@longzai-intelligence-auth/elysia 0.0.3 → 0.0.5

package/dist/index.js

@@ -1,15 +1 @@
-// @bun
-export {
-  mapDomainErrorToStatus,
-  extractUserAgent,
-  extractClientIp,
-  createTenantPlugin,
-  createStandardPreset,
-  createRbacPlugin,
-  createRateLimitPlugin,
-  createLoggerPlugin,
-  createJwtVerifyPlugin,
-  createErrorHandlerPlugin,
-  createBasicPreset,
-  createAuditPlugin
-};
+import{AuthenticationError as e,DomainError as t,DuplicateEntityError as n,isBusinessRuleError as r,isConcurrencyError as i,isEntityNotFoundError as a,isPermissionDeniedError as o,isValidationError as s}from"@longzai-intelligence/error";import{AccountDisabledError as c,InvalidCredentialsError as l,MfaRequiredError as u,RateLimitExceededError as d,TokenExpiredError as f,TokenInvalidError as p,TokenMissingError as m,UserAlreadyExistsError as h,accessTokenPayloadSchema as g,createDefaultJwtConfig as _}from"@longzai-intelligence-auth/core";import{Elysia as v}from"elysia";import{JwtTokenVerifier as y}from"@longzai-intelligence-auth/jwt";function b(t){return s(t)?400:t instanceof f||t instanceof p||t instanceof m||t instanceof u||t instanceof l||t instanceof c||t instanceof e?401:o(t)?403:a(t)?404:t instanceof n||t instanceof h?409:t instanceof d?429:i(t)?409:r(t)||t.code===`PASSWORD_POLICY_VIOLATION`?422:500}function x(e,t){return{userId:e.sub,tenantId:e.tenantId??t,roles:e.roles??[],permissions:e.permissions??[],authMethod:`jwt`}}function S(e){return{userId:``,tenantId:e,roles:[],permissions:[],authMethod:`jwt`}}function C(e,t){return t.some(t=>t.endsWith(`/*`)?e.startsWith(t.slice(0,-2)):e===t)}function w(e){return{algorithm:`HS256`,secret:e.secret,accessExpiresIn:e.accessExpiresIn,refreshExpiresIn:e.refreshExpiresIn}}function T(e,t){return e||new y(w(t??_()))}function E(e){let{verifier:t,jwt:n,defaultTenantId:r=`default`,publicPaths:i=[],extendSchema:a}=e,o=T(t,n);return new v({name:`@longzai-intelligence-auth/jwt-verify`}).derive(async({request:e})=>{if(C(new URL(e.url).pathname,i)){let e=a?a.parse({}):{};return{auth:{...S(r),...e}}}let t=e.headers.get(`Authorization`),n=t?.startsWith(`Bearer `)?t.slice(7):null;if(!n)throw new m;let s=await o.verifyAccessToken(n);if(!s.success||!s.payload)throw new p(s.error);g.parse(s.payload);let c=x(s.payload,r),l=a?a.parse(s.payload):{};return{auth:{...c,...l}}}).as(`scoped`)}function D(e){return{algorithm:`HS256`,secret:e.secret,accessExpiresIn:e.accessExpiresIn,refreshExpiresIn:e.refreshExpiresIn}}function O(e,t){return e||new y(D(t??_()))}function k(e){let{verifier:t,jwt:n,defaultTenantId:r=`default`,extendSchema:i}=e,a=O(t,n);return new v({name:`@longzai-intelligence-auth/optional-jwt`}).derive(async({request:e})=>{let t=e.headers.get(`Authorization`),n=t?.startsWith(`Bearer `)?t.slice(7):null;if(!n)return{auth:null};try{let e=await a.verifyAccessToken(n);if(!e.success||!e.payload)return{auth:null};g.parse(e.payload);let t=e.payload,o={userId:t.sub,tenantId:t.tenantId??r,roles:t.roles??[],permissions:t.permissions??