@lastshotlabs/bunshot 0.0.25 → 0.0.28

package/dist/lib/oauthCode.js

@@ -1,90 +0,0 @@
-import { getRedis } from "./redis";
-import { appConnection, mongoose } from "./mongo";
-import { getAppName } from "./appConfig";
-import { sha256 } from "./crypto";
-import { memoryStoreOAuthCode, memoryConsumeOAuthCode, } from "../adapters/memoryAuth";
-import { sqliteStoreOAuthCode, sqliteConsumeOAuthCode, } from "../adapters/sqliteAuth";
-function getOAuthCodeModel() {
-    if (appConnection.models["OAuthCode"])
-        return appConnection.models["OAuthCode"];
-    const { Schema } = mongoose;
-    const schema = new Schema({
-        codeHash: { type: String, required: true, unique: true },
-        token: { type: String, required: true },
-        userId: { type: String, required: true },
-        email: { type: String },
-        refreshToken: { type: String },
-        expiresAt: { type: Date, required: true, index: { expireAfterSeconds: 0 } },
-    }, { collection: "oauth_codes" });
-    return appConnection.model("OAuthCode", schema);
-}
-let _store = "redis";
-export const setOAuthCodeStore = (store) => { _store = store; };
-const CODE_TTL = 60; // 60 seconds
-// ---------------------------------------------------------------------------
-// Public API
-// ---------------------------------------------------------------------------
-/** Store a one-time authorization code. Returns the raw code (for the redirect URL).
- *  Only the SHA-256 hash is persisted. */
-export const storeOAuthCode = async (payload) => {
-    const code = crypto.randomUUID();
-    const hash = sha256(code);
-    if (_store === "memory") {
-        memoryStoreOAuthCode(hash, payload, CODE_TTL);
-        return code;
-    }
-    if (_store === "sqlite") {
-        sqliteStoreOAuthCode(hash, payload, CODE_TTL);
-        return code;
-    }
-    if (_store === "mongo") {
-        await getOAuthCodeModel().create({
-            codeHash: hash,
-            ...payload,
-            expiresAt: new Date(Date.now() + CODE_TTL * 1000),
-        });
-        return code;
-    }
-    // Redis
-    await getRedis().set(`oauthcode:${getAppName()}:${hash}`, JSON.stringify(payload), "EX", CODE_TTL);
-    return code;
-};
-/** Atomically consume an authorization code — returns its payload and deletes it.
- *  Returns null if invalid, expired, or already used. */
-export const consumeOAuthCode = async (code) => {
-    const hash = sha256(code);
-    if (_store === "memory")
-        return memoryConsumeOAuthCode(hash);
-    if (_store === "sqlite")
-        return sqliteConsumeOAuthCode(hash);
-    if (_store === "mongo") {
-        const doc = await getOAuthCodeModel()
-            .findOneAndDelete({ codeHash: hash, expiresAt: { $gt: new Date() } })
-            .lean();
-        if (!doc)
-            return null;
-        return { token: doc.token, userId: doc.userId, email: doc.email, refreshToken: doc.refreshToken };
-    }
-    // Redis
-    const key = `oauthcode:${getAppName()}:${hash}`;
-    const redis = getRedis();
-    let raw = null;
-    if (typeof redis.getdel === "function") {
-        try {
-            raw = await redis.getdel(key);
-        }
-        catch {
-            raw = await redis.get(key);
-            if (raw)
-                await redis.del(key);
-        }
-    }
-    else {
-        raw = await redis.get(key);
-        if (raw)
-            await redis.del(key);
-    }
-    if (!raw)
-        return null;
-    return JSON.parse(raw);
-};

