digitaltwin-core 0.6.1 → 0.7.2

package/README.md

@@ -8,6 +8,7 @@ Digital Twin Core is a minimalist TypeScript framework used to collect and proce
 - **Harvesters** – transform data collected by collectors, store the results and expose them via GET endpoints.
 - **Handlers** – expose GET endpoints that directly return the result of the method defined in the decorator.
 - **Assets Manager** – upload, store and manage file assets with metadata, providing RESTful endpoints for CRUD operations.
+- **Custom Table Manager** – manage structured data in custom database tables with automatic CRUD endpoints and custom business logic endpoints.
 - **Storage adapters** – currently local filesystem and OVH Object Storage via S3 API.
 - **Database adapter** – implemented with [Knex](https://knexjs.org/) to index metadata.
 - **Engine** – orchestrates components, schedules jobs with BullMQ and exposes endpoints via Express.
@@ -138,6 +139,193 @@ class DocumentsManager extends AssetsManager {
 // Error: "Invalid file extension. Expected: .pdf"
 ```
 
+### Custom Table Manager
+
+The Custom Table Manager provides a powerful solution for managing structured data with custom database tables. It automatically generates CRUD endpoints and supports custom business logic endpoints.
+
+**Key features:**
+- Custom database table creation with configurable columns and SQL types
+- Automatic CRUD endpoints (GET, POST, PUT, DELETE)
+- Custom business logic endpoints with full request/response control
+- Query validation and field requirements
+- Built-in search and filtering capabilities
+- Support for complex data relationships
+
+**Available endpoints (automatic):**
+- `GET /{tableName}` - List all records
+- `POST /{tableName}` - Create new record
+- `GET /{tableName}/{id}` - Get specific record
+- `PUT /{tableName}/{id}` - Update specific record
+- `DELETE /{tableName}/{id}` - Delete specific record
+
+**Example usage:**
+```typescript
+class WMSLayersManager extends CustomTableManager {
+  getConfiguration() {
+    return {
+      name: 'wms_layers',
+      description: 'Manage WMS layers for mapping applications',
+      columns: {
+        'wms_url': 'text not null',
+        'layer_name': 'text not null',
+        'description': 'text',
+        'active': 'boolean default true',
+        'created_by': 'text',
+        'projection': 'text default "EPSG:4326"'
+      },
+      // Custom endpoints for business logic
+      endpoints: [
+        { path: '/add-layers', method: 'post', handler: 'addMultipleLayers' },
+        { path: '/activate/:id', method: 'put', handler: 'toggleLayerStatus' },
+        { path: '/search', method: 'get', handler: 'searchLayers' },
+        { path: '/by-projection/:projection', method: 'get', handler: 'findByProjection' }
+      ]
+    }
+  }
+
+  // Custom endpoint: Add multiple layers at once
+  async addMultipleLayers(req: any): Promise<DataResponse> {
+    try {
+      const { layers } = req.body
+      const results = []
+      
+      for (const layerData of layers) {
+        // Use built-in validation
+        const id = await this.create({
+          wms_url: layerData.url,
+          layer_name: layerData.name,
+          description: layerData.description || '',
+          active: true,
+          created_by: layerData.user || 'system'
+        })
+        results.push({ id, name: layerData.name })
+      }
+      
+      return {
+        status: 200,
+        content: JSON.stringify({ 
+          message: `Successfully added ${results.length} layers`,
+          layers: results 
+        }),
+        headers: { 'Content-Type': 'application/json' }
+      }
+    } catch (error) {
+      return {
+        status: 400,
+        content: JSON.stringify({ error: error.message }),
+        headers: { 'Content-Type': 'application/json' }
+      }
+    }
+  }
+
+  // Custom endpoint: Toggle layer active status
+  async toggleLayerStatus(req: any): Promise<DataResponse> {
+    try {
+      const { id } = req.params
+      const layer = await this.findById(parseInt(id))
+      
+      if (!layer) {
+        return {
+          status: 404,
+          content: JSON.stringify({ error: 'Layer not found' }),
+          headers: { 'Content-Type': 'application/json' }
+        }
+      }
+      
