npm - @glidevvr/storage-payload-error-logger-pkg - Versions diffs - 0.1.0 - Mend

@glidevvr/storage-payload-error-logger-pkg 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/README.md +229 -0
package/dist/chunk-EKIOMBUO.mjs +282 -0
package/dist/chunk-EKIOMBUO.mjs.map +1 -0
package/dist/index.d.cts +99 -0
package/dist/index.d.ts +99 -0
package/dist/index.js +332 -0
package/dist/index.js.map +1 -0
package/dist/index.mjs +37 -0
package/dist/index.mjs.map +1 -0
package/dist/payload-endpoint/index.d.cts +96 -0
package/dist/payload-endpoint/index.d.ts +96 -0
package/dist/payload-endpoint/index.js +206 -0
package/dist/payload-endpoint/index.js.map +1 -0
package/dist/payload-endpoint/index.mjs +179 -0
package/dist/payload-endpoint/index.mjs.map +1 -0
package/dist/react/index.d.cts +26 -0
package/dist/react/index.d.ts +26 -0
package/dist/react/index.js +302 -0
package/dist/react/index.js.map +1 -0
package/dist/react/index.mjs +28 -0
package/dist/react/index.mjs.map +1 -0
package/dist/types-BLz-TUBl.d.cts +198 -0
package/dist/types-BLz-TUBl.d.ts +198 -0
package/package.json +62 -0

package/dist/payload-endpoint/index.d.ts ADDED Viewed

@@ -0,0 +1,96 @@
+import { c as LogEvent } from '../types-BLz-TUBl.js';
+/**
+ * The shape of a Payload v3 endpoint. Declared here as a plain interface
+ * (rather than imported from `payload`) so this package can be used without
+ * `payload` installed — `payload` is an optional peer dependency. Anything
+ * matching this shape can be added to the Payload config's `endpoints` array.
+ */
+interface PayloadEndpoint {
+    path: string;
+    method: "post" | "get" | "put" | "patch" | "delete";
+    handler: (req: PayloadRequest) => Promise<Response>;
+}
+/**
+ * The shape of the JSON body our endpoint accepts. Each request is a batch of
+ * `events` plus the reCAPTCHA token the helper acquired in the browser.
+ */
+interface IncomingBody {
+    events: LogEvent[];
+    rcToken: string | null;
+}
+interface PayloadRequest {
+    headers: {
+        get(name: string): string | null;
+    };
+    json: () => Promise<IncomingBody>;
+    payload: PayloadInstance;
+}
+interface PayloadInstance {
+    find: (args: PayloadFindArgs) => Promise<{
+        docs: PayloadDoc[];
+    }>;
+    create: (args: PayloadCreateArgs) => Promise<{
+        id: string | number;
+    }>;
+}
+interface PayloadFindArgs {
+    collection: string;
+    limit?: number;
+    pagination?: boolean;
+    where?: TenantDomainWhere;
+}
+interface TenantDomainWhere {
+    [field: string]: {
+        contains?: string;
+        equals?: string | number;
+    };
+}
+interface PayloadCreateArgs {
+    collection: string;
+    data: IssueEventCreateData;
+}
+/**
+ * The shape of data we pass to `payload.create('issue-events', { data })`.
+ * It's a `LogEvent` plus the `tenant` we resolved from the request's `Origin`.
+ */
+type IssueEventCreateData = LogEvent & {
+    tenant: string | number;
+};
+interface PayloadDoc {
+    id: string | number;
+    domain?: string;
+}
+interface CreateErrorLoggerEndpointOptions {
+    /** Path on the Payload server, relative to the API root. Defaults to `/log-error`. */
+    path?: string;
+    /** Google Cloud project ID hosting the reCAPTCHA Enterprise key. */
+    recaptchaProjectId: string;
+    /** Google Cloud API key with reCAPTCHA Enterprise enabled. */
+    recaptchaApiKey: string;
+    /** The reCAPTCHA Enterprise site key (also used by the browser to acquire tokens). */
+    recaptchaSiteKey: string;
+    /** Action name we expect on incoming tokens. Must match the helper's `recaptchaAction`. Defaults to "log_error". */
+    recaptchaAction?: string;
+    /** Minimum score (0.0–1.0) to accept. Defaults to 0.5. */
+    recaptchaThreshold?: number;
+    /** Most events one IP can send per minute. Defaults to 60. */
+    perIpMaxPerMinute?: number;
+    /** Most events one tenant can send per day. Defaults to 10_000. */
+    perTenantMaxPerDay?: number;
+    /** Optional hook fired when a tenant trips the daily cap, e.g. for alerting. */
+    onTenantCapExceeded?: (tenantId: string | number) => void;
+}
+/**
+ * Build a Payload endpoint that accepts cross-origin POSTs of error events
+ * from the browser.
+ *
+ * Each request goes through these checks in order: verify the reCAPTCHA
+ * token, look up the tenant by the request's `Origin` header, apply the
+ * per-IP burst limit, apply the per-tenant daily limit, then create one
+ * `issue-events` doc per event. The `IssueEvents.beforeChange` hook handles
+ * grouping events into the parent `Issues` row.
+ */
+declare function createErrorLoggerEndpoint(options: CreateErrorLoggerEndpointOptions): PayloadEndpoint;
+export { type CreateErrorLoggerEndpointOptions, type IncomingBody, type PayloadEndpoint, createErrorLoggerEndpoint };

package/dist/payload-endpoint/index.js ADDED Viewed

@@ -0,0 +1,206 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/payload-endpoint/index.ts
+var payload_endpoint_exports = {};
+__export(payload_endpoint_exports, {
+  createErrorLoggerEndpoint: () => createErrorLoggerEndpoint
+});
+module.exports = __toCommonJS(payload_endpoint_exports);
+// src/payload-endpoint/normalizeOrigin.ts
+function normalizeOrigin(input) {
+  if (!input) return null;
+  const candidate = input.includes("://") ? input : `https://${input}`;
+  let host;
+  try {
+    host = new URL(candidate).hostname;
+  } catch {
+    return null;
+  }
+  host = host.toLowerCase();
+  if (host.endsWith(".")) host = host.slice(0, -1);
+  return host || null;
+}
+// src/payload-endpoint/verifyRecaptcha.ts
+async function verifyRecaptcha(opts) {
+  const url = `https://recaptchaenterprise.googleapis.com/v1/projects/${opts.projectId}/assessments?key=${encodeURIComponent(opts.apiKey)}`;
+  const body = {
+    event: {
+      token: opts.token,
+      siteKey: opts.siteKey,
+      expectedAction: opts.expectedAction,
+      ...opts.userAgent ? { userAgent: opts.userAgent } : {},
+      ...opts.userIpAddress ? { userIpAddress: opts.userIpAddress } : {}
+    }
+  };
+  try {
+    const res = await fetch(url, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(body)
+    });
+    if (!res.ok) return false;
+    const json = await res.json();
+    if (!json.tokenProperties?.valid) return false;
+    if (json.tokenProperties.action !== opts.expectedAction) return false;
+    const score = json.riskAnalysis?.score ?? 0;
+    if (score < opts.threshold) return false;
+    return true;
+  } catch {
+    return false;
+  }
+}
+// src/payload-endpoint/rateLimit.ts
+var SWEEP_EVERY = 1e3;
+function createRateLimiter(opts) {
+  const hits = /* @__PURE__ */ new Map();
+  let callsSinceSweep = 0;
+  function sweepEmpty(now) {
+    for (const [key, arr] of hits) {
+      const filtered = arr.filter((t) => now - t < opts.windowMs);
+      if (filtered.length === 0) hits.delete(key);
+      else if (filtered.length !== arr.length) hits.set(key, filtered);
+    }
+  }
+  return {
+    allow(key) {
+      const now = Date.now();
+      callsSinceSweep++;
+      if (callsSinceSweep >= SWEEP_EVERY) {
+        sweepEmpty(now);
+        callsSinceSweep = 0;
+      }
+      const arr = (hits.get(key) ?? []).filter((t) => now - t < opts.windowMs);
+      if (arr.length >= opts.max) {
+        hits.set(key, arr);
