@draftlab/auth 0.14.0 → 0.15.1

package/dist/router/matcher.d.mts

@@ -0,0 +1,15 @@
+import { CompiledRoute, MatchResult, RouterOptions } from "./types.mjs";
+
+//#region src/router/matcher.d.ts
+declare class RouteMatcher {
+  private readonly compiledRoutes;
+  private readonly options;
+  constructor(options?: RouterOptions);
+  compile(pattern: string): CompiledRoute;
+  match(pattern: string, pathname: string): MatchResult | null;
+  sortRoutesBySpecificity(patterns: string[]): string[];
+  private calculateSpecificity;
+  normalizePath(pathname: string): string;
+}
+//#endregion
+export { RouteMatcher };

package/dist/router/matcher.mjs

@@ -0,0 +1,76 @@
+//#region src/router/matcher.ts
+var RouteMatcher = class {
+	compiledRoutes = /* @__PURE__ */ new Map();
+	options;
+	constructor(options = {}) {
+		this.options = {
+			caseSensitive: false,
+			strict: false,
+			basePath: "",
+			...options
+		};
+	}
+	compile(pattern) {
+		const cacheKey = `${pattern}:${this.options.caseSensitive}:${this.options.strict}`;
+		const cached = this.compiledRoutes.get(cacheKey);
+		if (cached) return cached;
+		const paramNames = [];
+		let regexPattern = pattern.replace(/:([^/]+)/g, (_, name) => {
+			paramNames.push(name);
+			return "([^/]+)";
+		});
+		regexPattern = regexPattern.replace(/\*/g, "(.*)");
+		const finalPattern = this.options.strict || pattern === "/" ? regexPattern : `${regexPattern.replace(/\/$/, "")}/?`;
+		const compiled = {
+			regex: new RegExp(`^${finalPattern}$`, this.options.caseSensitive ? "" : "i"),
+			paramNames,
+			pattern
+		};
+		this.compiledRoutes.set(cacheKey, compiled);
+		return compiled;
+	}
+	match(pattern, pathname) {
+		const compiled = this.compile(pattern);
+		const match = pathname.match(compiled.regex);
+		if (!match) return null;
+		const params = {};
+		for (let i = 0; i < compiled.paramNames.length; i++) {
+			const name = compiled.paramNames[i];
+			const value = match[i + 1];
+			if (name && value !== void 0) try {
+				params[name] = decodeURIComponent(value);
+			} catch {
+				params[name] = value;
+			}
+		}
+		return {
+			params: Object.freeze(params),
+			pattern
+		};
+	}
+	sortRoutesBySpecificity(patterns) {
+		return [...patterns].sort((a, b) => {
+			const aScore = this.calculateSpecificity(a);
+			return this.calculateSpecificity(b) - aScore;
+		});
+	}
+	calculateSpecificity(pattern) {
+		const segments = pattern.split("/").filter(Boolean);
+		let score = 0;
+		for (const segment of segments) if (segment.startsWith(":")) score += 2;
+		else if (segment === "*") score += 1;
+		else score += 4;
+		return score;
+	}
+	normalizePath(pathname) {
+		let normalized = pathname;
+		const { basePath, strict } = this.options;
+		if (basePath && normalized.startsWith(basePath)) normalized = normalized.slice(basePath.length) || "/";
+		if (!normalized.startsWith("/")) normalized = `/${normalized}`;
+		if (!strict && normalized.length > 1 && normalized.endsWith("/")) normalized = normalized.slice(0, -1);
+		return normalized;
+	}
+};
+
+//#endregion
+export { RouteMatcher };

