@lastshotlabs/bunshot 0.0.5 → 0.0.7

package/dist/app.js

@@ -0,0 +1,175 @@
+import { OpenAPIHono } from "@hono/zod-openapi";
+import { cors } from "hono/cors";
+import { logger } from "hono/logger";
+import { secureHeaders } from "hono/secure-headers";
+import { Scalar } from "@scalar/hono-api-reference";
+import { HttpError } from "./lib/HttpError";
+import { rateLimit } from "./middleware/rateLimit";
+import { bearerAuth } from "./middleware/bearerAuth";
+import { identify } from "./middleware/identify";
+import { HEADER_USER_TOKEN } from "./lib/constants";
+import { setAppName, setAppRoles, setDefaultRole, setPrimaryField, setEmailVerificationConfig } from "./lib/appConfig";
+import { setEmailVerificationStore } from "./lib/emailVerification";
+import { setAuthRateLimitStore } from "./lib/authRateLimit";
+import { setAuthAdapter } from "./lib/authAdapter";
+import { mongoAuthAdapter } from "./adapters/mongoAuth";
+import { memoryAuthAdapter } from "./adapters/memoryAuth";
+import { initOAuthProviders, getConfiguredOAuthProviders, setOAuthStateStore } from "./lib/oauth";
+import { createOAuthRouter } from "./routes/oauth";
+import { connectMongo, connectAuthMongo, connectAppMongo } from "./lib/mongo";
+import { connectRedis } from "./lib/redis";
+import { setSessionStore } from "./lib/session";
+import { setCacheStore } from "./middleware/cacheResponse";
+export const createApp = async (config) => {
+    const { routesDir, app: appConfig = {}, auth: authConfig = {}, security: securityConfig = {}, middleware = [], db = {}, } = config;
+    const appName = appConfig.name ?? "Bun Core API";
+    const openApiVersion = appConfig.version ?? "1.0.0";
+    const corsOrigins = securityConfig.cors ?? "*";
+    const rlConfig = securityConfig.rateLimit ?? { windowMs: 60_000, max: 100 };
+    const botCfg = securityConfig.botProtection ?? {};
+    const enableBearerAuth = securityConfig.bearerAuth !== false;
+    const extraBypass = typeof securityConfig.bearerAuth === "object" && securityConfig.bearerAuth !== null
+        ? (securityConfig.bearerAuth.bypass ?? [])
+        : [];
+    const enableAuthRoutes = authConfig.enabled !== false;
+    const explicitAuthAdapter = authConfig.adapter;
+    const oauthProviders = authConfig.oauth?.providers;
+    const postOAuthRedirect = authConfig.oauth?.postRedirect ?? "/";
+    const roles = authConfig.roles ?? [];
+    const defaultRole = authConfig.defaultRole;
+    const primaryField = authConfig.primaryField ?? "email";
+    const emailVerification = authConfig.emailVerification;
+    const authRateLimit = authConfig.rateLimit;
+    const { sqlite, mongo = "single", redis: enableRedis = true } = db;
+    // Smart fallback: pick the best available store rather than blindly defaulting to "redis"
+    const defaultStore = enableRedis
+        ? "redis"
+        : sqlite
+            ? "sqlite"
+            : mongo !== false
+                ? "mongo"
+                : "memory";
+    const sessions = db.sessions ?? defaultStore;
+    const oauthState = db.oauthState ?? sessions;
+    const cache = db.cache ?? defaultStore;
+    const authStore = db.auth ?? (mongo !== false ? "mongo" : sessions);
+    if (sqlite || sessions === "sqlite" || oauthState === "sqlite" || authStore === "sqlite") {
+        const { setSqliteDb } = await import("./adapters/sqliteAuth");
+        setSqliteDb(sqlite ?? "./data.db");
+    }
+    setSessionStore(sessions);
+    setOAuthStateStore(oauthState);
+    setCacheStore(cache);
+    if (mongo === "single")
+        await connectMongo();
+    else if (mongo === "separate")
+        await Promise.all([connectAuthMongo(), connectAppMongo()]);
+    if (enableRedis)
+        await connectRedis();
+    // Resolve auth adapter: explicit prop wins, then db.auth, then mongo default
+    let authAdapter;
+    if (explicitAuthAdapter) {
+        authAdapter = explicitAuthAdapter;
+    }
+    else if (authStore === "sqlite") {
+        const { sqliteAuthAdapter } = await import("./adapters/sqliteAuth");
+        authAdapter = sqliteAuthAdapter;
+    }
+    else if (authStore === "memory") {
+        authAdapter = memoryAuthAdapter;
+    }
+    else {
+        authAdapter = mongoAuthAdapter;
+    }
