hi-secure 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (49) hide show
  1. package/dist/adapters/ExpressRLAdapter.d.ts.map +1 -1
  2. package/dist/adapters/ExpressRLAdapter.js +0 -29
  3. package/dist/adapters/ExpressRLAdapter.js.map +1 -1
  4. package/dist/adapters/GoogleAdapter.d.ts.map +1 -1
  5. package/dist/adapters/GoogleAdapter.js +4 -3
  6. package/dist/adapters/GoogleAdapter.js.map +1 -1
  7. package/dist/adapters/JWTAdapter.d.ts.map +1 -1
  8. package/dist/adapters/JWTAdapter.js +3 -1
  9. package/dist/adapters/JWTAdapter.js.map +1 -1
  10. package/dist/core/HiSecure.d.ts +3 -18
  11. package/dist/core/HiSecure.d.ts.map +1 -1
  12. package/dist/core/HiSecure.js +29 -132
  13. package/dist/core/HiSecure.js.map +1 -1
  14. package/dist/core/errors/HttpError.d.ts +17 -0
  15. package/dist/core/errors/HttpError.d.ts.map +1 -0
  16. package/dist/core/errors/HttpError.js +36 -0
  17. package/dist/core/errors/HttpError.js.map +1 -0
  18. package/dist/core/useSecure.d.ts +0 -7
  19. package/dist/core/useSecure.d.ts.map +1 -1
  20. package/dist/core/useSecure.js +65 -21
  21. package/dist/core/useSecure.js.map +1 -1
  22. package/dist/index.d.ts +3 -6
  23. package/dist/index.d.ts.map +1 -1
  24. package/dist/index.js +19 -9
  25. package/dist/index.js.map +1 -1
  26. package/dist/managers/AuthManager.d.ts.map +1 -1
  27. package/dist/managers/AuthManager.js +18 -17
  28. package/dist/managers/AuthManager.js.map +1 -1
  29. package/dist/managers/ValidatorManager.d.ts +4 -6
  30. package/dist/managers/ValidatorManager.d.ts.map +1 -1
  31. package/dist/managers/ValidatorManager.js +97 -144
  32. package/dist/managers/ValidatorManager.js.map +1 -1
  33. package/dist/middlewares/errorHandler.js +2 -2
  34. package/dist/middlewares/errorHandler.js.map +1 -1
  35. package/dist/utils/normalizeOptions.d.ts.map +1 -1
  36. package/dist/utils/normalizeOptions.js +14 -4
  37. package/dist/utils/normalizeOptions.js.map +1 -1
  38. package/package.json +1 -1
  39. package/readme.md +38 -73
  40. package/src/adapters/GoogleAdapter.ts +5 -3
  41. package/src/adapters/JWTAdapter.ts +3 -1
  42. package/src/core/HiSecure.ts +414 -175
  43. package/src/core/useSecure.ts +91 -36
  44. package/src/index.ts +28 -12
  45. package/src/managers/AuthManager.ts +15 -13
  46. package/src/managers/ValidatorManager.ts +120 -182
  47. package/src/middlewares/errorHandler.ts +1 -1
  48. package/src/utils/normalizeOptions.ts +24 -9
  49. /package/src/core/errors/{HttpErrror.ts → HttpError.ts} +0 -0
package/dist/core/HiSecure.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"HiSecure.js","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":";AAAA,6BAA6B;;;;;;AAulB7B,2CAA4C;AAC5C,iDAAuD;AACvD,wDAAkD;AAClD,0DAAoD;AACpD,kDAA6C;AAE7C,WAAW;AACX,iEAA2D;AAC3D,mEAA6D;AAC7D,2EAAqE;AACrE,yEAAmE;AACnE,6DAAuD;AACvD,uFAAiF;AACjF,+EAAyE;AACzE,6DAAuD;AAEvD,WAAW;AACX,+DAAyD;AACzD,yEAAmE;AACnE,yEAAmE;AACnE,yEAAmE;AACnE,+DAAyD;AACzD,+DAAyD;AACzD,+DAAyD;AAEzD,cAAc;AACd,oDAA4B;AAC5B,8CAAsB;AACtB,8DAAsC;AACtC,oEAA8D;AAK9D,MAAa,QAAQ;IAwBjB,oCAAoC;IACpC,YAAoB,aAAsC,EAAE;QAtBpD,gBAAW,GAAG,KAAK,CAAC;QAuBxB,IAAI,CAAC,MAAM,GAAG,IAAA,wBAAS,EAAC,yBAAa,EAAE,UAAU,CAAC,CAAC;IACvD,CAAC;IAED,wDAAwD;IACxD,6BAA6B;IAC7B,wDAAwD;IAExD,MAAM,CAAC,WAAW,CAAC,MAAgC;QAC/C,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACrB,QAAQ,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;YACzC,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QACD,OAAO,QAAQ,CAAC,QAAQ,CAAC;IAC7B,CAAC;IAED,MAAM,CAAC,aAAa;QAChB,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC;IAC7B,CAAC;IAED,IAAI;QACA,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACnB,iBAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;YAC9C,OAAO;QACX,CAAC;QAED,iBAAM,CAAC,IAAI,CAAC,MAAM,uBAAQ,KAAK,0BAAW,kBAAkB,CAAC,CAAC;QAE9D,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAE5B,4BAA4B;QAC5B,IAAA,0BAAU,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxB,IAAA,0BAAU,EAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC7B,IAAA,0BAAU,EAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAClC,IAAA,0BAAU,EAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAClC,IAAA,0BAAU,EAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAClC,IAAA,0BAAU,EAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC7B,IAAA,0BAAU,EAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC7B,IAAI,IAAI,CAAC,WAAW;YAAE,IAAA,0BAAU,EAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAEnD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,iBAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACvD,CAAC;IAED,aAAa;QACT,OAAO,IAAI,CAAC,WAAW,CAAC;IAC5B,CAAC;IAED,wDAAwD;IACxD,4CAA4C;IAC5C,wDAAwD;IAExD,MAAM,CAAC,IAAI,CAAC,OAAkD;QAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACpC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QAC1E,CAAC;QACD,OAAO,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,MAAwB;QACpC,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,OAAa;QACzB,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,CAAC,SAAS,CAAC,MAA6C;QAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAEpC,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7B,MAAM,OAAO,GAA2E;gBACpF,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC1B,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;gBAC5B,GAAG,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE;aAC/D,CAAC;YACF,OAAO,QAAQ,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACvE,CAAC;QAED,OAAO,QAAQ,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACrB,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACpC,MAAM,KAAK,GAAG,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;QACrD,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;QAC9C,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,wDAAwD;IACxD,iCAAiC;IACjC,wDAAwD;IAExD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,QAAgB;QAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACpC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAClF,OAAO,MAAM,CAAC,IAAI,CAAC;IACvB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,QAAgB,EAAE,IAAY;QAC9C,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IACjE,CAAC;IA8BD,wDAAwD;IACxD,gCAAgC;IAChC,wDAAwD;IAExD,MAAM,CAAC,UAAU,CAAC,OAAqD;QACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAEpC,wBAAwB;QACxB,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAkC;gBAC3C,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAgB,EAAE,QAAQ,EAAE,IAAI,EAAE;gBAChE,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,QAAe,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;gBAC9E,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,IAAW,EAAE,QAAQ,EAAE,KAAK,EAAE;aAClE,CAAC;YACF,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;YACvC,IAAI,aAAa,EAAE,CAAC;gBAChB,OAAO,QAAQ,CAAC,qBAAqB,CAAC,aAAa,CAAC,CAAC;YACzD,CAAC;YACD,OAAO,QAAQ,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO,QAAQ,CAAC,qBAAqB,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,wDAAwD;IACxD,mBAAmB;IACnB,wDAAwD;IAEhD,aAAa;QACjB,iBAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAEzC,UAAU;QACV,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,KAAK,QAAQ;YAC1D,CAAC,CAAC,IAAI,8BAAY,EAAE;YACpB,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAExD,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;YAC5D,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;YACnD,CAAC,CAAC,IAAI,CAAC;QAEX,gBAAgB;QAChB,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe;YAC7D,CAAC,CAAC,IAAI,wCAAiB,EAAE;YACzB,CAAC,CAAC,IAAI,sCAAgB,EAAE,CAAC;QAC7B,IAAI,CAAC,mBAAmB,GAAG,IAAI,sCAAgB,EAAE,CAAC;QAElD,aAAa;QACb,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,KAAK,KAAK;YACzD,CAAC,CAAC,IAAI,0BAAU,EAAE;YAClB,CAAC,CAAC,IAAI,oDAAuB,EAAE,CAAC;QACpC,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,KAAK,mBAAmB;YAC5E,CAAC,CAAC,IAAI,oDAAuB,EAAE;YAC/B,CAAC,CAAC,IAAI,CAAC;QAEX,eAAe;QACf,IAAI,CAAC,gBAAgB,GAAG,IAAI,4CAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACvE,IAAI,CAAC,iBAAiB,GAAG,IAAI,0BAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAE/D,iBAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACpC,CAAC;IAEO,aAAa;QACjB,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAC9B,IAAI,CAAC,MAAM,CAAC,OAAO,EACnB,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,eAAe,CACvB,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CACxC,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,mBAAmB,CAC3B,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CACxC,IAAI,CAAC,MAAM,CAAC,UAAU,EACtB,IAAI,CAAC,gBAAgB,EACrB,IAAI,CAAC,iBAAiB,CACzB,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CACxC,IAAI,CAAC,gBAAgB,EACrB,IAAI,CAAC,iBAAiB,CACzB,CAAC;IACN,CAAC;IAEO,oBAAoB;QACxB,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QAErC,iCAAiC;QACjC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAC3B,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;YACvE,IAAI,CAAC,SAAS,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,2FAA2F,CAAC,CAAC;YACjH,CAAC;YAED,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAAC;gBAC/B,SAAS;gBACT,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBAC3C,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc;gBAC/E,6CAA6C;aAChD,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAEO,qBAAqB,CAAC,OAAsB;QAChD,MAAM,KAAK,GAAU,EAAE,CAAC;QAExB,eAAe;QACf,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAEhE,mBAAmB;QACnB,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,gBAAM,GAAE,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,aAAG,GAAE,CAAC,CAAC;QAE7C,mDAAmD;QACnD,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC3D,KAAK,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;QACrD,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,IAAA,qBAAW,GAAE,CAAC,CAAC,CAAC,eAAe;QAC9C,CAAC;QAED,OAAO;QACP,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACzC,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC5C,CAAC,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACvF,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;QACzD,CAAC;QAED,eAAe;QACf,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YAClD,MAAM,eAAe,GAAG,OAAO,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;gBACzC,CAAC,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YAC5F,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC;QAClE,CAAC;QAED,gBAAgB;QAChB,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACrD,MAAM,aAAa,GAAG,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC;gBACzC,EAAE,OAAO,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACxD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;QAChE,CAAC;QAED,iBAAiB;QACjB,IAAI,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACnC,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;gBACrC,CAAC,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YAC7E,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnD,CAAC;QAED,8BAA8B;QAC9B,KAAK,CAAC,IAAI,CAAC,8BAAY,CAAC,CAAC;QAEzB,OAAO,KAAK,CAAC;IACjB,CAAC;;AAhUL,4BAiUC;AAhUkB,iBAAQ,GAAoB,IAAI,AAAxB,CAAyB;AAuIzC,YAAG,GAAG;IACT,IAAI,EAAE,CAAC,OAAe,EAAE,OAAa,EAAE,EAAE;QACrC,MAAM,QAAQ,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QACxC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;QACtB,MAAM,QAAQ,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QACxC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,EAAE;QACJ,aAAa,EAAE,CAAC,OAAe,EAAE,EAAE;YAC/B,MAAM,QAAQ,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;YACxC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;YACxC,CAAC;YACD,OAAO,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAC7D,CAAC;KACJ;CACJ,AA1BS,CA0BR","sourcesContent":["// // // src/core/HiSecure.ts\r\n\r\n// // import { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\n// // import { defaultConfig } from \"./config.js\";\r\n// // import { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\n// // import { deepMerge } from \"../utils/deepMerge.js\";\r\n// // import { deepFreeze } from \"../utils/deepFreeze.js\";\r\n\r\n// // import { logger } from \"../logging\";\r\n\r\n// // // Adapters\r\n// // import { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\n// // import { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\n// // import { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\n// // import { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\n// // import { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\n// // import { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\n// // import { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\n// // import { DomPurifyAdapter } from \"../adapters/DomPurifyAdapter.js\";\r\n\r\n// // // Managers\r\n// // import { HashManager } from \"../managers/HashManager.js\";\r\n// // import { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\n// // import { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\n// // import { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\n// // import { JsonManager } from \"../managers/JsonManager.js\";\r\n// // import { CorsManager } from \"../managers/CorsManager.js\";\r\n// // import { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// // // 3rd-party express middlewares\r\n// // import helmet from \"helmet\";\r\n// // import hpp from \"hpp\";\r\n\r\n// // // Shared error handler\r\n// // import { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// // export class HiSecure {\r\n// // private config: HiSecureConfig;\r\n// // private initialized = false;\r\n\r\n// // // Managers exposed for user\r\n// // public hashManager!: HashManager;\r\n// // public rateLimitManager!: RateLimitManager;\r\n// // public validatorManager!: ValidatorManager;\r\n// // public sanitizerManager!: SanitizerManager;\r\n// // public jsonManager!: JsonManager;\r\n// // public corsManager!: CorsManager;\r\n// // public authManager?: AuthManager;\r\n\r\n// // // Internal adapters\r\n// // private hashingPrimary: any;\r\n// // private hashingFallback: any;\r\n// // private rateLimiterPrimary: any;\r\n// // private rateLimiterFallback: any;\r\n// // private validatorPrimary: any;\r\n// // private validatorFallback: any;\r\n// // private sanitizerPrimary: any;\r\n// // private sanitizerFallback: any;\r\n\r\n// // constructor(userConfig: Partial<HiSecureConfig> = {}) {\r\n// // this.config = deepMerge(defaultConfig, userConfig);\r\n// // }\r\n\r\n// // // ---------------------------------------------------------\r\n// // // INIT\r\n// // // ---------------------------------------------------------\r\n// // init() {\r\n// // if (this.initialized) {\r\n// // logger.warn(\"⚠ HiSecure.init() called twice → ignored.