@lilaquadrat/studio 10.0.0-beta.9 → 10.1.0

package/lib/src/helpers/authPlugin.js

@@ -0,0 +1,77 @@
+import { promisify } from 'node:util';
+import fp from 'fastify-plugin';
+import fastifyJwt from '@fastify/jwt';
+import jwksRsa from 'jwks-rsa';
+import respondCode from '../functions/respondCode.js';
+import auth0config from './auth0config.js';
+const authPlugin = async (fastify) => {
+    if (process.env.ENV !== 'dev') {
+        // Per-domain JWKS client cache to avoid re-creating clients on every request
+        const jwksClients = new Map();
+        const getJwksClient = (jwksUri) => {
+            if (!jwksClients.has(jwksUri)) {
+                jwksClients.set(jwksUri, jwksRsa({
+                    cache: true,
+                    cacheMaxEntries: 5,
+                    cacheMaxAge: 600000, // 10 minutes in ms
+                    rateLimit: true,
+                    jwksRequestsPerMinute: 10,
+                    jwksUri,
+                }));
+            }
+            return jwksClients.get(jwksUri);
+        };
+        // Production: Register JWT with JWKS
+        await fastify.register(fastifyJwt, {
+            decode: { complete: true },
+            secret: async (request, token) => {
+                const header = 'header' in token ? token.header : token;
+                const app = request.studioApp ?? 'editor-app';
+                const settings = await auth0config(app);
+                request.customApp = settings.custom;
+                const jwksUri = settings.url;
+                const client = getJwksClient(jwksUri);
+                const key = await promisify(client.getSigningKey.bind(client))(header.kid);
+                return key.getPublicKey();
+            },
+            verify: {
+                algorithms: ['RS256']
+            }
+        });
+        // Decorate with authenticate method for production
+        fastify.decorate('authenticate', async (request, reply) => {
+            try {
+                await request.jwtVerify();
+                request.auth = request.user;
+            }
+            catch (err) {
+                return respondCode("UNAUTHORIZED", reply);
+            }
+        });
+    }
+    else {
+        // Dev: Mock authentication
+        fastify.decorate('authenticate', async (request, reply) => {
+            request.auth = {
+                sub: process.env.DEV_USER,
+                given_name: 'Dev',
+                family_name: 'User',
+                nickname: 'devuser',
+                name: 'Dev User',
+                picture: '',
+                updated_at: new Date().toISOString(),
+                iss: 'dev',
+                aud: 'dev',
+                iat: Math.floor(Date.now() / 1000),
+                exp: Math.floor(Date.now() / 1000) + 3600,
+                at_hash: '',
+                nonce: '',
+                email_verified: true
+            };
+        });
+    }
+};
+export default fp(authPlugin, {
+    name: 'auth-plugin'
+});
+//# sourceMappingURL=authPlugin.js.map

package/lib/src/helpers/authPlugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authPlugin.js","sourceRoot":"","sources":["../../../src/helpers/authPlugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAChC,OAAO,UAA6B,MAAM,cAAc,CAAC;AACzD,OAAO,OAAO,MAAM,UAAU,CAAC;AAC/B,OAAO,WAAW,MAAM,6BAA6B,CAAC;AACtD,OAAO,WAAW,MAAM,kBAAkB,CAAC;AA+B3C,MAAM,UAAU,GAAuB,KAAK,EAAE,OAAwB,EAAE,EAAE;IAExE,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;QAE9B,6EAA6E;QAC7E,MAAM,WAAW,GAAG,IAAI,GAAG,EAA8B,CAAC;QAE1D,MAAM,aAAa,GAAG,CAAC,OAAe,EAAE,EAAE;YAExC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAE9B,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;oBAC/B,KAAK,EAAE,IAAI;oBACX,eAAe,EAAE,CAAC;oBAClB,WAAW,EAAE,MAAM,EAAE,mBAAmB;oBACxC,SAAS,EAAE,IAAI;oBACf,qBAAqB,EAAE,EAAE;oBACzB,OAAO;iBACR,CAAC,CAAC,CAAC;YAEN,CAAC;YAED,OAAO,WAAW,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC;QAEnC,CAAC,CAAC;QAEF,qCAAqC;QACrC,MAAM,OAAO,CAAC,QAAQ,CAAC,UAAU,EAAE;YACjC,MAAM,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE;YAC1B,MAAM,EAAE,KAAK,EAAE,OAAuB,EAAE,KAAoB,EAAmB,EAAE;gBAE/E,MAAM,MAAM,GAAG,QAAQ,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;gBACxD,MAAM,GAAG,GAAG,OAAO,CAAC,SAAS,IAAI,YAAY,CAAC;gBAC9C,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,CAAC;gBAExC,OAAO,CAAC,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC;gBAEpC,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC;gBAC7B,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;gBACtC,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAE3E,OAAO,GAAG,CAAC,YAAY,EAAE,CAAC;YAE5B,CAAC;YACD,MAAM,EAAE;gBACN,UAAU,EAAE,CAAC,OAAO,CAAC;aACtB;SACF,CAAC,CAAC;QAEH,mDAAmD;QACnD,OAAO,CAAC,QAAQ,CAAC,cAAc,EAAE,KAAK,EAAE,OAAuB,EAAE,KAAmB,EAAE,EAAE;YAEtF,IAAI,CAAC;gBAEH,MAAM,OAAO,CAAC,SAAS,EAAE,CAAC;gBAE1B,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;YAE9B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBAEb,OAAO,WAAW,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;YAE5C,CAAC;QAEH,CAAC,CAAC,CAAC;IAEL,CAAC;SAAM,CAAC;QAEN,2BAA2B;QAC3B,OAAO,CAAC,QAAQ,CAAC,cAAc,EAAE,KAAK,EAAE,OAAuB,EAAE,KAAmB,EAAE,EAAE;YAEtF,OAAO,CAAC,IAAI,GAAG;gBACb,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,QAAS;gBAC1B,UAAU,EAAE,KAAK;gBACjB,WAAW,EAAE,MAAM;gBACnB,QAAQ,EAAE,SAAS;gBACnB,IAAI,EAAE,UAAU;gBAChB,OAAO,EAAE,EAAE;gBACX,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACpC,GAAG,EAAE,KAAK;gBACV,GAAG,EAAE,KAAK;gBACV,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;gBAClC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI;gBACzC,OAAO,EAAE,EAAE;gBACX,KAAK,EAAE,EAAE;gBACT,cAAc,EAAE,IAAI;aACrB,CAAC;QAEJ,CAAC,CAAC,CAAC;IAEL,CAAC;AAEH,CAAC,CAAC;AAEF,eAAe,EAAE,CAAC,UAAU,EAAE;IAC5B,IAAI,EAAE,aAAa;CACpB,CAAC,CAAC"}

