@webpieces/http-api 0.2.92 → 0.2.93

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@webpieces/http-api",
-  "version": "0.2.92",
+  "version": "0.2.93",
   "description": "HTTP API decorators for defining REST APIs",
   "type": "commonjs",
   "main": "./src/index.js",
@@ -22,6 +22,6 @@
     "access": "public"
   },
   "dependencies": {
-    "@webpieces/core-util": "0.2.92"
+    "@webpieces/core-util": "0.2.93"
   }
 }

package/src/decorators.d.ts

@@ -4,94 +4,104 @@ import 'reflect-metadata';
  * These keys are used by both server-side (routing) and client-side (client generation).
  */
 export declare const METADATA_KEYS: {
-    API_INTERFACE: string;
-    ROUTES: string;
-    HTTP_METHOD: string;
-    PATH: string;
+    API_PATH: string;
+    ENDPOINTS: string;
+    AUTH_META: string;
 };
 /**
- * Route metadata stored on methods.
- * Used by both server-side routing and client-side HTTP client generation.
+ * Route metadata stored per-method at runtime.
+ * Used internally by http-routing and http-client as the runtime representation
+ * of a route. Constructed from @ApiPath + @Endpoint metadata by createApiClient
+ * and ApiRoutingFactory.
  */
 export declare class RouteMetadata {
     httpMethod: string;
     path: string;
     methodName: string;
-    parameterTypes?: any[];
     controllerClassName?: string;
-    constructor(httpMethod: string, path: string, methodName: string, parameterTypes?: any[], controllerClassName?: string);
+    authMeta?: AuthMeta;
+    constructor(httpMethod: string, path: string, methodName: string, controllerClassName?: string, authMeta?: AuthMeta);
 }
 /**
- * Mark a class as an API interface.
- * Similar to Java's JAX-RS interface pattern.
+ * Auth metadata attached to a class or method via @Authentication().
  *
- * This decorator is used by:
- * - Server: RESTApiRoutes reads it to validate API interfaces
- * - Client: Client generator reads it to identify API interfaces
+ * - authenticated=false → public endpoint (no auth check)
+ * - authenticated=true, no roles → requires authentication
+ * - authenticated=true, roles=['admin'] → requires authentication + specific roles
+ * - authenticated=false + roles → INVALID (caught at decorator time)
+ */
+export declare class AuthMeta {
+    authenticated: boolean;
+    roles: string[];
+    constructor(authenticated: boolean, roles?: string[]);
+}
+/**
+ * @ApiPath(basePath) - Class decorator that marks a class as an API definition
+ * and sets the base path for all endpoints.
  *
  * Usage:
  * ```typescript
- * @ApiInterface()
+ * @Authentication({authenticated: true})
+ * @ApiPath('/api/save')
  * abstract class SaveApiPrototype {
- *   @Post()
- *   @Path('/search/item')
- *   save(request: SaveRequest): Promise<SaveResponse> {
- *     throw new Error('Must be implemented');
- *   }
+ *   @Endpoint('/item')
+ *   save(request: SaveRequest): Promise<SaveResponse> { ... }
  * }
  * ```
  */
-export declare function ApiInterface(): ClassDecorator;
+export declare function ApiPath(basePath: string): ClassDecorator;
 /**
- * @Get decorator for GET requests.
- * Usage: @Get()
+ * @Endpoint(path) - Method decorator that registers a POST endpoint at the given path.
+ *
+ * All endpoints are POST-only (matching gRPC/thrift style).
+ *
+ * Usage:
+ * ```typescript
+ * @Endpoint('/item')
+ * save(request: SaveRequest): Promise<SaveResponse> { ... }
+ * ```
  */
-export declare function Get(): MethodDecorator;
+export declare function Endpoint(path: string): MethodDecorator;
 /**
- * @Post decorator for POST requests.
- * Usage: @Post()
+ * Authentication config passed to @Authentication() decorator.
  */
-export declare function Post(): MethodDecorator;
+export declare class AuthenticationConfig {
+    authenticated: boolean;
+    roles?: string[];
+    constructor(authenticated: boolean, roles?: string[]);
+}
 /**
- * @Put decorator for PUT requests.
- * Usage: @Put()
+ * @Authentication(config) - Class or method decorator for auth requirements.
+ *
+ * Single decorator replaces @Public/@Authenticated/@Roles:
+ * - @Authentication({authenticated: false}) → public, no auth check
+ * - @Authentication({authenticated: true}) → requires authentication
+ * - @Authentication({authenticated: true, roles: ['admin']}) → requires auth + roles
+ *
+ * Class-level is required. Methods can override class-level.
+ * Throws if authenticated=false but roles are specified (contradictory).
  */
-export declare function Put(): MethodDecorator;
+export declare function Authentication(config: AuthenticationConfig): ClassDecorator & MethodDecorator;
 /**
- * @Delete decorator for DELETE requests.
- * Usage: @Delete()
+ * Get the base path from @ApiPath decorator.
  */
-export declare function Delete(): MethodDecorator;
+export declare function getApiPath(apiClass: Function): string | undefined;
 /**
- * @Patch decorator for PATCH requests.
- * Usage: @Patch()
+ * Get all endpoints from @Endpoint decorators.
+ * Returns a record of methodName -> endpoint path.
  */
-export declare function Patch(): MethodDecorator;
+export declare function getEndpoints(apiClass: Function): Record<string, string> | undefined;
 /**
- * @Path decorator to specify the route path.
- * Similar to JAX-RS @Path annotation.
- *
- * This decorator is used by:
- * - Server: To register routes at the specified path
- * - Client: To make HTTP requests to the specified path
- *
- * Usage:
- * ```typescript
- * @Post()
- * @Path('/search/item')
- * save(request: SaveRequest): Promise<SaveResponse> {
- *   throw new Error('Must be implemented');
- * }
- * ```
+ * Check if a class has @ApiPath decorator.
  */
-export declare function Path(path: string): MethodDecorator;
+export declare function isApiPath(apiClass: Function): boolean;
 /**
- * Helper function to get all routes from an API interface class.
- * Used by both server-side routing and client-side client generation.
+ * Get auth metadata for a specific method, falling back to class-level auth.
+ * Method-level auth takes precedence over class-level auth.
  */
-export declare function getRoutes(apiClass: any): RouteMetadata[];
+export declare function getAuthMeta(apiClass: Function, methodName?: string): AuthMeta | undefined;
 /**
- * Helper function to check if a class is an API interface.
- * Used by both server-side routing and client-side client generation.
+ * Validate that a class/method doesn't have conflicting auth decorators.
+ * @throws Error if multiple @Authentication decorators are found on the same target.
  */
-export declare function isApiInterface(apiClass: any): boolean;
+export declare function validateNoConflictingDecorators(apiClass: Function, methodName: string | undefined): void;

package/src/decorators.js

@@ -1,175 +1,192 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.RouteMetadata = exports.METADATA_KEYS = void 0;
-exports.ApiInterface = ApiInterface;
-exports.Get = Get;
-exports.Post = Post;
-exports.Put = Put;
-exports.Delete = Delete;
-exports.Patch = Patch;
-exports.Path = Path;
-exports.getRoutes = getRoutes;
-exports.isApiInterface = isApiInterface;
+exports.AuthenticationConfig = exports.AuthMeta = exports.RouteMetadata = exports.METADATA_KEYS = void 0;
+exports.ApiPath = ApiPath;
+exports.Endpoint = Endpoint;
+exports.Authentication = Authentication;
+exports.getApiPath = getApiPath;
+exports.getEndpoints = getEndpoints;
+exports.isApiPath = isApiPath;
+exports.getAuthMeta = getAuthMeta;
+exports.validateNoConflictingDecorators = validateNoConflictingDecorators;
 require("reflect-metadata");
 /**
  * Metadata keys for storing API routing information.
