alepha 0.9.1 → 0.9.3

package/security.d.ts

@@ -1,43 +1,26 @@
-import * as _alepha_core0$1 from "alepha";
+import * as _alepha_core2 from "alepha";
+import * as _alepha_core3 from "alepha";
 import * as _alepha_core1 from "alepha";
 import * as _alepha_core0 from "alepha";
 import { Alepha, Descriptor, KIND, Static } from "alepha";
-import { DateTimeProvider } from "alepha/datetime";
+import { DateTimeProvider, Duration, DurationLike } from "alepha/datetime";
 import { CryptoKey, FlattenedJWSInput, JSONWebKeySet, JWSHeaderParameters, JWTHeaderParameters, JWTPayload, JWTVerifyResult, KeyObject } from "jose";
 import * as _sinclair_typebox0 from "@sinclair/typebox";
-import * as _sinclair_typebox9 from "@sinclair/typebox";
+import * as _sinclair_typebox13 from "@sinclair/typebox";
+import * as _sinclair_typebox23 from "@sinclair/typebox";
+import { JWTVerifyOptions } from "jose/jwt/verify";
 
-//#region src/interfaces/UserAccountInfo.d.ts
-/**
- * Represents a User Account extracted from JWT.
- */
-interface UserAccountInfo {
-  /**
-   * ID of user account. Based on JWT.sub.
-   */
-  id: string;
-  /**
-   * Represents the roles assigned to a user.
-   */
-  roles?: string[];
-  /**
-   * User full name, if available.
-   */
-  name?: string;
-  /**
-   * User email, if available.
-   */
-  email?: string;
-  /**
-   * User profile picture URL, if available.
-   */
-  picture?: string;
-  /**
-   * Organization ID, if available.
-   */
-  organization?: string;
-}
-//# sourceMappingURL=UserAccountInfo.d.ts.map
+//#region src/schemas/userAccountInfoSchema.d.ts
+declare const userAccountInfoSchema: _sinclair_typebox0.TObject<{
+  id: _sinclair_typebox0.TString;
+  name: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
+  email: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
+  picture: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
+  organizations: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
+  roles: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
+}>;
+type UserAccountInfo = Static<typeof userAccountInfoSchema>;
+//# sourceMappingURL=userAccountInfoSchema.d.ts.map
 //#endregion
 //#region src/interfaces/UserAccountToken.d.ts
 interface UserAccountToken extends UserAccountInfo {
@@ -55,25 +38,25 @@ interface UserAccountToken extends UserAccountInfo {
 //# sourceMappingURL=UserAccountToken.d.ts.map
 //#endregion
 //#region src/schemas/permissionSchema.d.ts
-declare const permissionSchema: _sinclair_typebox0.TObject<{
-  name: _sinclair_typebox0.TString;
-  group: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  description: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  method: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  path: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
+declare const permissionSchema: _sinclair_typebox13.TObject<{
+  name: _sinclair_typebox13.TString;
+  group: _sinclair_typebox13.TOptional<_sinclair_typebox13.TString>;
+  description: _sinclair_typebox13.TOptional<_sinclair_typebox13.TString>;
+  method: _sinclair_typebox13.TOptional<_sinclair_typebox13.TString>;
+  path: _sinclair_typebox13.TOptional<_sinclair_typebox13.TString>;
 }>;
 type Permission = Static<typeof permissionSchema>;
 //# sourceMappingURL=permissionSchema.d.ts.map
 //#endregion
 //#region src/schemas/roleSchema.d.ts
-declare const roleSchema: _sinclair_typebox9.TObject<{
-  name: _sinclair_typebox9.TString;
-  description: _sinclair_typebox9.TOptional<_sinclair_typebox9.TString>;
-  default: _sinclair_typebox9.TOptional<_sinclair_typebox9.TBoolean>;
-  permissions: _sinclair_typebox9.TArray<_sinclair_typebox9.TObject<{
-    name: _sinclair_typebox9.TString;
-    ownership: _sinclair_typebox9.TOptional<_sinclair_typebox9.TBoolean>;
-    exclude: _sinclair_typebox9.TOptional<_sinclair_typebox9.TArray<_sinclair_typebox9.TString>>;
