@innvoid/getmarket-sdk 0.1.4 → 0.1.6

package/dist/chunk-Y2JJLHAY.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/middlewares/requestId.ts","../src/middlewares/parseHeaders.ts","../src/middlewares/internalAuth.ts","../src/middlewares/respond.ts","../src/middlewares/autorization.ts"],"sourcesContent":["// middlewares/requestId.ts\nimport type {Request, Response, NextFunction} from \"express\";\nimport {randomUUID, randomBytes} from \"crypto\";\n\nexport const REQUEST_ID_HEADER = \"x-request-id\";\nexport const REQUEST_ID_HEADER_ALT = \"x-requestid\";\nexport const RESPONSE_REQUEST_ID_HEADER = \"X-Request-Id\";\n\n// Si quieres IDs más cortos (opcional). Por defecto usamos UUID.\nfunction nanoidLike(len = 21) {\n    return randomBytes(16).toString(\"base64url\").slice(0, len);\n}\n\nexport default function requestId(req: Request, res: Response, next: NextFunction) {\n    const headerId = (req.headers[REQUEST_ID_HEADER] || req.headers[REQUEST_ID_HEADER_ALT]) as\n        | string\n        | undefined;\n\n    // ✅ estándar único: usa UUID (o cambia a nanoidLike() si prefieres corto)\n    const id = headerId?.trim() || randomUUID();\n\n    // ✅ estándar único (no legacy)\n    (req as any).requestId = id;\n    res.locals.requestId = id;\n\n    // ✅ respuesta\n    res.setHeader(RESPONSE_REQUEST_ID_HEADER, id);\n\n    next();\n}\n","import type {Request, Response, NextFunction} from \"express\";\nimport {getRequestContextFromHeaders} from \"../headers\";\n\n/**\n * ✅ NO-LEGACY:\n * - solo setea UIDs\n * - no crea objetos company/branch\n * - no copia provider\n */\nexport default function parseHeaders(req: Request, _res: Response, next: NextFunction) {\n    const context = getRequestContextFromHeaders(req.headers as any);\n\n    (req as any).context = context;\n\n    const auth: any = (req as any).auth ?? ((req as any).auth = {});\n    if (context.company_uid) auth.company_uid = context.company_uid;\n    if (context.branch_uid) auth.branch_uid = context.branch_uid;\n    if (context.employee_uid) auth.employee_uid = context.employee_uid;\n\n    next();\n}\n","import type {Request, Response, NextFunction} from \"express\";\nimport fs from \"fs\";\nimport crypto from \"crypto\";\nimport {sendError} from \"./respond\";\nimport {HEADER_INTERNAL_API_KEY} from \"../headers\";\n\nfunction readSecretFile(path?: string): string | null {\n    if (!path) return null;\n    try {\n        const v = fs.readFileSync(path, \"utf8\").trim();\n        return v.length ? v : null;\n    } catch {\n        return null;\n    }\n}\n\nfunction splitKeys(v?: string | null): string[] {\n    if (!v) return [];\n    return v.split(\",\").map((s) => s.trim()).filter(Boolean);\n}\n\nfunction getExpectedKeys(): string[] {\n    const fileKey = readSecretFile(process.env.INTERNAL_API_KEY_FILE);\n    