libmodulor 0.28.0 → 0.29.0

package/dist/esm/target/lib/openapi/types.d.ts

@@ -0,0 +1,109 @@
+import type { DataType, FreeTextLong, FreeTextShort, HTTPMethod, HTTPStatusNumber, JSONSchemaType, SemVerVersion, URL } from '../../../dt/index.js';
+import type { ProductName } from '../../../product/index.js';
+import type { FQUCInputName, FQUCOPI0Name, FQUCOPI1Name, UCFieldKey } from '../../../uc/index.js';
+import type { StringKeys } from '../../../utils/index.js';
+import type { AUTHORIZATION_HEADER_NAME, AuthCookieName, PublicApiKeyHeaderName } from '../shared.js';
+export type OpenAPIPathName = string;
+export type OpenAPIDescription = FreeTextLong;
+export type OpenAPISchemaName = FQUCInputName | FQUCOPI0Name | FQUCOPI1Name | `Error`;
+export type OpenAPISchemaRef = `#/components/schemas/${OpenAPISchemaName}`;
+export type OpenAPISummary = FreeTextShort;
+export type OpenAPIProperty<T extends DataType> = JSONSchemaType & {
+    enum?: T[];
+    examples?: T[];
+};
+export interface OpenAPISchema<T extends object> {
+    additionalProperties: false;
+    properties: Record<StringKeys<T>, OpenAPIProperty<any>>;
+    required?: StringKeys<T>[];
+    type: 'object';
+}
+export type OpenAPISecurityItem = Partial<Record<keyof OpenAPISecuritySchemes, []>>;
+export type OpenAPISecurity = OpenAPISecurityItem[];
+export interface OpenAPISecurityScheme {
+    description?: OpenAPIDescription;
+}
+export interface OpenAPISecuritySchemes {
+    apiKey?: OpenAPISecurityScheme & {
+        bearerFormat: 'Bearer';
+        in: 'header';
+        name: typeof AUTHORIZATION_HEADER_NAME;
+        type: 'apiKey';
+    };
+    basic?: OpenAPISecurityScheme & {
+        scheme: 'basic';
+        type: 'http';
+    };
+    jwt?: OpenAPISecurityScheme & {
+        in: 'cookie';
+        name: AuthCookieName;
+        type: 'apiKey';
+    };
+    publicApiKey?: OpenAPISecurityScheme & {
+        in: 'header';
+        name: PublicApiKeyHeaderName;
+        type: 'apiKey';
+    };
+}
+export interface OpenAPIComponents {
+    securitySchemes: OpenAPISecuritySchemes;
+    schemas: Record<OpenAPISchemaName, OpenAPISchema<any>>;
+}
+export interface OpenAPIParameter {
+    description?: OpenAPIDescription;
+    in: 'path' | 'query';
+    name: UCFieldKey;
+    required: boolean;
+    schema: OpenAPIProperty<any>;
+}
+export interface OpenAPIPath {
+    description?: OpenAPIDescription;
+    parameters?: OpenAPIParameter[];
+    requestBody?: OpenAPIRequestBody;
+    responses: OpenAPIResponses;
+    security?: OpenAPISecurity;
+    summary?: OpenAPISummary;
+    tags?: string[];
+}
+export interface OpenAPIInnerContent {
+    schema: {
+        $ref: OpenAPISchemaRef;
+    } | OpenAPISchema<any>;
+}
+export type OpenAPIContent = {
+    'application/json': OpenAPIInnerContent;
+} | {
+    'multipart/form-data': OpenAPIInnerContent & {
+        encoding?: Record<UCFieldKey, {
+            style: 'form';
+            explode: boolean;
+        }>;
+    };
+};
+export interface OpenAPIRequestBody {
+    content: OpenAPIContent;
+    description?: OpenAPIDescription;
+    required: boolean;
+}
+export type OpenAPIPaths = Record<OpenAPIPathName, Partial<Record<Lowercase<HTTPMethod>, OpenAPIPath>>>;
+export interface OpenAPIResponse {
+    content: OpenAPIContent;
+    description: OpenAPIDescription;
+}
+export type OpenAPIResponses = Partial<Record<HTTPStatusNumber, OpenAPIResponse>>;
+export interface OpenAPIServer {
+    description?: OpenAPIDescription;
+    url: URL;
+}
+export interface OpenAPISpec {
+    components: OpenAPIComponents;
+    info: {
+        description?: OpenAPIDescription;
+        title: ProductName;
+        summary?: OpenAPISummary;
+        version: SemVerVersion;
+    };
+    openapi: '3.1.0';
+    paths: OpenAPIPaths;
+    servers: OpenAPIServer[];
+}

