@xtandard/webhooks 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +315 -0
- package/bin/xtandard-webhooks.mjs +3 -0
- package/dist/basic-BIW3Rvuz.cjs +199 -0
- package/dist/basic-BIW3Rvuz.cjs.map +1 -0
- package/dist/basic-DKk0Xfuu.mjs +176 -0
- package/dist/basic-DKk0Xfuu.mjs.map +1 -0
- package/dist/chunk-D7D4PA-g.mjs +13 -0
- package/dist/cli.cjs +655 -0
- package/dist/cli.cjs.map +1 -0
- package/dist/cli.d.cts +42 -0
- package/dist/cli.d.mts +42 -0
- package/dist/cli.mjs +653 -0
- package/dist/cli.mjs.map +1 -0
- package/dist/contract-8h-Azxa5.d.cts +71 -0
- package/dist/contract-9XpcwcCn.mjs +22 -0
- package/dist/contract-9XpcwcCn.mjs.map +1 -0
- package/dist/contract-B2d5dNU3.cjs +33 -0
- package/dist/contract-B2d5dNU3.cjs.map +1 -0
- package/dist/contract-BEhDcd_5.mjs +28 -0
- package/dist/contract-BEhDcd_5.mjs.map +1 -0
- package/dist/contract-Bf1qguwt.cjs +57 -0
- package/dist/contract-Bf1qguwt.cjs.map +1 -0
- package/dist/contract-Bnb3fgRJ.d.cts +177 -0
- package/dist/contract-C2r2Xzwp.d.mts +46 -0
- package/dist/contract-CiPskNvS.d.cts +46 -0
- package/dist/contract-DhQ4JjGG.d.mts +71 -0
- package/dist/contract-T1kcZNdG.d.mts +177 -0
- package/dist/contract-lETlIuXo.d.cts +30 -0
- package/dist/contract-lETlIuXo.d.mts +30 -0
- package/dist/core-CMpnmI5Q.mjs +1605 -0
- package/dist/core-CMpnmI5Q.mjs.map +1 -0
- package/dist/core-DT4ppWh8.d.mts +502 -0
- package/dist/core-KJawHjFF.d.cts +502 -0
- package/dist/core-ZGhH6Vs2.cjs +1790 -0
- package/dist/core-ZGhH6Vs2.cjs.map +1 -0
- package/dist/core.cjs +8 -0
- package/dist/core.d.cts +2 -0
- package/dist/core.d.mts +2 -0
- package/dist/core.mjs +2 -0
- package/dist/create-fetch-handler-BIdk9P30.mjs +1724 -0
- package/dist/create-fetch-handler-BIdk9P30.mjs.map +1 -0
- package/dist/create-fetch-handler-CmooujQo.cjs +1771 -0
- package/dist/create-fetch-handler-CmooujQo.cjs.map +1 -0
- package/dist/create-fetch-handler-Dlkhustu.d.cts +162 -0
- package/dist/create-fetch-handler-jy3hy5nZ.d.mts +162 -0
- package/dist/dispatcher-B0xTEHt1.cjs +212 -0
- package/dist/dispatcher-B0xTEHt1.cjs.map +1 -0
- package/dist/dispatcher-Coubwrka.mjs +196 -0
- package/dist/dispatcher-Coubwrka.mjs.map +1 -0
- package/dist/entry-auth-basic.cjs +5 -0
- package/dist/entry-auth-basic.d.cts +83 -0
- package/dist/entry-auth-basic.d.mts +83 -0
- package/dist/entry-auth-basic.mjs +2 -0
- package/dist/entry-auth-delegated.cjs +28 -0
- package/dist/entry-auth-delegated.cjs.map +1 -0
- package/dist/entry-auth-delegated.d.cts +36 -0
- package/dist/entry-auth-delegated.d.mts +36 -0
- package/dist/entry-auth-delegated.mjs +27 -0
- package/dist/entry-auth-delegated.mjs.map +1 -0
- package/dist/entry-auth-none.cjs +4 -0
- package/dist/entry-auth-none.d.cts +25 -0
- package/dist/entry-auth-none.d.mts +25 -0
- package/dist/entry-auth-none.mjs +2 -0
- package/dist/entry-authorization-delegated.cjs +27 -0
- package/dist/entry-authorization-delegated.cjs.map +1 -0
- package/dist/entry-authorization-delegated.d.cts +31 -0
- package/dist/entry-authorization-delegated.d.mts +31 -0
- package/dist/entry-authorization-delegated.mjs +26 -0
- package/dist/entry-authorization-delegated.mjs.map +1 -0
- package/dist/entry-authorization-none.cjs +3 -0
- package/dist/entry-authorization-none.d.cts +18 -0
- package/dist/entry-authorization-none.d.mts +18 -0
- package/dist/entry-authorization-none.mjs +2 -0
- package/dist/entry-authorization-roles.cjs +6 -0
- package/dist/entry-authorization-roles.d.cts +65 -0
- package/dist/entry-authorization-roles.d.mts +65 -0
- package/dist/entry-authorization-roles.mjs +2 -0
- package/dist/entry-bun.cjs +24 -0
- package/dist/entry-bun.cjs.map +1 -0
- package/dist/entry-bun.d.cts +8 -0
- package/dist/entry-bun.d.mts +8 -0
- package/dist/entry-bun.mjs +23 -0
- package/dist/entry-bun.mjs.map +1 -0
- package/dist/entry-drizzle-mysql.cjs +20 -0
- package/dist/entry-drizzle-mysql.cjs.map +1 -0
- package/dist/entry-drizzle-mysql.d.cts +27 -0
- package/dist/entry-drizzle-mysql.d.mts +27 -0
- package/dist/entry-drizzle-mysql.mjs +19 -0
- package/dist/entry-drizzle-mysql.mjs.map +1 -0
- package/dist/entry-drizzle-pg.cjs +21 -0
- package/dist/entry-drizzle-pg.cjs.map +1 -0
- package/dist/entry-drizzle-pg.d.cts +26 -0
- package/dist/entry-drizzle-pg.d.mts +26 -0
- package/dist/entry-drizzle-pg.mjs +20 -0
- package/dist/entry-drizzle-pg.mjs.map +1 -0
- package/dist/entry-drizzle-sqlite.cjs +21 -0
- package/dist/entry-drizzle-sqlite.cjs.map +1 -0
- package/dist/entry-drizzle-sqlite.d.cts +23 -0
- package/dist/entry-drizzle-sqlite.d.mts +23 -0
- package/dist/entry-drizzle-sqlite.mjs +20 -0
- package/dist/entry-drizzle-sqlite.mjs.map +1 -0
- package/dist/entry-elysia.cjs +125 -0
- package/dist/entry-elysia.cjs.map +1 -0
- package/dist/entry-elysia.d.cts +1017 -0
- package/dist/entry-elysia.d.mts +1017 -0
- package/dist/entry-elysia.mjs +123 -0
- package/dist/entry-elysia.mjs.map +1 -0
- package/dist/entry-express.cjs +57 -0
- package/dist/entry-express.cjs.map +1 -0
- package/dist/entry-express.d.cts +15 -0
- package/dist/entry-express.d.mts +15 -0
- package/dist/entry-express.mjs +56 -0
- package/dist/entry-express.mjs.map +1 -0
- package/dist/entry-hono.cjs +35 -0
- package/dist/entry-hono.cjs.map +1 -0
- package/dist/entry-hono.d.cts +16 -0
- package/dist/entry-hono.d.mts +16 -0
- package/dist/entry-hono.mjs +34 -0
- package/dist/entry-hono.mjs.map +1 -0
- package/dist/entry-hooks-log.cjs +22 -0
- package/dist/entry-hooks-log.cjs.map +1 -0
- package/dist/entry-hooks-log.d.cts +23 -0
- package/dist/entry-hooks-log.d.mts +23 -0
- package/dist/entry-hooks-log.mjs +21 -0
- package/dist/entry-hooks-log.mjs.map +1 -0
- package/dist/entry-storage-cloudflare-kv.cjs +47 -0
- package/dist/entry-storage-cloudflare-kv.cjs.map +1 -0
- package/dist/entry-storage-cloudflare-kv.d.cts +42 -0
- package/dist/entry-storage-cloudflare-kv.d.mts +42 -0
- package/dist/entry-storage-cloudflare-kv.mjs +46 -0
- package/dist/entry-storage-cloudflare-kv.mjs.map +1 -0
- package/dist/entry-storage-drizzle.cjs +78 -0
- package/dist/entry-storage-drizzle.cjs.map +1 -0