  * These keys are used by both server-side (routing) and client-side (client generation).
  */
 exports.METADATA_KEYS = {
-    API_INTERFACE: 'webpieces:api-interface',
-    ROUTES: 'webpieces:routes',
-    HTTP_METHOD: 'webpieces:http-method',
-    PATH: 'webpieces:path',
+    API_PATH: 'webpieces:api-path',
+    ENDPOINTS: 'webpieces:endpoints',
+    AUTH_META: 'webpieces:auth-meta',
 };
 /**
- * Route metadata stored on methods.
- * Used by both server-side routing and client-side HTTP client generation.
+ * Route metadata stored per-method at runtime.
+ * Used internally by http-routing and http-client as the runtime representation
+ * of a route. Constructed from @ApiPath + @Endpoint metadata by createApiClient
+ * and ApiRoutingFactory.
  */
 class RouteMetadata {
-    constructor(httpMethod, path, methodName, parameterTypes, controllerClassName) {
+    constructor(httpMethod, path, methodName, controllerClassName, authMeta) {
         this.httpMethod = httpMethod;
         this.path = path;
         this.methodName = methodName;
-        this.parameterTypes = parameterTypes;
         this.controllerClassName = controllerClassName;
+        this.authMeta = authMeta;
     }
 }
 exports.RouteMetadata = RouteMetadata;
 /**
- * Mark a class as an API interface.
- * Similar to Java's JAX-RS interface pattern.
+ * Auth metadata attached to a class or method via @Authentication().
  *
- * This decorator is used by:
- * - Server: RESTApiRoutes reads it to validate API interfaces
- * - Client: Client generator reads it to identify API interfaces
+ * - authenticated=false → public endpoint (no auth check)
+ * - authenticated=true, no roles → requires authentication
+ * - authenticated=true, roles=['admin'] → requires authentication + specific roles
+ * - authenticated=false + roles → INVALID (caught at decorator time)
+ */
+class AuthMeta {
+    constructor(authenticated, roles) {
+        this.authenticated = authenticated;
+        this.roles = roles ?? [];
+    }
+}
+exports.AuthMeta = AuthMeta;
+/**
+ * @ApiPath(basePath) - Class decorator that marks a class as an API definition
+ * and sets the base path for all endpoints.
  *
  * Usage:
  * ```typescript
- * @ApiInterface()
+ * @Authentication({authenticated: true})
+ * @ApiPath('/api/save')
  * abstract class SaveApiPrototype {
- *   @Post()
- *   @Path('/search/item')
- *   save(request: SaveRequest): Promise<SaveResponse> {
- *     throw new Error('Must be implemented');
- *   }
+ *   @Endpoint('/item')
+ *   save(request: SaveRequest): Promise<SaveResponse> { ... }
  * }
  * ```
  */
-function ApiInterface() {
+function ApiPath(basePath) {
+    // webpieces-disable no-any-unknown -- reflect-metadata decorator API requires any
     return (target) => {
-        Reflect.defineMetadata(exports.METADATA_KEYS.API_INTERFACE, true, target);
-        // Initialize routes array if not exists
-        if (!Reflect.hasMetadata(exports.METADATA_KEYS.ROUTES, target)) {
-            Reflect.defineMetadata(exports.METADATA_KEYS.ROUTES, [], target);
+        Reflect.defineMetadata(exports.METADATA_KEYS.API_PATH, basePath, target);
+        // Initialize endpoints map if not exists
+        if (!Reflect.hasMetadata(exports.METADATA_KEYS.ENDPOINTS, target)) {
+            Reflect.defineMetadata(exports.METADATA_KEYS.ENDPOINTS, {}, target);
         }
     };
 }
 /**
- * Internal helper to mark a method with an HTTP method.
- * Used by @Get, @Post, @Put, @Delete, @Patch decorators.
+ * @Endpoint(path) - Method decorator that registers a POST endpoint at the given path.
+ *
+ * All endpoints are POST-only (matching gRPC/thrift style).
+ *
+ * Usage:
+ * ```typescript
+ * @Endpoint('/item')
+ * save(request: SaveRequest): Promise<SaveResponse> { ... }
+ * ```
  */
-function httpMethod(method) {
-    return (target, propertyKey, descriptor) => {
-        // For static methods, target is the constructor itself
-        // For instance methods, target is the prototype
+function Endpoint(path) {
+    // webpieces-disable no-any-unknown -- reflect-metadata decorator API requires any
+    return (target, propertyKey, _descriptor) => {
         const metadataTarget = typeof target === 'function' ? target : target.constructor;
-        const existingMetadata = Reflect.getMetadata(exports.METADATA_KEYS.ROUTES, metadataTarget) || [];
-        // Find or create route metadata for this method
-        let routeMetadata = existingMetadata.find((r) => r.methodName === propertyKey);
-        if (!routeMetadata) {
-            routeMetadata = new RouteMetadata('', '', propertyKey);
-            existingMetadata.push(routeMetadata);
-        }
-        routeMetadata.httpMethod = method;
-        // Get parameter types
-        const paramTypes = Reflect.getMetadata('design:paramtypes', target, propertyKey);
-        if (paramTypes) {
-            routeMetadata.parameterTypes = paramTypes;
-        }
-        Reflect.defineMetadata(exports.METADATA_KEYS.ROUTES, existingMetadata, metadataTarget);
+        const endpoints = Reflect.getMetadata(exports.METADATA_KEYS.ENDPOINTS, metadataTarget) || {};
+        endpoints[propertyKey] = path;
+        Reflect.defineMetadata(exports.METADATA_KEYS.ENDPOINTS, endpoints, metadataTarget);
     };
 }
 /**
- * @Get decorator for GET requests.
- * Usage: @Get()
+ * Authentication config passed to @Authentication() decorator.
  */
-function Get() {
-    return httpMethod('GET');
+class AuthenticationConfig {
+    constructor(authenticated, roles) {
+        this.authenticated = authenticated;
+        this.roles = roles;
+    }
 }
+exports.AuthenticationConfig = AuthenticationConfig;
 /**
- * @Post decorator for POST requests.
- * Usage: @Post()
+ * @Authentication(config) - Class or method decorator for auth requirements.
+ *
+ * Single decorator replaces @Public/@Authenticated/@Roles:
+ * - @Authentication({authenticated: false}) → public, no auth check
+ * - @Authentication({authenticated: true}) → requires authentication
+ * - @Authentication({authenticated: true, roles: ['admin']}) → requires auth + roles
+ *
+ * Class-level is required. Methods can override class-level.
+ * Throws if authenticated=false but roles are specified (contradictory).
  */
-function Post() {
-    return httpMethod('POST');
+function Authentication(config) {
+    // Validate: can't be public with roles
+    if (!config.authenticated && config.roles && config.roles.length > 0) {
+        throw new Error(`Invalid @Authentication config: authenticated=false but roles=${JSON.stringify(config.roles)}. ` +
+            `Cannot require roles on a public endpoint. Set authenticated=true or remove roles.`);
+    }
+    const authMeta = new AuthMeta(config.authenticated, config.roles);
+    // webpieces-disable no-any-unknown -- reflect-metadata decorator API requires any
+    return (target, propertyKey, _descriptor) => {
+        if (propertyKey !== undefined) {
+            // Method decorator
+            const metadataTarget = typeof target === 'function' ? target : target.constructor;
+            validateNoConflictingDecorators(metadataTarget, propertyKey);
+            Reflect.defineMetadata(exports.METADATA_KEYS.AUTH_META, authMeta, metadataTarget, propertyKey);
+        }
+        else {
+            // Class decorator
+            validateNoConflictingDecorators(target, undefined);
+            Reflect.defineMetadata(exports.METADATA_KEYS.AUTH_META, authMeta, target);
+        }
+    };
 }
+// ============================================================
+// Helper functions
+// ============================================================
 /**
- * @Put decorator for PUT requests.