const envKey = (process.env.INTERNAL_API_KEY || \"\").trim();\n    const raw = fileKey || envKey;\n    return splitKeys(raw);\n}\n\nfunction extractToken(req: Request): string | null {\n    const apiKey = (req.header(HEADER_INTERNAL_API_KEY) || \"\").trim();\n    return apiKey || null;\n}\n\nfunction safeEquals(a: string, b: string): boolean {\n    const aa = Buffer.from(a);\n    const bb = Buffer.from(b);\n    if (aa.length !== bb.length) return false;\n    return crypto.timingSafeEqual(aa, bb);\n}\n\nexport default function internalAuth(req: Request, res: Response, next: NextFunction) {\n    const token = extractToken(req);\n\n    if (!token) {\n        return sendError(req, res, 401, \"UNAUTHORIZED\", `Missing internal api key (${HEADER_INTERNAL_API_KEY})`);\n    }\n\n    const expectedKeys = getExpectedKeys();\n    if (expectedKeys.length === 0) {\n        return sendError(\n            req,\n            res,\n            500,\n            \"MISCONFIGURED_INTERNAL_AUTH\",\n            \"Internal api key not configured (INTERNAL_API_KEY or INTERNAL_API_KEY_FILE)\"\n        );\n    }\n\n    const ok = expectedKeys.some((k) => safeEquals(token, k));\n    if (!ok) {\n        return sendError(req, res, 403, \"FORBIDDEN\", \"Invalid internal api key\");\n    }\n\n    return next();\n}\n","import type {Request, Response} from \"express\";\n\nexport function sendOk<T>(_req: Request, res: Response, data: T, statusCode = 200) {\n    return res.status(statusCode).json({ok: true, data, requestId: res.locals?.requestId ?? null});\n}\n\nexport function sendError(\n    _req: Request,\n    res: Response,\n    statusCode: number,\n    code: string,\n    message: string,\n    details?: any\n) {\n    return res.status(statusCode).json({\n        ok: false,\n        error: {code, message, ...(details !== undefined ? {details} : {})},\n        requestId: res.locals?.requestId ?? null,\n    });\n}\n","// packages/sdk/src/middlewares/authorization.ts\nimport type {Request, Response, NextFunction} from \"express\";\nimport {sendError} from \"./respond\";\n\ntype AuthShape = {\n    roles?: string[];\n    permissions?: string[];\n    denied_permissions?: string[];\n};\n\nfunction getAuth(req: Request): AuthShape {\n    return ((req as any).auth ?? {}) as AuthShape;\n}\n\n/**\n * 401 si no existe req.auth (contexto auth).\n * Útil para proteger rutas internas donde SIEMPRE debe existir auth.\n */\nexport function requireAuthContext() {\n    return (req: Request, res: Response, next: NextFunction) => {\n        if (!(req as any).auth) {\n            return sendError(req, res, 401, \"UNAUTHORIZED\", \"Missing auth context\");\n        }\n        return next();\n    };\n}\n\n/**\n * Requiere TODOS los permisos indicados.\n * Regla: denied_permissions siempre gana sobre permissions.