npm - @technomoron/api-server-base - Versions diffs - 2.0.0-beta.21 → 2.0.0-beta.23 - Mend

@technomoron/api-server-base 2.0.0-beta.21 → 2.0.0-beta.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (177) hide show

package/dist/cjs/server/src/auth-api/schemas.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+/**
+ * JSON Schema definitions for auth module routes.
+ * These are the runtime validation source-of-truth; TypeScript interfaces
+ * in auth-module.ts remain for handler-internal typing only.
+ */
+/** Loose JSON Schema object type used for Fastify route schema definitions. */
+type JsonSchema = Record<string, unknown>;
+export declare const loginBodySchema: JsonSchema;
+export declare const refreshBodySchema: JsonSchema;
+export declare const logoutBodySchema: JsonSchema;
+export declare const whoamiBodySchema: JsonSchema;
+export declare const passkeyChallengeBodySchema: JsonSchema;
+export declare const passkeyVerifyBodySchema: JsonSchema;
+export declare const passkeyCredentialParamsSchema: JsonSchema;
+export declare const impersonateBodySchema: JsonSchema;
+export declare const deleteImpersonationQuerySchema: JsonSchema;
+export declare const oauthProviderParamsSchema: JsonSchema;
+export declare const oauthStartBodySchema: JsonSchema;
+export declare const oauthAuthorizeBodySchema: JsonSchema;
+export declare const oauthTokenBodySchema: JsonSchema;
+export {};

package/dist/cjs/{auth-api/sql-auth-store.js → server/src/auth-api/sql-auth-store.cjs} RENAMED Viewed

@@ -1,14 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SqlAuthStore = void 0;
-const sequelize_js_1 = require("../oauth/sequelize.js");
-const config_js_1 = require("../passkey/config.js");
-const sequelize_js_2 = require("../passkey/sequelize.js");
-const sequelize_utils_js_1 = require("../sequelize-utils.js");
-const sequelize_js_3 = require("../token/sequelize.js");
-const sequelize_js_4 = require("../user/sequelize.js");
-const compat_auth_storage_js_1 = require("./compat-auth-storage.js");
-const user_id_js_1 = require("./user-id.js");
+const sequelize_js_1 = require("../oauth/sequelize.cjs");
+const config_js_1 = require("../passkey/config.cjs");
+const sequelize_js_2 = require("../passkey/sequelize.cjs");
+const sequelize_utils_js_1 = require("../sequelize-utils.cjs");
+const sequelize_js_3 = require("../token/sequelize.cjs");
+const sequelize_js_4 = require("../user/sequelize.cjs");
+const compat_auth_storage_js_1 = require("./compat-auth-storage.cjs");
+const user_id_js_1 = require("./user-id.cjs");
 function resolveTablePrefix(...prefixes) {
     for (const prefix of prefixes) {
         const normalized = (0, sequelize_utils_js_1.normalizeTablePrefix)(prefix);

package/dist/cjs/{auth-api/user-id.js → server/src/auth-api/user-id.cjs} RENAMED Viewed

@@ -14,7 +14,12 @@ function normalizeComparableUserId(identifier) {
             throw new Error(`Unable to normalise user identifier: ${identifier}`);
         }
         if (/^\d+$/.test(trimmed)) {
-            return String(Number(trimmed));
+            const num = Number(trimmed);
+            // Avoid precision loss for large numeric strings
+            if (!Number.isSafeInteger(num)) {
+                return trimmed;
+            }
+            return String(num);
         }
         return trimmed;
     }
@@ -23,9 +28,13 @@ function normalizeComparableUserId(identifier) {
 function normalizeNumericUserId(identifier) {
     const normalized = normalizeComparableUserId(identifier);
     if (/^\d+$/.test(normalized)) {
-        return Number(normalized);
+        const num = Number(normalized);
+        if (!Number.isSafeInteger(num)) {
+            throw new Error(`Sequelize OAuth/Passkey store requires numeric user IDs within safe integer range: ${identifier}`);
+        }
+        return num;
     }
-    throw new Error(`Unable to normalise user identifier: ${identifier}`);
+    throw new Error(`Sequelize OAuth/Passkey store requires numeric user IDs: ${identifier}`);
 }
 function normalizeStringUserId(identifier) {
     return normalizeComparableUserId(identifier);

