nucleus-core-ts 0.9.705 → 0.9.706
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +11 -11
- package/dist/src/Client/Proxy/authz.d.ts +48 -0
- package/dist/src/Client/Proxy/authz.js +150 -0
- package/dist/src/Client/Proxy/authz.test.d.ts +1 -0
- package/dist/src/Client/Proxy/authz.test.js +192 -0
- package/dist/src/Client/Proxy/httpProxy.js +74 -11
- package/dist/src/Client/Proxy/types.d.ts +28 -0
- package/dist/src/ElysiaPlugin/routes/authorization/discovery.test.d.ts +1 -0
- package/dist/src/ElysiaPlugin/routes/authorization/index.d.ts +50 -0
- package/dist/src/ElysiaPlugin/routes/domain/hostnames.d.ts +4 -2
- package/dist/src/ElysiaPlugin/routes/domain/hostnames.test.d.ts +1 -0
- package/dist/src/ElysiaPlugin/routes/payment/marketplace/authz.test.d.ts +1 -0
- package/dist/src/ElysiaPlugin/routes/payment/marketplace/types.d.ts +9 -0
- package/dist/src/ElysiaPlugin/routes/pubsub/daprAuth.test.d.ts +1 -0
- package/dist/src/ElysiaPlugin/routes/pubsub/types.d.ts +8 -0
- package/dist/src/ElysiaPlugin/routes/storage/cdn.test.d.ts +1 -0
- package/dist/src/ElysiaPlugin/utils.d.ts +5 -0
- package/dist/src/Services/Authorization/EndpointDiscovery/discovery.test.d.ts +1 -0
- package/dist/src/Services/Authorization/EndpointDiscovery/index.d.ts +68 -0
- package/dist/src/Services/Authorization/EndpointDiscovery/seed.d.ts +53 -0
- package/dist/src/Services/Authorization/types.d.ts +6 -0
- package/dist/src/Services/OAuth/providers/microsoft.d.ts +17 -0
- package/dist/src/Services/OAuth/providers/microsoft.test.d.ts +1 -0
- package/dist/src/Services/Tenant/TenantRegistry.d.ts +1 -1
- package/dist/src/Services/Tenant/helpers.d.ts +9 -1
- package/dist/src/Services/Tenant/isTrustedSource.test.d.ts +1 -0
- package/dist/src/types.d.ts +49 -0
- package/package.json +113 -113
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Endpoint discovery: turn an external (non-nucleus) service's OpenAPI document
|
|
3
|
+
* into nucleus claim specs, and match a concrete request path back to its claim.
|
|
4
|
+
*
|
|
5
|
+
* A discovered claim's `action` is prefixed with the service id
|
|
6
|
+
* (`{serviceId}.{resource}.{op}`) so it never collides with an auto-seeded entity
|
|
7
|
+
* claim (which is method-first: `get.users`) and so all of a service's claims can
|
|
8
|
+
* be found by the `{serviceId}.` prefix during reconcile. `serviceId` therefore MUST
|
|
9
|
+
* NOT be an HTTP-method word (get/post/put/patch/delete/toggle/bulk).
|
|
10
|
+
*/
|
|
11
|
+
export interface ClaimSpec {
|
|
12
|
+
action: string;
|
|
13
|
+
path: string;
|
|
14
|
+
method: string;
|
|
15
|
+
description: string;
|
|
16
|
+
}
|
|
17
|
+
/** Minimal slice of an OpenAPI 3.x document we depend on. */
|
|
18
|
+
export interface OpenApiDoc {
|
|
19
|
+
paths?: Record<string, Record<string, {
|
|
20
|
+
tags?: string[];
|
|
21
|
+
operationId?: string;
|
|
22
|
+
summary?: string;
|
|
23
|
+
description?: string;
|
|
24
|
+
} | undefined>>;
|
|
25
|
+
}
|
|
26
|
+
/** Simple glob: exact match, or a trailing `/*` prefix match. */
|
|
27
|
+
export declare function matchesExclude(path: string, patterns: string[] | undefined): boolean;
|
|
28
|
+
export interface ParseOptions {
|
|
29
|
+
/** Path globs to skip (e.g. ['/health', '/api/v1/internal/*']). */
|
|
30
|
+
exclude?: string[];
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Convert an OpenAPI document into claim specs. Deterministic and pure.
|
|
34
|
+
* `action = {serviceId}.{tag|resource}.{operationId | method_normalizedPath}` —
|
|
35
|
+
* the fallback op token embeds the path, so actions are unique even without
|
|
36
|
+
* operationIds (method+path is unique within an OpenAPI doc).
