@arkstack/http 0.7.20 → 0.9.0

package/dist/redirect-CZvhBHqO.js

@@ -0,0 +1,1245 @@
+import { Request, Response } from "clear-router";
+import { definePlugin } from "clear-router/core";
+import { definePlugin as definePlugin$1 } from "kanun";
+import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes, timingSafeEqual } from "node:crypto";
+import { DB } from "arkormx";
+import { dirname, join } from "node:path";
+import { mkdir, readFile, rm, writeFile } from "node:fs/promises";
+//#region src/helpers.ts
+const unwrapRequestSource = (source) => {
+	if (source.headers) return source;
+	if (source.req) return source.req;
+	if (source.request) return source.request;
+	return source;
+};
+const makeHeaders = (headers) => {
+	return new Headers(normalizeHeaders(headers));
+};
+const normalizeHeaders = (headers) => {
+	const normalized = {};
+	if (!headers) return normalized;
+	if (isHeaders(headers)) {
+		headers.forEach((value, key) => {
+			normalized[key.toLowerCase()] = value;
+		});
+		return normalized;
+	}
+	for (const [key, value] of Object.entries(headers)) {
+		const normalizedValue = normalizeHeaderValue(value);
+		if (typeof normalizedValue === "string") normalized[key.toLowerCase()] = normalizedValue;
+	}
+	return normalized;
+};
+const normalizeHeaderValue = (value) => {
+	if (Array.isArray(value)) return value.join(", ");
+	if (typeof value === "number" || typeof value === "boolean") return String(value);
+	return value ?? void 0;
+};
+const isHeaders = (value) => typeof Headers !== "undefined" && value instanceof Headers;
+const isRecord = (value) => {
+	return !!value && typeof value === "object" && !Array.isArray(value);
+};
+//#endregion
+//#region src/Request.ts
+/**
+* Represents an HTTP request, providing a consistent interface for accessing request data.
+* 
+* @author 3m1n3nc3
+*/
+var Request$1 = class Request$1 extends Request {
+	headers;
+	ip;
+	source;
+	user;
+	authToken;
+	constructor(options = {}) {
+		super(options);
+		this.headers = normalizeHeaders(options.headers);
+		if (this.method) this.method = options.method;
+		if (this.url) this.url = options.url;
+		if (this.path) this.path = options.path;
+		this.ip = options.ip ?? null;
+		this.user = options.user;
+		this.authToken = options.authToken;
+		this.source = options.source;
+		globalThis.request = (key) => key ? this.input(key) : this;
+	}
+	static from(source) {
+		if (!source) return;
+		if (source instanceof Request$1) return source;
+		const request = unwrapRequestSource(source);
+		return new Request$1({
+			headers: request.headers,
+			method: request.method,
+			url: request.originalUrl ?? request.url,
+			path: request.path,
+			ip: request.ip ?? null,
+			user: request.user,
+			authToken: request.authToken,
+			source
+		});
+	}
+	header(name) {
+		return this.headers[name.toLowerCase()];
+	}
+	bearerToken() {
+		const authorization = this.header("authorization");
+		if (!authorization?.startsWith("Bearer ")) return null;
+		return authorization.substring(7);
+	}
+	setUser(user) {
+		this.user = user;
+		if (isRecord(this.source)) this.source.user = user;
+		return this;
+	}
+};
+//#endregion
+//#region src/Response.ts
+/**
+* Represents an HTTP response, providing a consistent interface for accessing response data.
+* 
+* @author 3m1n3nc3
+*/
+var Response$1 = class Response$1 extends Response {
+	body;
+	source;
+	constructor(options = {}) {
+		super({
+			body: options.body,
+			headers: makeHeaders(options.headers),
+			statusCode: options.statusCode ?? 200
+		});
+		this.body = options.body ?? {};
+		this.source = options.source;
+		globalThis.response = () => this;
+	}
+	static from(source) {
+		if (!source) return;
+		if (source instanceof Response$1) return source;
+		return new Response$1({
+			statusCode: typeof source.status === "number" ? source.status : source.statusCode,
+			headers: source.headers,
+			source
+		});
+	}
+	status(code) {
+		this.statusCode = code;
+		if (isRecord(this.source)) if (typeof this.source.status === "function") this.source.status(code);
+		else this.source.statusCode = code;
+		return this;
+	}
+	header(name, value) {
+		this.headers.set(name.toLowerCase(), value);
+		if (isRecord(this.source) && typeof this.source.setHeader === "function") this.source.setHeader(name, value);
+		return this;
+	}
+	getHeaders() {
+		return normalizeHeaders(this.headers);
+	}
+	json(body) {
+		this.body = body;
+		if (isRecord(this.source) && typeof this.source.json === "function") return this.source.json(body);
+		return body;
+	}
+	send(body) {
+		this.body = body;
+		if (isRecord(this.source) && typeof this.source.send === "function") return this.source.send(body);
+		return body;
+	}
+};
+//#endregion
+//#region src/session/FlashBag.ts
+var FlashBag = class {
+	bag = {};
+	sweepKeys = /* @__PURE__ */ new Set();
+	constructor(items) {
+		this.bag = { ...items || {} };
+		this.sweepKeys = new Set(Object.keys(this.bag));
+	}
