npm - @innvoid/getmarket-sdk - Versions diffs - 0.1.4 → 0.1.6 - Mend

@innvoid/getmarket-sdk 0.1.4 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (57) hide show

package/dist/cache/index.js +0 -1
package/dist/chunk-JXOLNJ7J.js +224 -0
package/dist/chunk-JXOLNJ7J.js.map +1 -0
package/dist/chunk-KJ64O2EG.js +19 -0
package/dist/chunk-KJ64O2EG.js.map +1 -0
package/dist/{chunk-GG7EI74E.js → chunk-OSYBK5AN.js} +5 -3
package/dist/chunk-OSYBK5AN.js.map +1 -0
package/dist/chunk-P2U3MT2E.js +39 -0
package/dist/chunk-P2U3MT2E.js.map +1 -0
package/dist/core/index.cjs +4 -2
package/dist/core/index.cjs.map +1 -1
package/dist/core/index.d.cts +1 -2
package/dist/core/index.d.ts +1 -2
package/dist/core/index.js +2 -4
package/dist/express.cjs +19 -0
package/dist/express.cjs.map +1 -0
package/dist/express.d.cts +12 -0
package/dist/express.d.ts +12 -0
package/dist/express.js +1 -0
package/dist/headers/index.cjs +12 -6
package/dist/headers/index.cjs.map +1 -1
package/dist/headers/index.d.cts +3 -18
package/dist/headers/index.d.ts +3 -18
package/dist/headers/index.js +1 -2
package/dist/index.cjs +138 -51
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +34 -6
package/dist/index.d.ts +34 -6
package/dist/index.js +147 -14
package/dist/index.js.map +1 -1
package/dist/middlewares/index.cjs +133 -35
package/dist/middlewares/index.cjs.map +1 -1
package/dist/middlewares/index.d.cts +43 -14
package/dist/middlewares/index.d.ts +43 -14
package/dist/middlewares/index.js +9 -4
package/dist/parse-C4vk-fmH.d.cts +16 -0
package/dist/parse-C4vk-fmH.d.ts +16 -0
package/dist/types-CRECQuHp.d.cts +54 -0
package/dist/types-CRECQuHp.d.ts +54 -0
package/package.json +6 -1
package/dist/auth/index.cjs +0 -181
package/dist/auth/index.cjs.map +0 -1
package/dist/auth/index.d.cts +0 -3
package/dist/auth/index.d.ts +0 -3
package/dist/auth/index.js +0 -12
package/dist/chunk-65HACONF.js +0 -33
package/dist/chunk-65HACONF.js.map +0 -1
package/dist/chunk-GG7EI74E.js.map +0 -1
package/dist/chunk-PZ5AY32C.js +0 -10
package/dist/chunk-PZ5AY32C.js.map +0 -1
package/dist/chunk-W23UYULS.js +0 -156
package/dist/chunk-W23UYULS.js.map +0 -1
package/dist/chunk-Y2JJLHAY.js +0 -149
package/dist/chunk-Y2JJLHAY.js.map +0 -1
package/dist/index-WbfzvmOt.d.cts +0 -87
package/dist/index-WbfzvmOt.d.ts +0 -87
/package/dist/{auth/index.js.map → express.js.map} +0 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@innvoid/getmarket-sdk",
-  "version": "0.1.4",
+  "version": "0.1.6",
   "private": false,
   "type": "module",
   "main": "dist/index.cjs",
@@ -36,6 +36,11 @@
       "types": "./dist/middlewares/index.d.ts",
       "import": "./dist/middlewares/index.js",
       "require": "./dist/middlewares/index.cjs"
+    },
+    "./express": {
+      "types": "./dist/express.d.ts",
+      "import": "./dist/express.js",
+      "require": "./dist/express.cjs"
     }
   },
   "typesVersions": {

package/dist/auth/index.cjs DELETED Viewed

@@ -1,181 +0,0 @@
-"use strict";
-var __create = Object.create;
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-// src/auth/index.ts
-var auth_exports = {};
-__export(auth_exports, {
-  createAuthMiddleware: () => createAuthMiddleware,
-  readRs256PublicKey: () => readRs256PublicKey,
-  verifyBackendJwtRS256: () => verifyBackendJwtRS256
-});
-module.exports = __toCommonJS(auth_exports);
-// src/auth/jwt.ts
-var import_fs = __toESM(require("fs"), 1);
-var import_jsonwebtoken = __toESM(require("jsonwebtoken"), 1);
-function readFileIfExists(path) {
-  if (!path) return null;
-  try {
-    const v = import_fs.default.readFileSync(path, "utf8").trim();
-    return v.length ? v : null;
-  } catch {
-    return null;
-  }
-}
-function readRs256PublicKey() {
-  const fromFile = readFileIfExists(process.env.JWT_PUBLIC_KEY_PATH);
-  if (fromFile) return fromFile;
-  const fromEnv = String(process.env.AUTH_JWT_PUBLIC_KEY || process.env.AUTH_RSA_PUBLIC_KEY || "").replace(/\\n/g, "\n").trim();
-  if (fromEnv) return fromEnv;
-  throw new Error("Missing RS256 public key (JWT_PUBLIC_KEY_PATH / AUTH_JWT_PUBLIC_KEY / AUTH_RSA_PUBLIC_KEY)");
-}
-function verifyBackendJwtRS256(raw) {
-  const publicKey = readRs256PublicKey();
-  const audience = process.env.JWT_AUDIENCE || process.env.AUTH_JWT_AUDIENCE || "getmarket.api";
-  const issuer = process.env.JWT_ISSUER || process.env.AUTH_JWT_ISSUER || "getmarket-auth";
-  return import_jsonwebtoken.default.verify(raw, publicKey, {
-    algorithms: ["RS256"],
-    audience,
-    issuer
-  });
-}
-// src/auth/middleware.ts
-function getBearerToken(req) {
-  const auth = String(req.headers?.authorization || "");
-  if (!auth.startsWith("Bearer ")) return null;
-  const token = auth.slice(7).trim();
-  return token.length ? token : null;
-}
-function normalizeUid(v) {
-  const s = String(v ?? "").trim();
-  return s.length ? s : null;
-}
-function createAuthMiddleware(opts) {
-  const {
-    subject,
-    allowFirebaseIdToken = false,
-    requireSubject = true,
-    hydrate
-  } = opts;
-  return async (req, res, next) => {
-    const token = getBearerToken(req);
-    if (!token) {
-      return res.status(401).json({
-        ok: false,
-        code: "AUTH_MISSING_TOKEN",
-        message: "Missing Authorization Bearer token"
-      });
-    }
-    const headerCtx = req.context || {};
-    const company_uid = normalizeUid(headerCtx.company_uid);
-    const branch_uid = normalizeUid(headerCtx.branch_uid);
-    try {
-      const decoded = verifyBackendJwtRS256(token);
-      const baseCtx = {
-        tokenType: "backend",
-        subject,
-        company_uid: company_uid ?? void 0,
-        branch_uid: branch_uid ?? void 0,
-        roles: Array.isArray(decoded?.roles) ? decoded.roles : [],
-        permissions: Array.isArray(decoded?.permissions) ? decoded.permissions : [],
-        denied_permissions: Array.isArray(decoded?.denied_permissions) ? decoded.denied_permissions : [],
-        session: {
-          jti: decoded?.jti,
-          device_id: decoded?.device_id,
-          expires_at: decoded?.exp
-        }
-      };
-      const hydrated = await hydrate({ decoded, req, subject, company_uid, branch_uid });
-      Object.assign(baseCtx, hydrated);
-      if (requireSubject) {
-        if (subject === "employee" && !baseCtx.employee) {
-          return res.status(401).json({
-            ok: false,
-            code: "AUTH_EMPLOYEE_NOT_FOUND",
-            message: "Employee not resolved by hydrator"
-          });
-        }
-        if (subject === "customer" && !baseCtx.customer) {
-          return res.status(401).json({
-            ok: false,
-            code: "AUTH_CUSTOMER_NOT_FOUND",
-            message: "Customer not resolved by hydrator"
-          });
-        }
-      }
-      req.auth = baseCtx;
-      return next();
-    } catch (errJwt) {
-      if (!allowFirebaseIdToken) {
-        return res.status(401).json({
-          ok: false,
-          code: "AUTH_INVALID_TOKEN",
-          message: "Invalid or expired token"
-        });
-      }
-      try {
-        const { default: admin } = await import("firebase-admin");
-        const firebaseDecoded = await admin.auth().verifyIdToken(token);
-        if (firebaseDecoded.email && firebaseDecoded.email_verified === false) {
-          return res.status(401).json({
-            ok: false,
-            code: "AUTH_EMAIL_NOT_VERIFIED",
-            message: "Email not verified"
-          });
-        }
-        req.auth = {
-          tokenType: "backend",
-          subject,
-          firebase: firebaseDecoded,
-          company_uid: company_uid ?? void 0,
-          branch_uid: branch_uid ?? void 0,
-          companies: [],
-          roles: [],
-          permissions: [],
-          denied_permissions: []
-        };
-        return next();
-      } catch {
-        return res.status(401).json({
-          ok: false,
-          code: "AUTH_INVALID_TOKEN",
-          message: "Invalid or expired token"
-        });
-      }
-    }
-  };
-}
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  createAuthMiddleware,
-  readRs256PublicKey,
-  verifyBackendJwtRS256
-});
-//# sourceMappingURL=index.cjs.map

