@simplr-ai/express 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +122 -0
- package/dist/fastify.cjs +241 -0
- package/dist/fastify.cjs.map +1 -0
- package/dist/fastify.d.cts +11 -0
- package/dist/fastify.d.ts +11 -0
- package/dist/fastify.js +214 -0
- package/dist/fastify.js.map +1 -0
- package/dist/hono.cjs +246 -0
- package/dist/hono.cjs.map +1 -0
- package/dist/hono.d.cts +25 -0
- package/dist/hono.d.ts +25 -0
- package/dist/hono.js +218 -0
- package/dist/hono.js.map +1 -0
- package/dist/index.cjs +244 -0
- package/dist/index.cjs.map +1 -0
- package/dist/index.d.cts +96 -0
- package/dist/index.d.ts +96 -0
- package/dist/index.js +210 -0
- package/dist/index.js.map +1 -0
- package/dist/next.cjs +269 -0
- package/dist/next.cjs.map +1 -0
- package/dist/next.d.cts +41 -0
- package/dist/next.d.ts +41 -0
- package/dist/next.js +241 -0
- package/dist/next.js.map +1 -0
- package/dist/types-CmzpR5S4.d.cts +115 -0
- package/dist/types-CmzpR5S4.d.ts +115 -0
- package/package.json +108 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/client.ts","../src/core.ts","../src/fastify.ts"],"sourcesContent":["/**\n * Thin internal client.\n *\n * This is a ~40-line port of the minimal call path from `@simplr-ai/node`\n * (`apiRequest` + `check` + `edge.ingestLogs`) so that this package builds and\n * tests without an unbuilt workspace dependency or any network access.\n *\n * In production this package pairs with `@simplr-ai/node`; the endpoints, auth\n * header (`X-API-Key`), `{ success, message, content }` envelope unwrapping, and\n * 15s default timeout here are byte-for-byte compatible with that SDK and the\n * Simplr API contract.\n */\nimport type { CheckInput, CheckResult, EdgeLogEntry } from \"./types.js\";\n\nconst DEFAULT_BASE_URL = \"https://api.simplr.sh\";\n\n/** Thrown when the Simplr API returns a non-2xx response or the request fails. */\nexport class SimplrError extends Error {\n readonly status: number;\n readonly body: unknown;\n constructor(message: string, status: number, body: unknown) {\n super(message);\n this.name = \"SimplrError\";\n this.status = status;\n this.body = body;\n }\n}\n\nexport interface ClientConfig {\n apiKey: string;\n baseUrl?: string;\n timeoutMs?: number;\n fetch?: typeof fetch;\n}\n\nexport interface SimplrClient {\n check(input: CheckInput): Promise<CheckResult>;\n ingestLogs(deviceId: string, logs: EdgeLogEntry[]): Promise<unknown>;\n}\n\nexport function createClient(config: ClientConfig): SimplrClient {\n if (!config?.apiKey) throw new Error(\"Simplr: `apiKey` is required\");\n const baseUrl = (config.baseUrl || DEFAULT_BASE_URL).replace(/\\/+$/, \"\");\n const timeoutMs = config.timeoutMs ?? 15000;\n const fetchImpl = config.fetch ?? globalThis.fetch;\n if (typeof fetchImpl !== \"function\") {\n throw new Error(\n \"Simplr: no global fetch available — use Node 18+ or pass `fetch` in options\",\n );\n }\n\n async function apiRequest<T>(method: string, path: string, body?: unknown): Promise<T> {\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), timeoutMs);\n try {\n const res = await fetchImpl(`${baseUrl}${path}`, {\n method,\n headers: { \"Content-Type\": \"application/json\", \"X-API-Key\": config.apiKey },\n body: body !== undefined ? JSON.stringify(body) : undefined,\n signal: controller.signal,\n });\n const text = await res.text();\n let parsed: any;\n try {\n parsed = text ? JSON.parse(text) : undefined;\n } catch {\n parsed = text;\n }\n if (!res.ok) {\n const message =\n (parsed && (parsed.message || parsed.error)) || `Simplr API error ${res.status}`;\n throw new SimplrError(message, res.status, parsed);\n }\n return (parsed && typeof parsed === \"object\" && \"content\" in parsed\n ? parsed.content\n : parsed) as T;\n } catch (err) {\n if (err instanceof SimplrError) throw err;\n if (err instanceof Error && err.name === \"AbortError\") {\n throw new SimplrError(`Request to ${path} timed out after ${timeoutMs}ms`, 0, null);\n }\n throw new SimplrError(err instanceof Error ? err.message : \"Network error\", 0, null);\n } finally {\n clearTimeout(timer);\n }\n }\n\n return {\n check: (input) => apiRequest<CheckResult>(\"POST\", \"/v1/check\", input),\n ingestLogs: (deviceId, logs) =>\n apiRequest(\"POST\", \"/v1/edge/logs\", { device_id: deviceId, logs }),\n };\n}\n","/**\n * Framework-agnostic guard engine.\n *\n * `createGuard` returns an object that, given any request-like object, builds a\n * `CheckInput`, calls `/v1/check`, decides whether to block, optionally ships an\n * edge log, and fails open on error. Framework adapters (express/fastify/hono/\n * next) are thin wrappers over this engine.\n */\nimport { createClient, type SimplrClient } from \"./client.js\";\nimport type {\n BlockThreshold,\n CheckInput,\n CheckResult,\n GuardContext,\n GuardOptions,\n GuardOutcome,\n RiskLevel,\n} from \"./types.js\";\n\nconst RISK_ORDER: Record<RiskLevel, number> = {\n low: 0,\n medium: 1,\n high: 2,\n critical: 3,\n};\n\nconst DEFAULT_DEVICE_ID = \"simplr-edge-middleware\";\nconst DEFAULT_THRESHOLD: RiskLevel = \"high\";\n\n/** Numeric rank of a risk level. Unknown levels rank as the lowest (0). */\nexport function riskRank(level: RiskLevel | string | undefined): number {\n return RISK_ORDER[level as RiskLevel] ?? 0;\n}\n\n/** True when `level` is at least `min` in the low<medium<high<critical ordering. */\nexport function riskAtLeast(level: RiskLevel | string | undefined, min: RiskLevel): boolean {\n return riskRank(level) >= riskRank(min);\n}\n\n/** Read a header from either a plain bag (lowercase keys) or a Headers-like getter. */\nfunction readHeader(headers: unknown, name: string): string | undefined {\n if (!headers) return undefined;\n const h = headers as any;\n if (typeof h.get === \"function\") {\n const v = h.get(name);\n return v == null ? undefined : String(v);\n }\n // Plain object: try the lowercase key, then a case-insensitive scan.\n const lower = name.toLowerCase();\n if (lower in h && h[lower] != null) return String(h[lower]);\n for (const key of Object.keys(h)) {\n if (key.toLowerCase() === lower && h[key] != null) return String(h[key]);\n }\n return undefined;\n}\n\n/** Best-effort client IP from common header and socket locations. */\nfunction extractIp(req: any): string | undefined {\n const fwd = readHeader(req?.headers, \"x-forwarded-for\");\n if (fwd) return fwd.split(\",\")[0]!.trim();\n const real = readHeader(req?.headers, \"x-real-ip\");\n if (real) return real;\n return (\n req?.ip ||\n req?.socket?.remoteAddress ||\n req?.connection?.remoteAddress ||\n undefined\n );\n}\n\n/**\n * Default request → CheckInput extractor. Pulls the client IP and user-agent into\n * `device`, and lifts `email`/`phone` from a parsed JSON body when present.\n */\nexport function defaultExtract(req: any): CheckInput {\n const input: CheckInput = {};\n\n const device: Record<string, unknown> = {};\n const ip = extractIp(req);\n if (ip) device.ip = ip;\n const ua = readHeader(req?.headers, \"user-agent\");\n if (ua) device.user_agent = ua;\n if (Object.keys(device).length > 0) input.device = device;\n\n const body = req?.body;\n if (body && typeof body === \"object\") {\n const b = body as Record<string, unknown>;\n if (typeof b.email === \"string\") input.email = b.email;\n if (typeof b.phone === \"string\") input.phone = b.phone;\n }\n\n return input;\n}\n\nfunction normalizeBlock(\n block: GuardOptions[\"block\"],\n): (result: CheckResult) => boolean {\n if (typeof block === \"function\") return block;\n const threshold = (block as BlockThreshold | undefined)?.whenRiskAtLeast ?? DEFAULT_THRESHOLD;\n return (result) => riskAtLeast(result.risk_level, threshold);\n}\n\nexport interface Guard<Req = any> {\n /** The underlying thin Simplr client (check + edge log ingestion). */\n readonly client: SimplrClient;\n /** Run the full engine against a request; never throws when `failOpen`. */\n run(req: Req): Promise<GuardOutcome>;\n}\n\nexport function createGuard<Req = any>(options: GuardOptions<Req>): Guard<Req> {\n if (!options?.apiKey) throw new Error(\"createGuard: `apiKey` is required\");\n\n const client = createClient({\n apiKey: options.apiKey,\n baseUrl: options.baseUrl,\n timeoutMs: options.timeoutMs,\n fetch: options.fetch,\n });\n\n const extract = options.extract ?? defaultExtract;\n const shouldBlock = normalizeBlock(options.block);\n const failOpen = options.failOpen ?? true;\n const ingestLogs = options.ingestLogs ?? false;\n const deviceId = options.deviceId ?? DEFAULT_DEVICE_ID;\n\n async function run(req: Req): Promise<GuardOutcome> {\n const input = await extract(req);\n let result: CheckResult;\n try {\n result = await client.check(input);\n } catch (error) {\n if (failOpen) {\n return { result: null, blocked: false, input, error };\n }\n throw error;\n }\n\n const blocked = shouldBlock(result);\n const ctx: GuardContext<Req> = { req, input, blocked };\n\n if (options.onResult) {\n try {\n await options.onResult(result, ctx);\n } catch {\n // onResult is observational; never let it break the request.