@foal/core - npm Package Compare versions

@foal/core

Package Overview

Dependencies

Maintainers

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 2.11.0 to 3.0.0-alpha.0

lib/common/auth/access/permission-required.hook.d.ts

lib/common/auth/access/permission-required.hook.js

lib/common/auth/access/user-with-permissions.interface.d.ts

lib/common/auth/access/user-with-permissions.interface.js

lib/common/file/file-list.d.ts

lib/common/file/file-list.js

lib/common/file/file.d.ts

lib/common/file/file.js

lib/common/file/index.d.ts

lib/common/file/index.js

lib/sessions/http/check-user-id-type.d.ts

lib/sessions/http/check-user-id-type.js

lib/sessions/http/get-session-id-from-request.d.ts

lib/sessions/http/get-session-id-from-request.js

lib/common/auth/access/index.d.ts

		@@ -0,1 +1,3 @@
		export { PermissionRequired } from './permission-required.hook';
		export { UserRequired } from './user-required.hook';
		export { IUserWithPermissions } from './user-with-permissions.interface';

lib/common/auth/access/index.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.UserRequired = void 0;
		exports.UserRequired = exports.PermissionRequired = void 0;
		var permission_required_hook_1 = require("./permission-required.hook");
		Object.defineProperty(exports, "PermissionRequired", { enumerable: true, get: function () { return permission_required_hook_1.PermissionRequired; } });
		var user_required_hook_1 = require("./user-required.hook");
		Object.defineProperty(exports, "UserRequired", { enumerable: true, get: function () { return user_required_hook_1.UserRequired; } });

lib/common/auth/access/user-required.hook.js

		@@ -7,3 +7,3 @@ "use strict";
		function hook(ctx) {
		if (ctx.user === undefined \|\| ctx.user === null) {
		if (!ctx.user) {
		if (options.redirectTo) {
		@@ -17,7 +17,7 @@ return new core_1.HttpResponseRedirect(options.redirectTo);
		options.redirectTo ?
		core_1.ApiResponse(302, { description: 'Unauthenticated request.' }) :
		core_1.ApiResponse(401, { description: 'Unauthenticated request.' })
		(0, core_1.ApiResponse)(302, { description: 'Unauthenticated request.' }) :
		(0, core_1.ApiResponse)(401, { description: 'Unauthenticated request.' })
		];
		return core_1.Hook(hook, openapi, { openapi: options.openapi });
		return (0, core_1.Hook)(hook, openapi, { openapi: options.openapi });
		}
		exports.UserRequired = UserRequired;

lib/common/auth/index.js

		"use strict";
		var __createBinding = (this && this.__createBinding) \|\| (Object.create ? (function(o, m, k, k2) {
		if (k2 === undefined) k2 = k;
		Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
		var desc = Object.getOwnPropertyDescriptor(m, k);
		if (!desc \|\| ("get" in desc ? !m.__esModule : desc.writable \|\| desc.configurable)) {
		desc = { enumerable: true, get: function() { return m[k]; } };
		}
		Object.defineProperty(o, k2, desc);
		}) : (function(o, m, k, k2) {
		@@ -6,0 +10,0 @@ if (k2 === undefined) k2 = k;

lib/common/auth/passwords/hash-password.js

		@@ -22,7 +22,7 @@ "use strict";
		async function hashPassword(plainTextPassword) {
		const saltBuffer = await util_1.promisify(crypto_1.randomBytes)(16);
		const saltBuffer = await (0, util_1.promisify)(crypto_1.randomBytes)(16);
		const iterations = exports.PASSWORD_ITERATIONS;
		const keylen = 32;
		const digest = 'sha256';
		const derivedKeyBuffer = await util_1.promisify(crypto_1.pbkdf2)(plainTextPassword, saltBuffer, iterations, keylen, digest);
		const derivedKeyBuffer = await (0, util_1.promisify)(crypto_1.pbkdf2)(plainTextPassword, saltBuffer, iterations, keylen, digest);
		const salt = saltBuffer.toString('base64');
		@@ -29,0 +29,0 @@ const derivedKey = derivedKeyBuffer.toString('base64');

lib/common/auth/passwords/password-hash-needs-to-be-refreshed.js

		@@ -7,5 +7,5 @@ "use strict";
		function passwordHashNeedsToBeRefreshed(passwordHash) {
		const { iterations } = utils_1.decomposePbkdf2PasswordHash(passwordHash);
		const { iterations } = (0, utils_1.decomposePbkdf2PasswordHash)(passwordHash);
		return iterations < hash_password_1.PASSWORD_ITERATIONS;
		}
		exports.passwordHashNeedsToBeRefreshed = passwordHashNeedsToBeRefreshed;

lib/common/auth/passwords/verify-password.js

		@@ -16,6 +16,6 @@ "use strict";
		async function verifyPassword(plainTextPassword, passwordHash) {
		const { digestAlgorithm, iterations, salt, derivedKey, keyLength } = utils_1.decomposePbkdf2PasswordHash(passwordHash);
		const password = await util_1.promisify(crypto_1.pbkdf2)(plainTextPassword, salt, iterations, keyLength, digestAlgorithm);
		return crypto_1.timingSafeEqual(password, derivedKey);
		const { digestAlgorithm, iterations, salt, derivedKey, keyLength } = (0, utils_1.decomposePbkdf2PasswordHash)(passwordHash);
		const password = await (0, util_1.promisify)(crypto_1.pbkdf2)(plainTextPassword, salt, iterations, keyLength, digestAlgorithm);
		return (0, crypto_1.timingSafeEqual)(password, derivedKey);
		}
		exports.verifyPassword = verifyPassword;

lib/common/index.d.ts

		export * from './auth';
		export * from './encoding';
		export * from './file';
		export * from './templates';
		@@ -4,0 +5,0 @@ export * from './tokens';

lib/common/index.js

		"use strict";
		var __createBinding = (this && this.__createBinding) \|\| (Object.create ? (function(o, m, k, k2) {
		if (k2 === undefined) k2 = k;
		Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
		var desc = Object.getOwnPropertyDescriptor(m, k);
		if (!desc \|\| ("get" in desc ? !m.__esModule : desc.writable \|\| desc.configurable)) {
		desc = { enumerable: true, get: function() { return m[k]; } };
		}
		Object.defineProperty(o, k2, desc);
		}) : (function(o, m, k, k2) {
		@@ -15,2 +19,3 @@ if (k2 === undefined) k2 = k;
		__exportStar(require("./encoding"), exports);
		__exportStar(require("./file"), exports);
		__exportStar(require("./templates"), exports);
		@@ -17,0 +22,0 @@ __exportStar(require("./tokens"), exports);

lib/common/templates/render-error.js

		@@ -26,8 +26,8 @@ "use strict";
		if (core_1.Config.get('settings.debug', 'boolean')) {
		const template = await util_1.promisify(fs_1.readFile)(path_1.join(__dirname, '500.debug.html'), 'utf8');
		const template = await (0, util_1.promisify)(fs_1.readFile)((0, path_1.join)(__dirname, '500.debug.html'), 'utf8');
		const rex = /at (.) $(.):(\d+):(\d+)$/;
		const [, , path, line, column] = Array.from(rex.exec(error.stack \|\| '') \|\| []);
		body = render_1.renderToString(template, {
		body = (0, render_1.renderToString)(template, {
		column,
		filename: path_1.basename(path \|\| ''),
		filename: (0, path_1.basename)(path \|\| ''),
		line,
		@@ -34,0 +34,0 @@ message: error.message,

lib/common/templates/render.js

		@@ -41,4 +41,4 @@ "use strict";
		async function render(templatePath, locals = {}, dirname) {
		const path = dirname ? path_1.join(dirname, templatePath) : templatePath;
		const template = await util_1.promisify(fs_1.readFile)(path, 'utf8');
		const path = dirname ? (0, path_1.join)(dirname, templatePath) : templatePath;
		const template = await (0, util_1.promisify)(fs_1.readFile)(path, 'utf8');
		const templateEngine = core_1.Config.get('settings.templateEngine', 'string');
		@@ -45,0 +45,0 @@ if (templateEngine) {

lib/common/tokens/generate-signed-token.util.js

		@@ -7,5 +7,5 @@ "use strict";
		async function generateSignedToken(secret) {
		const unsignedToken = await generate_token_util_1.generateToken();
		return sign_token_util_1.signToken(unsignedToken, secret);
		const unsignedToken = await (0, generate_token_util_1.generateToken)();
		return (0, sign_token_util_1.signToken)(unsignedToken, secret);
		}
		exports.generateSignedToken = generateSignedToken;

lib/common/tokens/generate-token.util.js

		@@ -16,5 +16,5 @@ "use strict";
		async function generateToken() {
		const buff = await util_1.promisify(crypto_1.randomBytes)(32);
		return encoding_1.convertBase64ToBase64url(buff.toString('base64'));
		const buff = await (0, util_1.promisify)(crypto_1.randomBytes)(32);
		return (0, encoding_1.convertBase64ToBase64url)(buff.toString('base64'));
		}
		exports.generateToken = generateToken;

lib/common/tokens/sign-token.util.js

		@@ -9,3 +9,3 @@ "use strict";
		function sign(base64Value, base64Secret) {
		return crypto_1.createHmac('sha256', Buffer.from(base64Secret, 'base64'))
		return (0, crypto_1.createHmac)('sha256', Buffer.from(base64Secret, 'base64'))
		.update(Buffer.from(base64Value, 'base64'))
		@@ -17,4 +17,4 @@ .digest();
		const signature = sign(unsignedToken, secret).toString('base64');
		return `${unsignedToken}.${encoding_1.convertBase64ToBase64url(signature)}`;
		return `${unsignedToken}.${(0, encoding_1.convertBase64ToBase64url)(signature)}`;
		}
		exports.signToken = signToken;

lib/common/tokens/verify-signed-token.util.js

		@@ -29,6 +29,6 @@ "use strict";
		}
		const expectedSignatureBuffer = sign_token_util_1.sign(unsignedToken, secret);
		const expectedSignatureBuffer = (0, sign_token_util_1.sign)(unsignedToken, secret);
		const actualSignatureBuffer = Buffer.alloc(expectedSignatureBuffer.length);
		actualSignatureBuffer.write(signature, 0, actualSignatureBuffer.length, 'base64');
		if (crypto_1.timingSafeEqual(expectedSignatureBuffer, actualSignatureBuffer)) {
		if ((0, crypto_1.timingSafeEqual)(expectedSignatureBuffer, actualSignatureBuffer)) {
		return unsignedToken;
		@@ -35,0 +35,0 @@ }

lib/common/utils/index.d.ts

		export { controller } from './controller.util';
		export { displayServerURL } from './display-server-url.util';
		export { escapeProp } from './escape-prop';
		export { escape } from './escape';
		export { isInFile } from './is-in-file.util';
		export { Log, LogOptions } from './log.hook';
		export { streamToBuffer } from './stream-to-buffer';

lib/common/utils/index.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.streamToBuffer = exports.Log = exports.isInFile = exports.escape = exports.escapeProp = exports.displayServerURL = exports.controller = void 0;
		exports.streamToBuffer = exports.Log = exports.isInFile = exports.displayServerURL = exports.controller = void 0;
		var controller_util_1 = require("./controller.util");
		@@ -8,6 +8,2 @@ Object.defineProperty(exports, "controller", { enumerable: true, get: function () { return controller_util_1.controller; } });
		Object.defineProperty(exports, "displayServerURL", { enumerable: true, get: function () { return display_server_url_util_1.displayServerURL; } });
		var escape_prop_1 = require("./escape-prop");
		Object.defineProperty(exports, "escapeProp", { enumerable: true, get: function () { return escape_prop_1.escapeProp; } });
		var escape_1 = require("./escape");
		Object.defineProperty(exports, "escape", { enumerable: true, get: function () { return escape_1.escape; } });
		var is_in_file_util_1 = require("./is-in-file.util");
		@@ -14,0 +10,0 @@ Object.defineProperty(exports, "isInFile", { enumerable: true, get: function () { return is_in_file_util_1.isInFile; } });

lib/common/utils/is-in-file.util.js

		@@ -16,3 +16,3 @@ "use strict";
		return async (content) => {
		const fileContent = await util_1.promisify(fs_1.readFile)(path, 'utf8');
		const fileContent = await (0, util_1.promisify)(fs_1.readFile)(path, 'utf8');
		return fileContent.includes(content);
		@@ -19,0 +19,0 @@ };

lib/common/utils/log.hook.js

		@@ -21,3 +21,3 @@ "use strict";
		const logFn = options.logFn \|\| console.log;
		return core_1.Hook((ctx) => {
		return (0, core_1.Hook)((ctx) => {
		logFn(message);
		@@ -24,0 +24,0 @@ if (options.body) {

lib/common/utils/stream-to-buffer.d.ts

		/// <reference types="node" />
		/// <reference types="node" />
		/**
		@@ -3,0 +4,0 @@ * Converts a stream of buffers into a buffer.