package/dist/auth/index.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../src/auth/index.ts","../../src/auth/jwt.ts","../../src/auth/middleware.ts"],"sourcesContent":["export * from \"./types\";\nexport * from \"./jwt\";\nexport * from \"./middleware\";\n","import fs from \"fs\";\nimport jwt, {JwtPayload} from \"jsonwebtoken\";\n\nfunction readFileIfExists(path?: string): string | null {\n if (!path) return null;\n try {\n const v = fs.readFileSync(path, \"utf8\").trim();\n return v.length ? v : null;\n } catch {\n return null;\n }\n}\n\n/**\n * ✅ Keys viven en getmarket-stack:\n * - JWT_PUBLIC_KEY_PATH=/run/secrets/jwtRS256.key.pub (recomendado)\n * - fallback env AUTH_JWT_PUBLIC_KEY / AUTH_RSA_PUBLIC_KEY\n */\nexport function readRs256PublicKey(): string {\n const fromFile = readFileIfExists(process.env.JWT_PUBLIC_KEY_PATH);\n if (fromFile) return fromFile;\n\n const fromEnv = String(process.env.AUTH_JWT_PUBLIC_KEY || process.env.AUTH_RSA_PUBLIC_KEY || \"\")\n .replace(/\\\\n/g, \"\\n\")\n .trim();\n\n if (fromEnv) return fromEnv;\n\n throw new Error(\"Missing RS256 public key (JWT_PUBLIC_KEY_PATH / AUTH_JWT_PUBLIC_KEY / AUTH_RSA_PUBLIC_KEY)\");\n}\n\nexport function verifyBackendJwtRS256(raw: string): JwtPayload {\n const publicKey = readRs256PublicKey();\n\n const audience = process.env.JWT_AUDIENCE || process.env.AUTH_JWT_AUDIENCE || \"getmarket.api\";\n const issuer = process.env.JWT_ISSUER || process.env.AUTH_JWT_ISSUER || \"getmarket-auth\";\n\n // ✅ SOLO RS256\n return jwt.verify(raw, publicKey, {\n algorithms: [\"RS256\"],\n audience,\n issuer,\n }) as JwtPayload;\n}\n","import type {NextFunction, Response} from \"express\";\nimport {verifyBackendJwtRS256} from \"./jwt\";\nimport type {AuthContext, AuthMiddlewareOptions} from \"./types\";\n\nfunction getBearerToken(req: any): string | null {\n const auth = String(req.headers?.authorization || \"\");\n if (!auth.startsWith(\"Bearer \")) return null;\n const token = auth.slice(7).trim();\n return token.length ? token : null;\n}\n\nfunction normalizeUid(v: any): string | null {\n const s = String(v ?? \"\").trim();\n return s.length ? s : null;\n}\n\n/**\n * ✅ Middleware estándar:\n * - Solo Authorization: Bearer\n * - Solo RS256\n * - Cero legacy\n * - Hidrata vía hook (OBLIGATORIO) para que cada micro no replique lógica\n */\nexport function createAuthMiddleware(opts: AuthMiddlewareOptions) {\n const {\n subject,\n allowFirebaseIdToken = false,\n requireSubject = true,\n hydrate,\n } = opts;\n\n return async (req: any, res: Response, next: NextFunction) => {\n const token = getBearerToken(req);\n if (!token) {\n return res.status(401).json({\n ok: false,\n code: \"AUTH_MISSING_TOKEN\",\n message: \"Missing Authorization Bearer token\",\n });\n }\n\n // Contexto desde parseHeaders (SDK) -> req.context\n const headerCtx = (req as any).context || {};\n const company_uid = normalizeUid(headerCtx.company_uid);\n const branch_uid = normalizeUid(headerCtx.branch_uid);\n\n // 1) RS256 backend JWT\n try {\n const decoded: any = verifyBackendJwtRS256(token);\n\n const baseCtx: AuthContext = {\n tokenType: \"backend\",\n subject,\n company_uid: company_uid ?? undefined,\n branch_uid: branch_uid ?? undefined,\n roles: Array.isArray(decoded?.roles) ? decoded.roles : [],\n permissions: Array.isArray(decoded?.permissions) ? decoded.permissions : [],\n denied_permissions: Array.isArray(decoded?.denied_permissions) ? decoded.denied_permissions : [],\n session: {\n jti: decoded?.jti,\n device_id: decoded?.device_id,\n expires_at: decoded?.exp,\n },\n };\n\n // ✅ hydrate obligatorio (cero legacy)\n const hydrated = await hydrate({decoded, req, subject, company_uid, branch_uid});\n Object.assign(baseCtx, hydrated);\n\n if (requireSubject) {\n if (subject === \"employee\" && !baseCtx.employee) {\n return res.status(401).json({\n ok: false,\n code: \"AUTH_EMPLOYEE_NOT_FOUND\",\n message: \"Employee not resolved by hydrator\",\n });\n }\n if (subject === \"customer\" && !baseCtx.customer) {\n return res.status(401).json({\n ok: false,\n code: \"AUTH_CUSTOMER_NOT_FOUND\",\n message: \"Customer not resolved by hydrator\",\n });\n }\n }\n\n req.auth = baseCtx;\n return next();\n } catch (errJwt) {\n // 2) Firebase opcional (si está habilitado explícitamente)\n if (!allowFirebaseIdToken) {\n return res.status(401).json({\n ok: false,\n code: \"AUTH_INVALID_TOKEN\",\n message: \"Invalid or expired token\",\n });\n }\n\n try {\n // Import dinámico (pero firebase-admin está en deps del SDK)\n const {default: admin} = await import(\"firebase-admin\");\n const firebaseDecoded = await admin.auth().verifyIdToken(token);\n\n if (firebaseDecoded.email && firebaseDecoded.email_verified === false) {\n return res.status(401).json({\n ok: false,\n code: \"AUTH_EMAIL_NOT_VERIFIED\",\n message: \"Email not verified\",\n });\n }\n\n req.auth = {\n tokenType: \"backend\",\n subject,\n firebase: firebaseDecoded,\n company_uid: company_uid ?? undefined,\n branch_uid: branch_uid ?? undefined,\n companies: [],\n roles: [],\n permissions: [],\n denied_permissions: [],\n };\n\n return next();\n } catch {\n return res.status(401).json({\n ok: false,\n code: \"AUTH_INVALID_TOKEN\",\n message: \"Invalid or expired token\",\n });\n }\n }\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,gBAAe;AACf,0BAA8B;AAE9B,SAAS,iBAAiB,MAA8B;AACpD,MAAI,CAAC,KAAM,QAAO;AAClB,MAAI;AACA,UAAM,IAAI,UAAAA,QAAG,aAAa,MAAM,MAAM,EAAE,KAAK;AAC7C,WAAO,EAAE,SAAS,IAAI;AAAA,EAC1B,QAAQ;AACJ,WAAO;AAAA,EACX;AACJ;AAOO,SAAS,qBAA6B;AACzC,QAAM,WAAW,iBAAiB,QAAQ,IAAI,mBAAmB;AACjE,MAAI,SAAU,QAAO;AAErB,QAAM,UAAU,OAAO,QAAQ,IAAI,uBAAuB,QAAQ,IAAI,uBAAuB,EAAE,EAC1F,QAAQ,QAAQ,IAAI,EACpB,KAAK;AAEV,MAAI,QAAS,QAAO;AAEpB,QAAM,IAAI,MAAM,4FAA4F;AAChH;AAEO,SAAS,sBAAsB,KAAyB;AAC3D,QAAM,YAAY,mBAAmB;AAErC,QAAM,WAAW,QAAQ,IAAI,gBAAgB,QAAQ,IAAI,qBAAqB;AAC9E,QAAM,SAAS,QAAQ,IAAI,cAAc,QAAQ,IAAI,mBAAmB;AAGxE,SAAO,oBAAAC,QAAI,OAAO,KAAK,WAAW;AAAA,IAC9B,YAAY,CAAC,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,EACJ,CAAC;AACL;;;ACvCA,SAAS,eAAe,KAAyB;AAC7C,QAAM,OAAO,OAAO,IAAI,SAAS,iBAAiB,EAAE;AACpD,MAAI,CAAC,KAAK,WAAW,SAAS,EAAG,QAAO;AACxC,QAAM,QAAQ,KAAK,MAAM,CAAC,EAAE,KAAK;AACjC,SAAO,MAAM,SAAS,QAAQ;AAClC;AAEA,SAAS,aAAa,GAAuB;AACzC,QAAM,IAAI,OAAO,KAAK,EAAE,EAAE,KAAK;AAC/B,SAAO,EAAE,SAAS,IAAI;AAC1B;AASO,SAAS,qBAAqB,MAA6B;AAC9D,QAAM;AAAA,IACF;AAAA,IACA,uBAAuB;AAAA,IACvB,iBAAiB;AAAA,IACjB;AAAA,EACJ,IAAI;AAEJ,SAAO,OAAO,KAAU,KAAe,SAAuB;AAC1D,UAAM,QAAQ,eAAe,GAAG;AAChC,QAAI,CAAC,OAAO;AACR,aAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,QACxB,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAGA,UAAM,YAAa,IAAY,WAAW,CAAC;AAC3C,UAAM,cAAc,aAAa,UAAU,WAAW;AACtD,UAAM,aAAa,aAAa,UAAU,UAAU;AAGpD,QAAI;AACA,YAAM,UAAe,sBAAsB,KAAK;AAEhD,YAAM,UAAuB;AAAA,QACzB,WAAW;AAAA,QACX;AAAA,QACA,aAAa,eAAe;AAAA,QAC5B,YAAY,cAAc;AAAA,QAC1B,OAAO,MAAM,QAAQ,SAAS,KAAK,IAAI,QAAQ,QAAQ,CAAC;AAAA,QACxD,aAAa,MAAM,QAAQ,SAAS,WAAW,IAAI,QAAQ,cAAc,CAAC;AAAA,QAC1E,oBAAoB,MAAM,QAAQ,SAAS,kBAAkB,IAAI,QAAQ,qBAAqB,CAAC;AAAA,QAC/F,SAAS;AAAA,UACL,KAAK,SAAS;AAAA,UACd,WAAW,SAAS;AAAA,UACpB,YAAY,SAAS;AAAA,QACzB;AAAA,MACJ;AAGA,YAAM,WAAW,MAAM,QAAQ,EAAC,SAAS,KAAK,SAAS,aAAa,WAAU,CAAC;AAC/E,aAAO,OAAO,SAAS,QAAQ;AAE/B,UAAI,gBAAgB;AAChB,YAAI,YAAY,cAAc,CAAC,QAAQ,UAAU;AAC7C,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YACxB,IAAI;AAAA,YACJ,MAAM;AAAA,YACN,SAAS;AAAA,UACb,CAAC;AAAA,QACL;AACA,YAAI,YAAY,cAAc,CAAC,QAAQ,UAAU;AAC7C,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YACxB,IAAI;AAAA,YACJ,MAAM;AAAA,YACN,SAAS;AAAA,UACb,CAAC;AAAA,QACL;AAAA,MACJ;AAEA,UAAI,OAAO;AACX,aAAO,KAAK;AAAA,IAChB,SAAS,QAAQ;AAEb,UAAI,CAAC,sBAAsB;AACvB,eAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UACxB,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,SAAS;AAAA,QACb,CAAC;AAAA,MACL;AAEA,UAAI;AAEA,cAAM,EAAC,SAAS,MAAK,IAAI,MAAM,OAAO,gBAAgB;AACtD,cAAM,kBAAkB,MAAM,MAAM,KAAK,EAAE,cAAc,KAAK;AAE9D,YAAI,gBAAgB,SAAS,gBAAgB,mBAAmB,OAAO;AACnE,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YACxB,IAAI;AAAA,YACJ,MAAM;AAAA,YACN,SAAS;AAAA,UACb,CAAC;AAAA,QACL;AAEA,YAAI,OAAO;AAAA,UACP,WAAW;AAAA,UACX;AAAA,UACA,UAAU;AAAA,UACV,aAAa,eAAe;AAAA,UAC5B,YAAY,cAAc;AAAA,UAC1B,WAAW,CAAC;AAAA,UACZ,OAAO,CAAC;AAAA,UACR,aAAa,CAAC;AAAA,UACd,oBAAoB,CAAC;AAAA,QACzB;AAEA,eAAO,KAAK;AAAA,MAChB,QAAQ;AACJ,eAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UACxB,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,SAAS;AAAA,QACb,CAAC;AAAA,MACL;AAAA,IACJ;AAAA,EACJ;AACJ;","names":["fs","jwt"]}

