@enbox/dwn-server 0.0.2 → 0.0.3

package/dist/esm/src/http-api.js

@@ -1,26 +1,23 @@
-import { DateSort, RecordsRead, RecordsQuery, ProtocolsQuery } from '@enbox/dwn-sdk-js';
-import cors from 'cors';
-import express from 'express';
-import { readFileSync } from 'fs';
-import http from 'http';
 import log from 'loglevel';
+import { Convert } from '@enbox/common';
+import { readFileSync } from 'fs';
 import { register } from 'prom-client';
-import responseTime from 'response-time';
 import { v4 as uuidv4 } from 'uuid';
+import { DataStream, DateSort, ProtocolsQuery, RecordsQuery, RecordsRead } from '@enbox/dwn-sdk-js';
 import { config } from './config.js';
 import { jsonRpcRouter } from './json-rpc-api.js';
 import { Web5ConnectServer } from './web5-connect/web5-connect-server.js';
 import { createJsonRpcErrorResponse, JsonRpcErrorCodes } from './lib/json-rpc.js';
 import { requestCounter, responseHistogram } from './metrics.js';
-import { Convert } from '@enbox/common';
 export class HttpApi {
     #config;
     #packageInfo;
-    #api;
     #server;
     web5ConnectServer;
     registrationManager;
     dwn;
+    /** Called by WsApi/ConnectionManager when a new WS connection is established. */
+    onWebSocketConnection;
     constructor() { }
     static async create(config, dwn, registrationManager) {
         const httpApi = new HttpApi();
@@ -29,446 +26,524 @@ export class HttpApi {
             server: config.serverName,
         };
         try {
-            // We populate the `version` and `sdkVersion` properties from the `package.json` file.
             const packageJson = JSON.parse(readFileSync(config.packageJsonPath).toString());
             httpApi.#packageInfo.version = packageJson.version;
-            httpApi.#packageInfo.sdkVersion = packageJson.dependencies ? packageJson.dependencies['@enbox/dwn-sdk-js'] : undefined;
+            httpApi.#packageInfo.sdkVersion = packageJson.dependencies
+                ? packageJson.dependencies['@enbox/dwn-sdk-js']
+                : undefined;
         }
         catch (error) {
             log.info('could not read `package.json` for version info', error);
         }
         httpApi.#config = config;
-        httpApi.#api = express();
-        httpApi.#server = http.createServer(httpApi.#api);
         httpApi.dwn = dwn;
         if (registrationManager !== undefined) {
             httpApi.registrationManager = registrationManager;
         }
-        // create the Web5 Connect Server
         httpApi.web5ConnectServer = await Web5ConnectServer.create({
             baseUrl: config.baseUrl,
             sqlTtlCacheUrl: config.ttlCacheUrl,
         });
-        httpApi.#setupMiddleware();
-        httpApi.#setupRoutes();
         return httpApi;
     }
     get server() {
         return this.#server;
     }
-    get api() {
-        return this.#api;
-    }
-    #setupMiddleware() {
-        this.#api.use(cors({ exposedHeaders: 'dwn-response' }));
-        this.#api.use(express.json());
-        // We enable the formData middleware to handle multipart/form-data requests.
-        // This is necessary for the endpoints used by the Web5 Connect Server/OIDC flow.
-        this.#api.use(express.urlencoded({ extended: true }));
-        this.#api.use(responseTime((req, res, time) => {
-            const url = req.url === '/' ? '/jsonrpc' : req.url;
-            const route = (req.method + url)
-                .toLowerCase()
-                .replace(/[:.]/g, '')
-                .replace(/\//g, '_');
-            const statusCode = res.statusCode.toString();
-            responseHistogram.labels(route, statusCode).observe(time);
-            log.info(req.method, decodeURI(req.url), res.statusCode);
-        }));
-    }
-    /**
-     * Configures the HTTP server's request handlers.