- * Usage: @Put()
+ * Get the base path from @ApiPath decorator.
  */
-function Put() {
-    return httpMethod('PUT');
+function getApiPath(apiClass) {
+    return Reflect.getMetadata(exports.METADATA_KEYS.API_PATH, apiClass);
 }
 /**
- * @Delete decorator for DELETE requests.
- * Usage: @Delete()
+ * Get all endpoints from @Endpoint decorators.
+ * Returns a record of methodName -> endpoint path.
  */
-function Delete() {
-    return httpMethod('DELETE');
+function getEndpoints(apiClass) {
+    return Reflect.getMetadata(exports.METADATA_KEYS.ENDPOINTS, apiClass);
 }
 /**
- * @Patch decorator for PATCH requests.
- * Usage: @Patch()
+ * Check if a class has @ApiPath decorator.
  */
-function Patch() {
-    return httpMethod('PATCH');
+function isApiPath(apiClass) {
+    return Reflect.hasMetadata(exports.METADATA_KEYS.API_PATH, apiClass);
 }
 /**
- * @Path decorator to specify the route path.
- * Similar to JAX-RS @Path annotation.
- *
- * This decorator is used by:
- * - Server: To register routes at the specified path
- * - Client: To make HTTP requests to the specified path
- *
- * Usage:
- * ```typescript
- * @Post()
- * @Path('/search/item')
- * save(request: SaveRequest): Promise<SaveResponse> {
- *   throw new Error('Must be implemented');
- * }
- * ```
+ * Get auth metadata for a specific method, falling back to class-level auth.
+ * Method-level auth takes precedence over class-level auth.
  */
-function Path(path) {
-    return (target, propertyKey, descriptor) => {
-        // For static methods, target is the constructor itself
-        // For instance methods, target is the prototype
-        const metadataTarget = typeof target === 'function' ? target : target.constructor;
-        const existingMetadata = Reflect.getMetadata(exports.METADATA_KEYS.ROUTES, metadataTarget) || [];
-        // Find or create route metadata for this method
-        let routeMetadata = existingMetadata.find((r) => r.methodName === propertyKey);
-        if (!routeMetadata) {
-            routeMetadata = new RouteMetadata('', '', propertyKey);
-            existingMetadata.push(routeMetadata);
+function getAuthMeta(apiClass, methodName) {
+    // Check method-level first
+    if (methodName) {
+        const methodAuth = Reflect.getMetadata(exports.METADATA_KEYS.AUTH_META, apiClass, methodName);
+        if (methodAuth) {
+            return methodAuth;
         }
-        routeMetadata.path = path;
-        Reflect.defineMetadata(exports.METADATA_KEYS.ROUTES, existingMetadata, metadataTarget);
-    };
-}
-/**
- * Helper function to get all routes from an API interface class.
- * Used by both server-side routing and client-side client generation.
- */
-function getRoutes(apiClass) {
-    const routes = Reflect.getMetadata(exports.METADATA_KEYS.ROUTES, apiClass);
-    return routes || [];
+    }
+    // Fall back to class-level
+    return Reflect.getMetadata(exports.METADATA_KEYS.AUTH_META, apiClass);
 }
 /**
- * Helper function to check if a class is an API interface.
- * Used by both server-side routing and client-side client generation.
+ * Validate that a class/method doesn't have conflicting auth decorators.
+ * @throws Error if multiple @Authentication decorators are found on the same target.
  */
-function isApiInterface(apiClass) {
-    return Reflect.getMetadata(exports.METADATA_KEYS.API_INTERFACE, apiClass) === true;
+function validateNoConflictingDecorators(apiClass, methodName) {
+    const existing = methodName
+        ? Reflect.getMetadata(exports.METADATA_KEYS.AUTH_META, apiClass, methodName)
+        : Reflect.getMetadata(exports.METADATA_KEYS.AUTH_META, apiClass);
+    if (existing) {
+        const targetName = apiClass.name || 'Unknown';
+        const location = methodName ? `method '${methodName}' of ${targetName}` : `class ${targetName}`;
+        throw new Error(`Conflicting @Authentication on ${location}. ` +
+            `Only one @Authentication() decorator allowed per target.`);
+    }
 }
 //# sourceMappingURL=decorators.js.map

package/src/decorators.js.map

@@ -1 +1 @@
-{"version":3,"file":"decorators.js","sourceRoot":"","sources":["../../../../../packages/http/http-api/src/decorators.ts"],"names":[],"mappings":";;;AA2DA,oCASC;AAwCD,kBAEC;AAMD,oBAEC;AAMD,kBAEC;AAMD,wBAEC;AAMD,sBAEC;AAmBD,oBAsBC;AAMD,8BAGC;AAMD,wCAEC;AAxMD,4BAA0B;AAE1B;;;GAGG;AACU,QAAA,aAAa,GAAG;IACzB,aAAa,EAAE,yBAAyB;IACxC,MAAM,EAAE,kBAAkB;IAC1B,WAAW,EAAE,uBAAuB;IACpC,IAAI,EAAE,gBAAgB;CACzB,CAAC;AAEF;;;GAGG;AACH,MAAa,aAAa;IAOtB,YACI,UAAkB,EAClB,IAAY,EACZ,UAAkB,EAClB,cAAsB,EACtB,mBAA4B;QAE5B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,mBAAmB,GAAG,mBAAmB,CAAC;IACnD,CAAC;CACJ;AApBD,sCAoBC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,SAAgB,YAAY;IACxB,OAAO,CAAC,MAAW,EAAE,EAAE;QACnB,OAAO,CAAC,cAAc,CAAC,qBAAa,CAAC,aAAa,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAElE,wCAAwC;QACxC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,qBAAa,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;YACrD,OAAO,CAAC,cAAc,CAAC,qBAAa,CAAC,MAAM,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;QAC7D,CAAC;IACL,CAAC,CAAC;AACN,CAAC;AAED;;;GAGG;AACH,SAAS,UAAU,CAAC,MAAc;IAC9B,OAAO,CAAC,MAAW,EAAE,WAA4B,EAAE,UAA8B,EAAE,EAAE;QACjF,uDAAuD;QACvD,gDAAgD;QAChD,MAAM,cAAc,GAAG,OAAO,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC;QAElF,MAAM,gBAAgB,GAAG,OAAO,CAAC,WAAW,CAAC,qBAAa,CAAC,MAAM,EAAE,cAAc,CAAC,IAAI,EAAE,CAAC;QAEzF,gDAAgD;QAChD,IAAI,aAAa,GAAG,gBAAgB,CAAC,IAAI,CACrC,CAAC,CAAgB,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,WAAW,CACrD,CAAC;QAEF,IAAI,CAAC,aAAa,EAAE,CAAC;YACjB,aAAa,GAAG,IAAI,aAAa,CAAC,EAAE,EAAE,EAAE,EAAE,WAAqB,CAAC,CAAC;YACjE,gBAAgB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACzC,CAAC;QAED,aAAa,CAAC,UAAU,GAAG,MAAM,CAAC;QAElC,sBAAsB;QACtB,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,mBAAmB,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;QACjF,IAAI,UAAU,EAAE,CAAC;YACb,aAAa,CAAC,cAAc,GAAG,UAAU,CAAC;QAC9C,CAAC;QAED,OAAO,CAAC,cAAc,CAAC,qBAAa,CAAC,MAAM,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAC;IACnF,CAAC,CAAC;AACN,CAAC;AAED;;;GAGG;AACH,SAAgB,GAAG;IACf,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,SAAgB,IAAI;IAChB,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC;AAED;;;GAGG;AACH,SAAgB,GAAG;IACf,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,SAAgB,MAAM;IAClB,