@markwharton/pwa-core 1.2.1 → 1.4.0

package/dist/server/http/index.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isConflictError = exports.isNotFoundError = exports.handleFunctionError = exports.conflictResponse = exports.notFoundResponse = exports.forbiddenResponse = exports.unauthorizedResponse = exports.badRequestResponse = void 0;
+var responses_1 = require("./responses");
+Object.defineProperty(exports, "badRequestResponse", { enumerable: true, get: function () { return responses_1.badRequestResponse; } });
+Object.defineProperty(exports, "unauthorizedResponse", { enumerable: true, get: function () { return responses_1.unauthorizedResponse; } });
+Object.defineProperty(exports, "forbiddenResponse", { enumerable: true, get: function () { return responses_1.forbiddenResponse; } });
+Object.defineProperty(exports, "notFoundResponse", { enumerable: true, get: function () { return responses_1.notFoundResponse; } });
+Object.defineProperty(exports, "conflictResponse", { enumerable: true, get: function () { return responses_1.conflictResponse; } });
+Object.defineProperty(exports, "handleFunctionError", { enumerable: true, get: function () { return responses_1.handleFunctionError; } });
+Object.defineProperty(exports, "isNotFoundError", { enumerable: true, get: function () { return responses_1.isNotFoundError; } });
+Object.defineProperty(exports, "isConflictError", { enumerable: true, get: function () { return responses_1.isConflictError; } });

package/dist/server/http/responses.d.ts

@@ -0,0 +1,82 @@
+import { HttpResponseInit, InvocationContext } from '@azure/functions';
+/**
+ * Creates a 400 Bad Request response.
+ * @param message - The error message to return
+ * @returns Azure Functions HttpResponseInit object
+ * @example
+ * if (!body.email) return badRequestResponse('Email is required');
+ */
+export declare function badRequestResponse(message: string): HttpResponseInit;
+/**
+ * Creates a 401 Unauthorized response.
+ * @param message - The error message (default: 'Unauthorized')
+ * @returns Azure Functions HttpResponseInit object
+ * @example
+ * if (!token) return unauthorizedResponse();
+ */
+export declare function unauthorizedResponse(message?: string): HttpResponseInit;
+/**
+ * Creates a 403 Forbidden response.
+ * @param message - The error message (default: 'Forbidden')
+ * @returns Azure Functions HttpResponseInit object
+ * @example
+ * if (!isAdmin(payload)) return forbiddenResponse('Admin access required');
+ */
+export declare function forbiddenResponse(message?: string): HttpResponseInit;
+/**
+ * Creates a 404 Not Found response.
+ * @param resource - The name of the resource that wasn't found
+ * @returns Azure Functions HttpResponseInit object
+ * @example
+ * if (!user) return notFoundResponse('User');
+ * // Returns: { error: 'User not found' }
+ */
+export declare function notFoundResponse(resource: string): HttpResponseInit;
+/**
+ * Creates a 409 Conflict response.
+ * @param message - The conflict error message
+ * @returns Azure Functions HttpResponseInit object
+ * @example
+ * if (existingUser) return conflictResponse('Email already registered');
+ */
+export declare function conflictResponse(message: string): HttpResponseInit;
+/**
+ * Handles unexpected errors safely by logging details and returning a generic message.
+ * Use in catch blocks to avoid exposing internal error details to clients.
+ * @param error - The caught error
+ * @param context - Azure Functions InvocationContext for logging
+ * @returns Azure Functions HttpResponseInit with 500 status
+ * @example
+ * try {
+ *   await riskyOperation();
+ * } catch (error) {
+ *   return handleFunctionError(error, context);
+ * }
+ */
+export declare function handleFunctionError(error: unknown, context: InvocationContext): HttpResponseInit;
+/**
+ * Checks if an error is an Azure Table Storage "not found" error.
+ * @param error - The caught error
+ * @returns True if error has statusCode 404
+ * @example
+ * try {
+ *   await tableClient.getEntity(pk, rk);
+ * } catch (error) {
+ *   if (isNotFoundError(error)) return notFoundResponse('Entity');
+ *   throw error;
+ * }
+ */
+export declare function isNotFoundError(error: unknown): boolean;
+/**
+ * Checks if an error is an Azure Table Storage "conflict" error.
+ * @param error - The caught error
+ * @returns True if error has statusCode 409
+ * @example
+ * try {
+ *   await tableClient.createEntity(entity);
+ * } catch (error) {
+ *   if (isConflictError(error)) return conflictResponse('Entity already exists');
+ *   throw error;
+ * }
+ */
+export declare function isConflictError(error: unknown): boolean;