- package/dist/entry-storage-drizzle.d.cts +30 -0
- package/dist/entry-storage-drizzle.d.mts +30 -0
- package/dist/entry-storage-drizzle.mjs +77 -0
- package/dist/entry-storage-drizzle.mjs.map +1 -0
- package/dist/entry-storage-file.cjs +4 -0
- package/dist/entry-storage-file.d.cts +30 -0
- package/dist/entry-storage-file.d.mts +30 -0
- package/dist/entry-storage-file.mjs +2 -0
- package/dist/entry-storage-libsql.cjs +3 -0
- package/dist/entry-storage-libsql.d.cts +48 -0
- package/dist/entry-storage-libsql.d.mts +48 -0
- package/dist/entry-storage-libsql.mjs +2 -0
- package/dist/entry-storage-memory.cjs +3 -0
- package/dist/entry-storage-memory.d.cts +2 -0
- package/dist/entry-storage-memory.d.mts +2 -0
- package/dist/entry-storage-memory.mjs +2 -0
- package/dist/entry-storage-mongodb.cjs +3 -0
- package/dist/entry-storage-mongodb.d.cts +55 -0
- package/dist/entry-storage-mongodb.d.mts +55 -0
- package/dist/entry-storage-mongodb.mjs +2 -0
- package/dist/entry-storage-postgres.cjs +3 -0
- package/dist/entry-storage-postgres.d.cts +62 -0
- package/dist/entry-storage-postgres.d.mts +62 -0
- package/dist/entry-storage-postgres.mjs +2 -0
- package/dist/entry-storage-redis.cjs +4 -0
- package/dist/entry-storage-redis.d.cts +77 -0
- package/dist/entry-storage-redis.d.mts +77 -0
- package/dist/entry-storage-redis.mjs +2 -0
- package/dist/entry-storage-sqlite.cjs +3 -0
- package/dist/entry-storage-sqlite.d.cts +36 -0
- package/dist/entry-storage-sqlite.d.mts +36 -0
- package/dist/entry-storage-sqlite.mjs +2 -0
- package/dist/entry-storage-unstorage.cjs +42 -0
- package/dist/entry-storage-unstorage.cjs.map +1 -0
- package/dist/entry-storage-unstorage.d.cts +29 -0
- package/dist/entry-storage-unstorage.d.mts +29 -0
- package/dist/entry-storage-unstorage.mjs +41 -0
- package/dist/entry-storage-unstorage.mjs.map +1 -0
- package/dist/file-COBYZA4Q.cjs +148 -0
- package/dist/file-COBYZA4Q.cjs.map +1 -0
- package/dist/file-fi02eFHk.mjs +131 -0
- package/dist/file-fi02eFHk.mjs.map +1 -0
- package/dist/index.cjs +123 -0
- package/dist/index.cjs.map +1 -0
- package/dist/index.d.cts +368 -0
- package/dist/index.d.mts +366 -0
- package/dist/index.mjs +61 -0
- package/dist/index.mjs.map +1 -0
- package/dist/keys-Byyj4quQ.mjs +111 -0
- package/dist/keys-Byyj4quQ.mjs.map +1 -0
- package/dist/keys-FiKpaVHX.cjs +302 -0
- package/dist/keys-FiKpaVHX.cjs.map +1 -0
- package/dist/libsql-bpVi0bXN.mjs +113 -0
- package/dist/libsql-bpVi0bXN.mjs.map +1 -0
- package/dist/libsql-pPJEo1e4.cjs +124 -0
- package/dist/libsql-pPJEo1e4.cjs.map +1 -0
- package/dist/memory-8Ef-PL5a.cjs +137 -0
- package/dist/memory-8Ef-PL5a.cjs.map +1 -0
- package/dist/memory-BMsSSwqn.mjs +127 -0
- package/dist/memory-BMsSSwqn.mjs.map +1 -0
- package/dist/memory-FnMJWCmB.d.cts +28 -0
- package/dist/memory-qIvANEs_.d.mts +28 -0
- package/dist/mongodb-Cy8yo0uk.cjs +108 -0
- package/dist/mongodb-Cy8yo0uk.cjs.map +1 -0
- package/dist/mongodb-Ddaq9mml.mjs +97 -0
- package/dist/mongodb-Ddaq9mml.mjs.map +1 -0
- package/dist/none-BnZtaGNJ.mjs +23 -0
- package/dist/none-BnZtaGNJ.mjs.map +1 -0
- package/dist/none-CAsxCOWN.cjs +49 -0
- package/dist/none-CAsxCOWN.cjs.map +1 -0
- package/dist/none-CZVrfnmF.cjs +33 -0
- package/dist/none-CZVrfnmF.cjs.map +1 -0
- package/dist/none-GhVIoh_s.mjs +33 -0
- package/dist/none-GhVIoh_s.mjs.map +1 -0
- package/dist/postgres-C8WbchFa.cjs +134 -0
- package/dist/postgres-C8WbchFa.cjs.map +1 -0
- package/dist/postgres-c3pAhmhr.mjs +123 -0
- package/dist/postgres-c3pAhmhr.mjs.map +1 -0
- package/dist/react.css +1 -0
- package/dist/react.js +31465 -0
- package/dist/receiver.cjs +43 -0
- package/dist/receiver.cjs.map +1 -0
- package/dist/receiver.d.cts +36 -0
- package/dist/receiver.d.mts +36 -0
- package/dist/receiver.mjs +40 -0
- package/dist/receiver.mjs.map +1 -0
- package/dist/redis-CFJkuSgB.cjs +270 -0
- package/dist/redis-CFJkuSgB.cjs.map +1 -0
- package/dist/redis-CvLi0KF7.mjs +254 -0
- package/dist/redis-CvLi0KF7.mjs.map +1 -0
- package/dist/roles-D0G9XqBq.cjs +128 -0
- package/dist/roles-D0G9XqBq.cjs.map +1 -0
- package/dist/roles-vp361lTk.mjs +99 -0
- package/dist/roles-vp361lTk.mjs.map +1 -0
- package/dist/schema-mo__wv4P.d.cts +233 -0
- package/dist/schema-mo__wv4P.d.mts +233 -0
- package/dist/schema.cjs +13 -0
- package/dist/schema.cjs.map +1 -0
- package/dist/schema.d.cts +2 -0
- package/dist/schema.d.mts +2 -0
- package/dist/schema.mjs +11 -0
- package/dist/schema.mjs.map +1 -0
- package/dist/signing.cjs +162 -0
- package/dist/signing.cjs.map +1 -0
- package/dist/signing.d.cts +73 -0
- package/dist/signing.d.mts +73 -0
- package/dist/signing.mjs +156 -0
- package/dist/signing.mjs.map +1 -0
- package/dist/sqlite-Cmqnrjes.mjs +67 -0
- package/dist/sqlite-Cmqnrjes.mjs.map +1 -0
- package/dist/sqlite-Dcufk0x3.cjs +78 -0
- package/dist/sqlite-Dcufk0x3.cjs.map +1 -0
- package/dist/table-Ce3Tzwqs.d.cts +11 -0
- package/dist/table-Ce3Tzwqs.d.mts +11 -0
- package/dist/testing.cjs +134 -0
- package/dist/testing.cjs.map +1 -0
- package/dist/testing.d.cts +80 -0
- package/dist/testing.d.mts +80 -0
- package/dist/testing.mjs +131 -0
- package/dist/testing.mjs.map +1 -0
- package/dist/types-react/react.d.ts +98 -0
- package/dist/types-react/schema.d.ts +229 -0
- package/dist/types-react/ui/App.d.ts +22 -0
- package/dist/types-react/ui/api.d.ts +97 -0
- package/dist/types-react/ui/components/JsonCodeEditor.d.ts +12 -0
- package/dist/types-react/ui/components/ThemeToggle.d.ts +2 -0
- package/dist/types-react/ui/components/Toast.d.ts +16 -0
- package/dist/types-react/ui/components/primitives.d.ts +50 -0
- package/dist/types-react/ui/components/ui-bits.d.ts +22 -0
- package/dist/types-react/ui/components/webhook-bits.d.ts +51 -0
- package/dist/types-react/ui/lib/format.d.ts +39 -0
- package/dist/types-react/ui/lib/nav-guard.d.ts +20 -0
- package/dist/types-react/ui/lib/utils.d.ts +3 -0
- package/dist/types-react/ui/theme.d.ts +12 -0
- package/dist/types-react/ui/types.d.ts +80 -0
- package/dist/types-react/ui/views/AuditView.d.ts +6 -0
- package/dist/types-react/ui/views/DeliveriesView.d.ts +12 -0