+    setAuthAdapter(authAdapter);
+    setAppRoles(roles);
+    setDefaultRole(defaultRole ?? null);
+    setPrimaryField(primaryField);
+    setEmailVerificationConfig(emailVerification ?? null);
+    setEmailVerificationStore(sessions);
+    setAuthRateLimitStore(authRateLimit?.store ?? (enableRedis ? "redis" : "memory"));
+    if (defaultRole && !authAdapter.setRoles) {
+        throw new Error(`createApp: "defaultRole" is set to "${defaultRole}" but the auth adapter does not implement setRoles. Add setRoles to your adapter or remove defaultRole.`);
+    }
+    if (oauthProviders)
+        initOAuthProviders(oauthProviders);
+    const configuredOAuth = getConfiguredOAuthProviders();
+    // OAuth paths must bypass bearer auth — initiation and link routes are browser redirects,
+    // callbacks come from external providers; none can send a bearer token header.
+    const oauthBypass = configuredOAuth.flatMap((p) => [
+        `/auth/${p}`,
+        `/auth/${p}/callback`,
+        `/auth/${p}/link`,
+    ]);
+    const DEFAULT_BYPASS = ["/docs", "/openapi.json", "/sw.js", "/health", "/"];
+    const bearerAuthBypass = [...DEFAULT_BYPASS, ...oauthBypass, ...extraBypass];
+    const app = new OpenAPIHono();
+    app.use(logger());
+    app.use(secureHeaders());
+    app.use(cors({ origin: corsOrigins, allowHeaders: ["Content-Type", "Authorization", HEADER_USER_TOKEN], exposeHeaders: ["x-cache"], credentials: true }));
+    if ((botCfg.blockList?.length ?? 0) > 0) {
+        const { botProtection } = await import("./middleware/botProtection");
+        app.use(botProtection({ blockList: botCfg.blockList }));
+    }
+    app.use(rateLimit({ ...rlConfig, fingerprintLimit: botCfg.fingerprintRateLimit ?? false }));
+    if (enableBearerAuth) {
+        app.use(async (c, next) => {
+            const path = c.req.path;
+            if (bearerAuthBypass.includes(path)) {
+                return next();
+            }
+            return bearerAuth(c, next);
+        });
+    }
+    app.use(identify);
+    for (const mw of middleware)
+        app.use(mw);
+    setAppName(appName);
+    // Core routes (auth, etc.)
+    const coreRoutesDir = import.meta.dir + "/routes";
+    const coreGlob = new Bun.Glob("*.ts");
+    for await (const file of coreGlob.scan({ cwd: coreRoutesDir })) {
+        if (file === "auth.ts")
+            continue; // mounted separately below via createAuthRouter
+        if (file === "oauth.ts")
+            continue; // mounted separately below
+        const mod = await import(`${coreRoutesDir}/${file}`);
+        if (mod.router)
+            app.route("/", mod.router);
+    }
+    if (enableAuthRoutes) {
+        const { createAuthRouter } = await import(`${coreRoutesDir}/auth`);
+        app.route("/", createAuthRouter({ primaryField, emailVerification, rateLimit: authRateLimit }));
+    }
+    if (configuredOAuth.length > 0) {
+        app.route("/", createOAuthRouter(configuredOAuth, postOAuthRedirect));
+    }
+    // Service routes — collect all, sort by optional exported `priority`, then mount
+    const serviceGlob = new Bun.Glob("**/*.ts");
+    const serviceFiles = [];
+    for await (const file of serviceGlob.scan({ cwd: routesDir })) {
+        serviceFiles.push(file);
+    }
+    const serviceMods = await Promise.all(serviceFiles.map(async (file) => ({
+        file,
+        mod: await import(`${routesDir}/${file}`),
+    })));
+    serviceMods
+        .sort((a, b) => (a.mod.priority ?? Infinity) - (b.mod.priority ?? Infinity))
+        .forEach(({ mod }) => {
+        if (mod.router)
+            app.route("/", mod.router);
+    });
+    app.onError((err, c) => {
+        if (err instanceof HttpError) {
+            return c.json({ error: err.message }, err.status);
+        }
+        console.error(err);
+        return c.json({ error: "Internal Server Error" }, 500);
+    });
+    app.notFound((c) => c.json({ error: "Not Found" }, 404));
+    app.doc("/openapi.json", { openapi: "3.0.0", info: { title: appName, version: openApiVersion } });
+    app.get("/docs", Scalar({ url: "/openapi.json" }));
+    app.get("/sw.js", (c) => c.body("", 200, { "Content-Type": "application/javascript" }));
+    return app;
+};

