@zintrust/core 0.1.20 → 0.1.22

package/src/config/index.d.ts

@@ -31,62 +31,16 @@ export declare const config: Readonly<{
         readonly maxBodySize: string;
         readonly getSafeEnv: () => NodeJS.ProcessEnv;
     }>;
-    readonly broadcast: Readonly<{
-        readonly default: string;
-        readonly drivers: {
-            readonly inmemory: import("./type").InMemoryBroadcastDriverConfig;
-            readonly pusher: import("./type").PusherBroadcastDriverConfig;
-            readonly redis: import("./type").RedisBroadcastDriverConfig;
-            readonly redishttps: import("./type").RedisHttpsBroadcastDriverConfig;
-        };
-        readonly getDriverName: () => string;
-        readonly getDriverConfig: (name?: string) => import("./type").KnownBroadcastDriverConfig;
-    }>;
-    readonly database: Readonly<{
+    readonly broadcast: {
         default: string;
-        connections: {
-            sqlite: {
-                driver: "sqlite";
-                database: string;
-                migrations: string;
-            };
-            d1: {
-                driver: "d1";
-            };
-            'd1-remote': {
-                driver: "d1-remote";
-            };
-            postgresql: {
-                driver: "postgresql";
-                host: string;
-                port: number;
-                database: string;
-                username: string;
-                password: string;
-                ssl: boolean;
-                pooling: {
-                    enabled: boolean;
-                    min: number;
-                    max: number;
-                    idleTimeout: number;
-                    connectionTimeout: number;
-                };
-            };
-            mysql: {
-                driver: "mysql";
-                host: string;
-                port: number;
-                database: string;
-                username: string;
-                password: string;
-                pooling: {
-                    enabled: boolean;
-                    min: number;
-                    max: number;
-                };
-            };
-        };
-        getConnection(this: import("./type").DatabaseConfigShape): import("./type").DatabaseConnectionConfig;
+        drivers: import("./type").BroadcastDrivers;
+        getDriverName: () => string;
+        getDriverConfig: (name?: string) => import("./type").KnownBroadcastDriverConfig;
+    };
+    readonly database: {
+        default: string;
+        connections: import("./type").DatabaseConnections;
+        getConnection: (this: import("./type").DatabaseConfigShape) => import("./type").DatabaseConnectionConfig;
         logging: {
             enabled: boolean;
             level: string;
@@ -98,33 +52,31 @@ export declare const config: Readonly<{
         seeders: {
             directory: string;
         };
-    }>;
-    readonly storage: Readonly<{
-        readonly default: string;
-        readonly drivers: import("./type").StorageDrivers;
-        getDriver(this: import("./type").StorageConfigRuntime): import("./type").StorageDriverConfig;
-        getDriverConfig(this: import("./type").StorageConfigRuntime, name?: string): import("./type").StorageDriverConfig;
-        readonly temp: {
+    };
+    readonly storage: import("./type").StorageConfigRuntime & {
+        getDriver: (this: import("./type").StorageConfigRuntime) => import("./type").StorageDriverConfig;
+        getDriverConfig: (this: import("./type").StorageConfigRuntime, name?: string) => import("./type").StorageDriverConfig;
+        temp: {
             path: string;
             maxAge: number;
         };
-        readonly uploads: {
+        uploads: {
             maxSize: string;
             allowedMimes: string;
             path: string;
         };
-        readonly backups: {
+        backups: {
             path: string;
             driver: string;
         };
-    }>;
-    readonly notification: Readonly<{
-        readonly default: string;
-        readonly drivers: import("./type").NotificationDrivers;
-        readonly providers: import("./type").NotificationProviders;
-        readonly getDriverName: () => string;
-        readonly getDriverConfig: (name?: string) => import("./type").KnownNotificationDriverConfig;
-    }>;
+    };
+    readonly notification: {
+        default: string;
+        drivers: import("./type").NotificationDrivers;
+        providers: import("./type").NotificationProviders;
+        getDriverName: () => string;
+        getDriverConfig: (name?: string) => import("./type").KnownNotificationDriverConfig;
+    };
     readonly security: Readonly<{
         readonly jwt: {
             readonly enabled: boolean;
@@ -252,73 +204,17 @@ export declare const config: Readonly<{
             readonly namespace: string;
         };
     }>;
-    readonly cache: Readonly<{
+    readonly cache: {
         default: string;
-        drivers: {
-            memory: {
-                driver: "memory";
-                ttl: number;
-            };
-            redis: {
-                driver: "redis";
-                host: string;
-                port: number;
-                ttl: number;
-            };
-            mongodb: {
-                driver: "mongodb";
-                uri: string;
-                db: string;
-                ttl: number;
-            };
-            kv: {
-                driver: "kv";
-                ttl: number;
-            };
-            'kv-remote': {
-                driver: "kv-remote";
-                ttl: number;
-            };
-        };
-        getDriver(name?: string): import("./type").CacheDriverConfig;
+        drivers: import("./type").CacheConfigInput["drivers"];
+        getDriver: (name?: string) => import("./type").CacheDriverConfig;
         keyPrefix: string;
         ttl: number;
-    }>;
-    readonly queue: Readonly<{
+    };
+    readonly queue: {
         default: import("./type").QueueDriverName;
-        drivers: {
-            sync: {
-                driver: "sync";
-            };
-            database: {
-                driver: "database";
-                table: string;
-                connection: string;
-            };
-            redis: {
-                driver: "redis";
-                host: string;
-                port: number;
-                password: string;
-                database: number;
-            };
-            rabbitmq: {
-                driver: "rabbitmq";
-                host: string;
-                port: number;
-                username: string;
-                password: string;
-                vhost: string;
-            };
-            sqs: {
-                driver: "sqs";
-                key: string;
-                secret: string;
-                region: string;
-                queueUrl: string;
-            };
-        };
-        getDriver(): import("./type").QueueDriversConfig[import("./type").QueueDriverName];
+        drivers: import("./type").QueueDriversConfig;
+        getDriver: (this: import("./type").QueueConfigWithDrivers) => import("./type").QueueDriversConfig[import("./type").QueueDriverName];
         failed: {
             database: string;
             table: string;
@@ -329,7 +225,7 @@ export declare const config: Readonly<{
             backoff: number;
             workers: number;
         };
-    }>;
+    };
 }>;
 export type Config = typeof config;
 //# sourceMappingURL=index.d.ts.map

