@schemavaults/auth-server-sdk 0.17.2

package/dist/middleware/middlewares/withCorsSettings/isAllowedOrigin.js

@@ -0,0 +1,105 @@
+import { getHardcodedClientWebAppDomain, SCHEMAVAULTS_AUTH_APP_DEFINITION, SCHEMAVAULTS_MAIL_APP_DEFINITION, SCHEMAVAULTS_REGISTRY_SERVER, SCHEMAVAULTS_WEB, } from "@schemavaults/app-definitions";
+import { SchemaVaultsCORSEnforcementPolicies as policies, } from "./cors-policies";
+async function enforceValidAppIfOriginApplied(opts) {
+    const { origin, audience, environment, debug } = opts;
+    if (!origin) {
+        return true;
+    }
+    origin;
+    const auth_app_id = SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id;
+    const auth_server_uri = getHardcodedClientWebAppDomain(auth_app_id, environment);
+    if (origin === auth_server_uri && audience === auth_app_id) {
+        if (debug) {
+            console.log("[isAllowedOrigin] Ensuring that auth client application can reach auth server backend...");
+        }
+        return true;
+    }
+    const web_app_id = SCHEMAVAULTS_WEB.app_id;
+    const web_app_uri = getHardcodedClientWebAppDomain(web_app_id, environment);
+    // Allow https://schemavaults.com to reach https://auth.schemavaults.com
+    if (origin === web_app_uri && audience === auth_app_id) {
+        if (debug) {
+            console.log("[isAllowedOrigin] Ensuring that @schemavaults/web application can reach auth server backend...");
+        }
+        return true;
+    }
+    if (origin === web_app_uri && audience.startsWith("schemavaults-fs:")) {
+        if (debug) {
+            console.log("[isAllowedOrigin] Ensuring that @schemavaults/web application can reach vault fileserver backend...");
+        }
+        return true;
+    }
+    // Ensure that https://api.schemavaults.com can be accessed by the core web app
+    const registry_app_id = SCHEMAVAULTS_REGISTRY_SERVER.api_server_id;
+    if (origin === web_app_uri && audience === registry_app_id) {
+        if (debug) {
+            console.log("[isAllowedOrigin] Ensuring that @schemavaults/web application can reach registry API server backend...");
+        }
+        return true;
+    }
+    // Ensure that https://mail.schemavaults.com can be accessed by the core web app
+    const mail_app_id = SCHEMAVAULTS_MAIL_APP_DEFINITION.app_id;
+    if (origin === web_app_uri && audience === mail_app_id) {
+        if (debug) {
+            console.log("[isAllowedOrigin] Ensuring that @schemavaults/web application can reach mail API server backend...");
+        }
+        return true;
+    }
+    const mail_app_uri = getHardcodedClientWebAppDomain(mail_app_id, environment);
+    // Allow https://mail.schemavaults.com to reach https://auth.schemavaults.com
+    if (origin === mail_app_uri && audience === auth_app_id) {
+        if (debug) {
+            console.log("[isAllowedOrigin] Ensuring that @schemavaults/mail-server application can reach auth server backend...");
+        }
+        return true;
+    }
+    console.warn("[isAllowedOrigin] This is only half implemented-- need to check if origin is valid for non-hardcoded API servers!");
+    return false;
+}
+async function sameOriginIfOriginApplied(opts) {
+    const { origin, audience, environment, debug } = opts;
+    if (!origin) {
+        return true;
+    }
+    if (origin.startsWith("https://") && audience.startsWith("https://")) {
+        if (origin === audience) {
+            return true;
+        }
+    }
+    let hardcoded_app_uri;
+    try {
+        hardcoded_app_uri = getHardcodedClientWebAppDomain(audience, environment);
+    }
+    catch (e) {
+        void e; /** no-op, this app may not be a hardcoded app */
+    }
+    if (typeof hardcoded_app_uri === "string") {
+        if (origin === hardcoded_app_uri) {
+            return true;
+        }
+        else {
+            if (debug) {
+                console.warn(`[isAllowedOrigin] Denying due to mismatch between request origin and hardcoded app domain on record: ('${hardcoded_app_uri}')`);
+            }
+            return false;
+        }
+    }
+    throw new Error("Unimplemented, need to do more thorough check to see if this origin is the same as this server audience");
+}
+export async function isAllowedOrigin(opts) {
+    const { policy, environment, debug } = opts;
+    if (debug) {
+        console.log("[isAllowedOrigin] Running with options: ", opts, environment);
+    }
+    switch (policy) {
+        case policies.AllowAny:
+            return true;
+        case policies.EnforceValidAppIfOriginApplied:
+            return await enforceValidAppIfOriginApplied(opts);
+        case policies.SameOriginIfOriginApplied:
+            return await sameOriginIfOriginApplied(opts);
+        default:
+            throw new Error(`Unimplemented CORS policy: ${policy}`);
+    }
+}
+//# sourceMappingURL=isAllowedOrigin.js.map