package/dist/lib/pagination.d.ts

@@ -1,119 +0,0 @@
-import { z } from "zod";
-import type { ZodType } from "zod";
-export type { PaginationOpts, PaginatedResult } from "./groups";
-export interface OffsetParamDefaults {
-    /** Default: 50 */
-    limit?: number;
-    /** Default: 200 */
-    maxLimit?: number;
-    /** Default: 0 */
-    offset?: number;
-}
-export interface ParsedOffsetParams {
-    limit: number;
-    offset: number;
-}
-/**
- * Zod schema for offset pagination query params.
- * Fields are `z.string().optional()` — matches the existing query param
- * convention. Parse the values with `parseOffsetParams`.
- *
- * @example
- * createRoute({ ..., request: { query: offsetParams({ limit: 20 }) }, ... })
- */
-export declare function offsetParams(defaults?: OffsetParamDefaults): z.ZodObject<{
-    limit: z.ZodOptional<z.ZodString>;
-    offset: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
-/**
- * Parses raw string query values into clamped integers.
- * - NaN (non-numeric strings) falls back to defaults
- * - limit clamped to [1, maxLimit]
- * - offset clamped to [0, ∞)
- *
- * @example
- * const { limit, offset } = parseOffsetParams(c.req.query(), { maxLimit: 100 });
- */
-export declare function parseOffsetParams(raw: {
-    limit?: string;
-    offset?: string;
-}, defaults?: OffsetParamDefaults): ParsedOffsetParams;
-/**
- * Zod schema factory for paginated offset responses.
- * Wraps `itemSchema` in `{ items, total, limit, offset }` and registers
- * the result as a named OpenAPI component.
- *
- * Throws if `name` was previously registered to a different schema instance.
- * Calling with the same `name` + `schema` pair is idempotent.
- *
- * @example
- * const PaginatedUsersResponse = paginatedResponse(UserSchema, "PaginatedUsers");
- */
-export declare function paginatedResponse<T extends ZodType>(itemSchema: T, name: string): z.ZodObject<{
-    items: z.ZodArray<T>;
-    total: z.ZodNumber;
-    limit: z.ZodNumber;
-    offset: z.ZodNumber;
-}, z.core.$strip>;
-export interface CursorParamDefaults {
-    /** Default: 50 */
-    limit?: number;
-    /** Default: 200 */
-    maxLimit?: number;
-}
-export interface ParsedCursorParams {
-    limit: number;
-    cursor: string | undefined;
-}
-export interface CursorResult<T> {
-    items: T[];
-    nextCursor: string | null;
-    hasMore: boolean;
-}
-/**
- * Zod schema for cursor pagination query params.
- * Fields are `z.string().optional()`. Parse the values with `parseCursorParams`.
- *
- * @example
- * createRoute({ ..., request: { query: cursorParams() }, ... })
- */
-export declare function cursorParams(defaults?: CursorParamDefaults): z.ZodObject<{
-    limit: z.ZodOptional<z.ZodString>;
-    cursor: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
-/**
- * Parses raw string query values into typed cursor params.
- * - limit: NaN falls back to default, clamped to [1, maxLimit]
- * - cursor: empty string normalized to `undefined`; non-empty is pass-through
- * - When `signing.cursors: true`, verifies the cursor HMAC — invalid cursor returns null
- *
- * @example
- * const { limit, cursor } = parseCursorParams(c.req.query());
- */
-export declare function parseCursorParams(raw: {
-    limit?: string;
-    cursor?: string;
-}, defaults?: CursorParamDefaults): ParsedCursorParams & {
-    invalidCursor?: true;
-};
-/**
- * Sign a cursor value if `signing.cursors: true`. Otherwise returns the
- * cursor unchanged (current behavior).
- */
-export declare function maybeSignCursor(cursor: string | null): string | null;
-/**
- * Zod schema factory for cursor-paginated responses.
- * Wraps `itemSchema` in `{ items, nextCursor, hasMore }` and registers
- * the result as a named OpenAPI component.
- *
- * Throws if `name` was previously registered to a different schema instance.
- * Calling with the same `name` + `schema` pair is idempotent.
- *
- * @example
- * const PostsPage = cursorResponse(PostSchema, "PostsPage");
- */
-export declare function cursorResponse<T extends ZodType>(itemSchema: T, name: string): z.ZodObject<{
-    items: z.ZodArray<T>;
-    nextCursor: z.ZodNullable<z.ZodString>;
-    hasMore: z.ZodBoolean;
-}, z.core.$strip>;

