@lastshotlabs/bunshot 0.0.21 → 0.0.27

package/dist/lib/session.js

@@ -1,8 +1,9 @@
 import { getRedis } from "./redis";
 import { appConnection, mongoose } from "./mongo";
 import { getAppName, getPersistSessionMetadata, getIncludeInactiveSessions, getRotationGraceSeconds, getRefreshTokenExpiry } from "./appConfig";
-import { sqliteCreateSession, sqliteGetSession, sqliteDeleteSession, sqliteGetUserSessions, sqliteGetActiveSessionCount, sqliteEvictOldestSession, sqliteUpdateSessionLastActive, sqliteSetRefreshToken, sqliteGetSessionByRefreshToken, sqliteRotateRefreshToken, } from "../adapters/sqliteAuth";
-import { memoryCreateSession, memoryGetSession, memoryDeleteSession, memoryGetUserSessions, memoryGetActiveSessionCount, memoryEvictOldestSession, memoryUpdateSessionLastActive, memorySetRefreshToken, memoryGetSessionByRefreshToken, memoryRotateRefreshToken, } from "../adapters/memoryAuth";
+import { timingSafeEqual } from "./crypto";
+import { sqliteCreateSession, sqliteGetSession, sqliteDeleteSession, sqliteGetUserSessions, sqliteGetActiveSessionCount, sqliteEvictOldestSession, sqliteUpdateSessionLastActive, sqliteSetRefreshToken, sqliteGetSessionByRefreshToken, sqliteRotateRefreshToken, sqliteGetSessionFingerprint, sqliteSetSessionFingerprint, sqliteGetMfaVerifiedAt, sqliteSetMfaVerifiedAt, } from "../adapters/sqliteAuth";
+import { memoryCreateSession, memoryGetSession, memoryDeleteSession, memoryGetUserSessions, memoryGetActiveSessionCount, memoryEvictOldestSession, memoryUpdateSessionLastActive, memorySetRefreshToken, memoryGetSessionByRefreshToken, memoryRotateRefreshToken, memoryGetSessionFingerprint, memorySetSessionFingerprint, memoryGetMfaVerifiedAt, memorySetMfaVerifiedAt, } from "../adapters/memoryAuth";
 function getSessionModel() {
     if (appConnection.models["Session"])
         return appConnection.models["Session"];
@@ -19,6 +20,8 @@ function getSessionModel() {
         refreshToken: { type: String, default: null },
         prevRefreshToken: { type: String, default: null },
         prevTokenExpiresAt: { type: Date, default: null },
+        fingerprint: { type: String, default: null },
+        mfaVerifiedAt: { type: Number, default: null },
     }, { collection: "sessions", timestamps: false });
     sessionSchema.index({ refreshToken: 1 }, { unique: true, partialFilterExpression: { refreshToken: { $type: "string" } } });
     // Add TTL index only when metadata is not persisted — docs auto-delete at expiresAt.
@@ -202,16 +205,16 @@ async function redisGetSessionByRefreshToken(refreshToken) {
         return null;
     const rec = JSON.parse(raw);
     // Current refresh token matches
-    if (rec.refreshToken === refreshToken) {
+    if (timingSafeEqual(rec.refreshToken ?? "", refreshToken)) {
         return { sessionId: rec.sessionId, userId: rec.userId, newRefreshToken: refreshToken };
     }
     // Check grace window: old token used within grace period
-    if (rec.prevRefreshToken === refreshToken && rec.prevTokenExpiresAt && rec.prevTokenExpiresAt > Date.now()) {
+    if (timingSafeEqual(rec.prevRefreshToken ?? "", refreshToken) && rec.prevTokenExpiresAt && rec.prevTokenExpiresAt > Date.now()) {
         // Return current refresh token — client missed the rotation response
         return { sessionId: rec.sessionId, userId: rec.userId, newRefreshToken: rec.refreshToken };
     }
     // Old token used after grace window — token family theft detected, invalidate session
-    if (rec.prevRefreshToken === refreshToken) {
+    if (timingSafeEqual(rec.prevRefreshToken ?? "", refreshToken)) {
         await redisDeleteSession(sessionId);
         return null;
     }
@@ -479,3 +482,116 @@ export const rotateRefreshToken = async (sessionId, newRefreshToken, newAccessTo
     }
     await mongoRotateRefreshToken(sessionId, newRefreshToken, newAccessToken);
 };
+// ---------------------------------------------------------------------------
+// Session fingerprint API (session binding feature)
+// ---------------------------------------------------------------------------
+/** Read the stored fingerprint for a session. Returns null if not yet set. */
