rajt 0.0.17 → 0.0.18

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "rajt",
   "description": "A serverless bundler layer, fully typed for AWS Lambda (Node.js and LLRT) and Cloudflare Workers.",
-  "version": "0.0.17",
+  "version": "0.0.18",
   "type": "module",
   "main": "dist/index.js",
   "exports": {
@@ -17,7 +17,7 @@
     "local": "bun run --silent build && bun run --silent sam:local",
     "build": "bun run --silent cache:routes && bun run --silent export && bun run --silent clean:temp",
     "build:watch": "chokidar \"../../{actions,configs,models,utils}/**/*.ts\" -c \"bun run --silent build\" --initial",
-    "export": "esbuild --bundle --minify --outfile=../../dist/index.js --platform=node --target=node20 --format=esm --tree-shaking=true --legal-comments=none src/prod.ts",
+    "export": "esbuild --bundle --minify --outfile=../../dist/index.js --platform=node --target=node20 --format=esm --tree-shaking=true --legal-comments=none --external:@aws-sdk --external:@smithy src/prod.ts",
     "package": "bun run --silent build && bun run --silent sam:package",
     "deploy": "bun run --silent build && bun run --silent sam:package && bun run --silent sam:deploy",
     "update": "bun run --silent build && bun run --silent zip && bun run --silent sam:update",
@@ -34,13 +34,13 @@
     "start": "node ../../dist/index.js"
   },
   "dependencies": {
-    "@aws-lite/client": "^0.23.2",
-    "@aws-lite/dynamodb": "^0.3.9",
-    "@aws-lite/dynamodb-types": "^0.3.11",
+    "@aws-sdk/client-dynamodb": "3.817.0",
+    "@aws-sdk/lib-dynamodb": "3.817.0",
     "@hono/node-server": "^1.14.1",
     "@hono/zod-validator": "^0.4.3",
     "@types/node": "^20.11.0",
     "chokidar-cli": "^3.0.0",
+    "cripta": "^0.1.6",
     "dotenv": "^16.5.0",
     "esbuild": "^0.25.2",
     "hono": "^4.7.6",
@@ -49,6 +49,9 @@
     "tsx": "^4.19.3",
     "typescript": "^5.8.3"
   },
+  "resolutions": {
+    "@smithy/types": "^4.3.0"
+  },
   "publishConfig": {
     "registry": "https://registry.npmjs.org"
   },

package/src/action.ts

@@ -2,7 +2,6 @@ import { Context, Handler, HonoRequest, MiddlewareHandler, Next, ValidationTarge
 import { z, ZodObject, ZodRawShape } from 'zod'
 import { zValidator } from '@hono/zod-validator'
 // import { JSONValue } from 'hono/utils/types'
-import json from './response'
 import JsonResponse from './response'
 import { bufferToFormData } from 'hono/utils/buffer'
 import { HTTPException } from 'hono/http-exception'
@@ -26,7 +25,7 @@ export default abstract class Action {
   rule<T extends keyof ValidationTargets>(target: T): { schema: (schema: ZodObject<any>) => RuleDefinition }
   rule<T extends keyof ValidationTargets>(target: T, schema: ZodObject<any>): RuleDefinition
 
-  public rule<T extends keyof ValidationTargets>(target: T, schema?: ZodObject<any>):
+  rule<T extends keyof ValidationTargets>(target: T, schema?: ZodObject<any>):
     | { schema: (schema: ZodObject<any>) => RuleDefinition }
     | RuleDefinition
   {
@@ -47,15 +46,15 @@ export default abstract class Action {
     }
   }
 
-  public param(key: string) {
+  param(key: string) {
     return this.context.req.param(key)
   }
 
-  public query() {
+  query() {
     return this.context.req.query()
   }
 
-  public async form(cType?: string) {
+  async form(cType?: string) {
     cType ??= this.context.req.header('Content-Type')
     if (!cType) return {}
 
@@ -92,7 +91,7 @@ export default abstract class Action {
     return form
   }
 
-  public async json<E>() {
+  async json<E>() {
     try {
       return await this.context.req.json<E>()
     } catch {
@@ -100,7 +99,7 @@ export default abstract class Action {
     }
   }
 
-  public async body<E>() {
+  async body<E>() {
     const cType = this.context.req.header('Content-Type')
     if (!cType) return {}
 
@@ -118,11 +117,11 @@ export default abstract class Action {
     return {}
   }
 
-  public get response() {
+  get response() {
     return this.context ? JsonResponse.setContext(this.context) : JsonResponse
   }
 
-  public validate() {
+  validate() {
     const rules = this.rules()
     const h = async (c: Context) => {
       this.context = c
@@ -134,7 +133,7 @@ export default abstract class Action {
       .map(rule => zValidator(rule.target, rule.schema, (result, c) => {
         if (!result.success) {
           // @ts-ignore
-          return json.badRequest({ ...result.error.flatten()[rule.eTarget] })
+          return JsonResponse.badRequest({ ...result.error.flatten()[rule.eTarget] })
         }
       }))
 
@@ -143,7 +142,26 @@ export default abstract class Action {
     return rulesArray
   }
 
