@forinda/kickjs-http 0.3.1 → 0.4.0

package/dist/chunk-LEILPDMW.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/middleware/upload.ts"],"sourcesContent":["import { unlink } from 'node:fs/promises'\nimport type { Request, Response, NextFunction, RequestHandler } from 'express'\nimport multer, { type Options as MulterOptions } from 'multer'\nimport type { BaseUploadOptions, FileUploadConfig } from '@forinda/kickjs-core'\n\n/**\n * Maps short file extensions to their MIME types.\n * Users can pass `['jpg', 'png', 'pdf']` instead of full MIME strings.\n */\nconst MIME_MAP: Record<string, string> = {\n  // Images\n  jpg: 'image/jpeg',\n  jpeg: 'image/jpeg',\n  png: 'image/png',\n  gif: 'image/gif',\n  webp: 'image/webp',\n  svg: 'image/svg+xml',\n  bmp: 'image/bmp',\n  ico: 'image/x-icon',\n  tiff: 'image/tiff',\n  tif: 'image/tiff',\n  avif: 'image/avif',\n  // Documents\n  pdf: 'application/pdf',\n  doc: 'application/msword',\n  docx: 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',\n  xls: 'application/vnd.ms-excel',\n  xlsx: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',\n  ppt: 'application/vnd.ms-powerpoint',\n  pptx: 'application/vnd.openxmlformats-officedocument.presentationml.presentation',\n  odt: 'application/vnd.oasis.opendocument.text',\n  ods: 'application/vnd.oasis.opendocument.spreadsheet',\n  odp: 'application/vnd.oasis.opendocument.presentation',\n  rtf: 'application/rtf',\n  txt: 'text/plain',\n  csv: 'text/csv',\n  // Archives\n  zip: 'application/zip',\n  gz: 'application/gzip',\n  tar: 'application/x-tar',\n  rar: 'application/vnd.rar',\n  '7z': 'application/x-7z-compressed',\n  // Audio\n  mp3: 'audio/mpeg',\n  wav: 'audio/wav',\n  ogg: 'audio/ogg',\n  flac: 'audio/flac',\n  aac: 'audio/aac',\n  // Video\n  mp4: 'video/mp4',\n  webm: 'video/webm',\n  avi: 'video/x-msvideo',\n  mov: 'video/quicktime',\n  mkv: 'video/x-matroska',\n  // Other\n  json: 'application/json',\n  xml: 'application/xml',\n  html: 'text/html',\n}\n\n/**\n * Resolves a list of file type identifiers to MIME type strings.\n * Accepts short extensions (`'jpg'`, `'pdf'`) or full MIME types (`'image/jpeg'`).\n *\n * @example\n * ```ts\n * resolveMimeTypes(['jpg', 'png', 'application/pdf'])\n * // → ['image/jpeg', 'image/png', 'application/pdf']\n * ```\n */\nexport function resolveMimeTypes(types: string[]): string[] {\n  return types.map((t) => {\n    const lower = t.toLowerCase().replace(/^\\./, '')\n    return MIME_MAP[lower] ?? t\n  })\n}\n\n/**\n * Upload options for the middleware.\n * Extends BaseUploadOptions from core (shared with @FileUpload decorator)\n * and adds Multer-specific storage options.\n */\nexport interface UploadOptions extends BaseUploadOptions {\n  /** Multer storage config (default: memory storage) */\n  storage?: MulterOptions['storage']\n  /** Multer dest for disk storage shorthand */\n  dest?: string\n}\n\nfunction createMulter(options: UploadOptions) {\n  const mimeMap = options.customMimeMap ? { ...MIME_MAP, ...options.customMimeMap } : MIME_MAP\n\n  const limits: MulterOptions['limits'] = {\n    fileSize: options.maxSize ?? 5 * 1024 * 1024,\n  }\n\n  let fileFilter: MulterOptions['fileFilter'] | undefined\n\n  if (typeof options.allowedTypes === 'function') {\n    // Custom filter function\n    const filterFn = options.allowedTypes\n    fileFilter = (_req, file, cb) => {\n      if (filterFn(file.mimetype, file.originalname)) {\n        cb(null, true)\n      } else {\n        cb(new Error(`File type ${file.mimetype} is not allowed`))\n      }\n    }\n  } else if (Array.isArray(options.allowedTypes)) {\n    // String array — resolve short extensions using the (possibly extended) MIME map\n    const resolvedTypes = options.allowedTypes.map((t) => {\n      const lower = t.toLowerCase().replace(/^\\./, '')\n      return mimeMap[lower] ?? t\n    })\n    fileFilter = (_req, file, cb) => {\n      const allowed = resolvedTypes.some((type) => {\n        if (type.endsWith('/*')) {\n          return file.mimetype.startsWith(type.replace('/*', '/'))\n        }\n        return file.mimetype === type\n      })\n      if (allowed) {\n        cb(null, true)\n      } else {\n        cb(new Error(`File type ${file.mimetype} is not allowed`))\n      }\n    }\n  }\n\n  const multerOptions: MulterOptions = {\n    limits,\n    ...(fileFilter ? { fileFilter } : {}),\n    ...(options.storage ? { storage: options.storage } : {}),\n    ...(options.dest ? { dest: options.dest } : {}),\n  }\n\n  return multer(multerOptions)\n}\n\n/**\n * Single file upload middleware. Attaches the file to `req.file`.\n *\n * @example\n * ```ts\n * @Post('/avatar')\n * @Middleware(upload.single('avatar', { maxSize: 2 * 1024 * 1024, allowedTypes: ['jpg', 'png'] }))\n * async uploadAvatar(ctx: RequestContext) {\n *   ctx.json({ filename: ctx.file.originalname })\n * }\n * ```\n */\nfunction single(fieldName: string, options: UploadOptions = {}): RequestHandler {\n  const m = createMulter(options)\n  return m.single(fieldName) as RequestHandler\n}\n\n/**\n * Multiple file upload middleware. Attaches files to `req.files`.\n */\nfunction array(fieldName: string, maxCount = 10, options: UploadOptions = {}): RequestHandler {\n  const m = createMulter(options)\n  return m.array(fieldName, maxCount) as RequestHandler\n}\n\n/**\n * No file upload — just parse multipart form data without file fields.\n */\nfunction none(options: UploadOptions = {}): RequestHandler {\n  const m = createMulter(options)\n  return m.none() as RequestHandler\n}\n\n/**\n * Removes temporary files from disk after the response is sent.\n * Attach this as Express middleware after the upload middleware.\n * Works with both `req.file` (single) and `req.files` (array).