package/dist/cli.js

@@ -1,34 +1,66 @@
 #!/usr/bin/env bun
 // @bun
-var R=import.meta.require;import{existsSync as V,mkdirSync as E,writeFileSync as J,readSync as v,rmSync as I}from"fs";import{join as z}from"path";import{spawnSync as Q}from"child_process";function W($){process.stdout.write($);let L=Buffer.alloc(1024),_=v(0,L,0,L.length,null);return L.subarray(0,_).toString().trim().replace(/\r/g,"")}var X=process.argv[2],q=process.argv[3],K=X||W("App name: ");if(!K)console.error("App name is required."),process.exit(1);var M=K.toLowerCase().replace(/\s+/g,"-").replace(/[^a-z0-9-]/g,""),A=q||(X?M:W(`Directory (${M}): `))||M,B=z(process.cwd(),A),G=z(B,"src"),b=z(G,"routes"),C=z(G,"workers"),x=z(G,"queues"),F=z(G,"ws"),P=z(G,"services");if(V(B))console.error(`Directory "${A}" already exists.`),process.exit(1);var T=`import { createServer, type CreateServerConfig } from "@lastshotlabs/bunshot";
+var D=import.meta.require;import{existsSync as N,mkdirSync as X,writeFileSync as q,readSync as b,rmSync as h}from"fs";import{join as B}from"path";import{spawnSync as M}from"child_process";function w(z){process.stdout.write(z);let H=Buffer.alloc(1024),Q=b(0,H,0,H.length,null);return H.subarray(0,Q).toString().trim().replace(/\r/g,"")}function E(z,H,Q=0){let J=Q;function Z($=!1){if(!$)process.stdout.write(`\x1B[${H.length}A`);for(let A=0;A<H.length;A++){let V=A===J,R=V?"\x1B[36m>\x1B[0m":" ",g=V?`\x1B[1m${H[A]}\x1B[0m`:`\x1B[2m${H[A]}\x1B[0m`;process.stdout.write(`\x1B[2K  ${R} ${g}
+`)}}if(!process.stdin.isTTY){console.log(z),H.forEach((V,R)=>console.log(`  ${R+1}) ${V}`));let $=w(`  Choose [${Q+1}]: `);if(!$)return Q;let A=parseInt($);if(A>=1&&A<=H.length)return A-1;return Q}console.log(z),process.stdout.write("\x1B[?25l"),Z(!0),process.stdin.setRawMode(!0);let _=Buffer.alloc(16);try{while(!0){let $=b(0,_,0,_.length,null),A=_.subarray(0,$).toString();if(A==="\r"||A===`
+`)break;else if(A==="\x1B[A"||A==="\x1BOA")J=(J-1+H.length)%H.length,Z();else if(A==="\x1B[B"||A==="\x1BOB")J=(J+1)%H.length,Z();else if(A==="\x03")process.stdout.write(`\x1B[?25h
+`),process.stdin.setRawMode(!1),process.exit(0);else{let V=parseInt(A);if(V>=1&&V<=H.length){J=V-1,Z();break}}}}finally{process.stdin.setRawMode(!1),process.stdout.write("\x1B[?25h")}return J}var f=process.argv[2],m=process.argv[3],O=f||w("App name: ");if(!O)console.error("App name is required."),process.exit(1);var I=O.toLowerCase().replace(/\s+/g,"-").replace(/[^a-z0-9-]/g,""),G=m||(f?I:w(`Directory (${I}): `))||I,K=!1,W=!1,P="mongo",v="redis",T="redis",F="redis";console.log("");var x=E("Database setup:",["Full stack        (MongoDB + Redis \u2014 production ready)","SQLite            (single file, no external services)","Memory            (ephemeral, great for prototyping/tests)","Custom            (choose each store individually)"]);if(x===0)K=E("MongoDB connection mode:",["Single   (auth + app data share one connection)","Separate (auth on its own cluster)"])===0?"single":"separate",W=!0,P="mongo",v="redis",T="redis",F="redis";else if(x===1)K=!1,W=!1,P="sqlite",v="sqlite",T="sqlite",F="sqlite";else if(x===2)K=!1,W=!1,P="memory",v="memory",T="memory",F="memory";else{console.log(`
+  Configure each store:
+`);let z=E("MongoDB:",["Single   (one connection for auth + app data)","Separate (auth on its own cluster)","None     (no MongoDB)"]);if(z===0)K="single";else if(z===1)K="separate";else K=!1;W=E("Redis:",["Yes","No"])===0;let Q=[],J=[];if(W)Q.push("redis"),J.push("Redis");if(K)Q.push("mongo"),J.push("MongoDB");Q.push("sqlite","memory"),J.push("SQLite","Memory");let Z=[],_=[];if(K)Z.push("mongo"),_.push("MongoDB");Z.push("sqlite","memory"),_.push("SQLite","Memory");let $=E("Auth store:",_);P=Z[$];let A=E("Sessions store:",J);v=Q[A];let V=E("Cache store:",J);T=Q[V];let R=E("OAuth state store:",J);F=Q[R]}var S=P==="sqlite"||v==="sqlite"||T==="sqlite"||F==="sqlite",U=B(process.cwd(),G),Y=B(U,"src"),k=B(Y,"config"),j=B(Y,"lib"),p=B(Y,"routes"),l=B(Y,"workers"),u=B(Y,"queues"),d=B(Y,"ws"),c=B(Y,"services"),a=B(Y,"middleware"),r=B(Y,"models");if(N(U))console.error(`Directory "${G}" already exists.`),process.exit(1);function n(){let z=[];if(K)z.push(`  mongo: "${K}",`);else z.push("  mongo: false,");if(z.push(`  redis: ${W},`),z.push(`  auth: "${P}",`),z.push(`  sessions: "${v}",`),z.push(`  oauthState: "${F}",`),z.push(`  cache: "${T}",`),S)z.push('  sqlite: path.join(import.meta.dir, "../../data.db"),');return`{
+${z.join(`
+`)}
+}`}var s=`export const APP_NAME = "${O}";
+export const APP_VERSION = "1.0.0";
+
+export const USER_ROLES = {
+  ADMIN: "admin",
+  USER: "user",
+};
+`,t=`import path from "path";
+import {
+  type AppMeta,
+  type AuthConfig,
+  type CreateServerConfig,
+  type DbConfig,
+  type SecurityConfig,
+} from "@lastshotlabs/bunshot";
+import { APP_NAME, APP_VERSION, USER_ROLES } from "@lib/constants";
+
+export const app: AppMeta = {
+  name: APP_NAME,
+  version: APP_VERSION,
+};
+
+export const routesDir = path.join(import.meta.dir, "../routes");
+
+export const workersDir = path.join(import.meta.dir, "../workers");
+
+export const port = process.env.PORT ? parseInt(process.env.PORT) : 3000;
 