package/dist/server/http/responses.js

@@ -0,0 +1,132 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.badRequestResponse = badRequestResponse;
+exports.unauthorizedResponse = unauthorizedResponse;
+exports.forbiddenResponse = forbiddenResponse;
+exports.notFoundResponse = notFoundResponse;
+exports.conflictResponse = conflictResponse;
+exports.handleFunctionError = handleFunctionError;
+exports.isNotFoundError = isNotFoundError;
+exports.isConflictError = isConflictError;
+const status_1 = require("../../shared/http/status");
+/**
+ * Creates a 400 Bad Request response.
+ * @param message - The error message to return
+ * @returns Azure Functions HttpResponseInit object
+ * @example
+ * if (!body.email) return badRequestResponse('Email is required');
+ */
+function badRequestResponse(message) {
+    return {
+        status: status_1.HTTP_STATUS.BAD_REQUEST,
+        jsonBody: { error: message }
+    };
+}
+/**
+ * Creates a 401 Unauthorized response.
+ * @param message - The error message (default: 'Unauthorized')
+ * @returns Azure Functions HttpResponseInit object
+ * @example
+ * if (!token) return unauthorizedResponse();
+ */
+function unauthorizedResponse(message = 'Unauthorized') {
+    return {
+        status: status_1.HTTP_STATUS.UNAUTHORIZED,
+        jsonBody: { error: message }
+    };
+}
+/**
+ * Creates a 403 Forbidden response.
+ * @param message - The error message (default: 'Forbidden')
+ * @returns Azure Functions HttpResponseInit object
+ * @example
+ * if (!isAdmin(payload)) return forbiddenResponse('Admin access required');
+ */
+function forbiddenResponse(message = 'Forbidden') {
+    return {
+        status: status_1.HTTP_STATUS.FORBIDDEN,
+        jsonBody: { error: message }
+    };
+}
+/**
+ * Creates a 404 Not Found response.
+ * @param resource - The name of the resource that wasn't found
+ * @returns Azure Functions HttpResponseInit object
+ * @example
+ * if (!user) return notFoundResponse('User');
+ * // Returns: { error: 'User not found' }
+ */
+function notFoundResponse(resource) {
+    return {
+        status: status_1.HTTP_STATUS.NOT_FOUND,
+        jsonBody: { error: `${resource} not found` }
+    };
+}
+/**
+ * Creates a 409 Conflict response.
+ * @param message - The conflict error message
+ * @returns Azure Functions HttpResponseInit object
+ * @example
+ * if (existingUser) return conflictResponse('Email already registered');
+ */
+function conflictResponse(message) {
+    return {
+        status: status_1.HTTP_STATUS.CONFLICT,
+        jsonBody: { error: message }
+    };
+}
+/**
+ * Handles unexpected errors safely by logging details and returning a generic message.
+ * Use in catch blocks to avoid exposing internal error details to clients.
+ * @param error - The caught error
+ * @param context - Azure Functions InvocationContext for logging
+ * @returns Azure Functions HttpResponseInit with 500 status
+ * @example
+ * try {
+ *   await riskyOperation();
+ * } catch (error) {
+ *   return handleFunctionError(error, context);
+ * }
+ */
+function handleFunctionError(error, context) {
+    const message = error instanceof Error ? error.message : 'Unknown error';
+    context.error(`Function error: ${message}`);
+    return {
+        status: status_1.HTTP_STATUS.INTERNAL_ERROR,
+        jsonBody: { error: 'Internal server error' }
+    };
+}
+/**
+ * Checks if an error is an Azure Table Storage "not found" error.
+ * @param error - The caught error
+ * @returns True if error has statusCode 404
+ * @example
+ * try {
+ *   await tableClient.getEntity(pk, rk);
+ * } catch (error) {
+ *   if (isNotFoundError(error)) return notFoundResponse('Entity');
+ *   throw error;
+ * }
+ */
+function isNotFoundError(error) {
+    return (error instanceof Error &&
+        'statusCode' in error &&
+        error.statusCode === 404);
+}
+/**
+ * Checks if an error is an Azure Table Storage "conflict" error.
+ * @param error - The caught error
+ * @returns True if error has statusCode 409
+ * @example
+ * try {
+ *   await tableClient.createEntity(entity);
+ * } catch (error) {
+ *   if (isConflictError(error)) return conflictResponse('Entity already exists');
+ *   throw error;
+ * }
+ */
+function isConflictError(error) {
+    return (error instanceof Error &&
+        'statusCode' in error &&
+        error.statusCode === 409);
+}