+declare const roleSchema: _sinclair_typebox23.TObject<{
+  name: _sinclair_typebox23.TString;
+  description: _sinclair_typebox23.TOptional<_sinclair_typebox23.TString>;
+  default: _sinclair_typebox23.TOptional<_sinclair_typebox23.TBoolean>;
+  permissions: _sinclair_typebox23.TArray<_sinclair_typebox23.TObject<{
+    name: _sinclair_typebox23.TString;
+    ownership: _sinclair_typebox23.TOptional<_sinclair_typebox23.TBoolean>;
+    exclude: _sinclair_typebox23.TOptional<_sinclair_typebox23.TArray<_sinclair_typebox23.TString>>;
   }>>;
 }>;
 type Role = Static<typeof roleSchema>;
@@ -84,9 +67,10 @@ type Role = Static<typeof roleSchema>;
  * Provides utilities for working with JSON Web Tokens (JWT).
  */
 declare class JwtProvider {
-  protected readonly log: _alepha_core0$1.Logger;
+  protected readonly log: _alepha_core2.Logger;
   protected readonly keystore: KeyLoaderHolder[];
   protected readonly dateTimeProvider: DateTimeProvider;
+  protected readonly encoder: TextEncoder;
   /**
    * Adds a key loader to the embedded keystore.
    *
@@ -101,30 +85,17 @@ declare class JwtProvider {
    *
    * @return A Promise that resolves with the payload object from the token.
    */
-  parse(token: string): Promise<JwtParseResult>;
+  parse(token: string, keyName?: string, options?: JWTVerifyOptions): Promise<JwtParseResult>;
   /**
    * Creates a JWT token with the provided payload and secret key.
    *
    * @param payload - The payload to be encoded in the token.
    * 	It should include the `realm_access` property which contains an array of roles.
    * @param keyName - The name of the key to use when signing the token.
-   * @param signOptions - The options to use when signing the token.
    *
    * @returns The signed JWT token.
    */
   create(payload: ExtendedJWTPayload, keyName?: string, signOptions?: JwtSignOptions): Promise<string>;
-  /**
-   * Retrieves the options to use when signing a JWT token.
-   *
-   * @returns The JWT sign options.
-   */
-  signOptions(): JwtSignOptions;
-  /**
-   * Retrieves the first secret key from the keystore.
-   *
-   * @protected
-   */
-  protected getFirstSecretKey(): string | undefined;
   /**
    * Determines if the provided key is a secret key.
    *
@@ -132,16 +103,6 @@ declare class JwtProvider {
    * @protected
    */
   protected isSecretKey(key: string): boolean;
-  /**
-   * Try to find a realm name or something similar in the token.
-   *
-   * This is useful when the token is not encrypted and API has multiple realms.
-   * Instead of trying to verify the token with all keys, we can try to find the key !
-   *
-   * @param token
-   * @protected
-   */
-  protected tryToGetKeyLoaderFromToken(token: string): KeyLoaderHolder | undefined;
 }
 type KeyLoader = (protectedHeader?: JWSHeaderParameters, token?: FlattenedJWSInput) => Promise<CryptoKey | KeyObject>;
 interface KeyLoaderHolder {
@@ -150,13 +111,13 @@ interface KeyLoaderHolder {
   secretKey?: string;
 }
 interface JwtSignOptions {
-  issuedAt?: boolean;
-  protectedHeader?: JWTHeaderParameters;
-  expiresIn?: number;
+  header?: Partial<JWTHeaderParameters>;
 }
 interface ExtendedJWTPayload extends JWTPayload {
   name?: string;
   roles?: string[];
+  email?: string;
+  organizations?: string[];
   realm_access?: {
     roles: string[];
   };
@@ -168,8 +129,8 @@ interface JwtParseResult {
 //# sourceMappingURL=JwtProvider.d.ts.map
 //#endregion
 //#region src/providers/SecurityProvider.d.ts
-declare const envSchema: _alepha_core1.TObject<{
-  SECURITY_SECRET_KEY: _alepha_core1.TString;
+declare const envSchema: _alepha_core3.TObject<{
+  SECURITY_SECRET_KEY: _alepha_core3.TString;
 }>;
 declare module "alepha" {
   interface Env extends Partial<Static<typeof envSchema>> {}
@@ -178,7 +139,7 @@ declare class SecurityProvider {
   protected readonly UNKNOWN_USER_NAME = "Unknown User";