package/dist/router/middleware/cors.d.mts

@@ -0,0 +1,15 @@
+import { MiddlewareHandler, RouterContext, VariableMap } from "../types.mjs";
+
+//#region src/router/middleware/cors.d.ts
+interface CORSOptions {
+  origin?: "*" | string | readonly string[] | ((origin: string, ctx: RouterContext<Record<string, string>, VariableMap>) => string | null);
+  allowMethods?: readonly string[] | ((origin: string, ctx: RouterContext<Record<string, string>, VariableMap>) => readonly string[]);
+  allowHeaders?: readonly string[];
+  maxAge?: number;
+  credentials?: boolean;
+  exposeHeaders?: readonly string[];
+  preflightHandler?: <TVariables extends VariableMap>(ctx: RouterContext<Record<string, string>, TVariables>) => Promise<Response> | Response;
+}
+declare const cors: <TVariables extends VariableMap = VariableMap>(options?: CORSOptions) => MiddlewareHandler<Record<string, string>, TVariables>;
+//#endregion
+export { CORSOptions, cors };

package/dist/router/middleware/cors.mjs

@@ -0,0 +1,114 @@
+//#region src/router/middleware/cors.ts
+const DEFAULT_CORS_OPTIONS = {
+	origin: "*",
+	allowMethods: [
+		"GET",
+		"HEAD",
+		"PUT",
+		"POST",
+		"DELETE",
+		"PATCH",
+		"OPTIONS"
+	],
+	allowHeaders: [],
+	maxAge: 86400,
+	credentials: false,
+	exposeHeaders: []
+};
+const createOriginResolver = (origin) => {
+	if (!origin || origin === "*") return () => "*";
+	if (typeof origin === "string") return (requestOrigin) => origin === requestOrigin ? origin : null;
+	if (typeof origin === "function") return origin;
+	if (Array.isArray(origin)) {
+		const allowedOrigins = new Set(origin);
+		return (requestOrigin) => allowedOrigins.has(requestOrigin) ? requestOrigin : null;
+	}
+	return () => null;
+};
+const createMethodsResolver = (methods) => {
+	if (typeof methods === "function") return methods;
+	if (Array.isArray(methods)) return () => methods;
+	return () => DEFAULT_CORS_OPTIONS.allowMethods;
+};
+const normalizeCORSOptions = (options = {}) => {
+	const opts = {
+		...DEFAULT_CORS_OPTIONS,
+		...options
+	};
+	if (opts.maxAge < 0) throw new Error("CORS maxAge must be non-negative");
+	if (Array.isArray(opts.allowMethods)) {
+		const validMethods = new Set([
+			"GET",
+			"HEAD",
+			"PUT",
+			"POST",
+			"DELETE",
+			"PATCH",
+			"OPTIONS"
+		]);
+		const invalidMethods = opts.allowMethods.filter((method) => !validMethods.has(method.toUpperCase()));
+		if (invalidMethods.length > 0) console.warn(`CORS: Invalid HTTP methods detected: ${invalidMethods.join(", ")}`);
+	}
+	return {
+		...opts,
+		_originResolver: createOriginResolver(options.origin),
+		_methodsResolver: createMethodsResolver(options.allowMethods)
+	};
+};
+const cors = (options = {}) => {
+	const opts = normalizeCORSOptions(options);
+	return async (ctx, next) => {
+		const requestOrigin = ctx.header("origin") || "";
+		const requestMethod = ctx.request.method.toUpperCase();
+		const allowedOrigin = opts._originResolver(requestOrigin, ctx);
+		const corsHeaders = {};
+		if (allowedOrigin) corsHeaders["Access-Control-Allow-Origin"] = allowedOrigin;
+		if (opts.origin !== "*" && allowedOrigin) {
+			const existingVary = ctx.header("vary");
+			corsHeaders.Vary = existingVary ? `${existingVary}, Origin` : "Origin";
+		}
+		if (opts.credentials) corsHeaders["Access-Control-Allow-Credentials"] = "true";
+		if (opts.exposeHeaders && opts.exposeHeaders.length > 0) corsHeaders["Access-Control-Expose-Headers"] = opts.exposeHeaders.join(",");
+		if (requestMethod === "OPTIONS") {
+			if (opts.preflightHandler) return await opts.preflightHandler(ctx);
+			if (opts.maxAge != null) corsHeaders["Access-Control-Max-Age"] = opts.maxAge.toString();
+			const allowedMethods = opts._methodsResolver(requestOrigin, ctx);
+			if (allowedMethods.length > 0) corsHeaders["Access-Control-Allow-Methods"] = allowedMethods.join(",");
+			let allowedHeaders = opts.allowHeaders;
+			if (!allowedHeaders || allowedHeaders.length === 0) {
+				const requestHeaders = ctx.header("access-control-request-headers");
+				if (requestHeaders) allowedHeaders = requestHeaders.split(/\s*,\s*/);
+			}
+			if (allowedHeaders && allowedHeaders.length > 0) {
+				corsHeaders["Access-Control-Allow-Headers"] = allowedHeaders.join(",");
+				const existingVary = corsHeaders.Vary || ctx.header("vary");
+				corsHeaders.Vary = existingVary ? `${existingVary}, Access-Control-Request-Headers` : "Access-Control-Request-Headers";
+			}
+			const headers = new Headers();
+			Object.entries(corsHeaders).forEach(([key, value]) => {
+				headers.set(key, value);
+			});
+			return new Response(null, {
+				status: 204,
+				statusText: "No Content",
+				headers
+			});
+		}
+		return applyCORSHeaders(await next(), corsHeaders);
+	};
+};
+const applyCORSHeaders = (response, corsHeaders) => {
+	if (Object.keys(corsHeaders).length === 0) return response;
+	const newHeaders = new Headers(response.headers);
+	Object.entries(corsHeaders).forEach(([key, value]) => {
+		newHeaders.set(key, value);
+	});
+	return new Response(response.body, {
+		status: response.status,
+		statusText: response.statusText,
+		headers: newHeaders
+	});
+};
+
+//#endregion
+export { cors };

