@zintrust/core 0.1.40 → 0.1.41

package/src/orm/SchemaCompiler.js

@@ -80,7 +80,7 @@ function getColumnTypeSql(driver, def) {
         return specialSql;
     return 'TEXT';
 }
-function getDefaultValueSql(table, def) {
+function getDefaultValueSql(driver, table, def) {
     if (def.default === undefined)
         return null;
     const dv = def.default;
@@ -88,8 +88,11 @@ function getDefaultValueSql(table, def) {
         return 'DEFAULT NULL';
     if (typeof dv === 'number' && Number.isFinite(dv))
         return `DEFAULT ${dv}`;
-    if (typeof dv === 'boolean')
+    if (typeof dv === 'boolean') {
+        if (driver === 'postgresql')
+            return `DEFAULT ${dv ? 'true' : 'false'}`;
         return `DEFAULT ${dv ? 1 : 0}`;
+    }
     if (typeof dv === 'string') {
         const escaped = dv.replaceAll("'", "''");
         return `DEFAULT '${escaped}'`;
@@ -113,7 +116,7 @@ function columnSql(driver, table, def) {
         parts.push('UNIQUE');
     if (isPrimary)
         parts.push('PRIMARY KEY');
-    const defaultVal = getDefaultValueSql(table, def);
+    const defaultVal = getDefaultValueSql(driver, table, def);
     if (defaultVal !== null)
         parts.push(defaultVal);
     return parts.join(' ');

package/src/orm/adapters/D1RemoteAdapter.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"D1RemoteAdapter.d.ts","sourceRoot":"","sources":["../../../../src/orm/adapters/D1RemoteAdapter.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAe,MAAM,sBAAsB,CAAC;AA+I1F,eAAO,MAAM,eAAe;oBACV,cAAc,GAAG,gBAAgB;EA+EjD,CAAC;AAEH,eAAe,eAAe,CAAC"}
+{"version":3,"file":"D1RemoteAdapter.d.ts","sourceRoot":"","sources":["../../../../src/orm/adapters/D1RemoteAdapter.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAe,MAAM,sBAAsB,CAAC;AA2J1F,eAAO,MAAM,eAAe;oBACV,cAAc,GAAG,gBAAgB;EA+EjD,CAAC;AAEH,eAAe,eAAe,CAAC"}

package/src/orm/adapters/D1RemoteAdapter.js

@@ -9,11 +9,23 @@ import { ErrorFactory } from '../../exceptions/ZintrustError.js';
 import { AdaptersEnum } from '../../migrations/enum/index.js';
 import { QueryBuilder } from '../QueryBuilder.js';
 import { SignedRequest } from '../../security/SignedRequest.js';
+const resolveSigningPrefix = (baseUrl) => {
+    try {
+        const parsed = new URL(baseUrl);
+        const path = parsed.pathname.endsWith('/') ? parsed.pathname.slice(0, -1) : parsed.pathname;
+        if (path === '' || path === '/')
+            return undefined;
+        return path;
+    }
+    catch {
+        return undefined;
+    }
+};
 const createRemoteConfig = () => {
     const settings = {
         baseUrl: Env.get('D1_REMOTE_URL'),
         keyId: Env.get('D1_REMOTE_KEY_ID'),
-        secret: Env.get('D1_REMOTE_SECRET'),
+        secret: Env.get('D1_REMOTE_SECRET', Env.APP_KEY),
         mode: Env.get('D1_REMOTE_MODE', 'registry') ?? 'registry',
         timeoutMs: Env.getInt('ZT_PROXY_TIMEOUT_MS', Env.REQUEST_TIMEOUT),
     };
@@ -22,6 +34,7 @@ const createRemoteConfig = () => {
         keyId: settings.keyId,
         secret: settings.secret,
         timeoutMs: settings.timeoutMs,
+        signaturePathPrefixToStrip: resolveSigningPrefix(settings.baseUrl),
         missingUrlMessage: 'D1 remote proxy URL is missing (D1_REMOTE_URL)',
         missingCredentialsMessage: 'D1 remote signing credentials are missing (D1_REMOTE_KEY_ID / D1_REMOTE_SECRET)',
         messages: {