-     */
-    #setupRoutes() {
-        const leadTailSlashRegex = /^\/|\/$/;
-        function readReplyHandler(res, reply) {
-            if (reply.status.code === 200) {
-                if (reply?.entry?.data) {
-                    const stream = reply.entry.data;
-                    res.setHeader('content-type', reply.entry.recordsWrite.descriptor.dataFormat);
-                    res.setHeader('dwn-response', JSON.stringify(reply));
-                    return stream.pipe(res);
+    // ---------------------------------------------------------------------------
+    // HTTP request handler
+    // ---------------------------------------------------------------------------
+    async start(port) {
+        const self = this; // capture for closures
+        this.#server = Bun.serve({
+            port,
+            async fetch(req, server) {
+                const startTime = performance.now();
+                const url = new URL(req.url);
+                const path = url.pathname;
+                const method = req.method;
+                // --- WebSocket upgrade ---
+                if (method === 'GET' && req.headers.get('upgrade') === 'websocket') {
+                    const upgraded = server.upgrade(req, { data: { connection: null } });
+                    if (upgraded) {
+                        return undefined;
+                    }
+                    return new Response('WebSocket upgrade failed', { status: 400 });
                 }
-                else {
-                    return res.sendStatus(400);
+                // --- Route matching ---
+                let response;
+                try {
+                    response = await self.#route(req, url, path, method);
                 }
-            }
-            else if (reply.status.code === 401) {
-                return res.sendStatus(404);
-            }
-            else {
-                return res.status(reply.status.code).send(reply);
-            }
-        }
-        this.#api.get('/health', (_req, res) => {
-            // return 200 ok
-            return res.json({ ok: true });
+                catch (error) {
+                    log.error(`Unhandled error on ${method} ${path}:`, error);
+                    response = new Response('Internal Server Error', { status: 500 });
+                }
+                // --- CORS headers ---
+                response.headers.set('access-control-allow-origin', '*');
+                response.headers.set('access-control-allow-methods', 'GET, POST, OPTIONS');
+                response.headers.set('access-control-allow-headers', '*');
+                response.headers.set('access-control-expose-headers', 'dwn-response');
+                // --- Response-time metrics ---
+                const elapsed = performance.now() - startTime;
+                const routeLabel = (method + (path === '/' ? '/jsonrpc' : path))
+                    .toLowerCase()
+                    .replace(/[:.]/g, '')
+                    .replace(/\//g, '_');
+                responseHistogram.labels(routeLabel, String(response.status)).observe(elapsed);
+                log.info(method, decodeURI(path), response.status);
+                return response;
+            },
+            websocket: {
+                open(ws) {
+                    if (self.onWebSocketConnection) {
+                        self.onWebSocketConnection(ws);
+                    }
+                },
+                message(ws, msg) {
+                    const connection = ws.data?.connection;
+                    if (connection) {
+                        connection.message(typeof msg === 'string' ? Buffer.from(msg) : msg);
+                    }
+                },
+                close(ws) {
+                    const connection = ws.data?.connection;
+                    if (connection) {
+                        connection.close();
+                    }
+                },
+                // Bun automatically responds to pings with pongs
+            },
         });
-        this.#api.get('/metrics', async (req, res) => {
+    }
+    async close() {
+        if (this.#server) {
+            this.#server.stop(true); // close all connections immediately
+        }
+    }
+    // ---------------------------------------------------------------------------
+    // Router
+    // ---------------------------------------------------------------------------
+    async #route(req, url, path, method) {
+        // --- CORS preflight ---
+        if (method === 'OPTIONS') {
+            return new Response(null, { status: 204 });
+        }
+        // --- Static routes ---
+        if (method === 'GET' && path === '/health') {
+            return Response.json({ ok: true });
+        }
+        if (method === 'GET' && path === '/metrics') {
             try {
-                res.set('Content-Type', register.contentType);
-                res.end(await register.metrics());
+                const metricsBody = await register.metrics();
+                return new Response(metricsBody, {
+                    headers: { 'content-type': register.contentType },
+                });
             }
             catch (e) {
-                res.status(500).end(e);
+                return new Response(String(e), { status: 500 });
             }
-        });
-        // Returns the data for the most recently published record under a given protocol path collection, if one is present
-        this.#api.get('/:did/read/protocols/:protocol/*', async (req, res) => {
-            if (!req.params[0]) {
-                return res.status(400).send('protocol path is required');
+        }
+        if (method === 'GET' && path === '/') {