-  public run() {
+  get auth() {
+    const auth = this.context.get('#auth')
+    return auth ? auth?.data : null
+  }
+
+  can(...abilities: string[]): boolean {
+    const auth = this.context.get('#auth')
+    return auth ? auth.can(...abilities) : false
+  }
+
+  cant(...abilities: string[]): boolean {
+    return !this.can(...abilities)
+  }
+
+  hasRole(...roles: string[]): boolean {
+    const auth = this.context.get('#auth')
+    return auth ? auth.hasRole(...roles) : false
+  }
+
+  run() {
     return this.validate()
   }
 

package/src/auth/ability.ts

@@ -0,0 +1,51 @@
+import { Routes } from '../types'
+import { Roles, Abilities } from './types'
+
+export class Ability {
+  static #roles: Roles = {}
+  static #abilities: Abilities = []
+
+  static empty() {
+    this.#roles = {}
+    this.#abilities = []
+  }
+
+  static fromRoutes(actions: Routes) {
+    if (!actions?.length) return
+
+    const paths = actions?.map(a => Array.isArray(a) ? a[1] : a.path) ?? []
+    const items = new Set(paths)
+
+    if (items.size !== actions.length)
+      throw new Error(`Duplicate routes detected: "${paths.filter((path, index) => paths.indexOf(path) !== index).join('", "')}"`)
+
+    this.#abilities = Array.from(items).map(a => this.format(a)).filter(Boolean)
+  }
+
+  static fromAction(target: any): string | null {
+    return !target || !target?.p ? null : this.format(target.p)
+  }
+
+  static format(path: string) {
+    return path.normalize('NFD')
+      .replace(/[\u0300-\u036f]/g, '')
+      .replace(/^\/*/, '')
+      .replace(/[^a-zA-Z0-9/]|[\s_.]/g, '-')
+      .replace(/([a-z])([A-Z])/g, '$1-$2')
+      .replace(/\//g, '.')
+      .replace(/-+/g, '-')
+      .toLowerCase()
+  }
+
+  static get abilities() {
+    return this.#abilities
+  }
+
+  static get roles() {
+    return this.#roles
+  }
+
+  static set roles(roles: Roles) {
+    this.#roles = roles
+  }
+}

package/src/auth/auth.ts

@@ -0,0 +1,72 @@
+import { Ability } from './ability'
+
+type Authenticatable = {
+  role?: string,
+  roles?: string[],
+  perms?: string[],
+}
+
+export class Authnz<T extends object> {
+  #abilities: string[]
+  #roles: string[]
+  #data: T
+
+  constructor(data: T, abilities: string[], roles: string[]) {
+    this.#abilities = abilities
+    this.#roles = roles
+    this.#data = data
+  }
+
+  can(...abilities: string[]): boolean {
+    if (this.#abilities.includes('*')) return true
+
+    return abilities.flat().every(ability => {
+      if (this.#roles.includes(ability)) return true
+      return this.#abilities.some(rule => this.#match(rule, ability))
+    })
+  }
+  cant(...abilities: string[]): boolean {
+    return !this.can(...abilities)
+  }
+
+  hasRole(...roles: string[]): boolean {
+    return roles.flat().every(role => this.#roles.includes(role))
+  }
+
+  static fromToken<T extends object>(user: any): Authnz<T> | null {
+    if (!user || user?.isInvalid()) return null
+    user = user.get()
+    const roles = [...(user?.role ? [user.role] : []), ...(user?.roles ?? [])]
+
+    const combined = [...(user?.perms ?? []), ...roles.flatMap(role => {
+      const perms = Ability.roles[role]
+      if (!perms) return []
+      return perms === '*' ? ['*'] : perms;
+    })]
+
+    const abilities = combined.includes('*') ? ['*'] : Array.from(new Set(combined))
+
+    return new Authnz(user as T, abilities, roles)
+  }
+
+  #match(rule: string, ability: string): boolean {
+    if (rule === ability) return true
+    if (rule.endsWith('.*')) {
+      const prefix = rule.slice(0, -2)
+      return ability.startsWith(`${prefix}.`) || ability === prefix
+    }
+    return false
+  }
+
+  get abilities() {
+    return this.#abilities
+  }
+
+  get roles() {
+    return this.#roles
+  }
+
+  get data() {
+    return this.#data
+  }
+}

package/src/auth/index.ts

@@ -0,0 +1,5 @@
+export { Ability } from './ability'
+export { Authnz } from './auth'
+export { Token } from './token'
+
+export * from './types'

package/src/auth/token.ts

@@ -0,0 +1,80 @@
+import { Envir } from 't0n'
+import { Token as Factory } from 'cripta'
+import type { Context, HonoRequest, Next } from 'hono'
+
+export class Token {
+  static #name: string = 'Authorization'
+  static #prefix: string = 'bearer'
+
+  static fromRequest(c: Context) {
+    // const token = this.fromHeader(c.req)
+    // Mock user
+    const token = this.create(c.req, {
+      name: 'Nicolau',
+      email: 'nicolau@zunq.com',
+      role: 'user',
+    }).get()
+
+    return token ? this.parse(c.req, token) : null
+  }
+
+  static fromHeader(req: HonoRequest): string | null {
+    const header = req.header(this.#name) || req.header('HTTP_AUTHORIZATION') || req.header('REDIRECT_HTTP_AUTHORIZATION') || null
+
+    if (header) {
+      const position = header.toLowerCase().indexOf(this.#prefix.toLowerCase())
+      if (position !== -1) {
+        let token = header.slice(position + this.#prefix.length).trim()
+        const commaPos = token.indexOf(',')
+        if (commaPos !== -1) token = token.slice(0, commaPos).trim()
+
+        return token
+      }
+    }
+
+    return null
+  }
+
+  static parse(req: HonoRequest, token: string) {
+    const host = this.host(Envir.get('FLOW_SERVER') || req.header('host') || '')
+
+    return Factory.parse(token)
+      .issuedBy(host)
+      .permittedFor(host)
+  }
+
+  static create(req: HonoRequest, user: any, exp: number = 7200) {
+    const time = Math.floor(Date.now() / 1000)
+    const host = this.host(req.header('host') || '')
+
+    return Factory.create()
+      .issuedBy(host)
+      .permittedFor(host)
+      .issuedAt(time)
+      .expiresAt(time + exp)
+      .body(user)
+  }
+
+  static setPrefix(prefix: string): void {
+    this.#prefix = prefix
+  }
+
+  static setName(name: string): void {
+    this.#name = name
+  }
+
+  static host(url: string | null | undefined): string {
+    if (!url) return ''
+
+    let formattedUrl = String(url)
+    if (!formattedUrl.startsWith('http'))
+      formattedUrl = 'http://' + formattedUrl
+
+    try {
+      const parsedUrl = new URL(formattedUrl)
+      return parsedUrl.host
+    } catch (e) {
+      return ''
+    }
+  }
+}

