@zipbul/baker 3.0.1 → 3.1.0

package/CHANGELOG.md

@@ -1,5 +1,16 @@
 # @zipbul/baker
 
+## 3.1.0
+
+### Minor Changes
+
+- c40834b: Add `isOrigin` and `isCorsOrigin` string rules for RFC 6454 §6.2 serialized-origin
+  validation. `isOrigin` accepts only the canonical WHATWG URL `.origin` form (rejecting
+  trailing slash, path/query/fragment, uppercase scheme/host, explicit default ports,
+  userinfo, and raw IDN — punycode required) plus the opaque `'null'` literal. `isCorsOrigin`
+  is the CORS superset that additionally accepts the `'*'` wildcard. Both work standalone
+  (`isOrigin('https://a.com')`) and as `@Field` rules.
+
 ## 3.0.1
 
 ### Patch Changes

package/dist/src/rules/index.d.ts

@@ -3,7 +3,7 @@ export type { IsNumberOptions } from './typechecker';
 export { min, max, isPositive, isNegative, isDivisibleBy } from './number';
 export { minDate, maxDate } from './date';
 export { equals, notEquals, isEmpty, isNotEmpty, isIn, isNotIn } from './common';
-export { minLength, maxLength, length, contains, notContains, matches, isLowercase, isUppercase, isAscii, isAlpha, isAlphanumeric, isHttpToken, isBooleanString, isNumberString, isDecimal, isFullWidth, isHalfWidth, isVariableWidth, isMultibyte, isSurrogatePair, isHexadecimal, isOctal, isEmail, isURL, isUUID, isIP, isHexColor, isRgbColor, isHSL, isMACAddress, isISBN, isISIN, isISO8601, isISRC, isISSN, isJWT, isLatLong, isLocale, isDataURI, isFQDN, isPort, isEAN, isISO31661Alpha2, isISO31661Alpha3, isBIC, isFirebasePushId, isSemVer, isMongoId, isJSON, isBase32, isBase58, isBase64, isDateString, isMimeType, isCurrency, isMagnetURI, isCreditCard, isIBAN, isByteLength, isHash, isRFC3339, isMilitaryTime, isLatitude, isLongitude, isEthereumAddress, isBtcAddress, isISO4217CurrencyCode, isPhoneNumber, isStrongPassword, isTaxId, isULID, isCUID2, } from './string';
+export { minLength, maxLength, length, contains, notContains, matches, isLowercase, isUppercase, isAscii, isAlpha, isAlphanumeric, isHttpToken, isOrigin, isCorsOrigin, isBooleanString, isNumberString, isDecimal, isFullWidth, isHalfWidth, isVariableWidth, isMultibyte, isSurrogatePair, isHexadecimal, isOctal, isEmail, isURL, isUUID, isIP, isHexColor, isRgbColor, isHSL, isMACAddress, isISBN, isISIN, isISO8601, isISRC, isISSN, isJWT, isLatLong, isLocale, isDataURI, isFQDN, isPort, isEAN, isISO31661Alpha2, isISO31661Alpha3, isBIC, isFirebasePushId, isSemVer, isMongoId, isJSON, isBase32, isBase58, isBase64, isDateString, isMimeType, isCurrency, isMagnetURI, isCreditCard, isIBAN, isByteLength, isHash, isRFC3339, isMilitaryTime, isLatitude, isLongitude, isEthereumAddress, isBtcAddress, isISO4217CurrencyCode, isPhoneNumber, isStrongPassword, isTaxId, isULID, isCUID2, } from './string';
 export type { IsURLOptions, IsBase64Options, IsMACAddressOptions, IsIBANOptions, IsISSNOptions, IsFQDNOptions, IsISO8601Options, IsNumberStringOptions, IsStrongPasswordOptions, } from './string';
 export { arrayContains, arrayNotContains, arrayMinSize, arrayMaxSize, arrayUnique, arrayNotEmpty } from './array';
 export { isNotEmptyObject, isInstance } from './object';

