@riktajs/core 0.1.0 → 0.2.1

package/dist/core/decorators/param.decorator.js

@@ -4,69 +4,148 @@ exports.Context = exports.Ctx = exports.Reply = exports.Res = exports.Request =
 require("reflect-metadata");
 const constants_1 = require("../constants");
 /**
- * Creates a parameter decorator
+ * Type guard to check if a value is a Zod schema
+ * Uses duck typing to detect Zod schemas without importing the full library
+ */
+function isZodType(value) {
+    return (value !== null &&
+        typeof value === 'object' &&
+        '_def' in value &&
+        'safeParse' in value &&
+        typeof value.safeParse === 'function');
+}
+/**
+ * Creates a type-safe parameter decorator factory with Zod schema support
+ *
+ * Supports three overloads:
+ * 1. @Decorator() - Inject the full value
+ * 2. @Decorator('key') - Inject a specific property by key
+ * 3. @Decorator(zodSchema) - Inject with validation and type inference
  */
 function createParamDecorator(type) {
-    return (key) => {
+    function decorator(keyOrSchema) {
         return (target, propertyKey, parameterIndex) => {
             if (propertyKey === undefined)
                 return;
             // Get existing params or initialize empty array
             const existingParams = Reflect.getMetadata(constants_1.PARAM_METADATA, target.constructor, propertyKey) ?? [];
-            // Add this param
-            existingParams.push({
+            // Determine if we have a key string or a Zod schema
+            const isSchema = isZodType(keyOrSchema);
+            // Build metadata object
+            const metadata = {
                 index: parameterIndex,
                 type,
-                key,
-            });
+                key: isSchema ? undefined : keyOrSchema,
+                zodSchema: isSchema ? keyOrSchema : undefined,
+            };
+            // Add this param
+            existingParams.push(metadata);
             // Store updated params
             Reflect.defineMetadata(constants_1.PARAM_METADATA, existingParams, target.constructor, propertyKey);
         };
-    };
+    }
+    return decorator;
 }
 /**
  * @Body() decorator - Injects the request body
  *
+ * Supports three modes:
+ * 1. `@Body()` - Inject the entire request body
+ * 2. `@Body('propertyName')` - Inject a specific property from the body
+ * 3. `@Body(zodSchema)` - Validate and inject with type inference
+ *
  * @example
  * ```typescript
+ * // Inject entire body (untyped)
  * @Post('/users')
- * createUser(@Body({ schema: CreateUserDto }) data) { return data; }
+ * createUser(@Body() data: unknown) { return data; }
  *
+ * // Inject specific property
  * @Post('/users')
  * createUser(@Body('name') name: string) { return { name }; }
+ *
+ * // Validate with Zod schema (type-safe!)
+ * const CreateUserSchema = z.object({ name: z.string(), email: z.string().email() });
+ * @Post('/users')
+ * createUser(@Body(CreateUserSchema) data: z.infer<typeof CreateUserSchema>) {
+ *   // data is fully typed as { name: string; email: string }
+ *   return data;
+ * }
  * ```
  */
 exports.Body = createParamDecorator(constants_1.ParamType.BODY);
 /**
  * @Query() decorator - Injects query parameters
  *
+ * Supports three modes:
+ * 1. `@Query()` - Inject all query parameters
+ * 2. `@Query('paramName')` - Inject a specific query parameter
+ * 3. `@Query(zodSchema)` - Validate and inject with type inference
+ *
  * @example
  * ```typescript
+ * // Inject specific query param
  * @Get('/users')
  * getUsers(@Query('page') page: string) { return { page }; }
  *
+ * // Inject all query params
  * @Get('/users')
  * getUsers(@Query() query: Record<string, unknown>) { return query; }
+ *
+ * // Validate with Zod schema
+ * const PaginationSchema = z.object({ page: z.coerce.number(), limit: z.coerce.number() });
+ * @Get('/users')
+ * getUsers(@Query(PaginationSchema) query: z.infer<typeof PaginationSchema>) {
+ *   // query is { page: number; limit: number }
+ *   return query;
+ * }
  * ```
  */
 exports.Query = createParamDecorator(constants_1.ParamType.QUERY);
 /**
  * @Param() decorator - Injects route parameters
  *
+ * Supports three modes:
+ * 1. `@Param()` - Inject all route parameters
+ * 2. `@Param('paramName')` - Inject a specific route parameter
+ * 3. `@Param(zodSchema)` - Validate and inject with type inference
+ *
  * @example
  * ```typescript
+ * // Inject specific param
  * @Get('/users/:id')
  * getUser(@Param('id') id: string) { return { id }; }
+ *
+ * // Validate with Zod schema
+ * const IdSchema = z.object({ id: z.string().uuid() });
+ * @Get('/users/:id')
+ * getUser(@Param(IdSchema) params: z.infer<typeof IdSchema>) {
+ *   // params.id is validated as UUID
+ *   return params;
+ * }
  * ```
  */
 exports.Param = createParamDecorator(constants_1.ParamType.PARAM);
 /**
  * @Headers() decorator - Injects request headers
  *
+ * Supports three modes:
+ * 1. `@Headers()` - Inject all headers
+ * 2. `@Headers('headerName')` - Inject a specific header
+ * 3. `@Headers(zodSchema)` - Validate and inject with type inference
+ *
  * @example
  * ```typescript
+ * // Inject specific header
  * @Get('/protected')
  * getData(@Headers('authorization') auth: string) { return { auth }; }
+ *
+ * // Validate with Zod schema
+ * const AuthHeadersSchema = z.object({ authorization: z.string().startsWith('Bearer ') });
+ * @Get('/protected')
+ * getData(@Headers(AuthHeadersSchema) headers: z.infer<typeof AuthHeadersSchema>) {
+ *   return headers;
+ * }
  * ```
  */
 exports.Headers = createParamDecorator(constants_1.ParamType.HEADERS);