package/src/auth/types.ts

@@ -0,0 +1,2 @@
+export type Roles = Record<string, string[] | '*'>
+export type Abilities = string[]

package/src/create-app.ts

@@ -1,15 +1,15 @@
 /* eslint-disable @typescript-eslint/no-explicit-any */
 import { Hono } from 'hono'
 import type { Env, Context, ErrorHandler, NotFoundHandler, Next } from 'hono'
-// import type { Env, Context, ErrorHandler, MiddlewareHandler, NotFoundHandler, Next } from 'hono'
+// import type { MiddlewareHandler } from 'hono'
 // import { createMiddleware } from 'hono/factory'
 // import type { H, Handler, HandlerResponse } from 'hono/types'
 import { HTTPResponseError } from 'hono/types'
 import { Routes } from './types'
 import { BadRequest, Unauthorized } from './exceptions'
 import response from './response'
-import resolve from './utils/resolve'
-import { getHandler } from './register'
+import { resolve, resolveMiddleware } from './utils/resolve'
+import { getGlobalMiddlewares, getHandler } from './register'
 import env from './utils/environment'
 
 type InitFunction<E extends Env = Env> = (app: Hono<E>) => void
@@ -90,8 +90,14 @@ export const createApp = <E extends Env>(options?: ServerOptions<E>) => {
       response.setContext(c)
       await next()
     },
+    ...getGlobalMiddlewares()
   ]
-  middlewares.forEach(middleware => app.use(middleware))
+  middlewares.forEach(mw => {
+    // @ts-ignore
+    const h = resolveMiddleware(mw)
+    // @ts-ignore
+    mw?.p ? app.use(String(mw.p), h) : app.use(h)
+  })
 
   app.onError(options?.onError || EHandler)
   app.notFound(options?.notFound || NFHandler)

package/src/dev.ts

@@ -2,18 +2,23 @@ import { config } from 'dotenv'
 import { serve } from '@hono/node-server'
 import createApp from './create-app'
 import getRoutes from './routes'
+import { Ability } from './auth'
 import { getAvailablePort } from './utils/port'
+import jsonImport from './utils/json-import'
 
 config({ path: '../../.env.dev' })
 
 const routes = await getRoutes()
+Ability.fromRoutes(routes)
+Ability.roles = jsonImport('../../../../.rolefile')
+
 const fetch = createApp({ routes }).fetch
 
 const desiredPort = process.env?.PORT ? Number(process.env.PORT) : 3000
 getAvailablePort(desiredPort)
   .then(port => {
     if (port != desiredPort)
-      console.log(`🟨 Port ${desiredPort} was in use, using ${port} as a fallback`)
+      console.warn(`🟨 Port ${desiredPort} was in use, using ${port} as a fallback`)
 
     console.log(`🚀 API running on http://localhost:${port}`)
     serve({ fetch, port })

package/src/dynamodb/client.ts

@@ -1,17 +1,20 @@
-import awsLite from '@aws-lite/client'
-import dynamodbLite from '@aws-lite/dynamodb'
+import { DynamoDBClient } from '@aws-sdk/client-dynamodb'
+import { DynamoDBDocumentClient } from '@aws-sdk/lib-dynamodb'
 import AbstractModel from './model'
 
-export const aws = await awsLite({
-  plugins: [dynamodbLite],
-  // https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-lib-dynamodb/#configuration
-  // @ts-ignore
-  awsjsonMarshall: {convertClassInstanceToMap: true},
-  awsjsonUnmarshall: {convertClassInstanceToMap: true}
-})
+const client = new DynamoDBClient(process.env?.AWS_SAM_LOCAL ? {
+  region: process.env.AWS_REGION || "us-east-1",
+  endpoint: process.env.AWS_ENDPOINT_URL || undefined,
+  credentials: {
+    accessKeyId: process.env.AWS_ACCESS_KEY_ID || "DUMMYIDEXAMPLE",
+    secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY || "DUMMYEXAMPLEKEY",
+  },
+} : {})
+
+export const ddb = DynamoDBDocumentClient.from(client)
 
 export class Dynamodb {
   static model<T extends object>(cls: new (...args: any[]) => T) {
-    return new AbstractModel<T>(cls, aws.DynamoDB)
+    return new AbstractModel<T>(cls, ddb)
   }
 }

package/src/dynamodb/compact.ts

@@ -2,7 +2,7 @@ import type { SchemaStructure } from './types'
 import getLength from '../utils/lenght'
 
 export default class Compact {
-  private static typeMap: Record<string, string> = {
+  static #typeMap: Record<string, string> = {
     // Null
     'null,': 'N,',
     ',null': ',N',
@@ -33,7 +33,7 @@ export default class Compact {
         .replace(/'/g, '"')
         .replace(/~TDQ~/g, "'")
         .replace(/\\'/g, "^'"),
-      this.typeMap
+      this.#typeMap
     )
   }
 
@@ -49,7 +49,7 @@ export default class Compact {
   static decode<T = any>(val: string, schema: SchemaStructure): T {
     if (!val) return val as T
 