-const roles = {
-  admin: "admin",
-  user: "user",
+export const db: DbConfig = ${n()};
+
+export const auth: AuthConfig = {
+  roles: Object.values(USER_ROLES),
+  defaultRole: USER_ROLES.USER,
+};
+
+export const security: SecurityConfig = {
+  cors: ["*"],
 };
 
-const config: CreateServerConfig = {
-  routesDir: import.meta.dir + "/routes",
-  workersDir: import.meta.dir + "/workers",
-  app: {
-    name: "${K}",
-    version: "1.0.0",
-  },
-  auth: {
-    roles: Object.values(roles),
-    defaultRole: roles.user,
-  },
-  security: {
-    cors: ["*"],
-  },
-  db: {
-    mongo: "single",
-  },
-  port: process.env.PORT ? parseInt(process.env.PORT) : 3000,
+export const appConfig: CreateServerConfig = {
+  app,
+  routesDir,
+  workersDir,
+  port,
+  db,
+  auth,
+  security,
 };
+`,i=`import { createServer } from "@lastshotlabs/bunshot";
+import { appConfig } from "@config/index";
 
-await createServer(config);
-`,h=`# ${K}
+await createServer(appConfig);
+`,o=`# ${O}
 
 Built with [@lastshotlabs/bunshot](https://github.com/Last-Shot-Labs/bunshot).
 
@@ -50,9 +82,14 @@ bun dev
 
 \`\`\`
 src/
-  index.ts        # server entry point
-  routes/         # file-based routing (each file = a router)
-  workers/        # BullMQ workers (auto-imported on start)
+  index.ts          # server entry point
+  config/index.ts   # centralized app configuration
+  lib/constants.ts  # app name, version, roles
+  routes/           # file-based routing (each file = a router)
+  workers/          # BullMQ workers (auto-imported on start)
+  middleware/       # custom middleware
+  models/           # data models
+  services/         # business logic
 \`\`\`
 
 ## Adding routes
@@ -68,7 +105,7 @@ export const router = createRouter();
 
 router.get("/products", (c) => c.json({ products: [] }));
 \`\`\`
-
+${K?`
 ## Adding models
 
 \`\`\`ts
@@ -82,14 +119,21 @@ const ProductSchema = new mongoose.Schema({
 
 export const Product = appConnection.model("Product", ProductSchema);
 \`\`\`
-
+`:""}
 ## Environment variables
 
-See \`.env\` \u2014 fill in MongoDB, Redis, JWT, Bearer token, and OAuth provider values before running.
-`,w=`NODE_ENV=development
-PORT=3000
-
-# MongoDB (single connection)
+See \`.env\` \u2014 fill in the values before running.
+`;function e(){let z=["NODE_ENV=development","PORT=3000"];if(K==="single")z.push(`
+# MongoDB
+MONGO_USER_DEV=
+MONGO_PW_DEV=
+MONGO_HOST_DEV=
+MONGO_DB_DEV=
+MONGO_USER_PROD=
+MONGO_PW_PROD=
+MONGO_HOST_PROD=
+MONGO_DB_PROD=`);else if(K==="separate")z.push(`
+# MongoDB (app data)
 MONGO_USER_DEV=
 MONGO_PW_DEV=
 MONGO_HOST_DEV=
@@ -99,7 +143,7 @@ MONGO_PW_PROD=
 MONGO_HOST_PROD=
 MONGO_DB_PROD=
 
