConfigs = authorizers.map((name) => ({\n\t\t\tname,\n\t\t}));\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tT,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: authorizerConfigs,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this.defaultActorExtractor,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\t/**\n\t * Define custom security schemes for this factory.\n\t * These extend the built-in schemes (jwt, bearer, apiKey, oauth2, oidc).\n\t *\n\t * @example\n\t * ```typescript\n\t * const router = e.securitySchemes({\n\t * awsIamSigV4: {\n\t * type: 'apiKey',\n\t * in: 'header',\n\t * name: 'Authorization',\n\t * 'x-amazon-apigateway-authtype': 'awsSigv4',\n\t * },\n\t * });\n\t * ```\n\t */\n\tsecuritySchemes<T extends Record<string, SecurityScheme>>(\n\t\tschemes: T,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes & T,\n\t\tTRlsConfig\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes & T,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this.defaultActorExtractor,\n\t\t\tcustomSecuritySchemes: {\n\t\t\t\t...this.customSecuritySchemes,\n\t\t\t\t...schemes,\n\t\t\t} as TSecuritySchemes & T,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\t/**\n\t * Set the default authorizer for all endpoints created from this factory.\n\t * Individual endpoints can override this by calling `.authorizer()` on the builder.\n\t * Use `'none'` to explicitly disable authorization for all endpoints.\n\t *\n\t * Accepts:\n\t * - Built-in security scheme names: 'jwt', 'bearer', 'apiKey', 'oauth2', 'oidc'\n\t * - Custom security scheme names defined via `.securitySchemes()`\n\t * - 'none' to disable authorization\n\t */\n\tauthorizer(\n\t\tname:\n\t\t\t| BuiltInSecuritySchemeId\n\t\t\t| keyof TSecuritySchemes\n\t\t\t| TAuthorizers[number]\n\t\t\t| 'none',\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> {\n\t\t// Validate that the authorizer exists in available authorizers (if authorizers() was called)\n\t\tif (name !== 'none' && this.availableAuthorizers.length > 0) {\n\t\t\tconst authorizerExists = this.availableAuthorizers.some(\n\t\t\t\t(a) => a.name === name,\n\t\t\t);\n\t\t\tif (!authorizerExists) {\n\t\t\t\tconst available = this.availableAuthorizers\n\t\t\t\t\t.map((a) => a.name)\n\t\t\t\t\t.join(', ');\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Authorizer \"${name as string}\" not found in available authorizers: ${available}`,\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName:\n\t\t\t\tname === 'none' ? undefined : (name as TAuthorizers[number]),\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this.defaultActorExtractor,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\t// Create a sub-router with a path prefix\n\troute<TPath extends string>(\n\t\tpath: TPath,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tJoinPaths<TBasePath, TPath>,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> {\n\t\tconst newBasePath = EndpointFactory.joinPaths(path, this.basePath);\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tJoinPaths<TBasePath, TPath>,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: newBasePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this.defaultActorExtractor,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\t// Create a new factory with authorization\n\tauthorize(\n\t\tfn: AuthorizeFn<TServices, TLogger, TSession>,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: fn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this.defaultActorExtractor,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\t// Create a new factory with services\n\tservices<S extends Service[]>(\n\t\tservices: S,\n\t): EndpointFactory<\n\t\t[...S, ...TServices],\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tundefined // Reset RLS config when services change - user should call .rls() after .services()\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\t[...S, ...TServices],\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tundefined\n\t\t>({\n\t\t\tdefaultServices: [...services, ...this.defaultServices],\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn as unknown as AuthorizeFn<\n\t\t\t\t[...S, ...TServices],\n\t\t\t\tTLogger,\n\t\t\t\tTSession\n\t\t\t>,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor as unknown as\n\t\t\t\t| SessionFn<[...S, ...TServices], TLogger, TSession, TDatabase>\n\t\t\t\t| undefined,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this.defaultActorExtractor as unknown as\n\t\t\t\t| ActorExtractor<[...S, ...TServices], TSession, TLogger>\n\t\t\t\t| undefined,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\t// Reset RLS config when services change since it depends on TServices\n\t\t\tdefaultRlsConfig: undefined,\n\t\t});\n\t}\n\n\tlogger<L extends Logger>(\n\t\tlogger: L,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tL,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tundefined // Reset RLS config when logger type changes - user should call .rls() after .logger()\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tL,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tundefined\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn as unknown as AuthorizeFn<\n\t\t\t\tTServices,\n\t\t\t\tL,\n\t\t\t\tTSession\n\t\t\t>,\n\t\t\tdefaultLogger: logger,\n\t\t\tdefaultSessionExtractor: this\n\t\t\t\t.defaultSessionExtractor as unknown as SessionFn<\n\t\t\t\tTServices,\n\t\t\t\tL,\n\t\t\t\tTSession\n\t\t\t>,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this\n\t\t\t\t.defaultActorExtractor as unknown as ActorExtractor<\n\t\t\t\tTServices,\n\t\t\t\tTSession,\n\t\t\t\tL\n\t\t\t>,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\t// Reset RLS config when logger type changes since it depends on TLogger\n\t\t\tdefaultRlsConfig: undefined,\n\t\t});\n\t}\n\n\tpublisher<\n\t\tT extends EventPublisher<any>,\n\t\tTServiceName extends string = string,\n\t>(\n\t\tpublisher: Service<TServiceName, T>,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tT,\n\t\tTServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tT,\n\t\t\tTServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: publisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this.defaultActorExtractor,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\tsession<T>(\n\t\tsession: SessionFn<TServices, TLogger, T, TDatabase>,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tT,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tundefined // Reset RLS config when session type changes - user should call .rls() after .session()\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tT,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tundefined\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn as unknown as AuthorizeFn<\n\t\t\t\tTServices,\n\t\t\t\tTLogger,\n\t\t\t\tT\n\t\t\t>,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: session,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this\n\t\t\t\t.defaultActorExtractor as unknown as ActorExtractor<\n\t\t\t\tTServices,\n\t\t\t\tT,\n\t\t\t\tTLogger\n\t\t\t>,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\t// Reset RLS config when session type changes since it depends on TSession\n\t\t\tdefaultRlsConfig: undefined,\n\t\t});\n\t}\n\n\t/**\n\t * Set the database service for endpoints created from this factory.\n\t * The database will be available in handler context as `db`.\n\t */\n\tdatabase<T, TName extends string>(\n\t\tservice: Service<TName, T>,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tT,\n\t\tTName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tT,\n\t\t\tTName,\n\t\t\tTSecuritySchemes,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\t// Reset session extractor when database changes - user should call .session() after .database()\n\t\t\t// to get proper type inference for the new database type\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor as unknown as\n\t\t\t\t| SessionFn<TServices, TLogger, TSession, T>\n\t\t\t\t| undefined,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: service,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\t/**\n\t * Set the auditor storage service for endpoints created from this factory.\n\t * This enables audit functionality and makes `auditor` available in handler context.\n\t * The audit action type is automatically inferred from the storage's generic parameter.\n\t */\n\tauditor<T extends AuditStorage<any>, TName extends string>(\n\t\tstorage: Service<TName, T>,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tT,\n\t\tTName,\n\t\tExtractStorageAuditAction<T>,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tT,\n\t\t\tTName,\n\t\t\tExtractStorageAuditAction<T>,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: storage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this\n\t\t\t\t.defaultActorExtractor as unknown as ActorExtractor<\n\t\t\t\tTServices,\n\t\t\t\tTSession,\n\t\t\t\tTLogger\n\t\t\t>,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\t/**\n\t * Set the actor extractor function for endpoints created from this factory.\n\t * The actor is extracted from the request context and attached to all audits.\n\t */\n\tactor(\n\t\textractor: ActorExtractor<TServices, TSession, TLogger>,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTRlsConfig\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tTRlsConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: extractor,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: this.defaultRlsConfig,\n\t\t});\n\t}\n\n\t/**\n\t * Set the RLS (Row-Level Security) configuration for endpoints created from this factory.