@open-core/framework 1.0.1-beta.1

package/dist/server/services/access-control.service.js

@@ -0,0 +1,99 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccessControlService = void 0;
+const tsyringe_1 = require("tsyringe");
+const utils_1 = require("../../utils");
+const templates_1 = require("../templates");
+/**
+ * **Core Security Service**
+ *
+ * This service acts as the central enforcement point for the Access Control system.
+ * It uses the configured `PrincipalProvider` to query roles and validates them against requirements.
+ *
+ * It is primarily used internally by the `@Guard` decorator, but can be injected
+ * into services to perform manual checks.
+ */
+let AccessControlService = class AccessControlService {
+    constructor(principalProvider) {
+        this.principalProvider = principalProvider;
+    }
+    /**
+     * Verifies if a player meets a minimum numeric rank requirement.
+     *
+     * @param player - The target player.
+     * @param minRank - The minimum numeric value required (Inclusive).
+     *
+     * @returns `true` if `Principal.rank >= minRank`.
+     *
+     * @throws {AppError} code `UNAUTHORIZED` if the player has no Principal (not logged in).
+     * @throws {AppError} code `NO_RANK_IN_PRINCIPAL` if the Principal exists but has no `rank` defined.
+     */
+    async hasRank(player, minRank) {
+        const principal = await this.principalProvider.getPrincipal(player);
+        if (!principal)
+            throw new utils_1.AppError('UNAUTHORIZED', 'No principal found', 'core');
+        if (principal.rank === undefined)
+            throw new utils_1.AppError('NO_RANK_IN_PRINCIPAL', "You're trying to compare a Principal rank, but there's no defined rank! ", 'core');
+        return principal.rank >= minRank;
+    }
+    /**
+     * Verifies if a player possesses a specific permission string.
+     *
+     * @remarks
+     * This method supports the **Wildcard ('*')** permission. If the principal has `'*'`
+     * in their permissions array, this method always returns `true`.
+     *
+     * @param player - The target player.
+     * @param permission - The specific permission key (e.g., `'admin.ban'`).
+     * @returns `true` if the player has the permission or the wildcard.
+     */
+    async hasPermission(player, permission) {
+        const principal = await this.principalProvider.getPrincipal(player);
+        if (!principal)
+            return false;
+        if (principal.permissions.includes('*'))
+            return true;
+        return principal.permissions.includes(permission);
+    }
+    /**
+     * **Strict Enforcement**
+     *
+     * Validates a set of requirements against a player. If any requirement fails,
+     * it throws an exception, halting the execution flow.
+     *
+     * Used primarily by the `@Guard` decorator logic.
+     *
+     * @param player - The server player to validate.
+     * @param requirements - An object containing rank and/or permission constraints.
+     *
+     * @throws {AppError} code `PERMISSION_DENIED` if validation fails.
+     */
+    async enforce(player, requirements) {
+        if (requirements.minRank !== undefined) {
+            const hasRank = await this.hasRank(player, requirements.minRank);
+            if (!hasRank) {
+                throw new utils_1.AppError('PERMISSION_DENIED', `Access Denied: Requires minimum rank level ${requirements.minRank}`, 'core');
+            }
+        }
+        if (requirements.permission) {
+            const hasPerm = await this.hasPermission(player, requirements.permission);
+            if (!hasPerm) {
+                throw new utils_1.AppError('PERMISSION_DENIED', `Access Denied: Missing required permission '${requirements.permission}'`, 'core');
+            }
+        }
+    }
+};
+exports.AccessControlService = AccessControlService;
+exports.AccessControlService = AccessControlService = __decorate([
+    (0, tsyringe_1.injectable)(),
+    __metadata("design:paramtypes", [templates_1.PrincipalProviderContract])
+], AccessControlService);

package/dist/server/services/chat.service.d.ts

@@ -0,0 +1,7 @@
+import { Server } from '../..';
+import { RGB } from '../../utils';
+export declare class ChatService {
+    broadcast(message: string, author?: string, color?: RGB): void;
+    sendPrivate(player: Server.Player, message: string, author?: string, color?: RGB): void;
+    clearChat(player: Server.Player): void;
+}

package/dist/server/services/chat.service.js

@@ -0,0 +1,31 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ChatService = void 0;
+const tsyringe_1 = require("tsyringe");
+let ChatService = class ChatService {
+    broadcast(message, author = 'SYSTEM', color = { r: 255, g: 255, b: 255 }) {
+        emitNet('core:chat:message', -1, {
+            args: [author, message],
+            color: color,
+        });
+    }
+    sendPrivate(player, message, author = 'Private', color = { r: 200, g: 200, b: 200 }) {
+        emitNet('core:chat:addMessage', player.clientID, {
+            args: [author, message],
+            color: color,
+        });
+    }
+    clearChat(player) {
+        emitNet('core:chat:clear', player.clientID);
+    }
+};
+exports.ChatService = ChatService;
+exports.ChatService = ChatService = __decorate([
+    (0, tsyringe_1.injectable)()
+], ChatService);