package/lib/src/helpers/cacheHelper.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Cache duration constants (in seconds)
+ */
+export declare const CacheDuration: {
+    /** 1 year - for immutable/versioned assets */
+    readonly IMMUTABLE: 31536000;
+    /** 1 month - for stable assets */
+    readonly LONG: 2592000;
+    /** 1 week - for semi-stable assets */
+    readonly MEDIUM: 604800;
+    /** 1 day - for frequently updated assets */
+    readonly SHORT: 86400;
+    /** 1 hour - for dynamic content */
+    readonly DYNAMIC: 3600;
+    /** No cache - for always fresh content */
+    readonly NONE: 0;
+};
+/**
+ * Cache helper class for managing HTTP cache headers and durations
+ *
+ * @example
+ * // Get cache duration
+ * const duration = CacheHelper.getCacheDuration('image/jpeg'); // 2592000
+ *
+ * @example
+ * // Build cache control header
+ * const header = CacheHelper.buildCacheControlHeader('image/jpeg');
+ * // "public, max-age=2592000, stale-while-revalidate=86400"
+ *
+ * @example
+ * // Get full config
+ * const config = CacheHelper.getCacheConfig('font/woff2');
+ * // { cache: 31536000, immutable: true }
+ */
+export default class CacheHelper {
+    /**
+     * Get cache configuration for a given mime type
+     *
+     * @param mimeType - The mime type to get configuration for
+     * @returns Cache configuration object
+     */
+    static getCacheConfig(mimeType: string): {
+        cache: number;
+        immutable?: boolean;
+        staleWhileRevalidate?: number;
+    };
+    /**
+     * Get cache duration in seconds for a given mime type
+     *
+     * @param mimeType - The mime type to get cache duration for
+     * @returns Cache duration in seconds
+     *
+     * @example
+     * const cacheTime = CacheHelper.getCacheDuration('image/jpeg'); // Returns 2592000 (1 month)
+     * const cacheTime = CacheHelper.getCacheDuration('text/html'); // Returns 0 (no cache)
+     */
+    static getCacheDuration(mimeType: string): number;
+    /**
+     * Build Cache-Control header value for a given mime type
+     *
+     * @param mimeType - The mime type to build header for
+     * @returns Cache-Control header value
+     *
+     * @example
+     * const header = CacheHelper.buildCacheControlHeader('image/jpeg');
+     * // Returns: "public, max-age=2592000, stale-while-revalidate=86400"
+     */
+    static buildCacheControlHeader(mimeType: string): string;
+}

