@dangao/bun-server 0.1.5 → 0.3.0

package/dist/index.js

@@ -1,4 +1,14 @@
 // @bun
+var __defProp = Object.defineProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: (newValue) => all[name] = () => newValue
+    });
+};
 var __legacyDecorateClassTS = function(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function")
@@ -14,6 +24,371 @@ var __legacyMetadataTS = (k, v) => {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function")
     return Reflect.metadata(k, v);
 };
+var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+
+// src/validation/decorators.ts
+import"reflect-metadata";
+function getOrCreateMetadata(target, propertyKey) {
+  const existing = Reflect.getMetadata(VALIDATION_METADATA_KEY, target, propertyKey);
+  if (existing) {
+    return existing;
+  }
+  const metadata = [];
+  Reflect.defineMetadata(VALIDATION_METADATA_KEY, metadata, target, propertyKey);
+  return metadata;
+}
+function Validate(...rules) {
+  return (target, propertyKey, parameterIndex) => {
+    if (!propertyKey) {
+      throw new Error("@Validate decorator can only be used on methods");
+    }
+    if (!rules.length) {
+      throw new Error("@Validate requires at least one validation rule");
+    }
+    const metadata = getOrCreateMetadata(target, propertyKey);
+    let entry = metadata.find((item) => item.index === parameterIndex);
+    if (!entry) {
+      entry = { index: parameterIndex, rules: [] };
+      metadata.push(entry);
+    }
+    entry.rules.push(...rules);
+  };
+}
+function IsString(options = {}) {
+  return {
+    name: "isString",
+    message: options.message ?? "\u5FC5\u987B\u662F\u5B57\u7B26\u4E32",
+    validate: (value) => typeof value === "string"
+  };
+}
+function IsNumber(options = {}) {
+  return {
+    name: "isNumber",
+    message: options.message ?? "\u5FC5\u987B\u662F\u6570\u5B57",
+    validate: (value) => typeof value === "number" && !Number.isNaN(value)
+  };
+}
+function IsEmail(options = {}) {
+  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+  return {
+    name: "isEmail",
+    message: options.message ?? "\u5FC5\u987B\u662F\u5408\u6CD5\u7684\u90AE\u7BB1\u5730\u5740",
+    validate: (value) => typeof value === "string" && emailRegex.test(value)
+  };
+}
+function IsOptional() {
+  return {
+    name: "isOptional",
+    message: "",
+    optional: true,
+    validate: () => true
+  };
+}
+function MinLength(min, options = {}) {
+  return {
+    name: "minLength",
+    message: options.message ?? `\u957F\u5EA6\u4E0D\u80FD\u5C0F\u4E8E ${min}`,
+    validate: (value) => typeof value === "string" && value.length >= min
+  };
+}
+function getValidationMetadata(target, propertyKey) {
+  return Reflect.getMetadata(VALIDATION_METADATA_KEY, target, propertyKey) || [];
+}
+var VALIDATION_METADATA_KEY;
+var init_decorators = __esm(() => {
+  VALIDATION_METADATA_KEY = Symbol("validation:param");
+});
+
+// src/validation/errors.ts
+var ValidationError;
+var init_errors = __esm(() => {
+  ValidationError = class ValidationError extends Error {
+    issues;
+    constructor(message, issues) {
+      super(message);
+      this.name = "ValidationError";
+      this.issues = issues;
+    }
+  };
+});
+
+// src/validation/validator.ts
+function shouldSkip(rule, value) {
+  return rule.optional === true && (value === undefined || value === null);
+}
+function validateRule(rule, value, index) {
+  if (shouldSkip(rule, value)) {
+    return null;
+  }
+  const passed = rule.validate(value);
+  if (passed) {
+    return null;
+  }
+  return {
+    index,
+    rule: rule.name,
+    message: rule.message
+  };
+}
+function validateParameters(params, metadata) {
+  if (!metadata.length) {
+    return;
+  }
+  const issues = [];
+  for (const item of metadata) {
+    const value = params[item.index];
+    let skipped = false;
+    for (const rule of item.rules) {
+      if (rule.optional && (value === undefined || value === null)) {
+        skipped = true;
+        break;
+      }
+      const issue = validateRule(rule, value, item.index);
+      if (issue) {
+        issues.push(issue);
+      }
+    }
+    if (skipped) {
+      continue;
+    }
+  }
+  if (issues.length > 0) {
+    throw new ValidationError("Validation failed", issues);
+  }
+}
+var init_validator = __esm(() => {
+  init_errors();
+});
+
+// src/validation/index.ts
+var init_validation = __esm(() => {
+  init_decorators();
+  init_validator();
+  init_errors();
+});
+
+// src/error/error-codes.ts
+var ERROR_CODE_TO_STATUS, ERROR_CODE_MESSAGES;
+var init_error_codes = __esm(() => {
+  ERROR_CODE_TO_STATUS = {
+    ["INTERNAL_ERROR" /* INTERNAL_ERROR */]: 500,
+    ["INVALID_REQUEST" /* INVALID_REQUEST */]: 400,
+    ["RESOURCE_NOT_FOUND" /* RESOURCE_NOT_FOUND */]: 404,
+    ["METHOD_NOT_ALLOWED" /* METHOD_NOT_ALLOWED */]: 405,
+    ["AUTH_REQUIRED" /* AUTH_REQUIRED */]: 401,
+    ["AUTH_INVALID_TOKEN" /* AUTH_INVALID_TOKEN */]: 401,
+    ["AUTH_TOKEN_EXPIRED" /* AUTH_TOKEN_EXPIRED */]: 401,
+    ["AUTH_INSUFFICIENT_PERMISSIONS" /* AUTH_INSUFFICIENT_PERMISSIONS */]: 403,
+    ["VALIDATION_FAILED" /* VALIDATION_FAILED */]: 400,
+    ["VALIDATION_REQUIRED_FIELD" /* VALIDATION_REQUIRED_FIELD */]: 400,
+    ["VALIDATION_INVALID_FORMAT" /* VALIDATION_INVALID_FORMAT */]: 400,
+    ["VALIDATION_OUT_OF_RANGE" /* VALIDATION_OUT_OF_RANGE */]: 400,
+    ["OAUTH2_INVALID_CLIENT" /* OAUTH2_INVALID_CLIENT */]: 400,
+    ["OAUTH2_INVALID_GRANT" /* OAUTH2_INVALID_GRANT */]: 400,
+    ["OAUTH2_INVALID_SCOPE" /* OAUTH2_INVALID_SCOPE */]: 400,
+    ["OAUTH2_INVALID_REDIRECT_URI" /* OAUTH2_INVALID_REDIRECT_URI */]: 400,
+    ["OAUTH2_UNSUPPORTED_GRANT_TYPE" /* OAUTH2_UNSUPPORTED_GRANT_TYPE */]: 400
+  };
+  ERROR_CODE_MESSAGES = {
+    ["INTERNAL_ERROR" /* INTERNAL_ERROR */]: "Internal Server Error",
+    ["INVALID_REQUEST" /* INVALID_REQUEST */]: "Invalid Request",
+    ["RESOURCE_NOT_FOUND" /* RESOURCE_NOT_FOUND */]: "Resource Not Found",