package/dist/middleware/middlewares/withCorsSettings/isAllowedOrigin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"isAllowedOrigin.js","sourceRoot":"","sources":["../../../../src/middleware/middlewares/withCorsSettings/isAllowedOrigin.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,8BAA8B,EAC9B,gCAAgC,EAChC,gCAAgC,EAChC,4BAA4B,EAC5B,gBAAgB,GAEjB,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAEL,mCAAmC,IAAI,QAAQ,GAChD,MAAM,iBAAiB,CAAC;AAUzB,KAAK,UAAU,8BAA8B,CAAC,IAAmC;IAC/E,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;IACtD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAuB,CAAC;IAExB,MAAM,WAAW,GAAG,gCAAgC,CAAC,MAAM,CAAC;IAC5D,MAAM,eAAe,GAAW,8BAA8B,CAC5D,WAAW,EACX,WAAW,CACZ,CAAC;IAEF,IAAI,MAAM,KAAK,eAAe,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;QAC3D,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,0FAA0F,CAC3F,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC3C,MAAM,WAAW,GAAW,8BAA8B,CACxD,UAAU,EACV,WAAW,CACZ,CAAC;IAEF,wEAAwE;IACxE,IAAI,MAAM,KAAK,WAAW,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;QACvD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,gGAAgG,CACjG,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,MAAM,KAAK,WAAW,IAAI,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,qGAAqG,CACtG,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+EAA+E;IAC/E,MAAM,eAAe,GAAG,4BAA4B,CAAC,aAAa,CAAC;IACnE,IAAI,MAAM,KAAK,WAAW,IAAI,QAAQ,KAAK,eAAe,EAAE,CAAC;QAC3D,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,wGAAwG,CACzG,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gFAAgF;IAChF,MAAM,WAAW,GAAG,gCAAgC,CAAC,MAAM,CAAC;IAC5D,IAAI,MAAM,KAAK,WAAW,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;QACvD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,oGAAoG,CACrG,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,YAAY,GAAW,8BAA8B,CACzD,WAAW,EACX,WAAW,CACZ,CAAC;IAEF,6EAA6E;IAC7E,IAAI,MAAM,KAAK,YAAY,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;QACxD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,wGAAwG,CACzG,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,IAAI,CACV,mHAAmH,CACpH,CAAC;IAEF,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,yBAAyB,CAAC,IAAmC;IAC1E,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;IACtD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACrE,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,IAAI,iBAAqC,CAAC;IAC1C,IAAI,CAAC;QACH,iBAAiB,GAAG,8BAA8B,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IAC5E,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,KAAK,CAAC,CAAC,CAAC,iDAAiD;IAC3D,CAAC;IAED,IAAI,OAAO,iBAAiB,KAAK,QAAQ,EAAE,CAAC;QAC1C,IAAI,MAAM,KAAK,iBAAiB,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;aAAM,CAAC;YACN,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,IAAI,CACV,0GAA0G,iBAAiB,IAAI,CAChI,CAAC;YACJ,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CACb,yGAAyG,CAC1G,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAmC;IAEnC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;IAE5C,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,0CAA0C,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IAC7E,CAAC;IAED,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,QAAQ,CAAC,QAAQ;YACpB,OAAO,IAAI,CAAC;QAEd,KAAK,QAAQ,CAAC,8BAA8B;YAC1C,OAAO,MAAM,8BAA8B,CAAC,IAAI,CAAC,CAAC;QAEpD,KAAK,QAAQ,CAAC,yBAAyB;YACrC,OAAO,MAAM,yBAAyB,CAAC,IAAI,CAAC,CAAC;QAE/C;YACE,MAAM,IAAI,KAAK,CAAC,8BAA8B,MAAM,EAAE,CAAC,CAAC;IAC5D,CAAC;AACH,CAAC"}

package/dist/middleware/middlewares/withCorsSettings/pretty-print-available-policies.d.ts

@@ -0,0 +1 @@
+export declare function prettyPrintAvailablePolicies(): string;

package/dist/middleware/middlewares/withCorsSettings/pretty-print-available-policies.js

@@ -0,0 +1,32 @@
+import { SchemaVaultsCORSEnforcementPolicies as policies, } from "./cors-policies";
+function wrapWithQuotes(policyName) {
+    return `"${policyName}"`;
+}
+export function prettyPrintAvailablePolicies() {
+    const policy_names = Object.values(policies);
+    const n_policies = policy_names.length;
+    if (n_policies === 0) {
+        throw new Error("Failed to load available CORS policies!");
+    }
+    else if (n_policies === 1) {
+        return wrapWithQuotes(policy_names[0]);
+    }
+    console.assert(n_policies >= 2, "Expected there to be at least 2 CORS policies to print if this point was reached!");
+    const quotationWrapped = policy_names.map((policyName) => wrapWithQuotes(policyName));
+    const lastIndex = n_policies - 1;
+    let output = "";
+    quotationWrapped.forEach((policyName, index) => {
+        if (index === 0) {
+            output += policyName;
+        }
+        else {
+            output += ", ";
+            if (index === lastIndex) {
+                output += "or ";
+            }
+            output += policyName;
+        }
+    });
+    return output;
+}
+//# sourceMappingURL=pretty-print-available-policies.js.map

package/dist/middleware/middlewares/withCorsSettings/pretty-print-available-policies.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pretty-print-available-policies.js","sourceRoot":"","sources":["../../../../src/middleware/middlewares/withCorsSettings/pretty-print-available-policies.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mCAAmC,IAAI,QAAQ,GAEhD,MAAM,iBAAiB,CAAC;AAEzB,SAAS,cAAc,CAAmB,UAAa;IACrD,OAAO,IAAI,UAAU,GAAG,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,4BAA4B;IAC1C,MAAM,YAAY,GAChB,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAE1B,MAAM,UAAU,GAAW,YAAY,CAAC,MAAM,CAAC;IAC/C,IAAI,UAAU,KAAK,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;SAAM,IAAI,UAAU,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,cAAc,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,CAAC,MAAM,CACZ,UAAU,IAAI,CAAC,EACf,mFAAmF,CACpF,CAAC;IAEF,MAAM,gBAAgB,GAAsB,YAAY,CAAC,GAAG,CAC1D,CAAC,UAA6C,EAAU,EAAE,CACxD,cAAc,CAAC,UAAU,CAAC,CAC7B,CAAC;IAEF,MAAM,SAAS,GAAW,UAAU,GAAG,CAAC,CAAC;IAEzC,IAAI,MAAM,GAAW,EAAE,CAAC;IACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC,UAAkB,EAAE,KAAa,EAAE,EAAE;QAC7D,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;YAChB,MAAM,IAAI,UAAU,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,IAAI,CAAC;YACf,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC;YAClB,CAAC;YACD,MAAM,IAAI,UAAU,CAAC;QACvB,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,MAAuB,CAAC;AACjC,CAAC"}