\n *\n * @example\n * ```ts\n * @Post('/process')\n * @Middleware(upload.single('document', { dest: '/tmp/uploads' }), cleanupFiles())\n * async processDocument(ctx: RequestContext) {\n *   ctx.json({ ok: true })\n * }\n * ```\n */\nexport function cleanupFiles() {\n  return (req: Request, res: Response, next: NextFunction) => {\n    res.on('finish', async () => {\n      const files: any[] = []\n\n      if ((req as any).file?.path) {\n        files.push((req as any).file)\n      }\n      if (Array.isArray((req as any).files)) {\n        for (const f of (req as any).files) {\n          if (f?.path) files.push(f)\n        }\n      }\n\n      for (const file of files) {\n        try {\n          await unlink(file.path)\n        } catch {\n          // File may already be moved/deleted by the handler — ignore\n        }\n      }\n    })\n\n    next()\n  }\n}\n\n/**\n * Build upload middleware from a @FileUpload decorator config.\n * Used internally by the router builder when it detects FILE_UPLOAD metadata.\n * Accepts the same FileUploadConfig interface used by the @FileUpload decorator.\n */\nexport function buildUploadMiddleware(config: FileUploadConfig): RequestHandler {\n  const options: UploadOptions = {}\n  if (config.maxSize) options.maxSize = config.maxSize\n  if (config.allowedTypes) options.allowedTypes = config.allowedTypes\n  if (config.customMimeMap) options.customMimeMap = config.customMimeMap\n\n  const fieldName = config.fieldName ?? 'file'\n\n  switch (config.mode) {\n    case 'single':\n      return single(fieldName, options)\n    case 'array':\n      return array(fieldName, config.maxCount ?? 10, options)\n    case 'none':\n      return none(options)\n  }\n}\n\n/** Upload middleware factory with `.single()`, `.array()`, `.none()` methods */\nexport const upload = { single, array, none }\n"],"mappings":";;;;;AAAA,SAASA,cAAc;AAEvB,OAAOC,YAA+C;AAOtD,IAAMC,WAAmC;;EAEvCC,KAAK;EACLC,MAAM;EACNC,KAAK;EACLC,KAAK;EACLC,MAAM;EACNC,KAAK;EACLC,KAAK;EACLC,KAAK;EACLC,MAAM;EACNC,KAAK;EACLC,MAAM;;EAENC,KAAK;EACLC,KAAK;EACLC,MAAM;EACNC,KAAK;EACLC,MAAM;EACNC,KAAK;EACLC,MAAM;EACNC,KAAK;EACLC,KAAK;EACLC,KAAK;EACLC,KAAK;EACLC,KAAK;EACLC,KAAK;;EAELC,KAAK;EACLC,IAAI;EACJC,KAAK;EACLC,KAAK;EACL,MAAM;;EAENC,KAAK;EACLC,KAAK;EACLC,KAAK;EACLC,MAAM;EACNC,KAAK;;EAELC,KAAK;EACLC,MAAM;EACNC,KAAK;EACLC,KAAK;EACLC,KAAK;;EAELC,MAAM;EACNC,KAAK;EACLC,MAAM;AACR;AAYO,SAASC,iBAAiBC,OAAe;AAC9C,SAAOA,MAAMC,IAAI,CAACC,MAAAA;AAChB,UAAMC,QAAQD,EAAEE,YAAW,EAAGC,QAAQ,OAAO,EAAA;AAC7C,WAAOhD,SAAS8C,KAAAA,KAAUD;EAC5B,CAAA;AACF;AALgBH;AAmBhB,SAASO,aAAaC,SAAsB;AAC1C,QAAMC,UAAUD,QAAQE,gBAAgB;IAAE,GAAGpD;IAAU,GAAGkD,QAAQE;EAAc,IAAIpD;AAEpF,QAAMqD,SAAkC;IACtCC,UAAUJ,QAAQK,WAAW,IAAI,OAAO;EAC1C;AAEA,MAAIC;AAEJ,MAAI,OAAON,QAAQO,iBAAiB,YAAY;AAE9C,UAAMC,WAAWR,QAAQO;AACzBD,iBAAa,wBAACG,MAAMC,MAAMC,OAAAA;AACxB,UAAIH,SAASE,KAAKE,UAAUF,KAAKG,YAAY,GAAG;AAC9CF,WAAG,MAAM,IAAA;MACX,OAAO;AACLA,WAAG,IAAIG,MAAM,aAAaJ,KAAKE,QAAQ,iBAAiB,CAAA;MAC1D;IACF,GANa;EAOf,WAAWG,MAAMC,QAAQhB,QAAQO,YAAY,GAAG;AAE9C,UAAMU,gBAAgBjB,QAAQO,aAAab,IAAI,CAACC,MAAAA;AAC9C,YAAMC,QAAQD,EAAEE,YAAW,EAAGC,QAAQ,OAAO,EAAA;AAC7C,aAAOG,QAAQL,KAAAA,KAAUD;IAC3B,CAAA;AACAW,iBAAa,wBAACG,MAAMC,MAAMC,OAAAA;AACxB,YAAMO,UAAUD,cAAcE,KAAK,CAACC,SAAAA;AAClC,YAAIA,KAAKC,SAAS,IAAA,GAAO;AACvB,iBAAOX,KAAKE,SAASU,WAAWF,KAAKtB,QAAQ,MAAM,GAAA,CAAA;QACrD;AACA,eAAOY,KAAKE,aAAaQ;MAC3B,CAAA;AACA,UAAIF,SAAS;AACXP,WAAG,MAAM,IAAA;MACX,OAAO;AACLA,WAAG,IAAIG,MAAM,aAAaJ,KAAKE,QAAQ,iBAAiB,CAAA;MAC1D;IACF,GAZa;EAaf;AAEA,QAAMW,gBAA+B;IACnCpB;IACA,GAAIG,aAAa;MAAEA;IAAW,IAAI,CAAC;IACnC,GAAIN,QAAQwB,UAAU;MAAEA,SAASxB,QAAQwB;IAAQ,IAAI,CAAC;IACtD,GAAIxB,QAAQyB,OAAO;MAAEA,MAAMzB,QAAQyB;IAAK,IAAI,CAAC;EAC/C;AAEA,SAAOC,OAAOH,aAAAA;AAChB;AAhDSxB;AA8DT,SAAS4B,OAAOC,WAAmB5B,UAAyB,CAAC,GAAC;AAC5D,QAAM6B,IAAI9B,aAAaC,OAAAA;AACvB,SAAO6B,EAAEF,OAAOC,SAAAA;AAClB;AAHSD;AAQT,SAASG,MAAMF,WAAmBG,WAAW,IAAI/B,UAAyB,CAAC,GAAC;AAC1E,QAAM6B,IAAI9B,aAAaC,OAAAA;AACvB,SAAO6B,EAAEC,MAAMF,WAAWG,QAAAA;AAC5B;AAHSD;AAQT,SAASE,KAAKhC,UAAyB,CAAC,GAAC;AACvC,QAAM6B,IAAI9B,aAAaC,OAAAA;AACvB,SAAO6B,EAAEG,KAAI;AACf;AAHSA;AAmBF,SAASC,eAAAA;AACd,SAAO,CAACC,KAAcC,KAAeC,SAAAA;AACnCD,QAAIE,GAAG,UAAU,YAAA;AACf,YAAMC,QAAe,CAAA;AAErB,UAAKJ,IAAYxB,MAAM6B,MAAM;AAC3BD,cAAME,KAAMN,IAAYxB,IAAI;MAC9B;AACA,UAAIK,MAAMC,QAASkB,IAAYI,KAAK,GAAG;AACrC,mBAAWG,KAAMP,IAAYI,OAAO;AAClC,cAAIG,GAAGF,KAAMD,OAAME,KAAKC,CAAAA;QAC1B;MACF;AAEA,iBAAW/B,QAAQ4B,OAAO;AACxB,YAAI;AACF,gBAAMI,OAAOhC,KAAK6B,IAAI;QACxB,QAAQ;QAER;MACF;IACF,CAAA;AAEAH,SAAAA;EACF;AACF;AAzBgBH;AAgCT,SAASU,sBAAsBC,QAAwB;AAC5D,QAAM5C,UAAyB,CAAC;AAChC,MAAI4C,OAAOvC,QAASL,SAAQK,UAAUuC,OAAOvC;AAC7C,MAAIuC,OAAOrC,aAAcP,SAAQO,eAAeqC,OAAOrC;AACvD,MAAIqC,OAAO1C,cAAeF,SAAQE,gBAAgB0C,OAAO1C;AAEzD,QAAM0B,YAAYgB,OAAOhB,aAAa;AAEtC,UAAQgB,OAAOC,MAAI;IACjB,KAAK;AACH,aAAOlB,OAAOC,WAAW5B,OAAAA;IAC3B,KAAK;AACH,aAAO8B,MAAMF,WAAWgB,OAAOb,YAAY,IAAI/B,OAAAA;IACjD,KAAK;AACH,aAAOgC,KAAKhC,OAAAA;EAChB;AACF;AAhBgB2C;AAmBT,IAAMG,SAAS;EAAEnB;EAAQG;EAAOE;AAAK;","names":["unlink","multer","MIME_MAP","jpg","jpeg","png","gif","webp","svg","bmp","ico","tiff","tif","avif","pdf","doc","docx","xls","xlsx","ppt","pptx","odt","ods","odp","rtf","txt","csv","zip","gz","tar","rar","mp3","wav","ogg","flac","aac","mp4","webm","avi","mov","mkv","json","xml","html","resolveMimeTypes","types","map","t","lower","toLowerCase","replace","createMulter","options","mimeMap","customMimeMap","limits","fileSize","maxSize","fileFilter","allowedTypes","filterFn","_req","file","cb","mimetype","originalname","Error","Array","isArray","resolvedTypes","allowed","some","type","endsWith","startsWith","multerOptions","storage","dest","multer","single","fieldName","m","array","maxCount","none","cleanupFiles","req","res","next","on","files","path","push","f","unlink","buildUploadMiddleware","config","mode","upload"]}