package/src/orm/adapters/MongoDBProxyAdapter.d.ts

@@ -0,0 +1,3 @@
+import type { IDatabaseAdapter } from '../DatabaseAdapter';
+export declare function createMongoDBProxyAdapter(): IDatabaseAdapter;
+//# sourceMappingURL=MongoDBProxyAdapter.d.ts.map

package/src/orm/adapters/MongoDBProxyAdapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MongoDBProxyAdapter.d.ts","sourceRoot":"","sources":["../../../../src/orm/adapters/MongoDBProxyAdapter.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,gBAAgB,EAAe,MAAM,sBAAsB,CAAC;AA6D1E,wBAAgB,yBAAyB,IAAI,gBAAgB,CA4F5D"}

package/src/orm/adapters/MongoDBProxyAdapter.js

@@ -0,0 +1,128 @@
+/* eslint-disable @typescript-eslint/require-await */
+import { Env } from '../../config/env.js';
+import { Logger } from '../../config/logger.js';
+import { ErrorFactory } from '../../exceptions/ZintrustError.js';
+import { ProxyCache } from '../adapters/ProxyCache.js';
+import { ensureSignedSettings, isRecord, requestSignedProxy, } from '../adapters/SqlProxyAdapterUtils.js';
+const normalizeRows = (value) => {
+    if (value === null)
+        return [];
+    if (Array.isArray(value))
+        return value;
+    return [value];
+};
+const extractResultPayload = (response) => {
+    if (!isRecord(response))
+        return response;
+    if ('result' in response)
+        return response['result'];
+    if ('rows' in response)
+        return response['rows'];
+    return response;
+};
+const getCacheKey = (collection, operation, args) => {
+    return `${collection}:${operation}:${JSON.stringify(args)}`;
+};
+const resolveProxyUrl = () => {
+    const url = Env.get('MONGODB_PROXY_URL', '');
+    if (typeof url === 'string' && url.trim() !== '')
+        return url;
+    const host = Env.get('MONGODB_PROXY_HOST', '127.0.0.1');
+    const port = Env.getInt('MONGODB_PROXY_PORT', 8792);
+    return `http://${host}:${port}`;
+};
+const buildProxySettings = () => {
+    const baseUrl = resolveProxyUrl();
+    const keyId = Env.get('MONGODB_PROXY_KEY_ID', '');
+    const secret = Env.get('MONGODB_PROXY_SECRET', '');
+    const timeoutMs = Env.getInt('MONGODB_PROXY_TIMEOUT_MS', 30000);
+    return { baseUrl, keyId, secret, timeoutMs };
+};
+const buildSignedProxyConfig = (settings) => ({
+    settings,
+    missingUrlMessage: 'MongoDB proxy URL is missing',
+    missingCredentialsMessage: 'MongoDB proxy signing credentials are missing',
+    messages: {
+        unauthorized: 'MongoDB proxy unauthorized',
+        forbidden: 'MongoDB proxy forbidden',
+        rateLimited: 'MongoDB proxy rate limited',
+        rejected: 'MongoDB proxy rejected',
+        error: 'MongoDB proxy error',
+        timedOut: 'MongoDB proxy timed out',
+    },
+});
+const MONGODB_OPERATION_PATH = '/zin/mongodb/operation';
+export function createMongoDBProxyAdapter() {
+    let connected = false;
+    const cache = ProxyCache.create();
+    const settings = buildProxySettings();
+    return {
+        async connect() {
+            ensureSignedSettings(buildSignedProxyConfig(settings));
+            Logger.info(`Connecting to MongoDB via proxy: ${settings.baseUrl}`);
+            connected = true;
+        },
+        async disconnect() {
+            connected = false;
+            cache.clear();
+            Logger.info('Disconnected from MongoDB proxy');
+        },
+        async query(_sql, _parameters) {
+            if (!connected) {
+                throw ErrorFactory.createConnectionError('Not connected to MongoDB proxy');
+            }
+            // Parse MongoDB-like query (simple implementation)
+            // Expected format: collection.operation({...})
+            const pattern = /^(\w+)\.(\w+)\((.+)\$/;
+            const match = pattern.exec(_sql);
+            if (!match) {
+                throw ErrorFactory.createGeneralError('Invalid MongoDB query format');
+            }
+            const [, collection, operation, argsStr] = match;
+            const args = JSON.parse(argsStr);
+            const cacheKey = getCacheKey(collection, operation, args);
+            const cached = cache.get(cacheKey);
+            if (cached)
+                return cached;
+            const response = await requestSignedProxy(buildSignedProxyConfig({
+                ...settings,
+                signaturePathPrefixToStrip: MONGODB_OPERATION_PATH,
+            }), MONGODB_OPERATION_PATH, { collection, operation, args });
+            const result = extractResultPayload(response);
+            const rows = normalizeRows(result);
+            const queryResult = {
+                rows,
+                rowCount: rows.length,
+            };
+            cache.set(cacheKey, queryResult);
+            return queryResult;
+        },
+        async queryOne(sql, parameters) {
+            const result = await this.query(sql, parameters);
+            return result.rows[0] ?? null;
+        },
+        async ping() {
+            if (!connected) {
+                throw ErrorFactory.createConnectionError('Not connected to MongoDB proxy');
+            }
+        },
+        async transaction(callback) {
+            // MongoDB proxy doesn't support traditional transactions via HTTP
+            Logger.warn('MongoDB proxy adapter does not support transactions');
+            return callback(this);
+        },
+        async rawQuery(sql, parameters) {
+            const result = await this.query(sql, parameters ?? []);
+            return result.rows;
+        },
+        getType() {
+            return 'mongodb-proxy';
+        },
+        isConnected() {
+            return connected;
+        },
+        getPlaceholder(index) {
+            return `$${index}`;
+        },
+    };
+}