+    ["METHOD_NOT_ALLOWED" /* METHOD_NOT_ALLOWED */]: "Method Not Allowed",
+    ["AUTH_REQUIRED" /* AUTH_REQUIRED */]: "Authentication Required",
+    ["AUTH_INVALID_TOKEN" /* AUTH_INVALID_TOKEN */]: "Invalid Authentication Token",
+    ["AUTH_TOKEN_EXPIRED" /* AUTH_TOKEN_EXPIRED */]: "Authentication Token Expired",
+    ["AUTH_INSUFFICIENT_PERMISSIONS" /* AUTH_INSUFFICIENT_PERMISSIONS */]: "Insufficient Permissions",
+    ["VALIDATION_FAILED" /* VALIDATION_FAILED */]: "Validation Failed",
+    ["VALIDATION_REQUIRED_FIELD" /* VALIDATION_REQUIRED_FIELD */]: "Required Field Missing",
+    ["VALIDATION_INVALID_FORMAT" /* VALIDATION_INVALID_FORMAT */]: "Invalid Format",
+    ["VALIDATION_OUT_OF_RANGE" /* VALIDATION_OUT_OF_RANGE */]: "Value Out of Range",
+    ["OAUTH2_INVALID_CLIENT" /* OAUTH2_INVALID_CLIENT */]: "Invalid Client",
+    ["OAUTH2_INVALID_GRANT" /* OAUTH2_INVALID_GRANT */]: "Invalid Grant",
+    ["OAUTH2_INVALID_SCOPE" /* OAUTH2_INVALID_SCOPE */]: "Invalid Scope",
+    ["OAUTH2_INVALID_REDIRECT_URI" /* OAUTH2_INVALID_REDIRECT_URI */]: "Invalid Redirect URI",
+    ["OAUTH2_UNSUPPORTED_GRANT_TYPE" /* OAUTH2_UNSUPPORTED_GRANT_TYPE */]: "Unsupported Grant Type"
+  };
+});
+
+// src/error/http-exception.ts
+var HttpException, BadRequestException, UnauthorizedException, ForbiddenException, NotFoundException, InternalServerErrorException;
+var init_http_exception = __esm(() => {
+  init_error_codes();
+  HttpException = class HttpException extends Error {
+    status;
+    code;
+    details;
+    constructor(status, message, details, code) {
+      super(message);
+      this.name = this.constructor.name;
+      this.status = status;
+      this.code = code;
+      this.details = details;
+    }
+    static withCode(code, message, details) {
+      const status = ERROR_CODE_TO_STATUS[code] || 500;
+      const finalMessage = message || ERROR_CODE_MESSAGES[code] || "Internal Server Error";
+      return new HttpException(status, finalMessage, details, code);
+    }
+  };
+  BadRequestException = class BadRequestException extends HttpException {
+    constructor(message = "Bad Request", details, code) {
+      super(400, message, details, code);
+    }
+  };
+  UnauthorizedException = class UnauthorizedException extends HttpException {
+    constructor(message = "Unauthorized", details, code) {
+      super(401, message, details, code);
+    }
+  };
+  ForbiddenException = class ForbiddenException extends HttpException {
+    constructor(message = "Forbidden", details, code) {
+      super(403, message, details, code);
+    }
+  };
+  NotFoundException = class NotFoundException extends HttpException {
+    constructor(message = "Not Found", details, code) {
+      super(404, message, details, code);
+    }
+  };
+  InternalServerErrorException = class InternalServerErrorException extends HttpException {
+    constructor(message = "Internal Server Error", details, code) {
+      super(500, message, details, code);
+    }
+  };
+});
+
+// src/error/filter.ts
+class ExceptionFilterRegistry {
+  static instance;
+  filters = [];
+  constructor() {}
+  static getInstance() {
+    if (!ExceptionFilterRegistry.instance) {
+      ExceptionFilterRegistry.instance = new ExceptionFilterRegistry;
+    }
+    return ExceptionFilterRegistry.instance;
+  }
+  register(filter) {
+    this.filters.push(filter);
+  }
+  clear() {
+    this.filters.length = 0;
+  }
+  async execute(error, context) {
+    for (const filter of this.filters) {
+      const result = await filter.catch(error, context);
+      if (result) {
+        return result;
+      }
+    }
+    return;
+  }
+}
+
+// src/error/i18n.ts
+class ErrorMessageI18n {
+  static currentLanguage = "en";
+  static setLanguage(language) {
+    this.currentLanguage = language;
+  }
+  static getLanguage() {
+    return this.currentLanguage;
+  }
+  static getMessage(code, language) {
+    const lang = language || this.currentLanguage;
+    const messages = ERROR_MESSAGES_I18N[lang];
+    return messages?.[code] || ERROR_CODE_MESSAGES[code] || "Internal Server Error";
+  }
+  static parseLanguageFromHeader(acceptLanguage) {
+    if (!acceptLanguage) {
+      return "en";
+    }
+    if (acceptLanguage.includes("zh-CN") || acceptLanguage.includes("zh")) {
+      return "zh-CN";
+    }
+    return "en";
+  }
+}
+var ERROR_MESSAGES_I18N;
+var init_i18n = __esm(() => {
+  init_error_codes();
+  ERROR_MESSAGES_I18N = {
+    en: {
+      ...ERROR_CODE_MESSAGES
+    },
+    "zh-CN": {
+      ["INTERNAL_ERROR" /* INTERNAL_ERROR */]: "\u670D\u52A1\u5668\u5185\u90E8\u9519\u8BEF",
+      ["INVALID_REQUEST" /* INVALID_REQUEST */]: "\u65E0\u6548\u7684\u8BF7\u6C42",
+      ["RESOURCE_NOT_FOUND" /* RESOURCE_NOT_FOUND */]: "\u8D44\u6E90\u672A\u627E\u5230",
+      ["METHOD_NOT_ALLOWED" /* METHOD_NOT_ALLOWED */]: "\u65B9\u6CD5\u4E0D\u5141\u8BB8",
+      ["AUTH_REQUIRED" /* AUTH_REQUIRED */]: "\u9700\u8981\u8BA4\u8BC1",
+      ["AUTH_INVALID_TOKEN" /* AUTH_INVALID_TOKEN */]: "\u65E0\u6548\u7684\u8BA4\u8BC1\u4EE4\u724C",
+      ["AUTH_TOKEN_EXPIRED" /* AUTH_TOKEN_EXPIRED */]: "\u8BA4\u8BC1\u4EE4\u724C\u5DF2\u8FC7\u671F",
+      ["AUTH_INSUFFICIENT_PERMISSIONS" /* AUTH_INSUFFICIENT_PERMISSIONS */]: "\u6743\u9650\u4E0D\u8DB3",
+      ["VALIDATION_FAILED" /* VALIDATION_FAILED */]: "\u9A8C\u8BC1\u5931\u8D25",
+      ["VALIDATION_REQUIRED_FIELD" /* VALIDATION_REQUIRED_FIELD */]: "\u5FC5\u586B\u5B57\u6BB5\u7F3A\u5931",
+      ["VALIDATION_INVALID_FORMAT" /* VALIDATION_INVALID_FORMAT */]: "\u683C\u5F0F\u65E0\u6548",
+      ["VALIDATION_OUT_OF_RANGE" /* VALIDATION_OUT_OF_RANGE */]: "\u503C\u8D85\u51FA\u8303\u56F4",
+      ["OAUTH2_INVALID_CLIENT" /* OAUTH2_INVALID_CLIENT */]: "\u65E0\u6548\u7684\u5BA2\u6237\u7AEF",
+      ["OAUTH2_INVALID_GRANT" /* OAUTH2_INVALID_GRANT */]: "\u65E0\u6548\u7684\u6388\u6743",
+      ["OAUTH2_INVALID_SCOPE" /* OAUTH2_INVALID_SCOPE */]: "\u65E0\u6548\u7684\u4F5C\u7528\u57DF",