\n }\n }\n\n if (ingestLogs) {\n try {\n await client.ingestLogs(deviceId, [\n {\n category: \"security\",\n level: blocked ? \"warn\" : \"info\",\n message: blocked ? \"simplr guard blocked request\" : \"simplr guard checked request\",\n risk_level: result.risk_level,\n risk_score: result.risk_score,\n },\n ]);\n } catch {\n // Log shipping is best-effort and must never affect the request.\n }\n }\n\n return { result, blocked, input };\n }\n\n return { client, run };\n}\n\n/** Standard JSON envelope returned to the client on a blocked request. */\nexport function blockEnvelope(result: CheckResult) {\n return {\n error: \"request_blocked\",\n message: \"This request was blocked by Simplr fraud protection.\",\n risk_level: result.risk_level,\n risk_score: result.risk_score,\n };\n}\n","/**\n * Fastify adapter. A plugin that registers a `preHandler` hook decorating\n * `request.simplr` and short-circuiting blocked requests with a 403.\n *\n * ```ts\n * import Fastify from \"fastify\";\n * import { simplrFastify } from \"@simplr-ai/express/fastify\";\n * const app = Fastify();\n * await app.register(simplrFastify, { apiKey: process.env.SIMPLR_API_KEY! });\n * ```\n */\nimport { blockEnvelope, createGuard } from \"./core.js\";\nimport type { CheckResult, GuardOptions } from \"./types.js\";\n\ntype FastifyInstance = any;\ntype FastifyRequest = any;\ntype FastifyReply = {\n code(statusCode: number): FastifyReply;\n send(payload: unknown): unknown;\n};\n\n/**\n * Fastify plugin. Register with `app.register(simplrFastify, options)`.\n * Accepts the standard `(fastify, options, done)` plugin signature.\n */\nexport function simplrFastify(\n fastify: FastifyInstance,\n options: GuardOptions,\n done?: (err?: Error) => void,\n): void {\n try {\n const guard = createGuard(options);\n const failOpen = options.failOpen ?? true;\n\n // Decorate so TypeScript/Fastify know about `request.simplr`.\n if (typeof fastify.decorateRequest === \"function\") {\n fastify.decorateRequest(\"simplr\", null);\n }\n\n fastify.addHook(\n \"preHandler\",\n async (request: FastifyRequest, reply: FastifyReply) => {\n try {\n const outcome = await guard.run(request);\n request.simplr = outcome.result;\n if (outcome.blocked && outcome.result) {\n reply.code(403).send(blockEnvelope(outcome.result));\n return reply;\n }\n } catch (err) {\n if (failOpen) {\n request.simplr = null;\n return;\n }\n throw err;\n }\n },\n );\n\n done?.();\n } catch (err) {\n if (done) done(err as Error);\n else throw err;\n }\n}\n\n// Mark as a Fastify plugin so `fastify-plugin`-style encapsulation skipping is\n// not required; Fastify reads this property when present.\n(simplrFastify as any)[Symbol.for(\"skip-override\")] = true;\n\n// Consumers can augment `FastifyRequest` with `simplr?: CheckResult | null`\n// themselves; we don't `declare module \"fastify\"` here so the package builds\n// without `fastify` (an optional peer) installed. `CheckResult` is re-exported\n// for that purpose.\nexport type { CheckResult };\n"],"mappings":";AAcA,IAAM,mBAAmB;AAGlB,IAAM,cAAN,cAA0B,MAAM;AAAA,EAC5B;AAAA,EACA;AAAA,EACT,YAAY,SAAiB,QAAgB,MAAe;AAC1D,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,OAAO;AAAA,EACd;AACF;AAcO,SAAS,aAAa,QAAoC;AAC/D,MAAI,CAAC,QAAQ,OAAQ,OAAM,IAAI,MAAM,8BAA8B;AACnE,QAAM,WAAW,OAAO,WAAW,kBAAkB,QAAQ,QAAQ,EAAE;AACvE,QAAM,YAAY,OAAO,aAAa;AACtC,QAAM,YAAY,OAAO,SAAS,WAAW;AAC7C,MAAI,OAAO,cAAc,YAAY;AACnC,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,WAAc,QAAgB,MAAc,MAA4B;AACrF,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,QAAQ,WAAW,MAAM,WAAW,MAAM,GAAG,SAAS;AAC5D,QAAI;AACF,YAAM,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,IAAI,IAAI;AAAA,QAC/C;AAAA,QACA,SAAS,EAAE,gBAAgB,oBAAoB,aAAa,OAAO,OAAO;AAAA,QAC1E,MAAM,SAAS,SAAY,KAAK,UAAU,IAAI,IAAI;AAAA,QAClD,QAAQ,WAAW;AAAA,MACrB,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI;AACJ,UAAI;AACF,iBAAS,OAAO,KAAK,MAAM,IAAI,IAAI;AAAA,MACrC,QAAQ;AACN,iBAAS;AAAA,MACX;AACA,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,UACH,WAAW,OAAO,WAAW,OAAO,UAAW,oBAAoB,IAAI,MAAM;AAChF,cAAM,IAAI,YAAY,SAAS,IAAI,QAAQ,MAAM;AAAA,MACnD;AACA,aAAQ,UAAU,OAAO,WAAW,YAAY,aAAa,SACzD,OAAO,UACP;AAAA,IACN,SAAS,KAAK;AACZ,UAAI,eAAe,YAAa,OAAM;AACtC,UAAI,eAAe,SAAS,IAAI,SAAS,cAAc;AACrD,cAAM,IAAI,YAAY,cAAc,IAAI,oBAAoB,SAAS,MAAM,GAAG,IAAI;AAAA,MACpF;AACA,YAAM,IAAI,YAAY,eAAe,QAAQ,IAAI,UAAU,iBAAiB,GAAG,IAAI;AAAA,IACrF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,OAAO,CAAC,UAAU,WAAwB,QAAQ,aAAa,KAAK;AAAA,IACpE,YAAY,CAAC,UAAU,SACrB,WAAW,QAAQ,iBAAiB,EAAE,WAAW,UAAU,KAAK,CAAC;AAAA,EACrE;AACF;;;ACzEA,IAAM,aAAwC;AAAA,EAC5C,KAAK;AAAA,EACL,QAAQ;AAAA,EACR,MAAM;AAAA,EACN,UAAU;AACZ;AAEA,IAAM,oBAAoB;AAC1B,IAAM,oBAA+B;AAG9B,SAAS,SAAS,OAA+C;AACtE,SAAO,WAAW,KAAkB,KAAK;AAC3C;AAGO,SAAS,YAAY,OAAuC,KAAyB;AAC1F,SAAO,SAAS,KAAK,KAAK,SAAS,GAAG;AACxC;AAGA,SAAS,WAAW,SAAkB,MAAkC;AACtE,MAAI,CAAC,QAAS,QAAO;AACrB,QAAM,IAAI;AACV,MAAI,OAAO,EAAE,QAAQ,YAAY;AAC/B,UAAM,IAAI,EAAE,IAAI,IAAI;AACpB,WAAO,KAAK,OAAO,SAAY,OAAO,CAAC;AAAA,EACzC;AAEA,QAAM,QAAQ,KAAK,YAAY;AAC/B,MAAI,SAAS,KAAK,EAAE,KAAK,KAAK,KAAM,QAAO,OAAO,EAAE,KAAK,CAAC;AAC1D,aAAW,OAAO,OAAO,KAAK,CAAC,GAAG;AAChC,QAAI,IAAI,YAAY,MAAM,SAAS,EAAE,GAAG,KAAK,KAAM,QAAO,OAAO,EAAE,GAAG,CAAC;AAAA,EACzE;AACA,SAAO;AACT;AAGA,SAAS,UAAU,KAA8B;AAC/C,QAAM,MAAM,WAAW,KAAK,SAAS,iBAAiB;AACtD,MAAI,IAAK,QAAO,IAAI,MAAM,GAAG,EAAE,CAAC,EAAG,KAAK;AACxC,QAAM,OAAO,WAAW,KAAK,SAAS,WAAW;AACjD,MAAI,KAAM,QAAO;AACjB,SACE,KAAK,MACL,KAAK,QAAQ,iBACb,KAAK,YAAY,iBACjB;AAEJ;AAMO,SAAS,eAAe,KAAsB;AACnD,QAAM,QAAoB,CAAC;AAE3B,QAAM,SAAkC,CAAC;AACzC,QAAM,KAAK,UAAU,GAAG;AACxB,MAAI,GAAI,QAAO,KAAK;AACpB,QAAM,KAAK,WAAW,KAAK,SAAS,YAAY;AAChD,MAAI,GAAI,QAAO,aAAa;AAC5B,MAAI,OAAO,KAAK,MAAM,EAAE,SAAS,EAAG,OAAM,SAAS;AAEnD,QAAM,OAAO,KAAK;AAClB,MAAI,QAAQ,OAAO,SAAS,UAAU;AACpC,UAAM,IAAI;AACV,QAAI,OAAO,EAAE,UAAU,SAAU,OAAM,QAAQ,EAAE;AACjD,QAAI,OAAO,EAAE,UAAU,SAAU,OAAM,QAAQ,EAAE;AAAA,EACnD;AAEA,SAAO;AACT;AAEA,SAAS,eACP,OACkC;AAClC,MAAI,OAAO,UAAU,WAAY,QAAO;AACxC,QAAM,YAAa,OAAsC,mBAAmB;AAC5E,SAAO,CAAC,WAAW,YAAY,OAAO,YAAY,SAAS;AAC7D;AASO,SAAS,YAAuB,SAAwC;AAC7E,MAAI,CAAC,SAAS,OAAQ,OAAM,IAAI,MAAM,mCAAmC;AAEzE,QAAM,SAAS,aAAa;AAAA,IAC1B,QAAQ,QAAQ;AAAA,IAChB,SAAS,QAAQ;AAAA,IACjB,WAAW,QAAQ;AAAA,IACnB,OAAO,QAAQ;AAAA,EACjB,CAAC;AAED,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,cAAc,eAAe,QAAQ,KAAK;AAChD,QAAM,WAAW,QAAQ,YAAY;AACrC,QAAM,aAAa,QAAQ,cAAc;AACzC,QAAM,WAAW,QAAQ,YAAY;AAErC,iBAAe,IAAI,KAAiC;AAClD,UAAM,QAAQ,MAAM,QAAQ,GAAG;AAC/B,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,OAAO,MAAM,KAAK;AAAA,IACnC,SAAS,OAAO;AACd,UAAI,UAAU;AACZ,eAAO,EAAE,QAAQ,MAAM,SAAS,OAAO,OAAO,MAAM;AAAA,MACtD;AACA,YAAM;AAAA,IACR;AAEA,UAAM,UAAU,YAAY,MAAM;AAClC,UAAM,MAAyB,EAAE,KAAK,OAAO,QAAQ;AAErD,QAAI,QAAQ,UAAU;AACpB,UAAI;AACF,cAAM,QAAQ,SAAS,QAAQ,GAAG;AAAA,MACpC,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,QAAI,YAAY;AACd,UAAI;AACF,cAAM,OAAO,WAAW,UAAU;AAAA,UAChC;AAAA,YACE,UAAU;AAAA,YACV,OAAO,UAAU,SAAS;AAAA,YAC1B,SAAS,UAAU,iCAAiC;AAAA,YACpD,YAAY,OAAO;AAAA,YACnB,YAAY,OAAO;AAAA,UACrB;AAAA,QACF,CAAC;AAAA,MACH,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,WAAO,EAAE,QAAQ,SAAS,MAAM;AAAA,EAClC;AAEA,SAAO,EAAE,QAAQ,IAAI;AACvB;AAGO,SAAS,cAAc,QAAqB;AACjD,SAAO;AAAA,IACL,OAAO;AAAA,IACP,SAAS;AAAA,IACT,YAAY,OAAO;AAAA,IACnB,YAAY,OAAO;AAAA,EACrB;AACF;;;ACzJO,SAAS,cACd,SACA,SACA,MACM;AACN,MAAI;AACF,UAAM,QAAQ,YAAY,OAAO;AACjC,UAAM,WAAW,QAAQ,YAAY;AAGrC,QAAI,OAAO,QAAQ,oBAAoB,YAAY;AACjD,cAAQ,gBAAgB,UAAU,IAAI;AAAA,IACxC;AAEA,YAAQ;AAAA,MACN;AAAA,MACA,OAAO,SAAyB,UAAwB;AACtD,YAAI;AACF,gBAAM,UAAU,MAAM,MAAM,IAAI,OAAO;AACvC,kBAAQ,SAAS,QAAQ;AACzB,cAAI,QAAQ,WAAW,QAAQ,QAAQ;AACrC,kBAAM,KAAK,GAAG,EAAE,KAAK,cAAc,QAAQ,MAAM,CAAC;AAClD,mBAAO;AAAA,UACT;AAAA,QACF,SAAS,KAAK;AACZ,cAAI,UAAU;AACZ,oBAAQ,SAAS;AACjB;AAAA,UACF;AACA,gBAAM;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT,SAAS,KAAK;AACZ,QAAI,KAAM,MAAK,GAAY;AAAA,QACtB,OAAM;AAAA,EACb;AACF;AAIC,cAAsB,uBAAO,IAAI,eAAe,CAAC,IAAI;","names":[]}