\");\r\n// // return;\r\n// // }\r\n\r\n// // logger.info(`🔐 ${LIB_NAME} v${LIB_VERSION} initialized`);\r\n// // logger.info(\"⚙ Loaded configuration:\", this.config);\r\n\r\n// // this.setupAdapters();\r\n// // this.setupManagers();\r\n// // this.setupDynamicManagers();\r\n\r\n// // // IMMUTABLE — library cannot be modified at runtime\r\n// // deepFreeze(this.config);\r\n// // deepFreeze(this.hashManager);\r\n// // deepFreeze(this.rateLimitManager);\r\n// // deepFreeze(this.validatorManager);\r\n// // deepFreeze(this.sanitizerManager);\r\n// // deepFreeze(this.jsonManager);\r\n// // deepFreeze(this.corsManager);\r\n// // if (this.authManager) deepFreeze(this.authManager);\r\n\r\n// // this.initialized = true;\r\n\r\n// // logger.info(\"🔒 HiSecure locked — production-ready\");\r\n// // }\r\n\r\n// // isInitialized() {\r\n// // return this.initialized;\r\n// // }\r\n\r\n// // // ---------------------------------------------------------\r\n// // // ADAPTER SETUP\r\n// // // ---------------------------------------------------------\r\n// // private setupAdapters() {\r\n// // logger.info(\"🧩 Setting up adapters...\");\r\n\r\n// // // Hashing\r\n// // this.hashingPrimary =\r\n// // this.config.hashing.primary === \"argon2\"\r\n// // ? new ArgonAdapter()\r\n// // : new BcryptAdapter(this.config.hashing.saltRounds);\r\n\r\n// // this.hashingFallback =\r\n// // this.config.hashing.fallback === \"bcrypt\"\r\n// // ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n// // : null;\r\n\r\n// // // Rate limiter\r\n// // this.rateLimiterPrimary =\r\n// // this.config.rateLimiter.useAdaptiveMode\r\n// // ? new RLFlexibleAdapter()\r\n// // : new ExpressRLAdapter();\r\n\r\n// // this.rateLimiterFallback = new ExpressRLAdapter();\r\n\r\n// // // Validator\r\n// // this.validatorPrimary =\r\n// // this.config.validation.mode === \"zod\"\r\n// // ? new ZodAdapter()\r\n// // : new ExpressValidatorAdapter();\r\n\r\n// // this.validatorFallback =\r\n// // this.config.validation.fallback === \"express-validator\"\r\n// // ? new ExpressValidatorAdapter()\r\n// // : null;\r\n\r\n// // // Sanitizer\r\n// // this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);\r\n// // this.sanitizerFallback = new DomPurifyAdapter();\r\n\r\n// // logger.info(\"✔ Adapters ready\");\r\n// // }\r\n\r\n// // // ---------------------------------------------------------\r\n// // // MANAGER SETUP\r\n// // // ---------------------------------------------------------\r\n// // private setupManagers() {\r\n// // this.hashManager = new HashManager(\r\n// // this.config.hashing,\r\n// // this.hashingPrimary,\r\n// // this.hashingFallback\r\n// // );\r\n\r\n// // this.rateLimitManager = new RateLimitManager(\r\n// // this.config.rateLimiter,\r\n// // this.rateLimiterPrimary,\r\n// // this.rateLimiterFallback\r\n// // );\r\n\r\n// // this.validatorManager = new ValidatorManager(\r\n// // this.config.validation,\r\n// // this.validatorPrimary,\r\n// // this.validatorFallback\r\n// // );\r\n\r\n// // this.sanitizerManager = new SanitizerManager(\r\n// // this.sanitizerPrimary,\r\n// // this.sanitizerFallback\r\n// // );\r\n// // }\r\n\r\n// // // ---------------------------------------------------------\r\n// // // DYNAMIC MANAGERS (JSON, CORS, AUTH)\r\n// // // ---------------------------------------------------------\r\n// // private setupDynamicManagers() {\r\n// // this.jsonManager = new JsonManager();\r\n// // this.corsManager = new CorsManager();\r\n\r\n// // // AUTH SUPPORT\r\n// // if (this.config.auth?.enabled) {\r\n// // this.authManager = new AuthManager({\r\n// // jwtSecret: process.env.JWT_SECRET!,\r\n// // jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n// // googleClientId: process.env.GOOGLE_CLIENT_ID\r\n// // });\r\n// // }\r\n// // }\r\n\r\n// // // ---------------------------------------------------------\r\n// // // PUBLIC API METHODS\r\n// // // ---------------------------------------------------------\r\n// // hash(value: string) {\r\n// // return this.hashManager.hash(value);\r\n// // }\r\n\r\n// // verify(value: string, hashed: string) {\r\n// // return this.hashManager.verify(value, hashed);\r\n// // }\r\n\r\n// // sanitize(value: string) {\r\n// // return this.sanitizerManager.sanitize(value);\r\n// // }\r\n\r\n// // validate(schema: any) {\r\n// // return this.validatorManager.validate(schema);\r\n// // }\r\n\r\n// // // ---------------------------------------------------------\r\n// // // EXPRESS GLOBAL PIPELINE\r\n// // // ---------------------------------------------------------\r\n// // middleware() {\r\n// // const chain: any[] = [];\r\n\r\n// // // JSON + URL encoded\r\n// // chain.push(this.jsonManager.middleware(this.config.json));\r\n// // chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n\r\n// // // add qs\r\n// // chain.push(this.jsonManager.queryParser());\r\n\r\n// // // Core security\r\n// // if (this.config.enableHelmet) chain.push(helmet());\r\n// // if (this.config.enableHPP) chain.push(hpp());\r\n\r\n// // if (this.config.enableCORS)\r\n// // chain.push(this.corsManager.middleware(this.config.cors));\r\n\r\n// // if (this.config.enableSanitizer)\r\n// // chain.push(this.sanitizerManager.middleware());\r\n\r\n// // if (this.config.enableRateLimiter)\r\n// // chain.push(this.rateLimitManager.middleware());\r\n\r\n// // // Centralized error handling\r\n// // chain.push(errorHandler);\r\n\r\n// // return chain;\r\n// // }\r\n// // }\r\n\r\n\r\n\r\n// // src/core/HiSecure.ts - COMPLETE FIXED\r\n// import { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\n// import { defaultConfig } from \"./config.js\";\r\n// import { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\n// import { deepMerge } from \"../utils/deepMerge.js\";\r\n// import { deepFreeze } from \"../utils/deepFreeze.js\";\r\n// import { logger } from \"../logging/index.js\";\r\n\r\n// // Adapters\r\n// import { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\n// import { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\n// import { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\n// import { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\n// import { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\n// import { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\n// import { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\n// import { XSSAdapter } from \"../adapters/XSSAdapter.js\"; // ✅ FIXED IMPORT\r\n\r\n// // Managers\r\n// import { HashManager } from \"../managers/HashManager.js\";\r\n// import { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\n// import { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\n// import { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\n// import { JsonManager } from \"../managers/JsonManager.js\";\r\n// import { CorsManager } from \"../managers/CorsManager.js\";\r\n// import { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// // Middlewares\r\n// import helmet from \"helmet\";\r\n// import hpp from \"hpp\";\r\n// import compression from \"compression\";\r\n// import { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// // Types\r\n// import { SecureOptions, ValidationSchema } from \"./types/SecureOptions.js\";\r\n\r\n// export class HiSecure {\r\n// private static instance: HiSecure | null = null;\r\n// private config: HiSecureConfig;\r\n// private initialized = false;\r\n\r\n// // Managers\r\n// public hashManager!: HashManager;\r\n// public rateLimitManager!: RateLimitManager;\r\n// public validatorManager!: ValidatorManager;\r\n// public sanitizerManager!: SanitizerManager;\r\n// public jsonManager!: JsonManager;\r\n// public corsManager!: CorsManager;\r\n// public authManager?: AuthManager;\r\n\r\n// // Internal adapters\r\n// private hashingPrimary: any;\r\n// private hashingFallback: any;\r\n// private rateLimiterPrimary: any;\r\n// private rateLimiterFallback: any;\r\n// private validatorPrimary: any;\r\n// private validatorFallback: any;\r\n// private sanitizerPrimary: any;\r\n// private sanitizerFallback: any;\r\n\r\n// // Private constructor for singleton\r\n// private constructor(userConfig: Partial<HiSecureConfig> = {}) {\r\n// this.config = deepMerge(defaultConfig, userConfig);\r\n// }\r\n\r\n// // =====================================================\r\n// // SINGLETON & INITIALIZATION\r\n// // =====================================================\r\n \r\n// static getInstance(config?: Partial<HiSecureConfig>): HiSecure {\r\n// if (!HiSecure.instance) {\r\n// HiSecure.instance = new HiSecure(config);\r\n// HiSecure.instance.init();\r\n// }\r\n// return HiSecure.instance;\r\n// }\r\n\r\n// static resetInstance(): void {\r\n// HiSecure.instance = null;\r\n// }\r\n\r\n// init(): void {\r\n// if (this.initialized) {\r\n// logger.warn(\"⚠ HiSecure already initialized\");\r\n// return;\r\n// }\r\n\r\n// logger.info(`🔐 ${LIB_NAME} v${LIB_VERSION} initializing...`);\r\n\r\n// this.setupAdapters();\r\n// this.setupManagers();\r\n// this.setupDynamicManagers();\r\n\r\n// // Make everything immutable\r\n// deepFreeze(this.config);\r\n// deepFreeze(this.hashManager);\r\n// deepFreeze(this.rateLimitManager);\r\n// deepFreeze(this.validatorManager);\r\n// deepFreeze(this.sanitizerManager);\r\n// deepFreeze(this.jsonManager);\r\n// deepFreeze(this.corsManager);\r\n// if (this.authManager) deepFreeze(this.authManager);\r\n\r\n// this.initialized = true;\r\n// logger.info(\"✅ HiSecure initialized successfully\");\r\n// }\r\n\r\n// isInitialized(): boolean {\r\n// return this.initialized;\r\n// }\r\n\r\n// // =====================================================\r\n// // FLUENT API METHODS (Route-level security)\r\n// // =====================================================\r\n \r\n// static auth(options?: { required?: boolean; roles?: string[] }) {\r\n// const instance = this.getInstance();\r\n// if (!instance.authManager) {\r\n// throw new Error(\"Auth not enabled. Set auth.enabled=true in config.\");\r\n// }\r\n// return instance.authManager.protect(options);\r\n// }\r\n\r\n// static validate(schema: ValidationSchema) {\r\n// return this.getInstance().validatorManager.validate(schema);\r\n// }\r\n\r\n// static sanitize(options?: any) {\r\n// return this.getInstance().sanitizerManager.middleware(options);\r\n// }\r\n\r\n// static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n// const instance = this.getInstance();\r\n \r\n// if (typeof preset === \"string\") {\r\n// const presets = {\r\n// strict: { mode: \"strict\" as const },\r\n// relaxed: { mode: \"relaxed\" as const },\r\n// api: { max: 100, windowMs: 60000 }\r\n// };\r\n// return instance.rateLimitManager.middleware(presets[preset] || {});\r\n// }\r\n \r\n// return instance.rateLimitManager.middleware({ options: preset });\r\n// }\r\n\r\n// static cors(options?: any) {\r\n// return this.getInstance().corsManager.middleware(options);\r\n// }\r\n\r\n// static json(options?: any) {\r\n// const instance = this.getInstance();\r\n// const chain = [];\r\n// chain.push(instance.jsonManager.middleware(options));\r\n// chain.push(instance.jsonManager.urlencoded());\r\n// return chain;\r\n// }\r\n\r\n// // =====================================================\r\n// // UTILITY METHODS (Direct usage)\r\n// // =====================================================\r\n \r\n// static async hash(password: string): Promise<string> {\r\n// const instance = this.getInstance();\r\n// const result = await instance.hashManager.hash(password, { allowFallback: true });\r\n// return result.hash;\r\n// }\r\n\r\n// static async verify(password: string, hash: string): Promise<boolean> {\r\n// return this.getInstance().hashManager.verify(password, hash);\r\n// }\r\n\r\n// static jwt = {\r\n// sign: (payload: object, options?: any) => {\r\n// const instance = HiSecure.getInstance();\r\n// if (!instance.authManager) {\r\n// throw new Error(\"Auth not enabled\");\r\n// }\r\n// return instance.authManager.sign(payload, options);\r\n// },\r\n \r\n// verify: (token: string) => {\r\n// const instance = HiSecure.getInstance();\r\n// if (!instance.authManager) {\r\n// throw new Error(\"Auth not enabled\");\r\n// }\r\n// return instance.authManager.verify(token);\r\n// },\r\n \r\n// google: {\r\n// verifyIdToken: (idToken: string) => {\r\n// const instance = HiSecure.getInstance();\r\n// if (!instance.authManager) {\r\n// throw new Error(\"Auth not enabled\");\r\n// }\r\n// return instance.authManager.verifyGoogleIdToken(idToken);\r\n// }\r\n// }\r\n// };\r\n\r\n// // =====================================================\r\n// // GLOBAL MIDDLEWARE (app.use())\r\n// // =====================================================\r\n \r\n// static middleware(options?: SecureOptions | \"api\" | \"strict\" | \"public\") {\r\n// const instance = this.getInstance();\r\n \r\n// // Handle preset strings\r\n// if (typeof options === \"string\") {\r\n// const presets = {\r\n// api: { cors: true, rateLimit: \"relaxed\", sanitize: true },\r\n// strict: { cors: true, rateLimit: \"strict\", sanitize: true, auth: true },\r\n// public: { cors: true, rateLimit: true }\r\n// };\r\n// options = presets[options] || {};\r\n// }\r\n \r\n// return instance.createMiddlewareChain(options || {});\r\n// }\r\n\r\n// // =====================================================\r\n// // INTERNAL METHODS\r\n// // =====================================================\r\n \r\n// private setupAdapters(): void {\r\n// logger.info(\"🧩 Setting up adapters...