- package/dist/types-react/ui/views/EndpointsView.d.ts +11 -0
- package/dist/types-react/ui/views/EventTypesView.d.ts +11 -0
- package/dist/types-react/ui/views/MessagesView.d.ts +10 -0
- package/dist/types-react/ui/views/OverviewView.d.ts +12 -0
- package/dist/ui/assets/index-B0eoQX2U.css +1 -0
- package/dist/ui/assets/index-S5t_CLOe.js +209 -0
- package/dist/ui/index.html +14 -0
- package/package.json +487 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"entry-auth-delegated.cjs","names":[],"sources":["../src/auth/delegated.ts"],"sourcesContent":["/**\n * Delegated {@link AuthProvider}. Wraps caller-supplied functions so you can\n * plug in any authentication scheme — JWT/bearer tokens, sessions, API keys,\n * OAuth, an existing middleware — without implementing the {@link AuthProvider}\n * interface by hand.\n *\n * The wrapper normalizes a synchronous-or-asynchronous `authenticate` into the\n * `Promise`-returning shape the contract requires, and forwards an optional\n * `challenge`.\n *\n * @module\n */\n\nimport type { AuthProvider, Principal } from \"./contract.ts\";\n\n/** Options for {@link delegatedAuth}. */\nexport interface DelegatedAuthOptions {\n /**\n * Resolve the {@link Principal} for a request, or `null` if unauthenticated.\n * May be synchronous or asynchronous.\n */\n authenticate: (request: Request) => Promise<Principal | null> | Principal | null;\n /**\n * Optional challenge builder, mirroring {@link AuthProvider.challenge}. Return\n * a `Response` (typically a `401`) to prompt for credentials, or `undefined`\n * to fall back to the server's default.\n */\n challenge?: (request: Request) => Response | undefined;\n}\n\n/**\n * Create an {@link AuthProvider} from plain functions.\n *\n * @example\n * ```ts\n * import { delegatedAuth } from \"@xtandard/webhooks/auth/delegated\";\n *\n * const auth = delegatedAuth({\n * authenticate: async (request) => {\n * const token = request.headers.get(\"authorization\")?.replace(\"Bearer \", \"\");\n * return token ? await verifyToken(token) : null;\n * },\n * });\n * ```\n */\nexport function delegatedAuth(options: DelegatedAuthOptions): AuthProvider {\n const provider: AuthProvider = {\n async authenticate(request: Request): Promise<Principal | null> {\n return await options.authenticate(request);\n },\n };\n if (options.challenge) {\n provider.challenge = options.challenge;\n }\n return provider;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AA6CA,SAAgB,cAAc,SAA6C;CACzE,MAAM,WAAyB,EAC7B,MAAM,aAAa,SAA6C;EAC9D,OAAO,MAAM,QAAQ,aAAa,OAAO;CAC3C,EACF;CACA,IAAI,QAAQ,WACV,SAAS,YAAY,QAAQ;CAE/B,OAAO;AACT"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import { n as Principal, t as AuthProvider } from "./contract-lETlIuXo.cjs";
|
|
2
|
+
|
|
3
|
+
//#region src/auth/delegated.d.ts
|
|
4
|
+
/** Options for {@link delegatedAuth}. */
|
|
5
|
+
interface DelegatedAuthOptions {
|
|
6
|
+
/**
|
|
7
|
+
* Resolve the {@link Principal} for a request, or `null` if unauthenticated.
|
|
8
|
+
* May be synchronous or asynchronous.
|
|
9
|
+
*/
|
|
10
|
+
authenticate: (request: Request) => Promise<Principal | null> | Principal | null;
|
|
11
|
+
/**
|
|
12
|
+
* Optional challenge builder, mirroring {@link AuthProvider.challenge}. Return
|
|
13
|
+
* a `Response` (typically a `401`) to prompt for credentials, or `undefined`
|
|
14
|
+
* to fall back to the server's default.
|
|
15
|
+
*/
|
|
16
|
+
challenge?: (request: Request) => Response | undefined;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Create an {@link AuthProvider} from plain functions.
|
|
20
|
+
*
|
|
21
|
+
* @example
|
|
22
|
+
* ```ts
|
|
23
|
+
* import { delegatedAuth } from "@xtandard/webhooks/auth/delegated";
|
|
24
|
+
*
|
|
25
|
+
* const auth = delegatedAuth({
|
|
26
|
+
* authenticate: async (request) => {
|
|
27
|
+
* const token = request.headers.get("authorization")?.replace("Bearer ", "");
|
|
28
|
+
* return token ? await verifyToken(token) : null;
|
|
29
|
+
* },
|
|
30
|
+
* });
|
|
31
|
+
* ```
|
|
32
|
+
*/
|
|
33
|
+
declare function delegatedAuth(options: DelegatedAuthOptions): AuthProvider;
|
|
34
|
+
//#endregion
|
|
35
|
+
export { DelegatedAuthOptions, delegatedAuth };
|
|
36
|
+
//# sourceMappingURL=entry-auth-delegated.d.cts.map
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import { n as Principal, t as AuthProvider } from "./contract-lETlIuXo.mjs";
|
|
2
|
+
|
|
3
|
+
//#region src/auth/delegated.d.ts
|
|
4
|
+
/** Options for {@link delegatedAuth}. */
|
|
5
|
+
interface DelegatedAuthOptions {
|
|
6
|
+
/**
|
|
7
|
+
* Resolve the {@link Principal} for a request, or `null` if unauthenticated.
|
|
8
|
+
* May be synchronous or asynchronous.
|
|
9
|
+
*/
|
|
10
|
+
authenticate: (request: Request) => Promise<Principal | null> | Principal | null;
|
|
11
|
+
/**
|
|
12
|
+
* Optional challenge builder, mirroring {@link AuthProvider.challenge}. Return
|
|
13
|
+
* a `Response` (typically a `401`) to prompt for credentials, or `undefined`
|
|
14
|
+
* to fall back to the server's default.
|
|
15
|
+
*/
|
|
16
|
+
challenge?: (request: Request) => Response | undefined;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Create an {@link AuthProvider} from plain functions.
|
|
20
|
+
*
|
|
21
|
+
* @example
|
|
22
|
+
* ```ts
|
|
23
|
+
* import { delegatedAuth } from "@xtandard/webhooks/auth/delegated";
|
|
24
|
+
*
|
|
25
|
+
* const auth = delegatedAuth({
|
|
26
|
+
* authenticate: async (request) => {
|
|
27
|
+
* const token = request.headers.get("authorization")?.replace("Bearer ", "");
|
|
28
|
+
* return token ? await verifyToken(token) : null;
|
|
29
|
+
* },
|
|
30
|
+
* });
|
|
31
|
+
* ```
|
|
32
|
+
*/
|
|
33
|
+
declare function delegatedAuth(options: DelegatedAuthOptions): AuthProvider;
|
|
34
|
+
//#endregion
|
|
35
|
+
export { DelegatedAuthOptions, delegatedAuth };
|
|
36
|
+
//# sourceMappingURL=entry-auth-delegated.d.mts.map
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
//#region src/auth/delegated.ts
|
|
2
|
+
/**
|
|
3
|
+
* Create an {@link AuthProvider} from plain functions.