+            return new Response('please use am enbox client, for example: https://github.com/enboxorg/enbox ', { headers: { 'content-type': 'text/plain' } });
+        }
+        if (method === 'GET' && path === '/info') {
+            return this.#handleInfo();
+        }
+        // --- JSON-RPC POST ---
+        if (method === 'POST' && path === '/') {
+            return this.#handleJsonRpcPost(req);
+        }
+        // --- Registration routes ---
+        const registrationResponse = await this.#matchRegistrationRoutes(req, path, method);
+        if (registrationResponse) {
+            return registrationResponse;
+        }
+        // --- Web5 Connect routes ---
+        const connectResponse = await this.#matchWeb5ConnectRoutes(req, path, method);
+        if (connectResponse) {
+            return connectResponse;
+        }
+        // --- DID routes (parameterized) ---
+        return this.#matchDidRoutes(req, url, path);
+    }
+    // ---------------------------------------------------------------------------
+    // DID convenience routes
+    // ---------------------------------------------------------------------------
+    async #matchDidRoutes(req, url, path) {
+        const leadTailSlashRegex = /^\/|\/$/g;
+        // /:did/read/protocols/:protocol/*  (also matches trailing slash with empty path)
+        {
+            const match = path.match(/^\/([^/]+)\/read\/protocols\/([^/]+)\/(.*)$/);
+            if (match && req.method === 'GET') {
+                const [, did, protocolParam, protocolPathRaw] = match;
+                return this.#handleReadProtocolRecord(did, protocolParam, protocolPathRaw, url, leadTailSlashRegex);
             }
-            // wrap request in a try-catch block to handle any unexpected errors
-            try {
-                const queryOptions = { filter: {} };
-                for (const param in req.query) {
-                    const keys = param.split('.');
-                    const lastKey = keys.pop();
-                    const lastLevelObject = keys.reduce((obj, key) => obj[key] = obj[key] || {}, queryOptions);
-                    lastLevelObject[lastKey] = req.query[param];
-                }
-                // the protocol path segment is base64url encoded, as the actual protocol is a URL
-                // we decode it here in order to filter for the correct protocol
-                const protocol = Convert.base64Url(req.params.protocol).toString();
-                queryOptions.filter.protocol = protocol;
-                queryOptions.filter.protocolPath = req.params[0].replace(leadTailSlashRegex, '');
-                const query = await RecordsQuery.create({
-                    filter: queryOptions.filter,
-                    pagination: { limit: 1 },
-                    dateSort: DateSort.PublishedDescending
-                });
-                const { entries, status } = await this.dwn.processMessage(req.params.did, query.message);
-                if (status.code === 200) {
-                    if (entries[0]) {
-                        const record = await RecordsRead.create({
-                            filter: { recordId: entries[0].recordId },
-                        });
-                        const reply = await this.dwn.processMessage(req.params.did, record.toJSON());
-                        return readReplyHandler(res, reply);
-                    }
-                    else {
-                        return res.sendStatus(404);
-                    }
-                }
-                else if (status.code === 401) {
-                    return res.sendStatus(404);
-                }
-                else {
-                    return res.sendStatus(status.code);
-                }
+        }
+        // /:did/read/protocols/:protocol
+        {
+            const match = path.match(/^\/([^/]+)\/read\/protocols\/([^/]+)$/);
+            if (match && req.method === 'GET') {
+                const [, did, protocolParam] = match;
+                return this.#handleReadProtocol(did, protocolParam);
             }
-            catch (error) {
-                log.error(`Error processing request: ${decodeURI(req.url)}`, error);
-                return res.sendStatus(400);
+        }
+        // /:did/read/records/:id  OR  /:did/records/:id
+        {
+            const match = path.match(/^\/([^/]+)\/(?:read\/)?records\/([^/]+)$/);
+            if (match && req.method === 'GET') {
+                const [, did, recordId] = match;
+                return this.#handleReadRecord(did, recordId);
             }
-        });
-        this.#api.get('/:did/read/protocols/:protocol', async (req, res) => {
-            // wrap request in a try-catch block to handle any unexpected errors
-            try {
-                // the protocol segment is base64url encoded, as the actual protocol is a URL
-                // we decode it here in order to filter for the correct protocol
-                const protocol = Convert.base64Url(req.params.protocol).toString();
-                const query = await ProtocolsQuery.create({
-                    filter: { protocol }
-                });
-                const { entries, status } = await this.dwn.processMessage(req.params.did, query.message);
-                if (status.code === 200) {
-                    if (entries.length) {
-                        res.status(status.code);
-                        res.json(entries[0]);
-                    }
-                    else {
-                        return res.sendStatus(404);
-                    }
-                }
-                else if (status.code === 401) {
-                    return res.sendStatus(404);
-                }
-                else {
