@arkstack/driver-h3 0.12.10 → 0.12.11

package/dist/index.js

@@ -1,19 +1,24 @@
-import { t as staticAssetHandler } from "./middlewares-DWmfAXws.js";
+import { t as staticAssetHandler } from "./middlewares-CGBJHsH7.js";
 import { Arkstack, ArkstackKitDriver } from "@arkstack/contract";
 import { H3, HTTPResponse, serve, toResponse } from "h3";
-import { ErrorHandler, Logger, importFile, renderError } from "@arkstack/common";
-import { join } from "node:path";
-import { stat } from "node:fs/promises";
+import { ErrorHandler, Logger, isClass, renderError } from "@arkstack/common";
+import { Request } from "clear-router";
+import { definePlugin } from "clear-router/core";
+import { definePlugin as definePlugin$1 } from "kanun";
+import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes, timingSafeEqual } from "node:crypto";
+import { DB } from "arkormx";
+import { dirname, join } from "node:path";
+import { mkdir, readFile, rm, writeFile } from "node:fs/promises";
 import { Router as Router$1 } from "clear-router/h3";
 import { clearRouterH3Plugin } from "@resora/plugin-clear-router";
 import { registerPlugin } from "resora";
 //#region src/error-handler.ts
 const webMiddlewareKey = Symbol.for("arkstack:http:web");
-const isRecord = (value) => {
+const isRecord$1 = (value) => {
 	return typeof value === "object" && value !== null;
 };
 const isWebRequest = (value) => {
-	if (!isRecord(value)) return false;
+	if (!isRecord$1(value)) return false;
 	return value[webMiddlewareKey] === true || value.arkstackWeb === true || isWebRequest(value.context) || isWebRequest(value.req);
 };
 const redirectBackTarget = (event) => {
@@ -60,20 +65,1144 @@ const defaultErrorHandler = async (err, event) => {
 	});
 };
 //#endregion
+//#region ../http/dist/redirect-Bwrh6IHq.js
+const unwrapRequestSource = (source) => {
+	if (source.headers) return source;
+	if (source.req) return source.req;
+	if (source.request) return source.request;
+	return source;
+};
+const normalizeHeaders = (headers) => {
+	const normalized = {};
+	if (!headers) return normalized;
+	if (isHeaders(headers)) {
+		headers.forEach((value, key) => {
+			normalized[key.toLowerCase()] = value;
+		});
+		return normalized;
+	}
+	for (const [key, value] of Object.entries(headers)) {
+		const normalizedValue = normalizeHeaderValue(value);
+		if (typeof normalizedValue === "string") normalized[key.toLowerCase()] = normalizedValue;
+	}
+	return normalized;
+};
+const normalizeHeaderValue = (value) => {
+	if (Array.isArray(value)) return value.join(", ");
+	if (typeof value === "number" || typeof value === "boolean") return String(value);
+	return value ?? void 0;
+};
+const isHeaders = (value) => typeof Headers !== "undefined" && value instanceof Headers;
+const isRecord = (value) => {
+	return !!value && typeof value === "object" && !Array.isArray(value);
+};
+/**
+* Resolve Middleware
+* 
+* @param middleware 
+* @returns 
+*/
+const resolveMiddleware = (middleware) => {
+	if (!middleware || typeof middleware === "function" && !isClass(middleware)) return middleware;
+	if (middleware && typeof middleware === "object" && !isClass(middleware) && "handle" in middleware) return middleware.handle.bind(middleware);
+	const instance = isClass(middleware) ? new middleware() : middleware;
+	if (instance && typeof instance.handle === "function") return instance.handle.bind(instance);
+	return middleware;
+};
+/**
+* Represents an HTTP request, providing a consistent interface for accessing request data.
