npm - alepha - Versions diffs - 0.14.3 → 0.15.0 - Mend

alepha 0.14.3 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (317) hide show

package/README.md +2 -5
package/dist/api/audits/index.d.ts +620 -811
package/dist/api/audits/index.d.ts.map +1 -1
package/dist/api/files/index.d.ts +185 -377
package/dist/api/files/index.d.ts.map +1 -1
package/dist/api/files/index.js +0 -1
package/dist/api/files/index.js.map +1 -1
package/dist/api/jobs/index.d.ts +245 -435
package/dist/api/jobs/index.d.ts.map +1 -1
package/dist/api/notifications/index.d.ts +238 -429
package/dist/api/notifications/index.d.ts.map +1 -1
package/dist/api/parameters/index.d.ts +236 -427
package/dist/api/parameters/index.d.ts.map +1 -1
package/dist/api/users/index.browser.js +1 -2
package/dist/api/users/index.browser.js.map +1 -1
package/dist/api/users/index.d.ts +1010 -1196
package/dist/api/users/index.d.ts.map +1 -1
package/dist/api/users/index.js +178 -151
package/dist/api/users/index.js.map +1 -1
package/dist/api/verifications/index.d.ts +17 -17
package/dist/api/verifications/index.d.ts.map +1 -1
package/dist/batch/index.d.ts +122 -122
package/dist/batch/index.d.ts.map +1 -1
package/dist/batch/index.js +1 -2
package/dist/batch/index.js.map +1 -1
package/dist/bucket/index.d.ts +163 -163
package/dist/bucket/index.d.ts.map +1 -1
package/dist/cache/core/index.d.ts +46 -46
package/dist/cache/core/index.d.ts.map +1 -1
package/dist/cache/redis/index.d.ts.map +1 -1
package/dist/cli/index.d.ts +384 -285
package/dist/cli/index.d.ts.map +1 -1
package/dist/cli/index.js +1113 -623
package/dist/cli/index.js.map +1 -1
package/dist/command/index.d.ts +299 -300
package/dist/command/index.d.ts.map +1 -1
package/dist/command/index.js +13 -9
package/dist/command/index.js.map +1 -1
package/dist/core/index.browser.js +445 -103
package/dist/core/index.browser.js.map +1 -1
package/dist/core/index.d.ts +733 -625
package/dist/core/index.d.ts.map +1 -1
package/dist/core/index.js +446 -103
package/dist/core/index.js.map +1 -1
package/dist/core/index.native.js +445 -103
package/dist/core/index.native.js.map +1 -1
package/dist/datetime/index.d.ts +44 -44
package/dist/datetime/index.d.ts.map +1 -1
package/dist/datetime/index.js +4 -4
package/dist/datetime/index.js.map +1 -1
package/dist/email/index.d.ts +97 -50
package/dist/email/index.d.ts.map +1 -1
package/dist/email/index.js +129 -33
package/dist/email/index.js.map +1 -1
package/dist/fake/index.d.ts +7981 -14
package/dist/fake/index.d.ts.map +1 -1
package/dist/file/index.d.ts +523 -390
package/dist/file/index.d.ts.map +1 -1
package/dist/file/index.js +253 -1
package/dist/file/index.js.map +1 -1
package/dist/lock/core/index.d.ts +208 -208
package/dist/lock/core/index.d.ts.map +1 -1
package/dist/lock/redis/index.d.ts.map +1 -1
package/dist/logger/index.d.ts +25 -26
package/dist/logger/index.d.ts.map +1 -1
package/dist/logger/index.js +12 -2
package/dist/logger/index.js.map +1 -1
package/dist/mcp/index.d.ts +197 -197
package/dist/mcp/index.d.ts.map +1 -1
package/dist/mcp/index.js +1 -1
package/dist/mcp/index.js.map +1 -1
package/dist/orm/chunk-DtkW-qnP.js +38 -0
package/dist/orm/index.browser.js.map +1 -1
package/dist/orm/index.bun.js +2814 -0
package/dist/orm/index.bun.js.map +1 -0
package/dist/orm/index.d.ts +1228 -1216
package/dist/orm/index.d.ts.map +1 -1
package/dist/orm/index.js +2041 -1967
package/dist/orm/index.js.map +1 -1
package/dist/queue/core/index.d.ts +248 -248
package/dist/queue/core/index.d.ts.map +1 -1
package/dist/queue/redis/index.d.ts.map +1 -1
package/dist/redis/index.bun.js +285 -0
package/dist/redis/index.bun.js.map +1 -0
package/dist/redis/index.d.ts +118 -136
package/dist/redis/index.d.ts.map +1 -1
package/dist/redis/index.js +18 -38
package/dist/redis/index.js.map +1 -1
package/dist/retry/index.d.ts +69 -69
package/dist/retry/index.d.ts.map +1 -1
package/dist/router/index.d.ts +6 -6
package/dist/router/index.d.ts.map +1 -1
package/dist/scheduler/index.d.ts +25 -25
package/dist/scheduler/index.d.ts.map +1 -1
package/dist/security/index.browser.js +5 -1
package/dist/security/index.browser.js.map +1 -1
package/dist/security/index.d.ts +417 -254
package/dist/security/index.d.ts.map +1 -1
package/dist/security/index.js +386 -86
package/dist/security/index.js.map +1 -1
package/dist/server/auth/index.d.ts +110 -110
package/dist/server/auth/index.d.ts.map +1 -1
package/dist/server/auth/index.js +20 -20
package/dist/server/auth/index.js.map +1 -1
package/dist/server/cache/index.d.ts +62 -47
package/dist/server/cache/index.d.ts.map +1 -1
package/dist/server/cache/index.js +56 -3
package/dist/server/cache/index.js.map +1 -1
package/dist/server/compress/index.d.ts +6 -0
package/dist/server/compress/index.d.ts.map +1 -1
package/dist/server/compress/index.js +36 -1
package/dist/server/compress/index.js.map +1 -1
package/dist/server/cookies/index.d.ts +6 -6
package/dist/server/cookies/index.d.ts.map +1 -1
package/dist/server/cookies/index.js +3 -3
package/dist/server/cookies/index.js.map +1 -1
package/dist/server/core/index.browser.js +2 -2
package/dist/server/core/index.browser.js.map +1 -1