-                    return res.sendStatus(status.code);
-                }
+        }
+        // /:did/query/protocols
+        {
+            const match = path.match(/^\/([^/]+)\/query\/protocols$/);
+            if (match && req.method === 'GET') {
+                const [, did] = match;
+                return this.#handleQueryProtocols(did);
             }
-            catch (error) {
-                log.error(`Error processing request: ${decodeURI(req.url)}`, error);
-                return res.sendStatus(400);
+        }
+        // /:did/query
+        {
+            const match = path.match(/^\/([^/]+)\/query$/);
+            if (match && req.method === 'GET') {
+                const [, did] = match;
+                return this.#handleQueryRecords(did, url);
             }
+        }
+        return new Response('Not Found', { status: 404 });
+    }
+    // ---------------------------------------------------------------------------
+    // Handlers
+    // ---------------------------------------------------------------------------
+    #handleInfo() {
+        const registrationRequirements = [];
+        if (config.registrationProofOfWorkEnabled) {
+            registrationRequirements.push('proof-of-work-sha256-v0');
+        }
+        if (config.termsOfServiceFilePath !== undefined) {
+            registrationRequirements.push('terms-of-service');
+        }
+        return Response.json({
+            url: config.baseUrl,
+            server: this.#packageInfo.server,
+            maxFileSize: config.maxRecordDataSize,
+            registrationRequirements: registrationRequirements,
+            version: this.#packageInfo.version,
+            sdkVersion: this.#packageInfo.sdkVersion,
+            webSocketSupport: config.webSocketSupport,
         });
-        const recordsReadHandler = async (req, res) => {
-            const record = await RecordsRead.create({
-                filter: { recordId: req.params.id },
-            });
-            const reply = await this.dwn.processMessage(req.params.did, record.message);
-            return readReplyHandler(res, reply);
+    }
+    async #handleJsonRpcPost(req) {
+        const dwnRpcRequestString = req.headers.get('dwn-request');
+        if (!dwnRpcRequestString) {
+            const reply = createJsonRpcErrorResponse(uuidv4(), JsonRpcErrorCodes.BadRequest, 'request payload required.');
+            return Response.json(reply, { status: 400 });
+        }
+        let dwnRpcRequest;
+        try {
+            dwnRpcRequest = JSON.parse(dwnRpcRequestString);
+        }
+        catch (e) {
+            const reply = createJsonRpcErrorResponse(uuidv4(), JsonRpcErrorCodes.BadRequest, e.message);
+            return Response.json(reply, { status: 400 });
+        }
+        // Read the request body into bytes first, then wrap in a fresh ReadableStream.
+        // Bun's native Request.body stream has an incompatible reader.releaseLock()
+        // that breaks DWN SDK's DataStream.toBytes(), so we materialise the body here.
+        const contentLength = req.headers.get('content-length');
+        const transferEncoding = req.headers.get('transfer-encoding');
+        let requestDataStream;
+        if (parseInt(contentLength ?? '0') > 0 || transferEncoding !== null) {
+            const bodyBytes = new Uint8Array(await req.arrayBuffer());
+            requestDataStream = DataStream.fromBytes(bodyBytes);
+        }
+        const requestContext = {
+            dwn: this.dwn,
+            transport: 'http',
+            dataStream: requestDataStream,
         };
-        this.#api.get('/:did/read/records/:id', recordsReadHandler);
-        this.#api.get('/:did/records/:id', recordsReadHandler);
-        this.#api.get('/:did/query/protocols', async (req, res) => {
-            const query = await ProtocolsQuery.create({});
-            const { entries, status } = await this.dwn.processMessage(req.params.did, query.message);
-            if (status.code === 200) {
-                res.status(status.code);
-                res.json(entries);
-            }
-            else if (status.code === 401) {
-                return res.sendStatus(404);
-            }
-            else {
-                return res.sendStatus(status.code);
-            }
+        const { jsonRpcResponse, dataStream: responseDataStream } = await jsonRpcRouter.handle(dwnRpcRequest, requestContext);
+        if (jsonRpcResponse.error) {
+            requestCounter.inc({ method: dwnRpcRequest.method, error: 1 });
+            return Response.json(jsonRpcResponse, { status: 500 });
+        }
+        requestCounter.inc({
+            method: dwnRpcRequest.method,
+            status: jsonRpcResponse?.result?.reply?.status?.code || 0,
         });
-        this.#api.get('/:did/query', async (req, res) => {
-            try {
-                // builds a nested object from flat keys with dot notation which may share the same parent path
-                // e.g. "did:dht:123/query?filter.protocol=foo&filter.protocolPath=bar" becomes
-                // {
-                //   filter: {
-                //     protocol: 'foo',
-                //     protocolPath: 'bar'
-                //   }
-                // }
-                const recordsQueryOptions = {};
-                for (const param in req.query) {
-                    const keys = param.split('.');
-                    const lastKey = keys.pop();
-                    const lastLevelObject = keys.reduce((obj, key) => obj[key] = obj[key] || {}, recordsQueryOptions);
-                    lastLevelObject[lastKey] = req.query[param];
-                }
-                const recordsQuery = await RecordsQuery.create({