package/lib/src/helpers/cacheHelper.js

@@ -0,0 +1,235 @@
+/**
+ * Cache duration constants (in seconds)
+ */
+export const CacheDuration = {
+    /** 1 year - for immutable/versioned assets */
+    IMMUTABLE: 31536000,
+    /** 1 month - for stable assets */
+    LONG: 2592000,
+    /** 1 week - for semi-stable assets */
+    MEDIUM: 604800,
+    /** 1 day - for frequently updated assets */
+    SHORT: 86400,
+    /** 1 hour - for dynamic content */
+    DYNAMIC: 3600,
+    /** No cache - for always fresh content */
+    NONE: 0,
+};
+/**
+ * Mime type cache configuration
+ * Maps mime types to cache duration and other headers
+ */
+const MimeCacheConfig = {
+    // HTML - no cache (always fetch fresh)
+    'text/html': {
+        cache: CacheDuration.NONE,
+    },
+    // JSON/API responses - no cache
+    'application/json': {
+        cache: CacheDuration.NONE,
+    },
+    // Images - long cache (1 month)
+    'image/jpeg': {
+        cache: CacheDuration.LONG,
+        staleWhileRevalidate: CacheDuration.SHORT,
+    },
+    'image/jpg': {
+        cache: CacheDuration.LONG,
+        staleWhileRevalidate: CacheDuration.SHORT,
+    },
+    'image/png': {
+        cache: CacheDuration.LONG,
+        staleWhileRevalidate: CacheDuration.SHORT,
+    },
+    'image/gif': {
+        cache: CacheDuration.LONG,
+        staleWhileRevalidate: CacheDuration.SHORT,
+    },
+    'image/webp': {
+        cache: CacheDuration.LONG,
+        staleWhileRevalidate: CacheDuration.SHORT,
+    },
+    'image/avif': {
+        cache: CacheDuration.LONG,
+        staleWhileRevalidate: CacheDuration.SHORT,
+    },
+    'image/svg+xml': {
+        cache: CacheDuration.LONG,
+        staleWhileRevalidate: CacheDuration.SHORT,
+    },
+    // Videos - long cache
+    'video/mp4': {
+        cache: CacheDuration.LONG,
+    },
+    'video/webm': {
+        cache: CacheDuration.LONG,
+    },
+    'video/ogg': {
+        cache: CacheDuration.LONG,
+    },
+    // Audio - long cache
+    'audio/mpeg': {
+        cache: CacheDuration.LONG,
+    },
+    'audio/mp3': {
+        cache: CacheDuration.LONG,
+    },
+    'audio/wav': {
+        cache: CacheDuration.LONG,
+    },
+    'audio/ogg': {
+        cache: CacheDuration.LONG,
+    },
+    // Fonts - immutable (1 year)
+    'font/woff': {
+        cache: CacheDuration.IMMUTABLE,
+        immutable: true,
+    },
+    'font/woff2': {
+        cache: CacheDuration.IMMUTABLE,
+        immutable: true,
+    },
+    'font/ttf': {
+        cache: CacheDuration.IMMUTABLE,
+        immutable: true,
+    },
+    'font/otf': {
+        cache: CacheDuration.IMMUTABLE,
+        immutable: true,
+    },
+    'application/font-woff': {
+        cache: CacheDuration.IMMUTABLE,
+        immutable: true,
+    },
+    'application/font-woff2': {
+        cache: CacheDuration.IMMUTABLE,
+        immutable: true,
+    },
+    // CSS/JS - long cache with stale-while-revalidate
+    'text/css': {
+        cache: CacheDuration.LONG,
+        staleWhileRevalidate: CacheDuration.SHORT,
+    },
+    'application/javascript': {
+        cache: CacheDuration.LONG,
+        staleWhileRevalidate: CacheDuration.SHORT,
+    },
+    'text/javascript': {
+        cache: CacheDuration.LONG,
+        staleWhileRevalidate: CacheDuration.SHORT,
+    },
+    // Documents - medium cache
+    'application/pdf': {
+        cache: CacheDuration.MEDIUM,
+    },
+    'application/msword': {
+        cache: CacheDuration.MEDIUM,
+    },
+    'application/vnd.openxmlformats-officedocument.wordprocessingml.document': {
+        cache: CacheDuration.MEDIUM,
+    },
+    'application/vnd.ms-excel': {
+        cache: CacheDuration.MEDIUM,
+    },
+    'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet': {
+        cache: CacheDuration.MEDIUM,
+    },
+    // Archives - long cache
+    'application/zip': {
+        cache: CacheDuration.LONG,
+    },
+    'application/x-rar-compressed': {
+        cache: CacheDuration.LONG,
+    },
+    'application/x-7z-compressed': {
+        cache: CacheDuration.LONG,
+    },
+    // Text files - short cache
+    'text/plain': {
+        cache: CacheDuration.SHORT,
+    },
+    'text/csv': {
+        cache: CacheDuration.SHORT,
+    },
+    // XML - no cache (often dynamic)
+    'application/xml': {
+        cache: CacheDuration.NONE,
+    },
+    'text/xml': {
+        cache: CacheDuration.NONE,
+    },
+    // Default fallback - 1 year cache for everything else
+    '*': {
+        cache: CacheDuration.IMMUTABLE,
+    },
+};
+/**
+ * Cache helper class for managing HTTP cache headers and durations
+ *
+ * @example
+ * // Get cache duration
+ * const duration = CacheHelper.getCacheDuration('image/jpeg'); // 2592000
+ *
+ * @example
+ * // Build cache control header
+ * const header = CacheHelper.buildCacheControlHeader('image/jpeg');
+ * // "public, max-age=2592000, stale-while-revalidate=86400"
+ *
+ * @example
+ * // Get full config
+ * const config = CacheHelper.getCacheConfig('font/woff2');
+ * // { cache: 31536000, immutable: true }
+ */
+export default class CacheHelper {
+    /**
+     * Get cache configuration for a given mime type
+     *
+     * @param mimeType - The mime type to get configuration for
+     * @returns Cache configuration object
+     */
+    static getCacheConfig(mimeType) {
+        return MimeCacheConfig[mimeType] || MimeCacheConfig['*'];
+    }
+    /**
+     * Get cache duration in seconds for a given mime type
+     *
+     * @param mimeType - The mime type to get cache duration for
+     * @returns Cache duration in seconds
+     *
+     * @example
+     * const cacheTime = CacheHelper.getCacheDuration('image/jpeg'); // Returns 2592000 (1 month)
+     * const cacheTime = CacheHelper.getCacheDuration('text/html'); // Returns 0 (no cache)
+     */
+    static getCacheDuration(mimeType) {
+        const config = this.getCacheConfig(mimeType);
+        return config.cache;
+    }
+    /**
+     * Build Cache-Control header value for a given mime type
+     *
+     * @param mimeType - The mime type to build header for
+     * @returns Cache-Control header value
+     *
+     * @example
+     * const header = CacheHelper.buildCacheControlHeader('image/jpeg');
+     * // Returns: "public, max-age=2592000, stale-while-revalidate=86400"
+     */
+    static buildCacheControlHeader(mimeType) {
+        const config = this.getCacheConfig(mimeType);
+        const parts = [];
+        if (config.cache === 0) {
+            parts.push('no-cache', 'no-store', 'must-revalidate');
+        }
+        else {
+            parts.push('public', `max-age=${config.cache}`);
+            if (config.immutable) {
+                parts.push('immutable');
+            }
+            if (config.staleWhileRevalidate) {
+                parts.push(`stale-while-revalidate=${config.staleWhileRevalidate}`);
+            }
+        }
+        return parts.join(', ');
+    }
+}
+//# sourceMappingURL=cacheHelper.js.map

