@longzai-intelligence-auth/express 0.0.2

package/dist/core/error-mapper.d.ts

@@ -0,0 +1,2 @@
+import type { DomainError } from "@longzai-intelligence/error";
+export declare function mapDomainErrorToStatus(error: DomainError): number;

package/dist/core/error-mapper.js

@@ -0,0 +1,27 @@
+import { AuthenticationError, DuplicateEntityError, isValidationError, isEntityNotFoundError, isPermissionDeniedError, isBusinessRuleError, isConcurrencyError, } from "@longzai-intelligence/error";
+import { TokenExpiredError, TokenInvalidError, TokenMissingError, MfaRequiredError, InvalidCredentialsError, AccountDisabledError, RateLimitExceededError, } from "@longzai-intelligence-auth/core";
+export function mapDomainErrorToStatus(error) {
+    if (isValidationError(error))
+        return 400;
+    if (error instanceof TokenExpiredError ||
+        error instanceof TokenInvalidError ||
+        error instanceof TokenMissingError ||
+        error instanceof MfaRequiredError ||
+        error instanceof InvalidCredentialsError ||
+        error instanceof AccountDisabledError ||
+        error instanceof AuthenticationError)
+        return 401;
+    if (isPermissionDeniedError(error))
+        return 403;
+    if (isEntityNotFoundError(error))
+        return 404;
+    if (error instanceof DuplicateEntityError)
+        return 409;
+    if (error instanceof RateLimitExceededError)
+        return 429;
+    if (isConcurrencyError(error))
+        return 409;
+    if (isBusinessRuleError(error))
+        return 422;
+    return 500;
+}

package/dist/index.d.ts

@@ -0,0 +1,22 @@
+export { mapDomainErrorToStatus } from "./core/error-mapper";
+export { createJwtVerifyMiddleware } from "./middlewares/jwt-verify.middleware";
+export type { JwtVerifyMiddlewareOptions } from "./middlewares/jwt-verify.middleware";
+export { createRbacMiddleware } from "./middlewares/rbac.middleware";
+export type { RbacMiddlewareOptions } from "./middlewares/rbac.middleware";
+export { createTenantMiddleware } from "./middlewares/tenant.middleware";
+export type { TenantMiddlewareOptions } from "./middlewares/tenant.middleware";
+export { createRateLimitMiddleware } from "./middlewares/rate-limit.middleware";
+export type { RateLimitMiddlewareOptions } from "./middlewares/rate-limit.middleware";
+export { createAuditMiddleware } from "./middlewares/audit.middleware";
+export type { AuditMiddlewareOptions } from "./middlewares/audit.middleware";
+export { createLoggerMiddleware } from "./middlewares/logger.middleware";
+export type { LoggerMiddlewareOptions } from "./middlewares/logger.middleware";
+export { createErrorHandlerMiddleware } from "./middlewares/error-handler.middleware";
+export type { ErrorHandlerMiddlewareOptions } from "./middlewares/error-handler.middleware";
+export { createBasicPreset } from "./presets/basic-preset";
+export type { BasicPresetOptions } from "./presets/basic-preset";
+export { createStandardPreset } from "./presets/standard-preset";
+export type { StandardPresetOptions } from "./presets/standard-preset";
+export { extractClientIp } from "./utils/extract-client-ip";
+export { extractUserAgent } from "./utils/extract-user-agent";
+export type { AuthRequest } from "./types/express-auth.types";

package/dist/index.js

@@ -0,0 +1,12 @@
+export { mapDomainErrorToStatus } from "./core/error-mapper";
+export { createJwtVerifyMiddleware } from "./middlewares/jwt-verify.middleware";
+export { createRbacMiddleware } from "./middlewares/rbac.middleware";
+export { createTenantMiddleware } from "./middlewares/tenant.middleware";
+export { createRateLimitMiddleware } from "./middlewares/rate-limit.middleware";
+export { createAuditMiddleware } from "./middlewares/audit.middleware";
+export { createLoggerMiddleware } from "./middlewares/logger.middleware";
+export { createErrorHandlerMiddleware } from "./middlewares/error-handler.middleware";
+export { createBasicPreset } from "./presets/basic-preset";
+export { createStandardPreset } from "./presets/standard-preset";
+export { extractClientIp } from "./utils/extract-client-ip";
+export { extractUserAgent } from "./utils/extract-user-agent";

