@longzai-intelligence-auth/express 0.0.2 → 0.0.6

package/dist/index.d.ts

@@ -1,22 +1,268 @@
-export { mapDomainErrorToStatus } from "./core/error-mapper";
-export { createJwtVerifyMiddleware } from "./middlewares/jwt-verify.middleware";
-export type { JwtVerifyMiddlewareOptions } from "./middlewares/jwt-verify.middleware";
-export { createRbacMiddleware } from "./middlewares/rbac.middleware";
-export type { RbacMiddlewareOptions } from "./middlewares/rbac.middleware";
-export { createTenantMiddleware } from "./middlewares/tenant.middleware";
-export type { TenantMiddlewareOptions } from "./middlewares/tenant.middleware";
-export { createRateLimitMiddleware } from "./middlewares/rate-limit.middleware";
-export type { RateLimitMiddlewareOptions } from "./middlewares/rate-limit.middleware";
-export { createAuditMiddleware } from "./middlewares/audit.middleware";
-export type { AuditMiddlewareOptions } from "./middlewares/audit.middleware";
-export { createLoggerMiddleware } from "./middlewares/logger.middleware";
-export type { LoggerMiddlewareOptions } from "./middlewares/logger.middleware";
-export { createErrorHandlerMiddleware } from "./middlewares/error-handler.middleware";
-export type { ErrorHandlerMiddlewareOptions } from "./middlewares/error-handler.middleware";
-export { createBasicPreset } from "./presets/basic-preset";
-export type { BasicPresetOptions } from "./presets/basic-preset";
-export { createStandardPreset } from "./presets/standard-preset";
-export type { StandardPresetOptions } from "./presets/standard-preset";
-export { extractClientIp } from "./utils/extract-client-ip";
-export { extractUserAgent } from "./utils/extract-user-agent";
-export type { AuthRequest } from "./types/express-auth.types";
+import { DomainError } from "@longzai-intelligence/error";
+import { AccessTokenPayload, IdentityAuthBackend, LoggerService, RateLimiterPort, TokenVerifierPort } from "@longzai-intelligence-auth/core";
+import { NextFunction, Request, RequestHandler, Response } from "express";
+
+//#region src/core/error-mapper.d.ts
+/**
+ * 根据 DomainError 类型映射 HTTP 状态码
+ *
+ * @param error - 需要映射的领域错误实例
+ *
+ * @returns 对应的 HTTP 状态码
+ */
+declare function mapDomainErrorToStatus(error: DomainError): number;
+//#endregion
+//#region src/types/express-auth.types.d.ts
+/**
+ * 扩展 Express Request，附加认证信息
+ */
+type AuthRequest = {
+  /**
+   * 认证载荷
+   */
+  auth: AccessTokenPayload;
+  /**
+   * 租户 ID
+   */
+  tenantId: string;
+  /**
+   * 客户端 IP
+   */
+  clientIp?: string;
+  /**
+   * 限流剩余配额
+   */
+  rateLimitRemaining?: number;
+} & Request;
+/**
+ * JWT 验证中间件配置
+ */
+type JwtVerifyMiddlewareOptions = {
+  /**
+   * 令牌验证器端口实例（用户注入）
+   */
+  verifier: TokenVerifierPort;
+  /**
+   * 默认租户 ID
+   */
+  defaultTenantId?: string;
+};
+/**
+ * RBAC 中间件配置
+ */
+type RbacMiddlewareOptions = {
+  /**
+   * 令牌验证器端口实例（用户注入）
+   */
+  verifier: TokenVerifierPort;
+  /**
+   * 默认租户 ID
+   */
+  defaultTenantId?: string;
+};
+/**
+ * 租户中间件配置
+ */
+type TenantMiddlewareOptions = {
+  /**
+   * 默认租户 ID
+   */
+  defaultTenantId?: string;
+  /**
+   * 认证后端适配器
+   */
+  adapter?: IdentityAuthBackend;
+};
+/**
+ * 限流中间件配置
+ */
+type RateLimitMiddlewareOptions = {
+  /**
+   * 速率限制器端口实例（用户注入）
+   */
+  limiter: RateLimiterPort;
+  /**
+   * 日志服务
+   */
+  logger?: LoggerService;
+  /**
+   * 限流键生成器
+   */
+  keyGenerator?: (req: Request) => string;
+};
+/**
+ * 日志中间件配置
+ */
+type LoggerMiddlewareOptions = {
+  /**
+   * 日志服务
+   */
+  logger: LoggerService;
+};
+/**
+ * 错误处理中间件配置
+ */
+type ErrorHandlerMiddlewareOptions = {
+  /**
+   * 日志服务
+   */
+  logger?: LoggerService;
+};
+/**
+ * 基础预设配置
+ */
+type BasicPresetOptions = {
+  /**
+   * 令牌验证器端口实例（用户注入）
+   */
+  tokenVerifier: TokenVerifierPort;
+  /**
+   * 默认租户 ID
+   */
+  defaultTenantId?: string;
+  /**
+   * 日志服务
+   */
+  logger?: LoggerService;
+};
+/**
+ * 标准预设配置
+ */
+type StandardPresetOptions = {
+  /**
+   * 令牌验证器端口实例（用户注入）
+   */
+  tokenVerifier: TokenVerifierPort;
+  /**
+   * 速率限制器端口实例（用户注入）
+   */
+  rateLimiter: RateLimiterPort;
+  /**
+   * 默认租户 ID
+   */
+  defaultTenantId?: string;
+  /**
+   * 认证后端适配器
