npm - @lastshotlabs/bunshot - Versions diffs - 0.0.25 → 0.0.28 - Mend

@lastshotlabs/bunshot 0.0.25 → 0.0.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (725) hide show

package/.oclif.manifest.json +39 -0
package/README.md +8282 -2147
package/dist/cli/commands/init.js +690 -0
package/dist/cli/index.js +6 -0
package/dist/cli.js +4 -4
package/dist/packages/bunshot-admin/src/index.d.ts +15 -0
package/dist/packages/bunshot-admin/src/index.js +11 -0
package/dist/packages/bunshot-admin/src/lib/resourceTypes.d.ts +8 -0
package/dist/packages/bunshot-admin/src/lib/resourceTypes.js +33 -0
package/dist/packages/bunshot-admin/src/lib/typedRoute.d.ts +14 -0
package/dist/packages/bunshot-admin/src/lib/typedRoute.js +17 -0
package/dist/packages/bunshot-admin/src/plugin.d.ts +4 -0
package/dist/packages/bunshot-admin/src/plugin.js +46 -0
package/dist/packages/bunshot-admin/src/providers/auth0Access.d.ts +6 -0
package/dist/packages/bunshot-admin/src/providers/auth0Access.js +32 -0
package/dist/packages/bunshot-admin/src/routes/admin.d.ts +10 -0
package/dist/packages/bunshot-admin/src/routes/admin.js +923 -0
package/dist/packages/bunshot-admin/src/routes/mail.d.ts +6 -0
package/dist/packages/bunshot-admin/src/routes/mail.js +114 -0
package/dist/packages/bunshot-admin/src/routes/permissions.d.ts +8 -0
package/dist/packages/bunshot-admin/src/routes/permissions.js +315 -0
package/dist/packages/bunshot-admin/src/types/config.d.ts +16 -0
package/dist/packages/bunshot-admin/src/types/config.js +37 -0
package/dist/packages/bunshot-admin/src/types/env.d.ts +14 -0
package/dist/packages/bunshot-admin/src/types/provider.d.ts +1 -0
package/dist/packages/bunshot-admin/src/types/provider.js +4 -0
package/dist/packages/bunshot-auth/src/adapters/memoryAuth.d.ts +66 -0
package/dist/packages/bunshot-auth/src/adapters/memoryAuth.js +1063 -0
package/dist/packages/bunshot-auth/src/adapters/mongoAuth.d.ts +2 -0
package/dist/packages/bunshot-auth/src/adapters/mongoAuth.js +536 -0
package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.d.ts +88 -0
package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.js +1366 -0
package/dist/packages/bunshot-auth/src/admin/bunshotAccess.d.ts +2 -0
package/dist/packages/bunshot-auth/src/admin/bunshotAccess.js +23 -0
package/dist/packages/bunshot-auth/src/admin/bunshotUsers.d.ts +5 -0
package/dist/packages/bunshot-auth/src/admin/bunshotUsers.js +131 -0
package/dist/packages/bunshot-auth/src/bootstrap.d.ts +38 -0
package/dist/packages/bunshot-auth/src/bootstrap.js +384 -0
package/dist/packages/bunshot-auth/src/config/appConfig.d.ts +3 -0
package/dist/packages/bunshot-auth/src/config/appConfig.js +4 -0
package/dist/packages/bunshot-auth/src/config/authConfig.d.ts +478 -0
package/dist/packages/bunshot-auth/src/config/authConfig.js +46 -0
package/dist/packages/bunshot-auth/src/config/configLock.d.ts +2 -0
package/dist/packages/bunshot-auth/src/config/configLock.js +10 -0
package/dist/packages/bunshot-auth/src/index.d.ts +25 -0
package/dist/packages/bunshot-auth/src/index.js +23 -0
package/dist/packages/bunshot-auth/src/infra/mongo.d.ts +15 -0
package/dist/packages/bunshot-auth/src/infra/mongo.js +44 -0
package/dist/packages/bunshot-auth/src/infra/queue.d.ts +14 -0
package/dist/packages/bunshot-auth/src/infra/queue.js +27 -0
package/dist/packages/bunshot-auth/src/infra/redis.d.ts +5 -0
package/dist/packages/bunshot-auth/src/infra/redis.js +15 -0
package/dist/packages/bunshot-auth/src/infra/signing.d.ts +7 -0
package/dist/packages/bunshot-auth/src/infra/signing.js +8 -0
package/dist/packages/bunshot-auth/src/lib/accountLockout.d.ts +34 -0
package/dist/packages/bunshot-auth/src/lib/accountLockout.js +244 -0
package/dist/packages/bunshot-auth/src/lib/adapterTiers.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/adapterTiers.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authAdapter.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/authAdapter.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authContext.d.ts +15 -0
package/dist/packages/bunshot-auth/src/lib/authContext.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authEventBus.d.ts +4 -0
package/dist/packages/bunshot-auth/src/lib/authEventBus.js +15 -0
package/dist/packages/bunshot-auth/src/lib/authRateLimit.d.ts +28 -0
package/dist/packages/bunshot-auth/src/lib/authRateLimit.js +205 -0
package/dist/packages/bunshot-auth/src/lib/breachedPassword.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/breachedPassword.js +61 -0
package/dist/packages/bunshot-auth/src/lib/cache.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/cache.js +120 -0
package/dist/packages/bunshot-auth/src/lib/clientIp.d.ts +4 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/clientIp.js +14 -7
package/dist/packages/bunshot-auth/src/lib/cookieOptions.d.ts +27 -0
package/dist/packages/bunshot-auth/src/lib/cookieOptions.js +33 -0
package/dist/packages/bunshot-auth/src/lib/credentialStuffing.d.ts +40 -0
package/dist/packages/bunshot-auth/src/lib/credentialStuffing.js +221 -0
package/dist/packages/bunshot-auth/src/lib/deletionCancelToken.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/deletionCancelToken.js +148 -0
package/dist/packages/bunshot-auth/src/lib/emailTemplates.d.ts +23 -0
package/dist/packages/bunshot-auth/src/lib/emailTemplates.js +265 -0
package/dist/packages/bunshot-auth/src/lib/emailVerification.d.ts +30 -0
package/dist/packages/bunshot-auth/src/lib/emailVerification.js +200 -0
package/dist/packages/bunshot-auth/src/lib/env.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/env.js +3 -0
package/dist/packages/bunshot-auth/src/lib/fingerprint.js +36 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/groups.d.ts +15 -16
package/dist/{lib → packages/bunshot-auth/src/lib}/groups.js +22 -34
package/dist/packages/bunshot-auth/src/lib/jwks.d.ts +28 -0
package/dist/packages/bunshot-auth/src/lib/jwks.js +79 -0
package/dist/packages/bunshot-auth/src/lib/jwt.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/jwt.js +86 -0
package/dist/packages/bunshot-auth/src/lib/logger.d.ts +3 -0
package/dist/packages/bunshot-auth/src/lib/logger.js +13 -0
package/dist/packages/bunshot-auth/src/lib/m2m.d.ts +30 -0
package/dist/packages/bunshot-auth/src/lib/m2m.js +44 -0
package/dist/packages/bunshot-auth/src/lib/magicLink.d.ts +13 -0
package/dist/packages/bunshot-auth/src/lib/magicLink.js +145 -0
package/dist/packages/bunshot-auth/src/lib/mfaChallenge.d.ts +60 -0
package/dist/packages/bunshot-auth/src/lib/mfaChallenge.js +419 -0
package/dist/packages/bunshot-auth/src/lib/oauth.d.ts +82 -0
package/dist/packages/bunshot-auth/src/lib/oauth.js +177 -0
package/dist/packages/bunshot-auth/src/lib/oauthCode.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/oauthCode.js +182 -0
package/dist/packages/bunshot-auth/src/lib/oauthReauth.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/oauthReauth.js +255 -0
package/dist/packages/bunshot-auth/src/lib/organization.d.ts +66 -0
package/dist/packages/bunshot-auth/src/lib/organization.js +225 -0
package/dist/packages/bunshot-auth/src/lib/passwordHistory.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/passwordHistory.js +31 -0
package/dist/packages/bunshot-auth/src/lib/resetPassword.d.ts +20 -0
package/dist/packages/bunshot-auth/src/lib/resetPassword.js +148 -0
package/dist/packages/bunshot-auth/src/lib/roles.d.ts +9 -0
package/dist/packages/bunshot-auth/src/lib/roles.js +93 -0
package/dist/packages/bunshot-auth/src/lib/saml.d.ts +29 -0
package/dist/packages/bunshot-auth/src/lib/saml.js +73 -0
package/dist/packages/bunshot-auth/src/lib/samlRequestId.d.ts +13 -0
package/dist/packages/bunshot-auth/src/lib/samlRequestId.js +129 -0
package/dist/packages/bunshot-auth/src/lib/scim.d.ts +44 -0
package/dist/packages/bunshot-auth/src/lib/scim.js +56 -0
package/dist/packages/bunshot-auth/src/lib/securityEventWiring.d.ts +22 -0
package/dist/packages/bunshot-auth/src/lib/securityEventWiring.js +65 -0
package/dist/packages/bunshot-auth/src/lib/session.d.ts +45 -0
package/dist/packages/bunshot-auth/src/lib/session.js +1211 -0
package/dist/packages/bunshot-auth/src/lib/storeInfra.d.ts +26 -0
package/dist/packages/bunshot-auth/src/lib/storeInfra.js +18 -0
package/dist/packages/bunshot-auth/src/lib/suspension.d.ts +14 -0
package/dist/packages/bunshot-auth/src/lib/suspension.js +20 -0
package/dist/packages/bunshot-auth/src/lib/validateAdapter.d.ts +16 -0
package/dist/packages/bunshot-auth/src/lib/validateAdapter.js +161 -0
package/dist/packages/bunshot-auth/src/middleware/bearerAuth.d.ts +13 -0
package/dist/packages/bunshot-auth/src/middleware/bearerAuth.js +58 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/csrf.d.ts +5 -4
package/dist/packages/bunshot-auth/src/middleware/csrf.js +138 -0
package/dist/packages/bunshot-auth/src/middleware/identify.d.ts +4 -0
package/dist/packages/bunshot-auth/src/middleware/identify.js +124 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireMfaSetup.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireMfaSetup.js +10 -7
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireRole.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireRole.js +20 -16
package/dist/packages/bunshot-auth/src/middleware/requireScope.d.ts +10 -0
package/dist/packages/bunshot-auth/src/middleware/requireScope.js +25 -0
package/dist/packages/bunshot-auth/src/middleware/requireStepUp.d.ts +18 -0