package/dist/middlewares/audit.middleware.d.ts

@@ -0,0 +1,4 @@
+import type { Request, Response, NextFunction } from "express";
+import type { AuditMiddlewareOptions } from "../types/express-auth.types";
+export type { AuditMiddlewareOptions };
+export declare function createAuditMiddleware(options: AuditMiddlewareOptions): (_req: Request, _res: Response, next: NextFunction) => void;

package/dist/middlewares/audit.middleware.js

@@ -0,0 +1,12 @@
+export function createAuditMiddleware(options) {
+    const { adapter } = options;
+    return (_req, _res, next) => {
+        const authReq = _req;
+        authReq.recordAudit = (entry) => {
+            adapter.audit.save(entry).catch((error) => {
+                console.error("审计日志写入失败:", error);
+            });
+        };
+        next();
+    };
+}

package/dist/middlewares/error-handler.middleware.d.ts

@@ -0,0 +1,4 @@
+import type { Request, Response, NextFunction } from "express";
+import type { ErrorHandlerMiddlewareOptions } from "../types/express-auth.types";
+export type { ErrorHandlerMiddlewareOptions };
+export declare function createErrorHandlerMiddleware(options?: ErrorHandlerMiddlewareOptions): (error: Error, req: Request, res: Response, _next: NextFunction) => void;

package/dist/middlewares/error-handler.middleware.js

@@ -0,0 +1,23 @@
+import { DomainError } from "@longzai-intelligence/error";
+import { mapDomainErrorToStatus } from "../core/error-mapper";
+export function createErrorHandlerMiddleware(options = {}) {
+    const { logger } = options;
+    return (error, req, res, _next) => {
+        if (error instanceof DomainError) {
+            const status = mapDomainErrorToStatus(error);
+            res.status(status).json({
+                code: error.code,
+                message: error.message,
+                ...(error.context && Object.keys(error.context).length > 0
+                    ? { details: error.context }
+                    : {}),
+            });
+            return;
+        }
+        logger?.error("未预期的错误", {
+            error: error instanceof Error ? error.message : String(error),
+            stack: error instanceof Error ? error.stack : undefined,
+        });
+        res.status(500).json({ code: "INTERNAL_ERROR", message: "服务器内部错误" });
+    };
+}

package/dist/middlewares/jwt-verify.middleware.d.ts

@@ -0,0 +1,4 @@
+import type { Request, Response, NextFunction } from "express";
+import type { JwtVerifyMiddlewareOptions } from "../types/express-auth.types";
+export type { JwtVerifyMiddlewareOptions };
+export declare function createJwtVerifyMiddleware(options: JwtVerifyMiddlewareOptions): (req: Request, _res: Response, next: NextFunction) => Promise<void>;

package/dist/middlewares/jwt-verify.middleware.js

@@ -0,0 +1,36 @@
+import { createJwtVerifier } from "@longzai-intelligence-auth/jwt";
+import { TokenMissingError, TokenInvalidError } from "@longzai-intelligence-auth/core";
+export function createJwtVerifyMiddleware(options) {
+    const { jwt: jwtConfig, defaultTenantId = "default" } = options;
+    let verifierPromise = null;
+    const getVerifier = () => {
+        if (!verifierPromise) {
+            verifierPromise = createJwtVerifier(jwtConfig);
+        }
+        return verifierPromise;
+    };
+    return async (req, _res, next) => {
+        try {
+            const authReq = req;
+            const authHeader = req.headers["authorization"];
+            const bearer = typeof authHeader === "string" && authHeader.startsWith("Bearer ")
+                ? authHeader.slice(7)
+                : null;
+            if (!bearer) {
+                throw new TokenMissingError();
+            }
+            const verifier = await getVerifier();
+            const result = await verifier.verifyAccessToken(bearer);
+            if (!result.success || !result.payload) {
+                throw new TokenInvalidError(result.error);
+            }
+            const payload = result.payload;
+            authReq.auth = payload;
+            authReq.tenantId = payload.tenantId ?? defaultTenantId;
+            next();
+        }
+        catch (error) {
+            next(error);
+        }
+    };
+}

package/dist/middlewares/logger.middleware.d.ts

@@ -0,0 +1,4 @@
+import type { Request, Response, NextFunction } from "express";
+import type { LoggerMiddlewareOptions } from "../types/express-auth.types";
+export type { LoggerMiddlewareOptions };
+export declare function createLoggerMiddleware(options: LoggerMiddlewareOptions): (req: Request, res: Response, next: NextFunction) => void;