package/dist/middleware/middlewares/withCorsSettings/withCorsSettings.d.ts

@@ -0,0 +1,25 @@
+import type { NextResponse } from "next/server";
+import { type SchemaVaultsCORSEnforcementPolicy } from "./cors-policies";
+import type { ISchemaVaultsMiddleware, ISchemaVaultsMiddlewareFactory, ISchemaVaultsMiddlewareFnInputs } from "../../middleware_types";
+import { BaseMiddleware, type IBaseMiddlewareInitOptions } from "../BaseMiddleware";
+export interface CorsSettings {
+    debug?: boolean;
+    policy: SchemaVaultsCORSEnforcementPolicy;
+    audience: string;
+}
+interface CorsMiddlewareSettings extends CorsSettings, Omit<IBaseMiddlewareInitOptions, "name"> {
+    next: ISchemaVaultsMiddleware;
+}
+declare class CorsMiddleware extends BaseMiddleware implements ISchemaVaultsMiddleware {
+    private readonly policy;
+    private readonly audience;
+    constructor(settings: CorsMiddlewareSettings);
+    handle({ req, json, ...inputs }: ISchemaVaultsMiddlewareFnInputs): Promise<NextResponse | Response>;
+}
+export declare class CorsMiddlewareFactory implements ISchemaVaultsMiddlewareFactory {
+    readonly type: "middleware-factory";
+    private readonly middlewareOpts;
+    constructor(opts: CorsSettings);
+    create(next: ISchemaVaultsMiddleware): CorsMiddleware;
+}
+export {};

package/dist/middleware/middlewares/withCorsSettings/withCorsSettings.js

@@ -0,0 +1,231 @@
+import { applyCorsHeaders } from "./applyCorsHeaders";
+import { isValidCORSEnforcementPolicy, SchemaVaultsCORSEnforcementPolicies as policies, } from "./cors-policies";
+import { isAllowedOrigin } from "./isAllowedOrigin";
+import { ensureHttpsInProduction } from "./ensureHttpsInProd";
+import { BaseMiddleware, } from "../BaseMiddleware";
+import { assertNoOriginSet } from "./assertNoOriginSet";
+import { prettyPrintAvailablePolicies } from "./pretty-print-available-policies";
+class CorsMiddleware extends BaseMiddleware {
+    policy;
+    audience;
+    constructor(settings) {
+        super({
+            ...settings,
+            next: settings.next,
+            name: "CORS Middleware",
+        });
+        if (!isValidCORSEnforcementPolicy(settings.policy)) {
+            throw new Error(`CorsMiddleware did not receive a valid CORS policy to enforce! Constructor's 'policy' option should be one of: ${prettyPrintAvailablePolicies()}`);
+        }
+        this.policy = settings.policy;
+        this.audience = settings.audience;
+    }
+    async handle({ req, json, ...inputs }) {
+        const DEBUG = this.debug;
+        const POLICY = this.policy;
+        const audience = this.audience;
+        if (DEBUG) {
+            console.log("[CorsMiddleware] Running on URL: ", req.url);
+            console.log("[CorsMiddleware] nextURL: ", req.nextUrl);
+            console.log("[CorsMiddleware] Request Method: ", req.method);
+            console.log("[CorsMiddleware] Headers: ", req.headers.entries());
+        }
+        const origin = req.headers.get("origin") ?? req.headers.get("Origin");
+        const isOriginSet = typeof origin === "string" && origin.length > 0;
+        const isPreflight = req.method === "OPTIONS";
+        const isAllowed = await isAllowedOrigin({
+            origin,
+            policy: POLICY,
+            audience,
+            debug: DEBUG,
+            environment: this.environment,
+        });
+        if (DEBUG) {
+            console.log(`[withCorsSettings] ${isOriginSet ? "An" : "No"} origin is set. ${isOriginSet ? `Origin "${origin}"` : "Not having an origin"} ${isAllowed ? "is" : "is not"} allowed for audience "${audience}"`);
+        }
+        if (!isAllowed) {
+            if (DEBUG) {
+                console.log("[CorsMiddleware] Origin not allowed, returning 403");
+            }
+            return json({
+                message: "Origin not allowed",
+                success: false,
+            }, { status: 403 });
+        } // isAllowed = true
+        if (isPreflight) {
+            if (DEBUG) {
+                console.log("[withCorsSettings] Handling preflight OPTIONS response...");
+            }
+            console.assert(!!isAllowed);
+            let preflightResponseHeaders;
+            try {
+                preflightResponseHeaders = applyCorsHeaders({
+                    origin,
+                    headers: {},
+                    policy: POLICY,
+                    preflight: isPreflight,
+                    method: req.method,
+                    allowed: isAllowed,
+                    debug: DEBUG,
+                });
+            }
+            catch (e) {
+                console.error("Failed to apply CORS headers for preflight request: ", e);
+                return json({
+                    success: false,
+                    message: "Error applying preflight headers",
+                }, { status: 500 });
+            }
+            if (DEBUG) {
+                console.log("[withCorsSettings] Assembling preflight OPTIONS response...");
+            }
+            try {
+                const preflightOptionsResponse = json({
+                    success: true,
+                    message: "Preflight OK",
+                }, {
+                    status: 200,
+                    headers: new Headers(preflightResponseHeaders),
+                });
+                if (DEBUG) {
+                    console.log("[withCorsSettings] Returning preflight OPTIONS response...");
+                }
+                return preflightOptionsResponse;
+            }
+            catch (e) {
+                console.error("[withCorsSettings] Failed to return preflight response: ", e);
+                return json({
+                    success: false,
+                    message: "Error building/returning preflight response",
+                }, { status: 500 });
+            }
+        }
+        else {
+            if (DEBUG) {