+   */
+  adapter: IdentityAuthBackend;
+  /**
+   * 日志服务
+   */
+  logger?: LoggerService;
+};
+//#endregion
+//#region src/middlewares/jwt-verify.middleware.d.ts
+/**
+ * 创建 JWT 验证中间件，从 Authorization Bearer 头提取令牌并验证
+ *
+ * @param options - 中间件配置选项
+ *
+ * @returns Express 中间件函数
+ */
+declare function createJwtVerifyMiddleware(options: JwtVerifyMiddlewareOptions): (req: Request, _res: Response, next: NextFunction) => Promise<void>;
+//#endregion
+//#region src/middlewares/rbac.middleware.d.ts
+/**
+ * 创建 RBAC 权限检查中间件，验证请求是否拥有指定权限
+ *
+ * @param options - 中间件配置选项
+ *
+ * @returns 返回一个函数，接收权限字符串并返回 Express 中间件
+ */
+declare function createRbacMiddleware(options: RbacMiddlewareOptions): (permission: string) => (req: Request, _res: Response, next: NextFunction) => Promise<void>;
+//#endregion
+//#region src/middlewares/tenant.middleware.d.ts
+/**
+ * 创建租户中间件，从 x-tenant-id 头提取租户 ID 并验证租户状态
+ *
+ * @param options - 中间件配置选项
+ *
+ * @returns Express 中间件函数
+ */
+declare function createTenantMiddleware(options?: TenantMiddlewareOptions): (req: Request, _res: Response, next: NextFunction) => Promise<void>;
+//#endregion
+//#region src/middlewares/rate-limit.middleware.d.ts
+/**
+ * 默认限流键生成器，从请求中提取客户端 IP
+ *
+ * @param req - Express 请求对象
+ *
+ * @returns 客户端 IP 地址
+ */
+declare function defaultKeyGenerator(req: Request): string;
+/**
+ * 创建限流中间件，基于 IP + 路径进行限流
+ *
+ * @param options - 中间件配置选项
+ *
+ * @returns Express 中间件函数
+ */
+declare function createRateLimitMiddleware(options: RateLimitMiddlewareOptions): (req: Request, _res: Response, next: NextFunction) => Promise<void>;
+//#endregion
+//#region src/middlewares/logger.middleware.d.ts
+/**
+ * 创建日志中间件，记录请求、响应和错误日志
+ *
+ * @param options - 中间件配置选项
+ *
+ * @returns Express 中间件函数
+ */
+declare function createLoggerMiddleware(options: LoggerMiddlewareOptions): (req: Request, res: Response, next: NextFunction) => void;
+//#endregion
+//#region src/middlewares/error-handler.middleware.d.ts
+/**
+ * 创建错误处理中间件，捕获 DomainError 并映射为 HTTP 状态码响应
+ *
+ * @param options - 中间件配置选项
+ *
+ * @returns Express 错误处理中间件函数
+ */
+declare function createErrorHandlerMiddleware(options?: ErrorHandlerMiddlewareOptions): (error: Error, req: Request, res: Response, _next: NextFunction) => void;
+//#endregion
+//#region src/presets/basic-preset.d.ts
+/**
+ * 创建基础预设中间件集合，包含 JWT 验证和错误处理
+ *
+ * @param options - 预设配置选项
+ * @param options.tokenVerifier - 令牌验证器端口实例（用户注入）
+ * @param options.defaultTenantId - 默认租户 ID（可选）
+ * @param options.logger - 日志服务（可选）
+ * @returns Express 中间件数组
+ */
+declare function createBasicPreset(options: BasicPresetOptions): RequestHandler[];
+//#endregion
+//#region src/presets/standard-preset.d.ts
+/**
+ * 创建标准预设中间件集合，包含 JWT 验证、RBAC、租户、限流和错误处理
+ *
+ * @param options - 预设配置选项
+ * @param options.tokenVerifier - 令牌验证器端口实例（用户注入）
+ * @param options.rateLimiter - 速率限制器端口实例（用户注入）
+ * @param options.defaultTenantId - 默认租户 ID（可选）
+ * @param options.adapter - 认证后端适配器
+ * @param options.logger - 日志服务（可选）
+ * @returns Express 中间件数组
+ */
+declare function createStandardPreset(options: StandardPresetOptions): RequestHandler[];
+//#endregion
+//#region src/utils/extract-client-ip.d.ts
+/**
+ * 从请求中提取客户端 IP 地址
+ *
+ * @param req - Express 请求对象
+ *
+ * @returns 客户端 IP 地址，如果无法提取则返回 undefined
+ */
+declare function extractClientIp(req: Request): string | undefined;
+//#endregion
+//#region src/utils/extract-user-agent.d.ts
+/**
+ * 从请求中提取用户代理
+ *
+ * @param req - Express 请求对象
+ *
+ * @returns 用户代理字符串，如果不存在则返回 undefined
+ */
+declare function extractUserAgent(req: Request): string | undefined;
+//#endregion
+export { type AuthRequest, type BasicPresetOptions, type ErrorHandlerMiddlewareOptions, type JwtVerifyMiddlewareOptions, type LoggerMiddlewareOptions, type RateLimitMiddlewareOptions, type RbacMiddlewareOptions, type StandardPresetOptions, type TenantMiddlewareOptions, createBasicPreset, createErrorHandlerMiddleware, createJwtVerifyMiddleware, createLoggerMiddleware, createRateLimitMiddleware, createRbacMiddleware, createStandardPreset, createTenantMiddleware, defaultKeyGenerator, extractClientIp, extractUserAgent, mapDomainErrorToStatus };