\n */\nexport function requirePermissions(...perms: string[]) {\n    return (req: Request, res: Response, next: NextFunction) => {\n        const auth = getAuth(req);\n\n        const allow = new Set<string>(auth.permissions ?? []);\n        const deny = new Set<string>(auth.denied_permissions ?? []);\n\n        // deny gana siempre\n        for (const p of perms) {\n            if (deny.has(p)) {\n                return sendError(req, res, 403, \"FORBIDDEN\", `Denied: ${p}`);\n            }\n        }\n\n        const missing = perms.filter((p) => !allow.has(p));\n        if (missing.length) {\n            return sendError(req, res, 403, \"FORBIDDEN\", \"Missing permissions\", {missing});\n        }\n\n        return next();\n    };\n}\n\n/**\n * Requiere al menos 1 de los roles indicados.\n */\nexport function requireRoles(...roles: string[]) {\n    return (req: Request, res: Response, next: NextFunction) => {\n        const auth = getAuth(req);\n        const have = new Set<string>(auth.roles ?? []);\n\n        if (!roles.some((r) => have.has(r))) {\n            return sendError(req, res, 403, \"FORBIDDEN\", \"Role not allowed\", {required: roles});\n        }\n\n        return next();\n    };\n}\n"],"mappings":";;;;;;AAEA,SAAQ,YAAY,mBAAkB;AAE/B,IAAM,oBAAoB;AAC1B,IAAM,wBAAwB;AAC9B,IAAM,6BAA6B;AAO3B,SAAR,UAA2B,KAAc,KAAe,MAAoB;AAC/E,QAAM,WAAY,IAAI,QAAQ,iBAAiB,KAAK,IAAI,QAAQ,qBAAqB;AAKrF,QAAM,KAAK,UAAU,KAAK,KAAK,WAAW;AAG1C,EAAC,IAAY,YAAY;AACzB,MAAI,OAAO,YAAY;AAGvB,MAAI,UAAU,4BAA4B,EAAE;AAE5C,OAAK;AACT;;;ACpBe,SAAR,aAA8B,KAAc,MAAgB,MAAoB;AACnF,QAAM,UAAU,6BAA6B,IAAI,OAAc;AAE/D,EAAC,IAAY,UAAU;AAEvB,QAAM,OAAa,IAAY,SAAU,IAAY,OAAO,CAAC;AAC7D,MAAI,QAAQ,YAAa,MAAK,cAAc,QAAQ;AACpD,MAAI,QAAQ,WAAY,MAAK,aAAa,QAAQ;AAClD,MAAI,QAAQ,aAAc,MAAK,eAAe,QAAQ;AAEtD,OAAK;AACT;;;ACnBA,OAAO,QAAQ;AACf,OAAO,YAAY;;;ACAZ,SAAS,OAAU,MAAe,KAAe,MAAS,aAAa,KAAK;AAC/E,SAAO,IAAI,OAAO,UAAU,EAAE,KAAK,EAAC,IAAI,MAAM,MAAM,WAAW,IAAI,QAAQ,aAAa,KAAI,CAAC;AACjG;AAEO,SAAS,UACZ,MACA,KACA,YACA,MACA,SACA,SACF;AACE,SAAO,IAAI,OAAO,UAAU,EAAE,KAAK;AAAA,IAC/B,IAAI;AAAA,IACJ,OAAO,EAAC,MAAM,SAAS,GAAI,YAAY,SAAY,EAAC,QAAO,IAAI,CAAC,EAAE;AAAA,IAClE,WAAW,IAAI,QAAQ,aAAa;AAAA,EACxC,CAAC;AACL;;;ADbA,SAAS,eAAe,MAA8B;AAClD,MAAI,CAAC,KAAM,QAAO;AAClB,MAAI;AACA,UAAM,IAAI,GAAG,aAAa,MAAM,MAAM,EAAE,KAAK;AAC7C,WAAO,EAAE,SAAS,IAAI;AAAA,EAC1B,QAAQ;AACJ,WAAO;AAAA,EACX;AACJ;AAEA,SAAS,UAAU,GAA6B;AAC5C,MAAI,CAAC,EAAG,QAAO,CAAC;AAChB,SAAO,EAAE,MAAM,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,OAAO;AAC3D;AAEA,SAAS,kBAA4B;AACjC,QAAM,UAAU,eAAe,QAAQ,IAAI,qBAAqB;AAChE,QAAM,UAAU,QAAQ,IAAI,oBAAoB,IAAI,KAAK;AACzD,QAAM,MAAM,WAAW;AACvB,SAAO,UAAU,GAAG;AACxB;AAEA,SAAS,aAAa,KAA6B;AAC/C,QAAM,UAAU,IAAI,OAAO,uBAAuB,KAAK,IAAI,KAAK;AAChE,SAAO,UAAU;AACrB;AAEA,SAAS,WAAW,GAAW,GAAoB;AAC/C,QAAM,KAAK,OAAO,KAAK,CAAC;AACxB,QAAM,KAAK,OAAO,KAAK,