@zintrust/core 0.1.19 → 0.1.20

package/src/security/Sanitizer.js

@@ -0,0 +1,412 @@
+/**
+ * Input Sanitizer (Character Whitelisting)
+ *
+ * Provides small utilities to remove unwanted characters from user input.
+ *
+ * Important:
+ * - This is NOT a complete SQL injection defense.
+ * - Always use parameterized queries / the ORM / QueryBuilder.
+ *
+ * Use this for:
+ * - Normalizing identifiers (username, slug-ish strings)
+ * - Cleaning phone numbers / numeric strings
+ * - Reducing unexpected characters before storage/logging
+ *
+ * Bulletproof Mode:
+ * - Enabled by default (`bulletproof=true`) for security-critical methods
+ * - Throws SanitizerError instead of returning empty/invalid values
+ * - Validates numeric ranges, leading zeros, type coercion attacks
+ * - ~5-15% performance overhead; disable for performance-critical paths
+ */
+import { ErrorFactory } from '../exceptions/ZintrustError.js';
+const MAX_NUMERIC_INPUT_LEN = 64;
+const MAX_EMAIL_LEN = 254;
+const MAX_NAME_LEN = 200;
+const MAX_PASSWORD_LEN = 256;
+const assertMaxLen = (method, label, value, maxLen) => {
+    if (value.length <= maxLen)
+        return;
+    throw ErrorFactory.createSanitizerError(method, `${label} too long`, value);
+};
+const isEmpty = (value) => {
+    // Preserve legacy semantics: treat 0 and "0" as empty.
+    return (value === null ||
+        value === undefined ||
+        value === false ||
+        value === 0 ||
+        value === '' ||
+        value === '0');
+};
+const toStr = (value) => {
+    return String(value ?? '');
+};
+const stripSpaces = (value) => {
+    return toStr(value).replaceAll(' ', '');
+};
+const sanitize = (value, pattern, stripSpace = false) => {
+    const input = stripSpace ? stripSpaces(value) : toStr(value);
+    return input.replace(pattern, '');
+};
+const isNumericString = (value) => {
+    const trimmed = value.trim();
+    if (trimmed.length === 0)
+        return false;
+    const n = Number(trimmed);
+    return Number.isFinite(n);
+};
+const parseAmount = (value, bulletproof = true) => {
+    if (isEmpty(value))
+        return 0;
+    const cleaned = sanitize(value, /[^0-9.-]/g, true);
+    const num = Number(cleaned);
+    if (bulletproof) {
+        // Handle string edge cases - check original value
+        const str = String(value);
+        const trimmed = str.trim();
+        assertMaxLen('parseAmount', 'Input', trimmed, MAX_NUMERIC_INPUT_LEN);
+        // Reject explicit plus sign prefixes (type confusion)
+        if (trimmed.startsWith('+')) {
+            throw ErrorFactory.createSanitizerError('parseAmount', 'Plus sign not allowed', value);
+        }
+        // Reject "Infinity", "-Infinity", "NaN" explicitly
+        if (/^[+-]?infinity$/i.test(trimmed) || /^nan$/i.test(trimmed)) {
+            throw ErrorFactory.createSanitizerError('parseAmount', 'Non-finite number', value);
+        }
+        // Reject scientific notation (e.g., "1e308", "2.5e10")
+        if (/[eE]/.test(trimmed)) {
+            throw ErrorFactory.createSanitizerError('parseAmount', 'Scientific notation not allowed', value);
+        }
+        assertMaxLen('parseAmount', 'Sanitized numeric', cleaned, MAX_NUMERIC_INPUT_LEN);
+        // Require a strict numeric shape after sanitization (prevents "1-2" -> NaN etc.)
+        if (!/^-?\d+(?:\.\d+)?$/.test(cleaned)) {
+            throw ErrorFactory.createSanitizerError('parseAmount', 'Invalid numeric format', value);
+        }
+        // Reject Infinity, NaN, and overflow attacks
+        if (!Number.isFinite(num)) {
+            throw ErrorFactory.createSanitizerError('parseAmount', 'Non-finite number', value);
+        }
+        if (Math.abs(num) > Number.MAX_SAFE_INTEGER) {
+            throw ErrorFactory.createSanitizerError('parseAmount', 'Number exceeds safe integer range', value);
+        }
+    }
+    return Number.isFinite(num) ? num : 0;
+};
+const alphanumeric = (value) => {
+    if (isEmpty(value))
+        return '';
+    return sanitize(value, /[^A-Za-z0-9]/g, true);