+        return false;
+      }
+      arr.push(now);
+      hits.set(key, arr);
+      return true;
+    },
+    _sizeForTests() {
+      return hits.size;
+    }
+  };
+}
+// src/payload-endpoint/index.ts
+function readClientIp(req) {
+  return req.headers.get("cf-connecting-ip") ?? req.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ?? null;
+}
+var MAX_MESSAGE_CHARS = 500;
+var MAX_STACK_CHARS = 1e4;
+var MAX_BODY_BYTES = 256 * 1024;
+function clampEventForStorage(event) {
+  return {
+    ...event,
+    message: event.message?.slice(0, MAX_MESSAGE_CHARS) ?? event.message,
+    stack: event.stack?.slice(0, MAX_STACK_CHARS) ?? event.stack
+  };
+}
+function createErrorLoggerEndpoint(options) {
+  const ipLimiter = createRateLimiter({
+    windowMs: 6e4,
+    max: options.perIpMaxPerMinute ?? 60
+  });
+  const tenantLimiter = createRateLimiter({
+    windowMs: 24 * 60 * 6e4,
+    max: options.perTenantMaxPerDay ?? 1e4
+  });
+  return {
+    path: options.path ?? "/log-error",
+    method: "post",
+    handler: async (req) => {
+      const contentLength = Number(req.headers.get("content-length") ?? "0");
+      if (Number.isFinite(contentLength) && contentLength > MAX_BODY_BYTES) {
+        return new Response(JSON.stringify({ error: "body too large" }), { status: 413 });
+      }
+      let body;
+      try {
+        body = await req.json();
+      } catch {
+        return new Response(JSON.stringify({ error: "invalid body" }), { status: 400 });
+      }
+      if (!Array.isArray(body?.events) || body.events.length === 0) {
+        return new Response(JSON.stringify({ error: "no events" }), { status: 400 });
+      }
+      if (!body.rcToken) {
+        return new Response(JSON.stringify({ error: "no recaptcha token" }), { status: 403 });
+      }
+      const userAgent = req.headers.get("user-agent") ?? void 0;
+      const clientIp = readClientIp(req);
+      const recaptchaOk = await verifyRecaptcha({
+        token: body.rcToken,
+        siteKey: options.recaptchaSiteKey,
+        projectId: options.recaptchaProjectId,
+        apiKey: options.recaptchaApiKey,
+        expectedAction: options.recaptchaAction ?? "log_error",
+        threshold: options.recaptchaThreshold ?? 0.5,
+        userAgent,
+        userIpAddress: clientIp ?? void 0
+      });
+      if (!recaptchaOk) {
+        return new Response(JSON.stringify({ error: "recaptcha rejected" }), { status: 403 });
+      }
+      const originHeader = req.headers.get("origin");
+      const originHost = normalizeOrigin(originHeader);
+      if (!originHost) {
+        return new Response(JSON.stringify({ error: "invalid origin" }), { status: 403 });
+      }
+      const tenantsResult = await req.payload.find({
+        collection: "tenants",
+        where: { domain: { contains: originHost } },
+        pagination: false
+      });
+      const tenant = tenantsResult.docs.find(
+        (t) => normalizeOrigin(t.domain ?? null) === originHost
+      );
+      if (!tenant) {
+        return new Response(JSON.stringify({ error: "unknown origin" }), { status: 403 });
+      }
+      if (clientIp !== null && !ipLimiter.allow(clientIp)) {
+        return new Response(JSON.stringify({ error: "rate limited" }), { status: 429 });
+      }
+      if (!tenantLimiter.allow(String(tenant.id))) {
+        options.onTenantCapExceeded?.(tenant.id);
+        return new Response(JSON.stringify({ error: "tenant cap exceeded" }), { status: 429 });
+      }
+      void Promise.all(
+        body.events.map((event) => {
+          const clamped = clampEventForStorage(event);
+          return req.payload.create({
+            collection: "issue-events",
+            data: { ...clamped, tenant: tenant.id }
+          }).catch(() => {
+          });
+        })
+      );
+      return new Response(JSON.stringify({ accepted: body.events.length }), { status: 202 });
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createErrorLoggerEndpoint
+});
+//# sourceMappingURL=index.js.map

package/dist/payload-endpoint/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/payload-endpoint/index.ts","../../src/payload-endpoint/normalizeOrigin.ts","../../src/payload-endpoint/verifyRecaptcha.ts","../../src/payload-endpoint/rateLimit.ts"],"sourcesContent":["import { normalizeOrigin } from \"./normalizeOrigin\";\nimport { verifyRecaptcha } from \"./verifyRecaptcha\";\nimport { createRateLimiter, type RateLimiter } from \"./rateLimit\";\nimport type { LogEvent } from \"../types\";\n\n/**\n * The shape of a Payload v3 endpoint. Declared here as a plain interface\n * (rather than imported from `payload`) so this package can be used without\n * `payload` installed — `payload` is an optional peer dependency. Anything\n * matching this shape can be added to the Payload config's `endpoints` array.\n */\nexport interface PayloadEndpoint {\n path: string;\n method: \"post\" | \"get\" | \"put\" | \"patch\" | \"delete\";\n handler: (req: PayloadRequest) => Promise<Response>;\n}\n\n/**\n * The shape of the JSON body our endpoint accepts. Each request is a batch of\n * `events` plus the reCAPTCHA token the helper acquired in the browser.\n */\nexport interface IncomingBody {\n events: LogEvent[];\n rcToken: string | null;\n}\n\ninterface PayloadRequest {\n headers: { get(name: string): string | null };\n json: () => Promise<IncomingBody>;\n payload: PayloadInstance;\n}\n\ninterface PayloadInstance {\n find: (args: PayloadFindArgs) => Promise<{ docs: PayloadDoc[] }>;\n create: (args: PayloadCreateArgs) => Promise<{ id: string | number }>;\n}\n\ninterface PayloadFindArgs {\n collection: string;\n limit?: number;\n pagination?: boolean;\n where?: TenantDomainWhere;\n}\n\n// Scoped narrowly: this file only ever queries `domain.contains` on tenants.\n// Rename signals scope — widening for new query shapes should be deliberate, not accidental.\ninterface TenantDomainWhere {\n [field: string]: { contains?: string; equals?: string | number };\n}\n\ninterface PayloadCreateArgs {\n collection: string;\n data: IssueEventCreateData;\n}\n\n/**\n * The shape of data we pass to `payload.create('issue-events', { data })`.\n * It's a `LogEvent` plus the `tenant` we resolved from the request's `Origin`.\n */\ntype IssueEventCreateData = LogEvent & { tenant: string | number };\n\ninterface PayloadDoc {\n id: string | number;\n domain?: string;\n}\n\nexport interface CreateErrorLoggerEndpointOptions {\n /** Path on the Payload server, relative to the API root. Defaults to `/log-error`. */\n path?: string;\n /** Google Cloud project ID hosting the reCAPTCHA Enterprise key. */\n recaptchaProjectId: string;\n /** Google Cloud API key with reCAPTCHA Enterprise enabled. */\n recaptchaApiKey: string;\n /** The reCAPTCHA Enterprise site key (also used by the browser to acquire tokens). */\n recaptchaSiteKey: string;\n /** Action name we expect on incoming tokens. Must match the helper's `recaptchaAction`. Defaults to \"log_error\". */\n recaptchaAction?: string;\n /** Minimum score (0.0–1.0) to accept. Defaults to 0.5. */\n recaptchaThreshold?: number;\n /** Most events one IP can send per minute. Defaults to 60. */\n perIpMaxPerMinute?: number;\n /** Most events one tenant can send per day. Defaults to 10_000. */\n perTenantMaxPerDay?: number;\n /** Optional hook fired when a tenant trips the daily cap, e.g. for alerting. */\n onTenantCapExceeded?: (tenantId: string | number) => void;\n}\n\n// Returns null when no upstream header carries the client IP. Callers must\n// bypass per-IP rate limiting in that case so local dev / misconfigured\n// upstreams don't collapse every IP-less request into one shared bucket.