npm - @zintrust/core - Versions diffs - 0.1.48 → 0.1.50 - Mend

@zintrust/core 0.1.48 → 0.1.50

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (403) hide show

package/README.md CHANGED Viewed

@@ -230,7 +230,7 @@ ZinTrust uses a proven layered architecture:
 - 📚 [Documentation](https://zintrust.com)
 - 💬 [Discord Community](https://discord.gg/zintrust)
 - 🐦 [Follow on X](https://x.com/zintrust)
-- 🐛 [Issue Tracker](https://github.com/ZinTrust /ZinTrust /issues)
+- 🐛 [Issue Tracker](https://github.com/ZinTrust/ZinTrust/issues)
 - 🤝 [Contributing Guide](./contributing.md)
 ## License

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@zintrust/core",
-  "version": "0.1.48",
+  "version": "0.1.50",
   "description": "Production-grade TypeScript backend framework for JavaScript",
   "homepage": "https://zintrust.com",
   "repository": {
@@ -42,10 +42,6 @@
       "types": "./src/node.d.ts",
       "import": "./src/node.js"
     },
-    "./routes/*": {
-      "types": "./routes/*.d.ts",
-      "import": "./routes/*.js"
-    },
     "./package.json": "./package.json"
   },
   "dependencies": {
@@ -78,10 +74,6 @@
   "files": [
     "bin",
     "src",
-    "routes",
-    "config",
-    "app",
-    "packages",
     "public"
   ],
   "engines": {

package/src/cli/CLI.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"CLI.d.ts","sourceRoot":"","sources":["../../../src/cli/CLI.ts"],"names":[],"mappings":"AAAA;;;GAGG;~~AAqEH~~,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAIpC,MAAM,WAAW,IAAI;IACnB,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACnC,UAAU,IAAI,OAAO,CAAC;CACvB;~~AA2PD~~;;;;;;;GAOG;AACH,eAAO,MAAM,GAAG;cACJ,IAAI;EAed,CAAC"}
1	+ {"version":3,"file":"CLI.d.ts","sourceRoot":"","sources":["../../../src/cli/CLI.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAsEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAIpC,MAAM,WAAW,IAAI;IACnB,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACnC,UAAU,IAAI,OAAO,CAAC;CACvB;AA4PD;;;;;;;GAOG;AACH,eAAO,MAAM,GAAG;cACJ,IAAI;EAed,CAAC"}

package/src/cli/CLI.js CHANGED Viewed

@@ -4,6 +4,7 @@
  */
 import { AddCommand } from './commands/AddCommand.js';
 import { BroadcastWorkCommand } from './commands/BroadcastWorkCommand.js';
+import { BulletproofKeyGenerateCommand } from './commands/BulletproofKeyGenerateCommand.js';
 import { ConfigCommand } from './commands/ConfigCommand.js';
 import { ContainerProxiesCommand } from './commands/ContainerProxiesCommand.js';
 import { ContainerWorkersCommand } from './commands/ContainerWorkersCommand.js';
@@ -119,6 +120,7 @@ const buildCommandRegistry = () => {
         QACommand(),
         FixCommand.create(),
         KeyGenerateCommand.create(),
+        BulletproofKeyGenerateCommand.create(),
         SimulateCommand,
         TemplatesCommand,
         MakeMailTemplateCommand.create(),

package/src/cli/commands/AddCommand.js CHANGED Viewed

@@ -33,7 +33,7 @@ const addOptions = (command) => {
         .option('--port <number>', 'Service port - for services')
         .option('--service <path>', 'Service path (relative to project root) - for features')
         .option('--with-test', 'Generate test files - for features')
-        .option('--controller-type <type>', 'Controller type: crud, resource, api, graphql, websocket, webhook - for controllers')
+        .option('--controller-type <type>', 'Controller type: crud, resource, api, graphql, websocket - for controllers')
         .option('--soft-delete', 'Add soft delete to model')
         .option('--timestamps', 'Add timestamps to model (default: true)')
         .option('--resource', 'Generate resource routes')
@@ -304,7 +304,7 @@ const promptControllerConfig = async () => {
             type: 'list',
             name: 'type',
             message: 'Controller type:',
-            choices: ['crud', 'resource', 'api', 'graphql', 'websocket', 'webhook'],
+            choices: ['crud', 'resource', 'api', 'graphql', 'websocket'],
             default: 'crud',
         },
     ]);