package/dist/src/rules/index.js

@@ -2,7 +2,7 @@ export { isString, isNumber, isBoolean, isDate, isEnum, isInt, isArray, isObject
 export { min, max, isPositive, isNegative, isDivisibleBy } from './number.js';
 export { minDate, maxDate } from './date.js';
 export { equals, notEquals, isEmpty, isNotEmpty, isIn, isNotIn } from './common.js';
-export { minLength, maxLength, length, contains, notContains, matches, isLowercase, isUppercase, isAscii, isAlpha, isAlphanumeric, isHttpToken, isBooleanString, isNumberString, isDecimal, isFullWidth, isHalfWidth, isVariableWidth, isMultibyte, isSurrogatePair, isHexadecimal, isOctal, isEmail, isURL, isUUID, isIP, isHexColor, isRgbColor, isHSL, isMACAddress, isISBN, isISIN, isISO8601, isISRC, isISSN, isJWT, isLatLong, isLocale, isDataURI, isFQDN, isPort, isEAN, isISO31661Alpha2, isISO31661Alpha3, isBIC, isFirebasePushId, isSemVer, isMongoId, isJSON, isBase32, isBase58, isBase64, isDateString, isMimeType, isCurrency, isMagnetURI, isCreditCard, isIBAN, isByteLength, isHash, isRFC3339, isMilitaryTime, isLatitude, isLongitude, isEthereumAddress, isBtcAddress, isISO4217CurrencyCode, isPhoneNumber, isStrongPassword, isTaxId, isULID, isCUID2, } from './string.js';
+export { minLength, maxLength, length, contains, notContains, matches, isLowercase, isUppercase, isAscii, isAlpha, isAlphanumeric, isHttpToken, isOrigin, isCorsOrigin, isBooleanString, isNumberString, isDecimal, isFullWidth, isHalfWidth, isVariableWidth, isMultibyte, isSurrogatePair, isHexadecimal, isOctal, isEmail, isURL, isUUID, isIP, isHexColor, isRgbColor, isHSL, isMACAddress, isISBN, isISIN, isISO8601, isISRC, isISSN, isJWT, isLatLong, isLocale, isDataURI, isFQDN, isPort, isEAN, isISO31661Alpha2, isISO31661Alpha3, isBIC, isFirebasePushId, isSemVer, isMongoId, isJSON, isBase32, isBase58, isBase64, isDateString, isMimeType, isCurrency, isMagnetURI, isCreditCard, isIBAN, isByteLength, isHash, isRFC3339, isMilitaryTime, isLatitude, isLongitude, isEthereumAddress, isBtcAddress, isISO4217CurrencyCode, isPhoneNumber, isStrongPassword, isTaxId, isULID, isCUID2, } from './string.js';
 export { arrayContains, arrayNotContains, arrayMinSize, arrayMaxSize, arrayUnique, arrayNotEmpty } from './array.js';
 export { isNotEmptyObject, isInstance } from './object.js';
 export { isMobilePhone, isPostalCode, isIdentityCard, isPassportNumber } from './locales.js';

package/dist/src/rules/string.d.ts

@@ -11,6 +11,8 @@ declare const isAscii: EmittableRule;
 declare const isAlpha: EmittableRule;
 declare const isAlphanumeric: EmittableRule;
 declare const isHttpToken: EmittableRule;
+declare const isOrigin: import("../types").InternalRule;
+declare const isCorsOrigin: import("../types").InternalRule;
 declare const isBooleanString: import("../types").InternalRule;
 interface IsNumberStringOptions {
     no_symbols?: boolean;
@@ -104,5 +106,5 @@ declare function isStrongPassword(options?: IsStrongPasswordOptions): EmittableR
 declare function isTaxId(locale: string): EmittableRule;
 declare function isULID(): EmittableRule;
 declare function isCUID2(): EmittableRule;
-export { minLength, maxLength, length, contains, notContains, matches, isLowercase, isUppercase, isAscii, isAlpha, isAlphanumeric, isHttpToken, isBooleanString, isNumberString, isDecimal, isFullWidth, isHalfWidth, isVariableWidth, isMultibyte, isSurrogatePair, isHexadecimal, isOctal, isEmail, isURL, isUUID, isIP, isHexColor, isRgbColor, isHSL, isMACAddress, isISBN, isISIN, isISO8601, isISRC, isISSN, isJWT, isLatLong, isLocale, isDataURI, isFQDN, isPort, isEAN, isISO31661Alpha2, isISO31661Alpha3, isBIC, isFirebasePushId, isSemVer, isMongoId, isJSON, isBase32, isBase58, isBase64, isDateString, isMimeType, isCurrency, isMagnetURI, isCreditCard, isIBAN, isByteLength, isHash, isRFC3339, isMilitaryTime, isLatitude, isLongitude, isEthereumAddress, isBtcAddress, isISO4217CurrencyCode, isPhoneNumber, isStrongPassword, isTaxId, isULID, isCUID2, };
+export { minLength, maxLength, length, contains, notContains, matches, isLowercase, isUppercase, isAscii, isAlpha, isAlphanumeric, isHttpToken, isOrigin, isCorsOrigin, isBooleanString, isNumberString, isDecimal, isFullWidth, isHalfWidth, isVariableWidth, isMultibyte, isSurrogatePair, isHexadecimal, isOctal, isEmail, isURL, isUUID, isIP, isHexColor, isRgbColor, isHSL, isMACAddress, isISBN, isISIN, isISO8601, isISRC, isISSN, isJWT, isLatLong, isLocale, isDataURI, isFQDN, isPort, isEAN, isISO31661Alpha2, isISO31661Alpha3, isBIC, isFirebasePushId, isSemVer, isMongoId, isJSON, isBase32, isBase58, isBase64, isDateString, isMimeType, isCurrency, isMagnetURI, isCreditCard, isIBAN, isByteLength, isHash, isRFC3339, isMilitaryTime, isLatitude, isLongitude, isEthereumAddress, isBtcAddress, isISO4217CurrencyCode, isPhoneNumber, isStrongPassword, isTaxId, isULID, isCUID2, };
 export type { IsNumberStringOptions, IsURLOptions, IsMACAddressOptions, IsISO8601Options, IsISSNOptions, IsFQDNOptions, IsBase64Options, IsIBANOptions, IsStrongPasswordOptions, };

