@stacksjs/ts-cloud 0.2.2 → 0.2.5

package/dist/push/apns.d.ts

@@ -0,0 +1,140 @@
+/**
+ * Apple Push Notification Service (APNs) Client
+ * Uses HTTP/2 with JWT token authentication
+ *
+ * Prerequisites:
+ * - Apple Developer account
+ * - APNs Key (p8 file) from Apple Developer Portal
+ * - Key ID and Team ID
+ *
+ * @example
+ * ```ts
+ * const apns = new APNsClient({
+ *   keyId: 'ABC123DEFG',
+ *   teamId: 'DEF456GHIJ',
+ *   privateKey: fs.readFileSync('AuthKey_ABC123DEFG.p8', 'utf8'),
+ *   bundleId: 'com.example.app',
+ *   production: false // true for production, false for sandbox
+ * })
+ *
+ * await apns.send({
+ *   deviceToken: '...',
+ *   title: 'Hello',
+ *   body: 'World',
+ * })
+ * ```
+ */
+export interface APNsConfig {
+    /** APNs Key ID from Apple Developer Portal */
+    keyId: string;
+    /** Team ID from Apple Developer Portal */
+    teamId: string;
+    /** Private key content (p8 file content) */
+    privateKey: string;
+    /** iOS app bundle ID (e.g., com.example.app) */
+    bundleId: string;
+    /** Use production APNs server (default: false) */
+    production?: boolean;
+}
+export interface APNsNotification {
+    /** Device token to send to */
+    deviceToken: string;
+    /** Alert title */
+    title?: string;
+    /** Alert subtitle */
+    subtitle?: string;
+    /** Alert body */
+    body?: string;
+    /** Badge number to display on app icon */
+    badge?: number;
+    /** Sound to play (use 'default' for default sound) */
+    sound?: string | {
+        name: string;
+        critical?: number;
+        volume?: number;
+    };
+    /** Category identifier for actionable notifications */
+    category?: string;
+    /** Thread identifier for grouping notifications */
+    threadId?: string;
+    /** Custom data payload */
+    data?: Record<string, any>;
+    /** Content available flag for background updates */
+    contentAvailable?: boolean;
+    /** Mutable content flag for notification service extension */
+    mutableContent?: boolean;
+    /** Push type (default: 'alert') */
+    pushType?: 'alert' | 'background' | 'voip' | 'complication' | 'fileprovider' | 'mdm' | 'liveactivity';
+    /** Notification priority (10 = immediate, 5 = can be delayed) */
+    priority?: 5 | 10;
+    /** Expiration timestamp (Unix time in seconds) */
+    expiration?: number;
+    /** Collapse identifier for coalescing notifications */
+    collapseId?: string;
+    /** Target content id for live activities */
+    targetContentId?: string;
+}
+export interface APNsSendResult {
+    success: boolean;
+    deviceToken: string;
+    apnsId?: string;
+    statusCode?: number;
+    error?: string;
+    reason?: string;
+    timestamp?: number;
+}
+export interface APNsBatchResult {
+    sent: number;
+    failed: number;
+    results: APNsSendResult[];
+}
+/**
+ * Apple Push Notification Service client
+ */
+export declare class APNsClient {
+    private config;
+    private token;
+    private tokenGeneratedAt;
+    private client;
+    private host;
+    constructor(config: APNsConfig);
+    /**
+     * Generate a new JWT token for APNs authentication
+     */
+    private generateToken;
+    /**
+     * Convert DER encoded ECDSA signature to raw format
+     */
+    private derToRaw;
+    /**
+     * Get or create HTTP/2 client connection
+     */
+    private getClient;
+    /**
+     * Build APNs payload from notification options
+     */
+    private buildPayload;
+    /**
+     * Send a push notification to a single device
+     */
+    send(notification: APNsNotification): Promise<APNsSendResult>;
+    /**
+     * Send push notifications to multiple devices
+     */
+    sendBatch(notifications: APNsNotification[], options?: {
+        concurrency?: number;
+    }): Promise<APNsBatchResult>;
+    /**
+     * Send a simple notification (convenience method)
+     */
+    sendSimple(deviceToken: string, title: string, body: string, data?: Record<string, any>): Promise<APNsSendResult>;
+    /**
+     * Send a silent/background notification
+     */
+    sendSilent(deviceToken: string, data?: Record<string, any>): Promise<APNsSendResult>;
+    /**
+     * Close the HTTP/2 connection
+     */
+    close(): void;
+}
+export default APNsClient;