+	put(key, value) {
+		this.bag[key] = value;
+		this.sweepKeys.delete(key);
+		return this;
+	}
+	set(key, value) {
+		return this.put(key, value);
+	}
+	get(key, defaultValue) {
+		return key in this.bag ? this.bag[key] : defaultValue;
+	}
+	has(key) {
+		if (Array.isArray(key)) return key.every((item) => this.has(item));
+		if (key) return key in this.bag;
+		return this.any();
+	}
+	any() {
+		return Object.keys(this.bag).length > 0;
+	}
+	isEmpty() {
+		return !this.any();
+	}
+	isNotEmpty() {
+		return this.any();
+	}
+	keys() {
+		return Object.keys(this.bag);
+	}
+	all() {
+		return { ...this.bag };
+	}
+	clear(key) {
+		if (Array.isArray(key)) {
+			for (const item of key) {
+				delete this.bag[item];
+				this.sweepKeys.delete(item);
+			}
+			return this;
+		}
+		if (key) {
+			delete this.bag[key];
+			this.sweepKeys.delete(key);
+			return this;
+		}
+		this.bag = {};
+		this.sweepKeys.clear();
+		return this;
+	}
+	forget(key) {
+		return this.clear(key);
+	}
+	markForSweep(keys = this.keys()) {
+		this.sweepKeys = new Set(keys);
+		return this;
+	}
+	sweep() {
+		for (const key of this.sweepKeys) delete this.bag[key];
+		this.sweepKeys = new Set(Object.keys(this.bag));
+		return this;
+	}
+	toJSON() {
+		return this.all();
+	}
+};
+const sessionKey = Symbol.for("arkstack:http:session");
+const asMessageRecord = (value) => {
+	if (!isRecord(value)) return;
+	return value;
+};
+const callRecordMethod = (source, method) => {
+	if (typeof source[method] !== "function") return;
+	return asMessageRecord(source[method]());
+};
+const resolveMessageRecord = (source) => {
+	if (!isRecord(source)) return;
+	if (typeof source.getMessageBag === "function") {
+		const bag = source.getMessageBag();
+		if (bag && bag !== source) {
+			const messages = resolveMessageRecord(bag);
+			if (messages) return messages;
+		}
+	}
+	if (typeof source.errors === "function") {
+		const errors = source.errors();
+		const messages = resolveMessageRecord(errors) || asMessageRecord(errors);
+		if (messages) return messages;
+	}
+	return callRecordMethod(source, "getMessages") || callRecordMethod(source, "messagesRaw") || callRecordMethod(source, "toArray") || resolveMessageRecord(source.errors) || asMessageRecord(source.errors);
+};
+const getValidationIssueField = (issue) => {
+	if (typeof issue.field === "string") return issue.field;
+	if (typeof issue.attribute === "string") return issue.attribute;
+	if (typeof issue.key === "string") return issue.key;
+	if (typeof issue.path === "string") return issue.path;
+	if (Array.isArray(issue.path)) return issue.path.join(".") || "_";
+	return "_";
+};
+const toMessages = (value) => {
+	if (Array.isArray(value)) return value.flatMap((item) => toMessages(item));
+	if (value instanceof Error) return [value.message];
+	if (isRecord(value) && typeof value.message === "string") return [value.message];
+	if (value === null || typeof value === "undefined") return [];
+	return [String(value)];
+};
+const getPath = (source, key, defaultValue) => {
+	const value = key.split(".").reduce((current, part) => {
+		if (!isRecord(current) && !Array.isArray(current)) return;
+		return current[part];
+	}, source);
+	return typeof value === "undefined" ? defaultValue : value;
+};
+//#endregion
+//#region src/session/ErrorBag.ts
+var ErrorBag = class ErrorBag extends FlashBag {
+	constructor(errors) {
+		super();
+		if (errors) {
+			this.merge(errors);
+			this.markForSweep();
+		}
+	}
+	add(field, message) {
+		const key = field || "_";
+		const messages = toMessages(message);
+		if (!messages.length) return this;
+		this.put(key, [...this.bag[key] || [], ...messages]);
+		return this;
+	}
+	addIf(condition, field, message) {
+		if (condition) this.add(field, message);
+		return this;
+	}
+	merge(errors) {
+		const incoming = resolveMessageRecord(errors) || (isRecord(errors) ? errors : void 0);
+		if (!incoming) return this.validation(errors);
+		for (const [field, messages] of Object.entries(incoming)) this.add(field, messages);
+		return this;
+	}
+	validation(error) {
+		if (!error) return this;
+		if (error instanceof ErrorBag) return this.merge(error);
+		const messages = resolveMessageRecord(error);
+		if (messages) return this.merge(messages);
+		if (Array.isArray(error)) {
+			for (const item of error) if (isRecord(item) && "message" in item) this.add(getValidationIssueField(item), item.message);
+			else this.add("_", item);
+			return this;
+		}
+		if (isRecord(error)) {
+			if (typeof error.errors === "function") return this.validation(error.errors());
+			if (error.errors) return this.validation(error.errors);
+			if (Array.isArray(error.issues)) return this.validation(error.issues);
+			if ("message" in error) return this.add(getValidationIssueField(error), error.message);
+			return this.merge(error);
+		}
+		if (error instanceof Error) return this.add("_", error.message);
+		return this.add("_", error);
+	}
+	keys() {
