solidstep 0.1.0

package/utils/cache.js

@@ -0,0 +1,97 @@
+const MAX_CACHE_ENTRIES = 1000;
+const cacheMap = new Map();
+let head;
+let tail;
+const moveToFront = (node) => {
+    if (node === head)
+        return;
+    // Detach
+    if (node.prev)
+        node.prev.next = node.next;
+    if (node.next)
+        node.next.prev = node.prev;
+    if (node === tail)
+        tail = node.prev;
+    // Insert at head
+    node.prev = undefined;
+    node.next = head;
+    if (head)
+        head.prev = node;
+    head = node;
+    if (!tail)
+        tail = node;
+};
+const removeTail = () => {
+    if (!tail)
+        return;
+    cacheMap.delete(tail.key);
+    if (tail.prev) {
+        tail.prev.next = undefined;
+        tail = tail.prev;
+    }
+    else {
+        // Only one node
+        head = tail = undefined;
+    }
+};
+export const getCache = (key) => {
+    const entry = cacheMap.get(key);
+    if (!entry)
+        return null;
+    if (entry.expiresAt && entry.expiresAt < Date.now()) {
+        cacheMap.delete(key);
+        if (entry.prev)
+            entry.prev.next = entry.next;
+        if (entry.next)
+            entry.next.prev = entry.prev;
+        if (entry === head)
+            head = entry.next;
+        if (entry === tail)
+            tail = entry.prev;
+        return null;
+    }
+    moveToFront(entry);
+    return entry.value;
+};
+export const setCache = (key, value, ttlMs) => {
+    if (cacheMap.has(key)) {
+        const node = cacheMap.get(key);
+        node.value = value;
+        node.expiresAt = ttlMs ? Date.now() + ttlMs : null;
+        moveToFront(node);
+        return;
+    }
+    const newNode = {
+        key,
+        value,
+        expiresAt: ttlMs ? Date.now() + ttlMs : null
+    };
+    newNode.next = head;
+    if (head)
+        head.prev = newNode;
+    head = newNode;
+    if (!tail)
+        tail = newNode;
+    cacheMap.set(key, newNode);
+    if (cacheMap.size > MAX_CACHE_ENTRIES) {
+        removeTail();
+    }
+};
+export const invalidateCache = (key) => {
+    const node = cacheMap.get(key);
+    if (!node)
+        return;
+    if (node.prev)
+        node.prev.next = node.next;
+    if (node.next)
+        node.next.prev = node.prev;
+    if (node === head)
+        head = node.next;
+    if (node === tail)
+        tail = node.prev;
+    cacheMap.delete(key);
+};
+export const clearAllCache = () => {
+    cacheMap.clear();
+    head = tail = undefined;
+};

package/utils/cookies.d.ts

@@ -0,0 +1,5 @@
+import { setCookie as baseSetCookie } from 'vinxi/http';
+export declare const getCookie: (key: string) => string | undefined;
+export declare const setCookie: (key: string, value: string, options?: Parameters<typeof baseSetCookie>[2]) => void;
+export declare const deleteCookie: (key: string) => void;
+//# sourceMappingURL=cookies.d.ts.map

package/utils/cookies.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../utils/cookies.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,SAAS,IAAI,aAAa,EAI7B,MAAM,YAAY,CAAC;AAEpB,eAAO,MAAM,SAAS,GAAI,KAAK,MAAM,KAAG,MAAM,GAAG,SAGhD,CAAC;AAEF,eAAO,MAAM,SAAS,GAClB,KAAK,MAAM,EACX,OAAO,MAAM,EACb,UAAU,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC,CAAC,CAAC,SAIhD,CAAA;AAED,eAAO,MAAM,YAAY,GAAI,KAAK,MAAM,SAGvC,CAAC"}

package/utils/cookies.js

@@ -0,0 +1,13 @@
+import { setCookie as baseSetCookie, getCookie as baseGetCookie, deleteCookie as baseDeleteCookie, getEvent } from 'vinxi/http';
+export const getCookie = (key) => {
+    const event = getEvent();
+    return baseGetCookie(event, key);
+};
+export const setCookie = (key, value, options) => {
+    const event = getEvent();
+    return baseSetCookie(event, key, value, options);
+};
+export const deleteCookie = (key) => {
+    const event = getEvent();
+    return baseDeleteCookie(event, key);
+};