+* 
+* @author 3m1n3nc3
+*/
+var Request$1 = class Request$1 extends Request {
+	headers;
+	ip;
+	source;
+	user;
+	authToken;
+	constructor(options = {}) {
+		super(options);
+		this.headers = normalizeHeaders(options.headers);
+		if (this.method) this.method = options.method;
+		if (this.url) this.url = options.url;
+		if (this.path) this.path = options.path;
+		this.ip = options.ip ?? null;
+		this.user = options.user;
+		this.authToken = options.authToken;
+		this.source = options.source;
+		globalThis.request = (key) => key ? this.input(key) : this;
+	}
+	static from(source) {
+		if (!source) return;
+		if (source instanceof Request$1) return source;
+		const request = unwrapRequestSource(source);
+		return new Request$1({
+			headers: request.headers,
+			method: request.method,
+			url: request.originalUrl ?? request.url,
+			path: request.path,
+			ip: request.ip ?? null,
+			user: request.user,
+			authToken: request.authToken,
+			source
+		});
+	}
+	header(name) {
+		return this.headers[name.toLowerCase()];
+	}
+	bearerToken() {
+		const authorization = this.header("authorization");
+		if (!authorization?.startsWith("Bearer ")) return null;
+		return authorization.substring(7);
+	}
+	setUser(user) {
+		this.user = user;
+		if (isRecord(this.source)) this.source.user = user;
+		return this;
+	}
+};
+var FlashBag = class {
+	bag = {};
+	sweepKeys = /* @__PURE__ */ new Set();
+	constructor(items) {
+		this.bag = { ...items || {} };
+		this.sweepKeys = new Set(Object.keys(this.bag));
+	}
+	put(key, value) {
+		this.bag[key] = value;
+		this.sweepKeys.delete(key);
+		return this;
+	}
+	set(key, value) {
+		return this.put(key, value);
+	}
+	get(key, defaultValue) {
+		return key in this.bag ? this.bag[key] : defaultValue;
+	}
+	has(key) {
+		if (Array.isArray(key)) return key.every((item) => this.has(item));
+		if (key) return key in this.bag;
+		return this.any();
+	}
+	any() {
+		return Object.keys(this.bag).length > 0;
+	}
+	isEmpty() {
+		return !this.any();
+	}
+	isNotEmpty() {
+		return this.any();
+	}
+	keys() {
+		return Object.keys(this.bag);
+	}
+	all() {
+		return { ...this.bag };
+	}
+	clear(key) {
+		if (Array.isArray(key)) {
+			for (const item of key) {
+				delete this.bag[item];
+				this.sweepKeys.delete(item);
+			}
+			return this;
+		}
+		if (key) {
+			delete this.bag[key];
+			this.sweepKeys.delete(key);
+			return this;
+		}
+		this.bag = {};
+		this.sweepKeys.clear();
+		return this;
+	}
+	forget(key) {
+		return this.clear(key);
+	}
+	markForSweep(keys = this.keys()) {
+		this.sweepKeys = new Set(keys);
+		return this;
+	}
+	sweep() {
+		for (const key of this.sweepKeys) delete this.bag[key];
+		this.sweepKeys = new Set(Object.keys(this.bag));
+		return this;
+	}
+	toJSON() {
+		return this.all();
+	}
+};
+const sessionKey = Symbol.for("arkstack:http:session");
+const asMessageRecord = (value) => {
+	if (!isRecord(value)) return;
+	return value;
+};
+const callRecordMethod = (source, method) => {
+	if (typeof source[method] !== "function") return;
+	return asMessageRecord(source[method]());
+};
+const resolveMessageRecord = (source) => {
+	if (!isRecord(source)) return;
+	if (typeof source.getMessageBag === "function") {
+		const bag = source.getMessageBag();
+		if (bag && bag !== source) {
+			const messages = resolveMessageRecord(bag);
+			if (messages) return messages;
+		}
+	}
+	if (typeof source.errors === "function") {
+		const errors = source.errors();
+		const messages = resolveMessageRecord(errors) || asMessageRecord(errors);
+		if (messages) return messages;
+	}
+	return callRecordMethod(source, "getMessages") || callRecordMethod(source, "messagesRaw") || callRecordMethod(source, "toArray") || resolveMessageRecord(source.errors) || asMessageRecord(source.errors);
+};
+const getValidationIssueField = (issue) => {
+	if (typeof issue.field === "string") return issue.field;
+	if (typeof issue.attribute === "string") return issue.attribute;
+	if (typeof issue.key === "string") return issue.key;
+	if (typeof issue.path === "string") return issue.path;
+	if (Array.isArray(issue.path)) return issue.path.join(".") || "_";
+	return "_";
+};
+const toMessages = (value) => {
+	if (Array.isArray(value)) return value.flatMap((item) => toMessages(item));
+	if (value instanceof Error) return [value.message];
+	if (isRecord(value) && typeof value.message === "string") return [value.message];
+	if (value === null || typeof value === "undefined") return [];
+	return [String(value)];
+};
+const getPath = (source, key, defaultValue) => {
+	const value = key.split(".").reduce((current, part) => {
+		if (!isRecord(current) && !Array.isArray(current)) return;
+		return current[part];
+	}, source);
+	return typeof value === "undefined" ? defaultValue : value;
+};
+var ErrorBag = class ErrorBag extends FlashBag {
+	constructor(errors) {
+		super();
+		if (errors) {
+			this.merge(errors);
+			this.markForSweep();
+		}
+	}