-                    filter: recordsQueryOptions.filter,
-                    pagination: recordsQueryOptions.pagination,
-                    dateSort: recordsQueryOptions.dateSort,
+        if (responseDataStream) {
+            return new Response(responseDataStream, {
+                headers: {
+                    'content-type': 'application/octet-stream',
+                    'dwn-response': JSON.stringify(jsonRpcResponse),
+                },
+            });
+        }
+        else {
+            return Response.json(jsonRpcResponse);
+        }
+    }
+    #readReplyToResponse(reply) {
+        if (reply.status.code === 200) {
+            if (reply?.entry?.data) {
+                return new Response(reply.entry.data, {
+                    headers: {
+                        'content-type': reply.entry.recordsWrite.descriptor.dataFormat,
+                        'dwn-response': JSON.stringify(reply),
+                    },
                 });
-                // should always return a 200 status code with a JSON response
-                const reply = await this.dwn.processMessage(req.params.did, recordsQuery.message);
-                res.setHeader('content-type', 'application/json');
-                return res.json(reply);
             }
-            catch (error) {
-                // error should only occur when we are unable to create the RecordsQuery message internally, making it a client error
-                return res.status(400).send(error);
+            else {
+                return new Response(null, { status: 400 });
             }
+        }
+        else if (reply.status.code === 401) {
+            return new Response(null, { status: 404 });
+        }
+        else {
+            return Response.json(reply, { status: reply.status.code });
+        }
+    }
+    async #handleReadRecord(did, recordId) {
+        const record = await RecordsRead.create({
+            filter: { recordId },
         });
-        this.#api.get('/', (_req, res) => {
-            // return a plain text string
-            res.setHeader('content-type', 'text/plain');
-            return res.send('please use a web5 client, for example: https://github.com/TBD54566975/web5-js ');
-        });
-        this.#api.post('/', async (req, res) => {
-            const dwnRpcRequestString = req.headers['dwn-request'];
-            if (!dwnRpcRequestString) {
-                const reply = createJsonRpcErrorResponse(uuidv4(), JsonRpcErrorCodes.BadRequest, 'request payload required.');
-                return res.status(400).json(reply);
+        const reply = await this.dwn.processMessage(did, record.message);
+        return this.#readReplyToResponse(reply);
+    }
+    async #handleReadProtocolRecord(did, protocolParam, protocolPathRaw, url, leadTailSlashRegex) {
+        if (!protocolPathRaw || protocolPathRaw.replace(leadTailSlashRegex, '') === '') {
+            return new Response('protocol path is required', { status: 400 });
+        }
+        try {
+            const queryOptions = { filter: {} };
+            for (const [param, value] of url.searchParams) {
+                const keys = param.split('.');
+                const lastKey = keys.pop();
+                const nestObj = (obj, key) => obj[key] = obj[key] || {};
+                const lastLevelObject = keys.reduce(nestObj, queryOptions);
+                lastLevelObject[lastKey] = value;
             }
-            let dwnRpcRequest;
-            try {
-                dwnRpcRequest = JSON.parse(dwnRpcRequestString);
+            const protocol = Convert.base64Url(protocolParam).toString();
+            queryOptions.filter.protocol = protocol;
+            queryOptions.filter.protocolPath = protocolPathRaw.replace(leadTailSlashRegex, '');
+            const query = await RecordsQuery.create({
+                filter: queryOptions.filter,
+                pagination: { limit: 1 },
+                dateSort: DateSort.PublishedDescending,
+            });
+            const { entries, status } = await this.dwn.processMessage(did, query.message);
+            if (status.code === 200) {
+                if (entries[0]) {
+                    const record = await RecordsRead.create({
+                        filter: { recordId: entries[0].recordId },
+                    });
+                    const reply = await this.dwn.processMessage(did, record.toJSON());
+                    return this.#readReplyToResponse(reply);
+                }
+                else {
+                    return new Response(null, { status: 404 });
+                }
             }
-            catch (e) {
-                const reply = createJsonRpcErrorResponse(uuidv4(), JsonRpcErrorCodes.BadRequest, e.message);
-                return res.status(400).json(reply);
+            else if (status.code === 401) {
+                return new Response(null, { status: 404 });
             }
-            // Check whether data was provided in the request body
-            const contentLength = req.headers['content-length'];
-            const transferEncoding = req.headers['transfer-encoding'];
-            const requestDataStream = parseInt(contentLength) > 0 || transferEncoding !== undefined ? req : undefined;
-            const requestContext = {
-                dwn: this.dwn,
-                transport: 'http',
-                dataStream: requestDataStream,
-            };
-            const { jsonRpcResponse, dataStream: responseDataStream } = await jsonRpcRouter.handle(dwnRpcRequest, requestContext);
-            // If the handler catches a thrown exception and returns a JSON RPC InternalError, return the equivalent
-            // HTTP 500 Internal Server Error with the response.