package/dist/{esm → cjs/server/src}/auth-cookie-options.d.ts RENAMED Viewed

@@ -1,5 +1,4 @@
-import type { Request } from 'express';
-import type { CookieOptions } from 'express-serve-static-core';
+import type { ApiCookieOptions } from './api-server-base.js';
 export interface AuthCookieConfig {
     cookieSecure?: boolean | 'auto';
     cookieSameSite?: 'lax' | 'strict' | 'none';
@@ -8,4 +7,7 @@ export interface AuthCookieConfig {
     cookiePath?: string;
     devMode?: boolean;
 }
-export declare function buildAuthCookieOptions(config: AuthCookieConfig, req: Pick<Request, 'headers' | 'protocol'>): CookieOptions;
+export declare function buildAuthCookieOptions(config: AuthCookieConfig, req: {
+    headers: Record<string, string | string[] | undefined>;
+    protocol?: string;
+}): ApiCookieOptions;

package/dist/cjs/server/src/base/client-info.cjs ADDED Viewed

@@ -0,0 +1,285 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureClientInfo = ensureClientInfo;
+function normalizeIpAddress(candidate) {
+    let value = candidate.trim();
+    if (!value) {
+        return null;
+    }
+    value = value.replace(/^"+|"+$/g, '').replace(/^'+|'+$/g, '');
+    if (value.startsWith('::ffff:')) {
+        value = value.slice(7);
+    }
+    if (value.startsWith('[') && value.endsWith(']')) {
+        value = value.slice(1, -1);
+    }
+    const firstColon = value.indexOf(':');
+    const lastColon = value.lastIndexOf(':');
+    if (firstColon !== -1 && firstColon === lastColon) {
+        const maybePort = value.slice(lastColon + 1);
+        if (/^\d+$/.test(maybePort)) {
+            value = value.slice(0, lastColon);
+        }
+    }
+    value = value.trim();
+    return value || null;
+}
+function extractForwardedFor(header) {
+    if (!header) {
+        return [];
+    }
+    const values = Array.isArray(header) ? header : [header];
+    const ips = [];
+    for (const entry of values) {
+        for (const part of entry.split(',')) {
+            const normalized = normalizeIpAddress(part);
+            if (normalized) {
+                ips.push(normalized);
+            }
+        }
+    }
+    return ips;
+}
+function extractForwardedHeader(header) {
+    if (!header) {
+        return [];
+    }
+    const values = Array.isArray(header) ? header : [header];
+    const ips = [];
+    for (const entry of values) {
+        for (const part of entry.split(',')) {
+            const match = part.match(/for=([^;]+)/i);
+            if (match) {
+                const normalized = normalizeIpAddress(match[1]);
+                if (normalized) {
+                    ips.push(normalized);
+                }
+            }
+        }
+    }
+    return ips;
+}
+function detectBrowser(userAgent) {
+    const browserMatchers = [
+        { label: 'Edge', pattern: /(Edg|Edge|EdgiOS|EdgA)\/([\d.]+)/i, versionGroup: 2 },
+        { label: 'Chrome', pattern: /(Chrome|CriOS)\/([\d.]+)/i, versionGroup: 2 },
+        { label: 'Firefox', pattern: /(Firefox|FxiOS)\/([\d.]+)/i, versionGroup: 2 },
+        { label: 'Safari', pattern: /Version\/([\d.]+).*Safari/i, versionGroup: 1 },
+        { label: 'Opera', pattern: /(OPR|Opera)\/([\d.]+)/i, versionGroup: 2 },
+        { label: 'Brave', pattern: /Brave\/([\d.]+)/i, versionGroup: 1 },
+        { label: 'Vivaldi', pattern: /Vivaldi\/([\d.]+)/i, versionGroup: 1 },
+        { label: 'Electron', pattern: /Electron\/([\d.]+)/i, versionGroup: 1 },
+        { label: 'Node', pattern: /Node\.js\/([\d.]+)/i, versionGroup: 1 },
+        { label: 'IE', pattern: /MSIE ([\d.]+)/i, versionGroup: 1 },
+        { label: 'IE', pattern: /Trident\/.*rv:([\d.]+)/i, versionGroup: 1 }
+    ];
+    for (const matcher of browserMatchers) {
+        const m = userAgent.match(matcher.pattern);
+        if (m) {
+            const version = matcher.versionGroup ? m[matcher.versionGroup] : '';
+            return version ? `${matcher.label} ${version}` : matcher.label;
+        }
+    }
+    return '';
+}
+function detectOs(userAgent) {
+    const osMatchers = [
+        {
+            label: 'Windows',
+            pattern: /Windows NT ([\d.]+)/i,
+            transform: (match) => `Windows ${match[1]}`
+        },
+        {
+            label: 'iOS',
+            pattern: /iPhone OS ([\d_]+)/i,
+            transform: (match) => `iOS ${match[1].replace(/_/g, '.')}`
+        },
+        {
+            label: 'iPadOS',
+            pattern: /iPad; CPU OS ([\d_]+)/i,
+            transform: (match) => `iPadOS ${match[1].replace(/_/g, '.')}`
+        },
+        {
+            label: 'macOS',
+            pattern: /Mac OS X ([\d_]+)/i,
+            transform: (match) => `macOS ${match[1].replace(/_/g, '.')}`
+        },
+        {
+            label: 'Android',
+            pattern: /Android ([\d.]+)/i,
+            transform: (match) => `Android ${match[1]}`
+        },
+        {
+            label: 'ChromeOS',
+            pattern: /CrOS [^ ]+ ([\d.]+)/i,
+            transform: (match) => `ChromeOS ${match[1]}`
+        },
+        { label: 'Linux', pattern: /Linux/i },