+      const newStatus = !layer.active
+      await this.update(parseInt(id), { active: newStatus })
+      
+      return {
+        status: 200,
+        content: JSON.stringify({ 
+          message: `Layer ${newStatus ? 'activated' : 'deactivated'}`,
+          layer_id: id,
+          active: newStatus
+        }),
+        headers: { 'Content-Type': 'application/json' }
+      }
+    } catch (error) {
+      return {
+        status: 500,
+        content: JSON.stringify({ error: error.message }),
+        headers: { 'Content-Type': 'application/json' }
+      }
+    }
+  }
+
+  // Custom endpoint: Advanced search with validation
+  async searchLayers(req: any): Promise<DataResponse> {
+    try {
+      const { query, active_only, projection } = req.query
+      const conditions: Record<string, any> = {}
+      
+      if (active_only === 'true') {
+        conditions.active = true
+      }
+      
+      if (projection) {
+        conditions.projection = projection
+      }
+      
+      // Use built-in search with validation
+      const layers = await this.findByColumns(conditions, {
+        validate: (conditions) => {
+          if (query && query.length < 3) {
+            throw new Error('Search query must be at least 3 characters long')
+          }
+        }
+      })
+      
+      // Filter by text search if provided
+      let results = layers
+      if (query) {
+        results = layers.filter(layer => 
+          layer.layer_name.toLowerCase().includes(query.toLowerCase()) ||
+          layer.description?.toLowerCase().includes(query.toLowerCase())
+        )
+      }
+      
+      return {
+        status: 200,
+        content: JSON.stringify({
+          results,
+          total: results.length,
+          query: { query, active_only, projection }
+        }),
+        headers: { 'Content-Type': 'application/json' }
+      }
+    } catch (error) {
+      return {
+        status: 400,
+        content: JSON.stringify({ error: error.message }),
+        headers: { 'Content-Type': 'application/json' }
+      }
+    }
+  }
+}
+```
+
+**Generated endpoints for above example:**
+- Standard CRUD: `GET /wms_layers`, `POST /wms_layers`, etc.
+- Custom business logic: `POST /wms_layers/add-layers`, `PUT /wms_layers/activate/:id`, `GET /wms_layers/search`
+
+**SQL Types supported:**
+- `text` / `text not null` - Variable length text
+- `varchar(255)` / `varchar(100) not null` - Fixed length text
+- `integer` / `integer not null` - Whole numbers
+- `boolean` / `boolean default true` - True/false values
+- `datetime` / `timestamp` - Date and time values
+- `real` / `decimal` / `float` - Decimal numbers
+
+**Built-in query methods:**
+- `findAll()` - Get all records
+- `findById(id)` - Get specific record
+- `findByColumn(column, value)` - Search by single column
+- `findByColumns(conditions, validation)` - Advanced search with validation
+- `create(data)` - Create new record
+- `update(id, data)` - Update existing record
+- `delete(id)` - Delete record
+
 ## Project Scaffolding
 
 Use [create-digitaltwin](https://github.com/CePseudoBE/create-digitaltwin) to quickly bootstrap new projects:

package/dist/auth/apisix_parser.d.ts

@@ -0,0 +1,122 @@
+import type { AuthenticatedUser } from './types.js';
+/**
+ * Parses authentication information from Apache APISIX headers set after Keycloak authentication.
+ *
+ * This class handles the parsing of authentication headers forwarded by Apache APISIX
+ * after successful Keycloak authentication. APISIX acts as a gateway that:
+ * 1. Validates JWT tokens with Keycloak
+ * 2. Extracts user information from the token
+ * 3. Forwards user data as HTTP headers to downstream services
+ *
+ * Authentication can be disabled via environment variables for development/testing:
+ * - Set DIGITALTWIN_DISABLE_AUTH=true to bypass authentication checks
+ * - Set DIGITALTWIN_ANONYMOUS_USER_ID=custom-id to use a custom anonymous user ID
+ *
+ * @example
+ * ```typescript
+ * // In an AssetsManager handler
+ * if (!ApisixAuthParser.hasValidAuth(req.headers)) {
+ *   return { status: 401, content: 'Authentication required' }
+ * }
+ *
+ * const authUser = ApisixAuthParser.parseAuthHeaders(req.headers)
+ * const userRecord = await this.userService.findOrCreateUser(authUser!)