package/dist/server/index.d.ts

@@ -0,0 +1,3 @@
+export { initAuth, getJwtSecret, extractToken, validateToken, generateToken, generateLongLivedToken, extractApiKey, hashApiKey, validateApiKey, generateApiKey } from './auth';
+export { badRequestResponse, unauthorizedResponse, forbiddenResponse, notFoundResponse, conflictResponse, handleFunctionError, isNotFoundError, isConflictError } from './http';
+export { initStorage, initStorageFromEnv, useManagedIdentity, getTableClient, clearTableClientCache, generateRowKey } from './storage';

package/dist/server/index.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateRowKey = exports.clearTableClientCache = exports.getTableClient = exports.useManagedIdentity = exports.initStorageFromEnv = exports.initStorage = exports.isConflictError = exports.isNotFoundError = exports.handleFunctionError = exports.conflictResponse = exports.notFoundResponse = exports.forbiddenResponse = exports.unauthorizedResponse = exports.badRequestResponse = exports.generateApiKey = exports.validateApiKey = exports.hashApiKey = exports.extractApiKey = exports.generateLongLivedToken = exports.generateToken = exports.validateToken = exports.extractToken = exports.getJwtSecret = exports.initAuth = void 0;
+// Auth
+var auth_1 = require("./auth");
+Object.defineProperty(exports, "initAuth", { enumerable: true, get: function () { return auth_1.initAuth; } });
+Object.defineProperty(exports, "getJwtSecret", { enumerable: true, get: function () { return auth_1.getJwtSecret; } });
+Object.defineProperty(exports, "extractToken", { enumerable: true, get: function () { return auth_1.extractToken; } });
+Object.defineProperty(exports, "validateToken", { enumerable: true, get: function () { return auth_1.validateToken; } });
+Object.defineProperty(exports, "generateToken", { enumerable: true, get: function () { return auth_1.generateToken; } });
+Object.defineProperty(exports, "generateLongLivedToken", { enumerable: true, get: function () { return auth_1.generateLongLivedToken; } });
+Object.defineProperty(exports, "extractApiKey", { enumerable: true, get: function () { return auth_1.extractApiKey; } });
+Object.defineProperty(exports, "hashApiKey", { enumerable: true, get: function () { return auth_1.hashApiKey; } });
+Object.defineProperty(exports, "validateApiKey", { enumerable: true, get: function () { return auth_1.validateApiKey; } });
+Object.defineProperty(exports, "generateApiKey", { enumerable: true, get: function () { return auth_1.generateApiKey; } });
+// HTTP
+var http_1 = require("./http");
+Object.defineProperty(exports, "badRequestResponse", { enumerable: true, get: function () { return http_1.badRequestResponse; } });
+Object.defineProperty(exports, "unauthorizedResponse", { enumerable: true, get: function () { return http_1.unauthorizedResponse; } });
+Object.defineProperty(exports, "forbiddenResponse", { enumerable: true, get: function () { return http_1.forbiddenResponse; } });
+Object.defineProperty(exports, "notFoundResponse", { enumerable: true, get: function () { return http_1.notFoundResponse; } });
+Object.defineProperty(exports, "conflictResponse", { enumerable: true, get: function () { return http_1.conflictResponse; } });
+Object.defineProperty(exports, "handleFunctionError", { enumerable: true, get: function () { return http_1.handleFunctionError; } });
+Object.defineProperty(exports, "isNotFoundError", { enumerable: true, get: function () { return http_1.isNotFoundError; } });
+Object.defineProperty(exports, "isConflictError", { enumerable: true, get: function () { return http_1.isConflictError; } });
+// Storage
+var storage_1 = require("./storage");
+Object.defineProperty(exports, "initStorage", { enumerable: true, get: function () { return storage_1.initStorage; } });
+Object.defineProperty(exports, "initStorageFromEnv", { enumerable: true, get: function () { return storage_1.initStorageFromEnv; } });
+Object.defineProperty(exports, "useManagedIdentity", { enumerable: true, get: function () { return storage_1.useManagedIdentity; } });
+Object.defineProperty(exports, "getTableClient", { enumerable: true, get: function () { return storage_1.getTableClient; } });
+Object.defineProperty(exports, "clearTableClientCache", { enumerable: true, get: function () { return storage_1.clearTableClientCache; } });
+Object.defineProperty(exports, "generateRowKey", { enumerable: true, get: function () { return storage_1.generateRowKey; } });