package/dist/middlewares/logger.middleware.js

@@ -0,0 +1,17 @@
+export function createLoggerMiddleware(options) {
+    const { logger } = options;
+    return (req, res, next) => {
+        const startTime = Date.now();
+        logger.info(`${req.method} ${req.originalUrl}`);
+        res.on("finish", () => {
+            const duration = Date.now() - startTime;
+            logger.info(`${req.method} ${req.originalUrl} ${res.statusCode} ${duration}ms`);
+        });
+        res.on("error", (error) => {
+            logger.error(`${req.method} ${req.originalUrl} 请求错误`, {
+                error: error instanceof Error ? error.message : String(error),
+            });
+        });
+        next();
+    };
+}

package/dist/middlewares/rate-limit.middleware.d.ts

@@ -0,0 +1,4 @@
+import type { Request, Response, NextFunction } from "express";
+import type { RateLimitMiddlewareOptions } from "../types/express-auth.types";
+export type { RateLimitMiddlewareOptions };
+export declare function createRateLimitMiddleware(options?: RateLimitMiddlewareOptions): (req: Request, _res: Response, next: NextFunction) => Promise<void>;

package/dist/middlewares/rate-limit.middleware.js

@@ -0,0 +1,42 @@
+import { createMemoryRateLimiter } from "@longzai-intelligence-auth/rate-limit";
+import { RateLimitExceededError } from "@longzai-intelligence-auth/core";
+function defaultKeyGenerator(req) {
+    return req.headers["x-forwarded-for"]?.split(",")[0]?.trim()
+        ?? req.headers["x-real-ip"]
+        ?? req.ip
+        ?? "unknown";
+}
+export function createRateLimitMiddleware(options = { windowSeconds: 60, maxRequests: 100 }) {
+    const { logger } = options;
+    const keyGen = options.keyGenerator ?? defaultKeyGenerator;
+    const limiter = createMemoryRateLimiter({
+        windowSeconds: options.windowSeconds,
+        maxRequests: options.maxRequests,
+    });
+    const timer = setInterval(() => {
+        limiter.cleanup();
+    }, 60_000);
+    if (typeof process !== "undefined" && typeof process.on === "function") {
+        process.on("exit", () => clearInterval(timer));
+    }
+    return async (req, _res, next) => {
+        try {
+            const authReq = req;
+            const clientIp = keyGen(req);
+            authReq.clientIp = clientIp;
+            const path = req.path;
+            const key = `${clientIp}:${path}`;
+            const allowed = await limiter.check(key);
+            if (!allowed) {
+                logger?.warn("限流触发", { clientIp, path });
+                throw new RateLimitExceededError();
+            }
+            const remaining = options.maxRequests - limiter.getCount(key);
+            authReq.rateLimitRemaining = remaining;
+            next();
+        }
+        catch (error) {
+            next(error);
+        }
+    };
+}

package/dist/middlewares/rbac.middleware.d.ts

@@ -0,0 +1,4 @@
+import type { Request, Response, NextFunction } from "express";
+import type { RbacMiddlewareOptions } from "../types/express-auth.types";
+export type { RbacMiddlewareOptions };
+export declare function createRbacMiddleware(options: RbacMiddlewareOptions): (permission: string) => (req: Request, _res: Response, next: NextFunction) => Promise<void>;

package/dist/middlewares/rbac.middleware.js

@@ -0,0 +1,49 @@
+import { createRoleChecker } from "@longzai-intelligence-auth/rbac";
+import { createJwtVerifier } from "@longzai-intelligence-auth/jwt";
+import { TokenMissingError, TokenInvalidError } from "@longzai-intelligence-auth/core";
+export function createRbacMiddleware(options) {
+    const { jwt: jwtConfig, defaultTenantId = "default" } = options;
+    const roleChecker = createRoleChecker();
+    let verifierPromise = null;
+    const getVerifier = () => {
+        if (!verifierPromise) {
+            verifierPromise = createJwtVerifier(jwtConfig);
+        }
+        return verifierPromise;
+    };
+    return (permission) => {
+        return async (req, _res, next) => {
+            try {
+                const authReq = req;
+                const authHeader = req.headers["authorization"];
+                const bearer = typeof authHeader === "string" && authHeader.startsWith("Bearer ")
+                    ? authHeader.slice(7)
+                    : null;
+                if (!bearer) {
+                    throw new TokenMissingError();
+                }
+                const verifier = await getVerifier();
+                const result = await verifier.verifyAccessToken(bearer);
+                if (!result.success || !result.payload) {
+                    throw new TokenInvalidError(result.error);
+                }
+                const payload = result.payload;
+                authReq.auth = payload;
+                authReq.tenantId = payload.tenantId ?? defaultTenantId;
+                const [resource, action] = permission.split(":");
+                if (!resource || !action) {
+                    throw new Error(`无效的权限格式: ${permission}，应为 resource:action`);
+                }
+                const hasPermission = roleChecker.hasPermission(payload, resource, action);
+                if (!hasPermission) {
+                    const { PermissionDeniedError } = await import("@longzai-intelligence/error");
+                    throw new PermissionDeniedError(resource, action);
+                }
+                next();
+            }
+            catch (error) {
+                next(error);
+            }
+        };
+    };
+}