|
|
4
|
+
*
|
|
5
|
+
* @example
|
|
6
|
+
* ```ts
|
|
7
|
+
* import { delegatedAuth } from "@xtandard/webhooks/auth/delegated";
|
|
8
|
+
*
|
|
9
|
+
* const auth = delegatedAuth({
|
|
10
|
+
* authenticate: async (request) => {
|
|
11
|
+
* const token = request.headers.get("authorization")?.replace("Bearer ", "");
|
|
12
|
+
* return token ? await verifyToken(token) : null;
|
|
13
|
+
* },
|
|
14
|
+
* });
|
|
15
|
+
* ```
|
|
16
|
+
*/
|
|
17
|
+
function delegatedAuth(options) {
|
|
18
|
+
const provider = { async authenticate(request) {
|
|
19
|
+
return await options.authenticate(request);
|
|
20
|
+
} };
|
|
21
|
+
if (options.challenge) provider.challenge = options.challenge;
|
|
22
|
+
return provider;
|
|
23
|
+
}
|
|
24
|
+
//#endregion
|
|
25
|
+
export { delegatedAuth };
|
|
26
|
+
|
|
27
|
+
//# sourceMappingURL=entry-auth-delegated.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"entry-auth-delegated.mjs","names":[],"sources":["../src/auth/delegated.ts"],"sourcesContent":["/**\n * Delegated {@link AuthProvider}. Wraps caller-supplied functions so you can\n * plug in any authentication scheme — JWT/bearer tokens, sessions, API keys,\n * OAuth, an existing middleware — without implementing the {@link AuthProvider}\n * interface by hand.\n *\n * The wrapper normalizes a synchronous-or-asynchronous `authenticate` into the\n * `Promise`-returning shape the contract requires, and forwards an optional\n * `challenge`.\n *\n * @module\n */\n\nimport type { AuthProvider, Principal } from \"./contract.ts\";\n\n/** Options for {@link delegatedAuth}. */\nexport interface DelegatedAuthOptions {\n /**\n * Resolve the {@link Principal} for a request, or `null` if unauthenticated.\n * May be synchronous or asynchronous.\n */\n authenticate: (request: Request) => Promise<Principal | null> | Principal | null;\n /**\n * Optional challenge builder, mirroring {@link AuthProvider.challenge}. Return\n * a `Response` (typically a `401`) to prompt for credentials, or `undefined`\n * to fall back to the server's default.\n */\n challenge?: (request: Request) => Response | undefined;\n}\n\n/**\n * Create an {@link AuthProvider} from plain functions.\n *\n * @example\n * ```ts\n * import { delegatedAuth } from \"@xtandard/webhooks/auth/delegated\";\n *\n * const auth = delegatedAuth({\n * authenticate: async (request) => {\n * const token = request.headers.get(\"authorization\")?.replace(\"Bearer \", \"\");\n * return token ? await verifyToken(token) : null;\n * },\n * });\n * ```\n */\nexport function delegatedAuth(options: DelegatedAuthOptions): AuthProvider {\n const provider: AuthProvider = {\n async authenticate(request: Request): Promise<Principal | null> {\n return await options.authenticate(request);\n },\n };\n if (options.challenge) {\n provider.challenge = options.challenge;\n }\n return provider;\n}\n"],"mappings":";;;;;;;;;;;;;;;;AA6CA,SAAgB,cAAc,SAA6C;CACzE,MAAM,WAAyB,EAC7B,MAAM,aAAa,SAA6C;EAC9D,OAAO,MAAM,QAAQ,aAAa,OAAO;CAC3C,EACF;CACA,IAAI,QAAQ,WACV,SAAS,YAAY,QAAQ;CAE/B,OAAO;AACT"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { n as Principal, t as AuthProvider } from "./contract-lETlIuXo.cjs";
|
|
2
|
+
|
|
3
|
+
//#region src/auth/none.d.ts
|
|
4
|
+
/** The fixed principal returned by {@link noAuth}. */
|
|
5
|
+
declare const ANONYMOUS_PRINCIPAL: Principal;
|
|
6
|
+
/**
|
|
7
|
+
* Create an {@link AuthProvider} that performs no authentication and resolves
|
|
8
|
+
* every request to the shared {@link ANONYMOUS_PRINCIPAL}.
|
|
9
|
+
*
|
|
10
|
+
* Because it never returns `null`, the request is always "authenticated" — use
|
|
11
|
+
* an {@link AuthorizationProvider} to control what the anonymous principal may
|
|
12
|
+
* actually do.
|
|
13
|
+
*
|
|
14
|
+
* @example
|
|
15
|
+
* ```ts
|
|
16
|
+
* import { noAuth } from "@xtandard/webhooks/auth/none";
|
|
17
|
+
*
|
|
18
|
+
* const auth = noAuth();
|
|
19
|
+
* await auth.authenticate(request); // → { id: "anonymous" }
|
|
20
|
+
* ```
|
|
21
|
+
*/
|
|
22
|
+
declare function noAuth(): AuthProvider;
|
|
23
|
+
//#endregion
|
|
24
|
+
export { ANONYMOUS_PRINCIPAL, noAuth };
|
|
25
|
+
//# sourceMappingURL=entry-auth-none.d.cts.map
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { n as Principal, t as AuthProvider } from "./contract-lETlIuXo.mjs";
|
|
2
|
+
|
|
3
|
+
//#region src/auth/none.d.ts
|
|
4
|
+
/** The fixed principal returned by {@link noAuth}. */
|
|
5
|
+
declare const ANONYMOUS_PRINCIPAL: Principal;
|
|
6
|
+
/**
|
|
7
|
+
* Create an {@link AuthProvider} that performs no authentication and resolves
|
|
8
|
+
* every request to the shared {@link ANONYMOUS_PRINCIPAL}.
|
|
9
|
+
*
|
|
10
|
+
* Because it never returns `null`, the request is always "authenticated" — use
|
|
11
|
+
* an {@link AuthorizationProvider} to control what the anonymous principal may
|
|
12
|
+
* actually do.
|
|
13
|
+
*
|
|
14
|
+
* @example
|
|
15
|
+
* ```ts
|
|
16
|
+
* import { noAuth } from "@xtandard/webhooks/auth/none";
|
|
17
|
+
*
|
|
18
|
+
* const auth = noAuth();
|
|
19
|
+
* await auth.authenticate(request); // → { id: "anonymous" }
|
|
20
|
+
* ```
|
|
21
|
+
*/
|
|
22
|
+
declare function noAuth(): AuthProvider;
|
|
23
|
+
//#endregion
|
|
24
|
+
export { ANONYMOUS_PRINCIPAL, noAuth };
|
|
25
|
+
//# sourceMappingURL=entry-auth-none.d.mts.map
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
|
|
2
|
+
//#region src/authorization/delegated.ts
|
|
3
|
+
/**
|
|
4
|
+
* Create an {@link AuthorizationProvider} from a plain decision function.
|
|
5
|
+
*
|
|
6
|
+
* @example
|
|
7
|
+
* ```ts
|
|
8
|
+
* import { delegatedAuthorization } from "@xtandard/webhooks/authorization/delegated";
|
|
9
|
+
*
|
|
10
|
+
* const authz = delegatedAuthorization({
|
|
11
|
+
* authorize: ({ principal, action, resource }) =>
|
|
12
|
+
* resource.type !== "application" ||
|
|
13
|
+
* (principal?.metadata as { apps?: string[] } | undefined)?.apps?.includes(
|
|
14
|
+
* resource.applicationKey,
|
|
15
|
+
* ) === true,
|
|
16
|
+
* });
|
|
17
|
+
* ```
|
|
18
|
+
*/
|
|
19
|
+
function delegatedAuthorization(options) {
|
|
20
|
+
return { async authorize(input) {
|
|
21
|
+
return await options.authorize(input);
|
|
22
|
+
} };
|
|
23
|
+
}
|
|
24
|
+
//#endregion
|
|
25
|
+
exports.delegatedAuthorization = delegatedAuthorization;
|
|
26
|
+
|
|
27
|
+
//# sourceMappingURL=entry-authorization-delegated.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"entry-authorization-delegated.cjs","names":[],"sources":["../src/authorization/delegated.ts"],"sourcesContent":["/**\n * Delegated {@link AuthorizationProvider}. Wraps a caller-supplied `authorize`\n * function so you can implement any policy — ABAC, an external policy engine\n * (OPA, Cedar), per-application ownership checks — without implementing the\n * interface by hand.\n *\n * The wrapper normalizes a synchronous-or-asynchronous decision into the\n * `Promise<boolean>` the contract requires.\n *\n * @module\n */\n\nimport type { AuthorizationProvider, AuthorizeInput } from \"./contract.ts\";\n\n/** Options for {@link delegatedAuthorization}. */\nexport interface DelegatedAuthorizationOptions {\n /**\n * Decide whether the {@link AuthorizeInput} is permitted. Return `true` to\n * allow. May be synchronous or asynchronous.\n */\n authorize: (input: AuthorizeInput) => Promise<boolean> | boolean;\n}\n\n/**\n * Create an {@link AuthorizationProvider} from a plain decision function.\n *\n * @example\n * ```ts\n * import { delegatedAuthorization } from \"@xtandard/webhooks/authorization/delegated\";\n *\n * const authz = delegatedAuthorization({\n * authorize: ({ principal, action, resource }) =>\n * resource.type !== \"application\" ||\n * (principal?.metadata as { apps?: string[] } | undefined)?.apps?.includes(\n * resource.applicationKey,\n * ) === true,\n * });\n * ```\n */\nexport function delegatedAuthorization(\n options: DelegatedAuthorizationOptions,\n): AuthorizationProvider {\n return {\n async authorize(input: AuthorizeInput): Promise<boolean> {\n return await options.authorize(input);\n },\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAuCA,SAAgB,uBACd,SACuB;CACvB,OAAO,EACL,MAAM,UAAU,OAAyC;EACvD,OAAO,MAAM,QAAQ,UAAU,KAAK;CACtC,EACF;AACF"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
import { n as AuthorizeInput, t as AuthorizationProvider } from "./contract-CiPskNvS.cjs";
|
|
2
|
+
|
|
3
|
+
//#region src/authorization/delegated.d.ts
|
|
4
|
+
/** Options for {@link delegatedAuthorization}. */
|
|
5
|
+
interface DelegatedAuthorizationOptions {
|
|
6
|
+
/**
|
|
7
|
+
* Decide whether the {@link AuthorizeInput} is permitted. Return `true` to
|
|
8
|
+
* allow. May be synchronous or asynchronous.