[],authMethod:`jwt`},s=i?i.parse(t):{};return{auth:{...o,...s}}}catch{return{auth:null}}}).as(`scoped`)}function A(e,t,n){return e.some(e=>e.resource===`*`&&e.action===`*`||e.resource===t&&e.action===`*`||e.resource===`*`&&e.action===n||e.resource===t&&e.action===n)}function j(e,t,n){let r=`${t}:${n}`;return e.includes(r)||e.includes(`${t}:*`)||e.includes(`*:${n}`)||e.includes(`*:*`)}function M(e={}){let{userRole:t}=e;return new v({name:`@longzai-intelligence-auth/rbac`}).derive({as:`scoped`},async e=>{let n=e.auth;if(!n)throw new m;let r=n.userId,i=n.tenantId;return{requirePermission:async(e,a)=>{if(t){if(A(await t.findPermissionsByUserId(r,i),e,a))return;let{PermissionDeniedError:n}=await import(`@longzai-intelligence/error`);throw new n(e,a)}if(j(n.permissions??[],e,a))return;let{PermissionDeniedError:o}=await import(`@longzai-intelligence/error`);throw new o(e,a)}}}).as(`global`)}function N(e){let{header:t=`x-api-key`,validator:n}=e;return new v({name:`@longzai-intelligence-auth/api-key`}).derive(async({request:e})=>{let r=e.headers.get(t)??e.headers.get(t.toLowerCase());if(!r)throw new m(`缺少 API Key`);let i=await n(r);if(!i)throw new p(`无效的 API Key`);return{auth:{userId:i.principalId,tenantId:i.tenantId??`default`,roles:i.roles,permissions:i.permissions,authMethod:`api-key`}}}).as(`scoped`)}function P(e){return async t=>{let n=e[t];return n?{principalId:n.principalId,tenantId:n.tenantId,roles:n.roles,permissions:n.permissions}:null}}function F(e){return{authMethod:`jwt`,userId:e.userId,tenantId:e.tenantId,roles:e.roles,permissions:e.permissions}}function I(e,t){return{authMethod:`api-key`,userId:e.principalId,tenantId:e.tenantId??t,roles:e.roles,permissions:e.permissions}}function L(e){return{algorithm:`HS256`,secret:e.secret,accessExpiresIn:e.accessExpiresIn,refreshExpiresIn:e.refreshExpiresIn}}function R(e,t){return e||new y(L(t??_()))}function z(e,t){return t.some(t=>t.endsWith(`/*`)?e.startsWith(t.slice(0,-2)):e===t)}function B(e){let{verifier:t,jwt:n,defaultTenantId:r=`default`,apiKeyValidator:i,apiKeyHeader:a=`x-api-key`,publicPaths:o=[]}=e,s=R(t,n);return new v({name:`@longzai-intelligence-auth/composite-auth`}).derive(async({request:e})=>{if(z(new URL(e.url).pathname,o))return{auth:null};let t=e.headers.get(`Authorization`),n=t?.startsWith(`Bearer `)?t.slice(7):null;if(n)try{let e=await s.verifyAccessToken(n);if(e.success&&e.payload)return g.parse(e.payload),{auth:F({userId:e.payload.sub,tenantId:e.payload.tenantId??r,roles:e.payload.roles??[],permissions:e.payload.permissions??[]})}}catch{}if(i){let t=e.headers.get(a)??e.headers.get(a.toLowerCase());if(t){let e=await i(t);if(e)return{auth:I(e,r)}}}return{auth:null}}).as(`scoped`)}function V(e){let{verifier:t,jwt:n,defaultTenantId:r=`default`,apiKeyValidator:i,apiKeyHeader:a=`x-api-key`,publicPaths:o=[]}=e,s=R(t,n);return new v({name:`@longzai-intelligence-auth/required-composite-auth`}).derive(async({request:e})=>{if(z(new URL(e.url).pathname,o))return{auth:{authMethod:`jwt`,userId:``,tenantId:r,roles:[],permissions:[]}};let t=e.headers.get(`Authorization`),n=t?.startsWith(`Bearer `)?t.slice(7):null;if(n)try{let e=await s.verifyAccessToken(n);if(e.success&&e.payload)return g.parse(e.payload),{auth:F({userId:e.payload.sub,tenantId:e.payload.tenantId??r,roles:e.payload.roles??[],permissions:e.payload.permissions??[]})}}catch{}if(i){let t=e.headers.get(a)??e.headers.get(a.toLowerCase());if(t){let e=await i(t);if(e)return{auth:I(e,r)}}}throw Error(`认证失败：需要提供有效的 JWT Token 或 API Key`)}).as(`scoped`)}function H(e={}){let{defaultTenantId:t=`default`,validateFn:n}=e;return new v({name:`@longzai-intelligence-auth/tenant`}).derive(({request:e})=>({tenantId:e.headers.get(`x-tenant-id`)??t})).as(`scoped`).onBeforeHandle(async({tenantId:e})=>{if(n&&e!