package/utils/cors.d.ts

@@ -0,0 +1,14 @@
+export declare const cors: (trustedOrigins: string[]) => (origin: string, isPreflight: boolean) => {
+    'Access-Control-Allow-Origin': string;
+    'Access-Control-Allow-Methods': string;
+    'Access-Control-Allow-Headers': string;
+} | {
+    'Access-Control-Allow-Origin': string;
+    'Access-Control-Allow-Methods'?: undefined;
+    'Access-Control-Allow-Headers'?: undefined;
+} | {
+    'Access-Control-Allow-Origin'?: undefined;
+    'Access-Control-Allow-Methods'?: undefined;
+    'Access-Control-Allow-Headers'?: undefined;
+};
+//# sourceMappingURL=cors.d.ts.map

package/utils/cors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cors.d.ts","sourceRoot":"","sources":["../../utils/cors.ts"],"names":[],"mappings":"AACA,eAAO,MAAM,IAAI,GAAI,gBAAgB,MAAM,EAAE,MAAM,QAAQ,MAAM,EAAE,aAAa,OAAO;;;;;;;;;;;;CActF,CAAA"}

package/utils/cors.js

@@ -0,0 +1,15 @@
+export const cors = (trustedOrigins) => (origin, isPreflight) => {
+    if (trustedOrigins.includes(origin)) {
+        if (isPreflight) {
+            return {
+                'Access-Control-Allow-Origin': origin,
+                'Access-Control-Allow-Methods': 'GET, POST, PUT, PATCH, DELETE, OPTIONS',
+                'Access-Control-Allow-Headers': 'Content-Type, Authorization',
+            };
+        }
+        return {
+            'Access-Control-Allow-Origin': origin,
+        };
+    }
+    return {};
+};

package/utils/csp.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Content Security Policy Builder
+ * Functional, extensible, and type-safe CSP construction
+ */
+type DirectiveName = 'default-src' | 'script-src' | 'style-src' | 'style-src-elem' | 'img-src' | 'font-src' | 'connect-src' | 'media-src' | 'object-src' | 'frame-src' | 'frame-ancestors' | 'base-uri' | 'form-action' | 'worker-src' | 'manifest-src';
+type Source = "'self'" | "'none'" | "'unsafe-inline'" | "'unsafe-eval'" | "'unsafe-hashes'" | "'wasm-unsafe-eval'" | "'strict-dynamic'" | 'data:' | 'blob:' | 'filesystem:' | 'ws:' | 'wss:' | 'https:' | 'http:' | string;
+type CSPDirective = {
+    readonly name: DirectiveName;
+    readonly sources: ReadonlyArray<Source>;
+};
+type CSPPolicy = ReadonlyArray<CSPDirective>;
+declare const createDirective: (name: DirectiveName, sources: Source[]) => CSPDirective;
+declare const addSource: (directive: CSPDirective, source: Source) => CSPDirective;
+declare const removeSource: (directive: CSPDirective, source: Source) => CSPDirective;
+declare const setSources: (directive: CSPDirective, sources: Source[]) => CSPDirective;
+declare const addDirective: (policy: CSPPolicy, directive: CSPDirective) => CSPPolicy;
+declare const updateDirective: (policy: CSPPolicy, name: DirectiveName, updater: (directive: CSPDirective) => CSPDirective) => CSPPolicy;
+declare const removeDirective: (policy: CSPPolicy, name: DirectiveName) => CSPPolicy;
+declare const getDirective: (policy: CSPPolicy, name: DirectiveName) => CSPDirective | undefined;
+declare const mergePolicies: (...policies: CSPPolicy[]) => CSPPolicy;
+declare const serializeDirective: (directive: CSPDirective) => string;
+declare const serializePolicy: (policy: CSPPolicy) => string;
+declare const parseDirective: (directiveStr: string) => CSPDirective | null;
+declare const parsePolicy: (policyStr: string) => CSPPolicy;
+declare const createStrictPolicy: () => CSPPolicy;
+declare const createBasePolicy: () => CSPPolicy;
+declare const withDevelopmentSources: (policy: CSPPolicy) => CSPPolicy;
+declare const withProductionSources: (policy: CSPPolicy) => CSPPolicy;
+declare const withCDN: (policy: CSPPolicy, cdnUrl: string) => CSPPolicy;
+declare const withGoogleFonts: (policy: CSPPolicy) => CSPPolicy;
+declare const withWebSockets: (policy: CSPPolicy, secure?: boolean) => CSPPolicy;
+declare const withNonce: (policy: CSPPolicy, nonce: string, directives?: DirectiveName[]) => CSPPolicy;
+declare const withHash: (policy: CSPPolicy, hash: string, algorithm?: "sha256" | "sha384" | "sha512", directive?: DirectiveName) => CSPPolicy;
+declare const isDirectivePresent: (policy: CSPPolicy, name: DirectiveName) => boolean;
+declare const hasSource: (policy: CSPPolicy, name: DirectiveName, source: Source) => boolean;
+declare const reportUnsafeDirectives: (policy: CSPPolicy) => DirectiveName[];
+export { type DirectiveName, type Source, type CSPDirective, type CSPPolicy, createDirective, addSource, removeSource, setSources, addDirective, updateDirective, removeDirective, getDirective, mergePolicies, serializePolicy, serializeDirective, parsePolicy, parseDirective, createStrictPolicy, createBasePolicy, withDevelopmentSources, withProductionSources, withCDN, withGoogleFonts, withWebSockets, withNonce, withHash, isDirectivePresent, hasSource, reportUnsafeDirectives, };
+//# sourceMappingURL=csp.d.ts.map