+		return Object.keys(this.bag);
+	}
+	get(field = "_") {
+		return [...this.bag[field] || []];
+	}
+	first(field) {
+		if (field) return this.bag[field]?.[0] || "";
+		return this.all()[0] || "";
+	}
+	has(field) {
+		if (Array.isArray(field)) return field.every((key) => this.has(key));
+		if (field) return (this.bag[field]?.length || 0) > 0;
+		return this.any();
+	}
+	hasAny(fields) {
+		return (Array.isArray(fields) ? fields : [fields]).some((key) => this.has(key));
+	}
+	missing(fields) {
+		return (Array.isArray(fields) ? fields : [fields]).every((key) => !this.has(key));
+	}
+	any() {
+		return Object.values(this.bag).some((messages) => messages.length > 0);
+	}
+	isEmpty() {
+		return !this.any();
+	}
+	isNotEmpty() {
+		return this.any();
+	}
+	count() {
+		return Object.values(this.bag).reduce((total, messages) => total + messages.length, 0);
+	}
+	all() {
+		return Object.values(this.bag).flat();
+	}
+	unique() {
+		return [...new Set(this.all())];
+	}
+	clear(field) {
+		super.clear(field);
+		return this;
+	}
+	forget(field) {
+		return this.clear(field);
+	}
+	messagesRaw() {
+		return this.toJSON();
+	}
+	getMessages() {
+		return this.messagesRaw();
+	}
+	getMessageBag() {
+		return this;
+	}
+	toArray() {
+		return this.toJSON();
+	}
+	toJSON() {
+		return Object.entries(this.bag).reduce((errors, [field, messages]) => {
+			errors[field] = [...messages];
+			return errors;
+		}, {});
+	}
+};
+//#endregion
+//#region src/session/Session.ts
+var Session = class Session {
+	errors;
+	flashBag;
+	id;
+	data;
+	persistent;
+	saveQueue = Promise.resolve();
+	constructor(initial, persistent) {
+		const current = initial instanceof Session ? initial : void 0;
+		const state = current ? current.snapshot() : initial && ("data" in initial || "errors" in initial || "flash" in initial) ? initial : { data: initial };
+		this.id = persistent?.id ?? current?.id;
+		this.persistent = persistent ?? current?.persistent;
+		this.saveQueue = current?.saveQueue ?? this.saveQueue;
+		this.data = current ? current.data : { ...state.data || {} };
+		this.errors = current ? current.errors : state.errors instanceof ErrorBag ? state.errors : new ErrorBag(state.errors);
+		this.flashBag = current ? current.flashBag : state.flash instanceof FlashBag ? state.flash : new FlashBag(state.flash);
+		const helper = ((key) => key ? this.get(key) : this);
+		Object.assign(helper, {
+			get: this.get.bind(this),
+			put: this.put.bind(this),
+			set: this.set.bind(this),
+			has: this.has.bind(this),
+			forget: this.forget.bind(this),
+			clear: this.clear.bind(this),
+			all: this.all.bind(this),
+			flash: this.flash.bind(this),
+			getFlash: this.getFlash.bind(this),
+			hasErrors: this.hasErrors.bind(this),
+			clearErrors: this.clearErrors.bind(this),
+			errors: this.errors,
+			flashBag: this.flashBag
+		});
+		globalThis.session = helper;
+	}
+	snapshot() {
+		return {
+			data: this.all(),
+			errors: this.errors.toJSON(),
+			flash: this.flashBag.toJSON()
+		};
+	}
+	queuePersist() {
+		this.save();
+	}
+	async save() {
+		const payload = this.snapshot();
+		const previous = this.saveQueue.catch(() => void 0);
+		this.saveQueue = previous.then(async () => {
+			await this.persistent?.save(payload);
+		});
+		await this.saveQueue;
+		return this;
+	}
+	async destroy() {
+		this.data = {};
+		this.errors.clear();
+		this.flashBag.clear();
+		await this.persistent?.destroy?.();
+		return this;
+	}
+	/**
+	* Get an item from the session bag
+	*
+	* @param key
+	* @param defaultValue
+	* @returns
+	*/
+	get(key, defaultValue) {
+		return key in this.data ? this.data[key] : defaultValue;
+	}
+	/**
+	* Add an item to the session bag
+	*
+	* @param key
+	* @param defaultValue
+	* @returns
+	*/
+	put(key, value) {
+		this.data[key] = value;
+		this.queuePersist();
+		return this;
+	}
+	/**
+	* Add an item to the session bag
+	*
+	* @param key
+	* @param defaultValue
+	* @returns
+	*/
+	set(key, value) {
+		return this.put(key, value);
+	}
+	/**
+	* Check if an item exist in the session bag
+	*
+	* @param key
+	* @returns
+	*/
+	has(key) {
+		return key in this.data;
+	}
+	/**
+	* Remove an item from the session bag
+	*
+	* @param key
+	* @returns
+	*/
+	forget(key) {
+		delete this.data[key];
+		this.queuePersist();
+		return this;
+	}
+	/**
+	* Clear the session bag
+	*
+	* @returns
+	*/
+	clear() {
+		this.data = {};
+		this.errors.clear();
+		this.flashBag.clear();
+		this.queuePersist();
+		return this;
+	}
+	/**
+	* Get all items in the session bag
+	*
+	* @returns
+	*/
+	all() {
+		return { ...this.data };
+	}
+	/**
+	* Add a flash item for the next request
+	*
+	* @param key
+	* @param value
+	* @returns
+	*/
+	flash(key, value) {
+		this.flashBag.put(key, value);
+		this.queuePersist();
+		return this;
+	}
+	/**
+	* Get a flash item
+	*
+	* @param key
+	* @param defaultValue
+	* @returns
+	*/
+	getFlash(key, defaultValue) {
+		return this.flashBag.get(key, defaultValue);
+	}
+	/**
