@rabstack/rab-api 1.0.1

package/index.cjs.js

@@ -0,0 +1,1105 @@
+'use strict';
+
+require('reflect-metadata');
+var express = require('express');
+var typedi = require('typedi');
+var composeMiddleware = require('compose-middleware');
+var jwt = require('jsonwebtoken');
+
+function _extends() {
+    _extends = Object.assign || function assign(target) {
+        for(var i = 1; i < arguments.length; i++){
+            var source = arguments[i];
+            for(var key in source)if (Object.prototype.hasOwnProperty.call(source, key)) target[key] = source[key];
+        }
+        return target;
+    };
+    return _extends.apply(this, arguments);
+}
+
+function _object_without_properties_loose(source, excluded) {
+    if (source == null) return {};
+    var target = {};
+    var sourceKeys = Object.keys(source);
+    var key, i;
+    for(i = 0; i < sourceKeys.length; i++){
+        key = sourceKeys[i];
+        if (excluded.indexOf(key) >= 0) continue;
+        target[key] = source[key];
+    }
+    return target;
+}
+
+/**
+ * Controller decorator - marks a class as an injectable controller.
+ * Alias for TypeDI's @Service decorator.
+ */ const Controller = typedi.Service;
+/**
+ * Injectable decorator - marks a class as injectable via dependency injection.
+ * Alias for TypeDI's @Service decorator.
+ */ const Injectable = typedi.Service;
+/**
+ * Dependency injection container.
+ * Provides access to TypeDI's Container for manual service retrieval.
+ */ const DiContainer = typedi.Container;
+/**
+ * Metadata key used to store route information via reflect-metadata.
+ */ const CONTROLLER_ROUTE_KEY = 'controller:route';
+/**
+ * Core route decorator factory.
+ * Creates route decorators for different HTTP methods.
+ *
+ * @param method - HTTP method for this route
+ * @param path - URL path pattern (supports Express-style params like ':id')
+ * @param options - Route configuration options
+ * @returns Class decorator function
+ */ function AtomRoute(method, path, options) {
+    return (target)=>{
+        typedi.Service()(target);
+        const routeMetadata = {
+            method,
+            path,
+            handlerName: 'handler',
+            options
+        };
+        if (!typedi.Container.has(target)) {
+            typedi.Container.set({
+                id: target,
+                type: target
+            });
+        }
+        Reflect.defineMetadata(CONTROLLER_ROUTE_KEY, routeMetadata, target);
+    };
+}
+/**
+ * POST route decorator.
+ * Registers a controller class as a POST endpoint handler.
+ *
+ * @param path - URL path pattern (e.g., '/users' or '/users/:id')
+ * @param options - Route configuration options (validation, permissions, etc.)
+ * @returns Class decorator
+ *
+ * @example
+ * ```typescript
+ * @Post('/users', {
+ *   bodySchema: createUserSchema,
+ *   permission: 'canCreateUser',
+ * })
+ * export class CreateUserController implements AtomApiPost<T> {
+ *   execute = async (request) => {
+ *     return this.userService.create(request.body);
+ *   };
+ * }
+ * ```
+ */ function Post(path, options) {
+    return AtomRoute('post', path, options);
+}
+/**
+ * GET route decorator.
+ * Registers a controller class as a GET endpoint handler.
+ *
+ * @param path - URL path pattern (e.g., '/users' or '/users/:id')
+ * @param options - Route configuration options (validation, permissions, etc.)
+ * @returns Class decorator
+ *
+ * @example
+ * ```typescript
+ * @Get('/users/:id', {
+ *   permission: 'canReadUser',
+ * })
+ * export class GetUserController implements AtomApiGet<T> {
+ *   execute = async (request) => {
+ *     return this.userService.findById(request.params.id);
+ *   };
+ * }
+ * ```
+ */ function Get(path, options) {
+    return AtomRoute('get', path, options);
+}
+/**
+ * DELETE route decorator.
+ * Registers a controller class as a DELETE endpoint handler.
+ *
+ * @param path - URL path pattern (e.g., '/users/:id')
+ * @param options - Route configuration options (validation, permissions, etc.)
+ * @returns Class decorator
+ *
+ * @example
+ * ```typescript
+ * @Delete('/users/:id', {
+ *   permission: 'canDeleteUser',
+ * })
+ * export class DeleteUserController implements AtomApiDelete<T> {
+ *   execute = async (request) => {
+ *     await this.userService.delete(request.params.id);
+ *     return { success: true };
+ *   };
+ * }
+ * ```
+ */ function Delete(path, options) {
+    return AtomRoute('delete', path, options);
+}
+/**
+ * PUT route decorator.
+ * Registers a controller class as a PUT endpoint handler.
+ * Use for full resource replacement.
+ *
+ * @param path - URL path pattern (e.g., '/users/:id')
+ * @param options - Route configuration options (validation, permissions, etc.)