package/dist/core/decorators/param.decorator.js.map

@@ -1 +1 @@
-{"version":3,"file":"param.decorator.js","sourceRoot":"","sources":["../../../src/core/decorators/param.decorator.ts"],"names":[],"mappings":";;;AAAA,4BAA0B;AAC1B,4CAAyD;AAWzD;;GAEG;AACH,SAAS,oBAAoB,CAAC,IAAe;IAC3C,OAAO,CAAC,GAAY,EAAsB,EAAE;QAC1C,OAAO,CAAC,MAAc,EAAE,WAAwC,EAAE,cAAsB,EAAE,EAAE;YAC1F,IAAI,WAAW,KAAK,SAAS;gBAAE,OAAO;YAEtC,gDAAgD;YAChD,MAAM,cAAc,GAClB,OAAO,CAAC,WAAW,CAAC,0BAAc,EAAE,MAAM,CAAC,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,CAAC;YAE7E,iBAAiB;YACjB,cAAc,CAAC,IAAI,CAAC;gBAClB,KAAK,EAAE,cAAc;gBACrB,IAAI;gBACJ,GAAG;aACJ,CAAC,CAAC;YAEH,uBAAuB;YACvB,OAAO,CAAC,cAAc,CAAC,0BAAc,EAAE,cAAc,EAAE,MAAM,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QAC1F,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;GAWG;AACU,QAAA,IAAI,GAAG,oBAAoB,CAAC,qBAAS,CAAC,IAAI,CAAC,CAAC;AAEzD;;;;;;;;;;;GAWG;AACU,QAAA,KAAK,GAAG,oBAAoB,CAAC,qBAAS,CAAC,KAAK,CAAC,CAAC;AAE3D;;;;;;;;GAQG;AACU,QAAA,KAAK,GAAG,oBAAoB,CAAC,qBAAS,CAAC,KAAK,CAAC,CAAC;AAE3D;;;;;;;;GAQG;AACU,QAAA,OAAO,GAAG,oBAAoB,CAAC,qBAAS,CAAC,OAAO,CAAC,CAAC;AAE/D;;GAEG;AACU,QAAA,GAAG,GAAG,oBAAoB,CAAC,qBAAS,CAAC,OAAO,CAAC,CAAC;AAC9C,QAAA,OAAO,GAAG,WAAG,CAAC;AAE3B;;GAEG;AACU,QAAA,GAAG,GAAG,oBAAoB,CAAC,qBAAS,CAAC,KAAK,CAAC,CAAC;AAC5C,QAAA,KAAK,GAAG,WAAG,CAAC;AAEzB;;GAEG;AACU,QAAA,GAAG,GAAG,oBAAoB,CAAC,qBAAS,CAAC,OAAO,CAAC,CAAC;AAC9C,QAAA,OAAO,GAAG,WAAG,CAAC"}
+{"version":3,"file":"param.decorator.js","sourceRoot":"","sources":["../../../src/core/decorators/param.decorator.ts"],"names":[],"mappings":";;;AAAA,4BAA0B;AAE1B,4CAAyD;AAazD;;;GAGG;AACH,SAAS,SAAS,CAAC,KAAc;IAC/B,OAAO,CACL,KAAK,KAAK,IAAI;QACd,OAAO,KAAK,KAAK,QAAQ;QACzB,MAAM,IAAI,KAAK;QACf,WAAW,IAAI,KAAK;QACpB,OAAQ,KAAgC,CAAC,SAAS,KAAK,UAAU,CAClE,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,oBAAoB,CAAC,IAAe;IAK3C,SAAS,SAAS,CAAI,WAAiC;QACrD,OAAO,CAAC,MAAc,EAAE,WAAwC,EAAE,cAAsB,EAAE,EAAE;YAC1F,IAAI,WAAW,KAAK,SAAS;gBAAE,OAAO;YAEtC,gDAAgD;YAChD,MAAM,cAAc,GAClB,OAAO,CAAC,WAAW,CAAC,0BAAc,EAAE,MAAM,CAAC,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,CAAC;YAE7E,oDAAoD;YACpD,MAAM,QAAQ,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC;YAExC,wBAAwB;YACxB,MAAM,QAAQ,GAAkB;gBAC9B,KAAK,EAAE,cAAc;gBACrB,IAAI;gBACJ,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW;gBACvC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;aAC9C,CAAC;YAEF,iBAAiB;YACjB,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAE9B,uBAAuB;YACvB,OAAO,CAAC,cAAc,CAAC,0BAAc,EAAE,cAAc,EAAE,MAAM,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QAC1F,CAAC,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACU,QAAA,IAAI,GAAG,oBAAoB,CAAC,qBAAS,CAAC,IAAI,CAAC,CAAC;AAEzD;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACU,QAAA,KAAK,GAAG,oBAAoB,CAAC,qBAAS,CAAC,KAAK,CAAC,CAAC;AAE3D;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACU,QAAA,KAAK,GAAG,oBAAoB,CAAC,qBAAS,CAAC,KAAK,CAAC,CAAC;AAE3D;;;;;;;;;;;;;;;;;;;;;GAqBG;AACU,QAAA,OAAO,GAAG,oBAAoB,CAAC,qBAAS,CAAC,OAAO,CAAC,CAAC;AAE/D;;GAEG;AACU,QAAA,GAAG,GAAG,oBAAoB,CAAC,qBAAS,CAAC,OAAO,CAAC,CAAC;AAC9C,QAAA,OAAO,GAAG,WAAG,CAAC;AAE3B;;GAEG;AACU,QAAA,GAAG,GAAG,oBAAoB,CAAC,qBAAS,CAAC,KAAK,CAAC,CAAC;AAC5C,QAAA,KAAK,GAAG,WAAG,CAAC;AAEzB;;GAEG;AACU,QAAA,GAAG,GAAG,oBAAoB,CAAC,qBAAS,CAAC,OAAO,CAAC,CAAC;AAC9C,QAAA,OAAO,GAAG,WAAG,CAAC"}