package/lib/src/helpers/cacheHelper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cacheHelper.js","sourceRoot":"","sources":["../../../src/helpers/cacheHelper.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,8CAA8C;IAC9C,SAAS,EAAE,QAAQ;IACnB,kCAAkC;IAClC,IAAI,EAAE,OAAO;IACb,sCAAsC;IACtC,MAAM,EAAE,MAAM;IACd,4CAA4C;IAC5C,KAAK,EAAE,KAAK;IACZ,mCAAmC;IACnC,OAAO,EAAE,IAAI;IACb,0CAA0C;IAC1C,IAAI,EAAE,CAAC;CACC,CAAC;AAEX;;;GAGG;AACH,MAAM,eAAe,GAIhB;IACH,uCAAuC;IACvC,WAAW,EAAE;QACX,KAAK,EAAE,aAAa,CAAC,IAAI;KAC1B;IAED,gCAAgC;IAChC,kBAAkB,EAAE;QAClB,KAAK,EAAE,aAAa,CAAC,IAAI;KAC1B;IAED,gCAAgC;IAChC,YAAY,EAAE;QACZ,KAAK,EAAE,aAAa,CAAC,IAAI;QACzB,oBAAoB,EAAE,aAAa,CAAC,KAAK;KAC1C;IACD,WAAW,EAAE;QACX,KAAK,EAAE,aAAa,CAAC,IAAI;QACzB,oBAAoB,EAAE,aAAa,CAAC,KAAK;KAC1C;IACD,WAAW,EAAE;QACX,KAAK,EAAE,aAAa,CAAC,IAAI;QACzB,oBAAoB,EAAE,aAAa,CAAC,KAAK;KAC1C;IACD,WAAW,EAAE;QACX,KAAK,EAAE,aAAa,CAAC,IAAI;QACzB,oBAAoB,EAAE,aAAa,CAAC,KAAK;KAC1C;IACD,YAAY,EAAE;QACZ,KAAK,EAAE,aAAa,CAAC,IAAI;QACzB,oBAAoB,EAAE,aAAa,CAAC,KAAK;KAC1C;IACD,YAAY,EAAE;QACZ,KAAK,EAAE,aAAa,CAAC,IAAI;QACzB,oBAAoB,EAAE,aAAa,CAAC,KAAK;KAC1C;IACD,eAAe,EAAE;QACf,KAAK,EAAE,aAAa,CAAC,IAAI;QACzB,oBAAoB,EAAE,aAAa,CAAC,KAAK;KAC1C;IAED,sBAAsB;IACtB,WAAW,EAAE;QACX,KAAK,EAAE,aAAa,CAAC,IAAI;KAC1B;IACD,YAAY,EAAE;QACZ,KAAK,EAAE,aAAa,CAAC,IAAI;KAC1B;IACD,WAAW,EAAE;QACX,KAAK,EAAE,aAAa,CAAC,IAAI;KAC1B;IAED,qBAAqB;IACrB,YAAY,EAAE;QACZ,KAAK,EAAE,aAAa,CAAC,IAAI;KAC1B;IACD,WAAW,EAAE;QACX,KAAK,EAAE,aAAa,CAAC,IAAI;KAC1B;IACD,WAAW,EAAE;QACX,KAAK,EAAE,aAAa,CAAC,IAAI;KAC1B;IACD,WAAW,EAAE;QACX,KAAK,EAAE,aAAa,CAAC,IAAI;KAC1B;IAED,6BAA6B;IAC7B,WAAW,EAAE;QACX,KAAK,EAAE,aAAa,CAAC,SAAS;QAC9B,SAAS,EAAE,IAAI;KAChB;IACD,YAAY,EAAE;QACZ,KAAK,EAAE,aAAa,CAAC,SAAS;QAC9B,SAAS,EAAE,IAAI;KAChB;IACD,UAAU,EAAE;QACV,KAAK,EAAE,aAAa,CAAC,SAAS;QAC9B,SAAS,EAAE,IAAI;KAChB;IACD,UAAU,EAAE;QACV,KAAK,EAAE,aAAa,CAAC,SAAS;QAC9B,SAAS,EAAE,IAAI;KAChB;IACD,uBAAuB,EAAE;QACvB,KAAK,EAAE,aAAa,CAAC,SAAS;QAC9B,SAAS,EAAE,IAAI;KAChB;IACD,wBAAwB,EAAE;QACxB,KAAK,EAAE,aAAa,CAAC,SAAS;QAC9B,SAAS,EAAE,IAAI;KAChB;IAED,kDAAkD;IAClD,UAAU,EAAE;QACV,KAAK,