package/src/cli/commands/BulletproofKeyGenerateCommand.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Bulletproof Signing Secret Generate Command
+ * Generates and sets BULLETPROOF_SIGNING_SECRET (with rotation backups)
+ */
+import type { IBaseCommand } from '../BaseCommand';
+export declare const BulletproofKeyGenerateCommand: Readonly<{
+    create(): IBaseCommand;
+}>;
+export default BulletproofKeyGenerateCommand;
+//# sourceMappingURL=BulletproofKeyGenerateCommand.d.ts.map

package/src/cli/commands/BulletproofKeyGenerateCommand.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"BulletproofKeyGenerateCommand.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/BulletproofKeyGenerateCommand.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAkB,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAgBrE,eAAO,MAAM,6BAA6B;cAC9B,YAAY;EAkEtB,CAAC;AAoFH,eAAe,6BAA6B,CAAC"}

package/src/cli/commands/BulletproofKeyGenerateCommand.js ADDED Viewed

@@ -0,0 +1,139 @@
+/**
+ * Bulletproof Signing Secret Generate Command
+ * Generates and sets BULLETPROOF_SIGNING_SECRET (with rotation backups)
+ */
+import { BaseCommand } from '../BaseCommand.js';
+import { Logger } from '../../config/logger.js';
+import * as crypto from '../../node-singletons/crypto.js';
+import { fsPromises as fs } from '../../node-singletons/fs.js';
+import * as path from '../../node-singletons/path.js';
+const ENV_KEY = 'BULLETPROOF_SIGNING_SECRET';
+const ENV_BK_KEY = 'BULLETPROOF_SIGNING_SECRET_BK';
+export const BulletproofKeyGenerateCommand = Object.freeze({
+    create() {
+        return BaseCommand.create({
+            name: 'key:bulletproof',
+            description: 'Generate/rotate BULLETPROOF_SIGNING_SECRET (signed-request proof key)',
+            aliases: ['bulletproof:key', 'key:signer'],
+            addOptions: (command) => {
+                command.option('--show', 'Display the key (and suggested env) instead of modifying files');
+                command.option('--max-backups <n>', 'Max secrets to keep in BULLETPROOF_SIGNING_SECRET_BK (default: 5)', '5');
+            },
+            execute: async (options) => {
+                const key = generateRandomKey();
+                const maxBackups = parseMaxBackups(options.maxBackups);
+                if (options.show === true) {
+                    Logger.info(`${ENV_KEY}=${key}`);
+                    Logger.info(`${ENV_BK_KEY}=[]`);
+                    return;
+                }
+                const envPath = path.resolve(process.cwd(), '.env');
+                try {
+                    let envContent = '';
+                    try {
+                        envContent = await fs.readFile(envPath, 'utf-8');
+                    }
+                    catch (error) {
+                        Logger.warn('Could not read .env file, attempting to create from example', { error });
+                        const examplePath = path.resolve(process.cwd(), '.env.example');
+                        try {
+                            envContent = await fs.readFile(examplePath, 'utf-8');
+                            await fs.writeFile(envPath, envContent);
+                            Logger.info('.env file created from .env.example');
+                        }
+                        catch (copyError) {
+                            Logger.error('Failed to create .env from example', { error: copyError });
