cors-whitelist-ip 1.0.0

package/README.md

@@ -0,0 +1,284 @@
+# cors-whitelist-ip
+
+A framework-agnostic CORS whitelist middleware with IP and domain validation, supporting pluggable storage and caching.
+
+## Features
+
+- **Framework-agnostic**: Works with Express, Fastify, Koa, or plain Node.js HTTP
+- **Pluggable storage**: Implement your own storage adapter for any database
+- **Optional caching**: Built-in in-memory cache or bring your own (Redis, etc.)
+- **IP validation**: Whitelist specific IPv4/IPv6 addresses
+- **Domain patterns**: Support for wildcard domains (e.g., `*.example.com`)
+- **API key association**: Link domains to organizations and API keys
+- **Zero production dependencies**: Only peer dependencies for framework integrations
+
+## Installation
+
+```bash
+npm install cors-whitelist-ip
+```
+
+## Quick Start
+
+### Express
+
+```typescript
+import express from 'express';
+import { CorsWhitelist, InMemoryStorageAdapter } from 'cors-whitelist-ip';
+import { createExpressMiddleware } from 'cors-whitelist-ip/express';
+
+const app = express();
+
+const storage = new InMemoryStorageAdapter({
+  globalWhitelist: ['https://trusted-app.com', '*'], // '*' allows all origins
+  whitelistEntries: [
+    { id: 1, type: 'DOMAIN', value: '*.example.com', isActive: true },
+    { id: 2, type: 'IP', value: '192.168.1.100', isActive: true },
+  ],
+});
+
+const corsWhitelist = new CorsWhitelist({ storage, debug: true });
+
+app.use(createExpressMiddleware(corsWhitelist));
+
+app.get('/api/data', (req, res) => {
+  res.json({ message: 'Hello!' });
+});
+
+app.listen(3000);
+```
+
+### Fastify
+
+```typescript
+import Fastify from 'fastify';
+import { fastifyCorsWhitelist } from 'cors-whitelist-ip/fastify';
+import { InMemoryStorageAdapter } from 'cors-whitelist-ip/storage';
+
+const fastify = Fastify();
+
+const storage = new InMemoryStorageAdapter({
+  globalWhitelist: ['https://trusted-app.com'],
+});
+
+fastify.register(fastifyCorsWhitelist, {
+  storage,
+  hook: 'onRequest',
+  debug: true,
+});
+
+fastify.get('/api/data', async () => {
+  return { message: 'Hello!' };
+});
+
+fastify.listen({ port: 3000 });
+```
+
+### Koa
+
+```typescript
+import Koa from 'koa';
+import { CorsWhitelist, InMemoryStorageAdapter } from 'cors-whitelist-ip';
+import { createKoaMiddleware } from 'cors-whitelist-ip/koa';
+
+const app = new Koa();
+
+const storage = new InMemoryStorageAdapter({
+  globalWhitelist: ['https://trusted-app.com'],
+});
+
+const corsWhitelist = new CorsWhitelist({ storage });
+
+app.use(createKoaMiddleware(corsWhitelist));
+
+app.use((ctx) => {
+  ctx.body = { message: 'Hello!' };
+});
+
+app.listen(3000);
+```
+
+## Configuration
+
+### CorsWhitelistOptions
+
+```typescript
+interface CorsWhitelistOptions {
+  // Required: Storage adapter for fetching whitelist data
+  storage: StorageAdapter;
+
+  // Optional: Cache adapter for caching whitelist lookups
+  cache?: CacheAdapter;
+
+  // Cache TTL in seconds (default: 3600)
+  cacheTtl?: number;
+
+  // Custom logger (default: console)
+  logger?: Logger;
+
+  // CORS headers configuration
+  corsHeaders?: {
+    allowMethods?: string;    // default: 'GET, POST, PUT, DELETE, PATCH, OPTIONS'
+    allowHeaders?: string;    // default: 'Content-Type, Authorization, X-Requested-With'
+    allowCredentials?: boolean; // default: true
+    maxAge?: number;          // default: 86400 (24 hours)
+    exposeHeaders?: string;
+  };
+
+  // Allow requests with no origin header (default: true)
+  allowNoOrigin?: boolean;
+
+  // Custom function to extract client IP
+  getClientIp?: (req: GenericRequest) => string;
+
+  // Enable debug logging (default: false)
+  debug?: boolean;
+}
+```
+
+## Custom Storage Adapter
+
+Implement the `StorageAdapter` interface to use your own database:
+
+```typescript
+import { StorageAdapter, WhitelistEntry } from 'cors-whitelist-ip';
+
+class PostgresStorageAdapter implements StorageAdapter {
+  constructor(private db: Pool) {}
+
+  async getGlobalWhitelist(): Promise<string[]> {