package/dist/esm/target/lib/openapi/types.js

@@ -0,0 +1 @@
+export {};

package/dist/esm/target/lib/rn/input.d.ts

@@ -2,6 +2,9 @@ import type { TextInputProps } from 'react-native';
 import { type DataType, type ErrorMessage } from '../../../dt/index.js';
 import { type UCInputField } from '../../../uc/index.js';
 export interface RNInputDef {
+    /**
+     * Internal types that are not part of the spec
+     */
     internal?: undefined;
     /**
      * Fields that are part of {@link TextInputProps}

package/dist/esm/target/lib/server/AuthCookieCreator.d.ts

@@ -1,10 +1,11 @@
 import type { JWT, Timestamp } from '../../../dt/index.js';
 import type { JWTManager, SettingsManager, Worker } from '../../../std/index.js';
+import type { HTTPCookieSameSite } from '../../../utils/index.js';
 import type { ServerManagerSettings } from '../../lib/server/ServerManager.js';
 export interface CookieOpts {
     expires: Date;
     httpOnly: boolean;
-    sameSite: 'strict';
+    sameSite: HTTPCookieSameSite;
     secure: boolean;
     signed: boolean;
 }

package/dist/esm/target/lib/server/ServerBooter.d.ts

@@ -2,9 +2,10 @@ import { ProductUCsLoader } from '../../../product/index.js';
 import type { Configurable, EmailManager, FSManager, I18nManager, JobManager, Logger, SettingsManager, Worker } from '../../../std/index.js';
 import { type UCManager } from '../../../uc/index.js';
 import type { TargetEntrypointInput } from '../entrypoint.js';
+import { OpenAPISpecBuilder } from '../openapi/OpenAPISpecBuilder.js';
 import { ServerInstaller } from './ServerInstaller.js';
 import type { ServerManager, ServerManagerSettings } from './ServerManager.js';
-type S = Pick<ServerManagerSettings, 'server_static_dir_path' | 'server_tmp_path'>;
+type S = Pick<ServerManagerSettings, 'server_expose_openapi_spec' | 'server_expose_openapi_spec_at' | 'server_static_dir_path' | 'server_tmp_path'>;
 type Input = TargetEntrypointInput & {
     autoMountUCs?: boolean;
 };
@@ -13,13 +14,14 @@ export declare class ServerBooter implements Configurable<S>, Worker<Input, Prom
     private fsManager;
     private i18nManager;
     private jobManager;
+    private openAPISpecBuilder;
     private logger;
     private productUCsLoader;
     private serverManager;
     private serverInstaller;
     private settingsManager;
     private ucManager;
-    constructor(emailManager: EmailManager, fsManager: FSManager, i18nManager: I18nManager, jobManager: JobManager, logger: Logger, productUCsLoader: ProductUCsLoader, serverManager: ServerManager, serverInstaller: ServerInstaller, settingsManager: SettingsManager<S>, ucManager: UCManager);
+    constructor(emailManager: EmailManager, fsManager: FSManager, i18nManager: I18nManager, jobManager: JobManager, openAPISpecBuilder: OpenAPISpecBuilder, logger: Logger, productUCsLoader: ProductUCsLoader, serverManager: ServerManager, serverInstaller: ServerInstaller, settingsManager: SettingsManager<S>, ucManager: UCManager);
     s(): S;
     exec({ appsRootPath, autoMountUCs, srcImporter, }: Input): Promise<void>;
     private mountUC;