+      ["OAUTH2_INVALID_REDIRECT_URI" /* OAUTH2_INVALID_REDIRECT_URI */]: "\u65E0\u6548\u7684\u91CD\u5B9A\u5411 URI",
+      ["OAUTH2_UNSUPPORTED_GRANT_TYPE" /* OAUTH2_UNSUPPORTED_GRANT_TYPE */]: "\u4E0D\u652F\u6301\u7684\u6388\u6743\u7C7B\u578B"
+    }
+  };
+});
+
+// src/error/handler.ts
+var exports_handler = {};
+__export(exports_handler, {
+  handleError: () => handleError
+});
+async function handleError(error, context) {
+  const registry = ExceptionFilterRegistry.getInstance();
+  const filterResponse = await registry.execute(error, context);
+  if (filterResponse) {
+    return filterResponse;
+  }
+  if (error instanceof HttpException) {
+    context.setStatus(error.status);
+    let errorMessage = error.message;
+    if (error.code) {
+      const acceptLanguage = context.getHeader("accept-language");
+      const language = ErrorMessageI18n.parseLanguageFromHeader(acceptLanguage);
+      errorMessage = ErrorMessageI18n.getMessage(error.code, language);
+    }
+    const responseBody = {
+      error: errorMessage
+    };
+    if (error.code) {
+      responseBody.code = error.code;
+    }
+    if (error.details !== undefined) {
+      responseBody.details = error.details;
+    }
+    return context.createResponse(responseBody);
+  }
+  if (error instanceof ValidationError) {
+    context.setStatus(400);
+    return context.createResponse({
+      error: error.message,
+      code: "VALIDATION_FAILED",
+      issues: error.issues
+    });
+  }
+  const message = error instanceof Error ? error.message : String(error);
+  context.setStatus(500);
+  return context.createResponse({
+    error: "Internal Server Error",
+    details: message
+  });
+}
+var init_handler = __esm(() => {
+  init_http_exception();
+  init_validation();
+  init_i18n();
+});
 
 // src/request/body-parser.ts
 class BodyParser {
@@ -150,6 +525,17 @@ class Context {
   getHeader(key) {
     return this.headers.get(key);
   }
+  getClientIp() {
+    const forwardedFor = this.getHeader("X-Forwarded-For");
+    if (forwardedFor) {
+      return forwardedFor.split(",")[0].trim();
+    }
+    const realIp = this.getHeader("X-Real-IP");
+    if (realIp) {
+      return realIp.trim();
+    }
+    return "unknown";
+  }
   setHeader(key, value) {
     this.responseHeaders.set(key, value);
   }
@@ -941,310 +1327,211 @@ function PATCH(path) {
   return createRouteDecorator("PATCH", path);
 }
 
-// src/controller/metadata.ts
-function getControllerMetadata(target) {
-  return Reflect.getMetadata(CONTROLLER_METADATA_KEY, target);
-}
-function getRouteMetadata(target) {
-  return Reflect.getMetadata(ROUTE_METADATA_KEY, target) || [];
-}
-// src/middleware/decorators.ts
-import"reflect-metadata";
-var CLASS_MIDDLEWARE_METADATA_KEY = Symbol("middleware:class");
-var METHOD_MIDDLEWARE_METADATA_KEY = Symbol("middleware:method");
-function appendMiddlewareMetadata(target, propertyKey, middlewares) {
-  if (!middlewares.length) {
-    return;
-  }
-  if (propertyKey === undefined) {
-    const existing2 = Reflect.getMetadata(CLASS_MIDDLEWARE_METADATA_KEY, target) || [];
-    Reflect.defineMetadata(CLASS_MIDDLEWARE_METADATA_KEY, existing2.concat(middlewares), target);
-    return;
-  }
-  const existing = Reflect.getMetadata(METHOD_MIDDLEWARE_METADATA_KEY, target, propertyKey) || [];
-  Reflect.defineMetadata(METHOD_MIDDLEWARE_METADATA_KEY, existing.concat(middlewares), target, propertyKey);
-}
-function UseMiddleware(...middlewares) {
-  return function(target, propertyKey) {
-    appendMiddlewareMetadata(propertyKey === undefined ? target : target, propertyKey, middlewares);
-  };
-}
-function getClassMiddlewares(constructor) {
-  return Reflect.getMetadata(CLASS_MIDDLEWARE_METADATA_KEY, constructor) || [];
-}
-function getMethodMiddlewares(target, propertyKey) {
-  return Reflect.getMetadata(METHOD_MIDDLEWARE_METADATA_KEY, target, propertyKey) || [];
-}
-// src/middleware/builtin/logger.ts
-import { LoggerManager as LoggerManager4 } from "@dangao/logsmith";
-function createLoggerMiddleware(options = {}) {
-  const log = options.logger ?? ((message, details) => {
-    const logger = LoggerManager4.getLogger();
-    if (details) {
-      logger.info(message, details);
-    } else {
-      logger.info(message);
-    }
-  });
-  const prefix = options.prefix ?? "[Logger]";
-  return async (context, next) => {
-    let response;
-    try {
-      response = await next();
-      return response;
-    } finally {
-      const status = response?.status ?? context.statusCode ?? 200;
-      log(`${prefix} ${context.method} ${context.path} ${status}`);
-    }
-  };
-}
-function createRequestLoggingMiddleware(options = {}) {
-  const log = options.logger ?? ((message, details) => {
-    const logger = LoggerManager4.getLogger();
-    logger.info(message, details);
-  });
-  const prefix = options.prefix ?? "[Request]";
-  const setHeader = options.setHeader ?? true;
-  return async (context, next) => {
-    const start = performance.now();
-    try {
-      const response = await next();
-      const duration = performance.now() - start;
-      log(`${prefix} ${context.method} ${context.path} ${response.status} ${duration.toFixed(2)}ms`);
-      if (setHeader) {
-        context.setHeader("x-request-duration", duration.toFixed(2));
-      }
-      return response;
-    } catch (error) {
-      const duration = performance.now() - start;
-      log(`${prefix} ${context.method} ${context.path} error ${duration.toFixed(2)}ms`, error instanceof Error ? { error: error.message } : undefined);
-      throw error;
-    }
-  };
-}
-// src/validation/decorators.ts
-import"reflect-metadata";
-var VALIDATION_METADATA_KEY = Symbol("validation:param");
-function getOrCreateMetadata(target, propertyKey) {
-  const existing = Reflect.getMetadata(VALIDATION_METADATA_KEY, target, propertyKey);
-  if (existing) {
-    return existing;
-  }
-  const metadata = [];
