@lastshotlabs/bunshot 0.0.25 → 0.0.28

package/dist/{lib → packages/bunshot-core/src}/createRoute.js

@@ -1,71 +1,26 @@
-import { createRoute as _createRoute } from "@hono/zod-openapi";
-import { getRefId, zodToOpenAPIRegistry } from "@asteasolutions/zod-to-openapi";
-// ---------------------------------------------------------------------------
-// Version prefix state — set once per version batch before importing route files
-// ---------------------------------------------------------------------------
-let _versionPrefix = "";
-let _versionToken = null;
-/** Tokens captured by createRoute() calls since the last drainCapturedTokens() call. */
-const _capturedTokens = [];
-/**
- * Sets the active version prefix for schema name generation and creates a unique
- * Symbol token for interleaving detection. Call before importing a version's route files.
- */
-export function setVersionPrefix(version) {
-    _versionPrefix = version.charAt(0).toUpperCase() + version.slice(1);
-    _versionToken = Symbol(version);
-}
-/**
- * Clears the active version prefix and token. Call after each version's route files
- * have been fully imported.
- */
-export function clearVersionPrefix() {
-    _versionPrefix = "";
-    _versionToken = null;
-}
-/** Returns the current version token for assertion after import. */
-export function getVersionToken() {
-    return _versionToken;
-}
-/**
- * Drains and returns all tokens captured by createRoute() calls since the last drain.
- * Used by versioned route discovery to detect interleaving.
- */
-export function drainCapturedTokens() {
-    return _capturedTokens.splice(0);
-}
-/**
- * Asserts that all tokens in the array match the expected token.
- * Throws a clear startup error if any mismatch is detected.
- */
-export function assertCapturedTokens(tokens, expectedToken) {
-    for (const tok of tokens) {
-        if (tok !== expectedToken) {
-            throw new Error("Route file imported with wrong version prefix — avoid unbounded top-level await in versioned route files");
-        }
-    }
-}
+import { getRefId, zodToOpenAPIRegistry } from '@asteasolutions/zod-to-openapi';
+import { createRoute as _createRoute } from '@hono/zod-openapi';
 const STATUS_SUFFIX = {
-    "200": "Response",
-    "201": "Response",
-    "204": "Response",
-    "400": "BadRequestError",
-    "401": "UnauthorizedError",
-    "403": "ForbiddenError",
-    "404": "NotFoundError",
-    "409": "ConflictError",
-    "422": "ValidationError",
-    "429": "RateLimitError",
-    "500": "InternalError",
-    "501": "NotImplementedError",
-    "503": "UnavailableError",
+    '200': 'Response',
+    '201': 'Response',
+    '204': 'Response',
+    '400': 'BadRequestError',
+    '401': 'UnauthorizedError',
+    '403': 'ForbiddenError',
+    '404': 'NotFoundError',
+    '409': 'ConflictError',
+    '422': 'ValidationError',
+    '429': 'RateLimitError',
+    '500': 'InternalError',
+    '501': 'NotImplementedError',
+    '503': 'UnavailableError',
 };
 const METHOD_VERB = {
-    get: "Get",
-    post: "Create",
-    put: "Replace",
-    patch: "Update",
-    delete: "Delete",
+    get: 'Get',
+    post: 'Create',
+    put: 'Replace',
+    patch: 'Update',
+    delete: 'Delete',
 };
 /**
  * Converts a route method + path into a PascalCase base name for auto-generated schema names.
@@ -75,22 +30,25 @@ const METHOD_VERB = {
  *   DELETE /auth/sessions/{sessionId} → DeleteAuthSessionsBySessionId
  */
 function toBaseName(method, path) {
-    const m = METHOD_VERB[method.toLowerCase()] ?? (method.charAt(0).toUpperCase() + method.slice(1).toLowerCase());
+    const m = METHOD_VERB[method.toLowerCase()] ??
+        method.charAt(0).toUpperCase() + method.slice(1).toLowerCase();