+    const result = await this.db.query(
+      'SELECT domains FROM global_cors_whitelist WHERE is_active = true'
+    );
+    return result.rows[0]?.domains || [];
+  }
+
+  async getWhitelistEntries(): Promise<WhitelistEntry[]> {
+    const result = await this.db.query(
+      'SELECT * FROM organisation_whitelist WHERE is_active = true'
+    );
+    return result.rows;
+  }
+
+  async getOrganisationWhitelist(orgId: string | number): Promise<WhitelistEntry[]> {
+    const result = await this.db.query(
+      'SELECT * FROM organisation_whitelist WHERE organisation_id = $1 AND is_active = true',
+      [orgId]
+    );
+    return result.rows;
+  }
+
+  async findOrganisationByDomain(domain: string): Promise<string | number | null> {
+    const result = await this.db.query(
+      `SELECT organisation_id FROM organisation_whitelist
+       WHERE type = 'DOMAIN' AND is_active = true
+       AND (value = $1 OR ($1 LIKE '%' || SUBSTRING(value FROM 3)))`,
+      [domain]
+    );
+    return result.rows[0]?.organisation_id || null;
+  }
+
+  async getApiKey(orgId: string | number): Promise<string | null> {
+    const result = await this.db.query(
+      'SELECT api_key FROM organisation_api_key WHERE organisation_id = $1',
+      [orgId]
+    );
+    return result.rows[0]?.api_key || null;
+  }
+
+  async isIpWhitelisted(ip: string): Promise<boolean> {
+    const result = await this.db.query(
+      `SELECT 1 FROM organisation_whitelist
+       WHERE type = 'IP' AND value = $1 AND is_active = true LIMIT 1`,
+      [ip]
+    );
+    return result.rows.length > 0;
+  }
+
+  async isDomainWhitelisted(domain: string): Promise<boolean> {
+    const result = await this.db.query(
+      `SELECT 1 FROM organisation_whitelist
+       WHERE type = 'DOMAIN' AND is_active = true
+       AND (value = $1 OR $1 LIKE '%' || SUBSTRING(value FROM 3)) LIMIT 1`,
+      [domain]
+    );
+    return result.rows.length > 0;
+  }
+}
+```
+
+## Custom Cache Adapter
+
+Implement the `CacheAdapter` interface for Redis or other caching solutions:
+
+```typescript
+import { CacheAdapter } from 'cors-whitelist-ip';
+import Redis from 'ioredis';
+
+class RedisCacheAdapter implements CacheAdapter {
+  constructor(private redis: Redis) {}
+
+  async get<T>(key: string): Promise<T | null> {
+    const value = await this.redis.get(key);
+    return value ? JSON.parse(value) : null;
+  }
+
+  async set<T>(key: string, value: T, ttlSeconds: number): Promise<void> {
+    await this.redis.set(key, JSON.stringify(value), 'EX', ttlSeconds);
+  }
+
+  async delete(key: string): Promise<void> {
+    await this.redis.del(key);
+  }
+
+  async deletePattern(pattern: string): Promise<void> {
+    const keys = await this.redis.keys(pattern);
+    if (keys.length > 0) await this.redis.del(...keys);
+  }
+
+  async clear(): Promise<void> {
+    await this.redis.flushdb();
+  }
+
+  async has(key: string): Promise<boolean> {
+    return (await this.redis.exists(key)) === 1;
+  }
+}
+```
+
+## API
+
+### CorsWhitelist
+
+```typescript
+const cors = new CorsWhitelist(options);
+
+// Initialize (optional, for adapters that need setup)
+await cors.initialize();
+
+// Handle a request (used internally by framework adapters)
+const shouldContinue = await cors.handleRequest(req, res);
+
+// Validate an origin directly
+const result = await cors.validateOrigin('https://example.com');
+// Returns: { allowed: boolean, reason: string, organisationId?, apiKey? }
+
+// Invalidate cache
+await cors.invalidateCache();           // Clear all CORS cache
+await cors.invalidateCache('example');  // Clear cache matching pattern
+
+// Clean up
+await cors.dispose();
+```
+
+### Validation Flow
+
+1. **Global Whitelist**: Check if origin is in the global whitelist (supports `*` wildcard)
+2. **Domain Lookup**: Find if domain is associated with an organization
+3. **API Key Check**: Verify organization has a valid API key
+4. **IP Whitelist**: Check if origin IP is whitelisted
+5. **Domain Pattern**: Match against wildcard patterns (e.g., `*.example.com`)
+
+## License
+
+MIT