package/dist/router/safe-request.d.mts

@@ -0,0 +1,52 @@
+//#region src/router/safe-request.d.ts
+/**
+ * SafeRequest wraps a Request to cache the body and allow multiple reads.
+ * This solves issues with Request implementations that don't support multiple body reads.
+ */
+interface SafeRequestOptions {
+  cache?: RequestCache;
+  credentials?: RequestCredentials;
+  destination?: RequestDestination;
+  integrity?: string;
+  keepalive?: boolean;
+  mode?: RequestMode;
+  redirect?: RequestRedirect;
+  referrer?: string;
+  referrerPolicy?: ReferrerPolicy;
+  signal?: AbortSignal;
+}
+declare class SafeRequest implements Request {
+  private cachedBody;
+  private bodyBuffer;
+  private readonly textDecoder;
+  readonly cache: RequestCache;
+  readonly credentials: RequestCredentials;
+  readonly destination: RequestDestination;
+  readonly headers: Headers;
+  readonly integrity: string;
+  readonly keepalive: boolean;
+  readonly method: string;
+  readonly mode: RequestMode;
+  readonly redirect: RequestRedirect;
+  readonly referrer: string;
+  readonly referrerPolicy: ReferrerPolicy;
+  readonly signal: AbortSignal;
+  readonly url: string;
+  constructor(url: string, method: string, headers: Headers, body: ArrayBuffer | null, options?: SafeRequestOptions);
+  arrayBuffer(): Promise<ArrayBuffer>;
+  blob(): Promise<Blob>;
+  formData(): Promise<FormData>;
+  json<T = unknown>(): Promise<T>;
+  text(): Promise<string>;
+  bytes(): Promise<Uint8Array<ArrayBuffer>>;
+  get body(): ReadableStream<Uint8Array<ArrayBuffer>> | null;
+  get bodyUsed(): boolean;
+  clone(): Request;
+}
+/**
+ * Extracts data from a Request and creates a SafeRequest.
+ * Uses ReadableStream to safely read the body and avoid issues with certain Request implementations.
+ */
+declare function makeSafeRequest(request: Request): Promise<Request>;
+//#endregion
+export { SafeRequest, makeSafeRequest };