package/dist/{chunk-RZUH6NBM.js → chunk-LQ6RSWMX.js}

@@ -1,9 +1,9 @@
 import {
   parseQuery
-} from "./chunk-JM7X7SAD.js";
+} from "./chunk-VXX2Y3TA.js";
 import {
   __name
-} from "./chunk-7QVYU63E.js";
+} from "./chunk-WCQVDF3K.js";
 
 // src/context.ts
 var RequestContext = class {
@@ -35,6 +35,10 @@ var RequestContext = class {
   get requestId() {
     return this.req.requestId ?? this.req.headers["x-request-id"];
   }
+  /** Session data (requires session middleware) */
+  get session() {
+    return this.req.session;
+  }
   // ── Query String Parsing ───────────────────────────────────────────
   /**
   * Parse the request query string into structured filters, sort, pagination, and search.
@@ -107,4 +111,4 @@ var RequestContext = class {
 export {
   RequestContext
 };
-//# sourceMappingURL=chunk-RZUH6NBM.js.map
+//# sourceMappingURL=chunk-LQ6RSWMX.js.map

package/dist/chunk-LQ6RSWMX.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/context.ts"],"sourcesContent":["import type { Request, Response, NextFunction } from 'express'\nimport { parseQuery, type ParsedQuery, type QueryFieldConfig } from './query'\n\n/**\n * Unified request/response abstraction passed to every controller method.\n * Shields handlers from raw Express objects and provides convenience methods.\n */\nexport class RequestContext<TBody = any, TParams = any, TQuery = any> {\n  private metadata = new Map<string, any>()\n\n  constructor(\n    public readonly req: Request,\n    public readonly res: Response,\n    public readonly next: NextFunction,\n  ) {}\n\n  // ── Request Data ────────────────────────────────────────────────────\n\n  get body(): TBody {\n    return this.req.body as TBody\n  }\n\n  get params(): TParams {\n    return this.req.params as TParams\n  }\n\n  get query(): TQuery {\n    return this.req.query as TQuery\n  }\n\n  get headers() {\n    return this.req.headers\n  }\n\n  get requestId(): string | undefined {\n    return (this.req as any).requestId ?? (this.req.headers['x-request-id'] as string | undefined)\n  }\n\n  /** Session data (requires session middleware) */\n  get session(): any {\n    return (this.req as any).session\n  }\n\n  // ── Query String Parsing ───────────────────────────────────────────\n\n  /**\n   * Parse the request query string into structured filters, sort, pagination, and search.\n   * Pass the result to an ORM query builder adapter (Drizzle, Prisma, Sequelize, etc.).\n   *\n   * @param fieldConfig - Optional whitelist for filterable, sortable, and searchable fields\n   *\n   * @example\n   * ```ts\n   * @Get('/')\n   * async list(ctx: RequestContext) {\n   *   const parsed = ctx.qs({\n   *     filterable: ['status', 'priority'],\n   *     sortable: ['createdAt', 'title'],\n   *   })\n   *   const q = drizzleAdapter.build(parsed, { columns })\n   *   // ... use q.where, q.orderBy, q.limit, q.offset\n   * }\n   * ```\n   */\n  qs(fieldConfig?: QueryFieldConfig): ParsedQuery {\n    return parseQuery(this.req.query as Record<string, any>, fieldConfig)\n  }\n\n  // ── File Uploads ────────────────────────────────────────────────────\n\n  /** Single uploaded file (requires @FileUpload({ mode: 'single' })) */\n  get file(): any {\n    return (this.req as any).file\n  }\n\n  /** Array of uploaded files (requires @FileUpload({ mode: 'array' })) */\n  get files(): any[] | undefined {\n    return (this.req as any).files\n  }\n\n  // ── Metadata Store ──────────────────────────────────────────────────\n\n  get<T = any>(key: string): T | undefined {\n    return this.metadata.get(key) as T | undefined\n  }\n\n  set(key: string, value: any): void {\n    this.metadata.set(key, value)\n  }\n\n  // ── Response Helpers ────────────────────────────────────────────────\n\n  json(data: any, status = 200) {\n    return this.res.status(status).json(data)\n  }\n\n  created(data: any) {\n    return this.res.status(201).json(data)\n  }\n\n  noContent() {\n    return this.res.status(204).end()\n  }\n\n  notFound(message = 'Not Found') {\n    return this.res.status(404).json({ message })\n  }\n\n  badRequest(message: string) {\n    return this.res.status(400).json({ message })\n  }\n\n  html(content: string, status = 200) {\n    return this.res.status(status).type('html').send(content)\n  }\n\n  download(buffer: Buffer, filename: string, contentType = 'application/octet-stream') {\n    this.res.setHeader('Content-Disposition', `attachment; filename=\"${filename}\"`)\n    this.res.setHeader('Content-Type', contentType)\n    return this.res.send(buffer)\n  }\n}\n"],"mappings":";;;;;;;;AAOO,IAAMA,iBAAN,MAAMA;EANb,OAMaA;;;;;;EACHC,WAAW,oBAAIC,IAAAA;EAEvB,YACkBC,KACAC,KACAC,MAChB;SAHgBF,MAAAA;SACAC,MAAAA;SACAC,OAAAA;EACf;;EAIH,IAAIC,OAAc;AAChB,WAAO,KAAKH,IAAIG;EAClB;EAEA,IAAIC,SAAkB;AACpB,WAAO,KAAKJ,IAAII;EAClB;EAEA,IAAIC,QAAgB;AAClB,WAAO,KAAKL,IAAIK;EAClB;EAEA,IAAIC,UAAU;AACZ,WAAO,KAAKN,IAAIM;EAClB;EAEA,IAAIC,YAAgC;AAClC,WAAQ,KAAKP,IAAYO,aAAc,KAAKP,IAAIM,QAAQ,cAAA;EAC1D;;EAGA,IAAIE,UAAe;AACjB,WAAQ,KAAKR,IAAYQ;EAC3B;;;;;;;;;;;;;;;;;;;;;EAuBAC,GAAGC,aAA6C;AAC9C,WAAOC,WAAW,KAAKX,IAAIK,OAA8BK,WAAAA;EAC3D;;;EAKA,IAAIE,OAAY;AACd,WAAQ,KAAKZ,IAAYY;EAC3B;;EAGA,IAAIC,QAA2B;AAC7B,WAAQ,KAAKb,IAAYa;EAC3B;;EAIAC,IAAaC,KAA4B;AACvC,WAAO,KAAKjB,SAASgB,IAAIC,GAAAA;EAC3B;EAEAC,IAAID,KAAaE,OAAkB;AACjC,SAAKnB,SAASkB,IAAID,KAAKE,KAAAA;EACzB;;EAIAC,KAAKC,MAAWC,SAAS,KAAK;AAC5B,WAAO,KAAKnB,IAAImB,OAAOA,MAAAA,EAAQF,KAAKC,IAAAA;EACtC;EAEAE,QAAQF,MAAW;AACjB,WAAO,KAAKlB,IAAImB,OAAO,GAAA,EAAKF,KAAKC,IAAAA;EACnC;EAEAG,YAAY;AACV,WAAO,KAAKrB,IAAImB,OAAO,GAAA,EAAKG,IAAG;EACjC;EAEAC,SAASC,UAAU,aAAa;AAC9B,WAAO,KAAKxB,IAAImB,OAAO,GAAA,EAAKF,KAAK;MAAEO;IAAQ,CAAA;EAC7C;EAEAC,WAAWD,SAAiB;AAC1B,WAAO,KAAKxB,IAAImB,OAAO,GAAA,EAAKF,KAAK;MAAEO;IAAQ,CAAA;EAC7C;EAEAE,KAAKC,SAAiBR,SAAS,KAAK;AAClC,WAAO,KAAKnB,IAAImB,OAAOA,MAAAA,EAAQS,KAAK,MAAA,EAAQC,KAAKF,OAAAA;EACnD;EAEAG,SAASC,QAAgBC,UAAkBC,cAAc,4BAA4B;AACnF,SAAKjC,IAAIkC,UAAU,uBAAuB,yBAAyBF,QAAAA,GAAW;AAC9E,SAAKhC,IAAIkC,UAAU,gBAAgBD,WAAAA;AACnC,WAAO,KAAKjC,IAAI6B,KAAKE,MAAAA;EACvB;AACF;","names":["RequestContext","metadata","Map","req","res","next","body","params","query","headers","requestId","session","qs","fieldConfig","parseQuery","file","files","get","key","set","value","json","data","status","created","noContent","end","notFound","message","badRequest","html","content","type","send","download","buffer","filename","contentType","setHeader"]}

