alepha 0.7.0 → 0.7.1

package/react.js

@@ -1,2 +1 @@
 export * from '@alepha/react';
-//# sourceMappingURL=react.js.map

package/redis.cjs

@@ -10,4 +10,3 @@ Object.keys(redis).forEach(function (k) {
 		get: function () { return redis[k]; }
 	});
 });
-//# sourceMappingURL=redis.cjs.map

package/redis.js

@@ -1,2 +1 @@
 export * from '@alepha/redis';
-//# sourceMappingURL=redis.js.map

package/retry.cjs

@@ -0,0 +1,12 @@
+'use strict';
+
+var retry = require('@alepha/retry');
+
+
+
+Object.keys(retry).forEach(function (k) {
+	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
+		enumerable: true,
+		get: function () { return retry[k]; }
+	});
+});

package/retry.d.ts

@@ -0,0 +1,68 @@
+import { MaybePromise } from '@alepha/core';
+
+/**
+ * Retry Descriptor options.
+ */
+interface RetryDescriptorOptions<T extends (...args: any[]) => any> {
+    /**
+     * Maximum number of attempts.
+     *
+     * @default 3
+     */
+    max?: number;
+    /**
+     * Delay in milliseconds.
+     *
+     * @default 0
+     */
+    delay?: number;
+    /**
+     * Optional condition to determine when to retry.
+     */
+    when?: (error: Error) => boolean;
+    /**
+     * The function to retry.
+     */
+    handler: T;
+    /**
+     * Optional error handler.
+     *
+     * This will be called when an error occurs.
+     *
+     * @default undefined
+     */
+    onError?: (error: Error, attempt: number, ...parameters: Parameters<T>) => void;
+}
+type RetryDescriptor<T extends (...args: any[]) => any> = (...parameters: Parameters<T>) => MaybePromise<ReturnType<T>>;
+/**
+ * `$retry` creates a retry descriptor.
+ *
+ * It will retry the given function up to `max` times with a delay of `delay` milliseconds between attempts.
+ *
+ * @example
+ * ```ts
+ * import { $retry } from "@alepha/core";
+ *
+ * class MyService {
+ * 	fetchData = $retry({
+ * 		max: 5, // maximum number of attempts
+ * 		delay: 1000, // ms
+ * 		when: (error) => error.message.includes("Network Error"),
+ * 		handler: async (url: string) => {
+ * 			const response = await fetch(url);
+ * 			if (!response.ok) {
+ * 				throw new Error(`Failed to fetch: ${response.statusText}`);
+ * 			}
+ * 			return response.json();
+ * 		},
+ * 		onError: (error, attempt, url) => {
+ * 	    // error happened, log it or handle it
+ * 			console.error(`Attempt ${attempt} failed for ${url}:`, error);
+ * 		},
+ * 	});
+ * }
+ * ```
+ */
+declare const $retry: <T extends (...args: any[]) => any>(opts: RetryDescriptorOptions<T>) => RetryDescriptor<T>;
+
+export { $retry, type RetryDescriptor, type RetryDescriptorOptions };

package/retry.js

@@ -0,0 +1 @@
+export * from '@alepha/retry';

package/scheduler.cjs

@@ -10,4 +10,3 @@ Object.keys(scheduler).forEach(function (k) {
 		get: function () { return scheduler[k]; }
 	});
 });
-//# sourceMappingURL=scheduler.cjs.map

package/scheduler.js

@@ -1,2 +1 @@
 export * from '@alepha/scheduler';
-//# sourceMappingURL=scheduler.js.map

package/security.cjs

@@ -10,4 +10,3 @@ Object.keys(security).forEach(function (k) {
 		get: function () { return security[k]; }
 	});
 });
-//# sourceMappingURL=security.cjs.map

package/security.d.ts

@@ -1,6 +1,7 @@
 import * as _alepha_core from '@alepha/core';
 import { Static as Static$1, KIND, OPTIONS, Alepha } from '@alepha/core';
-import { JWSHeaderParameters, FlattenedJWSInput, CryptoKey, KeyObject, JSONWebKeySet, JWTVerifyResult, JWTPayload, JWTHeaderParameters } from 'jose';
+import { JWTHeaderParameters, JWSHeaderParameters, FlattenedJWSInput, CryptoKey, KeyObject, JSONWebKeySet, JWTVerifyResult, JWTPayload } from 'jose';
+import { DateTimeProvider } from '@alepha/datetime';
 