+	add(field, message) {
+		const key = field || "_";
+		const messages = toMessages(message);
+		if (!messages.length) return this;
+		this.put(key, [...this.bag[key] || [], ...messages]);
+		return this;
+	}
+	addIf(condition, field, message) {
+		if (condition) this.add(field, message);
+		return this;
+	}
+	merge(errors) {
+		const incoming = resolveMessageRecord(errors) || (isRecord(errors) ? errors : void 0);
+		if (!incoming) return this.validation(errors);
+		for (const [field, messages] of Object.entries(incoming)) this.add(field, messages);
+		return this;
+	}
+	validation(error) {
+		if (!error) return this;
+		if (error instanceof ErrorBag) return this.merge(error);
+		const messages = resolveMessageRecord(error);
+		if (messages) return this.merge(messages);
+		if (Array.isArray(error)) {
+			for (const item of error) if (isRecord(item) && "message" in item) this.add(getValidationIssueField(item), item.message);
+			else this.add("_", item);
+			return this;
+		}
+		if (isRecord(error)) {
+			if (typeof error.errors === "function") return this.validation(error.errors());
+			if (error.errors) return this.validation(error.errors);
+			if (Array.isArray(error.issues)) return this.validation(error.issues);
+			if ("message" in error) return this.add(getValidationIssueField(error), error.message);
+			return this.merge(error);
+		}
+		if (error instanceof Error) return this.add("_", error.message);
+		return this.add("_", error);
+	}
+	keys() {
+		return Object.keys(this.bag);
+	}
+	get(field = "_") {
+		return [...this.bag[field] || []];
+	}
+	first(field) {
+		if (field) return this.bag[field]?.[0] || "";
+		return this.all()[0] || "";
+	}
+	has(field) {
+		if (Array.isArray(field)) return field.every((key) => this.has(key));
+		if (field) return (this.bag[field]?.length || 0) > 0;
+		return this.any();
+	}
+	hasAny(fields) {
+		return (Array.isArray(fields) ? fields : [fields]).some((key) => this.has(key));
+	}
+	missing(fields) {
+		return (Array.isArray(fields) ? fields : [fields]).every((key) => !this.has(key));
+	}
+	any() {
+		return Object.values(this.bag).some((messages) => messages.length > 0);
+	}
+	isEmpty() {
+		return !this.any();
+	}
+	isNotEmpty() {
+		return this.any();
+	}
+	count() {
+		return Object.values(this.bag).reduce((total, messages) => total + messages.length, 0);
+	}
+	all() {
+		return Object.values(this.bag).flat();
+	}
+	unique() {
+		return [...new Set(this.all())];
+	}
+	clear(field) {
+		super.clear(field);
+		return this;
+	}
+	forget(field) {
+		return this.clear(field);
+	}
+	messagesRaw() {
+		return this.toJSON();
+	}
+	getMessages() {
+		return this.messagesRaw();
+	}
+	getMessageBag() {
+		return this;
+	}
+	toArray() {
+		return this.toJSON();
+	}
+	toJSON() {
+		return Object.entries(this.bag).reduce((errors, [field, messages]) => {
+			errors[field] = [...messages];
+			return errors;
+		}, {});
+	}
+};
+var Session = class Session {
+	errors;
+	flashBag;
+	id;
+	data;
+	persistent;
+	saveQueue = Promise.resolve();
+	constructor(initial, persistent) {
+		const current = initial instanceof Session ? initial : void 0;
+		const state = current ? current.snapshot() : initial && ("data" in initial || "errors" in initial || "flash" in initial) ? initial : { data: initial };
+		this.id = persistent?.id ?? current?.id;
+		this.persistent = persistent ?? current?.persistent;
+		this.saveQueue = current?.saveQueue ?? this.saveQueue;
+		this.data = current ? current.data : { ...state.data || {} };
+		this.errors = current ? current.errors : state.errors instanceof ErrorBag ? state.errors : new ErrorBag(state.errors);
+		this.flashBag = current ? current.flashBag : state.flash instanceof FlashBag ? state.flash : new FlashBag(state.flash);
+		const helper = ((key) => key ? this.get(key) : this);
+		Object.assign(helper, {
+			get: this.get.bind(this),
+			put: this.put.bind(this),
+			set: this.set.bind(this),
+			has: this.has.bind(this),
+			forget: this.forget.bind(this),
+			clear: this.clear.bind(this),
+			all: this.all.bind(this),
+			flash: this.flash.bind(this),
+			getFlash: this.getFlash.bind(this),
+			hasErrors: this.hasErrors.bind(this),
+			clearErrors: this.clearErrors.bind(this),
+			errors: this.errors,
+			flashBag: this.flashBag
+		});
+		globalThis.session = helper;
+	}
+	snapshot() {
+		return {
+			data: this.all(),
+			errors: this.errors.toJSON(),
+			flash: this.flashBag.toJSON()
+		};
+	}
+	queuePersist() {
+		this.save();
+	}
+	async save() {
+		const payload = this.snapshot();
+		const previous = this.saveQueue.catch(() => void 0);
+		this.saveQueue = previous.then(async () => {
+			await this.persistent?.save(payload);
+		});
+		await this.saveQueue;
+		return this;
+	}
+	async destroy() {
+		this.data = {};
+		this.errors.clear();
+		this.flashBag.clear();
+		await this.persistent?.destroy?.();
+		return this;
+	}
+	/**
+	* Get an item from the session bag
+	*
+	* @param key