+};
+const alphanumericDotDash = (value) => {
+    if (isEmpty(value))
+        return '';
+    return sanitize(value, /[^A-Za-z0-9\-.]/g, true);
+};
+const validateNonNegativeNumericStringPreSanitization = (trimmed, value) => {
+    assertMaxLen('nonNegativeNumericStringOrNull', 'Input', trimmed, MAX_NUMERIC_INPUT_LEN);
+    // Reject explicit plus sign prefixes (type confusion)
+    if (trimmed.startsWith('+')) {
+        throw ErrorFactory.createSanitizerError('nonNegativeNumericStringOrNull', 'Plus sign not allowed', value);
+    }
+    // Reject scientific notation before sanitization can mask it
+    if (/[eE]/.test(trimmed)) {
+        throw ErrorFactory.createSanitizerError('nonNegativeNumericStringOrNull', 'Scientific notation not allowed', value);
+    }
+};
+const validateNonNegativeNumericStringPostSanitization = (da, value) => {
+    assertMaxLen('nonNegativeNumericStringOrNull', 'Sanitized numeric', da, MAX_NUMERIC_INPUT_LEN);
+    // Strict shape: allow optional leading '-' and optional fractional part.
+    if (!/^-?\d+(?:\.\d+)?$/.test(da)) {
+        throw ErrorFactory.createSanitizerError('nonNegativeNumericStringOrNull', 'Invalid numeric format', value);
+    }
+    // For integers (no decimal point), validate leading zeros
+    if (da.includes('.')) {
+        // For decimals, only check overflow
+        const num = Number(da);
+        if (Math.abs(num) > Number.MAX_SAFE_INTEGER) {
+            throw ErrorFactory.createSanitizerError('nonNegativeNumericStringOrNull', 'Number exceeds safe integer range', value);
+        }
+    }
+    else {
+        const numericId = Number.parseInt(da, 10);
+        if (!Number.isFinite(numericId) ||
+            numericId < 0 ||
+            numericId > Number.MAX_SAFE_INTEGER ||
+            numericId.toString() !== da) {
+            throw ErrorFactory.createSanitizerError('nonNegativeNumericStringOrNull', 'Invalid numeric format (leading zeros, overflow, or type mismatch)', value);
+        }
+    }
+};
+const nonNegativeNumericStringOrNull = (value, bulletproof = true) => {
+    if (isEmpty(value))
+        return 0;
+    const raw = stripSpaces(value);
+    if (bulletproof) {
+        const trimmed = raw.trim();
+        validateNonNegativeNumericStringPreSanitization(trimmed, value);
+    }
+    const da = raw.replaceAll(/[^0-9\-.]/g, '');
+    const numeric = isNumericString(da);
+    if (numeric && Number(da) < 0)
+        return 0;
+    if (!numeric) {
+        return null;
+    }
+    if (bulletproof) {
+        validateNonNegativeNumericStringPostSanitization(da, value);
+    }
+    return da;
+};
+const digitsOnly = (value, bulletproof = true) => {
+    // Special handling for '0' string
+    if (value === '0') {
+        if (bulletproof) {
+            throw ErrorFactory.createSanitizerError('digitsOnly', 'Invalid numeric ID (zero, negative, overflow, or leading zeros)', value);
+        }
+        return '0';
+    }
+    if (isEmpty(value))
+        return '';
+    const da = sanitize(value, /\D/g);
+    if (bulletproof) {
+        assertMaxLen('digitsOnly', 'Sanitized numeric', da, 16);
+        // After removing non-digits, check if result is empty
+        if (da.length === 0) {
+            throw ErrorFactory.createSanitizerError('digitsOnly', 'Empty result after removing non-digits', value);
+        }
+        // Check for special characters that get stripped (like +)
+        const str = String(value);
+        if (/^[+-]/.test(str.trim())) {
+            throw ErrorFactory.createSanitizerError('digitsOnly', 'Invalid numeric ID (starts with +/- sign)', value);
+        }
+        const numericId = Number.parseInt(da, 10);
+        if (!Number.isFinite(numericId) ||
+            numericId <= 0 ||
+            numericId > Number.MAX_SAFE_INTEGER ||
+            numericId.toString() !== da) {
+            throw ErrorFactory.createSanitizerError('digitsOnly', 'Invalid numeric ID (zero, negative, overflow, or leading zeros)', value);
+        }