package/src/orm/adapters/MySQLProxyAdapter.d.ts

@@ -0,0 +1,11 @@
+/**
+ * MySQL Proxy Adapter (HTTP)
+ *
+ * Used in Cloudflare Workers when MYSQL_PROXY_URL is configured.
+ */
+import type { DatabaseConfig, IDatabaseAdapter } from '../DatabaseAdapter';
+export declare const MySQLProxyAdapter: Readonly<{
+    create(_config: DatabaseConfig): IDatabaseAdapter;
+}>;
+export default MySQLProxyAdapter;
+//# sourceMappingURL=MySQLProxyAdapter.d.ts.map

package/src/orm/adapters/MySQLProxyAdapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MySQLProxyAdapter.d.ts","sourceRoot":"","sources":["../../../../src/orm/adapters/MySQLProxyAdapter.ts"],"names":[],"mappings":"AACA;;;;GAIG;AAMH,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAe,MAAM,sBAAsB,CAAC;AAuF1F,eAAO,MAAM,iBAAiB;oBACZ,cAAc,GAAG,gBAAgB;EAqFjD,CAAC;AAEH,eAAe,iBAAiB,CAAC"}

package/src/orm/adapters/MySQLProxyAdapter.js

@@ -0,0 +1,143 @@
+/* eslint-disable @typescript-eslint/require-await */
+/**
+ * MySQL Proxy Adapter (HTTP)
+ *
+ * Used in Cloudflare Workers when MYSQL_PROXY_URL is configured.
+ */
+import { Env } from '../../config/env.js';
+import { Logger } from '../../config/logger.js';
+import { ErrorFactory } from '../../exceptions/ZintrustError.js';
+import { AdaptersEnum } from '../../migrations/enum/index.js';
+import { QueryBuilder } from '../QueryBuilder.js';
+import { ensureSignedSettings, isRecord, requestSignedProxy, } from '../adapters/SqlProxyAdapterUtils.js';
+const buildProxySettings = () => {
+    const baseUrl = Env.MYSQL_PROXY_URL;
+    const keyId = Env.MYSQL_PROXY_KEY_ID ?? '';
+    const secret = Env.MYSQL_PROXY_SECRET ?? '';
+    const timeoutMs = Env.MYSQL_PROXY_TIMEOUT_MS;
+    return { baseUrl, keyId, secret, timeoutMs };
+};
+const buildSignedProxyConfig = (settings) => ({
+    settings,
+    missingUrlMessage: 'MySQL proxy URL is missing (MYSQL_PROXY_URL)',
+    missingCredentialsMessage: 'MySQL proxy signing credentials are missing (MYSQL_PROXY_KEY_ID / MYSQL_PROXY_SECRET)',
+    messages: {
+        unauthorized: 'MySQL proxy unauthorized',
+        forbidden: 'MySQL proxy forbidden',
+        rateLimited: 'MySQL proxy rate limited',
+        rejected: 'MySQL proxy rejected request',
+        error: 'MySQL proxy error',
+        timedOut: 'MySQL proxy request timed out',
+    },
+});
+const isQueryResponse = (value) => isRecord(value) && Array.isArray(value['rows']) && typeof value['rowCount'] === 'number';
+const isQueryOneResponse = (value) => isRecord(value) && 'row' in value;
+const getExecMeta = (value) => {
+    if (!isRecord(value) || typeof value['ok'] !== 'boolean')
+        return { changes: 0 };
+    const meta = value['meta'];
+    if (!isRecord(meta))
+        return { changes: 0 };
+    const changes = typeof meta['changes'] === 'number' ? meta['changes'] : 0;
+    const lastRowId = meta['lastRowId'];
+    return { changes, lastRowId: lastRowId };
+};
+const requestProxy = async (settings, path, payload) => {
+    const signedProxyConfig = buildSignedProxyConfig(settings);
+    try {
+        return await requestSignedProxy(signedProxyConfig, path, payload);
+    }
+    catch (error) {
+        Logger.error('[MySQLProxyAdapter] Proxy request failed', {
+            path,
+            baseUrl: settings.baseUrl,
+            timeoutMs: settings.timeoutMs,
+            hasKeyId: (settings.keyId ?? '').trim() !== '',
+            hasSecret: (settings.secret ?? '').trim() !== '',
