alepha 0.13.0 → 0.13.1

package/dist/server-cookies/index.cjs

@@ -1,234 +0,0 @@
-let alepha = require("alepha");
-let alepha_server = require("alepha/server");
-let node_crypto = require("node:crypto");
-let node_zlib = require("node:zlib");
-let alepha_datetime = require("alepha/datetime");
-let alepha_logger = require("alepha/logger");
-let alepha_security = require("alepha/security");
-
-//#region src/server-cookies/services/CookieParser.ts
-var CookieParser = class {
-	parseRequestCookies(header) {
-		const cookies = {};
-		const parts = header.split(";");
-		for (const part of parts) {
-			const [key, value] = part.split("=");
-			if (!key || !value) continue;
-			cookies[key.trim()] = value.trim();
-		}
-		return cookies;
-	}
-	serializeResponseCookies(cookies, isHttps) {
-		const headers = [];
-		for (const [name, cookie] of Object.entries(cookies)) {
-			if (cookie == null) {
-				headers.push(`${name}=; Path=/; Max-Age=0`);
-				continue;
-			}
-			if (!cookie.value) continue;
-			headers.push(this.cookieToString(name, cookie, isHttps));
-		}
-		return headers;
-	}
-	cookieToString(name, cookie, isHttps) {
-		const parts = [];
-		parts.push(`${name}=${cookie.value}`);
-		if (cookie.path) parts.push(`Path=${cookie.path}`);
-		if (cookie.maxAge) parts.push(`Max-Age=${cookie.maxAge}`);
-		if (cookie.secure !== false && isHttps) parts.push("Secure");
-		if (cookie.httpOnly) parts.push("HttpOnly");
-		if (cookie.sameSite) parts.push(`SameSite=${cookie.sameSite}`);
-		if (cookie.domain) parts.push(`Domain=${cookie.domain}`);
-		return parts.join("; ");
-	}
-};
-
-//#endregion
-//#region src/server-cookies/providers/ServerCookiesProvider.ts
-const envSchema = alepha.t.object({ APP_SECRET: alepha.t.text({ default: alepha_security.DEFAULT_APP_SECRET }) });
-var ServerCookiesProvider = class {
-	alepha = (0, alepha.$inject)(alepha.Alepha);
-	log = (0, alepha_logger.$logger)();
-	cookieParser = (0, alepha.$inject)(CookieParser);
-	dateTimeProvider = (0, alepha.$inject)(alepha_datetime.DateTimeProvider);
-	env = (0, alepha.$env)(envSchema);
-	ALGORITHM = "aes-256-gcm";
-	IV_LENGTH = 16;
-	AUTH_TAG_LENGTH = 16;
-	SIGNATURE_LENGTH = 32;
-	onRequest = (0, alepha.$hook)({
-		on: "server:onRequest",
-		handler: async ({ request }) => {
-			request.cookies = {
-				req: this.cookieParser.parseRequestCookies(request.headers.cookie ?? ""),
-				res: {}
-			};
-		}
-	});
-	onAction = (0, alepha.$hook)({
-		on: "action:onRequest",
-		handler: async ({ request }) => {
-			request.cookies = {
-				req: this.cookieParser.parseRequestCookies(request.headers.cookie ?? ""),
-				res: {}
-			};
-		}
-	});
-	onSend = (0, alepha.$hook)({
-		on: "server:onSend",
-		handler: async ({ request }) => {
-			if (request.cookies && Object.keys(request.cookies.res).length > 0) {
-				const setCookieHeaders = this.cookieParser.serializeResponseCookies(request.cookies.res, request.url.protocol === "https:");
-				if (setCookieHeaders.length > 0) request.reply.headers["set-cookie"] = setCookieHeaders;
-			}
-		}
-	});
-	getCookiesFromContext(cookies) {
-		const contextCookies = this.alepha.context.get("request")?.cookies;
-		if (cookies) return cookies;
-		if (contextCookies) return contextCookies;
-		throw new Error("Cookie context is not available. This method must be called within a server request cycle.");
-	}
-	getCookie(name, options, contextCookies) {
-		const cookies = this.getCookiesFromContext(contextCookies);
-		let rawValue = cookies.req[name];
-		if (!rawValue) return void 0;
-		try {
-			rawValue = decodeURIComponent(rawValue);
-			if (options.sign) {
-				const signature = rawValue.substring(0, this.SIGNATURE_LENGTH * 2);
-				const value = rawValue.substring(this.SIGNATURE_LENGTH * 2);
-				const expectedSignature = this.sign(value);
-				if (!(0, node_crypto.timingSafeEqual)(Buffer.from(signature, "hex"), Buffer.from(expectedSignature, "hex"))) {
-					this.log.warn(`Invalid signature for cookie "${name}".`);
-					return;
-				}
-				rawValue = value;
-			}
-			if (options.encrypt) rawValue = this.decrypt(rawValue);
-			if (options.compress) rawValue = (0, node_zlib.inflateRawSync)(Buffer.from(rawValue, "base64")).toString("utf8");
-			return this.alepha.codec.decode(options.schema, JSON.parse(rawValue));
-		} catch (error) {
-			this.log.warn(`Failed to parse cookie "${name}"`, error);
-			this.deleteCookie(name, cookies);
-			return;
-		}
-	}
-	setCookie(name, options, data, contextCookies) {
-		const cookies = this.getCookiesFromContext(contextCookies);
-		let value = JSON.stringify(this.alepha.codec.decode(options.schema, data));
-		if (options.compress) value = (0, node_zlib.deflateRawSync)(value).toString("base64");
-		if (options.encrypt) value = this.encrypt(value);
-		if (options.sign) value = this.sign(value) + value;
-		const cookie = {
-			value: encodeURIComponent(value),
-			path: options.path ?? "/",
-			sameSite: options.sameSite ?? "lax",
-			secure: options.secure ?? this.alepha.isProduction(),
-			httpOnly: options.httpOnly,
-			domain: options.domain
-		};
-		if (options.ttl) cookie.maxAge = this.dateTimeProvider.duration(options.ttl).as("seconds");
-		cookies.res[name] = cookie;
-	}
-	deleteCookie(name, contextCookies) {
-		const cookies = this.getCookiesFromContext(contextCookies);
-		cookies.res[name] = null;
-	}
-	encrypt(text) {
-		const iv = (0, node_crypto.randomBytes)(this.IV_LENGTH);
-		const cipher = (0, node_crypto.createCipheriv)(this.ALGORITHM, Buffer.from(this.secretKey()), iv);
-		const encrypted = Buffer.concat([cipher.update(text, "utf8"), cipher.final()]);
-		const authTag = cipher.getAuthTag();
-		return Buffer.concat([
-			iv,
-			authTag,
-			encrypted
-		]).toString("base64");
-	}
-	decrypt(encryptedText) {
-		const data = Buffer.from(encryptedText, "base64");
-		const iv = data.subarray(0, this.IV_LENGTH);
-		const authTag = data.subarray(this.IV_LENGTH, this.IV_LENGTH + this.AUTH_TAG_LENGTH);
-		const encrypted = data.subarray(this.IV_LENGTH + this.AUTH_TAG_LENGTH);
-		const decipher = (0, node_crypto.createDecipheriv)(this.ALGORITHM, Buffer.from(this.secretKey()), iv);
-		decipher.setAuthTag(authTag);
-		return Buffer.concat([decipher.update(encrypted), decipher.final()]).toString("utf8");
-	}
-	secretKey() {
-		let secret = this.env.APP_SECRET;
-		if (secret.length < 32) secret = secret.padEnd(32, "0");
-		else if (secret.length > 32) secret = secret.substring(0, 32);
-		return secret;
-	}
-	sign(data) {
-		return (0, node_crypto.createHmac)("sha256", this.secretKey()).update(data).digest("hex");
-	}
-};
-
-//#endregion
-//#region src/server-cookies/descriptors/$cookie.ts
-/**
-* Declares a type-safe, configurable HTTP cookie.
-* This descriptor provides methods to get, set, and delete the cookie
-* within the server request/response cycle.