lib/common/validation/get-ajv-instance.d.ts

		@@ -1,4 +0,4 @@
		import * as Ajv from 'ajv';
		import Ajv from 'ajv';
		export declare const _instanceWrapper: {
		instance: null \| Ajv.Ajv;
		instance: undefined \| Ajv;
		};
		@@ -15,4 +15,4 @@ /**
		* @export
		* @returns {Ajv.Ajv} The AJV instance
		* @returns {Ajv} The AJV instance
		*/
		export declare function getAjvInstance(): Ajv.Ajv;
		export declare function getAjvInstance(): Ajv;

lib/common/validation/get-ajv-instance.js

		@@ -5,8 +5,9 @@ "use strict";
		// 3p
		const Ajv = require("ajv");
		const ajv_1 = require("ajv");
		const core_1 = require("../../core");
		const ajv_formats_1 = require("ajv-formats");
		// This is a little hack to test the customized configuration of `getAjvInstance`.
		// tslint:disable-next-line:variable-name
		exports._instanceWrapper = {
		instance: null
		instance: undefined
		};
		@@ -23,14 +24,15 @@ /**
		* @export
		* @returns {Ajv.Ajv} The AJV instance
		* @returns {Ajv} The AJV instance
		*/
		function getAjvInstance() {
		if (!exports._instanceWrapper.instance) {
		exports._instanceWrapper.instance = new Ajv({
		exports._instanceWrapper.instance = new ajv_1.default({
		$data: core_1.Config.get('settings.ajv.$data', 'boolean'),
		allErrors: core_1.Config.get('settings.ajv.allErrors', 'boolean'),
		coerceTypes: core_1.Config.get('settings.ajv.coerceTypes', 'boolean\|string', true),
		nullable: core_1.Config.get('settings.ajv.nullable', 'boolean'),
		removeAdditional: core_1.Config.get('settings.ajv.removeAdditional', 'boolean\|string', true),
		useDefaults: core_1.Config.get('settings.ajv.useDefaults', 'boolean\|string', true),
		});
		exports._instanceWrapper.instance.addKeyword({ keyword: 'components' });
		(0, ajv_formats_1.default)(exports._instanceWrapper.instance);
		}
		@@ -37,0 +39,0 @@ return exports._instanceWrapper.instance;

lib/common/validation/validate-body.hook.js

		@@ -20,5 +20,8 @@ "use strict";
		if (!validateSchema) {
		const ajvSchema = helpers_1.isFunction(schema) ? schema(this) : schema;
		const ajvSchema = (0, helpers_1.isFunction)(schema) ? schema(this) : schema;
		const components = services.get(core_1.OpenApi).getComponents(this);
		validateSchema = get_ajv_instance_1.getAjvInstance().compile(Object.assign(Object.assign({}, ajvSchema), { components }));
		validateSchema = (0, get_ajv_instance_1.getAjvInstance)().compile({
		...ajvSchema,
		components
		});
		}
		@@ -30,6 +33,6 @@ if (!validateSchema(ctx.request.body)) {
		const openapi = [
		core_1.ApiRequestBody((c) => ({
		(0, core_1.ApiRequestBody)((c) => ({
		content: {
		'application/json': {
		schema: helpers_1.isFunction(schema) ? schema(c) : schema
		schema: (0, helpers_1.isFunction)(schema) ? schema(c) : schema
		}
		@@ -39,6 +42,6 @@ },
		})),
		core_1.ApiResponse(400, { description: 'Bad request.' })
		(0, core_1.ApiResponse)(400, { description: 'Bad request.' })
		];
		return core_1.Hook(validate, openapi, options);
		return (0, core_1.Hook)(validate, openapi, options);
		}
		exports.ValidateBody = ValidateBody;

lib/common/validation/validate-cookie.hook.js

		@@ -21,11 +21,10 @@ "use strict";
		function ValidateCookie(name, schema = { type: 'string' }, options = {}) {
		var _a;
		// tslint:disable-next-line
		const required = (_a = options.required) !== null && _a !== void 0 ? _a : true;
		const required = options.required ?? true;
		let validateSchema;
		function validate(ctx, services) {
		if (!validateSchema) {
		const ajvSchema = helpers_1.isFunction(schema) ? schema(this) : schema;
		const ajvSchema = (0, helpers_1.isFunction)(schema) ? schema(this) : schema;
		const components = services.get(core_1.OpenApi).getComponents(this);
		validateSchema = get_ajv_instance_1.getAjvInstance().compile({
		validateSchema = (0, get_ajv_instance_1.getAjvInstance)().compile({
		components,
		@@ -48,7 +47,10 @@ properties: {
		const openapi = [
		core_1.ApiParameter((c) => (Object.assign(Object.assign({}, param), { schema: helpers_1.isFunction(schema) ? schema(c) : schema }))),
		core_1.ApiResponse(400, { description: 'Bad request.' })
		(0, core_1.ApiParameter)((c) => ({
		...param,
		schema: (0, helpers_1.isFunction)(schema) ? schema(c) : schema
		})),
		(0, core_1.ApiResponse)(400, { description: 'Bad request.' })
		];
		return core_1.Hook(validate, openapi, options);
		return (0, core_1.Hook)(validate, openapi, options);
		}
		exports.ValidateCookie = ValidateCookie;

lib/common/validation/validate-header.hook.js

		@@ -20,5 +20,4 @@ "use strict";
		function ValidateHeader(name, schema = { type: 'string' }, options = {}) {
		var _a;
		// tslint:disable-next-line
		const required = (_a = options.required) !== null && _a !== void 0 ? _a : true;
		const required = options.required ?? true;
		name = name.toLowerCase();
		@@ -28,5 +27,5 @@ let validateSchema;
		if (!validateSchema) {
		const ajvSchema = helpers_1.isFunction(schema) ? schema(this) : schema;
		const ajvSchema = (0, helpers_1.isFunction)(schema) ? schema(this) : schema;
		const components = services.get(core_1.OpenApi).getComponents(this);
		validateSchema = get_ajv_instance_1.getAjvInstance().compile({
		validateSchema = (0, get_ajv_instance_1.getAjvInstance)().compile({
		components,
		@@ -49,7 +48,10 @@ properties: {
		const openapi = [
		core_1.ApiParameter((c) => (Object.assign(Object.assign({}, param), { schema: helpers_1.isFunction(schema) ? schema(c) : schema }))),
		core_1.ApiResponse(400, { description: 'Bad request.' })
		(0, core_1.ApiParameter)((c) => ({
		...param,
		schema: (0, helpers_1.isFunction)(schema) ? schema(c) : schema
		})),
		(0, core_1.ApiResponse)(400, { description: 'Bad request.' })
		];
		return core_1.Hook(validate, openapi, options);
		return (0, core_1.Hook)(validate, openapi, options);
		}
		exports.ValidateHeader = ValidateHeader;

lib/common/validation/validate-path-param.hook.js

		@@ -23,5 +23,5 @@ "use strict";
		if (!validateSchema) {
		const ajvSchema = helpers_1.isFunction(schema) ? schema(this) : schema;
		const ajvSchema = (0, helpers_1.isFunction)(schema) ? schema(this) : schema;
		const components = services.get(core_1.OpenApi).getComponents(this);
		validateSchema = get_ajv_instance_1.getAjvInstance().compile({
		validateSchema = (0, get_ajv_instance_1.getAjvInstance)().compile({
		components,
		@@ -40,12 +40,12 @@ properties: {
		const openapi = [
		core_1.ApiParameter((c) => ({
		(0, core_1.ApiParameter)((c) => ({
		in: 'path',
		name,
		required: true,
		schema: helpers_1.isFunction(schema) ? schema(c) : schema,
		schema: (0, helpers_1.isFunction)(schema) ? schema(c) : schema,
		})),
		core_1.ApiResponse(400, { description: 'Bad request.' })
		(0, core_1.ApiResponse)(400, { description: 'Bad request.' })
		];
		return core_1.Hook(validate, openapi, options);
		return (0, core_1.Hook)(validate, openapi, options);
		}
		exports.ValidatePathParam = ValidatePathParam;

lib/common/validation/validate-query-param.hook.js

		@@ -21,11 +21,10 @@ "use strict";
		function ValidateQueryParam(name, schema = { type: 'string' }, options = {}) {
		var _a;
		// tslint:disable-next-line
		const required = (_a = options.required) !== null && _a !== void 0 ? _a : true;
		const required = options.required ?? true;
		let validateSchema;
		function validate(ctx, services) {
		if (!validateSchema) {
		const ajvSchema = helpers_1.isFunction(schema) ? schema(this) : schema;
		const ajvSchema = (0, helpers_1.isFunction)(schema) ? schema(this) : schema;
		const components = services.get(core_1.OpenApi).getComponents(this);
		validateSchema = get_ajv_instance_1.getAjvInstance().compile({
		validateSchema = (0, get_ajv_instance_1.getAjvInstance)().compile({
		components,
		@@ -48,7 +47,10 @@ properties: {
		const openapi = [
		core_1.ApiParameter((c) => (Object.assign(Object.assign({}, param), { schema: helpers_1.isFunction(schema) ? schema(c) : schema }))),
		core_1.ApiResponse(400, { description: 'Bad request.' })
		(0, core_1.ApiParameter)((c) => ({
		...param,
		schema: (0, helpers_1.isFunction)(schema) ? schema(c) : schema
		})),
		(0, core_1.ApiResponse)(400, { description: 'Bad request.' })
		];
		return core_1.Hook(validate, openapi, options);
		return (0, core_1.Hook)(validate, openapi, options);
		}
		exports.ValidateQueryParam = ValidateQueryParam;