\");\r\n\r\n// // Hashing\r\n// this.hashingPrimary = this.config.hashing.primary === \"argon2\"\r\n// ? new ArgonAdapter()\r\n// : new BcryptAdapter(this.config.hashing.saltRounds);\r\n\r\n// this.hashingFallback = this.config.hashing.fallback === \"bcrypt\"\r\n// ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n// : null;\r\n\r\n// // Rate limiting\r\n// this.rateLimiterPrimary = this.config.rateLimiter.useAdaptiveMode\r\n// ? new RLFlexibleAdapter()\r\n// : new ExpressRLAdapter();\r\n// this.rateLimiterFallback = new ExpressRLAdapter();\r\n\r\n// // Validation\r\n// this.validatorPrimary = this.config.validation.mode === \"zod\"\r\n// ? new ZodAdapter()\r\n// : new ExpressValidatorAdapter();\r\n// this.validatorFallback = this.config.validation.fallback === \"express-validator\"\r\n// ? new ExpressValidatorAdapter()\r\n// : null;\r\n\r\n// // Sanitization\r\n// this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);\r\n// this.sanitizerFallback = new XSSAdapter(this.config.sanitizer); // ✅ XSSAdapter, NOT DomPurifyAdapter\r\n\r\n// logger.info(\"✅ Adapters ready\");\r\n// }\r\n\r\n// private setupManagers(): void {\r\n// this.hashManager = new HashManager(\r\n// this.config.hashing,\r\n// this.hashingPrimary,\r\n// this.hashingFallback\r\n// );\r\n\r\n// this.rateLimitManager = new RateLimitManager(\r\n// this.config.rateLimiter,\r\n// this.rateLimiterPrimary,\r\n// this.rateLimiterFallback\r\n// );\r\n\r\n// this.validatorManager = new ValidatorManager(\r\n// this.config.validation,\r\n// this.validatorPrimary,\r\n// this.validatorFallback\r\n// );\r\n\r\n// this.sanitizerManager = new SanitizerManager(\r\n// this.sanitizerPrimary,\r\n// this.sanitizerFallback\r\n// );\r\n// }\r\n\r\n// private setupDynamicManagers(): void {\r\n// this.jsonManager = new JsonManager();\r\n// this.corsManager = new CorsManager();\r\n\r\n// // Auth manager (only if enabled)\r\n// if (this.config.auth.enabled) {\r\n// const jwtSecret = process.env.JWT_SECRET || this.config.auth.jwtSecret;\r\n// if (!jwtSecret) {\r\n// throw new Error(\"JWT_SECRET environment variable or jwtSecret in config is required when auth.enabled=true\");\r\n// }\r\n\r\n// this.authManager = new AuthManager({\r\n// jwtSecret,\r\n// jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n// googleClientId: process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId,\r\n// // ✅ Add algorithm option for JWT security\r\n// algorithm: 'HS256'\r\n// });\r\n// }\r\n// }\r\n\r\n// private createMiddlewareChain(options: SecureOptions): any[] {\r\n// const chain: any[] = [];\r\n \r\n// // JSON parsing\r\n// chain.push(this.jsonManager.middleware(this.config.json));\r\n// chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n \r\n// // Security headers\r\n// if (this.config.enableHelmet) chain.push(helmet());\r\n// if (this.config.enableHPP) chain.push(hpp());\r\n \r\n// // Compression (check if compression config exists)\r\n// if (this.config.enableCompression && this.config.compression) {\r\n// chain.push(compression(this.config.compression));\r\n// } else if (this.config.enableCompression) {\r\n// chain.push(compression()); // Use defaults\r\n// }\r\n \r\n// // CORS\r\n// if (this.config.enableCORS || options.cors) {\r\n// const corsOptions = options.cors === true ? this.config.cors : \r\n// (typeof options.cors === 'object' ? options.cors : this.config.cors);\r\n// chain.push(this.corsManager.middleware(corsOptions));\r\n// }\r\n \r\n// // Sanitization\r\n// if (this.config.enableSanitizer || options.sanitize) {\r\n// const sanitizeOptions = options.sanitize === true ? undefined : \r\n// (typeof options.sanitize === 'object' ? options.sanitize : undefined);\r\n// chain.push(this.sanitizerManager.middleware(sanitizeOptions));\r\n// }\r\n \r\n// // Rate limiting\r\n// if (this.config.enableRateLimiter || options.rateLimit) {\r\n// const rateLimitOpts = typeof options.rateLimit === 'object' ? \r\n// { options: options.rateLimit } : {};\r\n// chain.push(this.rateLimitManager.middleware(rateLimitOpts));\r\n// }\r\n \r\n// // Authentication\r\n// if (options.auth && this.authManager) {\r\n// const authOpts = options.auth === true ? undefined : \r\n// (typeof options.auth === 'object' ? options.auth : undefined);\r\n// chain.push(this.authManager.protect(authOpts));\r\n// }\r\n \r\n// // Error handler (always last)\r\n// chain.push(errorHandler);\r\n \r\n// return chain;\r\n// }\r\n// }\r\n\r\n\r\n// src/core/HiSecure.ts - COMPLETELY FIXED\r\nimport { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\nimport { defaultConfig } from \"./config.js\";\r\nimport { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\nimport { deepMerge } from \"../utils/deepMerge.js\";\r\nimport { deepFreeze } from \"../utils/deepFreeze.js\";\r\nimport { logger } from \"../logging/index.js\";\r\n\r\n// Adapters\r\nimport { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\nimport { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\nimport { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\nimport { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\nimport { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\nimport { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\nimport { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\nimport { XSSAdapter } from \"../adapters/XSSAdapter.js\";\r\n\r\n// Managers\r\nimport { HashManager } from \"../managers/HashManager.js\";\r\nimport { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\nimport { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\nimport { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\nimport { JsonManager } from \"../managers/JsonManager.js\";\r\nimport { CorsManager } from \"../managers/CorsManager.js\";\r\nimport { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// Middlewares\r\nimport helmet from \"helmet\";\r\nimport hpp from \"hpp\";\r\nimport compression from \"compression\";\r\nimport { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// Types\r\nimport { SecureOptions, ValidationSchema, RateLimitOptions } from \"./types/SecureOptions.js\";\r\n\r\nexport class HiSecure {\r\n private static instance: HiSecure | null = null;\r\n private config: HiSecureConfig;\r\n private initialized = false;\r\n\r\n // Managers\r\n public hashManager!: HashManager;\r\n public rateLimitManager!: RateLimitManager;\r\n public validatorManager!: ValidatorManager;\r\n public sanitizerManager!: SanitizerManager;\r\n public jsonManager!: JsonManager;\r\n public corsManager!: CorsManager;\r\n public authManager?: AuthManager;\r\n\r\n // Internal adapters\r\n private hashingPrimary: any;\r\n private hashingFallback: any;\r\n private rateLimiterPrimary: any;\r\n private rateLimiterFallback: any;\r\n private validatorPrimary: any;\r\n private validatorFallback: any;\r\n private sanitizerPrimary: any;\r\n private sanitizerFallback: any;\r\n\r\n // Private constructor for singleton\r\n private constructor(userConfig: Partial<HiSecureConfig> = {}) {\r\n this.config = deepMerge(defaultConfig, userConfig);\r\n }\r\n\r\n // =====================================================\r\n // SINGLETON & INITIALIZATION\r\n // =====================================================\r\n \r\n static getInstance(config?: Partial<HiSecureConfig>): HiSecure {\r\n if (!HiSecure.instance) {\r\n HiSecure.instance = new HiSecure(config);\r\n HiSecure.instance.init();\r\n }\r\n return HiSecure.instance;\r\n }\r\n\r\n static resetInstance(): void {\r\n HiSecure.instance = null;\r\n }\r\n\r\n init(): void {\r\n if (this.initialized) {\r\n logger.warn(\"⚠ HiSecure already initialized\");\r\n return;\r\n }\r\n\r\n logger.info(`🔐 ${LIB_NAME} v${LIB_VERSION} initializing...`);\r\n\r\n this.setupAdapters();\r\n this.setupManagers();\r\n this.setupDynamicManagers();\r\n\r\n // Make everything immutable\r\n deepFreeze(this.config);\r\n deepFreeze(this.hashManager);\r\n deepFreeze(this.rateLimitManager);\r\n deepFreeze(this.validatorManager);\r\n deepFreeze(this.sanitizerManager);\r\n deepFreeze(this.jsonManager);\r\n deepFreeze(this.corsManager);\r\n if (this.authManager) deepFreeze(this.authManager);\r\n\r\n this.initialized = true;\r\n logger.info(\"✅ HiSecure initialized successfully\");\r\n }\r\n\r\n isInitialized(): boolean {\r\n return this.initialized;\r\n }\r\n\r\n // =====================================================\r\n // FLUENT API METHODS (Route-level security)\r\n // =====================================================\r\n \r\n static auth(options?: { required?: boolean; roles?: string[] }) {\r\n const instance = this.getInstance();\r\n if (!instance.authManager) {\r\n throw new Error(\"Auth not enabled. Set auth.enabled=true in config.\");\r\n }\r\n return instance.authManager.protect(options);\r\n }\r\n\r\n static validate(schema: ValidationSchema) {\r\n return this.getInstance().validatorManager.validate(schema);\r\n }\r\n\r\n static sanitize(options?: any) {\r\n return this.getInstance().sanitizerManager.middleware(options);\r\n }\r\n\r\n static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n const instance = this.getInstance();\r\n \r\n if (typeof preset === \"string\") {\r\n const presets: Record<string, { mode?: \"strict\" | \"relaxed\" | \"api\"; options?: any }> = {\r\n strict: { mode: \"strict\" },\r\n relaxed: { mode: \"relaxed\" },\r\n api: { mode: \"api\", options: { max: 100, windowMs: 60000 } }\r\n };\r\n return instance.rateLimitManager.middleware(presets[preset] || {});\r\n }\r\n \r\n return instance.rateLimitManager.middleware({ options: preset });\r\n }\r\n\r\n static cors(options?: any) {\r\n return this.getInstance().corsManager.middleware(options);\r\n }\r\n\r\n static json(options?: any) {\r\n const instance = this.getInstance();\r\n const chain = [];\r\n chain.push(instance.jsonManager.middleware(options));\r\n chain.push(instance.jsonManager.urlencoded());\r\n return chain;\r\n }\r\n\r\n // =====================================================\r\n // UTILITY METHODS (Direct usage)\r\n // =====================================================\r\n \r\n static async hash(password: string): Promise<string> {\r\n const instance = this.getInstance();\r\n const result = await instance.hashManager.hash(password, { allowFallback: true });\r\n return result.hash;\r\n }\r\n\r\n static async verify(password: string, hash: string): Promise<boolean> {\r\n return this.getInstance().hashManager.verify(password, hash);\r\n }\r\n\r\n static jwt = {\r\n sign: (payload: object, options?: any) => {\r\n const instance = HiSecure.getInstance();\r\n if (!instance.authManager) {\r\n throw new Error(\"Auth not enabled\");\r\n }\r\n return instance.authManager.sign(payload, options);\r\n },\r\n \r\n verify: (token: string) => {\r\n const instance = HiSecure.getInstance();\r\n if (!instance.authManager) {\r\n throw new Error(\"Auth not enabled\");\r\n }\r\n return instance.authManager.verify(token);\r\n },\r\n \r\n google: {\r\n verifyIdToken: (idToken: string) => {\r\n const instance = HiSecure.getInstance();\r\n if (!instance.authManager) {\r\n throw new Error(\"Auth not enabled\");\r\n }\r\n return instance.authManager.verifyGoogleIdToken(idToken);\r\n }\r\n }\r\n };\r\n\r\n // =====================================================\r\n // GLOBAL MIDDLEWARE (app.use())\r\n // =====================================================\r\n \r\n static middleware(options?: SecureOptions | \"api\" | \"strict\" | \"public\") {\r\n const instance = this.getInstance();\r\n \r\n // Handle preset strings\r\n if (typeof options === \"string\") {\r\n const presets: Record<string, SecureOptions> = {\r\n api: { cors: true, rateLimit: \"relaxed\" as any, sanitize: true },\r\n strict: { cors: true, rateLimit: \"strict\" as any, sanitize: true, auth: true },\r\n public: { cors: true, rateLimit: true as any, sanitize: false }\r\n };\r\n const presetOptions = presets[options];\r\n if (presetOptions) {\r\n return instance.createMiddlewareChain(presetOptions);\r\n }\r\n return instance.createMiddlewareChain({});\r\n }\r\n \r\n return instance.createMiddlewareChain(options || {});\r\n }\r\n\r\n // =====================================================\r\n // INTERNAL METHODS\r\n // =====================================================\r\n \r\n private setupAdapters(): void {\r\n logger.info(\"🧩 Setting up adapters...\");\r\n\r\n // Hashing\r\n this.hashingPrimary = this.config.hashing.primary === \"argon2\"\r\n ? new ArgonAdapter()\r\n : new BcryptAdapter(this.config.hashing.saltRounds);\r\n\r\n this.hashingFallback = this.config.hashing.fallback === \"bcrypt\"\r\n ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n : null;\r\n\r\n // Rate limiting\r\n this.rateLimiterPrimary = this.config.rateLimiter.useAdaptiveMode\r\n ? new RLFlexibleAdapter()\r\n : new ExpressRLAdapter();\r\n this.rateLimiterFallback = new ExpressRLAdapter();\r\n\r\n // Validation\r\n this.validatorPrimary = this.config.validation.mode === \"zod\"\r\n ? new ZodAdapter()\r\n : new ExpressValidatorAdapter();\r\n this.validatorFallback = this.config.validation.fallback === \"express-validator\"\r\n ? new ExpressValidatorAdapter()\r\n : null;\r\n\r\n // Sanitization\r\n this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);\r\n this.sanitizerFallback = new XSSAdapter(this.config.sanitizer);\r\n\r\n logger.info(\"✅ Adapters ready\");\r\n }\r\n\r\n private setupManagers(): void {\r\n this.hashManager = new HashManager(\r\n this.config.hashing,\r\n this.hashingPrimary,\r\n this.hashingFallback\r\n );\r\n\r\n this.rateLimitManager = new RateLimitManager(\r\n this.config.rateLimiter,\r\n this.rateLimiterPrimary,\r\n this.rateLimiterFallback\r\n );\r\n\r\n this.validatorManager = new ValidatorManager(\r\n this.config.validation,\r\n this.validatorPrimary,\r\n this.validatorFallback\r\n );\r\n\r\n this.sanitizerManager = new SanitizerManager(\r\n this.sanitizerPrimary,\r\n this.sanitizerFallback\r\n );\r\n }\r\n\r\n private setupDynamicManagers(): void {\r\n this.jsonManager = new JsonManager();\r\n this.corsManager = new CorsManager();\r\n\r\n // Auth manager (only if enabled)\r\n if (this.config.auth.enabled) {\r\n const jwtSecret = process.env.JWT_SECRET || this.config.auth.jwtSecret;\r\n if (!jwtSecret) {\r\n throw new Error(\"JWT_SECRET environment variable or jwtSecret in config is required when auth.enabled=true\");\r\n }\r\n\r\n this.authManager = new AuthManager({\r\n jwtSecret,\r\n jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n googleClientId: process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId\r\n // Removed algorithm - handled in AuthManager\r\n });\r\n }\r\n }\r\n\r\n private createMiddlewareChain(options: SecureOptions): any[] {\r\n const chain: any[] = [];\r\n \r\n // JSON parsing\r\n chain.push(this.jsonManager.middleware(this.config.json));\r\n chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n \r\n // Security headers\r\n if (this.config.enableHelmet) chain.push(helmet());\r\n if (this.config.enableHPP) chain.push(hpp());\r\n \r\n // Compression (check if compression config exists)\r\n if (this.config.enableCompression && this.config.compression) {\r\n chain.push(compression(this.config.compression));\r\n } else if (this.config.enableCompression) {\r\n chain.push(compression()); // Use defaults\r\n }\r\n \r\n // CORS\r\n if (this.config.enableCORS || options.cors) {\r\n const corsOptions = options.cors === true ? this.config.cors : \r\n (typeof options.cors === 'object' ? options.cors : this.config.cors);\r\n chain.push(this.corsManager.middleware(corsOptions));\r\n }\r\n \r\n // Sanitization\r\n if (this.config.enableSanitizer || options.sanitize) {\r\n const sanitizeOptions = options.sanitize === true ? undefined : \r\n (typeof options.sanitize === 'object' ? options.sanitize : undefined);\r\n chain.push(this.sanitizerManager.middleware(sanitizeOptions));\r\n }\r\n \r\n // Rate limiting\r\n if (this.config.enableRateLimiter || options.rateLimit) {\r\n const rateLimitOpts = typeof options.rateLimit === 'object' ? \r\n { options: options.rateLimit } : {};\r\n chain.push(this.rateLimitManager.middleware(rateLimitOpts));\r\n }\r\n \r\n // Authentication\r\n if (options.auth && this.authManager) {\r\n const authOpts = options.auth === true ? undefined : \r\n (typeof options.auth === 'object' ? options.auth : undefined);\r\n chain.push(this.authManager.protect(authOpts));\r\n }\r\n \r\n // Error handler (always last)\r\n chain.push(errorHandler);\r\n \r\n return chain;\r\n }\r\n}"]}
1