package/dist/auth/index.d.cts DELETED Viewed

@@ -1,3 +0,0 @@
-export { A as AuthContext, a as AuthMiddlewareOptions, b as AuthSession, c as AuthSubject, H as HydrateInput, d as HydrateResult, e as Hydrator, T as TokenType, f as createAuthMiddleware, r as readRs256PublicKey, v as verifyBackendJwtRS256 } from '../index-WbfzvmOt.cjs';
-import 'express';
-import 'jsonwebtoken';

package/dist/auth/index.d.ts DELETED Viewed

@@ -1,3 +0,0 @@
-export { A as AuthContext, a as AuthMiddlewareOptions, b as AuthSession, c as AuthSubject, H as HydrateInput, d as HydrateResult, e as Hydrator, T as TokenType, f as createAuthMiddleware, r as readRs256PublicKey, v as verifyBackendJwtRS256 } from '../index-WbfzvmOt.js';
-import 'express';
-import 'jsonwebtoken';

package/dist/auth/index.js DELETED Viewed

@@ -1,12 +0,0 @@
-import {
-  createAuthMiddleware,
-  readRs256PublicKey,
-  verifyBackendJwtRS256
-} from "../chunk-W23UYULS.js";
-import "../chunk-PZ5AY32C.js";
-export {
-  createAuthMiddleware,
-  readRs256PublicKey,
-  verifyBackendJwtRS256
-};
-//# sourceMappingURL=index.js.map

package/dist/chunk-65HACONF.js DELETED Viewed

@@ -1,33 +0,0 @@
-// src/headers/constants.ts
-var HEADER_REQUEST_ID = "x-request-id";
-var HEADER_COMPANY_UID = "x-company";
-var HEADER_BRANCH_UID = "x-branch";
-var HEADER_EMPLOYEE_UID = "x-employee-uid";
-var HEADER_INTERNAL_API_KEY = "x-internal-api-key";
-var HEADER_AUTHORIZATION = "authorization";
-// src/headers/parse.ts
-function asString(v) {
-  if (typeof v !== "string") return null;
-  const s = v.trim();
-  return s ? s : null;
-}
-function getRequestContextFromHeaders(headers) {
-  return {
-    requestId: asString(headers[HEADER_REQUEST_ID]) ?? null,
-    company_uid: asString(headers[HEADER_COMPANY_UID]) ?? null,
-    branch_uid: asString(headers[HEADER_BRANCH_UID]) ?? null,
-    employee_uid: asString(headers[HEADER_EMPLOYEE_UID]) ?? null
-  };
-}
-export {
-  HEADER_REQUEST_ID,
-  HEADER_COMPANY_UID,
-  HEADER_BRANCH_UID,
-  HEADER_EMPLOYEE_UID,
-  HEADER_INTERNAL_API_KEY,
-  HEADER_AUTHORIZATION,
-  getRequestContextFromHeaders
-};
-//# sourceMappingURL=chunk-65HACONF.js.map