+	* @param defaultValue
+	* @returns
+	*/
+	get(key, defaultValue) {
+		return key in this.data ? this.data[key] : defaultValue;
+	}
+	/**
+	* Add an item to the session bag
+	*
+	* @param key
+	* @param defaultValue
+	* @returns
+	*/
+	put(key, value) {
+		this.data[key] = value;
+		this.queuePersist();
+		return this;
+	}
+	/**
+	* Add an item to the session bag
+	*
+	* @param key
+	* @param defaultValue
+	* @returns
+	*/
+	set(key, value) {
+		return this.put(key, value);
+	}
+	/**
+	* Check if an item exist in the session bag
+	*
+	* @param key
+	* @returns
+	*/
+	has(key) {
+		return key in this.data;
+	}
+	/**
+	* Remove an item from the session bag
+	*
+	* @param key
+	* @returns
+	*/
+	forget(key) {
+		delete this.data[key];
+		this.queuePersist();
+		return this;
+	}
+	/**
+	* Clear the session bag
+	*
+	* @returns
+	*/
+	clear() {
+		this.data = {};
+		this.errors.clear();
+		this.flashBag.clear();
+		this.queuePersist();
+		return this;
+	}
+	/**
+	* Get all items in the session bag
+	*
+	* @returns
+	*/
+	all() {
+		return { ...this.data };
+	}
+	/**
+	* Add a flash item for the next request
+	*
+	* @param key
+	* @param value
+	* @returns
+	*/
+	flash(key, value) {
+		this.flashBag.put(key, value);
+		this.queuePersist();
+		return this;
+	}
+	/**
+	* Get a flash item
+	*
+	* @param key
+	* @param defaultValue
+	* @returns
+	*/
+	getFlash(key, defaultValue) {
+		return this.flashBag.get(key, defaultValue);
+	}
+	/**
+	* Sweep flashed data that was loaded for this request
+	*
+	* @returns
+	*/
+	async sweepFlash() {
+		this.errors.sweep();
+		this.flashBag.sweep();
+		await this.save();
+		return this;
+	}
+	/**
+	* Add an error to the session error bag
+	*
+	* @param field
+	* @param message
+	* @returns
+	*/
+	addError(field, message) {
+		this.errors.add(field, message);
+		this.queuePersist();
+		return this;
+	}
+	/**
+	* Add multiple errors to the session error bag
+	*
+	* @param errors
+	* @returns
+	*/
+	addErrors(errors) {
+		this.errors.merge(errors);
+		this.queuePersist();
+		return this;
+	}
+	/**
+	* Add a validation error to the session error bag
+	*
+	* @param error
+	* @returns
+	*/
+	addValidationErrors(error) {
+		this.errors.validation(error);
+		this.queuePersist();
+		return this;
+	}
+	/**
+	* Check if the session error bag has any errors
+	*
+	* @param field
+	* @returns
+	*/
+	hasErrors(field) {
+		return this.errors.has(field);
+	}
+	/**
+	* Clear all errors in the session error bag
+	*
+	* @param field
+	* @returns
+	*/
+	clearErrors(field) {
+		this.errors.clear(field);
+		this.queuePersist();
+		return this;
+	}
+	/**
+	* Parse session for views
+	*
+	* @returns
+	*/
+	forView() {
+		return {
+			...this.all(),
+			errors: this.errors,
+			flash: this.flashBag
+		};
+	}
+	/**
+	* Return session as json
+	*
+	* @returns
+	*/
+	toJSON() {
+		return {
+			...this.all(),
+			errors: this.errors.toJSON(),
+			flash: this.flashBag.toJSON()
+		};
+	}
+};
+const requestInput = () => {
+	const request = globalThis.request?.();
+	if (request instanceof Request$1) {
+		if (isRecord(request.body)) return request.body;
+		const source = isRecord(request.source) ? request.source : void 0;
+		if (source && typeof source.getBody === "function") return source.getBody() ?? {};
+		if (isRecord(source?.body)) return source.body;
+	}
+	if (isRecord(request) && typeof request.getBody === "function") return request.getBody() ?? {};
+	return isRecord(request?.body) ? request.body : {};
+};
+const old = (key, defaultValue) => {
+	const input = requestInput();
+	if (!key) return input;
+	return getPath(input, key, defaultValue);
+};
+const sweepRegisteredKey = Symbol.for("arkstack:http:flash-sweep-registered");
+const attachSessionProperty = (target, session) => {
+	target.httpSession = session;
+	if (!("session" in target) || target.session instanceof Session) target.session = session;
+};
+const responseSource = (target) => {
+	return target.res ?? target.ctx?.res ?? target.response?.source ?? target.clearResponse?.source ?? target.context?.res ?? target.context?.response?.source;
+};
+const registerResponseFlashSweep = (target, session) => {
+	if (!isRecord(target)) return;
+	const current = session ?? getSession(target);
+	const res = responseSource(target);
+	if (!(current instanceof Session) || !isRecord(res) || typeof res.end !== "function" || res[sweepRegisteredKey]) return;
+	res[sweepRegisteredKey] = true;
+	const end = res.end.bind(res);
+	res.end = (...args) => {
+		current.sweepFlash().catch(() => void 0).finally(() => end(...args));
+		return res;
+	};
+};
+const attachViewState = (target, session) => {
+	attachSessionProperty(target, session);
+	target.errors = session.errors;
+	if (isRecord(target.req)) {
+		attachSessionProperty(target.req, session);
+		target.req.errors = session.errors;
+		target.req.old = old;
+	}
+	if (isRecord(target.res)) target.res.locals = {
+		...target.res.locals || {},
+		session,