-*/
-const $cookie = (options) => {
-	return (0, alepha.createDescriptor)(CookieDescriptor, options);
-};
-var CookieDescriptor = class extends alepha.Descriptor {
-	serverCookiesProvider = (0, alepha.$inject)(ServerCookiesProvider);
-	get schema() {
-		return this.options.schema;
-	}
-	get name() {
-		return this.options.name ?? `${this.config.propertyKey}`;
-	}
-	/**
-	* Sets the cookie with the given value in the current request's response.
-	*/
-	set(value, options) {
-		this.serverCookiesProvider.setCookie(this.name, {
-			...this.options,
-			ttl: options?.ttl ?? this.options.ttl
-		}, value, options?.cookies);
-	}
-	/**
-	* Gets the cookie value from the current request. Returns undefined if not found or invalid.
-	*/
-	get(options) {
-		return this.serverCookiesProvider.getCookie(this.name, this.options, options?.cookies);
-	}
-	/**
-	* Deletes the cookie in the current request's response.
-	*/
-	del(options) {
-		this.serverCookiesProvider.deleteCookie(this.name, options?.cookies);
-	}
-};
-$cookie[alepha.KIND] = CookieDescriptor;
-
-//#endregion
-//#region src/server-cookies/index.ts
-/**
-* Provides HTTP cookie management capabilities for server requests and responses with type-safe cookie descriptors.
-*
-* The server-cookies module enables declarative cookie handling using the `$cookie` descriptor on class properties.
-* It offers automatic cookie parsing, secure cookie configuration, and seamless integration with server routes
-* for managing user sessions, preferences, and authentication tokens.
-*
-* @see {@link $cookie}
-* @module alepha.server.cookies
-*/
-const AlephaServerCookies = (0, alepha.$module)({
-	name: "alepha.server.cookies",
-	descriptors: [$cookie],
-	services: [alepha_server.AlephaServer, ServerCookiesProvider]
-});
-
-//#endregion
-exports.$cookie = $cookie;
-exports.AlephaServerCookies = AlephaServerCookies;
-exports.CookieDescriptor = CookieDescriptor;
-exports.ServerCookiesProvider = ServerCookiesProvider;
-//# sourceMappingURL=index.cjs.map

package/dist/server-cookies/index.cjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.cjs","names":["cookies: Record<string, string>","parts: string[]","t","DEFAULT_APP_SECRET","Alepha","DateTimeProvider","cookie: Cookie","Descriptor","KIND","AlephaServer"],"sources":["../../src/server-cookies/services/CookieParser.ts","../../src/server-cookies/providers/ServerCookiesProvider.ts","../../src/server-cookies/descriptors/$cookie.ts","../../src/server-cookies/index.ts"],"sourcesContent":["import type { Cookie } from \"../descriptors/$cookie.ts\";\n\nexport class CookieParser {\n  public parseRequestCookies(header: string): Record<string, string> {\n    const cookies: Record<string, string> = {};\n    const parts = header.split(\";\");\n    for (const part of parts) {\n      const [key, value] = part.split(\"=\");\n      if (!key || !value) {\n        continue;\n      }\n\n      cookies[key.trim()] = value.trim();\n    }\n\n    return cookies;\n  }\n\n  public serializeResponseCookies(\n    cookies: Record<string, Cookie | null>,\n    isHttps: boolean,\n  ): string[] {\n    const headers = [];\n\n    for (const [name, cookie] of Object.entries(cookies)) {\n      // If the cookie is null, we need to delete it\n      if (cookie == null) {\n        headers.push(`${name}=; Path=/; Max-Age=0`);\n        continue;\n      }\n\n      if (!cookie.value) {\n        continue;\n      }\n\n      headers.push(this.cookieToString(name, cookie, isHttps));\n    }\n\n    return headers;\n  }\n\n  public cookieToString(\n    name: string,\n    cookie: Cookie,\n    isHttps?: boolean,\n  ): string {\n    const parts: string[] = [];\n\n    parts.push(`${name}=${cookie.value}`);\n\n    if (cookie.path) {\n      parts.push(`Path=${cookie.path}`);\n    }\n    if (cookie.maxAge) {\n      parts.push(`Max-Age=${cookie.maxAge}`);\n    }\n    if (cookie.secure !== false && isHttps) {\n      parts.push(\"Secure\");\n    }\n    if (cookie.httpOnly) {\n      parts.push(\"HttpOnly\");\n    }\n    if (cookie.sameSite) {\n      parts.push(`SameSite=${cookie.sameSite}`);\n    }\n    if (cookie.domain) {\n      parts.push(`Domain=${cookie.domain}`);\n    }\n\n    return parts.join(\"; \");\n  }\n}\n","import {\n  createCipheriv,\n  createDecipheriv,\n  createHmac,\n  randomBytes,\n  timingSafeEqual,\n} from \"node:crypto\";\nimport { deflateRawSync, inflateRawSync } from \"node:zlib\";\nimport {\n  $env,\n  $hook,\n  $inject,\n  Alepha,\n  type Static,\n  type TSchema,\n  t,\n} from \"alepha\";\nimport { DateTimeProvider } from \"alepha/datetime\";\nimport { $logger } from \"alepha/logger\";\nimport { DEFAULT_APP_SECRET } from \"alepha/security\";\nimport type { ServerRequest } from \"alepha/server\";\nimport type {\n  Cookie,\n  CookieDescriptorOptions,\n  Cookies,\n} from \"../descriptors/$cookie.ts\";\nimport { CookieParser } from \"../services/CookieParser.ts\";\n\nconst envSchema = t.object({\n  APP_SECRET: t.text({\n    default: DEFAULT_APP_SECRET,\n  }),\n});\n\nexport class ServerCookiesProvider {\n  protected readonly alepha = $inject(Alepha);\n  protected readonly log = $logger();\n  protected readonly cookieParser = $inject(CookieParser);\n  protected readonly dateTimeProvider = $inject(DateTimeProvider);\n  protected readonly env = $env(envSchema);\n\n  // crypto constants\n  protected readonly ALGORITHM = \"aes-256-gcm\";\n  protected readonly IV_LENGTH = 16; // For GCM\n  protected readonly AUTH_TAG_LENGTH = 16;\n  protected readonly SIGNATURE_LENGTH = 32; // For SHA256\n\n  public readonly onRequest = $hook({\n    on: \"server:onRequest\",\n    handler: async ({ request }) => {\n      request.cookies = {\n        req: this.cookieParser.parseRequestCookies(\n          request.headers.cookie ?? \"\",\n        ),\n        res: {},\n      };\n    },\n  });\n\n  public readonly onAction = $hook({\n    on: \"action:onRequest\",\n    handler: async ({ request }) => {\n      request.cookies = {\n        req: this.cookieParser.parseRequestCookies(\n          request.headers.cookie ?? \"\",\n        ),\n        res: {},\n      };\n    },\n  });\n\n  public readonly onSend = $hook({\n    on: \"server:onSend\",\n    handler: async ({ request }) => {\n      if (request.cookies && Object.keys(request.cookies.res).length > 0) {\n        const setCookieHeaders = this.cookieParser.serializeResponseCookies(\n          request.cookies.res,\n          request.url.protocol === \"https:\",\n        );\n        if (setCookieHeaders.length > 0) {\n          request.reply.headers[\"set-cookie\"] = setCookieHeaders;\n        }\n      }\n    },\n  });\n\n  protected getCookiesFromContext(cookies?: Cookies): Cookies {\n    const contextCookies =\n      this.alepha.context.get<ServerRequest>(\"request\")?.cookies;\n    if (cookies) return cookies;\n    if (contextCookies) return contextCookies;\n    throw new Error(\n      \"Cookie context is not available. This method must be called within a server request cycle.