package/dist/core/exceptions/index.d.ts

@@ -1,4 +1,5 @@
 export { HttpException, HttpExceptionBody, HttpExceptionResponse } from './http-exception';
+export { ValidationException, ValidationErrorDetails } from './validation.exception';
 export { BadRequestException, UnauthorizedException, ForbiddenException, NotFoundException, MethodNotAllowedException, NotAcceptableException, RequestTimeoutException, ConflictException, GoneException, PayloadTooLargeException, UnsupportedMediaTypeException, UnprocessableEntityException, TooManyRequestsException, InternalServerErrorException, NotImplementedException, BadGatewayException, ServiceUnavailableException, GatewayTimeoutException, } from './exceptions';
 export { ExceptionFilter, ExceptionContext, ErrorResponse, GlobalExceptionFilter, GlobalExceptionFilterOptions, createExceptionHandler, } from './exception-filter';
 export { Catch, CatchMetadata, CATCH_METADATA, getCatchMetadata } from './catch.decorator';

package/dist/core/exceptions/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/exceptions/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAG3F,OAAO,EAEL,mBAAmB,EACnB,qBAAqB,EACrB,kBAAkB,EAClB,iBAAiB,EACjB,yBAAyB,EACzB,sBAAsB,EACtB,uBAAuB,EACvB,iBAAiB,EACjB,aAAa,EACb,wBAAwB,EACxB,6BAA6B,EAC7B,4BAA4B,EAC5B,wBAAwB,EAExB,4BAA4B,EAC5B,uBAAuB,EACvB,mBAAmB,EACnB,2BAA2B,EAC3B,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,qBAAqB,EACrB,4BAA4B,EAC5B,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/exceptions/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAG3F,OAAO,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAGrF,OAAO,EAEL,mBAAmB,EACnB,qBAAqB,EACrB,kBAAkB,EAClB,iBAAiB,EACjB,yBAAyB,EACzB,sBAAsB,EACtB,uBAAuB,EACvB,iBAAiB,EACjB,aAAa,EACb,wBAAwB,EACxB,6BAA6B,EAC7B,4BAA4B,EAC5B,wBAAwB,EAExB,4BAA4B,EAC5B,uBAAuB,EACvB,mBAAmB,EACnB,2BAA2B,EAC3B,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,qBAAqB,EACrB,4BAA4B,EAC5B,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/core/exceptions/index.js