==t&&!(await n(e)).valid){let{PermissionDeniedError:e}=await import(`@longzai-intelligence/error`);throw new e(`tenant`,`access`)}}).as(`global`)}function U(e){return e.headers.get(`x-forwarded-for`)?.split(`,`)[0]?.trim()??e.headers.get(`x-real-ip`)??`unknown`}function W(e){let{limiter:t,logger:n}=e,r=e.keyGenerator??U;return new v({name:`@longzai-intelligence-auth/rate-limit`}).derive(({request:e})=>({clientIp:r(e)})).derive(async({clientIp:e,request:r})=>{let i=new URL(r.url).pathname,a=`${e}:${i}`,o=await t.checkLimit(a);if(!o.allowed)throw n?.warn(`限流触发`,{clientIp:e,path:i}),new d;return{rateLimitRemaining:o.remaining}}).as(`global`)}function G(e={}){let{logger:n}=e;return new v({name:`@longzai-intelligence-auth/error-handler`}).onError(({code:e,error:r,set:i})=>{if(r instanceof t)return i.status=b(r),{code:r.code,message:r.message,...r.context&&Object.keys(r.context).length>0?{details:r.context}:{}};switch(e){case`VALIDATION`:return i.status=400,{code:`VALIDATION_ERROR`,message:`请求参数验证失败`,details:r.all.map(e=>({path:e.path,message:e.summary}))};case`NOT_FOUND`:return i.status=404,{code:`NOT_FOUND`,message:`未找到请求的资源`};case`PARSE`:return i.status=400,{code:`PARSE_ERROR`,message:`请求数据解析失败`};default:return n?.error(`未预期的错误`,{error:r instanceof Error?r.message:String(r),stack:r instanceof Error?r.stack:void 0}),i.status=500,{code:`INTERNAL_ERROR`,message:`服务器内部错误`}}}).as(`global`)}function K(e){let{logger:t}=e;return new v({name:`@longzai-intelligence-auth/logger`}).onRequest(({request:e})=>{t.info(`${e.method} ${e.url}`)}).onAfterResponse(({request:e,set:n})=>{t.info(`${e.method} ${e.url} ${n.status}`)}).onError(({request:e,error:n})=>{t.error(`${e.method} ${e.url} 请求错误`,{error:n instanceof Error?n.message:String(n)})}).as(`global`)}function q(e){return new v({name:`@longzai-intelligence-auth/basic-preset`}).use(E({verifier:e.tokenVerifier,defaultTenantId:e.defaultTenantId,publicPaths:e.publicPaths,extendSchema:e.extendSchema})).use(G({logger:e.logger}))}function J(e){let t=e.apiKeyValidator?V({verifier:e.tokenVerifier,defaultTenantId:e.defaultTenantId,publicPaths:e.publicPaths,apiKeyValidator:e.apiKeyValidator}):E({verifier:e.tokenVerifier,defaultTenantId:e.defaultTenantId,publicPaths:e.publicPaths,extendSchema:e.extendSchema}),n=new v({name:`@longzai-intelligence-auth/standard-preset`}).use(t).use(M({userRole:e.userRole})).use(H({defaultTenantId:e.defaultTenantId,validateFn:e.validateFn}));return e.rateLimiter&&n.use(W({limiter:e.rateLimiter,logger:e.logger})),n.use(G({logger:e.logger}))}function Y(e){return e.headers.get(`x-forwarded-for`)?.split(`,`)[0]?.trim()??e.headers.get(`x-real-ip`)??void 0}function X(e){return e.headers.get(`user-agent`)??void 0}export{N as createApiKeyPlugin,q as createBasicPreset,B as createCompositeAuthPlugin,G as createErrorHandlerPlugin,P as createInMemoryApiKeyValidator,E as createJwtVerifyPlugin,K as createLoggerPlugin,k as createOptionalJwtPlugin,W as createRateLimitPlugin,M as createRbacPlugin,V as createRequiredCompositeAuthPlugin,J as createStandardPreset,H as createTenantPlugin,Y as extractClientIp,X as extractUserAgent,b as mapDomainErrorToStatus};