   protected readonly PERMISSION_REGEXP: RegExp;
   protected readonly PERMISSION_REGEXP_WILDCARD: RegExp;
-  protected readonly log: _alepha_core1.Logger;
+  protected readonly log: _alepha_core3.Logger;
   protected readonly jwt: JwtProvider;
   protected readonly env: {
     SECURITY_SECRET_KEY: string;
@@ -192,8 +153,8 @@ declare class SecurityProvider {
    * The realms configured for the security provider.
    */
   protected readonly realms: Realm[];
-  protected configure: _alepha_core1.HookDescriptor<"configure">;
-  protected ready: _alepha_core1.HookDescriptor<"ready">;
+  protected configure: _alepha_core3.HookDescriptor<"start">;
+  protected ready: _alepha_core3.HookDescriptor<"ready">;
   /**
    * Adds a role to one or more realms.
    *
@@ -225,7 +186,7 @@ declare class SecurityProvider {
    *
    * @returns The user info created from the payload.
    */
-  createInfoFromPayload(payload: JWTPayload, realmName?: string): UserAccountInfo;
+  createUserFromPayload(payload: JWTPayload, realmName?: string): UserAccountInfo;
   /**
    * Checks if the user has the specified permission.
    *
@@ -241,7 +202,11 @@ declare class SecurityProvider {
    * @param headerOrToken
    * @param permissionLike
    */
-  createUserFromToken(headerOrToken?: string, permission?: Permission | string): Promise<UserAccountToken>;
+  createUserFromToken(headerOrToken?: string, options?: {
+    permission?: Permission | string;
+    realm?: string;
+    verify?: JWTVerifyOptions;
+  }): Promise<UserAccountToken>;
   /**
    * Checks if a user has a specific role.
    *
@@ -300,7 +265,7 @@ declare class SecurityProvider {
    * @returns The name extracted from the payload, or an empty string if the payload is falsy or no name is found.
    */
   getNameFromPayload(payload: Record<string, any>): string;
-  getOrganizationFromPayload(payload: Record<string, any>): string | undefined;
+  getOrganizationsFromPayload(payload: Record<string, any>): string[] | undefined;
 }
 /**
  * A realm definition.
@@ -313,7 +278,7 @@ interface Realm {
    *
    * Can be also a JWKS URL.
    */
-  secret?: string | JSONWebKeySet;
+  secret?: string | JSONWebKeySet | (() => string);
   /**
    * Attach a user provider to the realm.
    *
@@ -321,6 +286,10 @@ interface Realm {
    */
   userAccountProvider?: SecurityUserAccountProvider;
   onLoadUser?: (user: UserAccountInfo) => Promise<void> | void;
+  /**
+   * Function to create a user profile from the raw JWT user data.
+   */
+  profile?: (raw: Record<string, any>) => UserAccountInfo;
 }
 interface SecurityUserAccountProvider {
   jwks: string | undefined;
@@ -376,41 +345,79 @@ declare class PermissionDescriptor extends Descriptor<PermissionDescriptorOption
  * Create a new realm.
  */
 declare const $realm: {
-  (options?: RealmDescriptorOptions): RealmDescriptor;
+  (options: RealmDescriptorOptions): RealmDescriptor;
   [KIND]: typeof RealmDescriptor;
 };
-interface RealmDescriptorOptions {
+type RealmDescriptorOptions = {
   /**
    * Define the realm name.
-   *
-   * @default key name
+   * If not provided, it will use the property key.
    */
   name?: string;
   /**
-   * Describe the realm.
+   * Short description about the realm.
    */
   description?: string;
   /**
    * All roles available in the realm. Role is a string (role name) or a Role object (embedded role).
    */
   roles?: Array<string | Role>;
+  settings?: RealmSettings;
+  /**
+   * Parse the JWT payload to create a user account info.
+   */
+  profile?: (jwtPayload: Record<string, any>) => UserAccountInfo;
+} & (RealmInternal | RealmExternal);
+interface RealmSettings {
+  accessToken?: {
+    /**
+     * Lifetime of the access token.
+     * @default 15 minutes
+     */
+    expiration?: DurationLike;
+  };
+  refreshToken?: {
+    /**
+     * Lifetime of the refresh token.