|
package/dist/hono.cjs
ADDED
|
@@ -0,0 +1,246 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __defProp = Object.defineProperty;
|
|
3
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
+
var __export = (target, all) => {
|
|
7
|
+
for (var name in all)
|
|
8
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
+
};
|
|
10
|
+
var __copyProps = (to, from, except, desc) => {
|
|
11
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
+
for (let key of __getOwnPropNames(from))
|
|
13
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
+
}
|
|
16
|
+
return to;
|
|
17
|
+
};
|
|
18
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
+
|
|
20
|
+
// src/hono.ts
|
|
21
|
+
var hono_exports = {};
|
|
22
|
+
__export(hono_exports, {
|
|
23
|
+
getSimplr: () => getSimplr,
|
|
24
|
+
simplrHono: () => simplrHono
|
|
25
|
+
});
|
|
26
|
+
module.exports = __toCommonJS(hono_exports);
|
|
27
|
+
|
|
28
|
+
// src/client.ts
|
|
29
|
+
var DEFAULT_BASE_URL = "https://api.simplr.sh";
|
|
30
|
+
var SimplrError = class extends Error {
|
|
31
|
+
status;
|
|
32
|
+
body;
|
|
33
|
+
constructor(message, status, body) {
|
|
34
|
+
super(message);
|
|
35
|
+
this.name = "SimplrError";
|
|
36
|
+
this.status = status;
|
|
37
|
+
this.body = body;
|
|
38
|
+
}
|
|
39
|
+
};
|
|
40
|
+
function createClient(config) {
|
|
41
|
+
if (!config?.apiKey) throw new Error("Simplr: `apiKey` is required");
|
|
42
|
+
const baseUrl = (config.baseUrl || DEFAULT_BASE_URL).replace(/\/+$/, "");
|
|
43
|
+
const timeoutMs = config.timeoutMs ?? 15e3;
|
|
44
|
+
const fetchImpl = config.fetch ?? globalThis.fetch;
|
|
45
|
+
if (typeof fetchImpl !== "function") {
|
|
46
|
+
throw new Error(
|
|
47
|
+
"Simplr: no global fetch available \u2014 use Node 18+ or pass `fetch` in options"
|
|
48
|
+
);
|
|
49
|
+
}
|
|
50
|
+
async function apiRequest(method, path, body) {
|
|
51
|
+
const controller = new AbortController();
|
|
52
|
+
const timer = setTimeout(() => controller.abort(), timeoutMs);
|
|
53
|
+
try {
|
|
54
|
+
const res = await fetchImpl(`${baseUrl}${path}`, {
|
|
55
|
+
method,
|
|
56
|
+
headers: { "Content-Type": "application/json", "X-API-Key": config.apiKey },
|
|
57
|
+
body: body !== void 0 ? JSON.stringify(body) : void 0,
|
|
58
|
+
signal: controller.signal
|
|
59
|
+
});
|
|
60
|
+
const text = await res.text();
|
|
61
|
+
let parsed;
|
|
62
|
+
try {
|
|
63
|
+
parsed = text ? JSON.parse(text) : void 0;
|
|
64
|
+
} catch {
|
|
65
|
+
parsed = text;
|
|
66
|
+
}
|
|
67
|
+
if (!res.ok) {
|
|
68
|
+
const message = parsed && (parsed.message || parsed.error) || `Simplr API error ${res.status}`;
|
|
69
|
+
throw new SimplrError(message, res.status, parsed);
|
|
70
|
+
}
|
|
71
|
+
return parsed && typeof parsed === "object" && "content" in parsed ? parsed.content : parsed;
|
|
72
|
+
} catch (err) {
|
|
73
|
+
if (err instanceof SimplrError) throw err;
|
|
74
|
+
if (err instanceof Error && err.name === "AbortError") {
|
|
75
|
+
throw new SimplrError(`Request to ${path} timed out after ${timeoutMs}ms`, 0, null);
|
|
76
|
+
}
|
|
77
|
+
throw new SimplrError(err instanceof Error ? err.message : "Network error", 0, null);
|
|
78
|
+
} finally {
|
|
79
|
+
clearTimeout(timer);
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
return {
|
|
83
|
+
check: (input) => apiRequest("POST", "/v1/check", input),
|
|
84
|
+
ingestLogs: (deviceId, logs) => apiRequest("POST", "/v1/edge/logs", { device_id: deviceId, logs })
|
|
85
|
+
};
|
|
86
|
+
}
|
|
87
|
+
|
|
88
|
+
// src/core.ts
|
|
89
|
+
var RISK_ORDER = {
|
|
90
|
+
low: 0,
|
|
91
|
+
medium: 1,
|
|
92
|
+
high: 2,
|
|
93
|
+
critical: 3
|
|
94
|
+
};
|
|
95
|
+
var DEFAULT_DEVICE_ID = "simplr-edge-middleware";
|
|
96
|
+
var DEFAULT_THRESHOLD = "high";
|
|
97
|
+
function riskRank(level) {
|
|
98
|
+
return RISK_ORDER[level] ?? 0;
|
|
99
|
+
}
|
|
100
|
+
function riskAtLeast(level, min) {
|
|
101
|
+
return riskRank(level) >= riskRank(min);
|
|
102
|
+
}
|
|
103
|
+
function readHeader(headers, name) {
|
|
104
|
+
if (!headers) return void 0;
|
|
105
|
+
const h = headers;
|
|
106
|
+
if (typeof h.get === "function") {
|
|
107
|
+
const v = h.get(name);
|
|
108
|
+
return v == null ? void 0 : String(v);
|
|
109
|
+
}
|
|
110
|
+
const lower = name.toLowerCase();
|
|
111
|
+
if (lower in h && h[lower] != null) return String(h[lower]);
|
|
112
|
+
for (const key of Object.keys(h)) {
|
|
113
|
+
if (key.toLowerCase() === lower && h[key] != null) return String(h[key]);
|
|
114
|
+
}
|
|
115
|
+
return void 0;
|
|
116
|
+
}
|
|
117
|
+
function extractIp(req) {
|
|
118
|
+
const fwd = readHeader(req?.headers, "x-forwarded-for");
|
|
119
|
+
if (fwd) return fwd.split(",")[0].trim();
|
|
120
|
+
const real = readHeader(req?.headers, "x-real-ip");
|
|
121
|
+
if (real) return real;
|
|
122
|
+
return req?.ip || req?.socket?.remoteAddress || req?.connection?.remoteAddress || void 0;
|
|
123
|
+
}
|
|
124
|
+
function defaultExtract(req) {
|
|
125
|
+
const input = {};
|
|
126
|
+
const device = {};
|
|
127
|
+
const ip = extractIp(req);
|
|
128
|
+
if (ip) device.ip = ip;
|
|
129
|
+
const ua = readHeader(req?.headers, "user-agent");
|
|
130
|
+
if (ua) device.user_agent = ua;
|
|
131
|
+
if (Object.keys(device).length > 0) input.device = device;
|
|
132
|
+
const body = req?.body;
|
|
133
|
+
if (body && typeof body === "object") {
|
|
134
|
+
const b = body;
|
|
135
|
+
if (typeof b.email === "string") input.email = b.email;
|
|
136
|
+
if (typeof b.phone === "string") input.phone = b.phone;
|
|
137
|
+
}
|
|
138
|
+
return input;
|
|
139
|
+
}
|
|
140
|
+
function normalizeBlock(block) {
|
|
141
|
+
if (typeof block === "function") return block;
|
|
142
|
+
const threshold = block?.whenRiskAtLeast ?? DEFAULT_THRESHOLD;
|
|
143
|
+
return (result) => riskAtLeast(result.risk_level, threshold);
|
|
144
|
+
}
|
|
145
|
+
function createGuard(options) {
|
|
146
|
+
if (!options?.apiKey) throw new Error("createGuard: `apiKey` is required");
|
|
147
|
+
const client = createClient({
|
|
148
|
+
apiKey: options.apiKey,
|
|
149
|
+
baseUrl: options.baseUrl,
|
|
150
|
+
timeoutMs: options.timeoutMs,
|
|
151
|
+
fetch: options.fetch
|
|
152
|
+
});
|
|
153
|
+
const extract = options.extract ?? defaultExtract;
|
|
154
|
+
const shouldBlock = normalizeBlock(options.block);
|
|
155
|
+
const failOpen = options.failOpen ?? true;
|
|
156
|
+
const ingestLogs = options.ingestLogs ?? false;
|
|
157
|
+
const deviceId = options.deviceId ?? DEFAULT_DEVICE_ID;
|
|
158
|
+
async function run(req) {
|
|
159
|
+
const input = await extract(req);
|
|
160
|
+
let result;
|
|
161
|
+
try {
|
|
162
|
+
result = await client.check(input);
|
|
163
|
+
} catch (error) {
|
|
164
|
+
if (failOpen) {
|
|
165
|
+
return { result: null, blocked: false, input, error };
|
|
166
|
+
}
|
|
167
|
+
throw error;
|
|
168
|
+
}
|
|
169
|
+
const blocked = shouldBlock(result);
|
|
170
|
+
const ctx = { req, input, blocked };
|
|
171
|
+
if (options.onResult) {
|
|
172
|
+
try {
|
|
173
|
+
await options.onResult(result, ctx);
|
|
174
|
+
} catch {
|
|
175
|
+
}
|
|
176
|
+
}
|
|
177
|
+
if (ingestLogs) {
|
|
178
|
+
try {
|
|
179
|
+
await client.ingestLogs(deviceId, [
|
|
180
|
+
{
|
|
181
|
+
category: "security",
|
|
182
|
+
level: blocked ? "warn" : "info",
|
|
183
|
+
message: blocked ? "simplr guard blocked request" : "simplr guard checked request",
|
|
184
|
+
risk_level: result.risk_level,
|
|
185
|
+
risk_score: result.risk_score
|
|
186
|
+
}
|
|
187
|
+
]);
|
|
188
|
+
} catch {
|
|
189
|
+
}
|
|
190
|
+
}
|
|
191
|
+
return { result, blocked, input };
|
|
192
|
+
}
|
|
193
|
+
return { client, run };
|
|
194
|
+
}
|
|
195
|
+
function blockEnvelope(result) {
|
|
196
|
+
return {
|
|
197
|
+
error: "request_blocked",
|
|
198
|
+
message: "This request was blocked by Simplr fraud protection.",
|
|
199
|
+
risk_level: result.risk_level,
|
|
200
|
+
risk_score: result.risk_score
|
|
201
|
+
};
|
|
202
|
+
}
|
|
203
|
+
|
|
204
|
+
// src/hono.ts
|
|
205
|
+
function simplrHono(options) {
|
|
206
|
+
const guard = createGuard({
|
|
207
|
+
...options,
|
|
208
|
+
// Adapt Hono's header accessor into the shape the default extractor expects.