+                            Logger.warn('.env file not found and .env.example not found. Creating new .env file.');
+                            envContent = '';
+                        }
+                    }
+                    const currentSecret = readEnvLineValue(envContent, ENV_KEY);
+                    const currentBackups = parseBackups(readEnvLineValue(envContent, ENV_BK_KEY));
+                    const nextBackups = rotateBackups({
+                        currentSecret,
+                        currentBackups,
+                        maxBackups,
+                    });
+                    envContent = upsertEnvLine(envContent, ENV_BK_KEY, JSON.stringify(nextBackups));
+                    envContent = upsertEnvLine(envContent, ENV_KEY, key);
+                    await fs.writeFile(envPath, envContent);
+                    Logger.info(`Bulletproof signing secret set successfully. [${key}]`);
+                }
+                catch (error) {
+                    Logger.error('Failed to update .env file', error);
+                }
+            },
+        });
+    },
+});
+const parseMaxBackups = (raw) => {
+    const n = typeof raw === 'string' ? Number.parseInt(raw, 10) : Number.NaN;
+    if (!Number.isFinite(n) || n < 0)
+        return 5;
+    return Math.min(50, n);
+};
+const generateRandomKey = () => {
+    // 32 bytes = 256-bit (same as APP_KEY default strength).
+    return 'base64:' + crypto.randomBytes(32).toString('base64');
+};
+const readEnvLineValue = (envContent, key) => {
+    const re = new RegExp(`^${escapeRegExp(key)}=(.*)$`, 'm');
+    const match = re.exec(envContent);
+    return typeof match?.[1] === 'string' ? match[1].trim() : '';
+};
+const upsertEnvLine = (envContent, key, value) => {
+    const line = `${key}=${value}`;
+    const re = new RegExp(`^${escapeRegExp(key)}=.*$`, 'm');
+    if (re.test(envContent)) {
+        return envContent.replace(re, line);
+    }
+    const trimmed = envContent.trimEnd();
+    if (trimmed === '')
+        return `${line}\n`;
+    return `${trimmed}\n${line}\n`;
+};
+const escapeRegExp = (value) => value.replaceAll(/[.*+?^${}()|[\]\\]/g, String.raw `\$&`);
+const parseBackups = (raw) => {
+    const value = raw.trim();
+    if (value === '')
+        return [];
+    if (value.startsWith('[')) {
+        try {
+            const parsed = JSON.parse(value);
+            if (!Array.isArray(parsed))
+                return [];
+            return parsed
+                .filter((v) => typeof v === 'string')
+                .map((s) => s.trim())
+                .filter((s) => s !== '');
+        }
+        catch {
+            return [];
+        }
+    }
+    return value
+        .split(',')
+        .map((s) => s.trim())
+        .filter((s) => s !== '');
+};
+const rotateBackups = (params) => {
+    const seen = new Set();
+    const out = [];
+    const pushUnique = (secret) => {
+        const s = secret.trim();
+        if (s === '')
+            return;
+        if (seen.has(s))
+            return;
+        seen.add(s);
+        out.push(s);
+    };
+    if (params.currentSecret !== '') {
+        pushUnique(params.currentSecret);
+    }
+    for (const s of params.currentBackups) {
+        pushUnique(s);
+    }
+    return out.slice(0, Math.max(0, params.maxBackups));
+};
+export default BulletproofKeyGenerateCommand;

