cors-whitelist-ip 1.0.0

package/dist/cjs/core/CorsWhitelist.js

@@ -0,0 +1,273 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CorsWhitelist = void 0;
+const NoCacheAdapter_1 = require("../adapters/cache/NoCacheAdapter");
+const utils_1 = require("./utils");
+const DEFAULT_CORS_HEADERS = {
+    allowOrigin: '',
+    allowMethods: 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
+    allowHeaders: 'Content-Type, Authorization, X-Requested-With',
+    allowCredentials: true,
+    maxAge: 86400, // 24 hours
+};
+const DEFAULT_CACHE_TTL = 3600; // 1 hour
+/**
+ * Main CORS Whitelist class that handles origin validation
+ * and CORS header management in a framework-agnostic way.
+ */
+class CorsWhitelist {
+    constructor(options) {
+        this.storage = options.storage;
+        this.cache = options.cache ?? new NoCacheAdapter_1.NoCacheAdapter();
+        this.cacheTtl = options.cacheTtl ?? DEFAULT_CACHE_TTL;
+        this.logger = options.logger ?? console;
+        this.corsHeaders = { ...DEFAULT_CORS_HEADERS, ...options.corsHeaders };
+        this.allowNoOrigin = options.allowNoOrigin ?? true;
+        this.customGetClientIp = options.getClientIp;
+        this.debug = options.debug ?? false;
+    }
+    /**
+     * Initialize the CORS middleware (call before handling requests)
+     */
+    async initialize() {
+        if (this.storage.initialize) {
+            await this.storage.initialize();
+        }
+        if (this.cache.initialize) {
+            await this.cache.initialize();
+        }
+    }
+    /**
+     * Clean up resources
+     */
+    async dispose() {
+        if (this.storage.dispose) {
+            await this.storage.dispose();
+        }
+        if (this.cache.dispose) {
+            await this.cache.dispose();
+        }
+    }
+    /**
+     * Main handler for CORS requests. Returns whether to continue processing.
+     * @param req - Generic request object
+     * @param res - Generic response object
+     * @returns true if request should continue, false if handled (blocked or preflight)
+     */
+    async handleRequest(req, res) {
+        try {
+            const origin = this.getOrigin(req);
+            const method = req.method.toUpperCase();
+            const clientIp = this.getClientIp(req);
+            this.log(`[CORS] Request from IP: ${clientIp}, Origin: ${origin}, Path: ${req.url}, Method: ${method}`);
+            // Handle preflight OPTIONS requests
+            if (method === 'OPTIONS') {
+                return await this.handlePreflight(req, res, origin);
+            }
+            // Handle regular requests
+            return await this.handleRegularRequest(req, res, origin);
+        }
+        catch (error) {
+            this.logger.error(`[CORS] Error in CORS handler: ${error.message}`, error.stack);
+            res.statusCode = 500;
+            res.end(JSON.stringify({ error: 'Internal Server Error' }));
+            return false;
+        }
+    }
+    /**
+     * Validate if an origin is allowed
+     * @param origin - The origin to validate
+     * @returns Validation result with details
+     */
+    async validateOrigin(origin) {
+        const cacheKey = `cors:validation:${origin}`;
+        // Try cache first
+        const cached = await this.cache.get(cacheKey);
+        if (cached) {
+            this.log(`[CORS] Cache hit for origin validation: ${origin}`);
+            return cached;
+        }
+        const result = await this.performValidation(origin);
+        // Cache the result
+        await this.cache.set(cacheKey, result, this.cacheTtl);
+        return result;
+    }
+    /**
+     * Invalidate cache for a specific domain or pattern
+     */
+    async invalidateCache(pattern) {
+        if (pattern) {
+            await this.cache.deletePattern(`cors:*${pattern}*`);
+        }
+        else {
+            await this.cache.deletePattern('cors:*');
+        }
+    }
+    /**
+     * Get the storage adapter instance
+     */
+    getStorage() {
+        return this.storage;
+    }
+    /**
+     * Get the cache adapter instance
+     */
+    getCache() {
+        return this.cache;
+    }
+    // ─────────────────────────────────────────────────────────────────
+    // Private methods
+    // ─────────────────────────────────────────────────────────────────
+    async handlePreflight(_req, res, origin) {
+        if (!origin) {
+            this.log('[CORS] Preflight without origin, denying');
+            res.statusCode = 403;
+            res.end(JSON.stringify({ error: 'Origin header required for preflight' }));
+            return false;
+        }
+        const validation = await this.validateOrigin(origin);
+        if (validation.allowed) {
+            this.log(`[CORS] Preflight allowed for origin: ${origin}`);
+            this.setPreflightHeaders(res, origin);
+            res.statusCode = 204;
+            res.end();
+            return false; // Preflight handled, don't continue
+        }
+        this.logger.warn(`[CORS] Preflight blocked for origin: ${origin}`);
+        res.statusCode = 403;
+        res.end(JSON.stringify({ error: 'CORS not allowed for this origin' }));
+        return false;
+    }
+    async handleRegularRequest(_req, res, origin) {
+        // No origin = not a CORS request, allow through
+        if (!origin) {
+            if (this.allowNoOrigin) {
