@innvoid/getmarket-sdk 0.2.7 → 0.2.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/chunk-HNOUEVHW.js +410 -0
- package/dist/chunk-HNOUEVHW.js.map +1 -0
- package/dist/express.d.cts +1 -1
- package/dist/express.d.ts +1 -1
- package/dist/index.cjs +282 -342
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +11 -24
- package/dist/index.d.ts +11 -24
- package/dist/index.js +196 -15
- package/dist/index.js.map +1 -1
- package/dist/middlewares/index.cjs +88 -204
- package/dist/middlewares/index.cjs.map +1 -1
- package/dist/middlewares/index.d.cts +34 -40
- package/dist/middlewares/index.d.ts +34 -40
- package/dist/middlewares/index.js +1 -1
- package/dist/{types-CRECQuHp.d.cts → types-Cc_McZgD.d.cts} +12 -10
- package/dist/{types-CRECQuHp.d.ts → types-Cc_McZgD.d.ts} +12 -10
- package/package.json +2 -2
- package/dist/chunk-WM2QICZQ.js +0 -666
- package/dist/chunk-WM2QICZQ.js.map +0 -1
|
@@ -0,0 +1,410 @@
|
|
|
1
|
+
import {
|
|
2
|
+
HEADER_INTERNAL_API_KEY,
|
|
3
|
+
getRequestContextFromHeaders
|
|
4
|
+
} from "./chunk-KXXIMSON.js";
|
|
5
|
+
|
|
6
|
+
// src/middlewares/parseHeaders.ts
|
|
7
|
+
function parseHeaders(req, _res, next) {
|
|
8
|
+
req.context = getRequestContextFromHeaders(req.headers);
|
|
9
|
+
next();
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
// src/middlewares/requestId.ts
|
|
13
|
+
import { randomUUID, randomBytes } from "crypto";
|
|
14
|
+
var REQUEST_ID_HEADER = "x-request-id";
|
|
15
|
+
var REQUEST_ID_HEADER_ALT = "x-requestid";
|
|
16
|
+
var RESPONSE_REQUEST_ID_HEADER = "X-Request-Id";
|
|
17
|
+
function requestId(req, res, next) {
|
|
18
|
+
const headerId = req.headers[REQUEST_ID_HEADER] || req.headers[REQUEST_ID_HEADER_ALT];
|
|
19
|
+
const id = headerId?.trim() || randomUUID();
|
|
20
|
+
req.requestId = id;
|
|
21
|
+
res.locals.requestId = id;
|
|
22
|
+
res.setHeader(RESPONSE_REQUEST_ID_HEADER, id);
|
|
23
|
+
next();
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
// src/middlewares/internalAuth.ts
|
|
27
|
+
import fs from "fs";
|
|
28
|
+
import crypto from "crypto";
|
|
29
|
+
|
|
30
|
+
// src/middlewares/respond.ts
|
|
31
|
+
function sendOk(_req, res, data, statusCode = 200) {
|
|
32
|
+
return res.status(statusCode).json({ ok: true, data, requestId: res.locals?.requestId ?? null });
|
|
33
|
+
}
|
|
34
|
+
function sendError(_req, res, statusCode, code, message, details) {
|
|
35
|
+
return res.status(statusCode).json({
|
|
36
|
+
ok: false,
|
|
37
|
+
error: { code, message, ...details !== void 0 ? { details } : {} },
|
|
38
|
+
requestId: res.locals?.requestId ?? null
|
|
39
|
+
});
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
// src/middlewares/internalAuth.ts
|
|
43
|
+
function readSecretFile(path) {
|
|
44
|
+
if (!path) return null;
|
|
45
|
+
try {
|
|
46
|
+
const v = fs.readFileSync(path, "utf8").trim();
|
|
47
|
+
return v.length ? v : null;
|
|
48
|
+
} catch {
|
|
49
|
+
return null;
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
function splitKeys(v) {
|
|
53
|
+
if (!v) return [];
|
|
54
|
+
return v.split(",").map((s) => s.trim()).filter(Boolean);
|
|
55
|
+
}
|
|
56
|
+
function getExpectedKeys() {
|
|
57
|
+
const fileKey = readSecretFile(process.env.INTERNAL_API_KEY_FILE);
|
|
58
|
+
const envKey = (process.env.INTERNAL_API_KEY || "").trim();
|
|
59
|
+
const raw = fileKey || envKey;
|
|
60
|
+
return splitKeys(raw);
|
|
61
|
+
}
|
|
62
|
+
function extractToken(req) {
|
|
63
|
+
const apiKey = (req.header(HEADER_INTERNAL_API_KEY) || "").trim();
|
|
64
|
+
return apiKey || null;
|
|
65
|
+
}
|
|
66
|
+
function safeEquals(a, b) {
|
|
67
|
+
const aa = Buffer.from(a);
|
|
68
|
+
const bb = Buffer.from(b);
|
|
69
|
+
if (aa.length !== bb.length) return false;
|
|
70
|
+
return crypto.timingSafeEqual(aa, bb);
|
|
71
|
+
}
|
|
72
|
+
function internalAuth(req, res, next) {
|
|
73
|
+
const token = extractToken(req);
|
|
74
|
+
if (!token) {
|
|
75
|
+
return sendError(req, res, 401, "UNAUTHORIZED", `Missing internal api key (${HEADER_INTERNAL_API_KEY})`);
|
|
76
|
+
}
|
|
77
|
+
const expectedKeys = getExpectedKeys();
|
|
78
|
+
if (expectedKeys.length === 0) {
|
|
79
|
+
return sendError(
|
|
80
|
+
req,
|
|
81
|
+
res,
|
|
82
|
+
500,
|
|
83
|
+
"MISCONFIGURED_INTERNAL_AUTH",
|
|
84
|
+
"Internal api key not configured (INTERNAL_API_KEY or INTERNAL_API_KEY_FILE)"
|
|
85
|
+
);
|
|
86
|
+
}
|
|
87
|
+
const ok = expectedKeys.some((k) => safeEquals(token, k));
|
|
88
|
+
if (!ok) {
|
|
89
|
+
return sendError(req, res, 403, "FORBIDDEN", "Invalid internal api key");
|
|
90
|
+
}
|
|
91
|
+
return next();
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
// src/middlewares/authorization.ts
|
|
95
|
+
function getAuth(req) {
|
|
96
|
+
return req.auth ?? {};
|
|
97
|
+
}
|
|
98
|
+
function hasAuthContext(req) {
|
|
99
|
+
return !!req.auth;
|
|
100
|
+
}
|
|
101
|
+
function normalizeCode(v) {
|
|
102
|
+
if (!v) return null;
|
|
103
|
+
if (typeof v === "string") return v;
|
|
104
|
+
if (typeof v === "object") return v.code || v.name || null;
|
|
105
|
+
return null;
|
|
106
|
+
}
|
|
107
|
+
function rolesSet(auth) {
|
|
108
|
+
const out = /* @__PURE__ */ new Set();
|
|
109
|
+
for (const r of auth.roles || []) {
|
|
110
|
+
const c = normalizeCode(r);
|
|
111
|
+
if (c) out.add(c);
|
|
112
|
+
}
|
|
113
|
+
return out;
|
|
114
|
+
}
|
|
115
|
+
function permsSet(list) {
|