package/dist/cjs/adapters/cache/InMemoryCacheAdapter.d.ts

@@ -0,0 +1,19 @@
+import { CacheAdapter } from '../../core/types';
+/**
+ * In-memory cache adapter using a simple Map.
+ * Suitable for single-instance applications and testing.
+ */
+export declare class InMemoryCacheAdapter implements CacheAdapter {
+    private cache;
+    private cleanupInterval;
+    constructor(cleanupIntervalMs?: number);
+    get<T = string>(key: string): Promise<T | null>;
+    set<T = string>(key: string, value: T, ttlSeconds: number): Promise<void>;
+    delete(key: string): Promise<void>;
+    deletePattern(pattern: string): Promise<void>;
+    clear(): Promise<void>;
+    has(key: string): Promise<boolean>;
+    dispose(): Promise<void>;
+    private cleanup;
+}
+//# sourceMappingURL=InMemoryCacheAdapter.d.ts.map

package/dist/cjs/adapters/cache/InMemoryCacheAdapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"InMemoryCacheAdapter.d.ts","sourceRoot":"","sources":["../../../../src/adapters/cache/InMemoryCacheAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAOhD;;;GAGG;AACH,qBAAa,oBAAqB,YAAW,YAAY;IACvD,OAAO,CAAC,KAAK,CAA+C;IAC5D,OAAO,CAAC,eAAe,CAA+C;gBAE1D,iBAAiB,GAAE,MAAc;IAQvC,GAAG,CAAC,CAAC,GAAG,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC;IAe/C,GAAG,CAAC,CAAC,GAAG,MAAM,EAClB,GAAG,EAAE,MAAM,EACX,KAAK,EAAE,CAAC,EACR,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC;IAOV,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIlC,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAY7C,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAItB,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKlC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ9B,OAAO,CAAC,OAAO;CAQhB"}