package/dist/index.js

@@ -1,12 +1 @@
-export { mapDomainErrorToStatus } from "./core/error-mapper";
-export { createJwtVerifyMiddleware } from "./middlewares/jwt-verify.middleware";
-export { createRbacMiddleware } from "./middlewares/rbac.middleware";
-export { createTenantMiddleware } from "./middlewares/tenant.middleware";
-export { createRateLimitMiddleware } from "./middlewares/rate-limit.middleware";
-export { createAuditMiddleware } from "./middlewares/audit.middleware";
-export { createLoggerMiddleware } from "./middlewares/logger.middleware";
-export { createErrorHandlerMiddleware } from "./middlewares/error-handler.middleware";
-export { createBasicPreset } from "./presets/basic-preset";
-export { createStandardPreset } from "./presets/standard-preset";
-export { extractClientIp } from "./utils/extract-client-ip";
-export { extractUserAgent } from "./utils/extract-user-agent";
+import{AuthenticationError as e,DomainError as t,DuplicateEntityError as n,isBusinessRuleError as r,isConcurrencyError as i,isEntityNotFoundError as a,isPermissionDeniedError as o,isValidationError as s}from"@longzai-intelligence/error";import{AccountDisabledError as c,InvalidCredentialsError as l,MfaRequiredError as u,RateLimitExceededError as d,TokenExpiredError as f,TokenInvalidError as p,TokenMissingError as m}from"@longzai-intelligence-auth/core";function h(t){return s(t)?400:t instanceof f||t instanceof p||t instanceof m||t instanceof u||t instanceof l||t instanceof c||t instanceof e?401:o(t)?403:a(t)?404:t instanceof n?409:t instanceof d?429:i(t)?409:r(t)?422:500}function g(e){let{verifier:t,defaultTenantId:n=`default`}=e;async function r(e,r,i){try{let r=e,a=e.headers.authorization,o=typeof a==`string`&&a.startsWith(`Bearer `)?a.slice(7):null;if(!o)throw new m;let s=await t.verifyAccessToken(o);if(!s.success||!s.payload)throw new p(s.error);let c=s.payload;r.auth=c,r.tenantId=c.tenantId??n,i()}catch(e){i(e)}}return r}function _(){return{extractRolesFromPayload(e){return{userId:e.sub,tenantId:e.tenantId,roles:e.roles??[]}},hasRole(e,t){return(e.roles??[]).includes(t)},hasAnyRole(e,t){let n=e.roles??[];return t.some(e=>n.includes(e))},hasPermission(e,t,n){let r=e.permissions??[],i=`${t}:${n}`;return!!(r.includes(i)||r.includes(`${t}:*`)||r.includes(`*:${n}`)||r.includes(`*:*`))},hasAnyPermission(e,t){let n=e.permissions??[];return t.some(e=>{let t=`${e.resource}:${e.action}`;return!!