package/dist/middlewares/tenant.middleware.d.ts

@@ -0,0 +1,4 @@
+import type { Request, Response, NextFunction } from "express";
+import type { TenantMiddlewareOptions } from "../types/express-auth.types";
+export type { TenantMiddlewareOptions };
+export declare function createTenantMiddleware(options?: TenantMiddlewareOptions): (req: Request, _res: Response, next: NextFunction) => Promise<void>;

package/dist/middlewares/tenant.middleware.js

@@ -0,0 +1,22 @@
+export function createTenantMiddleware(options = {}) {
+    const { defaultTenantId = "default", adapter } = options;
+    return async (req, _res, next) => {
+        try {
+            const authReq = req;
+            const headerTenantId = req.headers["x-tenant-id"];
+            const tenantId = headerTenantId ?? defaultTenantId;
+            authReq.tenantId = tenantId;
+            if (adapter && tenantId !== defaultTenantId) {
+                const result = await adapter.tenant.validateStatus(tenantId);
+                if (!result.valid) {
+                    const { PermissionDeniedError } = await import("@longzai-intelligence/error");
+                    throw new PermissionDeniedError("tenant", "access");
+                }
+            }
+            next();
+        }
+        catch (error) {
+            next(error);
+        }
+    };
+}

package/dist/presets/basic-preset.d.ts

@@ -0,0 +1,4 @@
+import type { RequestHandler } from "express";
+import type { BasicPresetOptions } from "../types/express-auth.types";
+export type { BasicPresetOptions };
+export declare function createBasicPreset(options: BasicPresetOptions): RequestHandler[];

package/dist/presets/basic-preset.js

@@ -0,0 +1,11 @@
+import { createJwtVerifyMiddleware } from "../middlewares/jwt-verify.middleware";
+import { createErrorHandlerMiddleware } from "../middlewares/error-handler.middleware";
+export function createBasicPreset(options) {
+    return [
+        createJwtVerifyMiddleware({
+            jwt: options.jwt,
+            defaultTenantId: options.defaultTenantId,
+        }),
+        createErrorHandlerMiddleware({ logger: options.logger }),
+    ];
+}

package/dist/presets/standard-preset.d.ts

@@ -0,0 +1,4 @@
+import type { RequestHandler } from "express";
+import type { StandardPresetOptions } from "../types/express-auth.types";
+export type { StandardPresetOptions };
+export declare function createStandardPreset(options: StandardPresetOptions): RequestHandler[];

package/dist/presets/standard-preset.js

@@ -0,0 +1,27 @@
+import { createJwtVerifyMiddleware } from "../middlewares/jwt-verify.middleware";
+import { createRbacMiddleware } from "../middlewares/rbac.middleware";
+import { createTenantMiddleware } from "../middlewares/tenant.middleware";
+import { createRateLimitMiddleware } from "../middlewares/rate-limit.middleware";
+import { createErrorHandlerMiddleware } from "../middlewares/error-handler.middleware";
+export function createStandardPreset(options) {
+    const rbacMiddleware = createRbacMiddleware({
+        jwt: options.jwt,
+        defaultTenantId: options.defaultTenantId,
+    });
+    return [
+        createJwtVerifyMiddleware({
+            jwt: options.jwt,
+            defaultTenantId: options.defaultTenantId,
+        }),
+        rbacMiddleware("*:*"),
+        createTenantMiddleware({
+            defaultTenantId: options.defaultTenantId,
+            adapter: options.adapter,
+        }),
+        createRateLimitMiddleware({
+            windowSeconds: 60,
+            maxRequests: 100,
+        }),
+        createErrorHandlerMiddleware({ logger: options.logger }),
+    ];
+}