package/dist/chunk-65HACONF.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../src/headers/constants.ts","../src/headers/parse.ts"],"sourcesContent":["export const HEADER_REQUEST_ID = \"x-request-id\";\n\nexport const HEADER_COMPANY_UID = \"x-company\";\nexport const HEADER_BRANCH_UID = \"x-branch\";\nexport const HEADER_EMPLOYEE_UID = \"x-employee-uid\";\n\nexport const HEADER_INTERNAL_API_KEY = \"x-internal-api-key\";\nexport const HEADER_AUTHORIZATION = \"authorization\";\n","import {\n HEADER_BRANCH_UID,\n HEADER_COMPANY_UID,\n HEADER_EMPLOYEE_UID,\n HEADER_REQUEST_ID,\n} from \"./constants\";\n\nexport type RequestContext = {\n requestId?: string | null;\n\n company_uid?: string | null;\n branch_uid?: string | null;\n employee_uid?: string | null;\n};\n\nfunction asString(v: unknown): string | null {\n if (typeof v !== \"string\") return null;\n const s = v.trim();\n return s ? s : null;\n}\n\n/**\n * ✅ NO-LEGACY:\n * - x-company: <UID>\n * - x-branch: <UID>\n * - x-employee-uid: <UID> (opcional)\n * - x-request-id: string (opcional)\n *\n * 🚫 No JSON, no _id, no objetos.\n */\nexport function getRequestContextFromHeaders(headers: Record<string, any>): RequestContext {\n return {\n requestId: asString(headers[HEADER_REQUEST_ID]) ?? null,\n company_uid: asString(headers[HEADER_COMPANY_UID]) ?? null,\n branch_uid: asString(headers[HEADER_BRANCH_UID]) ?? null,\n employee_uid: asString(headers[HEADER_EMPLOYEE_UID]) ?? null,\n };\n}\n"],"mappings":";AAAO,IAAM,oBAAoB;AAE1B,IAAM,qBAAqB;AAC3B,IAAM,oBAAoB;AAC1B,IAAM,sBAAsB;AAE5B,IAAM,0BAA0B;AAChC,IAAM,uBAAuB;;;ACQpC,SAAS,SAAS,GAA2B;AACzC,MAAI,OAAO,MAAM,SAAU,QAAO;AAClC,QAAM,IAAI,EAAE,KAAK;AACjB,SAAO,IAAI,IAAI;AACnB;AAWO,SAAS,6BAA6B,SAA8C;AACvF,SAAO;AAAA,IACH,WAAW,SAAS,QAAQ,iBAAiB,CAAC,KAAK;AAAA,IACnD,aAAa,SAAS,QAAQ,kBAAkB,CAAC,KAAK;AAAA,IACtD,YAAY,SAAS,QAAQ,iBAAiB,CAAC,KAAK;AAAA,IACpD,cAAc,SAAS,QAAQ,mBAAmB,CAAC,KAAK;AAAA,EAC5D;AACJ;","names":[]}