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC;AAChC,CAAC;AAED;;;GAGG;AACH,SAAgB,KAAK;IACjB,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;AAC/B,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,SAAgB,IAAI,CAAC,IAAY;IAC7B,OAAO,CAAC,MAAW,EAAE,WAA4B,EAAE,UAA8B,EAAE,EAAE;QACjF,uDAAuD;QACvD,gDAAgD;QAChD,MAAM,cAAc,GAAG,OAAO,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC;QAElF,MAAM,gBAAgB,GAAG,OAAO,CAAC,WAAW,CAAC,qBAAa,CAAC,MAAM,EAAE,cAAc,CAAC,IAAI,EAAE,CAAC;QAEzF,gDAAgD;QAChD,IAAI,aAAa,GAAG,gBAAgB,CAAC,IAAI,CACrC,CAAC,CAAgB,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,WAAW,CACrD,CAAC;QAEF,IAAI,CAAC,aAAa,EAAE,CAAC;YACjB,aAAa,GAAG,IAAI,aAAa,CAAC,EAAE,EAAE,EAAE,EAAE,WAAqB,CAAC,CAAC;YACjE,gBAAgB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACzC,CAAC;QAED,aAAa,CAAC,IAAI,GAAG,IAAI,CAAC;QAE1B,OAAO,CAAC,cAAc,CAAC,qBAAa,CAAC,MAAM,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAC;IACnF,CAAC,CAAC;AACN,CAAC;AAED;;;GAGG;AACH,SAAgB,SAAS,CAAC,QAAa;IACnC,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,qBAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACnE,OAAO,MAAM,IAAI,EAAE,CAAC;AACxB,CAAC;AAED;;;GAGG;AACH,SAAgB,cAAc,CAAC,QAAa;IACxC,OAAO,OAAO,CAAC,WAAW,CAAC,qBAAa,CAAC,aAAa,EAAE,QAAQ,CAAC,KAAK,IAAI,CAAC;AAC/E,CAAC","sourcesContent":["import 'reflect-metadata';\n\n/**\n * Metadata keys for storing API routing information.\n * These keys are used by both server-side (routing) and client-side (client generation).\n */\nexport const METADATA_KEYS = {\n    API_INTERFACE: 'webpieces:api-interface',\n    ROUTES: 'webpieces:routes',\n    HTTP_METHOD: 'webpieces:http-method',\n    PATH: 'webpieces:path',\n};\n\n/**\n * Route metadata stored on methods.\n * Used by both server-side routing and client-side HTTP client generation.\n */\nexport class RouteMetadata {\n    httpMethod: string;\n    path: string;\n    methodName: string;\n    parameterTypes?: any[];\n    controllerClassName?: string;\n\n    constructor(\n        httpMethod: string,\n        path: string,\n        methodName: string,\n        parameterTypes?: any[],\n        controllerClassName?: string,\n    ) {\n        this.httpMethod = httpMethod;\n        this.path = path;\n        this.methodName = methodName;\n        this.parameterTypes = parameterTypes;\n        this.controllerClassName = controllerClassName;\n    }\n}\n\n/**\n * Mark a class as an API interface.\n * Similar to Java's JAX-RS interface pattern.\n *\n * This decorator is used by:\n * - Server: RESTApiRoutes reads it to validate API interfaces\n * - Client: Client generator reads it to identify API interfaces\n *\n * Usage:\n * ```typescript\n * @ApiInterface()\n * abstract class SaveApiPrototype {\n *   @Post()\n *   @Path('/search/item')\n *   save(request: SaveRequest): Promise<SaveResponse> {\n *     throw new Error('Must be implemented');\n *   }\n * }\n * ```\n */\nexport function ApiInterface(): ClassDecorator {\n    return (target: any) => {\n        Reflect.defineMetadata(METADATA_KEYS.API_INTERFACE, true, target);\n\n        // Initialize routes array if not exists\n        if (!Reflect.hasMetadata(METADATA_KEYS.ROUTES, target)) {\n            Reflect.defineMetadata(METADATA_KEYS.ROUTES, [], target);\n        }\n    };\n}\n\n/**\n * Internal helper to mark a method with an HTTP method.\n * Used by @Get, @Post, @Put, @Delete, @Patch decorators.\n */\nfunction httpMethod(method: string): MethodDecorator {\n    return (target: any, propertyKey: string | symbol, descriptor: PropertyDescriptor) => {\n        // For static methods, target is the constructor itself\n        // For instance methods, target is the prototype\n        const metadataTarget = typeof target === 'function' ? target : target.constructor;\n\n        const existingMetadata = Reflect.getMetadata(METADATA_KEYS.ROUTES, metadataTarget) || [];\n\n        // Find or create route metadata for this method\n        let routeMetadata = existingMetadata.find(\n            (r: RouteMetadata) => r.methodName === propertyKey,\n        );\n\n        if (!routeMetadata) {\n            routeMetadata = new RouteMetadata('', '', propertyKey as string);\n            existingMetadata.push(routeMetadata);\n        }\n\n        routeMetadata.httpMethod = method;\n\n        // Get parameter types\n        const paramTypes = Reflect.getMetadata('design:paramtypes', target, propertyKey);\n        if (paramTypes) {\n            routeMetadata.parameterTypes = paramTypes;\n        }\n\n        Reflect.defineMetadata(METADATA_KEYS.ROUTES, existingMetadata, metadataTarget);\n    };\n}\n\n/**\n * @Get decorator for GET requests.\n * Usage: @Get()\n */\nexport function Get(): MethodDecorator {\n    return httpMethod('GET');\n}\n\n/**\n * @Post decorator for POST requests.\n * Usage: @Post()\n */\nexport function Post(): MethodDecorator {\n    return httpMethod('POST');\n}\n\n/**\n * @Put decorator for PUT requests.\n * Usage: @Put()\n */\nexport function Put(): MethodDecorator {\n    return httpMethod('PUT');\n}\n\n/**\n * @Delete decorator for DELETE requests.\n * Usage: @Delete()\n */\nexport function Delete(): MethodDecorator {\n    return httpMethod('DELETE');\n}\n\n/**\n * @Patch decorator for PATCH requests.\n * Usage: @Patch()\n */\nexport function Patch(): MethodDecorator {\n    return httpMethod('PATCH');\n}\n\n/**\n * @Path decorator to specify the route path.\n * Similar to JAX-RS @Path annotation.\n *\n * This decorator is used by:\n * - Server: To register routes at the specified path\n * - Client: To make HTTP requests to the specified path\n *\n * Usage:\n * ```typescript\n * @Post()\n * @Path('/search/item')\n * save(request: SaveRequest): Promise<SaveResponse> {\n *   throw new Error('Must be implemented');\n * }\n * ```\n */\nexport function Path(path: string): MethodDecorator {\n    return (target: any, propertyKey: string | symbol, descriptor: PropertyDescriptor) => {\n        // For static methods, target is the constructor itself\n        // For instance methods, target is the prototype\n        const metadataTarget = typeof target === 'function' ? target : target.constructor;\n\n        const existingMetadata = Reflect.getMetadata(METADATA_KEYS.ROUTES, metadataTarget) || [];\n\n        // Find or create route metadata for this method\n        let routeMetadata = existingMetadata.find(\n            (r: RouteMetadata) => r.methodName === propertyKey,\n        );\n\n        if (!routeMetadata) {\n            routeMetadata = new RouteMetadata('', '', propertyKey as string);\n            existingMetadata.push(routeMetadata);\n        }\n\n        routeMetadata.path = path;\n\n        Reflect.defineMetadata(METADATA_KEYS.ROUTES, existingMetadata, metadataTarget);\n    };\n}\n\n/**\n * Helper function to get all routes from an API interface class.\n * Used by both server-side routing and client-side client generation.\n */\nexport function getRoutes(apiClass: any): RouteMetadata[] {\n    const routes = Reflect.getMetadata(METADATA_KEYS.ROUTES, apiClass);\n    return routes || [];\n}\n\n/**\n * Helper function to check if a class is an API interface.\n * Used by both server-side routing and client-side client generation.\n */\nexport function isApiInterface(apiClass: any): boolean {\n    return Reflect.getMetadata(METADATA_KEYS.API_INTERFACE, apiClass) === true;\n}\n"]}