CAAC;AACxB,MAAI,GAAG,WAAW,GAAG,OAAQ,QAAO;AACpC,SAAO,OAAO,gBAAgB,IAAI,EAAE;AACxC;AAEe,SAAR,aAA8B,KAAc,KAAe,MAAoB;AAClF,QAAM,QAAQ,aAAa,GAAG;AAE9B,MAAI,CAAC,OAAO;AACR,WAAO,UAAU,KAAK,KAAK,KAAK,gBAAgB,6BAA6B,uBAAuB,GAAG;AAAA,EAC3G;AAEA,QAAM,eAAe,gBAAgB;AACrC,MAAI,aAAa,WAAW,GAAG;AAC3B,WAAO;AAAA,MACH;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACJ;AAAA,EACJ;AAEA,QAAM,KAAK,aAAa,KAAK,CAAC,MAAM,WAAW,OAAO,CAAC,CAAC;AACxD,MAAI,CAAC,IAAI;AACL,WAAO,UAAU,KAAK,KAAK,KAAK,aAAa,0BAA0B;AAAA,EAC3E;AAEA,SAAO,KAAK;AAChB;;;AEtDA,SAAS,QAAQ,KAAyB;AACtC,SAAS,IAAY,QAAQ,CAAC;AAClC;AAMO,SAAS,qBAAqB;AACjC,SAAO,CAAC,KAAc,KAAe,SAAuB;AACxD,QAAI,CAAE,IAAY,MAAM;AACpB,aAAO,UAAU,KAAK,KAAK,KAAK,gBAAgB,sBAAsB;AAAA,IAC1E;AACA,WAAO,KAAK;AAAA,EAChB;AACJ;AAMO,SAAS,sBAAsB,OAAiB;AACnD,SAAO,CAAC,KAAc,KAAe,SAAuB;AACxD,UAAM,OAAO,QAAQ,GAAG;AAExB,UAAM,QAAQ,IAAI,IAAY,KAAK,eAAe,CAAC,CAAC;AACpD,UAAM,OAAO,IAAI,IAAY,KAAK,sBAAsB,CAAC,CAAC;AAG1D,eAAW,KAAK,OAAO;AACnB,UAAI,KAAK,IAAI,CAAC,GAAG;AACb,eAAO,UAAU,KAAK,KAAK,KAAK,aAAa,WAAW,CAAC,EAAE;AAAA,MAC/D;AAAA,IACJ;AAEA,UAAM,UAAU,MAAM,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;AACjD,QAAI,QAAQ,QAAQ;AAChB,aAAO,UAAU,KAAK,KAAK,KAAK,aAAa,uBAAuB,EAAC,QAAO,CAAC;AAAA,IACjF;AAEA,WAAO,KAAK;AAAA,EAChB;AACJ;AAKO,SAAS,gBAAgB,OAAiB;AAC7C,SAAO,CAAC,KAAc,KAAe,SAAuB;AACxD,UAAM,OAAO,QAAQ,GAAG;AACxB,UAAM,OAAO,IAAI,IAAY,KAAK,SAAS,CAAC,CAAC;AAE7C,QAAI,CAAC,MAAM,KAAK,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,GAAG;AACjC,aAAO,UAAU,KAAK,KAAK,KAAK,aAAa,oBAAoB,EAAC,UAAU,MAAK,CAAC;AAAA,IACtF;AAEA,WAAO,KAAK;AAAA,EAChB;AACJ;","names":[]}

package/dist/index-WbfzvmOt.d.cts

@@ -1,87 +0,0 @@
-import { Request, Response, NextFunction } from 'express';
-import { JwtPayload } from 'jsonwebtoken';
-
-type AuthSubject = "employee" | "customer";
-type TokenType = "backend";
-type AuthSession = {
-    jti?: string;
-    device_id?: string;
-    expires_at?: number;
-};
-type AuthContext = {
-    tokenType: TokenType;
-    subject: AuthSubject;
-    employee?: any;
-    customer?: any;
-    company_uid?: string;
-    branch_uid?: string;
-    companies?: any[];
-    company?: any;
-    branch?: any;
-    roles?: string[];
-    permissions?: string[];
-    denied_permissions?: string[];
-    session?: AuthSession;
-    firebase?: any;
-};
-type HydrateInput = {
-    decoded: any;
-    req: Request;
-    subject: AuthSubject;
-    company_uid: string | null;
-    branch_uid: string | null;
-};
-type HydrateResult = Partial<Pick<AuthContext, "employee" | "customer" | "companies" | "company" | "branch" | "roles" | "permissions" | "denied_permissions">>;
-type Hydrator = (input: HydrateInput) => Promise<HydrateResult> | HydrateResult;
-type AuthMiddlewareOptions = {
-    subject: AuthSubject;
-    /**
-     * ✅ Si true, exige que el sujeto (employee/customer) exista tras hydrate.