+ * @returns Class decorator
+ *
+ * @example
+ * ```typescript
+ * @Put('/users/:id', {
+ *   bodySchema: updateUserSchema,
+ *   permission: 'canUpdateUser',
+ * })
+ * export class UpdateUserController implements AtomApiPut<T> {
+ *   execute = async (request) => {
+ *     return this.userService.update(request.params.id, request.body);
+ *   };
+ * }
+ * ```
+ */ function Put(path, options) {
+    return AtomRoute('put', path, options);
+}
+/**
+ * PATCH route decorator.
+ * Registers a controller class as a PATCH endpoint handler.
+ * Use for partial resource updates.
+ *
+ * @param path - URL path pattern (e.g., '/users/:id')
+ * @param options - Route configuration options (validation, permissions, etc.)
+ * @returns Class decorator
+ *
+ * @example
+ * ```typescript
+ * @Patch('/users/:id', {
+ *   bodySchema: patchUserSchema,
+ *   permission: 'canUpdateUser',
+ * })
+ * export class PatchUserController implements AtomApiPatch<T> {
+ *   execute = async (request) => {
+ *     return this.userService.patch(request.params.id, request.body);
+ *   };
+ * }
+ * ```
+ */ function Patch(path, options) {
+    return AtomRoute('patch', path, options);
+}
+
+const isCallBackPipe = (pipe)=>typeof pipe === 'function' && pipe.length == 1;
+
+/**
+ * Base class for all RabAPI errors.
+ * Extends the native Error class with additional HTTP context.
+ */ class RabApiError extends Error {
+    /**
+   * @param message - Human-readable error message
+   * @param statusCode - HTTP status code
+   * @param errorCode - Optional machine-readable error code
+   * @param errors - Optional array of detailed error messages
+   */ constructor(message, statusCode, errorCode, errors){
+        super(message);
+        this.errors = errors;
+        this.message = message;
+        this.errorCode = errorCode;
+        this.statusCode = statusCode;
+        this.name = 'RabApiError';
+        Error.captureStackTrace(this, this.constructor);
+    }
+}
+/**
+ * Represents a 400 Bad Request error.
+ * Use this for client-side validation failures or malformed requests.
+ *
+ * @example
+ * ```typescript
+ * throw new BadRequestException(
+ *   'Invalid email format',
+ *   ['Email must be a valid email address'],
+ *   'INVALID_EMAIL'
+ * );
+ * ```
+ */ class BadRequestException extends RabApiError {
+    /**
+   * @param message - Human-readable error message
+   * @param errors - Optional array of detailed validation errors
+   * @param errorCode - Optional machine-readable error code for client handling
+   */ constructor(message, errors, errorCode){
+        super(message, 400, errorCode, errors);
+        this.name = 'BadRequestException';
+        Error.captureStackTrace(this, this.constructor);
+    }
+}
+/**
+ * Represents a 401 Unauthorized error.
+ * Use this when authentication is required but missing or invalid.
+ *
+ * @example
+ * ```typescript
+ * throw new UnauthorizedException('Invalid token', 'TOKEN_EXPIRED');
+ * ```
+ */ class UnauthorizedException extends RabApiError {
+    /**
+   * @param message - Human-readable error message (default: 'Unauthorized')
+   * @param errorCode - Optional machine-readable error code
+   */ constructor(message = 'Unauthorized', errorCode){
+        super(message, 401, errorCode);
+        this.name = 'UnauthorizedException';
+        Error.captureStackTrace(this, this.constructor);
+    }
+}
+/**
+ * Represents a 403 Forbidden error.
+ * Use this when the user is authenticated but lacks permission.
+ *
+ * @example
+ * ```typescript
+ * throw new ForbiddenException('You do not have permission to access this resource', 'INSUFFICIENT_PERMISSIONS');
+ * ```
+ */ class ForbiddenException extends RabApiError {
+    /**
+   * @param message - Human-readable error message (default: 'Forbidden')
+   * @param errorCode - Optional machine-readable error code
+   */ constructor(message = 'Forbidden', errorCode){
+        super(message, 403, errorCode);
+        this.name = 'ForbiddenException';
+        Error.captureStackTrace(this, this.constructor);
+    }
+}
+/**
+ * Represents a 404 Not Found error.
+ * Use this when a requested resource does not exist.
+ *
+ * @example
+ * ```typescript
+ * throw new NotFoundException('User not found', 'USER_NOT_FOUND');
+ * ```
+ */ class NotFoundException extends RabApiError {
+    /**
+   * @param message - Human-readable error message (default: 'Not Found')
+   * @param errorCode - Optional machine-readable error code
+   */ constructor(message = 'Not Found', errorCode){
+        super(message, 404, errorCode);
+        this.name = 'NotFoundException';
+        Error.captureStackTrace(this, this.constructor);
+    }
+}
+/**
+ * Represents a 405 Method Not Allowed error.
+ * Use this when an HTTP method is not supported for a resource.