     const segments = path
-        .split("/")
+        .split('/')
         .filter(Boolean)
-        .map((seg) => {
-        if (seg.startsWith("{") && seg.endsWith("}")) {
+        .map(seg => {
+        if (seg.startsWith('{') && seg.endsWith('}')) {
             const param = seg.slice(1, -1);
-            return "By" + param.charAt(0).toUpperCase() + param.slice(1);
+            return 'By' + param.charAt(0).toUpperCase() + param.slice(1);
         }
         // kebab-case and plain segments → PascalCase
-        return seg.replace(/-([a-z])/g, (_, c) => c.toUpperCase()).replace(/^[a-z]/, (c) => c.toUpperCase());
+        return seg
+            .replace(/-([a-z])/g, (_, c) => c.toUpperCase())
+            .replace(/^[a-z]/, c => c.toUpperCase());
     });
-    return m + segments.join("");
+    return m + segments.join('');
 }
 function maybeRegister(schema, name) {
-    if (!schema || typeof schema !== "object" || !("_def" in schema))
+    if (!schema || typeof schema !== 'object' || !('_def' in schema))
         return;
     if (getRefId(schema))
         return; // already named via .openapi()
@@ -143,13 +101,11 @@ export const registerSchemas = (schemas) => {
  * Skips non-Zod values and already-registered schemas.
  */
 export function maybeAutoRegister(exportName, value) {
-    if (!value || typeof value !== "object" || !("_def" in value))
+    if (!value || typeof value !== 'object' || !('_def' in value))
         return;
     if (getRefId(value))
         return;
-    const name = exportName.endsWith("Schema")
-        ? exportName.slice(0, -"Schema".length)
-        : exportName;
+    const name = exportName.endsWith('Schema') ? exportName.slice(0, -'Schema'.length) : exportName;
     zodToOpenAPIRegistry.add(value, { _internal: { refId: name } });
 }
 /**
@@ -173,25 +129,20 @@ export const withSecurity = (route, ...schemes) => Object.assign(route, { securi
  * OpenAPI components so they appear in `components/schemas` instead of being
  * inlined at every use site. Generated names follow the convention:
  *
- *   {Version}{Method}{PathSegments}Request — request body (when versioning is active)
- *   {Version}{Method}{PathSegments}{Status} — response body (when versioning is active)
+ *   {Method}{PathSegments}Request
+ *   {Method}{PathSegments}{Status}
  *
  * Schemas already named via `.openapi("Name")` are never overwritten.
- *
- * When `setVersionPrefix` has been called, the version prefix is prepended to all
- * generated schema names and the current version token is captured for interleaving
- * detection via `drainCapturedTokens()` / `assertCapturedTokens()`.
  */
 export const createRoute = (config) => {
-    const base = (_versionPrefix ? `${_versionPrefix}` : "") + toBaseName(config.method, config.path);
-    // Capture the current version token for interleaving detection
-    _capturedTokens.push(_versionToken);
+    const base = toBaseName(config.method, config.path);
     // Auto-name the JSON request body schema if present and unnamed
-    const bodySchema = config.request?.body?.content?.["application/json"]?.schema;
+    const body = config.request?.body;
+    const bodySchema = body?.content?.['application/json']?.schema;
     maybeRegister(bodySchema, `${base}Request`);
     // Auto-name each JSON response schema if present and unnamed
     for (const [status, response] of Object.entries(config.responses ?? {})) {
-        const resSchema = response?.content?.["application/json"]?.schema;
+        const resSchema = response?.content?.['application/json']?.schema;
         maybeRegister(resSchema, `${base}${STATUS_SUFFIX[status] ?? status}`);
     }
     return _createRoute(config);