-     * Default: true
-     */
-    requireSubject?: boolean;
-    /**
-     * Si true, permite fallback a Firebase idToken.
-     * Default: false
-     */
-    allowFirebaseIdToken?: boolean;
-    /**
-     * ✅ OBLIGATORIO para evitar "legacy" o acoplamientos:
-     * el micro decide cómo hidratar (DB local / AuthClient / etc).
-     */
-    hydrate: Hydrator;
-};
-
-/**
- * ✅ Keys viven en getmarket-stack:
- * - JWT_PUBLIC_KEY_PATH=/run/secrets/jwtRS256.key.pub (recomendado)
- * - fallback env AUTH_JWT_PUBLIC_KEY / AUTH_RSA_PUBLIC_KEY
- */
-declare function readRs256PublicKey(): string;
-declare function verifyBackendJwtRS256(raw: string): JwtPayload;
-
-/**
- * ✅ Middleware estándar:
- * - Solo Authorization: Bearer
- * - Solo RS256
- * - Cero legacy
- * - Hidrata vía hook (OBLIGATORIO) para que cada micro no replique lógica
- */
-declare function createAuthMiddleware(opts: AuthMiddlewareOptions): (req: any, res: Response, next: NextFunction) => Promise<void | Response<any, Record<string, any>>>;
-
-type index_AuthContext = AuthContext;
-type index_AuthMiddlewareOptions = AuthMiddlewareOptions;
-type index_AuthSession = AuthSession;
-type index_AuthSubject = AuthSubject;
-type index_HydrateInput = HydrateInput;
-type index_HydrateResult = HydrateResult;
-type index_Hydrator = Hydrator;
-type index_TokenType = TokenType;
-declare const index_createAuthMiddleware: typeof createAuthMiddleware;
-declare const index_readRs256PublicKey: typeof readRs256PublicKey;
-declare const index_verifyBackendJwtRS256: typeof verifyBackendJwtRS256;
-declare namespace index {
-  export { type index_AuthContext as AuthContext, type index_AuthMiddlewareOptions as AuthMiddlewareOptions, type index_AuthSession as AuthSession, type index_AuthSubject as AuthSubject, type index_HydrateInput as HydrateInput, type index_HydrateResult as HydrateResult, type index_Hydrator as Hydrator, type index_TokenType as TokenType, index_createAuthMiddleware as createAuthMiddleware, index_readRs256PublicKey as readRs256PublicKey, index_verifyBackendJwtRS256 as verifyBackendJwtRS256 };
-}
-
-export { type AuthContext as A, type HydrateInput as H, type TokenType as T, type AuthMiddlewareOptions as a, type AuthSession as b, type AuthSubject as c, type HydrateResult as d, type Hydrator as e, createAuthMiddleware as f, index as i, readRs256PublicKey as r, verifyBackendJwtRS256 as v };

package/dist/index-WbfzvmOt.d.ts

@@ -1,87 +0,0 @@
-import { Request, Response, NextFunction } from 'express';
-import { JwtPayload } from 'jsonwebtoken';
-
-type AuthSubject = "employee" | "customer";
-type TokenType = "backend";
-type AuthSession = {
-    jti?: string;
-    device_id?: string;
-    expires_at?: number;
-};
-type AuthContext = {
-    tokenType: TokenType;
-    subject: AuthSubject;
-    employee?: any;
-    customer?: any;
-    company_uid?: string;
-    branch_uid?: string;
-    companies?: any[];
-    company?: any;
-    branch?: any;
-    roles?: string[];
-    permissions?: string[];
-    denied_permissions?: string[];
-    session?: AuthSession;
-    firebase?: any;
-};
-type HydrateInput = {
-    decoded: any;
-    req: Request;
-    subject: AuthSubject;
-    company_uid: string | null;
-    branch_uid: string | null;
-};
-type HydrateResult = Partial<Pick<AuthContext, "employee" | "customer" | "companies" | "company" | "branch" | "roles" | "permissions" | "denied_permissions">>;
-type Hydrator = (input: HydrateInput) => Promise<HydrateResult> | HydrateResult;
-type AuthMiddlewareOptions = {
-    subject: AuthSubject;
-    /**
-     * ✅ Si true, exige que el sujeto (employee/customer) exista tras hydrate.