|
|
9
|
+
*/
|
|
10
|
+
authorize: (input: AuthorizeInput) => Promise<boolean> | boolean;
|
|
11
|
+
}
|
|
12
|
+
/**
|
|
13
|
+
* Create an {@link AuthorizationProvider} from a plain decision function.
|
|
14
|
+
*
|
|
15
|
+
* @example
|
|
16
|
+
* ```ts
|
|
17
|
+
* import { delegatedAuthorization } from "@xtandard/webhooks/authorization/delegated";
|
|
18
|
+
*
|
|
19
|
+
* const authz = delegatedAuthorization({
|
|
20
|
+
* authorize: ({ principal, action, resource }) =>
|
|
21
|
+
* resource.type !== "application" ||
|
|
22
|
+
* (principal?.metadata as { apps?: string[] } | undefined)?.apps?.includes(
|
|
23
|
+
* resource.applicationKey,
|
|
24
|
+
* ) === true,
|
|
25
|
+
* });
|
|
26
|
+
* ```
|
|
27
|
+
*/
|
|
28
|
+
declare function delegatedAuthorization(options: DelegatedAuthorizationOptions): AuthorizationProvider;
|
|
29
|
+
//#endregion
|
|
30
|
+
export { DelegatedAuthorizationOptions, delegatedAuthorization };
|
|
31
|
+
//# sourceMappingURL=entry-authorization-delegated.d.cts.map
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
import { n as AuthorizeInput, t as AuthorizationProvider } from "./contract-C2r2Xzwp.mjs";
|
|
2
|
+
|
|
3
|
+
//#region src/authorization/delegated.d.ts
|
|
4
|
+
/** Options for {@link delegatedAuthorization}. */
|
|
5
|
+
interface DelegatedAuthorizationOptions {
|
|
6
|
+
/**
|
|
7
|
+
* Decide whether the {@link AuthorizeInput} is permitted. Return `true` to
|
|
8
|
+
* allow. May be synchronous or asynchronous.
|
|
9
|
+
*/
|
|
10
|
+
authorize: (input: AuthorizeInput) => Promise<boolean> | boolean;
|
|
11
|
+
}
|
|
12
|
+
/**
|
|
13
|
+
* Create an {@link AuthorizationProvider} from a plain decision function.
|
|
14
|
+
*
|
|
15
|
+
* @example
|
|
16
|
+
* ```ts
|
|
17
|
+
* import { delegatedAuthorization } from "@xtandard/webhooks/authorization/delegated";
|
|
18
|
+
*
|
|
19
|
+
* const authz = delegatedAuthorization({
|
|
20
|
+
* authorize: ({ principal, action, resource }) =>
|
|
21
|
+
* resource.type !== "application" ||
|
|
22
|
+
* (principal?.metadata as { apps?: string[] } | undefined)?.apps?.includes(
|
|
23
|
+
* resource.applicationKey,
|
|
24
|
+
* ) === true,
|
|
25
|
+
* });
|
|
26
|
+
* ```
|
|
27
|
+
*/
|
|
28
|
+
declare function delegatedAuthorization(options: DelegatedAuthorizationOptions): AuthorizationProvider;
|
|
29
|
+
//#endregion
|
|
30
|
+
export { DelegatedAuthorizationOptions, delegatedAuthorization };
|
|
31
|
+
//# sourceMappingURL=entry-authorization-delegated.d.mts.map
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
//#region src/authorization/delegated.ts
|
|
2
|
+
/**
|
|
3
|
+
* Create an {@link AuthorizationProvider} from a plain decision function.
|
|
4
|
+
*
|
|
5
|
+
* @example
|
|
6
|
+
* ```ts
|
|
7
|
+
* import { delegatedAuthorization } from "@xtandard/webhooks/authorization/delegated";
|
|
8
|
+
*
|
|
9
|
+
* const authz = delegatedAuthorization({
|
|
10
|
+
* authorize: ({ principal, action, resource }) =>
|
|
11
|
+
* resource.type !== "application" ||
|
|
12
|
+
* (principal?.metadata as { apps?: string[] } | undefined)?.apps?.includes(
|
|
13
|
+
* resource.applicationKey,
|
|
14
|
+
* ) === true,
|
|
15
|
+
* });
|
|
16
|
+
* ```
|
|
17
|
+
*/
|
|
18
|
+
function delegatedAuthorization(options) {
|
|
19
|
+
return { async authorize(input) {
|
|
20
|
+
return await options.authorize(input);
|
|
21
|
+
} };
|
|
22
|
+
}
|
|
23
|
+
//#endregion
|
|
24
|
+
export { delegatedAuthorization };
|
|
25
|
+
|
|
26
|
+
//# sourceMappingURL=entry-authorization-delegated.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"entry-authorization-delegated.mjs","names":[],"sources":["../src/authorization/delegated.ts"],"sourcesContent":["/**\n * Delegated {@link AuthorizationProvider}. Wraps a caller-supplied `authorize`\n * function so you can implement any policy — ABAC, an external policy engine\n * (OPA, Cedar), per-application ownership checks — without implementing the\n * interface by hand.\n *\n * The wrapper normalizes a synchronous-or-asynchronous decision into the\n * `Promise<boolean>` the contract requires.\n *\n * @module\n */\n\nimport type { AuthorizationProvider, AuthorizeInput } from \"./contract.ts\";\n\n/** Options for {@link delegatedAuthorization}. */\nexport interface DelegatedAuthorizationOptions {\n /**\n * Decide whether the {@link AuthorizeInput} is permitted. Return `true` to\n * allow. May be synchronous or asynchronous.\n */\n authorize: (input: AuthorizeInput) => Promise<boolean> | boolean;\n}\n\n/**\n * Create an {@link AuthorizationProvider} from a plain decision function.\n *\n * @example\n * ```ts\n * import { delegatedAuthorization } from \"@xtandard/webhooks/authorization/delegated\";\n *\n * const authz = delegatedAuthorization({\n * authorize: ({ principal, action, resource }) =>\n * resource.type !== \"application\" ||\n * (principal?.metadata as { apps?: string[] } | undefined)?.apps?.includes(\n * resource.applicationKey,\n * ) === true,\n * });\n * ```\n */\nexport function delegatedAuthorization(\n options: DelegatedAuthorizationOptions,\n): AuthorizationProvider {\n return {\n async authorize(input: AuthorizeInput): Promise<boolean> {\n return await options.authorize(input);\n },\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAuCA,SAAgB,uBACd,SACuB;CACvB,OAAO,EACL,MAAM,UAAU,OAAyC;EACvD,OAAO,MAAM,QAAQ,UAAU,KAAK;CACtC,EACF;AACF"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { t as AuthorizationProvider } from "./contract-CiPskNvS.cjs";
|
|
2
|
+
|
|
3
|
+
//#region src/authorization/none.d.ts
|
|
4
|
+
/**
|
|
5
|
+
* Create an {@link AuthorizationProvider} that authorizes everything.
