exguard-endpoint 1.0.1

package/README.md

@@ -0,0 +1,71 @@
+# ExGuard Endpoint
+
+Simple RBAC permission guard for NestJS.
+
+## Installation
+
+```bash
+npm install exguard-endpoint
+```
+
+## Quick Setup
+
+### 1. Configure AppModule
+
+```typescript
+import { Module } from '@nestjs/common';
+import { ExGuardModule } from 'exguard-endpoint';
+
+@Module({
+  imports: [
+    ExGuardModule.forRoot({
+      baseUrl: 'https://api.exguard.com',
+      apiKey: process.env.EXGUARD_API_KEY,
+    }),
+  ],
+})
+export class AppModule {}
+```
+
+### 2. Use in Controllers
+
+```typescript
+import { Controller, Get, Post, UseGuards } from '@nestjs/common';
+import { ExGuardPermissionGuard, RequirePermissions } from 'exguard-endpoint';
+
+@Controller('items')
+@UseGuards(ExGuardPermissionGuard)
+export class ItemsController {
+  
+  // User needs ANY of these permissions
+  @Get()
+  @RequirePermissions(['item:read'])
+  findAll() { }
+
+  @Post()
+  @RequirePermissions(['item:create'])
+  create() { }
+
+  // Multiple permissions - needs ALL
+  @Delete(':id')
+  @RequirePermissions(['item:delete', 'admin'], true)
+  delete() { }
+}
+```
+
+## Decorators
+
+| Decorator | Description |
+|-----------|-------------|
+| `@RequirePermissions(['perm1'])` | User needs ANY of the permissions |
+| `@RequirePermissions(['perm1', 'perm2'], true)` | User needs ALL permissions |
+
+## Token
+
+The guard extracts token from:
+- `Authorization: Bearer <token>` header
+- `x-access-token` header
+
+## License
+
+MIT

package/dist/index.cjs

@@ -0,0 +1,238 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __decorateClass = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
+  if (kind && result) __defProp(target, key, result);
+  return result;
+};
+var __decorateParam = (index, decorator) => (target, key) => decorator(target, key, index);
+
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  EXGUARD_PERMISSIONS_KEY: () => EXGUARD_PERMISSIONS_KEY,
+  EXGUARD_ROLES_KEY: () => EXGUARD_ROLES_KEY,
+  ExGuardClient: () => ExGuardClient,
+  ExGuardModule: () => ExGuardModule,
+  ExGuardPermissionGuard: () => ExGuardPermissionGuard,
+  RequirePermissions: () => RequirePermissions,
+  RequireRoles: () => RequireRoles,
+  cache: () => cache,
+  createExGuardClient: () => createExGuardClient
+});
+module.exports = __toCommonJS(src_exports);
+
+// src/client.ts
+var ExGuardCache = class {
+  constructor() {
+    this.cache = /* @__PURE__ */ new Map();
+    this.ttl = 3e5;
+  }
+  get(key) {
+    const entry = this.cache.get(key);
+    if (!entry) return null;
+    if (Date.now() - entry.timestamp > entry.ttl) {
+      this.cache.delete(key);
+      return null;
+    }
+    return entry.data;
+  }
+  set(key, data, ttl) {
+    this.cache.set(key, {
+      data,
+      timestamp: Date.now(),
+      ttl: ttl || this.ttl
+    });
+  }
+};
+var cache = new ExGuardCache();
+var ExGuardClient = class {
+  constructor(config) {
+    this.baseUrl = config.baseUrl;
+    this.apiKey = config.apiKey;
+    this.cache = cache;
+  }
+  async authenticate(context) {
+    const cacheKey = `auth:${context.token}`;
+    const cached = this.cache.get(cacheKey);
+    if (cached) return cached;
+    try {
+      const response = await fetch(`${this.baseUrl}/api/v1/auth/validate`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "Authorization": `Bearer ${this.apiKey}`
+        },
+        body: JSON.stringify({ token: context.token })
+      });
+      if (!response.ok) {
+        return { allowed: false, error: "Invalid token" };
+      }
+      const data = await response.json();
+      const result = {
+        allowed: true,
+        user: data.user || data.data?.user
+      };
+      this.cache.set(cacheKey, result);
+      return result;
+    } catch (error) {
+      return { allowed: false, error: "Authentication failed" };
+    }
+  }
+  async hasPermission(token, permission) {
+    const result = await this.authenticate({ token });
+    if (!result.allowed || !result.user) return false;
+    const userPermissions = result.user.modules?.flatMap((m) => m.permissions) || [];
+    return userPermissions.includes(permission);
+  }
+};
+function createExGuardClient(config) {
+  return new ExGuardClient(config);
+}
+
+// src/module.ts
+var import_common = require("@nestjs/common");
+var ExGuardModule = class {
+  static forRoot(options) {
+    const client = new ExGuardClient({
+      baseUrl: options.baseUrl,
+      apiKey: options.apiKey,
+      cache: options.cache
+    });
+    return {
+      module: ExGuardModule,
+      providers: [
+        {
+          provide: "EXGUARD_CLIENT",
+          useValue: client
+        }
+      ],
+      exports: ["EXGUARD_CLIENT"]
+    };
+  }
+};
+ExGuardModule = __decorateClass([
+  (0, import_common.Global)(),
+  (0, import_common.Module)({})
+], ExGuardModule);
+
+// src/guard.ts
+var import_common2 = require("@nestjs/common");
+var EXGUARD_PERMISSIONS_KEY = "exguard_permissions";
+var EXGUARD_ROLES_KEY = "exguard_roles";
+var ExGuardPermissionGuard = class {
+  constructor(client, reflector) {
+    this.client = client;
+    this.reflector = reflector;
+  }
+  async canActivate(context) {
+    const request = context.switchToHttp().getRequest();
+    const token = this.extractToken(request);
+    if (!token) {
+      throw new import_common2.UnauthorizedException("No token provided");