package/package.json

@@ -1,22 +1,15 @@
 {
   "name": "@longzai-intelligence-auth/elysia",
-  "version": "0.0.3",
+  "version": "0.0.5",
   "license": "UNLICENSED",
   "type": "module",
   "sideEffects": false,
-  "main": "./dist/index.cjs",
-  "module": "./dist/index.js",
+  "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "exports": {
     ".": {
-      "import": {
-        "types": "./dist/index.d.ts",
-        "default": "./dist/index.js"
-      },
-      "require": {
-        "types": "./dist/index.d.cts",
-        "default": "./dist/index.cjs"
-      }
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
     }
   },
   "files": [
@@ -26,10 +19,9 @@
     "access": "public"
   },
   "scripts": {
-    "build": "bun build src/index.ts --outdir dist --target bun",
-    "build:declaration": "tsgo --declaration --emitDeclarationOnly --outDir dist -p tsconfig/app.json",
+    "build": "tsgo --build tsconfig/build.json && resolve-aliases -p tsconfig/build.json",
     "build:prod": "NODE_ENV=production tsdown",
-    "prepublishOnly": "echo skip",
+    "prepublishOnly": "bun run build:prod",
     "typecheck": "bun run typecheck:app && bun run typecheck:node && bun run typecheck:test",
     "typecheck:app": "tsgo --noEmit -p tsconfig/app.json",
     "typecheck:node": "tsgo --noEmit -p tsconfig/node.json",
@@ -44,26 +36,16 @@
     "clean": "rm -rf dist out .cache"
   },
   "dependencies": {
-    "@longzai-intelligence-auth/core": "0.0.1",
-    "@longzai-intelligence-auth/jwt": "0.0.1",
-    "@longzai-intelligence-auth/rate-limit": "0.0.1",
-    "@longzai-intelligence-auth/rbac": "0.0.1",
-    "@longzai-intelligence-auth/session": "0.0.1",
-    "@longzai-intelligence-auth/hashing": "0.0.1",
+    "@longzai-intelligence-auth/core": "0.0.5",
+    "@longzai-intelligence-auth/jwt": "0.0.5",
     "@longzai-intelligence/error": "^0.0.5",
-    "@elysiajs/bearer": "^1.3"
+    "@elysiajs/bearer": "^1.3",
+    "zod": "^3.24"
   },
   "peerDependencies": {
-    "elysia": "^1.3",
-    "@longzai-intelligence-audit/elysia": "^0.1.0"
-  },
-  "peerDependenciesMeta": {
-    "@longzai-intelligence-audit/elysia": {
-      "optional": true
-    }
+    "elysia": "^1.3"
   },
   "devDependencies": {
-    "elysia": "^1.3",
-    "tsdown": "^0.22.1"
+    "elysia": "^1.3"
   }
 }

package/dist/core/auth-strategy.d.ts

@@ -1,14 +0,0 @@
-import { Elysia } from "elysia";
-import type { JwtSignerConfig } from "@longzai-intelligence-auth/jwt";
-import type { JwtStrategyConfig, StandaloneStrategyConfig, EnvBasicStrategyConfig, StrategyContext, AuthPluginConfig } from "../types/auth-plugin-config";
-type AnyElysia = Elysia<any, any, any, any, any, any, any>;
-export type AuthStrategy = {
-    context: StrategyContext;
-    createJwtVerifyPlugin(): AnyElysia;
-    supportsAuthRoutes: boolean;
-};
-export declare function createAuthStrategy(config: AuthPluginConfig): Promise<AuthStrategy>;
-export declare function extractJwtConfig(config: JwtStrategyConfig | StandaloneStrategyConfig | EnvBasicStrategyConfig): JwtSignerConfig;
-export declare function extractDefaultTenantId(config: JwtStrategyConfig | StandaloneStrategyConfig | EnvBasicStrategyConfig): string;
-export declare function extractRegisterRoutes(config: AuthPluginConfig): boolean;
-export {};