 /**
  * Represents a User Account extracted from JWT.
@@ -18,6 +19,14 @@ interface UserAccountInfo {
      * User full name, if available.
      */
     name?: string;
+    /**
+     * User email, if available.
+     */
+    email?: string;
+    /**
+     * User profile picture URL, if available.
+     */
+    picture?: string;
     /**
      * Organization ID, if available.
      */
@@ -237,6 +246,7 @@ declare const roleSchema: TObject<{
     permissions: TArray<TObject<{
         name: TString;
         ownership: TOptional<TBoolean>;
+        exclude: TOptional<TArray<TString>>;
     }>>;
 }>;
 type Role = Static$1<typeof roleSchema>;
@@ -247,6 +257,7 @@ type Role = Static$1<typeof roleSchema>;
 declare class JwtProvider {
     protected readonly log: _alepha_core.Logger;
     protected readonly keystore: KeyLoaderHolder[];
+    protected readonly dateTimeProvider: DateTimeProvider;
     /**
      * Adds a key loader to the embedded keystore.
      *
@@ -312,7 +323,7 @@ interface KeyLoaderHolder {
 interface JwtSignOptions {
     issuedAt?: boolean;
     protectedHeader?: JWTHeaderParameters;
-    expiresIn?: string | number;
+    expiresIn?: number;
 }
 interface ExtendedJWTPayload extends JWTPayload {
     name?: string;
@@ -395,11 +406,11 @@ declare class SecurityProvider {
      * Creates a user account from the provided payload.
      *
      * @param payload - The payload to create the user account from.
-     * @param [realm] - The realm containing the roles. Default is all.
+     * @param [realmName] - The realm containing the roles. Default is all.
      *
      * @returns The user info created from the payload.
      */
-    createInfoFromPayload(payload: JWTPayload, realm?: string): UserAccountInfo;
+    createInfoFromPayload(payload: JWTPayload, realmName?: string): UserAccountInfo;
     /**
      * Checks if the user has the specified permission.
      *
@@ -423,7 +434,11 @@ declare class SecurityProvider {
      * @param permission - The permission to check for.
      * @returns True if the user has the role, false otherwise.
      */
-    can(role: string, permission: string | Permission): boolean;
+    can(roleName: string, permission: string | Permission): boolean;
+    /**
+     * Checks if a user has ownership of a specific permission.
+     */
+    ownership(roleName: string, permission: string | Permission): string | boolean | undefined;
     /**
      * Converts a permission object to a string.
      *
@@ -461,6 +476,8 @@ declare class SecurityProvider {
      * @return An array of role strings.
      */
     getRolesFromPayload(payload: Record<string, any>): string[];
+    getPictureFromPayload(payload: Record<string, any>): string | undefined;
+    getEmailFromPayload(payload: Record<string, any>): string | undefined;
     /**
      * Returns the name from the given payload.
      *
@@ -494,6 +511,7 @@ interface Realm {
      * This is useful when you want to use a custom user provider for a specific realm.
      */
     userAccountProvider?: SecurityUserAccountProvider;
+    onLoadUser?: (user: UserAccountInfo) => Promise<void> | void;
 }
 interface SecurityUserAccountProvider {
     jwks: string | undefined;
@@ -532,7 +550,7 @@ interface RealmDescriptorOptions {
      *
      * Note: You can skip this if you are using a user account provider with JWKS.
      */
-    secret?: string | JSONWebKeySet;
+    secret?: string | JSONWebKeySet | (() => string);
     /**
      * Attach a user account provider to the realm to manage roles.
      * For example, you can use a KeycloakUserProvider to automatically create realm roles inside Keycloak.
@@ -596,41 +614,62 @@ declare const $role: {
 };
 