package/dist/src/rules/string.js

@@ -129,6 +129,43 @@ const isHttpToken = makeStringRule('isHttpToken', v => HTTP_TOKEN_RE.test(v), (v
     const i = ctx.addRegex(HTTP_TOKEN_RE);
     return `if (!re[${i}].test(${varName})) ${ctx.fail('isHttpToken')};`;
 });
+// RFC 6454 §6.2 serialized origin — a string equal to WHATWG URL `.origin`.
+// The opaque-origin literal 'null' is matched explicitly because `new URL('null')` throws.
+// '*' (CORS wildcard) is rejected here; use isCorsOrigin for the CORS superset.
+const isOriginValue = (value) => {
+    if (value === 'null') {
+        return true;
+    }
+    try {
+        return new URL(value).origin === value;
+    }
+    catch {
+        return false;
+    }
+};
+const isOrigin = makeRule({
+    name: 'isOrigin',
+    requiresType: 'string',
+    constraints: { format: 'origin' },
+    validate: value => typeof value === 'string' && isOriginValue(value),
+    emit: (varName, ctx) => {
+        const i = ctx.addRef(isOriginValue);
+        return `if (!(refs[${i}](${varName}))) ${ctx.fail('isOrigin')};`;
+    },
+});
+// CORS superset of isOrigin: additionally accepts the '*' wildcard literal
+// (Access-Control-Allow-Origin). Keep '*' out of the general isOrigin.
+const isCorsOriginValue = (value) => value === '*' || isOriginValue(value);
+const isCorsOrigin = makeRule({
+    name: 'isCorsOrigin',
+    requiresType: 'string',
+    constraints: { format: 'origin', allowWildcard: true },
+    validate: value => typeof value === 'string' && isCorsOriginValue(value),
+    emit: (varName, ctx) => {
+        const i = ctx.addRef(isCorsOriginValue);
+        return `if (!(refs[${i}](${varName}))) ${ctx.fail('isCorsOrigin')};`;
+    },
+});
 // BooleanString: 'true' | 'false' | '1' | '0'
 const isBooleanString = makeRule({
     name: 'isBooleanString',
@@ -1995,4 +2032,4 @@ function isCUID2() {
         return `if (!re[${i}].test(${varName})) ${ctx.fail('isCUID2')};`;
     }, 'string', { format: 'cuid2' });
 }
-export { minLength, maxLength, length, contains, notContains, matches, isLowercase, isUppercase, isAscii, isAlpha, isAlphanumeric, isHttpToken, isBooleanString, isNumberString, isDecimal, isFullWidth, isHalfWidth, isVariableWidth, isMultibyte, isSurrogatePair, isHexadecimal, isOctal, isEmail, isURL, isUUID, isIP, isHexColor, isRgbColor, isHSL, isMACAddress, isISBN, isISIN, isISO8601, isISRC, isISSN, isJWT, isLatLong, isLocale, isDataURI, isFQDN, isPort, isEAN, isISO31661Alpha2, isISO31661Alpha3, isBIC, isFirebasePushId, isSemVer, isMongoId, isJSON, isBase32, isBase58, isBase64, isDateString, isMimeType, isCurrency, isMagnetURI, isCreditCard, isIBAN, isByteLength, isHash, isRFC3339, isMilitaryTime, isLatitude, isLongitude, isEthereumAddress, isBtcAddress, isISO4217CurrencyCode, isPhoneNumber, isStrongPassword, isTaxId, isULID, isCUID2, };
+export { minLength, maxLength, length, contains, notContains, matches, isLowercase, isUppercase, isAscii, isAlpha, isAlphanumeric, isHttpToken, isOrigin, isCorsOrigin, isBooleanString, isNumberString, isDecimal, isFullWidth, isHalfWidth, isVariableWidth, isMultibyte, isSurrogatePair, isHexadecimal, isOctal, isEmail, isURL, isUUID, isIP, isHexColor, isRgbColor, isHSL, isMACAddress, isISBN, isISIN, isISO8601, isISRC, isISSN, isJWT, isLatLong, isLocale, isDataURI, isFQDN, isPort, isEAN, isISO31661Alpha2, isISO31661Alpha3, isBIC, isFirebasePushId, isSemVer, isMongoId, isJSON, isBase32, isBase58, isBase64, isDateString, isMimeType, isCurrency, isMagnetURI, isCreditCard, isIBAN, isByteLength, isHash, isRFC3339, isMilitaryTime, isLatitude, isLongitude, isEthereumAddress, isBtcAddress, isISO4217CurrencyCode, isPhoneNumber, isStrongPassword, isTaxId, isULID, isCUID2, };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zipbul/baker",
-  "version": "3.0.1",
+  "version": "3.1.0",
   "description": "Bun-only AOT decorator-based DTO validation & serialization. class-validator DX, sealed code generation, zero reflect-metadata.",
   "keywords": [
     "aot",