\nfunction readClientIp(req: PayloadRequest): string | null {\n return (\n req.headers.get(\"cf-connecting-ip\") ??\n req.headers.get(\"x-forwarded-for\")?.split(\",\")[0]?.trim() ??\n null\n );\n}\n\n// IssueEvents storage caps: message text and stack trace each have hard upper\n// bounds on the collection. Trim defensively here so a direct REST POST with\n// oversized strings becomes a successful best-effort log instead of a 400.\n// Values must match the maxLength settings in collections/IssueEvents/index.ts.\nconst MAX_MESSAGE_CHARS = 500;\nconst MAX_STACK_CHARS = 10_000;\n\n// Upper bound on request body size. Generous for a normal batch (~10 events\n// after per-field clamping) but small enough that a malicious POST can't burn\n// CPU on parsing + reCAPTCHA verify before any rate limit runs.\nconst MAX_BODY_BYTES = 256 * 1024;\n\nfunction clampEventForStorage(event: LogEvent): LogEvent {\n return {\n ...event,\n message: event.message?.slice(0, MAX_MESSAGE_CHARS) ?? event.message,\n stack: event.stack?.slice(0, MAX_STACK_CHARS) ?? event.stack,\n };\n}\n\n/**\n * Build a Payload endpoint that accepts cross-origin POSTs of error events\n * from the browser.\n *\n * Each request goes through these checks in order: verify the reCAPTCHA\n * token, look up the tenant by the request's `Origin` header, apply the\n * per-IP burst limit, apply the per-tenant daily limit, then create one\n * `issue-events` doc per event. The `IssueEvents.beforeChange` hook handles\n * grouping events into the parent `Issues` row.\n */\nexport function createErrorLoggerEndpoint(\n options: CreateErrorLoggerEndpointOptions,\n): PayloadEndpoint {\n const ipLimiter: RateLimiter = createRateLimiter({\n windowMs: 60_000,\n max: options.perIpMaxPerMinute ?? 60,\n });\n const tenantLimiter: RateLimiter = createRateLimiter({\n windowMs: 24 * 60 * 60_000,\n max: options.perTenantMaxPerDay ?? 10_000,\n });\n\n return {\n path: options.path ?? \"/log-error\",\n method: \"post\",\n handler: async (req) => {\n // Reject oversized bodies before parsing or reCAPTCHA verify.\n const contentLength = Number(req.headers.get(\"content-length\") ?? \"0\");\n if (Number.isFinite(contentLength) && contentLength > MAX_BODY_BYTES) {\n return new Response(JSON.stringify({ error: \"body too large\" }), { status: 413 });\n }\n\n let body: IncomingBody;\n try {\n body = await req.json();\n } catch {\n return new Response(JSON.stringify({ error: \"invalid body\" }), { status: 400 });\n }\n\n if (!Array.isArray(body?.events) || body.events.length === 0) {\n return new Response(JSON.stringify({ error: \"no events\" }), { status: 400 });\n }\n\n // 1. reCAPTCHA\n if (!body.rcToken) {\n return new Response(JSON.stringify({ error: \"no recaptcha token\" }), { status: 403 });\n }\n const userAgent = req.headers.get(\"user-agent\") ?? undefined;\n const clientIp = readClientIp(req);\n const recaptchaOk = await verifyRecaptcha({\n token: body.rcToken,\n siteKey: options.recaptchaSiteKey,\n projectId: options.recaptchaProjectId,\n apiKey: options.recaptchaApiKey,\n expectedAction: options.recaptchaAction ?? \"log_error\",\n threshold: options.recaptchaThreshold ?? 0.5,\n userAgent,\n userIpAddress: clientIp ?? undefined,\n });\n if (!recaptchaOk) {\n return new Response(JSON.stringify({ error: \"recaptcha rejected\" }), { status: 403 });\n }\n\n // 2. Origin → tenant lookup\n const originHeader = req.headers.get(\"origin\");\n const originHost = normalizeOrigin(originHeader);\n if (!originHost) {\n return new Response(JSON.stringify({ error: \"invalid origin\" }), { status: 403 });\n }\n // Narrow by substring so we don't load every tenant; normalize-and-compare below rejects false positives.\n const tenantsResult = await req.payload.find({\n collection: \"tenants\",\n where: { domain: { contains: originHost } },\n pagination: false,\n });\n const tenant = tenantsResult.docs.find(\n (t) => normalizeOrigin(t.domain ?? null) === originHost,\n );\n if (!tenant) {\n return new Response(JSON.stringify({ error: \"unknown origin\" }), { status: 403 });\n }\n\n // 3. Per-IP rate limit. Skip when no real IP header was present —\n // the per-tenant daily cap below is still in force as a safety net.\n if (clientIp !== null && !ipLimiter.allow(clientIp)) {\n return new Response(JSON.stringify({ error: \"rate limited\" }), { status: 429 });\n }\n\n // 4. Per-tenant volume cap\n if (!tenantLimiter.allow(String(tenant.id))) {\n options.onTenantCapExceeded?.(tenant.id);\n return new Response(JSON.stringify({ error: \"tenant cap exceeded\" }), { status: 429 });\n }\n\n // 5. Create events (dedup hook on IssueEvents handles parent Issue find-or-create)\n // Fire-and-forget — return 202 without awaiting all creates.\n void Promise.all(\n body.events.map((event) => {\n const clamped = clampEventForStorage(event);\n return req.payload\n .create({\n collection: \"issue-events\",\n data: { ...clamped, tenant: tenant.id },\n })\n .catch(() => {\n /* swallow per-event failures; cascade guard lives in the dedup hook */\n });\n }),\n );\n\n return new Response(JSON.stringify({ accepted: body.events.length }), { status: 202 });\n },\n };\n}\n","/**\n * Reduce a hostname or full URL to a plain lowercase hostname so two values\n * can be compared during tenant lookup. For example,\n * `https://AcmeStorage.com:443/foo` and `acmestorage.com.` both become\n * `acmestorage.com`.\n *\n * Strips scheme, port, path, query, fragment, trailing slash, and a trailing\n * dot (like the one in `acmestorage.com.`). The incoming `Origin` header and\n * the stored `tenant.domain` are both run through this so cosmetic\n * differences don't cause a miss. Returns `null` if the input is empty or\n * can't be parsed.\n *\n * Note: this does NOT strip `www` (that's a different host) or unify schemes\n * (`http` vs `https` are different origins for browser security purposes).\n */\nexport function normalizeOrigin(input: string | null | undefined): string | null {\n if (!input) return null;\n const candidate = input.includes(\"://\") ? input : `https://${input}`;\n let host: string;\n try {\n host = new URL(candidate).hostname;\n } catch {\n return null;\n }\n host = host.toLowerCase();\n if (host.endsWith(\".\")) host = host.slice(0, -1);\n return host || null;\n}\n","export interface VerifyRecaptchaOptions {\n /** The Enterprise token from the browser. */\n token: string;\n /** The reCAPTCHA Enterprise site key. */\n siteKey: string;\n /** Google Cloud project ID hosting the reCAPTCHA Enterprise key. */\n projectId: string;\n /** Google Cloud API key with reCAPTCHA Enterprise enabled. */\n apiKey: string;\n /** The action we expect on the token (e.g. \"log_error\"). */\n expectedAction: string;\n /** Minimum score (0.0–1.0) to accept. */\n threshold: number;\n /** Optional user agent + client IP forwarded to Enterprise for stronger risk signals. */\n userAgent?: string;\n userIpAddress?: string;\n}\n\n/**\n * Verify a reCAPTCHA Enterprise token by creating an assessment.