package/src/cli/commands/JwtDevCommand.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"JwtDevCommand.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/JwtDevCommand.ts"],"names":[],"mappings":"AAAA;;;GAGG;~~AAEH~~,OAAO,EAAoC,KAAK,YAAY,EAAE,MAAM,kBAAkB,CAAC;~~AA6FvF~~,eAAO,MAAM,aAAa,EAAE,~~YAqD3B~~,CAAC;AAEF,eAAe,aAAa,CAAC"}
1	+ {"version":3,"file":"JwtDevCommand.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/JwtDevCommand.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAoC,KAAK,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAyHvF,eAAO,MAAM,aAAa,EAAE,YAgD3B,CAAC;AAEF,eAAe,aAAa,CAAC"}

package/src/cli/commands/JwtDevCommand.js CHANGED Viewed

@@ -2,11 +2,54 @@
  * JWT Dev Command
  * Mint a local development JWT for quick manual API testing.
  */
+import { isUndefinedOrNull } from '../../helper/index.js';
 import { BaseCommand } from '../BaseCommand.js';
 import { appConfig } from '../../config/app.js';
 import { securityConfig } from '../../config/security.js';
 import { ErrorFactory } from '../../exceptions/ZintrustError.js';
+import * as crypto from '../../node-singletons/crypto.js';
 import { JwtManager } from '../../security/JwtManager.js';
+const sha256Hex = (value) => {
+    return crypto.createHash('sha256').update(value).digest('hex');
+};
+const optionalTrimmed = (value) => {
+    if (typeof value !== 'string')
+        return undefined;
+    const trimmed = value.trim();
+    return trimmed === '' ? undefined : trimmed;
+};
+const buildPayload = (options) => {
+    const payload = {};
+    const sub = optionalTrimmed(options.sub);
+    if (!isUndefinedOrNull(sub))
+        payload.sub = sub;
+    const email = optionalTrimmed(options.email);
+    if (!isUndefinedOrNull(email))
+        payload['email'] = email;
+    const role = optionalTrimmed(options.role);
+    if (!isUndefinedOrNull(role))
+        payload['role'] = role;
+    const deviceId = optionalTrimmed(options.deviceId);
+    if (!isUndefinedOrNull(deviceId))
+        payload['deviceId'] = deviceId;
+    const tenantId = optionalTrimmed(options.tenantId);
+    if (!isUndefinedOrNull(tenantId))
+        payload['tenantId'] = tenantId;
+    const tz = optionalTrimmed(options.tz);
+    if (!isUndefinedOrNull(tz))
+        payload['tz'] = tz;
+    const uaHash = optionalTrimmed(options.uaHash);
+    if (isUndefinedOrNull(uaHash)) {
+        const ua = optionalTrimmed(options.ua);
+        if (ua !== undefined) {
+            payload['uaHash'] = sha256Hex(ua);
+        }
+    }
+    else {
+        payload['uaHash'] = uaHash;
+    }
+    return payload;
+};
 const parseExpiresToSeconds = (value) => {
     const raw = typeof value === 'string' ? value.trim() : '';
     if (raw === '')
@@ -47,25 +90,6 @@ const assertNotProduction = (allowProduction) => {
         return;
     throw ErrorFactory.createCliError("Refusing to mint a dev JWT in production. Use --allow-production only if you know what you're doing.");
 };
-const createJwt = (payload, expiresInSeconds) => {
-    const algorithm = securityConfig.jwt.algorithm;
-    const secret = securityConfig.jwt.secret;
-    const jwt = JwtManager.create();
-    if (algorithm === 'HS256' || algorithm === 'HS512') {
-        jwt.setHmacSecret(secret);
-    }
-    else {
-        throw ErrorFactory.createCliError(`JWT algorithm '${algorithm}' is not supported by zin jwt:dev (HS256/HS512 only).`);
-    }
-    return jwt.sign(payload, {
-        algorithm,
-        expiresIn: expiresInSeconds,
-        issuer: securityConfig.jwt.issuer,
-        audience: securityConfig.jwt.audience,
-        subject: typeof payload.sub === 'string' ? payload.sub : undefined,
-        jwtId: jwt.generateJwtId(),
-    });
-};
 export const JwtDevCommand = Object.freeze(BaseCommand.create({
     name: 'jwt:dev',
     description: 'Mint a local development JWT (for manual API testing)',
@@ -75,25 +99,20 @@ export const JwtDevCommand = Object.freeze(BaseCommand.create({
             .option('--sub <sub>', 'JWT subject claim (default: 1)', '1')
             .option('--email <email>', 'Email claim')
             .option('--role <role>', 'Role claim')
+            .option('--device-id <id>', 'Attach deviceId claim (for bulletproof auth)')
+            .option('--tenant-id <id>', 'Attach tenantId claim')
+            .option('--tz <tz>', 'Attach timezone claim (tz)')
+            .option('--ua <ua>', 'Compute and attach uaHash claim from a User-Agent string')
+            .option('--ua-hash <hash>', 'Attach uaHash claim directly (hex)')
             .option('--expires <duration>', "Expiry: seconds or 30m/1h/7d (default: '1h')", '1h')
             .option('--json', 'Output machine-readable JSON')
             .option('--allow-production', 'Allow running in production (dangerous)');
     },
-    execute: (options) => {
+    execute: async (options) => {
         assertNotProduction(options.allowProduction);
         const expiresInSeconds = parseExpiresToSeconds(options.expires);
-        const payload = {
-            ...(typeof options.sub === 'string' && options.sub.trim() !== ''
-                ? { sub: options.sub.trim() }
-                : {}),
-            ...(typeof options.email === 'string' && options.email.trim() !== ''
-                ? { email: options.email.trim() }
-                : {}),
-            ...(typeof options.role === 'string' && options.role.trim() !== ''
-                ? { role: options.role.trim() }
-                : {}),
-        };
-        const token = createJwt(payload, expiresInSeconds);
+        const payload = buildPayload(options);
+        const token = await JwtManager.signAccessToken(payload, expiresInSeconds);
         /* eslint-disable no-console */
         if (options.json === true) {
             const nowSeconds = Math.floor(Date.now() / 1000);