+		errors: session.errors,
+		flash: session.flashBag,
+		old
+	};
+	if (isRecord(target.response?.source)) target.response.source.locals = {
+		...target.response.source.locals || {},
+		session,
+		errors: session.errors,
+		flash: session.flashBag,
+		old
+	};
+	if (isRecord(target.context)) {
+		attachSessionProperty(target.context, session);
+		target.context.errors = session.errors;
+		target.context.flash = session.flashBag;
+		target.context.old = old;
+	}
+	if (isRecord(target.state)) {
+		attachSessionProperty(target.state, session);
+		target.state.errors = session.errors;
+		target.state.flash = session.flashBag;
+		target.state.old = old;
+	}
+	if (typeof target.set === "function") {
+		target.set("session", session);
+		target.set("errors", session.errors);
+		target.set("flash", session.flashBag);
+		target.set("old", old);
+	}
+};
+/**
+* Ensure a valid session exists
+* 
+* @param ctx 
+* @param initial 
+* @returns 
+*/
+const ensureSession = (ctx, initial, persistent) => {
+	if (!isRecord(ctx)) return new Session(initial, persistent);
+	const existing = ctx[sessionKey] ?? (ctx.session instanceof Session ? ctx.session : void 0) ?? (isRecord(ctx.req) && ctx.req.httpSession instanceof Session ? ctx.req.httpSession : void 0);
+	const session = existing instanceof Session ? existing : new Session(initial, persistent);
+	ctx[sessionKey] = session;
+	attachViewState(ctx, session);
+	return session;
+};
+/**
+* Get the current session
+* 
+* @param ctx 
+* @returns 
+*/
+const getSession = (ctx) => {
+	if (!isRecord(ctx)) return;
+	const session = ctx[sessionKey] ?? ctx.session;
+	return session instanceof Session ? session : void 0;
+};
+const generateSessionId = () => randomBytes(32).toString("base64url");
+const signValue = (value, secret) => createHmac("sha256", secret).update(value).digest("base64url");
+const encodeSignedValue = (value, secret) => `${value}.${signValue(value, secret)}`;
+const decodeSignedValue = (value, secret) => {
+	if (!value) return void 0;
+	const index = value.lastIndexOf(".");
+	if (index < 1) return void 0;
+	const payload = value.slice(0, index);
+	const signature = value.slice(index + 1);
+	const expected = signValue(payload, secret);
+	const signatureBuffer = Buffer.from(signature);
+	const expectedBuffer = Buffer.from(expected);
+	if (signatureBuffer.length !== expectedBuffer.length) return void 0;
+	return timingSafeEqual(signatureBuffer, expectedBuffer) ? payload : void 0;
+};
+const decodeJson = (value) => {
+	if (!value) return void 0;
+	try {
+		return JSON.parse(Buffer.from(value, "base64url").toString("utf8"));
+	} catch {
+		return;
+	}
+};
+const parseCookies = (header) => {
+	return (Array.isArray(header) ? header.join("; ") : header || "").split(";").reduce((cookies, part) => {
+		const index = part.indexOf("=");
+		if (index < 0) return cookies;
+		const key = part.slice(0, index).trim();
+		const value = part.slice(index + 1).trim();
+		if (key) cookies[key] = decodeURIComponent(value);
+		return cookies;
+	}, {});
+};
+const getCookie = (context, name) => {
+	const ctx = isRecord(context.ctx) ? context.ctx : context;
+	const headers = (context.request || ctx.clearRequest || ctx.req || ctx.request)?.headers || ctx.headers || ctx.req?.headers || ctx.request?.headers;
+	return parseCookies(typeof headers?.get === "function" ? headers.get("cookie") : headers?.cookie)[name];
+};
+const serializeCookie = (name, value, options = {}) => {
+	const parts = [`${name}=${encodeURIComponent(value)}`];
+	if (typeof options.maxAge === "number") parts.push(`Max-Age=${Math.max(0, Math.floor(options.maxAge))}`);
+	if (options.expires) parts.push(`Expires=${options.expires.toUTCString()}`);
+	parts.push(`Path=${options.path || "/"}`);
+	if (options.domain) parts.push(`Domain=${options.domain}`);
+	if (options.httpOnly !== false) parts.push("HttpOnly");
+	if (options.secure) parts.push("Secure");
+	if (options.sameSite) parts.push(`SameSite=${options.sameSite}`);
+	return parts.join("; ");
+};
+const splitSetCookieHeader = (value) => {
+	return value.split(/,\s*(?=[^;,\s]+=)/).filter(Boolean);
+};
+const withoutCookie = (current, cookieName) => {
+	return (Array.isArray(current) ? current.flatMap((item) => splitSetCookieHeader(String(item))) : typeof current === "string" ? splitSetCookieHeader(current) : []).filter((cookie) => !cookie.trim().startsWith(`${cookieName}=`));
+};
+const upsertHeaderValue = (target, headerName, cookieName, value) => {
+	if (!target) return false;
+	if (typeof target.setHeader === "function") {
+		const next = [...withoutCookie(typeof target.getHeader === "function" ? target.getHeader(headerName) : void 0, cookieName), value];
+		target.setHeader(headerName, next);
+		return true;
+	}
+	if (target.headers && typeof target.headers.set === "function") {
+		const next = [...withoutCookie(target.headers.get(headerName), cookieName), value];
+		target.headers.set(headerName, next.join(", "));