-  Reflect.defineMetadata(VALIDATION_METADATA_KEY, metadata, target, propertyKey);
-  return metadata;
-}
-function Validate(...rules) {
-  return (target, propertyKey, parameterIndex) => {
-    if (!propertyKey) {
-      throw new Error("@Validate decorator can only be used on methods");
-    }
-    if (!rules.length) {
-      throw new Error("@Validate requires at least one validation rule");
-    }
-    const metadata = getOrCreateMetadata(target, propertyKey);
-    let entry = metadata.find((item) => item.index === parameterIndex);
-    if (!entry) {
-      entry = { index: parameterIndex, rules: [] };
-      metadata.push(entry);
-    }
-    entry.rules.push(...rules);
-  };
-}
-function IsString(options = {}) {
-  return {
-    name: "isString",
-    message: options.message ?? "\u5FC5\u987B\u662F\u5B57\u7B26\u4E32",
-    validate: (value) => typeof value === "string"
-  };
-}
-function IsNumber(options = {}) {
-  return {
-    name: "isNumber",
-    message: options.message ?? "\u5FC5\u987B\u662F\u6570\u5B57",
-    validate: (value) => typeof value === "number" && !Number.isNaN(value)
-  };
-}
-function IsEmail(options = {}) {
-  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-  return {
-    name: "isEmail",
-    message: options.message ?? "\u5FC5\u987B\u662F\u5408\u6CD5\u7684\u90AE\u7BB1\u5730\u5740",
-    validate: (value) => typeof value === "string" && emailRegex.test(value)
-  };
-}
-function IsOptional() {
-  return {
-    name: "isOptional",
-    message: "",
-    optional: true,
-    validate: () => true
-  };
-}
-function MinLength(min, options = {}) {
-  return {
-    name: "minLength",
-    message: options.message ?? `\u957F\u5EA6\u4E0D\u80FD\u5C0F\u4E8E ${min}`,
-    validate: (value) => typeof value === "string" && value.length >= min
-  };
-}
-function getValidationMetadata(target, propertyKey) {
-  return Reflect.getMetadata(VALIDATION_METADATA_KEY, target, propertyKey) || [];
-}
-// src/validation/errors.ts
-class ValidationError extends Error {
-  issues;
-  constructor(message, issues) {
-    super(message);
-    this.name = "ValidationError";
-    this.issues = issues;
-  }
-}
-
-// src/validation/validator.ts
-function shouldSkip(rule, value) {
-  return rule.optional === true && (value === undefined || value === null);
-}
-function validateRule(rule, value, index) {
-  if (shouldSkip(rule, value)) {
-    return null;
-  }
-  const passed = rule.validate(value);
-  if (passed) {
-    return null;
-  }
-  return {
-    index,
-    rule: rule.name,
-    message: rule.message
-  };
-}
-function validateParameters(params, metadata) {
-  if (!metadata.length) {
-    return;
-  }
-  const issues = [];
-  for (const item of metadata) {
-    const value = params[item.index];
-    let skipped = false;
-    for (const rule of item.rules) {
-      if (rule.optional && (value === undefined || value === null)) {
-        skipped = true;
-        break;
-      }
-      const issue = validateRule(rule, value, item.index);
-      if (issue) {
-        issues.push(issue);
-      }
-    }
-    if (skipped) {
-      continue;
-    }
-  }
-  if (issues.length > 0) {
-    throw new ValidationError("Validation failed", issues);
-  }
-}
-// src/middleware/builtin/error-handler.ts
-import { LoggerManager as LoggerManager5 } from "@dangao/logsmith";
-
-// src/error/http-exception.ts
-class HttpException extends Error {
-  status;
-  details;
-  constructor(status, message, details) {
-    super(message);
-    this.name = this.constructor.name;
-    this.status = status;
-    this.details = details;
-  }
-}
-
-class BadRequestException extends HttpException {
-  constructor(message = "Bad Request", details) {
-    super(400, message, details);
-  }
-}
-
-class UnauthorizedException extends HttpException {
-  constructor(message = "Unauthorized", details) {
-    super(401, message, details);
-  }
-}
-
-class ForbiddenException extends HttpException {
-  constructor(message = "Forbidden", details) {
-    super(403, message, details);
-  }
-}
-
-class NotFoundException extends HttpException {
-  constructor(message = "Not Found", details) {
-    super(404, message, details);
-  }
+// src/controller/metadata.ts
+function getControllerMetadata(target) {
+  return Reflect.getMetadata(CONTROLLER_METADATA_KEY, target);
 }
-
-class InternalServerErrorException extends HttpException {
-  constructor(message = "Internal Server Error", details) {
-    super(500, message, details);
-  }
+function getRouteMetadata(target) {
+  return Reflect.getMetadata(ROUTE_METADATA_KEY, target) || [];
 }
-// src/error/filter.ts
-class ExceptionFilterRegistry {
-  static instance;
-  filters = [];
-  constructor() {}
-  static getInstance() {
-    if (!ExceptionFilterRegistry.instance) {
-      ExceptionFilterRegistry.instance = new ExceptionFilterRegistry;
+// src/middleware/decorators.ts
+import"reflect-metadata";
+
+// src/middleware/builtin/rate-limit.ts
+class MemoryRateLimitStore {
+  store = new Map;
+  async get(key) {
+    const entry = this.store.get(key);
+    if (!entry) {
+      return 0;
     }
-    return ExceptionFilterRegistry.instance;
+    if (Date.now() > entry.resetTime) {
+      this.store.delete(key);
+      return 0;
+    }
+    return entry.count;
   }
-  register(filter) {
-    this.filters.push(filter);
+  async increment(key, windowMs) {
+    const now = Date.now();
+    const entry = this.store.get(key);
+    if (!entry || now > entry.resetTime) {
+      const resetTime = now + windowMs;
+      this.store.set(key, { count: 1, resetTime });
+      return 1;
+    }
+    entry.count++;
+    return entry.count;
   }
-  clear() {
-    this.filters.length = 0;
+  async reset(key) {
+    this.store.delete(key);
   }
-  async execute(error, context) {
-    for (const filter of this.filters) {
-      const result = await filter.catch(error, context);
-      if (result) {
-        return result;
+  cleanup() {
+    const now = Date.now();