package/dist/chunk-GG7EI74E.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../src/core/errors.ts","../src/core/http.ts","../src/core/internalHttp.ts"],"sourcesContent":["export type ClientErrorCode =\n | \"UPSTREAM_TIMEOUT\"\n | \"UPSTREAM_UNAVAILABLE\"\n | \"UPSTREAM_BAD_RESPONSE\"\n | \"UPSTREAM_NOT_FOUND\"\n | \"UPSTREAM_UNAUTHORIZED\"\n | \"UPSTREAM_FORBIDDEN\"\n | \"UPSTREAM_UNKNOWN\";\n\nexport class UpstreamError extends Error {\n public code: ClientErrorCode;\n public status?: number;\n public details?: any;\n\n constructor(message: string, code: ClientErrorCode, status?: number, details?: any) {\n super(message);\n this.name = \"UpstreamError\";\n this.code = code;\n this.status = status;\n this.details = details;\n }\n}\n\nexport function mapAxiosToUpstreamError(err: any, svc: string): UpstreamError {\n const status = err?.response?.status;\n const data = err?.response?.data;\n const isTimeout = err?.code === \"ECONNABORTED\" || String(err?.message || \"\").includes(\"timeout\");\n\n if (isTimeout) {\n return new UpstreamError(`[${svc}] timeout`, \"UPSTREAM_TIMEOUT\", 504, {cause: err?.message});\n }\n if (!err?.response) {\n return new UpstreamError(`[${svc}] unavailable`, \"UPSTREAM_UNAVAILABLE\", 503, {cause: err?.message});\n }\n if (status === 404) return new UpstreamError(`[${svc}] not found`, \"UPSTREAM_NOT_FOUND\", 404, data);\n if (status === 401) return new UpstreamError(`[${svc}] unauthorized`, \"UPSTREAM_UNAUTHORIZED\", 401, data);\n if (status === 403) return new UpstreamError(`[${svc}] forbidden`, \"UPSTREAM_FORBIDDEN\", 403, data);\n if (status >= 400 && status < 600) {\n return new UpstreamError(`[${svc}] bad response`, \"UPSTREAM_BAD_RESPONSE\", status, data);\n }\n return new UpstreamError(`[${svc}] unknown error`, \"UPSTREAM_UNKNOWN\", status, data);\n}\n","// clients/core/http.ts\nimport axios, {AxiosInstance, AxiosRequestConfig} from \"axios\";\n\nexport const REQUEST_ID_HEADER = \"x-request-id\";\n\nexport type HttpClientOpts = {\n baseURL: string;\n timeoutMs?: number;\n};\n\n/**\n * Headers compatibles con múltiples versiones de axios.\n * En axios antiguo, `headers` suele ser `any`, así que mantenemos tolerancia.\n */\nexport type AnyHeaders = NonNullable<AxiosRequestConfig[\"headers\"]> | Record<string, string>;\n\n/**\n * Agrega x-request-id a headers (sin pisar otros headers).\n */\nexport function withRequestId(headers: AnyHeaders | undefined, requestId?: string | null): AnyHeaders {\n const h: Record<string, any> =\n headers && typeof headers === \"object\"\n ? {...(headers as any)}\n : {};\n\n const rid = (requestId || \"\").trim();\n if (rid) h[REQUEST_ID_HEADER] = rid;\n\n return h as AnyHeaders;\n}\n\n/**\n * Helper para construir config de axios con requestId\n * (SIN genéricos para compat con axios typings antiguos).\n */\nexport function withRequestIdConfig(\n config: AxiosRequestConfig = {},\n requestId?: string | null\n): AxiosRequestConfig {\n return {\n ...config,\n headers: withRequestId((config as any).headers, requestId) as any,\n };\n}\n\nexport function createHttpClient(opts: HttpClientOpts): AxiosInstance {\n return axios.create({\n baseURL: opts.baseURL,\n timeout: opts.timeoutMs ?? 4000,\n headers: {\"Content-Type\": \"application/json\"},\n });\n}\n","// clients/internalHttp.ts\n\ntype RetryPolicy = {\n retries: number;\n baseDelayMs: number;\n retryOnStatuses: number[];\n retryOnNetworkErrors: boolean;\n};\n\ntype InternalHttpOptions = {\n baseUrl: string;\n apiKey?: string; // x-internal-api-key\n timeoutMs?: number;\n retry?: Partial<RetryPolicy>;\n};\n\nconst DEFAULT_RETRY: RetryPolicy = {\n retries: 1,\n baseDelayMs: 150,\n retryOnStatuses: [429, 502, 503, 504],\n retryOnNetworkErrors: true,\n};\n\nfunction sleep(ms: number) {\n return new Promise((r) => setTimeout(r, ms));\n}\n\nfunction safeJsonStringify(v: any) {\n try {\n return JSON.stringify(v);\n } catch {\n return String(v);\n }\n}\n\nfunction toHeaders(init?: HeadersInit): Headers {\n return new Headers(init || {});\n}\n\nfunction isJsonContentType(contentType: string | null): boolean {\n if (!contentType) return false;\n const ct = contentType.toLowerCase();\n return ct.includes(\"application/json\") || ct.includes(\"+json\");\n}\n\nfunction isAbortError(e: any): boolean {\n return e?.name === \"AbortError\";\n}\n\nfunction withJitter(ms: number): number {\n // jitter +-20%\n const jitter = ms * 0.2;\n const delta = (Math.random() * 2 - 1) * jitter;\n return Math.max(0, Math.floor(ms + delta));\n}\n\nexport class InternalHttp {\n private readonly baseUrl: string;\n private readonly apiKey: string | undefined;\n private readonly timeoutMs: number;\n private retry: RetryPolicy;\n\n constructor(opts: InternalHttpOptions) {\n this.baseUrl = opts.baseUrl.replace(/\\/+$/, \"\");\n this.apiKey = opts.apiKey;\n\n // ✅ Default más seguro para internas (evita cascadas)\n this.timeoutMs = opts.timeoutMs ?? 4000;\n\n this.retry = {...DEFAULT_RETRY, ...(opts.retry || {})};\n }\n\n async request<T>(\n path: string,\n init: RequestInit & {\n requestId?: string;\n idempotencyKey?: string;\n headers?: HeadersInit;\n } = {}\n ): Promise<T> {\n const url = `${this.baseUrl}${path.startsWith(\"/\") ? \"\" : \"/\"}${path}`;\n\n const baseHeaders = toHeaders(init.headers);\n\n if (!baseHeaders.has(\"Content-Type\")) baseHeaders.set(\"Content-Type\", \"application/json\");\n if (this.apiKey) baseHeaders.set(\"x-internal-api-key\", this.apiKey);\n\n if (init.requestId) baseHeaders.set(\"x-request-id\", init.requestId);\n if (init.idempotencyKey) baseHeaders.set(\"Idempotency-Key\", init.idempotencyKey);\n\n const {headers: _ignored, ...restInit} = init;\n\n const doFetchOnce = async () => {\n const controller = new AbortController();\n const timeout = setTimeout(() => controller.abort(), this.timeoutMs);\n\n try {\n const res = await fetch(url, {\n ...restInit,\n headers: baseHeaders,\n signal: controller.signal,\n });\n\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n const err: any = new Error(\n `HTTP ${res.status} ${res.statusText}${text ? ` - ${text}` : \"\"}`\n );\n err.status = res.status;\n err.body = text;\n throw err;\n }\n\n if (res.status === 204) return undefined as unknown as T;\n\n const contentType = res.headers.get(\"content-type\");\n if (isJsonContentType(contentType)) {\n return (await res.json()) as T;\n }\n\n const text = await res.text().catch(() => \"\");\n return text as unknown as T;\n } finally {\n clearTimeout(timeout);\n }\n };\n\n let attempt = 0;\n\n while (true) {\n try {\n return await doFetchOnce();\n } catch (e: any) {\n attempt++;\n\n const status = e?.status;\n const retryableStatus = !!status && this.retry.retryOnStatuses.includes(status);\n\n const retryableNetwork =\n this.retry.retryOnNetworkErrors &&\n (isAbortError(e) || !status); // sin status suele ser red/dns/timeout\n\n const isRetryable = retryableStatus || retryableNetwork;\n\n if (!isRetryable || attempt > this.retry.retries) {\n console.error(\n `[InternalHttp] request failed: ${url} attempt=${attempt} status=${status ?? \"n/a\"} err=${e?.message\n } body=${safeJsonStringify(e?.body)}`\n );\n throw e;\n }\n\n const backoff = withJitter(this.retry.baseDelayMs * attempt);\n await sleep(backoff);\n }\n }\n }\n}\n"],"mappings":";AASO,IAAM,gBAAN,cAA4B,MAAM;AAAA,EAC9B;AAAA,EACA;AAAA,EACA;AAAA,EAEP,YAAY,SAAiB,MAAuB,QAAiB,SAAe;AAChF,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,UAAU;AAAA,EACnB;AACJ;AAEO,SAAS,wBAAwB,KAAU,KAA4B;AAC1E,QAAM,SAAS,KAAK,UAAU;AAC9B,QAAM,OAAO,KAAK,UAAU;AAC5B,QAAM,YAAY,KAAK,SAAS,kBAAkB,OAAO,KAAK,WAAW,EAAE,EAAE,SAAS,SAAS;AAE/F,MAAI,WAAW;AACX,WAAO,IAAI,cAAc,IAAI,GAAG,aAAa,oBAAoB,KAAK,EAAC,OAAO,KAAK,QAAO,CAAC;AAAA,EAC/F;AACA,MAAI,CAAC,KAAK,UAAU;AAChB,WAAO,IAAI,cAAc,IAAI,GAAG,iBAAiB,wBAAwB,KAAK,EAAC,OAAO,KAAK,QAAO,CAAC;AAAA,EACvG;AACA,MAAI,WAAW,IAAK,QAAO,IAAI,cAAc,IAAI,GAAG,eAAe,sBAAsB,KAAK,IAAI;AAClG,MAAI,WAAW,IAAK,QAAO,IAAI,cAAc,IAAI,GAAG,kBAAkB,yBAAyB,KAAK,IAAI;AACxG,MAAI,WAAW,IAAK,QAAO,IAAI,cAAc,IAAI,GAAG,eAAe,sBAAsB,KAAK,IAAI;AAClG,MAAI,UAAU,OAAO,SAAS,KAAK;AAC/B,WAAO,IAAI,cAAc,IAAI,GAAG,kBAAkB,yBAAyB,QAAQ,IAAI;AAAA,EAC3F;AACA,SAAO,IAAI,cAAc,IAAI,GAAG,mBAAmB,oBAAoB,QAAQ,IAAI;AACvF;;;ACxCA,OAAO,WAAgD;AAEhD,IAAM,oBAAoB;AAgB1B,SAAS,cAAc,SAAiC,WAAuC;AAClG,QAAM,IACF,WAAW,OAAO,YAAY,WACxB,EAAC,GAAI,QAAe,IACpB,CAAC;AAEX,QAAM,OAAO,aAAa,IAAI,KAAK;AACnC,MAAI,IAAK,GAAE,iBAAiB,IAAI;AAEhC,SAAO;AACX;AAMO,SAAS,oBACZ,SAA6B,CAAC,GAC9B,WACkB;AAClB,SAAO;AAAA,IACH,GAAG;AAAA,IACH,SAAS,cAAe,OAAe,SAAS,SAAS;AAAA,EAC7D;AACJ;AAEO,SAAS,iBAAiB,MAAqC;AAClE,SAAO,MAAM,OAAO;AAAA,IAChB,SAAS,KAAK;AAAA,IACd,SAAS,KAAK,aAAa;AAAA,IAC3B,SAAS,EAAC,gBAAgB,mBAAkB;AAAA,EAChD,CAAC;AACL;;;ACnCA,IAAM,gBAA6B;AAAA,EAC/B,SAAS;AAAA,EACT,aAAa;AAAA,EACb,iBAAiB,CAAC,KAAK,KAAK,KAAK,GAAG;AAAA,EACpC,sBAAsB;AAC1B;AAEA,SAAS,MAAM,IAAY;AACvB,SAAO,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAC/C;AAEA,SAAS,kBAAkB,GAAQ;AAC/B,MAAI;AACA,WAAO,KAAK,UAAU,CAAC;AAAA,EAC3B,QAAQ;AACJ,WAAO,OAAO,CAAC;AAAA,EACnB;AACJ;AAEA,SAAS,UAAU,MAA6B;AAC5C,SAAO,IAAI,QAAQ,QAAQ,CAAC,CAAC;AACjC;AAEA,SAAS,kBAAkB,aAAqC;AAC5D,MAAI,CAAC,YAAa,QAAO;AACzB,QAAM,KAAK,YAAY,YAAY;AACnC,SAAO,GAAG,SAAS,kBAAkB,KAAK,GAAG,SAAS,OAAO;AACjE;AAEA,SAAS,aAAa,GAAiB;AACnC,SAAO,GAAG,SAAS;AACvB;AAEA,SAAS,WAAW,IAAoB;AAEpC,QAAM,SAAS,KAAK;AACpB,QAAM,SAAS,KAAK,OAAO,IAAI,IAAI,KAAK;AACxC,SAAO,KAAK,IAAI,GAAG,KAAK,MAAM,KAAK,KAAK,CAAC;AAC7C;AAEO,IAAM,eAAN,MAAmB;AAAA,EACL;AAAA,EACA;AAAA,EACA;AAAA,EACT;AAAA,EAER,YAAY,MAA2B;AACnC,SAAK,UAAU,KAAK,QAAQ,QAAQ,QAAQ,EAAE;AAC9C,SAAK,SAAS,KAAK;AAGnB,SAAK,YAAY,KAAK,aAAa;AAEnC,SAAK,QAAQ,EAAC,GAAG,eAAe,GAAI,KAAK,SAAS,CAAC,EAAE;AAAA,EACzD;AAAA,EAEA,MAAM,QACF,MACA,OAII,CAAC,GACK;AACV,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,KAAK,WAAW,GAAG,IAAI,KAAK,GAAG,GAAG,IAAI;AAEpE,UAAM,cAAc,UAAU,KAAK,OAAO;AAE1C,QAAI,CAAC,YAAY,IAAI,cAAc,EAAG,aAAY,IAAI,gBAAgB,kBAAkB;AACxF,QAAI,KAAK,OAAQ,aAAY,IAAI,sBAAsB,KAAK,MAAM;AAElE,QAAI,KAAK,UAAW,aAAY,IAAI,gBAAgB,KAAK,SAAS;AAClE,QAAI,KAAK,eAAgB,aAAY,IAAI,mBAAmB,KAAK,cAAc;AAE/E,UAAM,EAAC,SAAS,UAAU,GAAG,SAAQ,IAAI;AAEzC,UAAM,cAAc,YAAY;AAC5B,YAAM,aAAa,IAAI,gBAAgB;AACvC,YAAM,UAAU,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,SAAS;AAEnE,UAAI;AACA,cAAM,MAAM,MAAM,MAAM,KAAK;AAAA,UACzB,GAAG;AAAA,UACH,SAAS;AAAA,UACT,QAAQ,WAAW;AAAA,QACvB,CAAC;AAED,YAAI,CAAC,IAAI,IAAI;AACT,gBAAMA,QAAO,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,EAAE;AAC5C,gBAAM,MAAW,IAAI;AAAA,YACjB,QAAQ,IAAI,MAAM,IAAI,IAAI,UAAU,GAAGA,QAAO,MAAMA,KAAI,KAAK,EAAE;AAAA,UACnE;AACA,cAAI,SAAS,IAAI;AACjB,cAAI,OAAOA;AACX,gBAAM;AAAA,QACV;AAEA,YAAI,IAAI,WAAW,IAAK,QAAO;AAE/B,cAAM,cAAc,IAAI,QAAQ,IAAI,cAAc;AAClD,YAAI,kBAAkB,WAAW,GAAG;AAChC,iBAAQ,MAAM,IAAI,KAAK;AAAA,QAC3B;AAEA,cAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,EAAE;AAC5C,eAAO;AAAA,MACX,UAAE;AACE,qBAAa,OAAO;AAAA,MACxB;AAAA,IACJ;AAEA,QAAI,UAAU;AAEd,WAAO,MAAM;AACT,UAAI;AACA,eAAO,MAAM,YAAY;AAAA,MAC7B,SAAS,GAAQ;AACb;AAEA,cAAM,SAAS,GAAG;AAClB,cAAM,kBAAkB,CAAC,CAAC,UAAU,KAAK,MAAM,gBAAgB,SAAS,MAAM;AAE9E,cAAM,mBACF,KAAK,MAAM,yBACV,aAAa,CAAC,KAAK,CAAC;AAEzB,cAAM,cAAc,mBAAmB;AAEvC,YAAI,CAAC,eAAe,UAAU,KAAK,MAAM,SAAS;AAC9C,kBAAQ;AAAA,YACJ,kCAAkC,GAAG,YAAY,OAAO,WAAW,UAAU,KAAK,QAAQ,GAAG,OAC7F,SAAS,kBAAkB,GAAG,IAAI,CAAC;AAAA,UACvC;AACA,gBAAM;AAAA,QACV;AAEA,cAAM,UAAU,WAAW,KAAK,MAAM,cAAc,OAAO;AAC3D,cAAM,MAAM,OAAO;AAAA,MACvB;AAAA,IACJ;AAAA,EACJ;AACJ;","names":["text"]}