+export const getSessionFingerprint = async (sessionId) => {
+    if (_store === "memory")
+        return memoryGetSessionFingerprint(sessionId);
+    if (_store === "sqlite")
+        return sqliteGetSessionFingerprint(sessionId);
+    if (_store === "redis") {
+        const redis = getRedis();
+        const raw = await redis.get(redisSessionKey(sessionId));
+        if (!raw)
+            return null;
+        const rec = JSON.parse(raw);
+        return rec.fingerprint ?? null;
+    }
+    // mongo
+    const doc = await getSessionModel().findOne({ sessionId }, "fingerprint").lean();
+    return doc?.fingerprint ?? null;
+};
+/** Store a fingerprint on an existing session. No-op if the session does not exist. */
+export const setSessionFingerprint = async (sessionId, fingerprint) => {
+    if (_store === "memory") {
+        memorySetSessionFingerprint(sessionId, fingerprint);
+        return;
+    }
+    if (_store === "sqlite") {
+        sqliteSetSessionFingerprint(sessionId, fingerprint);
+        return;
+    }
+    if (_store === "redis") {
+        const redis = getRedis();
+        const raw = await redis.get(redisSessionKey(sessionId));
+        if (!raw)
+            return;
+        const rec = JSON.parse(raw);
+        rec.fingerprint = fingerprint;
+        if (getPersistSessionMetadata()) {
+            await redis.set(redisSessionKey(sessionId), JSON.stringify(rec));
+        }
+        else {
+            const now = Date.now();
+            if (rec.expiresAt <= now)
+                return;
+            const ttlRemaining = Math.max(1, Math.ceil((rec.expiresAt - now) / 1000));
+            await redis.set(redisSessionKey(sessionId), JSON.stringify(rec), "EX", ttlRemaining);
+        }
+        return;
+    }
+    // mongo
+    await getSessionModel().updateOne({ sessionId }, { $set: { fingerprint } });
+};
+// ---------------------------------------------------------------------------
+// Step-up MFA API (mfaVerifiedAt)
+// ---------------------------------------------------------------------------
+/**
+ * Store the timestamp when MFA was last verified in the session metadata.
+ * Used by requireStepUp middleware.
+ */
+export const setMfaVerifiedAt = async (sessionId) => {
+    const now = Math.floor(Date.now() / 1000);
+    if (_store === "memory") {
+        memorySetMfaVerifiedAt(sessionId, now);
+        return;
+    }
+    if (_store === "sqlite") {
+        sqliteSetMfaVerifiedAt(sessionId, now);
+        return;
+    }
+    if (_store === "redis") {
+        const redis = getRedis();
+        const raw = await redis.get(redisSessionKey(sessionId));
+        if (!raw)
+            return;
+        const rec = JSON.parse(raw);
+        rec.mfaVerifiedAt = now;
+        if (getPersistSessionMetadata()) {
+            await redis.set(redisSessionKey(sessionId), JSON.stringify(rec));
+        }
+        else {
+            const nowMs = Date.now();
+            if (rec.expiresAt <= nowMs)
+                return;
+            const ttlRemaining = Math.max(1, Math.ceil((rec.expiresAt - nowMs) / 1000));
+            await redis.set(redisSessionKey(sessionId), JSON.stringify(rec), "EX", ttlRemaining);
+        }
+        return;
+    }
+    // mongo
+    await getSessionModel().updateOne({ sessionId }, { $set: { mfaVerifiedAt: now } });
+};
+/**
+ * Get the Unix timestamp (seconds) when MFA was last verified for this session.
+ * Returns null if MFA has never been verified or session not found.
+ */
+export const getMfaVerifiedAt = async (sessionId) => {
+    if (_store === "memory")
+        return memoryGetMfaVerifiedAt(sessionId);
+    if (_store === "sqlite")
+        return sqliteGetMfaVerifiedAt(sessionId);
+    if (_store === "redis") {
+        const redis = getRedis();
+        const raw = await redis.get(redisSessionKey(sessionId));
+        if (!raw)
+            return null;
+        const rec = JSON.parse(raw);
+        return rec.mfaVerifiedAt ?? null;
+    }
+    // mongo
+    const doc = await getSessionModel().findOne({ sessionId }, "mfaVerifiedAt").lean();
+    return doc?.mfaVerifiedAt ?? null;
+};