\",\n    );\n  }\n\n  public getCookie<T extends TSchema>(\n    name: string,\n    options: CookieDescriptorOptions<T>,\n    contextCookies?: Cookies,\n  ): Static<T> | undefined {\n    const cookies = this.getCookiesFromContext(contextCookies);\n    let rawValue = cookies.req[name];\n\n    if (!rawValue) return undefined;\n\n    try {\n      rawValue = decodeURIComponent(rawValue);\n\n      if (options.sign) {\n        const signature = rawValue.substring(0, this.SIGNATURE_LENGTH * 2);\n        const value = rawValue.substring(this.SIGNATURE_LENGTH * 2);\n        const expectedSignature = this.sign(value);\n\n        if (\n          !timingSafeEqual(\n            Buffer.from(signature, \"hex\"),\n            Buffer.from(expectedSignature, \"hex\"),\n          )\n        ) {\n          this.log.warn(`Invalid signature for cookie \"${name}\".`);\n          return undefined;\n        }\n        rawValue = value;\n      }\n\n      if (options.encrypt) {\n        rawValue = this.decrypt(rawValue);\n      }\n\n      if (options.compress) {\n        rawValue = inflateRawSync(Buffer.from(rawValue, \"base64\")).toString(\n          \"utf8\",\n        );\n      }\n\n      return this.alepha.codec.decode(options.schema, JSON.parse(rawValue));\n    } catch (error) {\n      this.log.warn(`Failed to parse cookie \"${name}\"`, error);\n      // corrupted or invalid cookie, instruct browser to delete it on next response\n      this.deleteCookie(name, cookies);\n      return undefined;\n    }\n  }\n\n  public setCookie<T extends TSchema>(\n    name: string,\n    options: CookieDescriptorOptions<T>,\n    data: Static<T>,\n    contextCookies?: Cookies,\n  ): void {\n    const cookies = this.getCookiesFromContext(contextCookies);\n    let value = JSON.stringify(this.alepha.codec.decode(options.schema, data));\n\n    if (options.compress) {\n      value = deflateRawSync(value).toString(\"base64\");\n    }\n\n    if (options.encrypt) {\n      value = this.encrypt(value);\n    }\n\n    if (options.sign) {\n      value = this.sign(value) + value;\n    }\n\n    const cookie: Cookie = {\n      value: encodeURIComponent(value),\n      path: options.path ?? \"/\",\n      sameSite: options.sameSite ?? \"lax\",\n      secure: options.secure ?? this.alepha.isProduction(),\n      httpOnly: options.httpOnly,\n      domain: options.domain,\n    };\n\n    if (options.ttl) {\n      cookie.maxAge = this.dateTimeProvider.duration(options.ttl).as(\"seconds\");\n    }\n\n    cookies.res[name] = cookie;\n  }\n\n  public deleteCookie<T extends TSchema>(\n    name: string,\n    contextCookies?: Cookies,\n  ): void {\n    const cookies = this.getCookiesFromContext(contextCookies);\n    cookies.res[name] = null;\n  }\n\n  // --- Crypto & Parsing ---\n\n  protected encrypt(text: string): string {\n    const iv = randomBytes(this.IV_LENGTH);\n    const cipher = createCipheriv(\n      this.ALGORITHM,\n      Buffer.from(this.secretKey()),\n      iv,\n    );\n    const encrypted = Buffer.concat([\n      cipher.update(text, \"utf8\"),\n      cipher.final(),\n    ]);\n    const authTag = cipher.getAuthTag();\n    return Buffer.concat([iv, authTag, encrypted]).toString(\"base64\");\n  }\n\n  protected decrypt(encryptedText: string): string {\n    const data = Buffer.from(encryptedText, \"base64\");\n    const iv = data.subarray(0, this.IV_LENGTH);\n    const authTag = data.subarray(\n      this.IV_LENGTH,\n      this.IV_LENGTH + this.AUTH_TAG_LENGTH,\n    );\n\n    const encrypted = data.subarray(this.IV_LENGTH + this.AUTH_TAG_LENGTH);\n    const decipher = createDecipheriv(\n      this.ALGORITHM,\n      Buffer.from(this.secretKey()),\n      iv,\n    );\n\n    decipher.setAuthTag(authTag);\n\n    const decrypted = Buffer.concat([\n      decipher.update(encrypted),\n      decipher.final(),\n    ]);\n\n    return decrypted.toString(\"utf8\");\n  }\n\n  public secretKey(): string {\n    let secret = this.env.APP_SECRET;\n    if (secret.length < 32) {\n      // pad secret to 32 bytes\n      secret = secret.padEnd(32, \"0\");\n    } else if (secret.length > 32) {\n      // truncate secret to 32 bytes\n      secret = secret.substring(0, 32);\n    }\n    return secret;\n  }\n\n  protected sign(data: string): string {\n    return createHmac(\"sha256\", this.secretKey()).update(data).digest(\"hex\");\n  }\n}\n","import {\n  $inject,\n  createDescriptor,\n  Descriptor,\n  KIND,\n  type Static,\n  type TSchema,\n} from \"alepha\";\nimport type { DurationLike } from \"alepha/datetime\";\nimport { ServerCookiesProvider } from \"../providers/ServerCookiesProvider.ts\";\n\n/**\n * Declares a type-safe, configurable HTTP cookie.\n * This descriptor provides methods to get, set, and delete the cookie\n * within the server request/response cycle.