package/dist/packages/bunshot-auth/src/middleware/requireStepUp.js +30 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireVerifiedEmail.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireVerifiedEmail.js +7 -6
package/dist/packages/bunshot-auth/src/middleware/scimAuth.d.ts +8 -0
package/dist/packages/bunshot-auth/src/middleware/scimAuth.js +29 -0
package/dist/packages/bunshot-auth/src/middleware/userAuth.d.ts +3 -0
package/dist/packages/bunshot-auth/src/middleware/userAuth.js +6 -0
package/dist/{models → packages/bunshot-auth/src/models}/AuthUser.d.ts +19 -8
package/dist/packages/bunshot-auth/src/models/AuthUser.js +53 -0
package/dist/packages/bunshot-auth/src/models/Group.d.ts +19 -0
package/dist/packages/bunshot-auth/src/models/Group.js +22 -0
package/dist/{models → packages/bunshot-auth/src/models}/GroupMembership.d.ts +6 -8
package/dist/packages/bunshot-auth/src/models/GroupMembership.js +19 -0
package/dist/packages/bunshot-auth/src/models/M2MClient.d.ts +18 -0
package/dist/packages/bunshot-auth/src/models/M2MClient.js +18 -0
package/dist/packages/bunshot-auth/src/models/TenantRole.d.ts +13 -0
package/dist/packages/bunshot-auth/src/models/TenantRole.js +17 -0
package/dist/packages/bunshot-auth/src/plugin.d.ts +4 -0
package/dist/packages/bunshot-auth/src/plugin.js +274 -0
package/dist/packages/bunshot-auth/src/routes/auth.d.ts +15 -0
package/dist/packages/bunshot-auth/src/routes/auth.js +1624 -0
package/dist/packages/bunshot-auth/src/routes/groups.d.ts +4 -0
package/dist/packages/bunshot-auth/src/routes/groups.js +481 -0
package/dist/packages/bunshot-auth/src/routes/m2m.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/m2m.js +145 -0
package/dist/packages/bunshot-auth/src/routes/mfa.d.ts +6 -0
package/dist/packages/bunshot-auth/src/routes/mfa.js +991 -0
package/dist/packages/bunshot-auth/src/routes/oauth.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/oauth.js +1727 -0
package/dist/packages/bunshot-auth/src/routes/oidc.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/oidc.js +84 -0
package/dist/packages/bunshot-auth/src/routes/organizations.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/organizations.js +741 -0
package/dist/packages/bunshot-auth/src/routes/passkey.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/passkey.js +199 -0
package/dist/packages/bunshot-auth/src/routes/saml.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/saml.js +226 -0
package/dist/packages/bunshot-auth/src/routes/scim.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/scim.js +588 -0
package/dist/packages/bunshot-auth/src/runtime.d.ts +52 -0
package/dist/packages/bunshot-auth/src/runtime.js +11 -0
package/dist/{schemas → packages/bunshot-auth/src/schemas}/auth.d.ts +4 -5
package/dist/packages/bunshot-auth/src/schemas/auth.js +24 -0
package/dist/packages/bunshot-auth/src/schemas/error.d.ts +10 -0
package/dist/packages/bunshot-auth/src/schemas/error.js +10 -0
package/dist/packages/bunshot-auth/src/schemas/success.d.ts +10 -0
package/dist/packages/bunshot-auth/src/schemas/success.js +10 -0
package/dist/packages/bunshot-auth/src/services/auth.d.ts +39 -0
package/dist/packages/bunshot-auth/src/services/auth.js +378 -0
package/dist/{services → packages/bunshot-auth/src/services}/mfa.d.ts +41 -17
package/dist/{services → packages/bunshot-auth/src/services}/mfa.js +259 -183
package/dist/packages/bunshot-auth/src/testing.d.ts +31 -0
package/dist/packages/bunshot-auth/src/testing.js +23 -0
package/dist/packages/bunshot-auth/src/types/adapter.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/adapter.js +1 -0
package/dist/packages/bunshot-auth/src/types/config.d.ts +152 -0
package/dist/packages/bunshot-auth/src/types/config.js +179 -0
package/dist/{routes → packages/bunshot-auth/src/types}/groups.d.ts +2 -3
package/dist/packages/bunshot-auth/src/types/groups.js +1 -0
package/dist/packages/bunshot-auth/src/types/oauthCode.d.ts +6 -0
package/dist/packages/bunshot-auth/src/types/oauthCode.js +1 -0
package/dist/packages/bunshot-auth/src/types/oauthReauth.d.ts +13 -0
package/dist/packages/bunshot-auth/src/types/oauthReauth.js +1 -0
package/dist/packages/bunshot-auth/src/types/redis.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/redis.js +1 -0
package/dist/packages/bunshot-auth/src/types/saml.d.ts +10 -0
package/dist/packages/bunshot-auth/src/types/saml.js +1 -0
package/dist/packages/bunshot-auth/src/types/session.d.ts +18 -0
package/dist/packages/bunshot-auth/src/types/session.js +1 -0
package/dist/packages/bunshot-auth/src/types/store.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/store.js +1 -0
package/dist/packages/bunshot-core/src/adminProvider.d.ts +95 -0
package/dist/packages/bunshot-core/src/adminProvider.js +1 -0
package/dist/packages/bunshot-core/src/auditLog.d.ts +34 -0
package/dist/packages/bunshot-core/src/auditLog.js +1 -0
package/dist/packages/bunshot-core/src/auth-adapter.d.ts +227 -0
package/dist/packages/bunshot-core/src/auth-adapter.js +4 -0
package/dist/packages/bunshot-core/src/authVariables.d.ts +14 -0
package/dist/packages/bunshot-core/src/authVariables.js +4 -0
package/dist/packages/bunshot-core/src/cache.d.ts +12 -0
package/dist/packages/bunshot-core/src/cache.js +21 -0
package/dist/packages/bunshot-core/src/captcha.d.ts +16 -0
package/dist/packages/bunshot-core/src/captcha.js +1 -0
package/dist/packages/bunshot-core/src/clearRegistry.d.ts +6 -0
package/dist/packages/bunshot-core/src/clearRegistry.js +17 -0
package/dist/packages/bunshot-core/src/clientIp.d.ts +3 -0
package/dist/packages/bunshot-core/src/clientIp.js +45 -0
package/dist/packages/bunshot-core/src/configLock.d.ts +4 -0
package/dist/packages/bunshot-core/src/configLock.js +7 -0
package/dist/packages/bunshot-core/src/configValidation.d.ts +22 -0
package/dist/packages/bunshot-core/src/configValidation.js +39 -0
package/dist/packages/bunshot-core/src/constants.js +10 -0
package/dist/packages/bunshot-core/src/context/bunshotContext.d.ts +232 -0
package/dist/packages/bunshot-core/src/context/bunshotContext.js +1 -0
package/dist/packages/bunshot-core/src/context/contextAccess.d.ts +3 -0
package/dist/packages/bunshot-core/src/context/contextAccess.js +16 -0
package/dist/packages/bunshot-core/src/context/contextStore.d.ts +16 -0
package/dist/packages/bunshot-core/src/context/contextStore.js +31 -0
package/dist/packages/bunshot-core/src/context/frameworkConfig.d.ts +38 -0
package/dist/packages/bunshot-core/src/context/frameworkConfig.js +1 -0
package/dist/packages/bunshot-core/src/context/index.d.ts +4 -0
package/dist/packages/bunshot-core/src/context/index.js +2 -0
package/dist/packages/bunshot-core/src/context.d.ts +40 -0
package/dist/packages/bunshot-core/src/context.js +35 -0
package/dist/packages/bunshot-core/src/coreContracts.d.ts +47 -0
package/dist/packages/bunshot-core/src/coreContracts.js +1 -0
package/dist/packages/bunshot-core/src/coreRegistrar.d.ts +6 -0
package/dist/packages/bunshot-core/src/coreRegistrar.js +42 -0
package/dist/{lib → packages/bunshot-core/src}/createRoute.d.ts +4 -30
package/dist/{lib → packages/bunshot-core/src}/createRoute.js +39 -88
package/dist/packages/bunshot-core/src/cronRegistry.d.ts +11 -0
package/dist/packages/bunshot-core/src/cronRegistry.js +1 -0
package/dist/packages/bunshot-core/src/crypto.d.ts +43 -0
package/dist/packages/bunshot-core/src/crypto.js +74 -0
package/dist/packages/bunshot-core/src/csrf.d.ts +8 -0
package/dist/packages/bunshot-core/src/csrf.js +1 -0
package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.d.ts +7 -0
package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.js +19 -0
package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.d.ts +6 -0
package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.js +40 -0
package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.d.ts +6 -0
package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.js +24 -0
package/dist/packages/bunshot-core/src/emailTemplates.d.ts +5 -0
package/dist/packages/bunshot-core/src/emailTemplates.js +10 -0
package/dist/packages/bunshot-core/src/errors.d.ts +13 -0
package/dist/packages/bunshot-core/src/errors.js +22 -0
package/dist/packages/bunshot-core/src/eventBus.d.ts +270 -0
package/dist/packages/bunshot-core/src/eventBus.js +143 -0
package/dist/packages/bunshot-core/src/idempotency.d.ts +18 -0
package/dist/packages/bunshot-core/src/idempotency.js +1 -0
package/dist/packages/bunshot-core/src/index.d.ts +60 -0
package/dist/packages/bunshot-core/src/index.js +34 -0
package/dist/packages/bunshot-core/src/mail.d.ts +14 -0
package/dist/packages/bunshot-core/src/mail.js +8 -0
package/dist/packages/bunshot-core/src/memoryEviction.d.ts +24 -0
package/dist/packages/bunshot-core/src/memoryEviction.js +52 -0
package/dist/packages/bunshot-core/src/pagination.d.ts +45 -0
package/dist/packages/bunshot-core/src/pagination.js +61 -0
package/dist/packages/bunshot-core/src/permissions.d.ts +64 -0
package/dist/packages/bunshot-core/src/permissions.js +27 -0
package/dist/packages/bunshot-core/src/plugin.d.ts +44 -0
package/dist/packages/bunshot-core/src/plugin.js +1 -0
package/dist/packages/bunshot-core/src/rateLimit.d.ts +5 -0
package/dist/packages/bunshot-core/src/rateLimit.js +18 -0
package/dist/packages/bunshot-core/src/redis.d.ts +21 -0
package/dist/packages/bunshot-core/src/redis.js +1 -0
package/dist/packages/bunshot-core/src/routeAuth.d.ts +5 -0
package/dist/packages/bunshot-core/src/routeAuth.js +11 -0
package/dist/packages/bunshot-core/src/routeOverrides.d.ts +24 -0
package/dist/packages/bunshot-core/src/routeOverrides.js +25 -0