(n.includes(t)||n.includes(`${e.resource}:*`)||n.includes(`*:${e.action}`)||n.includes(`*:*`))})}}}function v(e){let{verifier:t,defaultTenantId:n=`default`}=e,r=_();function i(e){async function i(i,a,o){try{let a=i,s=i.headers.authorization,c=typeof s==`string`&&s.startsWith(`Bearer `)?s.slice(7):null;if(!c)throw new m;let l=await t.verifyAccessToken(c);if(!l.success||!l.payload)throw new p(l.error);let u=l.payload;a.auth=u,a.tenantId=u.tenantId??n;let[d,f]=e.split(`:`);if(!d||!f)throw Error(`无效的权限格式: ${e}，应为 resource:action`);if(!r.hasPermission(u,d,f)){let{PermissionDeniedError:e}=await import(`@longzai-intelligence/error`);throw new e(d,f)}o()}catch(e){o(e)}}return i}return i}function y(e={}){let{defaultTenantId:t=`default`,adapter:n}=e;async function r(e,r,i){try{let r=e,a=e.headers[`x-tenant-id`]??t;if(r.tenantId=a,n&&a!==t&&!(await n.tenant.validateStatus(a)).valid){let{PermissionDeniedError:e}=await import(`@longzai-intelligence/error`);throw new e(`tenant`,`access`)}i()}catch(e){i(e)}}return r}function b(e){return e.headers[`x-forwarded-for`]?.split(`,`)[0]?.trim()??e.headers[`x-real-ip`]??e.ip??`unknown`}function x(e){let{limiter:t,logger:n}=e,r=e.keyGenerator??b;async function i(e,i,a){try{let i=e,o=r(e);i.clientIp=o;let s=e.path,c=`${o}:${s}`,l=await t.checkLimit(c);if(!l.allowed)throw n?.warn(`限流触发`,{clientIp:o,path:s}),new d;i.rateLimitRemaining=l.remaining,a()}catch(e){a(e)}}return i}function S(e){let{logger:t}=e;return(e,n,r)=>{let i=Date.now();t.info(`${e.method} ${e.originalUrl}`),n.on(`finish`,()=>{let r=Date.now()-i;t.info(`${e.method} ${e.originalUrl} ${n.statusCode} ${r}ms`)}),n.on(`error`,n=>{t.error(`${e.method} ${e.originalUrl} 请求错误`,{error:n instanceof Error?n.message:String(n)})}),r()}}function C(e={}){let{logger:n}=e;return(e,r,i,a)=>{if(e instanceof t){let t=h(e);i.status(t).json({code:e.code,message:e.message,...e.context&&Object.keys(e.context).length>0?{details:e.context}:{}});return}n?.error(`未预期的错误`,{error:e instanceof Error?e.message:String(e),stack:e instanceof Error?e.stack:void 0}),i.status(500).json({code:`INTERNAL_ERROR`,message:`服务器内部错误`})}}function w(e){return[g({verifier:e.tokenVerifier,defaultTenantId:e.defaultTenantId}),C({logger:e.logger})]}function T(e){let t=v({verifier:e.tokenVerifier,defaultTenantId:e.defaultTenantId});return[g({verifier:e.tokenVerifier,defaultTenantId:e.defaultTenantId}),t(`*:*`),y({defaultTenantId:e.defaultTenantId,adapter:e.adapter}),x({limiter:e.rateLimiter,logger:e.logger}),C({logger:e.logger})]}function E(e){return e.headers[`x-forwarded-for`]?.split(`,`)[0]?.trim()??e.headers[`x-real-ip`]??e.ip??void 0}function D(e){return e.headers[`user-agent`]??void 0}export{w as createBasicPreset,C as createErrorHandlerMiddleware,g as createJwtVerifyMiddleware,S as createLoggerMiddleware,x as createRateLimitMiddleware,v as createRbacMiddleware,T as createStandardPreset,y as createTenantMiddleware,b as defaultKeyGenerator,E as extractClientIp,D as extractUserAgent,h as mapDomainErrorToStatus};