+        { label: 'Unix', pattern: /X11/i }
+    ];
+    for (const matcher of osMatchers) {
+        const m = userAgent.match(matcher.pattern);
+        if (m) {
+            return matcher.transform ? matcher.transform(m) : matcher.label;
+        }
+    }
+    return '';
+}
+function detectDevice(userAgent, osLabel) {
+    if (/iPhone/i.test(userAgent)) {
+        return 'iPhone';
+    }
+    if (/iPad/i.test(userAgent)) {
+        return 'iPad';
+    }
+    if (/iPod/i.test(userAgent)) {
+        return 'iPod';
+    }
+    if (/Android/i.test(userAgent)) {
+        const match = userAgent.match(/;\s*([^;]+)\s+Build/i);
+        if (match) {
+            return match[1];
+        }
+        return 'Android Device';
+    }
+    if (/Macintosh/i.test(userAgent)) {
+        return 'Mac';
+    }
+    if (/Windows/i.test(userAgent)) {
+        return 'PC';
+    }
+    if (/CrOS/i.test(userAgent)) {
+        return 'Chromebook';
+    }
+    return osLabel;
+}
+function parseClientAgent(userAgentHeader) {
+    const raw = Array.isArray(userAgentHeader) ? userAgentHeader[0] : userAgentHeader;
+    const ua = typeof raw === 'string' ? raw.trim() : '';
+    if (!ua) {
+        return { ua: '', browser: '', os: '', device: '' };
+    }
+    const os = detectOs(ua);
+    const browser = detectBrowser(ua);
+    const device = detectDevice(ua, os);
+    return { ua, browser, os, device };
+}
+function isLoopbackAddress(ip) {
+    if (ip === '::1' || ip === '0:0:0:0:0:0:0:1') {
+        return true;
+    }
+    if (ip === '0.0.0.0' || ip === '127.0.0.1') {
+        return true;
+    }
+    if (ip.startsWith('127.')) {
+        return true;
+    }
+    return false;
+}
+function collectSocketAddresses(req) {
+    const seen = new Set();
+    const result = [];
+    const pushNormalized = (ip) => {
+        if (!ip || seen.has(ip))
+            return;
+        seen.add(ip);
+        result.push(ip);
+    };
+    if (Array.isArray(req.ips)) {
+        for (const ip of req.ips) {
+            pushNormalized(normalizeIpAddress(ip));
+        }
+    }
+    if (typeof req.ip === 'string') {
+        pushNormalized(normalizeIpAddress(req.ip));
+    }
+    const socketAddress = req.socket?.remoteAddress;
+    if (typeof socketAddress === 'string') {
+        pushNormalized(normalizeIpAddress(socketAddress));
+    }
+    const connectionAddress = req.connection?.remoteAddress;
+    if (typeof connectionAddress === 'string') {
+        pushNormalized(normalizeIpAddress(connectionAddress));
+    }
+    return result;
+}
+function collectForwardedIps(req) {
+    const seen = new Set();
+    const result = [];
+    const pushNormalized = (ip) => {
+        if (!ip || seen.has(ip))
+            return;
+        seen.add(ip);
+        result.push(ip);
+    };
+    for (const ip of extractForwardedFor(req.headers['x-forwarded-for'])) {
+        pushNormalized(ip);
+    }
+    for (const ip of extractForwardedHeader(req.headers['forwarded'])) {
+        pushNormalized(ip);
+    }
+    const realIp = req.headers['x-real-ip'];
+    if (Array.isArray(realIp)) {
+        for (const value of realIp) {
+            pushNormalized(normalizeIpAddress(value));
+        }
+    }
+    else if (typeof realIp === 'string') {
+        pushNormalized(normalizeIpAddress(realIp));
+    }
+    return result;
+}
+function collectClientIpChain(req, trustProxy) {
+    const socketIps = collectSocketAddresses(req);
+    // trustProxy=false: ignore forwarded headers entirely
+    if (trustProxy === false) {
+        return socketIps;
+    }
+    const forwardedIps = collectForwardedIps(req);
+    // trustProxy=number: only trust that many rightmost forwarded entries
+    if (typeof trustProxy === 'number' && trustProxy >= 0) {
+        const trusted = trustProxy > 0 ? forwardedIps.slice(-trustProxy) : [];
+        const seen = new Set(trusted);
+        for (const ip of socketIps) {
+            if (!seen.has(ip)) {
+                seen.add(ip);
+                trusted.push(ip);
+            }
+        }
+        return trusted;
+    }
+    // trustProxy=true or undefined: trust all (backwards-compatible default)
+    const seen = new Set(forwardedIps);
+    const result = [...forwardedIps];
+    for (const ip of socketIps) {
+        if (!seen.has(ip)) {
+            seen.add(ip);
+            result.push(ip);
+        }
+    }
+    return result;
+}
+function selectClientIp(chain) {
+    for (const ip of chain) {
+        if (!isLoopbackAddress(ip)) {
+            return ip;
+        }
+    }
+    return chain[0] ?? null;
+}
+function buildClientInfo(req, trustProxy) {
+    const agent = parseClientAgent(req.headers['user-agent']);
+    const ipchain = collectClientIpChain(req, trustProxy);
+    const ip = selectClientIp(ipchain);
+    return {
+        ...agent,
+        ip,
+        ipchain
+    };
+}
+function ensureClientInfo(apiReq, trustProxy) {
+    if (!apiReq.clientInfo) {
+        apiReq.clientInfo = buildClientInfo(apiReq.req, trustProxy);
+    }
+    return apiReq.clientInfo;
+}

