@lastshotlabs/bunshot 0.0.19 → 0.0.20

package/dist/entrypoints/mongo.d.ts

@@ -1,3 +1,5 @@
 export { connectMongo, connectAuthMongo, connectAppMongo, disconnectMongo, authConnection, appConnection, mongoose } from "../lib/mongo";
 export { mongoAuthAdapter } from "../adapters/mongoAuth";
 export { AuthUser } from "../models/AuthUser";
+export { zodToMongoose } from "../lib/zodToMongoose";
+export type { ZodToMongooseConfig, ZodToMongooseRefConfig } from "../lib/zodToMongoose";

package/dist/entrypoints/mongo.js

@@ -1,3 +1,4 @@
 export { connectMongo, connectAuthMongo, connectAppMongo, disconnectMongo, authConnection, appConnection, mongoose } from "../lib/mongo";
 export { mongoAuthAdapter } from "../adapters/mongoAuth";
 export { AuthUser } from "../models/AuthUser";
+export { zodToMongoose } from "../lib/zodToMongoose";

package/dist/middleware/cors.js

@@ -15,17 +15,32 @@ export const cors = async (req, next) => {
 };
 function corsHeaders(requestOrigin) {
     let allowOrigin;
+    let withCredentials = false;
     if (_allowedOrigins === "*") {
         allowOrigin = "*";
     }
     else {
         const origins = Array.isArray(_allowedOrigins) ? _allowedOrigins : [_allowedOrigins];
-        allowOrigin = requestOrigin && origins.includes(requestOrigin) ? requestOrigin : origins[0];
+        // Filter out "*" — wildcard is incompatible with credentials
+        const specific = origins.filter((o) => o !== "*");
+        if (requestOrigin && specific.includes(requestOrigin)) {
+            allowOrigin = requestOrigin;
+            withCredentials = true;
+        }
+        else if (origins.includes("*")) {
+            // Fallback: reflect the request origin so credentials still work
+            allowOrigin = requestOrigin ?? "*";
+            withCredentials = !!requestOrigin;
+        }
+        else {
+            allowOrigin = specific[0] ?? "*";
+        }
     }
     return {
         "Access-Control-Allow-Origin": allowOrigin,
         "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
-        "Access-Control-Allow-Headers": "Content-Type, Authorization",
+        "Access-Control-Allow-Headers": "Content-Type, Authorization, x-user-token, x-csrf-token, x-refresh-token",
+        ...(withCredentials ? { "Access-Control-Allow-Credentials": "true" } : {}),
         ...(allowOrigin !== "*" ? { Vary: "Origin" } : {}),
     };
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lastshotlabs/bunshot",
-  "version": "0.0.19",
+  "version": "0.0.20",
   "description": "Batteries-included Bun + Hono API framework — auth, sessions, rate limiting, WebSocket, queues, and OpenAPI docs out of the box",
   "repository": {
     "type": "git",
@@ -52,7 +52,8 @@
     "start": "bun src/index.ts",
     "readme": "bun docs/build-readme.ts",
     "readme:npm": "bun docs/build-readme.ts npm",
-    "test": "bun test tests/unit tests/integration",
+    "test": "bun test tests/unit tests/integration && bun test tests/isolated",
+    "test:isolated": "bun test tests/isolated",
     "test:coverage": "bun test --coverage tests/unit tests/integration",
     "test:docker:up": "docker compose -f docker-compose.test.yml up -d --wait",
     "test:docker:down": "docker compose -f docker-compose.test.yml down",
@@ -61,6 +62,7 @@
     "test:coverage:full": "bun run test:docker:up && bun test --coverage --config bunfig.ci.toml tests/unit tests/integration tests/docker; bun run test:docker:down"
   },
   "dependencies": {
+    "@asteasolutions/zod-to-openapi": "^8.4.1",
     "@hono/zod-openapi": "1.2.2",
     "@scalar/hono-api-reference": "0.10.0",
     "arctic": "^3.7.0",