+            error: error instanceof Error ? error.message : String(error),
+        });
+        throw error;
+    }
+};
+export const MySQLProxyAdapter = Object.freeze({
+    create(_config) {
+        let connected = false;
+        const settings = buildProxySettings();
+        Logger.info('[MySQLProxyAdapter] Created with runtime settings', {
+            baseUrl: settings.baseUrl,
+            timeoutMs: settings.timeoutMs,
+            hasKeyId: (settings.keyId ?? '').trim() !== '',
+            hasSecret: (settings.secret ?? '').trim() !== '',
+        });
+        return {
+            async connect() {
+                ensureSignedSettings(buildSignedProxyConfig(settings));
+                connected = true;
+            },
+            async disconnect() {
+                connected = false;
+            },
+            async query(sql, parameters) {
+                if (!connected)
+                    throw ErrorFactory.createConnectionError('Database not connected');
+                const out = await requestProxy(settings, '/zin/mysql/query', {
+                    sql,
+                    params: parameters,
+                });
+                if (isQueryResponse(out)) {
+                    return {
+                        rows: out.rows,
+                        rowCount: out.rowCount,
+                        lastInsertId: out.lastInsertId,
+                    };
+                }
+                if (isQueryOneResponse(out)) {
+                    const row = out.row;
+                    return { rows: row ? [row] : [], rowCount: row ? 1 : 0 };
+                }
+                const meta = getExecMeta(out);
+                return { rows: [], rowCount: meta.changes, lastInsertId: meta.lastRowId };
+            },
+            async queryOne(sql, parameters) {
+                if (!connected)
+                    throw ErrorFactory.createConnectionError('Database not connected');
+                const out = await requestProxy(settings, '/zin/mysql/queryOne', {
+                    sql,
+                    params: parameters,
+                });
+                return out.row ?? null;
+            },
+            async ping() {
+                if (!connected)
+                    throw ErrorFactory.createConnectionError('Database not connected');
+                await this.queryOne(QueryBuilder.create('').select('1').toSQL(), []);
+            },
+            async transaction(callback) {
+                if (!connected)
+                    throw ErrorFactory.createConnectionError('Database not connected');
+                try {
+                    return await callback(this);
+                }
+                catch (error) {
+                    throw ErrorFactory.createTryCatchError('MySQL proxy transaction failed', error);
+                }
+            },
+            async rawQuery(sql, parameters = []) {
+                if (!connected)
+                    throw ErrorFactory.createConnectionError('Database not connected');
+                const out = await this.query(sql, parameters);
+                return out.rows;
+            },
+            getType() {
+                return AdaptersEnum.mysql;
+            },
+            isConnected() {
+                return connected;
+            },
+            getPlaceholder(_index) {
+                return '?';
+            },
+        };
+    },
+});
+export default MySQLProxyAdapter;