package/dist/server/core/index.d.ts +242 -150
package/dist/server/core/index.d.ts.map +1 -1
package/dist/server/core/index.js +294 -125
package/dist/server/core/index.js.map +1 -1
package/dist/server/cors/index.d.ts +11 -12
package/dist/server/cors/index.d.ts.map +1 -1
package/dist/server/health/index.d.ts +0 -1
package/dist/server/health/index.d.ts.map +1 -1
package/dist/server/helmet/index.d.ts +2 -2
package/dist/server/helmet/index.d.ts.map +1 -1
package/dist/server/links/index.browser.js.map +1 -1
package/dist/server/links/index.d.ts +123 -124
package/dist/server/links/index.d.ts.map +1 -1
package/dist/server/links/index.js +1 -2
package/dist/server/links/index.js.map +1 -1
package/dist/server/metrics/index.d.ts.map +1 -1
package/dist/server/multipart/index.d.ts +6 -6
package/dist/server/multipart/index.d.ts.map +1 -1
package/dist/server/proxy/index.d.ts +102 -103
package/dist/server/proxy/index.d.ts.map +1 -1
package/dist/server/rate-limit/index.d.ts +16 -16
package/dist/server/rate-limit/index.d.ts.map +1 -1
package/dist/server/static/index.d.ts +44 -44
package/dist/server/static/index.d.ts.map +1 -1
package/dist/server/static/index.js +4 -0
package/dist/server/static/index.js.map +1 -1
package/dist/server/swagger/index.d.ts +48 -49
package/dist/server/swagger/index.d.ts.map +1 -1
package/dist/server/swagger/index.js +3 -5
package/dist/server/swagger/index.js.map +1 -1
package/dist/sms/index.d.ts +13 -11
package/dist/sms/index.d.ts.map +1 -1
package/dist/sms/index.js +7 -7
package/dist/sms/index.js.map +1 -1
package/dist/thread/index.d.ts +71 -72
package/dist/thread/index.d.ts.map +1 -1
package/dist/topic/core/index.d.ts +318 -318
package/dist/topic/core/index.d.ts.map +1 -1
package/dist/topic/redis/index.d.ts +6 -6
package/dist/topic/redis/index.d.ts.map +1 -1
package/dist/vite/index.d.ts +5805 -249
package/dist/vite/index.d.ts.map +1 -1
package/dist/vite/index.js +599 -513
package/dist/vite/index.js.map +1 -1
package/dist/websocket/index.browser.js +6 -6
package/dist/websocket/index.browser.js.map +1 -1
package/dist/websocket/index.d.ts +247 -247
package/dist/websocket/index.d.ts.map +1 -1
package/dist/websocket/index.js +6 -6
package/dist/websocket/index.js.map +1 -1
package/package.json +9 -14
package/src/api/files/controllers/AdminFileStatsController.ts +0 -1
package/src/api/users/atoms/realmAuthSettingsAtom.ts +5 -0
package/src/api/users/controllers/{UserRealmController.ts → RealmController.ts} +11 -11
package/src/api/users/entities/users.ts +1 -1
package/src/api/users/index.ts +8 -8
package/src/api/users/primitives/{$userRealm.ts → $realm.ts} +17 -19
package/src/api/users/providers/{UserRealmProvider.ts → RealmProvider.ts} +26 -30
package/src/api/users/schemas/{userRealmConfigSchema.ts → realmConfigSchema.ts} +2 -2
package/src/api/users/services/CredentialService.ts +7 -7
package/src/api/users/services/IdentityService.ts +4 -4
package/src/api/users/services/RegistrationService.spec.ts +25 -27
package/src/api/users/services/RegistrationService.ts +38 -27
package/src/api/users/services/SessionCrudService.ts +3 -3
package/src/api/users/services/SessionService.spec.ts +3 -3
package/src/api/users/services/SessionService.ts +28 -9
package/src/api/users/services/UserService.ts +7 -7
package/src/batch/providers/BatchProvider.ts +1 -2
package/src/cli/apps/AlephaCli.ts +0 -2
package/src/cli/apps/AlephaPackageBuilderCli.ts +38 -19
package/src/cli/assets/apiHelloControllerTs.ts +18 -0
package/src/cli/assets/apiIndexTs.ts +16 -0
package/src/cli/assets/claudeMd.ts +303 -0
package/src/cli/assets/mainBrowserTs.ts +2 -2
package/src/cli/assets/mainServerTs.ts +24 -0
package/src/cli/assets/webAppRouterTs.ts +15 -0
package/src/cli/assets/webHelloComponentTsx.ts +16 -0
package/src/cli/assets/webIndexTs.ts +16 -0
package/src/cli/atoms/buildOptions.ts +88 -0
package/src/cli/commands/build.ts +70 -87
package/src/cli/commands/db.ts +21 -22
package/src/cli/commands/deploy.ts +17 -5
package/src/cli/commands/dev.ts +22 -14
package/src/cli/commands/format.ts +8 -2
package/src/cli/commands/gen/env.ts +53 -0
package/src/cli/commands/gen/openapi.ts +1 -1
package/src/cli/commands/gen/resource.ts +15 -0
package/src/cli/commands/gen.ts +7 -1
package/src/cli/commands/init.ts +74 -30
package/src/cli/commands/lint.ts +8 -2
package/src/cli/commands/test.ts +8 -3
package/src/cli/commands/typecheck.ts +5 -1
package/src/cli/commands/verify.ts +5 -3
package/src/cli/defineConfig.ts +49 -7
package/src/cli/index.ts +0 -1
package/src/cli/services/AlephaCliUtils.ts +39 -589
package/src/cli/services/PackageManagerUtils.ts +301 -0
package/src/cli/services/ProjectScaffolder.ts +306 -0
package/src/command/helpers/Runner.spec.ts +2 -2
package/src/command/helpers/Runner.ts +16 -4
package/src/command/primitives/$command.ts +0 -6
package/src/command/providers/CliProvider.ts +1 -3
package/src/core/Alepha.ts +42 -0
package/src/core/__tests__/Alepha-graph.spec.ts +4 -0
package/src/core/index.shared.ts +1 -0
package/src/core/index.ts +2 -0
package/src/core/primitives/$hook.ts +6 -2
package/src/core/primitives/$module.spec.ts +4 -0