|
|
37
|
+
*/
|
|
38
|
+
export declare function parseOpenApiToClaims(serviceId: string, doc: OpenApiDoc, opts?: ParseOptions): ClaimSpec[];
|
|
39
|
+
/** True when a concrete request path matches a templated OpenAPI path. */
|
|
40
|
+
export declare function pathMatchesTemplate(template: string, concrete: string): boolean;
|
|
41
|
+
/**
|
|
42
|
+
* Given the claim specs for a service and an incoming (method, concrete-path),
|
|
43
|
+
* return the required claim action, or null when no route matches (the caller
|
|
44
|
+
* decides allow/deny for unmapped routes).
|
|
45
|
+
*/
|
|
46
|
+
export declare function matchRouteToAction(specs: ClaimSpec[], method: string, concretePath: string): string | null;
|
|
47
|
+
/** An existing claim row as seen during reconcile. */
|
|
48
|
+
export interface ExistingClaim {
|
|
49
|
+
action: string;
|
|
50
|
+
isActive: boolean;
|
|
51
|
+
path: string;
|
|
52
|
+
method: string;
|
|
53
|
+
description: string;
|
|
54
|
+
}
|
|
55
|
+
export interface ClaimReconcilePlan {
|
|
56
|
+
toInsert: ClaimSpec[];
|
|
57
|
+
toReactivate: ClaimSpec[];
|
|
58
|
+
toDeactivate: ExistingClaim[];
|
|
59
|
+
unchanged: ClaimSpec[];
|
|
60
|
+
}
|
|
61
|
+
/**
|
|
62
|
+
* Pure reconcile: compare a service's currently-discovered specs against its existing
|
|
63
|
+
* claim rows (already filtered to this service's `{serviceId}.` prefix). Removed
|
|
64
|
+
* endpoints are DEACTIVATED, not deleted, so their role assignments survive.
|
|
65
|
+
*/
|
|
66
|
+
export declare function diffClaims(existing: ExistingClaim[], specs: ClaimSpec[]): ClaimReconcilePlan;
|
|
67
|
+
/** Fetch and JSON-parse a service's OpenAPI document. `fetchImpl` is injectable for tests. */
|
|
68
|
+
export declare function fetchOpenApi(baseUrl: string, openapiPath: string, fetchImpl?: typeof fetch): Promise<OpenApiDoc>;
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
import type { NodePgDatabase } from 'drizzle-orm/node-postgres';
|
|
2
|
+
import type { Logger } from '../../Logger';
|
|
3
|
+
import { type ClaimSpec } from './index';
|
|
4
|
+
export interface DiscoveryServiceConfig {
|
|
5
|
+
id: string;
|
|
6
|
+
baseUrl: string;
|
|
7
|
+
openapi?: string;
|
|
8
|
+
exclude?: string[];
|
|
9
|
+
}
|
|
10
|
+
export interface EndpointDiscoveryConfig {
|
|
11
|
+
enabled?: boolean;
|
|
12
|
+
runOnBoot?: boolean;
|
|
13
|
+
services?: DiscoveryServiceConfig[];
|
|
14
|
+
trigger?: {
|
|
15
|
+
enabled?: boolean;
|
|
16
|
+
basePath?: string;
|
|
17
|
+
};
|
|
18
|
+
}
|
|
19
|
+
export interface ServiceDiscoveryResult {
|
|
20
|
+
id: string;
|
|
21
|
+
added: number;
|
|
22
|
+
reactivated: number;
|
|
23
|
+
deactivated: number;
|
|
24
|
+
unchanged: number;
|
|
25
|
+
total: number;
|
|
26
|
+
error?: string;
|
|
27
|
+
}
|
|
28
|
+
export interface DiscoveryRunResult {
|
|
29
|
+
services: ServiceDiscoveryResult[];
|
|
30
|
+
}
|
|
31
|
+
type PgTable = ReturnType<typeof import('drizzle-orm/pg-core').pgTable>;
|
|
32
|
+
/**
|
|
33
|
+
* Seed + reconcile one service's discovered claims into the `claims` table.
|
|
34
|
+
* Idempotent: inserts missing, reactivates previously-removed, and DEACTIVATES
|
|
35
|
+
* (never deletes) claims for this service that are no longer present.