package/dist/esm/target/lib/server/ServerBooter.js

@@ -11,8 +11,9 @@ var __param = (this && this.__param) || function (paramIndex, decorator) {
     return function (target, key) { decorator(target, key, paramIndex); }
 };
 import { inject, injectable } from 'inversify';
-import { ProductUCsLoader } from '../../../product/index.js';
+import { ProductUCsLoader, } from '../../../product/index.js';
 import { ucHTTPContract, } from '../../../uc/index.js';
+import { OpenAPISpecBuilder } from '../openapi/OpenAPISpecBuilder.js';
 import { shouldMountUC } from './funcs.js';
 import { ServerInstaller } from './ServerInstaller.js';
 let ServerBooter = class ServerBooter {
@@ -20,17 +21,19 @@ let ServerBooter = class ServerBooter {
     fsManager;
     i18nManager;
     jobManager;
+    openAPISpecBuilder;
     logger;
     productUCsLoader;
     serverManager;
     serverInstaller;
     settingsManager;
     ucManager;
-    constructor(emailManager, fsManager, i18nManager, jobManager, logger, productUCsLoader, serverManager, serverInstaller, settingsManager, ucManager) {
+    constructor(emailManager, fsManager, i18nManager, jobManager, openAPISpecBuilder, logger, productUCsLoader, serverManager, serverInstaller, settingsManager, ucManager) {
         this.emailManager = emailManager;
         this.fsManager = fsManager;
         this.i18nManager = i18nManager;
         this.jobManager = jobManager;
+        this.openAPISpecBuilder = openAPISpecBuilder;
         this.logger = logger;
         this.productUCsLoader = productUCsLoader;
         this.serverManager = serverManager;
@@ -40,6 +43,8 @@ let ServerBooter = class ServerBooter {
     }
     s() {
         return {
+            server_expose_openapi_spec: this.settingsManager.get()('server_expose_openapi_spec'),
+            server_expose_openapi_spec_at: this.settingsManager.get()('server_expose_openapi_spec_at'),
             server_static_dir_path: this.settingsManager.get()('server_static_dir_path'),
             server_tmp_path: this.settingsManager.get()('server_tmp_path'),
         };
@@ -55,13 +60,18 @@ let ServerBooter = class ServerBooter {
         await this.emailManager.verify();
         this.logger.info('Initializing server manager');
         await this.serverManager.init();
+        const mountedUCs = [];
         if (autoMountUCs) {
             const ucs = await this.productUCsLoader.exec({
                 appsRootPath,
                 srcImporter,
             });
             for await (const uc of ucs) {
-                await this.mountUC(uc);
+                const mounted = await this.mountUC(uc);
+                if (!mounted) {
+                    continue;
+                }
+                mountedUCs.push(uc);
             }
         }
         const staticDirPath = this.s().server_static_dir_path;
@@ -76,6 +86,17 @@ let ServerBooter = class ServerBooter {
         if (!(await this.fsManager.exists(tmpDirPath))) {
             await this.fsManager.mkdir(tmpDirPath);
         }
+        if (this.s().server_expose_openapi_spec) {
+            const at = this.s().server_expose_openapi_spec_at;
+            this.logger.info('Mounting OpenAPI spec', {
+                at,
+                mountedUCs: mountedUCs.length,
+            });
+            const { spec } = await this.openAPISpecBuilder.exec({
+                ucs: mountedUCs,
+            });
+            await this.serverManager.mountOpenAPISpec(spec, at);
+        }
         await this.serverManager.warmUp();
         await this.serverManager.start();
     }
@@ -88,7 +109,7 @@ let ServerBooter = class ServerBooter {
             this.logger.debug(`Not mounting ${mountingPoint}`, {
                 reason: shouldNotMountReason,
             });
-            return;
+            return false;
         }
         this.logger.info(`Mounting ${mountingPoint}`, {
             contract,
@@ -96,6 +117,7 @@ let ServerBooter = class ServerBooter {
         });
         await this.ucManager.initServer(uc);
         await this.serverManager.mount(uc.appManifest, uc.def, contract);
+        return true;
     }
 };
 ServerBooter = __decorate([
@@ -104,12 +126,13 @@ ServerBooter = __decorate([
     __param(1, inject('FSManager')),
     __param(2, inject('I18nManager')),
     __param(3, inject('JobManager')),
-    __param(4, inject('Logger')),
-    __param(5, inject(ProductUCsLoader)),
-    __param(6, inject('ServerManager')),
-    __param(7, inject(ServerInstaller)),
-    __param(8, inject('SettingsManager')),
-    __param(9, inject('UCManager')),
-    __metadata("design:paramtypes", [Object, Object, Object, Object, Object, ProductUCsLoader, Object, ServerInstaller, Object, Object])
+    __param(4, inject(OpenAPISpecBuilder)),
+    __param(5, inject('Logger')),
+    __param(6, inject(ProductUCsLoader)),
+    __param(7, inject('ServerManager')),
+    __param(8, inject(ServerInstaller)),
+    __param(9, inject('SettingsManager')),
+    __param(10, inject('UCManager')),
+    __metadata("design:paramtypes", [Object, Object, Object, Object, OpenAPISpecBuilder, Object, ProductUCsLoader, Object, ServerInstaller, Object, Object])
 ], ServerBooter);
 export { ServerBooter };