-# MongoDB auth connection (only needed if mongo: "separate")
+# MongoDB (auth \u2014 separate cluster)
 MONGO_AUTH_USER_DEV=
 MONGO_AUTH_PW_DEV=
 MONGO_AUTH_HOST_DEV=
@@ -107,16 +151,14 @@ MONGO_AUTH_DB_DEV=
 MONGO_AUTH_USER_PROD=
 MONGO_AUTH_PW_PROD=
 MONGO_AUTH_HOST_PROD=
-MONGO_AUTH_DB_PROD=
-
+MONGO_AUTH_DB_PROD=`);if(W)z.push(`
 # Redis
 REDIS_HOST_DEV=
 REDIS_USER_DEV=
 REDIS_PW_DEV=
 REDIS_HOST_PROD=
 REDIS_USER_PROD=
-REDIS_PW_PROD=
-
+REDIS_PW_PROD=`);return z.push(`
 # JWT
 JWT_SECRET_DEV=
 JWT_SECRET_PROD=
@@ -135,15 +177,17 @@ APPLE_CLIENT_ID=
 APPLE_TEAM_ID=
 APPLE_KEY_ID=
 APPLE_PRIVATE_KEY=
-APPLE_REDIRECT_URI=
-`;console.log(`
-@lastshotlabs/bunshot \u2014 creating ${A}
-`);E(B,{recursive:!0});console.log("  Running bun init...");Q("bun",["init","-y"],{cwd:B,stdio:"inherit"});var U=z(B,"index.ts");if(V(U))I(U);var Y=z(B,"package.json"),H=JSON.parse(R("fs").readFileSync(Y,"utf-8"));H.module="src/index.ts";H.scripts={dev:"bun --watch src/index.ts",start:"bun src/index.ts"};H.dependencies={...H.dependencies,"@lastshotlabs/bunshot":"*"};J(Y,JSON.stringify(H,null,2)+`
-`,"utf-8");var Z=z(B,"tsconfig.json"),O=JSON.parse(R("fs").readFileSync(Z,"utf-8"));O.compilerOptions={...O.compilerOptions,paths:{"@lib/*":["./src/lib/*"],"@middleware/*":["./src/middleware/*"],"@models/*":["./src/models/*"],"@queues/*":["./src/queues/*"],"@routes/*":["./src/routes/*"],"@scripts/*":["./src/scripts/*"],"@services/*":["./src/services/*"],"@workers/*":["./src/workers/*"],"@queues":["./src/queues/index.ts"],"@jobs":["./src/queues/jobs.ts"],"@ws":["./src/ws/index.ts"]}};J(Z,JSON.stringify(O,null,2)+`
-`,"utf-8");E(b,{recursive:!0});E(C,{recursive:!0});E(x,{recursive:!0});E(F,{recursive:!0});E(P,{recursive:!0});J(z(G,"index.ts"),T,"utf-8");J(z(B,".env"),w,"utf-8");J(z(B,"README.md"),h,"utf-8");console.log("  Created:");console.log(`    + ${A}/src/index.ts`);console.log(`    + ${A}/src/routes/`);console.log(`    + ${A}/src/workers/`);console.log(`    + ${A}/src/queues/`);console.log(`    + ${A}/src/ws/`);console.log(`    + ${A}/src/services/`);console.log(`    + ${A}/.env`);console.log(`    + ${A}/README.md`);console.log(`
-  Initializing git...`);var N=Q("git",["init"],{cwd:B,stdio:"inherit"});if(N.status!==0)console.error("  git init failed \u2014 skipping.");console.log(`
-  Installing dependencies...`);var u=Q("bun",["install"],{cwd:B,stdio:"inherit"});if(u.status!==0)console.error(`
+APPLE_REDIRECT_URI=`),z.join(`
+`)+`
+`}console.log(`
+@lastshotlabs/bunshot \u2014 creating ${G}
+`);X(U,{recursive:!0});console.log("  Running bun init...");M("bun",["init","-y"],{cwd:U,stdio:"inherit"});var C=B(U,"index.ts");if(N(C))h(C);var y=B(U,"package.json"),L=JSON.parse(D("fs").readFileSync(y,"utf-8"));L.module="src/index.ts";L.scripts={dev:"bun --watch src/index.ts",start:"bun src/index.ts"};L.dependencies={...L.dependencies,"@lastshotlabs/bunshot":"*"};q(y,JSON.stringify(L,null,2)+`
+`,"utf-8");var zz=B(U,"tsconfig.json"),Az={compilerOptions:{lib:["ESNext"],target:"ESNext",module:"Preserve",moduleDetection:"force",jsx:"react-jsx",allowJs:!0,moduleResolution:"bundler",allowImportingTsExtensions:!0,verbatimModuleSyntax:!0,noEmit:!0,strict:!0,skipLibCheck:!0,noFallthroughCasesInSwitch:!0,noUncheckedIndexedAccess:!0,noImplicitOverride:!0,noUnusedLocals:!1,noUnusedParameters:!1,noPropertyAccessFromIndexSignature:!1,paths:{"@lib/*":["./src/lib/*"],"@middleware/*":["./src/middleware/*"],"@models/*":["./src/models/*"],"@queues/*":["./src/queues/*"],"@routes/*":["./src/routes/*"],"@scripts/*":["./src/scripts/*"],"@services/*":["./src/services/*"],"@workers/*":["./src/workers/*"],"@service-facades/*":["./src/service-facades/*"],"@config/*":["./src/config/*"],"@constants/*":["./src/lib/constants/*"]}}};q(zz,JSON.stringify(Az,null,2)+`
+`,"utf-8");X(k,{recursive:!0});X(j,{recursive:!0});X(p,{recursive:!0});X(l,{recursive:!0});X(u,{recursive:!0});X(d,{recursive:!0});X(c,{recursive:!0});X(a,{recursive:!0});X(r,{recursive:!0});q(B(j,"constants.ts"),s,"utf-8");q(B(k,"index.ts"),t,"utf-8");q(B(Y,"index.ts"),i,"utf-8");q(B(U,".env"),e(),"utf-8");q(B(U,"README.md"),o,"utf-8");console.log("  Created:");console.log(`    + ${G}/src/index.ts`);console.log(`    + ${G}/src/config/index.ts`);console.log(`    + ${G}/src/lib/constants.ts`);console.log(`    + ${G}/src/routes/`);console.log(`    + ${G}/src/workers/`);console.log(`    + ${G}/src/queues/`);console.log(`    + ${G}/src/ws/`);console.log(`    + ${G}/src/services/`);console.log(`    + ${G}/src/middleware/`);console.log(`    + ${G}/src/models/`);console.log(`    + ${G}/.env`);console.log(`    + ${G}/README.md`);console.log(`
+  DB config:`);console.log(`    mongo: ${K||"none"} | redis: ${W}`);console.log(`    auth: ${P} | sessions: ${v} | cache: ${T} | oauthState: ${F}`);console.log(`
+  Initializing git...`);var Bz=M("git",["init"],{cwd:U,stdio:"inherit"});if(Bz.status!==0)console.error("  git init failed \u2014 skipping.");console.log(`
+  Installing dependencies...`);var Gz=M("bun",["install"],{cwd:U,stdio:"inherit"});if(Gz.status!==0)console.error(`
   bun install failed. Run it manually inside the directory.`),process.exit(1);console.log(`
 Done! Next steps:
-`);console.log(`  cd ${A}`);console.log("  # fill in .env");console.log(`  bun dev
+`);console.log(`  cd ${G}`);console.log("  # fill in .env");console.log(`  bun dev
 `);