|
|
6
|
+
*
|
|
7
|
+
* @example
|
|
8
|
+
* ```ts
|
|
9
|
+
* import { noAuthorization } from "@xtandard/webhooks/authorization/none";
|
|
10
|
+
*
|
|
11
|
+
* const authz = noAuthorization();
|
|
12
|
+
* await authz.authorize(input); // → true, always
|
|
13
|
+
* ```
|
|
14
|
+
*/
|
|
15
|
+
declare function noAuthorization(): AuthorizationProvider;
|
|
16
|
+
//#endregion
|
|
17
|
+
export { noAuthorization };
|
|
18
|
+
//# sourceMappingURL=entry-authorization-none.d.cts.map
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { t as AuthorizationProvider } from "./contract-C2r2Xzwp.mjs";
|
|
2
|
+
|
|
3
|
+
//#region src/authorization/none.d.ts
|
|
4
|
+
/**
|
|
5
|
+
* Create an {@link AuthorizationProvider} that authorizes everything.
|
|
6
|
+
*
|
|
7
|
+
* @example
|
|
8
|
+
* ```ts
|
|
9
|
+
* import { noAuthorization } from "@xtandard/webhooks/authorization/none";
|
|
10
|
+
*
|
|
11
|
+
* const authz = noAuthorization();
|
|
12
|
+
* await authz.authorize(input); // → true, always
|
|
13
|
+
* ```
|
|
14
|
+
*/
|
|
15
|
+
declare function noAuthorization(): AuthorizationProvider;
|
|
16
|
+
//#endregion
|
|
17
|
+
export { noAuthorization };
|
|
18
|
+
//# sourceMappingURL=entry-authorization-none.d.mts.map
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
|
|
2
|
+
const require_roles = require("./roles-D0G9XqBq.cjs");
|
|
3
|
+
exports.ALL_ACTIONS = require_roles.ALL_ACTIONS;
|
|
4
|
+
exports.DEFAULT_ROLE_POLICY = require_roles.DEFAULT_ROLE_POLICY;
|
|
5
|
+
exports.READ_ACTIONS = require_roles.READ_ACTIONS;
|
|
6
|
+
exports.rolesAuthorization = require_roles.rolesAuthorization;
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
import { i as WebhooksAction, t as AuthorizationProvider } from "./contract-CiPskNvS.cjs";
|
|
2
|
+
|
|
3
|
+
//#region src/authorization/roles.d.ts
|
|
4
|
+
/** Every action in the system, used to expand non-wildcard "all actions" presets. */
|
|
5
|
+
declare const ALL_ACTIONS: readonly WebhooksAction[];
|
|
6
|
+
/**
|
|
7
|
+
* Every read-only action (the `*:read` subset of {@link ALL_ACTIONS}).
|
|
8
|
+
* `endpoint:read-secret` is deliberately excluded — secret access is sensitive
|
|
9
|
+
* and must be granted explicitly.
|
|
10
|
+
*/
|
|
11
|
+
declare const READ_ACTIONS: readonly WebhooksAction[];
|
|
12
|
+
/** A role policy: each role maps to an explicit action list or the `"*"` wildcard. */
|
|
13
|
+
type RolePolicy = Record<string, WebhooksAction[] | "*">;
|
|
14
|
+
/**
|
|
15
|
+
* The default role policy applied when {@link RolesAuthorizationOptions.policy}
|
|
16
|
+
* is omitted.
|
|
17
|
+
*
|
|
18
|
+
* - `admin` — `"*"`, every action.
|
|
19
|
+
* - `editor` — every action (explicit list, equivalent to `admin` here).
|
|
20
|
+
* - `viewer` — every `*:read` action only.
|
|
21
|
+
*/
|
|
22
|
+
declare const DEFAULT_ROLE_POLICY: RolePolicy;
|
|
23
|
+
/** Options for {@link rolesAuthorization}. */
|
|
24
|
+
interface RolesAuthorizationOptions {
|
|
25
|
+
/**
|
|
26
|
+
* Role → granted actions. `"*"` grants everything. Defaults to
|
|
27
|
+
* {@link DEFAULT_ROLE_POLICY} when omitted.
|
|
28
|
+
*/
|
|
29
|
+
policy?: RolePolicy;
|
|
30
|
+
/**
|
|
31
|
+
* When `true`, every {@link isMutatingAction mutating} action is denied
|
|
32
|
+
* regardless of the principal's roles.
|
|
33
|
+
* @default false
|
|
34
|
+
*/
|
|
35
|
+
readonly?: boolean;
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Create a role-based {@link AuthorizationProvider}.
|
|
39
|
+
*
|
|
40
|
+
* Decision order:
|
|
41
|
+
* 1. If `readonly` and the action mutates → **deny**.
|
|
42
|
+
* 2. If the principal is `null` → **deny**.
|
|
43
|
+
* 3. If any of the principal's roles grants the action (via `"*"` or an explicit
|
|
44
|
+
* list) → **allow**; otherwise **deny**.
|
|
45
|
+
*
|
|
46
|
+
* @example
|
|
47
|
+
* ```ts
|
|
48
|
+
* import { rolesAuthorization } from "@xtandard/webhooks/authorization/roles";
|
|
49
|
+
*
|
|
50
|
+
* // Built-in admin/editor/viewer policy:
|
|
51
|
+
* const authz = rolesAuthorization();
|
|
52
|
+
*
|
|
53
|
+
* // Custom policy:
|
|
54
|
+
* const custom = rolesAuthorization({
|
|
55
|
+
* policy: {
|
|
56
|
+
* ops: ["delivery:read", "delivery:retry", "endpoint:read"],
|
|
57
|
+
* auditor: ["audit:read"],
|
|
58
|
+
* },
|
|
59
|
+
* });
|
|
60
|
+
* ```
|
|
61
|
+
*/
|
|
62
|
+
declare function rolesAuthorization(options?: RolesAuthorizationOptions): AuthorizationProvider;
|
|
63
|
+
//#endregion
|
|
64
|
+
export { ALL_ACTIONS, DEFAULT_ROLE_POLICY, READ_ACTIONS, RolePolicy, RolesAuthorizationOptions, rolesAuthorization };
|
|
65
|
+
//# sourceMappingURL=entry-authorization-roles.d.cts.map
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
import { i as WebhooksAction, t as AuthorizationProvider } from "./contract-C2r2Xzwp.mjs";
|
|
2
|
+
|
|
3
|
+
//#region src/authorization/roles.d.ts
|
|
4
|
+
/** Every action in the system, used to expand non-wildcard "all actions" presets. */
|
|
5
|
+
declare const ALL_ACTIONS: readonly WebhooksAction[];
|
|
6
|
+
/**
|
|
7
|
+
* Every read-only action (the `*:read` subset of {@link ALL_ACTIONS}).
|
|
8
|
+
* `endpoint:read-secret` is deliberately excluded — secret access is sensitive
|
|
9
|
+
* and must be granted explicitly.
|
|
10
|
+
*/
|
|
11
|
+
declare const READ_ACTIONS: readonly WebhooksAction[];
|
|
12
|
+
/** A role policy: each role maps to an explicit action list or the `"*"` wildcard. */
|
|
13
|
+
type RolePolicy = Record<string, WebhooksAction[] | "*">;
|
|
14
|
+
/**
|
|
15
|
+
* The default role policy applied when {@link RolesAuthorizationOptions.policy}
|
|
16
|
+
* is omitted.
|
|
17
|
+
*
|
|
18
|
+
* - `admin` — `"*"`, every action.
|
|
19
|
+
* - `editor` — every action (explicit list, equivalent to `admin` here).
|
|
20
|
+
* - `viewer` — every `*:read` action only.
|
|
21
|
+
*/
|
|
22
|
+
declare const DEFAULT_ROLE_POLICY: RolePolicy;
|
|
23
|
+
/** Options for {@link rolesAuthorization}. */
|
|
24
|
+
interface RolesAuthorizationOptions {
|
|
25
|
+
/**
|
|
26
|
+
* Role → granted actions. `"*"` grants everything. Defaults to
|
|
27
|
+
* {@link DEFAULT_ROLE_POLICY} when omitted.