-    val = this.replaceTypes(val, this.reverseMap(this.typeMap))
+    val = this.replaceTypes(val, this.reverseMap(this.#typeMap))
       .replace(/"/g, '~TSQ~')
       .replace(/'/g, '"')
       .replace(/~TSQ~/g, "'")

package/src/dynamodb/model.ts

@@ -1,4 +1,14 @@
-import type { AwsLiteDynamoDB } from '@aws-lite/dynamodb-types'
+import {
+  DynamoDBDocumentClient,
+  BatchGetCommand,
+  BatchWriteCommand,
+  DeleteCommand,
+  GetCommand,
+  PutCommand,
+  QueryCommand,
+  ScanCommand,
+  UpdateCommand,
+} from '@aws-sdk/lib-dynamodb'
 import type { ModelMetadata, Keys, Model, Filter } from './types'
 import { getModelMetadata } from './decorators'
 import QueryBuilder from './query-builder'
@@ -6,18 +16,25 @@ import Compact from './compact'
 import getLength from '../utils/lenght'
 
 export default class AbstractModel<T extends object> {
-  private meta: ModelMetadata
-  private cls!: Model<T>
-  private lastKey?: Record<string, any>
+  #meta: ModelMetadata
+  #cls!: Model<T>
+  lastKey?: Record<string, any>
+  #db: DynamoDBDocumentClient
+  #queryBuilder?: QueryBuilder
+  #model?: AbstractModel<T>
 
   constructor(
     cls: Model<T> | ModelMetadata,
-    private db: AwsLiteDynamoDB,
-    private queryBuilder?: QueryBuilder,
-    private model?: AbstractModel<T>
+    db: DynamoDBDocumentClient,
+    queryBuilder?: QueryBuilder,
+    model?: AbstractModel<T>
   ) {
+    this.#db = db
+    this.#queryBuilder = queryBuilder
+    this.#model = model
+
     if (typeof (cls as ModelMetadata).table === 'string') {
-      this.meta = cls as ModelMetadata
+      this.#meta = cls as ModelMetadata
       return
     }
 
@@ -25,21 +42,21 @@ export default class AbstractModel<T extends object> {
     if (!meta)
       throw new Error('Missing model metadata')
 
-    this.meta = meta
-    this.cls = cls as Model<T>
+    this.#meta = meta
+    this.#cls = cls as Model<T>
   }
 
   get table(): string {
-    return this.meta.table
+    return this.#meta.table
   }
 
   get keySchema() {
-    return this.meta.keys
+    return this.#meta.keys
   }
 
   set lastEvaluatedKey(val: Record<string, any> | undefined) {
-    if (this.model) {
-      this.model.lastKey = val
+    if (this.#model) {
+      this.#model.lastKey = val
     } else {
       this.lastKey = val
     }
@@ -51,52 +68,61 @@ export default class AbstractModel<T extends object> {
   where(builderFn: (q: QueryBuilder) => void) {
     const qb = new QueryBuilder()
     builderFn(qb)
-    return new AbstractModel<T>(this.meta, this.db, qb, this)
+    return new AbstractModel<T>(this.#meta, this.#db, qb, this)
   }
 
   async scan(filterFn?: Filter<T>) {
-    const result = await this.db.Scan({ TableName: this.table, ...this.queryBuilder?.filters })
+    const result = await this.#db.send(new ScanCommand({
+      TableName: this.table,
+      ...this.#queryBuilder?.filters,
+    }))
 
     this.lastEvaluatedKey = result.LastEvaluatedKey
-    return this.processItems(result.Items, filterFn)
+    return this.#processItems(result.Items, filterFn)
   }
 
   async query(filterFn?: Filter<T>) {
-    const result = await this.db.Query({ TableName: this.table, ...this.queryBuilder?.conditions })
+    const result = await this.#db.send(new QueryCommand({
+      TableName: this.table,
+      ...this.#queryBuilder?.conditions,
+    }))
 
     this.lastEvaluatedKey = result.LastEvaluatedKey
-    return this.processItems(result.Items, filterFn)
+    return this.#processItems(result.Items, filterFn)
   }
 
   async get(key: Keys, sk?: string) {
-    const result = await this.db.GetItem({ TableName: this.table, Key: this.key(key, sk) })
-    return result.Item ? this.processItem(result.Item) : undefined
+    const result = await this.#db.send(new GetCommand({
+      TableName: this.table,
+      Key: this.#key(key, sk),
+    }))
+    return result.Item ? this.#processItem(result.Item) : undefined
   }
 
   async put(item: Partial<T>, key: Keys) {
     let keys
-    if (this.meta.zip) {
-      keys = this.getItemKey(item, key)
-      this.validateKeys(keys)
+    if (this.#meta.zip) {
+      keys = this.#getItemKey(item, key)
+      this.#validateKeys(keys)
       // @ts-ignore
-      item = { ...keys, V: Compact.encode(this.getItemWithoutKeys(item), this.meta.fields)}
+      item = { ...keys, V: Compact.encode(this.getItemWithoutKeys(item), this.meta.fields) }
     } else {
-      this.validateKeys(item)
+      this.#validateKeys(item)
     }
 
-    await this.db.PutItem({ TableName: this.table, Item: item })
-    return this.processItem(item, keys)
+    await this.#db.send(new PutCommand({ TableName: this.table, Item: item }))
+    return this.#processItem(item, keys)
   }
 
   async update(attrs: Partial<T>, key: Keys) {
     let keys
-    if (this.meta.zip) {
-      keys = this.getItemKey(attrs, key)
-      this.validateKeys(keys)
+    if (this.#meta.zip) {
+      keys = this.#getItemKey(attrs, key)
+      this.#validateKeys(keys)
       // @ts-ignore
-      attrs = { V: Compact.encode(this.getItemWithoutKeys(attrs), this.meta.fields)}
+      attrs = { V: Compact.encode(this.getItemWithoutKeys(attrs), this.meta.fields) }
     } else {
-      this.validateKeys(attrs)
+      this.#validateKeys(attrs)
     }
 
     const UpdateExpressionParts: string[] = []
@@ -108,26 +134,29 @@ export default class AbstractModel<T extends object> {
     const UpdateExpression = 'SET ' + UpdateExpressionParts.join(', ')
     const ExpressionAttributeNames = Object.fromEntries(Object.keys(attrs).map(k => [`#${k}`, k]))
 
