c8y-nitro 0.3.0 → 0.4.1

package/dist/module/runtime.mjs

@@ -1,38 +0,0 @@
-import { join } from "pathe";
-import { mkdirSync, writeFileSync } from "fs";
-
-//#region src/module/runtime.ts
-function setupRuntime(nitro, manifestOptions = {}) {
-	nitro.logger.debug("Setting up C8Y nitro runtime");
-	const roles = manifestOptions.roles ?? [];
-	const settingKeys = (manifestOptions.settings ?? []).map((s) => s.key);
-	const completeTypesDir = join(nitro.options.rootDir, nitro.options.typescript.generatedTypesDir ?? "node_modules/.nitro/types");
-	const typesFile = join(completeTypesDir, "c8y-nitro.d.ts");
-	const typesContent = `// generated by c8y-nitro
-declare module 'c8y-nitro/types' {
-  interface C8YRoles {
-${roles.map((role) => `    '${role}': '${role}';`).join("\n")}
-  }
-  type C8YTenantOptionKey = ${settingKeys.length > 0 ? `${settingKeys.map((k) => `'${k}'`).join(" | ")}` : "never"}
-  type C8YTenantOptionKeysCacheConfig = Partial<Record<C8YTenantOptionKey, number>>;
-}
-
-declare module 'c8y-nitro/runtime' {
-  import type { C8YRoles } from 'c8y-nitro/types';
-  export const c8yRoles: C8YRoles;
-  export const c8yTenantOptionKeys: readonly [${settingKeys.map((key) => `'${key}'`).join(", ")}];
-}`;
-	nitro.options.virtual["c8y-nitro/runtime"] = `
-export const c8yRoles = {
-${roles.map((role) => `  '${role}': '${role}',`).join("\n")}
-}
-
-export const c8yTenantOptionKeys = [${settingKeys.map((key) => `'${key}'`).join(", ")}]
-`;
-	mkdirSync(completeTypesDir, { recursive: true });
-	writeFileSync(typesFile, typesContent, { encoding: "utf-8" });
-	nitro.logger.debug(`Written C8Y types to ${typesFile}`);
-}
-
-//#endregion
-export { setupRuntime };

package/dist/module/runtimeConfig.mjs

@@ -1,20 +0,0 @@
-import { createC8yManifest } from "./manifest.mjs";
-
-//#region src/module/runtimeConfig.ts
-/**
-* Sets up runtime configuration values from module options.
-* These can be overridden by environment variables.
-* @param nitro - The Nitro instance
-* @param options - The c8y-nitro module options
-*/
-async function setupRuntimeConfig(nitro, options) {
-	nitro.logger.debug("Setting up C8Y runtime config");
-	nitro.options.runtimeConfig.c8yCredentialsCacheTTL = options.cache?.credentialsTTL ?? 600;
-	nitro.options.runtimeConfig.c8yDefaultTenantOptionsTTL = options.cache?.defaultTenantOptionsTTL ?? 600;
-	nitro.options.runtimeConfig.c8yTenantOptionsPerKeyTTL = options.cache?.tenantOptions ?? {};
-	const manifest = await createC8yManifest(nitro.options.rootDir, options.manifest, nitro.logger);
-	nitro.options.runtimeConfig.c8ySettingsCategory = options.manifest?.settingsCategory ?? manifest.contextPath ?? manifest.name;
-}
-
-//#endregion
-export { setupRuntimeConfig };

package/dist/types/apiClient.d.mts

@@ -1,16 +0,0 @@
-//#region src/types/apiClient.d.ts
-interface C8YAPIClientOptions {
-  /**
-   * Relative directory from nitro configuration file to generate the API client into.
-   */
-  dir: string;
-  /**
-   * Service context path for microservice endpoints.\
-   * Defaults to contextPath from manifest (package.json name, with scope stripped).\
-   * Override this if deploying with a different context path.
-   * @example "my-microservice" results in "https://<tenant>.com/service/my-microservice/..."
-   */
-  contextPath?: string;
-}
-//#endregion
-export { C8YAPIClientOptions };