+ * ```
+ */
+export declare class ApisixAuthParser {
+    /**
+     * Extracts user information from APISIX headers.
+     *
+     * Parses the authentication headers forwarded by APISIX:
+     * - `x-user-id`: Keycloak user UUID (required)
+     * - `x-user-roles`: Comma-separated list of user roles (optional)
+     *
+     * When authentication is disabled (DIGITALTWIN_DISABLE_AUTH=true),
+     * returns a default anonymous user instead of requiring headers.
+     *
+     * @param headers - HTTP request headers from APISIX
+     * @returns Parsed user authentication data, or null if x-user-id is missing and auth is enabled
+     *
+     * @example
+     * ```typescript
+     * const headers = {
+     *   'x-user-id': '6e06a527-a89d-4390-95cd-10ae63cfc939',
+     *   'x-user-roles': 'default-roles-master,offline_access'
+     * }
+     *
+     * const authUser = ApisixAuthParser.parseAuthHeaders(headers)
+     * // Returns: { id: '6e06a527...', roles: ['default-roles-master', 'offline_access'] }
+     *
+     * // With DIGITALTWIN_DISABLE_AUTH=true
+     * const authUser = ApisixAuthParser.parseAuthHeaders({})
+     * // Returns: { id: 'anonymous', roles: ['anonymous'] }
+     * ```
+     */
+    static parseAuthHeaders(headers: Record<string, string>): AuthenticatedUser | null;
+    /**
+     * Checks if a request has valid authentication headers.
+     *
+     * Performs a quick validation to determine if the request contains
+     * the minimum required authentication information (x-user-id header).
+     * Use this for early authentication checks before parsing.
+     *
+     * When authentication is disabled (DIGITALTWIN_DISABLE_AUTH=true),
+     * this always returns true to allow all requests through.
+     *
+     * @param headers - HTTP request headers
+     * @returns true if x-user-id header is present or auth is disabled, false otherwise
+     *
+     * @example
+     * ```typescript
+     * // Early authentication check in handler
+     * if (!ApisixAuthParser.hasValidAuth(req.headers)) {
+     *   return { status: 401, content: 'Authentication required' }
+     * }
+     *
+     * // Now safe to proceed with parsing
+     * const authUser = ApisixAuthParser.parseAuthHeaders(req.headers)
+     * ```
+     */
+    static hasValidAuth(headers: Record<string, string>): boolean;
+    /**
+     * Extracts just the user ID from headers.
+     *
+     * Convenience method for cases where you only need the user ID
+     * without parsing the full authentication context.
+     *
+     * When authentication is disabled, returns the configured anonymous user ID.
+     *
+     * @param headers - HTTP request headers
+     * @returns Keycloak user ID, anonymous user ID if auth disabled, or null if not present
+     *
+     * @example
+     * ```typescript
+     * const userId = ApisixAuthParser.getUserId(req.headers)
+     * if (userId) {
+     *   console.log(`Request from user: ${userId}`)
+     * }
+     * ```
+     */
+    static getUserId(headers: Record<string, string>): string | null;
+    /**
+     * Extracts just the user roles from headers.
+     *
+     * Convenience method for cases where you only need the user roles
+     * without parsing the full authentication context.
+     *
+     * When authentication is disabled, returns the anonymous user roles.
+     *
+     * @param headers - HTTP request headers
+     * @returns Array of role names, anonymous roles if auth disabled, empty array if no roles header present
+     *
+     * @example
+     * ```typescript
+     * const roles = ApisixAuthParser.getUserRoles(req.headers)
+     * if (roles.includes('admin')) {
+     *   console.log('User has admin privileges')
+     * }
+     * ```
+     */
+    static getUserRoles(headers: Record<string, string>): string[];
+}
+//# sourceMappingURL=apisix_parser.d.ts.map

package/dist/auth/apisix_parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"apisix_parser.d.ts","sourceRoot":"","sources":["../../src/auth/apisix_parser.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAA;AAGnD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,qBAAa,gBAAgB;IACzB;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,iBAAiB,GAAG,IAAI;IAqBlF;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO;IAS7D;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,GAAG,IAAI;IAShE;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,EAAE;CASjE"}

package/dist/auth/apisix_parser.js

@@ -0,0 +1,157 @@
+import { AuthConfig } from './auth_config.js';
+/**
+ * Parses authentication information from Apache APISIX headers set after Keycloak authentication.
