@nauth-toolkit/core 0.2.7 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (104) hide show
  1. package/dist/bootstrap.d.ts +3 -0
  2. package/dist/bootstrap.d.ts.map +1 -1
  3. package/dist/bootstrap.js +63 -0
  4. package/dist/bootstrap.js.map +1 -1
  5. package/dist/dto/admin-api-key.dto.d.ts +69 -0
  6. package/dist/dto/admin-api-key.dto.d.ts.map +1 -0
  7. package/dist/dto/admin-api-key.dto.js +144 -0
  8. package/dist/dto/admin-api-key.dto.js.map +1 -0
  9. package/dist/dto/admin-signup-social.dto.d.ts +1 -1
  10. package/dist/dto/admin-signup-social.dto.js +1 -1
  11. package/dist/dto/admin-signup.dto.d.ts +1 -1
  12. package/dist/dto/admin-signup.dto.js +1 -1
  13. package/dist/dto/api-key.dto.d.ts +132 -0
  14. package/dist/dto/api-key.dto.d.ts.map +1 -0
  15. package/dist/dto/api-key.dto.js +198 -0
  16. package/dist/dto/api-key.dto.js.map +1 -0
  17. package/dist/dto/change-password.dto.d.ts +2 -2
  18. package/dist/dto/change-password.dto.js +2 -2
  19. package/dist/dto/index.d.ts +2 -0
  20. package/dist/dto/index.d.ts.map +1 -1
  21. package/dist/dto/index.js +3 -0
  22. package/dist/dto/index.js.map +1 -1
  23. package/dist/dto/reset-password.dto.d.ts +1 -1
  24. package/dist/dto/reset-password.dto.js +1 -1
  25. package/dist/dto/respond-challenge.dto.d.ts +1 -1
  26. package/dist/dto/respond-challenge.dto.js +1 -1
  27. package/dist/dto/signup.dto.d.ts +1 -1
  28. package/dist/dto/signup.dto.js +1 -1
  29. package/dist/entities/api-key.entity.d.ts +135 -0
  30. package/dist/entities/api-key.entity.d.ts.map +1 -0
  31. package/dist/entities/api-key.entity.js +149 -0
  32. package/dist/entities/api-key.entity.js.map +1 -0
  33. package/dist/entities/index.d.ts +1 -0
  34. package/dist/entities/index.d.ts.map +1 -1
  35. package/dist/entities/index.js +3 -1
  36. package/dist/entities/index.js.map +1 -1
  37. package/dist/enums/auth-audit-event-type.enum.d.ts +25 -1
  38. package/dist/enums/auth-audit-event-type.enum.d.ts.map +1 -1
  39. package/dist/enums/auth-audit-event-type.enum.js +27 -0
  40. package/dist/enums/auth-audit-event-type.enum.js.map +1 -1
  41. package/dist/enums/error-codes.enum.d.ts +56 -1
  42. package/dist/enums/error-codes.enum.d.ts.map +1 -1
  43. package/dist/enums/error-codes.enum.js +58 -0
  44. package/dist/enums/error-codes.enum.js.map +1 -1
  45. package/dist/exceptions/nauth.exception.d.ts.map +1 -1
  46. package/dist/exceptions/nauth.exception.js +13 -0
  47. package/dist/exceptions/nauth.exception.js.map +1 -1
  48. package/dist/handlers/api-key.handler.d.ts +45 -0
  49. package/dist/handlers/api-key.handler.d.ts.map +1 -0
  50. package/dist/handlers/api-key.handler.js +99 -0
  51. package/dist/handlers/api-key.handler.js.map +1 -0
  52. package/dist/handlers/auth.handler.d.ts.map +1 -1
  53. package/dist/handlers/auth.handler.js +6 -0
  54. package/dist/handlers/auth.handler.js.map +1 -1
  55. package/dist/index.d.ts +7 -0
  56. package/dist/index.d.ts.map +1 -1
  57. package/dist/index.js +8 -1
  58. package/dist/index.js.map +1 -1
  59. package/dist/interfaces/config.interface.d.ts +162 -0
  60. package/dist/interfaces/config.interface.d.ts.map +1 -1
  61. package/dist/internal.d.ts +7 -0
  62. package/dist/internal.d.ts.map +1 -1
  63. package/dist/internal.js +8 -1
  64. package/dist/internal.js.map +1 -1
  65. package/dist/openapi/components.schemas.json +284 -7
  66. package/dist/platform/interfaces.d.ts +8 -0
  67. package/dist/platform/interfaces.d.ts.map +1 -1
  68. package/dist/schemas/auth-config.schema.d.ts +211 -0
  69. package/dist/schemas/auth-config.schema.d.ts.map +1 -1
  70. package/dist/schemas/auth-config.schema.js +33 -1
  71. package/dist/schemas/auth-config.schema.js.map +1 -1
  72. package/dist/services/admin-auth.service.d.ts +59 -1