package/dist/chunk-NQJNMKW5.js

@@ -0,0 +1,158 @@
+import {
+  __name
+} from "./chunk-WCQVDF3K.js";
+
+// src/middleware/session.ts
+import { randomUUID, createHmac, timingSafeEqual } from "crypto";
+var MemoryStore = class MemoryStore2 {
+  static {
+    __name(this, "MemoryStore");
+  }
+  sessions = /* @__PURE__ */ new Map();
+  cleanupInterval;
+  constructor() {
+    this.cleanupInterval = setInterval(() => this.purge(), 6e4);
+    this.cleanupInterval.unref();
+  }
+  async get(sid) {
+    const entry = this.sessions.get(sid);
+    if (!entry) return null;
+    if (Date.now() > entry.expires) {
+      this.sessions.delete(sid);
+      return null;
+    }
+    return entry.data;
+  }
+  async set(sid, data, maxAge) {
+    this.sessions.set(sid, {
+      data,
+      expires: Date.now() + maxAge
+    });
+  }
+  async destroy(sid) {
+    this.sessions.delete(sid);
+  }
+  async touch(sid, maxAge) {
+    const entry = this.sessions.get(sid);
+    if (entry) {
+      entry.expires = Date.now() + maxAge;
+    }
+  }
+  purge() {
+    const now = Date.now();
+    for (const [sid, entry] of this.sessions) {
+      if (now > entry.expires) {
+        this.sessions.delete(sid);
+      }
+    }
+  }
+};
+function sign(value, secret) {
+  const signature = createHmac("sha256", secret).update(value).digest("base64url");
+  return `s:${value}.${signature}`;
+}
+__name(sign, "sign");
+function unsign(signed, secret) {
+  if (!signed.startsWith("s:")) return false;
+  const raw = signed.slice(2);
+  const dotIndex = raw.lastIndexOf(".");
+  if (dotIndex === -1) return false;
+  const value = raw.slice(0, dotIndex);
+  const providedSig = raw.slice(dotIndex + 1);
+  const expectedSig = createHmac("sha256", secret).update(value).digest("base64url");
+  const a = Buffer.from(providedSig);
+  const b = Buffer.from(expectedSig);
+  if (a.length !== b.length || !timingSafeEqual(a, b)) {
+    return false;
+  }
+  return value;
+}
+__name(unsign, "unsign");
+function session(options) {
+  const { secret, cookieName = "kick.sid", maxAge = 864e5, rolling = false, saveUninitialized = true, store = new MemoryStore(), cookie: cookieOpts = {} } = options;
+  const cookieDefaults = {
+    httpOnly: cookieOpts.httpOnly ?? true,
+    secure: cookieOpts.secure ?? process.env.NODE_ENV === "production",
+    sameSite: cookieOpts.sameSite ?? "lax",
+    path: cookieOpts.path ?? "/",
+    ...cookieOpts.domain ? {
+      domain: cookieOpts.domain
+    } : {},
+    maxAge
+  };
+  return async (req, res, next) => {
+    const cookies = req.cookies || {};
+    const signedCookie = cookies[cookieName];
+    let sid = false;
+    let sessionData = null;
+    let isNew = false;
+    if (signedCookie) {
+      sid = unsign(signedCookie, secret);
+      if (sid) {
+        sessionData = await store.get(sid);
+      }
+    }
+    if (!sid || !sessionData) {
+      sid = randomUUID();
+      sessionData = {};
+      isNew = true;
+    }
+    let currentSid = sid;
+    let currentData = {
+      ...sessionData
+    };
+    let destroyed = false;
+    const sessionObj = {
+      get id() {
+        return currentSid;
+      },
+      data: currentData,
+      async regenerate() {
+        await store.destroy(currentSid);
+        currentSid = randomUUID();
+        currentData = {};
+        sessionObj.data = currentData;
+        await store.set(currentSid, currentData, maxAge);
+        res.cookie(cookieName, sign(currentSid, secret), cookieDefaults);
+      },
+      async destroy() {
+        await store.destroy(currentSid);
+        destroyed = true;
+        currentData = {};
+        sessionObj.data = currentData;
+        res.clearCookie(cookieName, {
+          path: cookieDefaults.path
+        });
+      },
+      async save() {
+        if (!destroyed) {
+          await store.set(currentSid, currentData, maxAge);
+        }
+      }
+    };
+    req.session = sessionObj;
+    if (isNew) {
+      res.cookie(cookieName, sign(currentSid, secret), cookieDefaults);
+    }
+    res.on("finish", async () => {
+      if (destroyed) return;
+      if (isNew && !saveUninitialized && Object.keys(currentData).length === 0) return;
+      await store.set(currentSid, currentData, maxAge);
+      if (rolling && !isNew) {
+        if (store.touch) {
+          await store.touch(currentSid, maxAge);
+        }
+      }
+    });
+    if (rolling && !isNew) {
+      res.cookie(cookieName, sign(currentSid, secret), cookieDefaults);
+    }
+    next();
+  };
+}
+__name(session, "session");
+
+export {
+  session
+};
+//# sourceMappingURL=chunk-NQJNMKW5.js.map