+    }
+    if (!this.client) {
+      return true;
+    }
+    const authResult = await this.client.authenticate({ token, request });
+    if (!authResult.allowed) {
+      throw new import_common2.ForbiddenException(authResult.error || "Access denied");
+    }
+    if (!authResult.user) {
+      throw new import_common2.ForbiddenException("User not found");
+    }
+    const handler = context.getHandler();
+    const permMeta = this.reflector.get(
+      EXGUARD_PERMISSIONS_KEY,
+      handler
+    );
+    if (permMeta) {
+      const { permissions, requireAll } = permMeta;
+      const userPermissions = authResult.user.modules?.flatMap((m) => m.permissions) || [];
+      if (requireAll) {
+        if (!permissions.every((p) => userPermissions.includes(p))) {
+          throw new import_common2.ForbiddenException("Insufficient permissions");
+        }
+      } else {
+        if (!permissions.some((p) => userPermissions.includes(p))) {
+          throw new import_common2.ForbiddenException("Insufficient permissions");
+        }
+      }
+    }
+    const roleMeta = this.reflector.get(
+      EXGUARD_ROLES_KEY,
+      handler
+    );
+    if (roleMeta) {
+      const { roles, requireAll } = roleMeta;
+      const userRoles = authResult.user.roles || [];
+      if (requireAll) {
+        if (!roles.every((r) => userRoles.includes(r))) {
+          throw new import_common2.ForbiddenException("Insufficient roles");
+        }
+      } else {
+        if (!roles.some((r) => userRoles.includes(r))) {
+          throw new import_common2.ForbiddenException("Insufficient roles");
+        }
+      }
+    }
+    request.user = authResult.user;
+    return true;
+  }
+  extractToken(request) {
+    const auth = request.headers?.authorization;
+    if (auth?.startsWith("Bearer ")) {
+      return auth.substring(7);
+    }
+    return request.headers?.["x-access-token"] || null;
+  }
+};
+ExGuardPermissionGuard = __decorateClass([
+  (0, import_common2.Injectable)(),
+  __decorateParam(0, (0, import_common2.Optional)()),
+  __decorateParam(0, (0, import_common2.Inject)("EXGUARD_CLIENT"))
+], ExGuardPermissionGuard);
+function RequirePermissions(permissions, requireAll = false) {
+  return function(target, propertyKey, descriptor) {
+    Reflect.defineMetadata(EXGUARD_PERMISSIONS_KEY, { permissions, requireAll }, descriptor.value);
+    return descriptor;
+  };
+}
+function RequireRoles(roles, requireAll = false) {
+  return function(target, propertyKey, descriptor) {
+    Reflect.defineMetadata(EXGUARD_ROLES_KEY, { roles, requireAll }, descriptor.value);
+    return descriptor;
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  EXGUARD_PERMISSIONS_KEY,
+  EXGUARD_ROLES_KEY,
+  ExGuardClient,
+  ExGuardModule,
+  ExGuardPermissionGuard,
+  RequirePermissions,
+  RequireRoles,
+  cache,
+  createExGuardClient
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts","../src/client.ts","../src/module.ts","../src/guard.ts"],"sourcesContent":["export { ExGuardClient, createExGuardClient, cache } from './client.js';\nexport type { ExGuardConfig, User, ModulePermission, UserAccessResponse, GuardContext, GuardResult } from './client.js';\nexport { ExGuardModule } from './module.js';\nexport type { ExGuardModuleOptions } from './module.js';\nexport { ExGuardPermissionGuard, RequirePermissions, RequireRoles, EXGUARD_PERMISSIONS_KEY, EXGUARD_ROLES_KEY } from './guard.js';\n","export interface ExGuardConfig {\n  baseUrl: string;\n  apiKey: string;\n  cache?: {\n    enabled?: boolean;\n    ttl?: number;\n  };\n}\n\nexport interface User {\n  id: string;\n  username: string;\n  email: string;\n}\n\nexport interface ModulePermission {\n  key: string;\n  name: string;\n  permissions: string[];\n}\n\nexport interface UserAccessResponse {\n  user: User;\n  roles: string[];\n  modules: ModulePermission[];\n}\n\nexport interface GuardContext {\n  token: string;\n  request?: any;\n}\n\nexport interface GuardResult {\n  allowed: boolean;\n  user?: UserAccessResponse;\n  error?: string;\n}\n\nclass ExGuardCache {\n  private cache = new Map<string, { data: any; timestamp: number; ttl: number }>();\n  private ttl = 300000;\n\n  get(key: string): any {\n    const entry = this.cache.get(key);\n    if (!entry) return null;\n    if (Date.now() - entry.timestamp > entry.ttl) {\n      this.cache.delete(key);\n      return null;\n    }\n    return entry.data;\n  }\n\n  set(key: string, data: any, ttl?: number): void {\n    this.cache.set(key, {\n      data,\n      timestamp: Date.now(),\n      ttl: ttl || this.ttl,\n    });\n  }\n}\n\nconst cache = new ExGuardCache();\n\nexport class ExGuardClient {\n  private baseUrl: string;\n  private apiKey: string;\n  private cache: ExGuardCache;\n\n  constructor(config: ExGuardConfig) {\n    this.baseUrl = config.baseUrl;\n    this.apiKey = config.apiKey;\n    this.cache = cache;\n  }\n\n  async authenticate(context: GuardContext): Promise<GuardResult> {\n    const cacheKey = `auth:${context.token}`;\n    const cached = this.cache.get(cacheKey);\n    if (cached) return cached;\n\n    try {\n      const response = await fetch(`${this.baseUrl}/api/v1/auth/validate`, {\n        method: 'POST',\n        headers: {\n          'Content-Type': 'application/json',\n          'Authorization': `Bearer ${this.apiKey}`,\n        },\n        body: JSON.stringify({ token: context.token }),\n      });\n\n      if (!response.ok) {\n        return { allowed: false, error: 'Invalid token' };\n      }\n\n      const data = await response.json();\n      const result: GuardResult = {\n        allowed: true,\n        user: data.user || data.data?.user,\n      };\n\n      this.cache.set(cacheKey, result);\n      return result;\n    } catch (error) {\n      return { allowed: false, error: 'Authentication failed' };\n    }\n  }\n\n  async hasPermission(token: string, permission: string): Promise<boolean> {\n    const result = await this.authenticate({ token });\n    if (!result.allowed || !result.user) return false;\n\n    const userPermissions = result.user.modules?.flatMap(m => m.permissions) || [];\n    return userPermissions.includes(permission);\n  }\n}\n\nexport function createExGuardClient(config: ExGuardConfig): ExGuardClient {\n  return new ExGuardClient(config);\n}\n\nexport { cache };\n","import { Module, Global, DynamicModule } from '@nestjs/common';\nimport { ExGuardClient } from './client.js';\n\nexport interface ExGuardModuleOptions {\n  baseUrl: string;\n  apiKey: string;\n  cache?: {\n    enabled?: boolean;\n    ttl?: number;\n  };\n}\n\n@Global()\n@Module({})\nexport class ExGuardModule {\n  static forRoot(options: ExGuardModuleOptions): DynamicModule {\n    const client = new ExGuardClient({\n      baseUrl: options.baseUrl,\n      apiKey: options.apiKey,\n      cache: options.cache,\n    });\n\n    return {\n      module: ExGuardModule,\n      providers: [\n        {\n          provide: 'EXGUARD_CLIENT',\n          useValue: client,\n        },\n      ],\n      exports: ['EXGUARD_CLIENT'],\n    };\n  }\n}\n","import { Injectable, CanActivate, ExecutionContext, UnauthorizedException, ForbiddenException, Inject, Optional } from '@nestjs/common';\nimport { Reflector } from '@nestjs/core';\nimport { ExGuardClient } from './client.js';\n\nexport const EXGUARD_PERMISSIONS_KEY = 'exguard_permissions';\nexport const EXGUARD_ROLES_KEY = 'exguard_roles';\n\n@Injectable()\nexport class ExGuardPermissionGuard implements CanActivate {\n  constructor(\n    @Optional() @Inject('EXGUARD_CLIENT') private client: ExGuardClient,\n    private reflector: Reflector,\n  ) {}\n\n  async canActivate(context: ExecutionContext): Promise<boolean> {\n    const request = context.switchToHttp().getRequest();\n    const token = this.extractToken(request);\n\n    if (!token) {\n      throw new UnauthorizedException('No token provided');\n    }\n\n    if (!this.client) {\n      return true;\n    }\n\n    const authResult = await this.client.authenticate({ token, request });\n\n    if (!authResult.allowed) {\n      throw new ForbiddenException(authResult.error || 'Access denied');\n    }\n\n    if (!authResult.user) {\n      throw new ForbiddenException('User not found');\n    }\n\n    const handler = context.getHandler();\n    const permMeta = this.reflector.get<{ permissions: string[]; requireAll?: boolean }>(\n      EXGUARD_PERMISSIONS_KEY,\n      handler,\n    );\n\n    if (permMeta) {\n      const { permissions, requireAll } = permMeta;\n      const userPermissions = authResult.user.modules?.flatMap(m => m.permissions) || [];\n\n      if (requireAll) {\n        if (!permissions.every(p => userPermissions.includes(p))) {\n          throw new ForbiddenException('Insufficient permissions');\n        }\n      } else {\n        if (!permissions.some(p => userPermissions.includes(p))) {\n          throw new ForbiddenException('Insufficient permissions');\n        }\n      }\n    }\n\n    const roleMeta = this.reflector.get<{ roles: string[]; requireAll?: boolean }>(\n      EXGUARD_ROLES_KEY,\n      handler,\n    );\n\n    if (roleMeta) {\n      const { roles, requireAll } = roleMeta;\n      const userRoles = authResult.user.roles || [];\n\n      if (requireAll) {\n        if (!roles.every(r => userRoles.includes(r))) {\n          throw new ForbiddenException('Insufficient roles');\n        }\n      } else {\n        if (!roles.some(r => userRoles.includes(r))) {\n          throw new ForbiddenException('Insufficient roles');\n        }\n      }\n    }\n\n    request.user = authResult.user;\n    return true;\n  }\n\n  private extractToken(request: any): string | null {\n    const auth = request.headers?.authorization;\n    if (auth?.startsWith('Bearer ')) {\n      return auth.substring(7);\n    }\n    return request.headers?.['x-access-token'] || null;\n  }\n}\n\nexport function RequirePermissions(permissions: string[], requireAll = false) {\n  return function (target: any, propertyKey: string, descriptor: PropertyDescriptor) {\n    Reflect.defineMetadata(EXGUARD_PERMISSIONS_KEY, { permissions, requireAll }, descriptor.value);\n    return descriptor;\n  };\n}\n\nexport function RequireRoles(roles: string[], requireAll = false) {\n  return function (target: any, propertyKey: string, descriptor: PropertyDescriptor) {\n    Reflect.defineMetadata(EXGUARD_ROLES_KEY, { roles, requireAll }, descriptor.value);\n    return