  73. package/dist/services/admin-auth.service.d.ts.map +1 -1
  74. package/dist/services/admin-auth.service.js +99 -1
  75. package/dist/services/admin-auth.service.js.map +1 -1
  76. package/dist/services/api-key.service.d.ts +152 -0
  77. package/dist/services/api-key.service.d.ts.map +1 -0
  78. package/dist/services/api-key.service.js +378 -0
  79. package/dist/services/api-key.service.js.map +1 -0
  80. package/dist/services/telemetry.service.d.ts +154 -0
  81. package/dist/services/telemetry.service.d.ts.map +1 -0
  82. package/dist/services/telemetry.service.js +345 -0
  83. package/dist/services/telemetry.service.js.map +1 -0
  84. package/dist/utils/get-package-version.d.ts +15 -0
  85. package/dist/utils/get-package-version.d.ts.map +1 -0
  86. package/dist/utils/get-package-version.js +84 -0
  87. package/dist/utils/get-package-version.js.map +1 -0
  88. package/dist/utils/index.d.ts +1 -0
  89. package/dist/utils/index.d.ts.map +1 -1
  90. package/dist/utils/index.js +1 -0
  91. package/dist/utils/index.js.map +1 -1
  92. package/dist/utils/ip-match.d.ts +44 -0
  93. package/dist/utils/ip-match.d.ts.map +1 -0
  94. package/dist/utils/ip-match.js +135 -0
  95. package/dist/utils/ip-match.js.map +1 -0
  96. package/dist/utils/setup/get-repositories.d.ts +2 -1
  97. package/dist/utils/setup/get-repositories.d.ts.map +1 -1
  98. package/dist/utils/setup/get-repositories.js +2 -0
  99. package/dist/utils/setup/get-repositories.js.map +1 -1
  100. package/dist/utils/setup/init-services.d.ts +4 -2
  101. package/dist/utils/setup/init-services.d.ts.map +1 -1
  102. package/dist/utils/setup/init-services.js +8 -1
  103. package/dist/utils/setup/init-services.js.map +1 -1
  104. package/package.json +2 -2
@@ -0,0 +1,345 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || (function () {
19
+ var ownKeys = function(o) {
20
+ ownKeys = Object.getOwnPropertyNames || function (o) {
21
+ var ar = [];
22
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
23
+ return ar;
24
+ };
25
+ return ownKeys(o);
26
+ };
27
+ return function (mod) {
28
+ if (mod && mod.__esModule) return mod;
29
+ var result = {};
30
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
31
+ __setModuleDefault(result, mod);
32
+ return result;
33
+ };
34
+ })();
35
+ Object.defineProperty(exports, "__esModule", { value: true });
36
+ exports.TelemetryService = void 0;
37
+ const crypto_1 = require("crypto");
38
+ const fs = __importStar(require("fs"));
39
+ const os = __importStar(require("os"));
40
+ const path = __importStar(require("path"));
41
+ const get_package_version_1 = require("../utils/get-package-version");
42
+ /**
43
+ * Default telemetry ingestion endpoint (stable custom domain; the deployment
44
+ * behind it can change without a package release).
45
+ */
46
+ const DEFAULT_ENDPOINT = 'https://telemetry.nauth.dev/';
47
+ /** Storage key holding the shared anonymous instance identifier. */
48
+ const INSTANCE_ID_KEY = 'nauth:telemetry:instance_id';
49
+ /** Network timeout for telemetry requests — beyond this the request is aborted. */
50
+ const SEND_TIMEOUT_MS = 3000;
51
+ /** Heartbeat base interval (24h); a random jitter of up to 1h is added per process. */
52
+ const HEARTBEAT_INTERVAL_MS = 24 * 60 * 60 * 1000;
53
+ const HEARTBEAT_JITTER_MS = 60 * 60 * 1000;
54
+ /**
55
+ * Anonymous usage telemetry (opt-out)
56
+ *
57
+ * Sends a small, anonymous payload describing the *shape* of the nauth
58
+ * configuration (enums, booleans, and registered provider names — never
59
+ * values) once at boot and once per day thereafter. The data guides
60
+ * development priorities; see https://nauth.dev/docs/concepts/telemetry
61
+ * for the exact payload and rationale.