package/dist/lib/signing.d.ts

@@ -0,0 +1,52 @@
+/**
+ * Sign `data` with the active key (first element of `secret`).
+ * Normalizes string | string[] so that an array is never passed directly to
+ * createHmac() — which would silently call .toString() and produce
+ * "[object Array]" as the key.
+ */
+export declare function hmacSign(data: string, secret: string | string[]): string;
+/**
+ * Verify `sig` against `data` using one of the provided keys.
+ * Keys are tried newest-first (index 0 is the active signing key).
+ *
+ * Key ordering convention: put the current (newest) key first; rotated keys
+ * after. The common case (valid current-key signature) succeeds on the first
+ * comparison; old rotated keys only matter for in-flight tokens.
+ *
+ * MUST use timingSafeEqual — never === — to prevent timing side-channel leaks.
+ * This is the most common HMAC implementation mistake.
+ */
+export declare function hmacVerify(data: string, sig: string, secret: string | string[]): boolean;
+/** Returns `"base64url(value).hmac"`. */
+export declare function signCookieValue(value: string, secret: string | string[]): string;
+/** Returns the original value or `null` if the signature is invalid. */
+export declare function verifyCookieValue(signed: string, secret: string | string[]): string | null;
+/** Returns `"base64url(payload).hmac"`. */
+export declare function signCursor(payload: string, secret: string | string[]): string;
+/** Returns the original payload or `null` if the signature is invalid. */
+export declare function verifyCursor(cursor: string, secret: string | string[]): string | null;
+/**
+ * Create a stateless HMAC-signed URL. The signature covers the HTTP method,
+ * storage key, and expiry timestamp so that:
+ *  - Expired URLs are rejected (replay prevention)
+ *  - URLs are method-bound (a GET URL can't be replayed as a PUT)
+ *  - Tampering with the key or expiry invalidates the signature
+ *
+ * @param base   Base URL string (e.g. "https://api.example.com/uploads/presign")
+ * @param key    Storage object key
+ * @param opts   Method, expiry in seconds from now, optional extra query params
+ * @param secret HMAC secret (supports key rotation via string[])
+ */
+export declare function createPresignedUrl(base: string, key: string, opts: {
+    method: string;
+    expiry: number;
+    extra?: Record<string, string>;
+}, secret: string | string[]): string;
+/**
+ * Verify an HMAC-signed URL. Returns the key and any extra params, or null
+ * if the URL is expired, tampered, or method-mismatched.
+ */
+export declare function verifyPresignedUrl(url: string, method: string, secret: string | string[]): {
+    key: string;
+    extra?: Record<string, string>;
+} | null;