+     * @default 30 days
+     */
+    expiration?: DurationLike;
+    /**
+     * If true, no refresh token will be created.
+     */
+    disabled?: boolean;
+    create?: (user: UserAccountInfo, refreshToken?: string) => Promise<{
+      refresh_token: string;
+      expires_in: number;
+    }>;
+  };
+}
+type RealmInternal = {
   /**
-   * In order to verify user of the realm, a secret is required.
-   * Can be a string based secret or a JWKS URL.
-   *
-   * Note: You can skip this if you are using a user account provider with JWKS.
+   * Internal secret to sign JWT tokens and verify them.
    */
-  secret?: string | JSONWebKeySet | (() => string);
+  secret: string;
+};
+interface RealmExternal {
+  /**
+   * URL to the JWKS (JSON Web Key Set) to verify JWT tokens from external providers.
+   */
+  jwks: (() => string) | JSONWebKeySet;
   /**
    * Attach a user account provider to the realm to manage roles.
-   * For example, you can use a KeycloakUserProvider to automatically create realm roles inside Keycloak.
+   *
+   * For example, you can use a KeycloakUserProvider to automatically create/update realm roles inside Keycloak.
    */
   userAccountProvider?: SecurityUserAccountProvider | (() => SecurityUserAccountProvider);
 }
 declare class RealmDescriptor extends Descriptor<RealmDescriptorOptions> {
   protected readonly securityProvider: SecurityProvider;
+  protected readonly dateTimeProvider: DateTimeProvider;
   protected readonly jwt: JwtProvider;
+  protected readonly log: _alepha_core1.Logger;
   get name(): string;
+  get accessTokenExpiration(): Duration;
+  get refreshTokenExpiration(): Duration;
   protected onInit(): void;
   /**
    * Get all roles in the realm.
@@ -424,10 +431,25 @@ declare class RealmDescriptor extends Descriptor<RealmDescriptorOptions> {
    * Get a role by name, throws an error if not found.
    */
   getRoleByName(name: string): Role;
+  parseToken(token: string): Promise<JWTPayload>;
   /**
    * Create a token for the subject.
    */
-  createToken(subject: string, roles?: string[]): Promise<string>;
+  createToken(user: UserAccountInfo, refreshToken?: string): Promise<AccessTokenResponse>;
+}
+interface CreateTokenOptions {
+  sub: string;
+  roles?: string[];
+  email?: string;
+}
+interface AccessTokenResponse {
+  access_token: string;
+  token_type: string;
+  expires_in?: number;
+  issued_at: number;
+  refresh_token?: string;
+  refresh_token_expires_in?: number;
+  scope?: string;
 }
 //# sourceMappingURL=$realm.d.ts.map
 //#endregion
@@ -500,13 +522,9 @@ type ServiceAccountDescriptorOptions = {
 } & ({
   oauth2: Oauth2ServiceAccountDescriptorOptions;
 } | {
-  jwt: JwtServiceAccountDescriptorOptions;
+  realm: RealmDescriptor;
+  user: UserAccountInfo;
 });
-interface JwtServiceAccountDescriptorOptions {
-  secret: string;
-  roles?: string[];
-  signOptions?: JwtSignOptions;
-}
 interface Oauth2ServiceAccountDescriptorOptions {
   /**
    * Get Token URL.
@@ -524,11 +542,6 @@ interface Oauth2ServiceAccountDescriptorOptions {
 interface ServiceAccountDescriptor {
   token: () => Promise<string>;
 }
-interface AccessTokenResponse {
-  access_token: string;
-  expires_in: number;
-  at: number;
-}
 interface ServiceAccountStore {
   response?: AccessTokenResponse;
 }
@@ -542,10 +555,17 @@ declare class InvalidPermissionError extends Error {
 //#endregion
 //#region src/errors/SecurityError.d.ts
 declare class SecurityError extends Error {
+  name: string;
   readonly status = 403;
-  readonly code = "ERR_SECURITY";
 }
 //# sourceMappingURL=SecurityError.d.ts.map
+//#endregion
+//#region src/providers/CryptoProvider.d.ts
+declare class CryptoProvider {
+  hashPassword(password: string): Promise<string>;
+  verifyPassword(password: string, stored: string): Promise<boolean>;
+}
+//# sourceMappingURL=CryptoProvider.d.ts.map
 