62
+ *
63
+ * **Performance guarantees:**
64
+ * - Never runs inside a request path — no middleware or handler involvement
65
+ * - The boot ping is deferred and fire-and-forget; `NAuth.create()` gains no awaits
66
+ * - The heartbeat timer is unref'd and never keeps the process alive
67
+ * - Network failures are swallowed at debug level; this service never throws
68
+ *
69
+ * **Disabled automatically** when any of the following holds:
70
+ * - `config.telemetry.enabled === false`
71
+ * - `NAUTH_TELEMETRY_DISABLED=1` or `DO_NOT_TRACK=1`
72
+ * - `CI=true` or `NODE_ENV=test`
73
+ *
74
+ * @example
75
+ * ```typescript
76
+ * const telemetry = new TelemetryService(config, storage, logger, 'express', mfaService, socialRegistry);
77
+ * telemetry.sendBootPing();
78
+ * telemetry.startHeartbeat();
79
+ * // ...on shutdown:
80
+ * telemetry.shutdown();
81
+ * ```
82
+ */
83
+ class TelemetryService {
84
+ config;
85
+ storageAdapter;
86
+ logger;
87
+ framework;
88
+ mfaService;
89
+ socialProviderRegistry;
90
+ heartbeatTimer;
91
+ cachedInstanceId;
92
+ disclosureShown = false;
93
+ constructor(config, storageAdapter, logger, framework = 'unknown', mfaService, socialProviderRegistry) {
94
+ this.config = config;
95
+ this.storageAdapter = storageAdapter;
96
+ this.logger = logger;
97
+ this.framework = framework;
98
+ this.mfaService = mfaService;
99
+ this.socialProviderRegistry = socialProviderRegistry;
100
+ }
101
+ /**
102
+ * Whether telemetry is active for this process.
103
+ *
104
+ * Evaluates the config flag and all environment opt-outs
105
+ * (NAUTH_TELEMETRY_DISABLED, DO_NOT_TRACK, CI, NODE_ENV=test).
106
+ *
107
+ * @returns true when telemetry may be sent
108
+ */
109
+ isEnabled() {
110
+ if (this.config.telemetry?.enabled === false) {
111
+ return false;
112
+ }
113
+ const env = process.env;
114
+ const truthy = (v) => v === '1' || v?.toLowerCase() === 'true';
115
+ if (truthy(env.NAUTH_TELEMETRY_DISABLED) || truthy(env.DO_NOT_TRACK)) {
116
+ return false;
117
+ }
118
+ if (env.CI !== undefined && env.CI !== '' && env.CI.toLowerCase() !== 'false') {
119
+ return false;
120
+ }
121
+ if (env.NODE_ENV === 'test') {
122
+ return false;
123
+ }
124
+ return true;
125
+ }
126
+ /**
127
+ * Send the boot ping (fire-and-forget).
128
+ *
129
+ * On the first boot of an install (when the anonymous instance ID is
130
+ * created), a one-time disclosure notice is logged. Subsequent boots of
131
+ * the same install are silent. This method returns immediately and never
132
+ * throws; all work happens off the startup path.
133
+ */
134
+ sendBootPing() {
135
+ if (!this.isEnabled()) {
136
+ return;
137
+ }
138
+ this.resolveInstanceId()
139
+ .then(({ instanceId, isNew }) => {
140
+ if (isNew && !this.disclosureShown) {
141
+ this.disclosureShown = true;
142
+ this.logger?.log?.('nauth-toolkit collects anonymous usage data (config shape only — no PII, IPs, or secrets) to guide development. ' +
143
+ 'Details and opt-out: https://nauth.dev/docs/concepts/telemetry (set NAUTH_TELEMETRY_DISABLED=1 to disable)');
144
+ }
145
+ return this.send(this.buildPayload('boot', instanceId));
146
+ })
147
+ .catch((err) => {
148
+ const message = err instanceof Error ? err.message : 'Unknown error';
149
+ this.logger?.debug?.(`Telemetry boot ping skipped: ${message}`);
150
+ });
151
+ }
152
+ /**
153
+ * Start the daily heartbeat timer.
154
+ *
155
+ * The timer is unref'd so it never prevents process exit. A random jitter
156
+ * of up to one hour avoids synchronized pings from fleets that restart
157
+ * together. No-op when telemetry is disabled.
158
+ */
159
+ startHeartbeat() {
160
+ if (!this.isEnabled() || this.heartbeatTimer) {
161
+ return;
162
+ }
163
+ const interval = HEARTBEAT_INTERVAL_MS + Math.floor(Math.random() * HEARTBEAT_JITTER_MS);
164
+ this.heartbeatTimer = setInterval(() => {
165
+ this.resolveInstanceId()
166
+ .then(({ instanceId }) => this.send(this.buildPayload('heartbeat', instanceId)))
167
+ .catch((err) => {
168
+ const message = err instanceof Error ? err.message : 'Unknown error';
169
+ this.logger?.debug?.(`Telemetry heartbeat skipped: ${message}`);
170
+ });
171
+ }, interval);
172
+ this.heartbeatTimer.unref?.();
173
+ }
174
+ /**
175
+ * Stop the heartbeat timer. Safe to call multiple times.
176
+ */
177
+ shutdown() {
178
+ if (this.heartbeatTimer) {
179
+ clearInterval(this.heartbeatTimer);
180
+ this.heartbeatTimer = undefined;
181
+ }
182
+ }
183
+ /**
184
+ * Resolve the anonymous instance ID, with layered persistence:
185
+ *
186
+ * 1. **Storage adapter** (Redis/database) — deployment-scoped: all processes
187
+ * sharing the deployment converge on one ID via an NX (set-if-absent) write.