+                this.log('[CORS] No origin header, allowing request');
+                return true;
+            }
+            res.statusCode = 403;
+            res.end(JSON.stringify({ error: 'Origin header required' }));
+            return false;
+        }
+        const validation = await this.validateOrigin(origin);
+        if (validation.allowed) {
+            this.log(`[CORS] Request allowed for origin: ${origin}`);
+            this.setCorsHeaders(res, origin);
+            return true; // Continue processing
+        }
+        this.logger.warn(`[CORS] Request blocked for origin: ${origin}`);
+        res.statusCode = 403;
+        res.end(JSON.stringify({ error: 'CORS not allowed for this origin' }));
+        return false;
+    }
+    async performValidation(origin) {
+        // 1. Check global whitelist
+        const globalWhitelist = await this.getGlobalWhitelist();
+        if (globalWhitelist.includes('*')) {
+            return { allowed: true, reason: 'Global wildcard (*) allows all origins' };
+        }
+        if (globalWhitelist.includes(origin)) {
+            return { allowed: true, reason: 'Origin in global whitelist' };
+        }
+        // 2. Extract domain from origin
+        const domain = (0, utils_1.extractDomain)(origin);
+        if (!domain) {
+            return { allowed: false, reason: 'Invalid origin format' };
+        }
+        // Check if full origin URL is in global whitelist
+        if (globalWhitelist.includes(domain)) {
+            return { allowed: true, reason: 'Domain in global whitelist' };
+        }
+        // 3. Check if domain is associated with an API key
+        const orgId = await this.storage.findOrganisationByDomain(domain);
+        if (orgId) {
+            const apiKey = await this.storage.getApiKey(orgId, 'client');
+            if (apiKey) {
+                return {
+                    allowed: true,
+                    reason: 'Domain associated with API key',
+                    organisationId: orgId,
+                    apiKey,
+                };
+            }
+        }
+        // 4. Check IP whitelist (if origin is IP-based)
+        if ((0, utils_1.isIpAddress)(domain)) {
+            const isWhitelisted = await this.storage.isIpWhitelisted(domain);
+            if (isWhitelisted) {
+                return { allowed: true, reason: 'IP address in whitelist' };
+            }
+            return { allowed: false, reason: 'IP address not in whitelist' };
+        }
+        // 5. Check domain pattern whitelist (including wildcards)
+        const isDomainAllowed = await this.storage.isDomainWhitelisted(domain);
+        if (isDomainAllowed) {
+            return { allowed: true, reason: 'Domain matches whitelist pattern' };
+        }
+        return { allowed: false, reason: 'Origin not in any whitelist' };
+    }
+    async getGlobalWhitelist() {
+        const cacheKey = 'cors:global:whitelist';
+        const cached = await this.cache.get(cacheKey);
+        if (cached) {
+            return cached;
+        }
+        const whitelist = await this.storage.getGlobalWhitelist();
+        await this.cache.set(cacheKey, whitelist, this.cacheTtl);
+        return whitelist;
+    }
+    setPreflightHeaders(res, origin) {
+        res.setHeader('Access-Control-Allow-Origin', origin);
+        res.setHeader('Access-Control-Allow-Methods', this.corsHeaders.allowMethods);
+        res.setHeader('Access-Control-Allow-Headers', this.corsHeaders.allowHeaders);
+        res.setHeader('Access-Control-Allow-Credentials', String(this.corsHeaders.allowCredentials));
+        res.setHeader('Access-Control-Max-Age', String(this.corsHeaders.maxAge));
+        if (this.corsHeaders.exposeHeaders) {
+            res.setHeader('Access-Control-Expose-Headers', this.corsHeaders.exposeHeaders);
+        }
+    }
+    setCorsHeaders(res, origin) {
+        res.setHeader('Access-Control-Allow-Origin', origin);
+        res.setHeader('Access-Control-Allow-Credentials', String(this.corsHeaders.allowCredentials));
+        if (this.corsHeaders.exposeHeaders) {
+            res.setHeader('Access-Control-Expose-Headers', this.corsHeaders.exposeHeaders);
+        }
+    }
+    getOrigin(req) {
+        const origin = req.headers['origin'];
+        if (Array.isArray(origin)) {
+            return origin[0] || null;
+        }
+        return origin || null;
+    }
+    getClientIp(req) {
+        if (this.customGetClientIp) {
+            return this.customGetClientIp(req);
+        }
+        return this.defaultGetClientIp(req);
+    }
+    defaultGetClientIp(req) {
+        const forwarded = req.headers['x-forwarded-for'];
+        if (forwarded) {
+            const ips = (Array.isArray(forwarded) ? forwarded[0] : forwarded).split(',');
+            return ips[0].trim();
+        }
+        const realIp = req.headers['x-real-ip'];
+        if (realIp) {
+            return Array.isArray(realIp) ? realIp[0] : realIp;
+        }
+        return req.ip || 'unknown';
+    }
+    log(message) {
+        if (this.debug) {
+            if (this.logger.debug) {
+                this.logger.debug(message);
+            }
+            else {
+                this.logger.log(message);
+            }
+        }
+    }
+}
+exports.CorsWhitelist = CorsWhitelist;
+//# sourceMappingURL=CorsWhitelist.js.map