package/dist/core/auth-strategy.js

@@ -1,98 +0,0 @@
-import { createJwtVerifyPlugin } from "../plugins/jwt-verify.plugin";
-function createJwtStrategy(config) {
-    const defaultTenantId = config.defaultTenantId ?? "default";
-    return {
-        context: {
-            strategy: "jwt",
-            defaultTenantId,
-            registerRoutes: config.registerRoutes ?? false,
-        },
-        createJwtVerifyPlugin: () => createJwtVerifyPlugin({ jwt: config.jwt, defaultTenantId }),
-        supportsAuthRoutes: true,
-    };
-}
-function createStandaloneStrategy(config) {
-    console.warn("[@longzai-intelligence-auth/elysia] standalone 策略仅用于开发和测试环境，生产环境请使用 jwt 策略");
-    const defaultTenantId = config.defaultTenantId ?? "default";
-    return {
-        context: {
-            strategy: "standalone",
-            defaultTenantId,
-            registerRoutes: config.registerRoutes ?? true,
-            adapter: config.adapter,
-            passwordHasher: config.passwordHasher,
-        },
-        createJwtVerifyPlugin: () => createJwtVerifyPlugin({ jwt: config.jwt, defaultTenantId }),
-        supportsAuthRoutes: true,
-    };
-}
-async function createEnvBasicStrategy(config) {
-    const adminUsername = config.adminUsername ?? process.env.AUTH_ADMIN_USERNAME ?? "admin";
-    const adminPassword = config.adminPassword ?? process.env.AUTH_ADMIN_PASSWORD;
-    if (!adminPassword) {
-        throw new Error("[@longzai-intelligence-auth/elysia] env-basic 策略需要设置 AUTH_ADMIN_PASSWORD 环境变量或 adminPassword 配置项");
-    }
-    console.warn("[@longzai-intelligence-auth/elysia] env-basic 策略仅用于开发和测试环境，生产环境请使用 jwt 或 standalone 策略");
-    let createInMemoryAuthBackend;
-    let createEnvBasicPasswordHasher;
-    try {
-        const adapter = await import("@longzai-intelligence-auth/identity-adapter");
-        createInMemoryAuthBackend = adapter.createInMemoryAuthBackend;
-        createEnvBasicPasswordHasher = adapter.createEnvBasicPasswordHasher;
-    }
-    catch {
-        throw new Error("[@longzai-intelligence-auth/elysia] env-basic 策略需要安装 @longzai-intelligence-auth/identity-adapter 包");
-    }
-    const defaultTenantId = config.defaultTenantId ?? "default";
-    const backend = createInMemoryAuthBackend({
-        adminUsername,
-        adminPassword,
-        jwtConfig: config.jwt,
-    });
-    const passwordHasher = createEnvBasicPasswordHasher();
-    return {
-        context: {
-            strategy: "env-basic",
-            defaultTenantId,
-            registerRoutes: config.registerRoutes ?? true,
-            adapter: backend,
-            passwordHasher,
-        },
-        createJwtVerifyPlugin: () => createJwtVerifyPlugin({ jwt: config.jwt, defaultTenantId }),
-        supportsAuthRoutes: true,
-    };
-}
-export async function createAuthStrategy(config) {
-    switch (config.strategy) {
-        case "jwt":
-            return createJwtStrategy(config);
-        case "standalone":
-            return createStandaloneStrategy(config);
-        case "env-basic":
-            return createEnvBasicStrategy(config);
-        default: {
-            const _exhaustive = config;
-            throw new Error(`未知的认证策略: ${JSON.stringify(_exhaustive)}`);
-        }
-    }
-}
-export function extractJwtConfig(config) {
-    return config.jwt;
-}
-export function extractDefaultTenantId(config) {
-    return config.defaultTenantId ?? "default";
-}
-export function extractRegisterRoutes(config) {
-    switch (config.strategy) {
-        case "jwt":
-            return config.registerRoutes ?? false;
-        case "standalone":
-            return config.registerRoutes ?? true;
-        case "env-basic":
-            return config.registerRoutes ?? true;
-        default: {
-            const _exhaustive = config;
-            return false;
-        }
-    }
-}

package/dist/core/error-mapper.d.ts

@@ -1,2 +0,0 @@
-import type { DomainError } from "@longzai-intelligence/error";
-export declare function mapDomainErrorToStatus(error: DomainError): number;

package/dist/core/error-mapper.js

@@ -1,27 +0,0 @@
-import { AuthenticationError, DuplicateEntityError, isValidationError, isEntityNotFoundError, isPermissionDeniedError, isBusinessRuleError, isConcurrencyError, } from "@longzai-intelligence/error";
-import { TokenExpiredError, TokenInvalidError, TokenMissingError, MfaRequiredError, InvalidCredentialsError, AccountDisabledError, RateLimitExceededError, } from "@longzai-intelligence-auth/core";
-export function mapDomainErrorToStatus(error) {
-    if (isValidationError(error))
-        return 400;
-    if (error instanceof TokenExpiredError ||
-        error instanceof TokenInvalidError ||
-        error instanceof TokenMissingError ||
-        error instanceof MfaRequiredError ||
-        error instanceof InvalidCredentialsError ||
-        error instanceof AccountDisabledError ||
-        error instanceof AuthenticationError)
-        return 401;
-    if (isPermissionDeniedError(error))
-        return 403;
-    if (isEntityNotFoundError(error))
-        return 404;
-    if (error instanceof DuplicateEntityError)
-        return 409;
-    if (error instanceof RateLimitExceededError)
-        return 429;
-    if (isConcurrencyError(error))
-        return 409;
-    if (isBusinessRuleError(error))
-        return 422;
-    return 500;
-}

package/dist/plugin.d.ts

@@ -1,6 +0,0 @@
-import { Elysia } from "elysia";
-import type { AuthPluginOptions } from "./types/auth-plugin-config";
-type AnyElysia = Elysia<any, any, any, any, any, any, any>;
-export declare function createAuthPlugin(options: AuthPluginOptions): Promise<AnyElysia>;
-export type { AuthPluginConfig, AuthPluginOptions, StrategyContext, StrategyName } from "./types/auth-plugin-config";
-export type { AuthStrategy } from "./core/auth-strategy";