188
+ * 2. **Home-directory file** (`~/.nauth-toolkit/telemetry-instance-id`) — used
189
+ * when the storage adapter is the non-persistent in-memory adapter, so
190
+ * restarts on the same machine keep one ID instead of minting a new
191
+ * "install" per boot.
192
+ * 3. **Per-process UUID** — last resort when both stores are unavailable
193
+ * (e.g. read-only filesystem); never throws.
194
+ *
195
+ * `isNew` is true only when this process created the ID — used to show the
196
+ * disclosure notice exactly once per install.
197
+ */
198
+ async resolveInstanceId() {
199
+ if (this.cachedInstanceId) {
200
+ return { instanceId: this.cachedInstanceId, isNew: false };
201
+ }
202
+ try {
203
+ // The first get() also initializes lazy wrappers, so the unwrapped
204
+ // adapter name below is accurate.
205
+ const existing = await this.storageAdapter.get(INSTANCE_ID_KEY);
206
+ // In-memory storage does not survive restarts — prefer the file store
207
+ // so an install keeps a stable identity across boots.
208
+ if (!this.storageAdapterName().toLowerCase().includes('memory')) {
209
+ if (existing) {
210
+ this.cachedInstanceId = existing;
211
+ return { instanceId: existing, isNew: false };
212
+ }
213
+ const candidate = (0, crypto_1.randomUUID)();
214
+ await this.storageAdapter.set(INSTANCE_ID_KEY, candidate, undefined, { nx: true });
215
+ const settled = (await this.storageAdapter.get(INSTANCE_ID_KEY)) ?? candidate;
216
+ this.cachedInstanceId = settled;
217
+ return { instanceId: settled, isNew: settled === candidate };
218
+ }
219
+ }
220
+ catch {
221
+ // Storage unavailable — fall through to the file store.
222
+ }
223
+ return this.resolveInstanceIdFromFile();
224
+ }
225
+ /**
226
+ * File-backed instance ID under the user's home directory. Returns a
227
+ * per-process UUID when the filesystem is unavailable or read-only.
228
+ */
229
+ resolveInstanceIdFromFile() {
230
+ try {
231
+ const dir = path.join(os.homedir(), '.nauth-toolkit');
232
+ const file = path.join(dir, 'telemetry-instance-id');
233
+ const existing = fs.existsSync(file) ? fs.readFileSync(file, 'utf8').trim() : '';
234
+ if (/^[0-9a-f-]{36}$/i.test(existing)) {
235
+ this.cachedInstanceId = existing;
236
+ return { instanceId: existing, isNew: false };
237
+ }
238
+ const candidate = (0, crypto_1.randomUUID)();
239
+ fs.mkdirSync(dir, { recursive: true });
240
+ fs.writeFileSync(file, candidate, 'utf8');
241
+ this.cachedInstanceId = candidate;
242
+ return { instanceId: candidate, isNew: true };
243
+ }
244
+ catch {
245
+ const fallback = (0, crypto_1.randomUUID)();
246
+ this.cachedInstanceId = fallback;
247
+ return { instanceId: fallback, isNew: true };
248
+ }
249
+ }
250
+ /**
251
+ * Build the telemetry payload from the resolved configuration and the
252
+ * registered provider lists. Pure shape extraction — no values are read
253
+ * beyond enums, booleans, and provider identifiers.
254
+ */
255
+ buildPayload(event, instanceId) {
256
+ const cfg = this.config;
257
+ const nodeEnv = process.env.NODE_ENV === 'production'
258
+ ? 'production'
259
+ : process.env.NODE_ENV === 'development' || process.env.NODE_ENV === undefined
260
+ ? 'development'
261
+ : 'other';
262
+ let mfaProviders = [];
263
+ try {
264
+ mfaProviders = this.mfaService?.listProviders().providers ?? [];
265
+ }
266
+ catch {
267
+ // Provider registry unavailable — report empty rather than fail.
268
+ }
269
+ let socialProviders = [];
270
+ try {
271
+ socialProviders = this.socialProviderRegistry?.listProviders() ?? [];
272
+ }
273
+ catch {
274
+ // Provider registry unavailable — report empty rather than fail.
275
+ }
276
+ return {
277
+ schemaVersion: 1,
278
+ instanceId,
279
+ event,
280
+ coreVersion: (0, get_package_version_1.getCoreVersion)(),
281
+ nodeMajor: parseInt(process.versions.node.split('.')[0], 10),
282
+ platform: process.platform,
283
+ arch: process.arch,
284
+ nodeEnv,
285
+ framework: this.framework,
286
+ config: {
287
+ tokenDeliveryMethod: cfg.tokenDelivery?.method ?? 'json',
288
+ mfa: {
289
+ enabled: cfg.mfa?.enabled === true,
290
+ enforcement: cfg.mfa?.enforcement ?? null,
291
+ gracePeriodSet: cfg.mfa?.gracePeriod !== undefined,
292
+ allowedMethods: (cfg.mfa?.allowedMethods ?? []).map((m) => String(m)),
293
+ },
294
+ mfaProviders,
295
+ socialProviders,
296
+ storageAdapter: this.storageAdapterName(),
297
+ signupVerificationMethod: cfg.signup?.verificationMethod ?? null,
298
+ auditLogsEnabled: cfg.auditLogs?.enabled !== false,
299
+ recaptchaEnabled: cfg.recaptcha?.enabled === true,
300
+ geoLocationConfigured: cfg.geoLocation?.maxMind !== undefined,
301
+ },
302
+ };
303
+ }
304
+ /**
305
+ * Resolve the storage adapter class name for the payload.