\n *\n * Returns true if the token is valid AND the action matches AND the score\n * meets the threshold. Returns false on any failure (network, invalid token,\n * action mismatch, low score, malformed response). Never throws — that lets\n * the endpoint cleanly drop the request without trying to parse exception\n * structures.\n */\nexport async function verifyRecaptcha(opts: VerifyRecaptchaOptions): Promise<boolean> {\n const url = `https://recaptchaenterprise.googleapis.com/v1/projects/${opts.projectId}/assessments?key=${encodeURIComponent(opts.apiKey)}`;\n const body = {\n event: {\n token: opts.token,\n siteKey: opts.siteKey,\n expectedAction: opts.expectedAction,\n ...(opts.userAgent ? { userAgent: opts.userAgent } : {}),\n ...(opts.userIpAddress ? { userIpAddress: opts.userIpAddress } : {}),\n },\n };\n\n try {\n const res = await fetch(url, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify(body),\n });\n if (!res.ok) return false;\n\n const json = (await res.json()) as {\n tokenProperties?: { valid?: boolean; action?: string };\n riskAnalysis?: { score?: number };\n };\n\n if (!json.tokenProperties?.valid) return false;\n if (json.tokenProperties.action !== opts.expectedAction) return false;\n const score = json.riskAnalysis?.score ?? 0;\n if (score < opts.threshold) return false;\n return true;\n } catch {\n return false;\n }\n}\n","/** A simple \"is this key allowed to do something right now?\" check. */\nexport interface RateLimiter {\n /** True if the key still has room in the window (and uses one slot); false if it's over. */\n allow(key: string): boolean;\n /** @internal — test-only inspection of the internal Map size. */\n _sizeForTests(): number;\n}\n\nexport interface RateLimiterOptions {\n /** How far back to count hits, in ms. */\n windowMs: number;\n /** Most hits allowed in that window before `allow` starts returning false. */\n max: number;\n}\n\n// Periodic global sweep cadence: every Nth `allow()` call, drop any key whose\n// hits have all aged out. Bounded cost — a long-tail IP that hits once and\n// never returns won't sit in the Map forever.\nconst SWEEP_EVERY = 1000;\n\n/**\n * Returns a rate limiter keyed by a string. Each call to `allow(key)` checks\n * how many hits that key has had in the last `windowMs`; if it's under `max`,\n * it records the hit and returns true, otherwise it returns false.\n *\n * In-memory only — across multiple server instances the count is approximate,\n * which is fine for v1. The endpoint uses two of these: one keyed by client\n * IP (short burst cap) and one keyed by tenant (daily volume cap).\n *\n * Memory hygiene: a global sweep runs every {@link SWEEP_EVERY} calls and\n * deletes keys whose hit arrays have fully aged out — keeps the Map bounded\n * over long uptimes when long-tail keys (one-shot IPs) would otherwise sit\n * there forever.\n */\nexport function createRateLimiter(opts: RateLimiterOptions): RateLimiter {\n const hits = new Map<string, number[]>();\n let callsSinceSweep = 0;\n\n function sweepEmpty(now: number): void {\n for (const [key, arr] of hits) {\n const filtered = arr.filter((t) => now - t < opts.windowMs);\n if (filtered.length === 0) hits.delete(key);\n else if (filtered.length !== arr.length) hits.set(key, filtered);\n }\n }\n\n return {\n allow(key: string): boolean {\n const now = Date.now();\n // Count every call (allowed or denied) toward the sweep cadence so that\n // a single hot, capped key still triggers cleanup of unrelated stragglers.\n callsSinceSweep++;\n if (callsSinceSweep >= SWEEP_EVERY) {\n sweepEmpty(now);\n callsSinceSweep = 0;\n }\n\n const arr = (hits.get(key) ?? []).filter((t) => now - t < opts.windowMs);\n if (arr.length >= opts.max) {\n hits.set(key, arr);\n return false;\n }\n arr.push(now);\n hits.set(key, arr);\n return true;\n },\n _sizeForTests(): number {\n return hits.size;\n },\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACeO,SAAS,gBAAgB,OAAiD;AAC/E,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,YAAY,MAAM,SAAS,KAAK,IAAI,QAAQ,WAAW,KAAK;AAClE,MAAI;AACJ,MAAI;AACF,WAAO,IAAI,IAAI,SAAS,EAAE;AAAA,EAC5B,QAAQ;AACN,WAAO;AAAA,EACT;AACA,SAAO,KAAK,YAAY;AACxB,MAAI,KAAK,SAAS,GAAG,EAAG,QAAO,KAAK,MAAM,GAAG,EAAE;AAC/C,SAAO,QAAQ;AACjB;;;ACAA,eAAsB,gBAAgB,MAAgD;AACpF,QAAM,MAAM,0DAA0D,KAAK,SAAS,oBAAoB,mBAAmB,KAAK,MAAM,CAAC;AACvI,QAAM,OAAO;AAAA,IACX,OAAO;AAAA,MACL,OAAO,KAAK;AAAA,MACZ,SAAS,KAAK;AAAA,MACd,gBAAgB,KAAK;AAAA,MACrB,GAAI,KAAK,YAAY,EAAE,WAAW,KAAK,UAAU,IAAI,CAAC;AAAA,MACtD,GAAI,KAAK,gBAAgB,EAAE,eAAe,KAAK,cAAc,IAAI,CAAC;AAAA,IACpE;AAAA,EACF;AAEA,MAAI;AACF,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU,IAAI;AAAA,IAC3B,CAAC;AACD,QAAI,CAAC,IAAI,GAAI,QAAO;AAEpB,UAAM,OAAQ,MAAM,IAAI,KAAK;AAK7B,QAAI,CAAC,KAAK,iBAAiB,MAAO,QAAO;AACzC,QAAI,KAAK,gBAAgB,WAAW,KAAK,eAAgB,QAAO;AAChE,UAAM,QAAQ,KAAK,cAAc,SAAS;AAC1C,QAAI,QAAQ,KAAK,UAAW,QAAO;AACnC,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;AC1CA,IAAM,cAAc;AAgBb,SAAS,kBAAkB,MAAuC;AACvE,QAAM,OAAO,oBAAI,IAAsB;AACvC,MAAI,kBAAkB;AAEtB,WAAS,WAAW,KAAmB;AACrC,eAAW,CAAC,KAAK,GAAG,KAAK,MAAM;AAC7B,YAAM,WAAW,IAAI,OAAO,CAAC,MAAM,MAAM,IAAI,KAAK,QAAQ;AAC1D,UAAI,SAAS,WAAW,EAAG,MAAK,OAAO,GAAG;AAAA,eACjC,SAAS,WAAW,IAAI,OAAQ,MAAK,IAAI,KAAK,QAAQ;AAAA,IACjE;AAAA,EACF;AAEA,SAAO;AAAA,IACL,MAAM,KAAsB;AAC1B,YAAM,MAAM,KAAK,IAAI;AAGrB;AACA,UAAI,mBAAmB,aAAa;AAClC,mBAAW,GAAG;AACd,0BAAkB;AAAA,MACpB;AAEA,YAAM,OAAO,KAAK,IAAI,GAAG,KAAK,CAAC,GAAG,OAAO,CAAC,MAAM,MAAM,IAAI,KAAK,QAAQ;AACvE,UAAI,IAAI,UAAU,KAAK,KAAK;AAC1B,aAAK,IAAI,KAAK,GAAG;AACjB,eAAO;AAAA,MACT;AACA,UAAI,KAAK,GAAG;AACZ,WAAK,IAAI,KAAK,GAAG;AACjB,aAAO;AAAA,IACT;AAAA,IACA,gBAAwB;AACtB,aAAO,KAAK;AAAA,IACd;AAAA,EACF;AACF;;;AHoBA,SAAS,aAAa,KAAoC;AACxD,SACE,IAAI,QAAQ,IAAI,kBAAkB,KAClC,IAAI,QAAQ,IAAI,iBAAiB,GAAG,MAAM,GAAG,EAAE,CAAC,GAAG,KAAK,KACxD;AAEJ;AAMA,IAAM,oBAAoB;AAC1B,IAAM,kBAAkB;AAKxB,IAAM,iBAAiB,MAAM;AAE7B,SAAS,qBAAqB,OAA2B;AACvD,SAAO;AAAA,IACL,GAAG;AAAA,IACH,SAAS,MAAM,SAAS,MAAM,GAAG,iBAAiB,KAAK,MAAM;AAAA,IAC7D,OAAO,MAAM,OAAO,MAAM,GAAG,eAAe,KAAK,MAAM;AAAA,EACzD;AACF;AAYO,SAAS,0BACd,SACiB;AACjB,QAAM,YAAyB,kBAAkB;AAAA,IAC/C,UAAU;AAAA,IACV,KAAK,QAAQ,qBAAqB;AAAA,EACpC,CAAC;AACD,QAAM,gBAA6B,kBAAkB;AAAA,IACnD,UAAU,KAAK,KAAK;AAAA,IACpB,KAAK,QAAQ,sBAAsB;AAAA,EACrC,CAAC;AAED,SAAO;AAAA,IACL,MAAM,QAAQ,QAAQ;AAAA,IACtB,QAAQ;AAAA,IACR,SAAS,OAAO,QAAQ;AAEtB,YAAM,gBAAgB,OAAO,IAAI,QAAQ,IAAI,gBAAgB,KAAK,GAAG;AACrE,UAAI,OAAO,SAAS,aAAa,KAAK,gBAAgB,gBAAgB;AACpE,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,iBAAiB,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MAClF;AAEA,UAAI;AACJ,UAAI;AACF,eAAO,MAAM,IAAI,KAAK;AAAA,MACxB,QAAQ;AACN,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,eAAe,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MAChF;AAEA,UAAI,CAAC,MAAM,QAAQ,MAAM,MAAM,KAAK,KAAK,OAAO,WAAW,GAAG;AAC5D,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,YAAY,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC7E;AAGA,UAAI,CAAC,KAAK,SAAS;AACjB,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,qBAAqB,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACtF;AACA,YAAM,YAAY,IAAI,QAAQ,IAAI,YAAY,KAAK;AACnD,YAAM,WAAW,aAAa,GAAG;AACjC,YAAM,cAAc,MAAM,gBAAgB;AAAA,QACxC,OAAO,KAAK;AAAA,QACZ,SAAS,QAAQ;AAAA,QACjB,WAAW,QAAQ;AAAA,QACnB,QAAQ,QAAQ;AAAA,QAChB,gBAAgB,QAAQ,mBAAmB;AAAA,QAC3C,WAAW,QAAQ,sBAAsB;