|
|
36
|
+
*/
|
|
37
|
+
export declare function seedDiscoveredClaims(db: NodePgDatabase, claimsTable: PgTable, serviceId: string, specs: ClaimSpec[], logger: Logger): Promise<Omit<ServiceDiscoveryResult, 'id' | 'error'>>;
|
|
38
|
+
/**
|
|
39
|
+
* Boot / on-demand entrypoint: for each configured service, fetch its OpenAPI,
|
|
40
|
+
* derive claim specs, and seed+reconcile them. A per-service fetch/parse failure is
|
|
41
|
+
* logged and skipped (never fails the whole run or boot).
|
|
42
|
+
*/
|
|
43
|
+
export declare function runEndpointDiscovery(db: NodePgDatabase, schemaTables: Record<string, unknown>, config: EndpointDiscoveryConfig, logger: Logger, fetchImpl?: typeof fetch): Promise<DiscoveryRunResult>;
|
|
44
|
+
/**
|
|
45
|
+
* Build the route→claim manifest a reverse proxy consumes: the active discovered
|
|
46
|
+
* claims for a service (by `{serviceId}.` prefix), as templated route rows.
|
|
47
|
+
*/
|
|
48
|
+
export declare function getRouteManifest(db: NodePgDatabase, claimsTable: PgTable, serviceId: string): Promise<Array<{
|
|
49
|
+
action: string;
|
|
50
|
+
path: string;
|
|
51
|
+
method: string;
|
|
52
|
+
}>>;
|
|
53
|
+
export {};
|
|
@@ -3,6 +3,12 @@ export interface AuthorizationConfig {
|
|
|
3
3
|
autoSeedClaims: boolean;
|
|
4
4
|
skipTables: string[];
|
|
5
5
|
skipColumns: string[];
|
|
6
|
+
/**
|
|
7
|
+
* @deprecated NOT ENFORCED. This key was never wired into the request pipeline —
|
|
8
|
+
* paths listed here are still authenticated and authorized normally. To make a
|
|
9
|
+
* path public (skip auth), use `publicPaths` (which has method-qualification and
|
|
10
|
+
* anomalous-path hardening). Kept only for config back-compat; will be removed.
|
|
11
|
+
*/
|
|
6
12
|
excludedPaths: string[];
|
|
7
13
|
publicPaths: string[];
|
|
8
14
|
godminEmail?: string;
|
|
@@ -1,3 +1,20 @@
|
|
|
1
1
|
import type { OAuthCallbackResult, OAuthProviderConfig } from '../types';
|
|
2
|
+
/**
|
|
3
|
+
* Decide whether the Microsoft email may be TRUSTED for account-merge.
|
|
4
|
+
*
|
|
5
|
+
* SECURITY: the Graph `mail` / `userPrincipalName` is directory-controlled, but on
|
|
6
|
+
* multi-tenant ("common"/"organizations"/"consumers") or personal-account apps the
|
|
7
|
+
* signing tenant is NOT owned by us — a hostile tenant admin (or an MSA user) can
|
|
8
|
+
* set `mail` to victim@ourcompany.com. Blindly trusting it let an attacker merge
|
|
9
|
+
* into a victim's existing local account (merge-by-email takeover). Trust the email
|
|
10
|
+
* only when:
|
|
11
|
+
* 1. Microsoft asserts it via the `xms_edov` (email domain-owner verified) claim, OR
|
|
12
|
+
* 2. the app is pinned to a single specific tenant (config.tenantId is a concrete
|
|
13
|
+
* directory, not a multi-tenant meta-authority) — then the issuing directory is
|
|
14
|
+
* one we trust.
|
|
15
|
+
* Otherwise it is treated as UNVERIFIED, so the callback refuses to merge it into a
|
|
16
|
+
* pre-existing local account (a fresh OAuth-origin sign-up is still allowed).
|
|
17
|
+
*/
|
|
18
|
+
export declare function resolveMicrosoftEmailVerified(config: OAuthProviderConfig, idTokenPayload: Record<string, unknown> | null): boolean;
|
|
2
19
|
export declare function buildMicrosoftAuthUrl(config: OAuthProviderConfig, state: string): string;
|
|
3
20
|
export declare function exchangeMicrosoftCode(code: string, config: OAuthProviderConfig): Promise<OAuthCallbackResult>;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -34,7 +34,7 @@ export declare class TenantRegistry {
|
|
|
34
34
|
* Resolve a tenant from an incoming HTTP request.