+                console.log("[withCorsSettings] This is not a preflight request! (the real deal!!!)");
+            }
+        }
+        console.assert(!isPreflight, "[withCorsSettings] Expected preflight requests to have been handled by this point!");
+        if (!origin) {
+            if (DEBUG) {
+                console.log("[withCorsSettings] No origin header set on request");
+            }
+            console.assert(assertNoOriginSet(origin), "Expected request to not contain an origin header if this point was reached!");
+            if (req.method !== "GET") {
+                if (DEBUG) {
+                    console.log("[withCorsSettings] No origin header set on request for non-GET method request. Evaluating whether permitted using policy: ", POLICY);
+                }
+                switch (POLICY) {
+                    case policies.AllowAny:
+                        console.assert(assertNoOriginSet(origin), `Expected request to not contain an origin header if this point (non-GET '${policies.AllowAny}' policy evaluator) was reached!`);
+                        break; // allow.
+                    case policies.EnforceValidAppIfOriginApplied:
+                        console.assert(assertNoOriginSet(origin), `Expected request to not contain an origin header if this point (non-GET '${policies.EnforceValidAppIfOriginApplied}' policy evaluator) was reached!`);
+                        break; // allow if this policy set -- no origin set
+                    case policies.SameOriginIfOriginApplied:
+                        console.assert(assertNoOriginSet(origin), `Expected request to not contain an origin header if this point (non-GET '${policies.SameOriginIfOriginApplied}' policy evaluator) was reached!`);
+                        break;
+                    default:
+                        throw new Error(`Unhandled CORS policy for handling non-GET method request w/o origin header: ${POLICY}`);
+                } // end switch(POLICY) statement for handling non-GET requests
+                if (DEBUG) {
+                    console.log(`[withCorsSettings] No origin header found for a non-GET request, but policy '${POLICY}' has allowed this!`);
+                }
+            }
+            else {
+                if (DEBUG) {
+                    console.log("[withCorsSettings] No origin header found, but that's ok for a GET request");
+                }
+            }
+        }
+        if (origin) {
+            const potentialErrorResponse = ensureHttpsInProduction(req, origin, json);
+            if (typeof potentialErrorResponse !== "undefined")
+                return potentialErrorResponse;
+        }
+        if (DEBUG) {
+            if (origin) {
+                console.log("[withCorsSettings] Request Origin: ", origin);
+            }
+            else {
+                console.log("[withCorsSettings] No request origin set");
+            }
+        }
+        const next = this.next;
+        if (!CorsMiddleware.hasNextMiddleware(next)) {
+            throw new Error("Expected CorsMiddleware to have child middleware(s)!");
+        }
+        const responseWithoutCorsHeaders = await next.handle({
+            req,
+            json,
+            ...inputs,
+        });
+        // Add CORS headers
+        if (responseWithoutCorsHeaders) {
+            if (DEBUG) {
+                console.log("[withCorsSettings] Applying CORS headers to response.");
+            }
+            let withCorsHeaders;
+            try {
+                const existingHeaders = responseWithoutCorsHeaders.headers;
+                const headers = {};
+                for (const [key, val] of existingHeaders.entries()) {
+                    headers[key] = val;
+                }
+                withCorsHeaders = applyCorsHeaders({
+                    origin,
+                    headers,
+                    policy: POLICY,
+                    method: req.method,
+                    preflight: false,
+                    allowed: isAllowed,
+                    debug: DEBUG,
+                });
+            }
+            catch (e) {
+                console.error("[withCorsSettings] Failed to apply CORS headers on final response: ", e);
+                throw new Error("Failed to apply CORS headers on final response!");
+            }
+            if (DEBUG) {
+                console.log("[withCorsSettings] Applied CORS headers to final response: ", withCorsHeaders);
+            }
+            try {
+                return new Response(responseWithoutCorsHeaders.body, {
+                    headers: new Headers(withCorsHeaders),
+                    status: responseWithoutCorsHeaders.status,
+                    statusText: responseWithoutCorsHeaders.statusText,
+                });
+            }
+            catch (e) {
+                console.error("[withCorsSettings] Failed to generate final 'Response' instance with modified CORS headers: ", e);
+                return json({
+                    success: false,
+                    message: "Error applying preflight headers",
+                }, { status: 500 });
+            }
+        }
+        else {
+            if (DEBUG) {
+                console.log("[withCorsSettings] Not applying CORS headers to response, middleware result was falsy.");
+            }
+        }
+        if (DEBUG) {
+            console.log("[CorsMiddleware] Response: ", responseWithoutCorsHeaders);
+        }
+        return responseWithoutCorsHeaders;
+    }
+}
+export class CorsMiddlewareFactory {
+    type = "middleware-factory";
+    middlewareOpts;
+    constructor(opts) {
+        this.middlewareOpts = opts;
+    }
+    create(next) {
+        return new CorsMiddleware({
+            ...this.middlewareOpts,
+            next,
+        });
+    }
+}
+//# sourceMappingURL=withCorsSettings.js.map