package/dist/server/storage/client.d.ts

@@ -0,0 +1,48 @@
+import { TableClient } from '@azure/data-tables';
+/**
+ * Initializes Azure Table Storage configuration. Call once at application startup.
+ * @param config - Storage configuration options
+ * @param config.accountName - Azure Storage account name (for managed identity)
+ * @param config.connectionString - Connection string (for local development)
+ * @example
+ * // Production (Azure with managed identity)
+ * initStorage({ accountName: 'mystorageaccount' });
+ *
+ * // Local development (Azurite)
+ * initStorage({ connectionString: 'UseDevelopmentStorage=true' });
+ */
+export declare function initStorage(config: {
+    accountName?: string;
+    connectionString?: string;
+}): void;
+/**
+ * Initializes storage from environment variables.
+ * Reads STORAGE_ACCOUNT_NAME and AzureWebJobsStorage.
+ * @example
+ * initStorageFromEnv(); // Uses process.env automatically
+ */
+export declare function initStorageFromEnv(): void;
+/**
+ * Checks if using Azure managed identity vs local connection string.
+ * @returns True if using managed identity (production), false for connection string (local)
+ */
+export declare function useManagedIdentity(): boolean;
+/**
+ * Gets a TableClient for the specified table, creating the table if needed.
+ * Clients are cached for reuse across requests.
+ * @param tableName - The Azure Table Storage table name
+ * @returns A configured TableClient instance
+ * @throws Error if storage is not configured
+ * @example
+ * const client = await getTableClient('users');
+ * await client.createEntity({ partitionKey: 'pk', rowKey: 'rk', name: 'John' });
+ */
+export declare function getTableClient(tableName: string): Promise<TableClient>;
+/**
+ * Clears the TableClient cache. Primarily useful for testing.
+ * @example
+ * afterEach(() => {
+ *   clearTableClientCache();
+ * });
+ */
+export declare function clearTableClientCache(): void;