-            if (jsonRpcResponse.error) {
-                requestCounter.inc({ method: dwnRpcRequest.method, error: 1 });
-                return res.status(500).json(jsonRpcResponse);
+            else {
+                return new Response(null, { status: status.code });
             }
-            requestCounter.inc({
-                method: dwnRpcRequest.method,
-                status: jsonRpcResponse?.result?.reply?.status?.code || 0,
+        }
+        catch (error) {
+            log.error(`Error processing request: ${decodeURI(url.pathname)}`, error);
+            return new Response('Bad Request', { status: 400 });
+        }
+    }
+    async #handleReadProtocol(did, protocolParam) {
+        try {
+            const protocol = Convert.base64Url(protocolParam).toString();
+            const query = await ProtocolsQuery.create({
+                filter: { protocol },
             });
-            if (responseDataStream) {
-                res.setHeader('content-type', 'application/octet-stream');
-                res.setHeader('dwn-response', JSON.stringify(jsonRpcResponse));
-                return responseDataStream.pipe(res);
+            const { entries, status } = await this.dwn.processMessage(did, query.message);
+            if (status.code === 200) {
+                if (entries.length) {
+                    return Response.json(entries[0], { status: status.code });
+                }
+                else {
+                    return new Response(null, { status: 404 });
+                }
             }
-            else {
-                return res.json(jsonRpcResponse);
+            else if (status.code === 401) {
+                return new Response(null, { status: 404 });
             }
-        });
-        this.#setupRegistrationRoutes();
-        this.#api.get('/info', (req, res) => {
-            res.setHeader('content-type', 'application/json');
-            const registrationRequirements = [];
-            if (config.registrationProofOfWorkEnabled) {
-                registrationRequirements.push('proof-of-work-sha256-v0');
+            else {
+                return new Response(null, { status: status.code });
             }
-            if (config.termsOfServiceFilePath !== undefined) {
-                registrationRequirements.push('terms-of-service');
+        }
+        catch (error) {
+            log.error(`Error processing request`, error);
+            return new Response('Bad Request', { status: 400 });
+        }
+    }
+    async #handleQueryProtocols(did) {
+        const query = await ProtocolsQuery.create({});
+        const { entries, status } = await this.dwn.processMessage(did, query.message);
+        if (status.code === 200) {
+            return Response.json(entries, { status: status.code });
+        }
+        else if (status.code === 401) {
+            return new Response(null, { status: 404 });
+        }
+        else {
+            return new Response(null, { status: status.code });
+        }
+    }
+    async #handleQueryRecords(did, url) {
+        try {
+            const recordsQueryOptions = {};
+            for (const [param, value] of url.searchParams) {
+                const keys = param.split('.');
+                const lastKey = keys.pop();
+                const nestObj = (obj, key) => obj[key] = obj[key] || {};
+                const lastLevelObject = keys.reduce(nestObj, recordsQueryOptions);
+                lastLevelObject[lastKey] = value;
             }
-            res.json({
-                url: config.baseUrl,
-                server: this.#packageInfo.server,
-                maxFileSize: config.maxRecordDataSize,
-                registrationRequirements: registrationRequirements,
-                version: this.#packageInfo.version,
-                sdkVersion: this.#packageInfo.sdkVersion,
-                webSocketSupport: config.webSocketSupport,
+            const recordsQuery = await RecordsQuery.create({
+                filter: recordsQueryOptions.filter,
+                pagination: recordsQueryOptions.pagination,
+                dateSort: recordsQueryOptions.dateSort,
             });
-        });
-        this.#setupWeb5ConnectServerRoutes();
-    }
-    #setupRegistrationRoutes() {
-        if (this.#config.registrationProofOfWorkEnabled) {
-            this.#api.get('/registration/proof-of-work', async (_req, res) => {
-                const proofOfWorkChallenge = this.registrationManager.getProofOfWorkChallenge();
-                res.json(proofOfWorkChallenge);
+            const reply = await this.dwn.processMessage(did, recordsQuery.message);
+            return Response.json(reply, {
+                headers: { 'content-type': 'application/json' },
             });
         }
-        if (this.#config.termsOfServiceFilePath !== undefined) {
-            this.#api.get('/registration/terms-of-service', (_req, res) => res.send(this.registrationManager.getTermsOfService()));
+        catch (error) {
+            return Response.json(error, { status: 400 });
         }
-        if (this.#config.registrationStoreUrl !== undefined) {
-            this.#api.post('/registration', async (req, res) => {