package/dist/lib/signing.js

@@ -0,0 +1,183 @@
+import { createHmac } from "crypto";
+import { timingSafeEqual } from "./crypto";
+// ---------------------------------------------------------------------------
+// Core HMAC primitives
+// ---------------------------------------------------------------------------
+/**
+ * Sign `data` with the active key (first element of `secret`).
+ * Normalizes string | string[] so that an array is never passed directly to
+ * createHmac() — which would silently call .toString() and produce
+ * "[object Array]" as the key.
+ */
+export function hmacSign(data, secret) {
+    const key = Array.isArray(secret) ? secret[0] : secret;
+    return createHmac("sha256", key).update(data).digest("hex");
+}
+/**
+ * Verify `sig` against `data` using one of the provided keys.
+ * Keys are tried newest-first (index 0 is the active signing key).
+ *
+ * Key ordering convention: put the current (newest) key first; rotated keys
+ * after. The common case (valid current-key signature) succeeds on the first
+ * comparison; old rotated keys only matter for in-flight tokens.
+ *
+ * MUST use timingSafeEqual — never === — to prevent timing side-channel leaks.
+ * This is the most common HMAC implementation mistake.
+ */
+export function hmacVerify(data, sig, secret) {
+    const keys = Array.isArray(secret) ? secret : [secret];
+    for (const key of keys) {
+        const expected = createHmac("sha256", key).update(data).digest("hex");
+        try {
+            if (timingSafeEqual(expected, sig))
+                return true;
+        }
+        catch {
+            // timingSafeEqual (src/lib/crypto.ts) handles length mismatches itself:
+            // it returns false rather than throwing, so this catch block is never
+            // reached under normal conditions. It is kept as a defensive no-op in
+            // case the underlying implementation changes in the future.
+        }
+    }
+    return false;
+}
+// ---------------------------------------------------------------------------
+// Cookie signing
+//
+// Value is base64url-encoded before appending ".sig" to avoid delimiter
+// collision — raw values may contain "." which would break naive
+// split-on-last-dot parsing.
+//
+// Edge case: base64url("") === "" so the signed form for an empty value is
+// ".sig". Split uses lastIndexOf("."), not indexOf("."), and dotIdx === 0
+// is treated as a valid (empty) value, not a parse error.
+// ---------------------------------------------------------------------------
+function toBase64url(s) {
+    return Buffer.from(s).toString("base64url");
+}
+function fromBase64url(s) {
+    return Buffer.from(s, "base64url").toString("utf8");
+}
+/** Returns `"base64url(value).hmac"`. */
+export function signCookieValue(value, secret) {
+    const encoded = toBase64url(value);
+    const sig = hmacSign(encoded, secret);
+    return `${encoded}.${sig}`;
+}
+/** Returns the original value or `null` if the signature is invalid. */
+export function verifyCookieValue(signed, secret) {
+    const dotIdx = signed.lastIndexOf(".");
+    // dotIdx === 0 is valid: empty encoded value (signed form ".sig")
+    if (dotIdx < 0)
+        return null;
+    const encoded = signed.slice(0, dotIdx);
+    const sig = signed.slice(dotIdx + 1);
+    if (!hmacVerify(encoded, sig, secret))
+        return null;
+    try {
+        return fromBase64url(encoded);
+    }
+    catch {
+        return null;
+    }
+}
+// ---------------------------------------------------------------------------
+// Cursor signing (same structure as cookie signing)
+// ---------------------------------------------------------------------------