|
116
|
+
const out = /* @__PURE__ */ new Set();
|
|
117
|
+
for (const p of list || []) {
|
|
118
|
+
const c = normalizeCode(p);
|
|
119
|
+
if (c) out.add(c);
|
|
120
|
+
}
|
|
121
|
+
return out;
|
|
122
|
+
}
|
|
123
|
+
function requireAuthContext() {
|
|
124
|
+
return (req, res, next) => {
|
|
125
|
+
if (!hasAuthContext(req)) {
|
|
126
|
+
return sendError(req, res, 401, "UNAUTHORIZED", "Missing auth context");
|
|
127
|
+
}
|
|
128
|
+
return next();
|
|
129
|
+
};
|
|
130
|
+
}
|
|
131
|
+
function isSysAdmin(auth, sysAdminRole) {
|
|
132
|
+
const have = rolesSet(auth);
|
|
133
|
+
return have.has(sysAdminRole);
|
|
134
|
+
}
|
|
135
|
+
function requirePermissions(perms, options) {
|
|
136
|
+
const sysAdminBypass = options?.sysAdminBypass !== false;
|
|
137
|
+
const sysAdminRole = options?.sysAdminRole || "SYS_ADMIN";
|
|
138
|
+
return (req, res, next) => {
|
|
139
|
+
if (!hasAuthContext(req)) {
|
|
140
|
+
return sendError(req, res, 401, "UNAUTHORIZED", "Missing auth context");
|
|
141
|
+
}
|
|
142
|
+
const auth = getAuth(req);
|
|
143
|
+
if (sysAdminBypass && isSysAdmin(auth, sysAdminRole)) return next();
|
|
144
|
+
const allow = permsSet(auth.permissions);
|
|
145
|
+
const deny = permsSet(auth.denied_permissions);
|
|
146
|
+
for (const p of perms) {
|
|
147
|
+
if (deny.has(p)) {
|
|
148
|
+
return sendError(req, res, 403, "FORBIDDEN", `Denied permission: ${p}`, {
|
|
149
|
+
denied: p
|
|
150
|
+
});
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
const missing = perms.filter((p) => !allow.has(p));
|
|
154
|
+
if (missing.length) {
|
|
155
|
+
return sendError(req, res, 403, "FORBIDDEN", "Missing permissions", {
|
|
156
|
+
missing,
|
|
157
|
+
mode: "ALL"
|
|
158
|
+
});
|
|
159
|
+
}
|
|
160
|
+
return next();
|
|
161
|
+
};
|
|
162
|
+
}
|
|
163
|
+
function requireAnyPermission(perms, options) {
|
|
164
|
+
const sysAdminBypass = options?.sysAdminBypass !== false;
|
|
165
|
+
const sysAdminRole = options?.sysAdminRole || "SYS_ADMIN";
|
|
166
|
+
return (req, res, next) => {
|
|
167
|
+
if (!hasAuthContext(req)) {
|
|
168
|
+
return sendError(req, res, 401, "UNAUTHORIZED", "Missing auth context");
|
|
169
|
+
}
|
|
170
|
+
const auth = getAuth(req);
|
|
171
|
+
if (sysAdminBypass && isSysAdmin(auth, sysAdminRole)) return next();
|
|
172
|
+
const allow = permsSet(auth.permissions);
|
|
173
|
+
const deny = permsSet(auth.denied_permissions);
|
|
174
|
+
for (const p of perms) {
|
|
175
|
+
if (deny.has(p)) {
|
|
176
|
+
return sendError(req, res, 403, "FORBIDDEN", `Denied permission: ${p}`, {
|
|
177
|
+
denied: p
|
|
178
|
+
});
|
|
179
|
+
}
|
|
180
|
+
}
|
|
181
|
+
const ok = perms.some((p) => allow.has(p));
|
|
182
|
+
if (!ok) {
|
|
183
|
+
return sendError(req, res, 403, "FORBIDDEN", "Permission denied", {
|
|
184
|
+
required: perms,
|
|
185
|
+
mode: "ANY"
|
|
186
|
+
});
|
|
187
|
+
}
|
|
188
|
+
return next();
|
|
189
|
+
};
|
|
190
|
+
}
|
|
191
|
+
function requireRoles(roles, options) {
|
|
192
|
+
const sysAdminBypass = options?.sysAdminBypass !== false;
|
|
193
|
+
const sysAdminRole = options?.sysAdminRole || "SYS_ADMIN";
|
|
194
|
+
return (req, res, next) => {
|
|
195
|
+
if (!hasAuthContext(req)) {
|
|
196
|
+
return sendError(req, res, 401, "UNAUTHORIZED", "Missing auth context");
|
|
197
|
+
}
|
|
198
|
+
const auth = getAuth(req);
|
|
199
|
+
if (sysAdminBypass && isSysAdmin(auth, sysAdminRole)) return next();
|
|
200
|
+
const have = rolesSet(auth);
|
|
201
|
+
if (!roles.some((r) => have.has(r))) {
|
|
202
|
+
return sendError(req, res, 403, "FORBIDDEN", "Role not allowed", {
|
|
203
|
+
required: roles,
|
|
204
|
+
mode: "ANY"
|
|
205
|
+
});
|
|
206
|
+
}
|
|
207
|
+
return next();
|
|
208
|
+
};
|
|
209
|
+
}
|
|
210
|
+
function requireRolesOrAnyPermission(roles, perms, options) {
|
|
211
|
+
const sysAdminBypass = options?.sysAdminBypass !== false;
|
|
212
|
+
const sysAdminRole = options?.sysAdminRole || "SYS_ADMIN";
|
|
213
|
+
return (req, res, next) => {
|
|
214
|
+
if (!hasAuthContext(req)) {
|
|
215
|
+
return sendError(req, res, 401, "UNAUTHORIZED", "Missing auth context");
|
|
216
|
+
}
|
|
217
|
+
const auth = getAuth(req);
|
|
218
|
+
if (sysAdminBypass && isSysAdmin(auth, sysAdminRole)) return next();
|
|
219
|
+
const haveRoles = rolesSet(auth);
|
|
220
|
+
const allow = permsSet(auth.permissions);
|
|
221
|
+
const deny = permsSet(auth.denied_permissions);
|
|
222
|
+
for (const p of perms) {
|
|
223
|
+
if (deny.has(p)) {
|
|
224
|
+
return sendError(req, res, 403, "FORBIDDEN", `Denied permission: ${p}`, {
|
|
225
|
+
denied: p
|
|
226
|
+
});
|
|
227
|
+
}
|
|
228
|
+
}
|
|
229
|
+
const okRole = roles.some((r) => haveRoles.has(r));
|
|
230
|
+
const okPerm = perms.some((p) => allow.has(p));
|
|
231
|
+
if (!okRole && !okPerm) {
|
|
232
|
+
return sendError(req, res, 403, "FORBIDDEN", "Access denied", {
|
|
233
|
+
roles,
|
|
234
|
+
permissions: perms,
|
|
235
|
+
mode: "ROLES_OR_PERMS_ANY"
|
|
236
|
+
});
|
|
237
|
+
}
|
|
238
|
+
return next();
|
|
239
|
+
};
|
|
240
|
+
}
|
|
241
|
+
|
|
242
|
+
// src/middlewares/guards.ts
|
|
243
|
+
function normalizeRole(r) {
|
|
244
|
+
if (!r) return null;
|
|
245
|
+
if (typeof r === "string") return r;
|
|
246
|
+
return r.code || r.name || null;
|
|
247
|
+
}
|
|
248
|
+
function normalizePerm(p) {
|
|
249
|
+
if (!p) return null;
|
|
250
|
+