package/dist/lib/pagination.js

@@ -1,166 +0,0 @@
-import { z } from "zod";
-import { registerSchema } from "./createRoute";
-import { getSigningConfig, getSigningSecret } from "./appConfig";
-import { signCursor, verifyCursor } from "./signing";
-const _registered = new Map();
-function guardedRegister(name, itemSchema, buildWrapper) {
-    const existing = _registered.get(name);
-    if (existing !== undefined) {
-        if (existing.itemSchema !== itemSchema) {
-            throw new Error(`Pagination schema name "${name}" is already registered to a different schema`);
-        }
-        // Same item schema → idempotent, return the cached wrapper
-        return existing.wrapper;
-    }
-    const wrapper = buildWrapper();
-    _registered.set(name, { itemSchema, wrapper });
-    registerSchema(name, wrapper);
-    return wrapper;
-}
-/**
- * Zod schema for offset pagination query params.
- * Fields are `z.string().optional()` — matches the existing query param
- * convention. Parse the values with `parseOffsetParams`.
- *
- * @example
- * createRoute({ ..., request: { query: offsetParams({ limit: 20 }) }, ... })
- */
-export function offsetParams(defaults) {
-    const defaultLimit = defaults?.limit ?? 50;
-    const defaultOffset = defaults?.offset ?? 0;
-    const maxLimit = defaults?.maxLimit ?? 200;
-    return z.object({
-        limit: z
-            .string()
-            .optional()
-            .describe(`Number of items to return (1–${maxLimit}, default ${defaultLimit})`),
-        offset: z
-            .string()
-            .optional()
-            .describe(`Number of items to skip (default ${defaultOffset})`),
-    });
-}
-/**
- * Parses raw string query values into clamped integers.
- * - NaN (non-numeric strings) falls back to defaults
- * - limit clamped to [1, maxLimit]
- * - offset clamped to [0, ∞)
- *
- * @example
- * const { limit, offset } = parseOffsetParams(c.req.query(), { maxLimit: 100 });
- */
-export function parseOffsetParams(raw, defaults) {
-    const defaultLimit = defaults?.limit ?? 50;
-    const maxLimit = defaults?.maxLimit ?? 200;
-    const defaultOffset = defaults?.offset ?? 0;
-    const rawLimit = parseInt(raw.limit ?? "", 10);
-    const rawOffset = parseInt(raw.offset ?? "", 10);
-    const limit = isNaN(rawLimit)
-        ? defaultLimit
-        : Math.min(Math.max(rawLimit, 1), maxLimit);
-    const offset = isNaN(rawOffset) ? defaultOffset : Math.max(rawOffset, 0);
-    return { limit, offset };
-}
-/**
- * Zod schema factory for paginated offset responses.
- * Wraps `itemSchema` in `{ items, total, limit, offset }` and registers
- * the result as a named OpenAPI component.
- *
- * Throws if `name` was previously registered to a different schema instance.
- * Calling with the same `name` + `schema` pair is idempotent.
- *
- * @example
- * const PaginatedUsersResponse = paginatedResponse(UserSchema, "PaginatedUsers");
- */
-export function paginatedResponse(itemSchema, name) {
-    return guardedRegister(name, itemSchema, () => z.object({
-        items: z.array(itemSchema),
-        total: z.number().int().nonnegative(),
-        limit: z.number().int().positive(),
-        offset: z.number().int().nonnegative(),
-    }));
-}
-/**
- * Zod schema for cursor pagination query params.
- * Fields are `z.string().optional()`. Parse the values with `parseCursorParams`.
- *
- * @example
- * createRoute({ ..., request: { query: cursorParams() }, ... })
- */
-export function cursorParams(defaults) {
-    const defaultLimit = defaults?.limit ?? 50;
-    const maxLimit = defaults?.maxLimit ?? 200;
-    return z.object({
-        limit: z
-            .string()
-            .optional()
-            .describe(`Number of items to return (1–${maxLimit}, default ${defaultLimit})`),
-        cursor: z
-            .string()
-            .optional()
-            .describe("Opaque cursor from a previous response's nextCursor field"),
-    });
-}
-/**
- * Parses raw string query values into typed cursor params.
- * - limit: NaN falls back to default, clamped to [1, maxLimit]
- * - cursor: empty string normalized to `undefined`; non-empty is pass-through
- * - When `signing.cursors: true`, verifies the cursor HMAC — invalid cursor returns null
- *
- * @example
- * const { limit, cursor } = parseCursorParams(c.req.query());
- */
-export function parseCursorParams(raw, defaults) {
-    const defaultLimit = defaults?.limit ?? 50;
-    const maxLimit = defaults?.maxLimit ?? 200;
-    const rawLimit = parseInt(raw.limit ?? "", 10);
-    const limit = isNaN(rawLimit)
-        ? defaultLimit
-        : Math.min(Math.max(rawLimit, 1), maxLimit);
-    if (!raw.cursor)
-        return { limit, cursor: undefined };
-    const cfg = getSigningConfig();
-    if (cfg?.cursors) {
-        const secret = getSigningSecret();
-        if (secret) {
-            const verified = verifyCursor(raw.cursor, secret);
-            if (verified === null)
-                return { limit, cursor: undefined, invalidCursor: true };
-            return { limit, cursor: verified };
-        }
-    }
-    return { limit, cursor: raw.cursor };
-}
-/**
- * Sign a cursor value if `signing.cursors: true`. Otherwise returns the
- * cursor unchanged (current behavior).
- */
-export function maybeSignCursor(cursor) {
-    if (!cursor)
-        return cursor;
-    const cfg = getSigningConfig();
-    if (cfg?.cursors) {
-        const secret = getSigningSecret();
-        if (secret)
-            return signCursor(cursor, secret);
-    }
-    return cursor;
-}
-/**
- * Zod schema factory for cursor-paginated responses.
- * Wraps `itemSchema` in `{ items, nextCursor, hasMore }` and registers
- * the result as a named OpenAPI component.
- *
- * Throws if `name` was previously registered to a different schema instance.
- * Calling with the same `name` + `schema` pair is idempotent.
- *
- * @example
- * const PostsPage = cursorResponse(PostSchema, "PostsPage");
- */
-export function cursorResponse(itemSchema, name) {
-    return guardedRegister(name, itemSchema, () => z.object({
-        items: z.array(itemSchema),
-        nextCursor: z.string().nullable(),
-        hasMore: z.boolean(),
-    }));
-}