package/src/cli/scaffolding/ControllerGenerator.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@
  * ControllerGenerator - Generate controller files
  * Creates CRUD controllers with validation and error handling
  */
-export type ControllerType = 'crud' | 'resource' | 'api' | 'graphql' | 'websocket' | 'webhook';
+export type ControllerType = 'crud' | 'resource' | 'api' | 'graphql' | 'websocket';
 export interface ControllerOptions {
     name: string;
     controllerPath: string;

package/src/cli/scaffolding/ControllerGenerator.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ControllerGenerator.d.ts","sourceRoot":"","sources":["../../../../src/cli/scaffolding/ControllerGenerator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,UAAU,GAAG,KAAK,GAAG,SAAS,GAAG,WAAW,~~GAAG,SAAS,~~CAAC;~~AAE/F~~,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,CAAC,EAAE,cAAc,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED,MAAM,WAAW,yBAAyB;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;CACjB;~~AAcD~~;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,iBAAiB,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAgChG;AAED;;GAEG;AAEH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,yBAAyB,CAAC,CA2CjG;~~AA8eD~~;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,cAAc,EAAE,CAEpD;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;EAI9B,CAAC"}
1	+ {"version":3,"file":"ControllerGenerator.d.ts","sourceRoot":"","sources":["../../../../src/cli/scaffolding/ControllerGenerator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,UAAU,GAAG,KAAK,GAAG,SAAS,GAAG,WAAW,CAAC;AAEnF,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,CAAC,EAAE,cAAc,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED,MAAM,WAAW,yBAAyB;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;CACjB;AAaD;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,iBAAiB,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAgChG;AAED;;GAEG;AAEH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,yBAAyB,CAAC,CA2CjG;AAsaD;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,cAAc,EAAE,CAEpD;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;EAI9B,CAAC"}

package/src/cli/scaffolding/ControllerGenerator.js CHANGED Viewed

@@ -14,7 +14,6 @@ const CONTROLLER_TYPES = {
     api: (options) => generateApiController(options),
     graphql: (options) => generateGraphQLController(options),
     websocket: (options) => generateWebSocketController(options),
-    webhook: (options) => generateWebhookController(options),
 };
 /**
  * Validate controller options
@@ -101,9 +100,6 @@ function buildControllerCode(options, type) {
     else if (type === 'websocket') {
         return generateWebSocketController(options);
     }
-    else if (type === 'webhook') {
-        return generateWebhookController(options);
-    }
     return '';
 }
 /**
@@ -405,6 +401,14 @@ const controller = Object.freeze({\n  ...Controller,
         return;
       }
+      // Secure-by-default: generated scaffold does not execute GraphQL until implemented.
+      res.setStatus(501).json({
+        error: 'Not Implemented',
+        message:
+          'GraphQL execution is not implemented in this generated controller. Implement executeQuery() and wire a GraphQL engine before enabling this endpoint.',
+      });
+      return;
       const body = req.getBody() as Record<string, unknown>;
       const query = body.query as string;
@@ -484,81 +488,6 @@ export const ${className} = Object.freeze({
 export default ${className};
 `;
 }
-/**
- * Generate Webhook controller
- */
-function generateWebhookController(options) {
-    const className = options?.name ?? 'WebhookController';
-    return `/**
- * ${className}
- * Auto-generated Webhook controller
- */
-import { type IRequest, type IResponse, Controller } from '../../index.js';
-import { Logger } from '../../config/logger';
-function handleError(res: IResponse, error: unknown): void {
-  const message = error instanceof Error ? error.message : 'Webhook error';
-  res.setStatus(500).json({ error: message });
-}
-const controller = Object.freeze({\n  ...Controller,
-${buildWebhookControllerBody()},
-});
-export type ${className}Api = typeof controller;
-export const ${className} = Object.freeze({
-  create(): ${className}Api {
-    return controller;
-  },
-});
-export default ${className};
-`;
-}
-/**
- * Build Webhook controller body
- */
-function buildWebhookControllerBody() {
-    return `  /**
-   * Handle incoming webhook
-   */
-  async handle(req: IRequest, res: IResponse): Promise<void> {
-    try {
-      // Verify webhook signature
-      const signature = req.getHeader('x-webhook-signature');
-      if (controller.verifySignature(req, signature as string) === false) {
-        res.setStatus(401).json({ error: 'Invalid signature' });
-        return;
-      }
-      const body = req.getBody();
-      await controller.processWebhook(body);
-      res.json({ success: true });
-    } catch (error) {
-      handleError(res, error);
-    }
-  },
-  /**
-   * Verify webhook signature
-   */
-   verifySignature(req: IRequest, signature: string): boolean {
-    // TODO: Implement signature verification
-    return true;
-  },
-  /**
-   * Process webhook payload
-   */
-  async processWebhook(payload: unknown): Promise<void> {
-    // TODO: Implement webhook processing
-    Logger.info('Processing webhook:', { payload });
-  },
-`;
-}
 /**
  * Get available controller types
  */