package/dist/plugin.js

@@ -1,39 +0,0 @@
-import { Elysia } from "elysia";
-import { createAuthStrategy, extractJwtConfig, extractDefaultTenantId, extractRegisterRoutes } from "./core/auth-strategy";
-import { createAuthRoutes, createMeRoute } from "./routes/auth.routes";
-import { createErrorHandlerPlugin } from "./plugins/error-handler.plugin";
-export async function createAuthPlugin(options) {
-    const { logger, ...config } = options;
-    const strategy = await createAuthStrategy(config);
-    const jwtConfig = extractJwtConfig(config);
-    const defaultTenantId = extractDefaultTenantId(config);
-    const registerRoutes = extractRegisterRoutes(config);
-    let plugin = new Elysia({ name: "@longzai-intelligence-auth/plugin" })
-        .use(strategy.createJwtVerifyPlugin())
-        .use(createErrorHandlerPlugin({ logger }));
-    if (registerRoutes && config.strategy === "standalone") {
-        const standaloneConfig = config;
-        plugin = plugin.use(createAuthRoutes({
-            jwt: jwtConfig,
-            adapter: standaloneConfig.adapter,
-            passwordHasher: standaloneConfig.passwordHasher,
-            defaultTenantId,
-        }));
-    }
-    if (registerRoutes && config.strategy === "env-basic") {
-        const envBasicConfig = config;
-        plugin = plugin.use(createAuthRoutes({
-            jwt: jwtConfig,
-            adapter: strategy.context.adapter,
-            passwordHasher: strategy.context.passwordHasher,
-            defaultTenantId,
-        }));
-    }
-    if (registerRoutes && config.strategy === "jwt") {
-        plugin = plugin.use(createMeRoute({
-            jwt: jwtConfig,
-            defaultTenantId,
-        }));
-    }
-    return plugin;
-}

package/dist/plugins/audit.plugin.d.ts

@@ -1,38 +0,0 @@
-import { Elysia } from "elysia";
-import type { AuthBackendPort } from "@longzai-intelligence-auth/core";
-import type { AuditLogEntry } from "@longzai-intelligence-auth/core";
-export type AuditPluginOptions = {
-    adapter: AuthBackendPort;
-};
-export declare function createAuditPlugin(options: AuditPluginOptions): Elysia<"", {
-    decorator: {};
-    store: {};
-    derive: {};
-    resolve: {};
-}, {
-    typebox: {};
-    error: {};
-}, {
-    schema: {};
-    standaloneSchema: {};
-    macro: {};
-    macroFn: {};
-    parser: {};
-    response: {};
-}, {}, {
-    derive: {
-        readonly recordAudit: (entry: Omit<AuditLogEntry, never>) => void;
-    };
-    resolve: {};
-    schema: {};
-    standaloneSchema: {};
-    response: import("elysia").ExtractErrorFromHandle<{
-        readonly recordAudit: (entry: Omit<AuditLogEntry, never>) => void;
-    }>;
-}, {
-    derive: {};
-    resolve: {};
-    schema: {};
-    standaloneSchema: {};
-    response: {};
-}>;

package/dist/plugins/audit.plugin.js

@@ -1,13 +0,0 @@
-import { Elysia } from "elysia";
-export function createAuditPlugin(options) {
-    const { adapter } = options;
-    return new Elysia({ name: "@longzai-intelligence-auth/audit" })
-        .derive(() => ({
-        recordAudit: (entry) => {
-            adapter.audit.write(entry).catch((error) => {
-                console.error("审计日志写入失败:", error);
-            });
-        },
-    }))
-        .as("scoped");
-}

package/dist/plugins/error-handler.plugin.d.ts

@@ -1,46 +0,0 @@
-import { Elysia } from "elysia";
-import type { LoggerService } from "@longzai-intelligence-auth/core";
-export type ErrorHandlerPluginOptions = {
-    logger?: LoggerService;
-};
-export declare function createErrorHandlerPlugin(options?: ErrorHandlerPluginOptions): Elysia<"", {
-    decorator: {};
-    store: {};
-    derive: {};
-    resolve: {};
-}, {
-    typebox: {};
-    error: {};
-}, {
-    schema: {};
-    standaloneSchema: {};
-    macro: {};
-    macroFn: {};
-    parser: {};
-    response: {};
-}, {}, {
-    derive: {};
-    resolve: {};
-    schema: {};
-    standaloneSchema: {};
-    response: {};
-}, {
-    derive: {};
-    resolve: {};
-    schema: {};
-    standaloneSchema: {};
-    response: {
-        200: {
-            code: string;
-            message: string;
-            details?: Record<string, unknown> | undefined;
-        } | {
-            code: string;
-            message: string;
-            details: {
-                path: string;
-                message: string | undefined;
-            }[];
-        };
-    };
-}>;