package/dist/router/safe-request.mjs

@@ -0,0 +1,160 @@
+//#region src/router/safe-request.ts
+var SafeRequest = class SafeRequest {
+	cachedBody = null;
+	bodyBuffer = null;
+	textDecoder = new TextDecoder();
+	cache;
+	credentials;
+	destination;
+	headers;
+	integrity;
+	keepalive;
+	method;
+	mode;
+	redirect;
+	referrer;
+	referrerPolicy;
+	signal;
+	url;
+	constructor(url, method, headers, body, options) {
+		this.url = url;
+		this.method = method;
+		this.headers = headers;
+		this.bodyBuffer = body;
+		this.cache = options?.cache ?? "default";
+		this.credentials = options?.credentials ?? "same-origin";
+		this.destination = options?.destination ?? "";
+		this.integrity = options?.integrity ?? "";
+		this.keepalive = options?.keepalive ?? false;
+		this.mode = options?.mode ?? "cors";
+		this.redirect = options?.redirect ?? "follow";
+		this.referrer = options?.referrer ?? "";
+		this.referrerPolicy = options?.referrerPolicy ?? "";
+		this.signal = options?.signal ?? new AbortController().signal;
+	}
+	async arrayBuffer() {
+		return this.bodyBuffer ?? /* @__PURE__ */ new ArrayBuffer(0);
+	}
+	async blob() {
+		const buffer = await this.arrayBuffer();
+		return new Blob([buffer]);
+	}
+	async formData() {
+		const buffer = await this.arrayBuffer();
+		const blob = new Blob([buffer], { type: this.headers.get("content-type") || "application/x-www-form-urlencoded" });
+		return new Request(this.url, {
+			method: this.method,
+			headers: this.headers,
+			body: blob
+		}).formData();
+	}
+	async json() {
+		const text = await this.text();
+		return JSON.parse(text);
+	}
+	async text() {
+		const buffer = await this.arrayBuffer();
+		return this.textDecoder.decode(buffer);
+	}
+	async bytes() {
+		return this.arrayBuffer().then((buffer) => new Uint8Array(buffer));
+	}
+	get body() {
+		if (this.cachedBody) return this.cachedBody;
+		if (this.bodyBuffer) {
+			const buffer = this.bodyBuffer;
+			this.cachedBody = new ReadableStream({ start(controller) {
+				controller.enqueue(new Uint8Array(buffer));
+				controller.close();
+			} });
+			return this.cachedBody;
+		}
+		return null;
+	}
+	get bodyUsed() {
+		return false;
+	}
+	clone() {
+		return new SafeRequest(this.url, this.method, this.headers, this.bodyBuffer, {
+			cache: this.cache,
+			credentials: this.credentials,
+			destination: this.destination,
+			integrity: this.integrity,
+			keepalive: this.keepalive,
+			mode: this.mode,
+			redirect: this.redirect,
+			referrer: this.referrer,
+			referrerPolicy: this.referrerPolicy,
+			signal: this.signal
+		});
+	}
+};
+/**
+* Extracts data from a Request and creates a SafeRequest.
+* Uses ReadableStream to safely read the body and avoid issues with certain Request implementations.
+*/
+async function makeSafeRequest(request) {
+	if (request instanceof SafeRequest) return request;
+	const url = request.url;
+	const method = request.method;
+	const headers = new Headers(request.headers);
+	let bodyBuffer = null;
+	const requestMethod = method.toUpperCase();
+	if (requestMethod === "POST" || requestMethod === "PUT" || requestMethod === "PATCH") try {
+		const body = request.body;
+		if (body) {
+			const reader = body.getReader();
+			const chunks = [];
+			while (true) {
+				const { done, value } = await reader.read();
+				if (done) break;
+				if (value) chunks.push(value);
+			}
+			const totalLength = chunks.reduce((acc, chunk) => acc + chunk.length, 0);
+			const combined = new Uint8Array(totalLength);
+			let offset = 0;
+			for (const chunk of chunks) {
+				combined.set(chunk, offset);
+				offset += chunk.length;
+			}
+			bodyBuffer = combined.buffer;
+		}
+	} catch (error) {
+		console.warn("Failed to read request body via stream:", error);
+	}
+	const options = {};
+	try {
+		options.cache = request.cache;
+	} catch {}
+	try {
+		options.credentials = request.credentials;
+	} catch {}
+	try {
+		options.destination = request.destination;
+	} catch {}
+	try {
+		options.integrity = request.integrity;
+	} catch {}
+	try {
+		options.keepalive = request.keepalive;
+	} catch {}
+	try {
+		options.mode = request.mode;
+	} catch {}
+	try {
+		options.redirect = request.redirect;
+	} catch {}
+	try {
+		options.referrer = request.referrer;
+	} catch {}
+	try {
+		options.referrerPolicy = request.referrerPolicy;
+	} catch {}
+	try {
+		options.signal = request.signal;
+	} catch {}
+	return new SafeRequest(url, method, headers, bodyBuffer, options);
+}
+
+//#endregion
+export { SafeRequest, makeSafeRequest };