package/dist/middleware/middlewares/withCorsSettings/withCorsSettings.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"withCorsSettings.js","sourceRoot":"","sources":["../../../../src/middleware/middlewares/withCorsSettings/withCorsSettings.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAEL,4BAA4B,EAC5B,mCAAmC,IAAI,QAAQ,GAChD,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAMpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,EACL,cAAc,GAEf,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAcjF,MAAM,cAAe,SAAQ,cAAc;IACxB,MAAM,CAAoC;IAC1C,QAAQ,CAAS;IAElC,YAAmB,QAAgC;QACjD,KAAK,CAAC;YACJ,GAAG,QAAQ;YACX,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,IAAI,EAAE,iBAA0B;SACjC,CAAC,CAAC;QACH,IAAI,CAAC,4BAA4B,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,kHAAkH,4BAA4B,EAAE,EAAE,CACnJ,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAkD,CAAC;QAC1E,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC;IACpC,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,EAClB,GAAG,EACH,IAAI,EACJ,GAAG,MAAM,EACuB;QAChC,MAAM,KAAK,GAAY,IAAI,CAAC,KAAK,CAAC;QAClC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC/B,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,mCAAmC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1D,OAAO,CAAC,GAAG,CAAC,4BAA4B,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YACvD,OAAO,CAAC,GAAG,CAAC,mCAAmC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;YAC7D,OAAO,CAAC,GAAG,CAAC,4BAA4B,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QACnE,CAAC;QAED,MAAM,MAAM,GACV,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,WAAW,GACf,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;QAClD,MAAM,WAAW,GAAY,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC;QAEtD,MAAM,SAAS,GAAY,MAAM,eAAe,CAAC;YAC/C,MAAM;YACN,MAAM,EAAE,MAAkD;YAC1D,QAAQ;YACR,KAAK,EAAE,KAAK;YACZ,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC,CAAC;QACH,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,sBAAsB,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,mBAAmB,WAAW,CAAC,CAAC,CAAC,WAAW,MAAM,GAAG,CAAC,CAAC,CAAC,sBAAsB,IAAI,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,0BAA0B,QAAQ,GAAG,CAClM,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;YACpE,CAAC;YACD,OAAO,IAAI,CACT;gBACE,OAAO,EAAE,oBAAoB;gBAC7B,OAAO,EAAE,KAAK;aACc,EAC9B,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC,CAAC,mBAAmB;QAErB,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CACT,2DAA2D,CAC5D,CAAC;YACJ,CAAC;YACD,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YAE5B,IAAI,wBAAgD,CAAC;YACrD,IAAI,CAAC;gBACH,wBAAwB,GAAG,gBAAgB,CAAC;oBAC1C,MAAM;oBACN,OAAO,EAAE,EAAmC;oBAC5C,MAAM,EAAE,MAAM;oBACd,SAAS,EAAE,WAA0B;oBACrC,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,OAAO,EAAE,SAAS;oBAClB,KAAK,EAAE,KAAK;iBACb,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CACX,sDAAsD,EACtD,CAAC,CACF,CAAC;gBACF,OAAO,IAAI,CACT;oBACE,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,kCAAkC;iBACf,EAC9B,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YACD,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CACT,6DAA6D,CAC9D,CAAC;YACJ,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,wBAAwB,GAAa,IAAI,CAC7C;oBACE,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,cAAc;iBACxB,EACD;oBACE,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,IAAI,OAAO,CAAC,wBAAwB,CAAC;iBAC/C,CACF,CAAC;gBACF,IAAI,KAAK,EAAE,CAAC;oBACV,OAAO,CAAC,GAAG,CACT,4DAA4D,CAC7D,CAAC;gBACJ,CAAC;gBACD,OAAO,wBAAwB,CAAC;YAClC,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CACX,0DAA0D,EAC1D,CAAC,CACF,CAAC;gBACF,OAAO,IAAI,CACT;oBACE,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,6CAA6C;iBAC1B,EAC9B,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CACT,wEAAwE,CACzE,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,CAAC,MAAM,CACZ,CAAC,WAAW,EACZ,oFAAoF,CACrF,CAAC;QAEF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;YACpE,CAAC;YACD,OAAO,CAAC,MAAM,CACZ,iBAAiB,CAAC,MAAM,CAAC,EACzB,6EAA6E,CAC9E,CAAC;YAEF,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBACzB,IAAI,KAAK,EAAE,CAAC;oBACV,OAAO,CAAC,GAAG,CACT,4HAA4H,EAC5H,MAAkD,CACnD,CAAC;gBACJ,CAAC;gBACD,QAAQ,MAAkD,EAAE,CAAC;oBAC3D,KAAK,QAAQ,CAAC,QAAQ;wBACpB,OAAO,CAAC,MAAM,CACZ,iBAAiB,CAAC,MAAM,CAAC,EACzB,4EAA4E,QAAQ,CAAC,QAAQ,kCAAkC,CAChI,CAAC;wBACF,MAAM,CAAC,SAAS;oBAClB,KAAK,QAAQ,CAAC,8BAA8B;wBAC1C,OAAO,CAAC,MAAM,CACZ,iBAAiB,CAAC,MAAM,CAAC,EACzB,4EAA4E,QAAQ,CAAC,8BAA8B,kCAAkC,CACtJ,CAAC;wBACF,MAAM,CAAC,4CAA4C;oBACrD,KAAK,QAAQ,CAAC,yBAAyB;wBACrC,OAAO,CAAC,MAAM,CACZ,iBAAiB,CAAC,MAAM,CAAC,EACzB,4EAA4E,QAAQ,CAAC,yBAAyB,kCAAkC,CACjJ,CAAC;wBACF,MAAM;oBACR;wBACE,MAAM,IAAI,KAAK,CACb,gFAAgF,MAAM,EAAE,CACzF,CAAC;gBACN,CAAC,CAAC,6DAA6D;gBAE/D,IAAI,KAAK,EAAE,CAAC;oBACV,OAAO,CAAC,GAAG,CACT,gFAAgF,MAAM,qBAAqB,CAC5G,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,KAAK,EAAE,CAAC;oBACV,OAAO,CAAC,GAAG,CACT,4EAA4E,CAC7E,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,sBAAsB,GAAG,uBAAuB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;YAC1E,IAAI,OAAO,sBAAsB,KAAK,WAAW;gBAC/C,OAAO,sBAAsB,CAAC;QAClC,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,MAAM,CAAC,CAAC;YAC7D,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACvB,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC1E,CAAC;QACD,MAAM,0BAA0B,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YACnD,GAAG;YACH,IAAI;YACJ,GAAG,MAAM;SACV,CAAC,CAAC;QAEH,mBAAmB;QACnB,IAAI,0BAA0B,EAAE,CAAC;YAC/B,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;YACvE,CAAC;YAED,IAAI,eAAuC,CAAC;YAC5C,IAAI,CAAC;gBACH,MAAM,eAAe,GAAG,0BAA0B,CAAC,OAAO,CAAC;gBAC3D,MAAM,OAAO,GAA2B,EAAE,CAAC;gBAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,eAAe,CAAC,OAAO,EAAE,EAAE,CAAC;oBACnD,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;gBACrB,CAAC;gBAED,eAAe,GAAG,gBAAgB,CAAC;oBACjC,MAAM;oBACN,OAAO;oBACP,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,SAAS,EAAE,KAAK;oBAChB,OAAO,EAAE,SAAS;oBAClB,KAAK,EAAE,KAAK;iBACb,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CACX,qEAAqE,EACrE,CAAC,CACF,CAAC;gBACF,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACrE,CAAC;YAED,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CACT,6DAA6D,EAC7D,eAAe,CAChB,CAAC;YACJ,CAAC;YAED,IAAI,CAAC;gBACH,OAAO,IAAI,QAAQ,CAAC,0BAA0B,CAAC,IAAI,EAAE;oBACnD,OAAO,EAAE,IAAI,OAAO,CAAC,eAAe,CAAC;oBACrC,MAAM,EAAE,0BAA0B,CAAC,MAAM;oBACzC,UAAU,EAAE,0BAA0B,CAAC,UAAU;iBAClD,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CACX,8FAA8F,EAC9F,CAAC,CACF,CAAC;gBACF,OAAO,IAAI,CACT;oBACE,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,kCAAkC;iBACf,EAC9B,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CACT,wFAAwF,CACzF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,6BAA6B,EAAE,0BAA0B,CAAC,CAAC;QACzE,CAAC;QAED,OAAO,0BAA0B,CAAC;IACpC,CAAC;CACF;AAED,MAAM,OAAO,qBAAqB;IAChB,IAAI,GAAG,oBAA6B,CAAC;IAEpC,cAAc,CAAe;IAE9C,YAAmB,IAAkB;QACnC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;IAC7B,CAAC;IAEM,MAAM,CAAC,IAA6B;QACzC,OAAO,IAAI,cAAc,CAAC;YACxB,GAAG,IAAI,CAAC,cAAc;YACtB,IAAI;SAC4B,CAAC,CAAC;IACtC,CAAC;CACF"}