|
|
209
|
+
extract: options.extract ?? ((c) => {
|
|
210
|
+
const headerGet = (name) => c.req.header(name);
|
|
211
|
+
return defaultHonoExtract({ get: headerGet });
|
|
212
|
+
})
|
|
213
|
+
});
|
|
214
|
+
const failOpen = options.failOpen ?? true;
|
|
215
|
+
return async function simplrMiddleware(c, next) {
|
|
216
|
+
try {
|
|
217
|
+
const outcome = await guard.run(c);
|
|
218
|
+
c.set("simplr", outcome.result);
|
|
219
|
+
if (outcome.blocked && outcome.result) {
|
|
220
|
+
return c.json(blockEnvelope(outcome.result), 403);
|
|
221
|
+
}
|
|
222
|
+
} catch (err) {
|
|
223
|
+
if (!failOpen) throw err;
|
|
224
|
+
c.set("simplr", null);
|
|
225
|
+
}
|
|
226
|
+
await next();
|
|
227
|
+
};
|
|
228
|
+
}
|
|
229
|
+
function defaultHonoExtract(headers) {
|
|
230
|
+
const device = {};
|
|
231
|
+
const fwd = headers.get("x-forwarded-for");
|
|
232
|
+
const ip = fwd ? fwd.split(",")[0].trim() : headers.get("x-real-ip");
|
|
233
|
+
if (ip) device.ip = ip;
|
|
234
|
+
const ua = headers.get("user-agent");
|
|
235
|
+
if (ua) device.user_agent = ua;
|
|
236
|
+
return Object.keys(device).length > 0 ? { device } : {};
|
|
237
|
+
}
|
|
238
|
+
function getSimplr(c) {
|
|
239
|
+
return c.get("simplr") ?? null;
|
|
240
|
+
}
|
|
241
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
242
|
+
0 && (module.exports = {
|
|
243
|
+
getSimplr,
|
|
244
|
+
simplrHono
|
|
245
|
+
});
|
|
246
|
+
//# sourceMappingURL=hono.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/hono.ts","../src/client.ts","../src/core.ts"],"sourcesContent":["/**\n * Hono adapter. Middleware that stores the result via `c.set('simplr', result)`\n * (read it back with `c.get('simplr')`) and returns a 403 JSON response on block.\n *\n * ```ts\n * import { Hono } from \"hono\";\n * import { simplrHono } from \"@simplr-ai/express/hono\";\n * const app = new Hono();\n * app.use(\"*\", simplrHono({ apiKey: process.env.SIMPLR_API_KEY! }));\n * ```\n */\nimport { blockEnvelope, createGuard } from \"./core.js\";\nimport type { CheckResult, GuardOptions } from \"./types.js\";\n\ntype HonoContext = {\n req: {\n /** Hono exposes headers via `c.req.header(name)`. */\n header(name: string): string | undefined;\n /** Parsed JSON body, if read. The default extractor reads `c.get`-supplied body. */\n [key: string]: unknown;\n };\n set(key: string, value: unknown): void;\n get(key: string): unknown;\n json(body: unknown, status?: number): Response;\n};\ntype HonoNext = () => Promise<void>;\n\nexport type HonoMiddleware = (c: HonoContext, next: HonoNext) => Promise<Response | void>;\n\n/**\n * Build Hono middleware. Because Hono request bodies are read asynchronously,\n * the default extractor relies on headers; to also score body email/phone, set\n * a custom `extract` that awaits `await c.req.json()` (and stashes it as needed).\n */\nexport function simplrHono(options: GuardOptions<HonoContext>): HonoMiddleware {\n const guard = createGuard<HonoContext>({\n ...options,\n // Adapt Hono's header accessor into the shape the default extractor expects.\n extract:\n options.extract ??\n ((c) => {\n const headerGet = (name: string) => c.req.header(name);\n return defaultHonoExtract({ get: headerGet });\n }),\n });\n const failOpen = options.failOpen ?? true;\n\n return async function simplrMiddleware(c, next) {\n try {\n const outcome = await guard.run(c);\n c.set(\"simplr\", outcome.result);\n if (outcome.blocked && outcome.result) {\n return c.json(blockEnvelope(outcome.result), 403);\n }\n } catch (err) {\n if (!failOpen) throw err;\n c.set(\"simplr\", null);\n }\n await next();\n };\n}\n\n/** Minimal extractor over a Headers-like getter (IP + user-agent into device). */\nfunction defaultHonoExtract(headers: { get(name: string): string | undefined }) {\n const device: Record<string, unknown> = {};\n const fwd = headers.get(\"x-forwarded-for\");\n const ip = fwd ? fwd.split(\",\")[0]!.trim() : headers.get(\"x-real-ip\");\n if (ip) device.ip = ip;\n const ua = headers.get(\"user-agent\");\n if (ua) device.user_agent = ua;\n return Object.keys(device).length > 0 ? { device } : {};\n}\n\n/** Helper to read the stored result inside a handler: `getSimplr(c)`. */\nexport function getSimplr(c: HonoContext): CheckResult | null {\n return (c.get(\"simplr\") as CheckResult | null) ?? null;\n}\n","/**\n * Thin internal client.\n *\n * This is a ~40-line port of the minimal call path from `@simplr-ai/node`\n * (`apiRequest` + `check` + `edge.ingestLogs`) so that this package builds and\n * tests without an unbuilt workspace dependency or any network access.\n *\n * In production this package pairs with `@simplr-ai/node`; the endpoints, auth\n * header (`X-API-Key`), `{ success, message, content }` envelope unwrapping, and\n * 15s default timeout here are byte-for-byte compatible with that SDK and the\n * Simplr API contract.\n */\nimport type { CheckInput, CheckResult, EdgeLogEntry } from \"./types.js\";\n\nconst DEFAULT_BASE_URL = \"https://api.simplr.sh\";\n\n/** Thrown when the Simplr API returns a non-2xx response or the request fails. */\nexport class SimplrError extends Error {\n readonly status: number;\n readonly body: unknown;\n constructor(message: string, status: number, body: unknown) {\n super(message);\n this.name = \"SimplrError\";\n this.status = status;\n this.body = body;\n }\n}\n\nexport interface ClientConfig {\n apiKey: string;\n baseUrl?: string;\n timeoutMs?: number;\n fetch?: typeof fetch;\n}\n\nexport interface SimplrClient {\n check(input: CheckInput): Promise<CheckResult>;\n ingestLogs(deviceId: string, logs: EdgeLogEntry[]): Promise<unknown>;\n}\n\nexport function createClient(config: ClientConfig): SimplrClient {\n if (!config?.apiKey) throw new Error(\"Simplr: `apiKey` is required\");\n const baseUrl = (config.baseUrl || DEFAULT_BASE_URL).replace(/\\/+$/, \"\");\n const timeoutMs = config.timeoutMs ?? 15000;\n const fetchImpl = config.fetch ?? globalThis.fetch;\n if (typeof fetchImpl !== \"function\") {\n throw new Error(\n \"Simplr: no global fetch available — use Node 18+ or pass `fetch` in options\",\n );\n }\n\n async function apiRequest<T>(method: string, path: string, body?: unknown): Promise<T> {\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), timeoutMs);\n try {\n const res = await fetchImpl(`${baseUrl}${path}`, {\n method,\n headers: { \"Content-Type\": \"application/json\", \"X-API-Key\": config.apiKey },\n body: body !== undefined ? JSON.stringify(body) : undefined,\n signal: controller.signal,\n });\n const text = await res.text();\n let parsed: any;\n try {\n parsed = text ? JSON.parse(text) : undefined;\n } catch {\n parsed = text;\n }\n if (!res.ok) {\n const message =\n (parsed && (parsed.message || parsed.error)) || `Simplr API error ${res.status}`;\n throw new SimplrError(message, res.status, parsed);\n }\n return (parsed && typeof parsed === \"object\" && \"content\" in parsed\n ? parsed.content\n : parsed) as T;\n } catch (err) {\n if (err instanceof SimplrError) throw err;\n if (err instanceof Error && err.name === \"AbortError\") {\n throw new SimplrError(`Request to ${path} timed out after ${timeoutMs}ms`, 0, null);\n }\n throw new SimplrError(err instanceof Error ? err.message : \"Network error\", 0, null);\n } finally {\n clearTimeout(timer);\n }\n }\n\n return {\n check: (input) => apiRequest<CheckResult>(\"POST\", \"/v1/check\", input),\n ingestLogs: (deviceId, logs) =>\n apiRequest(\"POST\", \"/v1/edge/logs\", { device_id: deviceId, logs }),\n };\n}\n","/**\n * Framework-agnostic guard engine.\n *\n * `createGuard` returns an object that, given any request-like object, builds a\n * `CheckInput`, calls `/v1/check`, decides whether to block, optionally ships an\n * edge log, and fails open on error. Framework adapters (express/fastify/hono/\n * next) are thin wrappers over this engine.\n */\nimport { createClient, type SimplrClient } from \"./client.js\";\nimport type {\n BlockThreshold,\n CheckInput,\n CheckResult,\n GuardContext,\n GuardOptions,\n GuardOutcome,\n RiskLevel,\n} from \"./types.js\";\n\nconst RISK_ORDER: Record<RiskLevel, number> = {\n low: 0,\n medium: 1,\n high: 2,\n critical: 3,\n};\n\nconst DEFAULT_DEVICE_ID = \"simplr-edge-middleware\";\nconst DEFAULT_THRESHOLD: RiskLevel = \"high\";\n\n/** Numeric rank of a risk level. Unknown levels rank as the lowest (0). */\nexport function riskRank(level: RiskLevel | string | undefined): number {\n return RISK_ORDER[level as RiskLevel] ?? 0;\n}\n\n/** True when `level` is at least `min` in the low<medium<high<critical ordering. */\nexport function riskAtLeast(level: RiskLevel | string | undefined, min: RiskLevel): boolean {\n return riskRank(level) >= riskRank(min);\n}\n\n/** Read a header from either a plain bag (lowercase keys) or a Headers-like getter. */\nfunction readHeader(headers: unknown, name: string): string | undefined {\n if (!headers) return undefined;\n const h = headers as any;\n if (typeof h.get === \"function\") {\n const v = h.get(name);\n return v == null ? undefined : String(v);\n }\n // Plain object: try the lowercase key, then a case-insensitive scan.\n const lower = name.toLowerCase();\n if (lower in h && h[lower] != null) return String(h[lower]);\n for (const key of Object.keys(h)) {\n if (key.toLowerCase() === lower && h[key] != null) return String(h[key]);\n }\n return undefined;\n}\n\n/** Best-effort client IP from common header and socket locations. */\nfunction extractIp(req: any): string | undefined {\n const fwd = readHeader(req?.headers, \"x-forwarded-for\");\n if (fwd) return fwd.split(\",\")[0]!.trim();\n const real = readHeader(req?.headers, \"x-real-ip\");\n if (real) return real;\n return (\n req?.ip ||\n req?.socket?.remoteAddress ||\n req?.connection?.remoteAddress ||\n undefined\n );\n}\n\n/**\n * Default request → CheckInput extractor. Pulls the client IP and user-agent into\n * `device`, and lifts `email`/`phone` from a parsed JSON body when present.