lib/core/config/config-not-found.error.js

		@@ -70,7 +70,7 @@ "use strict";
		this.message = '\n\n'
		+ utils_1.makeBox('JSON file (config/default.json, config/test.json, ...)', generateContent('JSON'))
		+ (0, utils_1.makeBox)('JSON file (config/default.json, config/test.json, ...)', generateContent('JSON'))
		+ '\n'
		+ utils_1.makeBox('YAML file (config/default.yml, config/test.yml, ...)', generateContent('YAML'))
		+ (0, utils_1.makeBox)('YAML file (config/default.yml, config/test.yml, ...)', generateContent('YAML'))
		+ '\n'
		+ utils_1.makeBox('JS file (config/default.js, config/test.js, ...)', generateContent('JS'))
		+ (0, utils_1.makeBox)('JS file (config/default.js, config/test.js, ...)', generateContent('JS'))
		+ '\n'
		@@ -77,0 +77,0 @@ + `No value found for the configuration key "${key}".\n`

lib/core/config/config-type.error.js

		@@ -33,3 +33,3 @@ "use strict";
		this.message = '\n\n'
		+ utils_1.makeBox('Configuration file', lines)
		+ (0, utils_1.makeBox)('Configuration file', lines)
		+ '\n'
		@@ -36,0 +36,0 @@ + `The value of the configuration key "${key}" has an invalid type.\n`

lib/core/config/config.js

		@@ -107,10 +107,10 @@ "use strict";
		static readJSON(path) {
		if (!fs_1.existsSync(path)) {
		if (!(0, fs_1.existsSync)(path)) {
		return {};
		}
		const fileContent = fs_1.readFileSync(path, 'utf8');
		const fileContent = (0, fs_1.readFileSync)(path, 'utf8');
		return JSON.parse(fileContent);
		}
		static readYAML(path) {
		if (!fs_1.existsSync(path)) {
		if (!(0, fs_1.existsSync)(path)) {
		return {};
		@@ -123,10 +123,10 @@ }
		}
		const fileContent = fs_1.readFileSync(path, 'utf8');
		const fileContent = (0, fs_1.readFileSync)(path, 'utf8');
		return yaml.parse(fileContent);
		}
		static readJS(path) {
		if (!fs_1.existsSync(path)) {
		if (!(0, fs_1.existsSync)(path)) {
		return {};
		}
		return require(path_1.join(process.cwd(), path));
		return require((0, path_1.join)(process.cwd(), path));
		}
		@@ -170,3 +170,3 @@ static readConfigValue(key) {
		}
		else {
		else if (source[key] !== undefined) {
		target[key] = source[key];
		@@ -173,0 +173,0 @@ }

lib/core/config/env.js

		@@ -19,2 +19,5 @@ "use strict";
		static get(key) {
		if (process.env[key] !== undefined) {
		return process.env[key];
		}
		if (this.dotEnv === null) {
		@@ -27,9 +30,6 @@ this.dotEnv = {};
		}
		if (this.dotEnv[key] !== undefined) {
		return this.dotEnv[key];
		}
		return process.env[key];
		return this.dotEnv[key];
		}
		static loadEnv(filename) {
		if (!fs_1.existsSync(filename)) {
		if (!(0, fs_1.existsSync)(filename)) {
		return;
		@@ -40,3 +40,3 @@ }
		}
		const envFileContent = fs_1.readFileSync(filename, 'utf8');
		const envFileContent = (0, fs_1.readFileSync)(filename, 'utf8');
		for (const line of envFileContent.split('\n')) {
		@@ -43,0 +43,0 @@ if (line.startsWith('#')) {

lib/core/controllers.js

		@@ -17,4 +17,4 @@ "use strict";
		function createController(controllerClass, dependencies) {
		return service_manager_1.createControllerOrService(controllerClass, dependencies);
		return (0, service_manager_1.createControllerOrService)(controllerClass, dependencies);
		}
		exports.createController = createController;

lib/core/hooks.d.ts

		@@ -17,3 +17,3 @@ import 'reflect-metadata';
		*/
		export declare type HookFunction = (ctx: Context, services: ServiceManager) => void \| HttpResponse \| HookPostFunction \| Promise<void \| HttpResponse \| HookPostFunction>;
		export declare type HookFunction<C = Context> = (ctx: C, services: ServiceManager) => void \| HttpResponse \| HookPostFunction \| Promise<void \| HttpResponse \| HookPostFunction>;
		/**
		@@ -32,3 +32,3 @@ * Interface of a hook. It is actually the interface of a decorator.
		*/
		export declare function Hook(hookFunction: HookFunction, openApiDecorators?: OpenApiDecorator[], options?: {
		export declare function Hook<C = Context>(hookFunction: HookFunction<C>, openApiDecorators?: OpenApiDecorator[], options?: {
		openapi?: boolean;
		@@ -35,0 +35,0 @@ }): HookDecorator;

lib/core/hooks.js

		@@ -23,3 +23,2 @@ "use strict";
		return (target, propertyKey) => {
		var _a;
		// Note that propertyKey can be undefined as it's an optional parameter in getMetadata.
		@@ -30,3 +29,3 @@ const hooks = Reflect.getOwnMetadata('hooks', target, propertyKey) \|\| [];
		// tslint:disable-next-line
		if (!((_a = options.openapi) !== null && _a !== void 0 ? _a : config_1.Config.get('settings.openapi.useHooks', 'boolean', true))) {
		if (!(options.openapi ?? config_1.Config.get('settings.openapi.useHooks', 'boolean', true))) {
		return;
		@@ -33,0 +32,0 @@ }

lib/core/http/context.d.ts

 @@ -0,1 +1,2 @@
 import { FileList } from '../../common/file';
 import { Session } from '../../sessions';
 @@ -78,2 +79,3 @@ interface Readable {
  * - the session object if available,
  * - a file list object,
  * - and a `state` object that can be used to pass data across several hooks.
 @@ -85,7 +87,12 @@ *
  */
 export declare class Context<User = any, ContextSession = Session | undefined, ContextState = any> {
     state: ContextState;
 export declare class Context<User = {
     [key: string]: any;
 } | null, ContextState = {
     [key: string]: any;
 }> {
     readonly request: Request;
     session: Session | null;
     user: User;
     session: ContextSession;
     request: Request;
     readonly state: ContextState;
     readonly files: FileList;
     /**
 @@ -92,0 +99,0 @@ * Creates an instance of Context.

lib/core/http/context.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Context = void 0;
 const file_1 = require("../../common/file");
 /**
 @@ -9,2 +10,3 @@ * Class instantiated on each request. It includes:
  * - the session object if available,
  * - a file list object,
  * - and a `state` object that can be used to pass data across several hooks.
 @@ -23,6 +25,9 @@ *
     constructor(request) {
         this.request = request;
         this.session = null;
         this.user = null;
         this.state = {};
         this.request = request;
         this.files = new file_1.FileList();
 exports.Context = Context;

lib/core/http/http-responses.d.ts

		@@ -43,3 +43,3 @@ import { Context } from './context';
		*/
		abstract statusCode: number;
		abstract readonly statusCode: number;
		/**
		@@ -53,3 +53,3 @@ * Status message of the response. It must follow the HTTP conventions
		*/
		abstract statusMessage: string;
		abstract readonly statusMessage: string;
		/**
		@@ -202,4 +202,4 @@ * Specify if the body property is a stream.
		readonly isHttpResponseOK = true;
		statusCode: number;
		statusMessage: string;
		readonly statusCode = 200;
		readonly statusMessage = "OK";
		/**
		@@ -242,4 +242,4 @@ * Create an instance of HttpResponseOK.
		readonly isHttpResponseCreated = true;
		statusCode: number;
		statusMessage: string;
		readonly statusCode = 201;
		readonly statusMessage = "CREATED";
		/**
		@@ -282,4 +282,4 @@ * Create an instance of HttpResponseCreated.
		readonly isHttpResponseNoContent = true;
		statusCode: number;
		statusMessage: string;
		readonly statusCode = 204;
		readonly statusMessage = "NO CONTENT";
		/**
		@@ -398,4 +398,4 @@ * Create an instance of HttpResponseNoContent.
		readonly isHttpResponseRedirect = true;
		statusCode: number;
		statusMessage: string;
		readonly statusCode = 302;
		readonly statusMessage = "FOUND";
		/**
		@@ -478,4 +478,4 @@ * Create an instance of HttpResponseRedirect.
		readonly isHttpResponseBadRequest = true;
		statusCode: number;
		statusMessage: string;
		readonly statusCode = 400;
		readonly statusMessage = "BAD REQUEST";
		/**
		@@ -519,4 +519,4 @@ * Create an instance of HttpResponseBadRequest.
		readonly isHttpResponseUnauthorized = true;
		statusCode: number;
		statusMessage: string;
		readonly statusCode = 401;
		readonly statusMessage = "UNAUTHORIZED";
		/**
		@@ -560,4 +560,4 @@ * Create an instance of HttpResponseUnauthorized.
		readonly isHttpResponseForbidden = true;
		statusCode: number;
		statusMessage: string;
		readonly statusCode = 403;
		readonly statusMessage = "FORBIDDEN";
		/**
		@@ -600,4 +600,4 @@ * Create an instance of HttpResponseForbidden.
		readonly isHttpResponseNotFound = true;
		statusCode: number;
		statusMessage: string;
		readonly statusCode = 404;
		readonly statusMessage = "NOT FOUND";
		/**
		@@ -640,4 +640,4 @@ * Create an instance of HttpResponseNotFound.
		readonly isHttpResponseMethodNotAllowed = true;
		statusCode: number;
		statusMessage: string;
		readonly statusCode = 405;
		readonly statusMessage = "METHOD NOT ALLOWED";
		/**
		@@ -681,4 +681,4 @@ * Create an instance of HttpResponseMethodNotAllowed.
		readonly isHttpResponseConflict = true;
		statusCode: number;
		statusMessage: string;
		readonly statusCode = 409;
		readonly statusMessage = "CONFLICT";
		/**
		@@ -721,4 +721,4 @@ * Create an instance of HttpResponseConflict.
		readonly isHttpResponseTooManyRequests = true;
		statusCode: number;
		statusMessage: string;
		readonly statusCode = 429;
		readonly statusMessage = "TOO MANY REQUESTS";
		/**
		@@ -798,4 +798,4 @@ * Create an instance of HttpResponseTooManyRequests.
		readonly ctx?: Context;
		statusCode: number;
		statusMessage: string;
		readonly statusCode = 500;
		readonly statusMessage = "INTERNAL SERVER ERROR";
		/**
		@@ -841,4 +841,4 @@ * Create an instance of HttpResponseInternalServerError.
		readonly isHttpResponseNotImplemented = true;
		statusCode: number;
		statusMessage: string;
		readonly statusCode = 501;
		readonly statusMessage = "NOT IMPLEMENTED";
		/**
		@@ -845,0 +845,0 @@ * Create an instance of HttpResponseNotImplemented.