+{"version":3,"file":"decorators.js","sourceRoot":"","sources":["../../../../../packages/http/http-api/src/decorators.ts"],"names":[],"mappings":";;;AAwEA,0BAUC;AAaD,4BAYC;AA0BD,wCAwBC;AASD,gCAEC;AAMD,oCAEC;AAKD,8BAEC;AAMD,kCAWC;AAMD,0EAaC;AA3ND,4BAA0B;AAE1B;;;GAGG;AACU,QAAA,aAAa,GAAG;IACzB,QAAQ,EAAE,oBAAoB;IAC9B,SAAS,EAAE,qBAAqB;IAChC,SAAS,EAAE,qBAAqB;CACnC,CAAC;AAEF;;;;;GAKG;AACH,MAAa,aAAa;IAOtB,YACI,UAAkB,EAClB,IAAY,EACZ,UAAkB,EAClB,mBAA4B,EAC5B,QAAmB;QAEnB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,mBAAmB,GAAG,mBAAmB,CAAC;QAC/C,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC7B,CAAC;CACJ;AApBD,sCAoBC;AAED;;;;;;;GAOG;AACH,MAAa,QAAQ;IAIjB,YAAY,aAAsB,EAAE,KAAgB;QAChD,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,KAAK,IAAI,EAAE,CAAC;IAC7B,CAAC;CACJ;AARD,4BAQC;AAED;;;;;;;;;;;;;GAaG;AACH,SAAgB,OAAO,CAAC,QAAgB;IACpC,kFAAkF;IAClF,OAAO,CAAC,MAAW,EAAE,EAAE;QACnB,OAAO,CAAC,cAAc,CAAC,qBAAa,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QAEjE,yCAAyC;QACzC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,qBAAa,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,CAAC;YACxD,OAAO,CAAC,cAAc,CAAC,qBAAa,CAAC,SAAS,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;QAChE,CAAC;IACL,CAAC,CAAC;AACN,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,QAAQ,CAAC,IAAY;IACjC,kFAAkF;IAClF,OAAO,CAAC,MAAW,EAAE,WAA4B,EAAE,WAA+B,EAAE,EAAE;QAClF,MAAM,cAAc,GAAG,OAAO,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC;QAElF,MAAM,SAAS,GACX,OAAO,CAAC,WAAW,CAAC,qBAAa,CAAC,SAAS,EAAE,cAAc,CAAC,IAAI,EAAE,CAAC;QAEvE,SAAS,CAAC,WAAqB,CAAC,GAAG,IAAI,CAAC;QAExC,OAAO,CAAC,cAAc,CAAC,qBAAa,CAAC,SAAS,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;IAC/E,CAAC,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAa,oBAAoB;IAI7B,YAAY,aAAsB,EAAE,KAAgB;QAChD,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACvB,CAAC;CACJ;AARD,oDAQC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,cAAc,CAAC,MAA4B;IACvD,uCAAuC;IACvC,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CACX,iEAAiE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI;YACjG,oFAAoF,CACvF,CAAC;IACN,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IAElE,kFAAkF;IAClF,OAAO,CAAC,MAAW,EAAE,WAA6B,EAAE,WAAgC,EAAE,EAAE;QACpF,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC5B,mBAAmB;YACnB,MAAM,cAAc,GAAG,OAAO,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC;YAClF,+BAA+B,CAAC,cAAc,EAAE,WAAqB,CAAC,CAAC;YACvE,OAAO,CAAC,cAAc,CAAC,qBAAa,CAAC,SAAS,EAAE,QAAQ,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC;QAC3F,CAAC;aAAM,CAAC;YACJ,kBAAkB;YAClB,+BAA+B,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACnD,OAAO,CAAC,cAAc,CAAC,qBAAa,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACtE,CAAC;IACL,CAAC,CAAC;AACN,CAAC;AAED,+DAA+D;AAC/D,mBAAmB;AACnB,+DAA+D;AAE/D;;GAEG;AACH,SAAgB,UAAU,CAAC,QAAkB;IACzC,OAAO,OAAO,CAAC,WAAW,CAAC,qBAAa,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;AACjE,CAAC;AAED;;;GAGG;AACH,SAAgB,YAAY,CAAC,QAAkB;IAC3C,OAAO,OAAO,CAAC,WAAW,CAAC,qBAAa,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AAClE,CAAC;AAED;;GAEG;AACH,SAAgB,SAAS,CAAC,QAAkB;IACxC,OAAO,OAAO,CAAC,WAAW,CAAC,qBAAa,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;AACjE,CAAC;AAED;;;GAGG;AACH,SAAgB,WAAW,CAAC,QAAkB,EAAE,UAAmB;IAC/D,2BAA2B;IAC3B,IAAI,UAAU,EAAE,CAAC;QACb,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,qBAAa,CAAC,SAAS,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QACtF,IAAI,UAAU,EAAE,CAAC;YACb,OAAO,UAAU,CAAC;QACtB,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,OAAO,OAAO,CAAC,WAAW,CAAC,qBAAa,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AAClE,CAAC;AAED;;;GAGG;AACH,SAAgB,+BAA+B,CAAC,QAAkB,EAAE,UAA8B;IAC9F,MAAM,QAAQ,GAAG,UAAU;QACvB,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,qBAAa,CAAC,SAAS,EAAE,QAAQ,EAAE,UAAU,CAAC;QACpE,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,qBAAa,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAE7D,IAAI,QAAQ,EAAE,CAAC;QACX,MAAM,UAAU,GAAG,QAAQ,CAAC,IAAI,IAAI,SAAS,CAAC;QAC9C,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,WAAW,UAAU,QAAQ,UAAU,EAAE,CAAC,CAAC,CAAC,SAAS,UAAU,EAAE,CAAC;QAChG,MAAM,IAAI,KAAK,CACX,kCAAkC,QAAQ,IAAI;YAC9C,0DAA0D,CAC7D,CAAC;IACN,CAAC;AACL,CAAC","sourcesContent":["import 'reflect-metadata';\n\n/**\n * Metadata keys for storing API routing information.\n * These keys are used by both server-side (routing) and client-side (client generation).\n */\nexport const METADATA_KEYS = {\n    API_PATH: 'webpieces:api-path',\n    ENDPOINTS: 'webpieces:endpoints',\n    AUTH_META: 'webpieces:auth-meta',\n};\n\n/**\n * Route metadata stored per-method at runtime.\n * Used internally by http-routing and http-client as the runtime representation\n * of a route. Constructed from @ApiPath + @Endpoint metadata by createApiClient\n * and ApiRoutingFactory.\n */\nexport class RouteMetadata {\n    httpMethod: string;\n    path: string;\n    methodName: string;\n    controllerClassName?: string;\n    authMeta?: AuthMeta;\n\n    constructor(\n        httpMethod: string,\n        path: string,\n        methodName: string,\n        controllerClassName?: string,\n        authMeta?: AuthMeta,\n    ) {\n        this.httpMethod = httpMethod;\n        this.path = path;\n        this.methodName = methodName;\n        this.controllerClassName = controllerClassName;\n        this.authMeta = authMeta;\n    }\n}\n\n/**\n * Auth metadata attached to a class or method via @Authentication().