package/dist/index.js

@@ -1,2 +1,37 @@
-// @bun
-import{createApp as v}from"./app";import{createServer as B}from"./server";import{getAppRoles as D}from"./lib/appConfig";import{HttpError as G}from"./lib/HttpError";import{COOKIE_TOKEN as I,HEADER_USER_TOKEN as J}from"./lib/constants";import{createRouter as L}from"./lib/context";import{signToken as N,verifyToken as O}from"./lib/jwt";import{log as Q}from"./lib/logger";import{connectMongo as T,connectAuthMongo as W,connectAppMongo as X,disconnectMongo as Y,authConnection as Z,appConnection as _,mongoose as $}from"./lib/mongo";import{connectRedis as y,disconnectRedis as E,getRedis as R}from"./lib/redis";import{createQueue as V,createWorker as c}from"./lib/queue";import{createSession as g,getSession as q,deleteSession as b,setSessionStore as w}from"./lib/session";import{createVerificationToken as h,getVerificationToken as n,deleteVerificationToken as p}from"./lib/emailVerification";import{bustAuthLimit as o,trackAttempt as m,isLimited as l}from"./lib/authRateLimit";import{validate as a}from"./lib/validate";import{bearerAuth as s}from"./middleware/bearerAuth";import{botProtection as r}from"./middleware/botProtection";import{identify as jj}from"./middleware/identify";import{rateLimit as vj}from"./middleware/rateLimit";import{userAuth as Bj}from"./middleware/userAuth";import{requireRole as Dj}from"./middleware/requireRole";import{requireVerifiedEmail as Gj}from"./middleware/requireVerifiedEmail";import{cacheResponse as Ij,bustCache as Jj,bustCachePattern as Kj,setCacheStore as Lj}from"./middleware/cacheResponse";import{buildFingerprint as Nj}from"./lib/fingerprint";import{AuthUser as Pj}from"./models/AuthUser";import{mongoAuthAdapter as Sj}from"./adapters/mongoAuth";import{sqliteAuthAdapter as Wj,setSqliteDb as Xj,startSqliteCleanup as Yj}from"./adapters/sqliteAuth";import{memoryAuthAdapter as _j,clearMemoryStore as $j}from"./adapters/memoryAuth";import{setUserRoles as yj,addUserRole as Ej,removeUserRole as Rj}from"./lib/roles";import{websocket as Vj,createWsUpgradeHandler as cj}from"./ws/index";import{publish as gj,subscribe as qj,unsubscribe as bj,getSubscriptions as wj,handleRoomActions as Aj,getRooms as hj,getRoomSubscribers as nj}from"./lib/ws";export{Vj as websocket,O as verifyToken,a as validate,Bj as userAuth,bj as unsubscribe,m as trackAttempt,qj as subscribe,Yj as startSqliteCleanup,Wj as sqliteAuthAdapter,N as signToken,yj as setUserRoles,Xj as setSqliteDb,w as setSessionStore,Lj as setCacheStore,Gj as requireVerifiedEmail,Dj as requireRole,Rj as removeUserRole,vj as rateLimit,gj as publish,$ as mongoose,Sj as mongoAuthAdapter,_j as memoryAuthAdapter,Q as log,l as isLimited,jj as identify,Aj as handleRoomActions,n as getVerificationToken,wj as getSubscriptions,q as getSession,hj as getRooms,nj as getRoomSubscribers,R as getRedis,D as getAppRoles,E as disconnectRedis,Y as disconnectMongo,p as deleteVerificationToken,b as deleteSession,cj as createWsUpgradeHandler,c as createWorker,h as createVerificationToken,g as createSession,B as createServer,L as createRouter,V as createQueue,v as createApp,y as connectRedis,T as connectMongo,W as connectAuthMongo,X as connectAppMongo,$j as clearMemoryStore,Ij as cacheResponse,Kj as bustCachePattern,Jj as bustCache,o as bustAuthLimit,Nj as buildFingerprint,r as botProtection,s as bearerAuth,Z as authConnection,_ as appConnection,Ej as addUserRole,G as HttpError,J as HEADER_USER_TOKEN,I as COOKIE_TOKEN,Pj as AuthUser};
+// App factory
+export { createApp } from "./app";
+export { createServer } from "./server";
+// Lib utilities
+export { getAppRoles } from "./lib/appConfig";
+export { HttpError } from "./lib/HttpError";
+export { COOKIE_TOKEN, HEADER_USER_TOKEN } from "./lib/constants";
+export { createRouter } from "./lib/context";
+export { signToken, verifyToken } from "./lib/jwt";
+export { log } from "./lib/logger";
+export { connectMongo, connectAuthMongo, connectAppMongo, disconnectMongo, authConnection, appConnection, mongoose } from "./lib/mongo";
+export { connectRedis, disconnectRedis, getRedis } from "./lib/redis";
+export { createQueue, createWorker } from "./lib/queue";
+export { createSession, getSession, deleteSession, setSessionStore } from "./lib/session";
+export { createVerificationToken, getVerificationToken, deleteVerificationToken } from "./lib/emailVerification";
+export { bustAuthLimit, trackAttempt, isLimited } from "./lib/authRateLimit";
+export { validate } from "./lib/validate";
+// Middleware
+export { bearerAuth } from "./middleware/bearerAuth";
+export { botProtection } from "./middleware/botProtection";
+export { identify } from "./middleware/identify";
+export { rateLimit } from "./middleware/rateLimit";
+export { userAuth } from "./middleware/userAuth";
+export { requireRole } from "./middleware/requireRole";
+export { requireVerifiedEmail } from "./middleware/requireVerifiedEmail";
+export { cacheResponse, bustCache, bustCachePattern, setCacheStore } from "./middleware/cacheResponse";
+// Lib utilities (bot protection)
+export { buildFingerprint } from "./lib/fingerprint";
+// Models
+export { AuthUser } from "./models/AuthUser";
+export { mongoAuthAdapter } from "./adapters/mongoAuth";
+export { sqliteAuthAdapter, setSqliteDb, startSqliteCleanup } from "./adapters/sqliteAuth";
+export { memoryAuthAdapter, clearMemoryStore } from "./adapters/memoryAuth";
+export { setUserRoles, addUserRole, removeUserRole } from "./lib/roles";
+// WebSocket
+export { websocket, createWsUpgradeHandler } from "./ws/index";
+export { publish, subscribe, unsubscribe, getSubscriptions, handleRoomActions, getRooms, getRoomSubscribers } from "./lib/ws";