|
|
28
|
+
*/
|
|
29
|
+
policy?: RolePolicy;
|
|
30
|
+
/**
|
|
31
|
+
* When `true`, every {@link isMutatingAction mutating} action is denied
|
|
32
|
+
* regardless of the principal's roles.
|
|
33
|
+
* @default false
|
|
34
|
+
*/
|
|
35
|
+
readonly?: boolean;
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Create a role-based {@link AuthorizationProvider}.
|
|
39
|
+
*
|
|
40
|
+
* Decision order:
|
|
41
|
+
* 1. If `readonly` and the action mutates → **deny**.
|
|
42
|
+
* 2. If the principal is `null` → **deny**.
|
|
43
|
+
* 3. If any of the principal's roles grants the action (via `"*"` or an explicit
|
|
44
|
+
* list) → **allow**; otherwise **deny**.
|
|
45
|
+
*
|
|
46
|
+
* @example
|
|
47
|
+
* ```ts
|
|
48
|
+
* import { rolesAuthorization } from "@xtandard/webhooks/authorization/roles";
|
|
49
|
+
*
|
|
50
|
+
* // Built-in admin/editor/viewer policy:
|
|
51
|
+
* const authz = rolesAuthorization();
|
|
52
|
+
*
|
|
53
|
+
* // Custom policy:
|
|
54
|
+
* const custom = rolesAuthorization({
|
|
55
|
+
* policy: {
|
|
56
|
+
* ops: ["delivery:read", "delivery:retry", "endpoint:read"],
|
|
57
|
+
* auditor: ["audit:read"],
|
|
58
|
+
* },
|
|
59
|
+
* });
|
|
60
|
+
* ```
|
|
61
|
+
*/
|
|
62
|
+
declare function rolesAuthorization(options?: RolesAuthorizationOptions): AuthorizationProvider;
|
|
63
|
+
//#endregion
|
|
64
|
+
export { ALL_ACTIONS, DEFAULT_ROLE_POLICY, READ_ACTIONS, RolePolicy, RolesAuthorizationOptions, rolesAuthorization };
|
|
65
|
+
//# sourceMappingURL=entry-authorization-roles.d.mts.map
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
|
|
2
|
+
const require_create_fetch_handler = require("./create-fetch-handler-CmooujQo.cjs");
|
|
3
|
+
//#region src/adapters/bun.ts
|
|
4
|
+
/**
|
|
5
|
+
* Bun adapter. The handler is already web-standard, so this is a passthrough you
|
|
6
|
+
* can hand straight to `Bun.serve({ fetch })`. The panel starts the delivery
|
|
7
|
+
* dispatcher by default; pass `dispatcher: false` for split-worker deployments.
|
|
8
|
+
*
|
|
9
|
+
* ```ts
|
|
10
|
+
* import { webhooksPanel } from "@xtandard/webhooks/bun";
|
|
11
|
+
* const panel = webhooksPanel({ storage });
|
|
12
|
+
* Bun.serve({ port: 3000, fetch: panel.fetch });
|
|
13
|
+
* ```
|
|
14
|
+
*
|
|
15
|
+
* @module
|
|
16
|
+
*/
|
|
17
|
+
/** Create a Bun-ready panel handler (`fetch` + `core` + `dispatcher` + `openapi`). */
|
|
18
|
+
function webhooksPanel(options) {
|
|
19
|
+
return require_create_fetch_handler.createFetchHandler(options);
|
|
20
|
+
}
|
|
21
|
+
//#endregion
|
|
22
|
+
exports.webhooksPanel = webhooksPanel;
|
|
23
|
+
|
|
24
|
+
//# sourceMappingURL=entry-bun.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"entry-bun.cjs","names":["createFetchHandler"],"sources":["../src/adapters/bun.ts"],"sourcesContent":["/**\n * Bun adapter. The handler is already web-standard, so this is a passthrough you\n * can hand straight to `Bun.serve({ fetch })`. The panel starts the delivery\n * dispatcher by default; pass `dispatcher: false` for split-worker deployments.\n *\n * ```ts\n * import { webhooksPanel } from \"@xtandard/webhooks/bun\";\n * const panel = webhooksPanel({ storage });\n * Bun.serve({ port: 3000, fetch: panel.fetch });\n * ```\n *\n * @module\n */\n\nimport {\n createFetchHandler,\n type CreateFetchHandlerResult,\n type WebhooksPanelOptions,\n} from \"../server/create-fetch-handler.ts\";\n\n/** Create a Bun-ready panel handler (`fetch` + `core` + `dispatcher` + `openapi`). */\nexport function webhooksPanel(options: WebhooksPanelOptions): CreateFetchHandlerResult {\n return createFetchHandler(options);\n}\n\nexport type { WebhooksPanelOptions, CreateFetchHandlerResult };\n"],"mappings":";;;;;;;;;;;;;;;;;AAqBA,SAAgB,cAAc,SAAyD;CACrF,OAAOA,6BAAAA,mBAAmB,OAAO;AACnC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { n as WebhooksPanelOptions, t as CreateFetchHandlerResult } from "./create-fetch-handler-Dlkhustu.cjs";
|
|
2
|
+
|
|
3
|
+
//#region src/adapters/bun.d.ts
|
|
4
|
+
/** Create a Bun-ready panel handler (`fetch` + `core` + `dispatcher` + `openapi`). */
|
|
5
|
+
declare function webhooksPanel(options: WebhooksPanelOptions): CreateFetchHandlerResult;
|
|
6
|
+
//#endregion
|
|
7
|
+
export { type CreateFetchHandlerResult, type WebhooksPanelOptions, webhooksPanel };
|
|
8
|
+
//# sourceMappingURL=entry-bun.d.cts.map
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { n as WebhooksPanelOptions, t as CreateFetchHandlerResult } from "./create-fetch-handler-jy3hy5nZ.mjs";
|
|
2
|
+
|
|
3
|
+
//#region src/adapters/bun.d.ts
|
|
4
|
+
/** Create a Bun-ready panel handler (`fetch` + `core` + `dispatcher` + `openapi`). */
|
|
5
|
+
declare function webhooksPanel(options: WebhooksPanelOptions): CreateFetchHandlerResult;
|
|
6
|
+
//#endregion
|
|
7
|
+
export { type CreateFetchHandlerResult, type WebhooksPanelOptions, webhooksPanel };
|
|
8
|
+
//# sourceMappingURL=entry-bun.d.mts.map
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import { t as createFetchHandler } from "./create-fetch-handler-BIdk9P30.mjs";
|
|
2
|
+
//#region src/adapters/bun.ts
|
|
3
|
+
/**
|
|
4
|
+
* Bun adapter. The handler is already web-standard, so this is a passthrough you
|
|
5
|
+
* can hand straight to `Bun.serve({ fetch })`. The panel starts the delivery
|
|
6
|
+
* dispatcher by default; pass `dispatcher: false` for split-worker deployments.