\n *\n * - authenticated=false → public endpoint (no auth check)\n * - authenticated=true, no roles → requires authentication\n * - authenticated=true, roles=['admin'] → requires authentication + specific roles\n * - authenticated=false + roles → INVALID (caught at decorator time)\n */\nexport class AuthMeta {\n    authenticated: boolean;\n    roles: string[];\n\n    constructor(authenticated: boolean, roles?: string[]) {\n        this.authenticated = authenticated;\n        this.roles = roles ?? [];\n    }\n}\n\n/**\n * @ApiPath(basePath) - Class decorator that marks a class as an API definition\n * and sets the base path for all endpoints.\n *\n * Usage:\n * ```typescript\n * @Authentication({authenticated: true})\n * @ApiPath('/api/save')\n * abstract class SaveApiPrototype {\n *   @Endpoint('/item')\n *   save(request: SaveRequest): Promise<SaveResponse> { ... }\n * }\n * ```\n */\nexport function ApiPath(basePath: string): ClassDecorator {\n    // webpieces-disable no-any-unknown -- reflect-metadata decorator API requires any\n    return (target: any) => {\n        Reflect.defineMetadata(METADATA_KEYS.API_PATH, basePath, target);\n\n        // Initialize endpoints map if not exists\n        if (!Reflect.hasMetadata(METADATA_KEYS.ENDPOINTS, target)) {\n            Reflect.defineMetadata(METADATA_KEYS.ENDPOINTS, {}, target);\n        }\n    };\n}\n\n/**\n * @Endpoint(path) - Method decorator that registers a POST endpoint at the given path.\n *\n * All endpoints are POST-only (matching gRPC/thrift style).\n *\n * Usage:\n * ```typescript\n * @Endpoint('/item')\n * save(request: SaveRequest): Promise<SaveResponse> { ... }\n * ```\n */\nexport function Endpoint(path: string): MethodDecorator {\n    // webpieces-disable no-any-unknown -- reflect-metadata decorator API requires any\n    return (target: any, propertyKey: string | symbol, _descriptor: PropertyDescriptor) => {\n        const metadataTarget = typeof target === 'function' ? target : target.constructor;\n\n        const endpoints: Record<string, string> =\n            Reflect.getMetadata(METADATA_KEYS.ENDPOINTS, metadataTarget) || {};\n\n        endpoints[propertyKey as string] = path;\n\n        Reflect.defineMetadata(METADATA_KEYS.ENDPOINTS, endpoints, metadataTarget);\n    };\n}\n\n/**\n * Authentication config passed to @Authentication() decorator.\n */\nexport class AuthenticationConfig {\n    authenticated: boolean;\n    roles?: string[];\n\n    constructor(authenticated: boolean, roles?: string[]) {\n        this.authenticated = authenticated;\n        this.roles = roles;\n    }\n}\n\n/**\n * @Authentication(config) - Class or method decorator for auth requirements.\n *\n * Single decorator replaces @Public/@Authenticated/@Roles:\n * - @Authentication({authenticated: false}) → public, no auth check\n * - @Authentication({authenticated: true}) → requires authentication\n * - @Authentication({authenticated: true, roles: ['admin']}) → requires auth + roles\n *\n * Class-level is required. Methods can override class-level.\n * Throws if authenticated=false but roles are specified (contradictory).\n */\nexport function Authentication(config: AuthenticationConfig): ClassDecorator & MethodDecorator {\n    // Validate: can't be public with roles\n    if (!config.authenticated && config.roles && config.roles.length > 0) {\n        throw new Error(\n            `Invalid @Authentication config: authenticated=false but roles=${JSON.stringify(config.roles)}. ` +\n            `Cannot require roles on a public endpoint. Set authenticated=true or remove roles.`\n        );\n    }\n\n    const authMeta = new AuthMeta(config.authenticated, config.roles);\n\n    // webpieces-disable no-any-unknown -- reflect-metadata decorator API requires any\n    return (target: any, propertyKey?: string | symbol, _descriptor?: PropertyDescriptor) => {\n        if (propertyKey !== undefined) {\n            // Method decorator\n            const metadataTarget = typeof target === 'function' ? target : target.constructor;\n            validateNoConflictingDecorators(metadataTarget, propertyKey as string);\n            Reflect.defineMetadata(METADATA_KEYS.AUTH_META, authMeta, metadataTarget, propertyKey);\n        } else {\n            // Class decorator\n            validateNoConflictingDecorators(target, undefined);\n            Reflect.defineMetadata(METADATA_KEYS.AUTH_META, authMeta, target);\n        }\n    };\n}\n\n// ============================================================\n// Helper functions\n// ============================================================\n\n/**\n * Get the base path from @ApiPath decorator.\n */\nexport function getApiPath(apiClass: Function): string | undefined {\n    return Reflect.getMetadata(METADATA_KEYS.API_PATH, apiClass);\n}\n\n/**\n * Get all endpoints from @Endpoint decorators.\n * Returns a record of methodName -> endpoint path.\n */\nexport function getEndpoints(apiClass: Function): Record<string, string> | undefined {\n    return Reflect.getMetadata(METADATA_KEYS.ENDPOINTS, apiClass);\n}\n\n/**\n * Check if a class has @ApiPath decorator.\n */\nexport function isApiPath(apiClass: Function): boolean {\n    return Reflect.hasMetadata(METADATA_KEYS.API_PATH, apiClass);\n}\n\n/**\n * Get auth metadata for a specific method, falling back to class-level auth.\n * Method-level auth takes precedence over class-level auth.\n */\nexport function getAuthMeta(apiClass: Function, methodName?: string): AuthMeta | undefined {\n    // Check method-level first\n    if (methodName) {\n        const methodAuth = Reflect.getMetadata(METADATA_KEYS.AUTH_META, apiClass, methodName);\n        if (methodAuth) {\n            return methodAuth;\n        }\n    }\n\n    // Fall back to class-level\n    return Reflect.getMetadata(METADATA_KEYS.AUTH_META, apiClass);\n}\n\n/**\n * Validate that a class/method doesn't have conflicting auth decorators.\n * @throws Error if multiple @Authentication decorators are found on the same target.\n */\nexport function validateNoConflictingDecorators(apiClass: Function, methodName: string | undefined): void {\n    const existing = methodName\n        ? Reflect.getMetadata(METADATA_KEYS.AUTH_META, apiClass, methodName)\n        : Reflect.getMetadata(METADATA_KEYS.AUTH_META, apiClass);\n\n    if (existing) {\n        const targetName = apiClass.name || 'Unknown';\n        const location = methodName ? `method '${methodName}' of ${targetName}` : `class ${targetName}`;\n        throw new Error(\n            `Conflicting @Authentication on ${location}. ` +\n            `Only one @Authentication() decorator allowed per target.`\n        );\n    }\n}\n"]}