\n */\nexport const $cookie = <T extends TSchema>(\n  options: CookieDescriptorOptions<T>,\n): AbstractCookieDescriptor<T> => {\n  return createDescriptor(CookieDescriptor<T>, options);\n};\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface CookieDescriptorOptions<T extends TSchema> {\n  /** The schema for the cookie's value, used for validation and type safety. */\n  schema: T;\n\n  /** The name of the cookie. */\n  name?: string;\n\n  /** The cookie's path. Defaults to \"/\". */\n  path?: string;\n\n  /** Time-to-live for the cookie. Maps to `Max-Age`. */\n  ttl?: DurationLike;\n\n  /** If true, the cookie is only sent over HTTPS. Defaults to true in production. */\n  secure?: boolean;\n\n  /** If true, the cookie cannot be accessed by client-side scripts. */\n  httpOnly?: boolean;\n\n  /** SameSite policy for the cookie. Defaults to \"lax\". */\n  sameSite?: \"strict\" | \"lax\" | \"none\";\n\n  /** The domain for the cookie. */\n  domain?: string;\n\n  /** If true, the cookie value will be compressed using zlib. */\n  compress?: boolean;\n\n  /** If true, the cookie value will be encrypted. Requires `COOKIE_SECRET` env var. */\n  encrypt?: boolean;\n\n  /** If true, the cookie will be signed to prevent tampering. Requires `COOKIE_SECRET` env var. */\n  sign?: boolean;\n}\n\nexport interface AbstractCookieDescriptor<T extends TSchema> {\n  readonly name: string;\n  readonly options: CookieDescriptorOptions<T>;\n  set(\n    value: Static<T>,\n    options?: { cookies?: Cookies; ttl?: DurationLike },\n  ): void;\n  get(options?: { cookies?: Cookies }): Static<T> | undefined;\n  del(options?: { cookies?: Cookies }): void;\n}\n\nexport class CookieDescriptor<T extends TSchema>\n  extends Descriptor<CookieDescriptorOptions<T>>\n  implements AbstractCookieDescriptor<T>\n{\n  protected readonly serverCookiesProvider = $inject(ServerCookiesProvider);\n\n  public get schema(): T {\n    return this.options.schema;\n  }\n\n  public get name(): string {\n    return this.options.name ?? `${this.config.propertyKey}`;\n  }\n\n  /**\n   * Sets the cookie with the given value in the current request's response.\n   */\n  public set(\n    value: Static<T>,\n    options?: { cookies?: Cookies; ttl?: DurationLike },\n  ): void {\n    this.serverCookiesProvider.setCookie(\n      this.name,\n      {\n        ...this.options,\n        ttl: options?.ttl ?? this.options.ttl,\n      },\n      value,\n      options?.cookies,\n    );\n  }\n\n  /**\n   * Gets the cookie value from the current request. Returns undefined if not found or invalid.\n   */\n  public get(options?: { cookies?: Cookies }): Static<T> | undefined {\n    return this.serverCookiesProvider.getCookie(\n      this.name,\n      this.options,\n      options?.cookies,\n    );\n  }\n\n  /**\n   * Deletes the cookie in the current request's response.\n   */\n  public del(options?: { cookies?: Cookies }): void {\n    this.serverCookiesProvider.deleteCookie(this.name, options?.cookies);\n  }\n}\n\n$cookie[KIND] = CookieDescriptor;\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface Cookies {\n  req: Record<string, string>;\n  res: Record<string, Cookie | null>;\n}\n\nexport interface Cookie {\n  value: string;\n  path?: string;\n  maxAge?: number;\n  secure?: boolean;\n  httpOnly?: boolean;\n  sameSite?: \"strict\" | \"lax\" | \"none\";\n  domain?: string;\n}\n","import { $module } from \"alepha\";\nimport { AlephaServer } from \"alepha/server\";\nimport { $cookie, type Cookies } from \"./descriptors/$cookie.ts\";\nimport { ServerCookiesProvider } from \"./providers/ServerCookiesProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./descriptors/$cookie.ts\";\nexport * from \"./providers/ServerCookiesProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\ndeclare module \"alepha/server\" {\n  interface ServerRequest {\n    cookies: Cookies;\n  }\n}\n\n/**\n * Provides HTTP cookie management capabilities for server requests and responses with type-safe cookie descriptors.\n *\n * The server-cookies module enables declarative cookie handling using the `$cookie` descriptor on class properties.\n * It offers automatic cookie parsing, secure cookie configuration, and seamless integration with server routes\n * for managing user sessions, preferences, and authentication tokens.\n *\n * @see {@link $cookie}\n * @module alepha.server.cookies\n */\nexport const AlephaServerCookies = $module({\n  name: \"alepha.server.cookies\",\n  descriptors: [$cookie],\n  services: [AlephaServer, ServerCookiesProvider],\n});\n"],"mappings":";;;;;;;;;AAEA,IAAa,eAAb,MAA0B;CACxB,AAAO,oBAAoB,QAAwC;EACjE,MAAMA,UAAkC,EAAE;EAC1C,MAAM,QAAQ,OAAO,MAAM,IAAI;AAC/B,OAAK,MAAM,QAAQ,OAAO;GACxB,MAAM,CAAC,KAAK,SAAS,KAAK,MAAM,IAAI;AACpC,OAAI,CAAC,OAAO,CAAC,MACX;AAGF,WAAQ,IAAI,MAAM,IAAI,MAAM,MAAM;;AAGpC,SAAO;;CAGT,AAAO,yBACL,SACA,SACU;EACV,MAAM,UAAU,EAAE;AAElB,OAAK,MAAM,CAAC,MAAM,WAAW,OAAO,QAAQ,QAAQ,EAAE;AAEpD,OAAI,UAAU,MAAM;AAClB,YAAQ,KAAK,GAAG,KAAK,sBAAsB;AAC3C;;AAGF,OAAI,CAAC,OAAO,MACV;AAGF,WAAQ,KAAK,KAAK,eAAe,MAAM,QAAQ,QAAQ,CAAC;;AAG1D,SAAO;;CAGT,AAAO,eACL,MACA,QACA,SACQ;EACR,MAAMC,QAAkB,EAAE;AAE1B,QAAM,KAAK,GAAG,KAAK,GAAG,OAAO,QAAQ;AAErC,MAAI,OAAO,KACT,OAAM,KAAK,QAAQ,OAAO,OAAO;AAEnC,MAAI,OAAO,OACT,OAAM,KAAK,WAAW,OAAO,SAAS;AAExC,MAAI,OAAO,WAAW,SAAS,QAC7B,OAAM,KAAK,SAAS;AAEtB,MAAI,OAAO,SACT,OAAM,KAAK,WAAW;AAExB,MAAI,OAAO,SACT,OAAM,KAAK,YAAY,OAAO,WAAW;AAE3C,MAAI,OAAO,OACT,OAAM,KAAK,UAAU,OAAO,SAAS;AAGvC,SAAO,MAAM,KAAK,KAAK;;;;;;ACzC3B,MAAM,YAAYC,SAAE,OAAO,EACzB,YAAYA,SAAE,KAAK,EACjB,SAASC,oCACV,CAAC,EACH,CAAC;AAEF,IAAa,wBAAb,MAAmC;CACjC,AAAmB,6BAAiBC,cAAO;CAC3C,AAAmB,kCAAe;CAClC,AAAmB,mCAAuB,aAAa;CACvD,AAAmB,uCAA2BC,iCAAiB;CAC/D,AAAmB,uBAAW,UAAU;CAGxC,AAAmB,YAAY;CAC/B,AAAmB,YAAY;CAC/B,AAAmB,kBAAkB;CACrC,AAAmB,mBAAmB;CAEtC,AAAgB,8BAAkB;EAChC,IAAI;EACJ,SAAS,OAAO,EAAE,cAAc;AAC9B,WAAQ,UAAU;IAChB,KAAK,KAAK,aAAa,oBACrB,QAAQ,QAAQ,UAAU,GAC3B;IACD,KAAK,EAAE;IACR;;EAEJ,CAAC;CAEF,AAAgB,6BAAiB;EAC/B,IAAI;EACJ,SAAS,OAAO,EAAE,cAAc;AAC9B,WAAQ,UAAU;IAChB,KAAK,KAAK,aAAa,oBACrB,QAAQ,QAAQ,UAAU,GAC3B;IACD,KAAK,EAAE;IACR;;EAEJ,CAAC;CAEF,AAAgB,2BAAe;EAC7B,IAAI;EACJ,SAAS,OAAO,EAAE,cAAc;AAC9B,OAAI,QAAQ,WAAW,OAAO,KAAK,QAAQ,QAAQ,IAAI,CAAC,SAAS,GAAG;IAClE,MAAM,mBAAmB,KAAK,aAAa,yBACzC,QAAQ,QAAQ,KAChB,QAAQ,IAAI,aAAa,SAC1B;AACD,QAAI,iBAAiB,SAAS,EAC5B,SAAQ,MAAM,QAAQ,gBAAgB;;;EAI7C,CAAC;CAEF,AAAU,sBAAsB,SAA4B;EAC1D,MAAM,iBACJ,KAAK,OAAO,QAAQ,IAAmB,UAAU,EAAE;AACrD,MAAI,QAAS,QAAO;AACpB,MAAI,eAAgB,QAAO;AAC3B,QAAM,IAAI,MACR,6FACD;;CAGH,AAAO,UACL,MACA,SACA,gBACuB;EACvB,MAAM,UAAU,KAAK,sBAAsB,eAAe;EAC1D,IAAI,WAAW,QAAQ,IAAI;AAE3B,MAAI,CAAC,SAAU,QAAO;AAEtB,MAAI;AACF,cAAW,mBAAmB,SAAS;AAEvC,OAAI,QAAQ,MAAM;IAChB,MAAM,YAAY,SAAS,UAAU,GAAG,KAAK,mBAAmB,EAAE;IAClE,MAAM,QAAQ,SAAS,UAAU,KAAK,mBAAmB,EAAE;IAC3D,MAAM,oBAAoB,KAAK,KAAK,MAAM;AAE1C,QACE,kCACE,OAAO,KAAK,WAAW,MAAM,EAC7B,OAAO,KAAK,mBAAmB,MAAM,CACtC,EACD;AACA,UAAK,IAAI,KAAK,iCAAiC,KAAK,IAAI;AACxD;;AAEF,eAAW;;AAGb,OAAI,QAAQ,QACV,YAAW,KAAK,QAAQ,SAAS;AAGnC,OAAI,QAAQ,SACV,0CAA0B,OAAO,KAAK,UAAU,SAAS,CAAC,CAAC,SACzD,OACD;AAGH,UAAO,KAAK,OAAO,MAAM,OAAO,QAAQ,QAAQ,KAAK,MAAM,SAAS,CAAC;WAC9D,OAAO;AACd