package/dist/cjs/core/CorsWhitelist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CorsWhitelist.js","sourceRoot":"","sources":["../../../src/core/CorsWhitelist.ts"],"names":[],"mappings":";;;AAUA,qEAAkE;AAClE,mCAAqD;AAErD,MAAM,oBAAoB,GAAgB;IACxC,WAAW,EAAE,EAAE;IACf,YAAY,EAAE,wCAAwC;IACtD,YAAY,EAAE,+CAA+C;IAC7D,gBAAgB,EAAE,IAAI;IACtB,MAAM,EAAE,KAAK,EAAE,WAAW;CAC3B,CAAC;AAEF,MAAM,iBAAiB,GAAG,IAAI,CAAC,CAAC,SAAS;AAEzC;;;GAGG;AACH,MAAa,aAAa;IAUxB,YAAY,OAA6B;QACvC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,IAAI,+BAAc,EAAE,CAAC;QACnD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,iBAAiB,CAAC;QACtD,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC;QACxC,IAAI,CAAC,WAAW,GAAG,EAAE,GAAG,oBAAoB,EAAE,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvE,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,IAAI,CAAC;QACnD,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,WAAW,CAAC;QAC7C,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;YAC5B,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QAClC,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;YAC1B,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QAC/B,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACvB,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,aAAa,CACjB,GAAmB,EACnB,GAAoB;QAEpB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YAEvC,IAAI,CAAC,GAAG,CACN,2BAA2B,QAAQ,aAAa,MAAM,WAAW,GAAG,CAAC,GAAG,aAAa,MAAM,EAAE,CAC9F,CAAC;YAEF,oCAAoC;YACpC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;YACtD,CAAC;YAED,0BAA0B;YAC1B,OAAO,MAAM,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;QAC3D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,iCAAkC,KAAe,CAAC,OAAO,EAAE,EAC1D,KAAe,CAAC,KAAK,CACvB,CAAC;YACF,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC,CAAC;YAC5D,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,cAAc,CAAC,MAAc;QACjC,MAAM,QAAQ,GAAG,mBAAmB,MAAM,EAAE,CAAC;QAE7C,kBAAkB;QAClB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAmB,QAAQ,CAAC,CAAC;QAChE,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC,GAAG,CAAC,2CAA2C,MAAM,EAAE,CAAC,CAAC;YAC9D,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAEpD,mBAAmB;QACnB,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEtD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,OAAgB;QACpC,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,OAAO,GAAG,CAAC,CAAC;QACtD,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,UAAU;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,oEAAoE;IACpE,kBAAkB;IAClB,oEAAoE;IAE5D,KAAK,CAAC,eAAe,CAC3B,IAAoB,EACpB,GAAoB,EACpB,MAAqB;QAErB,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;YACrD,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAC,CAAC,CAAC;YAC3E,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAErD,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACvB,IAAI,CAAC,GAAG,CAAC,wCAAwC,MAAM,EAAE,CAAC,CAAC;YAC3D,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACtC,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;YACrB,GAAG,CAAC,GAAG,EAAE,CAAC;YACV,OAAO,KAAK,CAAC,CAAC,oCAAoC;QACpD,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wCAAwC,MAAM,EAAE,CAAC,CAAC;QACnE,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;QACrB,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,kCAAkC,EAAE,CAAC,CAAC,CAAC;QACvE,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,KAAK,CAAC,oBAAoB,CAChC,IAAoB,EACpB,GAAoB,EACpB,MAAqB;QAErB,gDAAgD;QAChD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;gBACvB,IAAI,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;gBACtD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC,CAAC,CAAC;YAC7D,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAErD,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACvB,IAAI,CAAC,GAAG,CAAC,sCAAsC,MAAM,EAAE,CAAC,CAAC;YACzD,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACjC,OAAO,IAAI,CAAC,CAAC,sBAAsB;QACrC,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,MAAM,EAAE,CAAC,CAAC;QACjE,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;QACrB,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,kCAAkC,EAAE,CAAC,CAAC,CAAC;QACvE,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,MAAc;QAC5C,4BAA4B;QAC5B,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAExD,IAAI,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAClC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,wCAAwC,EAAE,CAAC;QAC7E,CAAC;QAED,IAAI,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,4BAA4B,EAAE,CAAC;QACjE,CAAC;QAED,gCAAgC;QAChC,MAAM,MAAM,GAAG,IAAA,qBAAa,EAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;QAC7D,CAAC;QAED,kDAAkD;QAClD,IAAI,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,4BAA4B,EAAE,CAAC;QACjE,CAAC;QAED,mDAAmD;QACnD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAC;QAClE,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YAC7D,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,gCAAgC;oBACxC,cAAc,EAAE,KAAK;oBACrB,MAAM;iBACP,CAAC;YACJ,CAAC;QACH,CAAC;QAED,gDAAgD;QAChD,IAAI,IAAA,mBAAW,EAAC,MAAM,CAAC,EAAE,CAAC;YACxB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;YACjE,IAAI,aAAa,EAAE,CAAC;gBAClB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;YAC9D,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;QACnE,CAAC;QAED,0DAA0D;QAC1D,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACvE,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,kCAAkC,EAAE,CAAC;QACvE,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;IACnE,CAAC;IAEO,KAAK,CAAC,kBAAkB;QAC9B,MAAM,QAAQ,GAAG,uBAAuB,CAAC;QAEzC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAW,QAAQ,CAAC,CAAC;QACxD,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC;QAC1D,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEzD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,mBAAmB,CAAC,GAAoB,EAAE,MAAc;QAC9D,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,MAAM,CAAC,CAAC;QACrD,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QAC7E,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QAC7E,GAAG,CAAC,SAAS,CACX,kCAAkC,EAClC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAC1C,CAAC;QACF,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAEzE,IAAI,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;YACnC,GAAG,CAAC,SAAS,CACX,+BAA+B,EAC/B,IAAI,CAAC,WAAW,CAAC,aAAa,CAC/B,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,cAAc,CAAC,GAAoB,EAAE,MAAc;QACzD,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,MAAM,CAAC,CAAC;QACrD,GAAG,CAAC,SAAS,CACX,kCAAkC,EAClC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAC1C,CAAC;QAEF,IAAI,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;YACnC,GAAG,CAAC,SAAS,CACX,+BAA+B,EAC/B,IAAI,CAAC,WAAW,CAAC,aAAa,CAC/B,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,SAAS,CAAC,GAAmB;QACnC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACrC,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,OAAO,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAC3B,CAAC;QACD,OAAO,MAAM,IAAI,IAAI,CAAC;IACxB,CAAC;IAEO,WAAW,CAAC,GAAmB;QACrC,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC;IAEO,kBAAkB,CAAC,GAAmB;QAC5C,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QACjD,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,KAAK,CACrE,GAAG,CACJ,CAAC;YACF,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACvB,CAAC;QACD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACxC,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACpD,CAAC;QACD,OAAO,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC;IAC7B,CAAC;IAEO,GAAG,CAAC,OAAe;QACzB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBACtB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC7B,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;IACH,CAAC;CACF;AA7UD,sCA6UC"}

