@getcronit/pylon 2.10.0-canary-20250206024306.0b965bfde9f8e1db5b2728aeb8259def3c857325 → 3.0.0-canary-20250211153808.b2b63f4e67c55542413f7be6d62ce8139cfcbdbe

package/dist/index.js

@@ -148,13 +148,13 @@ var resolversToGraphQLResolvers = (resolvers, configureContext) => {
         );
       }
       ctx2?.set("graphqlResolveInfo", info);
-      const auth2 = ctx2?.get("auth");
-      if (auth2?.active) {
+      const auth = ctx2?.get("auth");
+      if (auth?.user) {
         scope.setUser({
-          id: auth2.sub,
-          username: auth2.preferred_username,
-          email: auth2.email,
-          details: auth2
+          id: auth.user.sub,
+          username: auth.user.preferred_username,
+          email: auth.user.email,
+          details: auth.user
         });
       }
       let type = null;
@@ -273,18 +273,246 @@ var ServiceError = class extends GraphQLError {
   }
 };
 
-// src/auth/index.ts
-import jwt from "jsonwebtoken";
+// src/plugins/use-auth/use-auth.ts
+import { promises as fs } from "fs";
+import { deleteCookie, getCookie, setCookie } from "hono/cookie";
+import { HTTPException } from "hono/http-exception";
+import * as openid from "openid-client";
 import path from "path";
-import { HTTPException as HTTPException2 } from "hono/http-exception";
-import { env as env2 } from "hono/adapter";
-import * as Sentry2 from "@sentry/bun";
-import { existsSync, readFileSync } from "fs";
-import { sendFunctionEvent as sendFunctionEvent4 } from "@getcronit/pylon-telemetry";
 