package/dist/router/types.d.mts

@@ -0,0 +1,67 @@
+//#region src/router/types.d.ts
+type ExtractParams<T extends string> = string extends T ? Record<string, string> : T extends `${string}:${infer Param}/${infer Rest}` ? { readonly [K in Param]: string } & ExtractParams<`/${Rest}`> : T extends `${string}:${infer Param}` ? { readonly [K in Param]: string } : Record<string, never>;
+type VariableMap = Record<string, unknown>;
+interface RouterEnvironment<TVariables extends VariableMap = VariableMap> {
+  Variables: TVariables;
+}
+interface CookieOptions {
+  domain?: string;
+  path?: string;
+  expires?: Date;
+  maxAge?: number;
+  httpOnly?: boolean;
+  secure?: boolean;
+  sameSite?: "Strict" | "Lax" | "None";
+}
+interface RouterContext<TParams extends Record<string, string> = Record<string, string>, TVariables extends VariableMap = VariableMap> {
+  readonly request: Request;
+  readonly params: Readonly<TParams>;
+  readonly searchParams: Readonly<URLSearchParams>;
+  query<K extends string>(key: K): string | undefined;
+  header<K extends string>(key: K): string | undefined;
+  cookie<K extends string>(key: K): string | undefined;
+  formData(): Promise<FormData>;
+  parseJson<T = unknown>(): Promise<T>;
+  json<T>(data: T, init?: ResponseInit): Response;
+  redirect(url: string | URL, status?: 300 | 301 | 302 | 303 | 307 | 308): Response;
+  text(data: string, init?: ResponseInit): Response;
+  setCookie(name: string, value: string, options?: CookieOptions): void;
+  deleteCookie(name: string, options?: Pick<CookieOptions, "domain" | "path">): void;
+  newResponse(body?: BodyInit, init?: ResponseInit): Response;
+  set<K extends keyof TVariables>(key: K, value: TVariables[K]): void;
+  get<K extends keyof TVariables>(key: K): TVariables[K];
+  has<K extends keyof TVariables>(key: K): key is K;
+}
+type RouteHandler<TParams extends Record<string, string> = Record<string, string>, TVariables extends VariableMap = VariableMap> = (ctx: RouterContext<TParams, TVariables>) => Promise<Response> | Response;
+type MiddlewareHandler<TParams extends Record<string, string> = Record<string, string>, TVariables extends VariableMap = VariableMap> = (ctx: RouterContext<TParams, TVariables>, next: () => Promise<Response> | Response) => Promise<Response> | Response;
+type EnhancedRouteHandler<TParams extends Record<string, string> = Record<string, string>, TVariables extends VariableMap = VariableMap> = {
+  handler: RouteHandler<TParams, TVariables>;
+  middleware?: MiddlewareHandler<TParams, TVariables>[];
+};
+type AnyHandler<TParams extends Record<string, string>, TVariables extends VariableMap = VariableMap> = RouteHandler<TParams, TVariables> | EnhancedRouteHandler<TParams, TVariables>;
+type HttpMethod = "GET" | "POST";
+interface CompiledRoute {
+  regex: RegExp;
+  paramNames: string[];
+  pattern: string;
+}
+interface MatchResult {
+  params: Record<string, string>;
+  pattern: string;
+}
+interface RouteDefinition<TVariables extends VariableMap = VariableMap> {
+  method: HttpMethod;
+  pattern: string;
+  handler: RouteHandler<Record<string, string>, TVariables>;
+  middleware: MiddlewareHandler<Record<string, string>, TVariables>[];
+  compiled: CompiledRoute;
+}
+interface RouterOptions {
+  caseSensitive?: boolean;
+  strict?: boolean;
+  basePath?: string;
+}
+type ErrorHandler<TVariables extends VariableMap = VariableMap> = (error: Error, ctx: RouterContext<Record<string, string>, TVariables>) => Promise<Response> | Response;
+type GlobalMiddleware<TVariables extends VariableMap = VariableMap> = (ctx: RouterContext<Record<string, string>, TVariables>, next: () => Promise<Response> | Response) => Promise<Response> | Response;
+//#endregion
+export { AnyHandler, CompiledRoute, CookieOptions, EnhancedRouteHandler, ErrorHandler, ExtractParams, GlobalMiddleware, HttpMethod, MatchResult, MiddlewareHandler, RouteDefinition, RouteHandler, RouterContext, RouterEnvironment, RouterOptions, VariableMap };