package/dist/lib/HttpError.js

@@ -0,0 +1,7 @@
+export class HttpError extends Error {
+    status;
+    constructor(status, message) {
+        super(message);
+        this.status = status;
+    }
+}

package/dist/lib/appConfig.js

@@ -0,0 +1,17 @@
+let appName = "Core API";
+let appRoles = [];
+let defaultRole = null;
+let _primaryField = "email";
+let _emailVerificationConfig = null;
+export const setAppName = (name) => { appName = name; };
+export const getAppName = () => appName;
+export const setAppRoles = (roles) => { appRoles = roles; };
+export const getAppRoles = () => appRoles;
+export const setDefaultRole = (role) => { defaultRole = role; };
+export const getDefaultRole = () => defaultRole;
+export const setPrimaryField = (field) => { _primaryField = field; };
+export const getPrimaryField = () => _primaryField;
+export const setEmailVerificationConfig = (config) => { _emailVerificationConfig = config; };
+export const getEmailVerificationConfig = () => _emailVerificationConfig;
+const DEFAULT_TOKEN_EXPIRY = 60 * 60 * 24; // 24 hours
+export const getTokenExpiry = () => _emailVerificationConfig?.tokenExpiry ?? DEFAULT_TOKEN_EXPIRY;

package/dist/lib/authAdapter.js

@@ -0,0 +1,7 @@
+let _adapter = null;
+export const setAuthAdapter = (adapter) => { _adapter = adapter; };
+export const getAuthAdapter = () => {
+    if (!_adapter)
+        throw new Error("No auth adapter set — pass authAdapter to createApp/createServer, or call setAuthAdapter()");
+    return _adapter;
+};