package/dist/cjs/adapters/cache/InMemoryCacheAdapter.js

@@ -0,0 +1,69 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InMemoryCacheAdapter = void 0;
+/**
+ * In-memory cache adapter using a simple Map.
+ * Suitable for single-instance applications and testing.
+ */
+class InMemoryCacheAdapter {
+    constructor(cleanupIntervalMs = 60000) {
+        this.cache = new Map();
+        this.cleanupInterval = null;
+        // Periodically clean up expired entries
+        this.cleanupInterval = setInterval(() => this.cleanup(), cleanupIntervalMs);
+    }
+    async get(key) {
+        const entry = this.cache.get(key);
+        if (!entry) {
+            return null;
+        }
+        if (Date.now() > entry.expiresAt) {
+            this.cache.delete(key);
+            return null;
+        }
+        return entry.value;
+    }
+    async set(key, value, ttlSeconds) {
+        this.cache.set(key, {
+            value,
+            expiresAt: Date.now() + ttlSeconds * 1000,
+        });
+    }
+    async delete(key) {
+        this.cache.delete(key);
+    }
+    async deletePattern(pattern) {
+        // Convert simple pattern to regex (supports * as wildcard)
+        const regexPattern = pattern.replace(/\*/g, '.*');
+        const regex = new RegExp(`^${regexPattern}$`);
+        for (const key of this.cache.keys()) {
+            if (regex.test(key)) {
+                this.cache.delete(key);
+            }
+        }
+    }
+    async clear() {
+        this.cache.clear();
+    }
+    async has(key) {
+        const value = await this.get(key);
+        return value !== null;
+    }
+    async dispose() {
+        if (this.cleanupInterval) {
+            clearInterval(this.cleanupInterval);
+            this.cleanupInterval = null;
+        }
+        this.cache.clear();
+    }
+    cleanup() {
+        const now = Date.now();
+        for (const [key, entry] of this.cache.entries()) {
+            if (now > entry.expiresAt) {
+                this.cache.delete(key);
+            }
+        }
+    }
+}
+exports.InMemoryCacheAdapter = InMemoryCacheAdapter;
+//# sourceMappingURL=InMemoryCacheAdapter.js.map

package/dist/cjs/adapters/cache/InMemoryCacheAdapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"InMemoryCacheAdapter.js","sourceRoot":"","sources":["../../../../src/adapters/cache/InMemoryCacheAdapter.ts"],"names":[],"mappings":";;;AAOA;;;GAGG;AACH,MAAa,oBAAoB;IAI/B,YAAY,oBAA4B,KAAK;QAHrC,UAAK,GAAqC,IAAI,GAAG,EAAE,CAAC;QACpD,oBAAe,GAA0C,IAAI,CAAC;QAGpE,wCAAwC;QACxC,IAAI,CAAC,eAAe,GAAG,WAAW,CAChC,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,EACpB,iBAAiB,CAClB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,GAAG,CAAa,GAAW;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAElC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC,KAAU,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,GAAG,CACP,GAAW,EACX,KAAQ,EACR,UAAkB;QAElB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE;YAClB,KAAK;YACL,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,GAAG,IAAI;SAC1C,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAAe;QACjC,2DAA2D;QAC3D,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,YAAY,GAAG,CAAC,CAAC;QAE9C,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;YACpC,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACpB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,OAAO,KAAK,KAAK,IAAI,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACpC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC9B,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAEO,OAAO;QACb,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAChD,IAAI,GAAG,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;gBAC1B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;CACF;AA/ED,oDA+EC"}

package/dist/cjs/adapters/cache/NoCacheAdapter.d.ts

@@ -0,0 +1,14 @@
+import { CacheAdapter } from '../../core/types';
+/**
+ * No-op cache adapter that doesn't cache anything.
+ * Used as the default when no cache is configured.
+ */
+export declare class NoCacheAdapter implements CacheAdapter {
+    get<T = string>(_key: string): Promise<T | null>;
+    set<T = string>(_key: string, _value: T, _ttlSeconds: number): Promise<void>;
+    delete(_key: string): Promise<void>;
+    deletePattern(_pattern: string): Promise<void>;
+    clear(): Promise<void>;
+    has(_key: string): Promise<boolean>;
+}
+//# sourceMappingURL=NoCacheAdapter.d.ts.map

package/dist/cjs/adapters/cache/NoCacheAdapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"NoCacheAdapter.d.ts","sourceRoot":"","sources":["../../../../src/adapters/cache/NoCacheAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAEhD;;;GAGG;AACH,qBAAa,cAAe,YAAW,YAAY;IAC3C,GAAG,CAAC,CAAC,GAAG,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC;IAIhD,GAAG,CAAC,CAAC,GAAG,MAAM,EAClB,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,CAAC,EACT,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC;IAIV,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAInC,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9C,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAItB,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAG1C"}