EAAE,aAAa,CAAC,IAAI;QACzB,oBAAoB,EAAE,aAAa,CAAC,KAAK;KAC1C;IACD,wBAAwB,EAAE;QACxB,KAAK,EAAE,aAAa,CAAC,IAAI;QACzB,oBAAoB,EAAE,aAAa,CAAC,KAAK;KAC1C;IACD,iBAAiB,EAAE;QACjB,KAAK,EAAE,aAAa,CAAC,IAAI;QACzB,oBAAoB,EAAE,aAAa,CAAC,KAAK;KAC1C;IAED,2BAA2B;IAC3B,iBAAiB,EAAE;QACjB,KAAK,EAAE,aAAa,CAAC,MAAM;KAC5B;IACD,oBAAoB,EAAE;QACpB,KAAK,EAAE,aAAa,CAAC,MAAM;KAC5B;IACD,yEAAyE,EAAE;QACzE,KAAK,EAAE,aAAa,CAAC,MAAM;KAC5B;IACD,0BAA0B,EAAE;QAC1B,KAAK,EAAE,aAAa,CAAC,MAAM;KAC5B;IACD,mEAAmE,EAAE;QACnE,KAAK,EAAE,aAAa,CAAC,MAAM;KAC5B;IAED,wBAAwB;IACxB,iBAAiB,EAAE;QACjB,KAAK,EAAE,aAAa,CAAC,IAAI;KAC1B;IACD,8BAA8B,EAAE;QAC9B,KAAK,EAAE,aAAa,CAAC,IAAI;KAC1B;IACD,6BAA6B,EAAE;QAC7B,KAAK,EAAE,aAAa,CAAC,IAAI;KAC1B;IAED,2BAA2B;IAC3B,YAAY,EAAE;QACZ,KAAK,EAAE,aAAa,CAAC,KAAK;KAC3B;IACD,UAAU,EAAE;QACV,KAAK,EAAE,aAAa,CAAC,KAAK;KAC3B;IAED,iCAAiC;IACjC,iBAAiB,EAAE;QACjB,KAAK,EAAE,aAAa,CAAC,IAAI;KAC1B;IACD,UAAU,EAAE;QACV,KAAK,EAAE,aAAa,CAAC,IAAI;KAC1B;IAED,sDAAsD;IACtD,GAAG,EAAE;QACH,KAAK,EAAE,aAAa,CAAC,SAAS;KAC/B;CACF,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,OAAO,OAAO,WAAW;IAE9B;;;;;OAKG;IACH,MAAM,CAAC,cAAc,CAAC,QAAgB;QAEpC,OAAO,eAAe,CAAC,QAAQ,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;IAE3D,CAAC;IAED;;;;;;;;;OASG;IACH,MAAM,CAAC,gBAAgB,CAAC,QAAgB;QAEtC,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC7C,OAAO,MAAM,CAAC,KAAK,CAAC;IAEtB,CAAC;IAED;;;;;;;;;OASG;IACH,MAAM,CAAC,uBAAuB,CAAC,QAAgB;QAE7C,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC7C,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,IAAI,MAAM,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC;YAEvB,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,EAAE,iBAAiB,CAAC,CAAC;QAExD,CAAC;aAAM,CAAC;YAEN,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;YAEhD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBAErB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAE1B,CAAC;YAED,IAAI,MAAM,CAAC,oBAAoB,EAAE,CAAC;gBAEhC,KAAK,CAAC,IAAI,CAAC,0BAA0B,MAAM,CAAC,oBAAoB,EAAE,CAAC,CAAC;YAEtE,CAAC;QAEH,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE1B,CAAC;CAEF"}