lib/core/http/http-responses.js

		@@ -70,3 +70,3 @@ "use strict";
		getHeaders() {
		return Object.assign({}, this.headers);
		return { ...this.headers };
		}
		@@ -99,3 +99,3 @@ /**
		const { value, options } = this.cookies[name];
		return { value, options: Object.assign({}, options) };
		return { value, options: { ...options } };
		}
		@@ -113,3 +113,3 @@ /**
		const { value, options } = this.cookies[cookieName];
		cookies[cookieName] = { value, options: Object.assign({}, options) };
		cookies[cookieName] = { value, options: { ...options } };
		}
		@@ -116,0 +116,0 @@ return cookies;

lib/core/http/index.js

		"use strict";
		var __createBinding = (this && this.__createBinding) \|\| (Object.create ? (function(o, m, k, k2) {
		if (k2 === undefined) k2 = k;
		Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
		var desc = Object.getOwnPropertyDescriptor(m, k);
		if (!desc \|\| ("get" in desc ? !m.__esModule : desc.writable \|\| desc.configurable)) {
		desc = { enumerable: true, get: function() { return m[k]; } };
		}
		Object.defineProperty(o, k2, desc);
		}) : (function(o, m, k, k2) {
		@@ -6,0 +10,0 @@ if (k2 === undefined) k2 = k;

lib/core/index.js

		"use strict";
		var __createBinding = (this && this.__createBinding) \|\| (Object.create ? (function(o, m, k, k2) {
		if (k2 === undefined) k2 = k;
		Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
		var desc = Object.getOwnPropertyDescriptor(m, k);
		if (!desc \|\| ("get" in desc ? !m.__esModule : desc.writable \|\| desc.configurable)) {
		desc = { enumerable: true, get: function() { return m[k]; } };
		}
		Object.defineProperty(o, k2, desc);
		}) : (function(o, m, k, k2) {
		@@ -6,0 +10,0 @@ if (k2 === undefined) k2 = k;

lib/core/openapi/create-open-api-document.js

		@@ -8,6 +8,6 @@ "use strict";
		function createOpenApiDocument(controllerClass, serviceManager) {
		const services = serviceManager !== null && serviceManager !== void 0 ? serviceManager : new service_manager_1.ServiceManager();
		Array.from(routes_1.makeControllerRoutes(controllerClass, services));
		const services = serviceManager ?? new service_manager_1.ServiceManager();
		Array.from((0, routes_1.makeControllerRoutes)(controllerClass, services));
		return services.get(openapi_service_1.OpenApi).getDocument(controllerClass);
		}
		exports.createOpenApiDocument = createOpenApiDocument;

lib/core/openapi/index.js

		"use strict";
		var __createBinding = (this && this.__createBinding) \|\| (Object.create ? (function(o, m, k, k2) {
		if (k2 === undefined) k2 = k;
		Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
		var desc = Object.getOwnPropertyDescriptor(m, k);
		if (!desc \|\| ("get" in desc ? !m.__esModule : desc.writable \|\| desc.configurable)) {
		desc = { enumerable: true, get: function() { return m[k]; } };
		}
		Object.defineProperty(o, k2, desc);
		}) : (function(o, m, k, k2) {
		@@ -6,0 +10,0 @@ if (k2 === undefined) k2 = k;

lib/core/openapi/metadata-getters/get-api-callbacks.js

		@@ -6,4 +6,4 @@ "use strict";
		function getApiCallbacks(controllerClass, propertyKey) {
		return utils_1.getMetadata('api:operation:callbacks', controllerClass, propertyKey);
		return (0, utils_1.getMetadata)('api:operation:callbacks', controllerClass, propertyKey);
		}
		exports.getApiCallbacks = getApiCallbacks;

lib/core/openapi/metadata-getters/get-api-complete-operation.js

		@@ -18,35 +18,35 @@ "use strict";
		function getApiCompleteOperation(controllerClass, controller, propertyKey) {
		const operation = get_api_operation_1.getApiOperation(controllerClass, propertyKey);
		const operation = (0, get_api_operation_1.getApiOperation)(controllerClass, propertyKey);
		const completeOperation = (typeof operation === 'function' ? operation(controller) : operation) \|\| {
		responses: {},
		};
		const description = get_api_operation_description_1.getApiOperationDescription(controllerClass, propertyKey);
		const description = (0, get_api_operation_description_1.getApiOperationDescription)(controllerClass, propertyKey);
		if (description !== undefined) {
		completeOperation.description = typeof description === 'function' ? description(controller) : description;
		}
		const operationId = get_api_operation_id_1.getApiOperationId(controllerClass, propertyKey);
		const operationId = (0, get_api_operation_id_1.getApiOperationId)(controllerClass, propertyKey);
		if (operationId !== undefined) {
		completeOperation.operationId = typeof operationId === 'function' ? operationId(controller) : operationId;
		}
		const summary = get_api_operation_summary_1.getApiOperationSummary(controllerClass, propertyKey);
		const summary = (0, get_api_operation_summary_1.getApiOperationSummary)(controllerClass, propertyKey);
		if (summary !== undefined) {
		completeOperation.summary = typeof summary === 'function' ? summary(controller) : summary;
		}
		const tags = get_api_used_tags_1.getApiUsedTags(controllerClass, propertyKey);
		const tags = (0, get_api_used_tags_1.getApiUsedTags)(controllerClass, propertyKey);
		if (tags) {
		completeOperation.tags = tags.map(tag => typeof tag === 'function' ? tag(controller) : tag);
		}
		const externalDocs = get_api_external_docs_1.getApiExternalDocs(controllerClass, propertyKey);
		const externalDocs = (0, get_api_external_docs_1.getApiExternalDocs)(controllerClass, propertyKey);
		if (externalDocs) {
		completeOperation.externalDocs = typeof externalDocs === 'function' ? externalDocs(controller) : externalDocs;
		}
		const parameters = get_api_parameters_1.getApiParameters(controllerClass, propertyKey);
		const parameters = (0, get_api_parameters_1.getApiParameters)(controllerClass, propertyKey);
		if (parameters) {
		completeOperation.parameters = parameters.map(param => typeof param === 'function' ? param(controller) : param);
		}
		const requestBody = get_api_request_body_1.getApiRequestBody(controllerClass, propertyKey);
		const requestBody = (0, get_api_request_body_1.getApiRequestBody)(controllerClass, propertyKey);
		if (requestBody) {
		completeOperation.requestBody = typeof requestBody === 'function' ? requestBody(controller) : requestBody;
		}
		const responses = get_api_responses_1.getApiResponses(controllerClass, propertyKey);
		const responses = (0, get_api_responses_1.getApiResponses)(controllerClass, propertyKey);
		if (responses) {
		@@ -59,3 +59,3 @@ completeOperation.responses = {};
		}
		const callbacks = get_api_callbacks_1.getApiCallbacks(controllerClass, propertyKey);
		const callbacks = (0, get_api_callbacks_1.getApiCallbacks)(controllerClass, propertyKey);
		if (callbacks) {
		@@ -68,7 +68,7 @@ completeOperation.callbacks = {};
		}
		const deprecated = get_api_deprecated_1.getApiDeprecated(controllerClass, propertyKey);
		const deprecated = (0, get_api_deprecated_1.getApiDeprecated)(controllerClass, propertyKey);
		if (deprecated !== undefined) {
		completeOperation.deprecated = typeof deprecated === 'function' ? deprecated(controller) : deprecated;
		}
		const security = get_api_security_1.getApiSecurity(controllerClass, propertyKey);
		const security = (0, get_api_security_1.getApiSecurity)(controllerClass, propertyKey);
		if (security) {
		@@ -79,3 +79,3 @@ completeOperation.security = security.map(requirement => {
		}
		const servers = get_api_servers_1.getApiServers(controllerClass, propertyKey);
		const servers = (0, get_api_servers_1.getApiServers)(controllerClass, propertyKey);
		if (servers) {
		@@ -82,0 +82,0 @@ completeOperation.servers = servers.map(server => typeof server === 'function' ? server(controller) : server);

lib/core/openapi/metadata-getters/get-api-components.js

		@@ -7,3 +7,3 @@ "use strict";
		const components = {};
		const callbacks = utils_1.getMetadata('api:components:callbacks', controllerClass, propertyKey);
		const callbacks = (0, utils_1.getMetadata)('api:components:callbacks', controllerClass, propertyKey);
		if (callbacks) {
		@@ -16,3 +16,3 @@ components.callbacks = {};
		}
		const examples = utils_1.getMetadata('api:components:examples', controllerClass, propertyKey);
		const examples = (0, utils_1.getMetadata)('api:components:examples', controllerClass, propertyKey);
		if (examples) {
		@@ -25,3 +25,3 @@ components.examples = {};
		}
		const headers = utils_1.getMetadata('api:components:headers', controllerClass, propertyKey);
		const headers = (0, utils_1.getMetadata)('api:components:headers', controllerClass, propertyKey);
		if (headers) {
		@@ -34,3 +34,3 @@ components.headers = {};
		}
		const links = utils_1.getMetadata('api:components:links', controllerClass, propertyKey);
		const links = (0, utils_1.getMetadata)('api:components:links', controllerClass, propertyKey);
		if (links) {
		@@ -43,3 +43,3 @@ components.links = {};
		}
		const parameters = utils_1.getMetadata('api:components:parameters', controllerClass, propertyKey);
		const parameters = (0, utils_1.getMetadata)('api:components:parameters', controllerClass, propertyKey);
		if (parameters) {
		@@ -52,3 +52,3 @@ components.parameters = {};
		}
		const requestBodies = utils_1.getMetadata('api:components:requestBodies', controllerClass, propertyKey);
		const requestBodies = (0, utils_1.getMetadata)('api:components:requestBodies', controllerClass, propertyKey);
		if (requestBodies) {
		@@ -61,3 +61,3 @@ components.requestBodies = {};
		}
		const responses = utils_1.getMetadata('api:components:responses', controllerClass, propertyKey);
		const responses = (0, utils_1.getMetadata)('api:components:responses', controllerClass, propertyKey);
		if (responses) {
		@@ -70,3 +70,3 @@ components.responses = {};
		}
		const schemas = utils_1.getMetadata('api:components:schemas', controllerClass, propertyKey);
		const schemas = (0, utils_1.getMetadata)('api:components:schemas', controllerClass, propertyKey);
		if (schemas) {
		@@ -79,3 +79,3 @@ components.schemas = {};
		}
		const securitySchemes = utils_1.getMetadata('api:components:securitySchemes', controllerClass, propertyKey);
		const securitySchemes = (0, utils_1.getMetadata)('api:components:securitySchemes', controllerClass, propertyKey);
		if (securitySchemes) {
		@@ -82,0 +82,0 @@ components.securitySchemes = {};

lib/core/openapi/metadata-getters/get-api-deprecated.js

		@@ -6,4 +6,4 @@ "use strict";
		function getApiDeprecated(controllerClass, propertyKey) {
		return utils_1.getMetadata('api:operation:deprecated', controllerClass, propertyKey);
		return (0, utils_1.getMetadata)('api:operation:deprecated', controllerClass, propertyKey);
		}
		exports.getApiDeprecated = getApiDeprecated;

lib/core/openapi/metadata-getters/get-api-external-docs.js

		@@ -6,4 +6,4 @@ "use strict";
		function getApiExternalDocs(controllerClass, propertyKey) {
		return utils_1.getMetadata('api:documentOrOperation:externalDocs', controllerClass, propertyKey);
		return (0, utils_1.getMetadata)('api:documentOrOperation:externalDocs', controllerClass, propertyKey);
		}
		exports.getApiExternalDocs = getApiExternalDocs;