package/dist/cjs/adapters/cache/NoCacheAdapter.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NoCacheAdapter = void 0;
+/**
+ * No-op cache adapter that doesn't cache anything.
+ * Used as the default when no cache is configured.
+ */
+class NoCacheAdapter {
+    async get(_key) {
+        return null;
+    }
+    async set(_key, _value, _ttlSeconds) {
+        // No-op
+    }
+    async delete(_key) {
+        // No-op
+    }
+    async deletePattern(_pattern) {
+        // No-op
+    }
+    async clear() {
+        // No-op
+    }
+    async has(_key) {
+        return false;
+    }
+}
+exports.NoCacheAdapter = NoCacheAdapter;
+//# sourceMappingURL=NoCacheAdapter.js.map

package/dist/cjs/adapters/cache/NoCacheAdapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"NoCacheAdapter.js","sourceRoot":"","sources":["../../../../src/adapters/cache/NoCacheAdapter.ts"],"names":[],"mappings":";;;AAEA;;;GAGG;AACH,MAAa,cAAc;IACzB,KAAK,CAAC,GAAG,CAAa,IAAY;QAChC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,GAAG,CACP,IAAY,EACZ,MAAS,EACT,WAAmB;QAEnB,QAAQ;IACV,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,IAAY;QACvB,QAAQ;IACV,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,QAAgB;QAClC,QAAQ;IACV,CAAC;IAED,KAAK,CAAC,KAAK;QACT,QAAQ;IACV,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,IAAY;QACpB,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AA5BD,wCA4BC"}

package/dist/cjs/adapters/cache/index.d.ts

@@ -0,0 +1,3 @@
+export { NoCacheAdapter } from './NoCacheAdapter';
+export { InMemoryCacheAdapter } from './InMemoryCacheAdapter';
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/adapters/cache/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/adapters/cache/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/cjs/adapters/cache/index.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InMemoryCacheAdapter = exports.NoCacheAdapter = void 0;
+var NoCacheAdapter_1 = require("./NoCacheAdapter");
+Object.defineProperty(exports, "NoCacheAdapter", { enumerable: true, get: function () { return NoCacheAdapter_1.NoCacheAdapter; } });
+var InMemoryCacheAdapter_1 = require("./InMemoryCacheAdapter");
+Object.defineProperty(exports, "InMemoryCacheAdapter", { enumerable: true, get: function () { return InMemoryCacheAdapter_1.InMemoryCacheAdapter; } });
+//# sourceMappingURL=index.js.map

package/dist/cjs/adapters/cache/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/adapters/cache/index.ts"],"names":[],"mappings":";;;AAAA,mDAAkD;AAAzC,gHAAA,cAAc,OAAA;AACvB,+DAA8D;AAArD,4HAAA,oBAAoB,OAAA"}

package/dist/cjs/adapters/storage/InMemoryStorageAdapter.d.ts

@@ -0,0 +1,30 @@
+import { StorageAdapter, WhitelistEntry } from '../../core/types';
+export interface InMemoryStorageConfig {
+    globalWhitelist?: string[];
+    whitelistEntries?: WhitelistEntry[];
+    apiKeys?: Map<string | number, string>;
+}
+/**
+ * In-memory storage adapter for testing and simple use cases.
+ * Data is stored in memory and lost when the process exits.
+ */
+export declare class InMemoryStorageAdapter implements StorageAdapter {
+    private globalWhitelist;
+    private whitelistEntries;
+    private apiKeys;
+    constructor(config?: InMemoryStorageConfig);
+    getGlobalWhitelist(): Promise<string[]>;
+    getWhitelistEntries(): Promise<WhitelistEntry[]>;
+    getOrganisationWhitelist(organisationId: string | number): Promise<WhitelistEntry[]>;
+    findOrganisationByDomain(domain: string): Promise<string | number | null>;
+    getApiKey(organisationId: string | number, _type?: 'client' | 'server'): Promise<string | null>;
+    isIpWhitelisted(ip: string): Promise<boolean>;
+    isDomainWhitelisted(domain: string): Promise<boolean>;
+    addGlobalDomain(domain: string): void;
+    removeGlobalDomain(domain: string): void;
+    addWhitelistEntry(entry: WhitelistEntry): void;
+    removeWhitelistEntry(id: string | number): void;
+    setApiKey(organisationId: string | number, apiKey: string): void;
+    clear(): void;
+}
+//# sourceMappingURL=InMemoryStorageAdapter.d.ts.map