package/utils/csp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csp.d.ts","sourceRoot":"","sources":["../../utils/csp.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,KAAK,aAAa,GACZ,aAAa,GACb,YAAY,GACZ,WAAW,GACX,gBAAgB,GAChB,SAAS,GACT,UAAU,GACV,aAAa,GACb,WAAW,GACX,YAAY,GACZ,WAAW,GACX,iBAAiB,GACjB,UAAU,GACV,aAAa,GACb,YAAY,GACZ,cAAc,CAAC;AAErB,KAAK,MAAM,GACL,QAAQ,GACR,QAAQ,GACR,iBAAiB,GACjB,eAAe,GACf,iBAAiB,GACjB,oBAAoB,GACpB,kBAAkB,GAClB,OAAO,GACP,OAAO,GACP,aAAa,GACb,KAAK,GACL,MAAM,GACN,QAAQ,GACR,OAAO,GACP,MAAM,CAAC;AAEb,KAAK,YAAY,GAAG;IAChB,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CAC3C,CAAC;AAEF,KAAK,SAAS,GAAG,aAAa,CAAC,YAAY,CAAC,CAAC;AAG7C,QAAA,MAAM,eAAe,GAAI,MAAM,aAAa,EAAE,SAAS,MAAM,EAAE,KAAG,YAGhE,CAAC;AAEH,QAAA,MAAM,SAAS,GAAI,WAAW,YAAY,EAAE,QAAQ,MAAM,KAAG,YAG3D,CAAC;AAEH,QAAA,MAAM,YAAY,GAAI,WAAW,YAAY,EAAE,QAAQ,MAAM,KAAG,YAG9D,CAAC;AAEH,QAAA,MAAM,UAAU,GAAI,WAAW,YAAY,EAAE,SAAS,MAAM,EAAE,KAAG,YAG/D,CAAC;AAGH,QAAA,MAAM,YAAY,GAAI,QAAQ,SAAS,EAAE,WAAW,YAAY,KAAG,SAQlE,CAAC;AAEF,QAAA,MAAM,eAAe,GACjB,QAAQ,SAAS,EACjB,MAAM,aAAa,EACnB,SAAS,CAAC,SAAS,EAAE,YAAY,KAAK,YAAY,KACnD,SAMF,CAAC;AAEF,QAAA,MAAM,eAAe,GAAI,QAAQ,SAAS,EAAE,MAAM,aAAa,KAAG,SACzB,CAAC;AAE1C,QAAA,MAAM,YAAY,GAAI,QAAQ,SAAS,EAAE,MAAM,aAAa,KAAG,YAAY,GAAG,SACvC,CAAC;AAaxC,QAAA,MAAM,aAAa,GAAI,GAAG,UAAU,SAAS,EAAE,KAAG,SAejD,CAAC;AAGF,QAAA,MAAM,kBAAkB,GAAI,WAAW,YAAY,KAAG,MACA,CAAC;AAEvD,QAAA,MAAM,eAAe,GAAI,QAAQ,SAAS,KAAG,MACA,CAAC;AAE9C,QAAA,MAAM,cAAc,GAAI,cAAc,MAAM,KAAG,YAAY,GAAG,IAM7D,CAAC;AAEF,QAAA,MAAM,WAAW,GAAI,WAAW,MAAM,KAAG,SASxC,CAAC;AAGF,QAAA,MAAM,kBAAkB,QAAO,SAM9B,CAAC;AAEF,QAAA,MAAM,gBAAgB,QAAO,SAY5B,CAAC;AAGF,QAAA,MAAM,sBAAsB,GAAI,QAAQ,SAAS,KAAG,SAMnD,CAAC;AAEF,QAAA,MAAM,qBAAqB,GAAI,QAAQ,SAAS,KAAG,SAG9C,CAAC;AAGN,QAAA,MAAM,OAAO,GAAI,QAAQ,SAAS,EAAE,QAAQ,MAAM,KAAG,SAQpD,CAAC;AAEF,QAAA,MAAM,eAAe,GAAI,QAAQ,SAAS,KAAG,SAM5C,CAAC;AAEF,QAAA,MAAM,cAAc,GAAI,QAAQ,SAAS,EAAE,gBAAc,KAAG,SAGvD,CAAC;AAEN,QAAA,MAAM,SAAS,GAAI,QAAQ,SAAS,EAAE,OAAO,MAAM,EAAE,aAAY,aAAa,EAAgC,KAAG,SAWhH,CAAC;AAEF,QAAA,MAAM,QAAQ,GAAI,QAAQ,SAAS,EAAE,MAAM,MAAM,EAAE,YAAW,QAAQ,GAAG,QAAQ,GAAG,QAAmB,EAAE,YAAW,aAA4B,KAAG,SAGlJ,CAAC;AAGF,QAAA,MAAM,kBAAkB,GAAI,QAAQ,SAAS,EAAE,MAAM,aAAa,KAAG,OAC9B,CAAC;AAExC,QAAA,MAAM,SAAS,GAAI,QAAQ,SAAS,EAAE,MAAM,aAAa,EAAE,QAAQ,MAAM,KAAG,OAG3E,CAAC;AAEF,QAAA,MAAM,sBAAsB,GAAI,QAAQ,SAAS,KAAG,aAAa,EAKhE,CAAC;AAGF,OAAO,EAEH,KAAK,aAAa,EAClB,KAAK,MAAM,EACX,KAAK,YAAY,EACjB,KAAK,SAAS,EAEd,eAAe,EACf,SAAS,EACT,YAAY,EACZ,UAAU,EAEV,YAAY,EACZ,eAAe,EACf,eAAe,EACf,YAAY,EACZ,aAAa,EAEb,eAAe,EACf,kBAAkB,EAClB,WAAW,EACX,cAAc,EAEd,kBAAkB,EAClB,gBAAgB,EAEhB,sBAAsB,EACtB,qBAAqB,EAErB,OAAO,EACP,eAAe,EACf,cAAc,EACd,SAAS,EACT,QAAQ,EAER,kBAAkB,EAClB,SAAS,EACT,sBAAsB,GACzB,CAAC"}