package/lib/src/helpers/createSasToken.d.ts

@@ -1,2 +0,0 @@
-import { ShareClientOptions } from '@lilaquadrat/interfaces';
-export default function generateSasToken(accountName: string, containerName: string, blobName: string, expiresInHours: number, options: ShareClientOptions): Promise<string>;

package/lib/src/helpers/createSasToken.js

@@ -1,33 +1,36 @@
-import { DefaultAzureCredential } from '@azure/identity';
-import { BlobServiceClient, generateBlobSASQueryParameters, BlobSASPermissions } from '@azure/storage-blob';
-export default async function generateSasToken(accountName, containerName, blobName, expiresInHours, options) {
-    let serviceClient;
-    if (options.accountName) {
-        console.log('storage.blob.use.storage_account');
-        const credentials = new DefaultAzureCredential();
-        serviceClient = new BlobServiceClient(`https://${options.accountName}.blob.core.windows.net`, credentials);
-    }
-    else if (options.connectionString) {
-        console.log('storage.blob.use.connection_string');
-        serviceClient = new BlobServiceClient(options.connectionString);
-    }
-    if (!serviceClient)
-        throw new Error('BLOB_CREDENTIALS_MISSING');
-    // Get user delegation key
-    const delegationKey = await serviceClient.getUserDelegationKey(new Date(), new Date(Date.now() + expiresInHours * 3600 * 1000));
-    // Define SAS permissions (Read-only)
-    const permissions = BlobSASPermissions.parse('r'); // Read-only access
-    const isFolder = !blobName.includes('.');
-    // Generate SAS token
-    const sasToken = generateBlobSASQueryParameters({
-        containerName,
-        blobName: isFolder ? undefined : blobName,
-        permissions,
-        startsOn: new Date(),
-        expiresOn: new Date(Date.now() + expiresInHours * 3600 * 1000), // Expire in specified hours
-    }, delegationKey, accountName).toString();
-    return sasToken;
-}
-// Usage example:
-// generateSasToken('yourStorageAccountName', 'yourContainerName', undefined, 2).then(console.log);
+// import { DefaultAzureCredential } from '@azure/identity';
+// import { BlobServiceClient, generateBlobSASQueryParameters, BlobSASPermissions } from '@azure/storage-blob';
+// import { ShareClientOptions } from '@lilaquadrat/interfaces';
+// export default async function generateSasToken(accountName: string, containerName: string, blobName: string, expiresInHours: number, options: ShareClientOptions) {
+//   let serviceClient: BlobServiceClient | undefined;
+//   if (options.accountName) {
+//     console.log('storage.blob.use.storage_account');
+//     const credentials = new DefaultAzureCredential();
+//     serviceClient = new BlobServiceClient(`https://${options.accountName}.blob.core.windows.net`, credentials);
+//   } else if (options.connectionString) {
+//     console.log('storage.blob.use.connection_string');
+//     serviceClient = new BlobServiceClient(options.connectionString);
+//   }
+//   if (!serviceClient) throw new Error('BLOB_CREDENTIALS_MISSING');
+//   // Get user delegation key
+//   const delegationKey = await serviceClient.getUserDelegationKey(new Date(), new Date(Date.now() + expiresInHours * 3600 * 1000));
+//   // Define SAS permissions (Read-only)
+//   const permissions = BlobSASPermissions.parse('r'); // Read-only access
+//   const isFolder = !blobName.includes('.');
+//   // Generate SAS token
+//   const sasToken = generateBlobSASQueryParameters(
+//     {
+//       containerName,
+//       blobName: isFolder ? undefined : blobName,
+//       permissions,
+//       startsOn: new Date(),
+//       expiresOn: new Date(Date.now() + expiresInHours * 3600 * 1000), // Expire in specified hours
+//     },
+//     delegationKey,
+//     accountName,
+//   ).toString();
+//   return sasToken;
+// }
+// // Usage example:
+// // generateSasToken('yourStorageAccountName', 'yourContainerName', undefined, 2).then(console.log);
 //# sourceMappingURL=createSasToken.js.map

package/lib/src/helpers/createSasToken.js.map

@@ -1 +1 @@
-{"version":3,"file":"createSasToken.js","sourceRoot":"","sources":["../../../src/helpers/createSasToken.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,iBAAiB,EAAE,8BAA8B,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAG5G,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU,gBAAgB,CAAC,WAAmB,EAAE,aAAqB,EAAE,QAAgB,EAAE,cAAsB,EAAE,OAA2B;IAE9J,IAAI,aAA4C,CAAC;IAEjD,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAExB,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;QAEhD,MAAM,WAAW,GAAG,IAAI,sBAAsB,EAAE,CAAC;QACjD,aAAa,GAAG,IAAI,iBAAiB,CAAC,WAAW,OAAO,CAAC,WAAW,wBAAwB,EAAE,WAAW,CAAC,CAAC;IAE7G,CAAC;SAAM,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;QAClD,aAAa,GAAG,IAAI,iBAAiB,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAElE,CAAC;IAED,IAAI,CAAC,aAAa;QAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAEhE,0BAA0B;IAC1B,MAAM,aAAa,GAAG,MAAM,aAAa,CAAC,oBAAoB,CAAC,IAAI,IAAI,EAAE,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC;IAEhI,qCAAqC;IACrC,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,mBAAmB;IAEtE,MAAM,QAAQ,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACzC,qBAAqB;IACrB,MAAM,QAAQ,GAAG,8BAA8B,CAC7C;QACE,aAAa;QACb,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ;QACzC,WAAW;QACX,QAAQ,EAAE,IAAI,IAAI,EAAE;QACpB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc,GAAG,IAAI,GAAG,IAAI,CAAC,EAAE,4BAA4B;KAC7F,EACD,aAAa,EACb,WAAW,CACZ,CAAC,QAAQ,EAAE,CAAC;IAEb,OAAO,QAAQ,CAAC;AAElB,CAAC;AAED,iBAAiB;AACjB,mGAAmG"}
+{"version":3,"file":"createSasToken.js","sourceRoot":"","sources":["../../../src/helpers/createSasToken.ts"],"names":[],"mappings":"AAAA,4DAA4D;AAC5D,+GAA+G;AAC/G,gEAAgE;AAEhE,sKAAsK;AAEtK,sDAAsD;AAEtD,+BAA+B;AAE/B,uDAAuD;AAEvD,wDAAwD;AACxD,kHAAkH;AAElH,2CAA2C;AAE3C,yDAAyD;AACzD,uEAAuE;AAEvE,MAAM;AAEN,qEAAqE;AAErE,+BAA+B;AAC/B,qIAAqI;AAErI,0CAA0C;AAC1C,2EAA2E;AAE3E,8CAA8C;AAC9C,0BAA0B;AAC1B,qDAAqD;AACrD,QAAQ;AACR,uBAAuB;AACvB,mDAAmD;AACnD,qBAAqB;AACrB,8BAA8B;AAC9B,qGAAqG;AACrG,SAAS;AACT,qBAAqB;AACrB,mBAAmB;AACnB,kBAAkB;AAElB,qBAAqB;AAErB,IAAI;AAEJ,oBAAoB;AACpB,sGAAsG"}

package/lib/src/helpers/getSecrets.d.ts

@@ -1,4 +1,4 @@
 declare const _default: (name: string, vaultUrl: string, options?: {
     base64: true;
-}) => Promise<string>;
+}) => Promise<void>;
 export default _default;