package/dist/cjs/adapters/storage/InMemoryStorageAdapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"InMemoryStorageAdapter.d.ts","sourceRoot":"","sources":["../../../../src/adapters/storage/InMemoryStorageAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAGlE,MAAM,WAAW,qBAAqB;IACpC,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,gBAAgB,CAAC,EAAE,cAAc,EAAE,CAAC;IACpC,OAAO,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,MAAM,EAAE,MAAM,CAAC,CAAC;CACxC;AAED;;;GAGG;AACH,qBAAa,sBAAuB,YAAW,cAAc;IAC3D,OAAO,CAAC,eAAe,CAAW;IAClC,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,OAAO,CAA+B;gBAElC,MAAM,GAAE,qBAA0B;IAMxC,kBAAkB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAIvC,mBAAmB,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAIhD,wBAAwB,CAC5B,cAAc,EAAE,MAAM,GAAG,MAAM,GAC9B,OAAO,CAAC,cAAc,EAAE,CAAC;IAMtB,wBAAwB,CAC5B,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAQ5B,SAAS,CACb,cAAc,EAAE,MAAM,GAAG,MAAM,EAC/B,KAAK,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAC1B,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAInB,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAM7C,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAW3D,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAMrC,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAOxC,iBAAiB,CAAC,KAAK,EAAE,cAAc,GAAG,IAAI;IAI9C,oBAAoB,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAO/C,SAAS,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAIhE,KAAK,IAAI,IAAI;CAKd"}

package/dist/cjs/adapters/storage/InMemoryStorageAdapter.js

@@ -0,0 +1,70 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InMemoryStorageAdapter = void 0;
+const utils_1 = require("../../core/utils");
+/**
+ * In-memory storage adapter for testing and simple use cases.
+ * Data is stored in memory and lost when the process exits.
+ */
+class InMemoryStorageAdapter {
+    constructor(config = {}) {
+        this.globalWhitelist = config.globalWhitelist ?? [];
+        this.whitelistEntries = config.whitelistEntries ?? [];
+        this.apiKeys = config.apiKeys ?? new Map();
+    }
+    async getGlobalWhitelist() {
+        return [...this.globalWhitelist];
+    }
+    async getWhitelistEntries() {
+        return this.whitelistEntries.filter((e) => e.isActive);
+    }
+    async getOrganisationWhitelist(organisationId) {
+        return this.whitelistEntries.filter((e) => e.organisationId === organisationId && e.isActive);
+    }
+    async findOrganisationByDomain(domain) {
+        const entry = this.whitelistEntries.find((e) => e.type === 'DOMAIN' && e.isActive && (0, utils_1.matchesWildcard)(domain, e.value));
+        return entry?.organisationId ?? null;
+    }
+    async getApiKey(organisationId, _type) {
+        return this.apiKeys.get(organisationId) ?? null;
+    }
+    async isIpWhitelisted(ip) {
+        return this.whitelistEntries.some((e) => e.type === 'IP' && e.value === ip && e.isActive);
+    }
+    async isDomainWhitelisted(domain) {
+        return this.whitelistEntries.some((e) => e.type === 'DOMAIN' && e.isActive && (0, utils_1.matchesWildcard)(domain, e.value));
+    }
+    // ─────────────────────────────────────────────────────────────────
+    // Additional methods for testing and management
+    // ─────────────────────────────────────────────────────────────────
+    addGlobalDomain(domain) {
+        if (!this.globalWhitelist.includes(domain)) {
+            this.globalWhitelist.push(domain);
+        }
+    }
+    removeGlobalDomain(domain) {
+        const index = this.globalWhitelist.indexOf(domain);
+        if (index > -1) {
+            this.globalWhitelist.splice(index, 1);
+        }
+    }
+    addWhitelistEntry(entry) {
+        this.whitelistEntries.push(entry);
+    }
+    removeWhitelistEntry(id) {
+        const index = this.whitelistEntries.findIndex((e) => e.id === id);
+        if (index > -1) {
+            this.whitelistEntries.splice(index, 1);
+        }
+    }
+    setApiKey(organisationId, apiKey) {
+        this.apiKeys.set(organisationId, apiKey);
+    }
+    clear() {
+        this.globalWhitelist = [];
+        this.whitelistEntries = [];
+        this.apiKeys.clear();
+    }
+}
+exports.InMemoryStorageAdapter = InMemoryStorageAdapter;
+//# sourceMappingURL=InMemoryStorageAdapter.js.map