\n\t * This enables automatic PostgreSQL session variable setting for RLS policies.\n\t *\n\t * @example\n\t * ```typescript\n\t * const api = new EndpointFactory()\n\t * .database(databaseService)\n\t * .session(extractSession)\n\t * .rls({\n\t * extractor: ({ session }) => ({\n\t * user_id: session.userId,\n\t * tenant_id: session.tenantId,\n\t * }),\n\t * prefix: 'app',\n\t * });\n\t * ```\n\t */\n\trls<TConfig extends RlsConfig<TServices, TSession, TLogger>>(\n\t\tconfig: TConfig,\n\t): EndpointFactory<\n\t\tTServices,\n\t\tTBasePath,\n\t\tTLogger,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName,\n\t\tTSecuritySchemes,\n\t\tTConfig\n\t> {\n\t\treturn new EndpointFactory<\n\t\t\tTServices,\n\t\t\tTBasePath,\n\t\t\tTLogger,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName,\n\t\t\tTSecuritySchemes,\n\t\t\tTConfig\n\t\t>({\n\t\t\tdefaultServices: this.defaultServices,\n\t\t\tbasePath: this.basePath,\n\t\t\tdefaultAuthorizeFn: this.defaultAuthorizeFn,\n\t\t\tdefaultLogger: this.defaultLogger,\n\t\t\tdefaultSessionExtractor: this.defaultSessionExtractor,\n\t\t\tdefaultEventPublisher: this.defaultEventPublisher,\n\t\t\tavailableAuthorizers: this.availableAuthorizers,\n\t\t\tdefaultAuthorizerName: this.defaultAuthorizerName,\n\t\t\tdefaultAuditorStorage: this.defaultAuditorStorage,\n\t\t\tdefaultDatabaseService: this.defaultDatabaseService,\n\t\t\tdefaultActorExtractor: this.defaultActorExtractor,\n\t\t\tcustomSecuritySchemes: this.customSecuritySchemes,\n\t\t\tdefaultRlsConfig: config,\n\t\t});\n\t}\n\n\tprivate createBuilder<TMethod extends HttpMethod, TPath extends string>(\n\t\tmethod: TMethod,\n\t\tpath: TPath,\n\t): EndpointBuilder<\n\t\tJoinPaths<TBasePath, TPath>,\n\t\tTMethod,\n\t\t{},\n\t\tTServices,\n\t\tTLogger,\n\t\tundefined,\n\t\tTSession,\n\t\tTEventPublisher,\n\t\tTEventPublisherServiceName,\n\t\tTAuthorizers,\n\t\tTAuditStorage,\n\t\tTAuditStorageServiceName,\n\t\tTAuditAction,\n\t\tTDatabase,\n\t\tTDatabaseServiceName\n\t> {\n\t\tconst fullPath = EndpointFactory.joinPaths(path, this.basePath);\n\t\tconst builder = new EndpointBuilder<\n\t\t\tJoinPaths<TBasePath, TPath>,\n\t\t\tTMethod,\n\t\t\t{},\n\t\t\tTServices,\n\t\t\tTLogger,\n\t\t\tundefined,\n\t\t\tTSession,\n\t\t\tTEventPublisher,\n\t\t\tTEventPublisherServiceName,\n\t\t\tTAuthorizers,\n\t\t\tTAuditStorage,\n\t\t\tTAuditStorageServiceName,\n\t\t\tTAuditAction,\n\t\t\tTDatabase,\n\t\t\tTDatabaseServiceName\n\t\t>(fullPath, method);\n\n\t\tif (this.defaultAuthorizeFn) {\n\t\t\tbuilder._authorize = this.defaultAuthorizeFn;\n\t\t}\n\t\tif (this.defaultServices.length) {\n\t\t\t// Create a copy to avoid sharing references between builders\n\t\t\tbuilder._services = [...this.defaultServices] as TServices;\n\t\t}\n\n\t\tif (this.defaultLogger) {\n\t\t\tbuilder._logger = this.defaultLogger as TLogger;\n\t\t}\n\n\t\tif (this.defaultSessionExtractor) {\n\t\t\tbuilder._getSession = this.defaultSessionExtractor as SessionFn<\n\t\t\t\tTServices,\n\t\t\t\tTLogger,\n\t\t\t\tTSession\n\t\t\t>;\n\t\t}\n\n\t\tif (this.defaultEventPublisher) {\n\t\t\tbuilder._setPublisher(this.defaultEventPublisher);\n\t\t}\n\n\t\t// Set