package/dist/cjs/core/index.d.ts

@@ -0,0 +1,4 @@
+export * from './types';
+export * from './utils';
+export { CorsWhitelist } from './CorsWhitelist';
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/core/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/cjs/core/index.js

@@ -0,0 +1,22 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CorsWhitelist = void 0;
+__exportStar(require("./types"), exports);
+__exportStar(require("./utils"), exports);
+var CorsWhitelist_1 = require("./CorsWhitelist");
+Object.defineProperty(exports, "CorsWhitelist", { enumerable: true, get: function () { return CorsWhitelist_1.CorsWhitelist; } });
+//# sourceMappingURL=index.js.map

package/dist/cjs/core/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/core/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,0CAAwB;AACxB,0CAAwB;AACxB,iDAAgD;AAAvC,8GAAA,aAAa,OAAA"}

package/dist/cjs/core/types.d.ts

@@ -0,0 +1,201 @@
+/**
+ * Whitelist entry types
+ */
+export type WhitelistType = 'IP' | 'DOMAIN';
+/**
+ * Represents a whitelist entry (IP or domain)
+ */
+export interface WhitelistEntry {
+    id: string | number;
+    organisationId?: string | number;
+    type: WhitelistType;
+    value: string;
+    isActive: boolean;
+    description?: string;
+}
+/**
+ * Represents a global CORS whitelist configuration
+ */
+export interface GlobalWhitelist {
+    id: string | number;
+    domains: string[];
+    isActive: boolean;
+}
+/**
+ * Represents an API key association with an organisation
+ */
+export interface ApiKeyEntry {
+    organisationId: string | number;
+    apiKey: string;
+    type: 'client' | 'server';
+}
+/**
+ * Result of origin validation
+ */
+export interface ValidationResult {
+    allowed: boolean;
+    reason: string;
+    matchedEntry?: WhitelistEntry | GlobalWhitelist;
+    organisationId?: string | number;
+    apiKey?: string;
+}
+/**
+ * CORS headers configuration
+ */
+export interface CorsHeaders {
+    allowOrigin: string;
+    allowMethods: string;
+    allowHeaders: string;
+    allowCredentials: boolean;
+    maxAge: number;
+    exposeHeaders?: string;
+}
+/**
+ * Storage adapter interface for fetching whitelist data.
+ * Implement this interface to support your database of choice.
+ */
+export interface StorageAdapter {
+    /**
+     * Get the global CORS whitelist
+     * @returns Promise resolving to an array of allowed domains
+     */
+    getGlobalWhitelist(): Promise<string[]>;
+    /**
+     * Get all whitelist entries (IP and DOMAIN) that are active
+     * @returns Promise resolving to an array of whitelist entries
+     */
+    getWhitelistEntries(): Promise<WhitelistEntry[]>;
+    /**
+     * Get whitelist entries for a specific organisation
+     * @param organisationId - The organisation identifier
+     * @returns Promise resolving to an array of whitelist entries
+     */
+    getOrganisationWhitelist(organisationId: string | number): Promise<WhitelistEntry[]>;
+    /**
+     * Find the organisation ID associated with a domain
+     * @param domain - The domain to look up (exact or wildcard match)
+     * @returns Promise resolving to organisation ID or null if not found
+     */
+    findOrganisationByDomain(domain: string): Promise<string | number | null>;
+    /**
+     * Get the API key for an organisation
+     * @param organisationId - The organisation identifier
+     * @param type - The API key type (default: 'client')
+     * @returns Promise resolving to API key or null if not found
+     */
+    getApiKey(organisationId: string | number, type?: 'client' | 'server'): Promise<string | null>;
+    /**
+     * Check if an IP address is whitelisted (globally or for any organisation)
+     * @param ip - The IP address to check
+     * @returns Promise resolving to true if whitelisted
+     */
+    isIpWhitelisted(ip: string): Promise<boolean>;
+    /**
+     * Check if a domain pattern is whitelisted (globally or for any organisation)
+     * @param domain - The domain to check (will match against wildcards)
+     * @returns Promise resolving to true if whitelisted
+     */
+    isDomainWhitelisted(domain: string): Promise<boolean>;
+    /**
+     * Optional: Initialize the storage adapter (e.g., connection setup)
+     */
+    initialize?(): Promise<void>;
+    /**
+     * Optional: Clean up resources (e.g., close connections)
+     */
+    dispose?(): Promise<void>;
+}
+/**
+ * Cache adapter interface for caching whitelist lookups.
+ * Implement this interface to use Redis, Memcached, or other caching solutions.
+ */
+export interface CacheAdapter {
+    /**
+     * Get a value from cache
+     * @param key - Cache key
+     * @returns Promise resolving to cached value or null if not found
+     */
+    get<T = string>(key: string): Promise<T | null>;
+    /**
+     * Set a value in cache with TTL
+     * @param key - Cache key
+     * @param value - Value to cache
+     * @param ttlSeconds - Time-to-live in seconds
+     */
+    set<T = string>(key: string, value: T, ttlSeconds: number): Promise<void>;
+    /**