package/dist/cjs/adapters/storage/InMemoryStorageAdapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"InMemoryStorageAdapter.js","sourceRoot":"","sources":["../../../../src/adapters/storage/InMemoryStorageAdapter.ts"],"names":[],"mappings":";;;AACA,4CAAmD;AAQnD;;;GAGG;AACH,MAAa,sBAAsB;IAKjC,YAAY,SAAgC,EAAE;QAC5C,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,IAAI,EAAE,CAAC;QACpD,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,IAAI,EAAE,CAAC;QACtD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,IAAI,GAAG,EAAE,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,kBAAkB;QACtB,OAAO,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,mBAAmB;QACvB,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC5B,cAA+B;QAE/B,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,CACjC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,cAAc,IAAI,CAAC,CAAC,QAAQ,CACzD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC5B,MAAc;QAEd,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,IAAI,IAAA,uBAAe,EAAC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CACxE,CAAC;QACF,OAAO,KAAK,EAAE,cAAc,IAAI,IAAI,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,SAAS,CACb,cAA+B,EAC/B,KAA2B;QAE3B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,IAAI,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,EAAU;QAC9B,OAAO,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAC/B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,KAAK,KAAK,EAAE,IAAI,CAAC,CAAC,QAAQ,CACvD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,MAAc;QACtC,OAAO,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAC/B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,IAAI,IAAA,uBAAe,EAAC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CACxE,CAAC;IACJ,CAAC;IAED,oEAAoE;IACpE,gDAAgD;IAChD,oEAAoE;IAEpE,eAAe,CAAC,MAAc;QAC5B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3C,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,kBAAkB,CAAC,MAAc;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACnD,IAAI,KAAK,GAAG,CAAC,CAAC,EAAE,CAAC;YACf,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,iBAAiB,CAAC,KAAqB;QACrC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;IAED,oBAAoB,CAAC,EAAmB;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAClE,IAAI,KAAK,GAAG,CAAC,CAAC,EAAE,CAAC;YACf,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,SAAS,CAAC,cAA+B,EAAE,MAAc;QACvD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK;QACH,IAAI,CAAC,eAAe,GAAG,EAAE,CAAC;QAC1B,IAAI,CAAC,gBAAgB,GAAG,EAAE,CAAC;QAC3B,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;CACF;AA9FD,wDA8FC"}

package/dist/cjs/adapters/storage/index.d.ts

@@ -0,0 +1,3 @@
+export { InMemoryStorageAdapter } from './InMemoryStorageAdapter';
+export type { InMemoryStorageConfig } from './InMemoryStorageAdapter';
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/adapters/storage/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/adapters/storage/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,YAAY,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC"}

package/dist/cjs/adapters/storage/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InMemoryStorageAdapter = void 0;
+var InMemoryStorageAdapter_1 = require("./InMemoryStorageAdapter");
+Object.defineProperty(exports, "InMemoryStorageAdapter", { enumerable: true, get: function () { return InMemoryStorageAdapter_1.InMemoryStorageAdapter; } });
+//# sourceMappingURL=index.js.map