package/dist/chunk-NQJNMKW5.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/middleware/session.ts"],"sourcesContent":["import { randomUUID, createHmac, timingSafeEqual } from 'node:crypto'\nimport type { Request, Response, NextFunction } from 'express'\n\nexport interface SessionData {\n  [key: string]: unknown\n}\n\nexport interface SessionStore {\n  get(sid: string): Promise<SessionData | null>\n  set(sid: string, data: SessionData, maxAge: number): Promise<void>\n  destroy(sid: string): Promise<void>\n  touch?(sid: string, maxAge: number): Promise<void>\n}\n\nexport interface Session {\n  id: string\n  data: SessionData\n  regenerate(): Promise<void>\n  destroy(): Promise<void>\n  save(): Promise<void>\n}\n\nexport interface SessionOptions {\n  /** Secret used to sign the session cookie (required) */\n  secret: string\n  /** Cookie name (default: 'kick.sid') */\n  cookieName?: string\n  /** Session max age in milliseconds (default: 86400000 = 24h) */\n  maxAge?: number\n  /** Reset maxAge on every response (default: false) */\n  rolling?: boolean\n  /** Save new sessions that have not been modified (default: true) */\n  saveUninitialized?: boolean\n  /** Cookie options */\n  cookie?: {\n    httpOnly?: boolean\n    secure?: boolean\n    sameSite?: 'strict' | 'lax' | 'none'\n    path?: string\n    domain?: string\n  }\n  /** Custom session store (default: in-memory store with TTL cleanup) */\n  store?: SessionStore\n}\n\n// ── In-Memory Store ───────────────────────────────────────────────────\n\nclass MemoryStore implements SessionStore {\n  private sessions = new Map<string, { data: SessionData; expires: number }>()\n  private cleanupInterval: ReturnType<typeof setInterval>\n\n  constructor() {\n    // Purge expired sessions every 60 seconds\n    this.cleanupInterval = setInterval(() => this.purge(), 60_000)\n    this.cleanupInterval.unref()\n  }\n\n  async get(sid: string): Promise<SessionData | null> {\n    const entry = this.sessions.get(sid)\n    if (!entry) return null\n    if (Date.now() > entry.expires) {\n      this.sessions.delete(sid)\n      return null\n    }\n    return entry.data\n  }\n\n  async set(sid: string, data: SessionData, maxAge: number): Promise<void> {\n    this.sessions.set(sid, { data, expires: Date.now() + maxAge })\n  }\n\n  async destroy(sid: string): Promise<void> {\n    this.sessions.delete(sid)\n  }\n\n  async touch(sid: string, maxAge: number): Promise<void> {\n    const entry = this.sessions.get(sid)\n    if (entry) {\n      entry.expires = Date.now() + maxAge\n    }\n  }\n\n  private purge() {\n    const now = Date.now()\n    for (const [sid, entry] of this.sessions) {\n      if (now > entry.expires) {\n        this.sessions.delete(sid)\n      }\n    }\n  }\n}\n\n// ── Cookie Signing ────────────────────────────────────────────────────\n\nfunction sign(value: string, secret: string): string {\n  const signature = createHmac('sha256', secret).update(value).digest('base64url')\n  return `s:${value}.${signature}`\n}\n\nfunction unsign(signed: string, secret: string): string | false {\n  if (!signed.startsWith('s:')) return false\n  const raw = signed.slice(2)\n  const dotIndex = raw.lastIndexOf('.')\n  if (dotIndex === -1) return false\n\n  const value = raw.slice(0, dotIndex)\n  const providedSig = raw.slice(dotIndex + 1)\n  const expectedSig = createHmac('sha256', secret).update(value).digest('base64url')\n\n  const a = Buffer.from(providedSig)\n  const b = Buffer.from(expectedSig)\n\n  if (a.length !== b.length || !timingSafeEqual(a, b)) {\n    return false\n  }\n\n  return value\n}\n\n// ── Middleware Factory ────────────────────────────────────────────────\n\n/**\n * Session management middleware.\n *\n * Attaches a `req.session` object with `id`, `data`, `regenerate()`,\n * `destroy()`, and `save()` methods. Session IDs are signed with\n * HMAC-SHA256 to prevent cookie tampering.\n *\n * @example\n * ```ts\n * import { session } from '@forinda/kickjs-http'\n *\n * bootstrap({\n *   modules,\n *   middleware: [\n *     cookieParser(),\n *     session({ secret: process.env.SESSION_SECRET! }),\n *     // ... other middleware\n *   ],\n * })\n * ```\n */\nexport function session(options: SessionOptions) {\n  const {\n    secret,\n    cookieName = 'kick.sid',\n    maxAge = 86_400_000,\n    rolling = false,\n    saveUninitialized = true,\n    store = new MemoryStore(),\n    cookie: cookieOpts = {},\n  } = options\n\n  const cookieDefaults = {\n    httpOnly: cookieOpts.httpOnly ?? true,\n    secure: cookieOpts.secure ?? process.env.NODE_ENV === 'production',\n    sameSite: cookieOpts.sameSite ?? ('lax' as const),\n    path: cookieOpts.path ?? '/',\n    ...(cookieOpts.domain ? { domain: cookieOpts.domain } : {}),\n    maxAge,\n  }\n\n  return async (req: Request, res: Response, next: NextFunction) => {\n    const cookies = (req as any).cookies || {}\n    const signedCookie = cookies[cookieName]\n    let sid: string | false = false\n    let sessionData: SessionData | null = null\n    let isNew = false\n\n    // Attempt to recover existing session\n    if (signedCookie) {\n      sid = unsign(signedCookie, secret)\n      if (sid) {\n        sessionData = await store.get(sid)\n      }\n    }\n\n    // Create new session if none found\n    if (!sid || !sessionData) {\n      sid = randomUUID()\n      sessionData = {}\n      isNew = true\n    }\n\n    let currentSid = sid as string\n    let currentData = { ...sessionData }\n    let destroyed = false\n\n    const sessionObj: Session = {\n      get id() {\n        return currentSid\n      },\n      data: currentData,\n\n      async regenerate() {\n        await store.destroy(currentSid)\n        currentSid = randomUUID()\n        currentData = {}\n        sessionObj.data = currentData\n        await store.set(currentSid, currentData, maxAge)\n        res.cookie(cookieName, sign(currentSid, secret), cookieDefaults)\n      },\n\n      async destroy() {\n        await store.destroy(currentSid)\n        destroyed = true\n        currentData = {}\n        sessionObj.data = currentData\n        res.clearCookie(cookieName, { path: cookieDefaults.path })\n      },\n\n      async save() {\n        if (!destroyed) {\n          await store.set(currentSid, currentData, maxAge)\n        }\n      },\n    }\n\n    ;(req as any).session = sessionObj\n\n    // Set cookie for new sessions\n    if (isNew) {\n      res.cookie(cookieName, sign(currentSid, secret), cookieDefaults)\n    }\n\n    // Auto-save on response finish\n    res.on('finish', async () => {\n      if (destroyed) return\n      if (isNew && !saveUninitialized && Object.keys(currentData).length === 0) return\n\n      await store.set(currentSid, currentData, maxAge)\n\n      if (rolling && !isNew) {\n        if (store.touch) {\n          await store.touch(currentSid, maxAge)\n        }\n      }\n    })\n\n    // Rolling: refresh cookie on every response\n    if (rolling && !isNew) {\n      res.cookie(cookieName, sign(currentSid, secret), cookieDefaults)\n    }\n\n    next()\n  }\n}\n"],"mappings":";;;;;AAAA,SAASA,YAAYC,YAAYC,uBAAuB;AA+CxD,IAAMC,cAAN,MAAMA,aAAAA;EA/CN,OA+CMA;;;EACIC,WAAW,oBAAIC,IAAAA;EACfC;EAER,cAAc;AAEZ,SAAKA,kBAAkBC,YAAY,MAAM,KAAKC,MAAK,GAAI,GAAA;AACvD,SAAKF,gBAAgBG,MAAK;EAC5B;EAEA,MAAMC,IAAIC,KAA0C;AAClD,UAAMC,QAAQ,KAAKR,SAASM,IAAIC,GAAAA;AAChC,QAAI,CAACC,MAAO,QAAO;AACnB,QAAIC,KAAKC,IAAG,IAAKF,MAAMG,SAAS;AAC9B,WAAKX,SAASY,OAAOL,GAAAA;AACrB,aAAO;IACT;AACA,WAAOC,MAAMK;EACf;EAEA,MAAMC,IAAIP,KAAaM,MAAmBE,QAA+B;AACvE,SAAKf,SAASc,IAAIP,KAAK;MAAEM;MAAMF,SAASF,KAAKC,IAAG,IAAKK;IAAO,CAAA;EAC9D;EAEA,MAAMC,QAAQT,KAA4B;AACxC,SAAKP,SAASY,OAAOL,GAAAA;EACvB;EAEA,MAAMU,MAAMV,KAAaQ,QAA+B;AACtD,UAAMP,QAAQ,KAAKR,SAASM,IAAIC,GAAAA;AAChC,QAAIC,OAAO;AACTA,YAAMG,UAAUF,KAAKC,IAAG,IAAKK;IAC/B;EACF;EAEQX,QAAQ;AACd,UAAMM,MAAMD,KAAKC,IAAG;AACpB,eAAW,CAACH,KAAKC,KAAAA,KAAU,KAAKR,UAAU;AACxC,UAAIU,MAAMF,MAAMG,SAAS;AACvB,aAAKX,SAASY,OAAOL,GAAAA;MACvB;IACF;EACF;AACF;AAIA,SAASW,KAAKC,OAAeC,QAAc;AACzC,QAAMC,YAAYC,WAAW,UAAUF,MAAAA,EAAQG,OAAOJ,KAAAA,EAAOK,OAAO,WAAA;AACpE,SAAO,KAAKL,KAAAA,IAASE,SAAAA;AACvB;AAHSH;AAKT,SAASO,OAAOC,QAAgBN,QAAc;AAC5C,MAAI,CAACM,OAAOC,WAAW,IAAA,EAAO,QAAO;AACrC,QAAMC,MAAMF,OAAOG,MAAM,CAAA;AACzB,QAAMC,WAAWF,IAAIG,YAAY,GAAA;AACjC,MAAID,aAAa,GAAI,QAAO;AAE5B,QAAMX,QAAQS,IAAIC,MAAM,GAAGC,QAAAA;AAC3B,QAAME,cAAcJ,IAAIC,MAAMC,WAAW,CAAA;AACzC,QAAMG,cAAcX,WAAW,UAAUF,MAAAA,EAAQG,OAAOJ,KAAAA,EAAOK,OAAO,WAAA;AAEtE,QAAMU,IAAIC,OAAOC,KAAKJ,WAAAA;AACtB,QAAMK,IAAIF,OAAOC,KAAKH,WAAAA;AAEtB,MAAIC,EAAEI,WAAWD,EAAEC,UAAU,CAACC,gBAAgBL,GAAGG,CAAAA,GAAI;AACnD,WAAO;EACT;AAEA,SAAOlB;AACT;AAlBSM;AA2CF,SAASe,QAAQC,SAAuB;AAC7C,QAAM,EACJrB,QACAsB,aAAa,YACb3B,SAAS,OACT4B,UAAU,OACVC,oBAAoB,MACpBC,QAAQ,IAAI9C,YAAAA,GACZ+C,QAAQC,aAAa,CAAC,EAAC,IACrBN;AAEJ,QAAMO,iBAAiB;IACrBC,UAAUF,WAAWE,YAAY;IACjCC,QAAQH,WAAWG,UAAUC,QAAQC,IAAIC,aAAa;IACtDC,UAAUP,WAAWO,YAAa;IAClCC,MAAMR,WAAWQ,QAAQ;IACzB,GAAIR,WAAWS,SAAS;MAAEA,QAAQT,WAAWS;IAAO,IAAI,CAAC;IACzDzC;EACF;AAEA,SAAO,OAAO0C,KAAcC,KAAeC,SAAAA;AACzC,UAAMC,UAAWH,IAAYG,WAAW,CAAC;AACzC,UAAMC,eAAeD,QAAQlB,UAAAA;AAC7B,QAAInC,MAAsB;AAC1B,QAAIuD,cAAkC;AACtC,QAAIC,QAAQ;AAGZ,QAAIF,cAAc;AAChBtD,YAAMkB,OAAOoC,cAAczC,MAAAA;AAC3B,UAAIb,KAAK;AACPuD,sBAAc,MAAMjB,MAAMvC,IAAIC,GAAAA;MAChC;IACF;AAGA,QAAI,CAACA,OAAO,CAACuD,aAAa;AACxBvD,YAAMyD,WAAAA;AACNF,oBAAc,CAAC;AACfC,cAAQ;IACV;AAEA,QAAIE,aAAa1D;AACjB,QAAI2D,cAAc;MAAE,GAAGJ;IAAY;AACnC,QAAIK,YAAY;AAEhB,UAAMC,aAAsB;MAC1B,IAAIC,KAAK;AACP,eAAOJ;MACT;MACApD,MAAMqD;MAEN,MAAMI,aAAAA;AACJ,cAAMzB,MAAM7B,QAAQiD,UAAAA;AACpBA,qBAAaD,WAAAA;AACbE,sBAAc,CAAC;AACfE,mBAAWvD,OAAOqD;AAClB,cAAMrB,MAAM/B,IAAImD,YAAYC,aAAanD,MAAAA;AACzC2C,YAAIZ,OAAOJ,YAAYxB,KAAK+C,YAAY7C,MAAAA,GAAS4B,cAAAA;MACnD;MAEA,MAAMhC,UAAAA;AACJ,cAAM6B,MAAM7B,QAAQiD,UAAAA;AACpBE,oBAAY;AACZD,sBAAc,CAAC;AACfE,mBAAWvD,OAAOqD;AAClBR,YAAIa,YAAY7B,YAAY;UAAEa,MAAMP,eAAeO;QAAK,CAAA;MAC1D;MAEA,MAAMiB,OAAAA;AACJ,YAAI,CAACL,WAAW;AACd,gBAAMtB,MAAM/B,IAAImD,YAAYC,aAAanD,MAAAA;QAC3C;MACF;IACF;AAEE0C,QAAYjB,UAAU4B;AAGxB,QAAIL,OAAO;AACTL,UAAIZ,OAAOJ,YAAYxB,KAAK+C,YAAY7C,MAAAA,GAAS4B,cAAAA;IACnD;AAGAU,QAAIe,GAAG,UAAU,YAAA;AACf,UAAIN,UAAW;AACf,UAAIJ,SAAS,CAACnB,qBAAqB8B,OAAOC,KAAKT,WAAAA,EAAa5B,WAAW,EAAG;AAE1E,YAAMO,MAAM/B,IAAImD,YAAYC,aAAanD,MAAAA;AAEzC,UAAI4B,WAAW,CAACoB,OAAO;AACrB,YAAIlB,MAAM5B,OAAO;AACf,gBAAM4B,MAAM5B,MAAMgD,YAAYlD,MAAAA;QAChC;MACF;IACF,CAAA;AAGA,QAAI4B,WAAW,CAACoB,OAAO;AACrBL,UAAIZ,OAAOJ,YAAYxB,KAAK+C,YAAY7C,MAAAA,GAAS4B,cAAAA;IACnD;AAEAW,SAAAA;EACF;AACF;AAxGgBnB;","names":["randomUUID","createHmac","timingSafeEqual","MemoryStore","sessions","Map","cleanupInterval","setInterval","purge","unref","get","sid","entry","Date","now","expires","delete","data","set","maxAge","destroy","touch","sign","value","secret","signature","createHmac","update","digest","unsign","signed","startsWith","raw","slice","dotIndex","lastIndexOf","providedSig","expectedSig","a","Buffer","from","b","length","timingSafeEqual","session","options","cookieName","rolling","saveUninitialized","store","cookie","cookieOpts","cookieDefaults","httpOnly","secure","process","env","NODE_ENV","sameSite","path","domain","req","res","next","cookies","signedCookie","sessionData","isNew","randomUUID","currentSid","currentData","destroyed","sessionObj","id","regenerate","clearCookie","save","on","Object","keys"]}