+     * Delete a specific key from cache
+     * @param key - Cache key to delete
+     */
+    delete(key: string): Promise<void>;
+    /**
+     * Delete all keys matching a pattern
+     * @param pattern - Pattern to match (e.g., "domain:*")
+     */
+    deletePattern(pattern: string): Promise<void>;
+    /**
+     * Clear all cached data
+     */
+    clear(): Promise<void>;
+    /**
+     * Check if a key exists in cache
+     * @param key - Cache key
+     */
+    has(key: string): Promise<boolean>;
+    /**
+     * Optional: Initialize the cache adapter
+     */
+    initialize?(): Promise<void>;
+    /**
+     * Optional: Clean up resources
+     */
+    dispose?(): Promise<void>;
+}
+/**
+ * Configuration options for CorsWhitelist
+ */
+export interface CorsWhitelistOptions {
+    /** Storage adapter for fetching whitelist data */
+    storage: StorageAdapter;
+    /** Optional cache adapter for caching whitelist lookups */
+    cache?: CacheAdapter;
+    /** Cache TTL in seconds (default: 3600) */
+    cacheTtl?: number;
+    /** Custom logger (default: console) */
+    logger?: Logger;
+    /** Default CORS headers configuration */
+    corsHeaders?: Partial<CorsHeaders>;
+    /** Whether to allow requests with no origin header (default: true) */
+    allowNoOrigin?: boolean;
+    /** Custom function to extract client IP from request */
+    getClientIp?: (req: GenericRequest) => string;
+    /** Enable debug logging (default: false) */
+    debug?: boolean;
+}
+/**
+ * Generic request interface for framework-agnostic handling
+ */
+export interface GenericRequest {
+    headers: Record<string, string | string[] | undefined>;
+    method: string;
+    url: string;
+    ip?: string;
+}
+/**
+ * Generic response interface for framework-agnostic handling
+ */
+export interface GenericResponse {
+    setHeader: (name: string, value: string) => void;
+    statusCode: number;
+    end: (body?: string) => void;
+}
+/**
+ * Logger interface
+ */
+export interface Logger {
+    log: (message: string) => void;
+    warn: (message: string) => void;
+    error: (message: string, trace?: string) => void;
+    debug?: (message: string) => void;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/cjs/core/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/core/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,IAAI,GAAG,QAAQ,CAAC;AAE5C;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACjC,IAAI,EAAE,aAAa,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,cAAc,EAAE,MAAM,GAAG,MAAM,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,QAAQ,GAAG,QAAQ,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,cAAc,GAAG,eAAe,CAAC;IAChD,cAAc,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B;;;OAGG;IACH,kBAAkB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAExC;;;OAGG;IACH,mBAAmB,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;IAEjD;;;;OAIG;IACH,wBAAwB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;IAErF;;;;OAIG;IACH,wBAAwB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC,CAAC;IAE1E;;;;;OAKG;IACH,SAAS,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,EAAE,IAAI,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAE/F;;;;OAIG;IACH,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAE9C;;;;OAIG;IACH,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEtD;;OAEG;IACH,UAAU,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7B;;OAEG;IACH,OAAO,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B;;;;OAIG;IACH,GAAG,CAAC,CAAC,GAAG,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAEhD;;;;;OAKG;IACH,GAAG,CAAC,CAAC,GAAG,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE1E;;;OAGG;IACH,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnC;;;OAGG;IACH,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9C;;OAEG;IACH,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvB;;;OAGG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEnC;;OAEG;IACH,UAAU,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7B;;OAEG;IACH,OAAO,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,kDAAkD;IAClD,OAAO,EAAE,cAAc,CAAC;IAExB,2DAA2D;IAC3D,KAAK,CAAC,EAAE,YAAY,CAAC;IAErB,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,uCAAuC;IACvC,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,yCAAyC;IACzC,WAAW,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAEnC,sEAAsE;IACtE,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB,wDAAwD;IACxD,WAAW,CAAC,EAAE,CAAC,GAAG,EAAE,cAAc,KAAK,MAAM,CAAC;IAE9C,4CAA4C;IAC5C,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;IACvD,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,CAAC,EAAE,MAAM,CAAC;CACb;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IACjD,UAAU,EAAE,MAAM,CAAC;IACnB,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,MAAM;IACrB,GAAG,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IAC/B,IAAI,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IAChC,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;IACjD,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;CACnC"}