+    for (const [key, entry] of this.store.entries()) {
+      if (now > entry.resetTime) {
+        this.store.delete(key);
       }
     }
-    return;
   }
 }
-// src/error/handler.ts
-async function handleError(error, context) {
-  const registry = ExceptionFilterRegistry.getInstance();
-  const filterResponse = await registry.execute(error, context);
-  if (filterResponse) {
-    return filterResponse;
-  }
-  if (error instanceof HttpException) {
-    context.setStatus(error.status);
-    return context.createResponse({
-      error: error.message,
-      details: error.details
-    });
+function defaultKeyGenerator(context) {
+  return `rate-limit:${context.getClientIp()}`;
+}
+function createRateLimitMiddleware(options) {
+  const {
+    max,
+    windowMs = 60000,
+    store = new MemoryRateLimitStore,
+    keyGenerator = defaultKeyGenerator,
+    skipSuccessfulRequests = false,
+    skipFailedRequests = false,
+    message = "Too Many Requests",
+    statusCode = 429,
+    standardHeaders = true,
+    legacyHeaders = true
+  } = options;
+  return async (context, next) => {
+    const key = await keyGenerator(context);
+    const currentCount = await store.increment(key, windowMs);
+    const remaining = Math.max(0, max - currentCount);
+    const resetTime = Date.now() + windowMs;
+    if (standardHeaders) {
+      context.setHeader("RateLimit-Limit", max.toString());
+      context.setHeader("RateLimit-Remaining", remaining.toString());
+      context.setHeader("RateLimit-Reset", Math.ceil(resetTime / 1000).toString());
+    }
+    if (legacyHeaders) {
+      context.setHeader("X-RateLimit-Limit", max.toString());
+      context.setHeader("X-RateLimit-Remaining", remaining.toString());
+      context.setHeader("X-RateLimit-Reset", Math.ceil(resetTime / 1000).toString());
+    }
+    if (currentCount > max) {
+      context.setStatus(statusCode);
+      return context.createResponse({
+        error: message,
+        retryAfter: Math.ceil(windowMs / 1000)
+      });
+    }
+    const response = await next();
+    const shouldSkip = skipSuccessfulRequests && response.status >= 200 && response.status < 300 || skipFailedRequests && response.status >= 400;
+    if (shouldSkip) {
+      const current = await store.get(key);
+      if (current > 0) {}
+    }
+    return response;
+  };
+}
+function createTokenKeyGenerator(tokenHeader = "Authorization") {
+  return (context) => {
+    const token = context.getHeader(tokenHeader);
+    if (token) {
+      const tokenValue = token.startsWith("Bearer ") ? token.substring(7) : token;
+      return `rate-limit:token:${tokenValue}`;
+    }
+    return defaultKeyGenerator(context);
+  };
+}
+function createUserKeyGenerator(getUserId) {
+  return (context) => {
+    const userId = getUserId(context);
+    if (userId) {
+      return `rate-limit:user:${userId}`;
+    }
+    return defaultKeyGenerator(context);
+  };
+}
+
+// src/middleware/decorators.ts
+var CLASS_MIDDLEWARE_METADATA_KEY = Symbol("middleware:class");
+var METHOD_MIDDLEWARE_METADATA_KEY = Symbol("middleware:method");
+function appendMiddlewareMetadata(target, propertyKey, middlewares) {
+  if (!middlewares.length) {
+    return;
   }
-  if (error instanceof ValidationError) {
-    context.setStatus(400);
-    return context.createResponse({
-      error: error.message,
-      issues: error.issues
-    });
+  if (propertyKey === undefined) {
+    const existing2 = Reflect.getMetadata(CLASS_MIDDLEWARE_METADATA_KEY, target) || [];
+    Reflect.defineMetadata(CLASS_MIDDLEWARE_METADATA_KEY, existing2.concat(middlewares), target);
+    return;
   }
-  const message = error instanceof Error ? error.message : String(error);
-  context.setStatus(500);
-  return context.createResponse({
-    error: "Internal Server Error",
-    details: message
+  const existing = Reflect.getMetadata(METHOD_MIDDLEWARE_METADATA_KEY, target, propertyKey) || [];
+  Reflect.defineMetadata(METHOD_MIDDLEWARE_METADATA_KEY, existing.concat(middlewares), target, propertyKey);
+}
+function UseMiddleware(...middlewares) {
+  return function(target, propertyKey) {
+    appendMiddlewareMetadata(propertyKey === undefined ? target : target, propertyKey, middlewares);
+  };
+}
+function RateLimit(options) {
+  return function(target, propertyKey) {
+    const middleware = createRateLimitMiddleware(options);
+    appendMiddlewareMetadata(target, propertyKey, [middleware]);
+  };
+}
+function getClassMiddlewares(constructor) {
+  return Reflect.getMetadata(CLASS_MIDDLEWARE_METADATA_KEY, constructor) || [];
+}
+function getMethodMiddlewares(target, propertyKey) {
+  return Reflect.getMetadata(METHOD_MIDDLEWARE_METADATA_KEY, target, propertyKey) || [];
+}
+// src/middleware/builtin/logger.ts
+import { LoggerManager as LoggerManager4 } from "@dangao/logsmith";
+function createLoggerMiddleware(options = {}) {
+  const log = options.logger ?? ((message, details) => {
+    const logger = LoggerManager4.getLogger();
+    if (details) {
+      logger.info(message, details);
+    } else {
+      logger.info(message);
+    }
+  });
+  const prefix = options.prefix ?? "[Logger]";
+  return async (context, next) => {
+    let response;
+    try {
+      response = await next();
+      return response;
+    } finally {
+      const status = response?.status ?? context.statusCode ?? 200;
+      log(`${prefix} ${context.method} ${context.path} ${status}`);
+    }
+  };
+}
+function createRequestLoggingMiddleware(options = {}) {
+  const log = options.logger ?? ((message, details) => {
+    const logger = LoggerManager4.getLogger();
+    logger.info(message, details);
   });
+  const prefix = options.prefix ?? "[Request]";
+  const setHeader = options.setHeader ?? true;
+  return async (context, next) => {
+    const start = performance.now();
+    try {
+      const response = await next();
+      const duration = performance.now() - start;