package/dist/middleware/middlewares/withLogging.d.ts

@@ -0,0 +1,6 @@
+import type { ISchemaVaultsMiddleware, ISchemaVaultsMiddlewareFactory } from "../middleware_types";
+export declare class RequestLoggingMiddlewareFactory implements ISchemaVaultsMiddlewareFactory {
+    readonly type: "middleware-factory";
+    create(next: ISchemaVaultsMiddleware): ISchemaVaultsMiddleware;
+}
+export default RequestLoggingMiddlewareFactory;

package/dist/middleware/middlewares/withLogging.js

@@ -0,0 +1,31 @@
+import { BaseMiddleware } from "./BaseMiddleware";
+class RequestLoggingMiddleware extends BaseMiddleware {
+    constructor(next) {
+        super({
+            next,
+            name: "Request Logging Middleware",
+        });
+    }
+    async handle({ req, ...inputs }) {
+        // the request may have come from behind a reverse proxy like nginx
+        let ip = undefined;
+        if (req.headers.has("X-Real-IP")) {
+            ip = req.headers.get("X-Real-IP") ?? undefined;
+        }
+        const logIpPortion = ip ? `IP: "${ip}"` : "unknown IP";
+        console.log(`'${req.method}' => '${req.url}' (${logIpPortion}).`);
+        const next = this.next;
+        if (!RequestLoggingMiddleware.hasNextMiddleware(next)) {
+            throw new Error("Expected RequestLoggingMiddleware to have child middleware(s)!");
+        }
+        return await next.handle({ req, ...inputs });
+    }
+}
+export class RequestLoggingMiddlewareFactory {
+    type = "middleware-factory";
+    create(next) {
+        return new RequestLoggingMiddleware(next);
+    }
+}
+export default RequestLoggingMiddlewareFactory;
+//# sourceMappingURL=withLogging.js.map

package/dist/middleware/middlewares/withLogging.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"withLogging.js","sourceRoot":"","sources":["../../../src/middleware/middlewares/withLogging.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAE9D,MAAM,wBACJ,SAAQ,cAAc;IAGtB,YAAmB,IAA6B;QAC9C,KAAK,CAAC;YACJ,IAAI;YACJ,IAAI,EAAE,4BAA4B;SACnC,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,EAClB,GAAG,EACH,GAAG,MAAM,EACuB;QAChC,mEAAmE;QACnE,IAAI,EAAE,GAAuB,SAAS,CAAC;QACvC,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;YACjC,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC;QACjD,CAAC;QAED,MAAM,YAAY,GAAW,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC;QAC/D,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,SAAS,GAAG,CAAC,GAAG,MAAM,YAAY,IAAI,CAAC,CAAC;QAClE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACvB,IAAI,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;IAC/C,CAAC;CACF;AAED,MAAM,OAAO,+BAA+B;IAG1B,IAAI,GAAG,oBAA6B,CAAC;IAE9C,MAAM,CAAC,IAA6B;QACzC,OAAO,IAAI,wBAAwB,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC;CACF;AAED,eAAe,+BAA+B,CAAC"}

package/dist/middleware/server-middleware.d.ts

@@ -0,0 +1,23 @@
+import type { AuthMiddlewareRules } from "@schemavaults/auth-common";
+import type { NextResponse } from "next/server";
+import { type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
+import { type SchemaVaultsCORSEnforcementPolicy } from "./middlewares/withCorsSettings";
+import type { ISchemaVaultsMiddleware, ISchemaVaultsMiddlewareFnInputs } from "./middleware_types";
+import BaseMiddleware from "./middlewares/BaseMiddleware";
+import { IJwtKeyManager } from "../JwtKeyManager";
+export interface IServerMiddlewareInitializationOptions {
+    api_server_id?: string;
+    auth_middleware_rules?: AuthMiddlewareRules;
+    debug?: boolean;
+    cors_policy?: SchemaVaultsCORSEnforcementPolicy;
+    environment?: SchemaVaultsAppEnvironment;
+    jwt_keys_manager?: IJwtKeyManager;
+}
+export declare class SchemaVaultsServerMiddleware extends BaseMiddleware implements ISchemaVaultsMiddleware {
+    readonly options: IServerMiddlewareInitializationOptions;
+    private static isValidApiServerId;
+    private static getDefaultCorsPolicy;
+    private static setupMiddlewareChain;
+    constructor(options: IServerMiddlewareInitializationOptions);
+    handle({ req, ...inputs }: ISchemaVaultsMiddlewareFnInputs): Promise<NextResponse | Response>;
+}