package/dist/plugins/error-handler.plugin.js

@@ -1,45 +0,0 @@
-import { Elysia } from "elysia";
-import { DomainError } from "@longzai-intelligence/error";
-import { mapDomainErrorToStatus } from "../core/error-mapper";
-export function createErrorHandlerPlugin(options = {}) {
-    const { logger } = options;
-    return new Elysia({ name: "@longzai-intelligence-auth/error-handler" })
-        .onError(({ code, error, set }) => {
-        if (error instanceof DomainError) {
-            const status = mapDomainErrorToStatus(error);
-            set.status = status;
-            return {
-                code: error.code,
-                message: error.message,
-                ...(error.context && Object.keys(error.context).length > 0
-                    ? { details: error.context }
-                    : {}),
-            };
-        }
-        switch (code) {
-            case "VALIDATION":
-                set.status = 400;
-                return {
-                    code: "VALIDATION_ERROR",
-                    message: "请求参数验证失败",
-                    details: error.all.map((e) => ({
-                        path: e.path,
-                        message: e.summary,
-                    })),
-                };
-            case "NOT_FOUND":
-                set.status = 404;
-                return { code: "NOT_FOUND", message: "未找到请求的资源" };
-            case "PARSE":
-                set.status = 400;
-                return { code: "PARSE_ERROR", message: "请求数据解析失败" };
-            default:
-                logger?.error("未预期的错误", {
-                    error: error instanceof Error ? error.message : String(error),
-                    stack: error instanceof Error ? error.stack : undefined,
-                });
-                set.status = 500;
-                return { code: "INTERNAL_ERROR", message: "服务器内部错误" };
-        }
-    });
-}

package/dist/plugins/jwt-verify.plugin.d.ts

@@ -1,9 +0,0 @@
-import { Elysia } from "elysia";
-import type { JwtSignerConfig } from "@longzai-intelligence-auth/jwt";
-export type JwtVerifyPluginOptions = {
-    jwt: JwtSignerConfig;
-    defaultTenantId?: string;
-};
-type AnyElysia = Elysia<any, any, any, any, any, any, any>;
-export declare function createJwtVerifyPlugin(options: JwtVerifyPluginOptions): AnyElysia;
-export {};

package/dist/plugins/jwt-verify.plugin.js

@@ -1,31 +0,0 @@
-import { Elysia } from "elysia";
-import { createJwtVerifier } from "@longzai-intelligence-auth/jwt";
-import { TokenMissingError, TokenInvalidError } from "@longzai-intelligence-auth/core";
-export function createJwtVerifyPlugin(options) {
-    const { jwt: jwtConfig, defaultTenantId = "default" } = options;
-    let verifierPromise = null;
-    const getVerifier = () => {
-        if (!verifierPromise) {
-            verifierPromise = createJwtVerifier(jwtConfig);
-        }
-        return verifierPromise;
-    };
-    return new Elysia({ name: "@longzai-intelligence-auth/jwt-verify" })
-        .derive(async ({ request }) => {
-        const authHeader = request.headers.get("Authorization");
-        const bearer = authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : null;
-        if (!bearer) {
-            throw new TokenMissingError();
-        }
-        const verifier = await getVerifier();
-        const result = await verifier.verifyAccessToken(bearer);
-        if (!result.success || !result.payload) {
-            throw new TokenInvalidError(result.error);
-        }
-        const payload = result.payload;
-        const userId = payload.sub;
-        const tenantId = payload.tenantId ?? defaultTenantId;
-        return { userId, tenantId };
-    })
-        .as("scoped");
-}

package/dist/plugins/logger.plugin.d.ts

@@ -1,33 +0,0 @@
-import { Elysia } from "elysia";
-import type { LoggerService } from "@longzai-intelligence-auth/core";
-export type LoggerPluginOptions = {
-    logger: LoggerService;
-};
-export declare function createLoggerPlugin(options: LoggerPluginOptions): Elysia<"", {
-    decorator: {};
-    store: {};
-    derive: {};
-    resolve: {};
-}, {
-    typebox: {};
-    error: {};
-}, {
-    schema: {};
-    standaloneSchema: {};
-    macro: {};
-    macroFn: {};
-    parser: {};
-    response: {};
-}, {}, {
-    derive: {};
-    resolve: {};
-    schema: {};
-    standaloneSchema: {};
-    response: {};
-}, {
-    derive: {};
-    resolve: {};
-    schema: {};
-    standaloneSchema: {};
-    response: {};
-}>;