306
+ *
307
+ * Lazy wrappers (used by the NestJS module and the core storage factory)
308
+ * would otherwise report 'LazyStorageAdapter' for every install; when the
309
+ * wrapper has an initialized inner adapter, its class name is reported
310
+ * instead. By the time the payload is built the instance-ID lookup has
311
+ * already gone through the adapter, so the inner adapter exists.
312
+ */
313
+ storageAdapterName() {
314
+ const wrapper = this.storageAdapter;
315
+ return wrapper.inner?.constructor?.name ?? this.storageAdapter.constructor.name;
316
+ }
317
+ /**
318
+ * POST the payload to the telemetry endpoint with a hard timeout.
319
+ * All failures are swallowed (debug log only) — telemetry must be
320
+ * invisible when it fails.
321
+ */
322
+ async send(payload) {
323
+ const endpoint = this.config.telemetry?.endpoint ?? DEFAULT_ENDPOINT;
324
+ const controller = new AbortController();
325
+ const timeout = setTimeout(() => controller.abort(), SEND_TIMEOUT_MS);
326
+ timeout.unref?.();
327
+ try {
328
+ await fetch(endpoint, {
329
+ method: 'POST',
330
+ headers: { 'content-type': 'application/json' },
331
+ body: JSON.stringify(payload),
332
+ signal: controller.signal,
333
+ });
334
+ }
335
+ catch (err) {
336
+ const message = err instanceof Error ? err.message : 'Unknown error';
337
+ this.logger?.debug?.(`Telemetry send failed (ignored): ${message}`);
338
+ }
339
+ finally {
340
+ clearTimeout(timeout);
341
+ }
342
+ }
343
+ }
344
+ exports.TelemetryService = TelemetryService;
345
+ //# sourceMappingURL=telemetry.service.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"telemetry.service.js","sourceRoot":"","sources":["../../src/services/telemetry.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,mCAAoC;AACpC,uCAAyB;AACzB,uCAAyB;AACzB,2CAA6B;AAI7B,sEAA8D;AAI9D;;;GAGG;AACH,MAAM,gBAAgB,GAAG,8BAA8B,CAAC;AAExD,oEAAoE;AACpE,MAAM,eAAe,GAAG,6BAA6B,CAAC;AAEtD,mFAAmF;AACnF,MAAM,eAAe,GAAG,IAAI,CAAC;AAE7B,uFAAuF;AACvF,MAAM,qBAAqB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAClD,MAAM,mBAAmB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAqC3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAa,gBAAgB;IAMR;IACA;IACA;IACA;IACA;IACA;IAVX,cAAc,CAAkB;IAChC,gBAAgB,CAAU;IAC1B,eAAe,GAAG,KAAK,CAAC;IAEhC,YACmB,MAAmB,EACnB,cAA8B,EAC9B,MAAoB,EACpB,YAAoB,SAAS,EAC7B,UAAuB,EACvB,sBAA+C;QAL/C,WAAM,GAAN,MAAM,CAAa;QACnB,mBAAc,GAAd,cAAc,CAAgB;QAC9B,WAAM,GAAN,MAAM,CAAc;QACpB,cAAS,GAAT,SAAS,CAAoB;QAC7B,eAAU,GAAV,UAAU,CAAa;QACvB,2BAAsB,GAAtB,sBAAsB,CAAyB;IAC/D,CAAC;IAEJ;;;;;;;OAOG;IACH,SAAS;QACP,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;YAC7C,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACxB,MAAM,MAAM,GAAG,CAAC,CAAqB,EAAW,EAAE,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,EAAE,WAAW,EAAE,KAAK,MAAM,CAAC;QAC5F,IAAI,MAAM,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACrE,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,GAAG,CAAC,EAAE,KAAK,SAAS,IAAI,GAAG,CAAC,EAAE,KAAK,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,KAAK,OAAO,EAAE,CAAC;YAC9E,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YAC5B,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;OAOG;IACH,YAAY;QACV,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QACD,IAAI,CAAC,iBAAiB,EAAE;aACrB,IAAI,CAAC,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,EAAE,EAAE;YAC9B,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;gBACnC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;gBAC5B,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAChB,kHAAkH;oBAChH,4GAA4G,CAC/G,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;QAC1D,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;YACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACrE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,gCAAgC,OAAO,EAAE,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;IACP,CAAC;IAED;;;;;;OAMG;IACH,cAAc;QACZ,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YAC7C,OAAO;QACT,CAAC;QACD,MAAM,QAAQ,GAAG,qBAAqB,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,mBAAmB,CAAC,CAAC;QACzF,IAAI,CAAC,cAAc,GAAG,WAAW,CAAC,GAAG,EAAE;YACrC,IAAI,CAAC,iBAAiB,EAAE;iBACrB,IAAI,CAAC,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC,CAAC;iBAC/E,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;gBACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBACrE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,gCAAgC,OAAO,EAAE,CAAC,CAAC;YAClE,CAAC,CAAC,CAAC;QACP,CAAC,EAAE,QAAQ,CAAC,CAAC;QACb,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,EAAE,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