,QAAK,IAAI,KAAK,2BAA2B,KAAK,IAAI,MAAM;AAExD,QAAK,aAAa,MAAM,QAAQ;AAChC;;;CAIJ,AAAO,UACL,MACA,SACA,MACA,gBACM;EACN,MAAM,UAAU,KAAK,sBAAsB,eAAe;EAC1D,IAAI,QAAQ,KAAK,UAAU,KAAK,OAAO,MAAM,OAAO,QAAQ,QAAQ,KAAK,CAAC;AAE1E,MAAI,QAAQ,SACV,uCAAuB,MAAM,CAAC,SAAS,SAAS;AAGlD,MAAI,QAAQ,QACV,SAAQ,KAAK,QAAQ,MAAM;AAG7B,MAAI,QAAQ,KACV,SAAQ,KAAK,KAAK,MAAM,GAAG;EAG7B,MAAMC,SAAiB;GACrB,OAAO,mBAAmB,MAAM;GAChC,MAAM,QAAQ,QAAQ;GACtB,UAAU,QAAQ,YAAY;GAC9B,QAAQ,QAAQ,UAAU,KAAK,OAAO,cAAc;GACpD,UAAU,QAAQ;GAClB,QAAQ,QAAQ;GACjB;AAED,MAAI,QAAQ,IACV,QAAO,SAAS,KAAK,iBAAiB,SAAS,QAAQ,IAAI,CAAC,GAAG,UAAU;AAG3E,UAAQ,IAAI,QAAQ;;CAGtB,AAAO,aACL,MACA,gBACM;EACN,MAAM,UAAU,KAAK,sBAAsB,eAAe;AAC1D,UAAQ,IAAI,QAAQ;;CAKtB,AAAU,QAAQ,MAAsB;EACtC,MAAM,kCAAiB,KAAK,UAAU;EACtC,MAAM,yCACJ,KAAK,WACL,OAAO,KAAK,KAAK,WAAW,CAAC,EAC7B,GACD;EACD,MAAM,YAAY,OAAO,OAAO,CAC9B,OAAO,OAAO,MAAM,OAAO,EAC3B,OAAO,OAAO,CACf,CAAC;EACF,MAAM,UAAU,OAAO,YAAY;AACnC,SAAO,OAAO,OAAO;GAAC;GAAI;GAAS;GAAU,CAAC,CAAC,SAAS,SAAS;;CAGnE,AAAU,QAAQ,eAA+B;EAC/C,MAAM,OAAO,OAAO,KAAK,eAAe,SAAS;EACjD,MAAM,KAAK,KAAK,SAAS,GAAG,KAAK,UAAU;EAC3C,MAAM,UAAU,KAAK,SACnB,KAAK,WACL,KAAK,YAAY,KAAK,gBACvB;EAED,MAAM,YAAY,KAAK,SAAS,KAAK,YAAY,KAAK,gBAAgB;EACtE,MAAM,6CACJ,KAAK,WACL,OAAO,KAAK,KAAK,WAAW,CAAC,EAC7B,GACD;AAED,WAAS,WAAW,QAAQ;AAO5B,SALkB,OAAO,OAAO,CAC9B,SAAS,OAAO,UAAU,EAC1B,SAAS,OAAO,CACjB,CAAC,CAEe,SAAS,OAAO;;CAGnC,AAAO,YAAoB;EACzB,IAAI,SAAS,KAAK,IAAI;AACtB,MAAI,OAAO,SAAS,GAElB,UAAS,OAAO,OAAO,IAAI,IAAI;WACtB,OAAO,SAAS,GAEzB,UAAS,OAAO,UAAU,GAAG,GAAG;AAElC,SAAO;;CAGT,AAAU,KAAK,MAAsB;AACnC,qCAAkB,UAAU,KAAK,WAAW,CAAC,CAAC,OAAO,KAAK,CAAC,OAAO,MAAM;;;;;;;;;;;ACrO5E,MAAa,WACX,YACgC;AAChC,qCAAwB,kBAAqB,QAAQ;;AAmDvD,IAAa,mBAAb,cACUC,kBAEV;CACE,AAAmB,4CAAgC,sBAAsB;CAEzE,IAAW,SAAY;AACrB,SAAO,KAAK,QAAQ;;CAGtB,IAAW,OAAe;AACxB,SAAO,KAAK,QAAQ,QAAQ,GAAG,KAAK,OAAO;;;;;CAM7C,AAAO,IACL,OACA,SACM;AACN,OAAK,sBAAsB,UACzB,KAAK,MACL;GACE,GAAG,KAAK;GACR,KAAK,SAAS,OAAO,KAAK,QAAQ;GACnC,EACD,OACA,SAAS,QACV;;;;;CAMH,AAAO,IAAI,SAAwD;AACjE,SAAO,KAAK,sBAAsB,UAChC,KAAK,MACL,KAAK,SACL,SAAS,QACV;;;;;CAMH,AAAO,IAAI,SAAuC;AAChD,OAAK,sBAAsB,aAAa,KAAK,MAAM,SAAS,QAAQ;;;AAIxE,QAAQC,eAAQ;;;;;;;;;;;;;;AC7FhB,MAAa,0CAA8B;CACzC,MAAM;CACN,aAAa,CAAC,QAAQ;CACtB,UAAU,CAACC,4BAAc,sBAAsB;CAChD,CAAC"}

package/dist/server-cookies/index.d.cts

@@ -1,144 +0,0 @@
-import * as alepha1 from "alepha";
-import { Alepha, Descriptor, KIND, Static, TSchema } from "alepha";
-import { DateTimeProvider, DurationLike } from "alepha/datetime";
-import * as alepha_logger0 from "alepha/logger";
-
-//#region src/server-cookies/services/CookieParser.d.ts
-declare class CookieParser {
-  parseRequestCookies(header: string): Record<string, string>;
-  serializeResponseCookies(cookies: Record<string, Cookie | null>, isHttps: boolean): string[];
-  cookieToString(name: string, cookie: Cookie, isHttps?: boolean): string;
-}
-//#endregion
-//#region src/server-cookies/providers/ServerCookiesProvider.d.ts
-declare class ServerCookiesProvider {
-  protected readonly alepha: Alepha;
-  protected readonly log: alepha_logger0.Logger;
-  protected readonly cookieParser: CookieParser;
-  protected readonly dateTimeProvider: DateTimeProvider;
-  protected readonly env: {
-    APP_SECRET: string;
-  };
-  protected readonly ALGORITHM = "aes-256-gcm";
-  protected readonly IV_LENGTH = 16;
-  protected readonly AUTH_TAG_LENGTH = 16;
-  protected readonly SIGNATURE_LENGTH = 32;
-  readonly onRequest: alepha1.HookDescriptor<"server:onRequest">;
-  readonly onAction: alepha1.HookDescriptor<"action:onRequest">;
-  readonly onSend: alepha1.HookDescriptor<"server:onSend">;
-  protected getCookiesFromContext(cookies?: Cookies): Cookies;
-  getCookie<T extends TSchema>(name: string, options: CookieDescriptorOptions<T>, contextCookies?: Cookies): Static<T> | undefined;
-  setCookie<T extends TSchema>(name: string, options: CookieDescriptorOptions<T>, data: Static<T>, contextCookies?: Cookies): void;
-  deleteCookie<T extends TSchema>(name: string, contextCookies?: Cookies): void;
-  protected encrypt(text: string): string;
-  protected decrypt(encryptedText: string): string;
-  secretKey(): string;
-  protected sign(data: string): string;
-}
-//#endregion
-//#region src/server-cookies/descriptors/$cookie.d.ts
-/**
- * Declares a type-safe, configurable HTTP cookie.
- * This descriptor provides methods to get, set, and delete the cookie
- * within the server request/response cycle.
- */
-declare const $cookie: {
-  <T extends TSchema>(options: CookieDescriptorOptions<T>): AbstractCookieDescriptor<T>;
-  [KIND]: typeof CookieDescriptor;
-};
-interface CookieDescriptorOptions<T extends TSchema> {
-  /** The schema for the cookie's value, used for validation and type safety. */
-  schema: T;
-  /** The name of the cookie. */
-  name?: string;
-  /** The cookie's path. Defaults to "/". */
-  path?: string;
-  /** Time-to-live for the cookie. Maps to `Max-Age`. */
-  ttl?: DurationLike;
-  /** If true, the cookie is only sent over HTTPS. Defaults to true in production. */
-  secure?: boolean;
-  /** If true, the cookie cannot be accessed by client-side scripts. */
-  httpOnly?: boolean;
-  /** SameSite policy for the cookie. Defaults to "lax". */
-  sameSite?: "strict" | "lax" | "none";
-  /** The domain for the cookie. */
-  domain?: string;
-  /** If true, the cookie value will be compressed using zlib. */
-  compress?: boolean;
-  /** If true, the cookie value will be encrypted. Requires `COOKIE_SECRET` env var. */
-  encrypt?: boolean;
-  /** If true, the cookie will be signed to prevent tampering. Requires `COOKIE_SECRET` env var. */
-  sign?: boolean;
-}
-interface AbstractCookieDescriptor<T extends TSchema> {
-  readonly name: string;
-  readonly options: CookieDescriptorOptions<T>;
-  set(value: Static<T>, options?: {
-    cookies?: Cookies;
-    ttl?: DurationLike;
-  }): void;
-  get(options?: {
-    cookies?: Cookies;
-  }): Static<T> | undefined;
-  del(options?: {
-    cookies?: Cookies;
-  }): void;
-}
-declare class CookieDescriptor<T extends TSchema> extends Descriptor<CookieDescriptorOptions<T>> implements AbstractCookieDescriptor<T> {
-  protected readonly serverCookiesProvider: ServerCookiesProvider;
-  get schema(): T;
-  get name(): string;
-  /**
-   * Sets the cookie with the given value in the current request's response.