package/src/index.d.ts

@@ -16,7 +16,7 @@
  *    └── http-client (client: contract → HTTP requests)
  * ```
  */
-export { ApiInterface, Get, Post, Put, Delete, Patch, Path, getRoutes, isApiInterface, RouteMetadata, METADATA_KEYS, } from './decorators';
+export { ApiPath, Endpoint, Authentication, AuthenticationConfig, getApiPath, getEndpoints, isApiPath, getAuthMeta, validateNoConflictingDecorators, AuthMeta, RouteMetadata, METADATA_KEYS, } from './decorators';
 export { ValidateImplementation } from './validators';
 export { ProtocolError, HttpError, HttpNotFoundError, EndpointNotFoundError, HttpBadRequestError, HttpUnauthorizedError, HttpForbiddenError, HttpTimeoutError, HttpBadGatewayError, HttpGatewayTimeoutError, HttpInternalServerError, HttpVendorError, HttpUserError, ENTITY_NOT_FOUND, WRONG_LOGIN_TYPE, WRONG_LOGIN, NOT_APPROVED, EMAIL_NOT_CONFIRMED, WRONG_DOMAIN, WRONG_COMPANY, NO_REG_CODE, } from './errors';
 export { InstantDto, DateDto, TimeDto, DateTimeDto, InstantUtil, DateUtil, TimeUtil, DateTimeUtil, } from './datetime';

package/src/index.js

@@ -18,18 +18,19 @@
  * ```
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.LogApiCall = exports.HEADER_TYPES = exports.HeaderMethods = exports.PlatformHeadersExtension = exports.PlatformHeader = exports.DateTimeUtil = exports.TimeUtil = exports.DateUtil = exports.InstantUtil = exports.NO_REG_CODE = exports.WRONG_COMPANY = exports.WRONG_DOMAIN = exports.EMAIL_NOT_CONFIRMED = exports.NOT_APPROVED = exports.WRONG_LOGIN = exports.WRONG_LOGIN_TYPE = exports.ENTITY_NOT_FOUND = exports.HttpUserError = exports.HttpVendorError = exports.HttpInternalServerError = exports.HttpGatewayTimeoutError = exports.HttpBadGatewayError = exports.HttpTimeoutError = exports.HttpForbiddenError = exports.HttpUnauthorizedError = exports.HttpBadRequestError = exports.EndpointNotFoundError = exports.HttpNotFoundError = exports.HttpError = exports.ProtocolError = exports.METADATA_KEYS = exports.RouteMetadata = exports.isApiInterface = exports.getRoutes = exports.Path = exports.Patch = exports.Delete = exports.Put = exports.Post = exports.Get = exports.ApiInterface = void 0;
+exports.LogApiCall = exports.HEADER_TYPES = exports.HeaderMethods = exports.PlatformHeadersExtension = exports.PlatformHeader = exports.DateTimeUtil = exports.TimeUtil = exports.DateUtil = exports.InstantUtil = exports.NO_REG_CODE = exports.WRONG_COMPANY = exports.WRONG_DOMAIN = exports.EMAIL_NOT_CONFIRMED = exports.NOT_APPROVED = exports.WRONG_LOGIN = exports.WRONG_LOGIN_TYPE = exports.ENTITY_NOT_FOUND = exports.HttpUserError = exports.HttpVendorError = exports.HttpInternalServerError = exports.HttpGatewayTimeoutError = exports.HttpBadGatewayError = exports.HttpTimeoutError = exports.HttpForbiddenError = exports.HttpUnauthorizedError = exports.HttpBadRequestError = exports.EndpointNotFoundError = exports.HttpNotFoundError = exports.HttpError = exports.ProtocolError = exports.METADATA_KEYS = exports.RouteMetadata = exports.AuthMeta = exports.validateNoConflictingDecorators = exports.getAuthMeta = exports.isApiPath = exports.getEndpoints = exports.getApiPath = exports.AuthenticationConfig = exports.Authentication = exports.Endpoint = exports.ApiPath = void 0;
 // API definition decorators
 var decorators_1 = require("./decorators");
-Object.defineProperty(exports, "ApiInterface", { enumerable: true, get: function () { return decorators_1.ApiInterface; } });
-Object.defineProperty(exports, "Get", { enumerable: true, get: function () { return decorators_1.Get; } });
-Object.defineProperty(exports, "Post", { enumerable: true, get: function () { return decorators_1.Post; } });
-Object.defineProperty(exports, "Put", { enumerable: true, get: function () { return decorators_1.Put; } });
-Object.defineProperty(exports, "Delete", { enumerable: true, get: function () { return decorators_1.Delete; } });
-Object.defineProperty(exports, "Patch", { enumerable: true, get: function () { return decorators_1.Patch; } });
-Object.defineProperty(exports, "Path", { enumerable: true, get: function () { return decorators_1.Path; } });
-Object.defineProperty(exports, "getRoutes", { enumerable: true, get: function () { return decorators_1.getRoutes; } });
-Object.defineProperty(exports, "isApiInterface", { enumerable: true, get: function () { return decorators_1.isApiInterface; } });
+Object.defineProperty(exports, "ApiPath", { enumerable: true, get: function () { return decorators_1.ApiPath; } });
+Object.defineProperty(exports, "Endpoint", { enumerable: true, get: function () { return decorators_1.Endpoint; } });
+Object.defineProperty(exports, "Authentication", { enumerable: true, get: function () { return decorators_1.Authentication; } });
+Object.defineProperty(exports, "AuthenticationConfig", { enumerable: true, get: function () { return decorators_1.AuthenticationConfig; } });
+Object.defineProperty(exports, "getApiPath", { enumerable: true, get: function () { return decorators_1.getApiPath; } });
+Object.defineProperty(exports, "getEndpoints", { enumerable: true, get: function () { return decorators_1.getEndpoints; } });
+Object.defineProperty(exports, "isApiPath", { enumerable: true, get: function () { return decorators_1.isApiPath; } });
+Object.defineProperty(exports, "getAuthMeta", { enumerable: true, get: function () { return decorators_1.getAuthMeta; } });
+Object.defineProperty(exports, "validateNoConflictingDecorators", { enumerable: true, get: function () { return decorators_1.validateNoConflictingDecorators; } });
+Object.defineProperty(exports, "AuthMeta", { enumerable: true, get: function () { return decorators_1.AuthMeta; } });
 Object.defineProperty(exports, "RouteMetadata", { enumerable: true, get: function () { return decorators_1.RouteMetadata; } });
 Object.defineProperty(exports, "METADATA_KEYS", { enumerable: true, get: function () { return decorators_1.METADATA_KEYS; } });
 // HTTP errors