package/dist/cjs/core/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/cjs/core/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/core/types.ts"],"names":[],"mappings":""}

package/dist/cjs/core/utils.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Check if a string is a valid IPv4 address
+ */
+export declare function isIPv4(str: string): boolean;
+/**
+ * Check if a string is a valid IPv6 address
+ */
+export declare function isIPv6(str: string): boolean;
+/**
+ * Check if a string is any valid IP address
+ */
+export declare function isIpAddress(str: string): boolean;
+/**
+ * Extract domain/hostname from an origin URL
+ */
+export declare function extractDomain(origin: string): string | null;
+/**
+ * Check if a domain matches a wildcard pattern
+ * @param domain - The domain to check (e.g., "app.example.com")
+ * @param pattern - The pattern to match against (e.g., "*.example.com")
+ */
+export declare function matchesWildcard(domain: string, pattern: string): boolean;
+/**
+ * Validate domain format
+ */
+export declare function isValidDomain(str: string): boolean;
+/**
+ * Validate wildcard domain format
+ */
+export declare function isValidWildcardDomain(str: string): boolean;
+//# sourceMappingURL=utils.d.ts.map

package/dist/cjs/core/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/core/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,wBAAgB,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAU3C;AAED;;GAEG;AACH,wBAAgB,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAI3C;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAEhD;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAU3D;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAUxE;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAIlD;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAG1D"}