+ *
+ * @example
+ * ```typescript
+ * throw new MethodNotAllowedException('DELETE method not allowed on this resource');
+ * ```
+ */ class MethodNotAllowedException extends RabApiError {
+    /**
+   * @param message - Human-readable error message (default: 'Method Not Allowed')
+   * @param errorCode - Optional machine-readable error code
+   */ constructor(message = 'Method Not Allowed', errorCode){
+        super(message, 405, errorCode);
+        this.name = 'MethodNotAllowedException';
+        Error.captureStackTrace(this, this.constructor);
+    }
+}
+/**
+ * Represents a 408 Request Timeout error.
+ * Use this when the server times out waiting for a request.
+ *
+ * @example
+ * ```typescript
+ * throw new RequestTimeoutException('Request took too long to complete', 'REQUEST_TIMEOUT');
+ * ```
+ */ class RequestTimeoutException extends RabApiError {
+    /**
+   * @param message - Human-readable error message (default: 'Request Timeout')
+   * @param errorCode - Optional machine-readable error code
+   */ constructor(message = 'Request Timeout', errorCode){
+        super(message, 408, errorCode);
+        this.name = 'RequestTimeoutException';
+        Error.captureStackTrace(this, this.constructor);
+    }
+}
+/**
+ * Represents a 409 Conflict error.
+ * Use this when a request conflicts with the current state (e.g., duplicate resources).
+ *
+ * @example
+ * ```typescript
+ * throw new ConflictException('Email already exists', 'EMAIL_CONFLICT');
+ * ```
+ */ class ConflictException extends RabApiError {
+    /**
+   * @param message - Human-readable error message
+   * @param errorCode - Optional machine-readable error code
+   */ constructor(message, errorCode){
+        super(message, 409, errorCode);
+        this.name = 'ConflictException';
+        Error.captureStackTrace(this, this.constructor);
+    }
+}
+/**
+ * Represents a 413 Payload Too Large error.
+ * Use this when the request payload exceeds size limits.
+ *
+ * @example
+ * ```typescript
+ * throw new PayloadTooLargeException('File size exceeds 10MB limit', 'FILE_TOO_LARGE');
+ * ```
+ */ class PayloadTooLargeException extends RabApiError {
+    /**
+   * @param message - Human-readable error message (default: 'Payload Too Large')
+   * @param errorCode - Optional machine-readable error code
+   */ constructor(message = 'Payload Too Large', errorCode){
+        super(message, 413, errorCode);
+        this.name = 'PayloadTooLargeException';
+        Error.captureStackTrace(this, this.constructor);
+    }
+}
+/**
+ * Represents a 422 Unprocessable Entity error.
+ * Use this for semantic validation errors (valid syntax but invalid semantics).
+ *
+ * @example
+ * ```typescript
+ * throw new UnprocessableEntityException(
+ *   'Validation failed',
+ *   ['Age must be at least 18', 'Email domain not allowed'],
+ *   'VALIDATION_FAILED'
+ * );
+ * ```
+ */ class UnprocessableEntityException extends RabApiError {
+    /**
+   * @param message - Human-readable error message (default: 'Unprocessable Entity')
+   * @param errors - Optional array of detailed validation errors
+   * @param errorCode - Optional machine-readable error code
+   */ constructor(message = 'Unprocessable Entity', errors, errorCode){
+        super(message, 422, errorCode, errors);
+        this.name = 'UnprocessableEntityException';
+        Error.captureStackTrace(this, this.constructor);
+    }
+}
+/**
+ * Represents a 429 Too Many Requests error.
+ * Use this when rate limiting is exceeded.
+ *
+ * @example
+ * ```typescript
+ * throw new TooManyRequestsException('Rate limit exceeded. Try again in 60 seconds', 'RATE_LIMIT_EXCEEDED');
+ * ```
+ */ class TooManyRequestsException extends RabApiError {
+    /**
+   * @param message - Human-readable error message (default: 'Too Many Requests')
+   * @param errorCode - Optional machine-readable error code
+   */ constructor(message = 'Too Many Requests', errorCode){
+        super(message, 429, errorCode);
+        this.name = 'TooManyRequestsException';
+        Error.captureStackTrace(this, this.constructor);
+    }
+}
+/**
+ * Represents a 500 Internal Server Error.
+ * Use this for unexpected server-side errors.
+ *
+ * @example
+ * ```typescript
+ * throw new InternalServerErrorException('Database connection failed', 'DB_ERROR');
+ * ```
+ */ class InternalServerErrorException extends RabApiError {
+    /**
+   * @param message - Human-readable error message (default: 'Internal Server Error')
+   * @param errorCode - Optional machine-readable error code
+   */ constructor(message = 'Internal Server Error', errorCode){
+        super(message, 500, errorCode);
+        this.name = 'InternalServerErrorException';
+        Error.captureStackTrace(this, this.constructor);
+    }
+}
+/**
+ * Represents a 503 Service Unavailable error.
+ * Use this when the server is temporarily unable to handle requests.