 /**
- * Create a service account that can be used to authenticate with a OAUTH2 server.
+ * Allow to get an access token for a service account.
+ *
+ * You have some options to configure the service account:
+ * - a OAUTH2 URL using client credentials grant type
+ * - a JWT secret shared between the services
+ *
+ * @example
+ * ```ts
+ * import { $serviceAccount } from "@alepha/security";
  *
- * @param options
+ * class MyService {
+ *   serviceAccount = $serviceAccount({
+ *     oauth2: {
+ *       url: "https://example.com/oauth2/token",
+ *       clientId: "your-client-id",
+ *       clientSecret: "your-client-secret",
+ *     }
+ *   });
+ *
+ *   async fetchData() {
+ *     const token = await this.serviceAccount.token();
+ *     // or
+ *     const response = await this.serviceAccount.fetch("https://api.example.com/data");
+ *   }
+ * }
+ * ```
  */
 declare const $serviceAccount: (options: ServiceAccountDescriptorOptions) => ServiceAccountDescriptor;
 type ServiceAccountDescriptorOptions = {
-    oauth2: {
-        /**
-         * Get Token URL.
-         */
-        url: string;
-        /**
-         * Client ID.
-         */
-        clientId: string;
-        /**
-         * Client Secret.
-         */
-        clientSecret: string;
-        /**
-         * Scopes to request.
-         */
-        scope?: string;
-    };
+    gracePeriod?: number;
+} & ({
+    oauth2: Oauth2ServiceAccountDescriptorOptions;
 } | {
-    jwt: {
-        secret: string;
-        roles?: string[];
-    };
-};
+    jwt: JwtServiceAccountDescriptorOptions;
+});
+interface JwtServiceAccountDescriptorOptions {
+    secret: string;
+    roles?: string[];
+    signOptions?: JwtSignOptions;
+}
+interface Oauth2ServiceAccountDescriptorOptions {
+    /**
+     * Get Token URL.
+     */
+    url: string;
+    /**
+     * Client ID.
+     */
+    clientId: string;
+    /**
+     * Client Secret.
+     */
+    clientSecret: string;
+}
 interface ServiceAccountDescriptor {
-    options: ServiceAccountDescriptorOptions;
-    store: ServiceAccountStore;
     token: () => Promise<string>;
-    fetch(url: string, options?: RequestInit): Promise<Response>;
 }
 interface AccessTokenResponse {
     access_token: string;
@@ -650,9 +689,17 @@ declare class SecurityError extends Error {
     readonly code = "ERR_SECURITY";
 }
 
+declare module "alepha/core" {
+    interface Hooks {
+        "security:user:created": {
+            realm: string;
+            user: UserAccountInfo;
+        };
+    }
+}
 declare class SecurityModule {
     protected readonly alepha: Alepha;
     constructor();
 }
 
-export { $permission, $realm, $role, $serviceAccount, type AccessTokenResponse, type ExtendedJWTPayload, InvalidPermissionError, type JwtParseResult, JwtProvider, type JwtSignOptions, type KeyLoader, type KeyLoaderHolder, type Permission, type PermissionDescriptor, type PermissionDescriptorOptions, type Realm, type RealmConfig, type RealmDescriptor, type RealmDescriptorOptions, type Role, type RoleDescriptor, type RoleDescriptorOptions, type SecurityCheckResult, SecurityError, SecurityModule, SecurityProvider, type SecurityUserAccountProvider, type ServiceAccountDescriptor, type ServiceAccountDescriptorOptions, type ServiceAccountStore, type UserAccountInfo, type UserAccountToken, permissionSchema, roleSchema };
+export { $permission, $realm, $role, $serviceAccount, type AccessTokenResponse, type ExtendedJWTPayload, InvalidPermissionError, type JwtParseResult, JwtProvider, type JwtServiceAccountDescriptorOptions, type JwtSignOptions, type KeyLoader, type KeyLoaderHolder, type Oauth2ServiceAccountDescriptorOptions, type Permission, type PermissionDescriptor, type PermissionDescriptorOptions, type Realm, type RealmConfig, type RealmDescriptor, type RealmDescriptorOptions, type Role, type RoleDescriptor, type RoleDescriptorOptions, type SecurityCheckResult, SecurityError, SecurityModule, SecurityProvider, type SecurityUserAccountProvider, type ServiceAccountDescriptor, type ServiceAccountDescriptorOptions, type ServiceAccountStore, type UserAccountInfo, type UserAccountToken, permissionSchema, roleSchema };