descriptor;\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACsCA,IAAM,eAAN,MAAmB;AAAA,EAAnB;AACE,SAAQ,QAAQ,oBAAI,IAA2D;AAC/E,SAAQ,MAAM;AAAA;AAAA,EAEd,IAAI,KAAkB;AACpB,UAAM,QAAQ,KAAK,MAAM,IAAI,GAAG;AAChC,QAAI,CAAC,MAAO,QAAO;AACnB,QAAI,KAAK,IAAI,IAAI,MAAM,YAAY,MAAM,KAAK;AAC5C,WAAK,MAAM,OAAO,GAAG;AACrB,aAAO;AAAA,IACT;AACA,WAAO,MAAM;AAAA,EACf;AAAA,EAEA,IAAI,KAAa,MAAW,KAAoB;AAC9C,SAAK,MAAM,IAAI,KAAK;AAAA,MAClB;AAAA,MACA,WAAW,KAAK,IAAI;AAAA,MACpB,KAAK,OAAO,KAAK;AAAA,IACnB,CAAC;AAAA,EACH;AACF;AAEA,IAAM,QAAQ,IAAI,aAAa;AAExB,IAAM,gBAAN,MAAoB;AAAA,EAKzB,YAAY,QAAuB;AACjC,SAAK,UAAU,OAAO;AACtB,SAAK,SAAS,OAAO;AACrB,SAAK,QAAQ;AAAA,EACf;AAAA,EAEA,MAAM,aAAa,SAA6C;AAC9D,UAAM,WAAW,QAAQ,QAAQ,KAAK;AACtC,UAAM,SAAS,KAAK,MAAM,IAAI,QAAQ;AACtC,QAAI,OAAQ,QAAO;AAEnB,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,GAAG,KAAK,OAAO,yBAAyB;AAAA,QACnE,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,iBAAiB,UAAU,KAAK,MAAM;AAAA,QACxC;AAAA,QACA,MAAM,KAAK,UAAU,EAAE,OAAO,QAAQ,MAAM,CAAC;AAAA,MAC/C,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,eAAO,EAAE,SAAS,OAAO,OAAO,gBAAgB;AAAA,MAClD;AAEA,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,SAAsB;AAAA,QAC1B,SAAS;AAAA,QACT,MAAM,KAAK,QAAQ,KAAK,MAAM;AAAA,MAChC;AAEA,WAAK,MAAM,IAAI,UAAU,MAAM;AAC/B,aAAO;AAAA,IACT,SAAS,OAAO;AACd,aAAO,EAAE,SAAS,OAAO,OAAO,wBAAwB;AAAA,IAC1D;AAAA,EACF;AAAA,EAEA,MAAM,cAAc,OAAe,YAAsC;AACvE,UAAM,SAAS,MAAM,KAAK,aAAa,EAAE,MAAM,CAAC;AAChD,QAAI,CAAC,OAAO,WAAW,CAAC,OAAO,KAAM,QAAO;AAE5C,UAAM,kBAAkB,OAAO,KAAK,SAAS,QAAQ,OAAK,EAAE,WAAW,KAAK,CAAC;AAC7E,WAAO,gBAAgB,SAAS,UAAU;AAAA,EAC5C;AACF;AAEO,SAAS,oBAAoB,QAAsC;AACxE,SAAO,IAAI,cAAc,MAAM;AACjC;;;ACrHA,oBAA8C;AAcvC,IAAM,gBAAN,MAAoB;AAAA,EACzB,OAAO,QAAQ,SAA8C;AAC3D,UAAM,SAAS,IAAI,cAAc;AAAA,MAC/B,SAAS,QAAQ;AAAA,MACjB,QAAQ,QAAQ;AAAA,MAChB,OAAO,QAAQ;AAAA,IACjB,CAAC;AAED,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,WAAW;AAAA,QACT;AAAA,UACE,SAAS;AAAA,UACT,UAAU;AAAA,QACZ;AAAA,MACF;AAAA,MACA,SAAS,CAAC,gBAAgB;AAAA,IAC5B;AAAA,EACF;AACF;AAnBa,gBAAN;AAAA,MAFN,sBAAO;AAAA,MACP,sBAAO,CAAC,CAAC;AAAA,GACG;;;ACdb,IAAAA,iBAAuH;AAIhH,IAAM,0BAA0B;AAChC,IAAM,oBAAoB;AAG1B,IAAM,yBAAN,MAAoD;AAAA,EACzD,YACgD,QACtC,WACR;AAF8C;AACtC;AAAA,EACP;AAAA,EAEH,MAAM,YAAY,SAA6C;AAC7D,UAAM,UAAU,QAAQ,aAAa,EAAE,WAAW;AAClD,UAAM,QAAQ,KAAK,aAAa,OAAO;AAEvC,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,qCAAsB,mBAAmB;AAAA,IACrD;AAEA,QAAI,CAAC,KAAK,QAAQ;AAChB,aAAO;AAAA,IACT;AAEA,UAAM,aAAa,MAAM,KAAK,OAAO,aAAa,EAAE,OAAO,QAAQ,CAAC;AAEpE,QAAI,CAAC,WAAW,SAAS;AACvB,YAAM,IAAI,kCAAmB,WAAW,SAAS,eAAe;AAAA,IAClE;AAEA,QAAI,CAAC,WAAW,MAAM;AACpB,YAAM,IAAI,kCAAmB,gBAAgB;AAAA,IAC/C;AAEA,UAAM,UAAU,QAAQ,WAAW;AACnC,UAAM,WAAW,KAAK,UAAU;AAAA,MAC9B;AAAA,MACA;AAAA,IACF;AAEA,QAAI,UAAU;AACZ,YAAM,EAAE,aAAa,WAAW,IAAI;AACpC,YAAM,kBAAkB,WAAW,KAAK,SAAS,QAAQ,OAAK,EAAE,WAAW,KAAK,CAAC;AAEjF,UAAI,YAAY;AACd,YAAI,CAAC,YAAY,MAAM,OAAK,gBAAgB,SAAS,CAAC,CAAC,GAAG;AACxD,gBAAM,IAAI,kCAAmB,0BAA0B;AAAA,QACzD;AAAA,MACF,OAAO;AACL,YAAI,CAAC,YAAY,KAAK,OAAK,gBAAgB,SAAS,CAAC,CAAC,GAAG;AACvD,gBAAM,IAAI,kCAAmB,0BAA0B;AAAA,QACzD;AAAA,MACF;AAAA,IACF;AAEA,UAAM,WAAW,KAAK,UAAU;AAAA,MAC9B;AAAA,MACA;AAAA,IACF;AAEA,QAAI,UAAU;AACZ,YAAM,EAAE,OAAO,WAAW,IAAI;AAC9B,YAAM,YAAY,WAAW,KAAK,SAAS,CAAC;AAE5C,UAAI,YAAY;AACd,YAAI,CAAC,MAAM,MAAM,OAAK,UAAU,SAAS,CAAC,CAAC,GAAG;AAC5C,gBAAM,IAAI,kCAAmB,oBAAoB;AAAA,QACnD;AAAA,MACF,OAAO;AACL,YAAI,CAAC,MAAM,KAAK,OAAK,UAAU,SAAS,CAAC,CAAC,GAAG;AAC3C,gBAAM,IAAI,kCAAmB,oBAAoB;AAAA,QACnD;AAAA,MACF;AAAA,IACF;AAEA,YAAQ,OAAO,WAAW;AAC1B,WAAO;AAAA,EACT;AAAA,EAEQ,aAAa,SAA6B;AAChD,UAAM,OAAO,QAAQ,SAAS;AAC9B,QAAI,MAAM,WAAW,SAAS,GAAG;AAC/B,aAAO,KAAK,UAAU,CAAC;AAAA,IACzB;AACA,WAAO,QAAQ,UAAU,gBAAgB,KAAK;AAAA,EAChD;AACF;AAhFa,yBAAN;AAAA,MADN,2BAAW;AAAA,EAGP,gDAAS;AAAA,EAAG,8CAAO,gBAAgB;AAAA,GAF3B;AAkFN,SAAS,mBAAmB,aAAuB,aAAa,OAAO;AAC5E,SAAO,SAAU,QAAa,aAAqB,YAAgC;AACjF,YAAQ,eAAe,yBAAyB,EAAE,aAAa,WAAW,GAAG,WAAW,KAAK;AAC7F,WAAO;AAAA,EACT;AACF;AAEO,SAAS,aAAa,OAAiB,aAAa,OAAO;AAChE,SAAO,SAAU,QAAa,aAAqB,YAAgC;AACjF,YAAQ,eAAe,mBAAmB,EAAE,OAAO,WAAW,GAAG,WAAW,KAAK;AACjF,WAAO;AAAA,EACT;AACF;","names":["import_common"]}

package/dist/index.d.cts

@@ -0,0 +1,77 @@
+import { DynamicModule, CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+
+interface ExGuardConfig {
+    baseUrl: string;
+    apiKey: string;
+    cache?: {
+        enabled?: boolean;
+        ttl?: number;
+    };
+}
+interface User {
+    id: string;
+    username: string;
+    email: string;
+}
+interface ModulePermission {
+    key: string;
+    name: string;
+    permissions: string[];
+}
+interface UserAccessResponse {
+    user: User;
+    roles: string[];
+    modules: ModulePermission[];
+}
+interface GuardContext {
+    token: string;
+    request?: any;
+}
+interface GuardResult {
+    allowed: boolean;
+    user?: UserAccessResponse;
+    error?: string;
+}
+declare class ExGuardCache {
+    private cache;
+    private ttl;
+    get(key: string): any;
+    set(key: string, data: any, ttl?: number): void;
+}
+declare const cache: ExGuardCache;
+declare class ExGuardClient {
+    private baseUrl;
+    private apiKey;
+    private cache;
+    constructor(config: ExGuardConfig);
+    authenticate(context: GuardContext): Promise<GuardResult>;
+    hasPermission(token: string, permission: string): Promise<boolean>;
+}
+declare function createExGuardClient(config: ExGuardConfig): ExGuardClient;
+
+interface ExGuardModuleOptions {
+    baseUrl: string;
+    apiKey: string;
+    cache?: {
+        enabled?: boolean;
+        ttl?: number;
+    };
+}
+declare class ExGuardModule {
+    static forRoot(options: ExGuardModuleOptions): DynamicModule;
+}
+
+declare const EXGUARD_PERMISSIONS_KEY = "exguard_permissions";
+declare const EXGUARD_ROLES_KEY = "exguard_roles";
+declare class ExGuardPermissionGuard implements CanActivate {