if (typeof p === "string") return p;
|
|
251
|
+
return p.code || p.name || null;
|
|
252
|
+
}
|
|
253
|
+
function getAuth2(req) {
|
|
254
|
+
return req.auth ?? {};
|
|
255
|
+
}
|
|
256
|
+
function roleSet(auth) {
|
|
257
|
+
return new Set(
|
|
258
|
+
(auth.roles ?? []).map(normalizeRole).filter(Boolean)
|
|
259
|
+
);
|
|
260
|
+
}
|
|
261
|
+
function permissionSets(auth) {
|
|
262
|
+
const allow = new Set(
|
|
263
|
+
(auth.permissions ?? []).map(normalizePerm).filter(Boolean)
|
|
264
|
+
);
|
|
265
|
+
const deny = new Set(
|
|
266
|
+
(auth.denied_permissions ?? []).map(normalizePerm).filter(Boolean)
|
|
267
|
+
);
|
|
268
|
+
return { allow, deny };
|
|
269
|
+
}
|
|
270
|
+
function normalizeHandlers(auth) {
|
|
271
|
+
if (!auth) return [];
|
|
272
|
+
return Array.isArray(auth) ? auth : [auth];
|
|
273
|
+
}
|
|
274
|
+
function buildBaseChain(options) {
|
|
275
|
+
const chain = [];
|
|
276
|
+
if (options?.includeParseHeaders !== false) {
|
|
277
|
+
chain.push(parseHeaders);
|
|
278
|
+
}
|
|
279
|
+
chain.push(...normalizeHandlers(options?.auth));
|
|
280
|
+
return chain;
|
|
281
|
+
}
|
|
282
|
+
function hasSysAdmin(auth, options) {
|
|
283
|
+
const sysAdminBypass = options?.sysAdminBypass !== false;
|
|
284
|
+
if (!sysAdminBypass) return false;
|
|
285
|
+
const sysAdminRole = options?.sysAdminRole || "SYS_ADMIN";
|
|
286
|
+
return roleSet(auth).has(sysAdminRole);
|
|
287
|
+
}
|
|
288
|
+
function allowSysAdminOrAnyPermission(perms, options) {
|
|
289
|
+
const required = (Array.isArray(perms) ? perms : [perms]).filter(Boolean);
|
|
290
|
+
return [
|
|
291
|
+
...buildBaseChain(options),
|
|
292
|
+
(req, res, next) => {
|
|
293
|
+
const auth = getAuth2(req);
|
|
294
|
+
if (hasSysAdmin(auth, options)) return next();
|
|
295
|
+
const { allow, deny } = permissionSets(auth);
|
|
296
|
+
for (const p of required) {
|
|
297
|
+
if (deny.has(p)) {
|
|
298
|
+
return sendError(req, res, 403, "FORBIDDEN", `Denied permission: ${p}`, {
|
|
299
|
+
denied: p
|
|
300
|
+
});
|
|
301
|
+
}
|
|
302
|
+
}
|
|
303
|
+
const ok = required.some((p) => allow.has(p));
|
|
304
|
+
if (!ok) {
|
|
305
|
+
return sendError(req, res, 403, "FORBIDDEN", "Missing permissions (ANY)", {
|
|
306
|
+
required,
|
|
307
|
+
mode: "ANY"
|
|
308
|
+
});
|
|
309
|
+
}
|
|
310
|
+
return next();
|
|
311
|
+
}
|
|
312
|
+
];
|
|
313
|
+
}
|
|
314
|
+
function allowSysAdminOrPermissionsAll(perms, options) {
|
|
315
|
+
const required = (Array.isArray(perms) ? perms : [perms]).filter(Boolean);
|
|
316
|
+
return [
|
|
317
|
+
...buildBaseChain(options),
|
|
318
|
+
(req, res, next) => {
|
|
319
|
+
const auth = getAuth2(req);
|
|
320
|
+
if (hasSysAdmin(auth, options)) return next();
|
|
321
|
+
const { allow, deny } = permissionSets(auth);
|
|
322
|
+
for (const p of required) {
|
|
323
|
+
if (deny.has(p)) {
|
|
324
|
+
return sendError(req, res, 403, "FORBIDDEN", `Denied permission: ${p}`, {
|
|
325
|
+
denied: p
|
|
326
|
+
});
|
|
327
|
+
}
|
|
328
|
+
}
|
|
329
|
+
const missing = required.filter((p) => !allow.has(p));
|
|
330
|
+
if (missing.length) {
|
|
331
|
+
return sendError(req, res, 403, "FORBIDDEN", "Missing permissions (ALL)", {
|
|
332
|
+
required,
|
|
333
|
+
missing,
|
|
334
|
+
mode: "ALL"
|
|
335
|
+
});
|
|
336
|
+
}
|
|
337
|
+
return next();
|
|
338
|
+
}
|
|
339
|
+
];
|
|
340
|
+
}
|
|
341
|
+
function allowSysAdminOrRoles(roles, options) {
|
|
342
|
+
const required = (Array.isArray(roles) ? roles : [roles]).filter(Boolean);
|
|
343
|
+
return [
|
|
344
|
+
...buildBaseChain(options),
|
|
345
|
+
(req, res, next) => {
|
|
346
|
+
const auth = getAuth2(req);
|
|
347
|
+
if (hasSysAdmin(auth, options)) return next();
|
|
348
|
+
const have = roleSet(auth);
|
|
349
|
+
const ok = required.some((r) => have.has(r));
|
|
350
|
+
if (!ok) {
|
|
351
|
+
return sendError(req, res, 403, "FORBIDDEN", "Role not allowed", {
|
|
352
|
+
required,
|
|
353
|
+
mode: "ANY"
|
|
354
|
+
});
|
|
355
|
+
}
|
|
356
|
+
return next();
|
|
357
|
+
}
|
|
358
|
+
];
|
|
359
|
+
}
|
|
360
|
+
function allowSysAdminOrRolesOrAnyPermission(roles, permissions, options) {
|
|
361
|
+
const requiredRoles = (Array.isArray(roles) ? roles : [roles]).filter(Boolean);
|
|
362
|
+
const requiredPerms = (Array.isArray(permissions) ? permissions : [permissions]).filter(Boolean);
|
|
363
|
+
return [
|
|
364
|
+
...buildBaseChain(options),
|
|
365
|
+
(req, res, next) => {
|
|
366
|
+
const auth = getAuth2(req);
|
|
367
|
+
if (hasSysAdmin(auth, options)) return next();
|
|
368
|
+
const { allow, deny } = permissionSets(auth);
|
|
369
|
+
const haveRoles = roleSet(auth);
|
|
370
|
+
for (const p of requiredPerms) {
|
|
371
|
+
if (deny.has(p)) {
|
|
372
|
+
return sendError(req, res, 403, "FORBIDDEN", `Denied permission: ${p}`, {
|
|
373
|
+
denied: p
|
|
374
|
+
});
|
|
375
|
+
}
|
|
376
|
+
}
|
|
377
|
+
const okRole = requiredRoles.some((r) => haveRoles.has(r));
|
|
378
|
+
if (okRole) return next();
|
|
379
|
+
const okPerm = requiredPerms.some((p) => allow.has(p));
|
|
380
|
+
if (okPerm) return next();
|
|
381
|
+
return sendError(req, res, 403, "FORBIDDEN", "Permission denied", {
|
|
382
|
+
roles: requiredRoles,
|
|
383
|
+
permissions: requiredPerms,
|
|
384
|
+
mode: "ROLES_OR_ANY_PERMISSION"
|
|
385
|
+
});
|
|
386
|
+
}
|
|
387
|
+
];
|
|
388
|
+
}
|
|
389
|
+
function allowAuthAdminOrPerm(permission, options) {