package/dist/server/services/command.service.d.ts

@@ -0,0 +1,15 @@
+import type { CommandMetadata } from '../decorators/command';
+import { Server } from '../..';
+import { SecurityHandlerContract } from '../templates/security/security-handler.contract';
+export declare class CommandService {
+    private securityHandler;
+    constructor(securityHandler: SecurityHandlerContract);
+    private commands;
+    register(meta: CommandMetadata, handler: Function): void;
+    execute(player: Server.Player, commandName: string, args: string[], raw: string): Promise<void>;
+    getAllCommands(): {
+        name: string;
+        description: string;
+        usage: string;
+    }[];
+}

package/dist/server/services/command.service.js

@@ -0,0 +1,74 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CommandService = void 0;
+const tsyringe_1 = require("tsyringe");
+const utils_1 = require("../../utils");
+const zod_1 = __importDefault(require("zod"));
+const security_handler_contract_1 = require("../templates/security/security-handler.contract");
+const logger_1 = require("../../shared/logger");
+let CommandService = class CommandService {
+    constructor(securityHandler) {
+        this.securityHandler = securityHandler;
+        this.commands = new Map();
+    }
+    register(meta, handler) {
+        this.commands.set(meta.name.toLowerCase(), { meta, handler });
+        logger_1.loggers.command.debug(`Registered: /${meta.name}${meta.schema ? ' [Validated]' : ''}`);
+    }
+    async execute(player, commandName, args, raw) {
+        const entry = this.commands.get(commandName.toLowerCase());
+        if (!entry) {
+            return;
+        }
+        const { meta, handler } = entry;
+        let validatedArgs = args;
+        if (meta.schema) {
+            try {
+                const result = await meta.schema.parseAsync(args);
+                validatedArgs = Array.isArray(result) ? result : [result];
+            }
+            catch (error) {
+                if (error instanceof zod_1.default.ZodError) {
+                    throw new utils_1.AppError('VALIDATION_ERROR', `Incorrect usage: ${error.message}`, 'client', {
+                        usage: meta.usage,
+                    });
+                }
+                if (error instanceof utils_1.AppError) {
+                    throw error;
+                }
+                if (error instanceof utils_1.SecurityError) {
+                    this.securityHandler.handleViolation(player, error);
+                }
+                throw error;
+            }
+        }
+        await handler(player, validatedArgs, raw);
+    }
+    getAllCommands() {
+        return Array.from(this.commands.values()).map((c) => {
+            var _a, _b;
+            return ({
+                name: c.meta.name,
+                description: (_a = c.meta.description) !== null && _a !== void 0 ? _a : '',
+                usage: (_b = c.meta.usage) !== null && _b !== void 0 ? _b : '',
+            });
+        });
+    }
+};
+exports.CommandService = CommandService;
+exports.CommandService = CommandService = __decorate([
+    (0, tsyringe_1.injectable)(),
+    __metadata("design:paramtypes", [security_handler_contract_1.SecurityHandlerContract])
+], CommandService);