package/src/config/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/config/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAaH,OAAO,EAAE,SAAS,EAAE,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,KAAK,WAAW,EAAE,MAAM,eAAe,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,KAAK,cAAc,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,KAAK,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AACtF,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,KAAK,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,KAAK,WAAW,EAAE,MAAM,eAAe,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,KAAK,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEpE;;;GAGG;AACH,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAWR,CAAC;AAEZ,MAAM,MAAM,MAAM,GAAG,OAAO,MAAM,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/config/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAaH,OAAO,EAAE,SAAS,EAAE,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,KAAK,WAAW,EAAE,MAAM,eAAe,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,KAAK,cAAc,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,KAAK,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AACtF,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,KAAK,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,KAAK,WAAW,EAAE,MAAM,eAAe,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,KAAK,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEpE;;;GAGG;AACH,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;8BAXgB,CAAA;;;;;;;;;;;;;;;;;;;;2EAAA,CAAC;;;;;;;;;;;;;;;;;;;;8BAD2B,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;wBAoBxD,CAAC;;;;;;;;;;;;;;;;;;;EAGE,CAAC;AAEZ,MAAM,MAAM,MAAM,GAAG,OAAO,MAAM,CAAC"}

package/src/config/mail.d.ts

@@ -3,61 +3,25 @@
  * Runtime mail drivers and settings
  * Sealed namespace for immutability
  */
-import type { MailDriverConfig } from './type';
-export declare const mailConfig: Readonly<{
-    /**
-     * Default mail driver
-     */
-    readonly default: string;
-    /**
-     * Default "From" identity
-     */
-    readonly from: {
-        readonly address: string;
-        readonly name: string;
+import type { MailConfigInput, MailDriverConfig } from './type';
+export type MailConfigOverrides = Partial<{
+    default: string;
+    from: {
+        address: string;
+        name: string;
     };
-    /**
-     * Driver configs
-     */
-    readonly drivers: {
-        readonly disabled: {
-            readonly driver: "disabled";
-        };
-        readonly sendgrid: {
-            readonly driver: "sendgrid";
-            readonly apiKey: string;
-        };
-        readonly mailgun: {
-            readonly driver: "mailgun";
-            readonly apiKey: string;
-            readonly domain: string;
-            readonly baseUrl: string;
-        };
-        readonly smtp: {
-            readonly driver: "smtp";
-            readonly host: string;
-            readonly port: number;
-            readonly username: string;
-            readonly password: string;
-            readonly secure: boolean | "starttls";
-        };
-        readonly nodemailer: {
-            readonly driver: "nodemailer";
-            readonly host: string;
-            readonly port: number;
-            readonly username: string;
-            readonly password: string;
-            readonly secure: boolean | "starttls";
-        };
-        readonly ses: {
-            readonly driver: "ses";
-            readonly region: string;
-        };
-    };
-    /**
-     * Get selected driver config
-     */
-    readonly getDriver: (name?: string) => MailDriverConfig;
+    drivers: Record<string, MailDriverConfig>;
 }>;
-export type MailConfig = typeof mailConfig;
+declare const createMailConfig: () => {
+    default: string;
+    from: {
+        address: string;
+        name: string;
+    };
+    drivers: Record<string, MailDriverConfig>;
+    getDriver: (this: MailConfigInput, name?: string) => MailDriverConfig;
+};
+export type MailConfig = ReturnType<typeof createMailConfig>;
+export declare const mailConfig: MailConfig;
+export {};