package/dist/lib/queue.d.ts

@@ -1,37 +0,0 @@
-import type { Queue as QueueType, Worker as WorkerType, Processor, QueueOptions, WorkerOptions, Job } from "bullmq";
-export declare const createQueue: <T = unknown, R = unknown>(name: string, options?: Omit<QueueOptions, "connection">) => QueueType<T, R>;
-export declare const createWorker: <T = unknown, R = unknown>(name: string, processor: Processor<T, R>, options?: Omit<WorkerOptions, "connection">) => WorkerType<T, R>;
-export declare const getRegisteredCronNames: () => ReadonlySet<string>;
-export interface CronSchedule {
-    /** Cron expression. Mutually exclusive with `every`. */
-    cron?: string;
-    /** Interval in milliseconds. Mutually exclusive with `cron`. */
-    every?: number;
-    /** Timezone for cron expressions. */
-    timezone?: string;
-}
-export declare const createCronWorker: <T = void, R = unknown>(name: string, processor: Processor<T, R>, schedule: CronSchedule, options?: Omit<WorkerOptions, "connection">) => {
-    worker: WorkerType<T, R>;
-    queue: QueueType<T, R>;
-};
-/**
- * Remove job schedulers that are no longer registered.
- * Called automatically after worker discovery in createServer.
- * Can also be called manually for workers managed outside workersDir.
- */
-export declare const cleanupStaleSchedulers: (activeNames: string[]) => Promise<void>;
-export interface DLQOptions<T = unknown> {
-    /** Max jobs to keep in the DLQ. Default: 1000. */
-    maxSize?: number;
-    /** Called when a job is moved to the DLQ. */
-    onDeadLetter?: (job: Job<T>, error: Error) => Promise<void>;
-    /** Auto-retry delay in ms. No auto-retry by default. */
-    retryAfter?: number;
-    /** Preserve original job options on retry. Default: true. */
-    preserveJobOptions?: boolean;
-}
-export declare const createDLQHandler: <T = unknown>(sourceWorker: WorkerType<T>, sourceQueueName: string, options?: DLQOptions<T>) => {
-    dlqQueue: QueueType<T>;
-    retryJob: (jobId: string) => Promise<void>;
-};
-export type { Job };