package/dist/packages/bunshot-core/src/cronRegistry.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Cron scheduler registry — persists the set of BullMQ scheduler names
+ * registered by the current deployment so the next deployment can identify
+ * and remove stale schedulers.
+ */
+export interface ICronRegistryRepository {
+    /** Returns the scheduler names saved by the previous deployment. */
+    getAll(): Promise<ReadonlySet<string>>;
+    /** Replaces the stored set with the names from the current deployment. */
+    save(names: ReadonlySet<string>): Promise<void>;
+}

package/dist/packages/bunshot-core/src/cronRegistry.js

@@ -0,0 +1 @@
+export {};

package/dist/packages/bunshot-core/src/crypto.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Constant-time string comparison to prevent timing attacks.
+ * Returns true if both strings are equal, false otherwise.
+ * Always compares the full length even on mismatch.
+ */
+export declare function timingSafeEqual(a: string, b: string): boolean;
+/**
+ * SHA-256 hash a string and return the hex digest.
+ * Centralized to avoid duplicate implementations across modules.
+ */
+export declare function sha256(input: string): string;
+/**
+ * Named alias for sha256 -- use when hashing tokens for storage.
+ * The plaintext token is what gets sent to the client;
+ * the hash is what gets stored.
+ */
+export declare function hashToken(token: string): string;
+/**
+ * A data encryption key entry.
+ * keyId: short identifier used in the ciphertext envelope (e.g. "v1")
+ * key: 32-byte AES-256 key
+ */
+export interface DataEncryptionKey {
+    keyId: string;
+    key: Buffer;
+}
+/**
+ * Encrypt a plaintext value with AES-256-GCM.
+ * keyConfig: first entry is the active key, rest are for decryption-only rotation.
+ * Returns: "keyId.base64url(iv).base64url(ciphertext).base64url(tag)"
+ */
+export declare function encryptField(plaintext: string, keyConfig: DataEncryptionKey[]): Promise<string>;
+/**
+ * Decrypt a value encrypted by encryptField.
+ * keyConfig: all available keys (current + rotated).
+ * Returns: plaintext string, or throws if no matching key found.
+ */
+export declare function decryptField(ciphertext: string, keyConfig: DataEncryptionKey[]): Promise<string>;
+/**
+ * Detect whether a stored value looks like an encrypted ciphertext produced by encryptField.
+ * Format: "keyId.base64url(iv).base64url(ct).base64url(tag)" -- exactly 4 dot-separated parts.
+ */
+export declare function isEncryptedField(value: string): boolean;

package/dist/packages/bunshot-core/src/crypto.js

@@ -0,0 +1,74 @@
+import { createCipheriv, createDecipheriv, createHash, timingSafeEqual as nodeTimingSafeEqual, randomBytes, } from 'crypto';
+/**
+ * Constant-time string comparison to prevent timing attacks.
+ * Returns true if both strings are equal, false otherwise.
+ * Always compares the full length even on mismatch.
+ */
+export function timingSafeEqual(a, b) {
+    if (a.length !== b.length) {
+        // Compare against self to burn the same time, then return false
+        const buf = Buffer.from(a, 'utf-8');
+        nodeTimingSafeEqual(buf, buf);
+        return false;
+    }
+    return nodeTimingSafeEqual(Buffer.from(a, 'utf-8'), Buffer.from(b, 'utf-8'));
+}
+/**
+ * SHA-256 hash a string and return the hex digest.
+ * Centralized to avoid duplicate implementations across modules.
+ */
+export function sha256(input) {
+    return createHash('sha256').update(input).digest('hex');
+}
+/**
+ * Named alias for sha256 -- use when hashing tokens for storage.
+ * The plaintext token is what gets sent to the client;
+ * the hash is what gets stored.
+ */
+export function hashToken(token) {
+    return sha256(token);
+}
+/**
+ * Encrypt a plaintext value with AES-256-GCM.
+ * keyConfig: first entry is the active key, rest are for decryption-only rotation.
+ * Returns: "keyId.base64url(iv).base64url(ciphertext).base64url(tag)"
+ */
+export async function encryptField(plaintext, keyConfig) {
+    if (keyConfig.length === 0)
+        throw new Error('encryptField: no encryption keys configured');
+    const { keyId, key } = keyConfig[0];
+    const iv = randomBytes(12); // 96-bit IV for AES-GCM
+    const cipher = createCipheriv('aes-256-gcm', key, iv);
+    const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    const encode = (buf) => buf.toString('base64url');
+    return `${keyId}.${encode(iv)}.${encode(encrypted)}.${encode(tag)}`;
+}
+/**
+ * Decrypt a value encrypted by encryptField.
+ * keyConfig: all available keys (current + rotated).
+ * Returns: plaintext string, or throws if no matching key found.
+ */
+export async function decryptField(ciphertext, keyConfig) {
+    const parts = ciphertext.split('.');
+    if (parts.length !== 4)
+        throw new Error('decryptField: invalid ciphertext format');
+    const [keyId, ivB64, ctB64, tagB64] = parts;
+    const keyEntry = keyConfig.find(k => k.keyId === keyId);
+    if (!keyEntry)
+        throw new Error(`decryptField: no key found for keyId "${keyId}"`);
+    const iv = Buffer.from(ivB64, 'base64url');
+    const ct = Buffer.from(ctB64, 'base64url');
+    const tag = Buffer.from(tagB64, 'base64url');
+    const decipher = createDecipheriv('aes-256-gcm', keyEntry.key, iv);
+    decipher.setAuthTag(tag);
+    const decrypted = Buffer.concat([decipher.update(ct), decipher.final()]);
+    return decrypted.toString('utf8');
+}
+/**
+ * Detect whether a stored value looks like an encrypted ciphertext produced by encryptField.
+ * Format: "keyId.base64url(iv).base64url(ct).base64url(tag)" -- exactly 4 dot-separated parts.
+ */
+export function isEncryptedField(value) {
+    return value.split('.').length === 4;
+}