|
|
390
|
+
return allowSysAdminOrRolesOrAnyPermission(["AUTH_ADMIN"], [permission], options);
|
|
391
|
+
}
|
|
392
|
+
|
|
393
|
+
export {
|
|
394
|
+
parseHeaders,
|
|
395
|
+
requestId,
|
|
396
|
+
sendOk,
|
|
397
|
+
sendError,
|
|
398
|
+
internalAuth,
|
|
399
|
+
requireAuthContext,
|
|
400
|
+
requirePermissions,
|
|
401
|
+
requireAnyPermission,
|
|
402
|
+
requireRoles,
|
|
403
|
+
requireRolesOrAnyPermission,
|
|
404
|
+
allowSysAdminOrAnyPermission,
|
|
405
|
+
allowSysAdminOrPermissionsAll,
|
|
406
|
+
allowSysAdminOrRoles,
|
|
407
|
+
allowSysAdminOrRolesOrAnyPermission,
|
|
408
|
+
allowAuthAdminOrPerm
|
|
409
|
+
};
|
|
410
|
+
//# sourceMappingURL=chunk-HNOUEVHW.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/middlewares/parseHeaders.ts","../src/middlewares/requestId.ts","../src/middlewares/internalAuth.ts","../src/middlewares/respond.ts","../src/middlewares/authorization.ts","../src/middlewares/guards.ts"],"sourcesContent":["// sdk/src/middlewares/parseHeaders.ts\nimport type {Request, Response, NextFunction} from \"express\";\nimport {getRequestContextFromHeaders} from \"../headers\";\n\n/**\n * ✅ NO-LEGACY / ESTÁNDAR:\n * - Lee SOLO x-company y x-branch (UIDs planos)\n * - Setea req.context = { company_uid, branch_uid }\n * - NO toca req.auth (auth lo setea authentication/requireAuth)\n */\nexport default function parseHeaders(req: Request, _res: Response, next: NextFunction) {\n (req as any).context = getRequestContextFromHeaders(req.headers as any);\n next();\n}\n","// middlewares/requestId.ts\nimport type {Request, Response, NextFunction} from \"express\";\nimport {randomUUID, randomBytes} from \"crypto\";\n\nexport const REQUEST_ID_HEADER = \"x-request-id\";\nexport const REQUEST_ID_HEADER_ALT = \"x-requestid\";\nexport const RESPONSE_REQUEST_ID_HEADER = \"X-Request-Id\";\n\n// Si quieres IDs más cortos (opcional). Por defecto usamos UUID.\nfunction nanoidLike(len = 21) {\n return randomBytes(16).toString(\"base64url\").slice(0, len);\n}\n\nexport default function requestId(req: Request, res: Response, next: NextFunction) {\n const headerId = (req.headers[REQUEST_ID_HEADER] || req.headers[REQUEST_ID_HEADER_ALT]) as\n | string\n | undefined;\n\n // ✅ estándar único: usa UUID (o cambia a nanoidLike() si prefieres corto)\n const id = headerId?.trim() || randomUUID();\n\n // ✅ estándar único (no legacy)\n (req as any).requestId = id;\n res.locals.requestId = id;\n\n // ✅ respuesta\n res.setHeader(RESPONSE_REQUEST_ID_HEADER, id);\n\n next();\n}\n","import type {Request, Response, NextFunction} from \"express\";\nimport fs from \"fs\";\nimport crypto from \"crypto\";\nimport {sendError} from \"./respond\";\nimport {HEADER_INTERNAL_API_KEY} from \"../headers\";\n\nfunction readSecretFile(path?: string): string | null {\n if (!path) return null;\n try {\n const v = fs.readFileSync(path, \"utf8\").trim();\n return v.length ? v : null;\n } catch {\n return null;\n }\n}\n\nfunction splitKeys(v?: string | null): string[] {\n if (!v) return [];\n return v.split(\",\").map((s) => s.trim()).filter(Boolean);\n}\n\nfunction getExpectedKeys(): string[] {\n const fileKey = readSecretFile(process.env.INTERNAL_API_KEY_FILE);\n const envKey = (process.env.INTERNAL_API_KEY || \"\").trim();\n const raw = fileKey || envKey;\n return splitKeys(raw);\n}\n\nfunction extractToken(req: Request): string | null {\n const apiKey = (req.header(HEADER_INTERNAL_API_KEY) || \"\").trim();\n return apiKey || null;\n}\n\nfunction safeEquals(a: string, b: string): boolean {\n const aa = Buffer.from(a);\n const bb = Buffer.from(b);\n if (aa.length !== bb.length) return false;\n return crypto.timingSafeEqual(aa, bb);\n}\n\nexport default function internalAuth(req: Request, res: Response, next: NextFunction) {\n const token = extractToken(req);\n\n if (!token) {\n return sendError(req, res, 401, \"UNAUTHORIZED\", `Missing internal api key (${HEADER_INTERNAL_API_KEY})`);\n }\n\n const expectedKeys = getExpectedKeys();\n if (expectedKeys.length === 0) {\n return sendError(\n req,\n res,\n 500,\n \"MISCONFIGURED_INTERNAL_AUTH\",\n \"Internal api key not configured (INTERNAL_API_KEY or INTERNAL_API_KEY_FILE)\"\n );\n }\n\n const ok = expectedKeys.some((k) => safeEquals(token, k));\n if (!ok) {\n return sendError(req, res, 403, \"FORBIDDEN\", \"Invalid internal api key\");\n }\n\n return next();\n}\n","// packages/sdk/src/middleware/respond.ts\nimport type {Request, Response} from \"express\";\n\nexport function sendOk<T>(_req: Request, res: Response, data: T, statusCode = 200) {\n return res.status(statusCode).json({ok: true, data, requestId: res.locals?.requestId ?? null});\n}\n\nexport function sendError(\n _req: Request,\n res: Response,\n statusCode: number,\n code: string,\n message: string,\n details?: any\n) {\n return res.status(statusCode).json({\n ok: false,\n error: {code, message, ...(details !== undefined ? {details} : {})},\n requestId: res.locals?.requestId ?? null,\n });\n}\n","import type {Request, Response, NextFunction} from \"express\";\nimport {sendError} from \"./respond\";\n\ntype AuthRole = string | { code?: string; name?: string };\ntype AuthPermission = string | { code?: string; name?: string };\n\ntype AuthShape = {\n roles?: AuthRole[];\n permissions?: AuthPermission[];\n denied_permissions?: AuthPermission[];\n};\n\nfunction getAuth(req: Request): AuthShape {\n return ((req as any).auth ?? {}) as AuthShape;\n}\n\nfunction hasAuthContext(req: Request): boolean {\n return !!