 //# sourceMappingURL=mail.d.ts.map

package/src/config/mail.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mail.d.ts","sourceRoot":"","sources":["../../../src/config/mail.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAmB,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAkHtE,eAAO,MAAM,UAAU;IA7ErB;;OAEG;;IAGH;;OAEG;;;;;IAMH;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAsDH;;OAEG;gCACc,MAAM,KAAG,gBAAgB;EAKU,CAAC;AACvD,MAAM,MAAM,UAAU,GAAG,OAAO,UAAU,CAAC"}
+{"version":3,"file":"mail.d.ts","sourceRoot":"","sources":["../../../src/config/mail.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGtE,MAAM,MAAM,mBAAmB,GAAG,OAAO,CAAC;IACxC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACxC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;CAC3C,CAAC,CAAC;AAmCH,QAAA,MAAM,gBAAgB,QAAO;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACxC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAC1C,SAAS,EAAE,CAAC,IAAI,EAAE,eAAe,EAAE,IAAI,CAAC,EAAE,MAAM,KAAK,gBAAgB,CAAC;CAgGvE,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAqB7D,eAAO,MAAM,UAAU,EAAE,UAYvB,CAAC"}

package/src/config/mail.js

@@ -3,6 +3,7 @@
  * Runtime mail drivers and settings
  * Sealed namespace for immutability
  */
+import { StartupConfigFile, StartupConfigFileRegistry } from '../runtime/StartupConfigFileRegistry.js';
 import { Env } from './env.js';
 import { ErrorFactory } from '../exceptions/ZintrustError.js';
 const isMailDriverConfig = (value) => {
@@ -34,22 +35,16 @@ const getMailDriver = (config, name) => {
     }
     throw ErrorFactory.createConfigError(`Mail driver not configured: ${selected}`);
 };
-const mailConfigObj = {
-    /**
-     * Default mail driver
-     */
-    default: Env.get('MAIL_CONNECTION', Env.get('MAIL_DRIVER', 'disabled')).trim().toLowerCase(),
-    /**
-     * Default "From" identity
-     */
-    from: {
+const createMailConfig = () => {
+    const overrides = StartupConfigFileRegistry.get(StartupConfigFile.Mail) ?? {};
+    const baseDefault = Env.get('MAIL_CONNECTION', Env.get('MAIL_DRIVER', 'disabled'))
+        .trim()
+        .toLowerCase();
+    const baseFrom = {
         address: Env.get('MAIL_FROM_ADDRESS', ''),
         name: Env.get('MAIL_FROM_NAME', ''),
-    },
-    /**
-     * Driver configs
-     */
-    drivers: {
+    };
+    const baseDrivers = {
         disabled: {
             driver: 'disabled',
         },
@@ -101,12 +96,59 @@ const mailConfigObj = {
             driver: 'ses',
             region: Env.get('AWS_REGION', 'us-east-1'),
         },
+    };
+    const mailConfigObj = {
+        /**
+         * Default mail driver
+         */
+        default: (overrides.default ?? baseDefault).trim().toLowerCase(),
+        /**
+         * Default "From" identity
+         */
+        from: {
+            ...baseFrom,
+            ...(overrides.from ?? {}),
+        },
+        /**
+         * Driver configs
+         */
+        drivers: {
+            ...baseDrivers,
+            ...(overrides.drivers ?? {}),
+        },
+        /**
+         * Get selected driver config
+         */
+        getDriver(name) {
+            return getMailDriver(this, name);
+        },
+    };
+    return Object.freeze(mailConfigObj);
+};
+let cached = null;
+const proxyTarget = {};
+const ensureMailConfig = () => {
+    if (cached)
+        return cached;
+    cached = createMailConfig();
+    try {
+        Object.defineProperties(proxyTarget, Object.getOwnPropertyDescriptors(cached));
+    }
+    catch {
+        // best-effort
+    }
+    return cached;
+};
+export const mailConfig = new Proxy(proxyTarget, {
+    get(_target, prop) {
+        return ensureMailConfig()[prop];
     },
-    /**
-     * Get selected driver config
-     */
-    getDriver(name) {
-        return getMailDriver(this, name);
+    ownKeys() {
+        ensureMailConfig();
+        return Reflect.ownKeys(proxyTarget);
     },
-};
-export const mailConfig = Object.freeze(mailConfigObj);
+    getOwnPropertyDescriptor(_target, prop) {
+        ensureMailConfig();
+        return Object.getOwnPropertyDescriptor(proxyTarget, prop);
+    },
+});