package/dist/esm/target/lib/server/ServerManager.d.ts

@@ -1,12 +1,11 @@
 import type { AppManifest } from '../../../app/index.js';
-import type { ApiKey, DirPath, FilePath, HostPort, Password, URL, Username } from '../../../dt/index.js';
+import type { ApiKey, DirPath, FilePath, HostPort, HTTPMethod, Password, URL, URLPath, Username } from '../../../dt/index.js';
 import type { Settings } from '../../../std/index.js';
 import type { UCDef, UCHTTPContract, UCInput, UCManager, UCOPIBase } from '../../../uc/index.js';
-import type { Initializable } from '../../../utils/index.js';
+import type { HTTPCSPValue } from '../../../utils/http/types.js';
+import type { HTTPCookieSameSite, HTTPHeaderName, Initializable } from '../../../utils/index.js';
+import type { OpenAPISpec } from '../openapi/types.js';
 import type { AuthCookieName, PublicApiKeyHeaderName } from '../shared.js';
-export type ServerManagerCSPDefType = 'defaultSrc' | 'imgSrc' | 'scriptSrc';
-export type ServerManagerCSPDefValue = URL[];
-export type ServerManagerCSPDef = Record<ServerManagerCSPDefType, ServerManagerCSPDefValue>;
 export interface ServerManagerAuthSettings {
     server_basic_auth_entries: Record<Username, Password>;
     server_private_api_key_entries: ApiKey[];
@@ -17,11 +16,17 @@ export interface ServerManagerSettings extends ServerManagerAuthSettings, Settin
     server_binding_port: HostPort;
     server_cookies_http_only: boolean;
     server_cookies_name_auth: AuthCookieName;
-    server_cookies_same_site: 'strict';
+    server_cookies_same_site: HTTPCookieSameSite;
     server_cookies_secure: boolean;
-    server_csp_default_src: ServerManagerCSPDefValue;
-    server_csp_img_src: ServerManagerCSPDefValue;
-    server_csp_script_src: ServerManagerCSPDefValue;
+    server_csp_default_src: HTTPCSPValue;
+    server_csp_img_src: HTTPCSPValue;
+    server_csp_script_src: HTTPCSPValue;
+    server_cors_credentials: boolean;
+    server_cors_headers: HTTPHeaderName[];
+    server_cors_methods: HTTPMethod[];
+    server_cors_origins: URL[];
+    server_expose_openapi_spec: boolean;
+    server_expose_openapi_spec_at: URLPath;
     server_public_api_key_header_name: PublicApiKeyHeaderName;
     server_public_url: URL;
     server_ssl_fullchain_path: FilePath | null;
@@ -46,6 +51,11 @@ export interface ServerManager extends Initializable {
      * @param contract
      */
     mountSync<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>(appManifest: AppManifest, ucd: UCDef<I, OPI0, OPI1>, contract: UCHTTPContract): void;
+    /**
+     * Mount the OpenAPI spec
+     * @param spec
+     */
+    mountOpenAPISpec(spec: OpenAPISpec, at: URLPath): Promise<void>;
     /**
      * Mount the static directory at `/`
      * @param dirPath