package/dist/packages/bunshot-core/src/routerAdapter.d.ts +6 -0
package/dist/packages/bunshot-core/src/routerAdapter.js +56 -0
package/dist/packages/bunshot-core/src/secrets.d.ts +48 -0
package/dist/packages/bunshot-core/src/secrets.js +8 -0
package/dist/packages/bunshot-core/src/signing.d.ts +41 -0
package/dist/packages/bunshot-core/src/signing.js +1 -0
package/dist/packages/bunshot-core/src/sse.d.ts +36 -0
package/dist/packages/bunshot-core/src/sse.js +1 -0
package/dist/packages/bunshot-core/src/storageAdapter.js +1 -0
package/dist/packages/bunshot-core/src/storeInfra.d.ts +44 -0
package/dist/packages/bunshot-core/src/storeInfra.js +18 -0
package/dist/packages/bunshot-core/src/storeType.d.ts +7 -0
package/dist/packages/bunshot-core/src/storeType.js +1 -0
package/dist/packages/bunshot-core/src/testing.d.ts +1 -0
package/dist/packages/bunshot-core/src/testing.js +1 -0
package/dist/packages/bunshot-core/src/uploadRegistry.d.ts +23 -0
package/dist/packages/bunshot-core/src/uploadRegistry.js +4 -0
package/dist/packages/bunshot-core/src/userResolver.d.ts +5 -0
package/dist/packages/bunshot-core/src/userResolver.js +14 -0
package/dist/packages/bunshot-core/src/wsMessages.d.ts +42 -0
package/dist/packages/bunshot-core/src/wsMessages.js +4 -0
package/dist/packages/bunshot-permissions/src/adapters/memory.d.ts +7 -0
package/dist/packages/bunshot-permissions/src/adapters/memory.js +73 -0
package/dist/packages/bunshot-permissions/src/index.d.ts +10 -0
package/dist/packages/bunshot-permissions/src/index.js +5 -0
package/dist/packages/bunshot-permissions/src/lib/bootstrap.d.ts +7 -0
package/dist/packages/bunshot-permissions/src/lib/bootstrap.js +12 -0
package/dist/packages/bunshot-permissions/src/lib/evaluator.d.ts +10 -0
package/dist/packages/bunshot-permissions/src/lib/evaluator.js +165 -0
package/dist/packages/bunshot-permissions/src/lib/registry.d.ts +2 -0
package/dist/packages/bunshot-permissions/src/lib/registry.js +31 -0
package/dist/packages/bunshot-permissions/src/lib/validation.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/lib/validation.js +1 -0
package/dist/packages/bunshot-permissions/src/types/adapter.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/adapter.js +1 -0
package/dist/packages/bunshot-permissions/src/types/evaluator.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/evaluator.js +1 -0
package/dist/packages/bunshot-permissions/src/types/models.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/models.js +1 -0
package/dist/packages/bunshot-permissions/src/types/registry.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/registry.js +1 -0
package/dist/packages/bunshot-postgres/src/adapter.d.ts +6 -0
package/dist/packages/bunshot-postgres/src/adapter.js +794 -0
package/dist/packages/bunshot-postgres/src/connection.d.ts +15 -0
package/dist/packages/bunshot-postgres/src/connection.js +16 -0
package/dist/packages/bunshot-postgres/src/index.d.ts +4 -0
package/dist/packages/bunshot-postgres/src/index.js +2 -0
package/dist/packages/bunshot-postgres/src/schema.d.ts +997 -0
package/dist/packages/bunshot-postgres/src/schema.js +105 -0
package/dist/src/app.d.ts +230 -0
package/dist/src/app.js +182 -0
package/dist/src/cli/commands/init.d.ts +10 -0
package/dist/src/cli/commands/init.js +709 -0
package/dist/src/cli/index.d.ts +1 -0
package/dist/src/cli/index.js +3 -0
package/dist/src/entrypoints/mongo.d.ts +6 -0
package/dist/src/entrypoints/mongo.js +4 -0
package/dist/src/entrypoints/queue.d.ts +2 -0
package/dist/src/entrypoints/queue.js +1 -0
package/dist/src/entrypoints/redis.d.ts +1 -0
package/dist/src/entrypoints/redis.js +1 -0
package/dist/{adapters → src/framework/adapters}/localStorage.d.ts +1 -1
package/dist/{adapters → src/framework/adapters}/localStorage.js +23 -8
package/dist/src/framework/adapters/memoryStorage.d.ts +2 -0
package/dist/src/framework/adapters/memoryStorage.js +45 -0
package/dist/{adapters → src/framework/adapters}/s3Storage.d.ts +1 -1
package/dist/{adapters → src/framework/adapters}/s3Storage.js +12 -12
package/dist/src/framework/admin/bunshotAccess.d.ts +2 -0
package/dist/src/framework/admin/bunshotAccess.js +23 -0
package/dist/src/framework/admin/bunshotUsers.d.ts +2 -0
package/dist/src/framework/admin/bunshotUsers.js +103 -0
package/dist/src/framework/admin/index.d.ts +7 -0
package/dist/src/framework/admin/index.js +21 -0
package/dist/src/framework/boundaryAdapters/cacheFactories.d.ts +13 -0
package/dist/src/framework/boundaryAdapters/cacheFactories.js +86 -0
package/dist/src/framework/boundaryAdapters/index.d.ts +2 -0
package/dist/src/framework/boundaryAdapters/index.js +1 -0
package/dist/src/framework/boundaryAdapters.d.ts +17 -0
package/dist/src/framework/boundaryAdapters.js +62 -0
package/dist/src/framework/buildContext.d.ts +33 -0
package/dist/src/framework/buildContext.js +119 -0
package/dist/src/framework/config/schema.d.ts +447 -0
package/dist/src/framework/config/schema.js +528 -0
package/dist/src/framework/createInfrastructure.d.ts +76 -0
package/dist/src/framework/createInfrastructure.js +221 -0
package/dist/src/framework/lib/auditLog.d.ts +23 -0
package/dist/src/framework/lib/auditLog.js +416 -0
package/dist/src/framework/lib/captcha.d.ts +11 -0
package/dist/src/framework/lib/captcha.js +40 -0
package/dist/{lib → src/framework/lib}/createDtoMapper.js +4 -4
package/dist/src/framework/lib/createRoute.d.ts +1 -0
package/dist/src/framework/lib/createRoute.js +2 -0
package/dist/{lib → src/framework/lib}/idempotency.d.ts +2 -6
package/dist/src/framework/lib/idempotency.js +74 -0
package/dist/src/framework/lib/logger.d.ts +3 -0
package/dist/src/framework/lib/logger.js +14 -0
package/dist/src/framework/lib/metrics.d.ts +34 -0
package/dist/{lib → src/framework/lib}/metrics.js +49 -57
package/dist/src/framework/lib/pagination.d.ts +42 -0
package/dist/src/framework/lib/pagination.js +51 -0
package/dist/src/framework/lib/redisTransport.d.ts +38 -0
package/dist/src/framework/lib/redisTransport.js +107 -0
package/dist/src/framework/lib/resolveUserId.d.ts +2 -0
package/dist/src/framework/lib/resolveUserId.js +5 -0
package/dist/src/framework/lib/sseCollision.d.ts +6 -0
package/dist/src/framework/lib/sseCollision.js +26 -0
package/dist/src/framework/lib/storageAdapter.d.ts +1 -0
package/dist/src/framework/lib/storageAdapter.js +1 -0
package/dist/{lib → src/framework/lib}/stripUnreferencedSchemas.js +4 -4
package/dist/src/framework/lib/tenant.d.ts +21 -0
package/dist/src/framework/lib/tenant.js +70 -0
package/dist/{lib → src/framework/lib}/upload.d.ts +14 -9
package/dist/src/framework/lib/upload.js +132 -0
package/dist/src/framework/lib/uploadRegistry.d.ts +23 -0
package/dist/src/framework/lib/uploadRegistry.js +34 -0
package/dist/{lib → src/framework/lib}/validate.d.ts +1 -1
package/dist/{lib → src/framework/lib}/validate.js +2 -2
package/dist/src/framework/lib/ws.d.ts +19 -0
package/dist/src/framework/lib/ws.js +130 -0
package/dist/src/framework/lib/wsHeartbeat.d.ts +12 -0
package/dist/src/framework/lib/wsHeartbeat.js +53 -0
package/dist/src/framework/lib/wsMessages.d.ts +25 -0
package/dist/src/framework/lib/wsMessages.js +45 -0
package/dist/src/framework/lib/wsNamespace.d.ts +17 -0
package/dist/src/framework/lib/wsNamespace.js +19 -0
package/dist/src/framework/lib/wsPresence.d.ts +17 -0
package/dist/src/framework/lib/wsPresence.js +84 -0
package/dist/src/framework/lib/wsTransport.d.ts +38 -0
package/dist/src/framework/lib/wsTransport.js +9 -0
package/dist/{lib → src/framework/lib}/zodToMongoose.d.ts +1 -1
package/dist/{lib → src/framework/lib}/zodToMongoose.js +11 -11
package/dist/{middleware → src/framework/middleware}/auditLog.d.ts +4 -3
package/dist/src/framework/middleware/auditLog.js +42 -0
package/dist/{middleware → src/framework/middleware}/botProtection.d.ts +2 -2
package/dist/{middleware → src/framework/middleware}/botProtection.js +8 -9
package/dist/src/framework/middleware/cacheResponse.d.ts +35 -0
package/dist/src/framework/middleware/cacheResponse.js +126 -0
package/dist/src/framework/middleware/captcha.d.ts +9 -0
package/dist/src/framework/middleware/captcha.js +37 -0
package/dist/{middleware → src/framework/middleware}/errorHandler.d.ts +1 -1
package/dist/src/framework/middleware/errorHandler.js +16 -0
package/dist/src/framework/middleware/index.js +1 -0
package/dist/{middleware → src/framework/middleware}/logger.d.ts +1 -1
package/dist/src/framework/middleware/metrics.d.ts +12 -0
package/dist/src/framework/middleware/metrics.js +26 -0
package/dist/{middleware → src/framework/middleware}/rateLimit.d.ts +2 -2
package/dist/src/framework/middleware/rateLimit.js +22 -0
package/dist/src/framework/middleware/requestId.d.ts +3 -0
package/dist/{middleware → src/framework/middleware}/requestId.js +2 -2
package/dist/{middleware → src/framework/middleware}/requestLogger.d.ts +3 -3
package/dist/{middleware → src/framework/middleware}/requestLogger.js +17 -12
package/dist/{middleware → src/framework/middleware}/requestSigning.d.ts +2 -2
package/dist/{middleware → src/framework/middleware}/requestSigning.js +18 -19
package/dist/src/framework/middleware/tenant.d.ts +14 -0
package/dist/{middleware → src/framework/middleware}/tenant.js +31 -27
package/dist/src/framework/middleware/upload.d.ts +5 -0
package/dist/{middleware → src/framework/middleware}/upload.js +4 -4
package/dist/{middleware → src/framework/middleware}/webhookAuth.d.ts +3 -3
package/dist/{middleware → src/framework/middleware}/webhookAuth.js +11 -11