package/dist/{chunk-KAWXFLFS.js → chunk-OWLI3SBW.js}

@@ -1,12 +1,21 @@
 import {
   Application
-} from "./chunk-P3YCN5LK.js";
+} from "./chunk-4G2S7T4R.js";
 import {
-  __name
-} from "./chunk-7QVYU63E.js";
+  __name,
+  __require
+} from "./chunk-WCQVDF3K.js";
 
 // src/bootstrap.ts
 import { createLogger } from "@forinda/kickjs-core";
+function tryReloadEnv() {
+  try {
+    const config = __require("@forinda/kickjs-config");
+    config.reloadEnv?.();
+  } catch {
+  }
+}
+__name(tryReloadEnv, "tryReloadEnv");
 var log = createLogger("Process");
 function bootstrap(options) {
   const g = globalThis;
@@ -31,6 +40,7 @@ function bootstrap(options) {
   }
   if (g.__app) {
     log.info("HMR: Rebuilding application...");
+    tryReloadEnv();
     g.__app.rebuild();
     return;
   }
@@ -47,4 +57,4 @@ __name(bootstrap, "bootstrap");
 export {
   bootstrap
 };
-//# sourceMappingURL=chunk-KAWXFLFS.js.map
+//# sourceMappingURL=chunk-OWLI3SBW.js.map

package/dist/chunk-OWLI3SBW.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/bootstrap.ts"],"sourcesContent":["import { createLogger } from '@forinda/kickjs-core'\nimport { Application, type ApplicationOptions } from './application'\n\n/** Try to reload env from .env file if config package is available */\nfunction tryReloadEnv(): void {\n  try {\n    const config = require('@forinda/kickjs-config')\n    config.reloadEnv?.()\n  } catch {\n    // Config package not installed — skip\n  }\n}\n\nconst log = createLogger('Process')\n\n/**\n * Bootstrap a KickJS application with zero boilerplate.\n *\n * Handles:\n * - Vite HMR (hot-swaps Express handler without restarting the server)\n * - Graceful shutdown on SIGINT / SIGTERM\n * - Global uncaughtException / unhandledRejection handlers\n * - globalThis app storage for HMR rebuild\n *\n * @example\n * ```ts\n * // src/index.ts — that's it, the whole file\n * import 'reflect-metadata'\n * import { bootstrap } from '@forinda/kickjs-http'\n * import { modules } from './modules'\n *\n * bootstrap({ modules })\n * ```\n */\nexport function bootstrap(options: ApplicationOptions): void {\n  const g = globalThis as any\n\n  // ── Global error handlers ────────────────────────────────────────────\n  if (!g.__kickBootstrapped) {\n    process.on('uncaughtException', (err) => {\n      log.error(err, 'Uncaught exception')\n    })\n\n    process.on('unhandledRejection', (reason) => {\n      log.error(reason as any, 'Unhandled rejection')\n    })\n\n    for (const signal of ['SIGINT', 'SIGTERM'] as const) {\n      process.on(signal, async () => {\n        log.info(`Received ${signal}, shutting down...`)\n        if (g.__app) await g.__app.shutdown()\n        process.exit(0)\n      })\n    }\n\n    g.__kickBootstrapped = true\n  }\n\n  // ── HMR rebuild ──────────────────────────────────────────────────────\n  if (g.__app) {\n    log.info('HMR: Rebuilding application...')\n    tryReloadEnv()\n    g.__app.rebuild()\n    return\n  }\n\n  // ── First boot ───────────────────────────────────────────────────────\n  const app = new Application(options)\n  g.__app = app\n  app.start()\n\n  // ── Vite HMR acceptance ──────────────────────────────────────────────\n  const meta = import.meta as any\n  if (meta.hot) {\n    meta.hot.accept()\n  }\n}\n"],"mappings":";;;;;;;;;AAAA,SAASA,oBAAoB;AAI7B,SAASC,eAAAA;AACP,MAAI;AACF,UAAMC,SAASC,UAAQ,wBAAA;AACvBD,WAAOE,YAAS;EAClB,QAAQ;EAER;AACF;AAPSH;AAST,IAAMI,MAAMC,aAAa,SAAA;AAqBlB,SAASC,UAAUC,SAA2B;AACnD,QAAMC,IAAIC;AAGV,MAAI,CAACD,EAAEE,oBAAoB;AACzBC,YAAQC,GAAG,qBAAqB,CAACC,QAAAA;AAC/BT,UAAIU,MAAMD,KAAK,oBAAA;IACjB,CAAA;AAEAF,YAAQC,GAAG,sBAAsB,CAACG,WAAAA;AAChCX,UAAIU,MAAMC,QAAe,qBAAA;IAC3B,CAAA;AAEA,eAAWC,UAAU;MAAC;MAAU;OAAqB;AACnDL,cAAQC,GAAGI,QAAQ,YAAA;AACjBZ,YAAIa,KAAK,YAAYD,MAAAA,oBAA0B;AAC/C,YAAIR,EAAEU,MAAO,OAAMV,EAAEU,MAAMC,SAAQ;AACnCR,gBAAQS,KAAK,CAAA;MACf,CAAA;IACF;AAEAZ,MAAEE,qBAAqB;EACzB;AAGA,MAAIF,EAAEU,OAAO;AACXd,QAAIa,KAAK,gCAAA;AACTjB,iBAAAA;AACAQ,MAAEU,MAAMG,QAAO;AACf;EACF;AAGA,QAAMC,MAAM,IAAIC,YAAYhB,OAAAA;AAC5BC,IAAEU,QAAQI;AACVA,MAAIE,MAAK;AAGT,QAAMC,OAAO;AACb,MAAIA,KAAKC,KAAK;AACZD,SAAKC,IAAIC,OAAM;EACjB;AACF;AA1CgBrB;","names":["createLogger","tryReloadEnv","config","require","reloadEnv","log","createLogger","bootstrap","options","g","globalThis","__kickBootstrapped","process","on","err","error","reason","signal","info","__app","shutdown","exit","rebuild","app","Application","start","meta","hot","accept"]}

package/dist/{chunk-JD2RKDKH.js → chunk-RPN7UFUO.js}

@@ -1,6 +1,6 @@
 import {
   __name
-} from "./chunk-7QVYU63E.js";
+} from "./chunk-WCQVDF3K.js";
 
 // src/middleware/validate.ts
 function validate(schema) {
@@ -58,4 +58,4 @@ __name(validate, "validate");
 export {
   validate
 };
-//# sourceMappingURL=chunk-JD2RKDKH.js.map
+//# sourceMappingURL=chunk-RPN7UFUO.js.map

package/dist/{chunk-U2JYL2NW.js → chunk-VFVMIFNZ.js}

@@ -1,12 +1,15 @@
+import {
+  buildUploadMiddleware
+} from "./chunk-LEILPDMW.js";
 import {
   validate
-} from "./chunk-JD2RKDKH.js";
+} from "./chunk-RPN7UFUO.js";
 import {
   RequestContext
-} from "./chunk-RZUH6NBM.js";
+} from "./chunk-LQ6RSWMX.js";
 import {
   __name
-} from "./chunk-7QVYU63E.js";
+} from "./chunk-WCQVDF3K.js";
 