package/dist/cjs/server/src/base/client-info.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+interface ClientInfoRequest {
+    headers: Record<string, string | string[] | undefined>;
+    ips?: string[];
+    ip?: string;
+    socket?: {
+        remoteAddress?: string;
+    };
+    connection?: {
+        remoteAddress?: string;
+    };
+}
+export interface ClientAgentProfile {
+    ua: string;
+    browser: string;
+    os: string;
+    device: string;
+}
+export interface ClientInfo extends ClientAgentProfile {
+    ip: string | null;
+    ipchain: string[];
+}
+interface ApiRequestWithClientInfo {
+    req: ClientInfoRequest;
+    clientInfo?: ClientInfo;
+}
+export declare function ensureClientInfo(apiReq: ApiRequestWithClientInfo, trustProxy?: boolean | number): ClientInfo;
+export {};

package/dist/cjs/server/src/base/error-utils.cjs ADDED Viewed

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.guessExceptionText = guessExceptionText;
+exports.normalizeApiErrorParams = normalizeApiErrorParams;
+exports.isApiErrorLike = isApiErrorLike;
+exports.asHttpStatus = asHttpStatus;
+function guessExceptionText(error, defMsg = 'Unknown Error') {
+    const msg = [];
+    if (typeof error === 'string' && error.trim() !== '') {
+        msg.push(error);
+    }
+    else if (error && typeof error === 'object') {
+        const errorDetails = error;
+        if (typeof errorDetails.message === 'string' && errorDetails.message.trim() !== '') {
+            msg.push(errorDetails.message);
+        }
+        if (errorDetails.parent &&
+            typeof errorDetails.parent.message === 'string' &&
+            errorDetails.parent.message.trim() !== '') {
+            msg.push(errorDetails.parent.message);
+        }
+    }
+    return msg.length > 0 ? msg.join(' / ') : defMsg;
+}
+function normalizeApiErrorParams({ code, message, data, errors }) {
+    return {
+        code: typeof code === 'number' ? code : 500,
+        message: guessExceptionText(message, '[Unknown error (null/undefined)]'),
+        data: data !== undefined ? data : null,
+        errors: errors !== undefined ? errors : {}
+    };
+}
+function isApiErrorLike(candidate) {
+    if (!candidate || typeof candidate !== 'object') {
+        return false;
+    }
+    const maybeError = candidate;
+    return typeof maybeError.code === 'number' && typeof maybeError.message === 'string';
+}
+function asHttpStatus(error) {
+    if (!error || typeof error !== 'object') {
+        return null;
+    }
+    const maybe = error;
+    const status = typeof maybe.status === 'number' ? maybe.status : maybe.statusCode;
+    if (typeof status === 'number' && status >= 400 && status <= 599) {
+        return status;
+    }
+    return null;
+}