+	* Sweep flashed data that was loaded for this request
+	*
+	* @returns
+	*/
+	async sweepFlash() {
+		this.errors.sweep();
+		this.flashBag.sweep();
+		await this.save();
+		return this;
+	}
+	/**
+	* Add an error to the session error bag
+	*
+	* @param field
+	* @param message
+	* @returns
+	*/
+	addError(field, message) {
+		this.errors.add(field, message);
+		this.queuePersist();
+		return this;
+	}
+	/**
+	* Add multiple errors to the session error bag
+	*
+	* @param errors
+	* @returns
+	*/
+	addErrors(errors) {
+		this.errors.merge(errors);
+		this.queuePersist();
+		return this;
+	}
+	/**
+	* Add a validation error to the session error bag
+	*
+	* @param error
+	* @returns
+	*/
+	addValidationErrors(error) {
+		this.errors.validation(error);
+		this.queuePersist();
+		return this;
+	}
+	/**
+	* Check if the session error bag has any errors
+	*
+	* @param field
+	* @returns
+	*/
+	hasErrors(field) {
+		return this.errors.has(field);
+	}
+	/**
+	* Clear all errors in the session error bag
+	*
+	* @param field
+	* @returns
+	*/
+	clearErrors(field) {
+		this.errors.clear(field);
+		this.queuePersist();
+		return this;
+	}
+	/**
+	* Parse session for views
+	*
+	* @returns
+	*/
+	forView() {
+		return {
+			...this.all(),
+			errors: this.errors,
+			flash: this.flashBag
+		};
+	}
+	/**
+	* Return session as json
+	*
+	* @returns
+	*/
+	toJSON() {
+		return {
+			...this.all(),
+			errors: this.errors.toJSON(),
+			flash: this.flashBag.toJSON()
+		};
+	}
+};
+//#endregion
+//#region src/old.ts
+const requestInput = () => {
+	const request = globalThis.request?.();
+	if (request instanceof Request$1) {
+		if (isRecord(request.body)) return request.body;
+		const source = isRecord(request.source) ? request.source : void 0;
+		if (source && typeof source.getBody === "function") return source.getBody() ?? {};
+		if (isRecord(source?.body)) return source.body;
+	}
+	if (isRecord(request) && typeof request.getBody === "function") return request.getBody() ?? {};
+	return isRecord(request?.body) ? request.body : {};
+};
+const old = (key, defaultValue) => {
+	const input = requestInput();
+	if (!key) return input;
+	return getPath(input, key, defaultValue);
+};
+//#endregion
+//#region src/session/helpers.ts
+const sweepRegisteredKey = Symbol.for("arkstack:http:flash-sweep-registered");
+const attachSessionProperty = (target, session) => {
+	target.httpSession = session;
+	if (!("session" in target) || target.session instanceof Session) target.session = session;
+};
+const responseSource = (target) => {
+	return target.res ?? target.ctx?.res ?? target.response?.source ?? target.clearResponse?.source ?? target.context?.res ?? target.context?.response?.source;
+};
+const registerResponseFlashSweep = (target, session) => {
+	if (!isRecord(target)) return;
+	const current = session ?? getSession(target);
+	const res = responseSource(target);
+	if (!(current instanceof Session) || !isRecord(res) || typeof res.end !== "function" || res[sweepRegisteredKey]) return;
+	res[sweepRegisteredKey] = true;
+	const end = res.end.bind(res);
+	res.end = (...args) => {
+		current.sweepFlash().catch(() => void 0).finally(() => end(...args));
+		return res;
+	};
+};
+const attachViewState = (target, session) => {
+	attachSessionProperty(target, session);
+	target.errors = session.errors;
+	if (isRecord(target.req)) {
+		attachSessionProperty(target.req, session);
+		target.req.errors = session.errors;
+		target.req.old = old;
+	}
+	if (isRecord(target.res)) target.res.locals = {
+		...target.res.locals || {},
+		session,
+		errors: session.errors,
+		flash: session.flashBag,
+		old
+	};
+	if (isRecord(target.response?.source)) target.response.source.locals = {
+		...target.response.source.locals || {},
+		session,
+		errors: session.errors,
+		flash: session.flashBag,
+		old
+	};
+	if (isRecord(target.context)) {
+		attachSessionProperty(target.context, session);
+		target.context.errors = session.errors;
+		target.context.flash = session.flashBag;
+		target.context.old = old;
+	}
+	if (isRecord(target.state)) {
+		attachSessionProperty(target.state, session);
+		target.state.errors = session.errors;
+		target.state.flash = session.flashBag;
+		target.state.old = old;
+	}
+	if (typeof target.set === "function") {
+		target.set("session", session);
+		target.set("errors", session.errors);
+		target.set("flash", session.flashBag);
+		target.set("old", old);
+	}
+};
+/**
+* Ensure a valid session exists
+* 
+* @param ctx 
+* @param initial 
+* @returns 
+*/
+const ensureSession = (ctx, initial, persistent) => {
+	if (!isRecord(ctx)) return new Session(initial, persistent);
+	const existing = ctx[sessionKey] ?? (ctx.session instanceof Session ? ctx.session : void 0) ?? (isRecord(ctx.req) && ctx.req.httpSession instanceof Session ? ctx.req.httpSession : void 0);
+	const session = existing instanceof Session ? existing : new Session(initial, persistent);
+	ctx[sessionKey] = session;