package/src/config/SecretsManager.d.ts CHANGED Viewed

@@ -53,7 +53,6 @@ export declare const SECRETS: Readonly<{
     readonly ENCRYPTION_KEY: "encryption/key";
     readonly ENCRYPTION_IV: "encryption/iv";
     readonly STRIPE_API_KEY: "stripe/api-key";
-    readonly STRIPE_WEBHOOK_SECRET: "stripe/webhook-secret";
     readonly SENDGRID_API_KEY: "sendgrid/api-key";
     readonly GITHUB_TOKEN: "github/token";
     readonly SESSION_SECRET: "session/secret";

package/src/config/SecretsManager.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"SecretsManager.d.ts","sourceRoot":"","sources":["../../../src/config/SecretsManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EACV,gBAAgB,EAChB,YAAY,EACZ,sBAAsB,EACtB,gBAAgB,EACjB,MAAM,cAAc,CAAC;AAiTtB;;;GAGG;AACH,eAAO,MAAM,cAAc;IACzB;;OAEG;yBACkB,YAAY,GAAG,sBAAsB;IAY1D;;OAEG;mBACkB,MAAM,YAAY,gBAAgB,GAAG,OAAO,CAAC,MAAM,CAAC;IAIzE;;OAEG;mBACkB,MAAM,SAAS,MAAM,YAAY,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;IAItF;;OAEG;sBACqB,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9C;;OAEG;sBACqB,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9C;;OAEG;0BACyB,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAItD;;OAEG;qBACc,MAAM,GAAG,IAAI;EAG9B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,OAAO~~;;;;;;;;;;;;;;;;EA0BT~~,CAAC;AAEZ;;GAEG;AACH,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAU3E;AAED;;GAEG;AACH,wBAAsB,aAAa,IAAI,OAAO,CAAC,UAAU,CAAC,CAOzD;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;CACvB"}
1	+ {"version":3,"file":"SecretsManager.d.ts","sourceRoot":"","sources":["../../../src/config/SecretsManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EACV,gBAAgB,EAChB,YAAY,EACZ,sBAAsB,EACtB,gBAAgB,EACjB,MAAM,cAAc,CAAC;AAiTtB;;;GAGG;AACH,eAAO,MAAM,cAAc;IACzB;;OAEG;yBACkB,YAAY,GAAG,sBAAsB;IAY1D;;OAEG;mBACkB,MAAM,YAAY,gBAAgB,GAAG,OAAO,CAAC,MAAM,CAAC;IAIzE;;OAEG;mBACkB,MAAM,SAAS,MAAM,YAAY,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;IAItF;;OAEG;sBACqB,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9C;;OAEG;sBACqB,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9C;;OAEG;0BACyB,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAItD;;OAEG;qBACc,MAAM,GAAG,IAAI;EAG9B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;EAyBT,CAAC;AAEZ;;GAEG;AACH,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAU3E;AAED;;GAEG;AACH,wBAAsB,aAAa,IAAI,OAAO,CAAC,UAAU,CAAC,CAOzD;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;CACvB"}

package/src/config/SecretsManager.js CHANGED Viewed

@@ -323,7 +323,6 @@ export const SECRETS = Object.freeze({
     ENCRYPTION_IV: 'encryption/iv',
     // Third-party APIs
     STRIPE_API_KEY: 'stripe/api-key',
-    STRIPE_WEBHOOK_SECRET: 'stripe/webhook-secret',
     SENDGRID_API_KEY: 'sendgrid/api-key',
     GITHUB_TOKEN: 'github/token',
     // Session/CSRF

package/src/config/index.d.ts CHANGED Viewed

@@ -18,6 +18,7 @@ export { createRedisConnection } from './workers';
  * Sealed namespace for immutability
  */
 export declare const config: Readonly<{
+    readonly middleware: import("./type").MiddlewareConfigType;
     readonly app: Readonly<{
         readonly name: string;
         readonly prefix: string;
@@ -156,7 +157,6 @@ export declare const config: Readonly<{
             readonly bcryptRounds: number;
         };
     }>;
-    readonly middleware: import("./type").MiddlewareConfigType;
     readonly microservices: Readonly<{
         readonly enabled: boolean;
         readonly services: string[];