package/utils/csp.js

@@ -0,0 +1,165 @@
+/**
+ * Content Security Policy Builder
+ * Functional, extensible, and type-safe CSP construction
+ */
+// Core Builder Functions
+const createDirective = (name, sources) => ({
+    name,
+    sources,
+});
+const addSource = (directive, source) => ({
+    ...directive,
+    sources: [...directive.sources, source],
+});
+const removeSource = (directive, source) => ({
+    ...directive,
+    sources: directive.sources.filter((s) => s !== source),
+});
+const setSources = (directive, sources) => ({
+    ...directive,
+    sources,
+});
+// Policy Manipulation
+const addDirective = (policy, directive) => {
+    const existing = policy.find((d) => d.name === directive.name);
+    if (existing) {
+        return policy.map((d) => d.name === directive.name ? directive : d);
+    }
+    return [...policy, directive];
+};
+const updateDirective = (policy, name, updater) => {
+    const existing = policy.find((d) => d.name === name);
+    if (!existing) {
+        return policy;
+    }
+    return policy.map((d) => (d.name === name ? updater(d) : d));
+};
+const removeDirective = (policy, name) => policy.filter((d) => d.name !== name);
+const getDirective = (policy, name) => policy.find((d) => d.name === name);
+// Merging Policies
+const mergeDirectives = (directive1, directive2) => {
+    const uniqueSources = Array.from(new Set([...directive1.sources, ...directive2.sources]));
+    return createDirective(directive1.name, uniqueSources);
+};
+const mergePolicies = (...policies) => {
+    const directiveMap = new Map();
+    for (const policy of policies) {
+        for (const directive of policy) {
+            const existing = directiveMap.get(directive.name);
+            if (existing) {
+                directiveMap.set(directive.name, mergeDirectives(existing, directive));
+            }
+            else {
+                directiveMap.set(directive.name, directive);
+            }
+        }
+    }
+    return Array.from(directiveMap.values());
+};
+// String Conversion
+const serializeDirective = (directive) => `${directive.name} ${directive.sources.join(' ')}`;
+const serializePolicy = (policy) => policy.map(serializeDirective).join('; ');
+const parseDirective = (directiveStr) => {
+    const parts = directiveStr.trim().split(/\s+/);
+    if (parts.length < 1)
+        return null;
+    const [name, ...sources] = parts;
+    return createDirective(name, sources);
+};
+const parsePolicy = (policyStr) => {
+    const directives = policyStr
+        .split(';')
+        .map((d) => d.trim())
+        .filter((d) => d.length > 0)
+        .map(parseDirective)
+        .filter((d) => d !== null);
+    return directives;
+};
+// Preset Builders
+const createStrictPolicy = () => [
+    createDirective('default-src', ["'self'"]),
+    createDirective('object-src', ["'none'"]),
+    createDirective('base-uri', ["'none'"]),
+    createDirective('frame-ancestors', ["'none'"]),
+    createDirective('form-action', ["'self'"]),
+];
+const createBasePolicy = () => [
+    createDirective('default-src', ["'self'"]),
+    createDirective('font-src', ["'self'", 'https://fonts.gstatic.com']),
+    createDirective('object-src', ["'none'"]),
+    createDirective('base-uri', ["'none'"]),
+    createDirective('frame-ancestors', ["'none'"]),