package/package.json

@@ -1,22 +1,15 @@
 {
   "name": "@longzai-intelligence-auth/express",
-  "version": "0.0.2",
+  "version": "0.0.6",
   "license": "UNLICENSED",
   "type": "module",
   "sideEffects": false,
-  "main": "./dist/index.cjs",
-  "module": "./dist/index.js",
+  "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "exports": {
     ".": {
-      "import": {
-        "types": "./dist/index.d.ts",
-        "default": "./dist/index.js"
-      },
-      "require": {
-        "types": "./dist/index.d.cts",
-        "default": "./dist/index.cjs"
-      }
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
     }
   },
   "files": [
@@ -31,12 +24,7 @@
     "directory": "packages/express"
   },
   "dependencies": {
-    "@longzai-intelligence-auth/core": "0.0.2",
-    "@longzai-intelligence-auth/jwt": "0.0.2",
-    "@longzai-intelligence-auth/rate-limit": "0.0.2",
-    "@longzai-intelligence-auth/rbac": "0.0.2",
-    "@longzai-intelligence-auth/session": "0.0.2",
-    "@longzai-intelligence-auth/hashing": "0.0.2",
+    "@longzai-intelligence-auth/core": "0.0.6",
     "@longzai-intelligence/error": "^0.0.5"
   },
   "peerDependencies": {
@@ -47,8 +35,7 @@
     "@types/express": "^5"
   },
   "scripts": {
-    "build": "bun build src/index.ts --outdir dist --target bun",
-    "build:declaration": "tsgo --declaration --emitDeclarationOnly --outDir dist -p tsconfig/app.json",
+    "build": "tsgo --build tsconfig/build.json && resolve-aliases -p tsconfig/build.json",
     "build:prod": "NODE_ENV=production tsdown",
     "prepublishOnly": "bun run build:prod",
     "typecheck": "bun run typecheck:app && bun run typecheck:node && bun run typecheck:test",
@@ -60,6 +47,8 @@
     "test": "bun test",
     "test:watch": "bun test --watch",
     "test:coverage": "bun test --coverage",
-    "clean": "rm -rf dist out .cache"
+    "test:unit": "bun test src/__tests__/unit/",
+    "test:integration": "bun test src/__tests__/integration/",
+    "clean": "rimraf dist out .cache"
   }
 }

package/dist/core/error-mapper.d.ts

@@ -1,2 +0,0 @@
-import type { DomainError } from "@longzai-intelligence/error";
-export declare function mapDomainErrorToStatus(error: DomainError): number;

package/dist/core/error-mapper.js

@@ -1,27 +0,0 @@
-import { AuthenticationError, DuplicateEntityError, isValidationError, isEntityNotFoundError, isPermissionDeniedError, isBusinessRuleError, isConcurrencyError, } from "@longzai-intelligence/error";
-import { TokenExpiredError, TokenInvalidError, TokenMissingError, MfaRequiredError, InvalidCredentialsError, AccountDisabledError, RateLimitExceededError, } from "@longzai-intelligence-auth/core";
-export function mapDomainErrorToStatus(error) {
-    if (isValidationError(error))
-        return 400;
-    if (error instanceof TokenExpiredError ||
-        error instanceof TokenInvalidError ||
-        error instanceof TokenMissingError ||
-        error instanceof MfaRequiredError ||
-        error instanceof InvalidCredentialsError ||
-        error instanceof AccountDisabledError ||
-        error instanceof AuthenticationError)
-        return 401;
-    if (isPermissionDeniedError(error))
-        return 403;
-    if (isEntityNotFoundError(error))
-        return 404;
-    if (error instanceof DuplicateEntityError)
-        return 409;
-    if (error instanceof RateLimitExceededError)
-        return 429;
-    if (isConcurrencyError(error))
-        return 409;
-    if (isBusinessRuleError(error))
-        return 422;
-    return 500;
-}

package/dist/middlewares/audit.middleware.d.ts

@@ -1,4 +0,0 @@
-import type { Request, Response, NextFunction } from "express";
-import type { AuditMiddlewareOptions } from "../types/express-auth.types";
-export type { AuditMiddlewareOptions };
-export declare function createAuditMiddleware(options: AuditMiddlewareOptions): (_req: Request, _res: Response, next: NextFunction) => void;

package/dist/middlewares/audit.middleware.js

@@ -1,12 +0,0 @@
-export function createAuditMiddleware(options) {
-    const { adapter } = options;
-    return (_req, _res, next) => {
-        const authReq = _req;
-        authReq.recordAudit = (entry) => {
-            adapter.audit.save(entry).catch((error) => {
-                console.error("审计日志写入失败:", error);
-            });
-        };
-        next();
-    };
-}

package/dist/middlewares/error-handler.middleware.d.ts

@@ -1,4 +0,0 @@
-import type { Request, Response, NextFunction } from "express";
-import type { ErrorHandlerMiddlewareOptions } from "../types/express-auth.types";
-export type { ErrorHandlerMiddlewareOptions };
-export declare function createErrorHandlerMiddleware(options?: ErrorHandlerMiddlewareOptions): (error: Error, req: Request, res: Response, _next: NextFunction) => void;

package/dist/middlewares/error-handler.middleware.js

@@ -1,23 +0,0 @@
-import { DomainError } from "@longzai-intelligence/error";
-import { mapDomainErrorToStatus } from "../core/error-mapper";
-export function createErrorHandlerMiddleware(options = {}) {
-    const { logger } = options;
-    return (error, req, res, _next) => {
-        if (error instanceof DomainError) {
-            const status = mapDomainErrorToStatus(error);
-            res.status(status).json({
-                code: error.code,
-                message: error.message,
-                ...(error.context && Object.keys(error.context).length > 0
-                    ? { details: error.context }
-                    : {}),
-            });
-            return;
-        }
-        logger?.error("未预期的错误", {
-            error: error instanceof Error ? error.message : String(error),
-            stack: error instanceof Error ? error.stack : undefined,
-        });
-        res.status(500).json({ code: "INTERNAL_ERROR", message: "服务器内部错误" });
-    };
-}