package/src/config/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/config/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAaH,OAAO,EAAE,SAAS,EAAE,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,KAAK,WAAW,EAAE,MAAM,eAAe,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,KAAK,cAAc,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,KAAK,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AACtF,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,KAAK,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,KAAK,WAAW,EAAE,MAAM,eAAe,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,KAAK,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAExD;;;GAGG;AACH,eAAO,MAAM,MAAM~~;;;;;;;;;;;;;;;;;;;;;;~~8BAZc,CAAC;;;;;;;;;;;;;;;;;;;;2EAAC,CAAA;;;;;;;;;;;;;;;;;;;;8BAD2B,CAAC~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;wBA2BomB~~,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;~~EAHzpB~~,CAAC;AAEZ,MAAM,MAAM,MAAM,GAAG,OAAO,MAAM,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/config/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAaH,OAAO,EAAE,SAAS,EAAE,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,KAAK,WAAW,EAAE,MAAM,eAAe,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,KAAK,cAAc,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,KAAK,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AACtF,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,KAAK,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,KAAK,WAAW,EAAE,MAAM,eAAe,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,KAAK,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAExD;;;GAGG;AACH,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;8BAZc,CAAC;;;;;;;;;;;;;;;;;;;;2EAAC,CAAA;;;;;;;;;;;;;;;;;;;;8BAD2B,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;wBA+C8X,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;EAHnb,CAAC;AAEZ,MAAM,MAAM,MAAM,GAAG,OAAO,MAAM,CAAC"}

package/src/config/index.js CHANGED Viewed

@@ -28,14 +28,34 @@ export { createRedisConnection } from './workers.js';
  * Sealed namespace for immutability
  */
 export const config = Object.freeze({
-    app: appConfig,
-    broadcast: broadcastConfig,
-    database: databaseConfig,
-    storage: storageConfig,
-    notification: notificationConfig,
-    security: securityConfig,
-    middleware: middlewareConfig,
-    microservices: microservicesConfig,
-    cache: cacheConfig,
-    queue: queueConfig,
+    get middleware() {
+        return middlewareConfig;
+    },
+    get app() {
+        return appConfig;
+    },
+    get broadcast() {
+        return broadcastConfig;
+    },
+    get database() {
+        return databaseConfig;
+    },
+    get storage() {
+        return storageConfig;
+    },
+    get notification() {
+        return notificationConfig;
+    },
+    get security() {
+        return securityConfig;
+    },
+    get microservices() {
+        return microservicesConfig;
+    },
+    get cache() {
+        return cacheConfig;
+    },
+    get queue() {
+        return queueConfig;
+    },
 });

package/src/config/middleware.d.ts CHANGED Viewed

@@ -35,6 +35,7 @@ export declare const MiddlewareKeys: Readonly<{
     csrf: true;
     auth: true;
     jwt: true;
+    bulletproof: true;
     validateLogin: true;
     validateRegister: true;
     validateUserStore: true;

package/src/config/middleware.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/config/middleware.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;~~AA+DzD~~,eAAO,MAAM,cAAc;;;;;CAKjB,CAAC;AAEX,MAAM,MAAM,eAAe,GAAG;IAC5B,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,aAAa,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAClE,aAAa,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAClE,qBAAqB,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CAC3E,CAAC;AAEF,eAAO,MAAM,cAAc~~;;;;;;;;;;;;;;;;;EAiBuB~~,CAAC;AAEnD,MAAM,MAAM,aAAa,GAAG,MAAM,OAAO,cAAc,CAAC;~~AA0MxD~~,wBAAgB,sBAAsB,IAAI,oBAAoB,CAkC7D;AAID;;;GAGG;AACH,eAAO,MAAM,0BAA0B,QAAO,IAE7C,CAAC;AAwBF,eAAO,MAAM,gBAAgB,EAAE,oBAY7B,CAAC;AAEH,eAAe,gBAAgB,CAAC"}
1	+ {"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/config/middleware.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAiEzD,eAAO,MAAM,cAAc;;;;;CAKjB,CAAC;AAEX,MAAM,MAAM,eAAe,GAAG;IAC5B,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,aAAa,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAClE,aAAa,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAClE,qBAAqB,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CAC3E,CAAC;AAEF,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;EAkBuB,CAAC;AAEnD,MAAM,MAAM,aAAa,GAAG,MAAM,OAAO,cAAc,CAAC;AA2MxD,wBAAgB,sBAAsB,IAAI,oBAAoB,CAkC7D;AAID;;;GAGG;AACH,eAAO,MAAM,0BAA0B,QAAO,IAE7C,CAAC;AAwBF,eAAO,MAAM,gBAAgB,EAAE,oBAY7B,CAAC;AAEH,eAAe,gBAAgB,CAAC"}