package/dist/cjs/core/utils.js

@@ -0,0 +1,82 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isIPv4 = isIPv4;
+exports.isIPv6 = isIPv6;
+exports.isIpAddress = isIpAddress;
+exports.extractDomain = extractDomain;
+exports.matchesWildcard = matchesWildcard;
+exports.isValidDomain = isValidDomain;
+exports.isValidWildcardDomain = isValidWildcardDomain;
+/**
+ * Check if a string is a valid IPv4 address
+ */
+function isIPv4(str) {
+    const ipv4Regex = /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/;
+    const match = str.match(ipv4Regex);
+    if (!match)
+        return false;
+    // Validate each octet is 0-255
+    return match.slice(1).every((octet) => {
+        const num = parseInt(octet, 10);
+        return num >= 0 && num <= 255;
+    });
+}
+/**
+ * Check if a string is a valid IPv6 address
+ */
+function isIPv6(str) {
+    const ipv6Regex = /^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$|^([0-9a-fA-F]{1,4}:){1,7}:$|^([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}$|^([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}$|^([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}$|^([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}$|^([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}$|^[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})$|^:((:[0-9a-fA-F]{1,4}){1,7}|:)$|^fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]+$|^::(ffff(:0{1,4})?:)?((25[0-5]|(2[0-4]|1?[0-9])?[0-9])\.){3}(25[0-5]|(2[0-4]|1?[0-9])?[0-9])$|^([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1?[0-9])?[0-9])\.){3}(25[0-5]|(2[0-4]|1?[0-9])?[0-9])$/;
+    return ipv6Regex.test(str);
+}
+/**
+ * Check if a string is any valid IP address
+ */
+function isIpAddress(str) {
+    return isIPv4(str) || isIPv6(str);
+}
+/**
+ * Extract domain/hostname from an origin URL
+ */
+function extractDomain(origin) {
+    try {
+        if (isIpAddress(origin)) {
+            return origin;
+        }
+        const url = new URL(origin);
+        return url.hostname;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Check if a domain matches a wildcard pattern
+ * @param domain - The domain to check (e.g., "app.example.com")
+ * @param pattern - The pattern to match against (e.g., "*.example.com")
+ */
+function matchesWildcard(domain, pattern) {
+    if (pattern === domain)
+        return true;
+    if (pattern.startsWith('*.')) {
+        const suffix = pattern.substring(2);
+        // Must end with suffix and have at least one char before it
+        return domain.endsWith(`.${suffix}`) || domain === suffix;
+    }
+    return false;
+}
+/**
+ * Validate domain format
+ */
+function isValidDomain(str) {
+    const domainRegex = /^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$/;
+    return domainRegex.test(str);
+}
+/**
+ * Validate wildcard domain format
+ */
+function isValidWildcardDomain(str) {
+    if (!str.startsWith('*.'))
+        return false;
+    return isValidDomain(str.substring(2));
+}
+//# sourceMappingURL=utils.js.map

package/dist/cjs/core/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/core/utils.ts"],"names":[],"mappings":";;AAGA,wBAUC;AAKD,wBAIC;AAKD,kCAEC;AAKD,sCAUC;AAOD,0CAUC;AAKD,sCAIC;AAKD,sDAGC;AA9ED;;GAEG;AACH,SAAgB,MAAM,CAAC,GAAW;IAChC,MAAM,SAAS,GAAG,8CAA8C,CAAC;IACjE,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACnC,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IAEzB,+BAA+B;IAC/B,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;QACpC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAChC,OAAO,GAAG,IAAI,CAAC,IAAI,GAAG,IAAI,GAAG,CAAC;IAChC,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAgB,MAAM,CAAC,GAAW;IAChC,MAAM,SAAS,GACb,0nBAA0nB,CAAC;IAC7nB,OAAO,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,GAAW;IACrC,OAAO,MAAM,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAAC,MAAc;IAC1C,IAAI,CAAC;QACH,IAAI,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;YACxB,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,GAAG,CAAC,QAAQ,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAgB,eAAe,CAAC,MAAc,EAAE,OAAe;IAC7D,IAAI,OAAO,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IAEpC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QACpC,4DAA4D;QAC5D,OAAO,MAAM,CAAC,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC,IAAI,MAAM,KAAK,MAAM,CAAC;IAC5D,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,MAAM,WAAW,GACf,gEAAgE,CAAC;IACnE,OAAO,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CAAC,GAAW;IAC/C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,OAAO,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACzC,CAAC"}