AAAA,QACzC;AAAA,QACA,eAAe,YAAY;AAAA,MAC7B,CAAC;AACD,UAAI,CAAC,aAAa;AAChB,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,qBAAqB,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACtF;AAGA,YAAM,eAAe,IAAI,QAAQ,IAAI,QAAQ;AAC7C,YAAM,aAAa,gBAAgB,YAAY;AAC/C,UAAI,CAAC,YAAY;AACf,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,iBAAiB,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MAClF;AAEA,YAAM,gBAAgB,MAAM,IAAI,QAAQ,KAAK;AAAA,QAC3C,YAAY;AAAA,QACZ,OAAO,EAAE,QAAQ,EAAE,UAAU,WAAW,EAAE;AAAA,QAC1C,YAAY;AAAA,MACd,CAAC;AACD,YAAM,SAAS,cAAc,KAAK;AAAA,QAChC,CAAC,MAAM,gBAAgB,EAAE,UAAU,IAAI,MAAM;AAAA,MAC/C;AACA,UAAI,CAAC,QAAQ;AACX,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,iBAAiB,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MAClF;AAIA,UAAI,aAAa,QAAQ,CAAC,UAAU,MAAM,QAAQ,GAAG;AACnD,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,eAAe,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MAChF;AAGA,UAAI,CAAC,cAAc,MAAM,OAAO,OAAO,EAAE,CAAC,GAAG;AAC3C,gBAAQ,sBAAsB,OAAO,EAAE;AACvC,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,sBAAsB,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACvF;AAIA,WAAK,QAAQ;AAAA,QACX,KAAK,OAAO,IAAI,CAAC,UAAU;AACzB,gBAAM,UAAU,qBAAqB,KAAK;AAC1C,iBAAO,IAAI,QACR,OAAO;AAAA,YACN,YAAY;AAAA,YACZ,MAAM,EAAE,GAAG,SAAS,QAAQ,OAAO,GAAG;AAAA,UACxC,CAAC,EACA,MAAM,MAAM;AAAA,UAEb,CAAC;AAAA,QACL,CAAC;AAAA,MACH;AAEA,aAAO,IAAI,SAAS,KAAK,UAAU,EAAE,UAAU,KAAK,OAAO,OAAO,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACvF;AAAA,EACF;AACF;","names":[]}

package/dist/payload-endpoint/index.mjs ADDED Viewed

@@ -0,0 +1,179 @@
+// src/payload-endpoint/normalizeOrigin.ts
+function normalizeOrigin(input) {
+  if (!input) return null;
+  const candidate = input.includes("://") ? input : `https://${input}`;
+  let host;
+  try {
+    host = new URL(candidate).hostname;
+  } catch {
+    return null;
+  }
+  host = host.toLowerCase();
+  if (host.endsWith(".")) host = host.slice(0, -1);
+  return host || null;
+}
+// src/payload-endpoint/verifyRecaptcha.ts
+async function verifyRecaptcha(opts) {
+  const url = `https://recaptchaenterprise.googleapis.com/v1/projects/${opts.projectId}/assessments?key=${encodeURIComponent(opts.apiKey)}`;
+  const body = {
+    event: {
+      token: opts.token,
+      siteKey: opts.siteKey,
+      expectedAction: opts.expectedAction,
+      ...opts.userAgent ? { userAgent: opts.userAgent } : {},
+      ...opts.userIpAddress ? { userIpAddress: opts.userIpAddress } : {}
+    }
+  };
+  try {
+    const res = await fetch(url, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(body)
+    });
+    if (!res.ok) return false;
+    const json = await res.json();
+    if (!json.tokenProperties?.valid) return false;
+    if (json.tokenProperties.action !== opts.expectedAction) return false;
+    const score = json.riskAnalysis?.score ?? 0;
+    if (score < opts.threshold) return false;
+    return true;
+  } catch {
+    return false;
+  }
+}
+// src/payload-endpoint/rateLimit.ts
+var SWEEP_EVERY = 1e3;
+function createRateLimiter(opts) {
+  const hits = /* @__PURE__ */ new Map();
+  let callsSinceSweep = 0;
+  function sweepEmpty(now) {
+    for (const [key, arr] of hits) {
+      const filtered = arr.filter((t) => now - t < opts.windowMs);
+      if (filtered.length === 0) hits.delete(key);
+      else if (filtered.length !== arr.length) hits.set(key, filtered);
+    }
+  }
+  return {
+    allow(key) {
+      const now = Date.now();
+      callsSinceSweep++;
+      if (callsSinceSweep >= SWEEP_EVERY) {
+        sweepEmpty(now);
+        callsSinceSweep = 0;
+      }
+      const arr = (hits.get(key) ?? []).filter((t) => now - t < opts.windowMs);
+      if (arr.length >= opts.max) {
+        hits.set(key, arr);
+        return false;
+      }
+      arr.push(now);
+      hits.set(key, arr);
+      return true;
+    },
+    _sizeForTests() {
+      return hits.size;
+    }
+  };
+}
+// src/payload-endpoint/index.ts
+function readClientIp(req) {
+  return req.headers.get("cf-connecting-ip") ?? req.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ?? null;
+}
+var MAX_MESSAGE_CHARS = 500;
+var MAX_STACK_CHARS = 1e4;
+var MAX_BODY_BYTES = 256 * 1024;
+function clampEventForStorage(event) {
+  return {
+    ...event,
+    message: event.message?.slice(0, MAX_MESSAGE_CHARS) ?? event.message,
+    stack: event.stack?.slice(0, MAX_STACK_CHARS) ?? event.stack
+  };
+}
+function createErrorLoggerEndpoint(options) {
+  const ipLimiter = createRateLimiter({
+    windowMs: 6e4,
+    max: options.perIpMaxPerMinute ?? 60
+  });
+  const tenantLimiter = createRateLimiter({
+    windowMs: 24 * 60 * 6e4,
+    max: options.perTenantMaxPerDay ?? 1e4
+  });
+  return {
+    path: options.path ?? "/log-error",
+    method: "post",
+    handler: async (req) => {
+      const contentLength = Number(req.headers.get("content-length") ?? "0");
+      if (Number.isFinite(contentLength) && contentLength > MAX_BODY_BYTES) {
+        return new Response(JSON.stringify({ error: "body too large" }), { status: 413 });
+      }
+      let body;
+      try {
+        body = await req.json();
+      } catch {
+        return new Response(JSON.stringify({ error: "invalid body" }), { status: 400 });
+      }
+      if (!Array.isArray(body?.events) || body.events.length === 0) {
+        return new Response(JSON.stringify({ error: "no events" }), { status: 400 });
+      }
+      if (!body.rcToken) {
+        return new Response(JSON.stringify({ error: "no recaptcha token" }), { status: 403 });
+      }
+      const userAgent = req.headers.get("user-agent") ?? void 0;
+      const clientIp = readClientIp(req);
+      const recaptchaOk = await verifyRecaptcha({
+        token: body.rcToken,
+        siteKey: options.recaptchaSiteKey,
+        projectId: options.recaptchaProjectId,
+        apiKey: options.recaptchaApiKey,
+        expectedAction: options.recaptchaAction ?? "log_error",
+        threshold: options.recaptchaThreshold ?? 0.5,
+        userAgent,
+        userIpAddress: clientIp ?? void 0
+      });
+      if (!recaptchaOk) {
+        return new Response(JSON.stringify({ error: "recaptcha rejected" }), { status: 403 });
+      }
+      const originHeader = req.headers.get("origin");
+      const originHost = normalizeOrigin(originHeader);
+      if (!originHost) {
+        return new Response(JSON.stringify({ error: "invalid origin" }), { status: 403 });
+      }
+      const tenantsResult = await req.payload.find({
+        collection: "tenants",
+        where: { domain: { contains: originHost } },
+        pagination: false
+      });
+      const tenant = tenantsResult.docs.find(
+        (t) => normalizeOrigin(t.domain ?? null) === originHost
+      );
+      if (!tenant) {
+        return new Response(JSON.stringify({ error: "unknown origin" }), { status: 403 });
+      }
+      if (clientIp !== null && !ipLimiter.allow(clientIp)) {
+        return new Response(JSON.stringify({ error: "rate limited" }), { status: 429 });
+      }
+      if (!tenantLimiter.allow(String(tenant.id))) {
+        options.onTenantCapExceeded?.(tenant.id);
+        return new Response(JSON.stringify({ error: "tenant cap exceeded" }), { status: 429 });
+      }
+      void Promise.all(
+        body.events.map((event) => {