+ {"version":3,"file":"HiSecure.js","sourceRoot":"","sources":["../../src/core/HiSecure.ts"],"names":[],"mappings":";AAAA,6BAA6B;;;;;;AAq8B7B,2CAA4C;AAC5C,iDAAuD;AACvD,wDAAkD;AAClD,0DAAoD;AACpD,kDAA6C;AAE7C,WAAW;AACX,iEAA2D;AAC3D,mEAA6D;AAC7D,2EAAqE;AACrE,yEAAmE;AACnE,6DAAuD;AACvD,uFAAiF;AACjF,+EAAyE;AACzE,6DAAuD;AAEvD,WAAW;AACX,+DAAyD;AACzD,yEAAmE;AACnE,yEAAmE;AACnE,yEAAmE;AACnE,+DAAyD;AACzD,+DAAyD;AACzD,+DAAyD;AAEzD,cAAc;AACd,oDAA4B;AAC5B,8CAAsB;AACtB,8DAAsC;AACtC,oEAA8D;AAK9D,MAAa,QAAQ;IAoBjB,YAAoB,aAAsC,EAAE;QAjBpD,gBAAW,GAAG,KAAK,CAAC;QAkBxB,IAAI,CAAC,MAAM,GAAG,IAAA,wBAAS,EAAC,yBAAa,EAAE,UAAU,CAAC,CAAC;IACvD,CAAC;IAED,wDAAwD;IACxD,YAAY;IACZ,wDAAwD;IACxD,MAAM,CAAC,WAAW,CAAC,MAAgC;QAC/C,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACrB,QAAQ,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;YACzC,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QACD,OAAO,QAAQ,CAAC,QAAQ,CAAC;IAC7B,CAAC;IAED,MAAM,CAAC,aAAa;QAChB,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC;IAC7B,CAAC;IAED,IAAI;QACA,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,iBAAM,CAAC,IAAI,CAAC,MAAM,uBAAQ,KAAK,0BAAW,kBAAkB,CAAC,CAAC;QAE9D,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAE5B,2BAA2B;QAC3B,uBAAuB;QACvB,IAAA,0BAAU,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAExB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,iBAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACvD,CAAC;IAED,wDAAwD;IACxD,2BAA2B;IAC3B,wDAAwD;IAExD,MAAM,CAAC,IAAI,CAAC,OAAkD;QAC1D,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,WAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5D,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,MAAwB;QACpC,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,OAAa;QACzB,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACrB,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,CAAC,SAAS,CAAC,MAA6C;QAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAEpC,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAQ;gBACjB,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC1B,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;gBAC5B,GAAG,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE;aAC/D,CAAC;YACF,OAAO,QAAQ,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,OAAO,QAAQ,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAa;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACpC,OAAO;YACH,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC;YACxC,QAAQ,CAAC,WAAW,CAAC,UAAU,EAAE;SACpC,CAAC;IACN,CAAC;IAED,wDAAwD;IACxD,iBAAiB;IACjB,wDAAwD;IAEhD,aAAa;QACjB,iBAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAEzC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,KAAK,QAAQ;YAC1D,CAAC,CAAC,IAAI,8BAAY,EAAE;YACpB,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAExD,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;YAC5D,CAAC,CAAC,IAAI,gCAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;YACnD,CAAC,CAAC,IAAI,CAAC;QAEX,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe;YAC7D,CAAC,CAAC,IAAI,wCAAiB,EAAE;YACzB,CAAC,CAAC,IAAI,sCAAgB,EAAE,CAAC;QAE7B,IAAI,CAAC,mBAAmB,GAAG,IAAI,sCAAgB,EAAE,CAAC;QAElD,iBAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACpC,CAAC;IAEO,aAAa;QACjB,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;QAEnG,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CACxC,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,mBAAmB,CAC3B,CAAC;QAEF,qDAAqD;QACrD,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CACxC,IAAI,0BAAU,EAAE,EAChB,IAAI,oDAAuB,EAAE,CAChC,CAAC;QAEF,IAAI,CAAC,gBAAgB,GAAG,IAAI,sCAAgB,CACxC,IAAI,4CAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAC9C,IAAI,0BAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CACxC,CAAC;IACN,CAAC;IAEO,oBAAoB;QACxB,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,EAAE,CAAC;QAErC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAC3B,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;YACvE,IAAI,CAAC,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;YAEjF,IAAI,CAAC,WAAW,GAAG,IAAI,4BAAW,CAAC;gBAC/B,SAAS;gBACT,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBAC3C,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc;aAClD,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAEO,qBAAqB,CAAC,OAAsB;QAChD,MAAM,KAAK,GAAU,EAAE,CAAC;QAExB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAEhE,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,gBAAM,GAAE,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,aAAG,GAAE,CAAC,CAAC;QAE7C,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB;YAAE,KAAK,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;QAEpF,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACzC,MAAM,IAAI,GAAG,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YAChF,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;QAClD,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YAClD,MAAM,IAAI,GAAG,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YACjF,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACrD,MAAM,IAAI,GAAG,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACzF,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACzE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QAC/C,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,8BAAY,CAAC,CAAC;QAEzB,OAAO,KAAK,CAAC;IACjB,CAAC;;AAjML,4BAkMC;AAjMkB,iBAAQ,GAAoB,IAAI,AAAxB,CAAyB","sourcesContent":["// // // src/core/HiSecure.ts\r\n\r\n// // import { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\n// // import { defaultConfig } from \"./config.js\";\r\n// // import { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\n// // import { deepMerge } from \"../utils/deepMerge.js\";\r\n// // import { deepFreeze } from \"../utils/deepFreeze.js\";\r\n\r\n// // import { logger } from \"../logging\";\r\n\r\n// // // Adapters\r\n// // import { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\n// // import { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\n// // import { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\n// // import { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\n// // import { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\n// // import { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\n// // import { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\n// // import { DomPurifyAdapter } from \"../adapters/DomPurifyAdapter.js\";\r\n\r\n// // // Managers\r\n// // import { HashManager } from \"../managers/HashManager.js\";\r\n// // import { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\n// // import { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\n// // import { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\n// // import { JsonManager } from \"../managers/JsonManager.js\";\r\n// // import { CorsManager } from \"../managers/CorsManager.js\";\r\n// // import { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// // // 3rd-party express middlewares\r\n// // import helmet from \"helmet\";\r\n// // import hpp from \"hpp\";\r\n\r\n// // // Shared error handler\r\n// // import { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// // export class HiSecure {\r\n// // private config: HiSecureConfig;\r\n// // private initialized = false;\r\n\r\n// // // Managers exposed for user\r\n// // public hashManager!: HashManager;\r\n// // public rateLimitManager!: RateLimitManager;\r\n// // public validatorManager!: ValidatorManager;\r\n// // public sanitizerManager!: SanitizerManager;\r\n// // public jsonManager!: JsonManager;\r\n// // public corsManager!: CorsManager;\r\n// // public authManager?: AuthManager;\r\n\r\n// // // Internal adapters\r\n// // private hashingPrimary: any;\r\n// // private hashingFallback: any;\r\n// // private rateLimiterPrimary: any;\r\n// // private rateLimiterFallback: any;\r\n// // private validatorPrimary: any;\r\n// // private validatorFallback: any;\r\n// // private sanitizerPrimary: any;\r\n// // private sanitizerFallback: any;\r\n\r\n// // constructor(userConfig: Partial<HiSecureConfig> = {}) {\r\n// // this.config = deepMerge(defaultConfig, userConfig);\r\n// // }\r\n\r\n// // // ---------------------------------------------------------\r\n// // // INIT\r\n// // // ---------------------------------------------------------\r\n// // init() {\r\n// // if (this.initialized) {\r\n// // logger.warn(\"⚠ HiSecure.init() called twice → ignored.\");\r\n// // return;\r\n// // }\r\n\r\n// // logger.info(`🔐 ${LIB_NAME} v${LIB_VERSION} initialized`);\r\n// // logger.info(\"⚙ Loaded configuration:\", this.config);\r\n\r\n// // this.setupAdapters();\r\n// // this.setupManagers();\r\n// // this.setupDynamicManagers();\r\n\r\n// // // IMMUTABLE — library cannot be modified at runtime\r\n// // deepFreeze(this.config);\r\n// // deepFreeze(this.hashManager);\r\n// // deepFreeze(this.rateLimitManager);\r\n// // deepFreeze(this.validatorManager);\r\n// // deepFreeze(this.sanitizerManager);\r\n// // deepFreeze(this.jsonManager);\r\n// // deepFreeze(this.corsManager);\r\n// // if (this.authManager) deepFreeze(this.authManager);\r\n\r\n// // this.initialized = true;\r\n\r\n// // logger.info(\"🔒 HiSecure locked — production-ready\");\r\n// // }\r\n\r\n// // isInitialized() {\r\n// // return this.initialized;\r\n// // }\r\n\r\n// // // ---------------------------------------------------------\r\n// // // ADAPTER SETUP\r\n// // // ---------------------------------------------------------\r\n// // private setupAdapters() {\r\n// // logger.info(\"🧩 Setting up adapters...\");\r\n\r\n// // // Hashing\r\n// // this.hashingPrimary =\r\n// // this.config.hashing.primary === \"argon2\"\r\n// // ? new ArgonAdapter()\r\n// // : new BcryptAdapter(this.config.hashing.saltRounds);\r\n\r\n// // this.hashingFallback =\r\n// // this.config.hashing.fallback === \"bcrypt\"\r\n// // ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n// // : null;\r\n\r\n// // // Rate limiter\r\n// // this.rateLimiterPrimary =\r\n// // this.config.rateLimiter.useAdaptiveMode\r\n// // ? new RLFlexibleAdapter()\r\n// // : new ExpressRLAdapter();\r\n\r\n// // this.rateLimiterFallback = new ExpressRLAdapter();\r\n\r\n// // // Validator\r\n// // this.validatorPrimary =\r\n// // this.config.validation.mode === \"zod\"\r\n// // ? new ZodAdapter()\r\n// // : new ExpressValidatorAdapter();\r\n\r\n// // this.validatorFallback =\r\n// // this.config.validation.fallback === \"express-validator\"\r\n// // ? new ExpressValidatorAdapter()\r\n// // : null;\r\n\r\n// // // Sanitizer\r\n// // this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);\r\n// // this.sanitizerFallback = new DomPurifyAdapter();\r\n\r\n// // logger.info(\"✔ Adapters ready\");\r\n// // }\r\n\r\n// // // ---------------------------------------------------------\r\n// // // MANAGER SETUP\r\n// // // ---------------------------------------------------------\r\n// // private setupManagers() {\r\n// // this.hashManager = new HashManager(\r\n// // this.config.hashing,\r\n// // this.hashingPrimary,\r\n// // this.hashingFallback\r\n// // );\r\n\r\n// // this.rateLimitManager = new RateLimitManager(\r\n// // this.config.rateLimiter,\r\n// // this.rateLimiterPrimary,\r\n// // this.rateLimiterFallback\r\n// // );\r\n\r\n// // this.validatorManager = new ValidatorManager(\r\n// // this.config.validation,\r\n// // this.validatorPrimary,\r\n// // this.validatorFallback\r\n// // );\r\n\r\n// // this.sanitizerManager = new SanitizerManager(\r\n// // this.sanitizerPrimary,\r\n// // this.sanitizerFallback\r\n// // );\r\n// // }\r\n\r\n// // // ---------------------------------------------------------\r\n// // // DYNAMIC MANAGERS (JSON, CORS, AUTH)\r\n// // // ---------------------------------------------------------\r\n// // private setupDynamicManagers() {\r\n// // this.jsonManager = new JsonManager();\r\n// // this.corsManager = new CorsManager();\r\n\r\n// // // AUTH SUPPORT\r\n// // if (this.config.auth?.enabled) {\r\n// // this.authManager = new AuthManager({\r\n// // jwtSecret: process.env.JWT_SECRET!,\r\n// // jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n// // googleClientId: process.env.GOOGLE_CLIENT_ID\r\n// // });\r\n// // }\r\n// // }\r\n\r\n// // // ---------------------------------------------------------\r\n// // // PUBLIC API METHODS\r\n// // // ---------------------------------------------------------\r\n// // hash(value: string) {\r\n// // return this.hashManager.hash(value);\r\n// // }\r\n\r\n// // verify(value: string, hashed: string) {\r\n// // return this.hashManager.verify(value, hashed);\r\n// // }\r\n\r\n// // sanitize(value: string) {\r\n// // return this.sanitizerManager.sanitize(value);\r\n// // }\r\n\r\n// // validate(schema: any) {\r\n// // return this.validatorManager.validate(schema);\r\n// // }\r\n\r\n// // // ---------------------------------------------------------\r\n// // // EXPRESS GLOBAL PIPELINE\r\n// // // ---------------------------------------------------------\r\n// // middleware() {\r\n// // const chain: any[] = [];\r\n\r\n// // // JSON + URL encoded\r\n// // chain.push(this.jsonManager.middleware(this.config.json));\r\n// // chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n\r\n// // // add qs\r\n// // chain.push(this.jsonManager.queryParser());\r\n\r\n// // // Core security\r\n// // if (this.config.enableHelmet) chain.push(helmet());\r\n// // if (this.config.enableHPP) chain.push(hpp());\r\n\r\n// // if (this.config.enableCORS)\r\n// // chain.push(this.corsManager.middleware(this.config.cors));\r\n\r\n// // if (this.config.enableSanitizer)\r\n// // chain.push(this.sanitizerManager.middleware());\r\n\r\n// // if (this.config.enableRateLimiter)\r\n// // chain.push(this.rateLimitManager.middleware());\r\n\r\n// // // Centralized error handling\r\n// // chain.push(errorHandler);\r\n\r\n// // return chain;\r\n// // }\r\n// // }\r\n\r\n\r\n\r\n// // src/core/HiSecure.ts - COMPLETE FIXED\r\n// import { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\n// import { defaultConfig } from \"./config.js\";\r\n// import { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\n// import { deepMerge } from \"../utils/deepMerge.js\";\r\n// import { deepFreeze } from \"../utils/deepFreeze.js\";\r\n// import { logger } from \"../logging/index.js\";\r\n\r\n// // Adapters\r\n// import { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\n// import { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\n// import { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\n// import { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\n// import { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\n// import { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\n// import { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\n// import { XSSAdapter } from \"../adapters/XSSAdapter.js\"; // ✅ FIXED IMPORT\r\n\r\n// // Managers\r\n// import { HashManager } from \"../managers/HashManager.js\";\r\n// import { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\n// import { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\n// import { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\n// import { JsonManager } from \"../managers/JsonManager.js\";\r\n// import { CorsManager } from \"../managers/CorsManager.js\";\r\n// import { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// // Middlewares\r\n// import helmet from \"helmet\";\r\n// import hpp from \"hpp\";\r\n// import compression from \"compression\";\r\n// import { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// // Types\r\n// import { SecureOptions, ValidationSchema } from \"./types/SecureOptions.js\";\r\n\r\n// export class HiSecure {\r\n// private static instance: HiSecure | null = null;\r\n// private config: HiSecureConfig;\r\n// private initialized = false;\r\n\r\n// // Managers\r\n// public hashManager!: HashManager;\r\n// public rateLimitManager!: RateLimitManager;\r\n// public validatorManager!: ValidatorManager;\r\n// public sanitizerManager!: SanitizerManager;\r\n// public jsonManager!: JsonManager;\r\n// public corsManager!: CorsManager;\r\n// public authManager?: AuthManager;\r\n\r\n// // Internal adapters\r\n// private hashingPrimary: any;\r\n// private hashingFallback: any;\r\n// private rateLimiterPrimary: any;\r\n// private rateLimiterFallback: any;\r\n// private validatorPrimary: any;\r\n// private validatorFallback: any;\r\n// private sanitizerPrimary: any;\r\n// private sanitizerFallback: any;\r\n\r\n// // Private constructor for singleton\r\n// private constructor(userConfig: Partial<HiSecureConfig> = {}) {\r\n// this.config = deepMerge(defaultConfig, userConfig);\r\n// }\r\n\r\n// // =====================================================\r\n// // SINGLETON & INITIALIZATION\r\n// // =====================================================\r\n \r\n// static getInstance(config?: Partial<HiSecureConfig>): HiSecure {\r\n// if (!HiSecure.instance) {\r\n// HiSecure.instance = new HiSecure(config);\r\n// HiSecure.instance.init();\r\n// }\r\n// return HiSecure.instance;\r\n// }\r\n\r\n// static resetInstance(): void {\r\n// HiSecure.instance = null;\r\n// }\r\n\r\n// init(): void {\r\n// if (this.initialized) {\r\n// logger.warn(\"⚠ HiSecure already initialized\");\r\n// return;\r\n// }\r\n\r\n// logger.info(`🔐 ${LIB_NAME} v${LIB_VERSION} initializing...