+/** Returns `"base64url(payload).hmac"`. */
+export function signCursor(payload, secret) {
+    const encoded = toBase64url(payload);
+    const sig = hmacSign(encoded, secret);
+    return `${encoded}.${sig}`;
+}
+/** Returns the original payload or `null` if the signature is invalid. */
+export function verifyCursor(cursor, secret) {
+    const dotIdx = cursor.lastIndexOf(".");
+    if (dotIdx < 0)
+        return null;
+    const encoded = cursor.slice(0, dotIdx);
+    const sig = cursor.slice(dotIdx + 1);
+    if (!hmacVerify(encoded, sig, secret))
+        return null;
+    try {
+        return fromBase64url(encoded);
+    }
+    catch {
+        return null;
+    }
+}
+// ---------------------------------------------------------------------------
+// Presigned URLs
+//
+// Signing data = method + "\n" + key + "\n" + exp
+// Newline delimiter is safe: keys like "uploads/2024/photo.jpg" contain dots
+// but cannot contain newlines; method and exp never contain newlines.
+// Using "." would create ambiguity with keys containing dots.
+// ---------------------------------------------------------------------------
+/**
+ * Create a stateless HMAC-signed URL. The signature covers the HTTP method,
+ * storage key, and expiry timestamp so that:
+ *  - Expired URLs are rejected (replay prevention)
+ *  - URLs are method-bound (a GET URL can't be replayed as a PUT)
+ *  - Tampering with the key or expiry invalidates the signature
+ *
+ * @param base   Base URL string (e.g. "https://api.example.com/uploads/presign")
+ * @param key    Storage object key
+ * @param opts   Method, expiry in seconds from now, optional extra query params
+ * @param secret HMAC secret (supports key rotation via string[])
+ */
+export function createPresignedUrl(base, key, opts, secret) {
+    const exp = Math.floor(Date.now() / 1000) + opts.expiry;
+    const method = opts.method.toUpperCase();
+    const data = `${method}\n${key}\n${exp}`;
+    const sig = hmacSign(data, secret);
+    const url = new URL(base);
+    url.searchParams.set("key", key);
+    url.searchParams.set("exp", String(exp));
+    url.searchParams.set("method", method);
+    url.searchParams.set("sig", sig);
+    if (opts.extra) {
+        for (const [k, v] of Object.entries(opts.extra)) {
+            url.searchParams.set(k, v);
+        }
+    }
+    return url.toString();
+}
+/**
+ * Verify an HMAC-signed URL. Returns the key and any extra params, or null
+ * if the URL is expired, tampered, or method-mismatched.
+ */
+export function verifyPresignedUrl(url, method, secret) {
+    let parsedUrl;
+    try {
+        parsedUrl = new URL(url);
+    }
+    catch {
+        return null;
+    }
+    const key = parsedUrl.searchParams.get("key");
+    const exp = parsedUrl.searchParams.get("exp");
+    const sig = parsedUrl.searchParams.get("sig");
+    const urlMethod = parsedUrl.searchParams.get("method");
+    if (!key || !exp || !sig || !urlMethod)
+        return null;
+    // Method binding check
+    if (urlMethod !== method.toUpperCase())
+        return null;
+    // Expiry check
+    const expNum = parseInt(exp, 10);
+    if (!isFinite(expNum) || expNum < Math.floor(Date.now() / 1000))
+        return null;
+    // Signature check
+    const data = `${urlMethod}\n${key}\n${exp}`;
+    if (!hmacVerify(data, sig, secret))
+        return null;
+    // Collect extra params (all except reserved ones)
+    const reserved = new Set(["key", "exp", "sig", "method"]);
+    const extra = {};
+    for (const [k, v] of parsedUrl.searchParams.entries()) {
+        if (!reserved.has(k))
+            extra[k] = v;
+    }
+    return Object.keys(extra).length > 0 ? { key, extra } : { key };
+}