package/dist/packages/bunshot-core/src/csrf.d.ts

@@ -0,0 +1,8 @@
+export interface CsrfConfig {
+    /** Enable CSRF protection for cookie-authenticated state-changing requests. */
+    enabled: boolean;
+    /** Paths exempt from CSRF checks (in addition to built-in OAuth callback exemptions). Uses prefix matching when path ends with "*". */
+    exemptPaths?: string[];
+    /** Also validate Origin header against CORS origins. Default: true. */
+    checkOrigin?: boolean;
+}

package/dist/packages/bunshot-core/src/csrf.js

@@ -0,0 +1 @@
+export {};

package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.d.ts

@@ -0,0 +1,7 @@
+import type { FingerprintBuilder } from '../rateLimit';
+/**
+ * Creates a default fingerprint builder that hashes User-Agent,
+ * Accept-Language, and Accept-Encoding headers.
+ * Used when no auth plugin provides a richer implementation.
+ */
+export declare function createDefaultFingerprintBuilder(): FingerprintBuilder;

package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.js

@@ -0,0 +1,19 @@
+const encoder = new TextEncoder();
+/**
+ * Creates a default fingerprint builder that hashes User-Agent,
+ * Accept-Language, and Accept-Encoding headers.
+ * Used when no auth plugin provides a richer implementation.
+ */
+export function createDefaultFingerprintBuilder() {
+    return {
+        async buildFingerprint(req) {
+            const h = (name) => req.headers.get(name) ?? '';
+            const raw = [h('user-agent'), h('accept-language'), h('accept-encoding')].join('|');
+            const buf = await crypto.subtle.digest('SHA-256', encoder.encode(raw));
+            const bytes = new Uint8Array(buf).slice(0, 6);
+            return Array.from(bytes)
+                .map(b => b.toString(16).padStart(2, '0'))
+                .join('');
+        },
+    };
+}

package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.d.ts

@@ -0,0 +1,6 @@
+import type { CacheAdapter } from '../cache';
+/**
+ * Creates an in-memory cache adapter with TTL support.
+ * Works for single-process deployments.
+ */
+export declare function createMemoryCacheAdapter(): CacheAdapter;

package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.js

@@ -0,0 +1,40 @@
+import { DEFAULT_MAX_ENTRIES, evictExpired, evictOldest } from '../memoryEviction';
+/**
+ * Creates an in-memory cache adapter with TTL support.
+ * Works for single-process deployments.
+ */
+export function createMemoryCacheAdapter() {
+    const store = new Map();
+    return {
+        name: 'memory',
+        async get(key) {
+            const entry = store.get(key);
+            if (!entry)
+                return null;
+            if (entry.expiresAt !== undefined && entry.expiresAt <= Date.now()) {
+                store.delete(key);
+                return null;
+            }
+            return entry.value;
+        },
+        async set(key, value, ttl) {
+            const expiresAt = ttl ? Date.now() + ttl * 1000 : undefined;
+            evictExpired(store);
+            evictOldest(store, DEFAULT_MAX_ENTRIES);
+            store.set(key, { value, expiresAt });
+        },
+        async del(key) {
+            store.delete(key);
+        },
+        async delPattern(pattern) {
+            const regex = new RegExp('^' + pattern.replace(/[.+^${}()|[\]\\]/g, '\\$&').replace(/\*/g, '.*') + '$');
+            for (const key of store.keys()) {
+                if (regex.test(key))
+                    store.delete(key);
+            }
+        },
+        isReady() {
+            return true;
+        },
+    };
+}