`);\r\n\r\n// this.setupAdapters();\r\n// this.setupManagers();\r\n// this.setupDynamicManagers();\r\n\r\n// // Make everything immutable\r\n// deepFreeze(this.config);\r\n// deepFreeze(this.hashManager);\r\n// deepFreeze(this.rateLimitManager);\r\n// deepFreeze(this.validatorManager);\r\n// deepFreeze(this.sanitizerManager);\r\n// deepFreeze(this.jsonManager);\r\n// deepFreeze(this.corsManager);\r\n// if (this.authManager) deepFreeze(this.authManager);\r\n\r\n// this.initialized = true;\r\n// logger.info(\"✅ HiSecure initialized successfully\");\r\n// }\r\n\r\n// isInitialized(): boolean {\r\n// return this.initialized;\r\n// }\r\n\r\n// // =====================================================\r\n// // FLUENT API METHODS (Route-level security)\r\n// // =====================================================\r\n \r\n// static auth(options?: { required?: boolean; roles?: string[] }) {\r\n// const instance = this.getInstance();\r\n// if (!instance.authManager) {\r\n// throw new Error(\"Auth not enabled. Set auth.enabled=true in config.\");\r\n// }\r\n// return instance.authManager.protect(options);\r\n// }\r\n\r\n// static validate(schema: ValidationSchema) {\r\n// return this.getInstance().validatorManager.validate(schema);\r\n// }\r\n\r\n// static sanitize(options?: any) {\r\n// return this.getInstance().sanitizerManager.middleware(options);\r\n// }\r\n\r\n// static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n// const instance = this.getInstance();\r\n \r\n// if (typeof preset === \"string\") {\r\n// const presets = {\r\n// strict: { mode: \"strict\" as const },\r\n// relaxed: { mode: \"relaxed\" as const },\r\n// api: { max: 100, windowMs: 60000 }\r\n// };\r\n// return instance.rateLimitManager.middleware(presets[preset] || {});\r\n// }\r\n \r\n// return instance.rateLimitManager.middleware({ options: preset });\r\n// }\r\n\r\n// static cors(options?: any) {\r\n// return this.getInstance().corsManager.middleware(options);\r\n// }\r\n\r\n// static json(options?: any) {\r\n// const instance = this.getInstance();\r\n// const chain = [];\r\n// chain.push(instance.jsonManager.middleware(options));\r\n// chain.push(instance.jsonManager.urlencoded());\r\n// return chain;\r\n// }\r\n\r\n// // =====================================================\r\n// // UTILITY METHODS (Direct usage)\r\n// // =====================================================\r\n \r\n// static async hash(password: string): Promise<string> {\r\n// const instance = this.getInstance();\r\n// const result = await instance.hashManager.hash(password, { allowFallback: true });\r\n// return result.hash;\r\n// }\r\n\r\n// static async verify(password: string, hash: string): Promise<boolean> {\r\n// return this.getInstance().hashManager.verify(password, hash);\r\n// }\r\n\r\n// static jwt = {\r\n// sign: (payload: object, options?: any) => {\r\n// const instance = HiSecure.getInstance();\r\n// if (!instance.authManager) {\r\n// throw new Error(\"Auth not enabled\");\r\n// }\r\n// return instance.authManager.sign(payload, options);\r\n// },\r\n \r\n// verify: (token: string) => {\r\n// const instance = HiSecure.getInstance();\r\n// if (!instance.authManager) {\r\n// throw new Error(\"Auth not enabled\");\r\n// }\r\n// return instance.authManager.verify(token);\r\n// },\r\n \r\n// google: {\r\n// verifyIdToken: (idToken: string) => {\r\n// const instance = HiSecure.getInstance();\r\n// if (!instance.authManager) {\r\n// throw new Error(\"Auth not enabled\");\r\n// }\r\n// return instance.authManager.verifyGoogleIdToken(idToken);\r\n// }\r\n// }\r\n// };\r\n\r\n// // =====================================================\r\n// // GLOBAL MIDDLEWARE (app.use())\r\n// // =====================================================\r\n \r\n// static middleware(options?: SecureOptions | \"api\" | \"strict\" | \"public\") {\r\n// const instance = this.getInstance();\r\n \r\n// // Handle preset strings\r\n// if (typeof options === \"string\") {\r\n// const presets = {\r\n// api: { cors: true, rateLimit: \"relaxed\", sanitize: true },\r\n// strict: { cors: true, rateLimit: \"strict\", sanitize: true, auth: true },\r\n// public: { cors: true, rateLimit: true }\r\n// };\r\n// options = presets[options] || {};\r\n// }\r\n \r\n// return instance.createMiddlewareChain(options || {});\r\n// }\r\n\r\n// // =====================================================\r\n// // INTERNAL METHODS\r\n// // =====================================================\r\n \r\n// private setupAdapters(): void {\r\n// logger.info(\"🧩 Setting up adapters...\");\r\n\r\n// // Hashing\r\n// this.hashingPrimary = this.config.hashing.primary === \"argon2\"\r\n// ? new ArgonAdapter()\r\n// : new BcryptAdapter(this.config.hashing.saltRounds);\r\n\r\n// this.hashingFallback = this.config.hashing.fallback === \"bcrypt\"\r\n// ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n// : null;\r\n\r\n// // Rate limiting\r\n// this.rateLimiterPrimary = this.config.rateLimiter.useAdaptiveMode\r\n// ? new RLFlexibleAdapter()\r\n// : new ExpressRLAdapter();\r\n// this.rateLimiterFallback = new ExpressRLAdapter();\r\n\r\n// // Validation\r\n// this.validatorPrimary = this.config.validation.mode === \"zod\"\r\n// ? new ZodAdapter()\r\n// : new ExpressValidatorAdapter();\r\n// this.validatorFallback = this.config.validation.fallback === \"express-validator\"\r\n// ? new ExpressValidatorAdapter()\r\n// : null;\r\n\r\n// // Sanitization\r\n// this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);\r\n// this.sanitizerFallback = new XSSAdapter(this.config.sanitizer); // ✅ XSSAdapter, NOT DomPurifyAdapter\r\n\r\n// logger.info(\"✅ Adapters ready\");\r\n// }\r\n\r\n// private setupManagers(): void {\r\n// this.hashManager = new HashManager(\r\n// this.config.hashing,\r\n// this.hashingPrimary,\r\n// this.hashingFallback\r\n// );\r\n\r\n// this.rateLimitManager = new RateLimitManager(\r\n// this.config.rateLimiter,\r\n// this.rateLimiterPrimary,\r\n// this.rateLimiterFallback\r\n// );\r\n\r\n// this.validatorManager = new ValidatorManager(\r\n// this.config.validation,\r\n// this.validatorPrimary,\r\n// this.validatorFallback\r\n// );\r\n\r\n// this.sanitizerManager = new SanitizerManager(\r\n// this.sanitizerPrimary,\r\n// this.sanitizerFallback\r\n// );\r\n// }\r\n\r\n// private setupDynamicManagers(): void {\r\n// this.jsonManager = new JsonManager();\r\n// this.corsManager = new CorsManager();\r\n\r\n// // Auth manager (only if enabled)\r\n// if (this.config.auth.enabled) {\r\n// const jwtSecret = process.env.JWT_SECRET || this.config.auth.jwtSecret;\r\n// if (!jwtSecret) {\r\n// throw new Error(\"JWT_SECRET environment variable or jwtSecret in config is required when auth.enabled=true\");\r\n// }\r\n\r\n// this.authManager = new AuthManager({\r\n// jwtSecret,\r\n// jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n// googleClientId: process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId,\r\n// // ✅ Add algorithm option for JWT security\r\n// algorithm: 'HS256'\r\n// });\r\n// }\r\n// }\r\n\r\n// private createMiddlewareChain(options: SecureOptions): any[] {\r\n// const chain: any[] = [];\r\n \r\n// // JSON parsing\r\n// chain.push(this.jsonManager.middleware(this.config.json));\r\n// chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n \r\n// // Security headers\r\n// if (this.config.enableHelmet) chain.push(helmet());\r\n// if (this.config.enableHPP) chain.push(hpp());\r\n \r\n// // Compression (check if compression config exists)\r\n// if (this.config.enableCompression && this.config.compression) {\r\n// chain.push(compression(this.config.compression));\r\n// } else if (this.config.enableCompression) {\r\n// chain.push(compression()); // Use defaults\r\n// }\r\n \r\n// // CORS\r\n// if (this.config.enableCORS || options.cors) {\r\n// const corsOptions = options.cors === true ? this.config.cors : \r\n// (typeof options.cors === 'object' ? options.cors : this.config.cors);\r\n// chain.push(this.corsManager.middleware(corsOptions));\r\n// }\r\n \r\n// // Sanitization\r\n// if (this.config.enableSanitizer || options.sanitize) {\r\n// const sanitizeOptions = options.sanitize === true ? undefined : \r\n// (typeof options.sanitize === 'object' ? options.sanitize : undefined);\r\n// chain.push(this.sanitizerManager.middleware(sanitizeOptions));\r\n// }\r\n \r\n// // Rate limiting\r\n// if (this.config.enableRateLimiter || options.rateLimit) {\r\n// const rateLimitOpts = typeof options.rateLimit === 'object' ? \r\n// { options: options.rateLimit } : {};\r\n// chain.push(this.rateLimitManager.middleware(rateLimitOpts));\r\n// }\r\n \r\n// // Authentication\r\n// if (options.auth && this.authManager) {\r\n// const authOpts = options.auth === true ? undefined : \r\n// (typeof options.auth === 'object' ? options.auth : undefined);\r\n// chain.push(this.authManager.protect(authOpts));\r\n// }\r\n \r\n// // Error handler (always last)\r\n// chain.push(errorHandler);\r\n \r\n// return chain;\r\n// }\r\n// }\r\n\r\n\r\n// =================\r\n\r\n// // src/core/HiSecure.ts - COMPLETELY FIXED\r\n// import { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\n// import { defaultConfig } from \"./config.js\";\r\n// import { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\n// import { deepMerge } from \"../utils/deepMerge.js\";\r\n// import { deepFreeze } from \"../utils/deepFreeze.js\";\r\n// import { logger } from \"../logging/index.js\";\r\n\r\n// // Adapters\r\n// import { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\n// import { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\n// import { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\n// import { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\n// import { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\n// import { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\n// import { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\n// import { XSSAdapter } from \"../adapters/XSSAdapter.js\";\r\n\r\n// // Managers\r\n// import { HashManager } from \"../managers/HashManager.js\";\r\n// import { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\n// import { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\n// import { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\n// import { JsonManager } from \"../managers/JsonManager.js\";\r\n// import { CorsManager } from \"../managers/CorsManager.js\";\r\n// import { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// // Middlewares\r\n// import helmet from \"helmet\";\r\n// import hpp from \"hpp\";\r\n// import compression from \"compression\";\r\n// import { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// // Types\r\n// import { SecureOptions, ValidationSchema, RateLimitOptions } from \"./types/SecureOptions.js\";\r\n\r\n// export class HiSecure {\r\n// private static instance: HiSecure | null = null;\r\n// private config: HiSecureConfig;\r\n// private initialized = false;\r\n\r\n// // Managers\r\n// public hashManager!: HashManager;\r\n// public rateLimitManager!: RateLimitManager;\r\n// public validatorManager!: ValidatorManager;\r\n// public sanitizerManager!: SanitizerManager;\r\n// public jsonManager!: JsonManager;\r\n// public corsManager!: CorsManager;\r\n// public authManager?: AuthManager;\r\n\r\n// // Internal adapters\r\n// private hashingPrimary: any;\r\n// private hashingFallback: any;\r\n// private rateLimiterPrimary: any;\r\n// private rateLimiterFallback: any;\r\n// private validatorPrimary: any;\r\n// private validatorFallback: any;\r\n// private sanitizerPrimary: any;\r\n// private sanitizerFallback: any;\r\n\r\n// // Private constructor for singleton\r\n// private constructor(userConfig: Partial<HiSecureConfig> = {}) {\r\n// this.config = deepMerge(defaultConfig, userConfig);\r\n// }\r\n\r\n// // =====================================================\r\n// // SINGLETON & INITIALIZATION\r\n// // =====================================================\r\n \r\n// static getInstance(config?: Partial<HiSecureConfig>): HiSecure {\r\n// if (!HiSecure.instance) {\r\n// HiSecure.instance = new HiSecure(config);\r\n// HiSecure.instance.init();\r\n// }\r\n// return HiSecure.instance;\r\n// }\r\n\r\n// static resetInstance(): void {\r\n// HiSecure.instance = null;\r\n// }\r\n\r\n// init(): void {\r\n// if (this.initialized) {\r\n// logger.warn(\"⚠ HiSecure already initialized\");\r\n// return;\r\n// }\r\n\r\n// logger.info(`🔐 ${LIB_NAME} v${LIB_VERSION} initializing...`);\r\n\r\n// this.setupAdapters();\r\n// this.setupManagers();\r\n// this.setupDynamicManagers();\r\n\r\n// // Make everything immutable\r\n// deepFreeze(this.config);\r\n// deepFreeze(this.hashManager);\r\n// deepFreeze(this.rateLimitManager);\r\n// deepFreeze(this.validatorManager);\r\n// deepFreeze(this.sanitizerManager);\r\n// deepFreeze(this.jsonManager);\r\n// deepFreeze(this.corsManager);\r\n// if (this.authManager) deepFreeze(this.authManager);\r\n\r\n// this.initialized = true;\r\n// logger.info(\"✅ HiSecure initialized successfully\");\r\n// }\r\n\r\n// isInitialized(): boolean {\r\n// return this.initialized;\r\n// }\r\n\r\n// // =====================================================\r\n// // FLUENT API METHODS (Route-level security)\r\n// // =====================================================\r\n \r\n// static auth(options?: { required?: boolean; roles?: string[] }) {\r\n// const instance = this.getInstance();\r\n// if (!instance.authManager) {\r\n// throw new Error(\"Auth not enabled. Set auth.enabled=true in config.