package/dist/types/cache.d.mts

@@ -1,28 +0,0 @@
-import { C8YTenantOptionKeysCacheConfig } from "c8y-nitro/types";
-
-//#region src/types/cache.d.ts
-interface C8yCacheOptions {
-  /**
-   * Cache TTL for subscribed tenant credentials in seconds.
-   * @default 600 (10 minutes)
-   */
-  credentialsTTL?: number;
-  /**
-   * Default cache TTL for tenant options in seconds.
-   * Applied to all keys unless overridden in `tenantOptions`.
-   * @default 600 (10 minutes)
-   */
-  defaultTenantOptionsTTL?: number;
-  /**
-   * Per-key cache TTL overrides for tenant options in seconds.
-   * Keys should match those defined in `manifest.settings[].key`.
-   * @example
-   * {
-   *   'myOption': 300,           // 5 minutes
-   *   'credentials.secret': 60,  // 1 minute
-   * }
-   */
-  tenantOptions?: C8YTenantOptionKeysCacheConfig;
-}
-//#endregion
-export { C8yCacheOptions };

package/dist/types/roles.d.mts

@@ -1,4 +0,0 @@
-//#region src/types/roles.d.ts
-interface C8YRoles {}
-//#endregion
-export { C8YRoles };

package/dist/types/tenantOptions.d.mts

@@ -1,13 +0,0 @@
-//#region src/types/tenantOptions.d.ts
-/**
- * Per-key cache TTL configuration for tenant options.
- * Overwritten by generated types from manifest settings (manifest.settings[].key).
- */
-type C8YTenantOptionKeysCacheConfig = Partial<Record<C8YTenantOptionKey, number>>;
-/**
- * Type for tenant option keys.
- * Overwritten by generated types from manifest settings (manifest.settings[].key).
- */
-type C8YTenantOptionKey = string;
-//#endregion
-export { C8YTenantOptionKey, C8YTenantOptionKeysCacheConfig };

package/dist/types/zip.d.mts

@@ -1,22 +0,0 @@
-import { C8YManifestOptions } from "./manifest.mjs";
-
-//#region src/types/zip.d.ts
-interface C8YZipOptions {
-  /**
-   * Name of the generated zip file
-   * @default '${packageName}-${version}.zip'
-   */
-  name?: string | ((packageName: string, version: string) => string);
-  /**
-   * Output directory for the generated zip file.\
-   * Relative to the config file.
-   * @default './'
-   */
-  outputDir?: string;
-  /**
-   * Configuration of the "cumulocity.json" manifest file used for the zip.
-   */
-  manifest?: C8YManifestOptions;
-}
-//#endregion
-export { C8YZipOptions };

package/dist/utils/client.d.mts

@@ -1,52 +0,0 @@
-import { Client } from "@c8y/client";
-import { H3Event } from "nitro/h3";
-import { ServerRequest } from "nitro/types";
-
-//#region src/utils/client.d.ts
-/**
- * Creates a Cumulocity client authenticated with the current user's credentials.\
- * Extracts credentials from the Authorization header of the current request.
- * @param requestOrEvent - The H3Event or ServerRequest from the current request
- * @returns A configured Cumulocity Client instance
- * @example
- * // In a request handler:
- * const client = useUserClient(event)
- * const { data } = await client.inventory.list()
- */
-declare function useUserClient(requestOrEvent: ServerRequest | H3Event): Client;
-/**
- * Creates a Cumulocity client for the tenant of the current user.\
- * Uses the tenant's service user credentials rather than the user's own credentials.
- * @param requestOrEvent - The H3Event or ServerRequest from the current request
- * @returns A configured Cumulocity Client instance for the user's tenant
- * @example
- * // In a request handler:
- * const tenantClient = await useUserTenantClient(event)
- * const { data } = await tenantClient.inventory.list()
- */
-declare function useUserTenantClient(requestOrEvent: ServerRequest | H3Event): Promise<Client>;
-/**
- * Creates Cumulocity clients for all tenants subscribed to this microservice.\
- * Each client is authenticated with that tenant's service user credentials.\
- * @returns Object mapping tenant IDs to their respective Client instances
- * @example
- * // Get clients for all subscribed tenants:
- * const clients = await useSubscribedTenantClients()
- * for (const [tenant, client] of Object.entries(clients)) {
- *   const { data } = await client.inventory.list()
- *   console.log(`Tenant ${tenant} has ${data.length} inventory items`)
- * }
- */
-declare function useSubscribedTenantClients(): Promise<Record<string, Client>>;
-/**
- * Creates a Cumulocity client for the tenant where this microservice is deployed.\
- * Uses the bootstrap tenant ID from runtime config to identify the deployed tenant.\
- * @returns A configured Cumulocity Client instance for the deployed tenant
- * @example
- * // Get client for the tenant hosting this microservice:
- * const client = await useDeployedTenantClient()
- * const { data } = await client.application.list()
- */
-declare function useDeployedTenantClient(): Promise<Client>;
-//#endregion
-export { useDeployedTenantClient, useSubscribedTenantClients, useUserClient, useUserTenantClient };