,aAAa,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACnC,IAAI,CAAC,cAAc,GAAG,SAAS,CAAC;QAClC,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACK,KAAK,CAAC,iBAAiB;QAC7B,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC1B,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;QAC7D,CAAC;QACD,IAAI,CAAC;YACH,mEAAmE;YACnE,kCAAkC;YAClC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAChE,sEAAsE;YACtE,sDAAsD;YACtD,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChE,IAAI,QAAQ,EAAE,CAAC;oBACb,IAAI,CAAC,gBAAgB,GAAG,QAAQ,CAAC;oBACjC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;gBAChD,CAAC;gBACD,MAAM,SAAS,GAAG,IAAA,mBAAU,GAAE,CAAC;gBAC/B,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;gBACnF,MAAM,OAAO,GAAG,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,IAAI,SAAS,CAAC;gBAC9E,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC;gBAChC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,KAAK,SAAS,EAAE,CAAC;YAC/D,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wDAAwD;QAC1D,CAAC;QACD,OAAO,IAAI,CAAC,yBAAyB,EAAE,CAAC;IAC1C,CAAC;IAED;;;OAGG;IACK,yBAAyB;QAC/B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,gBAAgB,CAAC,CAAC;YACtD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,uBAAuB,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjF,IAAI,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACtC,IAAI,CAAC,gBAAgB,GAAG,QAAQ,CAAC;gBACjC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;YAChD,CAAC;YACD,MAAM,SAAS,GAAG,IAAA,mBAAU,GAAE,CAAC;YAC/B,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACvC,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;YAC1C,IAAI,CAAC,gBAAgB,GAAG,SAAS,CAAC;YAClC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAChD,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,QAAQ,GAAG,IAAA,mBAAU,GAAE,CAAC;YAC9B,IAAI,CAAC,gBAAgB,GAAG,QAAQ,CAAC;YACjC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAC/C,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,YAAY,CAAC,KAA2B,EAAE,UAAkB;QAClE,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC;QACxB,MAAM,OAAO,GACX,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;YACnC,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,SAAS;gBAC5E,CAAC,CAAC,aAAa;gBACf,CAAC,CAAC,OAAO,CAAC;QAEhB,IAAI,YAAY,GAAa,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,YAAY,GAAG,IAAI,CAAC,UAAU,EAAE,aAAa,EAAE,CAAC,SAAS,IAAI,EAAE,CAAC;QAClE,CAAC;QAAC,MAAM,CAAC;YACP,iEAAiE;QACnE,CAAC;QACD,IAAI,eAAe,GAAa,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,eAAe,GAAG,IAAI,CAAC,sBAAsB,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;QACvE,CAAC;QAAC,MAAM,CAAC;YACP,iEAAiE;QACnE,CAAC;QAED,OAAO;YACL,aAAa,EAAE,CAAC;YAChB,UAAU;YACV,KAAK;YACL,WAAW,EAAE,IAAA,oCAAc,GAAE;YAC7B,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;YAC5D,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,OAAO;YACP,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,MAAM,EAAE;gBACN,mBAAmB,EAAE,GAAG,CAAC,aAAa,EAAE,MAAM,IAAI,MAAM;gBACxD,GAAG,EAAE;oBACH,OAAO,EAAE,GAAG,CAAC,GAAG,EAAE,OAAO,KAAK,IAAI;oBAClC,WAAW,EAAE,GAAG,CAAC,GAAG,EAAE,WAAW,IAAI,IAAI;oBACzC,cAAc,EAAE,GAAG,CAAC,GAAG,EAAE,WAAW,KAAK,SAAS;oBAClD,cAAc,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,cAAc,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;iBACtE;gBACD,YAAY;gBACZ,eAAe;gBACf,cAAc,EAAE,IAAI,CAAC,kBAAkB,EAAE;gBACzC,wBAAwB,EAAE,GAAG,CAAC,MAAM,EAAE,kBAAkB,IAAI,IAAI;gBAChE,gBAAgB,EAAE,GAAG,CAAC,SAAS,EAAE,OAAO,KAAK,KAAK;gBAClD,gBAAgB,EAAE,GAAG,CAAC,SAAS,EAAE,OAAO,KAAK,IAAI;gBACjD,qBAAqB,EAAE,GAAG,CAAC,WAAW,EAAE,OAAO,KAAK,SAAS;aAC9D;SACF,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACK,kBAAkB;QACxB,MAAM,OAAO,GAAG,IAAI,CAAC,cAA4E,CAAC;QAClG,OAAO,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE,IAAI,IAAI,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,IAAI,CAAC;IAClF,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,IAAI,CAAC,OAAyB;QAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,QAAQ,IAAI,gBAAgB,CAAC;QACrE,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,eAAe,CAAC,CAAC;QACtE,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;QAClB,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,QAAQ,EAAE;gBACpB,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;gBAC7B,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACrE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,oCAAoC,OAAO,EAAE,CAAC,CAAC;QACtE,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;CACF;AAvQD,4CAuQC"}
@@ -0,0 +1,15 @@
1
+ /**
2
+ * Resolve the installed @nauth-toolkit/core version at runtime.