package/src/orm/adapters/PostgreSQLProxyAdapter.d.ts

@@ -0,0 +1,11 @@
+/**
+ * PostgreSQL Proxy Adapter (HTTP)
+ *
+ * Used in Cloudflare Workers when POSTGRES_PROXY_URL is configured.
+ */
+import type { DatabaseConfig, IDatabaseAdapter } from '../DatabaseAdapter';
+export declare const PostgreSQLProxyAdapter: Readonly<{
+    create(_config: DatabaseConfig): IDatabaseAdapter;
+}>;
+export default PostgreSQLProxyAdapter;
+//# sourceMappingURL=PostgreSQLProxyAdapter.d.ts.map

package/src/orm/adapters/PostgreSQLProxyAdapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PostgreSQLProxyAdapter.d.ts","sourceRoot":"","sources":["../../../../src/orm/adapters/PostgreSQLProxyAdapter.ts"],"names":[],"mappings":"AACA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAe,MAAM,sBAAsB,CAAC;AAkH1F,eAAO,MAAM,sBAAsB;oBACjB,cAAc,GAAG,gBAAgB;EA+DjD,CAAC;AAEH,eAAe,sBAAsB,CAAC"}

package/src/orm/adapters/PostgreSQLProxyAdapter.js

@@ -0,0 +1,147 @@
+/* eslint-disable @typescript-eslint/require-await */
+/**
+ * PostgreSQL Proxy Adapter (HTTP)
+ *
+ * Used in Cloudflare Workers when POSTGRES_PROXY_URL is configured.
+ */
+import { Env } from '../../config/env.js';
+import { ErrorFactory } from '../../exceptions/ZintrustError.js';
+import { AdaptersEnum } from '../../migrations/enum/index.js';
+import { QueryBuilder } from '../QueryBuilder.js';
+import { ensureSignedSettings, isRecord, requestSignedProxy, } from '../adapters/SqlProxyAdapterUtils.js';
+const resolveBaseUrl = () => {
+    const explicit = Env.POSTGRES_PROXY_URL.trim();
+    if (explicit !== '')
+        return explicit;
+    const host = Env.POSTGRES_PROXY_HOST || '127.0.0.1';
+    const port = Env.POSTGRES_PROXY_PORT;
+    return `http://${host}:${port}`;
+};
+const buildProxySettings = () => {
+    const baseUrl = resolveBaseUrl();
+    const keyId = Env.POSTGRES_PROXY_KEY_ID ?? '';
+    const secret = Env.POSTGRES_PROXY_SECRET ?? '';
+    const timeoutMs = Env.POSTGRES_PROXY_TIMEOUT_MS;
+    return { baseUrl, keyId, secret, timeoutMs };
+};
+const buildSignedProxyConfig = (settings) => ({
+    settings,
+    missingUrlMessage: 'PostgreSQL proxy URL is missing (POSTGRES_PROXY_URL)',
+    missingCredentialsMessage: 'PostgreSQL proxy signing credentials are missing (POSTGRES_PROXY_KEY_ID / POSTGRES_PROXY_SECRET)',
+    messages: {
+        unauthorized: 'PostgreSQL proxy unauthorized',
+        forbidden: 'PostgreSQL proxy forbidden',
+        rateLimited: 'PostgreSQL proxy rate limited',
+        rejected: 'PostgreSQL proxy rejected request',
+        error: 'PostgreSQL proxy error',
+        timedOut: 'PostgreSQL proxy request timed out',
+    },
+});
+const isQueryResponse = (value) => isRecord(value) && Array.isArray(value['rows']) && typeof value['rowCount'] === 'number';
+const isQueryOneResponse = (value) => isRecord(value) && 'row' in value;
+const normalizeLastInsertId = (value) => {
+    if (typeof value === 'number' || typeof value === 'string' || typeof value === 'bigint') {
+        return value;
+    }
+    return undefined;
+};
+const extractRowId = (row) => {
+    if (!isRecord(row))
+        return undefined;
+    return normalizeLastInsertId(row['id']);
+};
+const getExecMeta = (value) => {
+    if (!isRecord(value) || typeof value['ok'] !== 'boolean')
+        return { changes: 0 };
+    const meta = value['meta'];
+    if (!isRecord(meta))
+        return { changes: 0 };
+    const changes = typeof meta['changes'] === 'number' ? meta['changes'] : 0;
+    return { changes };
+};
+const toQueryResult = (out) => {
+    if (isQueryResponse(out)) {
+        return {
+            rows: out.rows,
+            rowCount: out.rowCount,
+            lastInsertId: extractRowId(out.rows[0]),
+        };
+    }
+    if (isQueryOneResponse(out)) {
+        const row = out.row ?? null;
+        return {
+            rows: row ? [row] : [],
+            rowCount: row ? 1 : 0,
+            lastInsertId: extractRowId(row),
+        };
+    }
+    const meta = getExecMeta(out);
+    return { rows: [], rowCount: meta.changes };
+};
+const requestProxy = async (settings, path, payload) => {
+    return requestSignedProxy(buildSignedProxyConfig(settings), path, payload);
+};
+export const PostgreSQLProxyAdapter = Object.freeze({
+    create(_config) {
+        let connected = true;
+        const settings = buildProxySettings();
+        return {
+            async connect() {
+                ensureSignedSettings(buildSignedProxyConfig(settings));
+                connected = true;
+            },
+            async disconnect() {
+                connected = true;
+            },
+            async query(sql, parameters) {
+                if (!connected)
+                    throw ErrorFactory.createConnectionError('Database not connected');
+                const out = await requestProxy(settings, '/zin/postgres/query', {
+                    sql,
+                    params: parameters,
+                });
+                return toQueryResult(out);
+            },
+            async queryOne(sql, parameters) {
+                if (!connected)
+                    throw ErrorFactory.createConnectionError('Database not connected');
+                const out = await requestProxy(settings, '/zin/postgres/queryOne', {
+                    sql,
+                    params: parameters,
+                });
+                return out.row ?? null;
+            },
+            async ping() {
+                if (!connected)
+                    throw ErrorFactory.createConnectionError('Database not connected');
+                await this.queryOne(QueryBuilder.create('').select('1').toSQL(), []);
+            },
+            async transaction(callback) {
+                if (!connected)
+                    throw ErrorFactory.createConnectionError('Database not connected');
+                try {
+                    return await callback(this);
+                }
+                catch (error) {
+                    throw ErrorFactory.createTryCatchError('PostgreSQL proxy transaction failed', error);
+                }
+            },
+            async rawQuery(sql, parameters = []) {
+                if (!connected)
+                    throw ErrorFactory.createConnectionError('Database not connected');
+                const out = await this.query(sql, parameters);
+                return out.rows;
+            },
+            getType() {
+                return AdaptersEnum.postgresql;
+            },
+            isConnected() {
+                return connected;
+            },
+            getPlaceholder(index) {
+                return `$${index}`;
+            },
+        };
+    },
+});
+export default PostgreSQLProxyAdapter;