package/dist/src/framework/models/AuditLog.d.ts +21 -0
package/dist/src/framework/models/AuditLog.js +31 -0
package/dist/src/framework/mountMiddleware.d.ts +91 -0
package/dist/src/framework/mountMiddleware.js +128 -0
package/dist/src/framework/mountOptionalEndpoints.d.ts +103 -0
package/dist/src/framework/mountOptionalEndpoints.js +47 -0
package/dist/src/framework/mountRoutes.d.ts +21 -0
package/dist/src/framework/mountRoutes.js +144 -0
package/dist/src/framework/persistence/cronRegistry.d.ts +28 -0
package/dist/src/framework/persistence/cronRegistry.js +139 -0
package/dist/src/framework/persistence/idempotency.d.ts +26 -0
package/dist/src/framework/persistence/idempotency.js +178 -0
package/dist/src/framework/persistence/index.d.ts +6 -0
package/dist/src/framework/persistence/index.js +8 -0
package/dist/src/framework/persistence/storeInfra.d.ts +9 -0
package/dist/src/framework/persistence/storeInfra.js +1 -0
package/dist/src/framework/persistence/uploadRegistry.d.ts +35 -0
package/dist/src/framework/persistence/uploadRegistry.js +235 -0
package/dist/src/framework/persistence/wsMessages.d.ts +22 -0
package/dist/src/framework/persistence/wsMessages.js +296 -0
package/dist/src/framework/preloadSchemas.d.ts +24 -0
package/dist/src/framework/preloadSchemas.js +42 -0
package/dist/src/framework/registerBoundaryAdapters.d.ts +23 -0
package/dist/src/framework/registerBoundaryAdapters.js +46 -0
package/dist/src/framework/routes/admin.d.ts +9 -0
package/dist/src/framework/routes/admin.js +361 -0
package/dist/src/framework/routes/health.d.ts +1 -0
package/dist/src/framework/routes/health.js +21 -0
package/dist/src/framework/routes/home.d.ts +1 -0
package/dist/src/framework/routes/home.js +18 -0
package/dist/src/framework/routes/jobs.d.ts +3 -0
package/dist/src/framework/routes/jobs.js +315 -0
package/dist/src/framework/routes/metrics.d.ts +10 -0
package/dist/src/framework/routes/metrics.js +57 -0
package/dist/src/framework/routes/uploads.d.ts +14 -0
package/dist/src/framework/routes/uploads.js +262 -0
package/dist/src/framework/runPluginLifecycle.d.ts +27 -0
package/dist/src/framework/runPluginLifecycle.js +121 -0
package/dist/src/framework/secrets/frameworkSecretSchema.d.ts +58 -0
package/dist/src/framework/secrets/frameworkSecretSchema.js +20 -0
package/dist/src/framework/secrets/index.d.ts +9 -0
package/dist/src/framework/secrets/index.js +7 -0
package/dist/src/framework/secrets/providers/envProvider.d.ts +15 -0
package/dist/src/framework/secrets/providers/envProvider.js +18 -0
package/dist/src/framework/secrets/providers/fileProvider.d.ts +8 -0
package/dist/src/framework/secrets/providers/fileProvider.js +82 -0
package/dist/src/framework/secrets/providers/ssmProvider.d.ts +20 -0
package/dist/src/framework/secrets/providers/ssmProvider.js +127 -0
package/dist/src/framework/secrets/resolveSecretBundle.d.ts +53 -0
package/dist/src/framework/secrets/resolveSecretBundle.js +84 -0
package/dist/src/framework/secrets/resolveSecrets.d.ts +18 -0
package/dist/src/framework/secrets/resolveSecrets.js +34 -0
package/dist/src/framework/sse/index.d.ts +21 -0
package/dist/src/framework/sse/index.js +109 -0
package/dist/src/framework/ws/index.d.ts +11 -0
package/dist/src/framework/ws/index.js +8 -0
package/dist/src/index.d.ts +87 -0
package/dist/src/index.js +58 -0
package/dist/src/lib/appConfig.d.ts +7 -0
package/dist/src/lib/appConfig.js +27 -0
package/dist/src/lib/appMeta.d.ts +7 -0
package/dist/src/lib/appMeta.js +3 -0
package/dist/src/lib/authConfig.d.ts +532 -0
package/dist/src/lib/authConfig.js +179 -0
package/dist/{lib → src/lib}/context.d.ts +6 -7
package/dist/{lib → src/lib}/context.js +5 -5
package/dist/src/lib/logger.d.ts +1 -0
package/dist/src/lib/logger.js +1 -0
package/dist/src/lib/mongo.d.ts +58 -0
package/dist/src/lib/mongo.js +96 -0
package/dist/src/lib/queue.d.ts +72 -0
package/dist/src/lib/queue.js +152 -0
package/dist/src/lib/redis.d.ts +28 -0
package/dist/src/lib/redis.js +72 -0
package/dist/{lib → src/lib}/signing.d.ts +2 -2
package/dist/src/lib/signing.js +210 -0
package/dist/src/lib/signingConfig.d.ts +40 -0
package/dist/src/lib/signingConfig.js +28 -0
package/dist/src/server.d.ts +146 -0
package/dist/src/server.js +469 -0
package/dist/src/shared/lib/HttpError.d.ts +1 -0
package/dist/src/shared/lib/HttpError.js +2 -0
package/dist/src/shared/lib/constants.d.ts +10 -0
package/dist/src/shared/lib/crypto.d.ts +43 -0
package/dist/src/shared/lib/crypto.js +74 -0
package/dist/src/shared/lib/signing.d.ts +52 -0
package/dist/{lib → src/shared/lib}/signing.js +40 -10
package/dist/src/testing.d.ts +34 -0
package/dist/src/testing.js +93 -0
package/package.json +62 -25
package/dist/adapters/memoryAuth.d.ts +0 -46
package/dist/adapters/memoryAuth.js +0 -634
package/dist/adapters/memoryStorage.d.ts +0 -3
package/dist/adapters/memoryStorage.js +0 -44
package/dist/adapters/mongoAuth.d.ts +0 -2
package/dist/adapters/mongoAuth.js +0 -307
package/dist/adapters/sqliteAuth.d.ts +0 -49
package/dist/adapters/sqliteAuth.js +0 -707
package/dist/app.d.ts +0 -456
package/dist/app.js +0 -548
package/dist/entrypoints/mongo.d.ts +0 -5
package/dist/entrypoints/mongo.js +0 -4
package/dist/entrypoints/queue.d.ts +0 -2
package/dist/entrypoints/queue.js +0 -1
package/dist/entrypoints/redis.d.ts +0 -1
package/dist/entrypoints/redis.js +0 -1
package/dist/index.d.ts +0 -98
package/dist/index.js +0 -77
package/dist/lib/HttpError.d.ts +0 -9
package/dist/lib/HttpError.js +0 -14
package/dist/lib/appConfig.d.ts +0 -162
package/dist/lib/appConfig.js +0 -83
package/dist/lib/auditLog.d.ts +0 -52
package/dist/lib/auditLog.js +0 -201
package/dist/lib/authAdapter.d.ts +0 -176
package/dist/lib/authAdapter.js +0 -7
package/dist/lib/authRateLimit.d.ts +0 -13
package/dist/lib/authRateLimit.js +0 -81
package/dist/lib/clientIp.d.ts +0 -14
package/dist/lib/crypto.d.ts +0 -11
package/dist/lib/crypto.js +0 -22
package/dist/lib/deletionCancelToken.d.ts +0 -12
package/dist/lib/deletionCancelToken.js +0 -88
package/dist/lib/emailVerification.d.ts +0 -13
package/dist/lib/emailVerification.js +0 -86
package/dist/lib/fingerprint.js +0 -36
package/dist/lib/idempotency.js +0 -182
package/dist/lib/jwt.d.ts +0 -2
package/dist/lib/jwt.js +0 -24
package/dist/lib/logger.d.ts +0 -1
package/dist/lib/logger.js +0 -7
package/dist/lib/metrics.d.ts +0 -14
package/dist/lib/mfaChallenge.d.ts +0 -42
package/dist/lib/mfaChallenge.js +0 -293
package/dist/lib/mongo.d.ts +0 -39
package/dist/lib/mongo.js +0 -124
package/dist/lib/oauth.d.ts +0 -40
package/dist/lib/oauth.js +0 -101
package/dist/lib/oauthCode.d.ts +0 -15
package/dist/lib/oauthCode.js +0 -90
package/dist/lib/pagination.d.ts +0 -119
package/dist/lib/pagination.js +0 -166
package/dist/lib/queue.d.ts +0 -37
package/dist/lib/queue.js +0 -117
package/dist/lib/redis.d.ts +0 -9
package/dist/lib/redis.js +0 -61
package/dist/lib/resetPassword.d.ts +0 -12
package/dist/lib/resetPassword.js +0 -91
package/dist/lib/roles.d.ts +0 -7
package/dist/lib/roles.js +0 -49
package/dist/lib/session.d.ts +0 -39
package/dist/lib/session.js +0 -535
package/dist/lib/tenant.d.ts +0 -15
package/dist/lib/tenant.js +0 -65
package/dist/lib/upload.js +0 -87
package/dist/lib/ws.d.ts +0 -22
package/dist/lib/ws.js +0 -89
package/dist/lib/wsHeartbeat.d.ts +0 -12
package/dist/lib/wsHeartbeat.js +0 -57
package/dist/lib/wsMessages.d.ts +0 -40
package/dist/lib/wsMessages.js +0 -330
package/dist/lib/wsPresence.d.ts +0 -25
package/dist/lib/wsPresence.js +0 -99
package/dist/middleware/auditLog.js +0 -39
package/dist/middleware/bearerAuth.d.ts +0 -2
package/dist/middleware/bearerAuth.js +0 -11
package/dist/middleware/cacheResponse.d.ts +0 -15
package/dist/middleware/cacheResponse.js +0 -178
package/dist/middleware/csrf.js +0 -125
package/dist/middleware/errorHandler.js +0 -13
package/dist/middleware/identify.d.ts +0 -3
package/dist/middleware/identify.js +0 -95
package/dist/middleware/index.js +0 -1
package/dist/middleware/metrics.d.ts +0 -9
package/dist/middleware/metrics.js +0 -26
package/dist/middleware/rateLimit.js +0 -22
package/dist/middleware/requestId.d.ts +0 -3
package/dist/middleware/tenant.d.ts +0 -5
package/dist/middleware/upload.d.ts +0 -5
package/dist/middleware/userAuth.d.ts +0 -3
package/dist/middleware/userAuth.js +0 -6
package/dist/models/AuditLog.d.ts +0 -30
package/dist/models/AuditLog.js +0 -39
package/dist/models/AuthUser.js +0 -48
package/dist/models/Group.d.ts +0 -21
package/dist/models/Group.js +0 -28
package/dist/models/GroupMembership.js +0 -25
package/dist/models/TenantRole.d.ts +0 -15
package/dist/models/TenantRole.js +0 -23
package/dist/routes/auth.d.ts +0 -11
package/dist/routes/auth.js +0 -605
package/dist/routes/groups.js +0 -346
package/dist/routes/health.d.ts +0 -1
package/dist/routes/health.js +0 -22
package/dist/routes/home.d.ts +0 -1
package/dist/routes/home.js +0 -16
package/dist/routes/jobs.d.ts +0 -2
package/dist/routes/jobs.js +0 -272
package/dist/routes/metrics.d.ts +0 -7
package/dist/routes/metrics.js +0 -52
package/dist/routes/mfa.d.ts +0 -5
package/dist/routes/mfa.js +0 -620
package/dist/routes/oauth.d.ts +0 -2
package/dist/routes/oauth.js +0 -514
package/dist/routes/uploads.d.ts +0 -2
package/dist/routes/uploads.js +0 -135
package/dist/schemas/auth.js +0 -30
package/dist/server.d.ts +0 -57
package/dist/server.js +0 -112
package/dist/services/auth.d.ts +0 -27
package/dist/services/auth.js +0 -159
package/dist/ws/index.d.ts +0 -10
package/dist/ws/index.js +0 -38
package/docs/sections/adding-middleware/full.md +0 -35