3
+ *
4
+ * Walks up from the compiled file location (dist/utils at runtime, src/utils
5
+ * under ts-jest) for up to three levels looking for the package's own
6
+ * package.json. Reading at runtime keeps the reported version in sync with
7
+ * the published package — a compiled-in constant would go stale because the
8
+ * release script bumps versions outside the TypeScript build.
9
+ *
10
+ * Never throws; returns 'unknown' when the manifest cannot be found or read.
11
+ *
12
+ * @returns The semver version string of @nauth-toolkit/core, or 'unknown'
13
+ */
14
+ export declare function getCoreVersion(): string;
15
+ //# sourceMappingURL=get-package-version.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"get-package-version.d.ts","sourceRoot":"","sources":["../../src/utils/get-package-version.ts"],"names":[],"mappings":"AASA;;;;;;;;;;;;GAYG;AACH,wBAAgB,cAAc,IAAI,MAAM,CA6BvC"}
@@ -0,0 +1,84 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || (function () {
19
+ var ownKeys = function(o) {
20
+ ownKeys = Object.getOwnPropertyNames || function (o) {
21
+ var ar = [];
22
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
23
+ return ar;
24
+ };
25
+ return ownKeys(o);
26
+ };
27
+ return function (mod) {
28
+ if (mod && mod.__esModule) return mod;
29
+ var result = {};
30
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
31
+ __setModuleDefault(result, mod);
32
+ return result;
33
+ };
34
+ })();
35
+ Object.defineProperty(exports, "__esModule", { value: true });
36
+ exports.getCoreVersion = getCoreVersion;
37
+ const fs = __importStar(require("fs"));
38
+ const path = __importStar(require("path"));
39
+ /**
40
+ * Memoized result of the package.json version lookup.
41
+ * `undefined` means "not yet resolved"; a string (possibly 'unknown') is final.
42
+ */
43
+ let cachedVersion;
44
+ /**
45
+ * Resolve the installed @nauth-toolkit/core version at runtime.
46
+ *
47
+ * Walks up from the compiled file location (dist/utils at runtime, src/utils
48
+ * under ts-jest) for up to three levels looking for the package's own
49
+ * package.json. Reading at runtime keeps the reported version in sync with
50
+ * the published package — a compiled-in constant would go stale because the
51
+ * release script bumps versions outside the TypeScript build.
52
+ *
53
+ * Never throws; returns 'unknown' when the manifest cannot be found or read.
54
+ *
55
+ * @returns The semver version string of @nauth-toolkit/core, or 'unknown'
56
+ */
57
+ function getCoreVersion() {
58
+ if (cachedVersion !== undefined) {
59
+ return cachedVersion;
60
+ }
61
+ let dir = __dirname;
62
+ for (let i = 0; i < 3; i++) {
63
+ dir = path.dirname(dir);
64
+ try {
65
+ const manifestPath = path.join(dir, 'package.json');
66
+ if (fs.existsSync(manifestPath)) {
67
+ const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf8'));
68
+ if (typeof manifest === 'object' &&
69
+ manifest !== null &&
70
+ manifest.name === '@nauth-toolkit/core' &&
71
+ typeof manifest.version === 'string') {
72
+ cachedVersion = manifest.version;
73
+ return cachedVersion;
74
+ }
75
+ }
76
+ }
77
+ catch {
78
+ // Unreadable or malformed manifest — keep walking up, fall through to 'unknown'.