 //#endregion
 //#region src/index.d.ts
@@ -569,9 +589,9 @@ declare module "alepha" {
  * @see {@link $permission}
  * @module alepha.security
  */
-declare const AlephaSecurity: _alepha_core0.ModuleDescriptor;
+declare const AlephaSecurity: _alepha_core0.Service<_alepha_core0.Module>;
 //# sourceMappingURL=index.d.ts.map
 
 //#endregion
-export { $permission, $realm, $role, $serviceAccount, AccessTokenResponse, AlephaSecurity, ExtendedJWTPayload, InvalidPermissionError, JwtParseResult, JwtProvider, JwtServiceAccountDescriptorOptions, JwtSignOptions, KeyLoader, KeyLoaderHolder, Oauth2ServiceAccountDescriptorOptions, Permission, PermissionDescriptor, PermissionDescriptorOptions, Realm, RealmConfig, RealmDescriptor, RealmDescriptorOptions, Role, RoleDescriptor, RoleDescriptorOptions, SecurityCheckResult, SecurityError, SecurityProvider, SecurityUserAccountProvider, ServiceAccountDescriptor, ServiceAccountDescriptorOptions, ServiceAccountStore, UserAccountInfo, UserAccountToken, permissionSchema, roleSchema };
+export { $permission, $realm, $role, $serviceAccount, AccessTokenResponse, AlephaSecurity, CreateTokenOptions, CryptoProvider, ExtendedJWTPayload, InvalidPermissionError, JwtParseResult, JwtProvider, JwtSignOptions, KeyLoader, KeyLoaderHolder, Oauth2ServiceAccountDescriptorOptions, Permission, PermissionDescriptor, PermissionDescriptorOptions, Realm, RealmConfig, RealmDescriptor, RealmDescriptorOptions, RealmExternal, RealmInternal, RealmSettings, Role, RoleDescriptor, RoleDescriptorOptions, SecurityCheckResult, SecurityError, SecurityProvider, SecurityUserAccountProvider, ServiceAccountDescriptor, ServiceAccountDescriptorOptions, ServiceAccountStore, UserAccountInfo, UserAccountToken, permissionSchema, roleSchema, userAccountInfoSchema };
 //# sourceMappingURL=index.d.ts.map