\");\r\n// }\r\n// return instance.authManager.protect(options);\r\n// }\r\n\r\n// static validate(schema: ValidationSchema) {\r\n// return this.getInstance().validatorManager.validate(schema);\r\n// }\r\n\r\n// static sanitize(options?: any) {\r\n// return this.getInstance().sanitizerManager.middleware(options);\r\n// }\r\n\r\n// static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n// const instance = this.getInstance();\r\n \r\n// if (typeof preset === \"string\") {\r\n// const presets: Record<string, { mode?: \"strict\" | \"relaxed\" | \"api\"; options?: any }> = {\r\n// strict: { mode: \"strict\" },\r\n// relaxed: { mode: \"relaxed\" },\r\n// api: { mode: \"api\", options: { max: 100, windowMs: 60000 } }\r\n// };\r\n// return instance.rateLimitManager.middleware(presets[preset] || {});\r\n// }\r\n \r\n// return instance.rateLimitManager.middleware({ options: preset });\r\n// }\r\n\r\n// static cors(options?: any) {\r\n// return this.getInstance().corsManager.middleware(options);\r\n// }\r\n\r\n// static json(options?: any) {\r\n// const instance = this.getInstance();\r\n// const chain = [];\r\n// chain.push(instance.jsonManager.middleware(options));\r\n// chain.push(instance.jsonManager.urlencoded());\r\n// return chain;\r\n// }\r\n\r\n// // =====================================================\r\n// // UTILITY METHODS (Direct usage)\r\n// // =====================================================\r\n \r\n// static async hash(password: string): Promise<string> {\r\n// const instance = this.getInstance();\r\n// const result = await instance.hashManager.hash(password, { allowFallback: true });\r\n// return result.hash;\r\n// }\r\n\r\n// static async verify(password: string, hash: string): Promise<boolean> {\r\n// return this.getInstance().hashManager.verify(password, hash);\r\n// }\r\n\r\n// static jwt = {\r\n// sign: (payload: object, options?: any) => {\r\n// const instance = HiSecure.getInstance();\r\n// if (!instance.authManager) {\r\n// throw new Error(\"Auth not enabled\");\r\n// }\r\n// return instance.authManager.sign(payload, options);\r\n// },\r\n \r\n// verify: (token: string) => {\r\n// const instance = HiSecure.getInstance();\r\n// if (!instance.authManager) {\r\n// throw new Error(\"Auth not enabled\");\r\n// }\r\n// return instance.authManager.verify(token);\r\n// },\r\n \r\n// google: {\r\n// verifyIdToken: (idToken: string) => {\r\n// const instance = HiSecure.getInstance();\r\n// if (!instance.authManager) {\r\n// throw new Error(\"Auth not enabled\");\r\n// }\r\n// return instance.authManager.verifyGoogleIdToken(idToken);\r\n// }\r\n// }\r\n// };\r\n\r\n// // =====================================================\r\n// // GLOBAL MIDDLEWARE (app.use())\r\n// // =====================================================\r\n \r\n// static middleware(options?: SecureOptions | \"api\" | \"strict\" | \"public\") {\r\n// const instance = this.getInstance();\r\n \r\n// // Handle preset strings\r\n// if (typeof options === \"string\") {\r\n// const presets: Record<string, SecureOptions> = {\r\n// api: { cors: true, rateLimit: \"relaxed\" as any, sanitize: true },\r\n// strict: { cors: true, rateLimit: \"strict\" as any, sanitize: true, auth: true },\r\n// public: { cors: true, rateLimit: true as any, sanitize: false }\r\n// };\r\n// const presetOptions = presets[options];\r\n// if (presetOptions) {\r\n// return instance.createMiddlewareChain(presetOptions);\r\n// }\r\n// return instance.createMiddlewareChain({});\r\n// }\r\n \r\n// return instance.createMiddlewareChain(options || {});\r\n// }\r\n\r\n// // =====================================================\r\n// // INTERNAL METHODS\r\n// // =====================================================\r\n \r\n// private setupAdapters(): void {\r\n// logger.info(\"🧩 Setting up adapters...\");\r\n\r\n// // Hashing\r\n// this.hashingPrimary = this.config.hashing.primary === \"argon2\"\r\n// ? new ArgonAdapter()\r\n// : new BcryptAdapter(this.config.hashing.saltRounds);\r\n\r\n// this.hashingFallback = this.config.hashing.fallback === \"bcrypt\"\r\n// ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n// : null;\r\n\r\n// // Rate limiting\r\n// this.rateLimiterPrimary = this.config.rateLimiter.useAdaptiveMode\r\n// ? new RLFlexibleAdapter()\r\n// : new ExpressRLAdapter();\r\n// this.rateLimiterFallback = new ExpressRLAdapter();\r\n\r\n// // Validation\r\n// this.validatorPrimary = this.config.validation.mode === \"zod\"\r\n// ? new ZodAdapter()\r\n// : new ExpressValidatorAdapter();\r\n// this.validatorFallback = this.config.validation.fallback === \"express-validator\"\r\n// ? new ExpressValidatorAdapter()\r\n// : null;\r\n\r\n// // Sanitization\r\n// this.sanitizerPrimary = new SanitizeHtmlAdapter(this.config.sanitizer);\r\n// this.sanitizerFallback = new XSSAdapter(this.config.sanitizer);\r\n\r\n// logger.info(\"✅ Adapters ready\");\r\n// }\r\n\r\n// private setupManagers(): void {\r\n// this.hashManager = new HashManager(\r\n// this.config.hashing,\r\n// this.hashingPrimary,\r\n// this.hashingFallback\r\n// );\r\n\r\n// this.rateLimitManager = new RateLimitManager(\r\n// this.config.rateLimiter,\r\n// this.rateLimiterPrimary,\r\n// this.rateLimiterFallback\r\n// );\r\n\r\n// this.validatorManager = new ValidatorManager(\r\n// // this.config.validation,\r\n// // this.validatorPrimary,\r\n// // this.validatorFallback\r\n// new ZodAdapter(),\r\n// new ExpressValidatorAdapter()\r\n// );\r\n\r\n// this.sanitizerManager = new SanitizerManager(\r\n// this.sanitizerPrimary,\r\n// this.sanitizerFallback\r\n// );\r\n// }\r\n\r\n// private setupDynamicManagers(): void {\r\n// this.jsonManager = new JsonManager();\r\n// this.corsManager = new CorsManager();\r\n\r\n// // Auth manager (only if enabled)\r\n// if (this.config.auth.enabled) {\r\n// const jwtSecret = process.env.JWT_SECRET || this.config.auth.jwtSecret;\r\n// if (!jwtSecret) {\r\n// throw new Error(\"JWT_SECRET environment variable or jwtSecret in config is required when auth.enabled=true\");\r\n// }\r\n\r\n// this.authManager = new AuthManager({\r\n// jwtSecret,\r\n// jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n// googleClientId: process.env.GOOGLE_CLIENT_ID || this.config.auth.googleClientId\r\n// // Removed algorithm - handled in AuthManager\r\n// });\r\n// }\r\n// }\r\n\r\n// private createMiddlewareChain(options: SecureOptions): any[] {\r\n// const chain: any[] = [];\r\n \r\n// // JSON parsing\r\n// chain.push(this.jsonManager.middleware(this.config.json));\r\n// chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n \r\n// // Security headers\r\n// if (this.config.enableHelmet) chain.push(helmet());\r\n// if (this.config.enableHPP) chain.push(hpp());\r\n \r\n// // Compression (check if compression config exists)\r\n// if (this.config.enableCompression && this.config.compression) {\r\n// chain.push(compression(this.config.compression));\r\n// } else if (this.config.enableCompression) {\r\n// chain.push(compression()); // Use defaults\r\n// }\r\n \r\n// // CORS\r\n// if (this.config.enableCORS || options.cors) {\r\n// const corsOptions = options.cors === true ? this.config.cors : \r\n// (typeof options.cors === 'object' ? options.cors : this.config.cors);\r\n// chain.push(this.corsManager.middleware(corsOptions));\r\n// }\r\n \r\n// // Sanitization\r\n// if (this.config.enableSanitizer || options.sanitize) {\r\n// const sanitizeOptions = options.sanitize === true ? undefined : \r\n// (typeof options.sanitize === 'object' ? options.sanitize : undefined);\r\n// chain.push(this.sanitizerManager.middleware(sanitizeOptions));\r\n// }\r\n \r\n// // Rate limiting\r\n// if (this.config.enableRateLimiter || options.rateLimit) {\r\n// const rateLimitOpts = typeof options.rateLimit === 'object' ? \r\n// { options: options.rateLimit } : {};\r\n// chain.push(this.rateLimitManager.middleware(rateLimitOpts));\r\n// }\r\n \r\n// // Authentication\r\n// if (options.auth && this.authManager) {\r\n// const authOpts = options.auth === true ? undefined : \r\n// (typeof options.auth === 'object' ? options.auth : undefined);\r\n// chain.push(this.authManager.protect(authOpts));\r\n// }\r\n \r\n// // Error handler (always last)\r\n// chain.push(errorHandler);\r\n \r\n// return chain;\r\n// }\r\n// }\r\n\r\n\r\n// ===================\r\n\r\n// src/core/HiSecure.ts - FINAL VERSION\r\nimport { HiSecureConfig } from \"./types/HiSecureConfig.js\";\r\nimport { defaultConfig } from \"./config.js\";\r\nimport { LIB_NAME, LIB_VERSION } from \"./constants.js\";\r\nimport { deepMerge } from \"../utils/deepMerge.js\";\r\nimport { deepFreeze } from \"../utils/deepFreeze.js\";\r\nimport { logger } from \"../logging/index.js\";\r\n\r\n// Adapters\r\nimport { ArgonAdapter } from \"../adapters/ArgonAdapter.js\";\r\nimport { BcryptAdapter } from \"../adapters/BcryptAdapter.js\";\r\nimport { RLFlexibleAdapter } from \"../adapters/RLFlexibleAdapter.js\";\r\nimport { ExpressRLAdapter } from \"../adapters/ExpressRLAdapter.js\";\r\nimport { ZodAdapter } from \"../adapters/ZodAdapter.js\";\r\nimport { ExpressValidatorAdapter } from \"../adapters/ExpressValidatorAdapter.js\";\r\nimport { SanitizeHtmlAdapter } from \"../adapters/SanitizeHtmlAdapter.js\";\r\nimport { XSSAdapter } from \"../adapters/XSSAdapter.js\";\r\n\r\n// Managers\r\nimport { HashManager } from \"../managers/HashManager.js\";\r\nimport { RateLimitManager } from \"../managers/RateLimitManager.js\";\r\nimport { ValidatorManager } from \"../managers/ValidatorManager.js\";\r\nimport { SanitizerManager } from \"../managers/SanitizerManager.js\";\r\nimport { JsonManager } from \"../managers/JsonManager.js\";\r\nimport { CorsManager } from \"../managers/CorsManager.js\";\r\nimport { AuthManager } from \"../managers/AuthManager.js\";\r\n\r\n// Middlewares\r\nimport helmet from \"helmet\";\r\nimport hpp from \"hpp\";\r\nimport compression from \"compression\";\r\nimport { errorHandler } from \"../middlewares/errorHandler.js\";\r\n\r\n// Types\r\nimport { SecureOptions, ValidationSchema } from \"./types/SecureOptions.js\";\r\n\r\nexport class HiSecure {\r\n private static instance: HiSecure | null = null;\r\n private config: HiSecureConfig;\r\n private initialized = false;\r\n\r\n // Managers\r\n public hashManager!: HashManager;\r\n public rateLimitManager!: RateLimitManager;\r\n public validatorManager!: ValidatorManager;\r\n public sanitizerManager!: SanitizerManager;\r\n public jsonManager!: JsonManager;\r\n public corsManager!: CorsManager;\r\n public authManager?: AuthManager;\r\n\r\n // Internal adapters\r\n private hashingPrimary: any;\r\n private hashingFallback: any;\r\n private rateLimiterPrimary: any;\r\n private rateLimiterFallback: any;\r\n\r\n private constructor(userConfig: Partial<HiSecureConfig> = {}) {\r\n this.config = deepMerge(defaultConfig, userConfig);\r\n }\r\n\r\n // =====================================================\r\n // SINGLETON\r\n // =====================================================\r\n static getInstance(config?: Partial<HiSecureConfig>): HiSecure {\r\n if (!HiSecure.instance) {\r\n HiSecure.instance = new HiSecure(config);\r\n HiSecure.instance.init();\r\n }\r\n return HiSecure.instance;\r\n }\r\n\r\n static resetInstance(): void {\r\n HiSecure.instance = null;\r\n }\r\n\r\n init(): void {\r\n if (this.initialized) return;\r\n\r\n logger.info(`🔐 ${LIB_NAME} v${LIB_VERSION} initializing...`);\r\n\r\n this.setupAdapters();\r\n this.setupManagers();\r\n this.setupDynamicManagers();\r\n\r\n // ❌ DO NOT FREEZE MANAGERS\r\n // ✔ Only freeze config\r\n deepFreeze(this.config);\r\n\r\n this.initialized = true;\r\n logger.info(\"✅ HiSecure initialized successfully\");\r\n }\r\n\r\n // =====================================================\r\n // FLUENT API (Route-level)\r\n // =====================================================\r\n\r\n static auth(options?: { required?: boolean; roles?: string[] }) {\r\n return this.getInstance().authManager!.protect(options);\r\n }\r\n\r\n static validate(schema: ValidationSchema) {\r\n return this.getInstance().validatorManager.validate(schema);\r\n }\r\n\r\n static sanitize(options?: any) {\r\n return this.getInstance().sanitizerManager.middleware(options);\r\n }\r\n\r\n static cors(options?: any) {\r\n return this.getInstance().corsManager.middleware(options);\r\n }\r\n\r\n static rateLimit(preset: \"strict\" | \"relaxed\" | \"api\" | object) {\r\n const instance = this.getInstance();\r\n\r\n if (typeof preset === \"string\") {\r\n const presets: any = {\r\n strict: { mode: \"strict\" },\r\n relaxed: { mode: \"relaxed\" },\r\n api: { mode: \"api\", options: { max: 100, windowMs: 60000 } }\r\n };\r\n return instance.rateLimitManager.middleware(presets[preset] || {});\r\n }\r\n return instance.rateLimitManager.middleware({ options: preset });\r\n }\r\n\r\n static json(options?: any) {\r\n const instance = this.getInstance();\r\n return [\r\n instance.jsonManager.middleware(options),\r\n instance.jsonManager.urlencoded()\r\n ];\r\n }\r\n\r\n // =====================================================\r\n // INTERNAL SETUP\r\n // =====================================================\r\n\r\n private setupAdapters(): void {\r\n logger.info(\"🧩 Setting up adapters...\");\r\n\r\n this.hashingPrimary = this.config.hashing.primary === \"argon2\"\r\n ? new ArgonAdapter()\r\n : new BcryptAdapter(this.config.hashing.saltRounds);\r\n\r\n this.hashingFallback = this.config.hashing.fallback === \"bcrypt\"\r\n ? new BcryptAdapter(this.config.hashing.saltRounds)\r\n : null;\r\n\r\n this.rateLimiterPrimary = this.config.rateLimiter.useAdaptiveMode\r\n ? new RLFlexibleAdapter()\r\n : new ExpressRLAdapter();\r\n\r\n this.rateLimiterFallback = new ExpressRLAdapter();\r\n\r\n logger.info(\"✅ Adapters ready\");\r\n }\r\n\r\n private setupManagers(): void {\r\n this.hashManager = new HashManager(this.config.hashing, this.hashingPrimary, this.hashingFallback);\r\n\r\n this.rateLimitManager = new RateLimitManager(\r\n this.config.rateLimiter,\r\n this.rateLimiterPrimary,\r\n this.rateLimiterFallback\r\n );\r\n\r\n // ✔ AUTO-DETECT VALIDATION (ZOD + EXPRESS-VALIDATOR)\r\n this.validatorManager = new ValidatorManager(\r\n new ZodAdapter(),\r\n new ExpressValidatorAdapter()\r\n );\r\n\r\n this.sanitizerManager = new SanitizerManager(\r\n new SanitizeHtmlAdapter(this.config.sanitizer),\r\n new XSSAdapter(this.config.sanitizer)\r\n );\r\n }\r\n\r\n private setupDynamicManagers(): void {\r\n this.jsonManager = new JsonManager();\r\n this.corsManager = new CorsManager();\r\n\r\n if (this.config.auth.enabled) {\r\n const jwtSecret = process.env.JWT_SECRET || this.config.auth.jwtSecret;\r\n if (!jwtSecret) throw new Error(\"JWT_SECRET is required when auth.enabled=true\");\r\n\r\n this.authManager = new AuthManager({\r\n jwtSecret,\r\n jwtExpiresIn: this.config.auth.jwtExpiresIn,\r\n googleClientId: this.config.auth.googleClientId\r\n });\r\n }\r\n }\r\n\r\n private createMiddlewareChain(options: SecureOptions): any[] {\r\n const chain: any[] = [];\r\n\r\n chain.push(this.jsonManager.middleware(this.config.json));\r\n chain.push(this.jsonManager.urlencoded(this.config.urlencoded));\r\n\r\n if (this.config.enableHelmet) chain.push(helmet());\r\n if (this.config.enableHPP) chain.push(hpp());\r\n\r\n if (this.config.enableCompression) chain.push(compression(this.config.compression));\r\n\r\n if (this.config.enableCORS || options.cors) {\r\n const opts = typeof options.cors === \"object\" ? options.cors : this.config.cors;\r\n chain.push(this.corsManager.middleware(opts));\r\n }\r\n\r\n if (this.config.enableSanitizer || options.sanitize) {\r\n const opts = typeof options.sanitize === \"object\" ? options.sanitize : undefined;\r\n chain.push(this.sanitizerManager.middleware(opts));\r\n }\r\n\r\n if (this.config.enableRateLimiter || options.rateLimit) {\r\n const opts = typeof options.rateLimit === \"object\" ? { options: options.rateLimit } : {};\r\n chain.push(this.rateLimitManager.middleware(opts));\r\n }\r\n\r\n if (options.auth && this.authManager) {\r\n const opts = typeof options.auth === \"object\" ? options.auth : undefined;\r\n chain.push(this.authManager.protect(opts));\r\n }\r\n\r\n chain.push(errorHandler);\r\n\r\n return chain;\r\n }\r\n}\r\n"]}
package/dist/core/errors/HttpError.d.ts ADDED
@@ -0,0 +1,17 @@
1
+ export declare class HttpError extends Error {
2
+ status: number;
3
+ code?: string;
4
+ details?: any;
5
+ constructor(status: number, message: string, options?: {
6
+ code?: string;
7
+ details?: any;
8
+ });
9
+ static BadRequest(message?: string, details?: any): HttpError;
10
+ static Unauthorized(message?: string, details?: any): HttpError;
11
+ static Forbidden(message?: string, details?: any): HttpError;
12
+ static NotFound(message?: string, details?: any): HttpError;
13
+ static Conflict(message?: string, details?: any): HttpError;
14
+ static TooManyRequests(message?: string, details?: any): HttpError;
15
+ static Internal(message?: string, details?: any): HttpError;
16
+ }
17
+ //# sourceMappingURL=HttpError.d.ts.map
package/dist/core/errors/HttpError.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"HttpError.d.ts","sourceRoot":"","sources":["../../../src/core/errors/HttpError.ts"],"names":[],"mappings":"AAAA,qBAAa,SAAU,SAAQ,KAAK;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,GAAG,CAAC;gBAGV,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE;QAAE,IAAI,CAAC,EAAC,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,GAAG,CAAA;KAAE;IAU7C,MAAM,CAAC,UAAU,CAAC,OAAO,SAAgB,EAAE,OAAO,CAAC,EAAE,GAAG;IAIxD,MAAM,CAAC,YAAY,CAAC,OAAO,SAAiB,EAAE,OAAO,CAAC,EAAE,GAAG;IAI3D,MAAM,CAAC,SAAS,CAAC,OAAO,SAAc,EAAE,OAAO,CAAC,EAAE,GAAG;IAIrD,MAAM,CAAC,QAAQ,CAAC,OAAO,SAAc,EAAE,OAAO,CAAC,EAAE,GAAG;IAIpD,MAAM,CAAC,QAAQ,CAAC,OAAO,SAAa,EAAE,OAAO,CAAC,EAAE,GAAG;IAInD,MAAM,CAAC,eAAe,CAAC,OAAO,SAAsB,EAAE,OAAO,CAAC,EAAE,GAAG;IAInE,MAAM,CAAC,QAAQ,CAAC,OAAO,SAA0B,EAAE,OAAO,CAAC,EAAE,GAAG;CAGnE"}
package/dist/core/errors/HttpError.js ADDED
@@ -0,0 +1,36 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.HttpError = void 0;
4
+ class HttpError extends Error {
5
+ constructor(status, message, options) {
6
+ super(message);
7
+ this.status = status;
8
+ this.code = options?.code;
9
+ this.details = options?.details;
10
+ this.name = "HttpError";
11
+ }
12
+ // ---------- STATIC HELPERS ----------
13
+ static BadRequest(message = "Bad Request", details) {
14
+ return new HttpError(400, message, { code: "BAD_REQUEST", details });
15
+ }
16
+ static Unauthorized(message = "Unauthorized", details) {
17
+ return new HttpError(401, message, { code: "UNAUTHORIZED", details });
18
+ }
19
+ static Forbidden(message = "Forbidden", details) {
20
+ return new HttpError(403, message, { code: "FORBIDDEN", details });
21
+ }
22
+ static NotFound(message = "Not Found", details) {
23
+ return new HttpError(404, message, { code: "NOT_FOUND", details });
24
+ }
25
+ static Conflict(message = "Conflict", details) {
26
+ return new HttpError(409, message, { code: "CONFLICT", details });
27
+ }
28
+ static TooManyRequests(message = "Too Many Requests", details) {
29
+ return new HttpError(429, message, { code: "RATE_LIMIT", details });
30
+ }
31
+ static Internal(message = "Internal Server Error", details) {
32
+ return new HttpError(500, message, { code: "INTERNAL_ERROR", details });
33
+ }
34
+ }
35
+ exports.HttpError = HttpError;
36
+ //# sourceMappingURL=HttpError.js.map
package/dist/core/errors/HttpError.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"HttpError.js","sourceRoot":"","sources":["../../../src/core/errors/HttpError.ts"],"names":[],"mappings":";;;AAAA,MAAa,SAAU,SAAQ,KAAK;IAKhC,YACI,MAAc,EACd,OAAe,EACf,OAAyC;QAEzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,OAAO,EAAE,IAAc,CAAC;QACpC,IAAI,CAAC,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC;QAChC,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC5B,CAAC;IAED,uCAAuC;IACvC,MAAM,CAAC,UAAU,CAAC,OAAO,GAAG,aAAa,EAAE,OAAa;QACpD,OAAO,IAAI,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,CAAC,YAAY,CAAC,OAAO,GAAG,cAAc,EAAE,OAAa;QACvD,OAAO,IAAI,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,MAAM,CAAC,SAAS,CAAC,OAAO,GAAG,WAAW,EAAE,OAAa;QACjD,OAAO,IAAI,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,OAAO,GAAG,WAAW,EAAE,OAAa;QAChD,OAAO,IAAI,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,OAAO,GAAG,UAAU,EAAE,OAAa;QAC/C,OAAO,IAAI,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,CAAC,eAAe,CAAC,OAAO,GAAG,mBAAmB,EAAE,OAAa;QAC/D,OAAO,IAAI,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,OAAO,GAAG,uBAAuB,EAAE,OAAa;QAC5D,OAAO,IAAI,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,CAAC,CAAC;IAC5E,CAAC;CACJ;AA7CD,8BA6CC","sourcesContent":["export class HttpError extends Error {\r\n status: number;\r\n code?: string;\r\n details?: any;\r\n\r\n constructor(\r\n status: number,\r\n message: string,\r\n options?: { code?:string; details?: any }\r\n ) {\r\n super(message);\r\n this.status = status;\r\n this.code = options?.code as string;\r\n this.details = options?.details;\r\n this.name = \"HttpError\";\r\n }\r\n\r\n // ---------- STATIC HELPERS ----------\r\n static BadRequest(message = \"Bad Request\", details?: any) {\r\n return new HttpError(400, message, { code: \"BAD_REQUEST\", details });\r\n }\r\n\r\n static Unauthorized(message = \"Unauthorized\", details?: any) {\r\n return new HttpError(401, message, { code: \"UNAUTHORIZED\", details });\r\n }\r\n\r\n static Forbidden(message = \"Forbidden\", details?: any) {\r\n return new HttpError(403, message, { code: \"FORBIDDEN\", details });\r\n }\r\n\r\n static NotFound(message = \"Not Found\", details?: any) {\r\n return new HttpError(404, message, { code: \"NOT_FOUND\", details });\r\n }\r\n\r\n static Conflict(message = \"Conflict\", details?: any) {\r\n return new HttpError(409, message, { code: \"CONFLICT\", details });\r\n }\r\n\r\n static TooManyRequests(message = \"Too Many Requests\", details?: any) {\r\n return new HttpError(429, message, { code: \"RATE_LIMIT\", details });\r\n }\r\n\r\n static Internal(message = \"Internal Server Error\", details?: any) {\r\n return new HttpError(500, message, { code: \"INTERNAL_ERROR\", details });\r\n }\r\n}\r\n"]}
package/dist/core/useSecure.d.ts CHANGED
@@ -1,10 +1,3 @@
1
1
  import { SecureOptions } from "./types/SecureOptions.js";
2
- /**
3
- * @deprecated Use HiSecure.middleware() or fluent API instead
4
- */
5
- export declare function useSecure(options?: SecureOptions | "api" | "strict" | "public"): any[];
6
- /**
7
- * Legacy support - route-level security
8
- */
9
2
  export declare function secureRoute(options?: SecureOptions): any[];
10
3
  //# sourceMappingURL=useSecure.d.ts.map
package/dist/core/useSecure.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"useSecure.d.ts","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":"AAgEA,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAEzD;;GAEG;AACH,wBAAgB,SAAS,CAAC,OAAO,CAAC,EAAE,aAAa,GAAG,KAAK,GAAG,QAAQ,GAAG,QAAQ,SAG9E;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,CAAC,EAAE,aAAa,SAiClD"}
1
+ {"version":3,"file":"useSecure.d.ts","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":"AAqHA,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAEzD,wBAAgB,WAAW,CAAC,OAAO,CAAC,EAAE,aAAa,SA8ClD"}
package/dist/core/useSecure.js CHANGED
@@ -2,7 +2,6 @@
2
2
  // import { normalizeOptions } from "../utils/normalizeOptions.js";
3
3
  // import { HiSecure } from "./HiSecure.js";
4
4
  Object.defineProperty(exports, "__esModule", { value: true });
5
- exports.useSecure = useSecure;
6
5
  exports.secureRoute = secureRoute;
7
6
  // export function useSecure(engine: HiSecure, input?: any) {
8
7
  // if (!engine.isInitialized()) {
@@ -51,34 +50,79 @@ exports.secureRoute = secureRoute;
51
50
  // }
52
51
  // src/core/useSecure.ts - SIMPLER VERSION
53
52
  // This is now optional since HiSecure class has fluent API
53
+ // import { HiSecure } from "./HiSecure.js";
54
+ // import { SecureOptions } from "./types/SecureOptions.js";
55
+ // /**
56
+ // * @deprecated Use HiSecure.middleware() or fluent API instead
57
+ // */
58
+ // export function useSecure(options?: SecureOptions | "api" | "strict" | "public") {
59
+ // console.warn("⚠ useSecure() is deprecated. Use HiSecure.middleware() or fluent API methods.");
60
+ // return HiSecure.middleware(options);
61
+ // }
62
+ // /**
63
+ // * Legacy support - route-level security
64
+ // */
65
+ // export function secureRoute(options?: SecureOptions) {
66
+ // const chain: any[] = [];
67
+ // if (options?.cors) {
68
+ // chain.push(HiSecure.cors(
69
+ // typeof options.cors === 'object' ? options.cors : undefined
70
+ // ));
71
+ // }
72
+ // if (options?.rateLimit) {
73
+ // chain.push(HiSecure.rateLimit(
74
+ // typeof options.rateLimit === 'object' ? options.rateLimit :
75
+ // options.rateLimit === "strict" ? "strict" : "relaxed"
76
+ // ));
77
+ // }
78
+ // if (options?.sanitize) {
79
+ // chain.push(HiSecure.sanitize(
80
+ // typeof options.sanitize === 'object' ? options.sanitize : undefined
81
+ // ));
82
+ // }
83
+ // if (options?.validate) {
84
+ // chain.push(HiSecure.validate(options.validate));
85
+ // }
86
+ // if (options?.auth) {
87
+ // chain.push(HiSecure.auth(
88
+ // typeof options.auth === 'object' ? options.auth : undefined
89
+ // ));
90
+ // }
91
+ // return chain;
92
+ // }
54
93
  const HiSecure_js_1 = require("./HiSecure.js");
55
- /**
56
- * @deprecated Use HiSecure.middleware() or fluent API instead
57
- */
58
- function useSecure(options) {
59
- console.warn("⚠ useSecure() is deprecated. Use HiSecure.middleware() or fluent API methods.");
60
- return HiSecure_js_1.HiSecure.middleware(options);
61
- }
62
- /**
63
- * Legacy support - route-level security
64
- */
65
94
  function secureRoute(options) {
95
+ if (!options)
96
+ return [];
66
97
  const chain = [];
67
- if (options?.cors) {
68
- chain.push(HiSecure_js_1.HiSecure.cors(typeof options.cors === 'object' ? options.cors : undefined));
98
+ // 🔥 1. CORS
99
+ if (options.cors !== undefined) {
100
+ chain.push(HiSecure_js_1.HiSecure.cors(typeof options.cors === "object" ? options.cors : undefined));
69
101
  }
70
- if (options?.rateLimit) {
71
- chain.push(HiSecure_js_1.HiSecure.rateLimit(typeof options.rateLimit === 'object' ? options.rateLimit :
72
- options.rateLimit === "strict" ? "strict" : "relaxed"));
102
+ // 🔥 2. Rate Limiting (auto strict / relaxed detection)
103
+ if (options.rateLimit !== undefined) {
104
+ const rl = options.rateLimit;
105
+ if (rl === "strict" || rl === "relaxed") {
106
+ chain.push(HiSecure_js_1.HiSecure.rateLimit(rl));
107
+ }
108
+ else if (typeof rl === "object") {
109
+ chain.push(HiSecure_js_1.HiSecure.rateLimit(rl));
110
+ }
111
+ else {
112
+ chain.push(HiSecure_js_1.HiSecure.rateLimit("relaxed"));
113
+ }
73
114
  }
74
- if (options?.sanitize) {
75
- chain.push(HiSecure_js_1.HiSecure.sanitize(typeof options.sanitize === 'object' ? options.sanitize : undefined));
115
+ // 🔥 3. Sanitization
116
+ if (options.sanitize !== undefined) {
117
+ chain.push(HiSecure_js_1.HiSecure.sanitize(typeof options.sanitize === "object" ? options.sanitize : undefined));
76
118
  }
77
- if (options?.validate) {
119
+ // 🔥 4. Validation — smart auto-detection
120
+ if (options.validate) {
78
121
  chain.push(HiSecure_js_1.HiSecure.validate(options.validate));
79
122
  }
80
- if (options?.auth) {
81
- chain.push(HiSecure_js_1.HiSecure.auth(typeof options.auth === 'object' ? options.auth : undefined));
123
+ // 🔥 5. Auth (roles included)
124
+ if (options.auth) {
125
+ chain.push(HiSecure_js_1.HiSecure.auth(typeof options.auth === "object" ? options.auth : undefined));
82
126
  }
83
127
  return chain;
84
128
  }