package/dist/esm/target/lib/server/ServerRequestHandler.d.ts

@@ -58,7 +58,6 @@ export declare class ServerRequestHandler implements Worker<Input, Promise<Outpu
     private requestLogger;
     private settingsManager;
     private ucBuilder;
-    private static AUTHORIZATION_HEADER_NAME;
     private static X_FORWARDED_PROTO_HEADER_NAME;
     constructor(authCookieCreator: AuthCookieCreator, authenticationChecker: AuthenticationChecker, customerFacingErrorBuilder: CustomerFacingErrorBuilder, publicApiKeyChecker: PublicApiKeyChecker, requestChecker: RequestChecker, requestLogger: RequestLogger, settingsManager: SettingsManager<S>, ucBuilder: UCBuilder);
     s(): S;

package/dist/esm/target/lib/server/ServerRequestHandler.js

@@ -14,6 +14,7 @@ var ServerRequestHandler_1;
 import { inject, injectable } from 'inversify';
 import { IllegalArgumentError, isEmptyJSON } from '../../../error/index.js';
 import { UCBuilder, UCOutputReader, UCOutputSideEffectType, } from '../../../uc/index.js';
+import { AUTHORIZATION_HEADER_NAME } from '../shared.js';
 import { AuthCookieCreator, } from './AuthCookieCreator.js';
 import { AuthenticationChecker } from './AuthenticationChecker.js';
 import { CustomerFacingErrorBuilder } from './CustomerFacingErrorBuilder.js';
@@ -30,7 +31,6 @@ let ServerRequestHandler = class ServerRequestHandler {
     requestLogger;
     settingsManager;
     ucBuilder;
-    static AUTHORIZATION_HEADER_NAME = 'Authorization';
     static X_FORWARDED_PROTO_HEADER_NAME = 'X-Forwarded-Proto';
     constructor(authCookieCreator, authenticationChecker, customerFacingErrorBuilder, publicApiKeyChecker, requestChecker, requestLogger, settingsManager, ucBuilder) {
         this.authCookieCreator = authCookieCreator;
@@ -73,7 +73,7 @@ let ServerRequestHandler = class ServerRequestHandler {
             });
             const { auth } = await this.authenticationChecker.exec({
                 authCookie: await cookie(this.s().server_cookies_name_auth),
-                authorizationHeader: await header(ServerRequestHandler_1.AUTHORIZATION_HEADER_NAME),
+                authorizationHeader: await header(AUTHORIZATION_HEADER_NAME),
                 uc,
             });
             if (auth) {

package/dist/esm/target/lib/server/consts.d.ts

@@ -1,5 +1,9 @@
+import type { HTTPMethod } from '../../../dt/index.js';
+import type { HTTPHeaderName } from '../../../utils/index.js';
 import type { ServerManagerSettings } from './ServerManager.js';
 /**
  * @see TARGET_DEFAULT_SERVER_CLIENT_MANAGER_SETTINGS
  */
 export declare const TARGET_DEFAULT_SERVER_MANAGER_SETTINGS: ServerManagerSettings;
+export declare const TARGET_USUAL_SERVER_MANAGER_CORS_HEADERS: HTTPHeaderName[];
+export declare const TARGET_USUAL_SERVER_MANAGER_CORS_METHODS: HTTPMethod[];

package/dist/esm/target/lib/server/consts.js

@@ -10,9 +10,15 @@ export const TARGET_DEFAULT_SERVER_MANAGER_SETTINGS = {
     server_cookies_name_auth: 'auth',
     server_cookies_same_site: 'strict',
     server_cookies_secure: true,
+    server_cors_credentials: false,
+    server_cors_headers: [],
+    server_cors_methods: [],
+    server_cors_origins: [],
     server_csp_default_src: [],
     server_csp_img_src: [],
     server_csp_script_src: [],
+    server_expose_openapi_spec: false,
+    server_expose_openapi_spec_at: '/api/openapi.json',
     server_private_api_key_entries: [],
     server_public_api_key_entries: [unsafeDefaultSetting()],
     server_public_api_key_header_name: 'X-API-Key',
@@ -23,3 +29,19 @@ export const TARGET_DEFAULT_SERVER_MANAGER_SETTINGS = {
     server_stop_mode: 'patient',
     server_tmp_path: 'tmp',
 };
+export const TARGET_USUAL_SERVER_MANAGER_CORS_HEADERS = [
+    'Accept',
+    'Authorization',
+    'Content-Type',
+    'Cookie',
+    'Origin',
+    'X-Requested-With',
+];
+export const TARGET_USUAL_SERVER_MANAGER_CORS_METHODS = [
+    'DELETE',
+    'GET',
+    'HEAD',
+    'OPTIONS',
+    'POST',
+    'PUT',
+];