package/lib/src/helpers/getSecrets.js

@@ -1,15 +1,13 @@
-import { DefaultAzureCredential } from '@azure/identity';
-import AzureVault from '../AzureVault.js';
+// import { DefaultAzureCredential } from '@azure/identity';
+// import AzureVault from '../AzureVault.js';
 export default async (name, vaultUrl, options) => {
-    const credentials = new DefaultAzureCredential();
-    const secret = await AzureVault.secrets.get(name, vaultUrl, credentials);
-    if (!secret.value)
-        return '';
-    if (options?.base64) {
-        return Buffer.from(secret.value, 'base64').toString('ascii');
-    }
-    else {
-        return secret.value;
-    }
+    // const credentials = new DefaultAzureCredential();
+    // const secret = await AzureVault.secrets.get(name, vaultUrl, credentials);
+    // if (!secret.value) return '';
+    // if (options?.base64) {
+    //   return Buffer.from(secret.value, 'base64').toString('ascii');
+    // } else {
+    //   return secret.value;
+    // }
 };
 //# sourceMappingURL=getSecrets.js.map

package/lib/src/helpers/getSecrets.js.map

@@ -1 +1 @@
-{"version":3,"file":"getSecrets.js","sourceRoot":"","sources":["../../../src/helpers/getSecrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,UAAU,MAAM,kBAAkB,CAAC;AAE1C,eAAe,KAAK,EAAE,IAAY,EAAE,QAAgB,EAAE,OAA0B,EAAE,EAAE;IAElF,MAAM,WAAW,GAAG,IAAI,sBAAsB,EAAE,CAAC;IAEjD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;IACzE,IAAI,CAAC,MAAM,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IAE7B,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;QAEpB,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAE/D,CAAC;SAAM,CAAC;QAEN,OAAO,MAAM,CAAC,KAAK,CAAC;IAEtB,CAAC;AAEH,CAAC,CAAC"}
+{"version":3,"file":"getSecrets.js","sourceRoot":"","sources":["../../../src/helpers/getSecrets.ts"],"names":[],"mappings":"AAAA,4DAA4D;AAC5D,6CAA6C;AAE7C,eAAe,KAAK,EAAE,IAAY,EAAE,QAAgB,EAAE,OAA0B,EAAE,EAAE;IAElF,oDAAoD;IAEpD,4EAA4E;IAC5E,gCAAgC;IAEhC,yBAAyB;IAEzB,kEAAkE;IAElE,WAAW;IAEX,yBAAyB;IAEzB,IAAI;AAEN,CAAC,CAAC"}

package/lib/src/helpers/limiterPlugin.d.ts

@@ -0,0 +1,9 @@
+import { FastifyPluginAsync } from 'fastify';
+import { type LimiterTier, type LimiterPluginOptions } from '@lilaquadrat/interfaces';
+declare module 'fastify' {
+    interface FastifyContextConfig {
+        rateLimit?: LimiterTier | false;
+    }
+}
+declare const _default: FastifyPluginAsync<LimiterPluginOptions>;
+export default _default;

package/lib/src/helpers/limiterPlugin.js

@@ -0,0 +1,72 @@
+import fp from 'fastify-plugin';
+import AccessService from '../services/access.service.js';
+const limiterPlugin = async (fastify, opts) => {
+    const ignore = new Set(opts.ignoreRoutes ?? ['/health', '/']);
+    const skipOnError = opts.skipOnError ?? true;
+    const overrides = (opts.overrides ?? [])
+        .slice()
+        .sort((a, b) => b.prefix.length - a.prefix.length);
+    const resolveTier = (request) => {
+        const routeCfg = request.routeOptions?.config?.rateLimit;
+        if (routeCfg === false)
+            return { tier: {}, kind: 'user' };
+        if (routeCfg)
+            return { tier: routeCfg, kind: request.url.startsWith('/public/') ? 'public' : 'user' };
+        const url = request.url;
+        for (const o of overrides) {
+            if (url.startsWith(o.prefix)) {
+                const kind = o.prefix.startsWith('/public/') ? 'public' : o.prefix.startsWith('/members/') ? 'members' : 'user';
+                return { tier: o.tier, kind };
+            }
+        }
+        if (url.startsWith('/public/'))
+            return { tier: opts.tiers.public, kind: 'public' };
+        if (url.startsWith('/members/'))
+            return { tier: opts.tiers.members, kind: 'members' };
+        return { tier: opts.tiers.user, kind: 'user' };
+    };
+    const resolveKey = (request, kind) => {
+        if (kind === 'public')
+            return `${opts.namespace}:ip:${request.ip}`;
+        const sub = request.auth?.sub;
+        if (sub)
+            return `${opts.namespace}:user:${sub}`;
+        return `${opts.namespace}:ip:${request.ip}`;
+    };
+    fastify.addHook('preHandler', async (request, reply) => {
+        if (ignore.has(request.url))
+            return;
+        const { tier, kind } = resolveTier(request);
+        if (!tier.minute && !tier.hour)
+            return;
+        const key = resolveKey(request, kind);
+        try {
+            const breach = await AccessService.hit(key, tier);
+            if (!breach)
+                return;
+            // Headers we can set reliably:
+            //   Retry-After       — RFC 9110, seconds until window reset
+            //   RateLimit-Limit   — IETF draft, configured limit (always exact)
+            //   RateLimit-Reset   — IETF draft, seconds until window reset
+            //   RateLimit-Policy  — IETF draft, describes the policy window
+            // We intentionally OMIT RateLimit-Remaining because the LRU cache
+            // makes the live count unreliable for reporting (correct for limit
+            // enforcement, lagging for display).
+            const policyWindow = breach.interval === 'minute' ? 60 : 3600;
+            reply
+                .header('Retry-After', breach.retryAfter)
+                .header('RateLimit-Limit', breach.limit)
+                .header('RateLimit-Reset', breach.retryAfter)
+                .header('RateLimit-Policy', `${breach.limit};w=${policyWindow}`)
+                .code(429)
+                .send({ error: 'rate_limited', interval: breach.interval });
+        }
+        catch (err) {
+            if (!skipOnError)
+                throw err;
+            request.requestLog?.warn?.('limiter.failed', { err });
+        }
+    });
+};
+export default fp(limiterPlugin, { name: 'studio-limiter-plugin' });
+//# sourceMappingURL=limiterPlugin.js.map