\n */\nexport function defaultExtract(req: any): CheckInput {\n const input: CheckInput = {};\n\n const device: Record<string, unknown> = {};\n const ip = extractIp(req);\n if (ip) device.ip = ip;\n const ua = readHeader(req?.headers, \"user-agent\");\n if (ua) device.user_agent = ua;\n if (Object.keys(device).length > 0) input.device = device;\n\n const body = req?.body;\n if (body && typeof body === \"object\") {\n const b = body as Record<string, unknown>;\n if (typeof b.email === \"string\") input.email = b.email;\n if (typeof b.phone === \"string\") input.phone = b.phone;\n }\n\n return input;\n}\n\nfunction normalizeBlock(\n block: GuardOptions[\"block\"],\n): (result: CheckResult) => boolean {\n if (typeof block === \"function\") return block;\n const threshold = (block as BlockThreshold | undefined)?.whenRiskAtLeast ?? DEFAULT_THRESHOLD;\n return (result) => riskAtLeast(result.risk_level, threshold);\n}\n\nexport interface Guard<Req = any> {\n /** The underlying thin Simplr client (check + edge log ingestion). */\n readonly client: SimplrClient;\n /** Run the full engine against a request; never throws when `failOpen`. */\n run(req: Req): Promise<GuardOutcome>;\n}\n\nexport function createGuard<Req = any>(options: GuardOptions<Req>): Guard<Req> {\n if (!options?.apiKey) throw new Error(\"createGuard: `apiKey` is required\");\n\n const client = createClient({\n apiKey: options.apiKey,\n baseUrl: options.baseUrl,\n timeoutMs: options.timeoutMs,\n fetch: options.fetch,\n });\n\n const extract = options.extract ?? defaultExtract;\n const shouldBlock = normalizeBlock(options.block);\n const failOpen = options.failOpen ?? true;\n const ingestLogs = options.ingestLogs ?? false;\n const deviceId = options.deviceId ?? DEFAULT_DEVICE_ID;\n\n async function run(req: Req): Promise<GuardOutcome> {\n const input = await extract(req);\n let result: CheckResult;\n try {\n result = await client.check(input);\n } catch (error) {\n if (failOpen) {\n return { result: null, blocked: false, input, error };\n }\n throw error;\n }\n\n const blocked = shouldBlock(result);\n const ctx: GuardContext<Req> = { req, input, blocked };\n\n if (options.onResult) {\n try {\n await options.onResult(result, ctx);\n } catch {\n // onResult is observational; never let it break the request.\n }\n }\n\n if (ingestLogs) {\n try {\n await client.ingestLogs(deviceId, [\n {\n category: \"security\",\n level: blocked ? \"warn\" : \"info\",\n message: blocked ? \"simplr guard blocked request\" : \"simplr guard checked request\",\n risk_level: result.risk_level,\n risk_score: result.risk_score,\n },\n ]);\n } catch {\n // Log shipping is best-effort and must never affect the request.\n }\n }\n\n return { result, blocked, input };\n }\n\n return { client, run };\n}\n\n/** Standard JSON envelope returned to the client on a blocked request. */\nexport function blockEnvelope(result: CheckResult) {\n return {\n error: \"request_blocked\",\n message: \"This request was blocked by Simplr fraud protection.\",\n risk_level: result.risk_level,\n risk_score: result.risk_score,\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACcA,IAAM,mBAAmB;AAGlB,IAAM,cAAN,cAA0B,MAAM;AAAA,EAC5B;AAAA,EACA;AAAA,EACT,YAAY,SAAiB,QAAgB,MAAe;AAC1D,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,OAAO;AAAA,EACd;AACF;AAcO,SAAS,aAAa,QAAoC;AAC/D,MAAI,CAAC,QAAQ,OAAQ,OAAM,IAAI,MAAM,8BAA8B;AACnE,QAAM,WAAW,OAAO,WAAW,kBAAkB,QAAQ,QAAQ,EAAE;AACvE,QAAM,YAAY,OAAO,aAAa;AACtC,QAAM,YAAY,OAAO,SAAS,WAAW;AAC7C,MAAI,OAAO,cAAc,YAAY;AACnC,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,WAAc,QAAgB,MAAc,MAA4B;AACrF,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,QAAQ,WAAW,MAAM,WAAW,MAAM,GAAG,SAAS;AAC5D,QAAI;AACF,YAAM,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,IAAI,IAAI;AAAA,QAC/C;AAAA,QACA,SAAS,EAAE,gBAAgB,oBAAoB,aAAa,OAAO,OAAO;AAAA,QAC1E,MAAM,SAAS,SAAY,KAAK,UAAU,IAAI,IAAI;AAAA,QAClD,QAAQ,WAAW;AAAA,MACrB,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI;AACJ,UAAI;AACF,iBAAS,OAAO,KAAK,MAAM,IAAI,IAAI;AAAA,MACrC,QAAQ;AACN,iBAAS;AAAA,MACX;AACA,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,UACH,WAAW,OAAO,WAAW,OAAO,UAAW,oBAAoB,IAAI,MAAM;AAChF,cAAM,IAAI,YAAY,SAAS,IAAI,QAAQ,MAAM;AAAA,MACnD;AACA,aAAQ,UAAU,OAAO,WAAW,YAAY,aAAa,SACzD,OAAO,UACP;AAAA,IACN,SAAS,KAAK;AACZ,UAAI,eAAe,YAAa,OAAM;AACtC,UAAI,eAAe,SAAS,IAAI,SAAS,cAAc;AACrD,cAAM,IAAI,YAAY,cAAc,IAAI,oBAAoB,SAAS,MAAM,GAAG,IAAI;AAAA,MACpF;AACA,YAAM,IAAI,YAAY,eAAe,QAAQ,IAAI,UAAU,iBAAiB,GAAG,IAAI;AAAA,IACrF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,OAAO,CAAC,UAAU,WAAwB,QAAQ,aAAa,KAAK;AAAA,IACpE,YAAY,CAAC,UAAU,SACrB,WAAW,QAAQ,iBAAiB,EAAE,WAAW,UAAU,KAAK,CAAC;AAAA,EACrE;AACF;;;ACzEA,IAAM,aAAwC;AAAA,EAC5C,KAAK;AAAA,EACL,QAAQ;AAAA,EACR,MAAM;AAAA,EACN,UAAU;AACZ;AAEA,IAAM,oBAAoB;AAC1B,IAAM,oBAA+B;AAG9B,SAAS,SAAS,OAA+C;AACtE,SAAO,WAAW,KAAkB,KAAK;AAC3C;AAGO,SAAS,YAAY,OAAuC,KAAyB;AAC1F,SAAO,SAAS,KAAK,KAAK,SAAS,GAAG;AACxC;AAGA,SAAS,WAAW,SAAkB,MAAkC;AACtE,MAAI,CAAC,QAAS,QAAO;AACrB,QAAM,IAAI;AACV,MAAI,OAAO,EAAE,QAAQ,YAAY;AAC/B,UAAM,IAAI,EAAE,IAAI,IAAI;AACpB,WAAO,KAAK,OAAO,SAAY,OAAO,CAAC;AAAA,EACzC;AAEA,QAAM,QAAQ,KAAK,YAAY;AAC/B,MAAI,SAAS,KAAK,EAAE,KAAK,KAAK,KAAM,QAAO,OAAO,EAAE,KAAK,CAAC;AAC1D,aAAW,OAAO,OAAO,KAAK,CAAC,GAAG;AAChC,QAAI,IAAI,YAAY,MAAM,SAAS,EAAE,GAAG,KAAK,KAAM,QAAO,OAAO,EAAE,GAAG,CAAC;AAAA,EACzE;AACA,SAAO;AACT;AAGA,SAAS,UAAU,KAA8B;AAC/C,QAAM,MAAM,WAAW,KAAK,SAAS,iBAAiB;AACtD,MAAI,IAAK,QAAO,IAAI,MAAM,GAAG,EAAE,CAAC,EAAG,KAAK;AACxC,QAAM,OAAO,WAAW,KAAK,SAAS,WAAW;AACjD,MAAI,KAAM,QAAO;AACjB,SACE,KAAK,MACL,KAAK,QAAQ,iBACb,KAAK,YAAY,iBACjB;AAEJ;AAMO,SAAS,eAAe,KAAsB;AACnD,QAAM,QAAoB,CAAC;AAE3B,QAAM,SAAkC,CAAC;AACzC,QAAM,KAAK,UAAU,GAAG;AACxB,MAAI,GAAI,QAAO,KAAK;AACpB,QAAM,KAAK,WAAW,KAAK,SAAS,YAAY;AAChD,MAAI,GAAI,QAAO,aAAa;AAC5B,MAAI,OAAO,KAAK,MAAM,EAAE,SAAS,EAAG,OAAM,SAAS;AAEnD,QAAM,OAAO,KAAK;AAClB,MAAI,QAAQ,OAAO,SAAS,UAAU;AACpC,UAAM,IAAI;AACV,QAAI,OAAO,EAAE,UAAU,SAAU,OAAM,QAAQ,EAAE;AACjD,QAAI,OAAO,EAAE,UAAU,SAAU,OAAM,QAAQ,EAAE;AAAA,EACnD;AAEA,SAAO;AACT;AAEA,SAAS,eACP,OACkC;AAClC,MAAI,OAAO,UAAU,WAAY,QAAO;AACxC,QAAM,YAAa,OAAsC,mBAAmB;AAC5E,SAAO,CAAC,WAAW,YAAY,OAAO,YAAY,SAAS;AAC7D;AASO,SAAS,YAAuB,SAAwC;AAC7E,MAAI,CAAC,SAAS,OAAQ,OAAM,IAAI,MAAM,mCAAmC;AAEzE,QAAM,SAAS,aAAa;AAAA,IAC1B,QAAQ,QAAQ;AAAA,IAChB,SAAS,QAAQ;AAAA,IACjB,WAAW,QAAQ;AAAA,IACnB,OAAO,QAAQ;AAAA,EACjB,CAAC;AAED,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,cAAc,eAAe,QAAQ,KAAK;AAChD,QAAM,WAAW,QAAQ,YAAY;AACrC,QAAM,aAAa,QAAQ,cAAc;AACzC,QAAM,WAAW,QAAQ,YAAY;AAErC,iBAAe,IAAI,KAAiC;AAClD,UAAM,QAAQ,MAAM,QAAQ,GAAG;AAC/B,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,OAAO,MAAM,KAAK;AAAA,IACnC,SAAS,OAAO;AACd,UAAI,UAAU;AACZ,eAAO,EAAE,QAAQ,MAAM,SAAS,OAAO,OAAO,MAAM;AAAA,MACtD;AACA,YAAM;AAAA,IACR;AAEA,UAAM,UAAU,YAAY,MAAM;AAClC,UAAM,MAAyB,EAAE,KAAK,OAAO,QAAQ;AAErD,QAAI,QAAQ,UAAU;AACpB,UAAI;AACF,cAAM,QAAQ,SAAS,QAAQ,GAAG;AAAA,MACpC,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,QAAI,YAAY;AACd,UAAI;AACF,cAAM,OAAO,WAAW,UAAU;AAAA,UAChC;AAAA,YACE,UAAU;AAAA,YACV,OAAO,UAAU,SAAS;AAAA,YAC1B,SAAS,UAAU,iCAAiC;AAAA,YACpD,YAAY,OAAO;AAAA,YACnB,YAAY,OAAO;AAAA,UACrB;AAAA,QACF,CAAC;AAAA,MACH,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,WAAO,EAAE,QAAQ,SAAS,MAAM;AAAA,EAClC;AAEA,SAAO,EAAE,QAAQ,IAAI;AACvB;AAGO,SAAS,cAAc,QAAqB;AACjD,SAAO;AAAA,IACL,OAAO;AAAA,IACP,SAAS;AAAA,IACT,YAAY,OAAO;AAAA,IACnB,YAAY,OAAO;AAAA,EACrB;AACF;;;AFhJO,SAAS,WAAW,SAAoD;AAC7E,QAAM,QAAQ,YAAyB;AAAA,IACrC,GAAG;AAAA;AAAA,IAEH,SACE,QAAQ,YACP,CAAC,MAAM;AACN,YAAM,YAAY,CAAC,SAAiB,EAAE,IAAI,OAAO,IAAI;AACrD,aAAO,mBAAmB,EAAE,KAAK,UAAU,CAAC;AAAA,IAC9C;AAAA,EACJ,CAAC;AACD,QAAM,WAAW,QAAQ,YAAY;AAErC,SAAO,eAAe,iBAAiB,GAAG,MAAM;AAC9C,QAAI;AACF,YAAM,UAAU,MAAM,MAAM,IAAI,CAAC;AACjC,QAAE,IAAI,UAAU,QAAQ,MAAM;AAC9B,UAAI,QAAQ,WAAW,QAAQ,QAAQ;AACrC,eAAO,EAAE,KAAK,cAAc,QAAQ,MAAM,GAAG,GAAG;AAAA,MAClD;AAAA,IACF,SAAS,KAAK;AACZ,UAAI,CAAC,SAAU,OAAM;AACrB,QAAE,IAAI,UAAU,IAAI;AAAA,IACtB;AACA,UAAM,KAAK;AAAA,EACb;AACF;AAGA,SAAS,mBAAmB,SAAoD;AAC9E,QAAM,SAAkC,CAAC;AACzC,QAAM,MAAM,QAAQ,IAAI,iBAAiB;AACzC,QAAM,KAAK,MAAM,IAAI,MAAM,GAAG,EAAE,CAAC,EAAG,KAAK,IAAI,QAAQ,IAAI,WAAW;AACpE,MAAI,GAAI,QAAO,KAAK;AACpB,QAAM,KAAK,QAAQ,IAAI,YAAY;AACnC,MAAI,GAAI,QAAO,aAAa;AAC5B,SAAO,OAAO,KAAK,MAAM,EAAE,SAAS,IAAI,EAAE,OAAO,IAAI,CAAC;AACxD;AAGO,SAAS,UAAU,GAAoC;AAC5D,SAAQ,EAAE,IAAI,QAAQ,KAA4B;AACpD;","names":[]}
|
package/dist/hono.d.cts
ADDED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { C as CheckResult, G as GuardOptions } from './types-CmzpR5S4.cjs';
|
|
2
|
+
|
|
3
|
+
type HonoContext = {
|
|
4
|
+
req: {
|
|
5
|
+
/** Hono exposes headers via `c.req.header(name)`. */
|
|
6
|
+
header(name: string): string | undefined;
|
|
7
|
+
/** Parsed JSON body, if read. The default extractor reads `c.get`-supplied body. */
|
|
8
|
+
[key: string]: unknown;
|
|
9
|
+
};
|
|
10
|
+
set(key: string, value: unknown): void;
|
|
11
|
+
get(key: string): unknown;
|
|
12
|
+
json(body: unknown, status?: number): Response;
|
|
13
|
+
};
|
|
14
|
+
type HonoNext = () => Promise<void>;
|
|
15
|
+
type HonoMiddleware = (c: HonoContext, next: HonoNext) => Promise<Response | void>;
|
|
16
|
+
/**
|
|
17
|
+
* Build Hono middleware. Because Hono request bodies are read asynchronously,
|
|
18
|
+
* the default extractor relies on headers; to also score body email/phone, set
|
|
19
|
+
* a custom `extract` that awaits `await c.req.json()` (and stashes it as needed).