package/dist/push/fcm.d.ts

@@ -0,0 +1,205 @@
+/**
+ * Firebase Cloud Messaging (FCM) Client
+ * Uses FCM HTTP v1 API with Google OAuth2 authentication
+ *
+ * Prerequisites:
+ * - Firebase project
+ * - Service account JSON key from Firebase Console
+ *
+ * @example
+ * ```ts
+ * const fcm = new FCMClient({
+ *   projectId: 'your-project-id',
+ *   clientEmail: 'firebase-adminsdk@project.iam.gserviceaccount.com',
+ *   privateKey: '-----BEGIN PRIVATE KEY-----\n...',
+ * })
+ *
+ * await fcm.send({
+ *   token: '...',
+ *   title: 'Hello',
+ *   body: 'World',
+ * })
+ * ```
+ */
+export interface FCMConfig {
+    /** Firebase project ID */
+    projectId: string;
+    /** Service account client email */
+    clientEmail: string;
+    /** Service account private key (PEM format) */
+    privateKey: string;
+}
+export interface FCMNotification {
+    /** Device FCM token */
+    token?: string;
+    /** Topic to send to (instead of token) */
+    topic?: string;
+    /** Condition expression for targeting multiple topics */
+    condition?: string;
+    /** Notification title */
+    title?: string;
+    /** Notification body */
+    body?: string;
+    /** Notification image URL */
+    imageUrl?: string;
+    /** Custom data payload */
+    data?: Record<string, string>;
+    /** Android-specific options */
+    android?: {
+        /** Channel ID for Android O+ */
+        channelId?: string;
+        /** Notification priority */
+        priority?: 'normal' | 'high';
+        /** Time to live in seconds */
+        ttl?: number;
+        /** Collapse key for message deduplication */
+        collapseKey?: string;
+        /** Notification icon */
+        icon?: string;
+        /** Notification icon color (hex) */
+        color?: string;
+        /** Sound to play */
+        sound?: string;
+        /** Click action */
+        clickAction?: string;
+        /** Tag for notification replacement */
+        tag?: string;
+        /** Direct boot aware */
+        directBootOk?: boolean;
+        /** Visibility: private, public, secret */
+        visibility?: 'private' | 'public' | 'secret';
+        /** Notification count */
+        notificationCount?: number;
+    };
+    /** Web push options */
+    webpush?: {
+        /** Web notification options */
+        notification?: {
+            title?: string;
+            body?: string;
+            icon?: string;
+            badge?: string;
+            image?: string;
+            requireInteraction?: boolean;
+            silent?: boolean;
+            tag?: string;
+            actions?: Array<{
+                action: string;
+                title: string;
+                icon?: string;
+            }>;
+        };
+        /** FCM options for web */
+        fcmOptions?: {
+            link?: string;
+            analyticsLabel?: string;
+        };
+        /** Custom headers */
+        headers?: Record<string, string>;
+        /** Custom data */
+        data?: Record<string, string>;
+    };
+    /** APNS options (for iOS via FCM) */
+    apns?: {
+        /** APNs headers */
+        headers?: Record<string, string>;
+        /** APNs payload */
+        payload?: {
+            aps?: Record<string, any>;
+            [key: string]: any;
+        };
+        /** FCM options */
+        fcmOptions?: {
+            analyticsLabel?: string;
+            image?: string;
+        };
+    };
+    /** FCM options */
+    fcmOptions?: {
+        analyticsLabel?: string;
+    };
+}
+export interface FCMSendResult {
+    success: boolean;
+    messageId?: string;
+    error?: string;
+    errorCode?: string;
+}
+export interface FCMBatchResult {
+    sent: number;
+    failed: number;
+    results: Array<FCMSendResult & {
+        token?: string;
+    }>;
+}
+/**
+ * Firebase Cloud Messaging client
+ */
+export declare class FCMClient {
+    private config;
+    private accessToken;
+    private tokenExpiresAt;
+    constructor(config: FCMConfig);
+    /**
+     * Load config from service account JSON
+     */
+    static fromServiceAccount(serviceAccount: {
+        project_id: string;
+        client_email: string;
+        private_key: string;
+    }): FCMClient;
+    /**
+     * Generate a JWT for Google OAuth2
+     */
+    private generateJWT;
+    /**
+     * Get a valid access token, refreshing if needed
+     */
+    private getAccessToken;
+    /**
+     * Build FCM message payload
+     */
+    private buildMessage;
+    /**
+     * Send a push notification
+     */
+    send(notification: FCMNotification): Promise<FCMSendResult>;
+    /**
+     * Send to multiple device tokens
+     */
+    sendBatch(tokens: string[], notification: Omit<FCMNotification, 'token' | 'topic' | 'condition'>, options?: {
+        concurrency?: number;
+    }): Promise<FCMBatchResult>;
+    /**
+     * Send to a topic
+     */
+    sendToTopic(topic: string, notification: Omit<FCMNotification, 'token' | 'topic' | 'condition'>): Promise<FCMSendResult>;
+    /**
+     * Send to topics with a condition
+     * @example sendToCondition("'TopicA' in topics && 'TopicB' in topics", {...})
+     */
+    sendToCondition(condition: string, notification: Omit<FCMNotification, 'token' | 'topic' | 'condition'>): Promise<FCMSendResult>;
+    /**
+     * Send a simple notification (convenience method)
+     */
+    sendSimple(token: string, title: string, body: string, data?: Record<string, string>): Promise<FCMSendResult>;
+    /**
+     * Send a data-only (silent) notification
+     */
+    sendSilent(token: string, data: Record<string, string>): Promise<FCMSendResult>;
+    /**
+     * Subscribe a token to a topic
+     */
+    subscribeToTopic(tokens: string[], topic: string): Promise<{
+        success: boolean;
+        error?: string;
+    }>;
+    /**
+     * Unsubscribe a token from a topic
+     */
+    unsubscribeFromTopic(tokens: string[], topic: string): Promise<{
+        success: boolean;
+        error?: string;
+    }>;
+}
+export default FCMClient;