+	attachViewState(ctx, session);
+	return session;
+};
+/**
+* Get the current session
+* 
+* @param ctx 
+* @returns 
+*/
+const getSession = (ctx) => {
+	if (!isRecord(ctx)) return;
+	const session = ctx[sessionKey] ?? ctx.session;
+	return session instanceof Session ? session : void 0;
+};
+//#endregion
+//#region src/session/cookie.ts
+const generateSessionId = () => randomBytes(32).toString("base64url");
+const signValue = (value, secret) => createHmac("sha256", secret).update(value).digest("base64url");
+const encodeSignedValue = (value, secret) => `${value}.${signValue(value, secret)}`;
+const decodeSignedValue = (value, secret) => {
+	if (!value) return void 0;
+	const index = value.lastIndexOf(".");
+	if (index < 1) return void 0;
+	const payload = value.slice(0, index);
+	const signature = value.slice(index + 1);
+	const expected = signValue(payload, secret);
+	const signatureBuffer = Buffer.from(signature);
+	const expectedBuffer = Buffer.from(expected);
+	if (signatureBuffer.length !== expectedBuffer.length) return void 0;
+	return timingSafeEqual(signatureBuffer, expectedBuffer) ? payload : void 0;
+};
+const encodeJson = (value) => Buffer.from(JSON.stringify(value), "utf8").toString("base64url");
+const decodeJson = (value) => {
+	if (!value) return void 0;
+	try {
+		return JSON.parse(Buffer.from(value, "base64url").toString("utf8"));
+	} catch {
+		return;
+	}
+};
+const parseCookies = (header) => {
+	return (Array.isArray(header) ? header.join("; ") : header || "").split(";").reduce((cookies, part) => {
+		const index = part.indexOf("=");
+		if (index < 0) return cookies;
+		const key = part.slice(0, index).trim();
+		const value = part.slice(index + 1).trim();
+		if (key) cookies[key] = decodeURIComponent(value);
+		return cookies;
+	}, {});
+};
+const getCookie = (context, name) => {
+	const ctx = isRecord(context.ctx) ? context.ctx : context;
+	const headers = (context.request || ctx.clearRequest || ctx.req || ctx.request)?.headers || ctx.headers || ctx.req?.headers || ctx.request?.headers;
+	return parseCookies(typeof headers?.get === "function" ? headers.get("cookie") : headers?.cookie)[name];
+};
+const serializeCookie = (name, value, options = {}) => {
+	const parts = [`${name}=${encodeURIComponent(value)}`];
+	if (typeof options.maxAge === "number") parts.push(`Max-Age=${Math.max(0, Math.floor(options.maxAge))}`);
+	if (options.expires) parts.push(`Expires=${options.expires.toUTCString()}`);
+	parts.push(`Path=${options.path || "/"}`);
+	if (options.domain) parts.push(`Domain=${options.domain}`);
+	if (options.httpOnly !== false) parts.push("HttpOnly");
+	if (options.secure) parts.push("Secure");
+	if (options.sameSite) parts.push(`SameSite=${options.sameSite}`);
+	return parts.join("; ");
+};
+const splitSetCookieHeader = (value) => {
+	return value.split(/,\s*(?=[^;,\s]+=)/).filter(Boolean);
+};
+const withoutCookie = (current, cookieName) => {
+	return (Array.isArray(current) ? current.flatMap((item) => splitSetCookieHeader(String(item))) : typeof current === "string" ? splitSetCookieHeader(current) : []).filter((cookie) => !cookie.trim().startsWith(`${cookieName}=`));
+};
+const upsertHeaderValue = (target, headerName, cookieName, value) => {
+	if (!target) return false;
+	if (typeof target.setHeader === "function") {
+		const next = [...withoutCookie(typeof target.getHeader === "function" ? target.getHeader(headerName) : void 0, cookieName), value];
+		target.setHeader(headerName, next);
+		return true;
+	}
+	if (target.headers && typeof target.headers.set === "function") {
+		const next = [...withoutCookie(target.headers.get(headerName), cookieName), value];
+		target.headers.set(headerName, next.join(", "));
+		return true;
+	}
+	if (typeof target.appendHeader === "function") {
+		target.appendHeader(headerName, value);
+		return true;
+	}
+	if (typeof target.append === "function") {
+		target.append(headerName, value);
+		return true;
+	}
+	return false;
+};
+const setCookie = (context, name, value, options = {}) => {
+	const ctx = isRecord(context.ctx) ? context.ctx : context;
+	const cookie = serializeCookie(name, value, options);
+	const response = context.response || ctx.clearResponse;
+	if (response?.headers && typeof response.headers.set === "function") {
+		const next = [...withoutCookie(response.headers.get("set-cookie"), name), cookie];
+		response.headers.set("set-cookie", next.join(", "));
+	}
+	upsertHeaderValue(response?.source, "Set-Cookie", name, cookie) || upsertHeaderValue(ctx.res, "Set-Cookie", name, cookie) || upsertHeaderValue(ctx.response, "Set-Cookie", name, cookie) || upsertHeaderValue(ctx.response?.source, "Set-Cookie", name, cookie) || upsertHeaderValue(ctx.event?.res, "Set-Cookie", name, cookie);
+	return cookie;
+};
+//#endregion
+//#region src/session/serialization.ts
+const byteLength = (value) => Buffer.byteLength(value, "utf8");
+const serializeValue = (value) => {