package/dist/server/services/config.service.d.ts

@@ -0,0 +1,75 @@
+/**
+ * Generic configuration service for accessing FiveM Convars.
+ *
+ * Provides type-safe access to configuration values with automatic
+ * prefix handling and type conversion.
+ *
+ * All keys are automatically prefixed with `opencore_`.
+ *
+ * @example
+ * ```ts
+ * const config = di.resolve(ConfigService)
+ *
+ * // Get string value
+ * const apiUrl = config.get('api_url', 'http://localhost:3000')
+ *
+ * // Get number value
+ * const timeout = config.getNumber('timeout', 5000)
+ *
+ * // Get boolean value
+ * const debug = config.getBoolean('debug', false)
+ *
+ * // Get required value (throws if not set)
+ * const secretKey = config.getRequired('secret_key')
+ *
+ * // Get JSON value
+ * const settings = config.getJson('settings', { enabled: true })
+ * ```
+ *
+ * @scope Singleton
+ */
+export declare class ConfigService {
+    private readonly PREFIX;
+    /**
+     * Gets a string configuration value.
+     *
+     * @param key - The configuration key (without prefix)
+     * @param defaultValue - Default value if not set
+     * @returns The configuration value or default
+     */
+    get(key: string, defaultValue: string): string;
+    /**
+     * Gets a numeric configuration value.
+     *
+     * @param key - The configuration key (without prefix)
+     * @param defaultValue - Default value if not set or invalid
+     * @returns The configuration value as number
+     */
+    getNumber(key: string, defaultValue: number): number;
+    /**
+     * Gets a boolean configuration value.
+     *
+     * Recognizes 'true', '1' as true, everything else as false.
+     *
+     * @param key - The configuration key (without prefix)
+     * @param defaultValue - Default value if not set
+     * @returns The configuration value as boolean
+     */
+    getBoolean(key: string, defaultValue: boolean): boolean;
+    /**
+     * Gets a required configuration value.
+     *
+     * @param key - The configuration key (without prefix)
+     * @returns The configuration value
+     * @throws Error if the value is not set
+     */
+    getRequired(key: string): string;
+    /**
+     * Gets a JSON configuration value.
+     *
+     * @param key - The configuration key (without prefix)
+     * @param defaultValue - Default value if not set or invalid JSON
+     * @returns The parsed JSON value or default
+     */
+    getJson<T>(key: string, defaultValue: T): T;
+}

package/dist/server/services/config.service.js

@@ -0,0 +1,116 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ConfigService = void 0;
+const decorators_1 = require("../decorators");
+/**
+ * Generic configuration service for accessing FiveM Convars.
+ *
+ * Provides type-safe access to configuration values with automatic
+ * prefix handling and type conversion.
+ *
+ * All keys are automatically prefixed with `opencore_`.
+ *
+ * @example
+ * ```ts
+ * const config = di.resolve(ConfigService)
+ *
+ * // Get string value
+ * const apiUrl = config.get('api_url', 'http://localhost:3000')
+ *
+ * // Get number value
+ * const timeout = config.getNumber('timeout', 5000)
+ *
+ * // Get boolean value
+ * const debug = config.getBoolean('debug', false)
+ *
+ * // Get required value (throws if not set)
+ * const secretKey = config.getRequired('secret_key')
+ *
+ * // Get JSON value
+ * const settings = config.getJson('settings', { enabled: true })
+ * ```
+ *
+ * @scope Singleton
+ */
+let ConfigService = class ConfigService {
+    constructor() {
+        this.PREFIX = 'opencore_';
+    }
+    /**
+     * Gets a string configuration value.
+     *
+     * @param key - The configuration key (without prefix)
+     * @param defaultValue - Default value if not set
+     * @returns The configuration value or default
+     */
+    get(key, defaultValue) {
+        return GetConvar(this.PREFIX + key, defaultValue);
+    }
+    /**
+     * Gets a numeric configuration value.
+     *
+     * @param key - The configuration key (without prefix)
+     * @param defaultValue - Default value if not set or invalid
+     * @returns The configuration value as number
+     */
+    getNumber(key, defaultValue) {
+        const value = GetConvar(this.PREFIX + key, String(defaultValue));
+        const parsed = Number(value);
+        return isNaN(parsed) ? defaultValue : parsed;
+    }
+    /**
+     * Gets a boolean configuration value.
+     *
+     * Recognizes 'true', '1' as true, everything else as false.
+     *
+     * @param key - The configuration key (without prefix)
+     * @param defaultValue - Default value if not set
+     * @returns The configuration value as boolean
+     */
+    getBoolean(key, defaultValue) {
+        const value = GetConvar(this.PREFIX + key, String(defaultValue));
+        return value === 'true' || value === '1';
+    }
+    /**
+     * Gets a required configuration value.
+     *
+     * @param key - The configuration key (without prefix)
+     * @returns The configuration value
+     * @throws Error if the value is not set
+     */
+    getRequired(key) {
+        const value = GetConvar(this.PREFIX + key, '');
+        if (!value) {
+            throw new Error(`[OpenCore] Configuration '${this.PREFIX}${key}' is required but not set`);
+        }
+        return value;
+    }
+    /**
+     * Gets a JSON configuration value.
+     *
+     * @param key - The configuration key (without prefix)
+     * @param defaultValue - Default value if not set or invalid JSON
+     * @returns The parsed JSON value or default
+     */
+    getJson(key, defaultValue) {
+        const value = GetConvar(this.PREFIX + key, '');
+        if (!value)
+            return defaultValue;
+        try {
+            return JSON.parse(value);
+        }
+        catch (_a) {
+            return defaultValue;
+        }
+    }
+};
+exports.ConfigService = ConfigService;
+exports.ConfigService = ConfigService = __decorate([
+    (0, decorators_1.Bind)('singleton')
+], ConfigService);

package/dist/server/services/default/default-security.handler.d.ts

@@ -0,0 +1,6 @@
+import { SecurityHandlerContract } from '../../templates/security/security-handler.contract';
+import { Server } from '../../..';
+import { SecurityError } from '../../../utils/errors';
+export declare class DefaultSecurityHandler extends SecurityHandlerContract {
+    handleViolation(player: Server.Player, error: SecurityError): Promise<void>;
+}

package/dist/server/services/default/default-security.handler.js

@@ -0,0 +1,26 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultSecurityHandler = void 0;
+const tsyringe_1 = require("tsyringe");
+const security_handler_contract_1 = require("../../templates/security/security-handler.contract");
+const logger_1 = require("../../../shared/logger");
+let DefaultSecurityHandler = class DefaultSecurityHandler extends security_handler_contract_1.SecurityHandlerContract {
+    async handleViolation(player, error) {
+        logger_1.loggers.security.warn(`Security violation detected`, {
+            playerName: player.name,
+            playerId: player.clientID,
+            message: error.message,
+            suggestedAction: error.action,
+        });
+    }
+};
+exports.DefaultSecurityHandler = DefaultSecurityHandler;
+exports.DefaultSecurityHandler = DefaultSecurityHandler = __decorate([
+    (0, tsyringe_1.injectable)()
+], DefaultSecurityHandler);

package/dist/server/services/http/http.service.d.ts

@@ -0,0 +1,50 @@
+export interface HttpOptions {
+    headers?: Record<string, string>;
+    timeoutMs?: number;
+}
+export declare class HttpService {
+    /**
+     * Performs an HTTP GET request to the specified URL.
+     *
+     * @template T - The expected return type of the response data.
+     * @param url - The endpoint URL to fetch data from.
+     * @param options - Optional configuration for the request (headers, timeout).
+     * @returns A Promise that resolves to the response data of type T.
+     * @throws {AppError} If the request fails, times out, or returns a non-2xx status code.
+     */
+    get<T = any>(url: string, options?: HttpOptions): Promise<T>;
+    /**
+     * Performs an HTTP POST request to the specified URL with a JSON payload.
+     *
+     * @template T - The expected return type of the response data.
+     * @param url - The endpoint URL to send data to.
+     * @param body - The data payload to be sent as the request body (will be stringified to JSON).
+     * @param options - Optional configuration for the request (headers, timeout).
+     * @returns A Promise that resolves to the response data of type T.
+     * @throws {AppError} If the request fails, times out, or returns a non-2xx status code.
+     */
+    post<T = any>(url: string, body: any, options?: HttpOptions): Promise<T>;
+    /**
+     * Performs an HTTP PUT request to the specified URL to update a resource.
+     *
+     * @template T - The expected return type of the response data.
+     * @param url - The endpoint URL to update.
+     * @param body - The data payload to be sent as the request body (will be stringified to JSON).
+     * @param options - Optional configuration for the request (headers, timeout).
+     * @returns A Promise that resolves to the response data of type T.
+     * @throws {AppError} If the request fails, times out, or returns a non-2xx status code.
+     */
+    put<T = any>(url: string, body: any, options?: HttpOptions): Promise<T>;
+    /**
+     * Performs an HTTP DELETE request to the specified URL.
+     *
+     * @template T - The expected return type of the response data (often void or the deleted entity).
+     * @param url - The endpoint URL to delete the resource from.
+     * @param options - Optional configuration for the request (headers, timeout).
+     * @returns A Promise that resolves to the response data of type T.
+     * @throws {AppError} If the request fails, times out, or returns a non-2xx status code.
+     */
+    delete<T = any>(url: string, options?: HttpOptions): Promise<T>;
+    private request;
+    private handleResponse;
+}