@@ -1,9 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getCatchMetadata = exports.CATCH_METADATA = exports.Catch = exports.createExceptionHandler = exports.GlobalExceptionFilter = exports.GatewayTimeoutException = exports.ServiceUnavailableException = exports.BadGatewayException = exports.NotImplementedException = exports.InternalServerErrorException = exports.TooManyRequestsException = exports.UnprocessableEntityException = exports.UnsupportedMediaTypeException = exports.PayloadTooLargeException = exports.GoneException = exports.ConflictException = exports.RequestTimeoutException = exports.NotAcceptableException = exports.MethodNotAllowedException = exports.NotFoundException = exports.ForbiddenException = exports.UnauthorizedException = exports.BadRequestException = exports.HttpException = void 0;
+exports.getCatchMetadata = exports.CATCH_METADATA = exports.Catch = exports.createExceptionHandler = exports.GlobalExceptionFilter = exports.GatewayTimeoutException = exports.ServiceUnavailableException = exports.BadGatewayException = exports.NotImplementedException = exports.InternalServerErrorException = exports.TooManyRequestsException = exports.UnprocessableEntityException = exports.UnsupportedMediaTypeException = exports.PayloadTooLargeException = exports.GoneException = exports.ConflictException = exports.RequestTimeoutException = exports.NotAcceptableException = exports.MethodNotAllowedException = exports.NotFoundException = exports.ForbiddenException = exports.UnauthorizedException = exports.BadRequestException = exports.ValidationException = exports.HttpException = void 0;
 // HTTP Exception
 var http_exception_1 = require("./http-exception");
 Object.defineProperty(exports, "HttpException", { enumerable: true, get: function () { return http_exception_1.HttpException; } });
+// Validation Exception (Zod)
+var validation_exception_1 = require("./validation.exception");
+Object.defineProperty(exports, "ValidationException", { enumerable: true, get: function () { return validation_exception_1.ValidationException; } });
 // Specific Exceptions
 var exceptions_1 = require("./exceptions");
 // 4xx Client Errors

package/dist/core/exceptions/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/core/exceptions/index.ts"],"names":[],"mappings":";;;AAAA,iBAAiB;AACjB,mDAA2F;AAAlF,+GAAA,aAAa,OAAA;AAEtB,sBAAsB;AACtB,2CAqBsB;AApBpB,oBAAoB;AACpB,iHAAA,mBAAmB,OAAA;AACnB,mHAAA,qBAAqB,OAAA;AACrB,gHAAA,kBAAkB,OAAA;AAClB,+GAAA,iBAAiB,OAAA;AACjB,uHAAA,yBAAyB,OAAA;AACzB,oHAAA,sBAAsB,OAAA;AACtB,qHAAA,uBAAuB,OAAA;AACvB,+GAAA,iBAAiB,OAAA;AACjB,2GAAA,aAAa,OAAA;AACb,sHAAA,wBAAwB,OAAA;AACxB,2HAAA,6BAA6B,OAAA;AAC7B,0HAAA,4BAA4B,OAAA;AAC5B,sHAAA,wBAAwB,OAAA;AACxB,oBAAoB;AACpB,0HAAA,4BAA4B,OAAA;AAC5B,qHAAA,uBAAuB,OAAA;AACvB,iHAAA,mBAAmB,OAAA;AACnB,yHAAA,2BAA2B,OAAA;AAC3B,qHAAA,uBAAuB,OAAA;AAGzB,mBAAmB;AACnB,uDAO4B;AAH1B,yHAAA,qBAAqB,OAAA;AAErB,0HAAA,sBAAsB,OAAA;AAGxB,kBAAkB;AAClB,qDAA2F;AAAlF,wGAAA,KAAK,OAAA;AAAiB,iHAAA,cAAc,OAAA;AAAE,mHAAA,gBAAgB,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/core/exceptions/index.ts"],"names":[],"mappings":";;;AAAA,iBAAiB;AACjB,mDAA2F;AAAlF,+GAAA,aAAa,OAAA;AAEtB,6BAA6B;AAC7B,+DAAqF;AAA5E,2HAAA,mBAAmB,OAAA;AAE5B,sBAAsB;AACtB,2CAqBsB;AApBpB,oBAAoB;AACpB,iHAAA,mBAAmB,OAAA;AACnB,mHAAA,qBAAqB,OAAA;AACrB,gHAAA,kBAAkB,OAAA;AAClB,+GAAA,iBAAiB,OAAA;AACjB,uHAAA,yBAAyB,OAAA;AACzB,oHAAA,sBAAsB,OAAA;AACtB,qHAAA,uBAAuB,OAAA;AACvB,+GAAA,iBAAiB,OAAA;AACjB,2GAAA,aAAa,OAAA;AACb,sHAAA,wBAAwB,OAAA;AACxB,2HAAA,6BAA6B,OAAA;AAC7B,0HAAA,4BAA4B,OAAA;AAC5B,sHAAA,wBAAwB,OAAA;AACxB,oBAAoB;AACpB,0HAAA,4BAA4B,OAAA;AAC5B,qHAAA,uBAAuB,OAAA;AACvB,iHAAA,mBAAmB,OAAA;AACnB,yHAAA,2BAA2B,OAAA;AAC3B,qHAAA,uBAAuB,OAAA;AAGzB,mBAAmB;AACnB,uDAO4B;AAH1B,yHAAA,qBAAqB,OAAA;AAErB,0HAAA,sBAAsB,OAAA;AAGxB,kBAAkB;AAClB,qDAA2F;AAAlF,wGAAA,KAAK,OAAA;AAAiB,iHAAA,cAAc,OAAA;AAAE,mHAAA,gBAAgB,OAAA"}