-                const requestBody = req.body;
-                log.info('Registration request:', requestBody);
-                try {
-                    await this.registrationManager.handleRegistrationRequest(requestBody);
-                    res.status(200).json({ success: true });
+    }
+    // ---------------------------------------------------------------------------
+    // Registration routes
+    // ---------------------------------------------------------------------------
+    async #matchRegistrationRoutes(req, path, method) {
+        if (method === 'GET' && path === '/registration/proof-of-work'
+            && this.#config.registrationProofOfWorkEnabled) {
+            const proofOfWorkChallenge = this.registrationManager.getProofOfWorkChallenge();
+            return Response.json(proofOfWorkChallenge);
+        }
+        if (method === 'GET' && path === '/registration/terms-of-service'
+            && this.#config.termsOfServiceFilePath !== undefined) {
+            return new Response(this.registrationManager.getTermsOfService());
+        }
+        if (method === 'POST' && path === '/registration'
+            && this.#config.registrationStoreUrl !== undefined) {
+            const requestBody = await req.json();
+            log.info('Registration request:', requestBody);
+            try {
+                await this.registrationManager.handleRegistrationRequest(requestBody);
+                return Response.json({ success: true }, { status: 200 });
+            }
+            catch (error) {
+                const dwnServerError = error;
+                if (dwnServerError.code !== undefined) {
+                    return Response.json(dwnServerError, { status: 400 });
                 }
-                catch (error) {
-                    const dwnServerError = error;
-                    if (dwnServerError.code !== undefined) {
-                        res.status(400).json(dwnServerError);
-                    }
-                    else {
-                        log.info('Error handling registration request:', error);
-                        res.status(500).json({ success: false });
-                    }
+                else {
+                    log.info('Error handling registration request:', error);
+                    return Response.json({ success: false }, { status: 500 });
                 }
-            });
+            }
         }
+        return null;
     }
-    #setupWeb5ConnectServerRoutes() {
-        /**
-        * Endpoint allows a Client app (RP) to submit an Authorization Request.
-        * The Authorization Request is stored on the server, and a unique `request_uri` is returned to the Client app.
-        * The Client app can then provide this `request_uri` to the Provider app (wallet).
-        * The Provider app uses the `request_uri` to retrieve the stored Authorization Request.
-        */
-        this.#api.post('/connect/par', async (req, res) => {
+    // ---------------------------------------------------------------------------
+    // Web5 Connect routes
+    // ---------------------------------------------------------------------------
+    async #matchWeb5ConnectRoutes(req, path, method) {
+        // POST /connect/par
+        if (method === 'POST' && path === '/connect/par') {
             log.info('Storing Pushed Authorization Request (PAR) request...');
-            // TODO: Add validation for request too large HTTP 413: https://github.com/TBD54566975/dwn-server/issues/146
-            // TODO: Add validation for too many requests HTTP 429: https://github.com/TBD54566975/dwn-server/issues/147
-            if (!req.body.request) {
-                return res.status(400).json({
-                    ok: false,
-                    status: {
-                        code: 400,
-                        message: "Bad Request: Missing 'request' parameter",
-                    },
-                });
-            }
-            // Validate that `request_uri` was NOT provided
-            if (req.body?.request?.request_uri) {
-                return res.status(400).json({
+            const body = await req.json();
+            if (!body.request) {
+                return Response.json({
                     ok: false,
-                    status: {
-                        code: 400,
-                        message: "Bad Request: 'request_uri' parameter is not allowed in PAR",
-                    },
-                });
+                    status: { code: 400, message: 'Bad Request: Missing \'request\' parameter' },
+                }, { status: 400 });
             }
-            const result = await this.web5ConnectServer.setWeb5ConnectRequest(req.body.request);
-            res.status(201).json(result);
-        });
-        /**
-        * Endpoint for the Provider to retrieve the Authorization Request from the request_uri
-        */
-        this.#api.get('/connect/authorize/:requestId.jwt', async (req, res) => {
-            log.info(`Retrieving Web5 Connect Request object of ID: ${req.params.requestId}...`);
-            // Look up the request object based on the requestId.