package/dist/server/storage/client.js

@@ -0,0 +1,107 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initStorage = initStorage;
+exports.initStorageFromEnv = initStorageFromEnv;
+exports.useManagedIdentity = useManagedIdentity;
+exports.getTableClient = getTableClient;
+exports.clearTableClientCache = clearTableClientCache;
+const data_tables_1 = require("@azure/data-tables");
+const identity_1 = require("@azure/identity");
+/**
+ * Azure Table Storage client factory with managed identity support
+ */
+// Cache table clients to avoid repeated connections
+const tableClients = new Map();
+// Configuration
+let storageAccountName;
+let connectionString;
+/**
+ * Initializes Azure Table Storage configuration. Call once at application startup.
+ * @param config - Storage configuration options
+ * @param config.accountName - Azure Storage account name (for managed identity)
+ * @param config.connectionString - Connection string (for local development)
+ * @example
+ * // Production (Azure with managed identity)
+ * initStorage({ accountName: 'mystorageaccount' });
+ *
+ * // Local development (Azurite)
+ * initStorage({ connectionString: 'UseDevelopmentStorage=true' });
+ */
+function initStorage(config) {
+    storageAccountName = config.accountName;
+    connectionString = config.connectionString;
+}
+/**
+ * Initializes storage from environment variables.
+ * Reads STORAGE_ACCOUNT_NAME and AzureWebJobsStorage.
+ * @example
+ * initStorageFromEnv(); // Uses process.env automatically
+ */
+function initStorageFromEnv() {
+    initStorage({
+        accountName: process.env.STORAGE_ACCOUNT_NAME,
+        connectionString: process.env.AzureWebJobsStorage
+    });
+}
+/**
+ * Checks if using Azure managed identity vs local connection string.
+ * @returns True if using managed identity (production), false for connection string (local)
+ */
+function useManagedIdentity() {
+    return !!storageAccountName && !connectionString?.includes('UseDevelopmentStorage');
+}
+/**
+ * Gets a TableClient for the specified table, creating the table if needed.
+ * Clients are cached for reuse across requests.
+ * @param tableName - The Azure Table Storage table name
+ * @returns A configured TableClient instance
+ * @throws Error if storage is not configured
+ * @example
+ * const client = await getTableClient('users');
+ * await client.createEntity({ partitionKey: 'pk', rowKey: 'rk', name: 'John' });
+ */
+async function getTableClient(tableName) {
+    // Return cached client if available
+    const cached = tableClients.get(tableName);
+    if (cached) {
+        return cached;
+    }
+    let client;
+    if (useManagedIdentity()) {
+        // Azure: Use managed identity
+        const credential = new identity_1.DefaultAzureCredential();
+        const endpoint = `https://${storageAccountName}.table.core.windows.net`;
+        client = new data_tables_1.TableClient(endpoint, tableName, credential);
+    }
+    else if (connectionString) {
+        // Local/Azurite: Use connection string
+        client = data_tables_1.TableClient.fromConnectionString(connectionString, tableName);
+    }
+    else {
+        throw new Error('Storage not configured. Set STORAGE_ACCOUNT_NAME or AzureWebJobsStorage.');
+    }
+    // Create table if it doesn't exist
+    try {
+        await client.createTable();
+    }
+    catch (error) {
+        // Ignore "table already exists" errors (409 Conflict)
+        const tableError = error;
+        if (tableError.statusCode !== 409) {
+            throw error;
+        }
+    }
+    // Cache and return
+    tableClients.set(tableName, client);
+    return client;
+}
+/**
+ * Clears the TableClient cache. Primarily useful for testing.
+ * @example
+ * afterEach(() => {
+ *   clearTableClientCache();
+ * });
+ */
+function clearTableClientCache() {
+    tableClients.clear();
+}

package/dist/server/storage/index.d.ts

@@ -0,0 +1,2 @@
+export { initStorage, initStorageFromEnv, useManagedIdentity, getTableClient, clearTableClientCache } from './client';
+export { generateRowKey } from './keys';

package/dist/server/storage/index.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateRowKey = exports.clearTableClientCache = exports.getTableClient = exports.useManagedIdentity = exports.initStorageFromEnv = exports.initStorage = void 0;
+var client_1 = require("./client");
+Object.defineProperty(exports, "initStorage", { enumerable: true, get: function () { return client_1.initStorage; } });
+Object.defineProperty(exports, "initStorageFromEnv", { enumerable: true, get: function () { return client_1.initStorageFromEnv; } });
+Object.defineProperty(exports, "useManagedIdentity", { enumerable: true, get: function () { return client_1.useManagedIdentity; } });
+Object.defineProperty(exports, "getTableClient", { enumerable: true, get: function () { return client_1.getTableClient; } });
+Object.defineProperty(exports, "clearTableClientCache", { enumerable: true, get: function () { return client_1.clearTableClientCache; } });
+var keys_1 = require("./keys");
+Object.defineProperty(exports, "generateRowKey", { enumerable: true, get: function () { return keys_1.generateRowKey; } });