package/dist/lib/storageAdapter.d.ts

@@ -0,0 +1,30 @@
+export interface StorageAdapter {
+    put(key: string, data: Blob | Buffer | ReadableStream, meta: {
+        mimeType: string;
+        size: number;
+        bucket?: string;
+    }): Promise<{
+        url?: string;
+    }>;
+    get(key: string): Promise<{
+        stream: ReadableStream;
+        mimeType?: string;
+        size?: number;
+    } | null>;
+    delete(key: string): Promise<void>;
+    presignPut?(key: string, opts: {
+        expirySeconds: number;
+        mimeType?: string;
+        maxSize?: number;
+    }): Promise<string>;
+    presignGet?(key: string, opts: {
+        expirySeconds: number;
+    }): Promise<string>;
+}
+export interface UploadResult {
+    key: string;
+    originalName: string;
+    mimeType: string;
+    size: number;
+    url?: string;
+}

package/dist/lib/storageAdapter.js

@@ -0,0 +1 @@
+export {};

package/dist/lib/stripUnreferencedSchemas.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Post-processes an OpenAPI 3.x spec object to remove `components/schemas` entries
+ * not directly or transitively referenced by any path operation.
+ *
+ * Prevents phantom types in generated TypeScript clients (openapi-typescript, orval)
+ * when multiple versioned specs share a single OpenAPI registry.
+ *
+ * @param spec - The OpenAPI spec document (from `app.getOpenAPIDocument()`).
+ * @returns A shallow-cloned spec with unreferenced schemas removed.
+ */
+export declare function stripUnreferencedSchemas(spec: Record<string, any>): Record<string, any>;

package/dist/lib/stripUnreferencedSchemas.js

@@ -0,0 +1,79 @@
+/**
+ * Post-processes an OpenAPI 3.x spec object to remove `components/schemas` entries
+ * not directly or transitively referenced by any path operation.
+ *
+ * Prevents phantom types in generated TypeScript clients (openapi-typescript, orval)
+ * when multiple versioned specs share a single OpenAPI registry.
+ *
+ * @param spec - The OpenAPI spec document (from `app.getOpenAPIDocument()`).
+ * @returns A shallow-cloned spec with unreferenced schemas removed.
+ */
+export function stripUnreferencedSchemas(spec) {
+    const schemas = spec?.components?.schemas;
+    if (!schemas || typeof schemas !== "object")
+        return spec;
+    // Collect all $ref strings from an arbitrary JSON node
+    function collectRefs(node, refs) {
+        if (!node || typeof node !== "object")
+            return;
+        if (Array.isArray(node)) {
+            for (const item of node)
+                collectRefs(item, refs);
+            return;
+        }
+        for (const [key, val] of Object.entries(node)) {
+            if (key === "$ref" && typeof val === "string") {
+                refs.add(val);
+            }
+            else {
+                collectRefs(val, refs);
+            }
+        }
+    }
+    // Extract schema name from a $ref like "#/components/schemas/Foo"
+    function schemaNameFromRef(ref) {
+        const prefix = "#/components/schemas/";
+        return ref.startsWith(prefix) ? ref.slice(prefix.length) : null;
+    }
+    // Collect initial refs from paths (not from components to avoid circular bootstrapping)
+    const pathRefs = new Set();
+    collectRefs(spec.paths, pathRefs);
+    // BFS to transitively follow refs within referenced schemas
+    const referenced = new Set();
+    const queue = [];
+    for (const ref of pathRefs) {
+        const name = schemaNameFromRef(ref);
+        if (name && schemas[name] && !referenced.has(name)) {
+            referenced.add(name);
+            queue.push(name);
+        }
+    }
+    while (queue.length > 0) {
+        const name = queue.pop();
+        const inner = new Set();
+        collectRefs(schemas[name], inner);
+        for (const ref of inner) {
+            const refName = schemaNameFromRef(ref);
+            if (refName && schemas[refName] && !referenced.has(refName)) {
+                referenced.add(refName);
+                queue.push(refName);
+            }
+        }
+    }
+    // Build cleaned spec — shallow clone, then rebuild components/schemas with only referenced entries
+    const cleaned = { ...spec };
+    cleaned.components = { ...spec.components };
+    if (referenced.size === 0) {
+        delete cleaned.components.schemas;
+    }
+    else {
+        cleaned.components.schemas = {};
+        for (const name of referenced) {
+            cleaned.components.schemas[name] = schemas[name];
+        }
+    }
+    if (Object.keys(cleaned.components).length === 0) {
+        delete cleaned.components;
+    }
+    return cleaned;
+}