|
|
20
|
+
*/
|
|
21
|
+
declare function simplrHono(options: GuardOptions<HonoContext>): HonoMiddleware;
|
|
22
|
+
/** Helper to read the stored result inside a handler: `getSimplr(c)`. */
|
|
23
|
+
declare function getSimplr(c: HonoContext): CheckResult | null;
|
|
24
|
+
|
|
25
|
+
export { type HonoMiddleware, getSimplr, simplrHono };
|
package/dist/hono.d.ts
ADDED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { C as CheckResult, G as GuardOptions } from './types-CmzpR5S4.js';
|
|
2
|
+
|
|
3
|
+
type HonoContext = {
|
|
4
|
+
req: {
|
|
5
|
+
/** Hono exposes headers via `c.req.header(name)`. */
|
|
6
|
+
header(name: string): string | undefined;
|
|
7
|
+
/** Parsed JSON body, if read. The default extractor reads `c.get`-supplied body. */
|
|
8
|
+
[key: string]: unknown;
|
|
9
|
+
};
|
|
10
|
+
set(key: string, value: unknown): void;
|
|
11
|
+
get(key: string): unknown;
|
|
12
|
+
json(body: unknown, status?: number): Response;
|
|
13
|
+
};
|
|
14
|
+
type HonoNext = () => Promise<void>;
|
|
15
|
+
type HonoMiddleware = (c: HonoContext, next: HonoNext) => Promise<Response | void>;
|
|
16
|
+
/**
|
|
17
|
+
* Build Hono middleware. Because Hono request bodies are read asynchronously,
|
|
18
|
+
* the default extractor relies on headers; to also score body email/phone, set
|
|
19
|
+
* a custom `extract` that awaits `await c.req.json()` (and stashes it as needed).
|
|
20
|
+
*/
|
|
21
|
+
declare function simplrHono(options: GuardOptions<HonoContext>): HonoMiddleware;
|
|
22
|
+
/** Helper to read the stored result inside a handler: `getSimplr(c)`. */
|
|
23
|
+
declare function getSimplr(c: HonoContext): CheckResult | null;
|
|
24
|
+
|
|
25
|
+
export { type HonoMiddleware, getSimplr, simplrHono };
|
package/dist/hono.js
ADDED
|
@@ -0,0 +1,218 @@
|
|
|
1
|
+
// src/client.ts
|
|
2
|
+
var DEFAULT_BASE_URL = "https://api.simplr.sh";
|
|
3
|
+
var SimplrError = class extends Error {
|
|
4
|
+
status;
|
|
5
|
+
body;
|
|
6
|
+
constructor(message, status, body) {
|
|
7
|
+
super(message);
|
|
8
|
+
this.name = "SimplrError";
|
|
9
|
+
this.status = status;
|
|
10
|
+
this.body = body;
|
|
11
|
+
}
|
|
12
|
+
};
|
|
13
|
+
function createClient(config) {
|
|
14
|
+
if (!config?.apiKey) throw new Error("Simplr: `apiKey` is required");
|
|
15
|
+
const baseUrl = (config.baseUrl || DEFAULT_BASE_URL).replace(/\/+$/, "");
|
|
16
|
+
const timeoutMs = config.timeoutMs ?? 15e3;
|
|
17
|
+
const fetchImpl = config.fetch ?? globalThis.fetch;
|
|
18
|
+
if (typeof fetchImpl !== "function") {
|
|
19
|
+
throw new Error(
|
|
20
|
+
"Simplr: no global fetch available \u2014 use Node 18+ or pass `fetch` in options"
|
|
21
|
+
);
|
|
22
|
+
}
|
|
23
|
+
async function apiRequest(method, path, body) {
|
|
24
|
+
const controller = new AbortController();
|
|
25
|
+
const timer = setTimeout(() => controller.abort(), timeoutMs);
|
|
26
|
+
try {
|
|
27
|
+
const res = await fetchImpl(`${baseUrl}${path}`, {
|
|
28
|
+
method,
|
|
29
|
+
headers: { "Content-Type": "application/json", "X-API-Key": config.apiKey },
|
|
30
|
+
body: body !== void 0 ? JSON.stringify(body) : void 0,
|
|
31
|
+
signal: controller.signal
|
|
32
|
+
});
|
|
33
|
+
const text = await res.text();
|
|
34
|
+
let parsed;
|
|
35
|
+
try {
|
|
36
|
+
parsed = text ? JSON.parse(text) : void 0;
|
|
37
|
+
} catch {
|
|
38
|
+
parsed = text;
|
|
39
|
+
}
|
|
40
|
+
if (!res.ok) {
|
|
41
|
+
const message = parsed && (parsed.message || parsed.error) || `Simplr API error ${res.status}`;
|
|
42
|
+
throw new SimplrError(message, res.status, parsed);
|
|
43
|
+
}
|
|
44
|
+
return parsed && typeof parsed === "object" && "content" in parsed ? parsed.content : parsed;
|
|
45
|
+
} catch (err) {
|
|
46
|
+
if (err instanceof SimplrError) throw err;
|
|
47
|
+
if (err instanceof Error && err.name === "AbortError") {
|
|
48
|
+
throw new SimplrError(`Request to ${path} timed out after ${timeoutMs}ms`, 0, null);
|
|
49
|
+
}
|
|
50
|
+
throw new SimplrError(err instanceof Error ? err.message : "Network error", 0, null);
|
|
51
|
+
} finally {
|
|
52
|
+
clearTimeout(timer);
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
return {
|
|
56
|
+
check: (input) => apiRequest("POST", "/v1/check", input),
|
|
57
|
+
ingestLogs: (deviceId, logs) => apiRequest("POST", "/v1/edge/logs", { device_id: deviceId, logs })
|
|
58
|
+
};
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
// src/core.ts
|
|
62
|
+
var RISK_ORDER = {
|
|
63
|
+
low: 0,
|
|
64
|
+
medium: 1,
|
|
65
|
+
high: 2,
|
|
66
|
+
critical: 3
|
|
67
|
+
};
|
|
68
|
+
var DEFAULT_DEVICE_ID = "simplr-edge-middleware";
|
|
69
|
+
var DEFAULT_THRESHOLD = "high";
|
|
70
|
+
function riskRank(level) {
|
|
71
|
+
return RISK_ORDER[level] ?? 0;
|
|
72
|
+
}
|
|
73
|
+
function riskAtLeast(level, min) {
|
|
74
|
+
return riskRank(level) >= riskRank(min);
|
|
75
|
+
}
|
|
76
|
+
function readHeader(headers, name) {
|
|
77
|
+
if (!headers) return void 0;
|
|
78
|
+
const h = headers;
|
|
79
|
+
if (typeof h.get === "function") {
|
|
80
|
+
const v = h.get(name);
|
|
81
|
+
return v == null ? void 0 : String(v);
|
|
82
|
+
}
|
|
83
|
+
const lower = name.toLowerCase();
|
|
84
|
+
if (lower in h && h[lower] != null) return String(h[lower]);
|
|
85
|
+
for (const key of Object.keys(h)) {
|
|
86
|
+
if (key.toLowerCase() === lower && h[key] != null) return String(h[key]);
|
|
87
|
+
}
|
|
88
|
+
return void 0;
|
|
89
|
+
}
|
|
90
|
+
function extractIp(req) {
|
|
91
|
+
const fwd = readHeader(req?.headers, "x-forwarded-for");
|
|
92
|
+
if (fwd) return fwd.split(",")[0].trim();
|
|
93
|
+
const real = readHeader(req?.headers, "x-real-ip");
|
|
94
|
+
if (real) return real;
|
|
95
|
+
return req?.ip || req?.socket?.remoteAddress || req?.connection?.remoteAddress || void 0;
|
|
96
|
+
}
|
|
97
|
+
function defaultExtract(req) {
|
|
98
|
+
const input = {};
|
|
99
|
+
const device = {};
|
|
100
|
+
const ip = extractIp(req);
|
|
101
|
+
if (ip) device.ip = ip;
|
|
102
|
+
const ua = readHeader(req?.headers, "user-agent");
|
|
103
|
+
if (ua) device.user_agent = ua;
|
|
104
|
+
if (Object.keys(device).length > 0) input.device = device;
|
|
105
|
+
const body = req?.body;
|
|
106
|
+
if (body && typeof body === "object") {
|
|
107
|
+
const b = body;
|
|
108
|
+
if (typeof b.email === "string") input.email = b.email;
|
|
109
|
+
if (typeof b.phone === "string") input.phone = b.phone;
|
|
110
|
+
}
|
|
111
|
+
return input;
|
|
112
|
+
}
|
|
113
|
+
function normalizeBlock(block) {
|
|
114
|
+
if (typeof block === "function") return block;
|
|
115
|
+
const threshold = block?.whenRiskAtLeast ?? DEFAULT_THRESHOLD;
|
|
116
|
+
return (result) => riskAtLeast(result.risk_level, threshold);
|
|
117
|
+
}
|
|
118
|
+
function createGuard(options) {
|
|
119
|
+
if (!options?.apiKey) throw new Error("createGuard: `apiKey` is required");
|
|
120
|
+
const client = createClient({
|
|
121
|
+
apiKey: options.apiKey,
|
|
122
|
+
baseUrl: options.baseUrl,
|
|
123
|
+
timeoutMs: options.timeoutMs,
|
|
124
|
+
fetch: options.fetch
|
|
125
|
+
});
|
|
126
|
+
const extract = options.extract ?? defaultExtract;
|
|
127
|
+
const shouldBlock = normalizeBlock(options.block);
|
|
128
|
+
const failOpen = options.failOpen ?? true;
|
|
129
|
+
const ingestLogs = options.ingestLogs ?? false;
|
|
130
|
+
const deviceId = options.deviceId ?? DEFAULT_DEVICE_ID;
|
|
131
|
+
async function run(req) {
|
|
132
|
+
const input = await extract(req);
|
|
133
|
+
let result;
|
|
134
|
+
try {
|
|
135
|
+
result = await client.check(input);
|
|
136
|
+
} catch (error) {
|
|
137
|
+
if (failOpen) {
|
|
138
|
+
return { result: null, blocked: false, input, error };
|
|
139
|
+
}
|
|
140
|
+
throw error;
|
|
141
|
+
}
|
|
142
|
+
const blocked = shouldBlock(result);
|
|
143
|
+
const ctx = { req, input, blocked };
|
|
144
|
+
if (options.onResult) {
|
|
145
|
+
try {
|
|
146
|
+
await options.onResult(result, ctx);
|
|
147
|
+
} catch {
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
if (ingestLogs) {
|
|
151
|
+
try {
|
|
152
|
+
await client.ingestLogs(deviceId, [
|
|
153
|
+
{
|
|
154
|
+
category: "security",
|
|
155
|
+
level: blocked ? "warn" : "info",
|
|
156
|
+
message: blocked ? "simplr guard blocked request" : "simplr guard checked request",
|
|
157
|
+
risk_level: result.risk_level,
|
|
158
|
+
risk_score: result.risk_score
|
|
159
|
+
}
|
|
160
|
+
]);
|
|
161
|
+
} catch {
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
return { result, blocked, input };
|
|
165
|
+
}
|
|
166
|
+
return { client, run };
|
|
167
|
+
}
|
|
168
|
+
function blockEnvelope(result) {
|
|
169
|
+
return {
|
|
170
|
+
error: "request_blocked",
|
|
171
|
+
message: "This request was blocked by Simplr fraud protection.",
|
|
172
|
+
risk_level: result.risk_level,
|
|
173
|
+
risk_score: result.risk_score
|
|
174
|
+
};
|
|
175
|
+
}
|
|
176
|
+
|
|
177
|
+
// src/hono.ts
|
|
178
|
+
function simplrHono(options) {
|
|
179
|
+
const guard = createGuard({
|
|
180
|
+
...options,
|
|
181
|
+
// Adapt Hono's header accessor into the shape the default extractor expects.