+    private client;
+    private reflector;
+    constructor(client: ExGuardClient, reflector: Reflector);
+    canActivate(context: ExecutionContext): Promise<boolean>;
+    private extractToken;
+}
+declare function RequirePermissions(permissions: string[], requireAll?: boolean): (target: any, propertyKey: string, descriptor: PropertyDescriptor) => PropertyDescriptor;
+declare function RequireRoles(roles: string[], requireAll?: boolean): (target: any, propertyKey: string, descriptor: PropertyDescriptor) => PropertyDescriptor;
+
+export { EXGUARD_PERMISSIONS_KEY, EXGUARD_ROLES_KEY, ExGuardClient, type ExGuardConfig, ExGuardModule, type ExGuardModuleOptions, ExGuardPermissionGuard, type GuardContext, type GuardResult, type ModulePermission, RequirePermissions, RequireRoles, type User, type UserAccessResponse, cache, createExGuardClient };

package/dist/index.d.ts

@@ -0,0 +1,77 @@
+import { DynamicModule, CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+
+interface ExGuardConfig {
+    baseUrl: string;
+    apiKey: string;
+    cache?: {
+        enabled?: boolean;
+        ttl?: number;
+    };
+}
+interface User {
+    id: string;
+    username: string;
+    email: string;
+}
+interface ModulePermission {
+    key: string;
+    name: string;
+    permissions: string[];
+}
+interface UserAccessResponse {
+    user: User;
+    roles: string[];
+    modules: ModulePermission[];
+}
+interface GuardContext {
+    token: string;
+    request?: any;
+}
+interface GuardResult {
+    allowed: boolean;
+    user?: UserAccessResponse;
+    error?: string;
+}
+declare class ExGuardCache {
+    private cache;
+    private ttl;
+    get(key: string): any;
+    set(key: string, data: any, ttl?: number): void;
+}
+declare const cache: ExGuardCache;
+declare class ExGuardClient {
+    private baseUrl;
+    private apiKey;
+    private cache;
+    constructor(config: ExGuardConfig);
+    authenticate(context: GuardContext): Promise<GuardResult>;
+    hasPermission(token: string, permission: string): Promise<boolean>;
+}
+declare function createExGuardClient(config: ExGuardConfig): ExGuardClient;
+
+interface ExGuardModuleOptions {
+    baseUrl: string;
+    apiKey: string;
+    cache?: {
+        enabled?: boolean;
+        ttl?: number;
+    };
+}
+declare class ExGuardModule {
+    static forRoot(options: ExGuardModuleOptions): DynamicModule;
+}
+
+declare const EXGUARD_PERMISSIONS_KEY = "exguard_permissions";
+declare const EXGUARD_ROLES_KEY = "exguard_roles";
+declare class ExGuardPermissionGuard implements CanActivate {
+    private client;
+    private reflector;
+    constructor(client: ExGuardClient, reflector: Reflector);
+    canActivate(context: ExecutionContext): Promise<boolean>;
+    private extractToken;
+}
+declare function RequirePermissions(permissions: string[], requireAll?: boolean): (target: any, propertyKey: string, descriptor: PropertyDescriptor) => PropertyDescriptor;
+declare function RequireRoles(roles: string[], requireAll?: boolean): (target: any, propertyKey: string, descriptor: PropertyDescriptor) => PropertyDescriptor;
+
+export { EXGUARD_PERMISSIONS_KEY, EXGUARD_ROLES_KEY, ExGuardClient, type ExGuardConfig, ExGuardModule, type ExGuardModuleOptions, ExGuardPermissionGuard, type GuardContext, type GuardResult, type ModulePermission, RequirePermissions, RequireRoles, type User, type UserAccessResponse, cache, createExGuardClient };

package/dist/index.js

@@ -0,0 +1,206 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __decorateClass = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
+  if (kind && result) __defProp(target, key, result);
+  return result;
+};
+var __decorateParam = (index, decorator) => (target, key) => decorator(target, key, index);
+
+// src/client.ts
+var ExGuardCache = class {
+  constructor() {
+    this.cache = /* @__PURE__ */ new Map();
+    this.ttl = 3e5;
+  }
+  get(key) {
+    const entry = this.cache.get(key);
+    if (!entry) return null;
+    if (Date.now() - entry.timestamp > entry.ttl) {
+      this.cache.delete(key);
+      return null;
+    }
+    return entry.data;
+  }
+  set(key, data, ttl) {
+    this.cache.set(key, {
+      data,
+      timestamp: Date.now(),
+      ttl: ttl || this.ttl
+    });
+  }
+};
+var cache = new ExGuardCache();
+var ExGuardClient = class {
+  constructor(config) {
+    this.baseUrl = config.baseUrl;
+    this.apiKey = config.apiKey;
+    this.cache = cache;
+  }
+  async authenticate(context) {
+    const cacheKey = `auth:${context.token}`;
+    const cached = this.cache.get(cacheKey);
+    if (cached) return cached;
+    try {
+      const response = await fetch(`${this.baseUrl}/api/v1/auth/validate`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "Authorization": `Bearer ${this.apiKey}`
+        },
+        body: JSON.stringify({ token: context.token })
+      });
+      if (!response.ok) {
+        return { allowed: false, error: "Invalid token" };
+      }
+      const data = await response.json();
+      const result = {
+        allowed: true,
+        user: data.user || data.data?.user
+      };
+      this.cache.set(cacheKey, result);
+      return result;
+    } catch (error) {
+      return { allowed: false, error: "Authentication failed" };
+    }
+  }
+  async hasPermission(token, permission) {
+    const result = await this.authenticate({ token });