package/dist/lib/suspension.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Suspend or unsuspend a user.
+ * No-op when the adapter does not implement setSuspended.
+ */
+export declare function setSuspended(userId: string, suspended: boolean, reason?: string): Promise<void>;
+/**
+ * Get the suspension status of a user.
+ * Returns { suspended: false } when the adapter does not implement getSuspended.
+ */
+export declare function getSuspended(userId: string): Promise<{
+    suspended: boolean;
+    suspendedReason?: string;
+}>;

package/dist/lib/suspension.js

@@ -0,0 +1,23 @@
+import { getAuthAdapter } from "./authAdapter";
+/**
+ * Suspend or unsuspend a user.
+ * No-op when the adapter does not implement setSuspended.
+ */
+export async function setSuspended(userId, suspended, reason) {
+    const adapter = getAuthAdapter();
+    if (adapter.setSuspended) {
+        await adapter.setSuspended(userId, suspended, reason);
+    }
+}
+/**
+ * Get the suspension status of a user.
+ * Returns { suspended: false } when the adapter does not implement getSuspended.
+ */
+export async function getSuspended(userId) {
+    const adapter = getAuthAdapter();
+    if (adapter.getSuspended) {
+        const result = await adapter.getSuspended(userId);
+        return result ?? { suspended: false };
+    }
+    return { suspended: false };
+}

package/dist/lib/tenant.js

@@ -28,7 +28,7 @@ export const createTenant = async (tenantId, options) => {
     }
     if (existing && existing.deletedAt) {
         // Reactivate soft-deleted tenant
-        await Tenant.findOneAndUpdate({ tenantId }, { deletedAt: null, displayName: options?.displayName, config: options?.config });
+        await Tenant.findOneAndUpdate({ tenantId }, { $set: { deletedAt: null, displayName: options?.displayName, config: options?.config } });
         return;
     }
     await Tenant.create({
@@ -40,7 +40,7 @@ export const createTenant = async (tenantId, options) => {
 export const deleteTenant = async (tenantId) => {
     const { invalidateTenantCache } = await import("../middleware/tenant");
     // Soft-delete
-    await Tenant.findOneAndUpdate({ tenantId }, { deletedAt: new Date() });
+    await Tenant.findOneAndUpdate({ tenantId }, { $set: { deletedAt: new Date() } });
     invalidateTenantCache(tenantId);
 };
 export const getTenant = async (tenantId) => {

package/dist/lib/upload.d.ts

@@ -0,0 +1,39 @@
+import type { Context } from "hono";
+import type { AppEnv } from "./context";
+import type { StorageAdapter, UploadResult } from "./storageAdapter";
+export interface UploadOpts {
+    field?: string | string[];
+    maxFileSize?: number;
+    maxFiles?: number;
+    allowedMimeTypes?: string[];
+    keyPrefix?: string;
+    generateKey?: (file: File, ctx: {
+        userId?: string;
+        tenantId?: string;
+    }) => string;
+    tenantScopedKeys?: boolean;
+}
+export declare const setStorageAdapter: (adapter: StorageAdapter) => void;
+export declare const getStorageAdapter: () => StorageAdapter | null;
+export declare const setUploadConfig: (config: UploadOpts) => void;
+export declare const getUploadConfig: () => UploadOpts;
+export declare const generateUploadKey: (file: File, ctx: {
+    userId?: string;
+    tenantId?: string;
+}, opts?: UploadOpts) => string;
+export declare const generateUploadKeyFromFilename: (filename: string | undefined, ctx: {
+    userId?: string;
+    tenantId?: string;
+}, opts?: UploadOpts) => string;
+export declare const validateFile: (file: File, opts: {
+    maxFileSize?: number;
+    allowedMimeTypes?: string[];
+}) => string | null;
+export declare const processUpload: (file: File, opts: UploadOpts & {
+    ctx?: {
+        userId?: string;
+        tenantId?: string;
+    };
+    bucket?: string;
+}) => Promise<UploadResult>;
+export declare const parseUpload: (c: Context<AppEnv>, opts?: UploadOpts) => Promise<UploadResult[]>;