lib/core/openapi/metadata-getters/get-api-info.js

		@@ -6,4 +6,4 @@ "use strict";
		function getApiInfo(controllerClass) {
		return utils_1.getMetadata('api:document:info', controllerClass);
		return (0, utils_1.getMetadata)('api:document:info', controllerClass);
		}
		exports.getApiInfo = getApiInfo;

lib/core/openapi/metadata-getters/get-api-operation-description.js

		@@ -6,4 +6,4 @@ "use strict";
		function getApiOperationDescription(controllerClass, propertyKey) {
		return utils_1.getMetadata('api:operation:description', controllerClass, propertyKey);
		return (0, utils_1.getMetadata)('api:operation:description', controllerClass, propertyKey);
		}
		exports.getApiOperationDescription = getApiOperationDescription;

lib/core/openapi/metadata-getters/get-api-operation-id.js

		@@ -6,4 +6,4 @@ "use strict";
		function getApiOperationId(controllerClass, propertyKey) {
		return utils_1.getMetadata('api:operation:operationId', controllerClass, propertyKey);
		return (0, utils_1.getMetadata)('api:operation:operationId', controllerClass, propertyKey);
		}
		exports.getApiOperationId = getApiOperationId;

lib/core/openapi/metadata-getters/get-api-operation-summary.js

		@@ -6,4 +6,4 @@ "use strict";
		function getApiOperationSummary(controllerClass, propertyKey) {
		return utils_1.getMetadata('api:operation:summary', controllerClass, propertyKey);
		return (0, utils_1.getMetadata)('api:operation:summary', controllerClass, propertyKey);
		}
		exports.getApiOperationSummary = getApiOperationSummary;

lib/core/openapi/metadata-getters/get-api-operation.js

		@@ -6,4 +6,4 @@ "use strict";
		function getApiOperation(controllerClass, propertyKey) {
		return utils_1.getMetadata('api:operation', controllerClass, propertyKey);
		return (0, utils_1.getMetadata)('api:operation', controllerClass, propertyKey);
		}
		exports.getApiOperation = getApiOperation;

lib/core/openapi/metadata-getters/get-api-parameters.js

		@@ -6,4 +6,4 @@ "use strict";
		function getApiParameters(controllerClass, propertyKey) {
		return utils_1.getMetadata('api:operation:parameters', controllerClass, propertyKey);
		return (0, utils_1.getMetadata)('api:operation:parameters', controllerClass, propertyKey);
		}
		exports.getApiParameters = getApiParameters;

lib/core/openapi/metadata-getters/get-api-request-body.js

		@@ -6,4 +6,4 @@ "use strict";
		function getApiRequestBody(controllerClass, propertyKey) {
		return utils_1.getMetadata('api:operation:requestBody', controllerClass, propertyKey);
		return (0, utils_1.getMetadata)('api:operation:requestBody', controllerClass, propertyKey);
		}
		exports.getApiRequestBody = getApiRequestBody;

lib/core/openapi/metadata-getters/get-api-responses.js

		@@ -6,4 +6,4 @@ "use strict";
		function getApiResponses(controllerClass, propertyKey) {
		return utils_1.getMetadata('api:operation:responses', controllerClass, propertyKey);
		return (0, utils_1.getMetadata)('api:operation:responses', controllerClass, propertyKey);
		}
		exports.getApiResponses = getApiResponses;

lib/core/openapi/metadata-getters/get-api-security.js

		@@ -6,4 +6,4 @@ "use strict";
		function getApiSecurity(controllerClass, propertyKey) {
		return utils_1.getMetadata('api:documentOrOperation:security', controllerClass, propertyKey);
		return (0, utils_1.getMetadata)('api:documentOrOperation:security', controllerClass, propertyKey);
		}
		exports.getApiSecurity = getApiSecurity;

lib/core/openapi/metadata-getters/get-api-servers.js

		@@ -6,4 +6,4 @@ "use strict";
		function getApiServers(controllerClass, propertyKey) {
		return utils_1.getMetadata('api:documentOrOperation:servers', controllerClass, propertyKey);
		return (0, utils_1.getMetadata)('api:documentOrOperation:servers', controllerClass, propertyKey);
		}
		exports.getApiServers = getApiServers;

lib/core/openapi/metadata-getters/get-api-tags.js

		@@ -6,4 +6,4 @@ "use strict";
		function getApiTags(controllerClass, propertyKey) {
		return utils_1.getMetadata('api:document:tags', controllerClass, propertyKey);
		return (0, utils_1.getMetadata)('api:document:tags', controllerClass, propertyKey);
		}
		exports.getApiTags = getApiTags;

lib/core/openapi/metadata-getters/get-api-used-tags.js

		@@ -6,4 +6,4 @@ "use strict";
		function getApiUsedTags(controllerClass, propertyKey) {
		return utils_1.getMetadata('api:operation:tags', controllerClass, propertyKey);
		return (0, utils_1.getMetadata)('api:operation:tags', controllerClass, propertyKey);
		}
		exports.getApiUsedTags = getApiUsedTags;

lib/core/routes/convert-error-to-response.js

		@@ -15,7 +15,7 @@ "use strict";
		catch (error2) {
		return common_1.renderError(error2, ctx);
		return (0, common_1.renderError)(error2, ctx);
		}
		}
		return common_1.renderError(error, ctx);
		return (0, common_1.renderError)(error, ctx);
		}
		exports.convertErrorToResponse = convertErrorToResponse;

lib/core/routes/get-response.js

		@@ -15,5 +15,5 @@ "use strict";
		catch (error) {
		result = await convert_error_to_response_1.convertErrorToResponse(error, ctx, appController);
		result = await (0, convert_error_to_response_1.convertErrorToResponse)(error, ctx, appController);
		}
		if (http_1.isHttpResponse(result)) {
		if ((0, http_1.isHttpResponse)(result)) {
		response = result;
		@@ -26,3 +26,3 @@ break;
		}
		if (!http_1.isHttpResponse(response)) {
		if (!(0, http_1.isHttpResponse)(response)) {
		try {
		@@ -32,8 +32,8 @@ response = await route.controller[route.propertyKey](ctx, ctx.request.params, ctx.request.body);
		catch (error) {
		response = await convert_error_to_response_1.convertErrorToResponse(error, ctx, appController);
		response = await (0, convert_error_to_response_1.convertErrorToResponse)(error, ctx, appController);
		}
		}
		if (!http_1.isHttpResponse(response)) {
		if (!(0, http_1.isHttpResponse)(response)) {
		const error = new Error(`The controller method "${route.propertyKey}" should return an HttpResponse.`);
		response = await convert_error_to_response_1.convertErrorToResponse(error, ctx, appController);
		response = await (0, convert_error_to_response_1.convertErrorToResponse)(error, ctx, appController);
		}
		@@ -45,3 +45,3 @@ for (const postFn of hookPostFunctions) {
		catch (error) {
		response = await convert_error_to_response_1.convertErrorToResponse(error, ctx, appController);
		response = await (0, convert_error_to_response_1.convertErrorToResponse)(error, ctx, appController);
		}
		@@ -48,0 +48,0 @@ }

lib/core/routes/index.js

		"use strict";
		var __createBinding = (this && this.__createBinding) \|\| (Object.create ? (function(o, m, k, k2) {
		if (k2 === undefined) k2 = k;
		Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
		var desc = Object.getOwnPropertyDescriptor(m, k);
		if (!desc \|\| ("get" in desc ? !m.__esModule : desc.writable \|\| desc.configurable)) {
		desc = { enumerable: true, get: function() { return m[k]; } };
		}
		Object.defineProperty(o, k2, desc);
		}) : (function(o, m, k, k2) {
		@@ -6,0 +10,0 @@ if (k2 === undefined) k2 = k;

lib/core/routes/make-controller-routes.js

		@@ -40,6 +40,6 @@ "use strict";
		function getPath(controllerClass, propertyKey) {
		return utils_1.getMetadata('path', controllerClass, propertyKey) \|\| '';
		return (0, utils_1.getMetadata)('path', controllerClass, propertyKey) \|\| '';
		}
		function getHooks(controllerClass, controller, propertyKey) {
		return (utils_1.getMetadata('hooks', controllerClass, propertyKey) \|\| [])
		return ((0, utils_1.getMetadata)('hooks', controllerClass, propertyKey) \|\| [])
		.map(hook => hook.bind(controller));
		@@ -64,9 +64,9 @@ }
		/* OpenAPI */
		const info = openapi_1.getApiInfo(controllerClass);
		const info = (0, openapi_1.getApiInfo)(controllerClass);
		// Check if the controller is inside an OpenAPI api. If not, components, operations and tags are discarded.
		openapi = !!info \|\| openapi;
		/* OpenAPI */
		const controllerComponents = openapi ? openapi_1.getApiComponents(controllerClass, controller) : {};
		const controllerOperation = openapi ? openapi_1.getApiCompleteOperation(controllerClass, controller) : { responses: {} };
		const controllerTags = openapi ? openapi_1.getApiTags(controllerClass) : undefined;
		const controllerComponents = openapi ? (0, openapi_1.getApiComponents)(controllerClass, controller) : {};
		const controllerOperation = openapi ? (0, openapi_1.getApiCompleteOperation)(controllerClass, controller) : { responses: {} };
		const controllerTags = openapi ? (0, openapi_1.getApiTags)(controllerClass) : undefined;
		if (openapi && info) {
		@@ -87,3 +87,3 @@ delete controllerOperation.servers;
		};
		const operation = openapi_1.getApiCompleteOperation(controllerClass, controller);
		const operation = (0, openapi_1.getApiCompleteOperation)(controllerClass, controller);
		if (operation.servers) {
		@@ -109,11 +109,14 @@ document.servers = operation.servers;
		const normalizedPath = normalizePath(route.path);
		document.paths[normalizedPath] = Object.assign(Object.assign({}, document.paths[normalizedPath]), { [route.httpMethod.toLowerCase()]: openapi_1.mergeOperations(controllerOperation, operation) });
		document.tags = Array.from(new Set(openapi_1.mergeTags(document.tags, tags)));
		document.components = openapi_1.mergeComponents(document.components \|\| {}, components);
		document.paths[normalizedPath] = {
		...document.paths[normalizedPath],
		[route.httpMethod.toLowerCase()]: (0, openapi_1.mergeOperations)(controllerOperation, operation)
		};
		document.tags = Array.from(new Set((0, openapi_1.mergeTags)(document.tags, tags)));
		document.components = (0, openapi_1.mergeComponents)(document.components \|\| {}, components);
		}
		return {
		// OpenAPI
		components: openapi ? openapi_1.mergeComponents(controllerComponents, components) : {},
		components: openapi ? (0, openapi_1.mergeComponents)(controllerComponents, components) : {},
		// OpenAPI
		operation: openapi ? openapi_1.mergeOperations(controllerOperation, operation) : { responses: {} },
		operation: openapi ? (0, openapi_1.mergeOperations)(controllerOperation, operation) : { responses: {} },
		route: {
		@@ -123,7 +126,7 @@ controller: route.controller,
		httpMethod: route.httpMethod,
		path: utils_1.join(controllerPath, route.path),
		path: (0, utils_1.join)(controllerPath, route.path),
		propertyKey: route.propertyKey,
		},
		// OpenAPI
		tags: openapi ? openapi_1.mergeTags(controllerTags, tags) : undefined
		tags: openapi ? (0, openapi_1.mergeTags)(controllerTags, tags) : undefined
		};
		@@ -137,3 +140,3 @@ }
		for (const propertyKey of getMethods(controllerClass.prototype)) {
		const httpMethod = utils_1.getMetadata('httpMethod', controllerClass, propertyKey);
		const httpMethod = (0, utils_1.getMetadata)('httpMethod', controllerClass, propertyKey);
		if (!httpMethod) {
		@@ -146,5 +149,5 @@ continue;
		/* OpenAPI */
		const components = openapi ? openapi_1.getApiComponents(controllerClass, controller, propertyKey) : {};
		const operation = openapi ? openapi_1.getApiCompleteOperation(controllerClass, controller, propertyKey) : { responses: {} };
		const tags = openapi ? openapi_1.getApiTags(controllerClass, propertyKey) : undefined;
		const components = openapi ? (0, openapi_1.getApiComponents)(controllerClass, controller, propertyKey) : {};
		const operation = openapi ? (0, openapi_1.getApiCompleteOperation)(controllerClass, controller, propertyKey) : { responses: {} };
		const tags = openapi ? (0, openapi_1.getApiTags)(controllerClass, propertyKey) : undefined;
		yield processRoute(route, components, operation, tags);
		@@ -151,0 +154,0 @@ }

