tenantforge 0.2.0

package/CHANGELOG.md

@@ -0,0 +1,5 @@
+# Changelog
+
+## 0.1.0
+
+- Initial public release.

package/LICENSE

@@ -0,0 +1,15 @@
+MIT License
+
+Copyright (c) 2026 Aftab Ahmad Khan
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND.

package/README.md

@@ -0,0 +1,20 @@
+# tenantforge
+
+**Topics:** `express` · `mern` · `mern-packages` · `merndev` · `middleware` · `mongodb` · `multi-tenant` · `nodejs` · `npm-pm` · `observability` · `saas` · `tenantforge` · `typescript`
+
+**Multi-tenant guard** for Express: reads **`x-tenant-id`** (configurable), supports an optional allow-list, attaches **`req.tenantId`**, and ships `tenantScope()` for Mongo filters.
+
+```ts
+import { tenantforge, tenantScope } from "tenantforge";
+
+app.use(tenantforge({ allowList: new Set(process.env.TENANT_ALLOWLIST!.split(",")) }));
+
+app.get("/items", async (req, res) => {
+  const items = await Item.find(tenantScope(req.tenantId));
+  res.json(items);
+});
+```
+
+## License
+
+MIT

package/dist/index.cjs

@@ -0,0 +1,51 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  tenantScope: () => tenantScope,
+  tenantforge: () => tenantforge
+});
+module.exports = __toCommonJS(src_exports);
+function tenantforge(opts = {}) {
+  return (req, res, next) => {
+    const id = req.get(opts.header ?? "x-tenant-id");
+    if (!id || typeof id !== "string") {
+      res.status(400).json({ error: "tenant_required" });
+      return;
+    }
+    if (opts.allowList && !opts.allowList.has(id)) {
+      res.status(403).json({ error: "tenant_forbidden" });
+      return;
+    }
+    const prop = opts.property ?? "tenantId";
+    Object.assign(req, { [prop]: id });
+    next();
+  };
+}
+function tenantScope(tenantId) {
+  return { tenantId };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  tenantScope,
+  tenantforge
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts"],"sourcesContent":["import type { Request, RequestHandler } from \"express\";\n\nexport interface TenantforgeRequest extends Request {\n  tenantId: string;\n}\n\nexport interface TenantforgeOptions {\n  /** Header containing tenant id (default `x-tenant-id`). */\n  header?: string;\n  /** Express `req` property name (default `tenantId`). */\n  property?: keyof TenantforgeRequest;\n  /** Optional allow-list of tenant ids; missing = any non-empty string allowed. */\n  allowList?: Set<string>;\n}\n\n/** Require tenant header and attach `req.tenantId` (or custom property). */\nexport function tenantforge(opts: TenantforgeOptions = {}): RequestHandler {\n  return (req, res, next) => {\n    const id = req.get(opts.header ?? \"x-tenant-id\");\n    if (!id || typeof id !== \"string\") {\n      res.status(400).json({ error: \"tenant_required\" });\n      return;\n    }\n    if (opts.allowList && !opts.allowList.has(id)) {\n      res.status(403).json({ error: \"tenant_forbidden\" });\n      return;\n    }\n    const prop = opts.property ?? \"tenantId\";\n    Object.assign(req, { [prop]: id });\n    next();\n  };\n}\n\n/** Mongo-style filter helper for multi-tenant collections. */\nexport function tenantScope(tenantId: string): { tenantId: string } {\n  return { tenantId };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAgBO,SAAS,YAAY,OAA2B,CAAC,GAAmB;AACzE,SAAO,CAAC,KAAK,KAAK,SAAS;AACzB,UAAM,KAAK,IAAI,IAAI,KAAK,UAAU,aAAa;AAC/C,QAAI,CAAC,MAAM,OAAO,OAAO,UAAU;AACjC,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,kBAAkB,CAAC;AACjD;AAAA,IACF;AACA,QAAI,KAAK,aAAa,CAAC,KAAK,UAAU,IAAI,EAAE,GAAG;AAC7C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,mBAAmB,CAAC;AAClD;AAAA,IACF;AACA,UAAM,OAAO,KAAK,YAAY;AAC9B,WAAO,OAAO,KAAK,EAAE,CAAC,IAAI,GAAG,GAAG,CAAC;AACjC,SAAK;AAAA,EACP;AACF;AAGO,SAAS,YAAY,UAAwC;AAClE,SAAO,EAAE,SAAS;AACpB;","names":[]}

package/dist/index.d.cts

@@ -0,0 +1,21 @@
+import { Request, RequestHandler } from 'express';
+
+interface TenantforgeRequest extends Request {
+    tenantId: string;
+}
+interface TenantforgeOptions {
+    /** Header containing tenant id (default `x-tenant-id`). */
+    header?: string;
+    /** Express `req` property name (default `tenantId`). */
+    property?: keyof TenantforgeRequest;
+    /** Optional allow-list of tenant ids; missing = any non-empty string allowed. */
+    allowList?: Set<string>;
+}
+/** Require tenant header and attach `req.tenantId` (or custom property). */
+declare function tenantforge(opts?: TenantforgeOptions): RequestHandler;
+/** Mongo-style filter helper for multi-tenant collections. */
+declare function tenantScope(tenantId: string): {
+    tenantId: string;
+};
+
+export { type TenantforgeOptions, type TenantforgeRequest, tenantScope, tenantforge };