+	if (value === null || typeof value === "undefined") return "N;";
+	if (typeof value === "boolean") return `b:${value ? 1 : 0};`;
+	if (typeof value === "number") return Number.isInteger(value) ? `i:${value};` : `d:${value};`;
+	if (typeof value === "string") return `s:${byteLength(value)}:"${value}";`;
+	if (Array.isArray(value)) return serializeEntries(value.map((item, index) => [index, item]));
+	if (typeof value === "object") return serializeEntries(Object.entries(value));
+	return serializeValue(String(value));
+};
+const serializeEntries = (entries) => {
+	return `a:${entries.length}:{${entries.map(([key, value]) => serializeValue(key) + serializeValue(value)).join("")}}`;
+};
+var Parser = class {
+	source;
+	offset = 0;
+	constructor(source) {
+		this.source = source;
+	}
+	parse() {
+		const type = this.source[this.offset];
+		this.offset += type === "N" ? 1 : 2;
+		switch (type) {
+			case "N":
+				this.expect(";");
+				return null;
+			case "b": return this.readUntil(";") === "1";
+			case "i": return Number.parseInt(this.readUntil(";"), 10);
+			case "d": return Number.parseFloat(this.readUntil(";"));
+			case "s": return this.parseString();
+			case "a": return this.parseArray();
+			default: throw new Error(`Unsupported serialized session value: ${type}`);
+		}
+	}
+	parseString() {
+		const length = Number.parseInt(this.readUntil(":"), 10);
+		this.expect("\"");
+		let end = this.offset;
+		let bytes = 0;
+		while (end < this.source.length && bytes < length) {
+			const char = this.source[end];
+			bytes += Buffer.byteLength(char, "utf8");
+			end += 1;
+		}
+		const value = this.source.slice(this.offset, end);
+		this.offset = end;
+		this.expect("\"");
+		this.expect(";");
+		return value;
+	}
+	parseArray() {
+		const length = Number.parseInt(this.readUntil(":"), 10);
+		this.expect("{");
+		const entries = [];
+		let sequential = true;
+		for (let index = 0; index < length; index += 1) {
+			const key = this.parse();
+			const value = this.parse();
+			entries.push([key, value]);
+			if (key !== index) sequential = false;
+		}
+		this.expect("}");
+		if (sequential) return entries.map(([, value]) => value);
+		return entries.reduce((record, [key, value]) => {
+			record[String(key)] = value;
+			return record;
+		}, {});
+	}
+	readUntil(token) {
+		const index = this.source.indexOf(token, this.offset);
+		if (index < 0) throw new Error("Invalid serialized session payload");
+		const value = this.source.slice(this.offset, index);
+		this.offset = index + token.length;
+		return value;
+	}
+	expect(token) {
+		if (this.source.slice(this.offset, this.offset + token.length) !== token) throw new Error("Invalid serialized session payload");
+		this.offset += token.length;
+	}
+};
+const encodeSessionPayload = (payload) => {
+	return serializeValue(payload);
+};
+const normalizeSessionPayload = (payload) => {
+	if (!payload || typeof payload !== "object" || Array.isArray(payload)) return payload;
+	const record = payload;
+	for (const key of [
+		"data",
+		"errors",
+		"flash"
+	]) if (Array.isArray(record[key]) && record[key].length === 0) record[key] = {};
+	return record;
+};
+const decodeSessionPayload = (value) => {
+	if (!value) return;
+	try {
+		return normalizeSessionPayload(new Parser(value).parse());
+	} catch {
+		return;
+	}
+};
+//#endregion
+//#region src/session/encryption.ts
+const keyFromSecret = (secret) => {
+	if (secret.startsWith("base64:")) {
+		const decoded = Buffer.from(secret.slice(7), "base64");
+		if (decoded.length === 32) return decoded;
+	}
+	const raw = Buffer.from(secret, "base64");
+	if (raw.length === 32) return raw;
+	return createHash("sha256").update(secret).digest();
+};
+const macFor = (iv, value, key) => {
+	return createHmac("sha256", key).update(iv + value).digest("hex");
+};
+const encryptSessionValue = (value, secret) => {
+	const key = keyFromSecret(secret);
+	const iv = randomBytes(16);
+	const ivValue = iv.toString("base64");
+	const cipher = createCipheriv("aes-256-cbc", key, iv);
+	const encrypted = Buffer.concat([cipher.update(value, "utf8"), cipher.final()]).toString("base64");
+	const payload = {
+		iv: ivValue,
+		value: encrypted,
+		mac: macFor(ivValue, encrypted, key),
+		tag: ""
+	};
+	return JSON.stringify(payload);
+};
+const decryptSessionValue = (payload, secret) => {
+	if (!payload) return;
+	try {
+		const decoded = JSON.parse(payload.startsWith("{") ? payload : Buffer.from(payload, "base64").toString("utf8"));
+		if (!decoded.iv || !decoded.value || !decoded.mac) return;
+		const key = keyFromSecret(secret);
+		const expected = macFor(decoded.iv, decoded.value, key);
+		const actualBuffer = Buffer.from(decoded.mac);
+		const expectedBuffer = Buffer.from(expected);
+		if (actualBuffer.length !== expectedBuffer.length || !timingSafeEqual(actualBuffer, expectedBuffer)) return;
+		const decipher = createDecipheriv("aes-256-cbc", key, Buffer.from(decoded.iv, "base64"));