package/dist/middlewares/jwt-verify.middleware.d.ts

@@ -1,4 +0,0 @@
-import type { Request, Response, NextFunction } from "express";
-import type { JwtVerifyMiddlewareOptions } from "../types/express-auth.types";
-export type { JwtVerifyMiddlewareOptions };
-export declare function createJwtVerifyMiddleware(options: JwtVerifyMiddlewareOptions): (req: Request, _res: Response, next: NextFunction) => Promise<void>;

package/dist/middlewares/jwt-verify.middleware.js

@@ -1,36 +0,0 @@
-import { createJwtVerifier } from "@longzai-intelligence-auth/jwt";
-import { TokenMissingError, TokenInvalidError } from "@longzai-intelligence-auth/core";
-export function createJwtVerifyMiddleware(options) {
-    const { jwt: jwtConfig, defaultTenantId = "default" } = options;
-    let verifierPromise = null;
-    const getVerifier = () => {
-        if (!verifierPromise) {
-            verifierPromise = createJwtVerifier(jwtConfig);
-        }
-        return verifierPromise;
-    };
-    return async (req, _res, next) => {
-        try {
-            const authReq = req;
-            const authHeader = req.headers["authorization"];
-            const bearer = typeof authHeader === "string" && authHeader.startsWith("Bearer ")
-                ? authHeader.slice(7)
-                : null;
-            if (!bearer) {
-                throw new TokenMissingError();
-            }
-            const verifier = await getVerifier();
-            const result = await verifier.verifyAccessToken(bearer);
-            if (!result.success || !result.payload) {
-                throw new TokenInvalidError(result.error);
-            }
-            const payload = result.payload;
-            authReq.auth = payload;
-            authReq.tenantId = payload.tenantId ?? defaultTenantId;
-            next();
-        }
-        catch (error) {
-            next(error);
-        }
-    };
-}

package/dist/middlewares/logger.middleware.d.ts

@@ -1,4 +0,0 @@
-import type { Request, Response, NextFunction } from "express";
-import type { LoggerMiddlewareOptions } from "../types/express-auth.types";
-export type { LoggerMiddlewareOptions };
-export declare function createLoggerMiddleware(options: LoggerMiddlewareOptions): (req: Request, res: Response, next: NextFunction) => void;

package/dist/middlewares/logger.middleware.js

@@ -1,17 +0,0 @@
-export function createLoggerMiddleware(options) {
-    const { logger } = options;
-    return (req, res, next) => {
-        const startTime = Date.now();
-        logger.info(`${req.method} ${req.originalUrl}`);
-        res.on("finish", () => {
-            const duration = Date.now() - startTime;
-            logger.info(`${req.method} ${req.originalUrl} ${res.statusCode} ${duration}ms`);
-        });
-        res.on("error", (error) => {
-            logger.error(`${req.method} ${req.originalUrl} 请求错误`, {
-                error: error instanceof Error ? error.message : String(error),
-            });
-        });
-        next();
-    };
-}

package/dist/middlewares/rate-limit.middleware.d.ts

@@ -1,4 +0,0 @@
-import type { Request, Response, NextFunction } from "express";
-import type { RateLimitMiddlewareOptions } from "../types/express-auth.types";
-export type { RateLimitMiddlewareOptions };
-export declare function createRateLimitMiddleware(options?: RateLimitMiddlewareOptions): (req: Request, _res: Response, next: NextFunction) => Promise<void>;

package/dist/middlewares/rate-limit.middleware.js

@@ -1,42 +0,0 @@
-import { createMemoryRateLimiter } from "@longzai-intelligence-auth/rate-limit";
-import { RateLimitExceededError } from "@longzai-intelligence-auth/core";
-function defaultKeyGenerator(req) {
-    return req.headers["x-forwarded-for"]?.split(",")[0]?.trim()
-        ?? req.headers["x-real-ip"]
-        ?? req.ip
-        ?? "unknown";
-}
-export function createRateLimitMiddleware(options = { windowSeconds: 60, maxRequests: 100 }) {
-    const { logger } = options;
-    const keyGen = options.keyGenerator ?? defaultKeyGenerator;
-    const limiter = createMemoryRateLimiter({
-        windowSeconds: options.windowSeconds,
-        maxRequests: options.maxRequests,
-    });
-    const timer = setInterval(() => {
-        limiter.cleanup();
-    }, 60_000);
-    if (typeof process !== "undefined" && typeof process.on === "function") {
-        process.on("exit", () => clearInterval(timer));
-    }
-    return async (req, _res, next) => {
-        try {
-            const authReq = req;
-            const clientIp = keyGen(req);
-            authReq.clientIp = clientIp;
-            const path = req.path;
-            const key = `${clientIp}:${path}`;
-            const allowed = await limiter.check(key);
-            if (!allowed) {
-                logger?.warn("限流触发", { clientIp, path });
-                throw new RateLimitExceededError();
-            }
-            const remaining = options.maxRequests - limiter.getCount(key);
-            authReq.rateLimitRemaining = remaining;
-            next();
-        }
-        catch (error) {
-            next(error);
-        }
-    };
-}