package/dist/utils/client.mjs

@@ -1,90 +0,0 @@
-import { convertRequestHeadersToC8yFormat } from "./internal/common.mjs";
-import { useSubscribedTenantCredentials } from "./credentials.mjs";
-import process from "node:process";
-import { BasicAuth, Client, MicroserviceClientRequestAuth } from "@c8y/client";
-import { HTTPError } from "nitro/h3";
-
-//#region src/utils/client.ts
-/**
-* Creates a Cumulocity client authenticated with the current user's credentials.\
-* Extracts credentials from the Authorization header of the current request.
-* @param requestOrEvent - The H3Event or ServerRequest from the current request
-* @returns A configured Cumulocity Client instance
-* @example
-* // In a request handler:
-* const client = useUserClient(event)
-* const { data } = await client.inventory.list()
-*/
-function useUserClient(requestOrEvent) {
-	const request = "req" in requestOrEvent ? requestOrEvent.req : requestOrEvent;
-	if (request.context?.["c8y_user_client"]) return request.context["c8y_user_client"];
-	const client = new Client(new MicroserviceClientRequestAuth(convertRequestHeadersToC8yFormat(request)), process.env.C8Y_BASEURL);
-	request.context ??= {};
-	request.context["c8y_user_client"] = client;
-	return client;
-}
-/**
-* Creates a Cumulocity client for the tenant of the current user.\
-* Uses the tenant's service user credentials rather than the user's own credentials.
-* @param requestOrEvent - The H3Event or ServerRequest from the current request
-* @returns A configured Cumulocity Client instance for the user's tenant
-* @example
-* // In a request handler:
-* const tenantClient = await useUserTenantClient(event)
-* const { data } = await tenantClient.inventory.list()
-*/
-async function useUserTenantClient(requestOrEvent) {
-	const request = "req" in requestOrEvent ? requestOrEvent.req : requestOrEvent;
-	if (request.context?.["c8y_user_tenant_client"]) return request.context["c8y_user_tenant_client"];
-	const tenantId = useUserClient(requestOrEvent).core.tenant;
-	const creds = await useSubscribedTenantCredentials();
-	if (!creds[tenantId]) throw new HTTPError({
-		message: `No subscribed tenant credentials found for user tenant '${tenantId}'`,
-		status: 500,
-		statusText: "Internal Server Error"
-	});
-	const tenantClient = new Client(new BasicAuth(creds[tenantId]), process.env.C8Y_BASEURL);
-	request.context ??= {};
-	request.context["c8y_user_tenant_client"] = tenantClient;
-	return tenantClient;
-}
-/**
-* Creates Cumulocity clients for all tenants subscribed to this microservice.\
-* Each client is authenticated with that tenant's service user credentials.\
-* @returns Object mapping tenant IDs to their respective Client instances
-* @example
-* // Get clients for all subscribed tenants:
-* const clients = await useSubscribedTenantClients()
-* for (const [tenant, client] of Object.entries(clients)) {
-*   const { data } = await client.inventory.list()
-*   console.log(`Tenant ${tenant} has ${data.length} inventory items`)
-* }
-*/
-async function useSubscribedTenantClients() {
-	const creds = await useSubscribedTenantCredentials();
-	const clients = {};
-	for (const [tenant, tenantCreds] of Object.entries(creds)) clients[tenant] = new Client(new BasicAuth(tenantCreds), process.env.C8Y_BASEURL);
-	return clients;
-}
-/**
-* Creates a Cumulocity client for the tenant where this microservice is deployed.\
-* Uses the bootstrap tenant ID from runtime config to identify the deployed tenant.\
-* @returns A configured Cumulocity Client instance for the deployed tenant
-* @example
-* // Get client for the tenant hosting this microservice:
-* const client = await useDeployedTenantClient()
-* const { data } = await client.application.list()
-*/
-async function useDeployedTenantClient() {
-	const creds = await useSubscribedTenantCredentials();
-	const tenant = process.env.C8Y_BOOTSTRAP_TENANT;
-	if (!creds[tenant]) throw new HTTPError({
-		message: `No subscribed tenant credentials found for tenant '${tenant}'`,
-		status: 500,
-		statusText: "Internal Server Error"
-	});
-	return new Client(new BasicAuth(creds[tenant]), process.env.C8Y_BASEURL);
-}
-
-//#endregion
-export { useDeployedTenantClient, useSubscribedTenantClients, useUserClient, useUserTenantClient };