package/server/cache.d.ts

@@ -1,6 +1,6 @@
 import * as _alepha_cache0 from "alepha/cache";
 import { CacheDescriptorOptions } from "alepha/cache";
-import * as _alepha_core0$1 from "alepha";
+import * as _alepha_core1 from "alepha";
 import * as _alepha_core0 from "alepha";
 import { Alepha } from "alepha";
 import { DateTimeProvider, DurationLike } from "alepha/datetime";
@@ -16,26 +16,28 @@ declare module "alepha/server" {
   }
 }
 declare class ServerCacheProvider {
-  protected readonly log: _alepha_core0$1.Logger;
+  protected readonly log: _alepha_core1.Logger;
   protected readonly alepha: Alepha;
   protected readonly time: DateTimeProvider;
   protected readonly cache: _alepha_cache0.CacheDescriptorFn<RouteCacheEntry, any[]>;
   generateETag(content: string): string;
   invalidate(route: ServerRoute): Promise<void>;
-  protected readonly onRequest: _alepha_core0$1.HookDescriptor<"server:onRequest">;
-  protected readonly onSend: _alepha_core0$1.HookDescriptor<"server:onResponse">;
+  protected readonly onActionRequest: _alepha_core1.HookDescriptor<"action:onRequest">;
+  protected readonly onActionResponse: _alepha_core1.HookDescriptor<"action:onResponse">;
+  protected readonly onRequest: _alepha_core1.HookDescriptor<"server:onRequest">;
+  protected readonly onResponse: _alepha_core1.HookDescriptor<"server:onResponse">;
   protected getCacheOptions(cache: ServerRouteCache): {
-    provider?: (_alepha_core0$1.InstantiableClass<_alepha_cache0.CacheProvider> | "memory") | undefined;
+    provider?: (_alepha_core1.InstantiableClass<_alepha_cache0.CacheProvider> | "memory") | undefined;
     name?: string | undefined;
     ttl?: DurationLike | undefined;
     disabled?: boolean | undefined;
   };
-  protected createCacheKey(route: ServerRoute, args?: ServerRequest): string;
+  protected createCacheKey(route: ServerRoute, config?: ServerRequest): string;
 }
 type ServerRouteCache = boolean | DurationLike | Omit<CacheDescriptorOptions<any>, "handler" | "key">;
 interface RouteCacheEntry {
   contentType?: string;
-  body: string;
+  body: any;
   status?: number;
   lastModified: string;
   hash: string;
@@ -70,7 +72,7 @@ interface RouteCacheEntry {
  * @see {@link ServerCacheProvider}
  * @module alepha.server.cache
  */
-declare const AlephaServerCache: _alepha_core0.ModuleDescriptor;
+declare const AlephaServerCache: _alepha_core0.Service<_alepha_core0.Module>;
 //# sourceMappingURL=index.d.ts.map
 
 //#endregion

package/server/compress.d.ts

@@ -27,7 +27,7 @@ interface ServerCompressProviderOptions {
  *
  * Compresses responses using gzip, brotli, or zstd based on the `Accept-Encoding` header.
  */
-declare const AlephaServerCompress: _alepha_core0.ModuleDescriptor;
+declare const AlephaServerCompress: _alepha_core0.Service<_alepha_core0.Module>;
 //# sourceMappingURL=index.d.ts.map
 
 //#endregion

package/server/cookies.d.ts

@@ -1,31 +1,40 @@
-import * as _alepha_core0$1 from "alepha";
+import * as _alepha_core1 from "alepha";
 import * as _alepha_core0 from "alepha";
 import { Alepha, Descriptor, KIND, Static, TSchema } from "alepha";
 import { DateTimeProvider, DurationLike } from "alepha/datetime";
 