package/src/config/middleware.d.ts

@@ -1,4 +1,28 @@
 import type { MiddlewareConfigType } from './type';
+export declare enum MiddlewareBody {
+    email = "email",
+    password = "password",
+    name = "name",
+    count = "count"
+}
+export type MiddlewaresType = {
+    skipPaths: string[];
+    fillRateLimit: {
+        windowMs: number;
+        max: number;
+        message: string;
+    };
+    authRateLimit: {
+        windowMs: number;
+        max: number;
+        message: string;
+    };
+    userMutationRateLimit: {
+        windowMs: number;
+        max: number;
+        message: string;
+    };
+};
 export declare const MiddlewareKeys: Readonly<{
     log: true;
     error: true;

package/src/config/middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/config/middleware.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AA8DzD,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;EAiBuB,CAAC;AAEnD,MAAM,MAAM,aAAa,GAAG,MAAM,OAAO,cAAc,CAAC;AA2KxD,wBAAgB,sBAAsB,IAAI,oBAAoB,CAkB7D;AA0BD,eAAO,MAAM,gBAAgB,EAAE,oBAY7B,CAAC;AAEH,eAAe,gBAAgB,CAAC"}
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/config/middleware.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AA8DzD,oBAAY,cAAc;IACxB,KAAK,UAAU;IACf,QAAQ,aAAa;IACrB,IAAI,SAAS;IACb,KAAK,UAAU;CAChB;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,aAAa,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAClE,aAAa,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAClE,qBAAqB,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CAC3E,CAAC;AAEF,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;EAiBuB,CAAC;AAEnD,MAAM,MAAM,aAAa,GAAG,MAAM,OAAO,cAAc,CAAC;AA0MxD,wBAAgB,sBAAsB,IAAI,oBAAoB,CAqB7D;AA0BD,eAAO,MAAM,gBAAgB,EAAE,oBAY7B,CAAC;AAEH,eAAe,gBAAgB,CAAC"}