package/dist/middlewares/rbac.middleware.d.ts

@@ -1,4 +0,0 @@
-import type { Request, Response, NextFunction } from "express";
-import type { RbacMiddlewareOptions } from "../types/express-auth.types";
-export type { RbacMiddlewareOptions };
-export declare function createRbacMiddleware(options: RbacMiddlewareOptions): (permission: string) => (req: Request, _res: Response, next: NextFunction) => Promise<void>;

package/dist/middlewares/rbac.middleware.js

@@ -1,49 +0,0 @@
-import { createRoleChecker } from "@longzai-intelligence-auth/rbac";
-import { createJwtVerifier } from "@longzai-intelligence-auth/jwt";
-import { TokenMissingError, TokenInvalidError } from "@longzai-intelligence-auth/core";
-export function createRbacMiddleware(options) {
-    const { jwt: jwtConfig, defaultTenantId = "default" } = options;
-    const roleChecker = createRoleChecker();
-    let verifierPromise = null;
-    const getVerifier = () => {
-        if (!verifierPromise) {
-            verifierPromise = createJwtVerifier(jwtConfig);
-        }
-        return verifierPromise;
-    };
-    return (permission) => {
-        return async (req, _res, next) => {
-            try {
-                const authReq = req;
-                const authHeader = req.headers["authorization"];
-                const bearer = typeof authHeader === "string" && authHeader.startsWith("Bearer ")
-                    ? authHeader.slice(7)
-                    : null;
-                if (!bearer) {
-                    throw new TokenMissingError();
-                }
-                const verifier = await getVerifier();
-                const result = await verifier.verifyAccessToken(bearer);
-                if (!result.success || !result.payload) {
-                    throw new TokenInvalidError(result.error);
-                }
-                const payload = result.payload;
-                authReq.auth = payload;
-                authReq.tenantId = payload.tenantId ?? defaultTenantId;
-                const [resource, action] = permission.split(":");
-                if (!resource || !action) {
-                    throw new Error(`无效的权限格式: ${permission}，应为 resource:action`);
-                }
-                const hasPermission = roleChecker.hasPermission(payload, resource, action);
-                if (!hasPermission) {
-                    const { PermissionDeniedError } = await import("@longzai-intelligence/error");
-                    throw new PermissionDeniedError(resource, action);
-                }
-                next();
-            }
-            catch (error) {
-                next(error);
-            }
-        };
-    };
-}

package/dist/middlewares/tenant.middleware.d.ts

@@ -1,4 +0,0 @@
-import type { Request, Response, NextFunction } from "express";
-import type { TenantMiddlewareOptions } from "../types/express-auth.types";
-export type { TenantMiddlewareOptions };
-export declare function createTenantMiddleware(options?: TenantMiddlewareOptions): (req: Request, _res: Response, next: NextFunction) => Promise<void>;

package/dist/middlewares/tenant.middleware.js

@@ -1,22 +0,0 @@
-export function createTenantMiddleware(options = {}) {
-    const { defaultTenantId = "default", adapter } = options;
-    return async (req, _res, next) => {
-        try {
-            const authReq = req;
-            const headerTenantId = req.headers["x-tenant-id"];
-            const tenantId = headerTenantId ?? defaultTenantId;
-            authReq.tenantId = tenantId;
-            if (adapter && tenantId !== defaultTenantId) {
-                const result = await adapter.tenant.validateStatus(tenantId);
-                if (!result.valid) {
-                    const { PermissionDeniedError } = await import("@longzai-intelligence/error");
-                    throw new PermissionDeniedError("tenant", "access");
-                }
-            }
-            next();
-        }
-        catch (error) {
-            next(error);
-        }
-    };
-}

package/dist/presets/basic-preset.d.ts

@@ -1,4 +0,0 @@
-import type { RequestHandler } from "express";
-import type { BasicPresetOptions } from "../types/express-auth.types";
-export type { BasicPresetOptions };
-export declare function createBasicPreset(options: BasicPresetOptions): RequestHandler[];