package/lib/src/helpers/limiterPlugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"limiterPlugin.js","sourceRoot":"","sources":["../../../src/helpers/limiterPlugin.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAEhC,OAAO,aAAa,MAAM,+BAA+B,CAAC;AAQ1D,MAAM,aAAa,GAA6C,KAAK,EACnE,OAAwB,EACxB,IAAI,EACJ,EAAE;IAEF,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC;IAC9D,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC;IAC7C,MAAM,SAAS,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC;SACrC,KAAK,EAAE;SACP,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAErD,MAAM,WAAW,GAAG,CAAC,OAAuB,EAA8D,EAAE;QAE1G,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,EAAE,MAAM,EAAE,SAAS,CAAC;QACzD,IAAI,QAAQ,KAAK,KAAK;YAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC1D,IAAI,QAAQ;YAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAEtG,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACxB,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;YAE1B,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;gBAE7B,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC;gBAChH,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;YAEhC,CAAC;QAEH,CAAC;QAED,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QACnF,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC;YAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QACtF,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAEjD,CAAC,CAAC;IAEF,MAAM,UAAU,GAAG,CAAC,OAAuB,EAAE,IAAmC,EAAU,EAAE;QAE1F,IAAI,IAAI,KAAK,QAAQ;YAAE,OAAO,GAAG,IAAI,CAAC,SAAS,OAAO,OAAO,CAAC,EAAE,EAAE,CAAC;QACnE,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;QAC9B,IAAI,GAAG;YAAE,OAAO,GAAG,IAAI,CAAC,SAAS,SAAS,GAAG,EAAE,CAAC;QAChD,OAAO,GAAG,IAAI,CAAC,SAAS,OAAO,OAAO,CAAC,EAAE,EAAE,CAAC;IAE9C,CAAC,CAAC;IAEF,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAErD,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;YAAE,OAAO;QAEpC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI;YAAE,OAAO;QAEvC,MAAM,GAAG,GAAG,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAEtC,IAAI,CAAC;YAEH,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAClD,IAAI,CAAC,MAAM;gBAAE,OAAO;YAEpB,+BAA+B;YAC/B,6DAA6D;YAC7D,oEAAoE;YACpE,+DAA+D;YAC/D,gEAAgE;YAChE,kEAAkE;YAClE,mEAAmE;YACnE,qCAAqC;YACrC,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YAC9D,KAAK;iBACF,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,UAAU,CAAC;iBACxC,MAAM,CAAC,iBAAiB,EAAE,MAAM,CAAC,KAAK,CAAC;iBACvC,MAAM,CAAC,iBAAiB,EAAE,MAAM,CAAC,UAAU,CAAC;iBAC5C,MAAM,CAAC,kBAAkB,EAAE,GAAG,MAAM,CAAC,KAAK,MAAM,YAAY,EAAE,CAAC;iBAC/D,IAAI,CAAC,GAAG,CAAC;iBACT,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAEhE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YAEb,IAAI,CAAC,WAAW;gBAAE,MAAM,GAAG,CAAC;YAC5B,OAAO,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,gBAAgB,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAExD,CAAC;IAEH,CAAC,CAAC,CAAC;AAEL,CAAC,CAAC;AAEF,eAAe,EAAE,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC,CAAC"}

package/lib/src/helpers/loggingPlugin.d.ts

@@ -0,0 +1,30 @@
+import { FastifyPluginAsync, FastifyRequest } from 'fastify';
+import type { Logger } from 'winston';
+declare module 'fastify' {
+    interface FastifyRequest {
+        requestId: string;
+        requestLog: Logger;
+        requestStartTime: bigint;
+    }
+}
+export interface LoggingPluginOptions {
+    /** Routes to skip access logging entirely. Default: ['/health', '/']. */
+    ignoreRoutes?: string[];
+    /**
+     * Context available at request boundary (headers, url). Runs in onRequest,
+     * before auth has populated request.auth / studioApp.
+     */
+    earlyContextExtractor?: (request: FastifyRequest) => Record<string, unknown>;
+    /**
+     * Context available after auth + plugin hooks (request.auth, request.studioApp,
+     * request.customApp). Runs in preHandler — replaces child logger with enriched
+     * version. Used for tenant/user fields.
+     */
+    contextExtractor?: (request: FastifyRequest) => Record<string, unknown>;
+    /** Header used for request id propagation. Default: 'x-request-id'. */
+    requestIdHeader?: string;
+    /** Install setErrorHandler. Default: true. Disable if app installs its own. */
+    installErrorHandler?: boolean;
+}
+declare const _default: FastifyPluginAsync<LoggingPluginOptions>;
+export default _default;