package/dist/chunk-PZ5AY32C.js DELETED Viewed

@@ -1,10 +0,0 @@
-var __defProp = Object.defineProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-export {
-  __export
-};
-//# sourceMappingURL=chunk-PZ5AY32C.js.map

package/dist/chunk-PZ5AY32C.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/chunk-W23UYULS.js DELETED Viewed

@@ -1,156 +0,0 @@
-import {
-  __export
-} from "./chunk-PZ5AY32C.js";
-// src/auth/index.ts
-var auth_exports = {};
-__export(auth_exports, {
-  createAuthMiddleware: () => createAuthMiddleware,
-  readRs256PublicKey: () => readRs256PublicKey,
-  verifyBackendJwtRS256: () => verifyBackendJwtRS256
-});
-// src/auth/jwt.ts
-import fs from "fs";
-import jwt from "jsonwebtoken";
-function readFileIfExists(path) {
-  if (!path) return null;
-  try {
-    const v = fs.readFileSync(path, "utf8").trim();
-    return v.length ? v : null;
-  } catch {
-    return null;
-  }
-}
-function readRs256PublicKey() {
-  const fromFile = readFileIfExists(process.env.JWT_PUBLIC_KEY_PATH);
-  if (fromFile) return fromFile;
-  const fromEnv = String(process.env.AUTH_JWT_PUBLIC_KEY || process.env.AUTH_RSA_PUBLIC_KEY || "").replace(/\\n/g, "\n").trim();
-  if (fromEnv) return fromEnv;
-  throw new Error("Missing RS256 public key (JWT_PUBLIC_KEY_PATH / AUTH_JWT_PUBLIC_KEY / AUTH_RSA_PUBLIC_KEY)");
-}
-function verifyBackendJwtRS256(raw) {
-  const publicKey = readRs256PublicKey();
-  const audience = process.env.JWT_AUDIENCE || process.env.AUTH_JWT_AUDIENCE || "getmarket.api";
-  const issuer = process.env.JWT_ISSUER || process.env.AUTH_JWT_ISSUER || "getmarket-auth";
-  return jwt.verify(raw, publicKey, {
-    algorithms: ["RS256"],
-    audience,
-    issuer
-  });
-}
-// src/auth/middleware.ts
-function getBearerToken(req) {
-  const auth = String(req.headers?.authorization || "");
-  if (!auth.startsWith("Bearer ")) return null;
-  const token = auth.slice(7).trim();
-  return token.length ? token : null;
-}
-function normalizeUid(v) {
-  const s = String(v ?? "").trim();
-  return s.length ? s : null;
-}
-function createAuthMiddleware(opts) {
-  const {
-    subject,
-    allowFirebaseIdToken = false,
-    requireSubject = true,
-    hydrate
-  } = opts;
-  return async (req, res, next) => {
-    const token = getBearerToken(req);
-    if (!token) {
-      return res.status(401).json({
-        ok: false,
-        code: "AUTH_MISSING_TOKEN",
-        message: "Missing Authorization Bearer token"
-      });
-    }
-    const headerCtx = req.context || {};
-    const company_uid = normalizeUid(headerCtx.company_uid);
-    const branch_uid = normalizeUid(headerCtx.branch_uid);
-    try {
-      const decoded = verifyBackendJwtRS256(token);
-      const baseCtx = {
-        tokenType: "backend",
-        subject,
-        company_uid: company_uid ?? void 0,
-        branch_uid: branch_uid ?? void 0,
-        roles: Array.isArray(decoded?.roles) ? decoded.roles : [],
-        permissions: Array.isArray(decoded?.permissions) ? decoded.permissions : [],
-        denied_permissions: Array.isArray(decoded?.denied_permissions) ? decoded.denied_permissions : [],
-        session: {
-          jti: decoded?.jti,
-          device_id: decoded?.device_id,
-          expires_at: decoded?.exp
-        }
-      };
-      const hydrated = await hydrate({ decoded, req, subject, company_uid, branch_uid });
-      Object.assign(baseCtx, hydrated);
-      if (requireSubject) {
-        if (subject === "employee" && !baseCtx.employee) {
-          return res.status(401).json({
-            ok: false,
-            code: "AUTH_EMPLOYEE_NOT_FOUND",
-            message: "Employee not resolved by hydrator"
-          });
-        }
-        if (subject === "customer" && !baseCtx.customer) {
-          return res.status(401).json({
-            ok: false,
-            code: "AUTH_CUSTOMER_NOT_FOUND",
-            message: "Customer not resolved by hydrator"
-          });
-        }
-      }
-      req.auth = baseCtx;
-      return next();
-    } catch (errJwt) {
-      if (!allowFirebaseIdToken) {
-        return res.status(401).json({
-          ok: false,
-          code: "AUTH_INVALID_TOKEN",
-          message: "Invalid or expired token"
-        });
-      }
-      try {
-        const { default: admin } = await import("firebase-admin");
-        const firebaseDecoded = await admin.auth().verifyIdToken(token);
-        if (firebaseDecoded.email && firebaseDecoded.email_verified === false) {
-          return res.status(401).json({
-            ok: false,
-            code: "AUTH_EMAIL_NOT_VERIFIED",
-            message: "Email not verified"
-          });
-        }
-        req.auth = {
-          tokenType: "backend",
-          subject,
-          firebase: firebaseDecoded,
-          company_uid: company_uid ?? void 0,
-          branch_uid: branch_uid ?? void 0,
-          companies: [],
-          roles: [],
-          permissions: [],
-          denied_permissions: []
-        };
-        return next();
-      } catch {
-        return res.status(401).json({
-          ok: false,
-          code: "AUTH_INVALID_TOKEN",
-          message: "Invalid or expired token"
-        });
-      }
-    }
-  };
-}
-export {
-  readRs256PublicKey,
-  verifyBackendJwtRS256,
-  createAuthMiddleware,
-  auth_exports
-};
-//# sourceMappingURL=chunk-W23UYULS.js.map