package/dist/types/express-auth.types.d.ts

@@ -0,0 +1,47 @@
+import type { Request } from "express";
+import type { JwtSignerConfig } from "@longzai-intelligence-auth/jwt";
+import type { IdentityAuthBackend, RateLimitConfig, LoggerService, AuditLogEntry } from "@longzai-intelligence-auth/core";
+import type { AccessTokenPayload } from "@longzai-intelligence-auth/core";
+export interface AuthRequest extends Request {
+    auth: AccessTokenPayload;
+    tenantId: string;
+    clientIp?: string;
+    rateLimitRemaining?: number;
+    recordAudit?: (entry: Omit<AuditLogEntry, never>) => void;
+}
+export type JwtVerifyMiddlewareOptions = {
+    jwt: JwtSignerConfig;
+    defaultTenantId?: string;
+};
+export type RbacMiddlewareOptions = {
+    jwt: JwtSignerConfig;
+    defaultTenantId?: string;
+};
+export type TenantMiddlewareOptions = {
+    defaultTenantId?: string;
+    adapter?: IdentityAuthBackend;
+};
+export type RateLimitMiddlewareOptions = RateLimitConfig & {
+    logger?: LoggerService;
+    keyGenerator?: (req: Request) => string;
+};
+export type AuditMiddlewareOptions = {
+    adapter: IdentityAuthBackend;
+};
+export type LoggerMiddlewareOptions = {
+    logger: LoggerService;
+};
+export type ErrorHandlerMiddlewareOptions = {
+    logger?: LoggerService;
+};
+export type BasicPresetOptions = {
+    jwt: JwtSignerConfig;
+    defaultTenantId?: string;
+    logger?: LoggerService;
+};
+export type StandardPresetOptions = {
+    jwt: JwtSignerConfig;
+    defaultTenantId?: string;
+    adapter: IdentityAuthBackend;
+    logger?: LoggerService;
+};

package/dist/types/express-auth.types.js

@@ -0,0 +1 @@
+export {};

package/dist/utils/extract-client-ip.d.ts

@@ -0,0 +1,2 @@
+import type { Request } from "express";
+export declare function extractClientIp(req: Request): string | undefined;

package/dist/utils/extract-client-ip.js

@@ -0,0 +1,6 @@
+export function extractClientIp(req) {
+    return req.headers["x-forwarded-for"]?.split(",")[0]?.trim()
+        ?? req.headers["x-real-ip"]
+        ?? req.ip
+        ?? undefined;
+}

package/dist/utils/extract-user-agent.d.ts

@@ -0,0 +1,2 @@
+import type { Request } from "express";
+export declare function extractUserAgent(req: Request): string | undefined;

package/dist/utils/extract-user-agent.js

@@ -0,0 +1,3 @@
+export function extractUserAgent(req) {
+    return req.headers["user-agent"] ?? undefined;
+}

package/package.json

@@ -0,0 +1,65 @@
+{
+  "name": "@longzai-intelligence-auth/express",
+  "version": "0.0.2",
+  "license": "UNLICENSED",
+  "type": "module",
+  "sideEffects": false,
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      },
+      "require": {
+        "types": "./dist/index.d.cts",
+        "default": "./dist/index.cjs"
+      }
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/longzai/longzai-intelligence-auth",
+    "directory": "packages/express"
+  },
+  "dependencies": {
+    "@longzai-intelligence-auth/core": "0.0.2",
+    "@longzai-intelligence-auth/jwt": "0.0.2",
+    "@longzai-intelligence-auth/rate-limit": "0.0.2",
+    "@longzai-intelligence-auth/rbac": "0.0.2",
+    "@longzai-intelligence-auth/session": "0.0.2",
+    "@longzai-intelligence-auth/hashing": "0.0.2",
+    "@longzai-intelligence/error": "^0.0.5"
+  },
+  "peerDependencies": {
+    "express": "^4.18 || ^5"
+  },
+  "devDependencies": {
+    "express": "^4.21",
+    "@types/express": "^5"
+  },
+  "scripts": {
+    "build": "bun build src/index.ts --outdir dist --target bun",
+    "build:declaration": "tsgo --declaration --emitDeclarationOnly --outDir dist -p tsconfig/app.json",
+    "build:prod": "NODE_ENV=production tsdown",
+    "prepublishOnly": "bun run build:prod",
+    "typecheck": "bun run typecheck:app && bun run typecheck:node && bun run typecheck:test",
+    "typecheck:app": "tsgo --noEmit -p tsconfig/app.json",
+    "typecheck:node": "tsgo --noEmit -p tsconfig/node.json",
+    "typecheck:test": "tsgo --noEmit -p tsconfig/test.json",
+    "lint": "oxlint && oxfmt --check",
+    "lint:fix": "oxlint --fix && oxfmt",
+    "test": "bun test",
+    "test:watch": "bun test --watch",
+    "test:coverage": "bun test --coverage",
+    "clean": "rm -rf dist out .cache"
+  }
+}