package/docs/sections/adding-models/full.md +0 -125
package/docs/sections/adding-models/overview.md +0 -13
package/docs/sections/adding-routes/full.md +0 -182
package/docs/sections/adding-routes/overview.md +0 -23
package/docs/sections/auth-flow/full.md +0 -779
package/docs/sections/auth-flow/overview.md +0 -10
package/docs/sections/auth-security-examples/full.md +0 -365
package/docs/sections/authentication/full.md +0 -130
package/docs/sections/authentication/overview.md +0 -5
package/docs/sections/cli/full.md +0 -42
package/docs/sections/configuration/full.md +0 -172
package/docs/sections/configuration/overview.md +0 -18
package/docs/sections/configuration-example/full.md +0 -117
package/docs/sections/configuration-example/overview.md +0 -30
package/docs/sections/documentation/full.md +0 -171
package/docs/sections/environment-variables/full.md +0 -55
package/docs/sections/exports/full.md +0 -123
package/docs/sections/extending-context/full.md +0 -59
package/docs/sections/header.md +0 -3
package/docs/sections/installation/full.md +0 -6
package/docs/sections/jobs/full.md +0 -140
package/docs/sections/jobs/overview.md +0 -15
package/docs/sections/logging/full.md +0 -83
package/docs/sections/metrics/full.md +0 -127
package/docs/sections/mongodb-connections/full.md +0 -45
package/docs/sections/mongodb-connections/overview.md +0 -7
package/docs/sections/multi-tenancy/full.md +0 -66
package/docs/sections/multi-tenancy/overview.md +0 -15
package/docs/sections/oauth/full.md +0 -189
package/docs/sections/oauth/overview.md +0 -16
package/docs/sections/package-development/full.md +0 -7
package/docs/sections/pagination/full.md +0 -93
package/docs/sections/peer-dependencies/full.md +0 -47
package/docs/sections/quick-start/full.md +0 -43
package/docs/sections/response-caching/full.md +0 -117
package/docs/sections/response-caching/overview.md +0 -13
package/docs/sections/roles/full.md +0 -225
package/docs/sections/roles/overview.md +0 -14
package/docs/sections/running-without-redis/full.md +0 -16
package/docs/sections/running-without-redis-or-mongodb/full.md +0 -60
package/docs/sections/signing/full.md +0 -203
package/docs/sections/stack/full.md +0 -10
package/docs/sections/uploads/full.md +0 -199
package/docs/sections/versioning/full.md +0 -85
package/docs/sections/webhook-auth/full.md +0 -100
package/docs/sections/websocket/full.md +0 -184
package/docs/sections/websocket/overview.md +0 -5
package/docs/sections/websocket-rooms/full.md +0 -102
package/docs/sections/websocket-rooms/overview.md +0 -5
/package/dist/{lib/storageAdapter.js → packages/bunshot-admin/src/types/env.js} +0 -0
/package/dist/{lib → packages/bunshot-auth/src/lib}/fingerprint.d.ts +0 -0
/package/dist/{lib → packages/bunshot-core/src}/constants.d.ts +0 -0
/package/dist/{lib → packages/bunshot-core/src}/storageAdapter.d.ts +0 -0
/package/dist/{lib → src/framework/lib}/createDtoMapper.d.ts +0 -0
/package/dist/{lib → src/framework/lib}/stripUnreferencedSchemas.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/cors.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/cors.js +0 -0
/package/dist/{middleware → src/framework/middleware}/index.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/logger.js +0 -0
/package/dist/{lib → src/shared/lib}/constants.js +0 -0

package/dist/routes/oauth.js DELETED Viewed

@@ -1,514 +0,0 @@
-import { createRoute, withSecurity } from "../lib/createRoute";
-import { createRouter } from "../lib/context";
-import { setCookie } from "hono/cookie";
-import { decodeIdToken } from "arctic";
-import { z } from "zod";
-import { getGoogle, getApple, getMicrosoft, getGitHub, storeOAuthState, consumeOAuthState, generateState, generateCodeVerifier, } from "../lib/oauth";
-import { getAuthAdapter } from "../lib/authAdapter";
-import { HttpError } from "../lib/HttpError";
-import { signToken } from "../lib/jwt";
-import { createSession, getActiveSessionCount, evictOldestSession, setRefreshToken } from "../lib/session";
-import { storeOAuthCode, consumeOAuthCode } from "../lib/oauthCode";
-import { COOKIE_TOKEN, COOKIE_REFRESH_TOKEN } from "../lib/constants";
-import { userAuth } from "../middleware/userAuth";
-import { getDefaultRole, getMaxSessions, getRefreshTokenConfig, getAccessTokenExpiry, getRefreshTokenExpiry, getCsrfEnabled } from "../lib/appConfig";
-import { refreshCsrfToken } from "../middleware/csrf";
-import { trackAttempt } from "../lib/authRateLimit";
-import { getClientIp } from "../lib/clientIp";
-const isProd = process.env.NODE_ENV === "production";
-const cookieOptions = (maxAge) => ({
-    httpOnly: true,
-    secure: isProd,
-    sameSite: "Lax",
-    path: "/",
-    maxAge: maxAge ?? 60 * 60 * 24 * 7,
-});
-const tags = ["OAuth"];
-const OAuthErrorResponse = z.object({ error: z.string().describe("Human-readable error message.") }).openapi("OAuthErrorResponse");
-const finishOAuth = async (c, provider, providerId, profile, postLoginRedirect) => {
-    const adapter = getAuthAdapter();
-    if (!adapter.findOrCreateByProvider) {
-        return c.json({ error: "Auth adapter does not support social login" }, 500);
-    }
-    let user;
-    try {
-        user = await adapter.findOrCreateByProvider(provider, providerId, profile);
-    }
-    catch (err) {
-        const message = err instanceof HttpError ? err.message : "Authentication failed";
-        const sep = postLoginRedirect.includes("?") ? "&" : "?";
-        return c.redirect(`${postLoginRedirect}${sep}error=${encodeURIComponent(message)}`);
-    }
-    if (user.created) {
-        const role = getDefaultRole();
-        if (role && adapter.setRoles)
-            await adapter.setRoles(user.id, [role]);
-    }
-    const sessionId = crypto.randomUUID();
-    const rtConfig = getRefreshTokenConfig();
-    const expirySeconds = rtConfig ? getAccessTokenExpiry() : undefined;
-    const token = await signToken(user.id, sessionId, expirySeconds);
-    const metadata = {
-        ipAddress: getClientIp(c),
-        userAgent: c.req.header("user-agent") ?? undefined,
-    };
-    while (await getActiveSessionCount(user.id) >= getMaxSessions()) {
-        await evictOldestSession(user.id);
-    }
-    await createSession(user.id, token, sessionId, metadata);
-    let refreshTokenValue;
-    if (rtConfig) {
-        refreshTokenValue = crypto.randomUUID();
-        await setRefreshToken(sessionId, refreshTokenValue);
-    }
-    // Store a one-time authorization code instead of exposing the token in the redirect URL.
-    // The client exchanges this code via POST /auth/oauth/exchange to get the session token.
-    const code = await storeOAuthCode({
-        token,
-        userId: user.id,
-        email: profile.email,
-        refreshToken: refreshTokenValue,
-    });
-    try {
-        const url = new URL(postLoginRedirect);
-        url.searchParams.set("code", code);
-        if (profile.email)
-            url.searchParams.set("user", profile.email);
-        return c.redirect(url.toString());
-    }
-    catch {
-        // Relative path fallback
-        const sep = postLoginRedirect.includes("?") ? "&" : "?";
-        const userParam = profile.email ? `&user=${encodeURIComponent(profile.email)}` : "";
-        return c.redirect(`${postLoginRedirect}${sep}code=${code}${userParam}`);
-    }
-};
-export const createOAuthRouter = (providers, postLoginRedirect) => {
-    const router = createRouter();
-    // ─── Google ───────────────────────────────────────────────────────────────
-    if (providers.includes("google")) {
-        router.openapi(createRoute({
-            method: "get",
-            path: "/auth/google",
-            summary: "Initiate Google OAuth",
-            description: "Redirects the user to Google's consent screen to begin the OAuth login flow. After the user authorizes, Google redirects back to `/auth/google/callback`.",
-            tags,
-            responses: {
-                302: { description: "Redirect to Google's OAuth consent screen." },
-                500: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "OAuth provider not configured." },
-            },
-        }), async (c) => {
-            const state = generateState();
-            const codeVerifier = generateCodeVerifier();
-            await storeOAuthState(state, codeVerifier);
-            const url = getGoogle().createAuthorizationURL(state, codeVerifier, ["openid", "profile", "email"]);
-            return c.redirect(url.toString());
-        });
-        router.openapi(createRoute({
-            method: "get",
-            path: "/auth/google/callback",
-            summary: "Google OAuth callback",
-            description: "Handles the redirect from Google after user authorization. Validates the OAuth state and code, then creates or finds the user account. Sets a session cookie and redirects to the configured post-login URL.",
-            tags,
-            request: {
-                query: z.object({
-                    code: z.string().describe("Authorization code from Google."),
-                    state: z.string().describe("OAuth state parameter for CSRF protection."),
-                }),
-            },
-            responses: {
-                302: { description: "Redirect to the post-login URL with session token." },
-                400: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "Invalid callback parameters or expired state." },
-            },
-        }), async (c) => {