package/dist/push/index.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Push Notifications Module
+ *
+ * Provides clients for Apple Push Notification Service (APNs) and
+ * Firebase Cloud Messaging (FCM).
+ *
+ * @example
+ * ```ts
+ * // Apple Push Notifications
+ * import { APNsClient } from 'ts-cloud/push'
+ *
+ * const apns = new APNsClient({
+ *   keyId: 'ABC123DEFG',
+ *   teamId: 'DEF456GHIJ',
+ *   privateKey: fs.readFileSync('AuthKey.p8', 'utf8'),
+ *   bundleId: 'com.example.app',
+ * })
+ *
+ * await apns.send({
+ *   deviceToken: '...',
+ *   title: 'Hello',
+ *   body: 'World',
+ * })
+ *
+ * // Firebase Cloud Messaging
+ * import { FCMClient } from 'ts-cloud/push'
+ *
+ * const fcm = new FCMClient({
+ *   projectId: 'your-project-id',
+ *   clientEmail: 'firebase-adminsdk@project.iam.gserviceaccount.com',
+ *   privateKey: '-----BEGIN PRIVATE KEY-----\n...',
+ * })
+ *
+ * await fcm.send({
+ *   token: '...',
+ *   title: 'Hello',
+ *   body: 'World',
+ * })
+ * ```
+ */
+export * from './apns';
+export * from './fcm';
+export type { APNsConfig, APNsNotification, APNsSendResult, APNsBatchResult, } from './apns';
+export type { FCMConfig, FCMNotification, FCMSendResult, FCMBatchResult, } from './fcm';

package/dist/security/pre-deploy-scanner.d.ts

@@ -0,0 +1,97 @@
+/**
+ * Pre-Deployment Security Scanner
+ * Scans source code for leaked secrets, credentials, and sensitive data before deployment
+ */
+export interface SecretPattern {
+    name: string;
+    pattern: RegExp;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    description: string;
+}
+export interface SecurityFinding {
+    file: string;
+    line: number;
+    column: number;
+    match: string;
+    pattern: SecretPattern;
+    context: string;
+}
+export interface ScanResult {
+    passed: boolean;
+    findings: SecurityFinding[];
+    scannedFiles: number;
+    duration: number;
+    summary: {
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+    };
+}
+export interface ScanOptions {
+    directory: string;
+    exclude?: string[];
+    include?: string[];
+    skipPatterns?: string[];
+    maxFileSize?: number;
+    failOnSeverity?: 'critical' | 'high' | 'medium' | 'low';
+}
+/**
+ * Common secret patterns to detect
+ */
+export declare const SECRET_PATTERNS: SecretPattern[];
+/**
+ * Pre-deployment security scanner
+ */
+export declare class PreDeployScanner {
+    private patterns;
+    private excludeDirs;
+    private excludeFiles;
+    private maxFileSize;
+    constructor(options?: {
+        customPatterns?: SecretPattern[];
+        excludeDirs?: string[];
+        excludeFiles?: string[];
+        maxFileSize?: number;
+    });
+    /**
+     * Scan a directory for secrets
+     */
+    scan(options: ScanOptions): Promise<ScanResult>;
+    /**
+     * Scan content for secrets
+     */
+    private scanContent;
+    /**
+     * Check if a match is likely a placeholder/example
+     */
+    private isLikelyPlaceholder;
+    /**
+     * Mask a secret for display
+     */
+    private maskSecret;
+    /**
+     * Get all files to scan in a directory
+     */
+    private getFilesToScan;
+    /**
+     * Check if a file should be excluded
+     */
+    private shouldExcludeFile;
+    /**
+     * Add custom patterns
+     */
+    addPattern(pattern: SecretPattern): void;
+    /**
+     * Get all registered patterns
+     */
+    getPatterns(): SecretPattern[];
+}
+/**
+ * Convenience function to scan a directory
+ */
+export declare function scanForSecrets(options: ScanOptions): Promise<ScanResult>;
+/**
+ * Format scan results for CLI output
+ */
+export declare function formatScanResults(result: ScanResult): string;