package/dist/chunk-W23UYULS.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../src/auth/index.ts","../src/auth/jwt.ts","../src/auth/middleware.ts"],"sourcesContent":["export * from \"./types\";\nexport * from \"./jwt\";\nexport * from \"./middleware\";\n","import fs from \"fs\";\nimport jwt, {JwtPayload} from \"jsonwebtoken\";\n\nfunction readFileIfExists(path?: string): string | null {\n if (!path) return null;\n try {\n const v = fs.readFileSync(path, \"utf8\").trim();\n return v.length ? v : null;\n } catch {\n return null;\n }\n}\n\n/**\n * ✅ Keys viven en getmarket-stack:\n * - JWT_PUBLIC_KEY_PATH=/run/secrets/jwtRS256.key.pub (recomendado)\n * - fallback env AUTH_JWT_PUBLIC_KEY / AUTH_RSA_PUBLIC_KEY\n */\nexport function readRs256PublicKey(): string {\n const fromFile = readFileIfExists(process.env.JWT_PUBLIC_KEY_PATH);\n if (fromFile) return fromFile;\n\n const fromEnv = String(process.env.AUTH_JWT_PUBLIC_KEY || process.env.AUTH_RSA_PUBLIC_KEY || \"\")\n .replace(/\\\\n/g, \"\\n\")\n .trim();\n\n if (fromEnv) return fromEnv;\n\n throw new Error(\"Missing RS256 public key (JWT_PUBLIC_KEY_PATH / AUTH_JWT_PUBLIC_KEY / AUTH_RSA_PUBLIC_KEY)\");\n}\n\nexport function verifyBackendJwtRS256(raw: string): JwtPayload {\n const publicKey = readRs256PublicKey();\n\n const audience = process.env.JWT_AUDIENCE || process.env.AUTH_JWT_AUDIENCE || \"getmarket.api\";\n const issuer = process.env.JWT_ISSUER || process.env.AUTH_JWT_ISSUER || \"getmarket-auth\";\n\n // ✅ SOLO RS256\n return jwt.verify(raw, publicKey, {\n algorithms: [\"RS256\"],\n audience,\n issuer,\n }) as JwtPayload;\n}\n","import type {NextFunction, Response} from \"express\";\nimport {verifyBackendJwtRS256} from \"./jwt\";\nimport type {AuthContext, AuthMiddlewareOptions} from \"./types\";\n\nfunction getBearerToken(req: any): string | null {\n const auth = String(req.headers?.authorization || \"\");\n if (!auth.startsWith(\"Bearer \")) return null;\n const token = auth.slice(7).trim();\n return token.length ? token : null;\n}\n\nfunction normalizeUid(v: any): string | null {\n const s = String(v ?? \"\").trim();\n return s.length ? s : null;\n}\n\n/**\n * ✅ Middleware estándar:\n * - Solo Authorization: Bearer\n * - Solo RS256\n * - Cero legacy\n * - Hidrata vía hook (OBLIGATORIO) para que cada micro no replique lógica\n */\nexport function createAuthMiddleware(opts: AuthMiddlewareOptions) {\n const {\n subject,\n allowFirebaseIdToken = false,\n requireSubject = true,\n hydrate,\n } = opts;\n\n return async (req: any, res: Response, next: NextFunction) => {\n const token = getBearerToken(req);\n if (!token) {\n return res.status(401).json({\n ok: false,\n code: \"AUTH_MISSING_TOKEN\",\n message: \"Missing Authorization Bearer token\",\n });\n }\n\n // Contexto desde parseHeaders (SDK) -> req.context\n const headerCtx = (req as any).context || {};\n const company_uid = normalizeUid(headerCtx.company_uid);\n const branch_uid = normalizeUid(headerCtx.branch_uid);\n\n // 1) RS256 backend JWT\n try {\n const decoded: any = verifyBackendJwtRS256(token);\n\n const baseCtx: AuthContext = {\n tokenType: \"backend\",\n subject,\n company_uid: company_uid ?? undefined,\n branch_uid: branch_uid ?? undefined,\n roles: Array.isArray(decoded?.roles) ? decoded.roles : [],\n permissions: Array.isArray(decoded?.permissions) ? decoded.permissions : [],\n denied_permissions: Array.isArray(decoded?.denied_permissions) ? decoded.denied_permissions : [],\n session: {\n jti: decoded?.jti,\n device_id: decoded?.device_id,\n expires_at: decoded?.exp,\n },\n };\n\n // ✅ hydrate obligatorio (cero legacy)\n const hydrated = await hydrate({decoded, req, subject, company_uid, branch_uid});\n Object.assign(baseCtx, hydrated);\n\n if (requireSubject) {\n if (subject === \"employee\" && !baseCtx.employee) {\n return res.status(401).json({\n ok: false,\n code: \"AUTH_EMPLOYEE_NOT_FOUND\",\n message: \"Employee not resolved by hydrator\",\n });\n }\n if (subject === \"customer\" && !baseCtx.customer) {\n return res.status(401).json({\n ok: false,\n code: \"AUTH_CUSTOMER_NOT_FOUND\",\n message: \"Customer not resolved by hydrator\",\n });\n }\n }\n\n req.auth = baseCtx;\n return next();\n } catch (errJwt) {\n // 2) Firebase opcional (si está habilitado explícitamente)\n if (!allowFirebaseIdToken) {\n return res.status(401).json({\n ok: false,\n code: \"AUTH_INVALID_TOKEN\",\n message: \"Invalid or expired token\",\n });\n }\n\n try {\n // Import dinámico (pero firebase-admin está en deps del SDK)\n const {default: admin} = await import(\"firebase-admin\");\n const firebaseDecoded = await admin.auth().verifyIdToken(token);\n\n if (firebaseDecoded.email && firebaseDecoded.email_verified === false) {\n return res.status(401).json({\n ok: false,\n code: \"AUTH_EMAIL_NOT_VERIFIED\",\n message: \"Email not verified\",\n });\n }\n\n req.auth = {\n tokenType: \"backend\",\n subject,\n firebase: firebaseDecoded,\n company_uid: company_uid ?? undefined,\n branch_uid: branch_uid ?? undefined,\n companies: [],\n roles: [],\n permissions: [],\n denied_permissions: [],\n };\n\n return next();\n } catch {\n return res.status(401).json({\n ok: false,\n code: \"AUTH_INVALID_TOKEN\",\n message: \"Invalid or expired token\",\n });\n }\n }\n };\n}\n"],"mappings":";;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,OAAO,QAAQ;AACf,OAAO,SAAuB;AAE9B,SAAS,iBAAiB,MAA8B;AACpD,MAAI,CAAC,KAAM,QAAO;AAClB,MAAI;AACA,UAAM,IAAI,GAAG,aAAa,MAAM,MAAM,EAAE,KAAK;AAC7C,WAAO,EAAE,SAAS,IAAI;AAAA,EAC1B,QAAQ;AACJ,WAAO;AAAA,EACX;AACJ;AAOO,SAAS,qBAA6B;AACzC,QAAM,WAAW,iBAAiB,QAAQ,IAAI,mBAAmB;AACjE,MAAI,SAAU,QAAO;AAErB,QAAM,UAAU,OAAO,QAAQ,IAAI,uBAAuB,QAAQ,IAAI,uBAAuB,EAAE,EAC1F,QAAQ,QAAQ,IAAI,EACpB,KAAK;AAEV,MAAI,QAAS,QAAO;AAEpB,QAAM,IAAI,MAAM,4FAA4F;AAChH;AAEO,SAAS,sBAAsB,KAAyB;AAC3D,QAAM,YAAY,mBAAmB;AAErC,QAAM,WAAW,QAAQ,IAAI,gBAAgB,QAAQ,IAAI,qBAAqB;AAC9E,QAAM,SAAS,QAAQ,IAAI,cAAc,QAAQ,IAAI,mBAAmB;AAGxE,SAAO,IAAI,OAAO,KAAK,WAAW;AAAA,IAC9B,YAAY,CAAC,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,EACJ,CAAC;AACL;;;ACvCA,SAAS,eAAe,KAAyB;AAC7C,QAAM,OAAO,OAAO,IAAI,SAAS,iBAAiB,EAAE;AACpD,MAAI,CAAC,KAAK,WAAW,SAAS,EAAG,QAAO;AACxC,QAAM,QAAQ,KAAK,MAAM,CAAC,EAAE,KAAK;AACjC,SAAO,MAAM,SAAS,QAAQ;AAClC;AAEA,SAAS,aAAa,GAAuB;AACzC,QAAM,IAAI,OAAO,KAAK,EAAE,EAAE,KAAK;AAC/B,SAAO,EAAE,SAAS,IAAI;AAC1B;AASO,SAAS,qBAAqB,MAA6B;AAC9D,QAAM;AAAA,IACF;AAAA,IACA,uBAAuB;AAAA,IACvB,iBAAiB;AAAA,IACjB;AAAA,EACJ,IAAI;AAEJ,SAAO,OAAO,KAAU,KAAe,SAAuB;AAC1D,UAAM,QAAQ,eAAe,GAAG;AAChC,QAAI,CAAC,OAAO;AACR,aAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,QACxB,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,SAAS;AAAA,MACb,CAAC;AAAA,IACL;AAGA,UAAM,YAAa,IAAY,WAAW,CAAC;AAC3C,UAAM,cAAc,aAAa,UAAU,WAAW;AACtD,UAAM,aAAa,aAAa,UAAU,UAAU;AAGpD,QAAI;AACA,YAAM,UAAe,sBAAsB,KAAK;AAEhD,YAAM,UAAuB;AAAA,QACzB,WAAW;AAAA,QACX;AAAA,QACA,aAAa,eAAe;AAAA,QAC5B,YAAY,cAAc;AAAA,QAC1B,OAAO,MAAM,QAAQ,SAAS,KAAK,IAAI,QAAQ,QAAQ,CAAC;AAAA,QACxD,aAAa,MAAM,QAAQ,SAAS,WAAW,IAAI,QAAQ,cAAc,CAAC;AAAA,QAC1E,oBAAoB,MAAM,QAAQ,SAAS,kBAAkB,IAAI,QAAQ,qBAAqB,CAAC;AAAA,QAC/F,SAAS;AAAA,UACL,KAAK,SAAS;AAAA,UACd,WAAW,SAAS;AAAA,UACpB,YAAY,SAAS;AAAA,QACzB;AAAA,MACJ;AAGA,YAAM,WAAW,MAAM,QAAQ,EAAC,SAAS,KAAK,SAAS,aAAa,WAAU,CAAC;AAC/E,aAAO,OAAO,SAAS,QAAQ;AAE/B,UAAI,gBAAgB;AAChB,YAAI,YAAY,cAAc,CAAC,QAAQ,UAAU;AAC7C,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YACxB,IAAI;AAAA,YACJ,MAAM;AAAA,YACN,SAAS;AAAA,UACb,CAAC;AAAA,QACL;AACA,YAAI,YAAY,cAAc,CAAC,QAAQ,UAAU;AAC7C,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YACxB,IAAI;AAAA,YACJ,MAAM;AAAA,YACN,SAAS;AAAA,UACb,CAAC;AAAA,QACL;AAAA,MACJ;AAEA,UAAI,OAAO;AACX,aAAO,KAAK;AAAA,IAChB,SAAS,QAAQ;AAEb,UAAI,CAAC,sBAAsB;AACvB,eAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UACxB,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,SAAS;AAAA,QACb,CAAC;AAAA,MACL;AAEA,UAAI;AAEA,cAAM,EAAC,SAAS,MAAK,IAAI,MAAM,OAAO,gBAAgB;AACtD,cAAM,kBAAkB,MAAM,MAAM,KAAK,EAAE,cAAc,KAAK;AAE9D,YAAI,gBAAgB,SAAS,gBAAgB,mBAAmB,OAAO;AACnE,iBAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YACxB,IAAI;AAAA,YACJ,MAAM;AAAA,YACN,SAAS;AAAA,UACb,CAAC;AAAA,QACL;AAEA,YAAI,OAAO;AAAA,UACP,WAAW;AAAA,UACX;AAAA,UACA,UAAU;AAAA,UACV,aAAa,eAAe;AAAA,UAC5B,YAAY,cAAc;AAAA,UAC1B,WAAW,CAAC;AAAA,UACZ,OAAO,CAAC;AAAA,UACR,aAAa,CAAC;AAAA,UACd,oBAAoB,CAAC;AAAA,QACzB;AAEA,eAAO,KAAK;AAAA,MAChB,QAAQ;AACJ,eAAO,IAAI,OAAO,GAAG,EAAE,KAAK;AAAA,UACxB,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,SAAS;AAAA,QACb,CAAC;AAAA,MACL;AAAA,IACJ;AAAA,EACJ;AACJ;","names":[]}