package/dist/middleware/server-middleware.js

@@ -0,0 +1,103 @@
+// server-middleware.ts
+import { MiddlewareChain, } from "./middleware_chain";
+import { apiServerIdSchema, getAppEnvironment, getHardcodedClientWebAppDomain, SCHEMAVAULTS_AUTH_APP_DEFINITION, } from "@schemavaults/app-definitions";
+/** Middlewares Imports */
+import AuthJwtValidationMiddlewareFactory from "./middlewares/withAuthJwtValidation";
+import CorsMiddlewareFactory, { SchemaVaultsCORSEnforcementPolicies as cors_policies, } from "./middlewares/withCorsSettings";
+import RequestLoggingMiddlewareFactory from "./middlewares/withLogging";
+import BaseMiddleware from "./middlewares/BaseMiddleware";
+import RemoteJwtKeyManager from "../JwtKeyManager/RemoteJwtKeyManager";
+export class SchemaVaultsServerMiddleware extends BaseMiddleware {
+    options;
+    static isValidApiServerId(api_server_id) {
+        if (!api_server_id) {
+            console.error("[SchemaVaultsServerMiddleware] Did not receive a 'api_server_id' (falsy!) to initialize middleware with!");
+            throw new TypeError("Did not receive a valid API server ID!");
+        }
+        const parsed_api_server_id = apiServerIdSchema.safeParse(api_server_id);
+        if (!parsed_api_server_id.success) {
+            console.error("Error parsing API server ID to initialize SchemaVaultsServerMiddleware with: ", parsed_api_server_id.error);
+            throw new TypeError("Error parsing API server ID to initialize SchemaVaultsServerMiddleware with!");
+        }
+        return parsed_api_server_id.success;
+    }
+    static getDefaultCorsPolicy(environment) {
+        if (environment === "development") {
+            return cors_policies.AllowAny;
+        }
+        return cors_policies.EnforceValidAppIfOriginApplied;
+    }
+    static setupMiddlewareChain(opts) {
+        if (!SchemaVaultsServerMiddleware.isValidApiServerId(opts.api_server_id)) {
+            throw new TypeError("Invalid 'api_server_id' for server middleware!");
+        }
+        const audience = opts.api_server_id;
+        const environment = opts.environment ?? getAppEnvironment();
+        const isAuthServer = audience === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id;
+        let jwt_keys_manager;
+        if (isAuthServer) {
+            if (!opts.jwt_keys_manager) {
+                throw new Error("Missing 'jwt_keys_manager' option for auth server middleware!");
+            }
+            jwt_keys_manager = opts.jwt_keys_manager;
+        }
+        else {
+            if (audience === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id) {
+                throw new Error("Expected this to not be the auth server if this point was reached!");
+            }
+            if (opts.jwt_keys_manager) {
+                jwt_keys_manager = opts.jwt_keys_manager;
+            }
+            else {
+                jwt_keys_manager = new RemoteJwtKeyManager({
+                    auth_server_uri: getHardcodedClientWebAppDomain(SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id, environment)
+                });
+            }
+        }
+        const debug = typeof opts.debug === "boolean"
+            ? opts.debug
+            : environment === "development" ||
+                environment === "test" ||
+                environment === "staging";
+        const cors_policy = opts.cors_policy ??
+            SchemaVaultsServerMiddleware.getDefaultCorsPolicy(environment);
+        const middlewareChainOpts = {
+            middlewares: [
+                new RequestLoggingMiddlewareFactory(),
+                new CorsMiddlewareFactory({
+                    debug: debug,
+                    audience,
+                    policy: cors_policy,
+                }),
+                new AuthJwtValidationMiddlewareFactory({
+                    audience,
+                    middleware_rules: opts.auth_middleware_rules,
+                    debug: debug,
+                    environment: environment,
+                    keys_manager: jwt_keys_manager
+                }),
+            ],
+            debug,
+        };
+        return new MiddlewareChain(middlewareChainOpts);
+    }
+    constructor(options) {
+        super({
+            ...options,
+            name: "SchemaVaultsServerMiddleware",
+            next: SchemaVaultsServerMiddleware.setupMiddlewareChain(options),
+        });
+        this.options = options;
+        if (this.debug) {
+            console.log(`[SchemaVaultsServerMiddleware] Initialized! (audience: ${options.api_server_id}). Middleware Chain: `, this.toMiddlewareFlowString());
+        }
+    }
+    async handle({ req, ...inputs }) {
+        const next = this.next;
+        if (!next) {
+            throw new Error("Failed to load SchemaVaults middleware handler!");
+        }
+        return await next.handle({ req, ...inputs });
+    }
+}
+//# sourceMappingURL=server-middleware.js.map