-            const { code, state } = c.req.valid("query");
-            if (!code || !state)
-                return c.json({ error: "Invalid callback" }, 400);
-            const stored = await consumeOAuthState(state);
-            if (!stored?.codeVerifier)
-                return c.json({ error: "Invalid or expired state" }, 400);
-            const tokens = await getGoogle().validateAuthorizationCode(code, stored.codeVerifier);
-            const info = await fetch("https://openidconnect.googleapis.com/v1/userinfo", {
-                headers: { Authorization: `Bearer ${tokens.accessToken()}` },
-            }).then((r) => r.json());
-            if (stored.linkUserId) {
-                const adapter = getAuthAdapter();
-                if (!adapter.linkProvider)
-                    return c.json({ error: "Auth adapter does not support linkProvider" }, 500);
-                await adapter.linkProvider(stored.linkUserId, "google", info.sub);
-                const sep = postLoginRedirect.includes("?") ? "&" : "?";
-                return c.redirect(`${postLoginRedirect}${sep}linked=google`);
-            }
-            return finishOAuth(c, "google", info.sub, { email: info.email, name: info.name, avatarUrl: info.picture }, postLoginRedirect);
-        });
-        router.use("/auth/google/link", userAuth);
-        router.openapi(withSecurity(createRoute({
-            method: "get",
-            path: "/auth/google/link",
-            summary: "Link Google account",
-            description: "Initiates an OAuth flow to link a Google account to the authenticated user. Requires a valid session. Redirects to Google's consent screen.",
-            tags,
-            responses: {
-                302: { description: "Redirect to Google's OAuth consent screen." },
-                401: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "No valid session." },
-            },
-        }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-            const state = generateState();
-            const codeVerifier = generateCodeVerifier();
-            await storeOAuthState(state, codeVerifier, c.get("authUserId"));
-            const url = getGoogle().createAuthorizationURL(state, codeVerifier, ["openid", "profile", "email"]);
-            return c.redirect(url.toString());
-        });
-        router.openapi(withSecurity(createRoute({
-            method: "delete",
-            path: "/auth/google/link",
-            summary: "Unlink Google account",
-            description: "Removes the linked Google OAuth account from the authenticated user. Requires a valid session.",
-            tags,
-            responses: {
-                204: { description: "Google account unlinked successfully." },
-                401: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "No valid session." },
-                500: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "Auth adapter does not support unlinkProvider." },
-            },
-        }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-            const adapter = getAuthAdapter();
-            if (!adapter.unlinkProvider) {
-                return c.json({ error: "Auth adapter does not support unlinkProvider" }, 500);
-            }
-            await adapter.unlinkProvider(c.get("authUserId"), "google");
-            return c.body(null, 204);
-        });
-    }
-    // ─── Apple ────────────────────────────────────────────────────────────────
-    if (providers.includes("apple")) {
-        router.openapi(createRoute({
-            method: "get",
-            path: "/auth/apple",
-            summary: "Initiate Apple OAuth",
-            description: "Redirects the user to Apple's sign-in page to begin the OAuth login flow. After the user authorizes, Apple posts back to `/auth/apple/callback`.",
-            tags,
-            responses: {
-                302: { description: "Redirect to Apple's OAuth sign-in page." },
-                500: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "OAuth provider not configured." },
-            },
-        }), async (c) => {
-            const state = generateState();
-            await storeOAuthState(state);
-            const url = getApple().createAuthorizationURL(state, ["name", "email"]);
-            return c.redirect(url.toString());
-        });
-        // Apple sends a POST with form data to the callback URL
-        router.openapi(createRoute({
-            method: "post",
-            path: "/auth/apple/callback",
-            summary: "Apple OAuth callback",
-            description: "Handles the POST redirect from Apple after user authorization. Apple sends form-encoded data containing the authorization code and state. Validates the OAuth state, exchanges the code for tokens, then creates or finds the user account. Sets a session cookie and redirects to the configured post-login URL.",
-            tags,
-            responses: {
-                302: { description: "Redirect to the post-login URL with session token." },
-                400: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "Invalid callback parameters or expired state." },
-            },
-        }), async (c) => {
-            const form = await c.req.formData();
-            const code = form.get("code");
-            const state = form.get("state");
-            if (!code || !state)
-                return c.json({ error: "Invalid callback" }, 400);
-            const stored = await consumeOAuthState(state);
-            if (!stored)
-                return c.json({ error: "Invalid or expired state" }, 400);
-            const tokens = await getApple().validateAuthorizationCode(code);
-            const claims = decodeIdToken(tokens.idToken());
-            if (stored.linkUserId) {
-                const adapter = getAuthAdapter();
-                if (!adapter.linkProvider)
-                    return c.json({ error: "Auth adapter does not support linkProvider" }, 500);
-                await adapter.linkProvider(stored.linkUserId, "apple", claims.sub);
-                const sep = postLoginRedirect.includes("?") ? "&" : "?";
-                return c.redirect(`${postLoginRedirect}${sep}linked=apple`);
-            }
-            // Apple only sends name on the very first sign-in
-            const userJSON = form.get("user");
-            const userInfo = userJSON ? JSON.parse(userJSON) : {};
-            const name = userInfo.name
-                ? `${userInfo.name.firstName ?? ""} ${userInfo.name.lastName ?? ""}`.trim() || undefined
-                : undefined;
-            return finishOAuth(c, "apple", claims.sub, { email: claims.email, name }, postLoginRedirect);
-        });
-        router.use("/auth/apple/link", userAuth);
-        router.openapi(withSecurity(createRoute({
-            method: "get",
-            path: "/auth/apple/link",
-            summary: "Link Apple account",
-            description: "Initiates an OAuth flow to link an Apple account to the authenticated user. Requires a valid session. Redirects to Apple's sign-in page.",
-            tags,
-            responses: {
-                302: { description: "Redirect to Apple's OAuth sign-in page." },
-                401: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "No valid session." },
-            },
-        }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-            const state = generateState();
-            await storeOAuthState(state, undefined, c.get("authUserId"));
-            const url = getApple().createAuthorizationURL(state, ["name", "email"]);
-            return c.redirect(url.toString());
-        });
-    }
-    // ─── Microsoft ──────────────────────────────────────────────────────────
-    if (providers.includes("microsoft")) {
-        router.openapi(createRoute({
-            method: "get",
-            path: "/auth/microsoft",
-            summary: "Initiate Microsoft OAuth",
-            description: "Redirects the user to Microsoft's sign-in page to begin the OAuth login flow. After the user authorizes, Microsoft redirects back to `/auth/microsoft/callback`.",
-            tags,
-            responses: {
-                302: { description: "Redirect to Microsoft's OAuth sign-in page." },
-                500: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "OAuth provider not configured." },
-            },
-        }), async (c) => {
-            const state = generateState();
-            const codeVerifier = generateCodeVerifier();
-            await storeOAuthState(state, codeVerifier);
-            const url = getMicrosoft().createAuthorizationURL(state, codeVerifier, ["openid", "profile", "email"]);
-            return c.redirect(url.toString());
-        });
-        router.openapi(createRoute({
-            method: "get",
-            path: "/auth/microsoft/callback",
-            summary: "Microsoft OAuth callback",
-            description: "Handles the redirect from Microsoft after user authorization. Validates the OAuth state and code, then creates or finds the user account. Sets a session cookie and redirects to the configured post-login URL.",
-            tags,
-            request: {
-                query: z.object({
-                    code: z.string().describe("Authorization code from Microsoft."),
-                    state: z.string().describe("OAuth state parameter for CSRF protection."),
-                }),
-            },
-            responses: {