+ *
+ * @example
+ * ```typescript
+ * throw new ServiceUnavailableException('System maintenance in progress', 'MAINTENANCE');
+ * ```
+ */ class ServiceUnavailableException extends RabApiError {
+    /**
+   * @param message - Human-readable error message (default: 'Service Unavailable')
+   * @param errorCode - Optional machine-readable error code
+   */ constructor(message = 'Service Unavailable', errorCode){
+        super(message, 503, errorCode);
+        this.name = 'ServiceUnavailableException';
+        Error.captureStackTrace(this, this.constructor);
+    }
+}
+
+/**
+ * Global error handler middleware for Express.
+ * Handles RabApiError instances with proper status codes and error formatting.
+ * Falls back to 500 Internal Server Error for unexpected errors.
+ *
+ * @param err - The error object
+ * @param req - Express request object
+ * @param res - Express response object
+ * @param next - Express next function
+ */ const errorHandler = (err, req, res, next)=>{
+    console.error(err);
+    if (err instanceof RabApiError) {
+        var _err_errorCode;
+        return res.status(err.statusCode).send({
+            message: err.message,
+            errors: err.errors,
+            errorCode: (_err_errorCode = err.errorCode) != null ? _err_errorCode : err.statusCode
+        });
+    }
+    return res.status(500).send({
+        errors: [
+            {
+                message: 'Something went wrong'
+            }
+        ]
+    });
+};
+
+/**
+ * Formats Joi validation errors into a readable array of messages.
+ * @param error - The Joi validation error
+ * @returns Array of formatted error messages
+ */ function errorFormatter(error) {
+    const { details } = error;
+    return details.map((detail)=>detail.message.replace(/"/g, ''));
+}
+/**
+ * Validates data against a Joi schema.
+ * Throws a BadRequestException with detailed error messages if validation fails.
+ *
+ * @param schema - The Joi schema to validate against
+ * @param payload - The data to validate
+ * @param options - Optional Joi validation options
+ * @returns The validated and potentially transformed data
+ * @throws {BadRequestException} When validation fails
+ *
+ * @example
+ * ```typescript
+ * const schema = Joi.object({ email: Joi.string().email().required() });
+ * const validated = await joiValidator(schema, { email: 'test@example.com' });
+ * ```
+ */ async function joiValidator(schema, payload, options) {
+    try {
+        const value = await schema.validateAsync(payload, _extends({
+            abortEarly: false
+        }, options));
+        return value;
+    } catch (err) {
+        throw new BadRequestException('Invalid parameters', errorFormatter(err));
+    }
+}
+/**
+ * Validates data against a Joi schema (wrapper for joiValidator).
+ * @deprecated Use joiValidator directly
+ */ async function validateJoiSchema(scheme, data) {
+    return await joiValidator(scheme, data);
+}
+function retrieveRouteMetaData(route) {
+    const configuration = Reflect.getMetadata(CONTROLLER_ROUTE_KEY, route);
+    if (!configuration) {
+        throw new Error(`No @Post/@Get metadata found on controller: ${route.name}`);
+    }
+    return configuration;
+}
+
+var utils = /*#__PURE__*/Object.freeze({
+    __proto__: null,
+    joiValidator: joiValidator,
+    retrieveRouteMetaData: retrieveRouteMetaData,
+    validateJoiSchema: validateJoiSchema
+});
+
+const controllerHandler = (controller, config)=>{
+    return async (req, res, next)=>{
+        try {
+            let query = req.query;
+            if (config.validateQuery && req.query) {
+                if (config.parseQueryParams) {
+                    query = await config.validateQuery(config.parseQueryParams(req.query));
+                } else {
+                    query = await config.validateQuery(req.query);
+                }
+            }
+            const response = await controller.handler(_extends({}, req, {
+                query,
+                body: req.body
+            }));
+            var _response_statusCode, _response_statusCode1;
+            return res.status((_response_statusCode = response.statusCode) != null ? _response_statusCode : 200).json(response.excludeMetaData ? response.data : _extends({
+                message: 'successful',
+                statusCode: (_response_statusCode1 = response.statusCode) != null ? _response_statusCode1 : 200
+            }, response.data ? {
+                data: response.data
+            } : {
+                data: response
+            }));
+        } catch (error) {
+            if (error instanceof RabApiError) {
+                return next(new RabApiError(error.message, error.statusCode, error.errorCode, error.errors));
+            }
+            return next(error);
+        }
+    };
+};
+
+/**
+ * Extracts the Bearer token from the Authorization header
+ *
+ * @param request - Express request object
+ * @returns The extracted token or undefined if not found or not a Bearer token
+ *
+ * @example
+ * ```typescript
+ * const token = extractTokenFromHeader(req);
+ * if (!token) {
+ *   throw new UnauthorizedException();
+ * }
+ * ```
+ */ const extractTokenFromHeader = (request)=>{
+    var _request_headers_authorization;
+    var _request_headers_authorization_split;
+    const [type, token] = (_request_headers_authorization_split = (_request_headers_authorization = request.headers.authorization) == null ? void 0 : _request_headers_authorization.split(' ')) != null ? _request_headers_authorization_split : [];
+    return type === 'Bearer' ? token : undefined;
+};
+
+const authHandler = (isProtected, config)=>(req, res, next)=>{
+        console.log('authHandler:', req.path, ':isProtected:', isProtected);
+        if (!isProtected) return next();
+        const token = extractTokenFromHeader(req);
+        if (!token) {
+            console.log('authHandler:UnauthorizedException:Token Not Found');
+            throw new UnauthorizedException();
+        }
+        try {
+            const payload = jwt.verify(token, config.jwt.secret_key);
+            req['auth'] = payload;
+            return next();
+        } catch (err) {
+            console.error('authHandler:JWT Error:', err.message);
+            throw new UnauthorizedException();
+        }
+    };
+
+const bodyValidatorWithContext = (config)=>{
+    return async (req, res, next)=>{
+        // Skip if body validation is not needed
+        if (!config.bodySchema || config.disableBodyValidation || !req.body) {
+            return next();
+        }
+        try {
+            // Create a validation context with the authenticated user
+            const validationContext = {
+                'atom-req-user': req.user || null
+            };
+            // Clone the schema and set context using validate options instead of prefs
+            // This avoids the "Cannot override context" error
+            const validationOptions = {
+                context: validationContext
+            };
+            // Validate the body with the user context using existing joiValidator
+            // Replace the request body with the validated body
+            req.body = await joiValidator(config.bodySchema, req.body, validationOptions);
+            next();
+        } catch (error) {
+            next(error);
+        }
+    };
+};
+
+function buildUrlPath(...segments) {
+    if (segments.length === 0) return '';
+    let pathSegments = [
+        ...segments
+    ].filter(Boolean);
+    // If last segment is an object (replacement map)
+    const last = pathSegments[pathSegments.length - 1];
+    if (typeof last === 'object' && last !== null) {
+        const replacements = last;
+        pathSegments = pathSegments.slice(0, -1).map((seg)=>{
+            if (typeof seg === 'string') {
+                let updated = seg;
+                for(const key in replacements){
+                    updated = updated.replace(`:${key}`, String(replacements[key]));
+                }
+                return updated;
+            }
+            return seg;
+        });
+    }
+    return pathSegments.filter((segment)=>typeof segment === 'string' && segment.trim() !== '').map((segment, index)=>segment.startsWith('/') || index === 0 ? segment : '/' + segment).join('');
+}
+
+class OpenApiGenerator {
+    generate() {
+        var _this_options_openapi, _this_options_openapi1;
+        const info = ((_this_options_openapi = this.options.openapi) == null ? void 0 : _this_options_openapi.info) || {};
+        const spec = {
+            openapi: '3.0.3',
+            info: {
+                title: info.title || 'API Documentation',
+                version: info.version || '1.0.0',
+                description: info.description || 'Generated API documentation'
+            },
+            paths: {},
+            components: {
+                schemas: {},
+                securitySchemes: this.options.auth ? {
+                    bearerAuth: {
+                        type: 'http',
+                        scheme: 'bearer',
+                        bearerFormat: 'JWT',
+                        description: 'JWT Bearer token authentication. Format: Authorization: Bearer <token>'
+                    }
+                } : {}
+            }
+        };
+        // Add servers if specified
+        if ((_this_options_openapi1 = this.options.openapi) == null ? void 0 : _this_options_openapi1.servers) {
+            spec.servers = this.options.openapi.servers;
+        }
+        // Add security globally if auth is enabled
+        if (this.options.auth) {
+            spec.security = [
+                {
+                    bearerAuth: []
+                }
+            ];
+        }
+        // Process collected routes
+        for (const route of this.routes){
+            var _route_options, _options_docs, _options_docs1, _options_docs2, _options_docs3, _options_docs4, _options_docs5;
+            // Skip if excluded from docs
+            if ((_route_options = route.options) == null ? void 0 : _route_options.excludeFromDocs) {
+                continue;
+            }
+            const { method, fullPath, options } = route;
+            let pathKey = fullPath.replace(/\/:([^/]+)/g, '/{$1}'); // Convert Express params to OpenAPI format
+            // Remove trailing slash if it exists (except for root path)
+            if (pathKey.length > 1 && pathKey.endsWith('/')) {
+                pathKey = pathKey.slice(0, -1);
+            }
+            if (!spec.paths[pathKey]) {
+                spec.paths[pathKey] = {};
+            }
+            const operation = {
+                summary: (options == null ? void 0 : (_options_docs = options.docs) == null ? void 0 : _options_docs.summary) || pathKey,
+                responses: (options == null ? void 0 : (_options_docs1 = options.docs) == null ? void 0 : _options_docs1.responses) || {
+                    '200': {
+                        description: 'Successful response',
+                        content: {
+                            'application/json': {
+                                schema: {
+                                    type: 'object'
+                                }
+                            }
+                        }
+                    },
+                    '400': {
+                        description: 'Bad request'
+                    },
+                    '401': {
+                        description: 'Unauthorized'
+                    },
+                    '500': {
+                        description: 'Internal server error'
+                    }
+                }
+            };
+            // Add optional fields only if they exist
+            if (options == null ? void 0 : (_options_docs2 = options.docs) == null ? void 0 : _options_docs2.description) {
+                operation.description = options.docs.description;
+            }
+            // Add tags - use custom tags if provided, otherwise generate default tag from path
+            if (options == null ? void 0 : (_options_docs3 = options.docs) == null ? void 0 : _options_docs3.tags) {
+                operation.tags = options.docs.tags;
+            } else {
+                // Generate default tag from the first segment of the path
+                const defaultTag = this.generateDefaultTag(fullPath);
+                if (defaultTag) {
+                    operation.tags = [
+                        defaultTag
+                    ];
+                }
+            }
+            if (options == null ? void 0 : (_options_docs4 = options.docs) == null ? void 0 : _options_docs4.operationId) {
+                operation.operationId = options.docs.operationId;
+            }
+            if (options == null ? void 0 : (_options_docs5 = options.docs) == null ? void 0 : _options_docs5.deprecated) {
+                operation.deprecated = options.docs.deprecated;
+            }
+            // Add security for protected routes
+            // First check if docs specify custom security, otherwise use default logic
+            if ((options == null ? void 0 : options.isProtected) !== false && this.options.auth) {
+                operation.security = [
+                    {
+                        bearerAuth: []
+                    }
+                ];
+            } else if ((options == null ? void 0 : options.isProtected) === false) {
+                operation.security = [];
+            }
+            // Add request body for POST/PUT/PATCH
+            if ([
+                'post',
+                'put',
+                'patch'
+            ].includes(method) && (options == null ? void 0 : options.bodySchema)) {
+                operation.requestBody = {
+                    required: true,
+                    content: {
+                        'application/json': {
+                            schema: this.joiToOpenApiSchema(options.bodySchema)
+                        }
+                    }
+                };
+            }
+            // Add query parameters if querySchema exists
+            if (options == null ? void 0 : options.querySchema) {
+                const querySchema = this.joiToOpenApiSchema(options.querySchema);
+                if (querySchema.properties) {
+                    const queryParams = Object.entries(querySchema.properties).map(([name, schema])=>{
+                        var _querySchema_required;
+                        return {
+                            name,
+                            in: 'query',
+                            required: ((_querySchema_required = querySchema.required) == null ? void 0 : _querySchema_required.includes(name)) || false,
+                            schema
+                        };
+                    });
+                    // Only add parameters if we have query parameters
+                    if (queryParams.length > 0) {
+                        operation.parameters = queryParams;
+                    }
+                }
+            }
+            spec.paths[pathKey][method] = operation;
+        }
+        return spec;
+    }
+    joiToOpenApiSchema(joiSchema) {
+        if (!joiSchema || typeof joiSchema.describe !== 'function') {
+            return {
+                type: 'object'
+            };
+        }
+        try {
+            // Use Joi's describe() method to get the schema structure
+            const description = joiSchema.describe();
+            return this.convertJoiDescriptionToOpenApi(description);
+        } catch (error) {
+            console.warn('Failed to convert Joi schema to OpenAPI:', error);
+            return {
+                type: 'object'
+            };
+        }
+    }
+    convertJoiDescriptionToOpenApi(joiDescription) {
+        var _joiDescription_flags, _joiDescription_flags1;
+        const schema = {};
+        // Handle different Joi types
+        switch(joiDescription.type){
+            case 'object':
+                schema.type = 'object';
+                if (joiDescription.keys) {
+                    schema.properties = {};
+                    const required = [];
+                    for (const [key, value] of Object.entries(joiDescription.keys)){
+                        var _keyDescription_flags;
+                        const keyDescription = value;
+                        schema.properties[key] = this.convertJoiDescriptionToOpenApi(keyDescription);
+                        // Check if field is required
+                        if (((_keyDescription_flags = keyDescription.flags) == null ? void 0 : _keyDescription_flags.presence) === 'required') {
+                            required.push(key);
+                        }
+                    }
+                    if (required.length > 0) {
+                        schema.required = required;
+                    }
+                }
+                break;
+            case 'array':
+                schema.type = 'array';
+                if (joiDescription.items && joiDescription.items.length > 0) {
+                    schema.items = this.convertJoiDescriptionToOpenApi(joiDescription.items[0]);
+                }
+                break;
+            case 'string':
+                schema.type = 'string';
+                if (joiDescription.rules) {
+                    for (const rule of joiDescription.rules){
+                        switch(rule.name){
+                            case 'min':
+                                var _rule_args;
+                                schema.minLength = (_rule_args = rule.args) == null ? void 0 : _rule_args.limit;
+                                break;
+                            case 'max':
+                                var _rule_args1;
+                                schema.maxLength = (_rule_args1 = rule.args) == null ? void 0 : _rule_args1.limit;
+                                break;
+                            case 'email':
+                                schema.format = 'email';
+                                break;
+                            case 'uri':
+                                schema.format = 'uri';
+                                break;
+                            case 'uuid':
+                                schema.format = 'uuid';
+                                break;
+                        }
+                    }
+                }
+                if (joiDescription.allow) {
+                    schema.enum = joiDescription.allow;
+                }
+                break;
+            case 'number':
+                schema.type = 'number';
+                if (joiDescription.rules) {
+                    for (const rule of joiDescription.rules){
+                        switch(rule.name){
+                            case 'min':
+                                var _rule_args2;
+                                schema.minimum = (_rule_args2 = rule.args) == null ? void 0 : _rule_args2.limit;
+                                break;
+                            case 'max':
+                                var _rule_args3;
+                                schema.maximum = (_rule_args3 = rule.args) == null ? void 0 : _rule_args3.limit;
+                                break;
+                            case 'integer':
+                                schema.type = 'integer';
+                                break;
+                        }
+                    }
+                }
+                break;
+            case 'boolean':
+                schema.type = 'boolean';
+                break;
+            case 'date':
+                schema.type = 'string';
+                schema.format = 'date-time';
+                break;
+            default:
+                schema.type = 'object';
+        }
+        // Add description if available
+        if ((_joiDescription_flags = joiDescription.flags) == null ? void 0 : _joiDescription_flags.description) {
+            schema.description = joiDescription.flags.description;
+        }
+        // Add default value if available
+        if (((_joiDescription_flags1 = joiDescription.flags) == null ? void 0 : _joiDescription_flags1.default) !== undefined) {
+            schema.default = joiDescription.flags.default;
+        }
+        // Handle nullable values
+        if (joiDescription.allow && joiDescription.allow.includes(null)) {
+            schema.nullable = true;
+        }
+        return schema;
+    }
+    generateDefaultTag(fullPath) {
+        // Extract the first meaningful segment from the path to use as tag
+        // e.g., "/users/profile" -> "Users", "/api/v1/products" -> "Products"
+        const segments = fullPath.split('/').filter((segment)=>segment && segment !== 'api' && !segment.match(/^v\d+$/) // Skip version segments like v1, v2
+        );
+        if (segments.length === 0) {
+            return null;
+        }
+        const firstSegment = segments[0];
+        // Capitalize first letter and make it singular/clean
+        return firstSegment.charAt(0).toUpperCase() + firstSegment.slice(1).toLowerCase();
+    }
+    constructor(routes, options){
+        this.routes = routes;
+        this.options = options;
+    }
+}
+
+function isRouteAController(value) {
+    return typeof value === 'function'; // controllers are class and this will return constructor function
+}
+class RabApi {
+    static createRouter(props) {
+        return props;
+    }
+    static createApp(props) {
+        return new AtomExpressApp(props);
+    }
+}
+class AtomExpressApp {
+    use(...middleware) {
+        this.app.use(...middleware);
+    }
+    resolvePipes(routeDefinition = {}, pipes) {
+        const resolvedPipes = [];
+        // Process pipes
+        if (pipes) {
+            for (const pipe of pipes){
+                if (isCallBackPipe(pipe)) {
+                    const callbackPipes = pipe(routeDefinition);
+                    resolvedPipes.push(...callbackPipes);
+                } else {
+                    resolvedPipes.push(pipe);
+                }
+            }
+        }
+        return resolvedPipes;
+    }
+    route(routerParams) {
+        this.app.use(routerParams.basePath || '', this.buildRouter(_extends({}, routerParams, {
+            fullPath: routerParams.basePath || ''
+        })));
+    }
+    listen(port, callback) {
+        var _this_options_openapi;
+        // Setup OpenAPI endpoint if enabled
+        if (((_this_options_openapi = this.options.openapi) == null ? void 0 : _this_options_openapi.enabled) !== false) {
+            var _this_options_openapi1;
+            const openapiPath = ((_this_options_openapi1 = this.options.openapi) == null ? void 0 : _this_options_openapi1.path) || '/openapi.json';
+            const generator = new OpenApiGenerator(this.collectedRoutes, this.options);
+            this.app.get(openapiPath, (req, res)=>{
+                res.json(generator.generate());
+            });
+        }
+        if (this.options.errorHandler) {
+            this.app.use(this.options.errorHandler);
+        }
+        return this.app.listen(port, callback);
+    }
+    getCollectedRoutes() {
+        return this.collectedRoutes;
+    }
+    constructor(options){
+        var _options_auth;
+        this.collectedRoutes = [];
+        this.setupRouteController = (expressRouter, route, parentOptions)=>{
+            var _config_docs;
+            const metaData = retrieveRouteMetaData(route);
+            const { method, path, options } = metaData;
+            const config = _extends({}, parentOptions, options, {
+                enforceBodyValidation: this.options.enforceBodyValidation
+            });
