nucleus-core-ts 0.9.747 → 0.9.749

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -8,11 +8,18 @@ import type { AuthRouteType } from '../Services/RateLimiter';
8
8
  * protection is silently off), and (b) never classified /auth/invite at all.
9
9
  *
10
10
  * This resolves the route from the SAME config the auth routes register, and
11
- * matches on a path boundary: `pathname === route` OR `pathname.endsWith(route)`.
12
- * Because every route begins with '/', endsWith only matches at a segment
13
- * boundary so a multi-tenant basePath prefix ('/t1/auth/login') matches while a
14
- * mid-path substring ('/xauth/login', '/auth/login/extra') does NOT (the old
15
- * includes() false-positived on both).
11
+ * matches on a path boundary: `pathname === route`, OR `pathname.endsWith(route)`
12
+ * (a multi-tenant basePath prefix like '/t1/auth/login'), OR `pathname` contains
13
+ * `route + '/'` (a SUB-path of the route). The last clause is what makes the
14
+ * strict budget reach routes whose real endpoints are sub-paths of the configured
15
+ * base passwordReset registers at `${route}/request` + `${route}/confirm`, and
16
+ * magic-link verification at `${route}/verify`; without it those endpoints fell
17
+ * through to the lax private/public limit (SECURITY — the documented brute-force
18
+ * lockout was silently OFF on password-reset). Because every `route` begins with
19
+ * '/' and the sub-path needle ends with '/', both ends sit on a segment boundary,
20
+ * so '/xauth/login' and '/products/auth-login-helper' still do NOT match, while
21
+ * '/auth/password-reset/confirm' and '/t1/auth/magic-link/verify' do. Classifying
22
+ * a sub-path as its parent auth type is the SAFE direction (stricter limit).
16
23
  */
17
24
  export type AuthRouteConfigSubset = {
18
25
  login?: {
@@ -0,0 +1,25 @@
1
+ /**
2
+ * SECURITY (M18): resolve the schema that change-user-id's raw DDL/UPDATEs must
3
+ * target. It MUST equal the schema authorization was evaluated against — i.e. the
4
+ * same registry+header resolution resolveAuthTablesForRequest uses — otherwise a
5
+ * godmin scoped to one tenant could drive destructive DDL against a different
6
+ * (static default) schema.
7
+ *
8
+ * Returns the static default when not multi-tenant (no registry / no header).
9
+ * Fails CLOSED: an x-tenant-schema the registry doesn't know is rejected
10
+ * ('unknown'), and — since the result feeds sql.raw() — a value that isn't a
11
+ * strict SQL identifier is rejected ('invalid').
12
+ */
13
+ export type SchemaRegistryLike = {
14
+ getSchemaContext(name: string): {
15
+ schemaName: string;
16
+ } | undefined;
17
+ };
18
+ export type MutationSchemaResult = {
19
+ ok: true;
20
+ schema: string;
21
+ } | {
22
+ ok: false;
23
+ reason: 'unknown' | 'invalid';
24
+ };
25
+ export declare function resolveMutationSchema(staticSchema: string, tenantHeader: string | null | undefined, registry: SchemaRegistryLike | null | undefined): MutationSchemaResult;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nucleus-core-ts",
3
- "version": "0.9.747",
3
+ "version": "0.9.749",
4
4
  "description": "Production-ready, enterprise-grade TypeScript framework for building multi-tenant APIs",
5
5
  "author": "Hidayet Can Özcan <hidayetcan@gmail.com>",
6
6
  "license": "SEE LICENSE IN LICENSE",