package/dist/lib/authRateLimit.js

@@ -0,0 +1,77 @@
+import { getAppName } from "./appConfig";
+// ---------------------------------------------------------------------------
+// Memory implementation
+// ---------------------------------------------------------------------------
+const _memoryStore = new Map();
+const memoryStore = {
+    async get(key) {
+        const entry = _memoryStore.get(key);
+        if (!entry)
+            return null;
+        if (entry.resetAt <= Date.now()) {
+            _memoryStore.delete(key);
+            return null;
+        }
+        return entry;
+    },
+    async set(key, entry) {
+        _memoryStore.set(key, entry);
+    },
+    async delete(key) {
+        _memoryStore.delete(key);
+    },
+};
+// ---------------------------------------------------------------------------
+// Redis implementation
+// ---------------------------------------------------------------------------
+const redisStore = {
+    async get(key) {
+        const { getRedis } = await import("./redis");
+        const raw = await getRedis().get(`rl:${getAppName()}:${key}`);
+        if (!raw)
+            return null;
+        const entry = JSON.parse(raw);
+        if (entry.resetAt <= Date.now())
+            return null;
+        return entry;
+    },
+    async set(key, entry, ttlMs) {
+        const { getRedis } = await import("./redis");
+        await getRedis().set(`rl:${getAppName()}:${key}`, JSON.stringify(entry), "PX", ttlMs);
+    },
+    async delete(key) {
+        const { getRedis } = await import("./redis");
+        await getRedis().del(`rl:${getAppName()}:${key}`);
+    },
+};
+// ---------------------------------------------------------------------------
+// Active store + setter
+// ---------------------------------------------------------------------------
+let _store = memoryStore;
+export const setAuthRateLimitStore = (store) => {
+    _store = store === "redis" ? redisStore : memoryStore;
+};
+/** Returns true if the key is currently over the limit (read-only, no increment). */
+export const isLimited = async (key, opts) => {
+    const entry = await _store.get(key);
+    if (!entry)
+        return false;
+    return entry.count >= opts.max;
+};
+/** Increments the counter and returns true if now over the limit. */
+export const trackAttempt = async (key, opts) => {
+    const now = Date.now();
+    const existing = await _store.get(key);
+    if (!existing) {
+        await _store.set(key, { count: 1, resetAt: now + opts.windowMs }, opts.windowMs);
+        return 1 >= opts.max;
+    }
+    const updated = { count: existing.count + 1, resetAt: existing.resetAt };
+    const remaining = Math.max(1, existing.resetAt - now);
+    await _store.set(key, updated, remaining);
+    return updated.count >= opts.max;
+};
+/** Resets a rate limit key. Use on login success or for admin unlock. */
+export const bustAuthLimit = async (key) => {
+    await _store.delete(key);
+};

package/dist/lib/constants.js

@@ -0,0 +1,2 @@
+export const COOKIE_TOKEN = "token";
+export const HEADER_USER_TOKEN = "x-user-token";

package/dist/lib/context.js

@@ -0,0 +1,8 @@
+import { OpenAPIHono } from "@hono/zod-openapi";
+const defaultHook = (result, c) => {
+    if (!result.success) {
+        const message = result.error.issues.map((i) => i.message).join(", ");
+        return c.json({ error: message }, 400);
+    }
+};
+export const createRouter = () => new OpenAPIHono({ defaultHook });

package/dist/lib/emailVerification.js

@@ -0,0 +1,77 @@
+import { getRedis } from "./redis";
+import { appConnection } from "./mongo";
+import { getAppName, getTokenExpiry } from "./appConfig";
+import { Schema } from "mongoose";
+import { sqliteCreateVerificationToken, sqliteGetVerificationToken, sqliteDeleteVerificationToken, } from "../adapters/sqliteAuth";
+import { memoryCreateVerificationToken, memoryGetVerificationToken, memoryDeleteVerificationToken, } from "../adapters/memoryAuth";
+const verificationSchema = new Schema({
+    token: { type: String, required: true, unique: true },
+    userId: { type: String, required: true },
+    email: { type: String, required: true },
+    expiresAt: { type: Date, required: true, index: { expireAfterSeconds: 0 } },
+}, { collection: "email_verifications" });
+function getVerificationModel() {
+    return appConnection.models["EmailVerification"] ??
+        appConnection.model("EmailVerification", verificationSchema);
+}
+let _store = "redis";
+export const setEmailVerificationStore = (store) => { _store = store; };
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+export const createVerificationToken = async (userId, email) => {
+    const token = crypto.randomUUID();
+    const ttl = getTokenExpiry();
+    if (_store === "memory") {
+        memoryCreateVerificationToken(token, userId, email, ttl);
+        return token;
+    }
+    if (_store === "sqlite") {
+        sqliteCreateVerificationToken(token, userId, email, ttl);
+        return token;
+    }
+    if (_store === "mongo") {
+        await getVerificationModel().create({
+            token,
+            userId,
+            email,
+            expiresAt: new Date(Date.now() + ttl * 1000),
+        });
+        return token;
+    }
+    await getRedis().set(`verify:${getAppName()}:${token}`, JSON.stringify({ userId, email }), "EX", ttl);
+    return token;
+};
+export const getVerificationToken = async (token) => {
+    if (_store === "memory")
+        return memoryGetVerificationToken(token);
+    if (_store === "sqlite")
+        return sqliteGetVerificationToken(token);
+    if (_store === "mongo") {
+        const doc = await getVerificationModel()
+            .findOne({ token, expiresAt: { $gt: new Date() } })
+            .lean();
+        if (!doc)
+            return null;
+        return { userId: doc.userId, email: doc.email };
+    }
+    const raw = await getRedis().get(`verify:${getAppName()}:${token}`);
+    if (!raw)
+        return null;
+    return JSON.parse(raw);
+};
+export const deleteVerificationToken = async (token) => {
+    if (_store === "memory") {
+        memoryDeleteVerificationToken(token);
+        return;
+    }
+    if (_store === "sqlite") {
+        sqliteDeleteVerificationToken(token);
+        return;
+    }
+    if (_store === "mongo") {
+        await getVerificationModel().deleteOne({ token });
+        return;
+    }
+    await getRedis().del(`verify:${getAppName()}:${token}`);
+};