+		return true;
+	}
+	if (typeof target.appendHeader === "function") {
+		target.appendHeader(headerName, value);
+		return true;
+	}
+	if (typeof target.append === "function") {
+		target.append(headerName, value);
+		return true;
+	}
+	return false;
+};
+const setCookie = (context, name, value, options = {}) => {
+	const ctx = isRecord(context.ctx) ? context.ctx : context;
+	const cookie = serializeCookie(name, value, options);
+	const response = context.response || ctx.clearResponse;
+	if (response?.headers && typeof response.headers.set === "function") {
+		const next = [...withoutCookie(response.headers.get("set-cookie"), name), cookie];
+		response.headers.set("set-cookie", next.join(", "));
+	}
+	upsertHeaderValue(response?.source, "Set-Cookie", name, cookie) || upsertHeaderValue(ctx.res, "Set-Cookie", name, cookie) || upsertHeaderValue(ctx.response, "Set-Cookie", name, cookie) || upsertHeaderValue(ctx.response?.source, "Set-Cookie", name, cookie) || upsertHeaderValue(ctx.event?.res, "Set-Cookie", name, cookie);
+	return cookie;
+};
+const byteLength = (value) => Buffer.byteLength(value, "utf8");
+const serializeValue = (value) => {
+	if (value === null || typeof value === "undefined") return "N;";
+	if (typeof value === "boolean") return `b:${value ? 1 : 0};`;
+	if (typeof value === "number") return Number.isInteger(value) ? `i:${value};` : `d:${value};`;
+	if (typeof value === "string") return `s:${byteLength(value)}:"${value}";`;
+	if (Array.isArray(value)) return serializeEntries(value.map((item, index) => [index, item]));
+	if (typeof value === "object") return serializeEntries(Object.entries(value));
+	return serializeValue(String(value));
+};
+const serializeEntries = (entries) => {
+	return `a:${entries.length}:{${entries.map(([key, value]) => serializeValue(key) + serializeValue(value)).join("")}}`;
+};
+var Parser = class {
+	source;
+	offset = 0;
+	constructor(source) {
+		this.source = source;
+	}
+	parse() {
+		const type = this.source[this.offset];
+		this.offset += type === "N" ? 1 : 2;
+		switch (type) {
+			case "N":
+				this.expect(";");
+				return null;
+			case "b": return this.readUntil(";") === "1";
+			case "i": return Number.parseInt(this.readUntil(";"), 10);
+			case "d": return Number.parseFloat(this.readUntil(";"));
+			case "s": return this.parseString();
+			case "a": return this.parseArray();
+			default: throw new Error(`Unsupported serialized session value: ${type}`);
+		}
+	}
+	parseString() {
+		const length = Number.parseInt(this.readUntil(":"), 10);
+		this.expect("\"");
+		let end = this.offset;
+		let bytes = 0;
+		while (end < this.source.length && bytes < length) {
+			const char = this.source[end];
+			bytes += Buffer.byteLength(char, "utf8");
+			end += 1;
+		}
+		const value = this.source.slice(this.offset, end);
+		this.offset = end;
+		this.expect("\"");
+		this.expect(";");
+		return value;
+	}
+	parseArray() {
+		const length = Number.parseInt(this.readUntil(":"), 10);
+		this.expect("{");
+		const entries = [];
+		let sequential = true;
+		for (let index = 0; index < length; index += 1) {
+			const key = this.parse();
+			const value = this.parse();
+			entries.push([key, value]);
+			if (key !== index) sequential = false;
+		}
+		this.expect("}");
+		if (sequential) return entries.map(([, value]) => value);
+		return entries.reduce((record, [key, value]) => {
+			record[String(key)] = value;
+			return record;
+		}, {});
+	}
+	readUntil(token) {
+		const index = this.source.indexOf(token, this.offset);
+		if (index < 0) throw new Error("Invalid serialized session payload");
+		const value = this.source.slice(this.offset, index);
+		this.offset = index + token.length;
+		return value;
+	}
+	expect(token) {
+		if (this.source.slice(this.offset, this.offset + token.length) !== token) throw new Error("Invalid serialized session payload");
+		this.offset += token.length;
+	}
+};
+const encodeSessionPayload = (payload) => {
+	return serializeValue(payload);
+};
+const normalizeSessionPayload = (payload) => {
+	if (!payload || typeof payload !== "object" || Array.isArray(payload)) return payload;
+	const record = payload;
+	for (const key of [
+		"data",
+		"errors",
+		"flash"
+	]) if (Array.isArray(record[key]) && record[key].length === 0) record[key] = {};
+	return record;
+};
+const decodeSessionPayload = (value) => {
+	if (!value) return;
+	try {
+		return normalizeSessionPayload(new Parser(value).parse());
+	} catch {
+		return;
+	}
+};
+const keyFromSecret = (secret) => {
+	if (secret.startsWith("base64:")) {
+		const decoded = Buffer.from(secret.slice(7), "base64");
+		if (decoded.length === 32) return decoded;
+	}
+	const raw = Buffer.from(secret, "base64");
+	if (raw.length === 32) return raw;
+	return createHash("sha256").update(secret).digest();
+};
+const macFor = (iv, value, key) => {
+	return createHmac("sha256", key).update(iv + value).digest("hex");
+};
+const encryptSessionValue = (value, secret) => {