|
|
35
35
|
* Priority: subdomain → x-tenant header → fallback to main
|
|
36
36
|
*/
|
|
37
|
-
resolveFromRequest(request: Request): TenantResolutionResult;
|
|
37
|
+
resolveFromRequest(request: Request, vettedClientIp?: string): TenantResolutionResult;
|
|
38
38
|
/**
|
|
39
39
|
* Get schema context for a specific schema name.
|
|
40
40
|
*/
|
|
@@ -39,4 +39,12 @@ export declare const isIpInCidr: (ip: string, cidr: string) => boolean;
|
|
|
39
39
|
/**
|
|
40
40
|
* Check if a request comes from a trusted source for the given tenant.
|
|
41
41
|
*/
|
|
42
|
-
export declare const isTrustedSource: (tenant: TenantRecord, request: Request, authMode: "full" | "consumer" | undefined, fallbackSources?: TenantRecord["trustedSources"]
|
|
42
|
+
export declare const isTrustedSource: (tenant: TenantRecord, request: Request, authMode: "full" | "consumer" | undefined, fallbackSources?: TenantRecord["trustedSources"],
|
|
43
|
+
/**
|
|
44
|
+
* The VETTED client IP, resolved by the middleware via resolveClientIp (which
|
|
45
|
+
* only honors X-Forwarded-For from configured trusted proxies). MUST be passed
|
|
46
|
+
* for the allowedIps check to be safe — never re-derive it from raw request
|
|
47
|
+
* headers here, or a client could spoof X-Forwarded-For to match an allowedIp
|
|
48
|
+
* and select another tenant.
|
|
49
|
+
*/
|
|
50
|
+
vettedClientIp?: string) => boolean;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
package/dist/src/types.d.ts
CHANGED
|
@@ -675,6 +675,10 @@ export interface NucleusConfigOptions {
|
|
|
675
675
|
claimsCachePrefix?: string;
|
|
676
676
|
skipTables?: string[];
|
|
677
677
|
skipColumns?: string[];
|
|
678
|
+
/**
|
|
679
|
+
* @deprecated NOT ENFORCED — paths here are still authenticated + authorized.
|
|
680
|
+
* Use `publicPaths` to make a path public. Kept for config back-compat only.
|
|
681
|
+
*/
|
|
678
682
|
excludedPaths?: string[];
|
|
679
683
|
publicPaths?: string[];
|
|
680
684
|
godminEmail?: string;
|
|
@@ -708,6 +712,43 @@ export interface NucleusConfigOptions {
|
|
|
708
712
|
scope?: string;
|
|
709
713
|
}>;
|
|
710
714
|
};
|
|
715
|
+
/**
|
|
716
|
+
* Auto-discover the endpoints of EXTERNAL (non-nucleus) services from their
|
|
717
|
+
* OpenAPI documents and seed a claim per endpoint, so a nucleus IDP can protect
|
|
718
|
+
* 500+ routes across other services (e.g. FastAPI) with the same role/claim model
|
|
719
|
+
* without hand-writing claims. Full (IDP) mode only. Discovered claim actions are
|
|
720
|
+
* `{serviceId}.{tag}.{operationId}` (idempotent on action; removed endpoints are
|
|
721
|
+
* DEACTIVATED, not deleted). Enforcement happens at the reverse proxy via
|
|
722
|
+
* `HttpProxyTarget.authorize` (see nucleus-core-ts/proxy) consuming the
|
|
723
|
+
* `/authorization/route-manifest` this produces. `serviceId` must not be an
|
|
724
|
+
* HTTP-method word (get/post/put/…).
|
|
725
|
+
*/
|
|
726
|
+
endpointDiscovery?: {
|
|
727
|
+
enabled?: boolean;
|
|
728
|
+
/** Run discovery at boot (default true when enabled). */
|
|
729
|
+
runOnBoot?: boolean;
|
|
730
|
+
services?: Array<{
|
|
731
|
+
/** Stable prefix for this service's claim actions (e.g. "agent"). */
|
|
732
|
+
id: string;
|
|
733
|
+
/** Base URL reachable from the IDP (e.g. "http://vorion-agent:8000"). */
|
|
734
|
+
baseUrl: string;
|
|
735
|
+
/** OpenAPI document path (default "/openapi.json"). */
|
|
736
|
+
openapi?: string;
|
|
737
|
+
/** Path globs to skip, e.g. ["/health","/api/v1/internal/*"]. */
|
|
738
|
+
exclude?: string[];
|
|
739
|
+
}>;
|
|
740
|
+
/** godmin-only on-demand re-discovery endpoint. */
|
|
741
|
+
trigger?: {
|
|
742
|
+
enabled?: boolean;
|
|
743
|
+
basePath?: string;
|
|
744
|
+
};
|
|
745
|
+
/**
|
|
746
|
+
* Shared secret that lets the reverse proxy fetch `/authorization/route-manifest`
|
|
747
|
+
* without a user session (presented as the `x-discovery-token` header). Godmin
|
|
748
|
+
* callers are always allowed. Falls back to the `NUCLEUS_DISCOVERY_TOKEN` env.