package/dist/presets/basic-preset.js

@@ -1,11 +0,0 @@
-import { createJwtVerifyMiddleware } from "../middlewares/jwt-verify.middleware";
-import { createErrorHandlerMiddleware } from "../middlewares/error-handler.middleware";
-export function createBasicPreset(options) {
-    return [
-        createJwtVerifyMiddleware({
-            jwt: options.jwt,
-            defaultTenantId: options.defaultTenantId,
-        }),
-        createErrorHandlerMiddleware({ logger: options.logger }),
-    ];
-}

package/dist/presets/standard-preset.d.ts

@@ -1,4 +0,0 @@
-import type { RequestHandler } from "express";
-import type { StandardPresetOptions } from "../types/express-auth.types";
-export type { StandardPresetOptions };
-export declare function createStandardPreset(options: StandardPresetOptions): RequestHandler[];

package/dist/presets/standard-preset.js

@@ -1,27 +0,0 @@
-import { createJwtVerifyMiddleware } from "../middlewares/jwt-verify.middleware";
-import { createRbacMiddleware } from "../middlewares/rbac.middleware";
-import { createTenantMiddleware } from "../middlewares/tenant.middleware";
-import { createRateLimitMiddleware } from "../middlewares/rate-limit.middleware";
-import { createErrorHandlerMiddleware } from "../middlewares/error-handler.middleware";
-export function createStandardPreset(options) {
-    const rbacMiddleware = createRbacMiddleware({
-        jwt: options.jwt,
-        defaultTenantId: options.defaultTenantId,
-    });
-    return [
-        createJwtVerifyMiddleware({
-            jwt: options.jwt,
-            defaultTenantId: options.defaultTenantId,
-        }),
-        rbacMiddleware("*:*"),
-        createTenantMiddleware({
-            defaultTenantId: options.defaultTenantId,
-            adapter: options.adapter,
-        }),
-        createRateLimitMiddleware({
-            windowSeconds: 60,
-            maxRequests: 100,
-        }),
-        createErrorHandlerMiddleware({ logger: options.logger }),
-    ];
-}

package/dist/types/express-auth.types.d.ts

@@ -1,47 +0,0 @@
-import type { Request } from "express";
-import type { JwtSignerConfig } from "@longzai-intelligence-auth/jwt";
-import type { IdentityAuthBackend, RateLimitConfig, LoggerService, AuditLogEntry } from "@longzai-intelligence-auth/core";
-import type { AccessTokenPayload } from "@longzai-intelligence-auth/core";
-export interface AuthRequest extends Request {
-    auth: AccessTokenPayload;
-    tenantId: string;
-    clientIp?: string;
-    rateLimitRemaining?: number;
-    recordAudit?: (entry: Omit<AuditLogEntry, never>) => void;
-}
-export type JwtVerifyMiddlewareOptions = {
-    jwt: JwtSignerConfig;
-    defaultTenantId?: string;
-};
-export type RbacMiddlewareOptions = {
-    jwt: JwtSignerConfig;
-    defaultTenantId?: string;
-};
-export type TenantMiddlewareOptions = {
-    defaultTenantId?: string;
-    adapter?: IdentityAuthBackend;
-};
-export type RateLimitMiddlewareOptions = RateLimitConfig & {
-    logger?: LoggerService;
-    keyGenerator?: (req: Request) => string;
-};
-export type AuditMiddlewareOptions = {
-    adapter: IdentityAuthBackend;
-};
-export type LoggerMiddlewareOptions = {
-    logger: LoggerService;
-};
-export type ErrorHandlerMiddlewareOptions = {
-    logger?: LoggerService;
-};
-export type BasicPresetOptions = {
-    jwt: JwtSignerConfig;
-    defaultTenantId?: string;
-    logger?: LoggerService;
-};
-export type StandardPresetOptions = {
-    jwt: JwtSignerConfig;
-    defaultTenantId?: string;
-    adapter: IdentityAuthBackend;
-    logger?: LoggerService;
-};

package/dist/types/express-auth.types.js

@@ -1 +0,0 @@
-export {};

package/dist/utils/extract-client-ip.d.ts

@@ -1,2 +0,0 @@
-import type { Request } from "express";
-export declare function extractClientIp(req: Request): string | undefined;

package/dist/utils/extract-client-ip.js

@@ -1,6 +0,0 @@
-export function extractClientIp(req) {
-    return req.headers["x-forwarded-for"]?.split(",")[0]?.trim()
-        ?? req.headers["x-real-ip"]
-        ?? req.ip
-        ?? undefined;
-}

package/dist/utils/extract-user-agent.d.ts

@@ -1,2 +0,0 @@
-import type { Request } from "express";
-export declare function extractUserAgent(req: Request): string | undefined;

package/dist/utils/extract-user-agent.js

@@ -1,3 +0,0 @@
-export function extractUserAgent(req) {
-    return req.headers["user-agent"] ?? undefined;
-}