package/dist/esm/target/lib/server-express/CORSMiddlewareBuilder.d.ts

@@ -0,0 +1,15 @@
+import type { RequestHandler } from 'express';
+import type { Configurable, SettingsManager, Worker } from '../../../std/index.js';
+import type { ServerManagerSettings } from '../server/ServerManager.js';
+interface Input {
+}
+type Output = RequestHandler;
+type S = Pick<ServerManagerSettings, 'server_cors_credentials' | 'server_cors_headers' | 'server_cors_methods' | 'server_cors_origins' | 'server_public_api_key_header_name'>;
+export declare class CORSMiddlewareBuilder implements Configurable<S>, Worker<Input, Output> {
+    private settingsManager;
+    constructor(settingsManager: SettingsManager<S>);
+    s(): S;
+    exec(_input: Input): Output;
+    private fmt;
+}
+export {};

package/dist/esm/target/lib/server-express/CORSMiddlewareBuilder.js

@@ -0,0 +1,55 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+import { inject, injectable } from 'inversify';
+let CORSMiddlewareBuilder = class CORSMiddlewareBuilder {
+    settingsManager;
+    constructor(settingsManager) {
+        this.settingsManager = settingsManager;
+    }
+    s() {
+        return {
+            server_cors_credentials: this.settingsManager.get()('server_cors_credentials'),
+            server_cors_headers: this.settingsManager.get()('server_cors_headers'),
+            server_cors_methods: this.settingsManager.get()('server_cors_methods'),
+            server_cors_origins: this.settingsManager.get()('server_cors_origins'),
+            server_public_api_key_header_name: this.settingsManager.get()('server_public_api_key_header_name'),
+        };
+    }
+    exec(_input) {
+        return (req, res, next) => {
+            res.header('Access-Control-Allow-Credentials', String(this.s().server_cors_credentials));
+            res.header('Access-Control-Allow-Headers', this.fmt([
+                ...this.s().server_cors_headers,
+                this.s().server_public_api_key_header_name,
+            ]));
+            res.header('Access-Control-Allow-Methods', this.fmt(this.s().server_cors_methods));
+            const { origin } = req.headers;
+            if (origin) {
+                const electedOrigin = this.s().server_cors_origins.find((o) => o.startsWith(origin));
+                if (electedOrigin) {
+                    res.header('Access-Control-Allow-Origin', electedOrigin);
+                }
+            }
+            next();
+        };
+    }
+    fmt(arr) {
+        return arr.join(', ');
+    }
+};
+CORSMiddlewareBuilder = __decorate([
+    injectable(),
+    __param(0, inject('SettingsManager')),
+    __metadata("design:paramtypes", [Object])
+], CORSMiddlewareBuilder);
+export { CORSMiddlewareBuilder };

package/dist/esm/target/lib/server-express/funcs.d.ts

@@ -7,9 +7,10 @@ import type { UCDef, UCHTTPContract, UCInput, UCManager, UCOPIBase } from '../..
 import type { CustomerFacingErrorBuilder } from '../server/CustomerFacingErrorBuilder.js';
 import type { ServerManagerSettings } from '../server/ServerManager.js';
 import type { ServerRequestHandler, ServerRequestHandlerReq, ServerRequestHandlerRes } from '../server/ServerRequestHandler.js';
+import type { CORSMiddlewareBuilder } from './CORSMiddlewareBuilder.js';
 import type { HelmetMiddlewareBuilder } from './HelmetMiddlewareBuilder.js';
 export declare function buildHandler<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>(appManifest: AppManifest, ucd: UCDef<I, OPI0, OPI1>, contract: UCHTTPContract, serverRequestHandler: ServerRequestHandler, ucManager: UCManager): RequestHandler;
-export declare function init(helmetMB: HelmetMiddlewareBuilder, loggerLevel: LoggerLevel, serverTmpPath: ServerManagerSettings['server_tmp_path']): Express;
+export declare function init(corsMB: CORSMiddlewareBuilder, helmetMB: HelmetMiddlewareBuilder, loggerLevel: LoggerLevel, serverTmpPath: ServerManagerSettings['server_tmp_path']): Express;
 export declare function mountHandler(contract: UCHTTPContract, express: Express, handler: RequestHandler): void;
 export declare function postInit(app: Express, customerFacingErrorBuilder: CustomerFacingErrorBuilder): void;
 export declare function toFile(f: fileUpload.UploadedFile): File;