package/dist/lib/queue.js

@@ -1,117 +0,0 @@
-import { getRedisConnectionOptions } from "./redis";
-function requireBullMQ() {
-    try {
-        // Bun supports require() in ESM; this defers the import to call time
-        // eslint-disable-next-line @typescript-eslint/no-require-imports
-        return require("bullmq");
-    }
-    catch {
-        throw new Error("bullmq is not installed. Run: bun add bullmq");
-    }
-}
-export const createQueue = (name, options) => {
-    const { Queue } = requireBullMQ();
-    return new Queue(name, { connection: getRedisConnectionOptions(), ...options });
-};
-export const createWorker = (name, processor, options) => {
-    const { Worker } = requireBullMQ();
-    return new Worker(name, processor, { connection: getRedisConnectionOptions(), ...options });
-};
-// ---------------------------------------------------------------------------
-// Cron worker
-// ---------------------------------------------------------------------------
-/** Tracks all registered cron scheduler names for ghost job cleanup. */
-const _registeredCronNames = new Set();
-export const getRegisteredCronNames = () => _registeredCronNames;
-export const createCronWorker = (name, processor, schedule, options) => {
-    const { Queue, Worker } = requireBullMQ();
-    const connection = getRedisConnectionOptions();
-    const queue = new Queue(name, { connection });
-    const worker = new Worker(name, processor, { connection, ...options });
-    _registeredCronNames.add(name);
-    // Use upsertJobScheduler — idempotent across restarts
-    if (schedule.cron) {
-        queue.upsertJobScheduler(name, { pattern: schedule.cron, tz: schedule.timezone }, { name });
-    }
-    else if (schedule.every) {
-        queue.upsertJobScheduler(name, { every: schedule.every }, { name });
-    }
-    return { worker, queue };
-};
-/**
- * Remove job schedulers that are no longer registered.
- * Called automatically after worker discovery in createServer.
- * Can also be called manually for workers managed outside workersDir.
- */
-export const cleanupStaleSchedulers = async (activeNames) => {
-    const { Queue } = requireBullMQ();
-    const connection = getRedisConnectionOptions();
-    const activeSet = new Set(activeNames);
-    // Check all known queue names for stale schedulers
-    for (const name of _registeredCronNames) {
-        if (activeSet.has(name))
-            continue;
-        const queue = new Queue(name, { connection });
-        try {
-            await queue.removeJobScheduler(name);
-        }
-        catch { /* scheduler may not exist */ }
-        await queue.close();
-    }
-};
-export const createDLQHandler = (sourceWorker, sourceQueueName, options) => {
-    const { Queue } = requireBullMQ();
-    const connection = getRedisConnectionOptions();
-    const dlqName = `${sourceQueueName}-dlq`;
-    const dlqQueue = new Queue(dlqName, { connection });
-    const maxSize = options?.maxSize ?? 1000;
-    const preserveJobOptions = options?.preserveJobOptions ?? true;
-    sourceWorker.on("failed", async (job, error) => {
-        if (!job)
-            return;
-        // Only move to DLQ when all attempts are exhausted
-        if (job.attemptsMade < (job.opts?.attempts ?? 1))
-            return;
-        await dlqQueue.add(`dlq:${job.name}`, job.data, {
-            ...(preserveJobOptions ? {
-                delay: job.opts?.delay,
-                priority: job.opts?.priority,
-                attempts: job.opts?.attempts,
-                backoff: job.opts?.backoff,
-            } : {}),
-            jobId: `dlq:${job.id}`,
-        });
-        if (options?.onDeadLetter) {
-            try {
-                await options.onDeadLetter(job, error);
-            }
-            catch (e) {
-                console.error(`[dlq:${sourceQueueName}] onDeadLetter callback error:`, e);
-            }
-        }
-        // Trim DLQ to maxSize
-        const waitingCount = await dlqQueue.getWaitingCount();
-        if (waitingCount > maxSize) {
-            const excess = waitingCount - maxSize;
-            const jobs = await dlqQueue.getWaiting(0, excess - 1);
-            for (const j of jobs) {
-                await j.remove();
-            }
-        }
-    });
-    const sourceQueue = new Queue(sourceQueueName, { connection });
-    const retryJob = async (jobId) => {
-        const job = await dlqQueue.getJob(jobId);
-        if (!job)
-            throw new Error(`Job ${jobId} not found in DLQ`);
-        const opts = preserveJobOptions ? {
-            delay: job.opts?.delay,
-            priority: job.opts?.priority,
-            attempts: job.opts?.attempts,
-            backoff: job.opts?.backoff,
-        } : {};
-        await sourceQueue.add(job.name, job.data, opts);
-        await job.remove();
-    };
-    return { dlqQueue, retryJob };
-};