lib/core/service-manager.js

		@@ -168,3 +168,3 @@ "use strict";
		prettyConcreteClassPath = concreteClassPath;
		concreteClassPath = path_1.join(process.cwd(), 'build', concreteClassPath);
		concreteClassPath = (0, path_1.join)(process.cwd(), 'build', concreteClassPath);
		}
		@@ -171,0 +171,0 @@ prettyConcreteClassPath = prettyConcreteClassPath \|\| concreteClassPath;

lib/express/create-app.js

		@@ -84,3 +84,3 @@ "use strict";
		// Resolve the controllers and hooks and add them to the express instance.
		const routes = core_1.makeControllerRoutes(AppController, services);
		const routes = (0, core_1.makeControllerRoutes)(AppController, services);
		for (const { route } of routes) {
		@@ -91,4 +91,4 @@ app[route.httpMethod.toLowerCase()](route.path, async (req, res, next) => {
		// TODO: better test this line.
		const response = await core_1.getResponse(route, ctx, services, appController);
		send_response_1.sendResponse(response, res);
		const response = await (0, core_1.getResponse)(route, ctx, services, appController);
		(0, send_response_1.sendResponse)(response, res);
		}
		@@ -95,0 +95,0 @@ catch (error) {

lib/express/send-response.js

		@@ -28,3 +28,3 @@ "use strict";
		}
		if (core_1.isHttpResponseRedirect(response) \|\| core_1.isHttpResponseMovedPermanently(response)) {
		if ((0, core_1.isHttpResponseRedirect)(response) \|\| (0, core_1.isHttpResponseMovedPermanently)(response)) {
		res.redirect(response.statusCode, response.path);
		@@ -37,3 +37,3 @@ return;
		if (response.stream === true) {
		stream_1.pipeline(response.body, res, err => {
		(0, stream_1.pipeline)(response.body, res, (err) => {
		if (err) {
		@@ -40,0 +40,0 @@ console.log(err);

lib/index.d.ts

		@@ -6,5 +6,5 @@ /**
		*/
		export { Log, LogOptions, UserRequired, ValidateBody, ValidateCookie, ValidateHeader, ValidatePathParam, ValidateQueryParam, controller, displayServerURL, convertBase64ToBase64url, convertBase64urlToBase64, escape, escapeProp, generateSignedToken, generateToken, getAjvInstance, hashPassword, passwordHashNeedsToBeRefreshed, isInFile, render, renderToString, renderError, signToken, streamToBuffer, verifyPassword, verifySignedToken, } from './common';
		export { File, FileList, Log, LogOptions, UserRequired, ValidateBody, ValidateCookie, ValidateHeader, ValidatePathParam, ValidateQueryParam, PermissionRequired, IUserWithPermissions, controller, displayServerURL, convertBase64ToBase64url, convertBase64urlToBase64, generateSignedToken, generateToken, getAjvInstance, hashPassword, passwordHashNeedsToBeRefreshed, isInFile, render, renderToString, renderError, signToken, streamToBuffer, verifyPassword, verifySignedToken, } from './common';
		export { ApiCallback, ApiDefineCallback, ApiDefineExample, ApiDefineHeader, ApiDefineLink, ApiDefineParameter, ApiDefineRequestBody, ApiDefineResponse, ApiDefineSchema, ApiDefineSecurityScheme, ApiDefineTag, ApiDeprecated, ApiExternalDoc, ApiInfo, ApiOperation, ApiOperationDescription, ApiOperationId, ApiOperationSummary, ApiParameter, ApiRequestBody, ApiResponse, ApiSecurityRequirement, ApiServer, ApiUseTag, All, Class, ClassOrAbstractClass, Config, ConfigNotFoundError, ConfigTypeError, Context, CookieOptions, Delete, Dependency, Env, Get, Head, Hook, HookDecorator, HookFunction, HookPostFunction, HttpMethod, HttpResponse, HttpResponseBadRequest, HttpResponseClientError, HttpResponseConflict, HttpResponseCreated, HttpResponseForbidden, HttpResponseInternalServerError, HttpResponseMethodNotAllowed, HttpResponseMovedPermanently, HttpResponseNoContent, HttpResponseNotFound, HttpResponseNotImplemented, HttpResponseOK, HttpResponseRedirect, HttpResponseRedirection, HttpResponseServerError, HttpResponseSuccess, HttpResponseTooManyRequests, HttpResponseUnauthorized, IApiAbstractParameter, IApiAbstractSecurityScheme, IApiApiKeySecurityScheme, IApiAuthorizationCodeOAuthFlow, IApiCallback, IApiClientCredentialsOAuthFlow, IApiComponents, IApiContact, IApiCookieParameter, IApiDiscriminator, IApiEncoding, IApiExample, IApiExternalDocumentation, IApiHeader, IApiHeaderParameter, IApiHttpSecurityScheme, IApiImplicitOAuthFlow, IApiInfo, IApiLicense, IApiLink, IApiMediaType, IApiOAuth2SecurityScheme, IApiOAuthFlow, IApiOAuthFlows, IApiOpenIdConnectSecurityScheme, IApiOperation, IApiParameter, IApiPasswordOAuthFlow, IApiPathItem, IApiPathParameter, IApiPaths, IApiQueryParameter, IApiReference, IApiRequestBody, IApiResponse, IApiResponses, IApiSchema, IApiSecurityRequirement, IApiSecurityScheme, IApiServer, IApiServerVariable, IApiTag, IApiXML, IAppController, IController, IOpenAPI, MergeHooks, OpenApi, OpenApiDecorator, Options, Patch, Post, Put, ServiceManager, createController, createOpenApiDocument, createService, dependency, getApiCallbacks, getApiCompleteOperation, getApiComponents, getApiDeprecated, getApiExternalDocs, getApiInfo, getApiOperation, getApiOperationDescription, getApiOperationId, getApiOperationSummary, getApiParameters, getApiRequestBody, getApiResponses, getApiSecurity, getApiServers, getApiTags, getApiUsedTags, getHookFunction, getHookFunctions, getHttpMethod, getMetadata, getPath, isHttpResponse, isHttpResponseBadRequest, isHttpResponseClientError, isHttpResponseConflict, isHttpResponseCreated, isHttpResponseForbidden, isHttpResponseInternalServerError, isHttpResponseMethodNotAllowed, isHttpResponseMovedPermanently, isHttpResponseNoContent, isHttpResponseNotFound, isHttpResponseNotImplemented, isHttpResponseOK, isHttpResponseRedirect, isHttpResponseRedirection, isHttpResponseServerError, isHttpResponseSuccess, isHttpResponseTooManyRequests, isHttpResponseUnauthorized, } from './core';
		export { OPENAPI_SERVICE_ID, createApp, } from './express';
		export { Session, SessionAlreadyExists, SessionState, SessionStore, Store, UseSessions, createSession, readSession, FetchUser, } from './sessions';
		export { Session, SessionAlreadyExists, SessionState, SessionStore, Store, UseSessions, createSession, readSession, } from './sessions';