package/dist/esm/target/lib/server-express/funcs.js

@@ -12,12 +12,16 @@ export function buildHandler(appManifest, ucd, contract, serverRequestHandler, u
                 // Nothing to do
                 break;
             case 'stream': {
+                let streamedOnce = false;
                 execOpts = {
                     stream: {
                         onClose: async () => {
-                            throw new Error('execOpts.stream.onClose needs to be set in the UC ServerMain');
+                            if (streamedOnce) {
+                                throw new Error('execOpts.stream.onClose needs to be set in the UC ServerMain');
+                            }
                         },
                         onData: async (output) => {
+                            streamedOnce = true;
                             if (!output) {
                                 return;
                             }
@@ -72,9 +76,10 @@ export function buildHandler(appManifest, ucd, contract, serverRequestHandler, u
     };
     return handler;
 }
-export function init(helmetMB, loggerLevel, serverTmpPath) {
+export function init(corsMB, helmetMB, loggerLevel, serverTmpPath) {
     const app = express();
     app.use(helmetMB.exec({}));
+    app.use(corsMB.exec({}));
     app.use(fileUpload({
         createParentPath: true,
         debug: loggerLevel === 'trace',

package/dist/esm/target/lib/server-hono/CORSMiddlewareBuilder.d.ts

@@ -0,0 +1,14 @@
+import type { MiddlewareHandler } from 'hono';
+import type { Configurable, SettingsManager, Worker } from '../../../std/index.js';
+import type { ServerManagerSettings } from '../server/ServerManager.js';
+interface Input {
+}
+type Output = MiddlewareHandler;
+type S = Pick<ServerManagerSettings, 'server_cors_credentials' | 'server_cors_headers' | 'server_cors_methods' | 'server_cors_origins' | 'server_public_api_key_header_name'>;
+export declare class CORSMiddlewareBuilder implements Configurable<S>, Worker<Input, Output> {
+    private settingsManager;
+    constructor(settingsManager: SettingsManager<S>);
+    s(): S;
+    exec(_input: Input): Output;
+}
+export {};

package/dist/esm/target/lib/server-hono/CORSMiddlewareBuilder.js

@@ -0,0 +1,46 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+import { cors } from 'hono/cors';
+import { inject, injectable } from 'inversify';
+let CORSMiddlewareBuilder = class CORSMiddlewareBuilder {
+    settingsManager;
+    constructor(settingsManager) {
+        this.settingsManager = settingsManager;
+    }
+    s() {
+        return {
+            server_cors_credentials: this.settingsManager.get()('server_cors_credentials'),
+            server_cors_headers: this.settingsManager.get()('server_cors_headers'),
+            server_cors_methods: this.settingsManager.get()('server_cors_methods'),
+            server_cors_origins: this.settingsManager.get()('server_cors_origins'),
+            server_public_api_key_header_name: this.settingsManager.get()('server_public_api_key_header_name'),
+        };
+    }
+    exec(_input) {
+        return cors({
+            allowHeaders: [
+                ...this.s().server_cors_headers,
+                this.s().server_public_api_key_header_name,
+            ],
+            allowMethods: this.s().server_cors_methods,
+            credentials: true,
+            origin: this.s().server_cors_origins,
+        });
+    }
+};
+CORSMiddlewareBuilder = __decorate([
+    injectable(),
+    __param(0, inject('SettingsManager')),
+    __metadata("design:paramtypes", [Object])
+], CORSMiddlewareBuilder);
+export { CORSMiddlewareBuilder };