-    await this.db.UpdateItem({
+    await this.#db.send(new UpdateCommand({
       TableName: this.table,
-      Key: this.key(key),
+      Key: this.#key(key),
       UpdateExpression,
       ExpressionAttributeValues,
-      ExpressionAttributeNames
-    })
+      ExpressionAttributeNames,
+    }))
 
-    return this.processItem(attrs, keys)
+    return this.#processItem(attrs, keys)
   }
 
   async delete(key: Keys, sk?: string) {
-    return this.db.DeleteItem({ TableName: this.table, Key: this.key(key, sk) })
+    return this.#db.send(new DeleteCommand({
+      TableName: this.table,
+      Key: this.#key(key, sk),
+    }))
   }
 
   async batchGet(keys: Array<Keys>) {
-    const result = await this.db.BatchGetItem({ RequestItems: {
-      [this.table]: { Keys: keys.map(key => this.key(key)) }
-    } })
-    return (result.Responses?.[this.table] as T[] || []).map(item => this.processItem(item))
+    const result = await this.#db.send(new BatchGetCommand({
+      RequestItems: { [this.table]: { Keys: keys.map(key => this.#key(key)) } },
+    }))
+    return (result.Responses?.[this.table] as T[] || []).map(item => this.#processItem(item))
   }
 
   async batchWrite(items: Array<{ put?: Partial<T>, delete?: Keys }>) {
@@ -135,12 +164,12 @@ export default class AbstractModel<T extends object> {
       if (i.put) {
         return { PutRequest: { Item: i.put } }
       } else if (i.delete) {
-        return { DeleteRequest: { Key: this.key(i.delete) } }
+        return { DeleteRequest: { Key: this.#key(i.delete) } }
       }
       return null
-    }).filter(Boolean)
+    }).filter(Boolean) as any[]
 
-    return this.db.BatchWriteItem({ RequestItems: {[this.table]: WriteRequests} })
+    return this.#db.send(new BatchWriteCommand({ RequestItems: { [this.table]: WriteRequests } }))
   }
 
   async deleteMany(keys: Array<Keys>) {
@@ -151,8 +180,8 @@ export default class AbstractModel<T extends object> {
     return this.batchWrite(items.map(item => ({ put: item })))
   }
 
-  private key(key: Keys, sk?: string) {
-    if (!this.meta.keys) return {}
+  #key(key: Keys, sk?: string) {
+    if (!this.#meta.keys) return {}
 
     let pk: string
     let skValue: string | undefined
@@ -164,100 +193,100 @@ export default class AbstractModel<T extends object> {
       skValue = sk
     }
 
-    const keys = { [this.meta.keys.PK]: pk }
+    const keys = { [this.#meta.keys.PK]: pk }
 
-    if (this.meta.keys?.SK) {
+    if (this.#meta.keys?.SK) {
       if (skValue) {
-        keys[this.meta.keys.SK] = skValue
-      } else if (this.meta.defaultSK) {
-        keys[this.meta.keys.SK] = this.meta.defaultSK
+        keys[this.#meta.keys.SK] = skValue
+      } else if (this.#meta.defaultSK) {
+        keys[this.#meta.keys.SK] = this.#meta.defaultSK
       }
     }
 
     return keys
   }
 
-  private getItemKey(item: Partial<T>, key?: Keys): Record<string, string> {
-    if (!this.meta.keys) return {}
+  #getItemKey(item: Partial<T>, key?: Keys): Record<string, string> {
+    if (!this.#meta.keys) return {}
 
     const keys: Record<string, string> = {}
     if (key)
-      this.processExplicitKey(keys, key)
+      this.#processExplicitKey(keys, key)
     else if (getLength(item) > 0)
-      this.processItemKeys(keys, item)
+      this.#processItemKeys(keys, item)
 
     return keys
   }
 
-  private processExplicitKey(keys: Record<string, string>, key: Keys): void {
-    if (!this.meta.keys) return
+  #processExplicitKey(keys: Record<string, string>, key: Keys): void {
+    if (!this.#meta.keys) return
     if (Array.isArray(key)) {
-      keys[this.meta.keys.PK] = key[0]
+      keys[this.#meta.keys.PK] = key[0]
 
-      if (this.meta.keys?.SK) {
+      if (this.#meta.keys?.SK) {
         if (key.length > 1)
           // @ts-ignore
           keys[this.meta.keys.SK] = key[1]
-        else if (this.meta.defaultSK)
-          keys[this.meta.keys.SK] = this.meta.defaultSK
+        else if (this.#meta.defaultSK)
+          keys[this.#meta.keys.SK] = this.#meta.defaultSK
       }
     } else {
-      keys[this.meta.keys.PK] = String(key)
+      keys[this.#meta.keys.PK] = String(key)
     }
   }
 
-  private processItemKeys(keys: Record<string, string>, item: Partial<T>): void {
-    if (!this.meta.keys) return
+  #processItemKeys(keys: Record<string, string>, item: Partial<T>): void {
+    if (!this.#meta.keys) return
 
-    const pkValue = item[this.meta.keys.PK as keyof Partial<T>]
+    const pkValue = item[this.#meta.keys.PK as keyof Partial<T>]
     if (pkValue !== undefined)
-      keys[this.meta.keys.PK] = String(pkValue)
+      keys[this.#meta.keys.PK] = String(pkValue)
 