lib/index.js

		@@ -8,8 +8,11 @@ "use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.readSession = exports.createSession = exports.UseSessions = exports.Store = exports.SessionStore = exports.SessionAlreadyExists = exports.Session = exports.createApp = exports.OPENAPI_SERVICE_ID = exports.isHttpResponseUnauthorized = exports.isHttpResponseTooManyRequests = exports.isHttpResponseSuccess = exports.isHttpResponseServerError = exports.isHttpResponseRedirection = exports.isHttpResponseRedirect = exports.isHttpResponseOK = exports.isHttpResponseNotImplemented = exports.isHttpResponseNotFound = exports.isHttpResponseNoContent = exports.isHttpResponseMovedPermanently = exports.isHttpResponseMethodNotAllowed = exports.isHttpResponseInternalServerError = exports.isHttpResponseForbidden = exports.isHttpResponseCreated = exports.isHttpResponseConflict = exports.isHttpResponseClientError = exports.isHttpResponseBadRequest = exports.isHttpResponse = exports.getPath = exports.getMetadata = exports.getHttpMethod = exports.getHookFunctions = exports.getHookFunction = exports.getApiUsedTags = exports.getApiTags = exports.getApiServers = exports.getApiSecurity = exports.getApiResponses = exports.getApiRequestBody = exports.getApiParameters = exports.getApiOperationSummary = exports.getApiOperationId = exports.getApiOperationDescription = exports.getApiOperation = exports.getApiInfo = exports.getApiExternalDocs = exports.getApiDeprecated = exports.getApiComponents = exports.getApiCompleteOperation = exports.getApiCallbacks = exports.dependency = exports.createService = exports.createOpenApiDocument = exports.createController = exports.ServiceManager = exports.Put = exports.Post = exports.Patch = exports.Options = exports.OpenApi = exports.MergeHooks = exports.HttpResponseUnauthorized = exports.HttpResponseTooManyRequests = exports.HttpResponseSuccess = exports.HttpResponseServerError = exports.HttpResponseRedirection = exports.HttpResponseRedirect = exports.HttpResponseOK = exports.HttpResponseNotImplemented = exports.HttpResponseNotFound = exports.HttpResponseNoContent = exports.HttpResponseMovedPermanently = exports.HttpResponseMethodNotAllowed = exports.HttpResponseInternalServerError = exports.HttpResponseForbidden = exports.HttpResponseCreated = exports.HttpResponseConflict = exports.HttpResponseClientError = exports.HttpResponseBadRequest = exports.HttpResponse = exports.Hook = exports.Head = exports.Get = exports.Env = exports.Dependency = exports.Delete = exports.Context = exports.ConfigTypeError = exports.ConfigNotFoundError = exports.Config = exports.All = exports.ApiUseTag = exports.ApiServer = exports.ApiSecurityRequirement = exports.ApiResponse = exports.ApiRequestBody = exports.ApiParameter = exports.ApiOperationSummary = exports.ApiOperationId = exports.ApiOperationDescription = exports.ApiOperation = exports.ApiInfo = exports.ApiExternalDoc = exports.ApiDeprecated = exports.ApiDefineTag = exports.ApiDefineSecurityScheme = exports.ApiDefineSchema = exports.ApiDefineResponse = exports.ApiDefineRequestBody = exports.ApiDefineParameter = exports.ApiDefineLink = exports.ApiDefineHeader = exports.ApiDefineExample = exports.ApiDefineCallback = exports.ApiCallback = exports.verifySignedToken = exports.verifyPassword = exports.streamToBuffer = exports.signToken = exports.renderError = exports.renderToString = exports.render = exports.isInFile = exports.passwordHashNeedsToBeRefreshed = exports.hashPassword = exports.getAjvInstance = exports.generateToken = exports.generateSignedToken = exports.escapeProp = exports.escape = exports.convertBase64urlToBase64 = exports.convertBase64ToBase64url = exports.displayServerURL = exports.controller = exports.ValidateQueryParam = exports.ValidatePathParam = exports.ValidateHeader = exports.ValidateCookie = exports.ValidateBody = exports.UserRequired = exports.Log = void 0;
		exports.ApiServer = exports.ApiSecurityRequirement = exports.ApiResponse = exports.ApiRequestBody = exports.ApiParameter = exports.ApiOperationSummary = exports.ApiOperationId = exports.ApiOperationDescription = exports.ApiOperation = exports.ApiInfo = exports.ApiExternalDoc = exports.ApiDeprecated = exports.ApiDefineTag = exports.ApiDefineSecurityScheme = exports.ApiDefineSchema = exports.ApiDefineResponse = exports.ApiDefineRequestBody = exports.ApiDefineParameter = exports.ApiDefineLink = exports.ApiDefineHeader = exports.ApiDefineExample = exports.ApiDefineCallback = exports.ApiCallback = exports.verifySignedToken = exports.verifyPassword = exports.streamToBuffer = exports.signToken = exports.renderError = exports.renderToString = exports.render = exports.isInFile = exports.passwordHashNeedsToBeRefreshed = exports.hashPassword = exports.getAjvInstance = exports.generateToken = exports.generateSignedToken = exports.convertBase64urlToBase64 = exports.convertBase64ToBase64url = exports.displayServerURL = exports.controller = exports.PermissionRequired = exports.ValidateQueryParam = exports.ValidatePathParam = exports.ValidateHeader = exports.ValidateCookie = exports.ValidateBody = exports.UserRequired = exports.Log = exports.FileList = exports.File = void 0;
		exports.getApiOperationDescription = exports.getApiOperation = exports.getApiInfo = exports.getApiExternalDocs = exports.getApiDeprecated = exports.getApiComponents = exports.getApiCompleteOperation = exports.getApiCallbacks = exports.dependency = exports.createService = exports.createOpenApiDocument = exports.createController = exports.ServiceManager = exports.Put = exports.Post = exports.Patch = exports.Options = exports.OpenApi = exports.MergeHooks = exports.HttpResponseUnauthorized = exports.HttpResponseTooManyRequests = exports.HttpResponseSuccess = exports.HttpResponseServerError = exports.HttpResponseRedirection = exports.HttpResponseRedirect = exports.HttpResponseOK = exports.HttpResponseNotImplemented = exports.HttpResponseNotFound = exports.HttpResponseNoContent = exports.HttpResponseMovedPermanently = exports.HttpResponseMethodNotAllowed = exports.HttpResponseInternalServerError = exports.HttpResponseForbidden = exports.HttpResponseCreated = exports.HttpResponseConflict = exports.HttpResponseClientError = exports.HttpResponseBadRequest = exports.HttpResponse = exports.Hook = exports.Head = exports.Get = exports.Env = exports.Dependency = exports.Delete = exports.Context = exports.ConfigTypeError = exports.ConfigNotFoundError = exports.Config = exports.All = exports.ApiUseTag = void 0;
		exports.readSession = exports.createSession = exports.UseSessions = exports.Store = exports.SessionStore = exports.SessionAlreadyExists = exports.Session = exports.createApp = exports.OPENAPI_SERVICE_ID = exports.isHttpResponseUnauthorized = exports.isHttpResponseTooManyRequests = exports.isHttpResponseSuccess = exports.isHttpResponseServerError = exports.isHttpResponseRedirection = exports.isHttpResponseRedirect = exports.isHttpResponseOK = exports.isHttpResponseNotImplemented = exports.isHttpResponseNotFound = exports.isHttpResponseNoContent = exports.isHttpResponseMovedPermanently = exports.isHttpResponseMethodNotAllowed = exports.isHttpResponseInternalServerError = exports.isHttpResponseForbidden = exports.isHttpResponseCreated = exports.isHttpResponseConflict = exports.isHttpResponseClientError = exports.isHttpResponseBadRequest = exports.isHttpResponse = exports.getPath = exports.getMetadata = exports.getHttpMethod = exports.getHookFunctions = exports.getHookFunction = exports.getApiUsedTags = exports.getApiTags = exports.getApiServers = exports.getApiSecurity = exports.getApiResponses = exports.getApiRequestBody = exports.getApiParameters = exports.getApiOperationSummary = exports.getApiOperationId = void 0;
		try {
		const version = process.versions.node;
		const NODE_MAJOR_VERSION = parseInt(version.split('.')[0], 10);
		if (NODE_MAJOR_VERSION < 10) {
		console.warn(`[Warning] You are using version ${version} of Node. FoalTS requires at least version 10.`);
		const NODE_CURRENT_MAJOR_VERSION = parseInt(version.split('.')[0], 10);
		const NODE_MINIMUM_MAJOR_VERSION = 16;
		if (NODE_CURRENT_MAJOR_VERSION < NODE_MINIMUM_MAJOR_VERSION) {
		console.warn(`[Warning] You are using version ${version} of Node. FoalTS requires at least version ${NODE_MINIMUM_MAJOR_VERSION}.`);
		}
		@@ -19,2 +22,4 @@ }
		var common_1 = require("./common");
		Object.defineProperty(exports, "File", { enumerable: true, get: function () { return common_1.File; } });
		Object.defineProperty(exports, "FileList", { enumerable: true, get: function () { return common_1.FileList; } });
		Object.defineProperty(exports, "Log", { enumerable: true, get: function () { return common_1.Log; } });
		@@ -27,2 +32,3 @@ Object.defineProperty(exports, "UserRequired", { enumerable: true, get: function () { return common_1.UserRequired; } });
		Object.defineProperty(exports, "ValidateQueryParam", { enumerable: true, get: function () { return common_1.ValidateQueryParam; } });
		Object.defineProperty(exports, "PermissionRequired", { enumerable: true, get: function () { return common_1.PermissionRequired; } });
		Object.defineProperty(exports, "controller", { enumerable: true, get: function () { return common_1.controller; } });
		@@ -32,4 +38,2 @@ Object.defineProperty(exports, "displayServerURL", { enumerable: true, get: function () { return common_1.displayServerURL; } });
		Object.defineProperty(exports, "convertBase64urlToBase64", { enumerable: true, get: function () { return common_1.convertBase64urlToBase64; } });
		Object.defineProperty(exports, "escape", { enumerable: true, get: function () { return common_1.escape; } });
		Object.defineProperty(exports, "escapeProp", { enumerable: true, get: function () { return common_1.escapeProp; } });
		Object.defineProperty(exports, "generateSignedToken", { enumerable: true, get: function () { return common_1.generateSignedToken; } });
		@@ -36,0 +40,0 @@ Object.defineProperty(exports, "generateToken", { enumerable: true, get: function () { return common_1.generateToken; } });

lib/sessions/core/create-session.js

		@@ -10,3 +10,3 @@ "use strict";
		content: {
		csrfToken: await common_1.generateToken(),
		csrfToken: await (0, common_1.generateToken)(),
		},
		@@ -16,3 +16,3 @@ createdAt: date,
		flash: {},
		id: await common_1.generateToken(),
		id: await (0, common_1.generateToken)(),
		// Any value here is fine. updatedAt is set by Session.commit().
		@@ -19,0 +19,0 @@ updatedAt: date,

lib/sessions/core/session-store.d.ts

		@@ -19,4 +19,4 @@ import { SessionState } from './session-state.interface';
		export declare abstract class Store {
		static concreteClassConfigPath: string;
		static concreteClassName: string;
		static readonly concreteClassConfigPath = "settings.session.store";
		static readonly concreteClassName = "ConcreteSessionStore";
		/**
		@@ -23,0 +23,0 @@ * Saves the session for the first time.

lib/sessions/core/session.js

		@@ -70,5 +70,4 @@ "use strict";
		setUser(user) {
		var _a;
		// tslint:disable-next-line
		const id = (_a = user.id) !== null && _a !== void 0 ? _a : user._id;
		const id = user.id ?? user._id;
		if (typeof id === 'object') {
		@@ -128,3 +127,3 @@ this.state.userId = id.toString();
		this.oldId = this.state.id;
		this.state.id = await common_1.generateToken();
		this.state.id = await (0, common_1.generateToken)();
		this.status = 'regenerated';
		@@ -131,0 +130,0 @@ }

lib/sessions/http/index.d.ts

		export { UseSessions } from './use-sessions.hook';
		export { FetchUser } from './fetch-user.interface';

lib/sessions/http/use-sessions.hook.d.ts

		import { Class, Context, HookDecorator, ServiceManager } from '../../core';
		import { SessionStore } from '../core';
		import { FetchUser } from './fetch-user.interface';
		export interface UseSessionOptions {
		user?: FetchUser;
		export declare type UseSessionOptions = {
		store?: Class<SessionStore>;
		@@ -14,3 +12,9 @@ cookie?: boolean;
		userCookie?: (ctx: Context, services: ServiceManager) => string \| Promise<string>;
		}
		} & ({
		userIdType: 'string';
		user?: (id: string, services: ServiceManager) => Promise<Context['user']>;
		} \| {
		userIdType?: 'number';
		user?: (id: number, services: ServiceManager) => Promise<Context['user']>;
		});
		export declare function UseSessions(options?: UseSessionOptions): HookDecorator;