package/dist/plugins/logger.plugin.js

@@ -1,16 +0,0 @@
-import { Elysia } from "elysia";
-export function createLoggerPlugin(options) {
-    const { logger } = options;
-    return new Elysia({ name: "@longzai-intelligence-auth/logger" })
-        .onRequest(({ request }) => {
-        logger.info(`${request.method} ${request.url}`);
-    })
-        .onAfterResponse(({ request, set }) => {
-        logger.info(`${request.method} ${request.url} ${set.status}`);
-    })
-        .onError(({ request, error }) => {
-        logger.error(`${request.method} ${request.url} 请求错误`, {
-            error: error instanceof Error ? error.message : String(error),
-        });
-    });
-}

package/dist/plugins/rate-limit.plugin.d.ts

@@ -1,40 +0,0 @@
-import { Elysia } from "elysia";
-import type { RateLimitConfig, LoggerService } from "@longzai-intelligence-auth/core";
-export type RateLimitPluginOptions = RateLimitConfig & {
-    logger?: LoggerService;
-    keyGenerator?: (request: Request) => string;
-};
-export declare function createRateLimitPlugin(options?: RateLimitPluginOptions): Elysia<"", {
-    decorator: {};
-    store: {};
-    derive: {};
-    resolve: {};
-}, {
-    typebox: {};
-    error: {};
-}, {
-    schema: {};
-    standaloneSchema: {};
-    macro: {};
-    macroFn: {};
-    parser: {};
-    response: {};
-}, {}, {
-    derive: {};
-    resolve: {};
-    schema: {};
-    standaloneSchema: {};
-    response: {};
-}, {
-    derive: {
-        readonly clientIp: string;
-    } & {
-        readonly rateLimitRemaining: number;
-    };
-    resolve: {};
-    schema: {};
-    standaloneSchema: {};
-    response: import("elysia").ExtractErrorFromHandle<{
-        readonly rateLimitRemaining: number;
-    }>;
-}>;

package/dist/plugins/rate-limit.plugin.js

@@ -1,39 +0,0 @@
-import { Elysia } from "elysia";
-import { createMemoryRateLimiter } from "@longzai-intelligence-auth/rate-limit";
-import { RateLimitExceededError } from "@longzai-intelligence-auth/core";
-function defaultKeyGenerator(request) {
-    return request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()
-        ?? request.headers.get("x-real-ip")
-        ?? "unknown";
-}
-export function createRateLimitPlugin(options = { windowSeconds: 60, maxRequests: 100 }) {
-    const { logger } = options;
-    const keyGen = options.keyGenerator ?? defaultKeyGenerator;
-    const limiter = createMemoryRateLimiter({
-        windowSeconds: options.windowSeconds,
-        maxRequests: options.maxRequests,
-    });
-    const timer = setInterval(() => {
-        limiter.cleanup();
-    }, 60_000);
-    if (typeof process !== "undefined" && typeof process.on === "function") {
-        process.on("exit", () => clearInterval(timer));
-    }
-    return new Elysia({ name: "@longzai-intelligence-auth/rate-limit" })
-        .derive(({ request }) => {
-        const clientIp = keyGen(request);
-        return { clientIp };
-    })
-        .derive(async ({ clientIp, request }) => {
-        const url = new URL(request.url);
-        const path = url.pathname;
-        const key = `${clientIp}:${path}`;
-        const allowed = await limiter.check(key);
-        if (!allowed) {
-            logger?.warn("限流触发", { clientIp, path });
-            throw new RateLimitExceededError();
-        }
-        const remaining = options.maxRequests - limiter.getCount(key);
-        return { rateLimitRemaining: remaining };
-    });
-}

package/dist/plugins/rbac.plugin.d.ts

@@ -1,36 +0,0 @@
-import { Elysia } from "elysia";
-import type { JwtSignerConfig } from "@longzai-intelligence-auth/jwt";
-export type RbacPluginOptions = {
-    jwt: JwtSignerConfig;
-    defaultTenantId?: string;
-};
-export declare function createRbacPlugin(options: RbacPluginOptions): Elysia<"", {
-    decorator: {};
-    store: {};
-    derive: {};
-    resolve: {};
-}, {
-    typebox: {};
-    error: {};
-}, {
-    schema: {};
-    standaloneSchema: {};
-    macro: Partial<{}>;
-    macroFn: ({ onBeforeHandle }: any) => {
-        permission(permission: string): void;
-    };
-    parser: {};
-    response: {};
-}, {}, {
-    derive: {};
-    resolve: {};
-    schema: {};
-    standaloneSchema: {};
-    response: {};
-}, {
-    derive: {};
-    resolve: {};
-    schema: {};
-    standaloneSchema: {};
-    response: {};
-}>;