package/dist/utils/credentials.d.mts

@@ -1,71 +0,0 @@
-import { ICredentials } from "@c8y/client";
-import { H3Event } from "nitro/h3";
-import { ServerRequest } from "nitro/types";
-
-//#region src/utils/credentials.d.ts
-/**
- * Fetches credentials for all tenants subscribed to this microservice.\
- * Uses bootstrap credentials from runtime config to query the microservice subscriptions API.\
- * Results are cached based on the configured TTL (default: 10 minutes).\
- * @returns Object mapping tenant IDs to their respective credentials
- * @config Cache TTL can be configured via:
- * - `c8y.cache.credentialsTTL` in the Nitro config (value in seconds)
- * - `NITRO_C8Y_CACHE_CREDENTIALS_TTL` environment variable
- * @example
- * // Get all subscribed tenant credentials:
- * const credentials = await useSubscribedTenantCredentials()
- * console.log(Object.keys(credentials)) // ['t12345', 't67890']
- *
- * // Access specific tenant:
- * const tenant1Creds = credentials['t12345']
- *
- * // Invalidate cache:
- * await useSubscribedTenantCredentials.invalidate()
- *
- * // Force refresh:
- * const freshCreds = await useSubscribedTenantCredentials.refresh()
- */
-declare const useSubscribedTenantCredentials: (() => Promise<Record<string, ICredentials>>) & {
-  invalidate: () => Promise<void>;
-  refresh: () => Promise<Record<string, ICredentials>>;
-};
-/**
- * Fetches credentials for the tenant where this microservice is deployed.\
- * Uses the C8Y_BOOTSTRAP_TENANT environment variable to identify the deployed tenant.\
- * Returns credentials from the subscribed tenant credentials cache (cached based on configured TTL, default: 10 minutes).
- * @returns Credentials for the deployed tenant
- * @throws {HTTPError} If no credentials found for the deployed tenant
- * @example
- * // Get deployed tenant credentials:
- * const creds = await useDeployedTenantCredentials()
- * console.log(creds.tenant, creds.user)
- *
- * // Invalidate cache:
- * await useDeployedTenantCredentials.invalidate()
- *
- * // Force refresh:
- * const freshCreds = await useDeployedTenantCredentials.refresh()
- * @note This function is not cached separately. It uses the cache of `useSubscribedTenantCredentials()`. Invalidating or refreshing one will refresh `useDeployedTenantCredentials()`s cache.
- */
-declare const useDeployedTenantCredentials: (() => Promise<ICredentials>) & {
-  invalidate: () => Promise<void>;
-  refresh: () => Promise<ICredentials>;
-};
-/**
- * Fetches credentials for the tenant of the current user making the request.\
- * Extracts the user's tenant ID from the request headers and returns corresponding credentials.\
- * Results are cached in the request context for subsequent calls within the same request.
- * @param requestOrEvent - The H3Event or ServerRequest from the current request
- * @returns Credentials for the user's tenant
- * @throws {HTTPError} If no subscribed tenant credentials found for the user's tenant
- * @example
- * // In a request handler:
- * const userCreds = await useUserTenantCredentials(event)
- * console.log(userCreds.tenant, userCreds.user)
- *
- * // Credentials are automatically cached for the request duration
- * const sameCreds = await useUserTenantCredentials(event) // Uses cached value
- */
-declare function useUserTenantCredentials(requestOrEvent: ServerRequest | H3Event): Promise<ICredentials>;
-//#endregion
-export { useDeployedTenantCredentials, useSubscribedTenantCredentials, useUserTenantCredentials };