+    }
+    return da.replaceAll(' ', '');
+};
+const validateDecimalStringPreSanitization = (trimmed, value) => {
+    assertMaxLen('decimalString', 'Input', trimmed, MAX_NUMERIC_INPUT_LEN);
+    // Reject explicit plus/minus prefixes and scientific notation (type confusion)
+    if (/^[+-]/.test(trimmed)) {
+        throw ErrorFactory.createSanitizerError('decimalString', 'Signed values not allowed', value);
+    }
+    if (/[eE]/.test(trimmed)) {
+        throw ErrorFactory.createSanitizerError('decimalString', 'Scientific notation not allowed', value);
+    }
+};
+const validateDecimalStringPostSanitization = (result, cleaned, value) => {
+    assertMaxLen('decimalString', 'Sanitized numeric', cleaned, MAX_NUMERIC_INPUT_LEN);
+    if (result.length === 0) {
+        throw ErrorFactory.createSanitizerError('decimalString', 'Empty result after sanitization', value);
+    }
+    if (!/^\d+(?:\.\d+)?$/.test(result)) {
+        throw ErrorFactory.createSanitizerError('decimalString', 'Invalid decimal format', value);
+    }
+    const num = Number(result);
+    if (!Number.isFinite(num)) {
+        throw ErrorFactory.createSanitizerError('decimalString', 'Non-numeric decimal value', value);
+    }
+    if (Math.abs(num) > Number.MAX_SAFE_INTEGER) {
+        throw ErrorFactory.createSanitizerError('decimalString', 'Decimal value exceeds safe range', value);
+    }
+};
+const decimalString = (value, bulletproof = true) => {
+    if (isEmpty(value))
+        return '';
+    if (bulletproof) {
+        const trimmed = String(value).trim();
+        validateDecimalStringPreSanitization(trimmed, value);
+    }
+    // Allow only valid decimal format: digits and at most one decimal point
+    const cleaned = sanitize(value, /[^0-9.]/g);
+    const parts = cleaned.split('.');
+    // Bulletproof mode: reject multiple decimal points rather than merging.
+    // Legacy/unsafe mode: normalize by keeping the first decimal point.
+    let result;
+    if (parts.length > 2) {
+        result = bulletproof ? '' : `${parts[0]}.${parts.slice(1).join('')}`;
+    }
+    else {
+        result = cleaned;
+    }
+    if (bulletproof) {
+        validateDecimalStringPostSanitization(result, cleaned, value);
+    }
+    return result;
+};
+const numericDotOnly = (value) => {
+    if (isEmpty(value))
+        return '';
+    return sanitize(value, /[^0-9.]/g);
+};
+const createBasicSanitizers = () => {
+    return {
+        parseAmount,
+        alphanumeric,
+        alphanumericDotDash,
+        nonNegativeNumericStringOrNull,
+        digitsOnly,
+        decimalString,
+        numericDotOnly,
+    };
+};
+const addressTextSanitizer = (value) => {
+    if (isEmpty(value))
+        return '';
+    return sanitize(value, /[^A-Za-z0-9\-.@+, _]/g);
+};
+const emailLikeSanitizer = (value) => {
+    if (isEmpty(value))
+        return '';
+    return sanitize(value, /[^A-Za-z0-9\-.@+_]/g);
+};
+const emailSanitizer = (value, bulletproof = true) => {
+    if (isEmpty(value))
+        return '';
+    const result = sanitize(value, /[^A-Za-z0-9\-.@_]/g);
+    if (bulletproof) {
+        const trimmed = result.trim();
+        assertMaxLen('email', 'Email', trimmed, MAX_EMAIL_LEN);
+        if (trimmed.length === 0) {
+            throw ErrorFactory.createSanitizerError('email', 'Empty result after sanitization', value);
+        }
+        if (!trimmed.includes('@')) {
+            throw ErrorFactory.createSanitizerError('email', 'Missing @ symbol in email', value);
+        }
+        // Basic validation: something@something
+        const parts = trimmed.split('@');
+        if (parts.length !== 2 || parts[0].length === 0 || parts[1].length === 0) {
+            throw ErrorFactory.createSanitizerError('email', 'Invalid email format', value);
+        }
+    }
+    return result;
+};
+const messageTextSanitizer = (value) => {
+    if (isEmpty(value))
+        return '';
+    return sanitize(value, /[^A-Za-z0-9\-.@+_&$%!,()? ]/g);
+};
+const nameTextSanitizer = (value, bulletproof = true) => {