package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.d.ts

@@ -0,0 +1,6 @@
+import type { RateLimitAdapter } from '../rateLimit';
+/**
+ * Creates an in-memory rate limit adapter.
+ * Works for single-process deployments. Not distributed.
+ */
+export declare function createMemoryRateLimitAdapter(): RateLimitAdapter;

package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.js

@@ -0,0 +1,24 @@
+// ---------------------------------------------------------------------------
+// In-memory RateLimitAdapter — default when no auth plugin is registered.
+// ---------------------------------------------------------------------------
+import { DEFAULT_MAX_ENTRIES, evictOldest } from '../memoryEviction';
+/**
+ * Creates an in-memory rate limit adapter.
+ * Works for single-process deployments. Not distributed.
+ */
+export function createMemoryRateLimitAdapter() {
+    const store = new Map();
+    return {
+        async trackAttempt(key, opts) {
+            const now = Date.now();
+            const existing = store.get(key);
+            if (!existing || existing.resetAt <= now) {
+                evictOldest(store, DEFAULT_MAX_ENTRIES);
+                store.set(key, { count: 1, resetAt: now + opts.windowMs });
+                return 1 >= opts.max;
+            }
+            existing.count += 1;
+            return existing.count >= opts.max;
+        },
+    };
+}

package/dist/packages/bunshot-core/src/emailTemplates.d.ts

@@ -0,0 +1,5 @@
+import { type ContextCarrier } from './context/contextAccess';
+import type { EmailTemplate } from './coreContracts';
+export type { EmailTemplate };
+export declare function getEmailTemplates(input: ContextCarrier): Record<string, EmailTemplate>;
+export declare function getEmailTemplate(input: ContextCarrier, key: string): EmailTemplate | null;

package/dist/packages/bunshot-core/src/emailTemplates.js

@@ -0,0 +1,10 @@
+import { resolveContext } from './context/contextAccess';
+// ---------------------------------------------------------------------------
+// EmailTemplateRegistry -- cross-plugin email template registration.
+// ---------------------------------------------------------------------------
+export function getEmailTemplates(input) {
+    return Object.fromEntries(resolveContext(input).emailTemplates);
+}
+export function getEmailTemplate(input, key) {
+    return resolveContext(input).emailTemplates.get(key) ?? null;
+}

package/dist/packages/bunshot-core/src/errors.d.ts

@@ -0,0 +1,13 @@
+import type { ZodIssue } from 'zod';
+export declare class HttpError extends Error {
+    status: number;
+    code?: string | undefined;
+    constructor(status: number, message: string, code?: string | undefined);
+}
+export declare class ValidationError extends HttpError {
+    readonly issues: ZodIssue[];
+    constructor(issues: ZodIssue[]);
+}
+export declare class UnsupportedAdapterFeatureError extends Error {
+    constructor(feature: string, adapter: string);
+}

package/dist/packages/bunshot-core/src/errors.js

@@ -0,0 +1,22 @@
+export class HttpError extends Error {
+    status;
+    code;
+    constructor(status, message, code) {
+        super(message);
+        this.status = status;
+        this.code = code;
+    }
+}
+export class ValidationError extends HttpError {
+    issues;
+    constructor(issues) {
+        super(400, 'Validation failed');
+        this.issues = issues;
+    }
+}
+export class UnsupportedAdapterFeatureError extends Error {
+    constructor(feature, adapter) {
+        super(`${feature} is not supported by the ${adapter} adapter`);
+        this.name = 'UnsupportedAdapterFeatureError';
+    }
+}