+    if (!result.allowed || !result.user) return false;
+    const userPermissions = result.user.modules?.flatMap((m) => m.permissions) || [];
+    return userPermissions.includes(permission);
+  }
+};
+function createExGuardClient(config) {
+  return new ExGuardClient(config);
+}
+
+// src/module.ts
+import { Module, Global } from "@nestjs/common";
+var ExGuardModule = class {
+  static forRoot(options) {
+    const client = new ExGuardClient({
+      baseUrl: options.baseUrl,
+      apiKey: options.apiKey,
+      cache: options.cache
+    });
+    return {
+      module: ExGuardModule,
+      providers: [
+        {
+          provide: "EXGUARD_CLIENT",
+          useValue: client
+        }
+      ],
+      exports: ["EXGUARD_CLIENT"]
+    };
+  }
+};
+ExGuardModule = __decorateClass([
+  Global(),
+  Module({})
+], ExGuardModule);
+
+// src/guard.ts
+import { Injectable, UnauthorizedException, ForbiddenException, Inject, Optional } from "@nestjs/common";
+var EXGUARD_PERMISSIONS_KEY = "exguard_permissions";
+var EXGUARD_ROLES_KEY = "exguard_roles";
+var ExGuardPermissionGuard = class {
+  constructor(client, reflector) {
+    this.client = client;
+    this.reflector = reflector;
+  }
+  async canActivate(context) {
+    const request = context.switchToHttp().getRequest();
+    const token = this.extractToken(request);
+    if (!token) {
+      throw new UnauthorizedException("No token provided");
+    }
+    if (!this.client) {
+      return true;
+    }
+    const authResult = await this.client.authenticate({ token, request });
+    if (!authResult.allowed) {
+      throw new ForbiddenException(authResult.error || "Access denied");
+    }
+    if (!authResult.user) {
+      throw new ForbiddenException("User not found");
+    }
+    const handler = context.getHandler();
+    const permMeta = this.reflector.get(
+      EXGUARD_PERMISSIONS_KEY,
+      handler
+    );
+    if (permMeta) {
+      const { permissions, requireAll } = permMeta;
+      const userPermissions = authResult.user.modules?.flatMap((m) => m.permissions) || [];
+      if (requireAll) {
+        if (!permissions.every((p) => userPermissions.includes(p))) {
+          throw new ForbiddenException("Insufficient permissions");
+        }
+      } else {
+        if (!permissions.some((p) => userPermissions.includes(p))) {
+          throw new ForbiddenException("Insufficient permissions");
+        }
+      }
+    }
+    const roleMeta = this.reflector.get(
+      EXGUARD_ROLES_KEY,
+      handler
+    );
+    if (roleMeta) {
+      const { roles, requireAll } = roleMeta;
+      const userRoles = authResult.user.roles || [];
+      if (requireAll) {
+        if (!roles.every((r) => userRoles.includes(r))) {
+          throw new ForbiddenException("Insufficient roles");
+        }
+      } else {
+        if (!roles.some((r) => userRoles.includes(r))) {
+          throw new ForbiddenException("Insufficient roles");
+        }
+      }
+    }
+    request.user = authResult.user;
+    return true;
+  }
+  extractToken(request) {
+    const auth = request.headers?.authorization;
+    if (auth?.startsWith("Bearer ")) {
+      return auth.substring(7);
+    }
+    return request.headers?.["x-access-token"] || null;
+  }
+};
+ExGuardPermissionGuard = __decorateClass([
+  Injectable(),
+  __decorateParam(0, Optional()),
+  __decorateParam(0, Inject("EXGUARD_CLIENT"))
+], ExGuardPermissionGuard);
+function RequirePermissions(permissions, requireAll = false) {
+  return function(target, propertyKey, descriptor) {
+    Reflect.defineMetadata(EXGUARD_PERMISSIONS_KEY, { permissions, requireAll }, descriptor.value);
+    return descriptor;
+  };
+}
+function RequireRoles(roles, requireAll = false) {
+  return function(target, propertyKey, descriptor) {
+    Reflect.defineMetadata(EXGUARD_ROLES_KEY, { roles, requireAll }, descriptor.value);
+    return descriptor;
+  };
+}
+export {
+  EXGUARD_PERMISSIONS_KEY,
+  EXGUARD_ROLES_KEY,
+  ExGuardClient,
+  ExGuardModule,
+  ExGuardPermissionGuard,
+  RequirePermissions,
+  RequireRoles,
+  cache,
+  createExGuardClient
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/client.ts","../src/module.ts","../src/guard.ts"],"sourcesContent":["export interface ExGuardConfig {\n  baseUrl: string;\n  apiKey: string;\n  cache?: {\n    enabled?: boolean;\n    ttl?: number;\n  };\n}\n\nexport interface User {\n  id: string;\n  username: string;\n  email: string;\n}\n\nexport interface ModulePermission {\n  key: string;\n  name: string;\n  permissions: string[];\n}\n\nexport interface UserAccessResponse {\n  user: User;\n  roles: string[];\n  modules: ModulePermission[];\n}\n\nexport interface GuardContext {\n  token: string;\n  request?: any;\n}\n\nexport interface GuardResult {\n  allowed: boolean;\n  user?: UserAccessResponse;\n  error?: string;\n}\n\nclass ExGuardCache {\n  private cache = new Map<string, { data: any; timestamp: number; ttl: number }>();\n  private ttl = 300000;\n\n  get(key: string): any {\n    const entry = this.cache.get(key);\n    if (!entry) return null;\n    if (Date.now() - entry.timestamp > entry.ttl) {\n      this.cache.delete(key);\n      return null;\n    }\n    return entry.data;\n  }\n\n  set(key: string, data: any, ttl?: number): void {\n    this.cache.set(key, {\n      data,\n      timestamp: Date.now(),\n      