-                302: { description: "Redirect to the post-login URL with session token." },
-                400: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "Invalid callback parameters or expired state." },
-            },
-        }), async (c) => {
-            const { code, state } = c.req.valid("query");
-            if (!code || !state)
-                return c.json({ error: "Invalid callback" }, 400);
-            const stored = await consumeOAuthState(state);
-            if (!stored?.codeVerifier)
-                return c.json({ error: "Invalid or expired state" }, 400);
-            const tokens = await getMicrosoft().validateAuthorizationCode(code, stored.codeVerifier);
-            const info = await fetch("https://graph.microsoft.com/v1.0/me", {
-                headers: { Authorization: `Bearer ${tokens.accessToken()}` },
-            }).then((r) => r.json());
-            if (stored.linkUserId) {
-                const adapter = getAuthAdapter();
-                if (!adapter.linkProvider)
-                    return c.json({ error: "Auth adapter does not support linkProvider" }, 500);
-                await adapter.linkProvider(stored.linkUserId, "microsoft", info.id);
-                const sep = postLoginRedirect.includes("?") ? "&" : "?";
-                return c.redirect(`${postLoginRedirect}${sep}linked=microsoft`);
-            }
-            return finishOAuth(c, "microsoft", info.id, { email: info.mail ?? info.userPrincipalName, name: info.displayName }, postLoginRedirect);
-        });
-        router.use("/auth/microsoft/link", userAuth);
-        router.openapi(withSecurity(createRoute({
-            method: "get",
-            path: "/auth/microsoft/link",
-            summary: "Link Microsoft account",
-            description: "Initiates an OAuth flow to link a Microsoft account to the authenticated user. Requires a valid session. Redirects to Microsoft's sign-in page.",
-            tags,
-            responses: {
-                302: { description: "Redirect to Microsoft's OAuth sign-in page." },
-                401: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "No valid session." },
-            },
-        }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-            const state = generateState();
-            const codeVerifier = generateCodeVerifier();
-            await storeOAuthState(state, codeVerifier, c.get("authUserId"));
-            const url = getMicrosoft().createAuthorizationURL(state, codeVerifier, ["openid", "profile", "email"]);
-            return c.redirect(url.toString());
-        });
-        router.openapi(withSecurity(createRoute({
-            method: "delete",
-            path: "/auth/microsoft/link",
-            summary: "Unlink Microsoft account",
-            description: "Removes the linked Microsoft OAuth account from the authenticated user. Requires a valid session.",
-            tags,
-            responses: {
-                204: { description: "Microsoft account unlinked successfully." },
-                401: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "No valid session." },
-                500: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "Auth adapter does not support unlinkProvider." },
-            },
-        }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-            const adapter = getAuthAdapter();
-            if (!adapter.unlinkProvider) {
-                return c.json({ error: "Auth adapter does not support unlinkProvider" }, 500);
-            }
-            await adapter.unlinkProvider(c.get("authUserId"), "microsoft");
-            return c.body(null, 204);
-        });
-    }
-    // ─── GitHub ────────────────────────────────────────────────────────────
-    if (providers.includes("github")) {
-        router.openapi(createRoute({
-            method: "get",
-            path: "/auth/github",
-            summary: "Initiate GitHub OAuth",
-            description: "Redirects the user to GitHub's authorization page to begin the OAuth login flow. After the user authorizes, GitHub redirects back to `/auth/github/callback`.",
-            tags,
-            responses: {
-                302: { description: "Redirect to GitHub's OAuth authorization page." },
-                500: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "OAuth provider not configured." },
-            },
-        }), async (c) => {
-            const state = generateState();
-            await storeOAuthState(state);
-            const url = getGitHub().createAuthorizationURL(state, ["read:user", "user:email"]);
-            return c.redirect(url.toString());
-        });
-        router.openapi(createRoute({
-            method: "get",
-            path: "/auth/github/callback",
-            summary: "GitHub OAuth callback",
-            description: "Handles the redirect from GitHub after user authorization. Validates the OAuth state and code, then creates or finds the user account. Sets a session cookie and redirects to the configured post-login URL.",
-            tags,
-            request: {
-                query: z.object({
-                    code: z.string().describe("Authorization code from GitHub."),
-                    state: z.string().describe("OAuth state parameter for CSRF protection."),
-                }),
-            },
-            responses: {
-                302: { description: "Redirect to the post-login URL with session token." },
-                400: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "Invalid callback parameters or expired state." },
-            },
-        }), async (c) => {
-            const { code, state } = c.req.valid("query");
-            if (!code || !state)
-                return c.json({ error: "Invalid callback" }, 400);
-            const stored = await consumeOAuthState(state);
-            if (!stored)
-                return c.json({ error: "Invalid or expired state" }, 400);
-            const tokens = await getGitHub().validateAuthorizationCode(code);
-            const headers = { Authorization: `Bearer ${tokens.accessToken()}`, "User-Agent": "bunshot" };
-            const info = await fetch("https://api.github.com/user", { headers })
-                .then((r) => r.json());
-            // GitHub may not return email on /user if it's private — fetch from /user/emails
-            let email = info.email;
-            if (!email) {
-                const emails = await fetch("https://api.github.com/user/emails", { headers })
-                    .then((r) => r.json());
-                email = emails.find((e) => e.primary && e.verified)?.email ?? emails.find((e) => e.verified)?.email;
-            }
-            if (stored.linkUserId) {
-                const adapter = getAuthAdapter();
-                if (!adapter.linkProvider)
-                    return c.json({ error: "Auth adapter does not support linkProvider" }, 500);
-                await adapter.linkProvider(stored.linkUserId, "github", String(info.id));
-                const sep = postLoginRedirect.includes("?") ? "&" : "?";
-                return c.redirect(`${postLoginRedirect}${sep}linked=github`);
-            }
-            return finishOAuth(c, "github", String(info.id), { email, name: info.name, avatarUrl: info.avatar_url }, postLoginRedirect);
-        });
-        router.use("/auth/github/link", userAuth);
-        router.openapi(withSecurity(createRoute({
-            method: "get",
-            path: "/auth/github/link",
-            summary: "Link GitHub account",
-            description: "Initiates an OAuth flow to link a GitHub account to the authenticated user. Requires a valid session. Redirects to GitHub's authorization page.",
-            tags,
-            responses: {
-                302: { description: "Redirect to GitHub's OAuth authorization page." },
-                401: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "No valid session." },
-            },
-        }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-            const state = generateState();
-            await storeOAuthState(state, undefined, c.get("authUserId"));
-            const url = getGitHub().createAuthorizationURL(state, ["read:user", "user:email"]);
-            return c.redirect(url.toString());
-        });
-        router.openapi(withSecurity(createRoute({
-            method: "delete",
-            path: "/auth/github/link",
-            summary: "Unlink GitHub account",
-            description: "Removes the linked GitHub OAuth account from the authenticated user. Requires a valid session.",
-            tags,
-            responses: {
-                204: { description: "GitHub account unlinked successfully." },
-                401: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "No valid session." },
-                500: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "Auth adapter does not support unlinkProvider." },
-            },
-        }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-            const adapter = getAuthAdapter();
-            if (!adapter.unlinkProvider) {
-                return c.json({ error: "Auth adapter does not support unlinkProvider" }, 500);
-            }
-            await adapter.unlinkProvider(c.get("authUserId"), "github");
-            return c.body(null, 204);
-        });
-    }
-    // ─── Code Exchange ─────────────────────────────────────────────────────
-    router.openapi(createRoute({