|
|
7
|
+
*
|
|
8
|
+
* ```ts
|
|
9
|
+
* import { webhooksPanel } from "@xtandard/webhooks/bun";
|
|
10
|
+
* const panel = webhooksPanel({ storage });
|
|
11
|
+
* Bun.serve({ port: 3000, fetch: panel.fetch });
|
|
12
|
+
* ```
|
|
13
|
+
*
|
|
14
|
+
* @module
|
|
15
|
+
*/
|
|
16
|
+
/** Create a Bun-ready panel handler (`fetch` + `core` + `dispatcher` + `openapi`). */
|
|
17
|
+
function webhooksPanel(options) {
|
|
18
|
+
return createFetchHandler(options);
|
|
19
|
+
}
|
|
20
|
+
//#endregion
|
|
21
|
+
export { webhooksPanel };
|
|
22
|
+
|
|
23
|
+
//# sourceMappingURL=entry-bun.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"entry-bun.mjs","names":[],"sources":["../src/adapters/bun.ts"],"sourcesContent":["/**\n * Bun adapter. The handler is already web-standard, so this is a passthrough you\n * can hand straight to `Bun.serve({ fetch })`. The panel starts the delivery\n * dispatcher by default; pass `dispatcher: false` for split-worker deployments.\n *\n * ```ts\n * import { webhooksPanel } from \"@xtandard/webhooks/bun\";\n * const panel = webhooksPanel({ storage });\n * Bun.serve({ port: 3000, fetch: panel.fetch });\n * ```\n *\n * @module\n */\n\nimport {\n createFetchHandler,\n type CreateFetchHandlerResult,\n type WebhooksPanelOptions,\n} from \"../server/create-fetch-handler.ts\";\n\n/** Create a Bun-ready panel handler (`fetch` + `core` + `dispatcher` + `openapi`). */\nexport function webhooksPanel(options: WebhooksPanelOptions): CreateFetchHandlerResult {\n return createFetchHandler(options);\n}\n\nexport type { WebhooksPanelOptions, CreateFetchHandlerResult };\n"],"mappings":";;;;;;;;;;;;;;;;AAqBA,SAAgB,cAAc,SAAyD;CACrF,OAAO,mBAAmB,OAAO;AACnC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
|
|
2
|
+
let drizzle_orm_mysql_core = require("drizzle-orm/mysql-core");
|
|
3
|
+
//#region src/drizzle/mysql.ts
|
|
4
|
+
/**
|
|
5
|
+
* Build the MySQL `mysqlTable` for the webhooks KV store: `key varchar PRIMARY
|
|
6
|
+
* KEY`, `value json NOT NULL`. The table name defaults to `"xtandard_webhooks"`.
|
|
7
|
+
*/
|
|
8
|
+
function mysqlWebhooksTable(name = "xtandard_webhooks", opts) {
|
|
9
|
+
const columns = {
|
|
10
|
+
key: (0, drizzle_orm_mysql_core.varchar)("key", { length: opts?.keyLength ?? 512 }).primaryKey(),
|
|
11
|
+
value: (0, drizzle_orm_mysql_core.json)("value").notNull(),
|
|
12
|
+
...opts?.extraColumns?.()
|
|
13
|
+
};
|
|
14
|
+
const extraConfig = opts?.extraIndexes;
|
|
15
|
+
return (0, drizzle_orm_mysql_core.mysqlTable)(name, columns, extraConfig);
|
|
16
|
+
}
|
|
17
|
+
//#endregion
|
|
18
|
+
exports.mysqlWebhooksTable = mysqlWebhooksTable;
|
|
19
|
+
|
|
20
|
+
//# sourceMappingURL=entry-drizzle-mysql.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"entry-drizzle-mysql.cjs","names":[],"sources":["../src/drizzle/mysql.ts"],"sourcesContent":["/**\n * `@xtandard/webhooks/drizzle/mysql` — MySQL Drizzle table factory for the\n * webhooks KV store. Schema-only (imports just `drizzle-orm/mysql-core`).\n *\n * Base columns: `key varchar PRIMARY KEY` (length configurable), `value json\n * NOT NULL`. `extraColumns`/`extraIndexes` mirror `drizzle-audit`.\n *\n * @example\n * ```ts\n * import { mysqlWebhooksTable } from \"@xtandard/webhooks/drizzle/mysql\";\n * export const webhooksKv = mysqlWebhooksTable();\n * ```\n *\n * @module\n */\n\nimport type { BuildColumns } from \"drizzle-orm\";\nimport {\n json,\n mysqlTable,\n varchar,\n type MySqlColumnBuilderBase,\n type MySqlTableExtraConfigValue,\n} from \"drizzle-orm/mysql-core\";\nimport type { DrizzleKvTable } from \"./table.ts\";\n\nexport type { DrizzleKvTable } from \"./table.ts\";\n\n/** The `self` passed to an {@link MysqlWebhooksTableOptions.extraIndexes} callback. */\ntype MysqlWebhooksColumns = BuildColumns<string, Record<string, MySqlColumnBuilderBase>, \"mysql\">;\n\n/** Options for {@link mysqlWebhooksTable}. */\nexport interface MysqlWebhooksTableOptions {\n /**\n * `varchar` length for the `key` primary key. Default `512` (store keys are\n * short slash-delimited paths). Keep within your InnoDB index-prefix limit.\n */\n keyLength?: number;\n /** Additional columns merged into the table. */\n extraColumns?: () => Record<string, MySqlColumnBuilderBase>;\n /** Additional indexes/constraints; receives the built table for column references. */\n extraIndexes?: (table: MysqlWebhooksColumns) => MySqlTableExtraConfigValue[];\n}\n\n/**\n * Build the MySQL `mysqlTable` for the webhooks KV store: `key varchar PRIMARY\n * KEY`, `value json NOT NULL`. The table name defaults to `\"xtandard_webhooks\"`.\n */\nexport function mysqlWebhooksTable(\n name = \"xtandard_webhooks\",\n opts?: MysqlWebhooksTableOptions,\n): DrizzleKvTable {\n const columns = {\n key: varchar(\"key\", { length: opts?.keyLength ?? 512 }).primaryKey(),\n value: json(\"value\").notNull(),\n ...opts?.extraColumns?.(),\n };\n // Cast to the exact `self` type Drizzle infers from `columns` — the public\n // `extraIndexes` type uses a generic column map, which is a supertype.\n const extraConfig = opts?.extraIndexes as\n | ((self: BuildColumns<string, typeof columns, \"mysql\">) => MySqlTableExtraConfigValue[])\n | undefined;\n return mysqlTable(name, columns, extraConfig);\n}\n"],"mappings":";;;;;;;AAgDA,SAAgB,mBACd,OAAO,qBACP,MACgB;CAChB,MAAM,UAAU;EACd,MAAA,GAAA,uBAAA,SAAa,OAAO,EAAE,QAAQ,MAAM,aAAa,IAAI,CAAC,EAAE,WAAW;EACnE,QAAA,GAAA,uBAAA,MAAY,OAAO,EAAE,QAAQ;EAC7B,GAAG,MAAM,eAAe;CAC1B;CAGA,MAAM,cAAc,MAAM;CAG1B,QAAA,GAAA,uBAAA,YAAkB,MAAM,SAAS,WAAW;AAC9C"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
import { t as DrizzleKvTable } from "./table-Ce3Tzwqs.cjs";
|
|
2
|
+
import { BuildColumns } from "drizzle-orm";
|
|
3
|
+
import { MySqlColumnBuilderBase, MySqlTableExtraConfigValue } from "drizzle-orm/mysql-core";
|
|
4
|
+
|
|
5
|
+
//#region src/drizzle/mysql.d.ts
|
|
6
|
+
/** The `self` passed to an {@link MysqlWebhooksTableOptions.extraIndexes} callback. */
|
|
7
|
+
type MysqlWebhooksColumns = BuildColumns<string, Record<string, MySqlColumnBuilderBase>, "mysql">;
|
|
8
|
+
/** Options for {@link mysqlWebhooksTable}. */
|
|
9
|
+
interface MysqlWebhooksTableOptions {
|
|
10
|
+
/**
|
|
11
|
+
* `varchar` length for the `key` primary key. Default `512` (store keys are
|
|
12
|
+
* short slash-delimited paths). Keep within your InnoDB index-prefix limit.
|
|
13
|
+
*/
|
|
14
|
+
keyLength?: number;
|
|
15
|
+
/** Additional columns merged into the table. */
|
|
16
|
+
extraColumns?: () => Record<string, MySqlColumnBuilderBase>;
|
|
17
|
+
/** Additional indexes/constraints; receives the built table for column references. */
|
|
18
|
+
extraIndexes?: (table: MysqlWebhooksColumns) => MySqlTableExtraConfigValue[];
|
|
19
|
+
}
|
|
20
|
+
/**
|
|
21
|
+
* Build the MySQL `mysqlTable` for the webhooks KV store: `key varchar PRIMARY
|
|
22
|
+
* KEY`, `value json NOT NULL`. The table name defaults to `"xtandard_webhooks"`.
|
|
23
|
+
*/
|
|
24
|
+
declare function mysqlWebhooksTable(name?: string, opts?: MysqlWebhooksTableOptions): DrizzleKvTable;
|
|
25
|
+
//#endregion
|
|
26
|
+
export { type DrizzleKvTable, MysqlWebhooksTableOptions, mysqlWebhooksTable };
|
|
27
|
+
//# sourceMappingURL=entry-drizzle-mysql.d.cts.map
|