package/dist/cjs/server/src/base/error-utils.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import type { ApiErrorParams } from '../api-server-base.js';
+export interface ApiErrorLike {
+    code: number;
+    message: string;
+    data?: unknown;
+    errors?: unknown;
+}
+export declare function guessExceptionText(error: unknown, defMsg?: string): string;
+export declare function normalizeApiErrorParams({ code, message, data, errors }: ApiErrorParams): {
+    code: number;
+    message: string;
+    data: unknown;
+    errors: Record<string, string>;
+};
+export declare function isApiErrorLike(candidate: unknown): candidate is ApiErrorLike;
+export declare function asHttpStatus(error: unknown): number | null;

package/dist/cjs/server/src/base/request-utils.cjs ADDED Viewed

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isPlainObject = isPlainObject;
+exports.hydrateGetBody = hydrateGetBody;
+function isPlainObject(value) {
+    if (!value || typeof value !== 'object' || Array.isArray(value)) {
+        return false;
+    }
+    const proto = Object.getPrototypeOf(value);
+    return proto === Object.prototype || proto === null;
+}
+function hydrateGetBody(req) {
+    if ((req.method ?? '').toUpperCase() !== 'GET') {
+        return;
+    }
+    const query = isPlainObject(req.query) ? req.query : null;
+    if (!query || Object.keys(query).length === 0) {
+        return;
+    }
+    const body = isPlainObject(req.body) ? req.body : null;
+    if (!body || Object.keys(body).length === 0) {
+        req.body = { ...query };
+        return;
+    }
+    // Keep explicit body fields authoritative when both query and body provide the same key.
+    req.body = { ...query, ...body };
+}

package/dist/cjs/server/src/base/request-utils.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+interface HydratableRequest {
+    method?: string;
+    query?: unknown;
+    body?: unknown;
+}
+export declare function isPlainObject(value: unknown): value is Record<string, unknown>;
+export declare function hydrateGetBody(req: HydratableRequest): void;
+export {};