package/src/config/middleware.js CHANGED Viewed

@@ -2,6 +2,7 @@ import { Env } from './env.js';
 import { bodyParsingMiddleware } from '../http/middleware/BodyParsingMiddleware.js';
 import { fileUploadMiddleware } from '../http/middleware/FileUploadMiddleware.js';
 import { AuthMiddleware } from '../middleware/AuthMiddleware.js';
+import { BulletproofAuthMiddleware } from '../middleware/BulletproofAuthMiddleware.js';
 import { CsrfMiddleware } from '../middleware/CsrfMiddleware.js';
 import { ErrorHandlerMiddleware } from '../middleware/ErrorHandlerMiddleware.js';
 import { JwtAuthMiddleware } from '../middleware/JwtAuthMiddleware.js';
@@ -31,6 +32,7 @@ export const MiddlewareKeys = Object.freeze({
     csrf: true,
     auth: true,
     jwt: true,
+    bulletproof: true,
     validateLogin: true,
     validateRegister: true,
     validateUserStore: true,
@@ -151,6 +153,7 @@ function createSharedMiddlewares(loadMiddlewareConfig) {
         }),
         auth: AuthMiddleware.create(),
         jwt: JwtAuthMiddleware.create(),
+        bulletproof: BulletproofAuthMiddleware.create(),
         ...validations,
     });
 }

package/src/http/error-pages/ErrorPageRenderer.js CHANGED Viewed

@@ -225,5 +225,11 @@ const fetchAssetsTemplate = async (assets, templateName) => {
 };
 const loadNodeTemplate = (publicRoot, templateName) => {
     const templatePath = resolveTemplatePath(publicRoot, templateName);
-    return safeReadTemplate(templatePath) ?? DEFAULT_TEMPLATES[templateName];
+    const loaded = safeReadTemplate(templatePath);
+    const resolved = loaded ?? DEFAULT_TEMPLATES[templateName];
+    if (resolved !== undefined) {
+        // Cache after first successful resolve to avoid repeated filesystem access.
+        setTemplateInStore(templateName, resolved);
+    }
+    return resolved;
 };

package/src/index.d.ts CHANGED Viewed

@@ -82,8 +82,6 @@ export { ValidationError } from './validation/ValidationError';
 export type { FieldError } from './validation/ValidationError';
 export { Schema, Validator } from './validation/Validator';
 export type { ISchema, SchemaType } from './validation/Validator';
-export { ZintrustD1Proxy } from './proxy/d1/ZintrustD1Proxy';
-export { ZintrustKvProxy } from './proxy/kv/ZintrustKvProxy';
 export { CsrfTokenManager } from './security/CsrfTokenManager';
 export type { CsrfTokenData, CsrfTokenManagerType, ICsrfTokenManager, } from './security/CsrfTokenManager';
 export { EncryptedEnvelope } from './security/EncryptedEnvelope';
@@ -91,6 +89,7 @@ export { Encryptor } from './security/Encryptor';
 export { Hash } from './security/Hash';
 export { JwtManager } from './security/JwtManager';
 export type { IJwtManager, JwtAlgorithm, JwtManagerType, JwtOptions, JwtPayload, } from './security/JwtManager';
+export { JwtSessions } from './security/JwtSessions';
 export { PasswordResetTokenBroker } from './security/PasswordResetTokenBroker';
 export type { IPasswordResetTokenBroker, IPasswordResetTokenStore, PasswordResetTokenBrokerOptions, PasswordResetTokenBrokerType, PasswordResetTokenRecord, } from './security/PasswordResetTokenBroker';
 export { createSanitizer, Sanitizer, type SanitizerType } from './security/Sanitizer';