package/dist/core/exceptions/validation.exception.d.ts

@@ -0,0 +1,60 @@
+import type { ZodError } from 'zod';
+import { HttpException } from './http-exception';
+/**
+ * Structured validation error details
+ */
+export interface ValidationErrorDetails {
+    /** The field path where the error occurred */
+    path: (string | number)[];
+    /** Human-readable error message */
+    message: string;
+    /** Zod error code */
+    code: string;
+    /** Expected type/value (if applicable) */
+    expected?: string;
+    /** Received type/value (if applicable) */
+    received?: string;
+}
+/**
+ * Validation Exception
+ *
+ * Thrown when request validation fails using Zod schemas.
+ * Provides detailed error information for each validation issue.
+ *
+ * @example
+ * ```typescript
+ * // The framework throws this automatically when @Body(schema) validation fails
+ * // But you can also throw it manually:
+ *
+ * const result = MySchema.safeParse(data);
+ * if (!result.success) {
+ *   throw new ValidationException(result.error);
+ * }
+ * ```
+ */
+export declare class ValidationException extends HttpException {
+    /**
+     * The original Zod error object
+     */
+    readonly zodError: ZodError;
+    /**
+     * Structured validation error details
+     */
+    readonly errors: ValidationErrorDetails[];
+    constructor(zodError: ZodError, message?: string);
+    /**
+     * Get formatted errors for client response
+     */
+    getValidationErrors(): ValidationErrorDetails[];
+    /**
+     * Get the flattened Zod error format
+     */
+    getFlattenedErrors(): import("zod").typeToFlattenedError<any, string>;
+    /**
+     * Get the formatted Zod error
+     */
+    getFormattedErrors(): {
+        _errors: string[];
+    };
+}
+//# sourceMappingURL=validation.exception.d.ts.map

package/dist/core/exceptions/validation.exception.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.exception.d.ts","sourceRoot":"","sources":["../../../src/core/exceptions/validation.exception.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAY,MAAM,KAAK,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,8CAA8C;IAC9C,IAAI,EAAE,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;IAC1B,mCAAmC;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,qBAAqB;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,mBAAoB,SAAQ,aAAa;IACpD;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAE5B;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,sBAAsB,EAAE,CAAC;gBAE9B,QAAQ,EAAE,QAAQ,EAAE,OAAO,GAAE,MAA4B;IA0BrE;;OAEG;IACH,mBAAmB,IAAI,sBAAsB,EAAE;IAI/C;;OAEG;IACH,kBAAkB;IAIlB;;OAEG;IACH,kBAAkB;;;CAGnB"}

package/dist/core/exceptions/validation.exception.js

@@ -0,0 +1,71 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ValidationException = void 0;
+const http_exception_1 = require("./http-exception");
+/**
+ * Validation Exception
+ *
+ * Thrown when request validation fails using Zod schemas.
+ * Provides detailed error information for each validation issue.
+ *
+ * @example
+ * ```typescript
+ * // The framework throws this automatically when @Body(schema) validation fails
+ * // But you can also throw it manually:
+ *
+ * const result = MySchema.safeParse(data);
+ * if (!result.success) {
+ *   throw new ValidationException(result.error);
+ * }
+ * ```
+ */
+class ValidationException extends http_exception_1.HttpException {
+    /**
+     * The original Zod error object
+     */
+    zodError;
+    /**
+     * Structured validation error details
+     */
+    errors;
+    constructor(zodError, message = 'Validation failed') {
+        // Transform Zod issues to structured format
+        const errors = zodError.issues.map((issue) => ({
+            path: issue.path,
+            message: issue.message,
+            code: issue.code,
+            ...(('expected' in issue) ? { expected: String(issue.expected) } : {}),
+            ...(('received' in issue) ? { received: String(issue.received) } : {}),
+        }));
+        super({
+            message,
+            error: 'Validation Error',
+            details: {
+                errors,
+                errorCount: errors.length,
+            },
+        }, 400);
+        this.zodError = zodError;
+        this.errors = errors;
+    }
+    /**
+     * Get formatted errors for client response
+     */
+    getValidationErrors() {
+        return this.errors;
+    }
+    /**
+     * Get the flattened Zod error format
+     */
+    getFlattenedErrors() {
+        return this.zodError.flatten();
+    }
+    /**
+     * Get the formatted Zod error
+     */
+    getFormattedErrors() {
+        return this.zodError.format();
+    }
+}
+exports.ValidationException = ValidationException;
+//# sourceMappingURL=validation.exception.js.map