-   */
-  set(value: Static<T>, options?: {
-    cookies?: Cookies;
-    ttl?: DurationLike;
-  }): void;
-  /**
-   * Gets the cookie value from the current request. Returns undefined if not found or invalid.
-   */
-  get(options?: {
-    cookies?: Cookies;
-  }): Static<T> | undefined;
-  /**
-   * Deletes the cookie in the current request's response.
-   */
-  del(options?: {
-    cookies?: Cookies;
-  }): void;
-}
-interface Cookies {
-  req: Record<string, string>;
-  res: Record<string, Cookie | null>;
-}
-interface Cookie {
-  value: string;
-  path?: string;
-  maxAge?: number;
-  secure?: boolean;
-  httpOnly?: boolean;
-  sameSite?: "strict" | "lax" | "none";
-  domain?: string;
-}
-//#endregion
-//#region src/server-cookies/index.d.ts
-declare module "alepha/server" {
-  interface ServerRequest {
-    cookies: Cookies;
-  }
-}
-/**
- * Provides HTTP cookie management capabilities for server requests and responses with type-safe cookie descriptors.
- *
- * The server-cookies module enables declarative cookie handling using the `$cookie` descriptor on class properties.
- * It offers automatic cookie parsing, secure cookie configuration, and seamless integration with server routes
- * for managing user sessions, preferences, and authentication tokens.
- *
- * @see {@link $cookie}
- * @module alepha.server.cookies
- */
-declare const AlephaServerCookies: alepha1.Service<alepha1.Module>;
-//#endregion
-export { $cookie, AbstractCookieDescriptor, AlephaServerCookies, Cookie, CookieDescriptor, CookieDescriptorOptions, Cookies, ServerCookiesProvider };
-//# sourceMappingURL=index.d.cts.map

package/dist/server-cors/index.cjs

@@ -1,201 +0,0 @@
-let alepha = require("alepha");
-let alepha_logger = require("alepha/logger");
-let alepha_server = require("alepha/server");
-
-//#region src/server-cors/providers/ServerCorsProvider.ts
-/**
-* CORS configuration atom (global defaults)
-*/
-const corsOptions = (0, alepha.$atom)({
-	name: "alepha.server.cors.options",
-	schema: alepha.t.object({
-		origin: alepha.t.optional(alepha.t.string({
-			description: "Allowed origins (* for all, string for single, comma-separated for multiple)",
-			default: "*"
-		})),
-		methods: alepha.t.array(alepha.t.string(), {
-			description: "Allowed HTTP methods",
-			default: [
-				"GET",
-				"POST",
-				"PUT",
-				"PATCH",
-				"DELETE",
-				"OPTIONS"
-			]
-		}),
-		headers: alepha.t.array(alepha.t.string(), {
-			description: "Allowed headers",
-			default: ["Content-Type", "Authorization"]
-		}),
-		credentials: alepha.t.optional(alepha.t.boolean({
-			description: "Allow credentials",
-			default: true
-		})),
-		maxAge: alepha.t.optional(alepha.t.number({ description: "Preflight cache duration in seconds" }))
-	}),
-	default: {
-		origin: "*",
-		methods: [
-			"GET",
-			"POST",
-			"PUT",
-			"PATCH",
-			"DELETE",
-			"OPTIONS"
-		],
-		headers: ["Content-Type", "Authorization"],
-		credentials: true
-	}
-});
-var ServerCorsProvider = class {
-	log = (0, alepha_logger.$logger)();
-	serverRouterProvider = (0, alepha.$inject)(alepha_server.ServerRouterProvider);
-	globalOptions = (0, alepha.$use)(corsOptions);
-	/**
-	* Registered CORS configurations with their path patterns
-	*/
-	registeredConfigs = [];
-	/**
-	* Register a CORS configuration (called by descriptors)
-	*/
-	registerCors(config) {
-		this.registeredConfigs.push(config);
-	}
-	onStart = (0, alepha.$hook)({
-		on: "start",
-		handler: async () => {
-			for (const config of this.registeredConfigs) if (config.paths) for (const pattern of config.paths) {
-				const matchedRoutes = this.serverRouterProvider.getRoutes(pattern);
-				for (const route of matchedRoutes) route.cors = this.buildCorsOptions(config);
-			}
-			if (this.registeredConfigs.length > 0) this.log.info(`Initialized with ${this.registeredConfigs.length} registered CORS configurations.`);
-		}
-	});
-	configure = (0, alepha.$hook)({
-		on: "configure",
-		handler: () => {
-			const routes = this.serverRouterProvider.getRoutes();
-			for (const route of routes) {
-				if (!route.method || route.method === "GET" || route.method === "OPTIONS") continue;
-				this.serverRouterProvider.createRoute({
-					path: route.path,
-					method: "OPTIONS",
-					handler: ({ reply }) => {
-						reply.setStatus(204);
-					}
-				});
-			}
-		}
-	});
-	onRequest = (0, alepha.$hook)({
-		on: "server:onRequest",
-		handler: ({ route, request }) => {
-			const corsConfig = route.cors ?? this.globalOptions;
-			this.applyCorsHeaders(request, corsConfig);
-		}
-	});
-	/**
-	* Build complete CORS options by merging with global defaults
-	*/
-	buildCorsOptions(config) {
-		return {
-			origin: config.origin ?? this.globalOptions.origin,
-			methods: config.methods ?? this.globalOptions.methods,
-			headers: config.headers ?? this.globalOptions.headers,
-			credentials: config.credentials ?? this.globalOptions.credentials,
-			maxAge: config.maxAge ?? this.globalOptions.maxAge
-		};
-	}
-	/**
-	* Apply CORS headers to the response
-	*/
-	applyCorsHeaders(request, options) {
-		const reqOrigin = request.headers.origin;
-		const { origin, methods, headers, credentials, maxAge } = options;
-		if (reqOrigin && this.isOriginAllowed(reqOrigin, origin)) request.reply.setHeader("Access-Control-Allow-Origin", reqOrigin);
-		if (credentials) request.reply.setHeader("Access-Control-Allow-Credentials", "true");
-		request.reply.setHeader("Access-Control-Allow-Methods", methods.join(", "));
-		request.reply.setHeader("Access-Control-Allow-Headers", headers.join(", "));
-		if (maxAge != null) request.reply.setHeader("Access-Control-Max-Age", String(maxAge));
-	}
-	isOriginAllowed(origin, allowed) {
-		if (!allowed) return false;
-		if (allowed === "*") return true;
-		return allowed.split(",").map((o) => o.trim()).includes(origin ?? "");
-	}
-};
-
-//#endregion
-//#region src/server-cors/descriptors/$cors.ts
-/**
-* Declares CORS configuration for specific server routes.
-* This descriptor provides path-based CORS configuration.
-*
-* @example
-* ```ts
-* class ApiService {
-*   // Apply specific CORS to API routes
-*   cors = $cors({
-*     paths: ["/api/*"],
-*     origin: "https://app.example.com",
-*     credentials: true,
-*   });
-* }
-* ```
-*/
-const $cors = (options) => {
-	return (0, alepha.createDescriptor)(CorsDescriptor, options);
-};
-var CorsDescriptor = class extends alepha.Descriptor {
-	serverCorsProvider = (0, alepha.$inject)(ServerCorsProvider);
-	get name() {
-		return this.options.name ?? `${this.config.propertyKey}`;
-	}
-	onInit() {
-		this.serverCorsProvider.registerCors(this.options);
-	}
-};
-$cors[alepha.KIND] = CorsDescriptor;
-
-//#endregion
-//#region src/server-cors/index.ts
-/**
-* Plugin for configuring CORS on the Alepha server.