|
|
749
|
+
*/
|
|
750
|
+
token?: string;
|
|
751
|
+
};
|
|
711
752
|
};
|
|
712
753
|
audit?: {
|
|
713
754
|
enabled?: boolean;
|
|
@@ -980,6 +1021,14 @@ export interface NucleusConfigOptions {
|
|
|
980
1021
|
wsPath?: string;
|
|
981
1022
|
/** Dapr pubsub component name (default: "pubsub-redis") */
|
|
982
1023
|
pubsubName?: string;
|
|
1024
|
+
/**
|
|
1025
|
+
* Shared secret Dapr presents as the `dapr-api-token` header when POSTing a
|
|
1026
|
+
* delivered message to the subscription endpoint. REQUIRED to secure that
|
|
1027
|
+
* endpoint — without it (and without the APP_API_TOKEN/DAPR_API_TOKEN env
|
|
1028
|
+
* fallback) any caller reaching the route can inject realtime events to any
|
|
1029
|
+
* user. Falls back to env APP_API_TOKEN, then DAPR_API_TOKEN.
|
|
1030
|
+
*/
|
|
1031
|
+
daprApiToken?: string;
|
|
983
1032
|
/** Max clients per user (default: 10) */
|
|
984
1033
|
maxClientsPerUser?: number;
|
|
985
1034
|
/** WebSocket idle timeout in seconds (default: 120) */
|
package/package.json
CHANGED
|
@@ -1,115 +1,115 @@
|
|
|
1
1
|
{
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
2
|
+
"name": "nucleus-core-ts",
|
|
3
|
+
"version": "0.9.706",
|
|
4
|
+
"description": "Production-ready, enterprise-grade TypeScript framework for building multi-tenant APIs",
|
|
5
|
+
"author": "Hidayet Can Özcan <hidayetcan@gmail.com>",
|
|
6
|
+
"license": "SEE LICENSE IN LICENSE",
|
|
7
|
+
"keywords": [
|
|
8
|
+
"backend",
|
|
9
|
+
"framework",
|
|
10
|
+
"elysia",
|
|
11
|
+
"drizzle",
|
|
12
|
+
"typescript"
|
|
13
|
+
],
|
|
14
|
+
"files": [
|
|
15
|
+
"bin",
|
|
16
|
+
"dist",
|
|
17
|
+
"schemas",
|
|
18
|
+
"scripts",
|
|
19
|
+
"infra/templates",
|
|
20
|
+
"infra/scripts/generate-project.ts",
|
|
21
|
+
"src/system.tables.json",
|
|
22
|
+
"public",
|
|
23
|
+
"LICENSE"
|
|
24
|
+
],
|
|
25
|
+
"module": "dist/index.js",
|
|
26
|
+
"type": "module",
|
|
27
|
+
"types": "dist/index.d.ts",
|
|
28
|
+
"exports": {
|
|
29
|
+
".": {
|
|
30
|
+
"types": "./dist/index.d.ts",
|
|
31
|
+
"import": "./dist/index.js"
|
|
32
|
+
},
|
|
33
|
+
"./client": {
|
|
34
|
+
"types": "./dist/client.d.ts",
|
|
35
|
+
"import": "./dist/client.js"
|
|
36
|
+
},
|
|
37
|
+
"./fe": {
|
|
38
|
+
"types": "./dist/fe/index.d.ts",
|
|
39
|
+
"import": "./dist/fe/index.js"
|
|
40
|
+
},
|
|
41
|
+
"./fe/auth": {
|
|
42
|
+
"types": "./dist/fe/components/AuthGuard/index.d.ts",
|
|
43
|
+
"import": "./dist/fe/components/AuthGuard/index.js"
|
|
44
|
+
},
|
|
45
|
+
"./proxy": {
|
|
46
|
+
"types": "./dist/src/Client/Proxy/index.d.ts",
|
|
47
|
+
"import": "./dist/src/Client/Proxy/index.js"
|
|
48
|
+
}
|
|
49
|
+
},
|
|
50
|
+
"scripts": {
|
|
51
|
+
"test": "bun test src",
|
|
52
|
+
"build": "bun run scripts/build.ts",
|
|
53
|
+
"build:quick": "bun run build:js && bun run build:types",
|
|
54
|
+
"build:js": "bun build ./index.ts ./client.ts ./fe/index.ts ./src/Client/Proxy/index.ts --outdir=dist --target=bun --format=esm --splitting --minify --external react --external react-dom --external gsap --external @gsap/react --external h-state --external three --external @react-three/fiber --external elysia --external drizzle-orm --external drizzle-kit --external ioredis --external googleapis --external @dapr/dapr --external pg --external @xyflow/react --external @xyflow/system --external @azure/communication-email --external @azure/identity --external stripe",
|
|
55
|
+
"build:types": "tsc --declaration --emitDeclarationOnly --outDir dist --skipLibCheck",
|
|
56
|
+
"version:patch": "bun run scripts/version.ts patch",
|
|
57
|
+
"version:minor": "bun run scripts/version.ts minor",
|
|
58
|
+
"version:major": "bun run scripts/version.ts major",
|
|
59
|
+
"publish:npm": "bun run scripts/publish.ts",
|
|
60
|
+
"publish:dry": "bun run scripts/publish.ts --dry-run",
|
|
61
|
+
"release": "bun run version:patch && bun run publish:npm",
|
|
62
|
+
"release:minor": "bun run version:minor && bun run publish:npm",
|
|
63
|
+
"release:major": "bun run version:major && bun run publish:npm",
|
|
64
|
+
"generate:schemas": "bun run scripts/generate-types-schema.ts",
|
|
65
|
+
"lint": "biome check . --write",
|
|
66
|
+
"lint:fix": "biome check --config-path ./biome.json --write",
|
|
67
|
+
"prepublishOnly": "echo 'Use: bun run publish:npm'"
|
|
68
|
+
},
|
|
69
|
+
"bin": {
|
|
70
|
+
"nucleus-core-ts": "./bin/cli.ts",
|
|
71
|
+
"nucleus": "./bin/cli.ts",
|
|
72
|
+
"nucleus-generate": "./bin/cli.ts"
|
|
73
|
+
},
|
|
74
|
+
"devDependencies": {
|
|
75
|
+
"@react-three/fiber": "latest",
|
|
76
|
+
"@types/bun": "latest",
|
|
77
|
+
"@types/pg": "latest",
|
|
78
|
+
"@types/react": "latest",
|
|
79
|
+
"@types/react-dom": "latest",
|
|
80
|
+
"@types/three": "latest",
|
|
81
|
+
"bun-plugin-tailwind": "latest",
|
|
82
|
+
"drizzle-kit": "latest",
|
|
83
|
+
"javascript-obfuscator": "latest",
|
|
84
|
+
"lucide-react": "latest",
|
|
85
|
+
"three": "latest"
|
|
86
|
+
},
|
|
87
|
+
"peerDependencies": {
|
|
88
|
+
"typescript": "latest",
|
|
89
|
+
"elysia": "latest",
|
|
90
|
+
"@dapr/dapr": "latest",
|
|
91
|
+
"react": "latest",
|
|
92
|
+
"react-dom": "latest",
|
|
93
|
+
"pg": "latest",
|
|
94
|
+
"tailwindcss": "latest",
|
|
95
|
+
"tailwind-merge": "latest",
|
|
96
|
+
"clsx": "latest"
|
|
97
|
+
},
|
|
98
|
+
"dependencies": {
|
|
99
|
+
"@elysiajs/static": "latest",
|
|
100
|
+
"@elysiajs/swagger": "latest",
|
|
101
|
+
"@gsap/react": "latest",
|
|
102
|
+
"@simplewebauthn/server": "^13.3.0",
|
|
103
|
+
"@xyflow/react": "latest",
|
|
104
|
+
"drizzle-orm": "latest",
|
|
105
|
+
"googleapis": "latest",
|
|
106
|
+
"gsap": "latest",
|
|
107
|
+
"h-state": "latest",
|
|
108
|
+
"ioredis": "latest",
|
|
109
|
+
"reflect-metadata": "^0.2.2"
|
|
110
|
+
},
|
|
111
|
+
"optionalDependencies": {
|
|
112
|
+
"@azure/communication-email": "latest",
|
|
113
|
+
"stripe": "latest"
|
|
114
|
+
}
|
|
115
115
|
}
|