+		return Buffer.concat([decipher.update(Buffer.from(decoded.value, "base64")), decipher.final()]).toString("utf8");
+	} catch {
+		return;
+	}
+};
+//#endregion
+//#region src/session/drivers/BaseSessionDriver.ts
+const defaultSecret = () => String(process.env.SESSION_SECRET || process.env.APP_KEY || "arkstack-session-secret");
+const defaultcookie_options = (ttl) => ({
+	httpOnly: true,
+	sameSite: "Lax",
+	secure: process.env.NODE_ENV === "production",
+	path: "/",
+	maxAge: ttl
+});
+var BaseSessionDriver = class {
+	cookie;
+	secret;
+	ttl;
+	cookie_options;
+	constructor(options = {}) {
+		this.cookie = options.cookie || "arkstack_session";
+		this.secret = options.secret || defaultSecret();
+		this.ttl = options.ttl;
+		this.cookie_options = {
+			...defaultcookie_options(options.ttl),
+			...options.cookie_options || {}
+		};
+	}
+	readSessionId(context) {
+		return decodeSignedValue(getCookie(context, this.cookie), this.secret);
+	}
+	encryptPayload(value) {
+		return encryptSessionValue(value, this.secret);
+	}
+	decryptPayload(value) {
+		return decryptSessionValue(value, this.secret);
+	}
+	writeSessionId(context, id) {
+		setCookie(context, this.cookie, encodeSignedValue(id, this.secret), this.cookie_options);
+	}
+};
+//#endregion
+//#region src/session/drivers/CookieSessionDriver.ts
+var CookieSessionDriver = class extends BaseSessionDriver {
+	async start(context) {
+		const cookie = getCookie(context, this.cookie);
+		const decoded = this.decryptPayload(cookie) ?? decodeSignedValue(cookie, this.secret);
+		const payload = decodeSessionPayload(decoded) ?? decodeJson(decoded);
+		const id = payload?.id || generateSessionId();
+		const state = payload ? {
+			data: payload.data,
+			errors: payload.errors,
+			flash: payload.flash
+		} : void 0;
+		const save = async (next) => {
+			setCookie(context, this.cookie, this.encryptPayload(encodeSessionPayload({
+				id,
+				...next
+			})), this.cookie_options);
+		};
+		const destroy = async () => {
+			setCookie(context, this.cookie, "", {
+				...this.cookie_options,
+				maxAge: 0,
+				expires: /* @__PURE__ */ new Date(0)
+			});
+		};
+		return {
+			id,
+			state,
+			save,
+			destroy
+		};
+	}
+};
+//#endregion
+//#region src/session/drivers/DatabaseSessionDriver.ts
+var DatabaseSessionDriver = class extends BaseSessionDriver {
+	tableName;
+	constructor(options = {}) {
+		super(options);
+		this.tableName = options.table || "sessions";
+	}
+	table() {
+		return DB.table(this.tableName);
+	}
+	async start(context) {
+		const id = this.readSessionId(context) || generateSessionId();
+		this.writeSessionId(context, id);
+		const row = await this.table().where({ id }).first();
+		const state = isRecord(row) && typeof row.payload === "string" ? decodeSessionPayload(this.decryptPayload(row.payload) ?? row.payload) ?? decodeJson(this.decryptPayload(row.payload) ?? row.payload) : isRecord(row?.payload) ? row.payload : void 0;
+		const save = async (payload) => {
+			const now = /* @__PURE__ */ new Date();
+			const values = {
+				id,
+				payload: this.encryptPayload(encodeSessionPayload(payload)),
+				updatedAt: now,
+				expiresAt: this.ttl ? new Date(now.getTime() + this.ttl * 1e3) : null
+			};
+			if (await this.table().where({ id }).first()) await this.table().where({ id }).update(values);
+			else await this.table().insert({
+				...values,
+				createdAt: now
+			});
+			this.writeSessionId(context, id);
+		};
+		const destroy = async () => {
+			await this.table().where({ id }).delete();
+			setCookie(context, this.cookie, "", {
+				...this.cookie_options,
+				maxAge: 0,
+				expires: /* @__PURE__ */ new Date(0)
+			});
+		};
+		return {
+			id,
+			state,
+			save,
+			destroy
+		};
+	}
+};
+//#endregion
+//#region src/session/drivers/FileSessionDriver.ts
+var FileSessionDriver = class extends BaseSessionDriver {
+	directory;
+	constructor(options = {}) {
+		super(options);
+		this.directory = options.directory || join(process.cwd(), "storage", "framework", "sessions");
+	}
+	path(id) {
+		return join(this.directory, id);
+	}
+	async start(context) {
+		const id = this.readSessionId(context) || generateSessionId();
+		this.writeSessionId(context, id);
+		let state;
+		try {
+			const contents = await readFile(this.path(id), "utf8");
+			const payload = this.decryptPayload(contents) ?? contents;
+			state = decodeSessionPayload(payload) ?? JSON.parse(payload);
+		} catch {
+			state = void 0;
+		}
+		const save = async (payload) => {
+			const path = this.path(id);
+			await mkdir(dirname(path), { recursive: true });
+			await writeFile(path, this.encryptPayload(encodeSessionPayload(payload)), "utf8");
+			this.writeSessionId(context, id);
+		};
+		const destroy = async () => {
+			await rm(this.path(id), { force: true });
+			setCookie(context, this.cookie, "", {
+				...this.cookie_options,
+				maxAge: 0,
+				expires: /* @__PURE__ */ new Date(0)
+			});
+		};
+		return {
+			id,
+			state,
+			save,
+			destroy