package/dist/cjs/{index.cjs → server/src/index.cjs} RENAMED Viewed

@@ -3,40 +3,49 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.MemoryOAuthStore = exports.OAuthStore = exports.MemoryPasskeyStore = exports.PasskeyStore = exports.PasskeyService = exports.MemoryTokenStore = exports.TokenStore = exports.MemoryUserStore = exports.UserStore = exports.AuthModule = exports.MemAuthStore = exports.CompositeAuthAdapter = exports.BaseAuthModule = exports.nullAuthModule = exports.BaseAuthAdapter = exports.nullAuthAdapter = exports.ApiModule = exports.ApiError = exports.ApiServer = void 0;
+exports.TusUploadOffsetError = exports.MemoryTusUploadStore = exports.TusUploadModule = exports.createAuthRateLimitHook = exports.FixedWindowRateLimiter = exports.MemoryOAuthStore = exports.OAuthStore = exports.MemoryPasskeyStore = exports.PasskeyStore = exports.PasskeyService = exports.MemoryTokenStore = exports.TokenStore = exports.MemoryUserStore = exports.UserStore = exports.AuthModule = exports.MemAuthStore = exports.CompositeAuthAdapter = exports.BaseAuthModule = exports.nullAuthModule = exports.BaseAuthAdapter = exports.nullAuthAdapter = exports.ApiModule = exports.ApiError = exports.ApiServer = void 0;
 var api_server_base_js_1 = require("./api-server-base.cjs");
 Object.defineProperty(exports, "ApiServer", { enumerable: true, get: function () { return __importDefault(api_server_base_js_1).default; } });
 var api_server_base_js_2 = require("./api-server-base.cjs");
 Object.defineProperty(exports, "ApiError", { enumerable: true, get: function () { return api_server_base_js_2.ApiError; } });
 var api_module_js_1 = require("./api-module.cjs");
 Object.defineProperty(exports, "ApiModule", { enumerable: true, get: function () { return api_module_js_1.ApiModule; } });
-var storage_js_1 = require("./auth-api/storage.js");
+var storage_js_1 = require("./auth-api/storage.cjs");
 Object.defineProperty(exports, "nullAuthAdapter", { enumerable: true, get: function () { return storage_js_1.nullAuthAdapter; } });
 Object.defineProperty(exports, "BaseAuthAdapter", { enumerable: true, get: function () { return storage_js_1.BaseAuthAdapter; } });
-var module_js_1 = require("./auth-api/module.js");
+var module_js_1 = require("./auth-api/module.cjs");
 Object.defineProperty(exports, "nullAuthModule", { enumerable: true, get: function () { return module_js_1.nullAuthModule; } });
 Object.defineProperty(exports, "BaseAuthModule", { enumerable: true, get: function () { return module_js_1.BaseAuthModule; } });
-var compat_auth_storage_js_1 = require("./auth-api/compat-auth-storage.js");
+var compat_auth_storage_js_1 = require("./auth-api/compat-auth-storage.cjs");
 Object.defineProperty(exports, "CompositeAuthAdapter", { enumerable: true, get: function () { return compat_auth_storage_js_1.CompositeAuthAdapter; } });
-var mem_auth_store_js_1 = require("./auth-api/mem-auth-store.js");
+var mem_auth_store_js_1 = require("./auth-api/mem-auth-store.cjs");
 Object.defineProperty(exports, "MemAuthStore", { enumerable: true, get: function () { return mem_auth_store_js_1.MemAuthStore; } });
-var auth_module_js_1 = require("./auth-api/auth-module.js");
+var auth_module_js_1 = require("./auth-api/auth-module.cjs");
 Object.defineProperty(exports, "AuthModule", { enumerable: true, get: function () { return __importDefault(auth_module_js_1).default; } });
-var base_js_1 = require("./user/base.js");
+var base_js_1 = require("./user/base.cjs");
 Object.defineProperty(exports, "UserStore", { enumerable: true, get: function () { return base_js_1.UserStore; } });
-var memory_js_1 = require("./user/memory.js");
+var memory_js_1 = require("./user/memory.cjs");
 Object.defineProperty(exports, "MemoryUserStore", { enumerable: true, get: function () { return memory_js_1.MemoryUserStore; } });
-var base_js_2 = require("./token/base.js");
+var base_js_2 = require("./token/base.cjs");
 Object.defineProperty(exports, "TokenStore", { enumerable: true, get: function () { return base_js_2.TokenStore; } });
-var memory_js_2 = require("./token/memory.js");
+var memory_js_2 = require("./token/memory.cjs");
 Object.defineProperty(exports, "MemoryTokenStore", { enumerable: true, get: function () { return memory_js_2.MemoryTokenStore; } });
-var service_js_1 = require("./passkey/service.js");
+var service_js_1 = require("./passkey/service.cjs");
 Object.defineProperty(exports, "PasskeyService", { enumerable: true, get: function () { return service_js_1.PasskeyService; } });
-var base_js_3 = require("./passkey/base.js");
+var base_js_3 = require("./passkey/base.cjs");
 Object.defineProperty(exports, "PasskeyStore", { enumerable: true, get: function () { return base_js_3.PasskeyStore; } });
-var memory_js_3 = require("./passkey/memory.js");
+var memory_js_3 = require("./passkey/memory.cjs");
 Object.defineProperty(exports, "MemoryPasskeyStore", { enumerable: true, get: function () { return memory_js_3.MemoryPasskeyStore; } });
-var base_js_4 = require("./oauth/base.js");
+var base_js_4 = require("./oauth/base.cjs");
 Object.defineProperty(exports, "OAuthStore", { enumerable: true, get: function () { return base_js_4.OAuthStore; } });
-var memory_js_4 = require("./oauth/memory.js");
+var memory_js_4 = require("./oauth/memory.cjs");
 Object.defineProperty(exports, "MemoryOAuthStore", { enumerable: true, get: function () { return memory_js_4.MemoryOAuthStore; } });
+var fixed_window_js_1 = require("./limiter/fixed-window.cjs");
+Object.defineProperty(exports, "FixedWindowRateLimiter", { enumerable: true, get: function () { return fixed_window_js_1.FixedWindowRateLimiter; } });
+var auth_rate_limiter_js_1 = require("./limiter/auth-rate-limiter.cjs");
+Object.defineProperty(exports, "createAuthRateLimitHook", { enumerable: true, get: function () { return auth_rate_limiter_js_1.createAuthRateLimitHook; } });
+var tus_module_js_1 = require("./upload/tus-module.cjs");
+Object.defineProperty(exports, "TusUploadModule", { enumerable: true, get: function () { return tus_module_js_1.TusUploadModule; } });
+var memory_js_5 = require("./upload/memory.cjs");
+Object.defineProperty(exports, "MemoryTusUploadStore", { enumerable: true, get: function () { return memory_js_5.MemoryTusUploadStore; } });
+Object.defineProperty(exports, "TusUploadOffsetError", { enumerable: true, get: function () { return memory_js_5.TusUploadOffsetError; } });