ttl: ttl || this.ttl,\n    });\n  }\n}\n\nconst cache = new ExGuardCache();\n\nexport class ExGuardClient {\n  private baseUrl: string;\n  private apiKey: string;\n  private cache: ExGuardCache;\n\n  constructor(config: ExGuardConfig) {\n    this.baseUrl = config.baseUrl;\n    this.apiKey = config.apiKey;\n    this.cache = cache;\n  }\n\n  async authenticate(context: GuardContext): Promise<GuardResult> {\n    const cacheKey = `auth:${context.token}`;\n    const cached = this.cache.get(cacheKey);\n    if (cached) return cached;\n\n    try {\n      const response = await fetch(`${this.baseUrl}/api/v1/auth/validate`, {\n        method: 'POST',\n        headers: {\n          'Content-Type': 'application/json',\n          'Authorization': `Bearer ${this.apiKey}`,\n        },\n        body: JSON.stringify({ token: context.token }),\n      });\n\n      if (!response.ok) {\n        return { allowed: false, error: 'Invalid token' };\n      }\n\n      const data = await response.json();\n      const result: GuardResult = {\n        allowed: true,\n        user: data.user || data.data?.user,\n      };\n\n      this.cache.set(cacheKey, result);\n      return result;\n    } catch (error) {\n      return { allowed: false, error: 'Authentication failed' };\n    }\n  }\n\n  async hasPermission(token: string, permission: string): Promise<boolean> {\n    const result = await this.authenticate({ token });\n    if (!result.allowed || !result.user) return false;\n\n    const userPermissions = result.user.modules?.flatMap(m => m.permissions) || [];\n    return userPermissions.includes(permission);\n  }\n}\n\nexport function createExGuardClient(config: ExGuardConfig): ExGuardClient {\n  return new ExGuardClient(config);\n}\n\nexport { cache };\n","import { Module, Global, DynamicModule } from '@nestjs/common';\nimport { ExGuardClient } from './client.js';\n\nexport interface ExGuardModuleOptions {\n  baseUrl: string;\n  apiKey: string;\n  cache?: {\n    enabled?: boolean;\n    ttl?: number;\n  };\n}\n\n@Global()\n@Module({})\nexport class ExGuardModule {\n  static forRoot(options: ExGuardModuleOptions): DynamicModule {\n    const client = new ExGuardClient({\n      baseUrl: options.baseUrl,\n      apiKey: options.apiKey,\n      cache: options.cache,\n    });\n\n    return {\n      module: ExGuardModule,\n      providers: [\n        {\n          provide: 'EXGUARD_CLIENT',\n          useValue: client,\n        },\n      ],\n      exports: ['EXGUARD_CLIENT'],\n    };\n  }\n}\n","import { Injectable, CanActivate, ExecutionContext, UnauthorizedException, ForbiddenException, Inject, Optional } from '@nestjs/common';\nimport { Reflector } from '@nestjs/core';\nimport { ExGuardClient } from './client.js';\n\nexport const EXGUARD_PERMISSIONS_KEY = 'exguard_permissions';\nexport const EXGUARD_ROLES_KEY = 'exguard_roles';\n\n@Injectable()\nexport class ExGuardPermissionGuard implements CanActivate {\n  constructor(\n    @Optional() @Inject('EXGUARD_CLIENT') private client: ExGuardClient,\n    private reflector: Reflector,\n  ) {}\n\n  async canActivate(context: ExecutionContext): Promise<boolean> {\n    const request = context.switchToHttp().getRequest();\n    const token = this.extractToken(request);\n\n    if (!token) {\n      throw new UnauthorizedException('No token provided');\n    }\n\n    if (!this.client) {\n      return true;\n    }\n\n    const authResult = await this.client.authenticate({ token, request });\n\n    if (!authResult.allowed) {\n      throw new ForbiddenException(authResult.error || 'Access denied');\n    }\n\n    if (!authResult.user) {\n      throw new ForbiddenException('User not found');\n    }\n\n    const handler = context.getHandler();\n    const permMeta = this.reflector.get<{ permissions: string[]; requireAll?: boolean }>(\n      EXGUARD_PERMISSIONS_KEY,\n      handler,\n    );\n\n    if (permMeta) {\n      const { permissions, requireAll } = permMeta;\n      const userPermissions = authResult.user.modules?.flatMap(m => m.permissions) || [];\n\n      if (requireAll) {\n        if (!permissions.every(p => userPermissions.includes(p))) {\n          throw new ForbiddenException('Insufficient permissions');\n        }\n      } else {\n        if (!permissions.some(p => userPermissions.includes(p))) {\n          throw new ForbiddenException('Insufficient permissions');\n        }\n      }\n    }\n\n    const roleMeta = this.reflector.get<{ roles: string[]; requireAll?: boolean }>(\n      EXGUARD_ROLES_KEY,\n      handler,\n    );\n\n    if (roleMeta) {\n      const { roles, requireAll } = roleMeta;\n      const userRoles = authResult.user.roles || [];\n\n      if (requireAll) {\n        if (!roles.every(r => userRoles.includes(r))) {\n          throw new ForbiddenException('Insufficient roles');\n        }\n      } else {\n        if (!roles.some(r => userRoles.includes(r))) {\n          throw new ForbiddenException('Insufficient roles');\n        }\n      }\n    }\n\n    request.user = authResult.user;\n    return true;\n  }\n\n  private extractToken(request: any): string | null {\n    const auth = request.headers?.authorization;\n    if (auth?.startsWith('Bearer ')) {\n      return auth.substring(7);\n    }\n    return request.headers?.