+ *
+ * This class handles the parsing of authentication headers forwarded by Apache APISIX
+ * after successful Keycloak authentication. APISIX acts as a gateway that:
+ * 1. Validates JWT tokens with Keycloak
+ * 2. Extracts user information from the token
+ * 3. Forwards user data as HTTP headers to downstream services
+ *
+ * Authentication can be disabled via environment variables for development/testing:
+ * - Set DIGITALTWIN_DISABLE_AUTH=true to bypass authentication checks
+ * - Set DIGITALTWIN_ANONYMOUS_USER_ID=custom-id to use a custom anonymous user ID
+ *
+ * @example
+ * ```typescript
+ * // In an AssetsManager handler
+ * if (!ApisixAuthParser.hasValidAuth(req.headers)) {
+ *   return { status: 401, content: 'Authentication required' }
+ * }
+ *
+ * const authUser = ApisixAuthParser.parseAuthHeaders(req.headers)
+ * const userRecord = await this.userService.findOrCreateUser(authUser!)
+ * ```
+ */
+export class ApisixAuthParser {
+    /**
+     * Extracts user information from APISIX headers.
+     *
+     * Parses the authentication headers forwarded by APISIX:
+     * - `x-user-id`: Keycloak user UUID (required)
+     * - `x-user-roles`: Comma-separated list of user roles (optional)
+     *
+     * When authentication is disabled (DIGITALTWIN_DISABLE_AUTH=true),
+     * returns a default anonymous user instead of requiring headers.
+     *
+     * @param headers - HTTP request headers from APISIX
+     * @returns Parsed user authentication data, or null if x-user-id is missing and auth is enabled
+     *
+     * @example
+     * ```typescript
+     * const headers = {
+     *   'x-user-id': '6e06a527-a89d-4390-95cd-10ae63cfc939',
+     *   'x-user-roles': 'default-roles-master,offline_access'
+     * }
+     *
+     * const authUser = ApisixAuthParser.parseAuthHeaders(headers)
+     * // Returns: { id: '6e06a527...', roles: ['default-roles-master', 'offline_access'] }
+     *
+     * // With DIGITALTWIN_DISABLE_AUTH=true
+     * const authUser = ApisixAuthParser.parseAuthHeaders({})
+     * // Returns: { id: 'anonymous', roles: ['anonymous'] }
+     * ```
+     */
+    static parseAuthHeaders(headers) {
+        // If authentication is disabled, return anonymous user
+        if (AuthConfig.isAuthDisabled()) {
+            return AuthConfig.getAnonymousUser();
+        }
+        const userId = headers['x-user-id'];
+        if (!userId) {
+            return null;
+        }
+        // Parse roles from comma-separated string
+        const rolesString = headers['x-user-roles'] || '';
+        const roles = rolesString ? rolesString.split(',').map(role => role.trim()) : [];
+        return {
+            id: userId,
+            roles: roles
+        };
+    }
+    /**
+     * Checks if a request has valid authentication headers.
+     *
+     * Performs a quick validation to determine if the request contains
+     * the minimum required authentication information (x-user-id header).
+     * Use this for early authentication checks before parsing.
+     *
+     * When authentication is disabled (DIGITALTWIN_DISABLE_AUTH=true),
+     * this always returns true to allow all requests through.