+    createDirective('form-action', ["'self'"]),
+    createDirective('style-src', ["'self'", "'unsafe-inline'", 'https://fonts.googleapis.com']),
+    createDirective('style-src-elem', ["'self'", "'unsafe-inline'", 'https://fonts.googleapis.com']),
+    createDirective('script-src', ["'self'", "'unsafe-inline'", "'unsafe-eval'"]),
+    createDirective('connect-src', ["'self'", 'ws:']),
+    createDirective('img-src', ["'self'", 'data:']),
+];
+// Environment-Specific Builders
+const withDevelopmentSources = (policy) => {
+    const devPolicy = [
+        createDirective('script-src', ["'unsafe-eval'", "'unsafe-inline'"]),
+        createDirective('connect-src', ['ws:', 'wss:']),
+    ];
+    return mergePolicies(policy, devPolicy);
+};
+const withProductionSources = (policy) => updateDirective(policy, 'script-src', (d) => removeSource(removeSource(d, "'unsafe-eval'"), "'unsafe-inline'"));
+// Common Integrations
+const withCDN = (policy, cdnUrl) => {
+    const cdnPolicy = [
+        createDirective('script-src', [cdnUrl]),
+        createDirective('style-src', [cdnUrl]),
+        createDirective('img-src', [cdnUrl]),
+        createDirective('font-src', [cdnUrl]),
+    ];
+    return mergePolicies(policy, cdnPolicy);
+};
+const withGoogleFonts = (policy) => {
+    const googleFontsPolicy = [
+        createDirective('font-src', ['https://fonts.gstatic.com']),
+        createDirective('style-src', ['https://fonts.googleapis.com']),
+    ];
+    return mergePolicies(policy, googleFontsPolicy);
+};
+const withWebSockets = (policy, secure = false) => updateDirective(policy, 'connect-src', (d) => addSource(d, secure ? 'wss:' : 'ws:'));
+const withNonce = (policy, nonce, directives = ['script-src', 'style-src']) => {
+    const nonceSource = `'nonce-${nonce}'`;
+    let updatedPolicy = policy;
+    for (const directive of directives) {
+        updatedPolicy = updateDirective(updatedPolicy, directive, (d) => addSource(d, nonceSource));
+    }
+    return updatedPolicy;
+};
+const withHash = (policy, hash, algorithm = 'sha256', directive = 'script-src') => {
+    const hashSource = `'${algorithm}-${hash}'`;
+    return updateDirective(policy, directive, (d) => addSource(d, hashSource));
+};
+// Utility Functions
+const isDirectivePresent = (policy, name) => policy.some((d) => d.name === name);
+const hasSource = (policy, name, source) => {
+    const directive = getDirective(policy, name);
+    return directive ? directive.sources.includes(source) : false;
+};
+const reportUnsafeDirectives = (policy) => {
+    const unsafeSources = ["'unsafe-inline'", "'unsafe-eval'"];
+    return policy
+        .filter((d) => d.sources.some((s) => unsafeSources.includes(s)))
+        .map((d) => d.name);
+};
+// Export
+export { 
+// Core
+createDirective, addSource, removeSource, setSources, 
+// Policy
+addDirective, updateDirective, removeDirective, getDirective, mergePolicies, 
+// Serialization
+serializePolicy, serializeDirective, parsePolicy, parseDirective, 
+// Presets
+createStrictPolicy, createBasePolicy, 
+// Environment
+withDevelopmentSources, withProductionSources, 
+// Integrations
+withCDN, withGoogleFonts, withWebSockets, withNonce, withHash, 
+// Utils
+isDirectivePresent, hasSource, reportUnsafeDirectives, };