(req as any).auth;\n}\n\nfunction normalizeCode(v: any): string | null {\n if (!v) return null;\n if (typeof v === \"string\") return v;\n if (typeof v === \"object\") return v.code || v.name || null;\n return null;\n}\n\nfunction rolesSet(auth: AuthShape): Set<string> {\n const out = new Set<string>();\n for (const r of auth.roles || []) {\n const c = normalizeCode(r);\n if (c) out.add(c);\n }\n return out;\n}\n\nfunction permsSet(list?: AuthPermission[]): Set<string> {\n const out = new Set<string>();\n for (const p of list || []) {\n const c = normalizeCode(p);\n if (c) out.add(c);\n }\n return out;\n}\n\nexport function requireAuthContext() {\n return (req: Request, res: Response, next: NextFunction) => {\n if (!hasAuthContext(req)) {\n return sendError(req, res, 401, \"UNAUTHORIZED\", \"Missing auth context\");\n }\n return next();\n };\n}\n\nfunction isSysAdmin(auth: AuthShape, sysAdminRole: string) {\n const have = rolesSet(auth);\n return have.has(sysAdminRole);\n}\n\nexport function requirePermissions(\n perms: string[],\n options?: { sysAdminBypass?: boolean; sysAdminRole?: string }\n) {\n const sysAdminBypass = options?.sysAdminBypass !== false;\n const sysAdminRole = options?.sysAdminRole || \"SYS_ADMIN\";\n\n return (req: Request, res: Response, next: NextFunction) => {\n if (!hasAuthContext(req)) {\n return sendError(req, res, 401, \"UNAUTHORIZED\", \"Missing auth context\");\n }\n\n const auth = getAuth(req);\n\n if (sysAdminBypass && isSysAdmin(auth, sysAdminRole)) return next();\n\n const allow = permsSet(auth.permissions);\n const deny = permsSet(auth.denied_permissions);\n\n for (const p of perms) {\n if (deny.has(p)) {\n return sendError(req, res, 403, \"FORBIDDEN\", `Denied permission: ${p}`, {\n denied: p,\n });\n }\n }\n\n const missing = perms.filter((p) => !allow.has(p));\n if (missing.length) {\n return sendError(req, res, 403, \"FORBIDDEN\", \"Missing permissions\", {\n missing,\n mode: \"ALL\",\n });\n }\n\n return next();\n };\n}\n\nexport function requireAnyPermission(\n perms: string[],\n options?: { sysAdminBypass?: boolean; sysAdminRole?: string }\n) {\n const sysAdminBypass = options?.sysAdminBypass !== false;\n const sysAdminRole = options?.sysAdminRole || \"SYS_ADMIN\";\n\n return (req: Request, res: Response, next: NextFunction) => {\n if (!hasAuthContext(req)) {\n return sendError(req, res, 401, \"UNAUTHORIZED\", \"Missing auth context\");\n }\n\n const auth = getAuth(req);\n\n if (sysAdminBypass && isSysAdmin(auth, sysAdminRole)) return next();\n\n const allow = permsSet(auth.permissions);\n const deny = permsSet(auth.denied_permissions);\n\n for (const p of perms) {\n if (deny.has(p)) {\n return sendError(req, res, 403, \"FORBIDDEN\", `Denied permission: ${p}`, {\n denied: p,\n });\n }\n }\n\n const ok = perms.some((p) => allow.has(p));\n if (!ok) {\n return sendError(req, res, 403, \"FORBIDDEN\", \"Permission denied\", {\n required: perms,\n mode: \"ANY\",\n });\n }\n\n return next();\n };\n}\n\nexport function requireRoles(\n roles: string[],\n options?: { sysAdminBypass?: boolean; sysAdminRole?: string }\n) {\n const sysAdminBypass = options?.sysAdminBypass !== false;\n const sysAdminRole = options?.sysAdminRole || \"SYS_ADMIN\";\n\n return (req: Request, res: Response, next: NextFunction) => {\n if (!hasAuthContext(req)) {\n return sendError(req, res, 401, \"UNAUTHORIZED\", \"Missing auth context\");\n }\n\n const auth = getAuth(req);\n\n if (sysAdminBypass && isSysAdmin(auth, sysAdminRole)) return next();\n\n const have = rolesSet(auth);\n if (!roles.some((r) => have.has(r))) {\n return sendError(req, res, 403, \"FORBIDDEN\", \"Role not allowed\", {\n required: roles,\n mode: \"ANY\",\n });\n }\n\n return next();\n };\n}\n\nexport function requireRolesOrAnyPermission(\n roles: string[],\n perms: string[],\n options?: { sysAdminBypass?: boolean; sysAdminRole?: string }\n) {\n const sysAdminBypass = options?.sysAdminBypass !== false;\n const sysAdminRole = options?.sysAdminRole || \"SYS_ADMIN\";\n\n return (req: Request, res: Response, next: NextFunction) => {\n if (!hasAuthContext(req)) {\n return sendError(req, res, 401, \"UNAUTHORIZED\", \"Missing auth context\");\n }\n\n const auth = getAuth(req);\n\n if (sysAdminBypass && isSysAdmin(auth, sysAdminRole)) return next();\n\n const haveRoles = rolesSet(auth);\n const allow = permsSet(auth.permissions);\n const deny = permsSet(auth.denied_permissions);\n\n for (const p of perms) {\n if (deny.has(p)) {\n return sendError(req, res, 403, \"FORBIDDEN\", `Denied permission: ${p}`, {\n denied: p,\n });\n }\n }\n\n const okRole = roles.some((r) => haveRoles.has(r));\n const okPerm = perms.some((p) => allow.has(p));\n\n if (!okRole && !okPerm) {\n return sendError(req, res, 403, \"FORBIDDEN\", \"Access denied\", {\n roles,\n permissions: perms,\n mode: \"ROLES_OR_PERMS_ANY\",\n });\n }\n\n return next();\n };\n}\n","import type {Request, Response, NextFunction, RequestHandler} from \"express\";\nimport parseHeaders from \"./parseHeaders\";\nimport {sendError} from \"./respond\";\n\ntype RoleShape = string | { code?: string; name?: string };\ntype PermShape = string | { code?: string; name?: string };\n\ntype GuardOptions = {\n /**\n * Middleware(s) de autenticación del microservicio.\n * Ej:\n * allowSysAdminOrAnyPermission([\"sale.read\"], { auth: authEmployeeRequired })\n */\n auth?: RequestHandler | RequestHandler[];\n\n /**\n * Si true, agrega parseHeaders automáticamente.\n * Default: true\n */\n includeParseHeaders?: boolean;\n\n /**\n * Rol que representa SysAdmin.\n * Default: SYS_ADMIN\n */\n sysAdminRole?: string;\n\n /**\n * Si false, desactiva bypass por SysAdmin.\n * Default: true\n */\n sysAdminBypass?: boolean;\n};\n\nfunction normalizeRole(r: RoleShape): string | null {\n if (!r) return null;\n if (typeof r === \"string\") return r;\n return r.code || r.name || null;\n}\n\nfunction normalizePerm(p: PermShape): string | null {\n if (!p) return null;\n if (typeof p === \"string\") return p;\n return p.code || p.name || null;\n}\n\nfunction getAuth(req: Request) {\n return ((req as any).auth ?? {}) as {\n roles?: RoleShape[];\n permissions?: PermShape[];\n denied_permissions?: PermShape[];\n };\n}\n\nfunction roleSet(auth: ReturnType<typeof getAuth>) {\n return new Set<string>(\n (auth.roles ?? []).map(normalizeRole).filter(Boolean) as string[]\n );\n}\n\nfunction permissionSets(auth: ReturnType<typeof getAuth>) {\n const allow = new Set<string>(\n (auth.permissions ?? []).map(normalizePerm).filter(Boolean) as string[]\n );\n const deny = new Set<string>(\n (auth.denied_permissions ?? []).map(normalizePerm).filter(Boolean) as string[]\n );\n return {allow, deny};\n}\n\nfunction normalizeHandlers(auth?: RequestHandler | RequestHandler[]): RequestHandler[] {\n if (!auth) return [];\n return Array.isArray(auth) ? auth : [auth];\n}\n\nfunction buildBaseChain(options?: GuardOptions): RequestHandler[] {\n const chain: RequestHandler[] = [];\n\n if (options?.includeParseHeaders !== false) {\n chain.push(parseHeaders);\n }\n\n chain.push(...normalizeHandlers(options?.auth));\n\n return chain;\n}\n\nfunction hasSysAdmin(auth: ReturnType<typeof getAuth>, options?: GuardOptions): boolean {\n const sysAdminBypass = options?.sysAdminBypass !== false;\n if (!sysAdminBypass) return false;\n\n const sysAdminRole = options?.sysAdminRole || \"SYS_ADMIN\";\n return roleSet(auth).has(sysAdminRole);\n}\n\n/**\n * Exige que exista req.auth.\n * Útil cuando auth ya fue montado antes y quieres validar contexto.\n */\nexport function requireAuthContext(options?: GuardOptions): RequestHandler[] {\n return [\n ...buildBaseChain(options),\n (req: Request, res: Response, next: NextFunction) => {\n if (!(req as any).auth) {\n return sendError(req, res, 401, \"UNAUTHORIZED\", \"Missing auth context\");\n }\n return next();\n },\n ];\n}\n\n/**\n * SYS_ADMIN bypass OR ANY permission\n */\nexport function allowSysAdminOrAnyPermission(\n perms: string[] | string,\n options?: GuardOptions\n): RequestHandler[] {\n const required = (Array.isArray(perms) ? perms : [perms]).filter(Boolean);\n\n return [\n ...buildBaseChain(options),\n (req: Request, res: Response, next: NextFunction) => {\n const auth = getAuth(req);\n\n if (hasSysAdmin(auth, options)) return next();\n\n const {allow, deny} = permissionSets(auth);\n\n for (const p of required) {\n if (deny.has(p)) {\n return sendError(req, res, 403, \"FORBIDDEN\", `Denied permission: ${p}`, {\n denied: p,\n });\n }\n }\n\n const ok = required.some((p) => allow.has(p));\n if (!ok) {\n return sendError(req, res, 403, \"FORBIDDEN\", \"Missing permissions (ANY)\", {\n required,\n mode: \"ANY\",\n });\n }\n\n return next();\n },\n ];\n}\n\n/**\n * SYS_ADMIN bypass OR ALL permissions\n */\nexport function allowSysAdminOrPermissionsAll(\n perms: string[] | string,\n options?: GuardOptions\n): RequestHandler[] {\n const required = (Array.isArray(perms) ? perms : [perms]).filter(Boolean);\n\n return [\n ...buildBaseChain(options),\n (req: Request, res: Response, next: NextFunction) => {\n const auth = getAuth(req);\n\n if (hasSysAdmin(auth, options)) return next();\n\n const {allow, deny} = permissionSets(auth);\n\n for (const p of required) {\n if (deny.has(p)) {\n return sendError(req, res, 403, \"FORBIDDEN\", `Denied permission: ${p}`, {\n denied: p,\n });\n }\n }\n\n const missing = required.filter((p) => !allow.has(p));\n if (missing.length) {\n return sendError(req, res, 403, \"FORBIDDEN\", \"Missing permissions (ALL)\", {\n required,\n missing,\n mode: \"ALL\",\n });\n }\n\n return next();\n },\n ];\n}\n\n/**\n * SYS_ADMIN bypass OR ANY role\n */\nexport function allowSysAdminOrRoles(\n roles: string[] | string,\n options?: GuardOptions\n): RequestHandler[] {\n const required = (Array.isArray(roles) ? roles : [roles]).filter(Boolean);\n\n return [\n ...buildBaseChain(options),\n (req: Request, res: Response, next: NextFunction) => {\n const auth = getAuth(req);\n\n if (hasSysAdmin(auth, options)) return next();\n\n const have = roleSet(auth);\n const ok = required.some((r) => have.has(r));\n\n if (!ok) {\n return sendError(req, res, 403, \"FORBIDDEN\", \"Role not allowed\", {\n required,\n mode: \"ANY\",\n });\n }\n\n return next();\n },\n ];\n}\n\n/**\n * SYS_ADMIN bypass OR (roles ANY) OR (permissions ANY)\n * denied_permissions siempre gana\n */\nexport function allowSysAdminOrRolesOrAnyPermission(\n roles: string | string[],\n permissions: string | string[],\n options?: GuardOptions\n): RequestHandler[] {\n const requiredRoles = (Array.isArray(roles) ? roles : [roles]).filter(Boolean);\n const requiredPerms = (Array.isArray(permissions) ? permissions : [permissions]).filter(Boolean);\n\n return [\n ...buildBaseChain(options),\n (req: Request, res: Response, next: NextFunction) => {\n const auth = getAuth(req);\n\n if (hasSysAdmin(auth, options)) return next();\n\n const {allow, deny} = permissionSets(auth);\n const haveRoles = roleSet(auth);\n\n for (const p of requiredPerms) {\n if (deny.has(p)) {\n return sendError(req, res, 403, \"FORBIDDEN\", `Denied permission: ${p}`, {\n denied: p,\n });\n }\n }\n\n const okRole = requiredRoles.some((r) => haveRoles.has(r));\n if (okRole) return next();\n\n const okPerm = requiredPerms.some((p) => allow.has(p));\n if (okPerm) return next();\n\n return sendError(req, res, 403, \"FORBIDDEN\", \"Permission denied\", {\n roles: requiredRoles,\n permissions: requiredPerms,\n mode: \"ROLES_OR_ANY_PERMISSION\",\n });\n },\n ];\n}\n\n/**\n * Helper típico para AUTH backoffice\n */\nexport function allowAuthAdminOrPerm(\n permission: string,\n options?: GuardOptions\n): RequestHandler[] {\n return allowSysAdminOrRolesOrAnyPermission([\"AUTH_ADMIN\"], [permission], options);\n}\n"],"mappings":";;;;;;AAUe,SAAR,aAA8B,KAAc,MAAgB,MAAoB;AACnF,EAAC,IAAY,UAAU,6BAA6B,IAAI,OAAc;AACtE,OAAK;AACT;;;ACXA,SAAQ,YAAY,mBAAkB;AAE/B,IAAM,oBAAoB;AAC1B,IAAM,wBAAwB;AAC9B,IAAM,6BAA6B;AAO3B,SAAR,UAA2B,KAAc,KAAe,MAAoB;AAC/E,QAAM,WAAY,IAAI,QAAQ,iBAAiB,KAAK,IAAI,QAAQ,qBAAqB;AAKrF,QAAM,KAAK,UAAU,KAAK,KAAK,WAAW;AAG1C,EAAC,IAAY,YAAY;AACzB,MAAI,OAAO,YAAY;AAGvB,MAAI,UAAU,4BAA4B,EAAE;AAE5C,OAAK;AACT;;;AC5BA,OAAO,QAAQ;AACf,OAAO,YAAY;;;ACCZ,SAAS,OAAU,MAAe,KAAe,MAAS,aAAa,KAAK;AAC/E,SAAO,IAAI,OAAO,UAAU,EAAE,KAAK,EAAC,IAAI,MAAM,MAAM,WAAW,IAAI,QAAQ,aAAa,KAAI,CAAC;AACjG;AAEO,SAAS,UACZ,MACA,KACA,YACA,MACA,SACA,SACF;AACE,SAAO,IAAI,OAAO,UAAU,EAAE,KAAK;AAAA,IAC/B,IAAI;AAAA,IACJ,OAAO,EAAC,MAAM,SAAS,GAAI,YAAY,SAAY,EAAC,QAAO,IAAI,CAAC,EAAE;AAAA,IAClE,WAAW,IAAI,QAAQ,aAAa;AAAA,EACxC,CAAC;AACL;;;ADdA,SAAS,eAAe,MAA8B;AAClD,MAAI,CAAC,KAAM,QAAO;AAClB,MAAI;AACA,UAAM,IAAI,GAAG,aAAa,MAAM,MAAM,EAAE,KAAK;AAC7C,WAAO,EAAE,SAAS,IAAI;AAAA,EAC1B,QAAQ;AACJ,WAAO;AAAA,EACX;AACJ;AAEA,SAAS,UAAU,GAA6B;AAC5C,MAAI,CAAC,EAAG,QAAO,CAAC;AAChB,SAAO,EAAE,MAAM,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,OAAO;AAC3D;AAEA,SAAS,kBAA4B;AACjC,QAAM,UAAU,eAAe,QAAQ,IAAI,qBAAqB;AAChE,QAAM,UAAU,QAAQ,IAAI,oBAAoB,IAAI,KAAK;AACzD,QAAM,MAAM,WAAW;AACvB,SAAO,UAAU,GAAG;AACxB;AAEA,SAAS,aAAa,KAA6B;AAC/C,QAAM,UAAU,IAAI,OAAO,uBAAuB,KAAK,IAAI,KAAK;AAChE,SAAO,UAAU;AACrB;AAEA,SAAS,WAAW,GAAW,GAAoB;AAC/C,QAAM,KAAK,OAAO,KAAK,CAAC;AACxB,QAAM,KAAK,OAAO,KAAK,CAAC;AACxB,MAAI,GAAG,WAAW,GAAG,OAAQ,QAAO;AACpC,SAAO,OAAO,gBAAgB,IAAI,EAAE;AACxC;AAEe,SAAR,aAA8B,KAAc,KAAe,MAAoB;AAClF,QAAM,QAAQ,aAAa,GAAG;AAE9B,MAAI,CAAC,OAAO;AACR,WAAO,UAAU,KAAK,KAAK,KAAK,gBAAgB,6BAA6B,uBAAuB,GAAG;AAAA,EAC3G;AAEA,QAAM,eAAe,gBAAgB;AACrC,MAAI,aAAa,WAAW,GAAG;AAC3B,WAAO;AAAA,MACH;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACJ;AAAA,EACJ;AAEA,QAAM,KAAK,aAAa,KAAK,CAAC,MAAM,WAAW,OAAO,CAAC,CAAC;AACxD,MAAI,CAAC,IAAI;AACL,WAAO,UAAU,KAAK,KAAK,KAAK,aAAa,0BAA0B;AAAA,EAC3E;AAEA,SAAO,KAAK;AAChB;;;AEpDA,SAAS,QAAQ,KAAyB;AACxC,SAAS,IAAY,QAAQ,CAAC;AAChC;AAEA,SAAS,eAAe,KAAuB;AAC7C,SAAO,CAAC,CAAE,IAAY;AACxB;AAEA,SAAS,cAAc,GAAuB;AAC5C,MAAI,CAAC,EAAG,QAAO;AACf,MAAI,OAAO,MAAM,SAAU,QAAO;AAClC,MAAI,OAAO,MAAM,SAAU,QAAO,EAAE,QAAQ,EAAE,QAAQ;AACtD,SAAO;AACT;AAEA,SAAS,SAAS,MAA8B;AAC9C,QAAM,MAAM,oBAAI,IAAY;AAC5B,aAAW,KAAK,KAAK,SAAS,CAAC,GAAG;AAChC,UAAM,IAAI,cAAc,CAAC;AACzB,QAAI,EAAG,KAAI,IAAI,CAAC;AAAA,EAClB;AACA,SAAO;AACT;AAEA,SAAS,SAAS,MAAsC;AACtD,QAAM,MAAM,oBAAI,IAAY;AAC5B,aAAW,KAAK,QAAQ,CAAC,GAAG;AAC1B,UAAM,IAAI,cAAc,CAAC;AACzB,QAAI,EAAG,KAAI,IAAI,CAAC;AAAA,EAClB;AACA,SAAO;AACT;AAEO,SAAS,qBAAqB;AACnC,SAAO,CAAC,KAAc,KAAe,SAAuB;AAC1D,QAAI,CAAC,eAAe,GAAG,GAAG;AACxB,aAAO,UAAU,KAAK,KAAK,KAAK,gBAAgB,sBAAsB;AAAA,IACxE;AACA,WAAO,KAAK;AAAA,EACd;AACF;AAEA,SAAS,WAAW,MAAiB,cAAsB;AACzD,QAAM,OAAO,SAAS,IAAI;AAC1B,SAAO,KAAK,IAAI,YAAY;AAC9B;AAEO,SAAS,mBACd,OACA,SACA;AACA,QAAM,iBAAiB,SAAS,mBAAmB;AACnD,QAAM,eAAe,SAAS,gBAAgB;AAE9C,SAAO,CAAC,KAAc,KAAe,SAAuB;AAC1D,QAAI,CAAC,eAAe,GAAG,GAAG;AACxB,aAAO,UAAU,KAAK,KAAK,KAAK,gBAAgB,sBAAsB;AAAA,IACxE;AAEA,UAAM,OAAO,QAAQ,GAAG;AAExB,QAAI,kBAAkB,WAAW,MAAM,YAAY,EAAG,QAAO,KAAK;AAElE,UAAM,QAAQ,SAAS,KAAK,WAAW;AACvC,UAAM,OAAO,SAAS,KAAK,kBAAkB;AAE7C,eAAW,KAAK,OAAO;AACrB,UAAI,KAAK,IAAI,CAAC,GAAG;AACf,eAAO,UAAU,KAAK,KAAK,KAAK,aAAa,sBAAsB,CAAC,IAAI;AAAA,UACtE,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAAA,IACF;AAEA,UAAM,UAAU,MAAM,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;AACjD,QAAI,QAAQ,QAAQ;AAClB,aAAO,UAAU,KAAK,KAAK,KAAK,aAAa,uBAAuB;AAAA,QAClE;AAAA,QACA,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAEA,WAAO,KAAK;AAAA,EACd;AACF;AAEO,SAAS,qBACd,OACA,SACA;AACA,QAAM,iBAAiB,SAAS,mBAAmB;AACnD,QAAM,eAAe,SAAS,gBAAgB;AAE9C,SAAO,CAAC,KAAc,KAAe,SAAuB;AAC1D,QAAI,CAAC,eAAe,GAAG,GAAG;AACxB,aAAO,UAAU,KAAK,KAAK,KAAK,gBAAgB,sBAAsB;AAAA,IACxE;AAEA,UAAM,OAAO,QAAQ,GAAG;AAExB,QAAI,kBAAkB,WAAW,MAAM,YAAY,EAAG,QAAO,KAAK;AAElE,UAAM,QAAQ,SAAS,KAAK,WAAW;AACvC,UAAM,OAAO,SAAS,KAAK,kBAAkB;AAE7C,eAAW,KAAK,OAAO;AACrB,UAAI,KAAK,IAAI,CAAC,GAAG;AACf,eAAO,UAAU,KAAK,KAAK,KAAK,aAAa,sBAAsB,CAAC,IAAI;AAAA,UACtE,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAAA,IACF;AAEA,UAAM,KAAK,MAAM,KAAK,CAAC,MAAM,MAAM,IAAI,CAAC,CAAC;AACzC,QAAI,CAAC,IAAI;AACP,aAAO,UAAU,KAAK,KAAK,KAAK,aAAa,qBAAqB;AAAA,QAChE,UAAU;AAAA,QACV,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAEA,WAAO,KAAK;AAAA,EACd;AACF;AAEO,SAAS,aACd,OACA,SACA;AACA,QAAM,iBAAiB,SAAS,mBAAmB;AACnD,QAAM,eAAe,SAAS,gBAAgB;AAE9C,SAAO,CAAC,KAAc,KAAe,SAAuB;AAC1D,QAAI,CAAC,eAAe,GAAG,GAAG;AACxB,aAAO,UAAU,KAAK,KAAK,KAAK,gBAAgB,sBAAsB;AAAA,IACxE;AAEA,UAAM,OAAO,QAAQ,GAAG;AAExB,QAAI,kBAAkB,WAAW,MAAM,YAAY,EAAG,QAAO,KAAK;AAElE,UAAM,OAAO,SAAS,IAAI;AAC1B,QAAI,CAAC,MAAM,KAAK,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,GAAG;AACnC,aAAO,UAAU,KAAK,KAAK,KAAK,aAAa,oBAAoB;AAAA,QAC/D,UAAU;AAAA,QACV,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAEA,WAAO,KAAK;AAAA,EACd;AACF;AAEO,SAAS,4BACd,OACA,OACA,SACA;AACA,QAAM,iBAAiB,SAAS,mBAAmB;AACnD,QAAM,eAAe,SAAS,gBAAgB;AAE9C,SAAO,CAAC,KAAc,KAAe,SAAuB;AAC1D,QAAI,CAAC,eAAe,GAAG,GAAG;AACxB,aAAO,UAAU,KAAK,KAAK,KAAK,gBAAgB,sBAAsB;AAAA,IACxE;AAEA,UAAM,OAAO,QAAQ,GAAG;AAExB,QAAI,kBAAkB,WAAW,MAAM,YAAY,EAAG,QAAO,KAAK;AAElE,UAAM,YAAY,SAAS,IAAI;AAC/B,UAAM,QAAQ,SAAS,KAAK,WAAW;AACvC,UAAM,OAAO,SAAS,KAAK,kBAAkB;AAE7C,eAAW,KAAK,OAAO;AACrB,UAAI,KAAK,IAAI,CAAC,GAAG;AACf,eAAO,UAAU,KAAK,KAAK,KAAK,aAAa,sBAAsB,CAAC,IAAI;AAAA,UACtE,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAAA,IACF;AAEA,UAAM,SAAS,MAAM,KAAK,CAAC,MAAM,UAAU,IAAI,CAAC,CAAC;AACjD,UAAM,SAAS,MAAM,KAAK,CAAC,MAAM,MAAM,IAAI,CAAC,CAAC;AAE7C,QAAI,CAAC,UAAU,CAAC,QAAQ;AACtB,aAAO,UAAU,KAAK,KAAK,KAAK,aAAa,iBAAiB;AAAA,QAC5D;AAAA,QACA,aAAa;AAAA,QACb,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAEA,WAAO,KAAK;AAAA,EACd;AACF;;;AC7KA,SAAS,cAAc,GAA6B;AAClD,MAAI,CAAC,EAAG,QAAO;AACf,MAAI,OAAO,MAAM,SAAU,QAAO;AAClC,SAAO,EAAE,QAAQ,EAAE,QAAQ;AAC7B;AAEA,SAAS,cAAc,GAA6B;AAClD,MAAI,CAAC,EAAG,QAAO;AACf,MAAI,OAAO,MAAM,SAAU,QAAO;AAClC,SAAO,EAAE,QAAQ,EAAE,QAAQ;AAC7B;AAEA,SAASA,SAAQ,KAAc;AAC7B,SAAS,IAAY,QAAQ,CAAC;AAKhC;AAEA,SAAS,QAAQ,MAAkC;AACjD,SAAO,IAAI;AAAA,KACR,KAAK,SAAS,CAAC,GAAG,IAAI,aAAa,EAAE,OAAO,OAAO;AAAA,EACtD;AACF;AAEA,SAAS,eAAe,MAAkC;AACxD,QAAM,QAAQ,IAAI;AAAA,KACf,KAAK,eAAe,CAAC,GAAG,IAAI,aAAa,EAAE,OAAO,OAAO;AAAA,EAC5D;AACA,QAAM,OAAO,IAAI;AAAA,KACd,KAAK,sBAAsB,CAAC,GAAG,IAAI,aAAa,EAAE,OAAO,OAAO;AAAA,EACnE;AACA,SAAO,EAAC,OAAO,KAAI;AACrB;AAEA,SAAS,kBAAkB,MAA4D;AACrF,MAAI,CAAC,KAAM,QAAO,CAAC;AACnB,SAAO,MAAM,QAAQ,IAAI,IAAI,OAAO,CAAC,IAAI;AAC3C;AAEA,SAAS,eAAe,SAA0C;AAChE,QAAM,QAA0B,CAAC;AAEjC,MAAI,SAAS,wBAAwB,OAAO;AAC1C,UAAM,KAAK,YAAY;AAAA,EACzB;AAEA,QAAM,KAAK,GAAG,kBAAkB,SAAS,IAAI,CAAC;AAE9C,SAAO;AACT;AAEA,SAAS,YAAY,MAAkC,SAAiC;AACtF,QAAM,iBAAiB,SAAS,mBAAmB;AACnD,MAAI,CAAC,eAAgB,QAAO;AAE5B,QAAM,eAAe,SAAS,gBAAgB;AAC9C,SAAO,QAAQ,IAAI,EAAE,IAAI,YAAY;AACvC;AAqBO,SAAS,6BACd,OACA,SACkB;AAClB,QAAM,YAAY,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC,KAAK,GAAG,OAAO,OAAO;AAExE,SAAO;AAAA,IACL,GAAG,eAAe,OAAO;AAAA,IACzB,CAAC,KAAc,KAAe,SAAuB;AACnD,YAAM,OAAOC,SAAQ,GAAG;AAExB,UAAI,YAAY,MAAM,OAAO,EAAG,QAAO,KAAK;AAE5C,YAAM,EAAC,OAAO,KAAI,IAAI,eAAe,IAAI;AAEzC,iBAAW,KAAK,UAAU;AACxB,YAAI,KAAK,IAAI,CAAC,GAAG;AACf,iBAAO,UAAU,KAAK,KAAK,KAAK,aAAa,sBAAsB,CAAC,IAAI;AAAA,YACtE,QAAQ;AAAA,UACV,CAAC;AAAA,QACH;AAAA,MACF;AAEA,YAAM,KAAK,SAAS,KAAK,CAAC,MAAM,MAAM,IAAI,CAAC,CAAC;AAC5C,UAAI,CAAC,IAAI;AACP,eAAO,UAAU,KAAK,KAAK,KAAK,aAAa,6BAA6B;AAAA,UACxE;AAAA,UACA,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAEA,aAAO,KAAK;AAAA,IACd;AAAA,EACF;AACF;AAKO,SAAS,8BACd,OACA,SACkB;AAClB,QAAM,YAAY,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC,KAAK,GAAG,OAAO,OAAO;AAExE,SAAO;AAAA,IACL,GAAG,eAAe,OAAO;AAAA,IACzB,CAAC,KAAc,KAAe,SAAuB;AACnD,YAAM,OAAOA,SAAQ,GAAG;AAExB,UAAI,YAAY,MAAM,OAAO,EAAG,QAAO,KAAK;AAE5C,YAAM,EAAC,OAAO,KAAI,IAAI,eAAe,IAAI;AAEzC,iBAAW,KAAK,UAAU;AACxB,YAAI,KAAK,IAAI,CAAC,GAAG;AACf,iBAAO,UAAU,KAAK,KAAK,KAAK,aAAa,sBAAsB,CAAC,IAAI;AAAA,YACtE,QAAQ;AAAA,UACV,CAAC;AAAA,QACH;AAAA,MACF;AAEA,YAAM,UAAU,SAAS,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;AACpD,UAAI,QAAQ,QAAQ;AAClB,eAAO,UAAU,KAAK,KAAK,KAAK,aAAa,6BAA6B;AAAA,UACxE;AAAA,UACA;AAAA,UACA,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAEA,aAAO,KAAK;AAAA,IACd;AAAA,EACF;AACF;AAKO,SAAS,qBACd,OACA,SACkB;AAClB,QAAM,YAAY,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC,KAAK,GAAG,OAAO,OAAO;AAExE,SAAO;AAAA,IACL,GAAG,eAAe,OAAO;AAAA,IACzB,CAAC,KAAc,KAAe,SAAuB;AACnD,YAAM,OAAOA,SAAQ,GAAG;AAExB,UAAI,YAAY,MAAM,OAAO,EAAG,QAAO,KAAK;AAE5C,YAAM,OAAO,QAAQ,IAAI;AACzB,YAAM,KAAK,SAAS,KAAK,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC;AAE3C,UAAI,CAAC,IAAI;AACP,eAAO,UAAU,KAAK,KAAK,KAAK,aAAa,oBAAoB;AAAA,UAC/D;AAAA,UACA,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAEA,aAAO,KAAK;AAAA,IACd;AAAA,EACF;AACF;AAMO,SAAS,oCACd,OACA,aACA,SACkB;AAClB,QAAM,iBAAiB,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC,KAAK,GAAG,OAAO,OAAO;AAC7E,QAAM,iBAAiB,MAAM,QAAQ,WAAW,IAAI,cAAc,CAAC,WAAW,GAAG,OAAO,OAAO;AAE/F,SAAO;AAAA,IACL,GAAG,eAAe,OAAO;AAAA,IACzB,CAAC,KAAc,KAAe,SAAuB;AACnD,YAAM,OAAOA,SAAQ,GAAG;AAExB,UAAI,YAAY,MAAM,OAAO,EAAG,QAAO,KAAK;AAE5C,YAAM,EAAC,OAAO,KAAI,IAAI,eAAe,IAAI;AACzC,YAAM,YAAY,QAAQ,IAAI;AAE9B,iBAAW,KAAK,eAAe;AAC7B,YAAI,KAAK,IAAI,CAAC,GAAG;AACf,iBAAO,UAAU,KAAK,KAAK,KAAK,aAAa,sBAAsB,CAAC,IAAI;AAAA,YACtE,QAAQ;AAAA,UACV,CAAC;AAAA,QACH;AAAA,MACF;AAEA,YAAM,SAAS,cAAc,KAAK,CAAC,MAAM,UAAU,IAAI,CAAC,CAAC;AACzD,UAAI,OAAQ,QAAO,KAAK;AAExB,YAAM,SAAS,cAAc,KAAK,CAAC,MAAM,MAAM,IAAI,CAAC,CAAC;AACrD,UAAI,OAAQ,QAAO,KAAK;AAExB,aAAO,UAAU,KAAK,KAAK,KAAK,aAAa,qBAAqB;AAAA,QAChE,OAAO;AAAA,QACP,aAAa;AAAA,QACb,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAKO,SAAS,qBACd,YACA,SACkB;AAClB,SAAO,oCAAoC,CAAC,YAAY,GAAG,CAAC,UAAU,GAAG,OAAO;AAClF;","names":["getAuth","getAuth"]}
|
package/dist/express.d.cts
CHANGED
package/dist/express.d.ts
CHANGED