trustline 0.0.1 → 0.1.0

package/dist/frameworks/express/index.d.ts

@@ -0,0 +1,18 @@
+import { RequestHandler, Request as Request$1 } from 'express';
+import { S as ServiceIdentity } from '../../token-BtfYGd9K.js';
+import 'jose';
+
+interface WebHandler {
+    handle(request: Request): Promise<Response>;
+}
+declare function createExpressProvider(provider: WebHandler): RequestHandler;
+
+interface GuardVerifier {
+    verify(token: string): Promise<ServiceIdentity>;
+}
+interface TrustlineRequest extends Request$1 {
+    trustline?: ServiceIdentity;
+}
+declare function createExpressGuard(guard: GuardVerifier): RequestHandler;
+
+export { type TrustlineRequest, type WebHandler, createExpressGuard, createExpressProvider };

package/dist/frameworks/express/index.js

@@ -0,0 +1,83 @@
+import {
+  AuthError
+} from "../../chunk-GF3NKEEK.js";
+
+// src/provider/express.ts
+function createExpressProvider(provider) {
+  return async function trustlineProvider(request, response) {
+    const origin = `${request.protocol}://${request.get("host") ?? "localhost"}`;
+    const url = new URL(request.originalUrl || request.url, origin);
+    const body = request.method === "GET" || request.method === "HEAD" ? void 0 : await readBody(request);
+    const providerResponse = await provider.handle(
+      new Request(url.toString(), {
+        method: request.method,
+        headers: request.headers,
+        body
+      })
+    );
+    response.status(providerResponse.status);
+    providerResponse.headers.forEach((value, key) => {
+      response.setHeader(key, value);
+    });
+    response.send(await providerResponse.text());
+  };
+}
+function readBody(request) {
+  return new Promise((resolve, reject) => {
+    const chunks = [];
+    request.on("data", (chunk) => {
+      chunks.push(typeof chunk === "string" ? Buffer.from(chunk) : chunk);
+    });
+    request.on("end", () => {
+      resolve(
+        chunks.length > 0 ? Buffer.concat(chunks).toString("utf8") : void 0
+      );
+    });
+    request.on("error", reject);
+  });
+}
+
+// src/middleware/express.ts
+function createExpressGuard(guard) {
+  return async function trustlineGuard(request, response, next) {
+    const token = getBearerToken(request.headers.authorization);
+    if (!token) {
+      response.status(401).json({
+        error: "missing_token",
+        message: "Missing bearer token"
+      });
+      return;
+    }
+    try {
+      const identity = await guard.verify(token);
+      request.trustline = identity;
+      next();
+    } catch (error) {
+      const authError = error instanceof AuthError ? error : new AuthError(
+        "invalid_token",
+        "Token verification failed",
+        401,
+        error
+      );
+      response.status(authError.status).json({
+        error: authError.code,
+        message: authError.message
+      });
+    }
+  };
+}
+function getBearerToken(header) {
+  if (!header) {
+    return null;
+  }
+  const [scheme, value] = header.split(/\s+/, 2);
+  if (scheme?.toLowerCase() !== "bearer" || !value) {
+    return null;
+  }
+  return value;
+}
+export {
+  createExpressGuard,
+  createExpressProvider
+};
+//# sourceMappingURL=index.js.map

package/dist/frameworks/express/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/provider/express.ts","../../../src/middleware/express.ts"],"sourcesContent":["import type {\n  Request as ExpressRequest,\n  Response as ExpressResponse,\n  RequestHandler,\n} from \"express\";\n\nexport interface WebHandler {\n  handle(request: Request): Promise<Response>;\n}\n\nexport function createExpressProvider(provider: WebHandler): RequestHandler {\n  return async function trustlineProvider(\n    request: ExpressRequest,\n    response: ExpressResponse,\n  ) {\n    const origin = `${request.protocol}://${request.get(\"host\") ?? \"localhost\"}`;\n    const url = new URL(request.originalUrl || request.url, origin);\n    const body =\n      request.method === \"GET\" || request.method === \"HEAD\"\n        ? undefined\n        : await readBody(request);\n\n    const providerResponse = await provider.handle(\n      new Request(url.toString(), {\n        method: request.method,\n        headers: request.headers as HeadersInit,\n        body,\n      }),\n    );\n\n    response.status(providerResponse.status);\n    providerResponse.headers.forEach((value, key) => {\n      response.setHeader(key, value);\n    });\n    response.send(await providerResponse.text());\n  };\n}\n\nfunction readBody(request: ExpressRequest): Promise<string | undefined> {\n  return new Promise((resolve, reject) => {\n    const chunks: Uint8Array[] = [];\n    request.on(\"data\", (chunk) => {\n      chunks.push(typeof chunk === \"string\" ? Buffer.from(chunk) : chunk);\n    });\n    request.on(\"end\", () => {\n      resolve(\n        chunks.length > 0 ? Buffer.concat(chunks).toString(\"utf8\") : undefined,\n      );\n    });\n    request.on(\"error\", reject);\n  });\n}\n","import type { Request, RequestHandler, Response } from \"express\";\n\nimport { AuthError } from \"../core/errors\";\nimport type { ServiceIdentity } from \"../core/token\";\n\nexport interface GuardVerifier {\n  verify(token: string): Promise<ServiceIdentity>;\n}\n\nexport interface TrustlineRequest extends Request {\n  trustline?: ServiceIdentity;\n}\n\nexport function createExpressGuard(guard: GuardVerifier): RequestHandler {\n  return async function trustlineGuard(\n    request: Request,\n    response: Response,\n    next,\n  ) {\n    const token = getBearerToken(request.headers.authorization);\n\n    if (!token) {\n      response.status(401).json({\n        error: \"missing_token\",\n        message: \"Missing bearer token\",\n      });\n      return;\n    }\n\n    try {\n      const identity = await guard.verify(token);\n      (request as TrustlineRequest).trustline = identity;\n      next();\n    } catch (error) {\n      const authError =\n        error instanceof AuthError\n          ? error\n          : new AuthError(\n              \"invalid_token\",\n              \"Token verification failed\",\n              401,\n              error,\n            );\n      response.status(authError.status).json({\n        error: authError.code,\n        message: authError.message,\n      });\n    }\n  };\n}\n\nfunction getBearerToken(header: string | undefined): string | null {\n  if (!header) {\n    return null;\n  }\n\n  const [scheme, value] = header.split(/\\s+/, 2);\n  if (scheme?.toLowerCase() !== \"bearer\" || !value) {\n    return null;\n  }\n\n  return value;\n}\n"],"mappings":";;;;;AAUO,SAAS,sBAAsB,UAAsC;AAC1E,SAAO,eAAe,kBACpB,SACA,UACA;AACA,UAAM,SAAS,GAAG,QAAQ,QAAQ,MAAM,QAAQ,IAAI,MAAM,KAAK,WAAW;AAC1E,UAAM,MAAM,IAAI,IAAI,QAAQ,eAAe,QAAQ,KAAK,MAAM;AAC9D,UAAM,OACJ,QAAQ,WAAW,SAAS,QAAQ,WAAW,SAC3C,SACA,MAAM,SAAS,OAAO;AAE5B,UAAM,mBAAmB,MAAM,SAAS;AAAA,MACtC,IAAI,QAAQ,IAAI,SAAS,GAAG;AAAA,QAC1B,QAAQ,QAAQ;AAAA,QAChB,SAAS,QAAQ;AAAA,QACjB;AAAA,MACF,CAAC;AAAA,IACH;AAEA,aAAS,OAAO,iBAAiB,MAAM;AACvC,qBAAiB,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AAC/C,eAAS,UAAU,KAAK,KAAK;AAAA,IAC/B,CAAC;AACD,aAAS,KAAK,MAAM,iBAAiB,KAAK,CAAC;AAAA,EAC7C;AACF;AAEA,SAAS,SAAS,SAAsD;AACtE,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,SAAuB,CAAC;AAC9B,YAAQ,GAAG,QAAQ,CAAC,UAAU;AAC5B,aAAO,KAAK,OAAO,UAAU,WAAW,OAAO,KAAK,KAAK,IAAI,KAAK;AAAA,IACpE,CAAC;AACD,YAAQ,GAAG,OAAO,MAAM;AACtB;AAAA,QACE,OAAO,SAAS,IAAI,OAAO,OAAO,MAAM,EAAE,SAAS,MAAM,IAAI;AAAA,MAC/D;AAAA,IACF,CAAC;AACD,YAAQ,GAAG,SAAS,MAAM;AAAA,EAC5B,CAAC;AACH;;;ACtCO,SAAS,mBAAmB,OAAsC;AACvE,SAAO,eAAe,eACpB,SACA,UACA,MACA;AACA,UAAM,QAAQ,eAAe,QAAQ,QAAQ,aAAa;AAE1D,QAAI,CAAC,OAAO;AACV,eAAS,OAAO,GAAG,EAAE,KAAK;AAAA,QACxB,OAAO;AAAA,QACP,SAAS;AAAA,MACX,CAAC;AACD;AAAA,IACF;AAEA,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,OAAO,KAAK;AACzC,MAAC,QAA6B,YAAY;AAC1C,WAAK;AAAA,IACP,SAAS,OAAO;AACd,YAAM,YACJ,iBAAiB,YACb,QACA,IAAI;AAAA,QACF;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACN,eAAS,OAAO,UAAU,MAAM,EAAE,KAAK;AAAA,QACrC,OAAO,UAAU;AAAA,QACjB,SAAS,UAAU;AAAA,MACrB,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAEA,SAAS,eAAe,QAA2C;AACjE,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,EACT;AAEA,QAAM,CAAC,QAAQ,KAAK,IAAI,OAAO,MAAM,OAAO,CAAC;AAC7C,MAAI,QAAQ,YAAY,MAAM,YAAY,CAAC,OAAO;AAChD,WAAO;AAAA,EACT;AAEA,SAAO;AACT;","names":[]}

package/dist/frameworks/fastify/index.cjs

@@ -0,0 +1,158 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/frameworks/fastify/index.ts
+var fastify_exports = {};
+__export(fastify_exports, {
+  createFastifyGuard: () => createFastifyGuard,
+  createFastifyProvider: () => createFastifyProvider
+});
+module.exports = __toCommonJS(fastify_exports);
+
+// src/core/errors.ts
+var AuthError = class extends Error {
+  code;
+  status;
+  cause;
+  constructor(code, message, status, cause) {
+    super(message);
+    this.name = "AuthError";
+    this.code = code;
+    this.status = status;
+    this.cause = cause;
+  }
+};
+
+// src/provider/http.ts
+function createHeaders(headers) {
+  const normalized = new Headers();
+  for (const [key, value] of Object.entries(headers)) {
+    if (typeof value === "string") {
+      normalized.set(key, value);
+    }
+    if (Array.isArray(value)) {
+      normalized.set(key, value.join(", "));
+    }
+  }
+  return normalized;
+}
+function serializeRequestBody(body) {
+  if (typeof body === "string") {
+    return body;
+  }
+  if (!body || typeof body !== "object") {
+    return void 0;
+  }
+  const params = new URLSearchParams();
+  for (const [key, value] of Object.entries(body)) {
+    if (value === void 0 || value === null) {
+      continue;
+    }
+    if (Array.isArray(value)) {
+      for (const item of value) {
+        params.append(key, String(item));
+      }
+      continue;
+    }
+    params.set(key, String(value));
+  }
+  return params.toString();
+}
+async function writeFastifyResponse(reply, response) {
+  reply.code(response.status);
+  response.headers.forEach((value, key) => {
+    reply.header(key, value);
+  });
+  reply.send(await response.text());
+}
+
+// src/frameworks/fastify/index.ts
+function createFastifyProvider(provider) {
+  return async (fastify) => {
+    fastify.get("/.well-known/jwks.json", async (request, reply) => {
+      const response = await provider.handle(
+        new Request(buildRequestUrl(request), {
+          method: "GET",
+          headers: createHeaders(request.headers)
+        })
+      );
+      await writeFastifyResponse(reply, response);
+    });
+    fastify.post("/token", async (request, reply) => {
+      const response = await provider.handle(
+        new Request(buildRequestUrl(request), {
+          method: "POST",
+          headers: createHeaders(request.headers),
+          body: serializeRequestBody(request.body)
+        })
+      );
+      await writeFastifyResponse(reply, response);
+    });
+  };
+}
+function createFastifyGuard(guard) {
+  return async function trustlineFastifyGuard(request, reply) {
+    const token = getBearerToken(request.headers.authorization);
+    if (!token) {
+      reply.code(401).send({
+        error: "missing_token",
+        message: "Missing bearer token"
+      });
+      return;
+    }
+    try {
+      const identity = await guard.verify(token);
+      request.trustline = identity;
+    } catch (error) {
+      const authError = error instanceof AuthError ? error : new AuthError(
+        "invalid_token",
+        "Token verification failed",
+        401,
+        error
+      );
+      reply.code(authError.status).send({
+        error: authError.code,
+        message: authError.message
+      });
+    }
+  };
+}
+function buildRequestUrl(request) {
+  const protocol = request.protocol ?? "http";
+  const host = Array.isArray(request.headers.host) ? request.headers.host[0] : request.headers.host;
+  const path = request.raw?.url ?? request.url ?? "/";
+  return new URL(path, `${protocol}://${host ?? "localhost"}`).toString();
+}
+function getBearerToken(header) {
+  const value = Array.isArray(header) ? header[0] : header;
+  if (!value) {
+    return null;
+  }
+  const [scheme, token] = value.split(/\s+/, 2);
+  if (scheme?.toLowerCase() !== "bearer" || !token) {
+    return null;
+  }
+  return token;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createFastifyGuard,
+  createFastifyProvider
+});
+//# sourceMappingURL=index.cjs.map

package/dist/frameworks/fastify/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/frameworks/fastify/index.ts","../../../src/core/errors.ts","../../../src/provider/http.ts"],"sourcesContent":["import type { FastifyPluginAsync } from \"fastify\";\n\nimport { AuthError } from \"../../core/errors\";\nimport type { ServiceIdentity } from \"../../core/token\";\nimport type { Provider } from \"../../provider\";\nimport {\n  createHeaders,\n  serializeRequestBody,\n  writeFastifyResponse,\n} from \"../../provider/http\";\n\nexport interface GuardVerifier {\n  verify(token: string): Promise<ServiceIdentity>;\n}\n\nexport interface TrustlineFastifyRequest {\n  trustline?: ServiceIdentity;\n}\n\nexport function createFastifyProvider(provider: Provider): FastifyPluginAsync {\n  return async (fastify) => {\n    fastify.get(\"/.well-known/jwks.json\", async (request, reply) => {\n      const response = await provider.handle(\n        new Request(buildRequestUrl(request), {\n          method: \"GET\",\n          headers: createHeaders(request.headers),\n        }),\n      );\n      await writeFastifyResponse(reply, response);\n    });\n\n    fastify.post(\"/token\", async (request, reply) => {\n      const response = await provider.handle(\n        new Request(buildRequestUrl(request), {\n          method: \"POST\",\n          headers: createHeaders(request.headers),\n          body: serializeRequestBody(request.body),\n        }),\n      );\n      await writeFastifyResponse(reply, response);\n    });\n  };\n}\n\nexport function createFastifyGuard(guard: GuardVerifier) {\n  return async function trustlineFastifyGuard(\n    request: { headers: { authorization?: string | string[] } },\n    reply: {\n      code(status: number): { send(payload: unknown): void };\n      send?(payload: unknown): void;\n    },\n  ) {\n    const token = getBearerToken(request.headers.authorization);\n\n    if (!token) {\n      reply.code(401).send({\n        error: \"missing_token\",\n        message: \"Missing bearer token\",\n      });\n      return;\n    }\n\n    try {\n      const identity = await guard.verify(token);\n      (request as TrustlineFastifyRequest).trustline = identity;\n    } catch (error) {\n      const authError =\n        error instanceof AuthError\n          ? error\n          : new AuthError(\n              \"invalid_token\",\n              \"Token verification failed\",\n              401,\n              error,\n            );\n      reply.code(authError.status).send({\n        error: authError.code,\n        message: authError.message,\n      });\n    }\n  };\n}\n\nfunction buildRequestUrl(request: {\n  protocol?: string;\n  headers: { host?: string | string[] };\n  raw?: { url?: string };\n  url?: string;\n}): string {\n  const protocol = request.protocol ?? \"http\";\n  const host = Array.isArray(request.headers.host)\n    ? request.headers.host[0]\n    : request.headers.host;\n  const path = request.raw?.url ?? request.url ?? \"/\";\n  return new URL(path, `${protocol}://${host ?? \"localhost\"}`).toString();\n}\n\nfunction getBearerToken(header: string | string[] | undefined): string | null {\n  const value = Array.isArray(header) ? header[0] : header;\n  if (!value) {\n    return null;\n  }\n\n  const [scheme, token] = value.split(/\\s+/, 2);\n  if (scheme?.toLowerCase() !== \"bearer\" || !token) {\n    return null;\n  }\n\n  return token;\n}\n","export type AuthErrorCode =\n  | \"missing_token\"\n  | \"invalid_token\"\n  | \"invalid_issuer\"\n  | \"invalid_audience\"\n  | \"invalid_scope\"\n  | \"invalid_env\"\n  | \"jwks_fetch_failed\";\n\nexport class AuthError extends Error {\n  public readonly code: AuthErrorCode;\n  public readonly status: number;\n  public readonly cause?: unknown;\n\n  constructor(\n    code: AuthErrorCode,\n    message: string,\n    status: number,\n    cause?: unknown,\n  ) {\n    super(message);\n    this.name = \"AuthError\";\n    this.code = code;\n    this.status = status;\n    this.cause = cause;\n  }\n}\n","export interface WebHandler {\n  handle(request: Request): Promise<Response>;\n}\n\nexport function createHeaders(headers: Record<string, unknown>): Headers {\n  const normalized = new Headers();\n  for (const [key, value] of Object.entries(headers)) {\n    if (typeof value === \"string\") {\n      normalized.set(key, value);\n    }\n\n    if (Array.isArray(value)) {\n      normalized.set(key, value.join(\", \"));\n    }\n  }\n  return normalized;\n}\n\nexport function serializeRequestBody(body: unknown): string | undefined {\n  if (typeof body === \"string\") {\n    return body;\n  }\n\n  if (!body || typeof body !== \"object\") {\n    return undefined;\n  }\n\n  const params = new URLSearchParams();\n  for (const [key, value] of Object.entries(body)) {\n    if (value === undefined || value === null) {\n      continue;\n    }\n\n    if (Array.isArray(value)) {\n      for (const item of value) {\n        params.append(key, String(item));\n      }\n      continue;\n    }\n\n    params.set(key, String(value));\n  }\n\n  return params.toString();\n}\n\nexport async function writeFastifyResponse(\n  reply: {\n    code(status: number): void;\n    header(name: string, value: string): void;\n    send(payload: string): void;\n  },\n  response: Response,\n): Promise<void> {\n  reply.code(response.status);\n  response.headers.forEach((value, key) => {\n    reply.header(key, value);\n  });\n  reply.send(await response.text());\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACSO,IAAM,YAAN,cAAwB,MAAM;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EAEhB,YACE,MACA,SACA,QACA,OACA;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,QAAQ;AAAA,EACf;AACF;;;ACtBO,SAAS,cAAc,SAA2C;AACvE,QAAM,aAAa,IAAI,QAAQ;AAC/B,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,GAAG;AAClD,QAAI,OAAO,UAAU,UAAU;AAC7B,iBAAW,IAAI,KAAK,KAAK;AAAA,IAC3B;AAEA,QAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,iBAAW,IAAI,KAAK,MAAM,KAAK,IAAI,CAAC;AAAA,IACtC;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,qBAAqB,MAAmC;AACtE,MAAI,OAAO,SAAS,UAAU;AAC5B,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,WAAO;AAAA,EACT;AAEA,QAAM,SAAS,IAAI,gBAAgB;AACnC,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAC/C,QAAI,UAAU,UAAa,UAAU,MAAM;AACzC;AAAA,IACF;AAEA,QAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,iBAAW,QAAQ,OAAO;AACxB,eAAO,OAAO,KAAK,OAAO,IAAI,CAAC;AAAA,MACjC;AACA;AAAA,IACF;AAEA,WAAO,IAAI,KAAK,OAAO,KAAK,CAAC;AAAA,EAC/B;AAEA,SAAO,OAAO,SAAS;AACzB;AAEA,eAAsB,qBACpB,OAKA,UACe;AACf,QAAM,KAAK,SAAS,MAAM;AAC1B,WAAS,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AACvC,UAAM,OAAO,KAAK,KAAK;AAAA,EACzB,CAAC;AACD,QAAM,KAAK,MAAM,SAAS,KAAK,CAAC;AAClC;;;AFxCO,SAAS,sBAAsB,UAAwC;AAC5E,SAAO,OAAO,YAAY;AACxB,YAAQ,IAAI,0BAA0B,OAAO,SAAS,UAAU;AAC9D,YAAM,WAAW,MAAM,SAAS;AAAA,QAC9B,IAAI,QAAQ,gBAAgB,OAAO,GAAG;AAAA,UACpC,QAAQ;AAAA,UACR,SAAS,cAAc,QAAQ,OAAO;AAAA,QACxC,CAAC;AAAA,MACH;AACA,YAAM,qBAAqB,OAAO,QAAQ;AAAA,IAC5C,CAAC;AAED,YAAQ,KAAK,UAAU,OAAO,SAAS,UAAU;AAC/C,YAAM,WAAW,MAAM,SAAS;AAAA,QAC9B,IAAI,QAAQ,gBAAgB,OAAO,GAAG;AAAA,UACpC,QAAQ;AAAA,UACR,SAAS,cAAc,QAAQ,OAAO;AAAA,UACtC,MAAM,qBAAqB,QAAQ,IAAI;AAAA,QACzC,CAAC;AAAA,MACH;AACA,YAAM,qBAAqB,OAAO,QAAQ;AAAA,IAC5C,CAAC;AAAA,EACH;AACF;AAEO,SAAS,mBAAmB,OAAsB;AACvD,SAAO,eAAe,sBACpB,SACA,OAIA;AACA,UAAM,QAAQ,eAAe,QAAQ,QAAQ,aAAa;AAE1D,QAAI,CAAC,OAAO;AACV,YAAM,KAAK,GAAG,EAAE,KAAK;AAAA,QACnB,OAAO;AAAA,QACP,SAAS;AAAA,MACX,CAAC;AACD;AAAA,IACF;AAEA,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,OAAO,KAAK;AACzC,MAAC,QAAoC,YAAY;AAAA,IACnD,SAAS,OAAO;AACd,YAAM,YACJ,iBAAiB,YACb,QACA,IAAI;AAAA,QACF;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACN,YAAM,KAAK,UAAU,MAAM,EAAE,KAAK;AAAA,QAChC,OAAO,UAAU;AAAA,QACjB,SAAS,UAAU;AAAA,MACrB,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAEA,SAAS,gBAAgB,SAKd;AACT,QAAM,WAAW,QAAQ,YAAY;AACrC,QAAM,OAAO,MAAM,QAAQ,QAAQ,QAAQ,IAAI,IAC3C,QAAQ,QAAQ,KAAK,CAAC,IACtB,QAAQ,QAAQ;AACpB,QAAM,OAAO,QAAQ,KAAK,OAAO,QAAQ,OAAO;AAChD,SAAO,IAAI,IAAI,MAAM,GAAG,QAAQ,MAAM,QAAQ,WAAW,EAAE,EAAE,SAAS;AACxE;AAEA,SAAS,eAAe,QAAsD;AAC5E,QAAM,QAAQ,MAAM,QAAQ,MAAM,IAAI,OAAO,CAAC,IAAI;AAClD,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,QAAM,CAAC,QAAQ,KAAK,IAAI,MAAM,MAAM,OAAO,CAAC;AAC5C,MAAI,QAAQ,YAAY,MAAM,YAAY,CAAC,OAAO;AAChD,WAAO;AAAA,EACT;AAEA,SAAO;AACT;","names":[]}

package/dist/frameworks/fastify/index.d.cts

@@ -0,0 +1,25 @@
+import { FastifyPluginAsync } from 'fastify';
+import { S as ServiceIdentity } from '../../token-BtfYGd9K.cjs';
+import { P as Provider } from '../../index-DqkKZOlH.cjs';
+import 'jose';
+import '../../interface-BzT_DC3u.cjs';
+
+interface GuardVerifier {
+    verify(token: string): Promise<ServiceIdentity>;
+}
+interface TrustlineFastifyRequest {
+    trustline?: ServiceIdentity;
+}
+declare function createFastifyProvider(provider: Provider): FastifyPluginAsync;
+declare function createFastifyGuard(guard: GuardVerifier): (request: {
+    headers: {
+        authorization?: string | string[];
+    };
+}, reply: {
+    code(status: number): {
+        send(payload: unknown): void;
+    };
+    send?(payload: unknown): void;
+}) => Promise<void>;
+
+export { type GuardVerifier, type TrustlineFastifyRequest, createFastifyGuard, createFastifyProvider };

package/dist/frameworks/fastify/index.d.ts

@@ -0,0 +1,25 @@
+import { FastifyPluginAsync } from 'fastify';
+import { S as ServiceIdentity } from '../../token-BtfYGd9K.js';
+import { P as Provider } from '../../index-Dc4GFume.js';
+import 'jose';
+import '../../interface-BzT_DC3u.js';
+
+interface GuardVerifier {
+    verify(token: string): Promise<ServiceIdentity>;
+}
+interface TrustlineFastifyRequest {
+    trustline?: ServiceIdentity;
+}
+declare function createFastifyProvider(provider: Provider): FastifyPluginAsync;
+declare function createFastifyGuard(guard: GuardVerifier): (request: {
+    headers: {
+        authorization?: string | string[];
+    };
+}, reply: {
+    code(status: number): {
+        send(payload: unknown): void;
+    };
+    send?(payload: unknown): void;
+}) => Promise<void>;
+
+export { type GuardVerifier, type TrustlineFastifyRequest, createFastifyGuard, createFastifyProvider };

package/dist/frameworks/fastify/index.js

@@ -0,0 +1,120 @@
+import {
+  AuthError
+} from "../../chunk-GF3NKEEK.js";
+
+// src/provider/http.ts
+function createHeaders(headers) {
+  const normalized = new Headers();
+  for (const [key, value] of Object.entries(headers)) {
+    if (typeof value === "string") {
+      normalized.set(key, value);
+    }
+    if (Array.isArray(value)) {
+      normalized.set(key, value.join(", "));
+    }
+  }
+  return normalized;
+}
+function serializeRequestBody(body) {
+  if (typeof body === "string") {
+    return body;
+  }
+  if (!body || typeof body !== "object") {
+    return void 0;
+  }
+  const params = new URLSearchParams();
+  for (const [key, value] of Object.entries(body)) {
+    if (value === void 0 || value === null) {
+      continue;
+    }
+    if (Array.isArray(value)) {
+      for (const item of value) {
+        params.append(key, String(item));
+      }
+      continue;
+    }
+    params.set(key, String(value));
+  }
+  return params.toString();
+}
+async function writeFastifyResponse(reply, response) {
+  reply.code(response.status);
+  response.headers.forEach((value, key) => {
+    reply.header(key, value);
+  });
+  reply.send(await response.text());
+}
+
+// src/frameworks/fastify/index.ts
+function createFastifyProvider(provider) {
+  return async (fastify) => {
+    fastify.get("/.well-known/jwks.json", async (request, reply) => {
+      const response = await provider.handle(
+        new Request(buildRequestUrl(request), {
+          method: "GET",
+          headers: createHeaders(request.headers)
+        })
+      );
+      await writeFastifyResponse(reply, response);
+    });
+    fastify.post("/token", async (request, reply) => {
+      const response = await provider.handle(
+        new Request(buildRequestUrl(request), {
+          method: "POST",
+          headers: createHeaders(request.headers),
+          body: serializeRequestBody(request.body)
+        })
+      );
+      await writeFastifyResponse(reply, response);
+    });
+  };
+}
+function createFastifyGuard(guard) {
+  return async function trustlineFastifyGuard(request, reply) {
+    const token = getBearerToken(request.headers.authorization);
+    if (!token) {
+      reply.code(401).send({
+        error: "missing_token",
+        message: "Missing bearer token"
+      });
+      return;
+    }
+    try {
+      const identity = await guard.verify(token);
+      request.trustline = identity;
+    } catch (error) {
+      const authError = error instanceof AuthError ? error : new AuthError(
+        "invalid_token",
+        "Token verification failed",
+        401,
+        error
+      );
+      reply.code(authError.status).send({
+        error: authError.code,
+        message: authError.message
+      });
+    }
+  };
+}
+function buildRequestUrl(request) {
+  const protocol = request.protocol ?? "http";
+  const host = Array.isArray(request.headers.host) ? request.headers.host[0] : request.headers.host;
+  const path = request.raw?.url ?? request.url ?? "/";
+  return new URL(path, `${protocol}://${host ?? "localhost"}`).toString();
+}
+function getBearerToken(header) {
+  const value = Array.isArray(header) ? header[0] : header;
+  if (!value) {
+    return null;
+  }
+  const [scheme, token] = value.split(/\s+/, 2);
+  if (scheme?.toLowerCase() !== "bearer" || !token) {
+    return null;
+  }
+  return token;
+}
+export {
+  createFastifyGuard,
+  createFastifyProvider
+};
+//# sourceMappingURL=index.js.map

package/dist/frameworks/fastify/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/provider/http.ts","../../../src/frameworks/fastify/index.ts"],"sourcesContent":["export interface WebHandler {\n  handle(request: Request): Promise<Response>;\n}\n\nexport function createHeaders(headers: Record<string, unknown>): Headers {\n  const normalized = new Headers();\n  for (const [key, value] of Object.entries(headers)) {\n    if (typeof value === \"string\") {\n      normalized.set(key, value);\n    }\n\n    if (Array.isArray(value)) {\n      normalized.set(key, value.join(\", \"));\n    }\n  }\n  return normalized;\n}\n\nexport function serializeRequestBody(body: unknown): string | undefined {\n  if (typeof body === \"string\") {\n    return body;\n  }\n\n  if (!body || typeof body !== \"object\") {\n    return undefined;\n  }\n\n  const params = new URLSearchParams();\n  for (const [key, value] of Object.entries(body)) {\n    if (value === undefined || value === null) {\n      continue;\n    }\n\n    if (Array.isArray(value)) {\n      for (const item of value) {\n        params.append(key, String(item));\n      }\n      continue;\n    }\n\n    params.set(key, String(value));\n  }\n\n  return params.toString();\n}\n\nexport async function writeFastifyResponse(\n  reply: {\n    code(status: number): void;\n    header(name: string, value: string): void;\n    send(payload: string): void;\n  },\n  response: Response,\n): Promise<void> {\n  reply.code(response.status);\n  response.headers.forEach((value, key) => {\n    reply.header(key, value);\n  });\n  reply.send(await response.text());\n}\n","import type { FastifyPluginAsync } from \"fastify\";\n\nimport { AuthError } from \"../../core/errors\";\nimport type { ServiceIdentity } from \"../../core/token\";\nimport type { Provider } from \"../../provider\";\nimport {\n  createHeaders,\n  serializeRequestBody,\n  writeFastifyResponse,\n} from \"../../provider/http\";\n\nexport interface GuardVerifier {\n  verify(token: string): Promise<ServiceIdentity>;\n}\n\nexport interface TrustlineFastifyRequest {\n  trustline?: ServiceIdentity;\n}\n\nexport function createFastifyProvider(provider: Provider): FastifyPluginAsync {\n  return async (fastify) => {\n    fastify.get(\"/.well-known/jwks.json\", async (request, reply) => {\n      const response = await provider.handle(\n        new Request(buildRequestUrl(request), {\n          method: \"GET\",\n          headers: createHeaders(request.headers),\n        }),\n      );\n      await writeFastifyResponse(reply, response);\n    });\n\n    fastify.post(\"/token\", async (request, reply) => {\n      const response = await provider.handle(\n        new Request(buildRequestUrl(request), {\n          method: \"POST\",\n          headers: createHeaders(request.headers),\n          body: serializeRequestBody(request.body),\n        }),\n      );\n      await writeFastifyResponse(reply, response);\n    });\n  };\n}\n\nexport function createFastifyGuard(guard: GuardVerifier) {\n  return async function trustlineFastifyGuard(\n    request: { headers: { authorization?: string | string[] } },\n    reply: {\n      code(status: number): { send(payload: unknown): void };\n      send?(payload: unknown): void;\n    },\n  ) {\n    const token = getBearerToken(request.headers.authorization);\n\n    if (!token) {\n      reply.code(401).send({\n        error: \"missing_token\",\n        message: \"Missing bearer token\",\n      });\n      return;\n    }\n\n    try {\n      const identity = await guard.verify(token);\n      (request as TrustlineFastifyRequest).trustline = identity;\n    } catch (error) {\n      const authError =\n        error instanceof AuthError\n          ? error\n          : new AuthError(\n              \"invalid_token\",\n              \"Token verification failed\",\n              401,\n              error,\n            );\n      reply.code(authError.status).send({\n        error: authError.code,\n        message: authError.message,\n      });\n    }\n  };\n}\n\nfunction buildRequestUrl(request: {\n  protocol?: string;\n  headers: { host?: string | string[] };\n  raw?: { url?: string };\n  url?: string;\n}): string {\n  const protocol = request.protocol ?? \"http\";\n  const host = Array.isArray(request.headers.host)\n    ? request.headers.host[0]\n    : request.headers.host;\n  const path = request.raw?.url ?? request.url ?? \"/\";\n  return new URL(path, `${protocol}://${host ?? \"localhost\"}`).toString();\n}\n\nfunction getBearerToken(header: string | string[] | undefined): string | null {\n  const value = Array.isArray(header) ? header[0] : header;\n  if (!value) {\n    return null;\n  }\n\n  const [scheme, token] = value.split(/\\s+/, 2);\n  if (scheme?.toLowerCase() !== \"bearer\" || !token) {\n    return null;\n  }\n\n  return token;\n}\n"],"mappings":";;;;;AAIO,SAAS,cAAc,SAA2C;AACvE,QAAM,aAAa,IAAI,QAAQ;AAC/B,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,GAAG;AAClD,QAAI,OAAO,UAAU,UAAU;AAC7B,iBAAW,IAAI,KAAK,KAAK;AAAA,IAC3B;AAEA,QAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,iBAAW,IAAI,KAAK,MAAM,KAAK,IAAI,CAAC;AAAA,IACtC;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,qBAAqB,MAAmC;AACtE,MAAI,OAAO,SAAS,UAAU;AAC5B,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,WAAO;AAAA,EACT;AAEA,QAAM,SAAS,IAAI,gBAAgB;AACnC,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAC/C,QAAI,UAAU,UAAa,UAAU,MAAM;AACzC;AAAA,IACF;AAEA,QAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,iBAAW,QAAQ,OAAO;AACxB,eAAO,OAAO,KAAK,OAAO,IAAI,CAAC;AAAA,MACjC;AACA;AAAA,IACF;AAEA,WAAO,IAAI,KAAK,OAAO,KAAK,CAAC;AAAA,EAC/B;AAEA,SAAO,OAAO,SAAS;AACzB;AAEA,eAAsB,qBACpB,OAKA,UACe;AACf,QAAM,KAAK,SAAS,MAAM;AAC1B,WAAS,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AACvC,UAAM,OAAO,KAAK,KAAK;AAAA,EACzB,CAAC;AACD,QAAM,KAAK,MAAM,SAAS,KAAK,CAAC;AAClC;;;ACxCO,SAAS,sBAAsB,UAAwC;AAC5E,SAAO,OAAO,YAAY;AACxB,YAAQ,IAAI,0BAA0B,OAAO,SAAS,UAAU;AAC9D,YAAM,WAAW,MAAM,SAAS;AAAA,QAC9B,IAAI,QAAQ,gBAAgB,OAAO,GAAG;AAAA,UACpC,QAAQ;AAAA,UACR,SAAS,cAAc,QAAQ,OAAO;AAAA,QACxC,CAAC;AAAA,MACH;AACA,YAAM,qBAAqB,OAAO,QAAQ;AAAA,IAC5C,CAAC;AAED,YAAQ,KAAK,UAAU,OAAO,SAAS,UAAU;AAC/C,YAAM,WAAW,MAAM,SAAS;AAAA,QAC9B,IAAI,QAAQ,gBAAgB,OAAO,GAAG;AAAA,UACpC,QAAQ;AAAA,UACR,SAAS,cAAc,QAAQ,OAAO;AAAA,UACtC,MAAM,qBAAqB,QAAQ,IAAI;AAAA,QACzC,CAAC;AAAA,MACH;AACA,YAAM,qBAAqB,OAAO,QAAQ;AAAA,IAC5C,CAAC;AAAA,EACH;AACF;AAEO,SAAS,mBAAmB,OAAsB;AACvD,SAAO,eAAe,sBACpB,SACA,OAIA;AACA,UAAM,QAAQ,eAAe,QAAQ,QAAQ,aAAa;AAE1D,QAAI,CAAC,OAAO;AACV,YAAM,KAAK,GAAG,EAAE,KAAK;AAAA,QACnB,OAAO;AAAA,QACP,SAAS;AAAA,MACX,CAAC;AACD;AAAA,IACF;AAEA,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,OAAO,KAAK;AACzC,MAAC,QAAoC,YAAY;AAAA,IACnD,SAAS,OAAO;AACd,YAAM,YACJ,iBAAiB,YACb,QACA,IAAI;AAAA,QACF;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACN,YAAM,KAAK,UAAU,MAAM,EAAE,KAAK;AAAA,QAChC,OAAO,UAAU;AAAA,QACjB,SAAS,UAAU;AAAA,MACrB,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAEA,SAAS,gBAAgB,SAKd;AACT,QAAM,WAAW,QAAQ,YAAY;AACrC,QAAM,OAAO,MAAM,QAAQ,QAAQ,QAAQ,IAAI,IAC3C,QAAQ,QAAQ,KAAK,CAAC,IACtB,QAAQ,QAAQ;AACpB,QAAM,OAAO,QAAQ,KAAK,OAAO,QAAQ,OAAO;AAChD,SAAO,IAAI,IAAI,MAAM,GAAG,QAAQ,MAAM,QAAQ,WAAW,EAAE,EAAE,SAAS;AACxE;AAEA,SAAS,eAAe,QAAsD;AAC5E,QAAM,QAAQ,MAAM,QAAQ,MAAM,IAAI,OAAO,CAAC,IAAI;AAClD,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,QAAM,CAAC,QAAQ,KAAK,IAAI,MAAM,MAAM,OAAO,CAAC;AAC5C,MAAI,QAAQ,YAAY,MAAM,YAAY,CAAC,OAAO;AAChD,WAAO;AAAA,EACT;AAEA,SAAO;AACT;","names":[]}

package/dist/frameworks/hono/index.cjs

@@ -0,0 +1,117 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/frameworks/hono/index.ts
+var hono_exports = {};
+__export(hono_exports, {
+  createHonoGuard: () => createHonoGuard,
+  createHonoProvider: () => createHonoProvider
+});
+module.exports = __toCommonJS(hono_exports);
+var import_hono = require("hono");
+var import_factory = require("hono/factory");
+
+// src/core/errors.ts
+var AuthError = class extends Error {
+  code;
+  status;
+  cause;
+  constructor(code, message, status, cause) {
+    super(message);
+    this.name = "AuthError";
+    this.code = code;
+    this.status = status;
+    this.cause = cause;
+  }
+};
+
+// src/frameworks/hono/index.ts
+function createHonoProvider(provider) {
+  const app = new import_hono.Hono();
+  app.get(
+    "/.well-known/jwks.json",
+    async (context) => provider.handle(
+      new Request(context.req.raw.url, {
+        method: "GET",
+        headers: context.req.raw.headers
+      })
+    )
+  );
+  app.post(
+    "/token",
+    async (context) => provider.handle(
+      new Request(context.req.raw.url, {
+        method: "POST",
+        headers: context.req.raw.headers,
+        body: context.req.raw.body
+      })
+    )
+  );
+  return app;
+}
+function createHonoGuard(guard) {
+  return (0, import_factory.createMiddleware)(async (context, next) => {
+    const header = context.req.header("authorization");
+    const token = getBearerToken(header);
+    if (!token) {
+      return context.json(
+        {
+          error: "missing_token",
+          message: "Missing bearer token"
+        },
+        401
+      );
+    }
+    try {
+      const identity = await guard.verify(token);
+      context.set("trustline", identity);
+      await next();
+    } catch (error) {
+      const authError = error instanceof AuthError ? error : new AuthError(
+        "invalid_token",
+        "Token verification failed",
+        401,
+        error
+      );
+      return context.json(
+        {
+          error: authError.code,
+          message: authError.message
+        },
+        authError.status
+      );
+    }
+  });
+}
+function getBearerToken(header) {
+  if (!header) {
+    return null;
+  }
+  const [scheme, token] = header.split(/\s+/, 2);
+  if (scheme?.toLowerCase() !== "bearer" || !token) {
+    return null;
+  }
+  return token;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createHonoGuard,
+  createHonoProvider
+});
+//# sourceMappingURL=index.cjs.map

package/dist/frameworks/hono/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/frameworks/hono/index.ts","../../../src/core/errors.ts"],"sourcesContent":["import { Hono } from \"hono\";\nimport { createMiddleware } from \"hono/factory\";\n\nimport { AuthError } from \"../../core/errors\";\nimport type { ServiceIdentity } from \"../../core/token\";\nimport type { Provider } from \"../../provider\";\n\nexport interface GuardVerifier {\n  verify(token: string): Promise<ServiceIdentity>;\n}\n\nexport function createHonoProvider(provider: Provider): Hono {\n  const app = new Hono();\n\n  app.get(\"/.well-known/jwks.json\", async (context) =>\n    provider.handle(\n      new Request(context.req.raw.url, {\n        method: \"GET\",\n        headers: context.req.raw.headers,\n      }),\n    ),\n  );\n\n  app.post(\"/token\", async (context) =>\n    provider.handle(\n      new Request(context.req.raw.url, {\n        method: \"POST\",\n        headers: context.req.raw.headers,\n        body: context.req.raw.body,\n      }),\n    ),\n  );\n\n  return app;\n}\n\nexport function createHonoGuard(guard: GuardVerifier) {\n  return createMiddleware(async (context, next) => {\n    const header = context.req.header(\"authorization\");\n    const token = getBearerToken(header);\n\n    if (!token) {\n      return context.json(\n        {\n          error: \"missing_token\",\n          message: \"Missing bearer token\",\n        },\n        401,\n      );\n    }\n\n    try {\n      const identity = await guard.verify(token);\n      context.set(\"trustline\", identity);\n      await next();\n    } catch (error) {\n      const authError =\n        error instanceof AuthError\n          ? error\n          : new AuthError(\n              \"invalid_token\",\n              \"Token verification failed\",\n              401,\n              error,\n            );\n      return context.json(\n        {\n          error: authError.code,\n          message: authError.message,\n        },\n        authError.status as 401 | 403,\n      );\n    }\n  });\n}\n\nfunction getBearerToken(header: string | undefined): string | null {\n  if (!header) {\n    return null;\n  }\n\n  const [scheme, token] = header.split(/\\s+/, 2);\n  if (scheme?.toLowerCase() !== \"bearer\" || !token) {\n    return null;\n  }\n\n  return token;\n}\n","export type AuthErrorCode =\n  | \"missing_token\"\n  | \"invalid_token\"\n  | \"invalid_issuer\"\n  | \"invalid_audience\"\n  | \"invalid_scope\"\n  | \"invalid_env\"\n  | \"jwks_fetch_failed\";\n\nexport class AuthError extends Error {\n  public readonly code: AuthErrorCode;\n  public readonly status: number;\n  public readonly cause?: unknown;\n\n  constructor(\n    code: AuthErrorCode,\n    message: string,\n    status: number,\n    cause?: unknown,\n  ) {\n    super(message);\n    this.name = \"AuthError\";\n    this.code = code;\n    this.status = status;\n    this.cause = cause;\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAAqB;AACrB,qBAAiC;;;ACQ1B,IAAM,YAAN,cAAwB,MAAM;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA,EAEhB,YACE,MACA,SACA,QACA,OACA;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,QAAQ;AAAA,EACf;AACF;;;ADfO,SAAS,mBAAmB,UAA0B;AAC3D,QAAM,MAAM,IAAI,iBAAK;AAErB,MAAI;AAAA,IAAI;AAAA,IAA0B,OAAO,YACvC,SAAS;AAAA,MACP,IAAI,QAAQ,QAAQ,IAAI,IAAI,KAAK;AAAA,QAC/B,QAAQ;AAAA,QACR,SAAS,QAAQ,IAAI,IAAI;AAAA,MAC3B,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI;AAAA,IAAK;AAAA,IAAU,OAAO,YACxB,SAAS;AAAA,MACP,IAAI,QAAQ,QAAQ,IAAI,IAAI,KAAK;AAAA,QAC/B,QAAQ;AAAA,QACR,SAAS,QAAQ,IAAI,IAAI;AAAA,QACzB,MAAM,QAAQ,IAAI,IAAI;AAAA,MACxB,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,gBAAgB,OAAsB;AACpD,aAAO,iCAAiB,OAAO,SAAS,SAAS;AAC/C,UAAM,SAAS,QAAQ,IAAI,OAAO,eAAe;AACjD,UAAM,QAAQ,eAAe,MAAM;AAEnC,QAAI,CAAC,OAAO;AACV,aAAO,QAAQ;AAAA,QACb;AAAA,UACE,OAAO;AAAA,UACP,SAAS;AAAA,QACX;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,OAAO,KAAK;AACzC,cAAQ,IAAI,aAAa,QAAQ;AACjC,YAAM,KAAK;AAAA,IACb,SAAS,OAAO;AACd,YAAM,YACJ,iBAAiB,YACb,QACA,IAAI;AAAA,QACF;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACN,aAAO,QAAQ;AAAA,QACb;AAAA,UACE,OAAO,UAAU;AAAA,UACjB,SAAS,UAAU;AAAA,QACrB;AAAA,QACA,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF,CAAC;AACH;AAEA,SAAS,eAAe,QAA2C;AACjE,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,EACT;AAEA,QAAM,CAAC,QAAQ,KAAK,IAAI,OAAO,MAAM,OAAO,CAAC;AAC7C,MAAI,QAAQ,YAAY,MAAM,YAAY,CAAC,OAAO;AAChD,WAAO;AAAA,EACT;AAEA,SAAO;AACT;","names":[]}

package/dist/frameworks/hono/index.d.cts

@@ -0,0 +1,17 @@
+import * as hono from 'hono';
+import { Hono } from 'hono';
+import { S as ServiceIdentity } from '../../token-BtfYGd9K.cjs';
+import { P as Provider } from '../../index-DqkKZOlH.cjs';
+import 'jose';
+import '../../interface-BzT_DC3u.cjs';
+
+interface GuardVerifier {
+    verify(token: string): Promise<ServiceIdentity>;
+}
+declare function createHonoProvider(provider: Provider): Hono;
+declare function createHonoGuard(guard: GuardVerifier): hono.MiddlewareHandler<any, string, {}, Response | (Response & hono.TypedResponse<{
+    error: string;
+    message: string;
+}, 401, "json">)>;
+
+export { type GuardVerifier, createHonoGuard, createHonoProvider };

package/dist/frameworks/hono/index.d.ts

@@ -0,0 +1,17 @@
+import * as hono from 'hono';
+import { Hono } from 'hono';
+import { S as ServiceIdentity } from '../../token-BtfYGd9K.js';
+import { P as Provider } from '../../index-Dc4GFume.js';
+import 'jose';
+import '../../interface-BzT_DC3u.js';
+
+interface GuardVerifier {
+    verify(token: string): Promise<ServiceIdentity>;
+}
+declare function createHonoProvider(provider: Provider): Hono;
+declare function createHonoGuard(guard: GuardVerifier): hono.MiddlewareHandler<any, string, {}, Response | (Response & hono.TypedResponse<{
+    error: string;
+    message: string;
+}, 401, "json">)>;
+
+export { type GuardVerifier, createHonoGuard, createHonoProvider };