package/dist/core/useSecure.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"useSecure.js","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":";AAAA,mEAAmE;AACnE,4CAA4C;;AAoE5C,8BAGC;AAKD,kCAiCC;AA3GD,6DAA6D;AAC7D,qCAAqC;AACrC,+EAA+E;AAC/E,QAAQ;AAER,+CAA+C;AAC/C,+BAA+B;AAE/B,cAAc;AACd,kCAAkC;AAClC,2EAA2E;AAC3E,uDAAuD;AACvD,QAAQ;AAER,cAAc;AACd,kCAAkC;AAClC,2EAA2E;AAC3E,QAAQ;AAER,kBAAkB;AAClB,sCAAsC;AACtC,4DAA4D;AAC5D,QAAQ;AAER,kBAAkB;AAClB,iEAAiE;AACjE,iFAAiF;AACjF,QAAQ;AAER,oBAAoB;AACpB,uCAAuC;AACvC,sBAAsB;AACtB,mDAAmD;AACnD,6DAA6D;AAC7D,kEAAkE;AAClE,iBAAiB;AACjB,aAAa;AACb,QAAQ;AAER,cAAc;AACd,kCAAkC;AAClC,qCAAqC;AACrC,sFAAsF;AACtF,YAAY;AAEZ,sBAAsB;AACtB,2CAA2C;AAC3C,kDAAkD;AAClD,iBAAiB;AACjB,aAAa;AACb,QAAQ;AAER,oBAAoB;AACpB,IAAI;AAIJ,0CAA0C;AAC1C,2DAA2D;AAE3D,+CAAyC;AAGzC;;GAEG;AACH,SAAgB,SAAS,CAAC,OAAqD;IAC3E,OAAO,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAC;IAC9F,OAAO,sBAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,OAAuB;IAC/C,MAAM,KAAK,GAAU,EAAE,CAAC;IAExB,IAAI,OAAO,EAAE,IAAI,EAAE,CAAC;QAChB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,IAAI,CACpB,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAC9D,CAAC,CAAC;IACP,CAAC;IAED,IAAI,OAAO,EAAE,SAAS,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,SAAS,CACzB,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC3D,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CACxD,CAAC,CAAC;IACP,CAAC;IAED,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,QAAQ,CACxB,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CACtE,CAAC,CAAC;IACP,CAAC;IAED,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,OAAO,EAAE,IAAI,EAAE,CAAC;QAChB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,IAAI,CACpB,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAC9D,CAAC,CAAC;IACP,CAAC;IAED,OAAO,KAAK,CAAC;AACjB,CAAC","sourcesContent":["// import { normalizeOptions } from \"../utils/normalizeOptions.js\";\r\n// import { HiSecure } from \"./HiSecure.js\";\r\n\r\n// export function useSecure(engine: HiSecure, input?: any) {\r\n// if (!engine.isInitialized()) {\r\n// throw new Error(\"HiSecure must be initialized before using .use()\");\r\n// }\r\n\r\n// const options = normalizeOptions(input);\r\n// const chain: any[] = [];\r\n\r\n// // JSON\r\n// if (options.json.enabled) {\r\n// chain.push(engine.jsonManager.middleware(options.json.options));\r\n// chain.push(engine.jsonManager.urlencoded());\r\n// }\r\n\r\n// // CORS\r\n// if (options.cors.enabled) {\r\n// chain.push(engine.corsManager.middleware(options.cors.options));\r\n// }\r\n\r\n// // Sanitize\r\n// if (options.sanitize.enabled) {\r\n// chain.push(engine.sanitizerManager.middleware());\r\n// }\r\n\r\n// // Validate\r\n// if (options.validate.enabled && options.validate.schema) {\r\n// chain.push(engine.validatorManager.validate(options.validate.schema));\r\n// }\r\n\r\n// // Rate Limit\r\n// if (options.rateLimit.enabled) {\r\n// chain.push(\r\n// engine.rateLimitManager.middleware({\r\n// mode: options.rateLimit.mode ?? undefined,\r\n// options: options.rateLimit.options ?? undefined\r\n// })\r\n// );\r\n// }\r\n\r\n// // AUTH\r\n// if (options.auth.enabled) {\r\n// if (!engine.authManager) {\r\n// throw new Error(\"AuthManager not initialized. Enable auth in config.\");\r\n// }\r\n\r\n// chain.push(\r\n// engine.authManager.protect({\r\n// required: options.auth.required\r\n// })\r\n// );\r\n// }\r\n\r\n// return chain;\r\n// }\r\n\r\n\r\n\r\n// src/core/useSecure.ts - SIMPLER VERSION\r\n// This is now optional since HiSecure class has fluent API\r\n\r\nimport { HiSecure } from \"./HiSecure.js\";\r\nimport { SecureOptions } from \"./types/SecureOptions.js\";\r\n\r\n/**\r\n * @deprecated Use HiSecure.middleware() or fluent API instead\r\n */\r\nexport function useSecure(options?: SecureOptions | \"api\" | \"strict\" | \"public\") {\r\n console.warn(\"⚠ useSecure() is deprecated. Use HiSecure.middleware() or fluent API methods.\");\r\n return HiSecure.middleware(options);\r\n}\r\n\r\n/**\r\n * Legacy support - route-level security\r\n */\r\nexport function secureRoute(options?: SecureOptions) {\r\n const chain: any[] = [];\r\n \r\n if (options?.cors) {\r\n chain.push(HiSecure.cors(\r\n typeof options.cors === 'object' ? options.cors : undefined\r\n ));\r\n }\r\n \r\n if (options?.rateLimit) {\r\n chain.push(HiSecure.rateLimit(\r\n typeof options.rateLimit === 'object' ? options.rateLimit : \r\n options.rateLimit === \"strict\" ? \"strict\" : \"relaxed\"\r\n ));\r\n }\r\n \r\n if (options?.sanitize) {\r\n chain.push(HiSecure.sanitize(\r\n typeof options.sanitize === 'object' ? options.sanitize : undefined\r\n ));\r\n }\r\n \r\n if (options?.validate) {\r\n chain.push(HiSecure.validate(options.validate));\r\n }\r\n \r\n if (options?.auth) {\r\n chain.push(HiSecure.auth(\r\n typeof options.auth === 'object' ? options.auth : undefined\r\n ));\r\n }\r\n \r\n return chain;\r\n}"]}
1
+ {"version":3,"file":"useSecure.js","sourceRoot":"","sources":["../../src/core/useSecure.ts"],"names":[],"mappings":";AAAA,mEAAmE;AACnE,4CAA4C;;AAsH5C,kCA8CC;AAlKD,6DAA6D;AAC7D,qCAAqC;AACrC,+EAA+E;AAC/E,QAAQ;AAER,+CAA+C;AAC/C,+BAA+B;AAE/B,cAAc;AACd,kCAAkC;AAClC,2EAA2E;AAC3E,uDAAuD;AACvD,QAAQ;AAER,cAAc;AACd,kCAAkC;AAClC,2EAA2E;AAC3E,QAAQ;AAER,kBAAkB;AAClB,sCAAsC;AACtC,4DAA4D;AAC5D,QAAQ;AAER,kBAAkB;AAClB,iEAAiE;AACjE,iFAAiF;AACjF,QAAQ;AAER,oBAAoB;AACpB,uCAAuC;AACvC,sBAAsB;AACtB,mDAAmD;AACnD,6DAA6D;AAC7D,kEAAkE;AAClE,iBAAiB;AACjB,aAAa;AACb,QAAQ;AAER,cAAc;AACd,kCAAkC;AAClC,qCAAqC;AACrC,sFAAsF;AACtF,YAAY;AAEZ,sBAAsB;AACtB,2CAA2C;AAC3C,kDAAkD;AAClD,iBAAiB;AACjB,aAAa;AACb,QAAQ;AAER,oBAAoB;AACpB,IAAI;AAIJ,0CAA0C;AAC1C,2DAA2D;AAG3D,4CAA4C;AAC5C,4DAA4D;AAE5D,MAAM;AACN,iEAAiE;AACjE,MAAM;AACN,qFAAqF;AACrF,qGAAqG;AACrG,2CAA2C;AAC3C,IAAI;AAEJ,MAAM;AACN,2CAA2C;AAC3C,MAAM;AACN,yDAAyD;AACzD,+BAA+B;AAE/B,2BAA2B;AAC3B,oCAAoC;AACpC,0EAA0E;AAC1E,cAAc;AACd,QAAQ;AAER,gCAAgC;AAChC,yCAAyC;AACzC,2EAA2E;AAC3E,oEAAoE;AACpE,cAAc;AACd,QAAQ;AAER,+BAA+B;AAC/B,wCAAwC;AACxC,kFAAkF;AAClF,cAAc;AACd,QAAQ;AAER,+BAA+B;AAC/B,2DAA2D;AAC3D,QAAQ;AAER,2BAA2B;AAC3B,oCAAoC;AACpC,0EAA0E;AAC1E,cAAc;AACd,QAAQ;AAER,oBAAoB;AACpB,IAAI;AAKJ,+CAAyC;AAGzC,SAAgB,WAAW,CAAC,OAAuB;IAC/C,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IAExB,MAAM,KAAK,GAAU,EAAE,CAAC;IAExB,aAAa;IACb,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CACN,sBAAQ,CAAC,IAAI,CAAC,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAC7E,CAAC;IACN,CAAC;IAED,wDAAwD;IACxD,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QAClC,MAAM,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC;QAC7B,IAAI,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,SAAS,EAAE,CAAC;YACtC,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;QACvC,CAAC;aAAM,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACJ,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;IAED,qBAAqB;IACrB,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CACN,sBAAQ,CAAC,QAAQ,CAAC,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CACzF,CAAC;IACN,CAAC;IAED,0CAA0C;IAC1C,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACnB,KAAK,CAAC,IAAI,CAAC,sBAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IACpD,CAAC;IAED,8BAA8B;IAC9B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACf,KAAK,CAAC,IAAI,CACN,sBAAQ,CAAC,IAAI,CACT,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAC9D,CACJ,CAAC;IACN,CAAC;IAED,OAAO,KAAK,CAAC;AACjB,CAAC","sourcesContent":["// import { normalizeOptions } from \"../utils/normalizeOptions.js\";\r\n// import { HiSecure } from \"./HiSecure.js\";\r\n\r\n// export function useSecure(engine: HiSecure, input?: any) {\r\n// if (!engine.isInitialized()) {\r\n// throw new Error(\"HiSecure must be initialized before using .use()\");\r\n// }\r\n\r\n// const options = normalizeOptions(input);\r\n// const chain: any[] = [];\r\n\r\n// // JSON\r\n// if (options.json.enabled) {\r\n// chain.push(engine.jsonManager.middleware(options.json.options));\r\n// chain.push(engine.jsonManager.urlencoded());\r\n// }\r\n\r\n// // CORS\r\n// if (options.cors.enabled) {\r\n// chain.push(engine.corsManager.middleware(options.cors.options));\r\n// }\r\n\r\n// // Sanitize\r\n// if (options.sanitize.enabled) {\r\n// chain.push(engine.sanitizerManager.middleware());\r\n// }\r\n\r\n// // Validate\r\n// if (options.validate.enabled && options.validate.schema) {\r\n// chain.push(engine.validatorManager.validate(options.validate.schema));\r\n// }\r\n\r\n// // Rate Limit\r\n// if (options.rateLimit.enabled) {\r\n// chain.push(\r\n// engine.rateLimitManager.middleware({\r\n// mode: options.rateLimit.mode ?? undefined,\r\n// options: options.rateLimit.options ?? undefined\r\n// })\r\n// );\r\n// }\r\n\r\n// // AUTH\r\n// if (options.auth.enabled) {\r\n// if (!engine.authManager) {\r\n// throw new Error(\"AuthManager not initialized. Enable auth in config.\");\r\n// }\r\n\r\n// chain.push(\r\n// engine.authManager.protect({\r\n// required: options.auth.required\r\n// })\r\n// );\r\n// }\r\n\r\n// return chain;\r\n// }\r\n\r\n\r\n\r\n// src/core/useSecure.ts - SIMPLER VERSION\r\n// This is now optional since HiSecure class has fluent API\r\n\r\n\r\n// import { HiSecure } from \"./HiSecure.js\";\r\n// import { SecureOptions } from \"./types/SecureOptions.js\";\r\n\r\n// /**\r\n// * @deprecated Use HiSecure.middleware() or fluent API instead\r\n// */\r\n// export function useSecure(options?: SecureOptions | \"api\" | \"strict\" | \"public\") {\r\n// console.warn(\"⚠ useSecure() is deprecated. Use HiSecure.middleware() or fluent API methods.\");\r\n// return HiSecure.middleware(options);\r\n// }\r\n\r\n// /**\r\n// * Legacy support - route-level security\r\n// */\r\n// export function secureRoute(options?: SecureOptions) {\r\n// const chain: any[] = [];\r\n \r\n// if (options?.cors) {\r\n// chain.push(HiSecure.cors(\r\n// typeof options.cors === 'object' ? options.cors : undefined\r\n// ));\r\n// }\r\n \r\n// if (options?.rateLimit) {\r\n// chain.push(HiSecure.rateLimit(\r\n// typeof options.rateLimit === 'object' ? options.rateLimit : \r\n// options.rateLimit === \"strict\" ? \"strict\" : \"relaxed\"\r\n// ));\r\n// }\r\n \r\n// if (options?.sanitize) {\r\n// chain.push(HiSecure.sanitize(\r\n// typeof options.sanitize === 'object' ? options.sanitize : undefined\r\n// ));\r\n// }\r\n \r\n// if (options?.validate) {\r\n// chain.push(HiSecure.validate(options.validate));\r\n// }\r\n \r\n// if (options?.auth) {\r\n// chain.push(HiSecure.auth(\r\n// typeof options.auth === 'object' ? options.auth : undefined\r\n// ));\r\n// }\r\n \r\n// return chain;\r\n// }\r\n\r\n\r\n\r\n\r\nimport { HiSecure } from \"./HiSecure.js\";\r\nimport { SecureOptions } from \"./types/SecureOptions.js\";\r\n\r\nexport function secureRoute(options?: SecureOptions) {\r\n if (!options) return [];\r\n\r\n const chain: any[] = [];\r\n\r\n // 🔥 1. CORS\r\n if (options.cors !== undefined) {\r\n chain.push(\r\n HiSecure.cors(typeof options.cors === \"object\" ? options.cors : undefined)\r\n );\r\n }\r\n\r\n // 🔥 2. Rate Limiting (auto strict / relaxed detection)\r\n if (options.rateLimit !== undefined) {\r\n const rl = options.rateLimit;\r\n if (rl === \"strict\" || rl === \"relaxed\") {\r\n chain.push(HiSecure.rateLimit(rl));\r\n } else if (typeof rl === \"object\") {\r\n chain.push(HiSecure.rateLimit(rl));\r\n } else {\r\n chain.push(HiSecure.rateLimit(\"relaxed\"));\r\n }\r\n }\r\n\r\n // 🔥 3. Sanitization\r\n if (options.sanitize !== undefined) {\r\n chain.push(\r\n HiSecure.sanitize(typeof options.sanitize === \"object\" ? options.sanitize : undefined)\r\n );\r\n }\r\n\r\n // 🔥 4. Validation — smart auto-detection\r\n if (options.validate) {\r\n chain.push(HiSecure.validate(options.validate));\r\n }\r\n\r\n // 🔥 5. Auth (roles included)\r\n if (options.auth) {\r\n chain.push(\r\n HiSecure.auth(\r\n typeof options.auth === \"object\" ? options.auth : undefined\r\n )\r\n );\r\n }\r\n\r\n return chain;\r\n}\r\n"]}
package/dist/index.d.ts CHANGED
@@ -1,9 +1,6 @@
1
1
  import { HiSecure } from "./core/HiSecure.js";
2
- import { useSecure, secureRoute } from "./core/useSecure.js";
3
- declare const hiSecure: HiSecure;
4
- export { HiSecure, // Class for advanced usage
5
- hiSecure, // Singleton instance
6
- useSecure, // Legacy function (deprecated)
2
+ import { secureRoute } from "./core/useSecure.js";
3
+ export { HiSecure, // Class
7
4
  secureRoute };
8
- export default hiSecure;
5
+ export default HiSecure;
9
6
  //# sourceMappingURL=index.d.ts.map
package/dist/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAG7D,QAAA,MAAM,QAAQ,UAAyB,CAAC;AAGxC,OAAO,EACH,QAAQ,EAAS,2BAA2B;AAC5C,QAAQ,EAAS,qBAAqB;AACtC,SAAS,EAAQ,+BAA+B;AAChD,WAAW,EACd,CAAC;AAGF,eAAe,QAAQ,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAsBA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAGlD,OAAO,EACH,QAAQ,EAAU,QAAQ;AAC1B,WAAW,EACd,CAAC;AAGF,eAAe,QAAQ,CAAC"}
package/dist/index.js CHANGED
@@ -1,15 +1,25 @@
1
1
  "use strict";
2
+ // // src/index.ts - MAIN ENTRY POINT
3
+ // import { HiSecure } from "./core/HiSecure.js";
4
+ // import { useSecure, secureRoute } from "./core/useSecure.js";
2
5
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.secureRoute = exports.useSecure = exports.hiSecure = exports.HiSecure = void 0;
4
- // src/index.ts - MAIN ENTRY POINT
6
+ exports.secureRoute = exports.HiSecure = void 0;
7
+ // // Export the singleton instance for quick usage
8
+ // const hiSecure = HiSecure.getInstance();
9
+ // // Export everything
10
+ // export {
11
+ // HiSecure, // Class for advanced usage
12
+ // hiSecure, // Singleton instance
13
+ // useSecure, // Legacy function (deprecated)
14
+ // secureRoute // Route-level security helper
15
+ // };
16
+ // // Default export is the singleton instance
17
+ // export default hiSecure;
18
+ // src/index.ts
5
19
  const HiSecure_js_1 = require("./core/HiSecure.js");
6
20
  Object.defineProperty(exports, "HiSecure", { enumerable: true, get: function () { return HiSecure_js_1.HiSecure; } });
7
- const useSecure_js_1 = require("./core/useSecure.js");
8
- Object.defineProperty(exports, "useSecure", { enumerable: true, get: function () { return useSecure_js_1.useSecure; } });
21
+ const useSecure_js_1 = require("./core/useSecure.js"); // Only if kept
9
22
  Object.defineProperty(exports, "secureRoute", { enumerable: true, get: function () { return useSecure_js_1.secureRoute; } });
10
- // Export the singleton instance for quick usage
11
- const hiSecure = HiSecure_js_1.HiSecure.getInstance();
12
- exports.hiSecure = hiSecure;
13
- // Default export is the singleton instance
14
- exports.default = hiSecure;
23
+ // Default export: class itself (NOT instance)
24
+ exports.default = HiSecure_js_1.HiSecure;
15
25
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,kCAAkC;AAClC,oDAA8C;AAQ1C,yFARK,sBAAQ,OAQL;AAPZ,sDAA6D;AASzD,0FATK,wBAAS,OASL;AACT,4FAVgB,0BAAW,OAUhB;AARf,gDAAgD;AAChD,MAAM,QAAQ,GAAG,sBAAQ,CAAC,WAAW,EAAE,CAAC;AAKpC,4BAAQ;AAKZ,2CAA2C;AAC3C,kBAAe,QAAQ,CAAC","sourcesContent":["// src/index.ts - MAIN ENTRY POINT\r\nimport { HiSecure } from \"./core/HiSecure.js\";\r\nimport { useSecure, secureRoute } from \"./core/useSecure.js\";\r\n\r\n// Export the singleton instance for quick usage\r\nconst hiSecure = HiSecure.getInstance();\r\n\r\n// Export everything\r\nexport { \r\n HiSecure, // Class for advanced usage\r\n hiSecure, // Singleton instance\r\n useSecure, // Legacy function (deprecated)\r\n secureRoute // Route-level security helper\r\n};\r\n\r\n// Default export is the singleton instance\r\nexport default hiSecure;"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA,qCAAqC;AACrC,iDAAiD;AACjD,gEAAgE;;;AAEhE,mDAAmD;AACnD,2CAA2C;AAE3C,uBAAuB;AACvB,YAAY;AACZ,mDAAmD;AACnD,6CAA6C;AAC7C,uDAAuD;AACvD,sDAAsD;AACtD,KAAK;AAEL,8CAA8C;AAC9C,2BAA2B;AAK3B,eAAe;AACf,oDAA8C;AAK1C,yFALK,sBAAQ,OAKL;AAJZ,sDAAkD,CAAC,eAAe;AAK9D,4FALK,0BAAW,OAKL;AAGf,8CAA8C;AAC9C,kBAAe,sBAAQ,CAAC","sourcesContent":["// // src/index.ts - MAIN ENTRY POINT\r\n// import { HiSecure } from \"./core/HiSecure.js\";\r\n// import { useSecure, secureRoute } from \"./core/useSecure.js\";\r\n\r\n// // Export the singleton instance for quick usage\r\n// const hiSecure = HiSecure.getInstance();\r\n\r\n// // Export everything\r\n// export { \r\n// HiSecure, // Class for advanced usage\r\n// hiSecure, // Singleton instance\r\n// useSecure, // Legacy function (deprecated)\r\n// secureRoute // Route-level security helper\r\n// };\r\n\r\n// // Default export is the singleton instance\r\n// export default hiSecure;\r\n\r\n\r\n\r\n\r\n// src/index.ts\r\nimport { HiSecure } from \"./core/HiSecure.js\";\r\nimport { secureRoute } from \"./core/useSecure.js\"; // Only if kept\r\n\r\n// DON'T auto-init here\r\nexport { \r\n HiSecure, // Class\r\n secureRoute // Optional sugar API\r\n};\r\n\r\n// Default export: class itself (NOT instance)\r\nexport default HiSecure;\r\n"]}