+    if (isEmpty(value))
+        return '';
+    const result = sanitize(value, /[^A-Za-z0-9 .]/g);
+    if (bulletproof) {
+        const trimmed = result.trim();
+        assertMaxLen('nameText', 'Name', trimmed, MAX_NAME_LEN);
+        if (trimmed.length === 0) {
+            throw ErrorFactory.createSanitizerError('nameText', 'Empty or whitespace-only result', value);
+        }
+        // Names should have at least one letter
+        if (!/[A-Za-z]/.test(trimmed)) {
+            throw ErrorFactory.createSanitizerError('nameText', 'Name must contain at least one letter', value);
+        }
+    }
+    return result;
+};
+const wordCharsAndSpacesSanitizer = (value) => {
+    if (isEmpty(value))
+        return '';
+    return sanitize(value, /[^A-Za-z0-9_\s]/g);
+};
+const safePasswordCharsSanitizer = (value, bulletproof = true) => {
+    if (isEmpty(value))
+        return '';
+    const result = sanitize(value, /[^!@#$%&*/\sA-Za-z0-9_]/g);
+    if (bulletproof) {
+        const trimmed = result.trim();
+        assertMaxLen('safePasswordChars', 'Password', trimmed, MAX_PASSWORD_LEN);
+        if (trimmed.length === 0) {
+            throw ErrorFactory.createSanitizerError('safePasswordChars', 'Empty result after sanitization', value);
+        }
+    }
+    return result;
+};
+const createTextSanitizers = () => {
+    return {
+        addressText: addressTextSanitizer,
+        emailLike: emailLikeSanitizer,
+        email: emailSanitizer,
+        messageText: messageTextSanitizer,
+        nameText: nameTextSanitizer,
+        wordCharsAndSpaces: wordCharsAndSpacesSanitizer,
+        safePasswordChars: safePasswordCharsSanitizer,
+    };
+};
+const createSpecializedSanitizers = () => {
+    const ipAddressText = (value) => {
+        if (isEmpty(value))
+            return '';
+        return sanitize(value, /[^A-Za-z0-9:.]/g);
+    };
+    const alphaNumericColonDash = (value) => {
+        if (isEmpty(value))
+            return '';
+        return sanitize(value, /[^A-Za-z0-9:-]/g);
+    };
+    const dateSlash = (value) => {
+        if (isEmpty(value))
+            return '';
+        return sanitize(value, /[^0-9/]/g);
+    };
+    const lowercaseAlphanumeric = (value) => {
+        if (isEmpty(value))
+            return '';
+        return sanitize(value, /[^A-Za-z0-9]/g).toLowerCase();
+    };
+    const uppercaseAlphanumeric = (value) => {
+        if (isEmpty(value))
+            return '';
+        return sanitize(value, /[^A-Za-z0-9]/g).toUpperCase();
+    };
+    const alphanumericNoSpaces = (value) => {
+        if (isEmpty(value))
+            return '';
+        return sanitize(value, /[^A-Za-z0-9 ]/g, true);
+    };
+    const dateSlashNoSpaces = (value) => {
+        if (isEmpty(value))
+            return '';
+        return sanitize(value, /[^0-9/]/g, true);
+    };
+    // Legacy naming was misleading; this is closer to a "uuid/token safe" whitelist.
+    const uuidTokenSafe = (value) => {
+        if (isEmpty(value))
+            return '';
+        return sanitize(value, /[^A-Za-z0-9\-=]/g, true);
+    };
+    // Base64url-like (plus "=") token whitelisting.
+    const tokenSafe = (value) => {
+        if (isEmpty(value))
+            return '';
+        return sanitize(value, /[^A-Za-z0-9\-=_]/g, true);
+    };
+    const keyLike = (value) => {
+        if (isEmpty(value))
+            return '';
+        return sanitize(value, /[^A-Za-z0-9\-:. ]/g, true);
+    };
+    return {
+        ipAddressText,
+        alphaNumericColonDash,
+        dateSlash,
+        lowercaseAlphanumeric,
+        uppercaseAlphanumeric,
+        alphanumericNoSpaces,
+        dateSlashNoSpaces,
+        uuidTokenSafe,
+        tokenSafe,
+        keyLike,
+    };
+};
+export const createSanitizer = () => {
+    return Object.freeze({
+        ...createBasicSanitizers(),
+        ...createTextSanitizers(),
+        ...createSpecializedSanitizers(),
+    });
+};
+export const Sanitizer = createSanitizer();