package/dist/index.d.ts

@@ -0,0 +1,21 @@
+import { Request, RequestHandler } from 'express';
+
+interface TenantforgeRequest extends Request {
+    tenantId: string;
+}
+interface TenantforgeOptions {
+    /** Header containing tenant id (default `x-tenant-id`). */
+    header?: string;
+    /** Express `req` property name (default `tenantId`). */
+    property?: keyof TenantforgeRequest;
+    /** Optional allow-list of tenant ids; missing = any non-empty string allowed. */
+    allowList?: Set<string>;
+}
+/** Require tenant header and attach `req.tenantId` (or custom property). */
+declare function tenantforge(opts?: TenantforgeOptions): RequestHandler;
+/** Mongo-style filter helper for multi-tenant collections. */
+declare function tenantScope(tenantId: string): {
+    tenantId: string;
+};
+
+export { type TenantforgeOptions, type TenantforgeRequest, tenantScope, tenantforge };

package/dist/index.js

@@ -0,0 +1,25 @@
+// src/index.ts
+function tenantforge(opts = {}) {
+  return (req, res, next) => {
+    const id = req.get(opts.header ?? "x-tenant-id");
+    if (!id || typeof id !== "string") {
+      res.status(400).json({ error: "tenant_required" });
+      return;
+    }
+    if (opts.allowList && !opts.allowList.has(id)) {
+      res.status(403).json({ error: "tenant_forbidden" });
+      return;
+    }
+    const prop = opts.property ?? "tenantId";
+    Object.assign(req, { [prop]: id });
+    next();
+  };
+}
+function tenantScope(tenantId) {
+  return { tenantId };
+}
+export {
+  tenantScope,
+  tenantforge
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts"],"sourcesContent":["import type { Request, RequestHandler } from \"express\";\n\nexport interface TenantforgeRequest extends Request {\n  tenantId: string;\n}\n\nexport interface TenantforgeOptions {\n  /** Header containing tenant id (default `x-tenant-id`). */\n  header?: string;\n  /** Express `req` property name (default `tenantId`). */\n  property?: keyof TenantforgeRequest;\n  /** Optional allow-list of tenant ids; missing = any non-empty string allowed. */\n  allowList?: Set<string>;\n}\n\n/** Require tenant header and attach `req.tenantId` (or custom property). */\nexport function tenantforge(opts: TenantforgeOptions = {}): RequestHandler {\n  return (req, res, next) => {\n    const id = req.get(opts.header ?? \"x-tenant-id\");\n    if (!id || typeof id !== \"string\") {\n      res.status(400).json({ error: \"tenant_required\" });\n      return;\n    }\n    if (opts.allowList && !opts.allowList.has(id)) {\n      res.status(403).json({ error: \"tenant_forbidden\" });\n      return;\n    }\n    const prop = opts.property ?? \"tenantId\";\n    Object.assign(req, { [prop]: id });\n    next();\n  };\n}\n\n/** Mongo-style filter helper for multi-tenant collections. */\nexport function tenantScope(tenantId: string): { tenantId: string } {\n  return { tenantId };\n}\n"],"mappings":";AAgBO,SAAS,YAAY,OAA2B,CAAC,GAAmB;AACzE,SAAO,CAAC,KAAK,KAAK,SAAS;AACzB,UAAM,KAAK,IAAI,IAAI,KAAK,UAAU,aAAa;AAC/C,QAAI,CAAC,MAAM,OAAO,OAAO,UAAU;AACjC,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,kBAAkB,CAAC;AACjD;AAAA,IACF;AACA,QAAI,KAAK,aAAa,CAAC,KAAK,UAAU,IAAI,EAAE,GAAG;AAC7C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,mBAAmB,CAAC;AAClD;AAAA,IACF;AACA,UAAM,OAAO,KAAK,YAAY;AAC9B,WAAO,OAAO,KAAK,EAAE,CAAC,IAAI,GAAG,GAAG,CAAC;AACjC,SAAK;AAAA,EACP;AACF;AAGO,SAAS,YAAY,UAAwC;AAClE,SAAO,EAAE,SAAS;AACpB;","names":[]}

package/package.json

@@ -0,0 +1,79 @@
+{
+  "name": "tenantforge",
+  "version": "0.2.0",
+  "description": "Tenant resolution from headers, scoped filters for Express and Mongo-style stacks.",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE",
+    "CHANGELOG.md"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "test": "vitest run",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "express",
+    "mern",
+    "mern-packages",
+    "merndev",
+    "middleware",
+    "mongodb",
+    "multi-tenant",
+    "nodejs",
+    "npm-pm",
+    "observability",
+    "saas",
+    "tenantforge",
+    "typescript"
+  ],
+  "dependencies": {},
+  "devDependencies": {
+    "@types/express": "^4.17.21",
+    "@types/node": "^20.11.0",
+    "@types/supertest": "^6.0.2",
+    "express": "^4.19.2",
+    "supertest": "^7.0.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.4.0",
+    "vitest": "^1.4.0"
+  },
+  "peerDependencies": {
+    "express": "^4.0.0 || ^5.0.0"
+  },
+  "peerDependenciesMeta": {
+    "express": {
+      "optional": true
+    }
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "author": "Aftab Ahmad Khan (https://github.com/aftab-ahmad-khan-dev)",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/NPM-Packages-Modules/mern.git",
+    "directory": "tenantforge"
+  },
+  "bugs": {
+    "url": "https://github.com/NPM-Packages-Modules/mern/issues"
+  },
+  "homepage": "https://github.com/NPM-Packages-Modules/mern/tree/main/tenantforge",
+  "publishConfig": {
+    "access": "public"
+  }
+}