package/security.js

@@ -1,2 +1 @@
 export * from '@alepha/security';
-//# sourceMappingURL=security.js.map

package/server/cookies.cjs

@@ -10,4 +10,3 @@ Object.keys(serverCookies).forEach(function (k) {
 		get: function () { return serverCookies[k]; }
 	});
 });
-//# sourceMappingURL=cookies.cjs.map

package/server/cookies.d.ts

@@ -44,7 +44,7 @@ declare class ServerCookiesProvider {
     readonly onRequest: _alepha_core.HookDescriptor<"server:onRequest">;
     readonly onSend: _alepha_core.HookDescriptor<"server:onSend">;
     fromHeader(header: string): Record<string, string>;
-    toHeader(cookies: Record<string, Cookie | null>): string[];
+    toHeader(cookies: Record<string, Cookie | null>, isHttps?: boolean): string[];
 }
 
 declare module "alepha/server" {

package/server/cookies.js

@@ -1,2 +1 @@
 export * from '@alepha/server-cookies';
-//# sourceMappingURL=cookies.js.map

package/server/metrics.cjs

@@ -10,4 +10,3 @@ Object.keys(serverMetrics).forEach(function (k) {
 		get: function () { return serverMetrics[k]; }
 	});
 });
-//# sourceMappingURL=metrics.cjs.map

package/server/metrics.js

@@ -1,2 +1 @@
 export * from '@alepha/server-metrics';
-//# sourceMappingURL=metrics.js.map

package/server/proxy.cjs

@@ -10,4 +10,3 @@ Object.keys(serverProxy).forEach(function (k) {
 		get: function () { return serverProxy[k]; }
 	});
 });
-//# sourceMappingURL=proxy.cjs.map

package/server/proxy.js

@@ -1,2 +1 @@
 export * from '@alepha/server-proxy';
-//# sourceMappingURL=proxy.js.map

package/server/static.cjs

@@ -10,4 +10,3 @@ Object.keys(serverStatic).forEach(function (k) {
 		get: function () { return serverStatic[k]; }
 	});
 });
-//# sourceMappingURL=static.cjs.map

package/server/static.d.ts

@@ -94,6 +94,7 @@ declare class ServerStaticProvider {
     list(name: string): string[];
     serve(options: ServeDescriptorOptions): Promise<void>;
     createFileHandler(filepath: string, options: ServeDescriptorOptions): Promise<ServerHandler>;
+    protected getCacheFileTypes(): string[];
     protected getCacheControl(filename: string, options: ServeDescriptorOptions): {
         maxAge: number;
         immutable: boolean;

package/server/static.js

@@ -1,2 +1 @@
 export * from '@alepha/server-static';
-//# sourceMappingURL=static.js.map

package/server/swagger.cjs

@@ -10,4 +10,3 @@ Object.keys(serverSwagger).forEach(function (k) {
 		get: function () { return serverSwagger[k]; }
 	});
 });
-//# sourceMappingURL=swagger.cjs.map

package/server/swagger.js

@@ -1,2 +1 @@
 export * from '@alepha/server-swagger';
-//# sourceMappingURL=swagger.js.map

package/server.cjs

@@ -10,4 +10,3 @@ Object.keys(server).forEach(function (k) {
 		get: function () { return server[k]; }
 	});
 });
-//# sourceMappingURL=server.cjs.map