+          const clamped = clampEventForStorage(event);
+          return req.payload.create({
+            collection: "issue-events",
+            data: { ...clamped, tenant: tenant.id }
+          }).catch(() => {
+          });
+        })
+      );
+      return new Response(JSON.stringify({ accepted: body.events.length }), { status: 202 });
+    }
+  };
+}
+export {
+  createErrorLoggerEndpoint
+};
+//# sourceMappingURL=index.mjs.map

package/dist/payload-endpoint/index.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/payload-endpoint/normalizeOrigin.ts","../../src/payload-endpoint/verifyRecaptcha.ts","../../src/payload-endpoint/rateLimit.ts","../../src/payload-endpoint/index.ts"],"sourcesContent":["/**\n * Reduce a hostname or full URL to a plain lowercase hostname so two values\n * can be compared during tenant lookup. For example,\n * `https://AcmeStorage.com:443/foo` and `acmestorage.com.` both become\n * `acmestorage.com`.\n *\n * Strips scheme, port, path, query, fragment, trailing slash, and a trailing\n * dot (like the one in `acmestorage.com.`). The incoming `Origin` header and\n * the stored `tenant.domain` are both run through this so cosmetic\n * differences don't cause a miss. Returns `null` if the input is empty or\n * can't be parsed.\n *\n * Note: this does NOT strip `www` (that's a different host) or unify schemes\n * (`http` vs `https` are different origins for browser security purposes).\n */\nexport function normalizeOrigin(input: string | null | undefined): string | null {\n if (!input) return null;\n const candidate = input.includes(\"://\") ? input : `https://${input}`;\n let host: string;\n try {\n host = new URL(candidate).hostname;\n } catch {\n return null;\n }\n host = host.toLowerCase();\n if (host.endsWith(\".\")) host = host.slice(0, -1);\n return host || null;\n}\n","export interface VerifyRecaptchaOptions {\n /** The Enterprise token from the browser. */\n token: string;\n /** The reCAPTCHA Enterprise site key. */\n siteKey: string;\n /** Google Cloud project ID hosting the reCAPTCHA Enterprise key. */\n projectId: string;\n /** Google Cloud API key with reCAPTCHA Enterprise enabled. */\n apiKey: string;\n /** The action we expect on the token (e.g. \"log_error\"). */\n expectedAction: string;\n /** Minimum score (0.0–1.0) to accept. */\n threshold: number;\n /** Optional user agent + client IP forwarded to Enterprise for stronger risk signals. */\n userAgent?: string;\n userIpAddress?: string;\n}\n\n/**\n * Verify a reCAPTCHA Enterprise token by creating an assessment.\n *\n * Returns true if the token is valid AND the action matches AND the score\n * meets the threshold. Returns false on any failure (network, invalid token,\n * action mismatch, low score, malformed response). Never throws — that lets\n * the endpoint cleanly drop the request without trying to parse exception\n * structures.\n */\nexport async function verifyRecaptcha(opts: VerifyRecaptchaOptions): Promise<boolean> {\n const url = `https://recaptchaenterprise.googleapis.com/v1/projects/${opts.projectId}/assessments?key=${encodeURIComponent(opts.apiKey)}`;\n const body = {\n event: {\n token: opts.token,\n siteKey: opts.siteKey,\n expectedAction: opts.expectedAction,\n ...(opts.userAgent ? { userAgent: opts.userAgent } : {}),\n ...(opts.userIpAddress ? { userIpAddress: opts.userIpAddress } : {}),\n },\n };\n\n try {\n const res = await fetch(url, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify(body),\n });\n if (!res.ok) return false;\n\n const json = (await res.json()) as {\n tokenProperties?: { valid?: boolean; action?: string };\n riskAnalysis?: { score?: number };\n };\n\n if (!json.tokenProperties?.valid) return false;\n if (json.tokenProperties.action !== opts.expectedAction) return false;\n const score = json.riskAnalysis?.score ?? 0;\n if (score < opts.threshold) return false;\n return true;\n } catch {\n return false;\n }\n}\n","/** A simple \"is this key allowed to do something right now?\" check. */\nexport interface RateLimiter {\n /** True if the key still has room in the window (and uses one slot); false if it's over. */\n allow(key: string): boolean;\n /** @internal — test-only inspection of the internal Map size. */\n _sizeForTests(): number;\n}\n\nexport interface RateLimiterOptions {\n /** How far back to count hits, in ms. */\n windowMs: number;\n /** Most hits allowed in that window before `allow` starts returning false. */\n max: number;\n}\n\n// Periodic global sweep cadence: every Nth `allow()` call, drop any key whose\n// hits have all aged out. Bounded cost — a long-tail IP that hits once and\n// never returns won't sit in the Map forever.\nconst SWEEP_EVERY = 1000;\n\n/**\n * Returns a rate limiter keyed by a string. Each call to `allow(key)` checks\n * how many hits that key has had in the last `windowMs`; if it's under `max`,\n * it records the hit and returns true, otherwise it returns false.\n *\n * In-memory only — across multiple server instances the count is approximate,\n * which is fine for v1. The endpoint uses two of these: one keyed by client\n * IP (short burst cap) and one keyed by tenant (daily volume cap).\n *\n * Memory hygiene: a global sweep runs every {@link SWEEP_EVERY} calls and\n * deletes keys whose hit arrays have fully aged out — keeps the Map bounded\n * over long uptimes when long-tail keys (one-shot IPs) would otherwise sit\n * there forever.\n */\nexport function createRateLimiter(opts: RateLimiterOptions): RateLimiter {\n const hits = new Map<string, number[]>();\n let callsSinceSweep = 0;\n\n function sweepEmpty(now: number): void {\n for (const [key, arr] of hits) {\n const filtered = arr.filter((t) => now - t < opts.windowMs);\n if (filtered.length === 0) hits.delete(key);\n else if (filtered.length !== arr.length) hits.set(key, filtered);\n }\n }\n\n return {\n allow(key: string): boolean {\n const now = Date.now();\n // Count every call (allowed or denied) toward the sweep cadence so that\n // a single hot, capped key still triggers cleanup of unrelated stragglers.\n callsSinceSweep++;\n if (callsSinceSweep >= SWEEP_EVERY) {\n sweepEmpty(now);\n callsSinceSweep = 0;\n }\n\n const arr = (hits.get(key) ?? []).filter((t) => now - t < opts.windowMs);\n if (arr.length >= opts.max) {\n hits.set(key, arr);\n return false;\n }\n arr.push(now);\n hits.set(key, arr);\n return true;\n },\n _sizeForTests(): number {\n return hits.size;\n },\n };\n}\n","import { normalizeOrigin } from \"./normalizeOrigin\";\nimport { verifyRecaptcha } from \"./verifyRecaptcha\";\nimport { createRateLimiter, type RateLimiter } from \"./rateLimit\";\nimport type { LogEvent } from \"../types\";\n\n/**\n * The shape of a Payload v3 endpoint. Declared here as a plain interface\n * (rather than imported from `payload`) so this package can be used without\n * `payload` installed — `payload` is an optional peer dependency. Anything\n * matching this shape can be added to the Payload config's `endpoints` array.\n */\nexport interface PayloadEndpoint {\n path: string;\n method: \"post\" | \"get\" | \"put\" | \"patch\" | \"delete\";\n handler: (req: PayloadRequest) => Promise<Response>;\n}\n\n/**\n * The shape of the JSON body our endpoint accepts. Each request is a batch of\n * `events` plus the reCAPTCHA token the helper acquired in the browser.