package/dist/cjs/adapters/storage/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/adapters/storage/index.ts"],"names":[],"mappings":";;;AAAA,mEAAkE;AAAzD,gIAAA,sBAAsB,OAAA"}

package/dist/cjs/core/CorsWhitelist.d.ts

@@ -0,0 +1,60 @@
+import { CorsWhitelistOptions, ValidationResult, GenericRequest, GenericResponse, StorageAdapter, CacheAdapter } from './types';
+/**
+ * Main CORS Whitelist class that handles origin validation
+ * and CORS header management in a framework-agnostic way.
+ */
+export declare class CorsWhitelist {
+    private storage;
+    private cache;
+    private cacheTtl;
+    private logger;
+    private corsHeaders;
+    private allowNoOrigin;
+    private customGetClientIp?;
+    private debug;
+    constructor(options: CorsWhitelistOptions);
+    /**
+     * Initialize the CORS middleware (call before handling requests)
+     */
+    initialize(): Promise<void>;
+    /**
+     * Clean up resources
+     */
+    dispose(): Promise<void>;
+    /**
+     * Main handler for CORS requests. Returns whether to continue processing.
+     * @param req - Generic request object
+     * @param res - Generic response object
+     * @returns true if request should continue, false if handled (blocked or preflight)
+     */
+    handleRequest(req: GenericRequest, res: GenericResponse): Promise<boolean>;
+    /**
+     * Validate if an origin is allowed
+     * @param origin - The origin to validate
+     * @returns Validation result with details
+     */
+    validateOrigin(origin: string): Promise<ValidationResult>;
+    /**
+     * Invalidate cache for a specific domain or pattern
+     */
+    invalidateCache(pattern?: string): Promise<void>;
+    /**
+     * Get the storage adapter instance
+     */
+    getStorage(): StorageAdapter;
+    /**
+     * Get the cache adapter instance
+     */
+    getCache(): CacheAdapter;
+    private handlePreflight;
+    private handleRegularRequest;
+    private performValidation;
+    private getGlobalWhitelist;
+    private setPreflightHeaders;
+    private setCorsHeaders;
+    private getOrigin;
+    private getClientIp;
+    private defaultGetClientIp;
+    private log;
+}
+//# sourceMappingURL=CorsWhitelist.d.ts.map

package/dist/cjs/core/CorsWhitelist.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CorsWhitelist.d.ts","sourceRoot":"","sources":["../../../src/core/CorsWhitelist.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACpB,gBAAgB,EAEhB,cAAc,EACd,eAAe,EAEf,cAAc,EACd,YAAY,EACb,MAAM,SAAS,CAAC;AAcjB;;;GAGG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,OAAO,CAAiB;IAChC,OAAO,CAAC,KAAK,CAAe;IAC5B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,aAAa,CAAU;IAC/B,OAAO,CAAC,iBAAiB,CAAC,CAAkC;IAC5D,OAAO,CAAC,KAAK,CAAU;gBAEX,OAAO,EAAE,oBAAoB;IAWzC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IASjC;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAS9B;;;;;OAKG;IACG,aAAa,CACjB,GAAG,EAAE,cAAc,EACnB,GAAG,EAAE,eAAe,GACnB,OAAO,CAAC,OAAO,CAAC;IA4BnB;;;;OAIG;IACG,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAkB/D;;OAEG;IACG,eAAe,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQtD;;OAEG;IACH,UAAU,IAAI,cAAc;IAI5B;;OAEG;IACH,QAAQ,IAAI,YAAY;YAQV,eAAe;YA4Bf,oBAAoB;YA8BpB,iBAAiB;YAuDjB,kBAAkB;IAchC,OAAO,CAAC,mBAAmB;IAkB3B,OAAO,CAAC,cAAc;IAetB,OAAO,CAAC,SAAS;IAQjB,OAAO,CAAC,WAAW;IAOnB,OAAO,CAAC,kBAAkB;IAe1B,OAAO,CAAC,GAAG;CASZ"}