package/utils/csrf.d.ts

@@ -0,0 +1,5 @@
+export declare const csrf: (trustedOrigins: string[]) => (requestMethod: string, requestUrl: URL, origin?: string, referer?: string) => {
+    success: boolean;
+    message: string;
+};
+//# sourceMappingURL=csrf.d.ts.map

package/utils/csrf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf.d.ts","sourceRoot":"","sources":["../../utils/csrf.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,IAAI,GAAI,gBAAgB,MAAM,EAAE,MAErC,eAAe,MAAM,EACrB,YAAY,GAAG,EACf,SAAS,MAAM,EACf,UAAU,MAAM;;;CAsDnB,CAAC"}

package/utils/csrf.js

@@ -0,0 +1,46 @@
+const SAFE_METHODS = ['GET', 'OPTIONS', 'HEAD', 'TRACE'];
+export const csrf = (trustedOrigins) => (requestMethod, requestUrl, origin, referer) => {
+    // Check if the request method is safe
+    if (!SAFE_METHODS.includes(requestMethod)) {
+        // If we have an Origin header, check it against our allowlist.
+        if (origin) {
+            const parsedOrigin = new URL(origin);
+            if (parsedOrigin.origin !== requestUrl.origin &&
+                !trustedOrigins.includes(parsedOrigin.host)) {
+                return {
+                    success: false,
+                    message: 'Invalid origin',
+                };
+            }
+        }
+        // If we are serving via TLS and have no Origin header, prevent against
+        // CSRF via HTTP man-in-the-middle attacks by enforcing strict Referer
+        // origin checks.
+        if (!origin && requestUrl.protocol === 'https:') {
+            if (!referer) {
+                return {
+                    success: false,
+                    message: 'referer not supplied',
+                };
+            }
+            const parsedReferer = new URL(referer);
+            if (parsedReferer.protocol !== 'https:') {
+                return {
+                    success: false,
+                    message: 'Invalid referer',
+                };
+            }
+            if (parsedReferer.host !== requestUrl.host &&
+                !trustedOrigins.includes(parsedReferer.host)) {
+                return {
+                    success: false,
+                    message: 'Invalid referer',
+                };
+            }
+        }
+    }
+    return {
+        success: true,
+        message: 'CSRF check passed',
+    };
+};

package/utils/error-handler.d.ts

@@ -0,0 +1,37 @@
+export type ErrorSeverity = 'low' | 'medium' | 'high' | 'critical';
+export type AppError<Code extends string = string> = {
+    code: Code;
+    message: string;
+    severity: ErrorSeverity;
+    metadata?: Record<string, unknown>;
+    cause?: unknown;
+    action: (error?: AppError<Code>) => void | Promise<void>;
+};
+export type ErrorDefinition<Code extends string> = {
+    message: string;
+    severity: ErrorSeverity;
+    defaultMetadata?: Record<string, unknown>;
+    action?: (error: AppError<Code>) => void | Promise<void>;
+};
+export type ErrorCatalog<Code extends string = string> = {
+    [K in Code]: ErrorDefinition<K>;
+};
+type CreateErrorOptions<Code extends string> = Partial<Pick<AppError<Code>, 'message' | 'severity' | 'metadata' | 'cause' | 'action'>>;
+export declare class FunctionalAppError<Code extends string = string> extends Error implements AppError<Code> {
+    readonly code: Code;
+    readonly severity: ErrorSeverity;
+    readonly metadata?: Record<string, unknown>;
+    readonly cause?: unknown;
+    readonly action: () => void;
+    constructor(params: {
+        code: Code;
+        message: string;
+        severity: ErrorSeverity;
+        metadata?: Record<string, unknown>;
+        cause?: unknown;
+        action: (error: AppError<Code>) => void;
+    });
+}
+export declare const createErrorFactory: <Code extends string>(catalog: ErrorCatalog<Code>) => (code: Code, overrides?: CreateErrorOptions<Code>) => FunctionalAppError<Code>;
+export {};
+//# sourceMappingURL=error-handler.d.ts.map