+      log(`${prefix} ${context.method} ${context.path} ${response.status} ${duration.toFixed(2)}ms`);
+      if (setHeader) {
+        context.setHeader("x-request-duration", duration.toFixed(2));
+      }
+      return response;
+    } catch (error) {
+      const duration = performance.now() - start;
+      log(`${prefix} ${context.method} ${context.path} error ${duration.toFixed(2)}ms`, error instanceof Error ? { error: error.message } : undefined);
+      throw error;
+    }
+  };
 }
 // src/middleware/builtin/error-handler.ts
+init_validation();
+import { LoggerManager as LoggerManager5 } from "@dangao/logsmith";
+
+// src/error/index.ts
+init_http_exception();
+init_handler();
+init_error_codes();
+init_i18n();
+
+// src/middleware/builtin/error-handler.ts
+init_handler();
 function createErrorHandlingMiddleware(options = {}) {
   const log = options.logger ?? ((error, context) => {
     LoggerManager5.getLogger().error("[Error]", { ...context, error });
@@ -1274,13 +1561,7 @@ function createErrorHandlingMiddleware(options = {}) {
         });
       }
       if (error instanceof HttpException) {
-        if (!expose) {
-          return await handleError(error, context);
-        }
-        return context.createResponse({
-          error: error.message,
-          details: error.details
-        }, { status: error.status });
+        return await handleError(error, context);
       }
       if (error instanceof Error && !expose) {
         return await handleError(error, context);
@@ -1455,6 +1736,7 @@ function createStaticFileMiddleware(options) {
   };
 }
 // src/controller/controller.ts
+init_validation();
 var CONTROLLER_METADATA_KEY = Symbol("controller");
 function Controller(path = "") {
   return function(target) {
@@ -1538,23 +1820,8 @@ class ControllerRegistry {
           }
           return context.createResponse(responseData);
         } catch (error) {
-          if (error instanceof ValidationError) {
-            context.setStatus(400);
-            return context.createResponse({
-              error: error.message,
-              issues: error.issues
-            });
-          }
-          if (error instanceof HttpException) {
-            context.setStatus(error.status);
-            return context.createResponse({
-              error: error.message,
-              details: error.details
-            });
-          }
-          context.setStatus(500);
-          const errorMessage = error instanceof Error ? error.message : String(error);
-          return context.createResponse({ error: errorMessage });
+          const { handleError: handleError2 } = await Promise.resolve().then(() => (init_handler(), exports_handler));
+          return await handleError2(error, context);
         }
       };
       const middlewares = [...classMiddlewares];
@@ -2079,6 +2346,8 @@ class ResponseBuilder {
     });
   }
 }
+// src/index.ts
+init_validation();
 // src/extensions/logger-module.ts
 class LoggerModule {
   static forRoot(options = {}) {
@@ -2490,8 +2759,8 @@ class SecurityContextHolder {
     return context;
   }
   static runWithContext(callback) {
-    const existing = this.storage.getStore() ?? new SecurityContextImpl;
-    return this.storage.run(existing, callback);
+    const context = new SecurityContextImpl;
+    return this.storage.run(context, callback);
   }
   static clearContext() {
     const context = this.storage.getStore();
@@ -2531,6 +2800,10 @@ class RoleBasedAccessDecisionManager {
     return requiredAuthorities.some((required) => userAuthorities.includes(required));
   }
 }
+// src/security/filter.ts
+init_http_exception();
+init_error_codes();
+
 // src/auth/decorators.ts
 import"reflect-metadata";
 var AUTH_METADATA_KEY = Symbol("@dangao/bun-server:auth");
@@ -2601,19 +2874,19 @@ function createSecurityFilter(config) {
           if (requiresAuth(controllerTarget, method)) {
             const authentication = securityContext.authentication;
             if (!authentication || !authentication.authenticated) {
-              throw new UnauthorizedException("Authentication required");
+              throw new UnauthorizedException("Authentication required", undefined, "AUTH_REQUIRED" /* AUTH_REQUIRED */);
             }
             const requiredRoles = getRequiredRoles(controllerTarget, method);
             if (requiredRoles.length > 0) {
               const hasAccess = accessDecisionManager.decide(authentication, requiredRoles);
               if (!hasAccess) {
                 const userRoles = authentication.authorities || [];
-                throw new ForbiddenException(`Insufficient permissions. Required roles: ${requiredRoles.join(", ")}, User roles: ${userRoles.join(", ")}`);
+                throw new ForbiddenException(`Insufficient permissions. Required roles: ${requiredRoles.join(", ")}, User roles: ${userRoles.join(", ")}`, { requiredRoles, userRoles }, "AUTH_INSUFFICIENT_PERMISSIONS" /* AUTH_INSUFFICIENT_PERMISSIONS */);
               }
             }
           }
         } else if (defaultAuthRequired && !securityContext.isAuthenticated()) {
-          throw new UnauthorizedException("Authentication required");
+          throw new UnauthorizedException("Authentication required", undefined, "AUTH_REQUIRED" /* AUTH_REQUIRED */);
         }
         ctx.security = securityContext;
         ctx.auth = {
@@ -2634,7 +2907,7 @@ function extractTokenFromHeader(ctx) {
     return null;
   }
   const parts = authHeader.split(" ");
-  if (parts.length !== 2 || parts[0] !== "Bearer") {
+  if (parts.length !== 2 || parts[0].toLowerCase() !== "bearer") {
     return null;
   }
   return parts[1];
@@ -2680,9 +2953,11 @@ class JwtAuthenticationProvider {
 // src/security/providers/oauth2-provider.ts
 class OAuth2AuthenticationProvider {
   oauth2Service;
+  jwtUtil;
   supportedTypes = ["oauth2", "authorization_code"];
-  constructor(oauth2Service) {
+  constructor(oauth2Service, jwtUtil) {