package/dist/utils/credentials.mjs

@@ -1,120 +0,0 @@
-import { useUserClient } from "./client.mjs";
-import process from "node:process";
-import { Client } from "@c8y/client";
-import { defineCachedFunction } from "nitro/cache";
-import { HTTPError } from "nitro/h3";
-import { useStorage } from "nitro/storage";
-import { useRuntimeConfig } from "nitro/runtime-config";
-
-//#region src/utils/credentials.ts
-/**
-* Fetches credentials for all tenants subscribed to this microservice.\
-* Uses bootstrap credentials from runtime config to query the microservice subscriptions API.\
-* Results are cached based on the configured TTL (default: 10 minutes).\
-* @returns Object mapping tenant IDs to their respective credentials
-* @config Cache TTL can be configured via:
-* - `c8y.cache.credentialsTTL` in the Nitro config (value in seconds)
-* - `NITRO_C8Y_CACHE_CREDENTIALS_TTL` environment variable
-* @example
-* // Get all subscribed tenant credentials:
-* const credentials = await useSubscribedTenantCredentials()
-* console.log(Object.keys(credentials)) // ['t12345', 't67890']
-*
-* // Access specific tenant:
-* const tenant1Creds = credentials['t12345']
-*
-* // Invalidate cache:
-* await useSubscribedTenantCredentials.invalidate()
-*
-* // Force refresh:
-* const freshCreds = await useSubscribedTenantCredentials.refresh()
-*/
-const useSubscribedTenantCredentials = Object.assign(defineCachedFunction(async () => {
-	return (await Client.getMicroserviceSubscriptions({
-		tenant: process.env.C8Y_BOOTSTRAP_TENANT,
-		user: process.env.C8Y_BOOTSTRAP_USER,
-		password: process.env.C8Y_BOOTSTRAP_PASSWORD
-	}, process.env.C8Y_BASEURL)).reduce((acc, cred) => {
-		if (cred.tenant) acc[cred.tenant] = cred;
-		return acc;
-	}, {});
-}, {
-	maxAge: useRuntimeConfig().c8yCredentialsCacheTTL ?? 600,
-	name: "_c8y_nitro_get_subscribed_tenant_credentials",
-	group: "c8y_nitro",
-	swr: false
-}), {
-	invalidate: async () => {
-		await useStorage("cache").removeItem(`c8y_nitro:functions:_c8y_nitro_get_subscribed_tenant_credentials.json`);
-	},
-	refresh: async () => {
-		await useSubscribedTenantCredentials.invalidate();
-		return await useSubscribedTenantCredentials();
-	}
-});
-/**
-* Fetches credentials for the tenant where this microservice is deployed.\
-* Uses the C8Y_BOOTSTRAP_TENANT environment variable to identify the deployed tenant.\
-* Returns credentials from the subscribed tenant credentials cache (cached based on configured TTL, default: 10 minutes).
-* @returns Credentials for the deployed tenant
-* @throws {HTTPError} If no credentials found for the deployed tenant
-* @example
-* // Get deployed tenant credentials:
-* const creds = await useDeployedTenantCredentials()
-* console.log(creds.tenant, creds.user)
-*
-* // Invalidate cache:
-* await useDeployedTenantCredentials.invalidate()
-*
-* // Force refresh:
-* const freshCreds = await useDeployedTenantCredentials.refresh()
-* @note This function is not cached separately. It uses the cache of `useSubscribedTenantCredentials()`. Invalidating or refreshing one will refresh `useDeployedTenantCredentials()`s cache.
-*/
-const useDeployedTenantCredentials = Object.assign(async () => {
-	const tenant = process.env.C8Y_BOOTSTRAP_TENANT;
-	const allCredsPromise = await useSubscribedTenantCredentials();
-	if (!allCredsPromise[tenant]) throw new HTTPError({
-		message: `No credentials found for tenant deployed tenant '${tenant}'`,
-		status: 500,
-		statusText: "Internal Server Error"
-	});
-	return allCredsPromise[tenant];
-}, {
-	invalidate: useSubscribedTenantCredentials.invalidate,
-	refresh: async () => {
-		await useDeployedTenantCredentials.invalidate();
-		return await useDeployedTenantCredentials();
-	}
-});
-/**
-* Fetches credentials for the tenant of the current user making the request.\
-* Extracts the user's tenant ID from the request headers and returns corresponding credentials.\
-* Results are cached in the request context for subsequent calls within the same request.
-* @param requestOrEvent - The H3Event or ServerRequest from the current request
-* @returns Credentials for the user's tenant
-* @throws {HTTPError} If no subscribed tenant credentials found for the user's tenant
-* @example
-* // In a request handler:
-* const userCreds = await useUserTenantCredentials(event)
-* console.log(userCreds.tenant, userCreds.user)
-*
-* // Credentials are automatically cached for the request duration
-* const sameCreds = await useUserTenantCredentials(event) // Uses cached value
-*/
-async function useUserTenantCredentials(requestOrEvent) {
-	const request = "req" in requestOrEvent ? requestOrEvent.req : requestOrEvent;
-	if (request.context?.["c8y_user_tenant_credentials"]) return request.context["c8y_user_tenant_credentials"];
-	const tenantId = useUserClient(requestOrEvent).core.tenant;
-	const userTenantCreds = (await useSubscribedTenantCredentials())[tenantId];
-	if (!userTenantCreds) throw new HTTPError({
-		message: `No subscribed tenant credentials found for user tenant '${tenantId}'`,
-		status: 500,
-		statusText: "Internal Server Error"
-	});
-	request.context ??= {};
-	request.context["c8y_user_tenant_credentials"] = userTenantCreds;
-	return userTenantCreds;
-}
-
-//#endregion
-export { useDeployedTenantCredentials, useSubscribedTenantCredentials, useUserTenantCredentials };