available authorizers and default\n\t\tbuilder._availableAuthorizers = this.availableAuthorizers;\n\t\tif (this.defaultAuthorizerName) {\n\t\t\tbuilder._authorizerName = this.defaultAuthorizerName;\n\t\t}\n\n\t\t// Set auditor storage if configured\n\t\tif (this.defaultAuditorStorage) {\n\t\t\tbuilder._setAuditorStorage(this.defaultAuditorStorage as any);\n\t\t}\n\n\t\t// Set database service if configured\n\t\tif (this.defaultDatabaseService) {\n\t\t\tbuilder._setDatabaseService(this.defaultDatabaseService as any);\n\t\t}\n\n\t\t// Set actor extractor if configured\n\t\tif (this.defaultActorExtractor) {\n\t\t\tbuilder._actorExtractor = this.defaultActorExtractor;\n\t\t}\n\n\t\t// Set custom security schemes\n\t\tbuilder._customSecuritySchemes = this.customSecuritySchemes;\n\n\t\t// Set RLS config if configured\n\t\tif (this.defaultRlsConfig) {\n\t\t\tbuilder._rlsConfig = this.defaultRlsConfig as any;\n\t\t}\n\n\t\treturn builder;\n\t}\n\n\tpost<TPath extends string>(path: TPath) {\n\t\treturn this.createBuilder('POST', path);\n\t}\n\n\tget<TPath extends string>(path: TPath) {\n\t\treturn this.createBuilder('GET', path);\n\t}\n\n\tput<TPath extends string>(path: TPath) {\n\t\treturn this.createBuilder('PUT', path);\n\t}\n\n\tdelete<TPath extends string>(path: TPath) {\n\t\treturn this.createBuilder('DELETE', path);\n\t}\n\n\tpatch<TPath extends string>(path: TPath) {\n\t\treturn this.createBuilder('PATCH', path);\n\t}\n\n\toptions<TPath extends string>(path: TPath) {\n\t\treturn this.createBuilder('OPTIONS', path);\n\t}\n}\n\nexport type RemoveTrailingSlash<T extends string> = T extends `${infer Rest}/`\n\t? Rest extends ''\n\t\t? T // Keep \"/\" as is\n\t\t: Rest\n\t: T;\n\nexport type JoinPaths<\n\tTBasePath extends string,\n\tTPath extends string,\n> = RemoveTrailingSlash<\n\tTBasePath extends ''\n\t\t? TPath\n\t\t: TPath extends ''\n\t\t\t? TBasePath\n\t\t\t: TBasePath extends '/'\n\t\t\t\t? TPath extends `/${string}`\n\t\t\t\t\t? TPath\n\t\t\t\t\t: `/${TPath}`\n\t\t\t\t: TBasePath extends `${infer Base}/`\n\t\t\t\t\t? TPath extends `/${infer Rest}`\n\t\t\t\t\t\t? `${Base}/${Rest}`\n\t\t\t\t\t\t: `${Base}/${TPath}`\n\t\t\t\t\t: TPath extends `/${infer Rest}`\n\t\t\t\t\t\t? `${TBasePath}/${Rest}`\n\t\t\t\t\t\t: `${TBasePath}/${TPath}`\n>;\n\nexport interface EndpointFactoryOptions<\n\tTServices extends Service[] = [],\n\tTBasePath extends string = '',\n\tTLogger extends Logger = Logger,\n\tTSession = unknown,\n\tTEventPublisher extends EventPublisher<any> | undefined = undefined,\n\tTEventPublisherServiceName extends string = string,\n\tTAuthorizers extends readonly string[] = readonly string[],\n\tTAuditStorage extends AuditStorage | undefined = undefined,\n\tTAuditStorageServiceName extends string = string,\n\tTDatabase = undefined,\n\tTDatabaseServiceName extends string = string,\n\tTSecuritySchemes extends Record<string, SecurityScheme> = Record<\n\t\tstring,\n\t\tSecurityScheme\n\t>,\n\tTRlsConfig extends\n\t\t| RlsConfig<TServices, TSession, TLogger>\n\t\t| undefined = undefined,\n> {\n\tdefaultServices?: TServices;\n\tbasePath?: TBasePath;\n\tdefaultAuthorizeFn?: AuthorizeFn<TServices, TLogger, TSession>;\n\tdefaultLogger?: TLogger;\n\tdefaultSessionExtractor?: SessionFn<TServices, TLogger, TSession, TDatabase>;\n\tdefaultEventPublisher?: Service<TEventPublisherServiceName, TEventPublisher>;\n\tdefaultEvents?: MappedEvent<TEventPublisher, undefined>[];\n\tavailableAuthorizers?: Authorizer[];\n\tdefaultAuthorizerName?: TAuthorizers[number];\n\tdefaultAuditorStorage?: Service<TAuditStorageServiceName, TAuditStorage>;\n\tdefaultDatabaseService?: Service<TDatabaseServiceName, TDatabase>;\n\tdefaultActorExtractor?: ActorExtractor<TServices, TSession, TLogger>;\n\tcustomSecuritySchemes?: TSecuritySchemes;\n\tdefaultRlsConfig?: TRlsConfig;\n}\n\nexport const e = new EndpointFactory();\n"],"mappings":";;;;;AAwBA,MAAMA,mBAAiB,IAAI;AAE3B,IAAa,kBAAb,MAAa,gBAuBX;CACD,AAAQ,kBAA6B,CAAE;CACvC,AAAQ,WAAsB;CAC9B,AAAQ;CACR,AAAQ;CAGR,AAAQ;CAMR,AAAQ,gBAAyBA;CACjC,AAAQ,uBAAqC,CAAE;CAC/C,AAAQ;CACR,AAAQ;CAGR,AAAQ;CAGR,AAAQ;CACR,AAAQ,wBAA0C,CAAE;CACpD,AAAQ;CAER,YAAY,EACX,UACA,oBACA,eACA,yBAEA,kBAAkB,CAAE,GACpB,uBACA,uBAAuB,CAAE,GACzB,uBACA,uBACA,wBACA,uBACA,wBAAwB,CAAE,GAC1B,kBAeA,GAAG,CAAE,GAAE;AAEP,OAAK,kBAAkB,OACtB,iBACA,CAAC,MAAM,EAAE,YACT;AAED,OAAK,WAAW,YAAa;AAC7B,OAAK,qBAAqB;AAC1B,OAAK,gBAAgB,iBAAkBA;AACvC,OAAK,0BAA0B;AAC/B,OAAK,wBAAwB;AAC7B,OAAK,uBAAuB;AAC5B,OAAK,wBAAwB;AAC7B,OAAK,wBAAwB;AAC7B,OAAK,yBAAyB;AAC9B,OAAK,wBAAwB;AAC7B,OAAK,wBAAwB;AAC7B,OAAK,mBAAmB;CACxB;CAED,OAAO,UACNC,MACAC,WAAsB,IACI;AAE1B,OAAK,aAAa,KAAM,QAAO;AAC/B,OAAK,SACJ,QAAQ,KAAK,WAAW,IAAI,GAAG,QAAQ,GAAG,KAAK;AAIhD,OAAK,KACJ,QACC,SAAS,WAAW,IAAI,GAAG,YAAY,GAAG,SAAS;EAGrD,MAAM,OAAO,SAAS,SAAS,IAAI,GAAG,SAAS,MAAM,GAAG,GAAG,GAAG;EAC9D,MAAM,UAAU,KAAK,WAAW,IAAI,GAAG,QAAQ,GAAG,KAAK;EAEvD,IAAI,SAAS,OAAO;AAGpB,OAAK,OAAO,WAAW,IAAI,CAC1B,WAAU,GAAG,OAAO;AAIrB,WAAS,OAAO,QAAQ,SAAS,IAAI;AAGrC,MAAI,OAAO,SAAS,KAAK,OAAO,SAAS,IAAI,CAC5C,UAAS,OAAO,MAAM,GAAG,GAAG;AAG7B,SAAO;CACP;CAGD,YACCC,aAgBC;EACD,MAAM,oBAAoB,YAAY,IAAI,CAAC,UAAU,EACpD,KACA,GAAE;AACH,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB,KAAK;GAC5B,sBAAsB;GACtB,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,kBAAkB,KAAK;EACvB;CACD;;;;;;;;;;;;;;;;;CAkBD,gBACCC,SAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KAAK;GAC5B,uBAAuB;IACtB,GAAG,KAAK;IACR,GAAG;GACH;GACD,kBAAkB,KAAK;EACvB;CACD;;;;;;;;;;;CAYD,WACCC,MAoBC;AAED,MAAI,SAAS,UAAU,KAAK,qBAAqB,SAAS,GAAG;GAC5D,MAAM,mBAAmB,KAAK,qBAAqB,KAClD,CAAC,MAAM,EAAE,SAAS,KAClB;AACD,QAAK,kBAAkB;IACtB,MAAM,YAAY,KAAK,qBACrB,IAAI,CAAC,MAAM,EAAE,KAAK,CAClB,KAAK,KAAK;AACZ,UAAM,IAAI,OACR,cAAc,KAAe,wCAAwC,UAAU;GAEjF;EACD;AAED,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBACC,SAAS,kBAAsB;GAChC,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,kBAAkB,KAAK;EACvB;CACD;CAGD,MACCC,MAgBC;EACD,MAAM,cAAc,gBAAgB,UAAU,MAAM,KAAK,SAAS;AAClE,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU;GACV,oBAAoB,KAAK;GACzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,kBAAkB,KAAK;EACvB;CACD;CAGD,UACCC,IAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB;GACpB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,kBAAkB,KAAK;EACvB;CACD;CAGD,SACCC,UAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,CAAC,GAAG,UAAU,GAAG,KAAK,eAAgB;GACvD,UAAU,KAAK;GACf,oBAAoB,KAAK;GAKzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAG9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KAAK;GAG5B,uBAAuB,KAAK;GAE5B;EACA;CACD;CAED,OACCC,QAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GAKzB,eAAe;GACf,yBAAyB,KACvB;GAKF,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KACrB;GAKF,uBAAuB,KAAK;GAE5B;EACA;CACD;CAED,UAICC,WAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB;GACvB,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,kBAAkB,KAAK;EACvB;CACD;CAED,QACCC,SAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GAKzB,eAAe,KAAK;GACpB,yBAAyB;GACzB,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KACrB;GAKF,uBAAuB,KAAK;GAE5B;EACA;CACD;;;;;CAMD,SACCC,SAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,eAAe,KAAK;GAGpB,yBAAyB,KAAK;GAG9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB;GACxB,uBAAuB,KAAK;GAC5B,kBAAkB,KAAK;EACvB;CACD;;;;;;CAOD,QACCC,SAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB;GACvB,wBAAwB,KAAK;GAC7B,uBAAuB,KACrB;GAKF,uBAAuB,KAAK;GAC5B,kBAAkB,KAAK;EACvB;CACD;;;;;CAMD,MACCC,WAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB;GACvB,uBAAuB,KAAK;GAC5B,kBAAkB,KAAK;EACvB;CACD;;;;;;;;;;;;;;;;;;;CAoBD,IACCC,QAgBC;AACD,SAAO,IAAI,gBAeT;GACD,iBAAiB,KAAK;GACtB,UAAU,KAAK;GACf,oBAAoB,KAAK;GACzB,eAAe,KAAK;GACpB,yBAAyB,KAAK;GAC9B,uBAAuB,KAAK;GAC5B,sBAAsB,KAAK;GAC3B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,wBAAwB,KAAK;GAC7B,uBAAuB,KAAK;GAC5B,uBAAuB,KAAK;GAC5B,kBAAkB;EAClB;CACD;CAED,AAAQ,cACPC,QACAV,MAiBC;EACD,MAAM,WAAW,gBAAgB,UAAU,MAAM,KAAK,SAAS;EAC/D,MAAM,UAAU,IAAI,gBAgBlB,UAAU;AAEZ,MAAI,KAAK,mBACR,SAAQ,aAAa,KAAK;AAE3B,MAAI,KAAK,gBAAgB,OAExB,SAAQ,YAAY,CAAC,GAAG,KAAK,eAAgB;AAG9C,MAAI,KAAK,cACR,SAAQ,UAAU,KAAK;AAGxB,MAAI,KAAK,wBACR,SAAQ,cAAc,KAAK;AAO5B,MAAI,KAAK,sBACR,SAAQ,cAAc,KAAK,sBAAsB;AAIlD,UAAQ,wBAAwB,KAAK;AACrC,MAAI,KAAK,sBACR,SAAQ,kBAAkB,KAAK;AAIhC,MAAI,KAAK,sBACR,SAAQ,mBAAmB,KAAK,sBAA6B;AAI9D,MAAI,KAAK,uBACR,SAAQ,oBAAoB,KAAK,uBAA8B;AAIhE,MAAI,KAAK,sBACR,SAAQ,kBAAkB,KAAK;AAIhC,UAAQ,yBAAyB,KAAK;AAGtC,MAAI,KAAK,iBACR,SAAQ,aAAa,KAAK;AAG3B,SAAO;CACP;CAED,KAA2BA,MAAa;AACvC,SAAO,KAAK,cAAc,QAAQ,KAAK;CACvC;CAED,IAA0BA,MAAa;AACtC,SAAO,KAAK,cAAc,OAAO,KAAK;CACtC;CAED,IAA0BA,MAAa;AACtC,SAAO,KAAK,cAAc,OAAO,KAAK;CACtC;CAED,OAA6BA,MAAa;AACzC,SAAO,KAAK,cAAc,UAAU,KAAK;CACzC;CAED,MAA4BA,MAAa;AACxC,SAAO,KAAK,cAAc,SAAS,KAAK;CACxC;CAED,QAA8BA,MAAa;AAC1C,SAAO,KAAK,cAAc,WAAW,KAAK;CAC1C;AACD;AAiED,MAAa,IAAI,IAAI"}
package/dist/{EndpointFactory-JAAwZkm1.cjs → EndpointFactory-Cq9dzVVZ.cjs} RENAMED
@@ -1,5 +1,5 @@
1
1
  const require_chunk = require('./chunk-CUT6urMc.cjs');
2
- const require_EndpointBuilder = require('./EndpointBuilder-D78r9OdH.cjs');
2
+ const require_EndpointBuilder = require('./EndpointBuilder-cRdLfmZM.cjs');
3
3
  const __geekmidas_logger_console = require_chunk.__toESM(require("@geekmidas/logger/console"));
4
4
  const lodash_uniqby = require_chunk.__toESM(require("lodash.uniqby"));
5
5
 
@@ -386,4 +386,4 @@ Object.defineProperty(exports, 'e', {
386
386
  return e;
387
387
  }
388
388
  });
389
- //# sourceMappingURL=EndpointFactory-JAAwZkm1.cjs.map
389
+ //# sourceMappingURL=EndpointFactory-Cq9dzVVZ.cjs.map