package/utils/error-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-handler.d.ts","sourceRoot":"","sources":["../../utils/error-handler.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAEnE,MAAM,MAAM,QAAQ,CAAC,IAAI,SAAS,MAAM,GAAG,MAAM,IAAI;IACjD,IAAI,EAAE,IAAI,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,aAAa,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,MAAM,EAAE,CAAC,KAAK,CAAC,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5D,CAAC;AAEF,MAAM,MAAM,eAAe,CAAC,IAAI,SAAS,MAAM,IAAI;IAC/C,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,aAAa,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC1C,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5D,CAAC;AAEF,MAAM,MAAM,YAAY,CAAC,IAAI,SAAS,MAAM,GAAG,MAAM,IAAI;KACpD,CAAC,IAAI,IAAI,GAAG,eAAe,CAAC,CAAC,CAAC;CAClC,CAAC;AAEF,KAAK,kBAAkB,CAAC,IAAI,SAAS,MAAM,IAAI,OAAO,CAClD,IAAI,CACA,QAAQ,CAAC,IAAI,CAAC,EACd,SAAS,GAAG,UAAU,GAAG,UAAU,GAAG,OAAO,GAAG,QAAQ,CAC3D,CACJ,CAAC;AAEF,qBAAa,kBAAkB,CAAC,IAAI,SAAS,MAAM,GAAG,MAAM,CACxD,SAAQ,KACR,YAAW,QAAQ,CAAC,IAAI,CAAC;IAEzB,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC;IACpB,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC;IACjC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC;gBAEhB,MAAM,EAAE;QAChB,IAAI,EAAE,IAAI,CAAC;QACX,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,aAAa,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACnC,KAAK,CAAC,EAAE,OAAO,CAAC;QAChB,MAAM,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC;KAC3C;CAcJ;AAED,eAAO,MAAM,kBAAkB,GAAI,IAAI,SAAS,MAAM,EAClD,SAAS,YAAY,CAAC,IAAI,CAAC,MAGvB,MAAM,IAAI,EACV,YAAW,kBAAkB,CAAC,IAAI,CAAM,KACzC,kBAAkB,CAAC,IAAI,CAwB7B,CAAC"}

package/utils/error-handler.js

@@ -0,0 +1,40 @@
+export class FunctionalAppError extends Error {
+    code;
+    severity;
+    metadata;
+    cause;
+    action;
+    constructor(params) {
+        super(params.message);
+        this.name = 'AppError';
+        this.code = params.code;
+        this.severity = params.severity;
+        this.metadata = params.metadata;
+        this.cause = params.cause;
+        // 👇 wrap action to pass this instance
+        this.action = () => params.action(this);
+        // ✅ Restore native error prototype chain (important for `instanceof`)
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+export const createErrorFactory = (catalog) => {
+    return (code, overrides = {}) => {
+        const def = catalog[code];
+        const actionFn = overrides.action ??
+            def.action ??
+            ((error) => {
+                console.error(`[Unhandled Error]: ${error.code} - ${error.message}`);
+            });
+        return new FunctionalAppError({
+            code,
+            message: overrides.message ?? def.message,
+            severity: overrides.severity ?? def.severity,
+            metadata: {
+                ...def.defaultMetadata,
+                ...overrides.metadata,
+            },
+            cause: overrides.cause,
+            action: actionFn,
+        });
+    };
+};

package/utils/fetch.client.d.ts

@@ -0,0 +1,23 @@
+export type FetchResponse<T, S extends boolean> = S extends true ? T : Response;
+type Options = {
+    method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
+    body?: any;
+    headers?: any;
+    MAX_FETCH_TIME?: number;
+    serverAction?: boolean;
+};
+/**
+ * It's a wrapper around the native fetch function that adds a timeout and a json parser
+ * @param {string} url - string - The URL to fetch
+ * @param {Options} [options] - {
+ *  method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
+ *  body?: any;
+ *  headers?: any;
+ *  MAX_FETCH_TIME?: number;
+ * }
+ * @param [json=true] - boolean - If the response is JSON, it will be parsed and returned.
+ * @returns The return type is Promise<any>
+ */
+declare const Fetch: <T, S extends boolean = true>(url: string, options?: Options, json?: S) => Promise<FetchResponse<T, S>>;
+export default Fetch;
+//# sourceMappingURL=fetch.client.d.ts.map