|
|
182
|
+
extract: options.extract ?? ((c) => {
|
|
183
|
+
const headerGet = (name) => c.req.header(name);
|
|
184
|
+
return defaultHonoExtract({ get: headerGet });
|
|
185
|
+
})
|
|
186
|
+
});
|
|
187
|
+
const failOpen = options.failOpen ?? true;
|
|
188
|
+
return async function simplrMiddleware(c, next) {
|
|
189
|
+
try {
|
|
190
|
+
const outcome = await guard.run(c);
|
|
191
|
+
c.set("simplr", outcome.result);
|
|
192
|
+
if (outcome.blocked && outcome.result) {
|
|
193
|
+
return c.json(blockEnvelope(outcome.result), 403);
|
|
194
|
+
}
|
|
195
|
+
} catch (err) {
|
|
196
|
+
if (!failOpen) throw err;
|
|
197
|
+
c.set("simplr", null);
|
|
198
|
+
}
|
|
199
|
+
await next();
|
|
200
|
+
};
|
|
201
|
+
}
|
|
202
|
+
function defaultHonoExtract(headers) {
|
|
203
|
+
const device = {};
|
|
204
|
+
const fwd = headers.get("x-forwarded-for");
|
|
205
|
+
const ip = fwd ? fwd.split(",")[0].trim() : headers.get("x-real-ip");
|
|
206
|
+
if (ip) device.ip = ip;
|
|
207
|
+
const ua = headers.get("user-agent");
|
|
208
|
+
if (ua) device.user_agent = ua;
|
|
209
|
+
return Object.keys(device).length > 0 ? { device } : {};
|
|
210
|
+
}
|
|
211
|
+
function getSimplr(c) {
|
|
212
|
+
return c.get("simplr") ?? null;
|
|
213
|
+
}
|
|
214
|
+
export {
|
|
215
|
+
getSimplr,
|
|
216
|
+
simplrHono
|
|
217
|
+
};
|
|
218
|
+
//# sourceMappingURL=hono.js.map
|
package/dist/hono.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/client.ts","../src/core.ts","../src/hono.ts"],"sourcesContent":["/**\n * Thin internal client.\n *\n * This is a ~40-line port of the minimal call path from `@simplr-ai/node`\n * (`apiRequest` + `check` + `edge.ingestLogs`) so that this package builds and\n * tests without an unbuilt workspace dependency or any network access.\n *\n * In production this package pairs with `@simplr-ai/node`; the endpoints, auth\n * header (`X-API-Key`), `{ success, message, content }` envelope unwrapping, and\n * 15s default timeout here are byte-for-byte compatible with that SDK and the\n * Simplr API contract.\n */\nimport type { CheckInput, CheckResult, EdgeLogEntry } from \"./types.js\";\n\nconst DEFAULT_BASE_URL = \"https://api.simplr.sh\";\n\n/** Thrown when the Simplr API returns a non-2xx response or the request fails. */\nexport class SimplrError extends Error {\n readonly status: number;\n readonly body: unknown;\n constructor(message: string, status: number, body: unknown) {\n super(message);\n this.name = \"SimplrError\";\n this.status = status;\n this.body = body;\n }\n}\n\nexport interface ClientConfig {\n apiKey: string;\n baseUrl?: string;\n timeoutMs?: number;\n fetch?: typeof fetch;\n}\n\nexport interface SimplrClient {\n check(input: CheckInput): Promise<CheckResult>;\n ingestLogs(deviceId: string, logs: EdgeLogEntry[]): Promise<unknown>;\n}\n\nexport function createClient(config: ClientConfig): SimplrClient {\n if (!config?.apiKey) throw new Error(\"Simplr: `apiKey` is required\");\n const baseUrl = (config.baseUrl || DEFAULT_BASE_URL).replace(/\\/+$/, \"\");\n const timeoutMs = config.timeoutMs ?? 15000;\n const fetchImpl = config.fetch ?? globalThis.fetch;\n if (typeof fetchImpl !== \"function\") {\n throw new Error(\n \"Simplr: no global fetch available — use Node 18+ or pass `fetch` in options\",\n );\n }\n\n async function apiRequest<T>(method: string, path: string, body?: unknown): Promise<T> {\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), timeoutMs);\n try {\n const res = await fetchImpl(`${baseUrl}${path}`, {\n method,\n headers: { \"Content-Type\": \"application/json\", \"X-API-Key\": config.apiKey },\n body: body !== undefined ? JSON.stringify(body) : undefined,\n signal: controller.signal,\n });\n const text = await res.text();\n let parsed: any;\n try {\n parsed = text ? JSON.parse(text) : undefined;\n } catch {\n parsed = text;\n }\n if (!res.ok) {\n const message =\n (parsed && (parsed.message || parsed.error)) || `Simplr API error ${res.status}`;\n throw new SimplrError(message, res.status, parsed);\n }\n return (parsed && typeof parsed === \"object\" && \"content\" in parsed\n ? parsed.content\n : parsed) as T;\n } catch (err) {\n if (err instanceof SimplrError) throw err;\n if (err instanceof Error && err.name === \"AbortError\") {\n throw new SimplrError(`Request to ${path} timed out after ${timeoutMs}ms`, 0, null);\n }\n throw new SimplrError(err instanceof Error ? err.message : \"Network error\", 0, null);\n } finally {\n clearTimeout(timer);\n }\n }\n\n return {\n check: (input) => apiRequest<CheckResult>(\"POST\", \"/v1/check\", input),\n ingestLogs: (deviceId, logs) =>\n apiRequest(\"POST\", \"/v1/edge/logs\", { device_id: deviceId, logs }),\n };\n}\n","/**\n * Framework-agnostic guard engine.\n *\n * `createGuard` returns an object that, given any request-like object, builds a\n * `CheckInput`, calls `/v1/check`, decides whether to block, optionally ships an\n * edge log, and fails open on error. Framework adapters (express/fastify/hono/\n * next) are thin wrappers over this engine.\n */\nimport { createClient, type SimplrClient } from \"./client.js\";\nimport type {\n BlockThreshold,\n CheckInput,\n CheckResult,\n GuardContext,\n GuardOptions,\n GuardOutcome,\n RiskLevel,\n} from \"./types.js\";\n\nconst RISK_ORDER: Record<RiskLevel, number> = {\n low: 0,\n medium: 1,\n high: 2,\n critical: 3,\n};\n\nconst DEFAULT_DEVICE_ID = \"simplr-edge-middleware\";\nconst DEFAULT_THRESHOLD: RiskLevel = \"high\";\n\n/** Numeric rank of a risk level. Unknown levels rank as the lowest (0). */\nexport function riskRank(level: RiskLevel | string | undefined): number {\n return RISK_ORDER[level as RiskLevel] ?? 0;\n}\n\n/** True when `level` is at least `min` in the low<medium<high<critical ordering. */\nexport function riskAtLeast(level: RiskLevel | string | undefined, min: RiskLevel): boolean {\n return riskRank(level) >= riskRank(min);\n}\n\n/** Read a header from either a plain bag (lowercase keys) or a Headers-like getter. */\nfunction readHeader(headers: unknown, name: string): string | undefined {\n if (!headers) return undefined;\n const h = headers as any;\n if (typeof h.get === \"function\") {\n const v = h.get(name);\n return v == null ? undefined : String(v);\n }\n // Plain object: try the lowercase key, then a case-insensitive scan.\n const lower = name.toLowerCase();\n if (lower in h && h[lower] != null) return String(h[lower]);\n for (const key of Object.keys(h)) {\n if (key.toLowerCase() === lower && h[key] != null) return String(h[key]);\n }\n return undefined;\n}\n\n/** Best-effort client IP from common header and socket locations. */\nfunction extractIp(req: any): string | undefined {\n const fwd = readHeader(req?.headers, \"x-forwarded-for\");\n if (fwd) return fwd.split(\",\")[0]!.trim();\n const real = readHeader(req?.headers, \"x-real-ip\");\n if (real) return real;\n return (\n req?.ip ||\n req?.socket?.remoteAddress ||\n req?.connection?.remoteAddress ||\n undefined\n );\n}\n\n/**\n * Default request → CheckInput extractor. Pulls the client IP and user-agent into\n * `device`, and lifts `email`/`phone` from a parsed JSON body when present.\n */\nexport function defaultExtract(req: any): CheckInput {\n const input: CheckInput = {};\n\n const device: Record<string, unknown> = {};\n const ip = extractIp(req);\n if (ip) device.ip = ip;\n const ua = readHeader(req?.headers, \"user-agent\");\n if (ua) device.user_agent = ua;\n if (Object.keys(device).length > 0) input.device = device;\n\n const body = req?.body;\n if (body && typeof body === \"object\") {\n const b = body as Record<string, unknown>;\n if (typeof b.email === \"string\") input.email = b.email;\n if (typeof b.phone === \"string\") input.phone = b.phone;\n }\n\n return input;\n}\n\nfunction normalizeBlock(\n block: GuardOptions[\"block\"],\n): (result: CheckResult) => boolean {\n if (typeof block === \"function\") return block;\n const threshold = (block as BlockThreshold | undefined)?.whenRiskAtLeast ?? DEFAULT_THRESHOLD;\n return (result) => riskAtLeast(result.risk_level, threshold);\n}\n\nexport interface Guard<Req = any> {\n /** The underlying thin Simplr client (check + edge log ingestion). */\n readonly client: SimplrClient;\n /** Run the full engine against a request; never throws when `failOpen`. */\n run(req: Req): Promise<GuardOutcome>;\n}\n\nexport function createGuard<Req = any>(options: GuardOptions<Req>): Guard<Req> {\n if (!options?.apiKey) throw new Error(\"createGuard: `apiKey` is required\");\n\n const client = createClient({\n apiKey: options.apiKey,\n baseUrl: options.baseUrl,\n timeoutMs: options.timeoutMs,\n fetch: options.fetch,\n });\n\n const extract = options.extract ?? defaultExtract;\n const shouldBlock = normalizeBlock(options.block);\n const failOpen = options.failOpen ?? true;\n const ingestLogs = options.ingestLogs ?? false;\n const deviceId = options.deviceId ?? DEFAULT_DEVICE_ID;\n\n async function run(req: Req): Promise<GuardOutcome> {\n const input = await extract(req);\n let result: CheckResult;\n try {\n result = await client.check(input);\n } catch (error) {\n if (failOpen) {\n return { result: null, blocked: false, input, error };\n }\n throw error;\n }\n\n const blocked = shouldBlock(result);\n const ctx: GuardContext<Req> = { req, input, blocked };\n\n if (options.onResult) {\n try {\n await options.onResult(result, ctx);\n } catch {\n // onResult is observational; never let it break the request.