-     * Default: true
-     */
-    requireSubject?: boolean;
-    /**
-     * Si true, permite fallback a Firebase idToken.
-     * Default: false
-     */
-    allowFirebaseIdToken?: boolean;
-    /**
-     * ✅ OBLIGATORIO para evitar "legacy" o acoplamientos:
-     * el micro decide cómo hidratar (DB local / AuthClient / etc).
-     */
-    hydrate: Hydrator;
-};
-
-/**
- * ✅ Keys viven en getmarket-stack:
- * - JWT_PUBLIC_KEY_PATH=/run/secrets/jwtRS256.key.pub (recomendado)
- * - fallback env AUTH_JWT_PUBLIC_KEY / AUTH_RSA_PUBLIC_KEY
- */
-declare function readRs256PublicKey(): string;
-declare function verifyBackendJwtRS256(raw: string): JwtPayload;
-
-/**
- * ✅ Middleware estándar:
- * - Solo Authorization: Bearer
- * - Solo RS256
- * - Cero legacy
- * - Hidrata vía hook (OBLIGATORIO) para que cada micro no replique lógica
- */
-declare function createAuthMiddleware(opts: AuthMiddlewareOptions): (req: any, res: Response, next: NextFunction) => Promise<void | Response<any, Record<string, any>>>;
-
-type index_AuthContext = AuthContext;
-type index_AuthMiddlewareOptions = AuthMiddlewareOptions;
-type index_AuthSession = AuthSession;
-type index_AuthSubject = AuthSubject;
-type index_HydrateInput = HydrateInput;
-type index_HydrateResult = HydrateResult;
-type index_Hydrator = Hydrator;
-type index_TokenType = TokenType;
-declare const index_createAuthMiddleware: typeof createAuthMiddleware;
-declare const index_readRs256PublicKey: typeof readRs256PublicKey;
-declare const index_verifyBackendJwtRS256: typeof verifyBackendJwtRS256;
-declare namespace index {
-  export { type index_AuthContext as AuthContext, type index_AuthMiddlewareOptions as AuthMiddlewareOptions, type index_AuthSession as AuthSession, type index_AuthSubject as AuthSubject, type index_HydrateInput as HydrateInput, type index_HydrateResult as HydrateResult, type index_Hydrator as Hydrator, type index_TokenType as TokenType, index_createAuthMiddleware as createAuthMiddleware, index_readRs256PublicKey as readRs256PublicKey, index_verifyBackendJwtRS256 as verifyBackendJwtRS256 };
-}
-
-export { type AuthContext as A, type HydrateInput as H, type TokenType as T, type AuthMiddlewareOptions as a, type AuthSession as b, type AuthSubject as c, type HydrateResult as d, type Hydrator as e, createAuthMiddleware as f, index as i, readRs256PublicKey as r, verifyBackendJwtRS256 as v };