package/dist/ssl/acme-client.d.ts

@@ -0,0 +1,133 @@
+/**
+ * ACME Client for Let's Encrypt
+ * Implements RFC 8555 (ACME Protocol) for certificate issuance
+ *
+ * This is a pure TypeScript/Bun implementation without external dependencies.
+ */
+export declare const ACME_DIRECTORIES: {
+    readonly production: "https://acme-v02.api.letsencrypt.org/directory";
+    readonly staging: "https://acme-staging-v02.api.letsencrypt.org/directory";
+};
+export interface AcmeClientOptions {
+    /**
+     * Use staging server for testing
+     * @default false
+     */
+    staging?: boolean;
+    /**
+     * Account email for Let's Encrypt notifications
+     */
+    email: string;
+    /**
+     * Account key in PEM format (optional, will be generated if not provided)
+     */
+    accountKey?: string;
+}
+export interface AcmeChallenge {
+    type: 'http-01' | 'dns-01';
+    token: string;
+    keyAuthorization: string;
+    /**
+     * For HTTP-01: URL path to serve the challenge
+     * For DNS-01: TXT record name
+     */
+    identifier: string;
+    /**
+     * For DNS-01: The value to put in the TXT record
+     */
+    dnsValue?: string;
+}
+export interface AcmeCertificate {
+    certificate: string;
+    privateKey: string;
+    chain: string;
+    fullchain: string;
+    expiresAt: Date;
+}
+/**
+ * ACME Client for Let's Encrypt certificate management
+ */
+export declare class AcmeClient {
+    private directoryUrl;
+    private email;
+    private accountKey;
+    private accountUrl;
+    private directory;
+    private nonce;
+    constructor(options: AcmeClientOptions);
+    /**
+     * Generate a new account key pair
+     */
+    private generateAccountKey;
+    /**
+     * Get the ACME directory
+     */
+    private getDirectory;
+    /**
+     * Get a fresh nonce for requests
+     */
+    private getNonce;
+    /**
+     * Create JWK from account key
+     */
+    private getJwk;
+    /**
+     * Calculate JWK thumbprint
+     */
+    private getJwkThumbprint;
+    /**
+     * Base64URL encode
+     */
+    private base64UrlEncode;
+    /**
+     * Sign a payload for ACME request
+     */
+    private signPayload;
+    /**
+     * Make a signed ACME request
+     */
+    private acmeRequest;
+    /**
+     * Register or get existing account
+     */
+    registerAccount(): Promise<string>;
+    /**
+     * Create a new certificate order
+     */
+    createOrder(domains: string[]): Promise<{
+        orderUrl: string;
+        authorizations: string[];
+        finalize: string;
+    }>;
+    /**
+     * Get authorization challenges
+     */
+    getAuthorization(authUrl: string): Promise<{
+        domain: string;
+        challenges: AcmeChallenge[];
+    }>;
+    /**
+     * Respond to a challenge (tell ACME server we're ready)
+     */
+    respondToChallenge(challengeUrl: string): Promise<void>;
+    /**
+     * Poll for authorization status
+     */
+    waitForAuthorization(authUrl: string, maxAttempts?: number): Promise<void>;
+    /**
+     * Generate a CSR (Certificate Signing Request)
+     */
+    private generateCsr;
+    /**
+     * Create a simple CSR (placeholder - would need proper implementation)
+     */
+    private createSimpleCsr;
+    /**
+     * Finalize the order and get the certificate
+     */
+    finalizeOrder(finalizeUrl: string, domains: string[]): Promise<AcmeCertificate>;
+    /**
+     * Get the account key (for storage/reuse)
+     */
+    getAccountKey(): string;
+}

package/dist/ssl/index.d.ts

@@ -0,0 +1,6 @@
+/**
+ * SSL/TLS Certificate Management
+ * Supports Let's Encrypt (ACME) and AWS ACM
+ */
+export * from './letsencrypt';
+export * from './acme-client';