package/dist/server/storage/keys.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Generate a unique row key from an identifier string
+ * Uses SHA-256 hash for consistent, URL-safe keys
+ *
+ * @param identifier - The string to hash (e.g., subscription endpoint, user ID)
+ * @returns A 32-character hex string suitable for Azure Table Storage row keys
+ */
+export declare function generateRowKey(identifier: string): string;

package/dist/server/storage/keys.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateRowKey = generateRowKey;
+const crypto_1 = require("crypto");
+/**
+ * Generate a unique row key from an identifier string
+ * Uses SHA-256 hash for consistent, URL-safe keys
+ *
+ * @param identifier - The string to hash (e.g., subscription endpoint, user ID)
+ * @returns A 32-character hex string suitable for Azure Table Storage row keys
+ */
+function generateRowKey(identifier) {
+    return (0, crypto_1.createHash)('sha256').update(identifier).digest('hex').substring(0, 32);
+}

package/dist/shared/auth/index.d.ts

@@ -0,0 +1,2 @@
+export type { BaseJwtPayload, UserTokenPayload, UsernameTokenPayload, RoleTokenPayload } from './types';
+export { hasUsername, hasRole, isAdmin } from './types';

package/dist/shared/auth/index.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isAdmin = exports.hasRole = exports.hasUsername = void 0;
+var types_1 = require("./types");
+Object.defineProperty(exports, "hasUsername", { enumerable: true, get: function () { return types_1.hasUsername; } });
+Object.defineProperty(exports, "hasRole", { enumerable: true, get: function () { return types_1.hasRole; } });
+Object.defineProperty(exports, "isAdmin", { enumerable: true, get: function () { return types_1.isAdmin; } });

package/dist/shared/auth/types.d.ts

@@ -0,0 +1,63 @@
+/**
+ * Base JWT payload - all tokens include these fields
+ * Projects extend this with their specific fields
+ */
+export interface BaseJwtPayload {
+    iat: number;
+    exp: number;
+}
+/**
+ * Standard user token payload
+ * Used by: azure-pwa-starter, azure-alert-service (admin), onsite-monitor
+ */
+export interface UserTokenPayload extends BaseJwtPayload {
+    authenticated: true;
+    tokenType: 'user' | 'machine';
+}
+/**
+ * Username-based token payload
+ * Used by: financial-tracker
+ */
+export interface UsernameTokenPayload extends BaseJwtPayload {
+    username: string;
+}
+/**
+ * Role-based token payload
+ * Used by: azure-alert-service
+ */
+export interface RoleTokenPayload extends BaseJwtPayload {
+    authenticated: true;
+    tokenType: 'user' | 'machine';
+    role: 'admin' | 'viewer';
+    viewerTokenId?: string;
+}
+/**
+ * Type guard to check if a JWT payload contains a username field.
+ * @param payload - The JWT payload to check
+ * @returns True if payload has a string username field
+ * @example
+ * if (hasUsername(payload)) {
+ *   console.log(payload.username); // TypeScript knows username exists
+ * }
+ */
+export declare function hasUsername(payload: BaseJwtPayload): payload is UsernameTokenPayload;
+/**
+ * Type guard to check if a JWT payload contains a role field.
+ * @param payload - The JWT payload to check
+ * @returns True if payload has a role field
+ * @example
+ * if (hasRole(payload)) {
+ *   console.log(payload.role); // 'admin' | 'viewer'
+ * }
+ */
+export declare function hasRole(payload: BaseJwtPayload): payload is RoleTokenPayload;
+/**
+ * Checks if a JWT payload represents an admin user.
+ * @param payload - The JWT payload to check
+ * @returns True if payload has role='admin'
+ * @example
+ * if (!isAdmin(payload)) {
+ *   return httpForbidden('Admin access required');
+ * }
+ */
+export declare function isAdmin(payload: BaseJwtPayload): boolean;