package/src/security/TokenRevocation.d.ts

@@ -0,0 +1,7 @@
+type AuthorizationHeader = string | string[] | undefined;
+export declare const TokenRevocation: Readonly<{
+    revoke(header: AuthorizationHeader): string | null;
+    isRevoked(token: string): boolean;
+}>;
+export default TokenRevocation;
+//# sourceMappingURL=TokenRevocation.d.ts.map

package/src/security/TokenRevocation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"TokenRevocation.d.ts","sourceRoot":"","sources":["../../../src/security/TokenRevocation.ts"],"names":[],"mappings":"AAGA,KAAK,mBAAmB,GAAG,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC;AAsCzD,eAAO,MAAM,eAAe;mBACX,mBAAmB,GAAG,MAAM,GAAG,IAAI;qBASjC,MAAM,GAAG,OAAO;EAUjC,CAAC;AAEH,eAAe,eAAe,CAAC"}

package/src/security/TokenRevocation.js

@@ -0,0 +1,57 @@
+import { securityConfig } from '../config/security.js';
+import { JwtManager } from './JwtManager.js';
+const revokedTokens = new Map();
+const defaultTtlMs = Math.max(securityConfig.jwt.expiresIn * 1000, 60_000);
+const getBearerToken = (header) => {
+    const value = Array.isArray(header) ? header[0] : header;
+    if (typeof value !== 'string')
+        return null;
+    const [scheme, token] = value.trim().split(' ');
+    if (scheme.toLowerCase() !== 'bearer')
+        return null;
+    if (typeof token !== 'string' || token.trim() === '')
+        return null;
+    return token;
+};
+const cleanupExpired = () => {
+    const now = Date.now();
+    for (const [token, expiresAt] of revokedTokens.entries()) {
+        if (expiresAt <= now) {
+            revokedTokens.delete(token);
+        }
+    }
+};
+const resolveExpiryMs = (token) => {
+    try {
+        const payload = JwtManager.create().decode(token);
+        if (typeof payload.exp === 'number' && Number.isFinite(payload.exp)) {
+            return payload.exp * 1000;
+        }
+    }
+    catch {
+        // ignore decode errors; fallback to default TTL
+    }
+    return Date.now() + defaultTtlMs;
+};
+export const TokenRevocation = Object.freeze({
+    revoke(header) {
+        const token = getBearerToken(header);
+        if (token === null)
+            return null;
+        cleanupExpired();
+        revokedTokens.set(token, resolveExpiryMs(token));
+        return token;
+    },
+    isRevoked(token) {
+        cleanupExpired();
+        const expiresAt = revokedTokens.get(token);
+        if (expiresAt === undefined)
+            return false;
+        if (expiresAt <= Date.now()) {
+            revokedTokens.delete(token);
+            return false;
+        }
+        return true;
+    },
+});
+export default TokenRevocation;

package/src/seeders/SeederDiscovery.d.ts

@@ -0,0 +1,5 @@
+export declare const SeederDiscovery: Readonly<{
+    resolveDir(projectRoot: string, dir: string): string;
+    listSeederFiles(dir: string): string[];
+}>;
+//# sourceMappingURL=SeederDiscovery.d.ts.map

package/src/seeders/SeederDiscovery.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SeederDiscovery.d.ts","sourceRoot":"","sources":["../../../src/seeders/SeederDiscovery.ts"],"names":[],"mappings":"AAQA,eAAO,MAAM,eAAe;4BACF,MAAM,OAAO,MAAM,GAAG,MAAM;yBAI/B,MAAM,GAAG,MAAM,EAAE;EAQtC,CAAC"}

package/src/seeders/SeederDiscovery.js

@@ -0,0 +1,21 @@
+import fs from '../node-singletons/fs.js';
+import * as path from '../node-singletons/path.js';
+const isSeederFile = (file) => {
+    if (file.endsWith('.d.ts'))
+        return false;
+    return file.endsWith('.ts') || file.endsWith('.js');
+};
+export const SeederDiscovery = Object.freeze({
+    resolveDir(projectRoot, dir) {
+        return path.resolve(projectRoot, dir);
+    },
+    listSeederFiles(dir) {
+        if (!fs.existsSync(dir))
+            return [];
+        const files = fs.readdirSync(dir);
+        return files
+            .filter(isSeederFile)
+            .sort((a, b) => a.localeCompare(b))
+            .map((f) => path.join(dir, f));
+    },
+});

package/src/seeders/SeederLoader.d.ts

@@ -0,0 +1,5 @@
+import type { LoadedSeeder } from '../seeders/types';
+export declare const SeederLoader: Readonly<{
+    load(filePath: string): Promise<LoadedSeeder>;
+}>;
+//# sourceMappingURL=SeederLoader.d.ts.map