-    if (this.meta.keys?.SK) {
-      const skValue = item[this.meta.keys.SK as keyof Partial<T>]
+    if (this.#meta.keys?.SK) {
+      const skValue = item[this.#meta.keys.SK as keyof Partial<T>]
       if (skValue !== undefined)
-        keys[this.meta.keys.SK] = String(skValue)
-      else if (this.meta.defaultSK)
-        keys[this.meta.keys.SK] = this.meta.defaultSK
+        keys[this.#meta.keys.SK] = String(skValue)
+      else if (this.#meta.defaultSK)
+        keys[this.#meta.keys.SK] = this.#meta.defaultSK
     }
   }
 
-  private validateKeys(keys: Record<string, any>) {
-    if (!this.meta.keys)
+  #validateKeys(keys: Record<string, any>) {
+    if (!this.#meta.keys)
       throw new Error(`Missing keys of table "${this.table}"`)
 
-    if (!(this.meta.keys.PK in keys))
+    if (!(this.#meta.keys.PK in keys))
       throw new Error(`Missing partition key of table "${this.table}" `)
 
-    if (this.meta.keys?.SK && !(this.meta.keys.SK in keys))
+    if (this.#meta.keys?.SK && !(this.#meta.keys.SK in keys))
       throw new Error(`Missing sort key of table "${this.table}"`)
   }
 
-  private getItemWithoutKeys(item: Partial<T>): Partial<T> {
-    if (!this.meta.keys || !item) return { ...item }
+  #getItemWithoutKeys(item: Partial<T>): Partial<T> {
+    if (!this.#meta.keys || !item) return { ...item }
 
-    const { PK, SK } = this.meta.keys
+    const { PK, SK } = this.#meta.keys
     const { [PK as keyof T]: _, [SK as keyof T]: __, ...rest } = item
 
     return rest as Partial<T>
   }
 
-  private processItems(items: any[] | undefined, filterFn?: Filter<T>): T[] {
+  #processItems(items: any[] | undefined, filterFn?: Filter<T>): T[] {
     if (!items) return []
 
-    items = this.meta.zip ? Compact.smartDecode<T[]>(items, this.meta.fields) : items as T[]
+    items = this.#meta.zip ? Compact.smartDecode<T[]>(items, this.#meta.fields) : items as T[]
     return filterFn ? items.filter(filterFn) : items
   }
 
-  private processItem(item: any, keys?: Record<string, string>): T {
-    if (this.meta.zip && item?.V) {
-      const model = new this.cls(Compact.decode(item.V, this.meta.fields))
-      if (!keys) keys = this.getItemKey(item)
+  #processItem(item: any, keys?: Record<string, string>): T {
+    if (this.#meta.zip && item?.V) {
+      const model = new this.#cls(Compact.decode(item.V, this.#meta.fields))
+      if (!keys) keys = this.#getItemKey(item)
 
       // @ts-ignore
       return model.withKey(keys[this.meta.keys.PK], keys[this.meta.keys.SK] || undefined)
     }
 
-    return new this.cls(item)
+    return new this.#cls(item)
   }
 }

package/src/dynamodb/query-builder.ts

@@ -1,34 +1,34 @@
 import type { Condition, Operator } from './types'
 
 export default class QueryBuilder {
-  private _conditions: Condition[] = []
-  private _limit?: number
-  private _startKey?: Record<string, any>
-  private _index?: string
+  #conditions: Condition[] = []
+  #limit?: number
+  #startKey?: Record<string, any>
+  #index?: string
 
   filter(field: string, operator: Operator, value: any = null) {
-    this._conditions.push({ type: 'filter', field, operator, value })
+    this.#conditions.push({ type: 'filter', field, operator, value })
     return this
   }
 
   keyCondition(field: string, operator: Operator | any, value?: any) {
     const noVal = value === undefined
-    this._conditions.push({ type: 'keyCondition', field, operator: noVal ? '=' : operator, value: noVal ? operator : value })
+    this.#conditions.push({ type: 'keyCondition', field, operator: noVal ? '=' : operator, value: noVal ? operator : value })
     return this
   }
 
   limit(n: number) {
-    this._limit = n
+    this.#limit = n
     return this
   }
 
   exclusiveStartKey(key: Record<string, any>) {
-    this._startKey = key
+    this.#startKey = key
     return this
   }
 
   index(name: string) {
-    this._index = name
+    this.#index = name
     return this
   }
 
@@ -38,7 +38,7 @@ export default class QueryBuilder {
     const names: Record<string, string> = {}
 
     let i = 0
-    for (const cond of this._conditions.filter(c => c.type === type)) {
+    for (const cond of this.#conditions.filter(c => c.type === type)) {
       const attr = `#attr${i}`
       const val = `:val${i}`
       names[attr] = cond.field
@@ -107,11 +107,11 @@ export default class QueryBuilder {
     const filter = this.buildExpression('filter')
     const params: any = {}
 
-    if (this._limit)
-      params.Limit = this._limit
+    if (this.#limit)
+      params.Limit = this.#limit
 
-    if (this._startKey)
-      params.ExclusiveStartKey = this._startKey
+    if (this.#startKey)
+      params.ExclusiveStartKey = this.#startKey
 
     if (filter.expression)
       params.FilterExpression = filter.expression
@@ -131,8 +131,8 @@ export default class QueryBuilder {
 
     const params: any = { ...filters }
 
-    if (this._index)
-      params.IndexName = this._index
+    if (this.#index)
+      params.IndexName = this.#index
 
     if (keys.expression)
       params.KeyConditionExpression = keys.expression

package/src/http.ts

@@ -1,5 +1,9 @@
-import type { MiddlewareHandler } from 'hono'
-import BaseMiddleware, { MiddlewareType } from './middleware'
+import type { Context, Next } from 'hono'
+import { MiddlewareType } from './middleware'
+import JsonResponse from './response'
+import { Ability, Authnz, Token } from './auth'
+import { registerGlobalMiddleware } from './register'
+import mergeMiddleware from './utils/merge-middleware'
 