package/src/orm/adapters/ProxyCache.d.ts

@@ -0,0 +1,9 @@
+import type { QueryResult } from '../DatabaseAdapter';
+export declare const ProxyCache: Readonly<{
+    create(): Readonly<{
+        get(key: string): QueryResult | null;
+        set(key: string, data: QueryResult): void;
+        clear(): void;
+    }>;
+}>;
+//# sourceMappingURL=ProxyCache.d.ts.map

package/src/orm/adapters/ProxyCache.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProxyCache.d.ts","sourceRoot":"","sources":["../../../../src/orm/adapters/ProxyCache.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AASxD,eAAO,MAAM,UAAU;;iBAKR,MAAM,GAAG,WAAW,GAAG,IAAI;iBAU3B,MAAM,QAAQ,WAAW,GAAG,IAAI;iBAIhC,IAAI;;EAKjB,CAAC"}

package/src/orm/adapters/ProxyCache.js

@@ -0,0 +1,24 @@
+const CACHE_TTL_MS = 5000;
+export const ProxyCache = Object.freeze({
+    create() {
+        const cache = new Map();
+        return Object.freeze({
+            get(key) {
+                const entry = cache.get(key);
+                if (!entry)
+                    return null;
+                if (Date.now() - entry.timestamp > CACHE_TTL_MS) {
+                    cache.delete(key);
+                    return null;
+                }
+                return entry.data;
+            },
+            set(key, data) {
+                cache.set(key, { data, timestamp: Date.now() });
+            },
+            clear() {
+                cache.clear();
+            },
+        });
+    },
+});