+	const key = keyFromSecret(secret);
+	const iv = randomBytes(16);
+	const ivValue = iv.toString("base64");
+	const cipher = createCipheriv("aes-256-cbc", key, iv);
+	const encrypted = Buffer.concat([cipher.update(value, "utf8"), cipher.final()]).toString("base64");
+	const payload = {
+		iv: ivValue,
+		value: encrypted,
+		mac: macFor(ivValue, encrypted, key),
+		tag: ""
+	};
+	return JSON.stringify(payload);
+};
+const decryptSessionValue = (payload, secret) => {
+	if (!payload) return;
+	try {
+		const decoded = JSON.parse(payload.startsWith("{") ? payload : Buffer.from(payload, "base64").toString("utf8"));
+		if (!decoded.iv || !decoded.value || !decoded.mac) return;
+		const key = keyFromSecret(secret);
+		const expected = macFor(decoded.iv, decoded.value, key);
+		const actualBuffer = Buffer.from(decoded.mac);
+		const expectedBuffer = Buffer.from(expected);
+		if (actualBuffer.length !== expectedBuffer.length || !timingSafeEqual(actualBuffer, expectedBuffer)) return;
+		const decipher = createDecipheriv("aes-256-cbc", key, Buffer.from(decoded.iv, "base64"));
+		return Buffer.concat([decipher.update(Buffer.from(decoded.value, "base64")), decipher.final()]).toString("utf8");
+	} catch {
+		return;
+	}
+};
+const defaultSecret = () => String(process.env.SESSION_SECRET || process.env.APP_KEY || "arkstack-session-secret");
+const defaultcookie_options = (ttl) => ({
+	httpOnly: true,
+	sameSite: "Lax",
+	secure: process.env.NODE_ENV === "production",
+	path: "/",
+	maxAge: ttl
+});
+var BaseSessionDriver = class {
+	cookie;
+	secret;
+	ttl;
+	cookie_options;
+	constructor(options = {}) {
+		this.cookie = options.cookie || "arkstack_session";
+		this.secret = options.secret || defaultSecret();
+		this.ttl = options.ttl;
+		this.cookie_options = {
+			...defaultcookie_options(options.ttl),
+			...options.cookie_options || {}
+		};
+	}
+	readSessionId(context) {
+		return decodeSignedValue(getCookie(context, this.cookie), this.secret);
+	}
+	encryptPayload(value) {
+		return encryptSessionValue(value, this.secret);
+	}
+	decryptPayload(value) {
+		return decryptSessionValue(value, this.secret);
+	}
+	writeSessionId(context, id) {
+		setCookie(context, this.cookie, encodeSignedValue(id, this.secret), this.cookie_options);
+	}
+};
+var CookieSessionDriver = class extends BaseSessionDriver {
+	async start(context) {
+		const cookie = getCookie(context, this.cookie);
+		const decoded = this.decryptPayload(cookie) ?? decodeSignedValue(cookie, this.secret);
+		const payload = decodeSessionPayload(decoded) ?? decodeJson(decoded);
+		const id = payload?.id || generateSessionId();
+		const state = payload ? {
+			data: payload.data,
+			errors: payload.errors,
+			flash: payload.flash
+		} : void 0;
+		const save = async (next) => {
+			setCookie(context, this.cookie, this.encryptPayload(encodeSessionPayload({
+				id,
+				...next
+			})), this.cookie_options);
+		};
+		const destroy = async () => {
+			setCookie(context, this.cookie, "", {
+				...this.cookie_options,
+				maxAge: 0,
+				expires: /* @__PURE__ */ new Date(0)
+			});
+		};
+		return {
+			id,
+			state,
+			save,
+			destroy
+		};
+	}
+};
+var DatabaseSessionDriver = class extends BaseSessionDriver {
+	tableName;
+	constructor(options = {}) {
+		super(options);
+		this.tableName = options.table || "sessions";
+	}
+	table() {
+		return DB.table(this.tableName);
+	}
+	async start(context) {
+		const id = this.readSessionId(context) || generateSessionId();
+		this.writeSessionId(context, id);
+		const row = await this.table().where({ id }).first();
+		const state = isRecord(row) && typeof row.payload === "string" ? decodeSessionPayload(this.decryptPayload(row.payload) ?? row.payload) ?? decodeJson(this.decryptPayload(row.payload) ?? row.payload) : isRecord(row?.payload) ? row.payload : void 0;
+		const save = async (payload) => {
+			const now = /* @__PURE__ */ new Date();
+			const values = {
+				id,
+				payload: this.encryptPayload(encodeSessionPayload(payload)),
+				updatedAt: now,
+				expiresAt: this.ttl ? new Date(now.getTime() + this.ttl * 1e3) : null
+			};
+			if (await this.table().where({ id }).first()) await this.table().where({ id }).update(values);
+			else await this.table().insert({
+				...values,
+				createdAt: now
+			});
+			this.writeSessionId(context, id);
+		};
+		const destroy = async () => {
+			await this.table().where({ id }).delete();
+			setCookie(context, this.cookie, "", {
+				...this.cookie_options,
+				maxAge: 0,
+				expires: /* @__PURE__ */ new Date(0)
+			});
+		};
+		return {
+			id,
+			state,
+			save,
+			destroy
+		};
+	}
+};
+var FileSessionDriver = class extends BaseSessionDriver {
+	directory;
+	constructor(options = {}) {
+		super(options);
+		this.directory = options.directory || join(Arkstack.rootDir(), "storage", "framework", "sessions");
+	}
+	path(id) {
+		return join(this.directory, id);
+	}
+	async start(context) {