+            if (method == 'get' && config.querySchema && !config.validateQuery) {
+                const querySchema = config.querySchema;
+                config.validateQuery = (body)=>validateJoiSchema(querySchema, body);
+            }
+            if ([
+                'post',
+                'put',
+                'patch'
+            ].includes(method)) {
+                if (!config.disableBodyValidation) {
+                    if (config.enforceBodyValidation && !config.bodySchema) {
+                        throw new Error('missing body schema: your api enforce body validation');
+                    }
+                }
+            }
+            var _parentOptions_pipes, _options_pipes;
+            const allPipes = this.resolvePipes(config, [
+                ...(_parentOptions_pipes = parentOptions == null ? void 0 : parentOptions.pipes) != null ? _parentOptions_pipes : [],
+                ...(_options_pipes = options == null ? void 0 : options.pipes) != null ? _options_pipes : []
+            ]);
+            //auth middleware
+            if (this.options.auth) {
+                var _config_isProtected;
+                allPipes.unshift(authHandler((_config_isProtected = config.isProtected) != null ? _config_isProtected : this.options.enforceRouteProtection, this.options.auth));
+            }
+            //add body validation to validate the schema and inject request context
+            if (config.bodySchema && !config.disableBodyValidation) {
+                allPipes.push(bodyValidatorWithContext(config));
+            }
+            const allMiddlewares = [
+                ...allPipes,
+                controllerHandler(typedi.Container.get(route), config)
+            ];
+            expressRouter[method](path || '', composeMiddleware.compose(allMiddlewares));
+            // Collect route information for OpenAPI
+            const fullPath = buildUrlPath((parentOptions == null ? void 0 : parentOptions.fullPath) || '', path);
+            this.collectedRoutes.push({
+                method,
+                path,
+                fullPath,
+                controller: route,
+                metadata: metaData,
+                options: _extends({}, config, {
+                    docs: _extends({}, config.docs, {
+                        tags: ((_config_docs = config.docs) == null ? void 0 : _config_docs.tags) || (parentOptions == null ? void 0 : parentOptions.tags)
+                    })
+                })
+            });
+        };
+        this.buildRouter = (routerParams)=>{
+            const expressRouter = express.Router();
+            const { controllers } = routerParams, options = _object_without_properties_loose(routerParams, [
+                "controllers"
+            ]);
+            for (const route of controllers){
+                if (isRouteAController(route)) {
+                    this.setupRouteController(expressRouter, route, options);
+                } else {
+                    var _routerParams_pipes, _route_pipes;
+                    expressRouter.use(route.basePath || '', this.buildRouter(_extends({}, route, {
+                        pipes: [
+                            ...(_routerParams_pipes = routerParams.pipes) != null ? _routerParams_pipes : [],
+                            ...(_route_pipes = route == null ? void 0 : route.pipes) != null ? _route_pipes : []
+                        ],
+                        fullPath: buildUrlPath(routerParams.basePath, route.basePath)
+                    })));
+                }
+            }
+            return expressRouter;
+        };
+        this.app = express();
+        if (((_options_auth = options.auth) == null ? void 0 : _options_auth.jwt) && options.auth.jwt.secret_key && options.auth.jwt.secret_key.length <= 10) {
+            throw new Error('AtomApi:JWT:Error: missing secret or secret key length must be greater than 10');
+        }
+        var _options_enforceRouteProtection, _options_enforceBodyValidation;
+        this.options = _extends({}, options, {
+            enforceRouteProtection: (_options_enforceRouteProtection = options.enforceRouteProtection) != null ? _options_enforceRouteProtection : true,
+            enforceBodyValidation: (_options_enforceBodyValidation = options.enforceBodyValidation) != null ? _options_enforceBodyValidation : true
+        });
+    }
+}
+
+exports.AtomExpressApp = AtomExpressApp;
+exports.AtomHelpers = utils;
+exports.AtomRoute = AtomRoute;
+exports.BadRequestException = BadRequestException;
+exports.CONTROLLER_ROUTE_KEY = CONTROLLER_ROUTE_KEY;
+exports.ConflictException = ConflictException;
+exports.Controller = Controller;
+exports.Delete = Delete;
+exports.DiContainer = DiContainer;
+exports.ForbiddenException = ForbiddenException;
+exports.Get = Get;
+exports.Injectable = Injectable;
+exports.InternalServerErrorException = InternalServerErrorException;
+exports.MethodNotAllowedException = MethodNotAllowedException;
+exports.NotFoundException = NotFoundException;
+exports.OpenApiGenerator = OpenApiGenerator;
+exports.Patch = Patch;
+exports.PayloadTooLargeException = PayloadTooLargeException;
+exports.Post = Post;
+exports.Put = Put;
+exports.RabApi = RabApi;
+exports.RabApiError = RabApiError;
+exports.RequestTimeoutException = RequestTimeoutException;
+exports.ServiceUnavailableException = ServiceUnavailableException;
+exports.TooManyRequestsException = TooManyRequestsException;
+exports.UnauthorizedException = UnauthorizedException;
+exports.UnprocessableEntityException = UnprocessableEntityException;
+exports.authHandler = authHandler;
+exports.bodyValidatorWithContext = bodyValidatorWithContext;
+exports.controllerHandler = controllerHandler;
+exports.errorHandler = errorHandler;
+exports.extractTokenFromHeader = extractTokenFromHeader;
+exports.isCallBackPipe = isCallBackPipe;
+exports.isRouteAController = isRouteAController;