79
+ }
80
+ }
81
+ cachedVersion = 'unknown';
82
+ return cachedVersion;
83
+ }
84
+ //# sourceMappingURL=get-package-version.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"get-package-version.js","sourceRoot":"","sources":["../../src/utils/get-package-version.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsBA,wCA6BC;AAnDD,uCAAyB;AACzB,2CAA6B;AAE7B;;;GAGG;AACH,IAAI,aAAiC,CAAC;AAEtC;;;;;;;;;;;;GAYG;AACH,SAAgB,cAAc;IAC5B,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,IAAI,GAAG,GAAG,SAAS,CAAC;IACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;YACpD,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;gBAChC,MAAM,QAAQ,GAAY,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC,CAAC;gBAC5E,IACE,OAAO,QAAQ,KAAK,QAAQ;oBAC5B,QAAQ,KAAK,IAAI;oBAChB,QAA+B,CAAC,IAAI,KAAK,qBAAqB;oBAC/D,OAAQ,QAAkC,CAAC,OAAO,KAAK,QAAQ,EAC/D,CAAC;oBACD,aAAa,GAAI,QAAgC,CAAC,OAAO,CAAC;oBAC1D,OAAO,aAAa,CAAC;gBACvB,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,iFAAiF;QACnF,CAAC;IACH,CAAC;IAED,aAAa,GAAG,SAAS,CAAC;IAC1B,OAAO,aAAa,CAAC;AACvB,CAAC"}
@@ -3,6 +3,7 @@
3
3
  */
4
4
  export * from './pii-redactor';
5
5
  export * from './ip-extractor';
6
+ export * from './ip-match';
6
7
  export * from './nauth-logger';
7
8
  export * from './cookies.util';
8
9
  export * from './cookie-names.util';
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,gBAAgB,CAAC;AAC/B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,iBAAiB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,gBAAgB,CAAC;AAC/B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,YAAY,CAAC;AAC3B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,iBAAiB,CAAC"}
@@ -19,6 +19,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
19
19
  Object.defineProperty(exports, "__esModule", { value: true });
20
20
  __exportStar(require("./pii-redactor"), exports);
21
21
  __exportStar(require("./ip-extractor"), exports);
22
+ __exportStar(require("./ip-match"), exports);
22
23
  __exportStar(require("./nauth-logger"), exports);
23
24
  __exportStar(require("./cookies.util"), exports);
24
25
  __exportStar(require("./cookie-names.util"), exports);
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;;;;;AAEH,iDAA+B;AAC/B,iDAA+B;AAC/B,iDAA+B;AAC/B,iDAA+B;AAC/B,sDAAoC;AACpC,oDAAkC;AAClC,0DAAwC;AACxC,uDAAqC;AACrC,kDAAgC;AAChC,wFAAwF"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;;;;;AAEH,iDAA+B;AAC/B,iDAA+B;AAC/B,6CAA2B;AAC3B,iDAA+B;AAC/B,iDAA+B;AAC/B,sDAAoC;AACpC,oDAAkC;AAClC,0DAAwC;AACxC,uDAAqC;AACrC,kDAAgC;AAChC,wFAAwF"}
@@ -0,0 +1,44 @@
1
+ /**
2
+ * IP Allowlist Matching
3
+ *
4
+ * Utilities for matching a source IP against an allowlist entry that may be an
5
+ * exact IPv4/IPv6 address or an IPv4 CIDR range. Used to enforce per-API-key IP
6
+ * restrictions.
7
+ *
8
+ * @remarks
9
+ * IPv4 CIDR ranges (e.g. `10.0.0.0/8`) and exact IPv4/IPv6 addresses are supported.
10
+ * IPv6 CIDR ranges are not expanded; provide exact IPv6 addresses instead.
11
+ */
12
+ /**
13
+ * Validate whether a string is a valid IP address or IPv4 CIDR range.
14
+ *
15
+ * @param entry - Candidate allowlist entry
16
+ * @returns true if the entry is a usable IP or IPv4 CIDR
17
+ *
18
+ * @example
19
+ * ```typescript
20
+ * isValidIpOrCidr('203.0.113.4'); // true
21
+ * isValidIpOrCidr('10.0.0.0/8'); // true
22
+ * isValidIpOrCidr('not-an-ip'); // false
23
+ * ```
24
+ */
25
+ export declare function isValidIpOrCidr(entry: string): boolean;
26
+ /**
27
+ * Determine whether a source IP matches a single allowlist entry.
28
+ *
29
+ * Supports:
30
+ * - Exact IPv4/IPv6 match (case-insensitive for IPv6)
31
+ * - IPv4 CIDR range match (e.g. `10.0.0.0/8`)
32
+ *
33
+ * @param ip - Source IP of the request
34
+ * @param entry - Allowlist entry (IP or IPv4 CIDR)
35
+ * @returns true if the IP is covered by the entry
36
+ *
37
+ * @example
38
+ * ```typescript
39
+ * ipMatchesEntry('10.1.2.3', '10.0.0.0/8'); // true
40
+ * ipMatchesEntry('203.0.113.4', '203.0.113.4'); // true
41
+ * ```
42
+ */
43
+ export declare function ipMatchesEntry(ip: string, entry: string): boolean;
44
+ //# sourceMappingURL=ip-match.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"ip-match.d.ts","sourceRoot":"","sources":["../../src/utils/ip-match.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAuCH;;;;;;;;;;;;GAYG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAetD;AAkBD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,cAAc,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAwBjE"}