package/dist/core/exceptions/validation.exception.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.exception.js","sourceRoot":"","sources":["../../../src/core/exceptions/validation.exception.ts"],"names":[],"mappings":";;;AACA,qDAAiD;AAkBjD;;;;;;;;;;;;;;;;GAgBG;AACH,MAAa,mBAAoB,SAAQ,8BAAa;IACpD;;OAEG;IACM,QAAQ,CAAW;IAE5B;;OAEG;IACM,MAAM,CAA2B;IAE1C,YAAY,QAAkB,EAAE,UAAkB,mBAAmB;QACnE,4CAA4C;QAC5C,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAe,EAA0B,EAAE,CAAC,CAAC;YAC/E,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,GAAG,CAAC,CAAC,UAAU,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtE,GAAG,CAAC,CAAC,UAAU,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACvE,CAAC,CAAC,CAAC;QAEJ,KAAK,CACH;YACE,OAAO;YACP,KAAK,EAAE,kBAAkB;YACzB,OAAO,EAAE;gBACP,MAAM;gBACN,UAAU,EAAE,MAAM,CAAC,MAAM;aAC1B;SACF,EACD,GAAG,CACJ,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,mBAAmB;QACjB,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;IAChC,CAAC;CACF;AAzDD,kDAyDC"}

package/dist/core/guards/can-activate.interface.d.ts

@@ -0,0 +1,77 @@
+import type { ExecutionContext } from './execution-context';
+/**
+ * CanActivate Interface
+ *
+ * Guards implementing this interface determine whether a given
+ * request is allowed to be handled by the route handler.
+ *
+ * Guards are executed BEFORE the route handler. If any guard
+ * returns `false`, the request is rejected with a 403 Forbidden.
+ *
+ * @example Basic authentication guard
+ * ```typescript
+ * import { Injectable } from '@riktajs/core';
+ * import type { CanActivate, ExecutionContext } from '@riktajs/core';
+ *
+ * @Injectable()
+ * export class AuthGuard implements CanActivate {
+ *   canActivate(context: ExecutionContext): boolean {
+ *     const request = context.getRequest();
+ *     return !!request.headers.authorization;
+ *   }
+ * }
+ * ```
+ *
+ * @example Async guard with service injection
+ * ```typescript
+ * @Injectable()
+ * export class JwtGuard implements CanActivate {
+ *   constructor(private authService: AuthService) {}
+ *
+ *   async canActivate(context: ExecutionContext): Promise<boolean> {
+ *     const request = context.getRequest();
+ *     const token = request.headers.authorization?.replace('Bearer ', '');
+ *
+ *     if (!token) return false;
+ *
+ *     try {
+ *       const user = await this.authService.verifyToken(token);
+ *       request.user = user;
+ *       return true;
+ *     } catch {
+ *       return false;
+ *     }
+ *   }
+ * }
+ * ```
+ *
+ * @example Role-based guard
+ * ```typescript
+ * @Injectable()
+ * export class RolesGuard implements CanActivate {
+ *   canActivate(context: ExecutionContext): boolean {
+ *     const request = context.getRequest();
+ *     const user = request.user;
+ *     const requiredRoles = context.getMetadata<string[]>('roles');
+ *
+ *     if (!requiredRoles || requiredRoles.length === 0) {
+ *       return true;
+ *     }
+ *
+ *     return requiredRoles.some(role => user?.roles?.includes(role));
+ *   }
+ * }
+ * ```
+ */
+export interface CanActivate {
+    /**
+     * Determines whether the request can proceed to the handler.
+     *
+     * @param context - The execution context containing request/reply
+     * @returns `true` to allow access, `false` to deny (throws 403)
+     *
+     * Can be synchronous or return a Promise for async operations.
+     */
+    canActivate(context: ExecutionContext): boolean | Promise<boolean>;
+}
+//# sourceMappingURL=can-activate.interface.d.ts.map

package/dist/core/guards/can-activate.interface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"can-activate.interface.d.ts","sourceRoot":"","sources":["../../../src/core/guards/can-activate.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAE5D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+DG;AACH,MAAM,WAAW,WAAW;IAC1B;;;;;;;OAOG;IACH,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACpE"}

package/dist/core/guards/can-activate.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=can-activate.interface.js.map

package/dist/core/guards/can-activate.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"can-activate.interface.js","sourceRoot":"","sources":["../../../src/core/guards/can-activate.interface.ts"],"names":[],"mappings":""}

package/dist/core/guards/execution-context.d.ts

@@ -0,0 +1,72 @@
+import type { FastifyRequest, FastifyReply } from 'fastify';
+import type { Constructor } from '../types';
+/**
+ * ExecutionContext Interface
+ *
+ * Provides access to the current request context, including
+ * request/reply objects and handler metadata. Used by guards
+ * to make authorization decisions.
+ *
+ * @example
+ * ```typescript
+ * @Injectable()
+ * class AuthGuard implements CanActivate {
+ *   async canActivate(context: ExecutionContext): Promise<boolean> {
+ *     const request = context.getRequest();
+ *     const authHeader = request.headers.authorization;
+ *     return !!authHeader;
+ *   }
+ * }
+ * ```
+ */
+export interface ExecutionContext {
+    /**
+     * Get the Fastify request object
+     *
+     * @returns The current request instance
+     */
+    getRequest<T = FastifyRequest>(): T;
+    /**
+     * Get the Fastify reply object
+     *
+     * @returns The current reply instance
+     */
+    getReply<T = FastifyReply>(): T;
+    /**
+     * Get the controller class that handles the route
+     *
+     * @returns The controller constructor
+     */
+    getClass(): Constructor;
+    /**
+     * Get the handler method name
+     *
+     * @returns The method name being invoked
+     */
+    getHandler(): string | symbol;
+    /**
+     * Get handler metadata by key
+     *
+     * @param key - Metadata key to retrieve
+     * @returns The metadata value if found
+     */
+    getMetadata<T = unknown>(key: string | symbol): T | undefined;
+}
+/**
+ * Default ExecutionContext implementation
+ *
+ * @internal
+ */
+export declare class ExecutionContextImpl implements ExecutionContext {
+    private readonly request;
+    private readonly reply;
+    private readonly controllerClass;
+    private readonly handlerName;
+    constructor(request: FastifyRequest, reply: FastifyReply, controllerClass: Constructor, handlerName: string | symbol);
+    getRequest<T = FastifyRequest>(): T;
+    getReply<T = FastifyReply>(): T;
+    getClass(): Constructor;
+    getHandler(): string | symbol;
+    getMetadata<T = unknown>(key: string | symbol): T | undefined;
+}
+//# sourceMappingURL=execution-context.d.ts.map

package/dist/core/guards/execution-context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"execution-context.d.ts","sourceRoot":"","sources":["../../../src/core/guards/execution-context.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAE5C;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;;OAIG;IACH,UAAU,CAAC,CAAC,GAAG,cAAc,KAAK,CAAC,CAAC;IAEpC;;;;OAIG;IACH,QAAQ,CAAC,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC;IAEhC;;;;OAIG;IACH,QAAQ,IAAI,WAAW,CAAC;IAExB;;;;OAIG;IACH,UAAU,IAAI,MAAM,GAAG,MAAM,CAAC;IAE9B;;;;;OAKG;IACH,WAAW,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,GAAG,SAAS,CAAC;CAC/D;AAED;;;;GAIG;AACH,qBAAa,oBAAqB,YAAW,gBAAgB;IAEzD,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,WAAW;gBAHX,OAAO,EAAE,cAAc,EACvB,KAAK,EAAE,YAAY,EACnB,eAAe,EAAE,WAAW,EAC5B,WAAW,EAAE,MAAM,GAAG,MAAM;IAG/C,UAAU,CAAC,CAAC,GAAG,cAAc,KAAK,CAAC;IAInC,QAAQ,CAAC,CAAC,GAAG,YAAY,KAAK,CAAC;IAI/B,QAAQ,IAAI,WAAW;IAIvB,UAAU,IAAI,MAAM,GAAG,MAAM;IAI7B,WAAW,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,CAAC,GAAG,SAAS;CAG9D"}

package/dist/core/guards/execution-context.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ExecutionContextImpl = void 0;
+/**
+ * Default ExecutionContext implementation
+ *
+ * @internal
+ */
+class ExecutionContextImpl {
+    request;
+    reply;
+    controllerClass;
+    handlerName;
+    constructor(request, reply, controllerClass, handlerName) {
+        this.request = request;
+        this.reply = reply;
+        this.controllerClass = controllerClass;
+        this.handlerName = handlerName;
+    }
+    getRequest() {
+        return this.request;
+    }
+    getReply() {
+        return this.reply;
+    }
+    getClass() {
+        return this.controllerClass;
+    }
+    getHandler() {
+        return this.handlerName;
+    }
+    getMetadata(key) {
+        return Reflect.getMetadata(key, this.controllerClass, this.handlerName);
+    }
+}
+exports.ExecutionContextImpl = ExecutionContextImpl;
+//# sourceMappingURL=execution-context.js.map