package/dist/shared/auth/types.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hasUsername = hasUsername;
+exports.hasRole = hasRole;
+exports.isAdmin = isAdmin;
+/**
+ * Type guard to check if a JWT payload contains a username field.
+ * @param payload - The JWT payload to check
+ * @returns True if payload has a string username field
+ * @example
+ * if (hasUsername(payload)) {
+ *   console.log(payload.username); // TypeScript knows username exists
+ * }
+ */
+function hasUsername(payload) {
+    return 'username' in payload && typeof payload.username === 'string';
+}
+/**
+ * Type guard to check if a JWT payload contains a role field.
+ * @param payload - The JWT payload to check
+ * @returns True if payload has a role field
+ * @example
+ * if (hasRole(payload)) {
+ *   console.log(payload.role); // 'admin' | 'viewer'
+ * }
+ */
+function hasRole(payload) {
+    return 'role' in payload;
+}
+/**
+ * Checks if a JWT payload represents an admin user.
+ * @param payload - The JWT payload to check
+ * @returns True if payload has role='admin'
+ * @example
+ * if (!isAdmin(payload)) {
+ *   return httpForbidden('Admin access required');
+ * }
+ */
+function isAdmin(payload) {
+    return hasRole(payload) && payload.role === 'admin';
+}

package/dist/shared/http/index.d.ts

@@ -0,0 +1,3 @@
+export { HTTP_STATUS } from './status';
+export type { HttpStatus } from './status';
+export type { ErrorResponse } from './types';

package/dist/shared/http/index.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HTTP_STATUS = void 0;
+var status_1 = require("./status");
+Object.defineProperty(exports, "HTTP_STATUS", { enumerable: true, get: function () { return status_1.HTTP_STATUS; } });

package/dist/shared/http/status.d.ts

@@ -0,0 +1,17 @@
+/**
+ * HTTP status codes - use instead of magic numbers
+ */
+export declare const HTTP_STATUS: {
+    readonly OK: 200;
+    readonly CREATED: 201;
+    readonly NO_CONTENT: 204;
+    readonly BAD_REQUEST: 400;
+    readonly UNAUTHORIZED: 401;
+    readonly FORBIDDEN: 403;
+    readonly NOT_FOUND: 404;
+    readonly CONFLICT: 409;
+    readonly GONE: 410;
+    readonly INTERNAL_ERROR: 500;
+    readonly SERVICE_UNAVAILABLE: 503;
+};
+export type HttpStatus = typeof HTTP_STATUS[keyof typeof HTTP_STATUS];

package/dist/shared/http/status.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HTTP_STATUS = void 0;
+/**
+ * HTTP status codes - use instead of magic numbers
+ */
+exports.HTTP_STATUS = {
+    OK: 200,
+    CREATED: 201,
+    NO_CONTENT: 204,
+    BAD_REQUEST: 400,
+    UNAUTHORIZED: 401,
+    FORBIDDEN: 403,
+    NOT_FOUND: 404,
+    CONFLICT: 409,
+    GONE: 410,
+    INTERNAL_ERROR: 500,
+    SERVICE_UNAVAILABLE: 503
+};

package/dist/shared/http/types.d.ts

@@ -0,0 +1,10 @@
+/**
+ * HTTP module type definitions
+ */
+/**
+ * Standard error response structure
+ */
+export interface ErrorResponse {
+    error: string;
+    details?: string;
+}

package/dist/shared/http/types.js

@@ -0,0 +1,5 @@
+"use strict";
+/**
+ * HTTP module type definitions
+ */
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/shared/index.d.ts

@@ -0,0 +1,5 @@
+export type { BaseJwtPayload, UserTokenPayload, UsernameTokenPayload, RoleTokenPayload } from './auth';
+export { hasUsername, hasRole, isAdmin } from './auth';
+export { HTTP_STATUS } from './http';
+export type { HttpStatus } from './http';
+export type { ErrorResponse } from './http';