 function method(method: string, path = '/') {
   return function (target: any) {
@@ -31,27 +35,50 @@ export function Delete(path = '/') {
 
 export function Middleware(...handlers: MiddlewareType[]) {
   return function (target: any) {
-    const middlewareHandlers = handlers.map(handler => {
-      if (typeof handler === 'function' && handler.length === 2)
-        return handler
+    mergeMiddleware(target, ...handlers)
+  }
+}
+export function Middlewares(...handlers: MiddlewareType[]) {
+  return Middleware(...handlers)
+}
+
+type MiddlewareOpt = string | RegExp
+export function GlobalMiddleware(): ClassDecorator
+export function GlobalMiddleware(target: Function): void
+export function GlobalMiddleware(opt?: MiddlewareOpt): ClassDecorator
+export function GlobalMiddleware(...args: any[]): void | ClassDecorator {
+  if (typeof args[0] === 'function')
+    return _globalmw(args[0])
+
+  return (target: any) => _globalmw(target, ...args)
+}
+
+export function Auth(target: Function): void
+export function Auth(): ClassDecorator
+export function Auth(...args: any[]): void | ClassDecorator {
+  if (args.length === 1 && typeof args[0] === 'function')
+    return _auth(args[0])
 
-      if (handler instanceof BaseMiddleware)
-        return handler.handle
+  return (target: any) => _auth(target)
+}
 
-      if (BaseMiddleware.isPrototypeOf(handler)) {
-        const instance = new (handler as new () => BaseMiddleware)()
-        return instance.handle
-      }
+function _auth(target: Function | any) {
+  mergeMiddleware(target, async (c: Context, next: Next) => {
+    const unauthorized = JsonResponse.unauthorized()
 
-      throw new Error('Invalid middleware provided. Must be a Hono middleware function or MiddlewareClass instance/constructor')
-    })
+    const auth = Authnz.fromToken(Token.fromRequest(c))
+    const ability = Ability.fromAction(target)
 
-    const existingMiddlewares: MiddlewareHandler[] = target?.mw || []
-    const allMiddlewares = [...existingMiddlewares, ...middlewareHandlers]
+    if (!auth || !ability || auth.cant(ability))
+      return unauthorized
 
-    target.mw = allMiddlewares
-  }
+    c.set('#auth', auth)
+    await next()
+  })
 }
-export function Middlewares(...handlers: MiddlewareType[]) {
-  return Middleware(...handlers)
+
+function _globalmw(target: Function | any, path?: string) {
+  target.gmw = true
+  target.p = path
+  registerGlobalMiddleware(target)
 }

package/src/middleware.ts

@@ -5,7 +5,7 @@ export type IMiddleware = {
 }
 
 export default abstract class Middleware implements IMiddleware {
-  public abstract handle(c: Context, next: Next): Promise<void> | void
+  abstract handle(c: Context, next: Next): Promise<void> | void
 }
 
 // export type MiddlewareHandler = (c: Context, next: Next) => Promise<void> | void

package/src/prod.ts

@@ -1,14 +1,18 @@
-import { config } from 'dotenv'
 import { handle } from 'hono/aws-lambda'
 import createApp from './create-app'
-
-config({ path: '../../.env.prod' })
+import { Ability } from './auth'
 
 // @ts-ignore
 await import('../../../tmp/import-routes.mjs')
 
 // @ts-ignore
 const routes = (await import('../../../tmp/routes.json')).default
+
+// @ts-ignore
+Ability.roles = (await import('../../../roles.json')).default
+// @ts-ignore
+Ability.fromRoutes(routes)
+
 // @ts-ignore
 const app = createApp({ routes })
 

package/src/register.ts

@@ -23,3 +23,9 @@ export function getHandler(id: string): Function {
   if (!handler) throw new Error(`Handler ${id} not registered`)
   return handler
 }
+
+export const _mw: Function[] = []
+export const getGlobalMiddlewares = () => _mw
+export function registerGlobalMiddleware(handler: any) {
+  _mw.push(handler)
+}

package/src/response.ts

@@ -25,19 +25,19 @@ class NullContext {
 }
 
 export default class JsonResponse {
-  private static _c?: Context
+  static #c?: Context
 
   static setContext(c: Context) {
-    this._c = c
+    this.#c = c
     return this
   }
 
-  private static context(): Context | NullContext {
-    return this._c ?? new NullContext()
+  static #context(): Context | NullContext {
+    return this.#c ?? new NullContext()
   }
 
   static raw(status?: StatusCode, body?: string) {
-    return this.context().newResponse(body ? body : null, { status })
+    return this.#context().newResponse(body ? body : null, { status })
   }
 
   static ok(): Response
@@ -46,7 +46,7 @@ export default class JsonResponse {
     if (data === undefined)
       return this.raw(200)
 
-    return this.context().json(data, 200)
+    return this.#context().json(data, 200)
   }
 
   static created(): Response
@@ -55,7 +55,7 @@ export default class JsonResponse {
     if (data === undefined)
       return this.raw(201)
 
-    return this.context().json(data, 201)
+    return this.#context().json(data, 201)
   }
 
   static accepted(): Response
@@ -64,7 +64,7 @@ export default class JsonResponse {
     if (data === undefined)
       return this.raw(202)
 
-    return this.context().json(data, 202)
+    return this.#context().json(data, 202)
   }
 
   static deleted(): Response
@@ -88,7 +88,7 @@ export default class JsonResponse {
     if (data === undefined)
       return this.raw(401)
 
-    return this.context().json(data, 401)
+    return this.#context().json(data, 401)
   }
 
   static forbidden(): Response
@@ -97,7 +97,7 @@ export default class JsonResponse {
     if (data === undefined)
       return this.raw(403)
 