-        method: "post",
-        path: "/auth/oauth/exchange",
-        summary: "Exchange OAuth authorization code for session token",
-        description: "Exchanges a one-time authorization code (received from the OAuth redirect) for a session token. The code is single-use and expires after 60 seconds. Sets session cookies for browser clients; returns the token in the JSON response for mobile/SPA clients.",
-        tags,
-        request: {
-            body: {
-                content: {
-                    "application/json": {
-                        schema: z.object({
-                            code: z.string().describe("One-time authorization code from the OAuth redirect."),
-                        }),
-                    },
-                },
-            },
-        },
-        responses: {
-            200: {
-                content: {
-                    "application/json": {
-                        schema: z.object({
-                            token: z.string().describe("Session JWT."),
-                            userId: z.string().describe("Authenticated user ID."),
-                            email: z.string().optional().describe("User email if available."),
-                            refreshToken: z.string().optional().describe("Refresh token if refresh tokens are configured."),
-                        }),
-                    },
-                },
-                description: "Session token and user info.",
-            },
-            400: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "Missing code parameter." },
-            401: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "Invalid, expired, or already-used code." },
-            429: { content: { "application/json": { schema: OAuthErrorResponse } }, description: "Rate limit exceeded." },
-        },
-    }), async (c) => {
-        // Rate limit by IP to prevent brute-forcing codes within the 60s TTL
-        const ip = getClientIp(c);
-        const limited = await trackAttempt(`oauth-exchange:ip:${ip}`, { max: 20, windowMs: 60_000 });
-        if (limited) {
-            return c.json({ error: "Too many requests" }, 429);
-        }
-        const { code } = c.req.valid("json");
-        if (!code)
-            return c.json({ error: "Missing code" }, 400);
-        const payload = await consumeOAuthCode(code);
-        if (!payload)
-            return c.json({ error: "Invalid or expired code" }, 401);
-        // Set session cookies for browser clients
-        const rtConfig = getRefreshTokenConfig();
-        setCookie(c, COOKIE_TOKEN, payload.token, cookieOptions(rtConfig ? getAccessTokenExpiry() : undefined));
-        if (payload.refreshToken && rtConfig) {
-            setCookie(c, COOKIE_REFRESH_TOKEN, payload.refreshToken, cookieOptions(getRefreshTokenExpiry()));
-        }
-        if (getCsrfEnabled())
-            refreshCsrfToken(c);
-        return c.json({
-            token: payload.token,
-            userId: payload.userId,
-            email: payload.email,
-            refreshToken: payload.refreshToken,
-        }, 200);
-    });
-    return router;
-};

package/dist/routes/uploads.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { PresignedUrlConfig } from "../app";
2	- export declare const createUploadsRouter: (config: PresignedUrlConfig) => import("@hono/zod-openapi").OpenAPIHono<import("../lib/context").AppEnv, {}, "/">;

package/dist/routes/uploads.js DELETED Viewed

@@ -1,135 +0,0 @@
-import { z } from "zod";
-import { createRouter } from "../lib/context";
-import { createRoute } from "../lib/createRoute";
-import { userAuth } from "../middleware/userAuth";
-import { getStorageAdapter, getUploadConfig } from "../lib/upload";
-import { getSigningConfig, getSigningSecret } from "../lib/appConfig";
-import { createPresignedUrl } from "../lib/signing";
-const tags = ["Uploads"];
-export const createUploadsRouter = (config) => {
-    const router = createRouter();
-    const basePath = (config.path ?? "/uploads").replace(/\/$/, "");
-    router.use(`${basePath}/*`, userAuth);
-    const presignRoute = createRoute({
-        method: "post",
-        path: `${basePath}/presign`,
-        tags,
-        summary: "Generate presigned upload URL",
-        request: {
-            body: {
-                content: {
-                    "application/json": {
-                        schema: z.object({
-                            key: z.string().describe("Storage key for the upload"),
-                            mimeType: z.string().optional().describe("MIME type of the file"),
-                            expirySeconds: z.number().int().positive().optional().describe("URL expiry in seconds"),
-                        }),
-                    },
-                },
-            },
-        },
-        responses: {
-            200: {
-                description: "Presigned URL generated",
-                content: { "application/json": { schema: z.object({ url: z.string(), key: z.string() }) } },
-            },
-            501: {
-                description: "Not implemented by adapter",
-                content: { "application/json": { schema: z.object({ error: z.string() }) } },
-            },
-        },
-    });
-    router.openapi(presignRoute, async (c) => {
-        const adapter = getStorageAdapter();
-        if (!adapter?.presignPut) {
-            return c.json({ error: "Presigned URLs not supported by the configured storage adapter" }, 501);
-        }
-        const { key, mimeType, expirySeconds } = c.req.valid("json");
-        const _uploadConfig = getUploadConfig();
-        const expiry = expirySeconds ?? (typeof config.expirySeconds === "number" ? config.expirySeconds : 3600);
-        const url = await adapter.presignPut(key, { expirySeconds: expiry, mimeType });
-        return c.json({ url, key }, 200);
-    });
-    const presignGetRoute = createRoute({
-        method: "get",
-        path: `${basePath}/presign/:key{.+}`,
-        tags,
-        summary: "Generate presigned download URL",
-        request: {
-            params: z.object({ key: z.string() }),
-            query: z.object({
-                expiry: z.string().optional().describe("URL expiry in seconds (default: 3600)"),
-            }),
-        },
-        responses: {
-            200: {
-                description: "Presigned download URL",
-                content: {
-                    "application/json": {
-                        schema: z.object({
-                            url: z.string(),
-                            expiresAt: z.number().describe("Unix timestamp (seconds) when the URL expires"),
-                        }),
-                    },
-                },
-            },
-            501: {
-                description: "Not implemented",
-                content: { "application/json": { schema: z.object({ error: z.string() }) } },
-            },
-        },
-    });
-    router.openapi(presignGetRoute, async (c) => {
-        const { key } = c.req.valid("param");
-        const { expiry: expiryStr } = c.req.valid("query");
-        const expirySeconds = expiryStr ? parseInt(expiryStr, 10) : (typeof config.expirySeconds === "number" ? config.expirySeconds : 3600);
-        const signingCfg = getSigningConfig();
-        if (signingCfg?.presignedUrls) {
-            const secret = getSigningSecret();
-            if (!secret)
-                return c.json({ error: "Signing secret not configured" }, 501);
-            const defaultExpiry = typeof signingCfg.presignedUrls === "object"
-                ? (signingCfg.presignedUrls.defaultExpiry ?? expirySeconds)
-                : expirySeconds;
-            const base = new URL(c.req.url);
-            base.pathname = `${basePath}/download/${key}`;
-            base.search = "";
-            const url = createPresignedUrl(base.toString(), key, { method: "GET", expiry: defaultExpiry }, secret);
-            const expiresAt = Math.floor(Date.now() / 1000) + defaultExpiry;
-            return c.json({ url, expiresAt }, 200);
-        }
-        // Fallback: adapter.presignGet (S3 only)
-        const adapter = getStorageAdapter();
-        if (!adapter?.presignGet) {
-            return c.json({ error: "Presigned download URLs not supported. Enable signing.presignedUrls or use an S3 adapter." }, 501);
-        }
-        const url = await adapter.presignGet(key, { expirySeconds });
-        const expiresAt = Math.floor(Date.now() / 1000) + expirySeconds;
-        return c.json({ url, expiresAt }, 200);
-    });
-    const deleteRoute = createRoute({
-        method: "delete",
-        path: `${basePath}/:key{.+}`,
-        tags,
-        summary: "Delete an uploaded file",
-        request: {
-            params: z.object({ key: z.string() }),
-        },
-        responses: {
-            204: { description: "Deleted" },
-            500: {
-                description: "No storage adapter configured",
-                content: { "application/json": { schema: z.object({ error: z.string() }) } },
-            },
-        },
-    });
-    router.openapi(deleteRoute, async (c) => {
-        const adapter = getStorageAdapter();
-        if (!adapter)
-            return c.json({ error: "No storage adapter configured" }, 500);
-        const { key } = c.req.valid("param");
-        await adapter.delete(key);
-        return c.body(null, 204);
-    });
-    return router;
-};