-*
-* @example
-* ```ts
-* import { Alepha, $route } from "alepha";
-* import { AlephaServerCors, $cors } from "alepha/server-cors";
-*
-* class ApiService {
-*   // Global CORS is applied via corsOptions atom
-*
-*   // Path-specific CORS for API routes
-*   apiCors = $cors({
-*     paths: ["/api/*"],
-*     origin: "https://app.example.com",
-*     credentials: true,
-*   });
-*
-*   route = $route({
-*     path: "/api/data",
-*     method: "POST",
-*     handler: () => ({ data: "hello" }),
-*   });
-* }
-* ```
-*/
-const AlephaServerCors = (0, alepha.$module)({
-	name: "alepha.server.cors",
-	descriptors: [$cors],
-	services: [ServerCorsProvider]
-});
-
-//#endregion
-exports.$cors = $cors;
-exports.AlephaServerCors = AlephaServerCors;
-exports.CorsDescriptor = CorsDescriptor;
-exports.ServerCorsProvider = ServerCorsProvider;
-exports.corsOptions = corsOptions;
-//# sourceMappingURL=index.cjs.map

package/dist/server-cors/index.cjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.cjs","names":["t","ServerRouterProvider","Descriptor","KIND"],"sources":["../../src/server-cors/providers/ServerCorsProvider.ts","../../src/server-cors/descriptors/$cors.ts","../../src/server-cors/index.ts"],"sourcesContent":["import { $atom, $hook, $inject, $use, type Static, t } from \"alepha\";\nimport { $logger } from \"alepha/logger\";\nimport { ServerRouterProvider } from \"alepha/server\";\nimport type { CorsDescriptorConfig } from \"../descriptors/$cors.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\n/**\n * CORS configuration atom (global defaults)\n */\nexport const corsOptions = $atom({\n  name: \"alepha.server.cors.options\",\n  schema: t.object({\n    origin: t.optional(\n      t.string({\n        description:\n          \"Allowed origins (* for all, string for single, comma-separated for multiple)\",\n        default: \"*\",\n      }),\n    ),\n    methods: t.array(t.string(), {\n      description: \"Allowed HTTP methods\",\n      default: [\"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", \"OPTIONS\"],\n    }),\n    headers: t.array(t.string(), {\n      description: \"Allowed headers\",\n      default: [\"Content-Type\", \"Authorization\"],\n    }),\n    credentials: t.optional(\n      t.boolean({\n        description: \"Allow credentials\",\n        default: true,\n      }),\n    ),\n    maxAge: t.optional(\n      t.number({\n        description: \"Preflight cache duration in seconds\",\n      }),\n    ),\n  }),\n  default: {\n    origin: \"*\",\n    methods: [\"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", \"OPTIONS\"],\n    headers: [\"Content-Type\", \"Authorization\"],\n    credentials: true,\n  },\n});\n\nexport type CorsOptions = Static<typeof corsOptions.schema>;\n\ndeclare module \"alepha\" {\n  interface State {\n    [corsOptions.key]: CorsOptions;\n  }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport class ServerCorsProvider {\n  protected readonly log = $logger();\n  protected readonly serverRouterProvider = $inject(ServerRouterProvider);\n  protected readonly globalOptions = $use(corsOptions);\n\n  /**\n   * Registered CORS configurations with their path patterns\n   */\n  public readonly registeredConfigs: CorsDescriptorConfig[] = [];\n\n  /**\n   * Register a CORS configuration (called by descriptors)\n   */\n  public registerCors(config: CorsDescriptorConfig): void {\n    this.registeredConfigs.push(config);\n  }\n\n  protected readonly onStart = $hook({\n    on: \"start\",\n    handler: async () => {\n      // Apply path-specific CORS configs to routes\n      for (const config of this.registeredConfigs) {\n        if (config.paths) {\n          for (const pattern of config.paths) {\n            const matchedRoutes = this.serverRouterProvider.getRoutes(pattern);\n            for (const route of matchedRoutes) {\n              route.cors = this.buildCorsOptions(config);\n            }\n          }\n        }\n      }\n\n      if (this.registeredConfigs.length > 0) {\n        this.log.info(\n          `Initialized with ${this.registeredConfigs.length} registered CORS configurations.`,\n        );\n      }\n    },\n  });\n\n  protected readonly configure = $hook({\n    on: \"configure\",\n    handler: () => {\n      const routes = this.serverRouterProvider.getRoutes();\n      for (const route of routes) {\n        if (\n          !route.method ||\n          route.method === \"GET\" ||\n          route.method === \"OPTIONS\"\n        ) {\n          continue;\n        }\n\n        this.serverRouterProvider.createRoute({\n          path: route.path,\n          method: \"OPTIONS\",\n          handler: ({ reply }) => {\n            reply.setStatus(204);\n          },\n        });\n      }\n    },\n  });\n\n  protected readonly onRequest = $hook({\n    on: \"server:onRequest\",\n    handler: ({ route, request }) => {\n      // Use route-specific CORS if defined, otherwise use global options\n      const corsConfig = route.cors ?? this.globalOptions;\n      this.applyCorsHeaders(request, corsConfig);\n    },\n  });\n\n  /**\n   * Build complete CORS options by merging with global defaults\n   */\n  protected buildCorsOptions(config: CorsDescriptorConfig): CorsOptions {\n    return {\n      origin: config.origin ?? this.globalOptions.origin,\n      methods: config.methods ?? this.globalOptions.methods,\n      headers: config.headers ?? this.globalOptions.headers,\n      credentials: config.credentials ?? this.globalOptions.credentials,\n      maxAge: config.maxAge ?? this.globalOptions.maxAge,\n    };\n  }\n\n  /**\n   * Apply CORS headers to the response\n   */\n  protected applyCorsHeaders(\n    request: {\n      headers: { origin?: string };\n      reply: { setHeader: (name: string, value: string) => void };\n    },\n    options: CorsOptions,\n  ): void {\n    const reqOrigin = request.headers.origin;\n    const { origin, methods, headers, credentials, maxAge } = options;\n\n    if (reqOrigin && this.isOriginAllowed(reqOrigin, origin)) {\n      request.reply.setHeader(\"Access-Control-Allow-Origin\", reqOrigin);\n    }\n\n    if (credentials) {\n      request.reply.setHeader(\"Access-Control-Allow-Credentials\", \"true\");\n    }\n\n    request.reply.setHeader(\"Access-Control-Allow-Methods\", methods.join(\", \"));\n    request.reply.setHeader(\"Access-Control-Allow-Headers\", headers.join(\", \"));\n\n    if (maxAge != null) {\n      request.reply.setHeader(\"Access-Control-Max-Age\", String(maxAge));\n    }\n  }\n\n  public isOriginAllowed(\n    origin: string | undefined,\n    allowed: CorsOptions[\"origin\"],\n  ): boolean {\n    if (!allowed) return false;\n    if (allowed === \"*\") return true;\n    return allowed\n      .split(\",\")\n      .map((o) => o.trim())\n      .includes(origin ?? \"\");\n  }\n}\n\nexport type ServerCorsProviderOptions = CorsOptions;\n","import { $inject, createDescriptor, Descriptor, KIND } from \"alepha\";\nimport type { CorsOptions } from \"../providers/ServerCorsProvider.ts\";\nimport { ServerCorsProvider } from \"../providers/ServerCorsProvider.ts\";\n\n/**\n * Declares CORS configuration for specific server routes.