-            const requestObjectJwt = await this.web5ConnectServer.getWeb5ConnectRequest(req.params.requestId);
-            if (!requestObjectJwt) {
-                res.status(404).json({
+            if (body?.request?.request_uri) {
+                return Response.json({
                     ok: false,
-                    status: { code: 404, message: 'Not Found' }
-                });
+                    status: { code: 400, message: 'Bad Request: \'request_uri\' parameter is not allowed in PAR' },
+                }, { status: 400 });
             }
-            else {
-                res.set('Content-Type', 'application/jwt');
-                res.send(requestObjectJwt);
+            const result = await this.web5ConnectServer.setWeb5ConnectRequest(body.request);
+            return Response.json(result, { status: 201 });
+        }
+        // GET /connect/authorize/:requestId.jwt
+        {
+            const match = path.match(/^\/connect\/authorize\/([^/]+)\.jwt$/);
+            if (match && method === 'GET') {
+                const requestId = match[1];
+                log.info(`Retrieving Web5 Connect Request object of ID: ${requestId}...`);
+                const requestObjectJwt = await this.web5ConnectServer.getWeb5ConnectRequest(requestId);
+                if (!requestObjectJwt) {
+                    return Response.json({
+                        ok: false,
+                        status: { code: 404, message: 'Not Found' },
+                    }, { status: 404 });
+                }
+                else {
+                    const body = typeof requestObjectJwt === 'string'
+                        ? requestObjectJwt
+                        : JSON.stringify(requestObjectJwt);
+                    return new Response(body, {
+                        headers: { 'content-type': 'application/jwt' },
+                    });
+                }
             }
-        });
-        /**
-        * Endpoint that the Provider sends the Authorization Response to
-        */
-        this.#api.post('/connect/callback', async (req, res) => {
+        }
+        // POST /connect/callback
+        if (method === 'POST' && path === '/connect/callback') {
             log.info('Storing Identity Provider (wallet) pushed response with ID token...');
-            // Store the ID token.
-            const idToken = req.body.id_token;
-            const state = req.body.state;
+            const body = await req.json();
+            const idToken = body.id_token;
+            const state = body.state;
             if (idToken !== undefined && state != undefined) {
                 await this.web5ConnectServer.setWeb5ConnectResponse(state, idToken);
-                res.status(201).json({
+                return Response.json({
                     ok: true,
-                    status: { code: 201, message: 'Created' }
-                });
+                    status: { code: 201, message: 'Created' },
+                }, { status: 201 });
             }
             else {
-                res.status(400).json({
+                return Response.json({
                     ok: false,
-                    status: { code: 400, message: 'Bad Request' }
-                });
+                    status: { code: 400, message: 'Bad Request' },
+                }, { status: 400 });
             }
-        });
-        /**
-        * Endpoint for the connecting Client to retrieve the Authorization Response
-        */
-        this.#api.get('/connect/token/:state.jwt', async (req, res) => {
-            log.info(`Retrieving ID token for state: ${req.params.state}...`);
-            // Look up the ID token.
-            const idToken = await this.web5ConnectServer.getWeb5ConnectResponse(req.params.state);
-            if (!idToken) {
-                res.status(404).json({
-                    ok: false,
-                    status: { code: 404, message: 'Not Found' }
-                });
-            }
-            else {
-                res.set('Content-Type', 'application/jwt');
-                res.send(idToken);
-            }
-        });
-    }
-    /**
-     * Starts the HTTP API endpoint on the given port.
-     * @returns The HTTP server instance.
-     */
-    async start(port) {
-        // promisify http.Server.listen() and await on it
-        await new Promise((resolve) => {
-            this.#server.listen(port, () => {
-                resolve();
-            });
-        });
-    }
-    /**
-     * Stops the HTTP API endpoint.
-     */
-    async close() {
-        // promisify http.Server.close() and await on it
-        await new Promise((resolve, reject) => {
-            this.#server.close((err) => {
-                if (err) {
-                    reject(err);
+        }
+        // GET /connect/token/:state.jwt
+        {
+            const match = path.match(/^\/connect\/token\/([^/]+)\.jwt$/);
+            if (match && method === 'GET') {
+                const state = match[1];
+                log.info(`Retrieving ID token for state: ${state}...`);
+                const idToken = await this.web5ConnectServer.getWeb5ConnectResponse(state);
+                if (!idToken) {
+                    return Response.json({
+                        ok: false,
+                        status: { code: 404, message: 'Not Found' },
+                    }, { status: 404 });
                 }
                 else {
-                    resolve();
+                    const body = typeof idToken === 'string' ? idToken : JSON.stringify(idToken);
+                    return new Response(body, {
+                        headers: { 'content-type': 'application/jwt' },
+                    });
                 }
-            });
-        });
-        this.server.closeAllConnections();
+            }
+        }
+        return null;
     }
 }
 //# sourceMappingURL=http-api.js.map