package/dist/utils/internal/common.mjs

@@ -1,26 +0,0 @@
-//#region src/utils/internal/common.ts
-/**
-* Converts undici Request headers to the format expected by MicroserviceClientRequestAuth.\
-* Extracts the following headers from the request:
-* - `authorization`: Used for Basic Auth or Bearer token authentication
-* - `cookie`: Used to extract XSRF-TOKEN and authorization token from cookies
-*
-* The MicroserviceClientRequestAuth class will automatically:
-* - Extract XSRF-TOKEN from cookies for CSRF protection
-* - Extract authorization token from cookies (prioritized over header auth)
-* - Fall back to Authorization header if no cookie-based auth is present
-*
-* @param request - The HTTP request containing headers
-* @returns Headers object compatible with \@c8y/client's MicroserviceClientRequestAuth
-*/
-function convertRequestHeadersToC8yFormat(request) {
-	const headers = {};
-	const authorization = request.headers.get("authorization");
-	if (authorization) headers.authorization = authorization;
-	const cookie = request.headers.get("cookie");
-	if (cookie) headers.cookie = cookie;
-	return headers;
-}
-
-//#endregion
-export { convertRequestHeadersToC8yFormat };

package/dist/utils/logging.d.mts

@@ -1,3 +0,0 @@
-import { useLogger } from "evlog/nitro/v3";
-import { createError, createLogger } from "evlog";
-export { createError, createLogger, useLogger };

package/dist/utils/logging.mjs

@@ -1,4 +0,0 @@
-import { useLogger } from "evlog/nitro/v3";
-import { createError, createLogger } from "evlog";
-
-export { createError, createLogger, useLogger };

package/dist/utils/middleware.d.mts

@@ -1,89 +0,0 @@
-import { EventHandler } from "nitro/h3";
-import { C8YRoles } from "c8y-nitro/types";
-
-//#region src/utils/middleware.d.ts
-type UserRole = keyof C8YRoles | (string & {});
-/**
- * Middleware to check if the current user has the required role.\
- * If the user doesn't have the required role, throws a 403 Forbidden error.\
- * Must be used within a request handler context.\
- * @param role - Single role ID to check for
- * @returns Event handler that validates user roles
- * @example
- * // Single role:
- * export default defineHandler({
- *  middleware: [hasUserRequiredRole('ROLE_INVENTORY_ADMIN')],
- *  handler: async () => {
- *   return { message: 'You have access' }
- *  }
- * })
- *
- */
-declare function hasUserRequiredRole(role: UserRole): EventHandler;
-/**
- * Middleware to check if the current user has at least one of the required roles.\
- * If the user doesn't have any of the required roles, throws a 403 Forbidden error.\
- * Must be used within a request handler context.\
- * @param roles - Array of role IDs to check for
- * @returns Event handler that validates user roles
- * @example
- * // Multiple roles:
- * export default defineHandler({
- *  middleware: [hasUserRequiredRole(['ROLE_INVENTORY_ADMIN', 'ROLE_DEVICE_CONTROL'])],
- *  handler: async () => {
- *   return { message: 'You have access' }
- *  }
- * })
- */
-declare function hasUserRequiredRole(roles: UserRole[]): EventHandler;
-/**
- * Middleware to check if the current user belongs to a specific allowed tenant.\
- * If the user's tenant doesn't match, throws a 403 Forbidden error.\
- * Must be used within a request handler context.\
- * @param tenantId - Single tenant ID to allow
- * @returns Event handler that validates user tenant
- * @example
- * // Single tenant:
- * export default defineHandler({
- *  middleware: [isUserFromAllowedTenant('t123456')],
- *  handler: async () => {
- *   return { message: 'You have access' }
- *  }
- * })
- *
- */
-declare function isUserFromAllowedTenant(tenantId: string): EventHandler;
-/**
- * Middleware to check if the current user belongs to one of the allowed tenants.\
- * If the user's tenant doesn't match any of the allowed tenants, throws a 403 Forbidden error.\
- * Must be used within a request handler context.\
- * @param tenantIds - Array of tenant IDs to allow
- * @returns Event handler that validates user tenant
- * @example
- * // Multiple tenants:
- * export default defineHandler({
- *  middleware: [isUserFromAllowedTenant(['t123456', 't789012'])],
- *  handler: async () => {
- *   return { message: 'You have access' }
- *  }
- * })
- */
-declare function isUserFromAllowedTenant(tenantIds: string[]): EventHandler;
-/**
- * Middleware to check if the current user belongs to the deployed tenant.\
- * The deployed tenant is where this microservice is hosted (C8Y_BOOTSTRAP_TENANT).\
- * If the user's tenant doesn't match the deployed tenant, throws a 403 Forbidden error.\
- * Must be used within a request handler context.\
- * @returns Event handler that validates user is from deployed tenant
- * @example
- * // Only allow users from the deployed tenant:
- * export default defineHandler({
- *  middleware: [isUserFromDeployedTenant()],
- *  handler: async () => {
- *   return { message: 'You have access' }
- *  }
- * })
- */
-declare function isUserFromDeployedTenant(): EventHandler;
-//#endregion
-export { hasUserRequiredRole, isUserFromAllowedTenant, isUserFromDeployedTenant };