package/src/config/middleware.js

@@ -1,4 +1,4 @@
-import { Env } from './env.js';
+import { StartupConfigFile, StartupConfigFileRegistry } from '../runtime/StartupConfigFileRegistry.js';
 import { bodyParsingMiddleware } from '../http/middleware/BodyParsingMiddleware.js';
 import { fileUploadMiddleware } from '../http/middleware/FileUploadMiddleware.js';
 import { AuthMiddleware } from '../middleware/AuthMiddleware.js';
@@ -12,6 +12,13 @@ import { SecurityMiddleware } from '../middleware/SecurityMiddleware.js';
 import { ValidationMiddleware } from '../middleware/ValidationMiddleware.js';
 import { Sanitizer } from '../security/Sanitizer.js';
 import { Schema } from '../validation/Validator.js';
+export var MiddlewareBody;
+(function (MiddlewareBody) {
+    MiddlewareBody["email"] = "email";
+    MiddlewareBody["password"] = "password";
+    MiddlewareBody["name"] = "name";
+    MiddlewareBody["count"] = "count";
+})(MiddlewareBody || (MiddlewareBody = {}));
 export const MiddlewareKeys = Object.freeze({
     log: true,
     error: true,
@@ -33,45 +40,60 @@ export const MiddlewareKeys = Object.freeze({
 // Ensure `ValidationMiddleware` is strongly typed here to avoid `error`-typed values
 // triggering `@typescript-eslint/no-unsafe-*` rules.
 const Validation = ValidationMiddleware;
-function createRateLimitMiddlewares() {
+const resolveFillRateLimit = (loadMiddlewareConfig) => {
+    return {
+        windowMs: loadMiddlewareConfig.fillRateLimit?.windowMs ?? 60_000,
+        max: loadMiddlewareConfig.fillRateLimit?.max ?? 5,
+        message: loadMiddlewareConfig.fillRateLimit?.message ??
+            'Too many requests, please try again after 1 minute.',
+    };
+};
+const resolveAuthRateLimit = (loadMiddlewareConfig) => {
+    return {
+        windowMs: loadMiddlewareConfig.authRateLimit?.windowMs ?? 60_000,
+        max: loadMiddlewareConfig.authRateLimit?.max ?? 10,
+        message: loadMiddlewareConfig.authRateLimit?.message ??
+            'Too many login attempts, please try again after 1 minute.',
+    };
+};
+const resolveUserMutationRateLimit = (loadMiddlewareConfig) => {
+    return {
+        windowMs: loadMiddlewareConfig.userMutationRateLimit?.windowMs ?? 60_000,
+        max: loadMiddlewareConfig.userMutationRateLimit?.max ?? 20,
+        message: loadMiddlewareConfig.userMutationRateLimit?.message ??
+            'Too many user requests, please try again after 1 minute.',
+    };
+};
+function createRateLimitMiddlewares(loadMiddlewareConfig) {
+    const fillRateLimit = RateLimiter.create(resolveFillRateLimit(loadMiddlewareConfig));
+    const authRateLimit = RateLimiter.create(resolveAuthRateLimit(loadMiddlewareConfig));
+    const userMutationRateLimit = RateLimiter.create(resolveUserMutationRateLimit(loadMiddlewareConfig));
     return Object.freeze({
         rateLimit: RateLimiter.create(),
-        fillRateLimit: RateLimiter.create({
-            windowMs: 60_000,
-            max: 5,
-            message: 'Too many fill requests, please try again later.',
-        }),
-        authRateLimit: RateLimiter.create({
-            windowMs: 60_000,
-            max: 10,
-            message: 'Too many authentication requests, please try again later.',
-        }),
-        userMutationRateLimit: RateLimiter.create({
-            windowMs: 60_000,
-            max: 20,
-            message: 'Too many write requests, please try again later.',
-        }),
+        fillRateLimit,
+        authRateLimit,
+        userMutationRateLimit,
     });
 }
 function createAuthValidationMiddlewares() {
     return {
         validateLogin: Validation.createBodyWithSanitization(Schema.typed()
-            .required('email')
-            .email('email')
-            .required('password')
-            .string('password'), {
+            .required(MiddlewareBody.email)
+            .email(MiddlewareBody.email)
+            .required(MiddlewareBody.password)
+            .string(MiddlewareBody.password), {
             email: (v) => Sanitizer.email(v).trim().toLowerCase(),
             password: (v) => Sanitizer.safePasswordChars(v),
         }),
         validateRegister: Validation.createBodyWithSanitization(Schema.typed()
-            .required('name')
-            .string('name')
-            .minLength('name', 1)
-            .required('email')
-            .email('email')
-            .required('password')
-            .string('password')
-            .minLength('password', 8), {
+            .required(MiddlewareBody.name)
+            .string(MiddlewareBody.name)
+            .minLength(MiddlewareBody.name, 1)