package/dist/chunk-Y2JJLHAY.js DELETED Viewed

@@ -1,149 +0,0 @@
-import {
-  HEADER_INTERNAL_API_KEY,
-  getRequestContextFromHeaders
-} from "./chunk-65HACONF.js";
-// src/middlewares/requestId.ts
-import { randomUUID, randomBytes } from "crypto";
-var REQUEST_ID_HEADER = "x-request-id";
-var REQUEST_ID_HEADER_ALT = "x-requestid";
-var RESPONSE_REQUEST_ID_HEADER = "X-Request-Id";
-function requestId(req, res, next) {
-  const headerId = req.headers[REQUEST_ID_HEADER] || req.headers[REQUEST_ID_HEADER_ALT];
-  const id = headerId?.trim() || randomUUID();
-  req.requestId = id;
-  res.locals.requestId = id;
-  res.setHeader(RESPONSE_REQUEST_ID_HEADER, id);
-  next();
-}
-// src/middlewares/parseHeaders.ts
-function parseHeaders(req, _res, next) {
-  const context = getRequestContextFromHeaders(req.headers);
-  req.context = context;
-  const auth = req.auth ?? (req.auth = {});
-  if (context.company_uid) auth.company_uid = context.company_uid;
-  if (context.branch_uid) auth.branch_uid = context.branch_uid;
-  if (context.employee_uid) auth.employee_uid = context.employee_uid;
-  next();
-}
-// src/middlewares/internalAuth.ts
-import fs from "fs";
-import crypto from "crypto";
-// src/middlewares/respond.ts
-function sendOk(_req, res, data, statusCode = 200) {
-  return res.status(statusCode).json({ ok: true, data, requestId: res.locals?.requestId ?? null });
-}
-function sendError(_req, res, statusCode, code, message, details) {
-  return res.status(statusCode).json({
-    ok: false,
-    error: { code, message, ...details !== void 0 ? { details } : {} },
-    requestId: res.locals?.requestId ?? null
-  });
-}
-// src/middlewares/internalAuth.ts
-function readSecretFile(path) {
-  if (!path) return null;
-  try {
-    const v = fs.readFileSync(path, "utf8").trim();
-    return v.length ? v : null;
-  } catch {
-    return null;
-  }
-}
-function splitKeys(v) {
-  if (!v) return [];
-  return v.split(",").map((s) => s.trim()).filter(Boolean);
-}
-function getExpectedKeys() {
-  const fileKey = readSecretFile(process.env.INTERNAL_API_KEY_FILE);
-  const envKey = (process.env.INTERNAL_API_KEY || "").trim();
-  const raw = fileKey || envKey;
-  return splitKeys(raw);
-}
-function extractToken(req) {
-  const apiKey = (req.header(HEADER_INTERNAL_API_KEY) || "").trim();
-  return apiKey || null;
-}
-function safeEquals(a, b) {
-  const aa = Buffer.from(a);
-  const bb = Buffer.from(b);
-  if (aa.length !== bb.length) return false;
-  return crypto.timingSafeEqual(aa, bb);
-}
-function internalAuth(req, res, next) {
-  const token = extractToken(req);
-  if (!token) {
-    return sendError(req, res, 401, "UNAUTHORIZED", `Missing internal api key (${HEADER_INTERNAL_API_KEY})`);
-  }
-  const expectedKeys = getExpectedKeys();
-  if (expectedKeys.length === 0) {
-    return sendError(
-      req,
-      res,
-      500,
-      "MISCONFIGURED_INTERNAL_AUTH",
-      "Internal api key not configured (INTERNAL_API_KEY or INTERNAL_API_KEY_FILE)"
-    );
-  }
-  const ok = expectedKeys.some((k) => safeEquals(token, k));
-  if (!ok) {
-    return sendError(req, res, 403, "FORBIDDEN", "Invalid internal api key");
-  }
-  return next();
-}
-// src/middlewares/autorization.ts
-function getAuth(req) {
-  return req.auth ?? {};
-}
-function requireAuthContext() {
-  return (req, res, next) => {
-    if (!req.auth) {
-      return sendError(req, res, 401, "UNAUTHORIZED", "Missing auth context");
-    }
-    return next();
-  };
-}
-function requirePermissions(...perms) {
-  return (req, res, next) => {
-    const auth = getAuth(req);
-    const allow = new Set(auth.permissions ?? []);
-    const deny = new Set(auth.denied_permissions ?? []);
-    for (const p of perms) {
-      if (deny.has(p)) {
-        return sendError(req, res, 403, "FORBIDDEN", `Denied: ${p}`);
-      }
-    }
-    const missing = perms.filter((p) => !allow.has(p));
-    if (missing.length) {
-      return sendError(req, res, 403, "FORBIDDEN", "Missing permissions", { missing });
-    }
-    return next();
-  };
-}
-function requireRoles(...roles) {
-  return (req, res, next) => {
-    const auth = getAuth(req);
-    const have = new Set(auth.roles ?? []);
-    if (!roles.some((r) => have.has(r))) {
-      return sendError(req, res, 403, "FORBIDDEN", "Role not allowed", { required: roles });
-    }
-    return next();
-  };
-}
-export {
-  requestId,
-  parseHeaders,
-  sendOk,
-  sendError,
-  internalAuth,
-  requireAuthContext,
-  requirePermissions,
-  requireRoles
-};
-//# sourceMappingURL=chunk-Y2JJLHAY.js.map