['x-access-token'] || null;\n  }\n}\n\nexport function RequirePermissions(permissions: string[], requireAll = false) {\n  return function (target: any, propertyKey: string, descriptor: PropertyDescriptor) {\n    Reflect.defineMetadata(EXGUARD_PERMISSIONS_KEY, { permissions, requireAll }, descriptor.value);\n    return descriptor;\n  };\n}\n\nexport function RequireRoles(roles: string[], requireAll = false) {\n  return function (target: any, propertyKey: string, descriptor: PropertyDescriptor) {\n    Reflect.defineMetadata(EXGUARD_ROLES_KEY, { roles, requireAll }, descriptor.value);\n    return descriptor;\n  };\n}\n"],"mappings":";;;;;;;;;;;;;AAsCA,IAAM,eAAN,MAAmB;AAAA,EAAnB;AACE,SAAQ,QAAQ,oBAAI,IAA2D;AAC/E,SAAQ,MAAM;AAAA;AAAA,EAEd,IAAI,KAAkB;AACpB,UAAM,QAAQ,KAAK,MAAM,IAAI,GAAG;AAChC,QAAI,CAAC,MAAO,QAAO;AACnB,QAAI,KAAK,IAAI,IAAI,MAAM,YAAY,MAAM,KAAK;AAC5C,WAAK,MAAM,OAAO,GAAG;AACrB,aAAO;AAAA,IACT;AACA,WAAO,MAAM;AAAA,EACf;AAAA,EAEA,IAAI,KAAa,MAAW,KAAoB;AAC9C,SAAK,MAAM,IAAI,KAAK;AAAA,MAClB;AAAA,MACA,WAAW,KAAK,IAAI;AAAA,MACpB,KAAK,OAAO,KAAK;AAAA,IACnB,CAAC;AAAA,EACH;AACF;AAEA,IAAM,QAAQ,IAAI,aAAa;AAExB,IAAM,gBAAN,MAAoB;AAAA,EAKzB,YAAY,QAAuB;AACjC,SAAK,UAAU,OAAO;AACtB,SAAK,SAAS,OAAO;AACrB,SAAK,QAAQ;AAAA,EACf;AAAA,EAEA,MAAM,aAAa,SAA6C;AAC9D,UAAM,WAAW,QAAQ,QAAQ,KAAK;AACtC,UAAM,SAAS,KAAK,MAAM,IAAI,QAAQ;AACtC,QAAI,OAAQ,QAAO;AAEnB,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,GAAG,KAAK,OAAO,yBAAyB;AAAA,QACnE,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,iBAAiB,UAAU,KAAK,MAAM;AAAA,QACxC;AAAA,QACA,MAAM,KAAK,UAAU,EAAE,OAAO,QAAQ,MAAM,CAAC;AAAA,MAC/C,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,eAAO,EAAE,SAAS,OAAO,OAAO,gBAAgB;AAAA,MAClD;AAEA,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,SAAsB;AAAA,QAC1B,SAAS;AAAA,QACT,MAAM,KAAK,QAAQ,KAAK,MAAM;AAAA,MAChC;AAEA,WAAK,MAAM,IAAI,UAAU,MAAM;AAC/B,aAAO;AAAA,IACT,SAAS,OAAO;AACd,aAAO,EAAE,SAAS,OAAO,OAAO,wBAAwB;AAAA,IAC1D;AAAA,EACF;AAAA,EAEA,MAAM,cAAc,OAAe,YAAsC;AACvE,UAAM,SAAS,MAAM,KAAK,aAAa,EAAE,MAAM,CAAC;AAChD,QAAI,CAAC,OAAO,WAAW,CAAC,OAAO,KAAM,QAAO;AAE5C,UAAM,kBAAkB,OAAO,KAAK,SAAS,QAAQ,OAAK,EAAE,WAAW,KAAK,CAAC;AAC7E,WAAO,gBAAgB,SAAS,UAAU;AAAA,EAC5C;AACF;AAEO,SAAS,oBAAoB,QAAsC;AACxE,SAAO,IAAI,cAAc,MAAM;AACjC;;;ACrHA,SAAS,QAAQ,cAA6B;AAcvC,IAAM,gBAAN,MAAoB;AAAA,EACzB,OAAO,QAAQ,SAA8C;AAC3D,UAAM,SAAS,IAAI,cAAc;AAAA,MAC/B,SAAS,QAAQ;AAAA,MACjB,QAAQ,QAAQ;AAAA,MAChB,OAAO,QAAQ;AAAA,IACjB,CAAC;AAED,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,WAAW;AAAA,QACT;AAAA,UACE,SAAS;AAAA,UACT,UAAU;AAAA,QACZ;AAAA,MACF;AAAA,MACA,SAAS,CAAC,gBAAgB;AAAA,IAC5B;AAAA,EACF;AACF;AAnBa,gBAAN;AAAA,EAFN,OAAO;AAAA,EACP,OAAO,CAAC,CAAC;AAAA,GACG;;;ACdb,SAAS,YAA2C,uBAAuB,oBAAoB,QAAQ,gBAAgB;AAIhH,IAAM,0BAA0B;AAChC,IAAM,oBAAoB;AAG1B,IAAM,yBAAN,MAAoD;AAAA,EACzD,YACgD,QACtC,WACR;AAF8C;AACtC;AAAA,EACP;AAAA,EAEH,MAAM,YAAY,SAA6C;AAC7D,UAAM,UAAU,QAAQ,aAAa,EAAE,WAAW;AAClD,UAAM,QAAQ,KAAK,aAAa,OAAO;AAEvC,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,sBAAsB,mBAAmB;AAAA,IACrD;AAEA,QAAI,CAAC,KAAK,QAAQ;AAChB,aAAO;AAAA,IACT;AAEA,UAAM,aAAa,MAAM,KAAK,OAAO,aAAa,EAAE,OAAO,QAAQ,CAAC;AAEpE,QAAI,CAAC,WAAW,SAAS;AACvB,YAAM,IAAI,mBAAmB,WAAW,SAAS,eAAe;AAAA,IAClE;AAEA,QAAI,CAAC,WAAW,MAAM;AACpB,YAAM,IAAI,mBAAmB,gBAAgB;AAAA,IAC/C;AAEA,UAAM,UAAU,QAAQ,WAAW;AACnC,UAAM,WAAW,KAAK,UAAU;AAAA,MAC9B;AAAA,MACA;AAAA,IACF;AAEA,QAAI,UAAU;AACZ,YAAM,EAAE,aAAa,WAAW,IAAI;AACpC,YAAM,kBAAkB,WAAW,KAAK,SAAS,QAAQ,OAAK,EAAE,WAAW,KAAK,CAAC;AAEjF,UAAI,YAAY;AACd,YAAI,CAAC,YAAY,MAAM,OAAK,gBAAgB,SAAS,CAAC,CAAC,GAAG;AACxD,gBAAM,IAAI,mBAAmB,0BAA0B;AAAA,QACzD;AAAA,MACF,OAAO;AACL,YAAI,CAAC,YAAY,KAAK,OAAK,gBAAgB,SAAS,CAAC,CAAC,GAAG;AACvD,gBAAM,IAAI,mBAAmB,0BAA0B;AAAA,QACzD;AAAA,MACF;AAAA,IACF;AAEA,UAAM,WAAW,KAAK,UAAU;AAAA,MAC9B;AAAA,MACA;AAAA,IACF;AAEA,QAAI,UAAU;AACZ,YAAM,EAAE,OAAO,WAAW,IAAI;AAC9B,YAAM,YAAY,WAAW,KAAK,SAAS,CAAC;AAE5C,UAAI,YAAY;AACd,YAAI,CAAC,MAAM,MAAM,OAAK,UAAU,SAAS,CAAC,CAAC,GAAG;AAC5C,gBAAM,IAAI,mBAAmB,oBAAoB;AAAA,QACnD;AAAA,MACF,OAAO;AACL,YAAI,CAAC,MAAM,KAAK,OAAK,UAAU,SAAS,CAAC,CAAC,GAAG;AAC3C,gBAAM,IAAI,mBAAmB,oBAAoB;AAAA,QACnD;AAAA,MACF;AAAA,IACF;AAEA,YAAQ,OAAO,WAAW;AAC1B,WAAO;AAAA,EACT;AAAA,EAEQ,aAAa,SAA6B;AAChD,UAAM,OAAO,QAAQ,SAAS;AAC9B,QAAI,MAAM,WAAW,SAAS,GAAG;AAC/B,aAAO,KAAK,UAAU,CAAC;AAAA,IACzB;AACA,WAAO,QAAQ,UAAU,gBAAgB,KAAK;AAAA,EAChD;AACF;AAhFa,yBAAN;AAAA,EADN,WAAW;AAAA,EAGP,4BAAS;AAAA,EAAG,0BAAO,gBAAgB;AAAA,GAF3B;AAkFN,SAAS,mBAAmB,aAAuB,aAAa,OAAO;AAC5E,SAAO,SAAU,QAAa,aAAqB,YAAgC;AACjF,YAAQ,eAAe,yBAAyB,EAAE,aAAa,WAAW,GAAG,WAAW,KAAK;AAC7F,WAAO;AAAA,EACT;AACF;AAEO,SAAS,aAAa,OAAiB,aAAa,OAAO;AAChE,SAAO,SAAU,QAAa,aAAqB,YAAgC;AACjF,YAAQ,eAAe,mBAAmB,EAAE,OAAO,WAAW,GAAG,WAAW,KAAK;AACjF,WAAO;AAAA,EACT;AACF;","names":[]}

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "exguard-endpoint",
+  "version": "1.0.1",
+  "private": false,
+  "publishConfig": {
+    "access": "public"
+  },
+  "type": "module",
+  "description": "Simple RBAC permission guard for NestJS",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "clean": "node -e \"fs.rmSync('dist', { recursive: true, force: true })\"",
+    "prebuild": "npm run clean"
+  },
+  "keywords": [
+    "exguard",
+    "rbac",
+    "nestjs",
+    "permissions",
+    "guards"
+  ],
+  "author": "EmpowerX",
+  "license": "MIT",
+  "dependencies": {
+    "axios": "^1.0.0"
+  },
+  "devDependencies": {
+    "@nestjs/common": "^10.0.0",
+    "@nestjs/core": "^10.0.0",
+    "@types/node": "^22.10.5",
+    "tsup": "^8.3.5",
+    "typescript": "^5.7.3"
+  },
+  "peerDependencies": {
+    "@nestjs/common": "^10.0.0",
+    "@nestjs/core": "^10.0.0"
+  }
+}