+            .required(MiddlewareBody.email)
+            .email(MiddlewareBody.email)
+            .required(MiddlewareBody.password)
+            .string(MiddlewareBody.password)
+            .minLength(MiddlewareBody.password, 8), {
             name: (v) => Sanitizer.nameText(v).trim(),
             email: (v) => Sanitizer.email(v).trim().toLowerCase(),
             password: (v) => Sanitizer.safePasswordChars(v),
@@ -81,32 +103,32 @@ function createAuthValidationMiddlewares() {
 function createUserValidationMiddlewares() {
     return {
         validateUserStore: Validation.createBodyWithSanitization(Schema.typed()
-            .required('name')
-            .string('name')
-            .minLength('name', 1)
-            .required('email')
-            .email('email')
-            .required('password')
-            .string('password')
-            .minLength('password', 8), {
+            .required(MiddlewareBody.name)
+            .string(MiddlewareBody.name)
+            .minLength(MiddlewareBody.name, 1)
+            .required(MiddlewareBody.email)
+            .email(MiddlewareBody.email)
+            .required(MiddlewareBody.password)
+            .string(MiddlewareBody.password)
+            .minLength(MiddlewareBody.password, 8), {
             name: (v) => Sanitizer.nameText(v).trim(),
             email: (v) => Sanitizer.email(v).trim().toLowerCase(),
             password: (v) => Sanitizer.safePasswordChars(v),
         }),
         validateUserUpdate: Validation.createBodyWithSanitization(Schema.typed()
-            .custom('name', (v) => v === undefined || typeof v === 'string', 'name must be a string')
-            .minLength('name', 1)
-            .custom('email', (v) => v === undefined || typeof v === 'string', 'email must be a string')
-            .custom('password', (v) => v === undefined || typeof v === 'string', 'password must be a string')
-            .minLength('password', 8), {
+            .custom(MiddlewareBody.name, (v) => v === undefined || typeof v === 'string', MiddlewareBody.name + ' must be a string')
+            .minLength(MiddlewareBody.name, 1)
+            .custom(MiddlewareBody.email, (v) => v === undefined || typeof v === 'string', MiddlewareBody.email + ' must be a string')
+            .custom(MiddlewareBody.password, (v) => v === undefined || typeof v === 'string', MiddlewareBody.password + ' must be a string')
+            .minLength(MiddlewareBody.password, 8), {
             name: (v) => Sanitizer.nameText(v).trim(),
             email: (v) => Sanitizer.email(v).trim().toLowerCase(),
             password: (v) => Sanitizer.safePasswordChars(v),
         }),
         validateUserFill: Validation.createBodyWithSanitization(Schema.typed()
-            .custom('count', (v) => v === undefined || (typeof v === 'number' && Number.isFinite(v)), 'count must be a number')
-            .min('count', 1)
-            .max('count', 100)),
+            .custom(MiddlewareBody.count, (v) => v === undefined || (typeof v === 'number' && Number.isFinite(v)), MiddlewareBody.count + ' must be a number')
+            .min(MiddlewareBody.count, 1)
+            .max(MiddlewareBody.count, 100)),
     };
 }
 function createValidationMiddlewares() {
@@ -115,8 +137,8 @@ function createValidationMiddlewares() {
         ...createUserValidationMiddlewares(),
     });
 }
-function createSharedMiddlewares() {
-    const rateLimits = createRateLimitMiddlewares();
+function createSharedMiddlewares(loadMiddlewareConfig) {
+    const rateLimits = createRateLimitMiddlewares(loadMiddlewareConfig);
     const validations = createValidationMiddlewares();
     return Object.freeze({
         log: LoggingMiddleware.create(),
@@ -125,10 +147,7 @@ function createSharedMiddlewares() {
         sanitizeBody: SanitizeBodyMiddleware.create(),
         ...rateLimits,
         csrf: CsrfMiddleware.create({
-            skipPaths: Env.get('CSRF_SKIP_PATHS', '')
-                .split(',')
-                .map((p) => p.trim())
-                .filter((p) => p.length > 0),
+            skipPaths: loadMiddlewareConfig?.skipPaths ?? [],
         }),
         auth: AuthMiddleware.create(),
         jwt: JwtAuthMiddleware.create(),
@@ -136,7 +155,8 @@ function createSharedMiddlewares() {
     });
 }
 export function createMiddlewareConfig() {
-    const shared = createSharedMiddlewares();
+    const loadMiddlewareConfig = StartupConfigFileRegistry.get(StartupConfigFile.Middleware) ?? {};
+    const shared = createSharedMiddlewares(loadMiddlewareConfig);
     const middlewareConfigObj = {
         global: [
             shared.log,