     this.oauth2Service = oauth2Service;
+    this.jwtUtil = jwtUtil;
   }
   supports(type) {
     return this.supportedTypes.includes(type.toLowerCase());
@@ -2696,15 +2971,14 @@ class OAuth2AuthenticationProvider {
     if (!tokenResponse) {
       return null;
     }
-    const userInfo = {
-      id: "user-1",
-      username: "user",
-      roles: ["user"]
-    };
+    const payload = this.jwtUtil.verify(tokenResponse.accessToken);
+    if (!payload || !payload.sub) {
+      return null;
+    }
     const principal = {
-      id: userInfo.id,
-      username: userInfo.username,
-      roles: userInfo.roles
+      id: payload.sub,
+      username: payload.username || payload.sub,
+      roles: payload.roles || []
     };
     return {
       authenticated: true,
@@ -3088,7 +3362,7 @@ class SecurityModule {
     const oauth2Service = new OAuth2Service(jwtUtil, config.oauth2Clients || [], {}, userProvider);
     const authenticationManager = new AuthenticationManager;
     authenticationManager.registerProvider(new JwtAuthenticationProvider(jwtUtil));
-    authenticationManager.registerProvider(new OAuth2AuthenticationProvider(oauth2Service));
+    authenticationManager.registerProvider(new OAuth2AuthenticationProvider(oauth2Service, jwtUtil));
     const securityFilter = createSecurityFilter({
       authenticationManager,
       excludePaths: [
@@ -3338,6 +3612,297 @@ HealthModule = __legacyDecorateClassTS([
     providers: []
   })
 ], HealthModule);
+// src/metrics/collector.ts
+class MetricsCollector {
+  counters = new Map;
+  gauges = new Map;
+  histograms = new Map;
+  customMetrics = [];
+  registerCustomMetric(metric) {
+    this.customMetrics.push(metric);
+  }
+  incrementCounter(name, labels, value = 1) {
+    const key = this.getKey(name, labels);
+    const counterMap = this.counters.get(name) || new Map;
+    const current = counterMap.get(key) || 0;
+    counterMap.set(key, current + value);
+    this.counters.set(name, counterMap);
+  }
+  setGauge(name, labels, value) {
+    const key = this.getKey(name, labels);
+    const gaugeMap = this.gauges.get(name) || new Map;
+    gaugeMap.set(key, value);
+    this.gauges.set(name, gaugeMap);
+  }
+  observeHistogram(name, labels, value) {
+    const key = this.getKey(name, labels);
+    const histogramMap = this.histograms.get(name) || new Map;
+    const values = histogramMap.get(key) || [];
+    values.push(value);
+    histogramMap.set(key, values);
+    this.histograms.set(name, histogramMap);
+  }
+  async getAllDataPoints() {
+    const dataPoints = [];
+    for (const [name, counterMap] of this.counters.entries()) {
+      for (const [key, value] of counterMap.entries()) {
+        const labels = this.parseKey(key);
+        dataPoints.push({
+          name,
+          type: "counter",
+          value,
+          labels: labels && Object.keys(labels).length > 0 ? labels : undefined
+        });
+      }
+    }
+    for (const [name, gaugeMap] of this.gauges.entries()) {
+      for (const [key, value] of gaugeMap.entries()) {
+        const labels = this.parseKey(key);
+        dataPoints.push({
+          name,
+          type: "gauge",
+          value,
+          labels: labels && Object.keys(labels).length > 0 ? labels : undefined
+        });
+      }
+    }
+    for (const [name, histogramMap] of this.histograms.entries()) {
+      for (const [key, values] of histogramMap.entries()) {
+        const labels = this.parseKey(key);
+        const sum = values.reduce((a, b) => a + b, 0);
+        const count = values.length;
+        const buckets = this.calculateBuckets(values);
+        dataPoints.push({
+          name: `${name}_sum`,
+          type: "histogram",
+          value: sum,
+          labels: labels && Object.keys(labels).length > 0 ? labels : undefined
+        });
+        dataPoints.push({
+          name: `${name}_count`,
+          type: "histogram",
+          value: count,
+          labels: labels && Object.keys(labels).length > 0 ? labels : undefined
+        });
+        for (const [bucket, bucketCount] of Object.entries(buckets)) {
+          dataPoints.push({
+            name: `${name}_bucket`,
+            type: "histogram",
+            value: bucketCount,
+            labels: {
+              ...labels,
+              le: bucket
+            }
+          });
+        }
+      }
+    }
+    for (const metric of this.customMetrics) {
+      try {
+        const value = await metric.getValue();
+        dataPoints.push({
+          name: metric.name,
+          type: metric.type,
+          value,
+          help: metric.help
+        });
+      } catch (error) {
+        console.error(`Failed to collect custom metric ${metric.name}:`, error);
+      }
+    }
+    return dataPoints;
+  }
+  reset() {
+    this.counters.clear();
+    this.gauges.clear();
+    this.histograms.clear();
+  }
+  getKey(name, labels) {
+    if (!labels || Object.keys(labels).length === 0) {
+      return "";
+    }
+    const sortedLabels = Object.keys(labels).sort().map((key) => `${key}="${labels[key]}"`).join(",");
+    return `{${sortedLabels}}`;
+  }
+  parseKey(key) {
+    if (!key || key === "") {
+      return;
+    }
+    const labels = {};
+    const match = key.match(/\{([^}]+)\}/);
+    if (match) {
+      const labelPairs = match[1].split(",");
+      for (const pair of labelPairs) {
+        const [k, v] = pair.split("=");
+        if (k && v) {
+          labels[k.trim()] = v.trim().replace(/^"|"$/g, "");
+        }
+      }
+    }
+    return Object.keys(labels).length > 0 ? labels : undefined;
+  }
+  calculateBuckets(values) {
+    const defaultBuckets = [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10];
+    const buckets = {};
+    for (const bucket of defaultBuckets) {
+      buckets[bucket.toString()] = values.filter((v) => v <= bucket).length;
+    }
+    buckets["+Inf"] = values.length;