 // src/router-builder.ts
 import "reflect-metadata";
@@ -31,6 +34,10 @@ function buildRoutes(controllerClass) {
     if (route.validation) {
       handlers.push(validate(route.validation));
     }
+    const fileUploadConfig = Reflect.getMetadata(METADATA.FILE_UPLOAD, controllerClass, route.handlerName);
+    if (fileUploadConfig) {
+      handlers.push(buildUploadMiddleware(fileUploadConfig));
+    }
     for (const mw of [
       ...classMiddlewares,
       ...methodMiddlewares
@@ -59,4 +66,4 @@ export {
   getControllerPath,
   buildRoutes
 };
-//# sourceMappingURL=chunk-U2JYL2NW.js.map
+//# sourceMappingURL=chunk-VFVMIFNZ.js.map

package/dist/chunk-VFVMIFNZ.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/router-builder.ts"],"sourcesContent":["import 'reflect-metadata'\nimport { Router, type Request, type Response, type NextFunction } from 'express'\nimport {\n  Container,\n  METADATA,\n  type RouteDefinition,\n  type MiddlewareHandler,\n  type FileUploadConfig,\n} from '@forinda/kickjs-core'\nimport { RequestContext } from './context'\nimport { validate } from './middleware/validate'\nimport { buildUploadMiddleware } from './middleware/upload'\n\n/** Get the controller path set by @Controller('/path') */\nexport function getControllerPath(controllerClass: any): string {\n  return Reflect.getMetadata(METADATA.CONTROLLER_PATH, controllerClass) || '/'\n}\n\n/**\n * Build an Express Router from a controller class decorated with @Get, @Post, etc.\n * Resolves the controller from the DI container, wraps handlers in RequestContext,\n * and applies class-level and method-level middleware.\n */\nexport function buildRoutes(controllerClass: any): Router {\n  const router = Router()\n  const container = Container.getInstance()\n  const controllerPath = getControllerPath(controllerClass)\n  const routes: RouteDefinition[] = Reflect.getMetadata(METADATA.ROUTES, controllerClass) || []\n\n  // Class-level middleware\n  const classMiddlewares: MiddlewareHandler[] =\n    Reflect.getMetadata(METADATA.CLASS_MIDDLEWARES, controllerClass) || []\n\n  for (const route of routes) {\n    const method = route.method.toLowerCase() as 'get' | 'post' | 'put' | 'delete' | 'patch'\n    let routePath = route.path === '/' ? '' : route.path\n    const fullPath = controllerPath === '/' ? routePath || '/' : controllerPath + routePath\n\n    // Method-level middleware\n    const methodMiddlewares: MiddlewareHandler[] =\n      Reflect.getMetadata(METADATA.METHOD_MIDDLEWARES, controllerClass, route.handlerName) || []\n\n    // Build handler chain\n    const handlers: any[] = []\n\n    // Validation middleware (shared with standalone validate() export)\n    if (route.validation) {\n      handlers.push(validate(route.validation))\n    }\n\n    // @FileUpload decorator — auto-attach upload middleware from metadata\n    const fileUploadConfig: FileUploadConfig | undefined = Reflect.getMetadata(\n      METADATA.FILE_UPLOAD,\n      controllerClass,\n      route.handlerName,\n    )\n    if (fileUploadConfig) {\n      handlers.push(buildUploadMiddleware(fileUploadConfig))\n    }\n\n    // Class + method middleware (wrapped as Express middleware with error catching)\n    for (const mw of [...classMiddlewares, ...methodMiddlewares]) {\n      handlers.push((req: Request, res: Response, next: NextFunction) => {\n        const ctx = new RequestContext(req, res, next)\n        Promise.resolve(mw(ctx, next)).catch(next)\n      })\n    }\n\n    // Main handler — resolve controller per-request to respect DI scoping\n    handlers.push(async (req: Request, res: Response, next: NextFunction) => {\n      const ctx = new RequestContext(req, res, next)\n      try {\n        const controller = container.resolve(controllerClass)\n        await controller[route.handlerName](ctx)\n      } catch (err: any) {\n        next(err)\n      }\n    })\n    ;(router as any)[method](fullPath, ...handlers)\n  }\n\n  return router\n}\n"],"mappings":";;;;;;;;;;;;;;AAAA,OAAO;AACP,SAASA,cAA8D;AACvE,SACEC,WACAC,gBAIK;AAMA,SAASC,kBAAkBC,iBAAoB;AACpD,SAAOC,QAAQC,YAAYC,SAASC,iBAAiBJ,eAAAA,KAAoB;AAC3E;AAFgBD;AAST,SAASM,YAAYL,iBAAoB;AAC9C,QAAMM,SAASC,OAAAA;AACf,QAAMC,YAAYC,UAAUC,YAAW;AACvC,QAAMC,iBAAiBZ,kBAAkBC,eAAAA;AACzC,QAAMY,SAA4BX,QAAQC,YAAYC,SAASU,QAAQb,eAAAA,KAAoB,CAAA;AAG3F,QAAMc,mBACJb,QAAQC,YAAYC,SAASY,mBAAmBf,eAAAA,KAAoB,CAAA;AAEtE,aAAWgB,SAASJ,QAAQ;AAC1B,UAAMK,SAASD,MAAMC,OAAOC,YAAW;AACvC,QAAIC,YAAYH,MAAMI,SAAS,MAAM,KAAKJ,MAAMI;AAChD,UAAMC,WAAWV,mBAAmB,MAAMQ,aAAa,MAAMR,iBAAiBQ;AAG9E,UAAMG,oBACJrB,QAAQC,YAAYC,SAASoB,oBAAoBvB,iBAAiBgB,MAAMQ,WAAW,KAAK,CAAA;AAG1F,UAAMC,WAAkB,CAAA;AAGxB,QAAIT,MAAMU,YAAY;AACpBD,eAASE,KAAKC,SAASZ,MAAMU,UAAU,CAAA;IACzC;AAGA,UAAMG,mBAAiD5B,QAAQC,YAC7DC,SAAS2B,aACT9B,iBACAgB,MAAMQ,WAAW;AAEnB,QAAIK,kBAAkB;AACpBJ,eAASE,KAAKI,sBAAsBF,gBAAAA,CAAAA;IACtC;AAGA,eAAWG,MAAM;SAAIlB;SAAqBQ;OAAoB;AAC5DG,eAASE,KAAK,CAACM,KAAcC,KAAeC,SAAAA;AAC1C,cAAMC,MAAM,IAAIC,eAAeJ,KAAKC,KAAKC,IAAAA;AACzCG,gBAAQC,QAAQP,GAAGI,KAAKD,IAAAA,CAAAA,EAAOK,MAAML,IAAAA;MACvC,CAAA;IACF;AAGAV,aAASE,KAAK,OAAOM,KAAcC,KAAeC,SAAAA;AAChD,YAAMC,MAAM,IAAIC,eAAeJ,KAAKC,KAAKC,IAAAA;AACzC,UAAI;AACF,cAAMM,aAAajC,UAAU+B,QAAQvC,eAAAA;AACrC,cAAMyC,WAAWzB,MAAMQ,WAAW,EAAEY,GAAAA;MACtC,SAASM,KAAU;AACjBP,aAAKO,GAAAA;MACP;IACF,CAAA;AACEpC,WAAeW,MAAAA,EAAQI,UAAAA,GAAaI,QAAAA;EACxC;AAEA,SAAOnB;AACT;AA3DgBD;","names":["Router","Container","METADATA","getControllerPath","controllerClass","Reflect","getMetadata","METADATA","CONTROLLER_PATH","buildRoutes","router","Router","container","Container","getInstance","controllerPath","routes","ROUTES","classMiddlewares","CLASS_MIDDLEWARES","route","method","toLowerCase","routePath","path","fullPath","methodMiddlewares","METHOD_MIDDLEWARES","handlerName","handlers","validation","push","validate","fileUploadConfig","FILE_UPLOAD","buildUploadMiddleware","mw","req","res","next","ctx","RequestContext","Promise","resolve","catch","controller","err"]}

package/dist/{chunk-JM7X7SAD.js → chunk-VXX2Y3TA.js}

@@ -1,6 +1,6 @@
 import {
   __name
-} from "./chunk-7QVYU63E.js";
+} from "./chunk-WCQVDF3K.js";
 
 // src/query/types.ts
 var FILTER_OPERATORS = /* @__PURE__ */ new Set([
@@ -130,4 +130,4 @@ export {
   parseQuery,
   buildQueryParams
 };
-//# sourceMappingURL=chunk-JM7X7SAD.js.map
+//# sourceMappingURL=chunk-VXX2Y3TA.js.map

package/dist/chunk-WCQVDF3K.js

@@ -0,0 +1,14 @@
+var __defProp = Object.defineProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+export {
+  __name,
+  __require
+};
+//# sourceMappingURL=chunk-WCQVDF3K.js.map

package/dist/context.d.ts

@@ -17,6 +17,8 @@ declare class RequestContext<TBody = any, TParams = any, TQuery = any> {
     get query(): TQuery;
     get headers(): http.IncomingHttpHeaders;
     get requestId(): string | undefined;
+    /** Session data (requires session middleware) */
+    get session(): any;
     /**
      * Parse the request query string into structured filters, sort, pagination, and search.
      * Pass the result to an ORM query builder adapter (Drizzle, Prisma, Sequelize, etc.).