+		const id = this.readSessionId(context) || generateSessionId();
+		this.writeSessionId(context, id);
+		let state;
+		try {
+			const contents = await readFile(this.path(id), "utf8");
+			const payload = this.decryptPayload(contents) ?? contents;
+			state = decodeSessionPayload(payload) ?? JSON.parse(payload);
+		} catch {
+			state = void 0;
+		}
+		const save = async (payload) => {
+			const path = this.path(id);
+			await mkdir(dirname(path), { recursive: true });
+			await writeFile(path, this.encryptPayload(encodeSessionPayload(payload)), "utf8");
+			this.writeSessionId(context, id);
+		};
+		const destroy = async () => {
+			await rm(this.path(id), { force: true });
+			setCookie(context, this.cookie, "", {
+				...this.cookie_options,
+				maxAge: 0,
+				expires: /* @__PURE__ */ new Date(0)
+			});
+		};
+		return {
+			id,
+			state,
+			save,
+			destroy
+		};
+	}
+};
+let configuredDriver;
+const readAppSessionConfig = () => {
+	try {
+		if (!globalThis.config) return;
+		return {
+			driver: config("session.driver", "cookie"),
+			cookie: config("session.cookie", "arkstack_session"),
+			secret: config("session.secret"),
+			ttl: config("session.ttl", 3600 * 24 * 7),
+			cookie_options: {
+				path: config("session.path", "/"),
+				httpOnly: config("session.http_only", true),
+				secure: config("session.secure", true),
+				sameSite: config("session.same_site", "Lax")
+			},
+			file: { directory: config("session.directory") },
+			database: { table: config("session.table", "sessions") }
+		};
+	} catch {
+		return;
+	}
+};
+const createSessionDriver = (config = {}) => {
+	if (config.driver && typeof config.driver !== "string") return config.driver;
+	const common = {
+		cookie: config.cookie,
+		secret: config.secret,
+		ttl: config.ttl,
+		cookie_options: config.cookie_options
+	};
+	switch (config.driver || "cookie") {
+		case "file": return new FileSessionDriver({
+			...common,
+			directory: config.file?.directory
+		});
+		case "database": return new DatabaseSessionDriver({
+			...common,
+			table: config.database?.table
+		});
+		default: return new CookieSessionDriver(common);
+	}
+};
+const getSessionDriver = () => {
+	if (!configuredDriver) configuredDriver = createSessionDriver(readAppSessionConfig());
+	return configuredDriver;
+};
+definePlugin({
+	name: "arkstack-http",
+	setup: ({ bind, useHttpContext }) => {
+		bind(Session, ({ ctx }) => ensureSession(ctx));
+		useHttpContext(async (context) => {
+			globalThis.request = (key) => key ? context.request.input(key) : context.request;
+			const persistent = await getSessionDriver().start(context);
+			const session = ensureSession(context.ctx, persistent.state, persistent);
+			context.httpSession = session;
+			if (!("session" in context) || context.session instanceof Session) context.session = session;
+			context.errors = session.errors;
+			attachViewState(context, session);
+			registerResponseFlashSweep(context, session);
+		});
+	}
+});
+definePlugin$1({
+	name: "kanun-session-plugin",
+	install({ onValidationError }) {
+		onValidationError((validator) => {
+			const currentSession = globalThis.session?.();
+			if (currentSession instanceof Session) currentSession.addValidationErrors(validator);
+		});
+	}
+});
+//#endregion
 //#region src/Router.ts
 registerPlugin(clearRouterH3Plugin);
 Router$1.configure({ inferParamName: true });
 var Router = class extends Router$1 {
 	static async bind(app) {
 		try {
-			if ((await stat(join(Arkstack.rootDir(), "src/routes/api.ts"))).isFile()) await Router$1.group("/api", async () => {
-				await importFile(join(Arkstack.rootDir(), "src/routes/api.ts"));
-			});
+			await Router$1.group("/api", join(Arkstack.rootDir(), "src/routes/api.ts"));
 		} catch {}
 		try {
-			if ((await stat(join(Arkstack.rootDir(), "src/routes/web.ts"))).isFile()) await Router$1.group("/", async () => {
-				await importFile(join(Arkstack.rootDir(), "src/routes/web.ts"));
-			});
+			await Router$1.group("/", join(Arkstack.rootDir(), "src/routes/web.ts"));
 		} catch {}
 		return Router$1.apply(app);
 	}
@@ -148,12 +1277,13 @@ var H3Driver = class extends ArkstackKitDriver {
 		const mw = Array.isArray(middleware) ? middleware[0] : middleware;
 		const conf = Array.isArray(middleware) && middleware[1] ? middleware[1] : {};
 		if (typeof mw === "function") {
-			app.use(mw, conf);
+			app.use(resolveMiddleware(mw), conf);
 			return;
 		}
 		for (const [pos, entries] of Object.entries(middleware)) for (const entry of entries) {
-			const mw = Array.isArray(entry) ? entry[0] : entry;
+			const instance = Array.isArray(entry) ? entry[0] : entry;
 			const conf = Array.isArray(entry) && entry[1] ? entry[1] : {};
+			const mw = resolveMiddleware(instance);
 			if (pos === "after") app.use(async (evt, next) => {
 				evt[Symbol.for("h3.internal.event.res")] = new H3EventResponse(await toResponse(await next(), evt));
 				await mw(evt, next);