lib/sessions/http/use-sessions.hook.js

		@@ -6,2 +6,4 @@ "use strict";
		const constants_1 = require("./constants");
		const check_user_id_type_1 = require("./check-user-id-type");
		const get_session_id_from_request_1 = require("./get-session-id-from-request");
		const core_2 = require("../core");
		@@ -24,7 +26,6 @@ const utils_1 = require("./utils");
		async function hook(ctx, services) {
		var _a;
		const ConcreteSessionStore = options.store \|\| core_2.SessionStore;
		const store = services.get(ConcreteSessionStore);
		async function postFunction(response) {
		if (!(ctx.session) \|\| core_1.isHttpResponseInternalServerError(response)) {
		if (!(ctx.session) \|\| (0, core_1.isHttpResponseInternalServerError)(response)) {
		return;
		@@ -34,3 +35,3 @@ }
		if (options.cookie) {
		utils_1.removeSessionCookie(response, !!options.userCookie);
		(0, utils_1.removeSessionCookie)(response, !!options.userCookie);
		}
		@@ -42,3 +43,3 @@ return;
		const userCookie = options.userCookie ? await options.userCookie(ctx, services) : undefined;
		utils_1.setSessionCookie(response, ctx.session, userCookie);
		(0, utils_1.setSessionCookie)(response, ctx.session, userCookie);
		}
		@@ -48,39 +49,24 @@ }
		let sessionID;
		if (options.cookie) {
		const cookieName = core_1.Config.get('settings.session.cookie.name', 'string', constants_1.SESSION_DEFAULT_COOKIE_NAME);
		const content = ctx.request.cookies[cookieName];
		if (!content) {
		if (!options.required) {
		if ((_a = options.create) !== null && _a !== void 0 ? _a : true) {
		ctx.session = await core_2.createSession(store);
		}
		return postFunction;
		}
		return badRequestOrRedirect('Session cookie not found.');
		try {
		sessionID = (0, get_session_id_from_request_1.getSessionIDFromRequest)(ctx.request, options.cookie ? 'token-in-cookie' : 'token-in-header', !!options.required);
		}
		catch (error) {
		if (error instanceof get_session_id_from_request_1.RequestValidationError) {
		return badRequestOrRedirect(error.message);
		}
		sessionID = content;
		// TODO: test this.
		throw error;
		}
		else {
		const authorizationHeader = ctx.request.get('Authorization') \|\| '';
		if (!authorizationHeader) {
		if (!options.required) {
		if (options.create) {
		ctx.session = await core_2.createSession(store);
		}
		return postFunction;
		}
		return badRequestOrRedirect('Authorization header not found.');
		if (!sessionID) {
		if (options.create ?? options.cookie) {
		ctx.session = await (0, core_2.createSession)(store);
		}
		const content = authorizationHeader.split('Bearer ')[1];
		if (!content) {
		return badRequestOrRedirect('Expected a bearer token. Scheme is Authorization: Bearer <token>.');
		}
		sessionID = content;
		return postFunction;
		}
		/* Verify the session ID */
		const session = await core_2.readSession(store, sessionID);
		const session = await (0, core_2.readSession)(store, sessionID);
		if (!session) {
		const response = unauthorizedOrRedirect('token invalid or expired');
		if (options.cookie) {
		utils_1.removeSessionCookie(response, !!options.userCookie);
		(0, utils_1.removeSessionCookie)(response, !!options.userCookie);
		}
		@@ -90,3 +76,3 @@ return response;
		/* Verify CSRF token */
		if (utils_1.shouldVerifyCsrfToken(ctx.request, options)) {
		if ((0, utils_1.shouldVerifyCsrfToken)(ctx.request, options)) {
		const expectedCsrftoken = session.get('csrfToken');
		@@ -97,3 +83,3 @@ if (!expectedCsrftoken) {
		}
		const actualCsrfToken = utils_1.getCsrfTokenFromRequest(ctx.request);
		const actualCsrfToken = (0, utils_1.getCsrfTokenFromRequest)(ctx.request);
		if (actualCsrfToken !== expectedCsrftoken) {
		@@ -107,3 +93,4 @@ return new core_1.HttpResponseForbidden('CSRF token missing or incorrect.');
		if (session.userId !== null && options.user) {
		ctx.user = await options.user(session.userId, services);
		const userId = (0, check_user_id_type_1.checkUserIdType)(session.userId, options.userIdType);
		ctx.user = await options.user(userId, services);
		if (!ctx.user) {
		@@ -113,3 +100,3 @@ await session.destroy();
		if (options.cookie) {
		utils_1.removeSessionCookie(response, !!options.userCookie);
		(0, utils_1.removeSessionCookie)(response, !!options.userCookie);
		}
		@@ -123,4 +110,4 @@ return response;
		options.required ?
		core_1.ApiResponse(401, { description: 'Auth token is missing or invalid.' }) :
		core_1.ApiResponse(401, { description: 'Auth token is invalid.' })
		(0, core_1.ApiResponse)(401, { description: 'Auth token is missing or invalid.' }) :
		(0, core_1.ApiResponse)(401, { description: 'Auth token is invalid.' })
		];
		@@ -133,8 +120,8 @@ if (options.cookie) {
		};
		openapi.push(core_1.ApiDefineSecurityScheme('cookieAuth', securityScheme));
		openapi.push((0, core_1.ApiDefineSecurityScheme)('cookieAuth', securityScheme));
		if (options.required) {
		openapi.push(core_1.ApiSecurityRequirement({ cookieAuth: [] }));
		openapi.push((0, core_1.ApiSecurityRequirement)({ cookieAuth: [] }));
		}
		if (core_1.Config.get('settings.session.csrf.enabled', 'boolean', false)) {
		openapi.push(core_1.ApiResponse(403, { description: 'CSRF token is missing or incorrect.' }));
		openapi.push((0, core_1.ApiResponse)(403, { description: 'CSRF token is missing or incorrect.' }));
		}
		@@ -147,9 +134,9 @@ }
		};
		openapi.push(core_1.ApiDefineSecurityScheme('bearerAuth', securityScheme));
		openapi.push((0, core_1.ApiDefineSecurityScheme)('bearerAuth', securityScheme));
		if (options.required) {
		openapi.push(core_1.ApiSecurityRequirement({ bearerAuth: [] }));
		openapi.push((0, core_1.ApiSecurityRequirement)({ bearerAuth: [] }));
		}
		}
		return core_1.Hook(hook, openapi, { openapi: options.openapi });
		return (0, core_1.Hook)(hook, openapi, { openapi: options.openapi });
		}
		exports.UseSessions = UseSessions;

lib/sessions/http/utils/remove-session-cookie.js

+@@ -32,11 +32,20 @@ "use strict";
+    };
+    response.setCookie(cookieName, '', Object.assign(Object.assign({}, options), { httpOnly: core_1.Config.get('settings.session.cookie.httpOnly', 'boolean', constants_1.SESSION_DEFAULT_COOKIE_HTTP_ONLY) }));
+    response.setCookie(cookieName, '', {
+        ...options,
+        httpOnly: core_1.Config.get('settings.session.cookie.httpOnly', 'boolean', constants_1.SESSION_DEFAULT_COOKIE_HTTP_ONLY),
+    });
+    if (csrfEnabled) {
+        const csrfCookieName = core_1.Config.get('settings.session.csrf.cookie.name', 'string', constants_1.SESSION_DEFAULT_CSRF_COOKIE_NAME);
+        response.setCookie(csrfCookieName, '', Object.assign(Object.assign({}, options), { httpOnly: false }));
+        response.setCookie(csrfCookieName, '', {
+            ...options,
+            httpOnly: false,
+        });
+    if (user) {
+        response.setCookie(constants_1.SESSION_USER_COOKIE_NAME, '', Object.assign(Object.assign({}, options), { httpOnly: false }));
+        response.setCookie(constants_1.SESSION_USER_COOKIE_NAME, '', {
+            ...options,
+            httpOnly: false,
+        });
+exports.removeSessionCookie = removeSessionCookie;

lib/sessions/http/utils/set-session-cookie.js

		@@ -33,11 +33,20 @@ "use strict";
		};
		response.setCookie(cookieName, session.getToken(), Object.assign(Object.assign({}, options), { httpOnly: core_1.Config.get('settings.session.cookie.httpOnly', 'boolean', constants_1.SESSION_DEFAULT_COOKIE_HTTP_ONLY) }));
		response.setCookie(cookieName, session.getToken(), {
		...options,
		httpOnly: core_1.Config.get('settings.session.cookie.httpOnly', 'boolean', constants_1.SESSION_DEFAULT_COOKIE_HTTP_ONLY),
		});
		if (csrfEnabled) {
		const csrfCookieName = core_1.Config.get('settings.session.csrf.cookie.name', 'string', constants_1.SESSION_DEFAULT_CSRF_COOKIE_NAME);
		response.setCookie(csrfCookieName, session.get('csrfToken') \|\| '', Object.assign(Object.assign({}, options), { httpOnly: false }));
		response.setCookie(csrfCookieName, session.get('csrfToken') \|\| '', {
		...options,
		httpOnly: false,
		});
		}
		if (user) {
		response.setCookie(constants_1.SESSION_USER_COOKIE_NAME, user, Object.assign(Object.assign({}, options), { httpOnly: false }));
		response.setCookie(constants_1.SESSION_USER_COOKIE_NAME, user, {
		...options,
		httpOnly: false,
		});
		}
		}
		exports.setSessionCookie = setSessionCookie;

lib/sessions/http/utils/should-verify-csrf-token.js

		@@ -6,7 +6,6 @@ "use strict";
		function shouldVerifyCsrfToken(request, options) {
		var _a;
		return (options.cookie === true &&
		((_a = options.csrf) !== null && _a !== void 0 ? _a : core_1.Config.get('settings.session.csrf.enabled', 'boolean', false)) &&
		(options.csrf ?? core_1.Config.get('settings.session.csrf.enabled', 'boolean', false)) &&
		['DELETE', 'PATCH', 'POST', 'PUT'].includes(request.method));
		}
		exports.shouldVerifyCsrfToken = shouldVerifyCsrfToken;

lib/sessions/index.d.ts

		export { createSession, readSession, Store, SessionStore, SessionAlreadyExists, Session, SessionState, } from './core';
		export { UseSessions, FetchUser } from './http';
		export { UseSessions } from './http';

package.json

		{
		"name": "@foal/core",
		"version": "2.11.0",
		"version": "3.0.0-alpha.0",
		"description": "Full-featured Node.js framework, with no complexity",
		@@ -21,3 +21,3 @@ "main": "./lib/index.js",
		"engines": {
		"node": ">=10"
		"node": ">=16.0.0"
		},
		@@ -82,5 +82,6 @@ "publishConfig": {
		"dependencies": {
		"ajv": "~6.12.0",
		"ajv": "~8.11.0",
		"ajv-formats": "~2.1.1",
		"cookie-parser": "~1.4.6",
		"express": "~4.18.0",
		"express": "~4.18.1",
		"morgan": "~1.10.0",
		@@ -90,18 +91,19 @@ "reflect-metadata": "~0.1.13"
		"devDependencies": {
		"@foal/internal-test": "^2.11.0",
		"@types/mocha": "7.0.2",
		"@types/node": "10.17.24",
		"@types/supertest": "2.0.10",
		"ejs": "~3.1.7",
		"mocha": "~8.3.0",
		"@foal/internal-test": "^3.0.0-alpha.0",
		"@types/mocha": "9.1.1",
		"@types/node": "16.11.7",
		"@types/supertest": "2.0.12",
		"ajv-errors": "~3.0.0",
		"ejs": "~3.1.8",
		"mocha": "~10.0.0",
		"nyc": "~15.1.0",
		"rimraf": "~2.6.2",
		"source-map-support": "~0.5.19",
		"rimraf": "~3.0.2",
		"source-map-support": "~0.5.21",
		"supertest": "~6.2.3",
		"ts-node": "~9.0.0",
		"twig": "~1.13.3",
		"typescript": "~4.0.2",
		"ts-node": "~10.8.1",
		"twig": "~1.15.4",
		"typescript": "~4.7.4",
		"yamljs": "~0.3.0"
		},
		"gitHead": "9d6734838ad699267f774bf84139b7a5cfc2dcfa"
		"gitHead": "2b855029bb2076c275969278a3a41cea179ff05b"
		}

lib/common/utils/escape-prop.d.ts

lib/common/utils/escape-prop.js

lib/common/utils/escape.d.ts

lib/common/utils/escape.js

lib/sessions/http/fetch-user.interface.d.ts

lib/sessions/http/fetch-user.interface.js

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes