@lastshotlabs/bunshot 0.0.18 → 0.0.20

package/dist/entrypoints/mongo.d.ts

@@ -1,3 +1,5 @@
 export { connectMongo, connectAuthMongo, connectAppMongo, disconnectMongo, authConnection, appConnection, mongoose } from "../lib/mongo";
 export { mongoAuthAdapter } from "../adapters/mongoAuth";
 export { AuthUser } from "../models/AuthUser";
+export { zodToMongoose } from "../lib/zodToMongoose";
+export type { ZodToMongooseConfig, ZodToMongooseRefConfig } from "../lib/zodToMongoose";

package/dist/entrypoints/mongo.js

@@ -1,3 +1,4 @@
 export { connectMongo, connectAuthMongo, connectAppMongo, disconnectMongo, authConnection, appConnection, mongoose } from "../lib/mongo";
 export { mongoAuthAdapter } from "../adapters/mongoAuth";
 export { AuthUser } from "../models/AuthUser";
+export { zodToMongoose } from "../lib/zodToMongoose";

package/dist/lib/zodToMongoose.d.ts

@@ -1,4 +1,4 @@
-import { Schema } from "mongoose";
+import type { Schema as SchemaType } from "mongoose";
 type ZodSchema = any;
 export type ZodToMongooseRefConfig = {
     /** DB field name (e.g., "account") */
@@ -14,7 +14,7 @@ export type ZodToMongooseConfig = {
     /** Override Mongoose type for specific fields (e.g., { date: { type: Date, required: true } }) */
     typeOverrides?: Record<string, unknown>;
     /** Subdocument array fields: { items: mongooseSubSchema } */
-    subdocSchemas?: Record<string, Schema>;
+    subdocSchemas?: Record<string, SchemaType>;
 };
 /**
  * Derive a Mongoose SchemaDefinition from a Zod object schema.

package/dist/lib/zodToMongoose.js

@@ -1,4 +1,4 @@
-import { Schema } from "mongoose";
+import { mongoose } from "./mongo";
 /** Unwrap nullable, optional, and default wrappers to get the core Zod type */
 function unwrap(zodType) {
     let t = zodType;
@@ -22,6 +22,10 @@ function unwrap(zodType) {
     }
     return { core: t, required };
 }
+/** Lazily access the Mongoose Schema class (avoids top-level require of mongoose) */
+function getSchema() {
+    return mongoose.Schema;
+}
 /** Convert a single Zod type to a Mongoose field definition */
 function toMongooseField(zodType) {
     const { core, required } = unwrap(zodType);
@@ -36,7 +40,7 @@ function toMongooseField(zodType) {
         return { type: Date, required };
     if (defType === "enum")
         return { type: String, enum: core.options, required };
-    return { type: Schema.Types.Mixed, required };
+    return { type: getSchema().Types.Mixed, required };
 }
 /**
  * Derive a Mongoose SchemaDefinition from a Zod object schema.
@@ -64,7 +68,7 @@ export function zodToMongoose(zodSchema, config = {}) {
             continue;
         if (config.refs?.[apiField]) {
             const { dbField, ref } = config.refs[apiField];
-            fields[dbField] = { type: Schema.Types.ObjectId, ref, required: true };
+            fields[dbField] = { type: getSchema().Types.ObjectId, ref, required: true };
             continue;
         }
         if (config.typeOverrides?.[apiField]) {

package/dist/middleware/cors.js

@@ -15,17 +15,32 @@ export const cors = async (req, next) => {
 };
 function corsHeaders(requestOrigin) {
     let allowOrigin;
+    let withCredentials = false;
     if (_allowedOrigins === "*") {
         allowOrigin = "*";
     }
     else {
         const origins = Array.isArray(_allowedOrigins) ? _allowedOrigins : [_allowedOrigins];
-        allowOrigin = requestOrigin && origins.includes(requestOrigin) ? requestOrigin : origins[0];
+        // Filter out "*" — wildcard is incompatible with credentials
+        const specific = origins.filter((o) => o !== "*");
+        if (requestOrigin && specific.includes(requestOrigin)) {
+            allowOrigin = requestOrigin;
+            withCredentials = true;
+        }
+        else if (origins.includes("*")) {
+            // Fallback: reflect the request origin so credentials still work
+            allowOrigin = requestOrigin ?? "*";
+            withCredentials = !!requestOrigin;
+        }
+        else {
+            allowOrigin = specific[0] ?? "*";
+        }
     }
     return {
         "Access-Control-Allow-Origin": allowOrigin,
         "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
-        "Access-Control-Allow-Headers": "Content-Type, Authorization",
+        "Access-Control-Allow-Headers": "Content-Type, Authorization, x-user-token, x-csrf-token, x-refresh-token",
+        ...(withCredentials ? { "Access-Control-Allow-Credentials": "true" } : {}),
         ...(allowOrigin !== "*" ? { Vary: "Origin" } : {}),
     };
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lastshotlabs/bunshot",
-  "version": "0.0.18",
+  "version": "0.0.20",
   "description": "Batteries-included Bun + Hono API framework — auth, sessions, rate limiting, WebSocket, queues, and OpenAPI docs out of the box",
   "repository": {
     "type": "git",
@@ -52,7 +52,8 @@
     "start": "bun src/index.ts",
     "readme": "bun docs/build-readme.ts",
     "readme:npm": "bun docs/build-readme.ts npm",
-    "test": "bun test tests/unit tests/integration",
+    "test": "bun test tests/unit tests/integration && bun test tests/isolated",
+    "test:isolated": "bun test tests/isolated",
     "test:coverage": "bun test --coverage tests/unit tests/integration",
     "test:docker:up": "docker compose -f docker-compose.test.yml up -d --wait",
     "test:docker:down": "docker compose -f docker-compose.test.yml down",
@@ -61,6 +62,7 @@
     "test:coverage:full": "bun run test:docker:up && bun test --coverage --config bunfig.ci.toml tests/unit tests/integration tests/docker; bun run test:docker:down"
   },
   "dependencies": {
+    "@asteasolutions/zod-to-openapi": "^8.4.1",
     "@hono/zod-openapi": "1.2.2",
     "@scalar/hono-api-reference": "0.10.0",
     "arctic": "^3.7.0",