package/src/core/providers/AlsProvider.ts +1 -1
package/src/core/providers/CodecManager.spec.ts +12 -6
package/src/core/providers/CodecManager.ts +26 -6
package/src/core/providers/EventManager.ts +169 -13
package/src/core/providers/KeylessJsonSchemaCodec.spec.ts +621 -0
package/src/core/providers/KeylessJsonSchemaCodec.ts +407 -0
package/src/core/providers/StateManager.spec.ts +27 -16
package/src/email/providers/LocalEmailProvider.spec.ts +111 -87
package/src/email/providers/LocalEmailProvider.ts +52 -15
package/src/email/providers/NodemailerEmailProvider.ts +167 -56
package/src/file/errors/FileError.ts +7 -0
package/src/file/index.ts +9 -1
package/src/file/providers/MemoryFileSystemProvider.ts +393 -0
package/src/logger/index.ts +15 -3
package/src/mcp/transports/StdioMcpTransport.ts +1 -1
package/src/orm/index.browser.ts +1 -19
package/src/orm/index.bun.ts +77 -0
package/src/orm/index.shared-server.ts +22 -0
package/src/orm/index.shared.ts +15 -0
package/src/orm/index.ts +13 -39
package/src/orm/providers/drivers/BunPostgresProvider.ts +3 -5
package/src/orm/providers/drivers/BunSqliteProvider.ts +1 -1
package/src/orm/providers/drivers/CloudflareD1Provider.ts +4 -0
package/src/orm/providers/drivers/DatabaseProvider.ts +4 -0
package/src/orm/providers/drivers/PglitePostgresProvider.ts +4 -0
package/src/orm/services/Repository.ts +8 -0
package/src/queue/core/providers/WorkerProvider.spec.ts +48 -32
package/src/redis/index.bun.ts +35 -0
package/src/redis/providers/BunRedisProvider.ts +12 -43
package/src/redis/providers/BunRedisSubscriberProvider.ts +2 -3
package/src/redis/providers/NodeRedisProvider.ts +16 -34
package/src/{server/security → security}/__tests__/BasicAuth.spec.ts +11 -11
package/src/{server/security → security}/__tests__/ServerSecurityProvider-realm.spec.ts +21 -16
package/src/{server/security/providers → security/__tests__}/ServerSecurityProvider.spec.ts +5 -5
package/src/security/index.browser.ts +5 -0
package/src/security/index.ts +90 -7
package/src/security/primitives/{$realm.spec.ts → $issuer.spec.ts} +11 -11
package/src/security/primitives/{$realm.ts → $issuer.ts} +20 -17
package/src/security/primitives/$role.ts +5 -5
package/src/security/primitives/$serviceAccount.spec.ts +5 -5
package/src/security/primitives/$serviceAccount.ts +3 -3
package/src/{server/security → security}/providers/ServerSecurityProvider.ts +5 -7
package/src/server/auth/primitives/$auth.ts +10 -10
package/src/server/auth/primitives/$authCredentials.ts +3 -3
package/src/server/auth/primitives/$authGithub.ts +3 -3
package/src/server/auth/primitives/$authGoogle.ts +3 -3
package/src/server/auth/providers/ServerAuthProvider.ts +13 -13
package/src/server/cache/providers/ServerCacheProvider.spec.ts +183 -0
package/src/server/cache/providers/ServerCacheProvider.ts +95 -10
package/src/server/compress/providers/ServerCompressProvider.ts +61 -2
package/src/server/cookies/providers/ServerCookiesProvider.ts +3 -3
package/src/server/core/helpers/ServerReply.ts +2 -2
package/src/server/core/providers/NodeHttpServerProvider.ts +25 -6
package/src/server/core/providers/ServerBodyParserProvider.ts +19 -23
package/src/server/core/providers/ServerLoggerProvider.ts +23 -19
package/src/server/core/providers/ServerProvider.ts +155 -22
package/src/server/core/providers/ServerRouterProvider.ts +259 -115
package/src/server/core/providers/ServerTimingProvider.ts +2 -2
package/src/server/links/index.ts +1 -1
package/src/server/links/providers/LinkProvider.ts +1 -1
package/src/server/static/providers/ServerStaticProvider.ts +10 -0
package/src/server/swagger/index.ts +1 -1
package/src/server/swagger/providers/ServerSwaggerProvider.ts +5 -8
package/src/sms/providers/LocalSmsProvider.spec.ts +153 -111
package/src/sms/providers/LocalSmsProvider.ts +8 -7
package/src/vite/helpers/boot.ts +28 -17
package/src/vite/helpers/importViteReact.ts +13 -0
package/src/vite/index.ts +1 -21
package/src/vite/plugins/viteAlephaDev.ts +16 -1
package/src/vite/plugins/viteAlephaSsrPreload.ts +222 -0
package/src/vite/tasks/buildClient.ts +11 -0
package/src/vite/tasks/buildServer.ts +59 -4
package/src/vite/tasks/devServer.ts +71 -0
package/src/vite/tasks/generateCloudflare.ts +7 -0
package/src/vite/tasks/index.ts +2 -1
package/dist/server/security/index.browser.js +0 -13
package/dist/server/security/index.browser.js.map +0 -1
package/dist/server/security/index.d.ts +0 -173
package/dist/server/security/index.d.ts.map +0 -1
package/dist/server/security/index.js +0 -311
package/dist/server/security/index.js.map +0 -1
package/src/cli/assets/appRouterTs.ts +0 -9
package/src/cli/assets/mainTs.ts +0 -13
package/src/cli/assets/viteConfigTs.ts +0 -14
package/src/cli/commands/run.ts +0 -24
package/src/server/security/index.browser.ts +0 -10
package/src/server/security/index.ts +0 -94
package/src/vite/plugins/viteAlepha.ts +0 -37
package/src/vite/plugins/viteAlephaBuild.ts +0 -281
/package/src/{server/security → security}/primitives/$basicAuth.ts +0 -0
/package/src/{server/security → security}/providers/ServerBasicAuthProvider.ts +0 -0

package/src/security/primitives/$role.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { $inject, createPrimitive, KIND, Primitive } from "alepha";
 import { SecurityProvider } from "../providers/SecurityProvider.ts";
+import type { IssuerPrimitive } from "./$issuer.ts";
 import type { PermissionPrimitive } from "./$permission.ts";
-import type { RealmPrimitive } from "./$realm.ts";
 /**
  * Create a new role.
@@ -23,7 +23,7 @@ export interface RolePrimitiveOptions {
    */
   description?: string;
-  realm?: string | RealmPrimitive;
+  issuer?: string | IssuerPrimitive;
   permissions?: Array<
     | string
@@ -60,10 +60,10 @@ export class RolePrimitive extends Primitive<RolePrimitiveOptions> {
   }
   /**
-   * Get the realm of the role.
+   * Get the issuer of the role.
    */
-  public get realm(): string | RealmPrimitive | undefined {
-    return this.options.realm;
+  public get issuer(): string | IssuerPrimitive | undefined {
+    return this.options.issuer;
   }
   public can(permission: string | PermissionPrimitive): boolean {

package/src/security/primitives/$serviceAccount.spec.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { Alepha } from "alepha";
 import { DateTimeProvider } from "alepha/datetime";
 import { describe, expect, it } from "vitest";
-import { $realm, $serviceAccount } from "../index.ts";
+import { $issuer, $serviceAccount } from "../index.ts";
 class App {
   oauth2 = $serviceAccount({
@@ -16,12 +16,12 @@ class App {
     expiresIn: 300, // 5 minutes
   };
-  realm = $realm({
-    secret: "your-realm-secret",
+  issuer = $issuer({
+    secret: "your-issuer-secret",
   });
   jwt = $serviceAccount({
-    realm: this.realm,
+    issuer: this.issuer,
     user: {
       id: "service-account",
     },
@@ -42,7 +42,7 @@ describe("$serviceAccount", () => {
     );
     expect(payload).toEqual({
       sub: expect.any(String),
-      aud: "realm",
+      aud: "issuer",
       iat: expect.any(Number),
       exp: expect.any(Number),
       sid: expect.any(String),

package/src/security/primitives/$serviceAccount.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { $context } from "alepha";
 import { DateTimeProvider } from "alepha/datetime";
 import type { UserAccount } from "../schemas/userAccountInfoSchema.ts";
-import type { AccessTokenResponse, RealmPrimitive } from "./$realm.ts";
+import type { AccessTokenResponse, IssuerPrimitive } from "./$issuer.ts";
 /**
  * Allow to get an access token for a service account.
@@ -138,7 +138,7 @@ export const $serviceAccount = (
         return tokenFromCache;
       }
-      const token = await options.realm.createToken(options.user);
+      const token = await options.issuer.createToken(options.user);
       cacheToken({
         ...token,
@@ -157,7 +157,7 @@ export type ServiceAccountPrimitiveOptions = {
       oauth2: Oauth2ServiceAccountPrimitiveOptions;
     }
   | {
-      realm: RealmPrimitive;
+      issuer: IssuerPrimitive;
       user: UserAccount;
     }
 );

package/src/{server/security → security}/providers/ServerSecurityProvider.ts RENAMED Viewed

@@ -1,19 +1,17 @@
 import { randomUUID } from "node:crypto";
 import { $hook, $inject, Alepha } from "alepha";
 import { $logger } from "alepha/logger";
-import {
-  JwtProvider,
-  type Permission,
-  SecurityProvider,
-  type UserAccountToken,
-  userAccountInfoSchema,
-} from "alepha/security";
 import {
   $action,
   ForbiddenError,
   type ServerRequest,
   UnauthorizedError,
 } from "alepha/server";
+import type { UserAccountToken } from "../interfaces/UserAccountToken.ts";
+import type { Permission } from "../schemas/permissionSchema.ts";
+import { userAccountInfoSchema } from "../schemas/userAccountInfoSchema.ts";
+import { JwtProvider } from "./JwtProvider.ts";
+import { SecurityProvider } from "./SecurityProvider.ts";
 import {
   type BasicAuthOptions,
   isBasicAuth,

package/src/server/auth/primitives/$auth.ts CHANGED Viewed

@@ -9,7 +9,7 @@ import {
 import { DateTimeProvider } from "alepha/datetime";
 import {
   type AccessTokenResponse,
-  type RealmPrimitive,
+  type IssuerPrimitive,
   SecurityError,
   SecurityProvider,
   type UserAccount,
@@ -105,10 +105,10 @@ export type AuthExternal = {
  * When using your own authentication system, e.g. using a database to store user accounts.
  * This is usually used with a custom login form.
  *
- * This relies on the `realm`, which is used to create/verify the access token.
+ * This relies on the `issuer`, which is used to create/verify the access token.
  */
 export type AuthInternal = {
-  realm: RealmPrimitive;
+  issuer: IssuerPrimitive;
 } & (
   | {
       /**
@@ -261,9 +261,9 @@ export class AuthPrimitive extends Primitive<AuthPrimitiveOptions> {
     return this.options.name ?? this.config.propertyKey;
   }
-  public get realm(): RealmPrimitive | undefined {
-    if ("realm" in this.options) {
-      return this.options.realm;
+  public get issuer(): IssuerPrimitive | undefined {
+    if ("issuer" in this.options) {
+      return this.options.issuer;
     }
     return undefined;
   }
@@ -308,13 +308,13 @@ export class AuthPrimitive extends Primitive<AuthPrimitiveOptions> {
     refreshToken: string,
     accessToken?: string,
   ): Promise<AccessTokenResponse> {
-    if ("realm" in this.options) {
-      return this.options.realm
+    if ("issuer" in this.options) {
+      return this.options.issuer
         .refreshToken(refreshToken, accessToken)
         .then((it) => it.tokens)
         .catch((error) => {
           throw new SecurityError(
-            "Failed to refresh access token using the refresh token (realm)",
+            "Failed to refresh access token using the refresh token (issuer)",
             {
               cause: error,
             },
@@ -337,7 +337,7 @@ export class AuthPrimitive extends Primitive<AuthPrimitiveOptions> {
     }
     throw new AlephaError(
-      "No realm or OAuth2 configuration available for refreshing the access token",
+      "No issuer or OAuth2 configuration available for refreshing the access token",
     );
   }

package/src/server/auth/primitives/$authCredentials.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { AlephaError } from "alepha";
-import type { RealmPrimitive } from "alepha/security";
+import type { IssuerPrimitive } from "alepha/security";
 import {
   $auth,
   type CredentialsFn,
@@ -13,7 +13,7 @@ import {
  * Uses username and password to authenticate users.
  */
 export const $authCredentials = (
-  realm: RealmPrimitive & WithLoginFn,
+  realm: IssuerPrimitive & WithLoginFn,
   options: Partial<CredentialsOptions> = {},
 ) => {
   const name = "credentials";
@@ -29,7 +29,7 @@ export const $authCredentials = (
   }
   return $auth({
-    realm,
+    issuer: realm,
     name,
     credentials: {
       account,

package/src/server/auth/primitives/$authGithub.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { $context, AlephaError, t } from "alepha";
-import type { RealmPrimitive } from "alepha/security";
+import type { IssuerPrimitive } from "alepha/security";
 import type { OAuth2Profile } from "../providers/ServerAuthProvider.ts";
 import {
   $auth,
@@ -19,7 +19,7 @@ import {
  * - `GITHUB_CLIENT_SECRET`: The client secret obtained from the GitHub Developer Settings.
  */
 export const $authGithub = (
-  realm: RealmPrimitive & WithLinkFn,
+  realm: IssuerPrimitive & WithLinkFn,
   options: Partial<OidcOptions> = {},
 ) => {
   const { alepha } = $context();
@@ -45,7 +45,7 @@ export const $authGithub = (
   }
   return $auth({
-    realm,
+    issuer: realm,
     name,
     oauth: {
       clientId: env.GITHUB_CLIENT_ID!,

package/src/server/auth/primitives/$authGoogle.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { $context, AlephaError, t } from "alepha";
-import type { RealmPrimitive } from "alepha/security";
+import type { IssuerPrimitive } from "alepha/security";
 import {
   $auth,
   type LinkAccountFn,
@@ -18,7 +18,7 @@ import {
  * - `GOOGLE_CLIENT_SECRET`: The client secret obtained from the Google Developer Console.
  */
 export const $authGoogle = (
-  realm: RealmPrimitive & WithLinkFn,
+  realm: IssuerPrimitive & WithLinkFn,
   options: Partial<OidcOptions> = {},
 ) => {
   const { alepha } = $context();
@@ -44,7 +44,7 @@ export const $authGoogle = (
   }
   return $auth({
-    realm,
+    issuer: realm,
     name,
     oidc: {
       issuer: "https://accounts.google.com",

package/src/server/auth/providers/ServerAuthProvider.ts CHANGED Viewed

@@ -71,8 +71,8 @@ export class ServerAuthProvider {
     for (const identity of this.identities) {
       if (filters.realmName) {
-        const realm = "realm" in identity.options && identity.options.realm;
-        if (!realm || realm.name !== filters.realmName) {
+        const issuer = identity.issuer;
+        if (!issuer || issuer.name !== filters.realmName) {
           continue;
         }
       }
@@ -145,7 +145,7 @@ export class ServerAuthProvider {
       // [feature] support for auth providers with fallback
       if (!request.headers.authorization) {
         for (const provider of this.identities) {
-          if (!("realm" in provider.options) && !!provider.options.fallback) {
+          if ("fallback" in provider.options && !!provider.options.fallback) {
             const token = await provider.options.fallback();
             if (token) {
               request.headers.authorization = `Bearer ${token}`;
@@ -340,8 +340,8 @@ export class ServerAuthProvider {
         realm: query.realm,
       });
-      const realm = "realm" in provider.options && provider.options.realm;
-      if (!realm) {
+      const issuer = provider.issuer;
+      if (!issuer) {
         throw new SecurityError(
           `Auth provider '${query.provider}' does not support password grant`,
         );
@@ -373,7 +373,7 @@ export class ServerAuthProvider {
       const tokens = {
         provider: query.provider,
-        ...(await realm.createToken(user)),
+        ...(await issuer.createToken(user)),
       };
       // for web applications, we store tokens in cookies
@@ -519,10 +519,10 @@ export class ServerAuthProvider {
       this.authorizationCode.del({ cookies });
-      const realm = "realm" in provider.options && provider.options.realm;
+      const issuer = provider.issuer;
       // external, full OIDC System (e.g. Keycloak, Auth0)
-      if (!realm) {
+      if (!issuer) {
         this.setTokens(externalTokens, cookies);
         reply.redirect(redirectUri);
         return;
@@ -531,7 +531,7 @@ export class ServerAuthProvider {
       // internal, we need to create our own tokens
       const user = await provider.user(externalTokens);
-      const tokens = await realm.createToken(user);
+      const tokens = await issuer.createToken(user);
       this.setTokens(
         {
@@ -570,9 +570,9 @@ export class ServerAuthProvider {
       this.tokens.del({ cookies });
       // for internal providers, we can delete the session - if available
-      if ("realm" in provider.options && tokens.refresh_token) {
+      if (provider.issuer && tokens.refresh_token) {
         const onDeleteSession =
-          provider.options.realm.options.settings?.onDeleteSession;
+          provider.issuer.options.settings?.onDeleteSession;
         if (onDeleteSession) {
           try {
             await onDeleteSession(tokens.refresh_token);
@@ -635,8 +635,8 @@ export class ServerAuthProvider {
         return false;
       }
-      // If realm filter is specified, match against provider's realm
-      if (realmName && identity.realm?.name !== realmName) {
+      // If realm filter is specified, match against provider's issuer
+      if (realmName && identity.issuer?.name !== realmName) {
         return false;
       }

package/src/server/cache/providers/ServerCacheProvider.spec.ts CHANGED Viewed

@@ -865,6 +865,189 @@ describe("ServerCacheProvider", () => {
     });
   });
+  describe("Stream caching support", () => {
+    test("should cache ReadableStream responses via tee", async ({
+      expect,
+    }) => {
+      // Create a simple ReadableStream that emits chunks
+      const chunks = ["Hello", " ", "World"];
+      const stream = new ReadableStream<Uint8Array>({
+        start(controller) {
+          const encoder = new TextEncoder();
+          for (const chunk of chunks) {
+            controller.enqueue(encoder.encode(chunk));
+          }
+          controller.close();
+        },
+      });
+      // Access the protected method via type assertion
+      const provider = cacheProvider as any;
+      const key = "test-stream-key";
+      // Collect the stream for cache
+      const hash = await provider.collectStreamForCache(
+        stream,
+        key,
+        200,
+        "text/html",
+        true,
+      );
+      expect(hash).toBeDefined();
+      expect(hash).toMatch(/^"[a-f0-9]+"$/); // ETag format
+      // Verify the cache contains the collected content
+      const cached = await provider.cache.get(key);
+      expect(cached).toBeDefined();
+      expect(cached.body).toBe("Hello World");
+      expect(cached.status).toBe(200);
+      expect(cached.contentType).toBe("text/html");
+    });
+    test("should tee stream so client and cache both receive data", async ({
+      expect,
+    }) => {
+      const encoder = new TextEncoder();
+      const chunks = ["<html>", "<body>", "Content", "</body>", "</html>"];
+      const originalStream = new ReadableStream<Uint8Array>({
+        start(controller) {
+          for (const chunk of chunks) {
+            controller.enqueue(encoder.encode(chunk));
+          }
+          controller.close();
+        },
+      });
+      // Tee the stream like ServerCacheProvider does
+      const [clientStream, cacheStream] = originalStream.tee();
+      // Read from client stream (simulates client receiving data)
+      const clientReader = clientStream.getReader();
+      const clientChunks: string[] = [];
+      const decoder = new TextDecoder();
+      while (true) {
+        const { done, value } = await clientReader.read();
+        if (done) break;
+        clientChunks.push(decoder.decode(value, { stream: true }));
+      }
+      clientChunks.push(decoder.decode()); // flush
+      // Read from cache stream (simulates cache collection)
+      const cacheReader = cacheStream.getReader();
+      const cacheChunks: string[] = [];
+      const cacheDecoder = new TextDecoder();
+      while (true) {
+        const { done, value } = await cacheReader.read();
+        if (done) break;
+        cacheChunks.push(cacheDecoder.decode(value, { stream: true }));
+      }
+      cacheChunks.push(cacheDecoder.decode()); // flush
+      // Both should receive the same data
+      const clientData = clientChunks.join("");
+      const cacheData = cacheChunks.join("");
+      expect(clientData).toBe("<html><body>Content</body></html>");
+      expect(cacheData).toBe("<html><body>Content</body></html>");
+      expect(clientData).toBe(cacheData);
+    });
+    test("should handle empty stream gracefully", async ({ expect }) => {
+      const stream = new ReadableStream<Uint8Array>({
+        start(controller) {
+          controller.close();
+        },
+      });
+      const provider = cacheProvider as any;
+      const key = "empty-stream-key";
+      const hash = await provider.collectStreamForCache(
+        stream,
+        key,
+        200,
+        "text/html",
+        true,
+      );
+      expect(hash).toBeDefined();
+      const cached = await provider.cache.get(key);
+      expect(cached).toBeDefined();
+      expect(cached.body).toBe("");
+    });
+    test("should handle large stream with multiple chunks", async ({
+      expect,
+    }) => {
+      const encoder = new TextEncoder();
+      const chunkCount = 100;
+      const chunkContent = "x".repeat(1000);
+      const stream = new ReadableStream<Uint8Array>({
+        start(controller) {
+          for (let i = 0; i < chunkCount; i++) {
+            controller.enqueue(encoder.encode(chunkContent));
+          }
+          controller.close();
+        },
+      });
+      const provider = cacheProvider as any;
+      const key = "large-stream-key";
+      const hash = await provider.collectStreamForCache(
+        stream,
+        key,
+        200,
+        "text/html",
+        false,
+      );
+      // hash should be undefined when generateEtag is false
+      expect(hash).toBeUndefined();
+      const cached = await provider.cache.get(key);
+      expect(cached).toBeDefined();
+      expect(cached.body.length).toBe(chunkCount * chunkContent.length);
+    });
+    test("should generate correct ETag for streamed content", async ({
+      expect,
+    }) => {
+      const content = "Test content for ETag";
+      const encoder = new TextEncoder();
+      const stream = new ReadableStream<Uint8Array>({
+        start(controller) {
+          controller.enqueue(encoder.encode(content));
+          controller.close();
+        },
+      });
+      const provider = cacheProvider as any;
+      // Generate ETag from stream
+      const streamHash = await provider.collectStreamForCache(
+        stream,
+        "etag-test-key",
+        200,
+        "text/html",
+        true,
+      );
+      // Generate ETag from string directly
+      const stringHash = cacheProvider.generateETag(content);
+      // Both should produce the same ETag
+      expect(streamHash).toBe(stringHash);
+    });
+  });
   describe("Error response caching", () => {
     test("should NOT cache 500 error responses", async ({ expect }) => {
       const response1 = await app.errorAction.fetch();

package/src/server/cache/providers/ServerCacheProvider.ts CHANGED Viewed

@@ -204,7 +204,7 @@ export class ServerCacheProvider {
   protected readonly onSend = $hook({
     on: "server:onSend",
-    handler: async ({ route, request }) => {
+    handler: ({ route, request }) => {
       // before sending the response, check if the ETag matches
       // and if so, return a 304 Not Modified response
       // -> this is only relevant for etag-only routes, not cached routes <-
@@ -261,24 +261,55 @@ export class ServerCacheProvider {
         return;
       }
-      // Only process string responses (text, html, json, etc.)
-      // Buffer is not supported by alepha/cache for now
-      if (typeof response.body !== "string") {
-        return;
-      }
       // Don't cache error responses (status >= 400)
       if (response.status && response.status >= 400) {
         return;
       }
+      // Initialize headers if not present
+      response.headers ??= {};
       const key = this.createCacheKey(route, request);
+      // Handle ReadableStream responses (e.g., SSR streaming)
+      if (response.body instanceof ReadableStream && shouldStore) {
+        // Tee the stream: one for client, one for cache collection
+        const [clientStream, cacheStream] = (
+          response.body as ReadableStream<Uint8Array>
+        ).tee();
+        // Replace response body with client stream (continues streaming to client)
+        response.body = clientStream as typeof response.body;
+        // Collect cache stream in background (non-blocking)
+        this.collectStreamForCache(
+          cacheStream,
+          key,
+          response.status,
+          response.headers?.["content-type"],
+          shouldUseEtag,
+        )
+          .then((hash) => {
+            if (shouldUseEtag && hash) {
+              // Note: headers already sent for streaming, etag only useful for future requests
+              this.log.trace("Stream cached with hash", { key, hash });
+            }
+          })
+          .catch((err) => {
+            this.log.warn("Failed to cache stream", { key, error: err });
+          });
+        return;
+      }
+      // Only process string responses (text, html, json, etc.)
+      if (typeof response.body !== "string") {
+        return;
+      }
       const generatedEtag = this.generateETag(response.body);
       const lastModified = this.time.toISOString();
-      // Initialize headers if not present
-      response.headers ??= {};
       // Store response if storing is enabled
       if (shouldStore) {
         this.log.trace("Storing response", {
@@ -404,6 +435,60 @@ export class ServerCacheProvider {
     return `${route.method}:${route.path.replaceAll(":", "")}:${params.join(",").replaceAll(":", "")}`;
   }
+  /**
+   * Collect a ReadableStream into a string and store it in the cache.
+   * This runs in the background while the original stream is sent to the client.
+   *
+   * @param stream - The stream to collect
+   * @param key - Cache key
+   * @param status - HTTP status code
+   * @param contentType - Content-Type header
+   * @param generateEtag - Whether to generate and return an ETag
+   * @returns The generated ETag hash, or undefined
+   */
+  protected async collectStreamForCache(
+    stream: ReadableStream<Uint8Array>,
+    key: string,
+    status: number | undefined,
+    contentType: string | undefined,
+    generateEtag: boolean,
+  ): Promise<string | undefined> {
+    const chunks: Uint8Array[] = [];
+    const reader = stream.getReader();
+    try {
+      while (true) {
+        const { done, value } = await reader.read();
+        if (done) break;
+        chunks.push(value);
+      }
+      // Combine chunks into a single string
+      const decoder = new TextDecoder();
+      const body =
+        chunks
+          .map((chunk) => decoder.decode(chunk, { stream: true }))
+          .join("") + decoder.decode(); // Flush remaining
+      const hash = this.generateETag(body);
+      const lastModified = this.time.toISOString();
+      this.log.trace("Storing streamed response", { key });
+      await this.cache.set(key, {
+        body,
+        status,
+        contentType,
+        lastModified,
+        hash,
+      });
+      return generateEtag ? hash : undefined;
+    } finally {
+      reader.releaseLock();
+    }
+  }
 }
 export type ServerRouteCache =