package/dist/server/services/http/http.service.js

@@ -0,0 +1,126 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HttpService = void 0;
+const tsyringe_1 = require("tsyringe");
+const utils_1 = require("../../../utils");
+let HttpService = class HttpService {
+    /**
+     * Performs an HTTP GET request to the specified URL.
+     *
+     * @template T - The expected return type of the response data.
+     * @param url - The endpoint URL to fetch data from.
+     * @param options - Optional configuration for the request (headers, timeout).
+     * @returns A Promise that resolves to the response data of type T.
+     * @throws {AppError} If the request fails, times out, or returns a non-2xx status code.
+     */
+    async get(url, options = {}) {
+        return this.request(url, 'GET', undefined, options);
+    }
+    /**
+     * Performs an HTTP POST request to the specified URL with a JSON payload.
+     *
+     * @template T - The expected return type of the response data.
+     * @param url - The endpoint URL to send data to.
+     * @param body - The data payload to be sent as the request body (will be stringified to JSON).
+     * @param options - Optional configuration for the request (headers, timeout).
+     * @returns A Promise that resolves to the response data of type T.
+     * @throws {AppError} If the request fails, times out, or returns a non-2xx status code.
+     */
+    async post(url, body, options = {}) {
+        return this.request(url, 'POST', body, options);
+    }
+    /**
+     * Performs an HTTP PUT request to the specified URL to update a resource.
+     *
+     * @template T - The expected return type of the response data.
+     * @param url - The endpoint URL to update.
+     * @param body - The data payload to be sent as the request body (will be stringified to JSON).
+     * @param options - Optional configuration for the request (headers, timeout).
+     * @returns A Promise that resolves to the response data of type T.
+     * @throws {AppError} If the request fails, times out, or returns a non-2xx status code.
+     */
+    async put(url, body, options = {}) {
+        return this.request(url, 'PUT', body, options);
+    }
+    /**
+     * Performs an HTTP DELETE request to the specified URL.
+     *
+     * @template T - The expected return type of the response data (often void or the deleted entity).
+     * @param url - The endpoint URL to delete the resource from.
+     * @param options - Optional configuration for the request (headers, timeout).
+     * @returns A Promise that resolves to the response data of type T.
+     * @throws {AppError} If the request fails, times out, or returns a non-2xx status code.
+     */
+    async delete(url, options = {}) {
+        return this.request(url, 'DELETE', undefined, options);
+    }
+    async request(url, method, body, options) {
+        const { headers = {}, timeoutMs = 5000 } = options;
+        const finalHeaders = Object.assign({ 'Content-Type': 'application/json' }, headers);
+        const controller = new AbortController();
+        const id = setTimeout(() => controller.abort(), timeoutMs);
+        try {
+            const response = await fetch(url, {
+                method,
+                headers: finalHeaders,
+                body: body ? JSON.stringify(body) : undefined,
+                signal: controller.signal,
+            });
+            return await this.handleResponse(response, method, url);
+        }
+        catch (err) {
+            if (err instanceof utils_1.AppError)
+                throw err;
+            if (err instanceof DOMException && err.name === 'AbortError') {
+                throw new utils_1.AppError('NETWORK_ERROR', `${method} ${url} timed out after ${timeoutMs}ms`, 'external', { timeout: timeoutMs });
+            }
+            throw new utils_1.AppError('NETWORK_ERROR', `Network error calling ${method} ${url}`, 'external', {
+                endpoint: url,
+                method,
+                cause: err instanceof Error ? err.message : String(err),
+            });
+        }
+        finally {
+            clearTimeout(id);
+        }
+    }
+    async handleResponse(response, method, url) {
+        if (!response.ok) {
+            let code = 'API_ERROR';
+            let errorBody = null;
+            if (response.status === 401 || response.status === 403) {
+                code = 'UNAUTHORIZED';
+            }
+            try {
+                errorBody = await response.json();
+            }
+            catch (_) { }
+            throw new utils_1.AppError(code, `${method} ${url} failed with status ${response.status}`, 'external', {
+                status: response.status,
+                endpoint: url,
+                method,
+                body: errorBody,
+            });
+        }
+        if (response.status === 204) {
+            return undefined;
+        }
+        try {
+            return (await response.json());
+        }
+        catch (_) {
+            // TODO: define better behavior for non-JSON responses
+            return undefined;
+        }
+    }
+};
+exports.HttpService = HttpService;
+exports.HttpService = HttpService = __decorate([
+    (0, tsyringe_1.injectable)()
+], HttpService);

package/dist/server/services/index.d.ts

@@ -0,0 +1,10 @@
+export * from './player.service';
+export * from './command.service';
+export * from './http/http.service';
+export * from './access-control.service';
+export * from './chat.service';
+export * from './rate-limiter.service';
+export * from './persistence.service';
+export * from './parallel';
+export * from './config.service';
+export * from '../database';

package/dist/server/services/index.js

@@ -0,0 +1,26 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./player.service"), exports);
+__exportStar(require("./command.service"), exports);
+__exportStar(require("./http/http.service"), exports);
+__exportStar(require("./access-control.service"), exports);
+__exportStar(require("./chat.service"), exports);
+__exportStar(require("./rate-limiter.service"), exports);
+__exportStar(require("./persistence.service"), exports);
+__exportStar(require("./parallel"), exports);
+__exportStar(require("./config.service"), exports);
+__exportStar(require("../database"), exports);