\n */\nexport interface IncomingBody {\n events: LogEvent[];\n rcToken: string | null;\n}\n\ninterface PayloadRequest {\n headers: { get(name: string): string | null };\n json: () => Promise<IncomingBody>;\n payload: PayloadInstance;\n}\n\ninterface PayloadInstance {\n find: (args: PayloadFindArgs) => Promise<{ docs: PayloadDoc[] }>;\n create: (args: PayloadCreateArgs) => Promise<{ id: string | number }>;\n}\n\ninterface PayloadFindArgs {\n collection: string;\n limit?: number;\n pagination?: boolean;\n where?: TenantDomainWhere;\n}\n\n// Scoped narrowly: this file only ever queries `domain.contains` on tenants.\n// Rename signals scope — widening for new query shapes should be deliberate, not accidental.\ninterface TenantDomainWhere {\n [field: string]: { contains?: string; equals?: string | number };\n}\n\ninterface PayloadCreateArgs {\n collection: string;\n data: IssueEventCreateData;\n}\n\n/**\n * The shape of data we pass to `payload.create('issue-events', { data })`.\n * It's a `LogEvent` plus the `tenant` we resolved from the request's `Origin`.\n */\ntype IssueEventCreateData = LogEvent & { tenant: string | number };\n\ninterface PayloadDoc {\n id: string | number;\n domain?: string;\n}\n\nexport interface CreateErrorLoggerEndpointOptions {\n /** Path on the Payload server, relative to the API root. Defaults to `/log-error`. */\n path?: string;\n /** Google Cloud project ID hosting the reCAPTCHA Enterprise key. */\n recaptchaProjectId: string;\n /** Google Cloud API key with reCAPTCHA Enterprise enabled. */\n recaptchaApiKey: string;\n /** The reCAPTCHA Enterprise site key (also used by the browser to acquire tokens). */\n recaptchaSiteKey: string;\n /** Action name we expect on incoming tokens. Must match the helper's `recaptchaAction`. Defaults to \"log_error\". */\n recaptchaAction?: string;\n /** Minimum score (0.0–1.0) to accept. Defaults to 0.5. */\n recaptchaThreshold?: number;\n /** Most events one IP can send per minute. Defaults to 60. */\n perIpMaxPerMinute?: number;\n /** Most events one tenant can send per day. Defaults to 10_000. */\n perTenantMaxPerDay?: number;\n /** Optional hook fired when a tenant trips the daily cap, e.g. for alerting. */\n onTenantCapExceeded?: (tenantId: string | number) => void;\n}\n\n// Returns null when no upstream header carries the client IP. Callers must\n// bypass per-IP rate limiting in that case so local dev / misconfigured\n// upstreams don't collapse every IP-less request into one shared bucket.\nfunction readClientIp(req: PayloadRequest): string | null {\n return (\n req.headers.get(\"cf-connecting-ip\") ??\n req.headers.get(\"x-forwarded-for\")?.split(\",\")[0]?.trim() ??\n null\n );\n}\n\n// IssueEvents storage caps: message text and stack trace each have hard upper\n// bounds on the collection. Trim defensively here so a direct REST POST with\n// oversized strings becomes a successful best-effort log instead of a 400.\n// Values must match the maxLength settings in collections/IssueEvents/index.ts.\nconst MAX_MESSAGE_CHARS = 500;\nconst MAX_STACK_CHARS = 10_000;\n\n// Upper bound on request body size. Generous for a normal batch (~10 events\n// after per-field clamping) but small enough that a malicious POST can't burn\n// CPU on parsing + reCAPTCHA verify before any rate limit runs.\nconst MAX_BODY_BYTES = 256 * 1024;\n\nfunction clampEventForStorage(event: LogEvent): LogEvent {\n return {\n ...event,\n message: event.message?.slice(0, MAX_MESSAGE_CHARS) ?? event.message,\n stack: event.stack?.slice(0, MAX_STACK_CHARS) ?? event.stack,\n };\n}\n\n/**\n * Build a Payload endpoint that accepts cross-origin POSTs of error events\n * from the browser.\n *\n * Each request goes through these checks in order: verify the reCAPTCHA\n * token, look up the tenant by the request's `Origin` header, apply the\n * per-IP burst limit, apply the per-tenant daily limit, then create one\n * `issue-events` doc per event. The `IssueEvents.beforeChange` hook handles\n * grouping events into the parent `Issues` row.\n */\nexport function createErrorLoggerEndpoint(\n options: CreateErrorLoggerEndpointOptions,\n): PayloadEndpoint {\n const ipLimiter: RateLimiter = createRateLimiter({\n windowMs: 60_000,\n max: options.perIpMaxPerMinute ?? 60,\n });\n const tenantLimiter: RateLimiter = createRateLimiter({\n windowMs: 24 * 60 * 60_000,\n max: options.perTenantMaxPerDay ?? 10_000,\n });\n\n return {\n path: options.path ?? \"/log-error\",\n method: \"post\",\n handler: async (req) => {\n // Reject oversized bodies before parsing or reCAPTCHA verify.\n const contentLength = Number(req.headers.get(\"content-length\") ?? \"0\");\n if (Number.isFinite(contentLength) && contentLength > MAX_BODY_BYTES) {\n return new Response(JSON.stringify({ error: \"body too large\" }), { status: 413 });\n }\n\n let body: IncomingBody;\n try {\n body = await req.json();\n } catch {\n return new Response(JSON.stringify({ error: \"invalid body\" }), { status: 400 });\n }\n\n if (!Array.isArray(body?.events) || body.events.length === 0) {\n return new Response(JSON.stringify({ error: \"no events\" }), { status: 400 });\n }\n\n // 1. reCAPTCHA\n if (!body.rcToken) {\n return new Response(JSON.stringify({ error: \"no recaptcha token\" }), { status: 403 });\n }\n const userAgent = req.headers.get(\"user-agent\") ?? undefined;\n const clientIp = readClientIp(req);\n const recaptchaOk = await verifyRecaptcha({\n token: body.rcToken,\n siteKey: options.recaptchaSiteKey,\n projectId: options.recaptchaProjectId,\n apiKey: options.recaptchaApiKey,\n expectedAction: options.recaptchaAction ?? \"log_error\",\n threshold: options.recaptchaThreshold ?? 0.5,\n userAgent,\n userIpAddress: clientIp ?? undefined,\n });\n if (!recaptchaOk) {\n return new Response(JSON.stringify({ error: \"recaptcha rejected\" }), { status: 403 });\n }\n\n // 2. Origin → tenant lookup\n const originHeader = req.headers.get(\"origin\");\n const originHost = normalizeOrigin(originHeader);\n if (!originHost) {\n return new Response(JSON.stringify({ error: \"invalid origin\" }), { status: 403 });\n }\n // Narrow by substring so we don't load every tenant; normalize-and-compare below rejects false positives.\n const tenantsResult = await req.payload.find({\n collection: \"tenants\",\n where: { domain: { contains: originHost } },\n pagination: false,\n });\n const tenant = tenantsResult.docs.find(\n (t) => normalizeOrigin(t.domain ?? null) === originHost,\n );\n if (!tenant) {\n return new Response(JSON.stringify({ error: \"unknown origin\" }), { status: 403 });\n }\n\n // 3. Per-IP rate limit. Skip when no real IP header was present —\n // the per-tenant daily cap below is still in force as a safety net.\n if (clientIp !== null && !ipLimiter.allow(clientIp)) {\n return new Response(JSON.stringify({ error: \"rate limited\" }), { status: 429 });\n }\n\n // 4. Per-tenant volume cap\n if (!tenantLimiter.allow(String(tenant.id))) {\n options.onTenantCapExceeded?.(tenant.id);\n return new Response(JSON.stringify({ error: \"tenant cap exceeded\" }), { status: 429 });\n }\n\n // 5. Create events (dedup hook on IssueEvents handles parent Issue find-or-create)\n // Fire-and-forget — return 202 without awaiting all creates.