package/src/orm/adapters/ProxySignedRequest.d.ts

@@ -0,0 +1,11 @@
+export declare const createSignedProxyRequest: (input: {
+    url: string;
+    body: string;
+    keyId: string;
+    secret: string;
+    missingCredentialsMessage: string;
+}) => Promise<{
+    headers: Record<string, string>;
+    body: string;
+}>;
+//# sourceMappingURL=ProxySignedRequest.d.ts.map

package/src/orm/adapters/ProxySignedRequest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProxySignedRequest.d.ts","sourceRoot":"","sources":["../../../../src/orm/adapters/ProxySignedRequest.ts"],"names":[],"mappings":"AAMA,eAAO,MAAM,wBAAwB,GAAU,OAAO;IACpD,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,yBAAyB,EAAE,MAAM,CAAC;CACnC,KAAG,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CA4B5D,CAAC"}

package/src/orm/adapters/ProxySignedRequest.js

@@ -0,0 +1,30 @@
+import { ErrorFactory } from '../../exceptions/ZintrustError.js';
+import { normalizeSigningCredentials } from '../../proxy/SigningService.js';
+import { SignedRequest } from '../../security/SignedRequest.js';
+import { buildSigningUrl } from '../adapters/ProxySigningPath.js';
+export const createSignedProxyRequest = async (input) => {
+    const creds = normalizeSigningCredentials({ keyId: input.keyId, secret: input.secret });
+    if (creds.keyId.trim() === '' || creds.secret.trim() === '') {
+        throw ErrorFactory.createConfigError(input.missingCredentialsMessage);
+    }
+    const urlObj = new URL(input.url);
+    const signingUrl = buildSigningUrl(urlObj, input.url);
+    const signResult = await SignedRequest.createHeaders({
+        method: 'POST',
+        url: signingUrl,
+        body: input.body,
+        keyId: creds.keyId,
+        secret: creds.secret,
+    });
+    return {
+        headers: {
+            'content-type': 'application/json',
+            'x-zt-key-id': signResult['x-zt-key-id'],
+            'x-zt-timestamp': signResult['x-zt-timestamp'],
+            'x-zt-nonce': signResult['x-zt-nonce'],
+            'x-zt-body-sha256': signResult['x-zt-body-sha256'],
+            'x-zt-signature': signResult['x-zt-signature'],
+        },
+        body: input.body,
+    };
+};

package/src/orm/adapters/ProxySigningPath.d.ts

@@ -0,0 +1,3 @@
+export declare const resolveSigningPrefix: (baseUrl: string) => string | undefined;
+export declare const buildSigningUrl: (requestUrl: URL, baseUrl: string) => URL;
+//# sourceMappingURL=ProxySigningPath.d.ts.map

package/src/orm/adapters/ProxySigningPath.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProxySigningPath.d.ts","sourceRoot":"","sources":["../../../../src/orm/adapters/ProxySigningPath.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,oBAAoB,GAAI,SAAS,MAAM,KAAG,MAAM,GAAG,SAU/D,CAAC;AAEF,eAAO,MAAM,eAAe,GAAI,YAAY,GAAG,EAAE,SAAS,MAAM,KAAG,GAYlE,CAAC"}

package/src/orm/adapters/ProxySigningPath.js

@@ -0,0 +1,25 @@
+export const resolveSigningPrefix = (baseUrl) => {
+    try {
+        const parsed = new URL(baseUrl);
+        const pathname = parsed.pathname;
+        const path = pathname.endsWith('/') ? pathname.slice(0, -1) : pathname;
+        if (path === '' || path === '/')
+            return undefined;
+        return path;
+    }
+    catch {
+        return undefined;
+    }
+};
+export const buildSigningUrl = (requestUrl, baseUrl) => {
+    const prefix = resolveSigningPrefix(baseUrl);
+    if (typeof prefix !== 'string' || prefix.trim() === '')
+        return requestUrl;
+    if (requestUrl.pathname === prefix || requestUrl.pathname.startsWith(`${prefix}/`)) {
+        const signingUrl = new URL(requestUrl.toString());
+        const stripped = requestUrl.pathname.slice(prefix.length);
+        signingUrl.pathname = stripped.startsWith('/') ? stripped : `/${stripped}`;
+        return signingUrl;
+    }
+    return requestUrl;
+};