package/dist/lib/redis.d.ts

@@ -1,9 +0,0 @@
-import type { default as RedisClass, RedisOptions } from "ioredis";
-export declare const getRedisConnectionOptions: () => RedisOptions;
-export declare const connectRedis: () => Promise<void>;
-/**
- * Gracefully close the Redis connection.
- * Useful for one-off scripts that need a clean exit.
- */
-export declare const disconnectRedis: () => Promise<void>;
-export declare const getRedis: () => RedisClass;

package/dist/lib/redis.js

@@ -1,61 +0,0 @@
-import { log } from "./logger";
-const isProd = process.env.NODE_ENV === "production";
-function requireIoredis() {
-    try {
-        // Bun supports require() in ESM; this defers the import to call time
-        // eslint-disable-next-line @typescript-eslint/no-require-imports
-        const mod = require("ioredis");
-        return mod.default ?? mod;
-    }
-    catch {
-        throw new Error("ioredis is not installed. Run: bun add ioredis");
-    }
-}
-export const getRedisConnectionOptions = () => {
-    const host_port = isProd ? process.env.REDIS_HOST_PROD : process.env.REDIS_HOST_DEV;
-    if (!host_port)
-        throw new Error(`Missing env var: ${isProd ? "REDIS_HOST_PROD" : "REDIS_HOST_DEV"}`);
-    const [host, port] = host_port.split(":");
-    if (!host || !port)
-        throw new Error(`Invalid Redis host format — expected "host:port", got "${host_port}"`);
-    const username = isProd ? process.env.REDIS_USER_PROD : process.env.REDIS_USER_DEV;
-    const password = isProd ? process.env.REDIS_PW_PROD : process.env.REDIS_PW_DEV;
-    return {
-        host,
-        port: Number(port),
-        ...(username && { username }),
-        ...(password && { password }),
-    };
-};
-let client = null;
-export const connectRedis = () => {
-    if (client)
-        return Promise.resolve();
-    const Redis = requireIoredis();
-    client = new Redis(getRedisConnectionOptions());
-    client.on("error", (err) => log(`[redis] error: ${err.message}`));
-    return new Promise((resolve, reject) => {
-        client.once("ready", () => {
-            const opts = getRedisConnectionOptions();
-            log(`[redis] connected to ${opts.host}:${opts.port} as ${opts.username || "default user"}`);
-            resolve();
-        });
-        client.once("error", reject);
-    });
-};
-/**
- * Gracefully close the Redis connection.
- * Useful for one-off scripts that need a clean exit.
- */
-export const disconnectRedis = async () => {
-    if (!client)
-        return;
-    await client.quit();
-    client = null;
-    log("[redis] disconnected");
-};
-export const getRedis = () => {
-    if (!client)
-        throw new Error("Redis not connected — call connectRedis() first");
-    return client;
-};

package/dist/lib/resetPassword.d.ts

@@ -1,12 +0,0 @@
-type ResetStore = "redis" | "mongo" | "sqlite" | "memory";
-export declare const setPasswordResetStore: (store: ResetStore) => void;
-/** Create a reset token. Returns the raw token (to embed in the email link).
- *  Only the SHA-256 hash is persisted in the store. */
-export declare const createResetToken: (userId: string, email: string) => Promise<string>;
-/** Atomically consume a reset token — returns its payload and deletes it in one operation.
- *  Returns null if the token is invalid, expired, or already used. */
-export declare const consumeResetToken: (token: string) => Promise<{
-    userId: string;
-    email: string;
-} | null>;
-export {};