\n void Promise.all(\n body.events.map((event) => {\n const clamped = clampEventForStorage(event);\n return req.payload\n .create({\n collection: \"issue-events\",\n data: { ...clamped, tenant: tenant.id },\n })\n .catch(() => {\n /* swallow per-event failures; cascade guard lives in the dedup hook */\n });\n }),\n );\n\n return new Response(JSON.stringify({ accepted: body.events.length }), { status: 202 });\n },\n };\n}\n"],"mappings":";AAeO,SAAS,gBAAgB,OAAiD;AAC/E,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,YAAY,MAAM,SAAS,KAAK,IAAI,QAAQ,WAAW,KAAK;AAClE,MAAI;AACJ,MAAI;AACF,WAAO,IAAI,IAAI,SAAS,EAAE;AAAA,EAC5B,QAAQ;AACN,WAAO;AAAA,EACT;AACA,SAAO,KAAK,YAAY;AACxB,MAAI,KAAK,SAAS,GAAG,EAAG,QAAO,KAAK,MAAM,GAAG,EAAE;AAC/C,SAAO,QAAQ;AACjB;;;ACAA,eAAsB,gBAAgB,MAAgD;AACpF,QAAM,MAAM,0DAA0D,KAAK,SAAS,oBAAoB,mBAAmB,KAAK,MAAM,CAAC;AACvI,QAAM,OAAO;AAAA,IACX,OAAO;AAAA,MACL,OAAO,KAAK;AAAA,MACZ,SAAS,KAAK;AAAA,MACd,gBAAgB,KAAK;AAAA,MACrB,GAAI,KAAK,YAAY,EAAE,WAAW,KAAK,UAAU,IAAI,CAAC;AAAA,MACtD,GAAI,KAAK,gBAAgB,EAAE,eAAe,KAAK,cAAc,IAAI,CAAC;AAAA,IACpE;AAAA,EACF;AAEA,MAAI;AACF,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU,IAAI;AAAA,IAC3B,CAAC;AACD,QAAI,CAAC,IAAI,GAAI,QAAO;AAEpB,UAAM,OAAQ,MAAM,IAAI,KAAK;AAK7B,QAAI,CAAC,KAAK,iBAAiB,MAAO,QAAO;AACzC,QAAI,KAAK,gBAAgB,WAAW,KAAK,eAAgB,QAAO;AAChE,UAAM,QAAQ,KAAK,cAAc,SAAS;AAC1C,QAAI,QAAQ,KAAK,UAAW,QAAO;AACnC,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;AC1CA,IAAM,cAAc;AAgBb,SAAS,kBAAkB,MAAuC;AACvE,QAAM,OAAO,oBAAI,IAAsB;AACvC,MAAI,kBAAkB;AAEtB,WAAS,WAAW,KAAmB;AACrC,eAAW,CAAC,KAAK,GAAG,KAAK,MAAM;AAC7B,YAAM,WAAW,IAAI,OAAO,CAAC,MAAM,MAAM,IAAI,KAAK,QAAQ;AAC1D,UAAI,SAAS,WAAW,EAAG,MAAK,OAAO,GAAG;AAAA,eACjC,SAAS,WAAW,IAAI,OAAQ,MAAK,IAAI,KAAK,QAAQ;AAAA,IACjE;AAAA,EACF;AAEA,SAAO;AAAA,IACL,MAAM,KAAsB;AAC1B,YAAM,MAAM,KAAK,IAAI;AAGrB;AACA,UAAI,mBAAmB,aAAa;AAClC,mBAAW,GAAG;AACd,0BAAkB;AAAA,MACpB;AAEA,YAAM,OAAO,KAAK,IAAI,GAAG,KAAK,CAAC,GAAG,OAAO,CAAC,MAAM,MAAM,IAAI,KAAK,QAAQ;AACvE,UAAI,IAAI,UAAU,KAAK,KAAK;AAC1B,aAAK,IAAI,KAAK,GAAG;AACjB,eAAO;AAAA,MACT;AACA,UAAI,KAAK,GAAG;AACZ,WAAK,IAAI,KAAK,GAAG;AACjB,aAAO;AAAA,IACT;AAAA,IACA,gBAAwB;AACtB,aAAO,KAAK;AAAA,IACd;AAAA,EACF;AACF;;;ACoBA,SAAS,aAAa,KAAoC;AACxD,SACE,IAAI,QAAQ,IAAI,kBAAkB,KAClC,IAAI,QAAQ,IAAI,iBAAiB,GAAG,MAAM,GAAG,EAAE,CAAC,GAAG,KAAK,KACxD;AAEJ;AAMA,IAAM,oBAAoB;AAC1B,IAAM,kBAAkB;AAKxB,IAAM,iBAAiB,MAAM;AAE7B,SAAS,qBAAqB,OAA2B;AACvD,SAAO;AAAA,IACL,GAAG;AAAA,IACH,SAAS,MAAM,SAAS,MAAM,GAAG,iBAAiB,KAAK,MAAM;AAAA,IAC7D,OAAO,MAAM,OAAO,MAAM,GAAG,eAAe,KAAK,MAAM;AAAA,EACzD;AACF;AAYO,SAAS,0BACd,SACiB;AACjB,QAAM,YAAyB,kBAAkB;AAAA,IAC/C,UAAU;AAAA,IACV,KAAK,QAAQ,qBAAqB;AAAA,EACpC,CAAC;AACD,QAAM,gBAA6B,kBAAkB;AAAA,IACnD,UAAU,KAAK,KAAK;AAAA,IACpB,KAAK,QAAQ,sBAAsB;AAAA,EACrC,CAAC;AAED,SAAO;AAAA,IACL,MAAM,QAAQ,QAAQ;AAAA,IACtB,QAAQ;AAAA,IACR,SAAS,OAAO,QAAQ;AAEtB,YAAM,gBAAgB,OAAO,IAAI,QAAQ,IAAI,gBAAgB,KAAK,GAAG;AACrE,UAAI,OAAO,SAAS,aAAa,KAAK,gBAAgB,gBAAgB;AACpE,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,iBAAiB,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MAClF;AAEA,UAAI;AACJ,UAAI;AACF,eAAO,MAAM,IAAI,KAAK;AAAA,MACxB,QAAQ;AACN,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,eAAe,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MAChF;AAEA,UAAI,CAAC,MAAM,QAAQ,MAAM,MAAM,KAAK,KAAK,OAAO,WAAW,GAAG;AAC5D,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,YAAY,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC7E;AAGA,UAAI,CAAC,KAAK,SAAS;AACjB,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,qBAAqB,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACtF;AACA,YAAM,YAAY,IAAI,QAAQ,IAAI,YAAY,KAAK;AACnD,YAAM,WAAW,aAAa,GAAG;AACjC,YAAM,cAAc,MAAM,gBAAgB;AAAA,QACxC,OAAO,KAAK;AAAA,QACZ,SAAS,QAAQ;AAAA,QACjB,WAAW,QAAQ;AAAA,QACnB,QAAQ,QAAQ;AAAA,QAChB,gBAAgB,QAAQ,mBAAmB;AAAA,QAC3C,WAAW,QAAQ,sBAAsB;AAAA,QACzC;AAAA,QACA,eAAe,YAAY;AAAA,MAC7B,CAAC;AACD,UAAI,CAAC,aAAa;AAChB,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,qBAAqB,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACtF;AAGA,YAAM,eAAe,IAAI,QAAQ,IAAI,QAAQ;AAC7C,YAAM,aAAa,gBAAgB,YAAY;AAC/C,UAAI,CAAC,YAAY;AACf,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,iBAAiB,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MAClF;AAEA,YAAM,gBAAgB,MAAM,IAAI,QAAQ,KAAK;AAAA,QAC3C,YAAY;AAAA,QACZ,OAAO,EAAE,QAAQ,EAAE,UAAU,WAAW,EAAE;AAAA,QAC1C,YAAY;AAAA,MACd,CAAC;AACD,YAAM,SAAS,cAAc,KAAK;AAAA,QAChC,CAAC,MAAM,gBAAgB,EAAE,UAAU,IAAI,MAAM;AAAA,MAC/C;AACA,UAAI,CAAC,QAAQ;AACX,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,iBAAiB,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MAClF;AAIA,UAAI,aAAa,QAAQ,CAAC,UAAU,MAAM,QAAQ,GAAG;AACnD,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,eAAe,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MAChF;AAGA,UAAI,CAAC,cAAc,MAAM,OAAO,OAAO,EAAE,CAAC,GAAG;AAC3C,gBAAQ,sBAAsB,OAAO,EAAE;AACvC,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,sBAAsB,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACvF;AAIA,WAAK,QAAQ;AAAA,QACX,KAAK,OAAO,IAAI,CAAC,UAAU;AACzB,gBAAM,UAAU,qBAAqB,KAAK;AAC1C,iBAAO,IAAI,QACR,OAAO;AAAA,YACN,YAAY;AAAA,YACZ,MAAM,EAAE,GAAG,SAAS,QAAQ,OAAO,GAAG;AAAA,UACxC,CAAC,EACA,MAAM,MAAM;AAAA,UAEb,CAAC;AAAA,QACL,CAAC;AAAA,MACH;AAEA,aAAO,IAAI,SAAS,KAAK,UAAU,EAAE,UAAU,KAAK,OAAO,OAAO,CAAC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACvF;AAAA,EACF;AACF;","names":[]}

package/dist/react/index.d.cts ADDED Viewed

@@ -0,0 +1,26 @@
+import { Component, ReactNode, ErrorInfo } from 'react';
+interface ErrorBoundaryProps {
+    children: ReactNode;
+    /** Optional fallback to render when an error is caught. */
+    fallback?: ReactNode;
+    /** Optional callback invoked alongside logError. */
+    onError?: (error: Error, errorInfo: ErrorInfo) => void;
+}
+interface ErrorBoundaryState {
+    hasError: boolean;
+}
+/**
+ * React error boundary that forwards rendering errors to the centralized logger.
+ *
+ * Use at component-tree boundaries where you want to scope a render failure
+ * (e.g., wrapping a widget so a render error there doesn't crash the host page).
+ */
+declare class ErrorBoundary extends Component<ErrorBoundaryProps, ErrorBoundaryState> {
+    state: ErrorBoundaryState;
+    static getDerivedStateFromError(): ErrorBoundaryState;
+    componentDidCatch(error: Error, errorInfo: ErrorInfo): void;
+    render(): ReactNode;
+}
+export { ErrorBoundary, type ErrorBoundaryProps };

package/dist/react/index.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+import { Component, ReactNode, ErrorInfo } from 'react';
+interface ErrorBoundaryProps {
+    children: ReactNode;
+    /** Optional fallback to render when an error is caught. */
+    fallback?: ReactNode;
+    /** Optional callback invoked alongside logError. */
+    onError?: (error: Error, errorInfo: ErrorInfo) => void;
+}
+interface ErrorBoundaryState {
+    hasError: boolean;
+}
+/**
+ * React error boundary that forwards rendering errors to the centralized logger.
+ *
+ * Use at component-tree boundaries where you want to scope a render failure
+ * (e.g., wrapping a widget so a render error there doesn't crash the host page).
+ */
+declare class ErrorBoundary extends Component<ErrorBoundaryProps, ErrorBoundaryState> {
+    state: ErrorBoundaryState;
+    static getDerivedStateFromError(): ErrorBoundaryState;
+    componentDidCatch(error: Error, errorInfo: ErrorInfo): void;
+    render(): ReactNode;
+}
+export { ErrorBoundary, type ErrorBoundaryProps };