package/dist/router/types.mjs

@@ -0,0 +1 @@
+export {  };

package/dist/router/variables.d.mts

@@ -0,0 +1,12 @@
+import { VariableMap } from "./types.mjs";
+
+//#region src/router/variables.d.ts
+declare class ContextVariableManager<TVariables extends VariableMap = VariableMap> {
+  private readonly state;
+  constructor(initialVariables?: Partial<TVariables>);
+  set<K extends keyof TVariables>(key: K, value: TVariables[K]): void;
+  get<K extends keyof TVariables>(key: K): TVariables[K];
+  has<K extends keyof TVariables>(key: K): key is K;
+}
+//#endregion
+export { ContextVariableManager };

package/dist/router/variables.mjs

@@ -0,0 +1,20 @@
+//#region src/router/variables.ts
+var ContextVariableManager = class {
+	state = /* @__PURE__ */ new Map();
+	constructor(initialVariables) {
+		if (initialVariables) for (const [key, value] of Object.entries(initialVariables)) this.state.set(key, value);
+	}
+	set(key, value) {
+		if (typeof key !== "string" || key.length === 0) throw new Error("Variable key must be a non-empty string");
+		this.state.set(key, value);
+	}
+	get(key) {
+		return this.state.get(key);
+	}
+	has(key) {
+		return this.state.has(key);
+	}
+};
+
+//#endregion
+export { ContextVariableManager };

package/dist/storage/memory.d.mts

@@ -1,7 +1,6 @@
 import { StorageAdapter } from "./storage.mjs";
 
 //#region src/storage/memory.d.ts
-
 /**
  * In-memory storage adapter for Draft Auth with optional file persistence.
  *
@@ -40,17 +39,17 @@ import { StorageAdapter } from "./storage.mjs";
  */
 interface MemoryStorageOptions {
   /**
-   * File path for persisting the in-memory store to disk.
-   * When specified, the store will be saved to this file on changes
-   * and loaded from it on startup if it exists.
-   *
-   * @example
-   * ```ts
-   * {
-   *   persist: "./data/auth-storage.json"
-   * }
-   * ```
-   */
+       * File path for persisting the in-memory store to disk.
+       * When specified, the store will be saved to this file on changes
+       * and loaded from it on startup if it exists.
+       *
+       * @example
+       * ```ts
+       * {
+       *   persist: "./data/auth-storage.json"
+       * }
+       * ```
+       */
   readonly persist?: string;
 }
 /**