\n }\n }\n\n if (ingestLogs) {\n try {\n await client.ingestLogs(deviceId, [\n {\n category: \"security\",\n level: blocked ? \"warn\" : \"info\",\n message: blocked ? \"simplr guard blocked request\" : \"simplr guard checked request\",\n risk_level: result.risk_level,\n risk_score: result.risk_score,\n },\n ]);\n } catch {\n // Log shipping is best-effort and must never affect the request.\n }\n }\n\n return { result, blocked, input };\n }\n\n return { client, run };\n}\n\n/** Standard JSON envelope returned to the client on a blocked request. */\nexport function blockEnvelope(result: CheckResult) {\n return {\n error: \"request_blocked\",\n message: \"This request was blocked by Simplr fraud protection.\",\n risk_level: result.risk_level,\n risk_score: result.risk_score,\n };\n}\n","/**\n * Hono adapter. Middleware that stores the result via `c.set('simplr', result)`\n * (read it back with `c.get('simplr')`) and returns a 403 JSON response on block.\n *\n * ```ts\n * import { Hono } from \"hono\";\n * import { simplrHono } from \"@simplr-ai/express/hono\";\n * const app = new Hono();\n * app.use(\"*\", simplrHono({ apiKey: process.env.SIMPLR_API_KEY! }));\n * ```\n */\nimport { blockEnvelope, createGuard } from \"./core.js\";\nimport type { CheckResult, GuardOptions } from \"./types.js\";\n\ntype HonoContext = {\n req: {\n /** Hono exposes headers via `c.req.header(name)`. */\n header(name: string): string | undefined;\n /** Parsed JSON body, if read. The default extractor reads `c.get`-supplied body. */\n [key: string]: unknown;\n };\n set(key: string, value: unknown): void;\n get(key: string): unknown;\n json(body: unknown, status?: number): Response;\n};\ntype HonoNext = () => Promise<void>;\n\nexport type HonoMiddleware = (c: HonoContext, next: HonoNext) => Promise<Response | void>;\n\n/**\n * Build Hono middleware. Because Hono request bodies are read asynchronously,\n * the default extractor relies on headers; to also score body email/phone, set\n * a custom `extract` that awaits `await c.req.json()` (and stashes it as needed).\n */\nexport function simplrHono(options: GuardOptions<HonoContext>): HonoMiddleware {\n const guard = createGuard<HonoContext>({\n ...options,\n // Adapt Hono's header accessor into the shape the default extractor expects.\n extract:\n options.extract ??\n ((c) => {\n const headerGet = (name: string) => c.req.header(name);\n return defaultHonoExtract({ get: headerGet });\n }),\n });\n const failOpen = options.failOpen ?? true;\n\n return async function simplrMiddleware(c, next) {\n try {\n const outcome = await guard.run(c);\n c.set(\"simplr\", outcome.result);\n if (outcome.blocked && outcome.result) {\n return c.json(blockEnvelope(outcome.result), 403);\n }\n } catch (err) {\n if (!failOpen) throw err;\n c.set(\"simplr\", null);\n }\n await next();\n };\n}\n\n/** Minimal extractor over a Headers-like getter (IP + user-agent into device). */\nfunction defaultHonoExtract(headers: { get(name: string): string | undefined }) {\n const device: Record<string, unknown> = {};\n const fwd = headers.get(\"x-forwarded-for\");\n const ip = fwd ? fwd.split(\",\")[0]!.trim() : headers.get(\"x-real-ip\");\n if (ip) device.ip = ip;\n const ua = headers.get(\"user-agent\");\n if (ua) device.user_agent = ua;\n return Object.keys(device).length > 0 ? { device } : {};\n}\n\n/** Helper to read the stored result inside a handler: `getSimplr(c)`. */\nexport function getSimplr(c: HonoContext): CheckResult | null {\n return (c.get(\"simplr\") as CheckResult | null) ?? null;\n}\n"],"mappings":";AAcA,IAAM,mBAAmB;AAGlB,IAAM,cAAN,cAA0B,MAAM;AAAA,EAC5B;AAAA,EACA;AAAA,EACT,YAAY,SAAiB,QAAgB,MAAe;AAC1D,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,OAAO;AAAA,EACd;AACF;AAcO,SAAS,aAAa,QAAoC;AAC/D,MAAI,CAAC,QAAQ,OAAQ,OAAM,IAAI,MAAM,8BAA8B;AACnE,QAAM,WAAW,OAAO,WAAW,kBAAkB,QAAQ,QAAQ,EAAE;AACvE,QAAM,YAAY,OAAO,aAAa;AACtC,QAAM,YAAY,OAAO,SAAS,WAAW;AAC7C,MAAI,OAAO,cAAc,YAAY;AACnC,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,WAAc,QAAgB,MAAc,MAA4B;AACrF,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,QAAQ,WAAW,MAAM,WAAW,MAAM,GAAG,SAAS;AAC5D,QAAI;AACF,YAAM,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,IAAI,IAAI;AAAA,QAC/C;AAAA,QACA,SAAS,EAAE,gBAAgB,oBAAoB,aAAa,OAAO,OAAO;AAAA,QAC1E,MAAM,SAAS,SAAY,KAAK,UAAU,IAAI,IAAI;AAAA,QAClD,QAAQ,WAAW;AAAA,MACrB,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI;AACJ,UAAI;AACF,iBAAS,OAAO,KAAK,MAAM,IAAI,IAAI;AAAA,MACrC,QAAQ;AACN,iBAAS;AAAA,MACX;AACA,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,UACH,WAAW,OAAO,WAAW,OAAO,UAAW,oBAAoB,IAAI,MAAM;AAChF,cAAM,IAAI,YAAY,SAAS,IAAI,QAAQ,MAAM;AAAA,MACnD;AACA,aAAQ,UAAU,OAAO,WAAW,YAAY,aAAa,SACzD,OAAO,UACP;AAAA,IACN,SAAS,KAAK;AACZ,UAAI,eAAe,YAAa,OAAM;AACtC,UAAI,eAAe,SAAS,IAAI,SAAS,cAAc;AACrD,cAAM,IAAI,YAAY,cAAc,IAAI,oBAAoB,SAAS,MAAM,GAAG,IAAI;AAAA,MACpF;AACA,YAAM,IAAI,YAAY,eAAe,QAAQ,IAAI,UAAU,iBAAiB,GAAG,IAAI;AAAA,IACrF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,OAAO,CAAC,UAAU,WAAwB,QAAQ,aAAa,KAAK;AAAA,IACpE,YAAY,CAAC,UAAU,SACrB,WAAW,QAAQ,iBAAiB,EAAE,WAAW,UAAU,KAAK,CAAC;AAAA,EACrE;AACF;;;ACzEA,IAAM,aAAwC;AAAA,EAC5C,KAAK;AAAA,EACL,QAAQ;AAAA,EACR,MAAM;AAAA,EACN,UAAU;AACZ;AAEA,IAAM,oBAAoB;AAC1B,IAAM,oBAA+B;AAG9B,SAAS,SAAS,OAA+C;AACtE,SAAO,WAAW,KAAkB,KAAK;AAC3C;AAGO,SAAS,YAAY,OAAuC,KAAyB;AAC1F,SAAO,SAAS,KAAK,KAAK,SAAS,GAAG;AACxC;AAGA,SAAS,WAAW,SAAkB,MAAkC;AACtE,MAAI,CAAC,QAAS,QAAO;AACrB,QAAM,IAAI;AACV,MAAI,OAAO,EAAE,QAAQ,YAAY;AAC/B,UAAM,IAAI,EAAE,IAAI,IAAI;AACpB,WAAO,KAAK,OAAO,SAAY,OAAO,CAAC;AAAA,EACzC;AAEA,QAAM,QAAQ,KAAK,YAAY;AAC/B,MAAI,SAAS,KAAK,EAAE,KAAK,KAAK,KAAM,QAAO,OAAO,EAAE,KAAK,CAAC;AAC1D,aAAW,OAAO,OAAO,KAAK,CAAC,GAAG;AAChC,QAAI,IAAI,YAAY,MAAM,SAAS,EAAE,GAAG,KAAK,KAAM,QAAO,OAAO,EAAE,GAAG,CAAC;AAAA,EACzE;AACA,SAAO;AACT;AAGA,SAAS,UAAU,KAA8B;AAC/C,QAAM,MAAM,WAAW,KAAK,SAAS,iBAAiB;AACtD,MAAI,IAAK,QAAO,IAAI,MAAM,GAAG,EAAE,CAAC,EAAG,KAAK;AACxC,QAAM,OAAO,WAAW,KAAK,SAAS,WAAW;AACjD,MAAI,KAAM,QAAO;AACjB,SACE,KAAK,MACL,KAAK,QAAQ,iBACb,KAAK,YAAY,iBACjB;AAEJ;AAMO,SAAS,eAAe,KAAsB;AACnD,QAAM,QAAoB,CAAC;AAE3B,QAAM,SAAkC,CAAC;AACzC,QAAM,KAAK,UAAU,GAAG;AACxB,MAAI,GAAI,QAAO,KAAK;AACpB,QAAM,KAAK,WAAW,KAAK,SAAS,YAAY;AAChD,MAAI,GAAI,QAAO,aAAa;AAC5B,MAAI,OAAO,KAAK,MAAM,EAAE,SAAS,EAAG,OAAM,SAAS;AAEnD,QAAM,OAAO,KAAK;AAClB,MAAI,QAAQ,OAAO,SAAS,UAAU;AACpC,UAAM,IAAI;AACV,QAAI,OAAO,EAAE,UAAU,SAAU,OAAM,QAAQ,EAAE;AACjD,QAAI,OAAO,EAAE,UAAU,SAAU,OAAM,QAAQ,EAAE;AAAA,EACnD;AAEA,SAAO;AACT;AAEA,SAAS,eACP,OACkC;AAClC,MAAI,OAAO,UAAU,WAAY,QAAO;AACxC,QAAM,YAAa,OAAsC,mBAAmB;AAC5E,SAAO,CAAC,WAAW,YAAY,OAAO,YAAY,SAAS;AAC7D;AASO,SAAS,YAAuB,SAAwC;AAC7E,MAAI,CAAC,SAAS,OAAQ,OAAM,IAAI,MAAM,mCAAmC;AAEzE,QAAM,SAAS,aAAa;AAAA,IAC1B,QAAQ,QAAQ;AAAA,IAChB,SAAS,QAAQ;AAAA,IACjB,WAAW,QAAQ;AAAA,IACnB,OAAO,QAAQ;AAAA,EACjB,CAAC;AAED,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,cAAc,eAAe,QAAQ,KAAK;AAChD,QAAM,WAAW,QAAQ,YAAY;AACrC,QAAM,aAAa,QAAQ,cAAc;AACzC,QAAM,WAAW,QAAQ,YAAY;AAErC,iBAAe,IAAI,KAAiC;AAClD,UAAM,QAAQ,MAAM,QAAQ,GAAG;AAC/B,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,OAAO,MAAM,KAAK;AAAA,IACnC,SAAS,OAAO;AACd,UAAI,UAAU;AACZ,eAAO,EAAE,QAAQ,MAAM,SAAS,OAAO,OAAO,MAAM;AAAA,MACtD;AACA,YAAM;AAAA,IACR;AAEA,UAAM,UAAU,YAAY,MAAM;AAClC,UAAM,MAAyB,EAAE,KAAK,OAAO,QAAQ;AAErD,QAAI,QAAQ,UAAU;AACpB,UAAI;AACF,cAAM,QAAQ,SAAS,QAAQ,GAAG;AAAA,MACpC,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,QAAI,YAAY;AACd,UAAI;AACF,cAAM,OAAO,WAAW,UAAU;AAAA,UAChC;AAAA,YACE,UAAU;AAAA,YACV,OAAO,UAAU,SAAS;AAAA,YAC1B,SAAS,UAAU,iCAAiC;AAAA,YACpD,YAAY,OAAO;AAAA,YACnB,YAAY,OAAO;AAAA,UACrB;AAAA,QACF,CAAC;AAAA,MACH,QAAQ;AAAA,MAER;AAAA,IACF;AAEA,WAAO,EAAE,QAAQ,SAAS,MAAM;AAAA,EAClC;AAEA,SAAO,EAAE,QAAQ,IAAI;AACvB;AAGO,SAAS,cAAc,QAAqB;AACjD,SAAO;AAAA,IACL,OAAO;AAAA,IACP,SAAS;AAAA,IACT,YAAY,OAAO;AAAA,IACnB,YAAY,OAAO;AAAA,EACrB;AACF;;;AChJO,SAAS,WAAW,SAAoD;AAC7E,QAAM,QAAQ,YAAyB;AAAA,IACrC,GAAG;AAAA;AAAA,IAEH,SACE,QAAQ,YACP,CAAC,MAAM;AACN,YAAM,YAAY,CAAC,SAAiB,EAAE,IAAI,OAAO,IAAI;AACrD,aAAO,mBAAmB,EAAE,KAAK,UAAU,CAAC;AAAA,IAC9C;AAAA,EACJ,CAAC;AACD,QAAM,WAAW,QAAQ,YAAY;AAErC,SAAO,eAAe,iBAAiB,GAAG,MAAM;AAC9C,QAAI;AACF,YAAM,UAAU,MAAM,MAAM,IAAI,CAAC;AACjC,QAAE,IAAI,UAAU,QAAQ,MAAM;AAC9B,UAAI,QAAQ,WAAW,QAAQ,QAAQ;AACrC,eAAO,EAAE,KAAK,cAAc,QAAQ,MAAM,GAAG,GAAG;AAAA,MAClD;AAAA,IACF,SAAS,KAAK;AACZ,UAAI,CAAC,SAAU,OAAM;AACrB,QAAE,IAAI,UAAU,IAAI;AAAA,IACtB;AACA,UAAM,KAAK;AAAA,EACb;AACF;AAGA,SAAS,mBAAmB,SAAoD;AAC9E,QAAM,SAAkC,CAAC;AACzC,QAAM,MAAM,QAAQ,IAAI,iBAAiB;AACzC,QAAM,KAAK,MAAM,IAAI,MAAM,GAAG,EAAE,CAAC,EAAG,KAAK,IAAI,QAAQ,IAAI,WAAW;AACpE,MAAI,GAAI,QAAO,KAAK;AACpB,QAAM,KAAK,QAAQ,IAAI,YAAY;AACnC,MAAI,GAAI,QAAO,aAAa;AAC5B,SAAO,OAAO,KAAK,MAAM,EAAE,SAAS,IAAI,EAAE,OAAO,IAAI,CAAC;AACxD;AAGO,SAAS,UAAU,GAAoC;AAC5D,SAAQ,EAAE,IAAI,QAAQ,KAA4B;AACpD;","names":[]}
|