package/src/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/http/http-api/src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;GAiBG;;;AAEH,4BAA4B;AAC5B,2CAYsB;AAXlB,0GAAA,YAAY,OAAA;AACZ,iGAAA,GAAG,OAAA;AACH,kGAAA,IAAI,OAAA;AACJ,iGAAA,GAAG,OAAA;AACH,oGAAA,MAAM,OAAA;AACN,mGAAA,KAAK,OAAA;AACL,kGAAA,IAAI,OAAA;AACJ,uGAAA,SAAS,OAAA;AACT,4GAAA,cAAc,OAAA;AACd,2GAAA,aAAa,OAAA;AACb,2GAAA,aAAa,OAAA;AAMjB,cAAc;AACd,mCAuBkB;AAtBd,uGAAA,aAAa,OAAA;AACb,mGAAA,SAAS,OAAA;AACT,2GAAA,iBAAiB,OAAA;AACjB,+GAAA,qBAAqB,OAAA;AACrB,6GAAA,mBAAmB,OAAA;AACnB,+GAAA,qBAAqB,OAAA;AACrB,4GAAA,kBAAkB,OAAA;AAClB,0GAAA,gBAAgB,OAAA;AAChB,6GAAA,mBAAmB,OAAA;AACnB,iHAAA,uBAAuB,OAAA;AACvB,iHAAA,uBAAuB,OAAA;AACvB,yGAAA,eAAe,OAAA;AACf,uGAAA,aAAa,OAAA;AACb,0BAA0B;AAC1B,0GAAA,gBAAgB,OAAA;AAChB,0GAAA,gBAAgB,OAAA;AAChB,qGAAA,WAAW,OAAA;AACX,sGAAA,YAAY,OAAA;AACZ,6GAAA,mBAAmB,OAAA;AACnB,sGAAA,YAAY,OAAA;AACZ,uGAAA,aAAa,OAAA;AACb,qGAAA,WAAW,OAAA;AAGf,iEAAiE;AACjE,uCASoB;AAJhB,uGAAA,WAAW,OAAA;AACX,oGAAA,QAAQ,OAAA;AACR,oGAAA,QAAQ,OAAA;AACR,wGAAA,YAAY,OAAA;AAGhB,mBAAmB;AACnB,mDAAkD;AAAzC,gHAAA,cAAc,OAAA;AACvB,uEAAsE;AAA7D,oIAAA,wBAAwB,OAAA;AACjC,iDAA+D;AAAtD,8GAAA,aAAa,OAAA;AACtB,6CAA6C;AAApC,2GAAA,YAAY,OAAA;AAErB,UAAU;AACV,2CAA0C;AAAjC,wGAAA,UAAU,OAAA","sourcesContent":["/**\n * @webpieces/http-api\n *\n * Core HTTP API definition package.\n * Contains decorators and utilities for defining HTTP APIs.\n *\n * This package is used by:\n * - @webpieces/http-routing (server-side): Routes HTTP requests to controllers\n * - @webpieces/http-client (client-side): Generates HTTP clients from API definitions\n *\n * Architecture:\n * ```\n * http-api (defines the contract)\n *    ↑\n *    ├── http-routing (server: contract → handlers)\n *    └── http-client (client: contract → HTTP requests)\n * ```\n */\n\n// API definition decorators\nexport {\n    ApiInterface,\n    Get,\n    Post,\n    Put,\n    Delete,\n    Patch,\n    Path,\n    getRoutes,\n    isApiInterface,\n    RouteMetadata,\n    METADATA_KEYS,\n} from './decorators';\n\n// Type validators\nexport { ValidateImplementation } from './validators';\n\n// HTTP errors\nexport {\n    ProtocolError,\n    HttpError,\n    HttpNotFoundError,\n    EndpointNotFoundError,\n    HttpBadRequestError,\n    HttpUnauthorizedError,\n    HttpForbiddenError,\n    HttpTimeoutError,\n    HttpBadGatewayError,\n    HttpGatewayTimeoutError,\n    HttpInternalServerError,\n    HttpVendorError,\n    HttpUserError,\n    // Error subtype constants\n    ENTITY_NOT_FOUND,\n    WRONG_LOGIN_TYPE,\n    WRONG_LOGIN,\n    NOT_APPROVED,\n    EMAIL_NOT_CONFIRMED,\n    WRONG_DOMAIN,\n    WRONG_COMPANY,\n    NO_REG_CODE,\n} from './errors';\n\n// Date/Time DTOs and Utilities (inspired by Java Time / JSR-310)\nexport {\n    InstantDto,\n    DateDto,\n    TimeDto,\n    DateTimeDto,\n    InstantUtil,\n    DateUtil,\n    TimeUtil,\n    DateTimeUtil,\n} from './datetime';\n\n// Platform Headers\nexport { PlatformHeader } from './PlatformHeader';\nexport { PlatformHeadersExtension } from './PlatformHeadersExtension';\nexport { HeaderMethods, ContextReader } from './HeaderMethods';\nexport { HEADER_TYPES } from './HeaderTypes';\n\n// Logging\nexport { LogApiCall } from './LogApiCall';\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/http/http-api/src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;GAiBG;;;AAEH,4BAA4B;AAC5B,2CAasB;AAZlB,qGAAA,OAAO,OAAA;AACP,sGAAA,QAAQ,OAAA;AACR,4GAAA,cAAc,OAAA;AACd,kHAAA,oBAAoB,OAAA;AACpB,wGAAA,UAAU,OAAA;AACV,0GAAA,YAAY,OAAA;AACZ,uGAAA,SAAS,OAAA;AACT,yGAAA,WAAW,OAAA;AACX,6HAAA,+BAA+B,OAAA;AAC/B,sGAAA,QAAQ,OAAA;AACR,2GAAA,aAAa,OAAA;AACb,2GAAA,aAAa,OAAA;AAMjB,cAAc;AACd,mCAuBkB;AAtBd,uGAAA,aAAa,OAAA;AACb,mGAAA,SAAS,OAAA;AACT,2GAAA,iBAAiB,OAAA;AACjB,+GAAA,qBAAqB,OAAA;AACrB,6GAAA,mBAAmB,OAAA;AACnB,+GAAA,qBAAqB,OAAA;AACrB,4GAAA,kBAAkB,OAAA;AAClB,0GAAA,gBAAgB,OAAA;AAChB,6GAAA,mBAAmB,OAAA;AACnB,iHAAA,uBAAuB,OAAA;AACvB,iHAAA,uBAAuB,OAAA;AACvB,yGAAA,eAAe,OAAA;AACf,uGAAA,aAAa,OAAA;AACb,0BAA0B;AAC1B,0GAAA,gBAAgB,OAAA;AAChB,0GAAA,gBAAgB,OAAA;AAChB,qGAAA,WAAW,OAAA;AACX,sGAAA,YAAY,OAAA;AACZ,6GAAA,mBAAmB,OAAA;AACnB,sGAAA,YAAY,OAAA;AACZ,uGAAA,aAAa,OAAA;AACb,qGAAA,WAAW,OAAA;AAGf,iEAAiE;AACjE,uCASoB;AAJhB,uGAAA,WAAW,OAAA;AACX,oGAAA,QAAQ,OAAA;AACR,oGAAA,QAAQ,OAAA;AACR,wGAAA,YAAY,OAAA;AAGhB,mBAAmB;AACnB,mDAAkD;AAAzC,gHAAA,cAAc,OAAA;AACvB,uEAAsE;AAA7D,oIAAA,wBAAwB,OAAA;AACjC,iDAA+D;AAAtD,8GAAA,aAAa,OAAA;AACtB,6CAA6C;AAApC,2GAAA,YAAY,OAAA;AAErB,UAAU;AACV,2CAA0C;AAAjC,wGAAA,UAAU,OAAA","sourcesContent":["/**\n * @webpieces/http-api\n *\n * Core HTTP API definition package.\n * Contains decorators and utilities for defining HTTP APIs.\n *\n * This package is used by:\n * - @webpieces/http-routing (server-side): Routes HTTP requests to controllers\n * - @webpieces/http-client (client-side): Generates HTTP clients from API definitions\n *\n * Architecture:\n * ```\n * http-api (defines the contract)\n *    ↑\n *    ├── http-routing (server: contract → handlers)\n *    └── http-client (client: contract → HTTP requests)\n * ```\n */\n\n// API definition decorators\nexport {\n    ApiPath,\n    Endpoint,\n    Authentication,\n    AuthenticationConfig,\n    getApiPath,\n    getEndpoints,\n    isApiPath,\n    getAuthMeta,\n    validateNoConflictingDecorators,\n    AuthMeta,\n    RouteMetadata,\n    METADATA_KEYS,\n} from './decorators';\n\n// Type validators\nexport { ValidateImplementation } from './validators';\n\n// HTTP errors\nexport {\n    ProtocolError,\n    HttpError,\n    HttpNotFoundError,\n    EndpointNotFoundError,\n    HttpBadRequestError,\n    HttpUnauthorizedError,\n    HttpForbiddenError,\n    HttpTimeoutError,\n    HttpBadGatewayError,\n    HttpGatewayTimeoutError,\n    HttpInternalServerError,\n    HttpVendorError,\n    HttpUserError,\n    // Error subtype constants\n    ENTITY_NOT_FOUND,\n    WRONG_LOGIN_TYPE,\n    WRONG_LOGIN,\n    NOT_APPROVED,\n    EMAIL_NOT_CONFIRMED,\n    WRONG_DOMAIN,\n    WRONG_COMPANY,\n    NO_REG_CODE,\n} from './errors';\n\n// Date/Time DTOs and Utilities (inspired by Java Time / JSR-310)\nexport {\n    InstantDto,\n    DateDto,\n    TimeDto,\n    DateTimeDto,\n    InstantUtil,\n    DateUtil,\n    TimeUtil,\n    DateTimeUtil,\n} from './datetime';\n\n// Platform Headers\nexport { PlatformHeader } from './PlatformHeader';\nexport { PlatformHeadersExtension } from './PlatformHeadersExtension';\nexport { HeaderMethods, ContextReader } from './HeaderMethods';\nexport { HEADER_TYPES } from './HeaderTypes';\n\n// Logging\nexport { LogApiCall } from './LogApiCall';\n"]}