package/dist/middleware/server-middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-middleware.js","sourceRoot":"","sources":["../../src/middleware/server-middleware.ts"],"names":[],"mappings":"AAAA,uBAAuB;AAKvB,OAAO,EAEL,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAEL,iBAAiB,EACjB,iBAAiB,EACjB,8BAA8B,EAC9B,gCAAgC,GAEjC,MAAM,+BAA+B,CAAC;AAEvC,0BAA0B;AAC1B,OAAO,kCAAkC,MAAM,qCAAqC,CAAC;AACrF,OAAO,qBAAqB,EAAE,EAE5B,mCAAmC,IAAI,aAAa,GACrD,MAAM,gCAAgC,CAAC;AACxC,OAAO,+BAA+B,MAAM,2BAA2B,CAAC;AAMxE,OAAO,cAAc,MAAM,8BAA8B,CAAC;AAE1D,OAAO,mBAAmB,MAAM,qCAAqC,CAAC;AAWtE,MAAM,OAAO,4BACX,SAAQ,cAAc;IAkGM;IA9FpB,MAAM,CAAC,kBAAkB,CAAC,aAAsB;QACtD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CAAC,0GAA0G,CAAC,CAAA;YACzH,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAA;QAC/D,CAAC;QACD,MAAM,oBAAoB,GAAG,iBAAiB,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QACxE,IAAI,CAAC,oBAAoB,CAAC,OAAO,EAAE,CAAC;YAClC,OAAO,CAAC,KAAK,CACX,+EAA+E,EAC/E,oBAAoB,CAAC,KAAK,CAC3B,CAAC;YACF,MAAM,IAAI,SAAS,CACjB,8EAA8E,CAC/E,CAAC;QACJ,CAAC;QACD,OAAO,oBAAoB,CAAC,OAAO,CAAA;IACrC,CAAC;IAEO,MAAM,CAAC,oBAAoB,CACjC,WAAuC;QAEvC,IAAI,WAAW,KAAK,aAAa,EAAE,CAAC;YAClC,OAAO,aAAa,CAAC,QAAQ,CAAC;QAChC,CAAC;QACD,OAAO,aAAa,CAAC,8BAA8B,CAAC;IACtD,CAAC;IAEO,MAAM,CAAC,oBAAoB,CACjC,IAA4C;QAE5C,IAAI,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;YACzE,MAAM,IAAI,SAAS,CAAC,gDAAgD,CAAC,CAAA;QACvE,CAAC;QACD,MAAM,QAAQ,GAAgB,IAAI,CAAC,aAAa,CAAC;QAEjD,MAAM,WAAW,GACf,IAAI,CAAC,WAAW,IAAI,iBAAiB,EAAE,CAAC;QAE1C,MAAM,YAAY,GAAY,QAAQ,KAAK,gCAAgC,CAAC,MAAM,CAAC;QACnF,IAAI,gBAAgC,CAAC;QACrC,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;YACnF,CAAC;YACD,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC;QAC3C,CAAC;aAAM,CAAC;YACN,IAAI,QAAQ,KAAK,gCAAgC,CAAC,MAAM,EAAE,CAAC;gBACzD,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAA;YACvF,CAAC;YACD,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBAC1B,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC;YAC3C,CAAC;iBAAM,CAAC;gBACN,gBAAgB,GAAG,IAAI,mBAAmB,CAAC;oBACzC,eAAe,EAAE,8BAA8B,CAC7C,gCAAgC,CAAC,MAAM,EACvC,WAAW,CACZ;iBACF,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,MAAM,KAAK,GACT,OAAO,IAAI,CAAC,KAAK,KAAK,SAAS;YAC7B,CAAC,CAAC,IAAI,CAAC,KAAK;YACZ,CAAC,CAAC,WAAW,KAAK,aAAa;gBAC7B,WAAW,KAAK,MAAM;gBACtB,WAAW,KAAK,SAAS,CAAC;QAEhC,MAAM,WAAW,GACf,IAAI,CAAC,WAAW;YAChB,4BAA4B,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QAEjE,MAAM,mBAAmB,GAAgC;YACvD,WAAW,EAAE;gBACX,IAAI,+BAA+B,EAAE;gBACrC,IAAI,qBAAqB,CAAC;oBACxB,KAAK,EAAE,KAAK;oBACZ,QAAQ;oBACR,MAAM,EAAE,WAAW;iBACpB,CAAC;gBACF,IAAI,kCAAkC,CAAC;oBACrC,QAAQ;oBACR,gBAAgB,EAAE,IAAI,CAAC,qBAAqB;oBAC5C,KAAK,EAAE,KAAK;oBACZ,WAAW,EAAE,WAAW;oBACxB,YAAY,EAAE,gBAAgB;iBAC/B,CAAC;aAC0D;YAC9D,KAAK;SACN,CAAC;QAEF,OAAO,IAAI,eAAe,CAAC,mBAAmB,CAAC,CAAC;IAClD,CAAC;IAED,YAA4B,OAA+C;QACzE,KAAK,CAAC;YACJ,GAAG,OAAO;YACV,IAAI,EAAE,8BAA8B;YACpC,IAAI,EAAE,4BAA4B,CAAC,oBAAoB,CAAC,OAAO,CAAC;SACjE,CAAC,CAAC;QALuB,YAAO,GAAP,OAAO,CAAwC;QAOzE,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,0DAA0D,OAAO,CAAC,aAAa,uBAAuB,EACtG,IAAI,CAAC,sBAAsB,EAAE,CAC9B,CAAC;QACJ,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,EAClB,GAAG,EACH,GAAG,MAAM,EACuB;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACvB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;QACD,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;IAC/C,CAAC;CACF"}

package/dist/route_guards/admin.d.ts

@@ -0,0 +1,5 @@
+import { BaseRouteGuard, type IRouteGuard } from "./base-route-guard";
+export declare class AdminRequiredRouteGuard extends BaseRouteGuard implements IRouteGuard {
+    isAccessAllowed(): boolean;
+}
+export default AdminRequiredRouteGuard;

package/dist/route_guards/admin.js

@@ -0,0 +1,13 @@
+import { BaseRouteGuard } from "./base-route-guard";
+export class AdminRequiredRouteGuard extends BaseRouteGuard {
+    isAccessAllowed() {
+        if (this._user &&
+            this.isAuthenticated &&
+            this.isAdmin) {
+            return true;
+        }
+        return false;
+    }
+}
+export default AdminRequiredRouteGuard;
+//# sourceMappingURL=admin.js.map

package/dist/route_guards/admin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin.js","sourceRoot":"","sources":["../../src/route_guards/admin.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAoB,MAAM,oBAAoB,CAAC;AAEtE,MAAM,OAAO,uBACX,SAAQ,cAAc;IAGf,eAAe;QACpB,IACG,IAAI,CAAC,KAAgC;YACtC,IAAI,CAAC,eAAe;YACpB,IAAI,CAAC,OAAO,EACZ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAED,eAAe,uBAAuB,CAAC"}

package/dist/route_guards/authenticated.d.ts

@@ -0,0 +1,5 @@
+import { BaseRouteGuard, type IRouteGuard } from "./base-route-guard";
+export declare class AuthenticationRequiredRouteGuard extends BaseRouteGuard implements IRouteGuard {
+    isAccessAllowed(): boolean;
+}
+export default AuthenticationRequiredRouteGuard;

package/dist/route_guards/authenticated.js

@@ -0,0 +1,11 @@
+import { BaseRouteGuard } from "./base-route-guard";
+export class AuthenticationRequiredRouteGuard extends BaseRouteGuard {
+    isAccessAllowed() {
+        if (this.isAuthenticated) {
+            return true;
+        }
+        return false;
+    }
+}
+export default AuthenticationRequiredRouteGuard;
+//# sourceMappingURL=authenticated.js.map