package/dist/context.js

@@ -1,8 +1,8 @@
 import {
   RequestContext
-} from "./chunk-RZUH6NBM.js";
-import "./chunk-JM7X7SAD.js";
-import "./chunk-7QVYU63E.js";
+} from "./chunk-LQ6RSWMX.js";
+import "./chunk-VXX2Y3TA.js";
+import "./chunk-WCQVDF3K.js";
 export {
   RequestContext
 };

package/dist/devtools.d.ts

@@ -0,0 +1,85 @@
+import { AppAdapter, Ref, ComputedRef, Container, AdapterMiddleware } from '@forinda/kickjs-core';
+
+/** Per-route latency stats */
+interface RouteStats {
+    count: number;
+    totalMs: number;
+    minMs: number;
+    maxMs: number;
+}
+interface DevToolsOptions {
+    /** Base path for debug endpoints (default: '/_debug') */
+    basePath?: string;
+    /** Only enable when this is true (default: process.env.NODE_ENV !== 'production') */
+    enabled?: boolean;
+    /** Include environment variables (sanitized) at /_debug/config (default: false) */
+    exposeConfig?: boolean;
+    /** Env var prefixes to expose (default: ['APP_', 'NODE_ENV']). Others are redacted. */
+    configPrefixes?: string[];
+    /** Callback when error rate exceeds threshold */
+    onErrorRateExceeded?: (rate: number) => void;
+    /** Error rate threshold (default: 0.5 = 50%) */
+    errorRateThreshold?: number;
+}
+/**
+ * DevToolsAdapter — Vue-style reactive introspection for KickJS applications.
+ *
+ * Exposes debug endpoints powered by reactive state (ref, computed, watch):
+ * - `GET /_debug/routes`    — all registered routes with middleware
+ * - `GET /_debug/container` — DI registry with scopes and instantiation status
+ * - `GET /_debug/metrics`   — live request/error counts, error rate, uptime
+ * - `GET /_debug/health`    — deep health check with adapter status
+ * - `GET /_debug/config`    — sanitized environment variables (opt-in)
+ * - `GET /_debug/state`     — full reactive state snapshot
+ *
+ * @example
+ * ```ts
+ * import { DevToolsAdapter } from '@forinda/kickjs-http/devtools'
+ *
+ * bootstrap({
+ *   modules: [UserModule],
+ *   adapters: [
+ *     new DevToolsAdapter({
+ *       enabled: process.env.NODE_ENV !== 'production',
+ *       exposeConfig: true,
+ *       configPrefixes: ['APP_', 'DATABASE_'],
+ *     }),
+ *   ],
+ * })
+ * ```
+ */
+declare class DevToolsAdapter implements AppAdapter {
+    readonly name = "DevToolsAdapter";
+    private basePath;
+    private enabled;
+    private exposeConfig;
+    private configPrefixes;
+    private errorRateThreshold;
+    /** Total requests received */
+    readonly requestCount: Ref<number>;
+    /** Total responses with status >= 500 */
+    readonly errorCount: Ref<number>;
+    /** Total responses with status >= 400 and < 500 */
+    readonly clientErrorCount: Ref<number>;
+    /** Server start time */
+    readonly startedAt: Ref<number>;
+    /** Computed error rate (server errors / total requests) */
+    readonly errorRate: ComputedRef<number>;
+    /** Computed uptime in seconds */
+    readonly uptimeSeconds: ComputedRef<number>;
+    /** Per-route latency tracking */
+    readonly routeLatency: Record<string, RouteStats>;
+    private routes;
+    private container;
+    private adapterStatuses;
+    private stopErrorWatch;
+    constructor(options?: DevToolsOptions);
+    beforeMount(app: any, container: Container): void;
+    middleware(): AdapterMiddleware[];
+    onRouteMount(controllerClass: any, mountPath: string): void;
+    beforeStart(_app: any, _container: Container): void;
+    afterStart(_server: any, _container: Container): void;
+    shutdown(): void;
+}
+
+export { DevToolsAdapter, type DevToolsOptions };

package/dist/devtools.js

@@ -0,0 +1,8 @@
+import {
+  DevToolsAdapter
+} from "./chunk-DUQ7SN7N.js";
+import "./chunk-WCQVDF3K.js";
+export {
+  DevToolsAdapter
+};
+//# sourceMappingURL=devtools.js.map

package/dist/devtools.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/index.d.ts

@@ -6,7 +6,10 @@ export { REQUEST_ID_HEADER, requestId } from './middleware/request-id.js';
 export { validate } from './middleware/validate.js';
 export { errorHandler, notFoundHandler } from './middleware/error-handler.js';
 export { CsrfOptions, csrf } from './middleware/csrf.js';
-export { UploadOptions, cleanupFiles, upload } from './middleware/upload.js';
+export { RateLimitOptions, RateLimitStore, rateLimit } from './middleware/rate-limit.js';
+export { Session, SessionData, SessionOptions, SessionStore, session } from './middleware/session.js';
+export { UploadOptions, buildUploadMiddleware, cleanupFiles, resolveMimeTypes, upload } from './middleware/upload.js';
+export { DevToolsAdapter, DevToolsOptions } from './devtools.js';
 export { buildQueryParams, parseFilters, parsePagination, parseQuery, parseSearchQuery, parseSort } from './query/index.js';
 export { F as FILTER_OPERATORS, a as FilterItem, b as FilterOperator, P as PaginationParams, c as ParsedQuery, Q as QueryBuilderAdapter, d as QueryFieldConfig, S as SortItem } from './types-Doz6f3AB.js';
 import 'node:http';

package/dist/index.js

@@ -1,23 +1,38 @@
 import {
-  cleanupFiles,
-  upload
-} from "./chunk-75Z5FSZN.js";
+  rateLimit
+} from "./chunk-H4S527PH.js";
+import {
+  session
+} from "./chunk-NQJNMKW5.js";
 import {
   bootstrap
-} from "./chunk-KAWXFLFS.js";
+} from "./chunk-OWLI3SBW.js";
 import {
   Application
-} from "./chunk-P3YCN5LK.js";
+} from "./chunk-4G2S7T4R.js";
+import {
+  REQUEST_ID_HEADER,
+  requestId
+} from "./chunk-35NUARK7.js";
+import {
+  DevToolsAdapter
+} from "./chunk-DUQ7SN7N.js";
 import {
   buildRoutes,
   getControllerPath
-} from "./chunk-U2JYL2NW.js";
+} from "./chunk-VFVMIFNZ.js";
+import {
+  buildUploadMiddleware,
+  cleanupFiles,
+  resolveMimeTypes,
+  upload
+} from "./chunk-LEILPDMW.js";
 import {
   validate
-} from "./chunk-JD2RKDKH.js";
+} from "./chunk-RPN7UFUO.js";
 import {
   RequestContext
-} from "./chunk-RZUH6NBM.js";
+} from "./chunk-LQ6RSWMX.js";
 import {
   FILTER_OPERATORS,
   buildQueryParams,
@@ -26,27 +41,25 @@ import {
   parseQuery,
   parseSearchQuery,
   parseSort
-} from "./chunk-JM7X7SAD.js";
+} from "./chunk-VXX2Y3TA.js";
 import {
   csrf
-} from "./chunk-I6UNTOQD.js";
+} from "./chunk-I32MVBEG.js";
 import {
   errorHandler,
   notFoundHandler
-} from "./chunk-BNWCVQQH.js";
-import {
-  REQUEST_ID_HEADER,
-  requestId
-} from "./chunk-ZI52TGQ4.js";
-import "./chunk-7QVYU63E.js";
+} from "./chunk-3NEDJA3J.js";
+import "./chunk-WCQVDF3K.js";
 export {
   Application,
+  DevToolsAdapter,
   FILTER_OPERATORS,
   REQUEST_ID_HEADER,
   RequestContext,
   bootstrap,
   buildQueryParams,
   buildRoutes,
+  buildUploadMiddleware,
   cleanupFiles,
   csrf,
   errorHandler,
@@ -57,7 +70,10 @@ export {
   parseQuery,
   parseSearchQuery,
   parseSort,
+  rateLimit,
   requestId,
+  resolveMimeTypes,
+  session,
   upload,
   validate
 };

package/dist/middleware/csrf.js

@@ -1,7 +1,7 @@
 import {
   csrf
-} from "../chunk-I6UNTOQD.js";
-import "../chunk-7QVYU63E.js";
+} from "../chunk-I32MVBEG.js";
+import "../chunk-WCQVDF3K.js";
 export {
   csrf
 };