-    return this.context().json(data, 403)
+    return this.#context().json(data, 403)
   }
 
   static notFound(): Response
@@ -122,7 +122,7 @@ export default class JsonResponse {
   }
 
   static error(errors?: Errors, msg?: string, status?: ContentfulStatusCode) {
-    const context = this.context()
+    const context = this.#context()
     status ??= 500
 
     if (!errors && !msg)

package/src/routes.ts

@@ -1,27 +1,31 @@
-import fs from 'node:fs'
-import path from 'node:path'
+import { existsSync, readdirSync, statSync } from 'node:fs'
+import { dirname, join, resolve } from 'node:path'
 import { fileURLToPath } from 'node:url'
 import { Route } from './types'
 import { registerHandler } from './register'
 import { isAnonFn } from './utils/func'
 
 const __filename = fileURLToPath(import.meta.url)
-const __dirname = path.dirname(__filename)
+const __dirname = dirname(__filename)
 
-export default async function getRoutes(all: boolean = false, baseDir: string = 'actions'): Promise<Route[]> {
+export default async function getRoutes(
+  all: boolean = false,
+  dirs: string[] = ['actions', 'features', 'errors', 'middlewares']
+): Promise<Route[]> {
   const routes: Route[] = []
 
-  const walk = async (dir: string, middlewares: Function[] = []): Promise<void> => {
-    const files = fs.readdirSync(dir)
+  const walk = async (dir: string, baseDir: string, middlewares: Function[] = []): Promise<void> => {
+    if (!existsSync(dir)) return
+    const files = readdirSync(dir)
 
     for (const file of files) {
-      const fullPath = path.join(dir, file)
-      const stat = fs.statSync(fullPath)
+      const fullPath = join(dir, file)
+      const stat = statSync(fullPath)
 
       if (stat.isDirectory()) {
-        const indexFile = path.join(fullPath, 'index.ts')
+        const indexFile = join(fullPath, 'index.ts')
 
-        if (fs.existsSync(indexFile)) {
+        if (existsSync(indexFile)) {
           const mod = await import(indexFile)
           const group = mod.default
           registerHandler(group.name, group)
@@ -37,11 +41,12 @@ export default async function getRoutes(all: boolean = false, baseDir: string =
           })
         }
 
-        await walk(fullPath, middlewares)
+        await walk(fullPath, baseDir, middlewares)
       } else if (file.endsWith('.ts')) {
         const mod = await import(fullPath)
         const handle = mod.default
 
+        if (handle?.gmw) return
         if (handle?.m) {
           registerHandler(handle.name, handle)
 
@@ -58,6 +63,6 @@ export default async function getRoutes(all: boolean = false, baseDir: string =
     }
   }
 
-  await walk(path.resolve(__dirname, '../../..', baseDir))
+  await Promise.all(dirs.map(dir => walk(resolve(__dirname, '../../..', dir), dir)))
   return routes
 }

package/src/scripts/cache-routes.ts

@@ -1,8 +1,15 @@
-import { writeFileSync } from 'node:fs'
+import { existsSync, writeFileSync } from 'node:fs'
+import { config } from 'dotenv'
 import getRoutes from '../routes'
 import ensureDir from '../utils/ensuredir'
 
+config({ path: '../../.env.dev' })
+
 async function cacheRoutes() {
+  const rolePath = '../../roles.json'
+  if (!existsSync(rolePath))
+    writeFileSync(rolePath, '{}')
+
   const routes = await getRoutes(true)
 
   const iPath = '../../tmp/import-routes.mjs'

package/src/utils/json-import.ts

@@ -0,0 +1,16 @@
+import { readFileSync } from 'node:fs'
+import { dirname, join } from 'node:path'
+import { fileURLToPath } from 'node:url'
+
+export default function jsonImport<T = any>(filePath: string, defaultValue: T = {} as T): T {
+  const __filename = fileURLToPath(import.meta.url)
+  const __dirname = dirname(__filename)
+
+  try {
+    const fullPath = join(__dirname, filePath)
+    const fileContent = readFileSync(fullPath, 'utf-8')
+    return JSON.parse(fileContent) as T
+  } catch (error) {
+    return defaultValue
+  }
+}

package/src/utils/merge-middleware.ts

@@ -0,0 +1,9 @@
+import type { MiddlewareHandler } from 'hono'
+import { MiddlewareType } from '../middleware'
+import { resolveMiddleware } from './resolve'
+
+export default function mergeMiddleware(target: Function | any, ...handlers: MiddlewareType[]) {
+  const existingMiddlewares: MiddlewareHandler[] = target?.mw || []
+  const allMiddlewares = [...existingMiddlewares, ...handlers.flat().map(handler => resolveMiddleware(handler))]
+  target.mw = allMiddlewares
+}

package/src/utils/resolve.ts

@@ -1,6 +1,7 @@
 import Action, { ActionType } from '../action'
+import { MiddlewareType } from '../middleware'
 
-export default function resolve(obj: ActionType) {
+export function resolve(obj: ActionType) {
   if (typeof obj === 'function' && obj?.length === 2)
     return [obj]
 
@@ -16,3 +17,24 @@ export default function resolve(obj: ActionType) {
 
   throw new Error('Invalid action')
 }
+
+export function resolveMiddleware(obj: MiddlewareType) {
+  if (typeof obj === 'function' && obj.length === 2)
+    return obj
+
+  if (obj?.handle)
+    return obj.handle
+
+  if (obj.prototype?.handle)
+    return (new obj()).handle
+
+  // if (obj instanceof BaseMiddleware)
+  //   return obj.handle
+
+  // if (BaseMiddleware.isPrototypeOf(obj)) {
+  //   const instance = new (obj as new () => BaseMiddleware)()
+  //   return instance.handle
+  // }
+
+  throw new Error('Invalid middleware provided. Must be a Hono middleware function or MiddlewareClass instance/constructor')
+}