package/src/seeders/SeederLoader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SeederLoader.d.ts","sourceRoot":"","sources":["../../../src/seeders/SeederLoader.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAiB,MAAM,iBAAiB,CAAC;AAwDnE,eAAO,MAAM,YAAY;mBACF,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;EA0BnD,CAAC"}

package/src/seeders/SeederLoader.js

@@ -0,0 +1,60 @@
+import { ErrorFactory } from '../exceptions/ZintrustError.js';
+import * as path from '../node-singletons/path.js';
+import { pathToFileURL } from 'node:url';
+function isFunction(value) {
+    return typeof value === 'function';
+}
+function isRecord(value) {
+    return typeof value === 'object' && value !== null;
+}
+function hasRun(value) {
+    return typeof value === 'object' && value !== null && 'run' in value;
+}
+function normalizeHandler(fn, label) {
+    if (!isFunction(fn)) {
+        throw ErrorFactory.createValidationError(`Invalid seeder export: expected function for ${label}`);
+    }
+    return async (db) => {
+        // Support both (db) => Promise<void> and () => Promise<void>.
+        if (fn.length <= 0) {
+            await Promise.resolve(fn());
+            return;
+        }
+        await Promise.resolve(fn(db));
+    };
+}
+function selectSeederExport(mod, baseName) {
+    const defaultExport = mod.default;
+    const defaultNamed = isRecord(defaultExport) ? defaultExport[baseName] : undefined;
+    // Prefer conventional exports first.
+    const candidate = mod.seeder ?? mod[baseName] ?? mod.run ?? defaultExport ?? defaultNamed;
+    if (candidate !== undefined)
+        return candidate;
+    // Last resort: pick the first export that looks like a seeder object.
+    for (const value of Object.values(mod)) {
+        if (hasRun(value))
+            return value;
+    }
+    return undefined;
+}
+export const SeederLoader = Object.freeze({
+    async load(filePath) {
+        const url = pathToFileURL(filePath).href;
+        const raw = (await import(url));
+        const mod = isRecord(raw) ? raw : {};
+        const baseName = path.basename(filePath, path.extname(filePath));
+        const picked = selectSeederExport(mod, baseName);
+        const baseExport = mod[baseName];
+        const runFn = (hasRun(picked) ? picked.run : undefined) ??
+            (hasRun(baseExport) ? baseExport.run : undefined) ??
+            mod.run;
+        if (runFn === undefined) {
+            throw ErrorFactory.createValidationError(`Seeder '${filePath}' is missing a runnable export (expected '${baseName}.run()', 'seeder.run()', 'run()', or default export with 'run()')`);
+        }
+        return {
+            name: baseName,
+            filePath,
+            run: normalizeHandler(runFn, 'run'),
+        };
+    },
+});

package/src/seeders/types.d.ts

@@ -0,0 +1,18 @@
+import type { IDatabase } from '../orm/Database';
+export type SeederModule = {
+    /** Common pattern: export const UserSeeder = { run() { ... } } */
+    [key: string]: unknown;
+    /** Alternative: export const seeder = { run() { ... } } */
+    seeder?: unknown;
+    /** Alternative: export async function run() { ... } */
+    run?: unknown;
+    /** Interop: export default { run() { ... } } */
+    default?: unknown;
+};
+export type SeederHandler = (db: IDatabase) => Promise<void>;
+export type LoadedSeeder = {
+    name: string;
+    filePath: string;
+    run: SeederHandler;
+};
+//# sourceMappingURL=types.d.ts.map

package/src/seeders/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/seeders/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,MAAM,YAAY,GAAG;IACzB,kEAAkE;IAClE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IACvB,2DAA2D;IAC3D,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,uDAAuD;IACvD,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,gDAAgD;IAChD,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG,CAAC,EAAE,EAAE,SAAS,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;AAE7D,MAAM,MAAM,YAAY,GAAG;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,aAAa,CAAC;CACpB,CAAC"}

package/src/seeders/types.js

@@ -0,0 +1 @@
+export {};

package/src/session/SessionManager.js

@@ -1,4 +1,4 @@
-import { generateSecureJobId } from '../common/uuid.js';
+import { generateSecureJobId } from '../common/utility.js';
 const DEFAULT_OPTIONS = {
     cookieName: 'ZIN_SESSION_ID',
     headerName: 'x-session-id',