package/dist/core/guards/execution-context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"execution-context.js","sourceRoot":"","sources":["../../../src/core/guards/execution-context.ts"],"names":[],"mappings":";;;AA4DA;;;;GAIG;AACH,MAAa,oBAAoB;IAEZ;IACA;IACA;IACA;IAJnB,YACmB,OAAuB,EACvB,KAAmB,EACnB,eAA4B,EAC5B,WAA4B;QAH5B,YAAO,GAAP,OAAO,CAAgB;QACvB,UAAK,GAAL,KAAK,CAAc;QACnB,oBAAe,GAAf,eAAe,CAAa;QAC5B,gBAAW,GAAX,WAAW,CAAiB;IAC5C,CAAC;IAEJ,UAAU;QACR,OAAO,IAAI,CAAC,OAAY,CAAC;IAC3B,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,KAAU,CAAC;IACzB,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED,UAAU;QACR,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,WAAW,CAAc,GAAoB;QAC3C,OAAO,OAAO,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,WAAqB,CAAkB,CAAC;IACrG,CAAC;CACF;AA3BD,oDA2BC"}

package/dist/core/guards/index.d.ts

@@ -0,0 +1,4 @@
+export { CanActivate } from './can-activate.interface';
+export { ExecutionContext, ExecutionContextImpl } from './execution-context';
+export { UseGuards, getGuardsMetadata } from './use-guards.decorator';
+//# sourceMappingURL=index.d.ts.map

package/dist/core/guards/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/guards/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAG7E,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/core/guards/index.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getGuardsMetadata = exports.UseGuards = exports.ExecutionContextImpl = void 0;
+var execution_context_1 = require("./execution-context");
+Object.defineProperty(exports, "ExecutionContextImpl", { enumerable: true, get: function () { return execution_context_1.ExecutionContextImpl; } });
+// UseGuards decorator
+var use_guards_decorator_1 = require("./use-guards.decorator");
+Object.defineProperty(exports, "UseGuards", { enumerable: true, get: function () { return use_guards_decorator_1.UseGuards; } });
+Object.defineProperty(exports, "getGuardsMetadata", { enumerable: true, get: function () { return use_guards_decorator_1.getGuardsMetadata; } });
+//# sourceMappingURL=index.js.map

package/dist/core/guards/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/core/guards/index.ts"],"names":[],"mappings":";;;AAEA,yDAA6E;AAAlD,yHAAA,oBAAoB,OAAA;AAE/C,sBAAsB;AACtB,+DAAsE;AAA7D,iHAAA,SAAS,OAAA;AAAE,yHAAA,iBAAiB,OAAA"}

package/dist/core/guards/use-guards.decorator.d.ts

@@ -0,0 +1,82 @@
+import 'reflect-metadata';
+import type { Constructor } from '../types';
+import type { CanActivate } from './can-activate.interface';
+/**
+ * Type for guard constructors
+ */
+export type GuardClass = Constructor<CanActivate>;
+/**
+ * @UseGuards() Decorator
+ *
+ * Applies one or more guards to a controller or route handler.
+ * Guards are executed in order before the handler runs.
+ *
+ * Guards are resolved from the DI container, so they can have
+ * injected dependencies. Make sure guards are decorated with @Injectable().
+ *
+ * @param guards - Guard classes to apply
+ *
+ * @example Apply guard to entire controller
+ * ```typescript
+ * @Controller('/admin')
+ * @UseGuards(AuthGuard)
+ * class AdminController {
+ *   @Get('/dashboard')
+ *   getDashboard() {
+ *     return { message: 'Admin dashboard' };
+ *   }
+ * }
+ * ```
+ *
+ * @example Apply guard to specific route
+ * ```typescript
+ * @Controller('/users')
+ * class UserController {
+ *   @Get()
+ *   findAll() {
+ *     return []; // Public route
+ *   }
+ *
+ *   @Post()
+ *   @UseGuards(AuthGuard)
+ *   create() {
+ *     return {}; // Protected route
+ *   }
+ * }
+ * ```
+ *
+ * @example Multiple guards (AND logic - all must pass)
+ * ```typescript
+ * @Controller('/admin')
+ * @UseGuards(AuthGuard, RolesGuard)
+ * class AdminController {
+ *   // User must be authenticated AND have correct role
+ * }
+ * ```
+ *
+ * @example Combined controller and method guards
+ * ```typescript
+ * @Controller('/api')
+ * @UseGuards(AuthGuard)  // Applied to all routes
+ * class ApiController {
+ *   @Get('/public')
+ *   // Only AuthGuard runs
+ *   getPublic() {}
+ *
+ *   @Post('/admin')
+ *   @UseGuards(AdminGuard)  // Additional guard
+ *   // Both AuthGuard AND AdminGuard run
+ *   adminAction() {}
+ * }
+ * ```
+ */
+export declare function UseGuards(...guards: GuardClass[]): ClassDecorator & MethodDecorator;
+/**
+ * Get guards metadata from a controller class and/or method
+ *
+ * @param target - Controller class
+ * @param propertyKey - Method name (optional)
+ * @returns Combined array of guard classes (controller + method)
+ */
+export declare function getGuardsMetadata(target: Constructor, propertyKey?: string | symbol): GuardClass[];
+//# sourceMappingURL=use-guards.decorator.d.ts.map