+     *
+     * @param headers - HTTP request headers
+     * @returns true if x-user-id header is present or auth is disabled, false otherwise
+     *
+     * @example
+     * ```typescript
+     * // Early authentication check in handler
+     * if (!ApisixAuthParser.hasValidAuth(req.headers)) {
+     *   return { status: 401, content: 'Authentication required' }
+     * }
+     *
+     * // Now safe to proceed with parsing
+     * const authUser = ApisixAuthParser.parseAuthHeaders(req.headers)
+     * ```
+     */
+    static hasValidAuth(headers) {
+        // If authentication is disabled, all requests are valid
+        if (AuthConfig.isAuthDisabled()) {
+            return true;
+        }
+        return !!headers['x-user-id'];
+    }
+    /**
+     * Extracts just the user ID from headers.
+     *
+     * Convenience method for cases where you only need the user ID
+     * without parsing the full authentication context.
+     *
+     * When authentication is disabled, returns the configured anonymous user ID.
+     *
+     * @param headers - HTTP request headers
+     * @returns Keycloak user ID, anonymous user ID if auth disabled, or null if not present
+     *
+     * @example
+     * ```typescript
+     * const userId = ApisixAuthParser.getUserId(req.headers)
+     * if (userId) {
+     *   console.log(`Request from user: ${userId}`)
+     * }
+     * ```
+     */
+    static getUserId(headers) {
+        // If authentication is disabled, return anonymous user ID
+        if (AuthConfig.isAuthDisabled()) {
+            return AuthConfig.getAnonymousUserId();
+        }
+        return headers['x-user-id'] || null;
+    }
+    /**
+     * Extracts just the user roles from headers.
+     *
+     * Convenience method for cases where you only need the user roles
+     * without parsing the full authentication context.
+     *
+     * When authentication is disabled, returns the anonymous user roles.
+     *
+     * @param headers - HTTP request headers
+     * @returns Array of role names, anonymous roles if auth disabled, empty array if no roles header present
+     *
+     * @example
+     * ```typescript
+     * const roles = ApisixAuthParser.getUserRoles(req.headers)
+     * if (roles.includes('admin')) {
+     *   console.log('User has admin privileges')
+     * }
+     * ```
+     */
+    static getUserRoles(headers) {
+        // If authentication is disabled, return anonymous user roles
+        if (AuthConfig.isAuthDisabled()) {
+            return AuthConfig.getAnonymousUser().roles;
+        }
+        const rolesString = headers['x-user-roles'] || '';
+        return rolesString ? rolesString.split(',').map(role => role.trim()) : [];
+    }
+}
+//# sourceMappingURL=apisix_parser.js.map

package/dist/auth/apisix_parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"apisix_parser.js","sourceRoot":"","sources":["../../src/auth/apisix_parser.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAE7C;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,OAAO,gBAAgB;IACzB;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,MAAM,CAAC,gBAAgB,CAAC,OAA+B;QACnD,uDAAuD;QACvD,IAAI,UAAU,CAAC,cAAc,EAAE,EAAE,CAAC;YAC9B,OAAO,UAAU,CAAC,gBAAgB,EAAE,CAAA;QACxC,CAAC;QAED,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAA;QACnC,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,OAAO,IAAI,CAAA;QACf,CAAC;QAED,0CAA0C;QAC1C,MAAM,WAAW,GAAG,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,CAAA;QACjD,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;QAEhF,OAAO;YACH,EAAE,EAAE,MAAM;YACV,KAAK,EAAE,KAAK;SACf,CAAA;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,MAAM,CAAC,YAAY,CAAC,OAA+B;QAC/C,wDAAwD;QACxD,IAAI,UAAU,CAAC,cAAc,EAAE,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAA;QACf,CAAC;QAED,OAAO,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAA;IACjC,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,SAAS,CAAC,OAA+B;QAC5C,0DAA0D;QAC1D,IAAI,UAAU,CAAC,cAAc,EAAE,EAAE,CAAC;YAC9B,OAAO,UAAU,CAAC,kBAAkB,EAAE,CAAA;QAC1C,CAAC;QAED,OAAO,OAAO,CAAC,WAAW,CAAC,IAAI,IAAI,CAAA;IACvC,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,YAAY,CAAC,OAA+B;QAC/C,6DAA6D;QAC7D,IAAI,UAAU,CAAC,cAAc,EAAE,EAAE,CAAC;YAC9B,OAAO,UAAU,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAA;QAC9C,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,CAAA;QACjD,OAAO,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IAC7E,CAAC;CACJ"}

package/dist/auth/auth_config.d.ts

@@ -0,0 +1,95 @@
+/**
+ * Authentication configuration for Digital Twin framework.