+//#region src/services/CookieParser.d.ts
+declare class CookieParser {
+  parseRequestCookies(header: string): Record<string, string>;
+  serializeResponseCookies(cookies: Record<string, Cookie | null>, isHttps: boolean): string[];
+  cookieToString(name: string, cookie: Cookie, isHttps?: boolean): string;
+}
+//# sourceMappingURL=CookieParser.d.ts.map
+//#endregion
 //#region src/providers/ServerCookiesProvider.d.ts
-declare const envSchema: _alepha_core0$1.TObject<{
+declare const envSchema: _alepha_core1.TObject<{
   /**
    *  A 32-byte secret key used for cookie encryption and signing. MUST be set for `encrypt` or `sign` to work.
    */
-  COOKIE_SECRET: _alepha_core0$1.TOptional<_alepha_core0$1.TString>;
+  COOKIE_SECRET: _alepha_core1.TOptional<_alepha_core1.TString>;
 }>;
 declare module "alepha" {
   interface Env extends Partial<Static<typeof envSchema>> {}
 }
 declare class ServerCookiesProvider {
   protected readonly alepha: Alepha;
-  protected readonly log: _alepha_core0$1.Logger;
+  protected readonly log: _alepha_core1.Logger;
   protected readonly env: {
     COOKIE_SECRET?: string | undefined;
   };
+  protected readonly cookieParser: CookieParser;
   protected readonly dateTimeProvider: DateTimeProvider;
   protected readonly ALGORITHM = "aes-256-gcm";
   protected readonly IV_LENGTH = 16;
   protected readonly AUTH_TAG_LENGTH = 16;
   protected readonly SIGNATURE_LENGTH = 32;
-  readonly onRequest: _alepha_core0$1.HookDescriptor<"server:onRequest">;
-  readonly onSend: _alepha_core0$1.HookDescriptor<"server:onSend">;
+  readonly onRequest: _alepha_core1.HookDescriptor<"server:onRequest">;
+  readonly onSend: _alepha_core1.HookDescriptor<"server:onSend">;
   protected getCookiesFromContext(cookies?: Cookies): Cookies;
   getCookie<T extends TSchema>(name: string, options: CookieDescriptorOptions<T>, contextCookies?: Cookies): Static<T> | undefined;
   setCookie<T extends TSchema>(name: string, options: CookieDescriptorOptions<T>, data: Static<T>, contextCookies?: Cookies): void;
@@ -34,8 +43,6 @@ declare class ServerCookiesProvider {
   protected decrypt(encryptedText: string): string;
   secretKey(): string;
   protected sign(data: string): string;
-  protected parseRequestCookies(header: string): Record<string, string>;
-  protected serializeResponseCookies(cookies: Record<string, Cookie | null>, isHttps: boolean): string[];
 }
 //#endregion
 //#region src/descriptors/$cookie.d.ts
@@ -45,7 +52,7 @@ declare class ServerCookiesProvider {
  * within the server request/response cycle.
  */
 declare const $cookie: {
-  <T extends TSchema>(options: CookieDescriptorOptions<T>): CookieDescriptor<T>;
+  <T extends TSchema>(options: CookieDescriptorOptions<T>): AbstractCookieDescriptor<T>;
   [KIND]: typeof CookieDescriptor;
 };
 interface CookieDescriptorOptions<T extends TSchema> {
@@ -72,18 +79,40 @@ interface CookieDescriptorOptions<T extends TSchema> {
   /** If true, the cookie will be signed to prevent tampering. Requires `COOKIE_SECRET` env var. */
   sign?: boolean;
 }
-declare class CookieDescriptor<T extends TSchema> extends Descriptor<CookieDescriptorOptions<T>> {
+interface AbstractCookieDescriptor<T extends TSchema> {
+  readonly name: string;
+  readonly options: CookieDescriptorOptions<T>;
+  set(value: Static<T>, options?: {
+    cookies?: Cookies;
+    ttl?: DurationLike;
+  }): void;
+  get(options?: {
+    cookies?: Cookies;
+  }): Static<T> | undefined;
+  del(options?: {
+    cookies?: Cookies;
+  }): void;
+}
+declare class CookieDescriptor<T extends TSchema> extends Descriptor<CookieDescriptorOptions<T>> implements AbstractCookieDescriptor<T> {
   protected readonly serverCookiesProvider: ServerCookiesProvider;
+  get schema(): T;
   get name(): string;
-  /** Sets the cookie with the given value in the current request's response. */
+  /**
+   * Sets the cookie with the given value in the current request's response.
+   */
   set(value: Static<T>, options?: {
     cookies?: Cookies;
+    ttl?: DurationLike;
   }): void;
-  /** Gets the cookie value from the current request. Returns undefined if not found or invalid. */
+  /**
+   * Gets the cookie value from the current request. Returns undefined if not found or invalid.
+   */
   get(options?: {
     cookies?: Cookies;
   }): Static<T> | undefined;
-  /** Deletes the cookie in the current request's response. */
+  /**
+   * Deletes the cookie in the current request's response.
+   */
   del(options?: {
     cookies?: Cookies;
   }): void;
@@ -119,9 +148,9 @@ declare module "alepha/server" {
  * @see {@link $cookie}
  * @module alepha.server.cookies
  */
-declare const AlephaServerCookies: _alepha_core0.ModuleDescriptor;
+declare const AlephaServerCookies: _alepha_core0.Service<_alepha_core0.Module>;
 //# sourceMappingURL=index.d.ts.map
 