package/utils/fetch.client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fetch.client.d.ts","sourceRoot":"","sources":["../../utils/fetch.client.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,CAAC,CAAC,EAAE,CAAC,SAAS,OAAO,IAAI,CAAC,SAAS,IAAI,GAAG,CAAC,GAAG,QAAQ,CAAC;AAEhF,KAAK,OAAO,GAAG;IACX,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,OAAO,CAAC;IACpD,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,OAAO,CAAC,EAAE,GAAG,CAAC;IACd,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,QAAA,MAAM,KAAK,GAAU,CAAC,EAAE,CAAC,SAAS,OAAO,GAAG,IAAI,EAC5C,KAAK,MAAM,EACX,UAAU,OAAO,EACjB,OAAM,CAAa,KACpB,OAAO,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAgD7B,CAAC;AAEF,eAAe,KAAK,CAAC"}

package/utils/fetch.client.js

@@ -0,0 +1,55 @@
+/**
+ * It's a wrapper around the native fetch function that adds a timeout and a json parser
+ * @param {string} url - string - The URL to fetch
+ * @param {Options} [options] - {
+ *  method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
+ *  body?: any;
+ *  headers?: any;
+ *  MAX_FETCH_TIME?: number;
+ * }
+ * @param [json=true] - boolean - If the response is JSON, it will be parsed and returned.
+ * @returns The return type is Promise<any>
+ */
+const Fetch = async (url, options, json = true) => {
+    const maxTime = options?.MAX_FETCH_TIME ?? 4000;
+    const controller = new AbortController();
+    const timeout = setTimeout(() => {
+        controller.abort();
+    }, maxTime);
+    try {
+        const response = await fetch(url, {
+            ...options,
+            signal: controller.signal,
+        });
+        if (response?.status >= 400
+            && response?.status <= 599) {
+            if (json) {
+                throw await response.json();
+            }
+            throw response;
+        }
+        if (json) {
+            const data = await response.json();
+            if (data) {
+                if (data.error)
+                    throw data.error; // in case the status is marked as 200 but the response is an error
+                return data;
+            }
+            throw new Error('Not Defined');
+        }
+        return response;
+    }
+    catch (error) {
+        if (controller.signal.aborted) {
+            throw new Error('Timeout');
+        }
+        if (options?.serverAction) {
+            return error;
+        }
+        throw error;
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+};
+export default Fetch;

package/utils/fetch.server.d.ts

@@ -0,0 +1,22 @@
+export type FetchResponse<T, S extends boolean> = S extends true ? T : Response;
+type Options = {
+    method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
+    body?: any;
+    headers?: any;
+    MAX_FETCH_TIME?: number;
+};
+/**
+ * It's a wrapper around the native fetch function that adds a timeout and a json parser
+ * @param {string} url - string - The URL to fetch
+ * @param {Options} [options] - {
+ *  method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
+ *  body?: any;
+ *  headers?: any;
+ *  MAX_FETCH_TIME?: number;
+ * }
+ * @param [json=true] - boolean - If the response is JSON, it will be parsed and returned.
+ * @returns The return type is Promise<any>
+ */
+declare const Fetch: <T, S extends boolean = true>(url: string, options?: Options, json?: S) => Promise<FetchResponse<T, S>>;
+export default Fetch;
+//# sourceMappingURL=fetch.server.d.ts.map

package/utils/fetch.server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fetch.server.d.ts","sourceRoot":"","sources":["../../utils/fetch.server.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,aAAa,CAAC,CAAC,EAAE,CAAC,SAAS,OAAO,IAAI,CAAC,SAAS,IAAI,GAC1D,CAAC,GACD,QAAQ,CAAC;AAEf,KAAK,OAAO,GAAG;IACX,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,OAAO,CAAC;IACpD,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,OAAO,CAAC,EAAE,GAAG,CAAC;IACd,cAAc,CAAC,EAAE,MAAM,CAAC;CAC3B,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,QAAA,MAAM,KAAK,GAAU,CAAC,EAAE,CAAC,SAAS,OAAO,GAAG,IAAI,EAC5C,KAAK,MAAM,EACX,UAAU,OAAO,EACjB,OAAM,CAAa,KACpB,OAAO,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CA4C7B,CAAC;AAEF,eAAe,KAAK,CAAC"}