+ *
+ * Controls whether authentication is required for components that support it.
+ * When authentication is disabled, all requests are treated as authenticated
+ * with a default anonymous user.
+ *
+ * Environment variables:
+ * - DIGITALTWIN_DISABLE_AUTH: Set to "true" or "1" to disable authentication (default: false)
+ * - DIGITALTWIN_ANONYMOUS_USER_ID: User ID to use when auth is disabled (default: "anonymous")
+ *
+ * @example
+ * ```bash
+ * # Disable authentication for development
+ * export DIGITALTWIN_DISABLE_AUTH=true
+ * export DIGITALTWIN_ANONYMOUS_USER_ID=dev-user-123
+ *
+ * # Enable authentication (default)
+ * export DIGITALTWIN_DISABLE_AUTH=false
+ * ```
+ *
+ * @example
+ * ```typescript
+ * import { AuthConfig } from './auth_config.js'
+ *
+ * if (AuthConfig.isAuthDisabled()) {
+ *   console.log('Authentication is disabled')
+ *   const anonymousUser = AuthConfig.getAnonymousUser()
+ *   console.log(`Using anonymous user: ${anonymousUser.id}`)
+ * }
+ * ```
+ */
+export declare class AuthConfig {
+    private static _config;
+    /**
+     * Loads and validates authentication configuration from environment variables.
+     * This is called automatically the first time any method is used.
+     */
+    private static loadConfig;
+    /**
+     * Checks if authentication is disabled via environment variables.
+     *
+     * @returns true if DIGITALTWIN_DISABLE_AUTH is set to "true" or "1", false otherwise
+     *
+     * @example
+     * ```typescript
+     * if (AuthConfig.isAuthDisabled()) {
+     *   console.log('Running in no-auth mode')
+     * }
+     * ```
+     */
+    static isAuthDisabled(): boolean;
+    /**
+     * Checks if authentication is enabled (opposite of isAuthDisabled).
+     *
+     * @returns true if authentication should be enforced, false otherwise
+     */
+    static isAuthEnabled(): boolean;
+    /**
+     * Gets the anonymous user ID to use when authentication is disabled.
+     *
+     * @returns The user ID configured for anonymous access
+     *
+     * @example
+     * ```typescript
+     * const userId = AuthConfig.getAnonymousUserId()
+     * console.log(`Anonymous user ID: ${userId}`) // "anonymous" by default
+     * ```
+     */
+    static getAnonymousUserId(): string;
+    /**
+     * Gets a fake authenticated user object for anonymous access.
+     *
+     * @returns An AuthenticatedUser object representing the anonymous user
+     *
+     * @example
+     * ```typescript
+     * import type { AuthenticatedUser } from './types.js'
+     *
+     * const anonymousUser: AuthenticatedUser = AuthConfig.getAnonymousUser()
+     * console.log(anonymousUser) // { id: "anonymous", roles: ["anonymous"] }
+     * ```
+     */
+    static getAnonymousUser(): {
+        id: string;
+        roles: string[];
+    };
+    /**
+     * Resets the cached configuration (useful for testing).
+     *
+     * @private
+     */
+    static _resetConfig(): void;
+}
+//# sourceMappingURL=auth_config.d.ts.map

package/dist/auth/auth_config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth_config.d.ts","sourceRoot":"","sources":["../../src/auth/auth_config.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,qBAAa,UAAU;IACnB,OAAO,CAAC,MAAM,CAAC,OAAO,CAGP;IAEf;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,UAAU;IA2BzB;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,cAAc,IAAI,OAAO;IAKhC;;;;OAIG;IACH,MAAM,CAAC,aAAa,IAAI,OAAO;IAI/B;;;;;;;;;;OAUG;IACH,MAAM,CAAC,kBAAkB,IAAI,MAAM;IAKnC;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,gBAAgB;;;;IAOvB;;;;OAIG;IACH,MAAM,CAAC,YAAY;CAGtB"}