+    return buckets;
+  }
+}
+
+// src/metrics/prometheus.ts
+class PrometheusFormatter {
+  format(dataPoints) {
+    const lines = [];
+    const metricGroups = this.groupByMetricName(dataPoints);
+    for (const [metricName, points] of metricGroups.entries()) {
+      const help = points[0]?.help;
+      if (help) {
+        lines.push(`# HELP ${metricName} ${help}`);
+      }
+      const type = points[0]?.type;
+      if (type) {
+        lines.push(`# TYPE ${metricName} ${type}`);
+      }
+      for (const point of points) {
+        const labelString = this.formatLabels(point.labels);
+        const line = labelString ? `${point.name}${labelString} ${point.value}` : `${point.name} ${point.value}`;
+        lines.push(line);
+      }
+      lines.push("");
+    }
+    return lines.join(`
+`);
+  }
+  groupByMetricName(dataPoints) {
+    const groups = new Map;
+    for (const point of dataPoints) {
+      const name = point.name;
+      const existing = groups.get(name) || [];
+      existing.push(point);
+      groups.set(name, existing);
+    }
+    return groups;
+  }
+  formatLabels(labels) {
+    if (!labels || Object.keys(labels).length === 0) {
+      return "";
+    }
+    const labelPairs = Object.keys(labels).sort().map((key) => `${key}="${this.escapeLabelValue(labels[key])}"`).join(",");
+    return `{${labelPairs}}`;
+  }
+  escapeLabelValue(value) {
+    return value.replace(/\\/g, "\\\\").replace(/"/g, "\\\"").replace(/\n/g, "\\n");
+  }
+}
+
+// src/metrics/types.ts
+var METRICS_SERVICE_TOKEN = Symbol("@dangao/bun-server:metrics:service");
+var METRICS_OPTIONS_TOKEN = Symbol("@dangao/bun-server:metrics:options");
+
+// src/metrics/controller.ts
+class MetricsController {
+  collector;
+  options;
+  formatter;
+  constructor(collector, options) {
+    this.collector = collector;
+    this.options = options;
+    this.formatter = new PrometheusFormatter;
+  }
+  async metrics() {
+    const dataPoints = await this.collector.getAllDataPoints();
+    const prometheusText = this.formatter.format(dataPoints);
+    return new Response(prometheusText, {
+      headers: {
+        "Content-Type": "text/plain; version=0.0.4; charset=utf-8"
+      }
+    });
+  }
+}
+__legacyDecorateClassTS([
+  GET("/metrics"),
+  __legacyMetadataTS("design:type", Function),
+  __legacyMetadataTS("design:paramtypes", []),
+  __legacyMetadataTS("design:returntype", typeof Promise === "undefined" ? Object : Promise)
+], MetricsController.prototype, "metrics", null);
+MetricsController = __legacyDecorateClassTS([
+  Controller("/"),
+  __legacyDecorateParamTS(0, Inject(METRICS_SERVICE_TOKEN)),
+  __legacyDecorateParamTS(1, Inject(METRICS_OPTIONS_TOKEN)),
+  __legacyMetadataTS("design:paramtypes", [
+    typeof MetricsCollector === "undefined" ? Object : MetricsCollector,
+    typeof MetricsModuleOptions === "undefined" ? Object : MetricsModuleOptions
+  ])
+], MetricsController);
+
+// src/metrics/metrics-module.ts
+class MetricsModule {
+  static forRoot(options = {}) {
+    const providers2 = [];
+    const collector = new MetricsCollector;
+    if (options.customMetrics) {
+      for (const metric of options.customMetrics) {
+        collector.registerCustomMetric(metric);
+      }
+    }
+    providers2.push({
+      provide: METRICS_SERVICE_TOKEN,
+      useValue: collector
+    }, {
+      provide: METRICS_OPTIONS_TOKEN,
+      useValue: options
+    }, MetricsCollector);
+    const existingMetadata = Reflect.getMetadata(MODULE_METADATA_KEY, MetricsModule) || {};
+    const metadata = {
+      ...existingMetadata,
+      controllers: [...existingMetadata.controllers || [], MetricsController],
+      providers: [...existingMetadata.providers || [], ...providers2],
+      exports: [
+        ...existingMetadata.exports || [],
+        METRICS_SERVICE_TOKEN,
+        MetricsCollector
+      ]
+    };
+    Reflect.defineMetadata(MODULE_METADATA_KEY, metadata, MetricsModule);
+    return MetricsModule;
+  }
+}
+MetricsModule = __legacyDecorateClassTS([
+  Module({
+    controllers: [MetricsController],
+    providers: []
+  })
+], MetricsModule);
+// src/metrics/middleware.ts
+function createHttpMetricsMiddleware(collector) {
+  return async (context2, next) => {
+    const startTime = Date.now();
+    const response = await next();
+    const duration = Date.now() - startTime;
+    const durationSeconds = duration / 1000;
+    const method = context2.method;
+    const path = context2.path;
+    const statusCode = response.status;
+    collector.incrementCounter("http_requests_total", {
+      method,
+      path,
+      status: statusCode.toString()
+    });
+    collector.observeHistogram("http_request_duration_seconds", {
+      method,
+      path,
+      status: statusCode.toString()
+    }, durationSeconds);
+    collector.observeHistogram("http_request_duration_seconds_summary", {
+      method,
+      path
+    }, durationSeconds);
+    return response;
+  };
+}
 // src/testing/harness.ts
 import { performance as performance2 } from "perf_hooks";
 
@@ -3401,11 +3966,15 @@ class StressTester {
 export {
   requiresAuth,
   getAuthMetadata,
+  createUserKeyGenerator,
+  createTokenKeyGenerator,
   createSwaggerUIMiddleware,
   createStaticFileMiddleware,
   createSecurityFilter,
   createRequestLoggingMiddleware,
+  createRateLimitMiddleware,
   createLoggerMiddleware,
+  createHttpMetricsMiddleware,
   createFileUploadMiddleware,
   createErrorHandlingMiddleware,
   createCorsMiddleware,
@@ -3428,7 +3997,9 @@ export {
   RoleBasedAccessDecisionManager,
   ResponseBuilder,
   RequestWrapper,
+  RateLimit,
   Query,
+  PrometheusFormatter,
   PerformanceHarness,
   ParamBinder,
   Param,
@@ -3447,6 +4018,10 @@ export {
   Module,
   MinLength,
   MiddlewarePipeline,
+  MetricsModule,
+  MetricsCollector,
+  METRICS_SERVICE_TOKEN,
+  METRICS_OPTIONS_TOKEN,
   LoggerModule,
   LoggerExtension,
   LogLevel2 as LogLevel,