package/dist/esm/target/lib/server-hono/funcs.d.ts

@@ -4,8 +4,9 @@ import type { AppManifest } from '../../../app/index.js';
 import type { UCDef, UCHTTPContract, UCInput, UCManager, UCOPIBase } from '../../../uc/index.js';
 import type { CustomerFacingErrorBuilder } from '../server/CustomerFacingErrorBuilder.js';
 import type { ServerRequestHandler, ServerRequestHandlerReq, ServerRequestHandlerRes } from '../server/ServerRequestHandler.js';
+import type { CORSMiddlewareBuilder } from './CORSMiddlewareBuilder.js';
 export declare function buildHandler<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>(appManifest: AppManifest, ucd: UCDef<I, OPI0, OPI1>, contract: UCHTTPContract, serverRequestHandler: ServerRequestHandler, ucManager: UCManager, beforeExec?: (c: Context) => Promise<void>): Handler;
-export declare function init<E extends Env = BlankEnv>(customerFacingErrorBuilder: CustomerFacingErrorBuilder): Hono<E>;
+export declare function init<E extends Env = BlankEnv>(corsMB: CORSMiddlewareBuilder, customerFacingErrorBuilder: CustomerFacingErrorBuilder): Hono<E>;
 export declare function mountHandler(contract: UCHTTPContract, hono: Hono, handler: Handler): void;
 export declare function toReq(c: Context): ServerRequestHandlerReq;
 export declare function toRes(c: Context): ServerRequestHandlerRes;

package/dist/esm/target/lib/server-hono/funcs.js

@@ -86,9 +86,10 @@ export function buildHandler(appManifest, ucd, contract, serverRequestHandler, u
     };
     return handler;
 }
-export function init(customerFacingErrorBuilder) {
+export function init(corsMB, customerFacingErrorBuilder) {
     const app = new Hono();
     app.use(secureHeaders());
+    app.use(corsMB.exec({}));
     app.use(logger());
     app.notFound((c) => {
         const error = new NotFoundError();

package/dist/esm/target/lib/shared.d.ts

@@ -1,2 +1,6 @@
+import type { SemVerVersion } from '../../dt/index.js';
+import type { HTTPHeaderName } from '../../utils/index.js';
 export type AuthCookieName = 'auth';
 export type PublicApiKeyHeaderName = 'X-API-Key' | (string & {});
+export declare const AUTHORIZATION_HEADER_NAME: HTTPHeaderName;
+export declare const DEFAULT_VERSION: SemVerVersion;

package/dist/esm/target/lib/shared.js

@@ -1 +1,2 @@
-export {};
+export const AUTHORIZATION_HEADER_NAME = 'Authorization';
+export const DEFAULT_VERSION = '0.1.0';

package/dist/esm/target/nextjs-server/NextJSServerManager.d.ts

@@ -1,6 +1,7 @@
 import type { AppManifest } from '../../app/index.js';
-import type { DirPath } from '../../dt/index.js';
+import type { DirPath, URLPath } from '../../dt/index.js';
 import type { UCDef, UCHTTPContract, UCInput, UCManager, UCOPIBase } from '../../uc/index.js';
+import type { OpenAPISpec } from '../lib/openapi/types.js';
 import type { ServerManager } from '../lib/server/ServerManager.js';
 export declare class NextJSServerManager implements ServerManager {
     overrideUCManager(_ucManager: UCManager): void;
@@ -8,6 +9,7 @@ export declare class NextJSServerManager implements ServerManager {
     initSync(): void;
     mount<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>(_appManifest: AppManifest, _ucd: UCDef<I, OPI0, OPI1>, _contract: UCHTTPContract): Promise<void>;
     mountSync<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>(_appManifest: AppManifest, _ucd: UCDef<I, OPI0, OPI1>, _contract: UCHTTPContract): void;
+    mountOpenAPISpec(_spec: OpenAPISpec, _at: URLPath): Promise<void>;
     mountStaticDir(_dirPath: DirPath): Promise<void>;
     start(): Promise<void>;
     stop(): Promise<void>;