\n * This descriptor provides path-based CORS configuration.\n *\n * @example\n * ```ts\n * class ApiService {\n *   // Apply specific CORS to API routes\n *   cors = $cors({\n *     paths: [\"/api/*\"],\n *     origin: \"https://app.example.com\",\n *     credentials: true,\n *   });\n * }\n * ```\n */\nexport const $cors = (\n  options: CorsDescriptorConfig,\n): AbstractCorsDescriptor => {\n  return createDescriptor(CorsDescriptor, options);\n};\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface CorsDescriptorConfig extends Partial<CorsOptions> {\n  /** Name identifier for this CORS config (default: property key) */\n  name?: string;\n  /** Path patterns to match (supports wildcards like /api/*) */\n  paths?: string[];\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface AbstractCorsDescriptor {\n  readonly name: string;\n  readonly options: CorsDescriptorConfig;\n}\n\nexport class CorsDescriptor\n  extends Descriptor<CorsDescriptorConfig>\n  implements AbstractCorsDescriptor\n{\n  protected readonly serverCorsProvider = $inject(ServerCorsProvider);\n\n  public get name(): string {\n    return this.options.name ?? `${this.config.propertyKey}`;\n  }\n\n  protected onInit() {\n    // Register this CORS configuration with the provider\n    this.serverCorsProvider.registerCors(this.options);\n  }\n}\n\n$cors[KIND] = CorsDescriptor;\n","import { $module } from \"alepha\";\nimport { $cors } from \"./descriptors/$cors.ts\";\nimport {\n  type CorsOptions,\n  ServerCorsProvider,\n} from \"./providers/ServerCorsProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./descriptors/$cors.ts\";\nexport * from \"./providers/ServerCorsProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\ndeclare module \"alepha/server\" {\n  interface ServerRoute {\n    /**\n     * Route-specific CORS configuration.\n     * If set, overrides the global CORS options for this route.\n     */\n    cors?: CorsOptions;\n  }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\n/**\n * Plugin for configuring CORS on the Alepha server.\n *\n * @example\n * ```ts\n * import { Alepha, $route } from \"alepha\";\n * import { AlephaServerCors, $cors } from \"alepha/server-cors\";\n *\n * class ApiService {\n *   // Global CORS is applied via corsOptions atom\n *\n *   // Path-specific CORS for API routes\n *   apiCors = $cors({\n *     paths: [\"/api/*\"],\n *     origin: \"https://app.example.com\",\n *     credentials: true,\n *   });\n *\n *   route = $route({\n *     path: \"/api/data\",\n *     method: \"POST\",\n *     handler: () => ({ data: \"hello\" }),\n *   });\n * }\n * ```\n */\nexport const AlephaServerCors = $module({\n  name: \"alepha.server.cors\",\n  descriptors: [$cors],\n  services: [ServerCorsProvider],\n});\n"],"mappings":";;;;;;;;AAUA,MAAa,gCAAoB;CAC/B,MAAM;CACN,QAAQA,SAAE,OAAO;EACf,QAAQA,SAAE,SACRA,SAAE,OAAO;GACP,aACE;GACF,SAAS;GACV,CAAC,CACH;EACD,SAASA,SAAE,MAAMA,SAAE,QAAQ,EAAE;GAC3B,aAAa;GACb,SAAS;IAAC;IAAO;IAAQ;IAAO;IAAS;IAAU;IAAU;GAC9D,CAAC;EACF,SAASA,SAAE,MAAMA,SAAE,QAAQ,EAAE;GAC3B,aAAa;GACb,SAAS,CAAC,gBAAgB,gBAAgB;GAC3C,CAAC;EACF,aAAaA,SAAE,SACbA,SAAE,QAAQ;GACR,aAAa;GACb,SAAS;GACV,CAAC,CACH;EACD,QAAQA,SAAE,SACRA,SAAE,OAAO,EACP,aAAa,uCACd,CAAC,CACH;EACF,CAAC;CACF,SAAS;EACP,QAAQ;EACR,SAAS;GAAC;GAAO;GAAQ;GAAO;GAAS;GAAU;GAAU;EAC7D,SAAS,CAAC,gBAAgB,gBAAgB;EAC1C,aAAa;EACd;CACF,CAAC;AAYF,IAAa,qBAAb,MAAgC;CAC9B,AAAmB,kCAAe;CAClC,AAAmB,2CAA+BC,mCAAqB;CACvE,AAAmB,iCAAqB,YAAY;;;;CAKpD,AAAgB,oBAA4C,EAAE;;;;CAK9D,AAAO,aAAa,QAAoC;AACtD,OAAK,kBAAkB,KAAK,OAAO;;CAGrC,AAAmB,4BAAgB;EACjC,IAAI;EACJ,SAAS,YAAY;AAEnB,QAAK,MAAM,UAAU,KAAK,kBACxB,KAAI,OAAO,MACT,MAAK,MAAM,WAAW,OAAO,OAAO;IAClC,MAAM,gBAAgB,KAAK,qBAAqB,UAAU,QAAQ;AAClE,SAAK,MAAM,SAAS,cAClB,OAAM,OAAO,KAAK,iBAAiB,OAAO;;AAMlD,OAAI,KAAK,kBAAkB,SAAS,EAClC,MAAK,IAAI,KACP,oBAAoB,KAAK,kBAAkB,OAAO,kCACnD;;EAGN,CAAC;CAEF,AAAmB,8BAAkB;EACnC,IAAI;EACJ,eAAe;GACb,MAAM,SAAS,KAAK,qBAAqB,WAAW;AACpD,QAAK,MAAM,SAAS,QAAQ;AAC1B,QACE,CAAC,MAAM,UACP,MAAM,WAAW,SACjB,MAAM,WAAW,UAEjB;AAGF,SAAK,qBAAqB,YAAY;KACpC,MAAM,MAAM;KACZ,QAAQ;KACR,UAAU,EAAE,YAAY;AACtB,YAAM,UAAU,IAAI;;KAEvB,CAAC;;;EAGP,CAAC;CAEF,AAAmB,8BAAkB;EACnC,IAAI;EACJ,UAAU,EAAE,OAAO,cAAc;GAE/B,MAAM,aAAa,MAAM,QAAQ,KAAK;AACtC,QAAK,iBAAiB,SAAS,WAAW;;EAE7C,CAAC;;;;CAKF,AAAU,iBAAiB,QAA2C;AACpE,SAAO;GACL,QAAQ,OAAO,UAAU,KAAK,cAAc;GAC5C,SAAS,OAAO,WAAW,KAAK,cAAc;GAC9C,SAAS,OAAO,WAAW,KAAK,cAAc;GAC9C,aAAa,OAAO,eAAe,KAAK,cAAc;GACtD,QAAQ,OAAO,UAAU,KAAK,cAAc;GAC7C;;;;;CAMH,AAAU,iBACR,SAIA,SACM;EACN,MAAM,YAAY,QAAQ,QAAQ;EAClC,MAAM,EAAE,QAAQ,SAAS,SAAS,aAAa,WAAW;AAE1D,MAAI,aAAa,KAAK,gBAAgB,WAAW,OAAO,CACtD,SAAQ,MAAM,UAAU,+BAA+B,UAAU;AAGnE,MAAI,YACF,SAAQ,MAAM,UAAU,oCAAoC,OAAO;AAGrE,UAAQ,MAAM,UAAU,gCAAgC,QAAQ,KAAK,KAAK,CAAC;AAC3E,UAAQ,MAAM,UAAU,gCAAgC,QAAQ,KAAK,KAAK,CAAC;AAE3E,MAAI,UAAU,KACZ,SAAQ,MAAM,UAAU,0BAA0B,OAAO,OAAO,CAAC;;CAIrE,AAAO,gBACL,QACA,SACS;AACT,MAAI,CAAC,QAAS,QAAO;AACrB,MAAI,YAAY,IAAK,QAAO;AAC5B,SAAO,QACJ,MAAM,IAAI,CACV,KAAK,MAAM,EAAE,MAAM,CAAC,CACpB,SAAS,UAAU,GAAG;;;;;;;;;;;;;;;;;;;;;;AClK7B,MAAa,SACX,YAC2B;AAC3B,qCAAwB,gBAAgB,QAAQ;;AAmBlD,IAAa,iBAAb,cACUC,kBAEV;CACE,AAAmB,yCAA6B,mBAAmB;CAEnE,IAAW,OAAe;AACxB,SAAO,KAAK,QAAQ,QAAQ,GAAG,KAAK,OAAO;;CAG7C,AAAU,SAAS;AAEjB,OAAK,mBAAmB,aAAa,KAAK,QAAQ;;;AAItD,MAAMC,eAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACNd,MAAa,uCAA2B;CACtC,MAAM;CACN,aAAa,CAAC,MAAM;CACpB,UAAU,CAAC,mBAAmB;CAC/B,CAAC"}