+		};
+	}
+};
+//#endregion
+//#region src/session/config.ts
+let configuredDriver;
+const readAppSessionConfig = () => {
+	try {
+		if (!globalThis.config) return;
+		return {
+			driver: config("session.driver", "cookie"),
+			cookie: config("session.cookie", "arkstack_session"),
+			secret: config("session.secret"),
+			ttl: config("session.ttl", 3600 * 24 * 7),
+			cookie_options: {
+				path: config("session.path", "/"),
+				httpOnly: config("session.http_only", true),
+				secure: config("session.secure", true),
+				sameSite: config("session.same_site", "Lax")
+			},
+			file: { directory: config("session.directory") },
+			database: { table: config("session.table", "sessions") }
+		};
+	} catch {
+		return;
+	}
+};
+const createSessionDriver = (config = {}) => {
+	if (config.driver && typeof config.driver !== "string") return config.driver;
+	const common = {
+		cookie: config.cookie,
+		secret: config.secret,
+		ttl: config.ttl,
+		cookie_options: config.cookie_options
+	};
+	switch (config.driver || "cookie") {
+		case "file": return new FileSessionDriver({
+			...common,
+			directory: config.file?.directory
+		});
+		case "database": return new DatabaseSessionDriver({
+			...common,
+			table: config.database?.table
+		});
+		default: return new CookieSessionDriver(common);
+	}
+};
+const configureSession = (config) => {
+	configuredDriver = typeof config.start === "function" ? config : createSessionDriver(config);
+	return configuredDriver;
+};
+const getSessionDriver = () => {
+	if (!configuredDriver) configuredDriver = createSessionDriver(readAppSessionConfig());
+	return configuredDriver;
+};
+//#endregion
+//#region src/session/plugins.ts
+const arkstackHttpPlugin = definePlugin({
+	name: "arkstack-http",
+	setup: ({ bind, useHttpContext }) => {
+		bind(Session, ({ ctx }) => ensureSession(ctx));
+		useHttpContext(async (context) => {
+			globalThis.request = (key) => key ? context.request.input(key) : context.request;
+			const persistent = await getSessionDriver().start(context);
+			const session = ensureSession(context.ctx, persistent.state, persistent);
+			context.httpSession = session;
+			if (!("session" in context) || context.session instanceof Session) context.session = session;
+			context.errors = session.errors;
+			attachViewState(context, session);
+			registerResponseFlashSweep(context, session);
+		});
+	}
+});
+const kanunSessionPlugin = definePlugin$1({
+	name: "kanun-session-plugin",
+	install({ onValidationError }) {
+		onValidationError((validator) => {
+			const currentSession = globalThis.session?.();
+			if (currentSession instanceof Session) currentSession.addValidationErrors(validator);
+		});
+	}
+});
+//#endregion
+//#region src/redirect.ts
+const defaultRedirectStatus = 302;
+const headerValue = (value) => {
+	if (Array.isArray(value)) return typeof value[0] === "string" ? value[0] : void 0;
+	return typeof value === "string" ? value : void 0;
+};
+const redirectBackTarget = (fallback = "/") => {
+	const request = globalThis.request?.();
+	if (request instanceof Request$1) return request.header("referer") || request.header("referrer") || fallback;
+	const source = isRecord(request?.source) ? request.source : void 0;
+	const headers = isRecord(source?.headers) ? source.headers : void 0;
+	return headerValue(headers?.referer) || headerValue(headers?.referrer) || fallback;
+};
+const resolveRedirectTarget = (to = "back", fallback = "/") => {
+	if (!to || to === "back" || to === "source") return redirectBackTarget(fallback);
+	return to;
+};
+const redirect = (to = "back", status = defaultRedirectStatus) => {
+	const target = resolveRedirectTarget(to);
+	const response = globalThis.response?.() ?? new Response$1();
+	response.status(status);
+	response.header("Location", target);
+	response.body = null;
+	const source = response.source;
+	if (isRecord(source) && typeof source.redirect === "function") source.redirect(status, target);
+	return response;
+};
+//#endregion
+export { registerResponseFlashSweep as A, normalizeHeaderValue as B, parseCookies as C, attachViewState as D, signValue as E, Response$1 as F, unwrapRequestSource as H, Request$1 as I, isHeaders as L, Session as M, ErrorBag as N, ensureSession as O, FlashBag as P, isRecord as R, getCookie as S, setCookie as T, normalizeHeaders as V, decodeJson as _, kanunSessionPlugin as a, encodeSignedValue as b, getSessionDriver as c, CookieSessionDriver as d, BaseSessionDriver as f, encodeSessionPayload as g, decodeSessionPayload as h, arkstackHttpPlugin as i, old as j, getSession as k, FileSessionDriver as l, encryptSessionValue as m, redirectBackTarget as n, configureSession as o, decryptSessionValue as p, resolveRedirectTarget as r, createSessionDriver as s, redirect as t, DatabaseSessionDriver as u, decodeSignedValue as v, serializeCookie as w, generateSessionId as x, encodeJson as y, makeHeaders as z };
+
+//# sourceMappingURL=redirect-CZvhBHqO.js.map