 //#endregion
-export { $cookie, AlephaServerCookies, Cookie, CookieDescriptor, CookieDescriptorOptions, Cookies, ServerCookiesProvider };
+export { $cookie, AbstractCookieDescriptor, AlephaServerCookies, Cookie, CookieDescriptor, CookieDescriptorOptions, Cookies, ServerCookiesProvider };
 //# sourceMappingURL=index.d.ts.map

package/server/cors.d.ts

@@ -1,4 +1,4 @@
-import * as _alepha_core0$1 from "alepha";
+import * as _alepha_core1 from "alepha";
 import * as _alepha_core0 from "alepha";
 import { ServerRouterProvider } from "alepha/server";
 
@@ -6,8 +6,8 @@ import { ServerRouterProvider } from "alepha/server";
 declare class ServerCorsProvider {
   protected readonly serverRouterProvider: ServerRouterProvider;
   options: ServerCorsProviderOptions;
-  protected readonly configure: _alepha_core0$1.HookDescriptor<"configure">;
-  protected readonly onRequest: _alepha_core0$1.HookDescriptor<"server:onRequest">;
+  protected readonly configure: _alepha_core1.HookDescriptor<"configure">;
+  protected readonly onRequest: _alepha_core1.HookDescriptor<"server:onRequest">;
   isOriginAllowed(origin: string | undefined, allowed: ServerCorsProviderOptions["origin"]): boolean;
 }
 interface ServerCorsProviderOptions {
@@ -23,7 +23,7 @@ interface ServerCorsProviderOptions {
 /**
  * Plugin for configuring CORS on the Alepha server.
  */
-declare const AlephaServerCors: _alepha_core0.ModuleDescriptor;
+declare const AlephaServerCors: _alepha_core0.Service<_alepha_core0.Module>;
 //# sourceMappingURL=index.d.ts.map
 
 //#endregion

package/server/health.d.ts

@@ -31,7 +31,7 @@ declare class ServerHealthProvider {
  * @see {@link ServerHealthProvider}
  * @module alepha.server.health
  */
-declare const AlephaServerHealth: _alepha_core0.ModuleDescriptor;
+declare const AlephaServerHealth: _alepha_core0.Service<_alepha_core0.Module>;
 //# sourceMappingURL=index.d.ts.map
 
 //#endregion

package/server/helmet.d.ts

@@ -61,7 +61,7 @@ declare class ServerHelmetProvider {
  * @see {@link ServerHelmetProvider}
  * @module alepha.server.helmet
  */
-declare const AlephaServerHelmet: _alepha_core0.ModuleDescriptor;
+declare const AlephaServerHelmet: _alepha_core0.Service<_alepha_core0.Module>;
 //# sourceMappingURL=index.d.ts.map
 
 //#endregion