package/dist/{esm → cjs/server/src}/index.d.ts RENAMED Viewed

@@ -25,3 +25,10 @@ export { MemoryPasskeyStore } from './passkey/memory.js';
 export type { PasskeyServiceConfig, PasskeyChallengeRecord, PasskeyUserDescriptor, StoredPasskeyCredential, PasskeyChallenge, PasskeyChallengeParams, PasskeyVerificationParams, PasskeyVerificationResult } from './passkey/types.js';
 export { OAuthStore } from './oauth/base.js';
 export { MemoryOAuthStore } from './oauth/memory.js';
+export { FixedWindowRateLimiter } from './limiter/fixed-window.js';
+export type { RateLimitDecision } from './limiter/fixed-window.js';
+export { createAuthRateLimitHook } from './limiter/auth-rate-limiter.js';
+export type { AuthRateLimitConfig } from './limiter/auth-rate-limiter.js';
+export { TusUploadModule } from './upload/tus-module.js';
+export { MemoryTusUploadStore, TusUploadOffsetError } from './upload/memory.js';
+export type { TusMetadata, TusUploadRecord, TusCreateUploadInput, TusAppendInput, TusUploadStore } from './upload/types.js';

package/dist/cjs/server/src/limiter/auth-rate-limiter.cjs ADDED Viewed

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAuthRateLimitHook = createAuthRateLimitHook;
+const api_server_base_js_1 = require("../api-server-base.cjs");
+const fixed_window_js_1 = require("./fixed-window.cjs");
+function createAuthRateLimitHook(config, limiter) {
+    if (!config || Object.keys(config).length === 0) {
+        return () => { };
+    }
+    const instance = limiter ?? new fixed_window_js_1.FixedWindowRateLimiter();
+    return (ctx) => {
+        const endpointConfig = config[ctx.endpoint];
+        if (!endpointConfig) {
+            return;
+        }
+        const windowSec = endpointConfig.windowSec ?? 0;
+        const max = endpointConfig.max ?? 0;
+        if (windowSec <= 0 || max <= 0) {
+            return;
+        }
+        const clientIp = ctx.apiReq.getClientIp() ?? '';
+        if (!clientIp) {
+            return;
+        }
+        const key = `${ctx.endpoint}:${clientIp}`;
+        const decision = instance.check(key, max, windowSec * 1000);
+        if (!decision.allowed) {
+            throw new api_server_base_js_1.ApiError({
+                code: 429,
+                message: 'Too many requests; try again later',
+                data: { retryAfterSec: decision.retryAfterSec }
+            });
+        }
+    };
+}

package/dist/cjs/server/src/limiter/auth-rate-limiter.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { type ApiRequest } from '../api-server-base.js';
+import { FixedWindowRateLimiter } from './fixed-window.js';
+type AuthRateLimitEndpoint = 'login' | 'passkey-challenge' | 'oauth-token' | 'oauth-authorize';
+export interface AuthRateLimitConfig {
+    windowSec?: number;
+    max?: number;
+}
+export declare function createAuthRateLimitHook(config: Partial<Record<AuthRateLimitEndpoint, AuthRateLimitConfig>>, limiter?: FixedWindowRateLimiter): (ctx: {
+    apiReq: ApiRequest;
+    endpoint: string;
+}) => void;
+export {};