-// src/auth/decorators/requireAuth.ts
-import { sendFunctionEvent as sendFunctionEvent3 } from "@getcronit/pylon-telemetry";
-import { HTTPException } from "hono/http-exception";
+// src/plugins/use-auth/import-private-key.ts
+import * as crypto2 from "crypto";
+function str2ab(str) {
+  const buf = new ArrayBuffer(str.length);
+  const bufView = new Uint8Array(buf);
+  for (let i = 0, strLen = str.length; i < strLen; i++) {
+    bufView[i] = str.charCodeAt(i);
+  }
+  return buf;
+}
+var convertPKCS1ToPKCS8 = (pkcs1) => {
+  const key = crypto2.createPrivateKey(pkcs1);
+  return key.export({
+    type: "pkcs8",
+    format: "pem"
+  });
+};
+function importPKCS8PrivateKey(pem) {
+  const pemHeader = "-----BEGIN PRIVATE KEY-----";
+  const pemFooter = "-----END PRIVATE KEY-----";
+  const pemContents = pem.substring(
+    pemHeader.length,
+    pem.length - pemFooter.length - 1
+  );
+  const binaryDerString = atob(pemContents);
+  const binaryDer = str2ab(binaryDerString);
+  return crypto2.subtle.importKey(
+    "pkcs8",
+    binaryDer,
+    {
+      name: "RSASSA-PKCS1-v1_5",
+      hash: "SHA-256"
+    },
+    true,
+    ["sign"]
+  );
+}
+var importPrivateKey = async (pkcs1Pem) => {
+  const pkcs8Pem = convertPKCS1ToPKCS8(pkcs1Pem);
+  return await importPKCS8PrivateKey(pkcs8Pem);
+};
+
+// src/plugins/use-auth/use-auth.ts
+var loadAuthKey = async (keyPath) => {
+  const authKeyFilePath = path.join(process.cwd(), keyPath);
+  const env3 = getContext().env;
+  if (env3.AUTH_KEY) {
+    try {
+      return JSON.parse(env3.AUTH_KEY);
+    } catch (error) {
+      throw new Error(
+        "Error while reading AUTH_KEY. Make sure it is valid JSON"
+      );
+    }
+  }
+  try {
+    const ketFileContent = await fs.readFile(authKeyFilePath, "utf-8");
+    try {
+      return JSON.parse(ketFileContent);
+    } catch (error) {
+      throw new Error(
+        "Error while reading key file. Make sure it is valid JSON"
+      );
+    }
+  } catch (error) {
+    throw new Error("Error while reading key file. Make sure it exists");
+  }
+};
+var openidConfigCache;
+var bootstrapAuth = async (issuer, keyPath) => {
+  if (!openidConfigCache) {
+    const authKey = await loadAuthKey(keyPath);
+    openidConfigCache = await openid.discovery(
+      new URL(issuer),
+      authKey.clientId,
+      void 0,
+      openid.PrivateKeyJwt({
+        key: await importPrivateKey(authKey.key),
+        kid: authKey.keyId
+      })
+    );
+  }
+  return openidConfigCache;
+};
+var PylonAuthException = class extends HTTPException {
+  // Same constructor as HTTPException
+  constructor(...args) {
+    args[1] = {
+      ...args[1],
+      message: `PylonAuthException: ${args[1]?.message}`
+    };
+    super(...args);
+  }
+};
+function useAuth(args) {
+  const { issuer, endpoint = "/auth", keyPath = "key.json" } = args;
+  const loginPath = `${endpoint}/login`;
+  const logoutPath = `${endpoint}/logout`;
+  const callbackPath = `${endpoint}/callback`;
+  return {
+    middleware: async (ctx, next) => {
+      const openidConfig = await bootstrapAuth(issuer, keyPath);
+      ctx.set("auth", { openidConfig });
+      const authCookieToken = getCookie(ctx, "pylon-auth");
+      const authHeader = ctx.req.header("Authorization");
+      const authQueryToken = ctx.req.query("token");
+      if (authCookieToken || authHeader || authQueryToken) {
+        let token;
+        if (authHeader) {
+          const [type, value] = authHeader.split(" ");
+          if (type === "Bearer") {
+            token = value;
+          }
+        } else if (authQueryToken) {
+          token = authQueryToken;
+        } else if (authCookieToken) {
+          token = authCookieToken;
+        }
+        if (!token) {
+          throw new PylonAuthException(401, {
+            message: "Invalid token"
+          });
+        }
+        const introspection = await openid.tokenIntrospection(
+          openidConfig,
+          token,
+          {
+            scope: "openid email profile"
+          }
+        );
+        if (!introspection.active) {
+          throw new PylonAuthException(401, {
+            message: "Token is not active"
+          });
+        }
+        if (!introspection.sub) {
+          throw new PylonAuthException(401, {
+            message: "Token is missing subject"
+          });
+        }
+        const userInfo = await openid.fetchUserInfo(
+          openidConfig,
+          token,
+          introspection.sub
+        );
+        const roles = Object.keys(
+          introspection["urn:zitadel:iam:org:projects:roles"]?.valueOf() || {}
+        );
+        ctx.set("auth", {
+          user: {
+            ...userInfo,
+            roles
+          },
+          openidConfig
+        });
+        return next();
+      }
+    },
+    setup(app2) {
+      app2.get(loginPath, async (ctx) => {
+        const openidConfig = ctx.get("auth").openidConfig;
+        const codeVerifier = openid.randomPKCECodeVerifier();
+        const codeChallenge = await openid.calculatePKCECodeChallenge(
+          codeVerifier
+        );
+        setCookie(ctx, "pylon_code_verifier", codeVerifier, {
+          httpOnly: true,
+          maxAge: 300
+          // 5 minutes
+        });
+        let scope = "openid profile email urn:zitadel:iam:user:resourceowner urn:zitadel:iam:org:projects:roles";
+        const parameters = {
+          scope,
+          code_challenge: codeChallenge,
+          code_challenge_method: "S256",
+          redirect_uri: new URL(ctx.req.url).origin + "/auth/callback",
+          state: openid.randomState()
+        };
+        const authorizationUrl = openid.buildAuthorizationUrl(
+          openidConfig,
+          parameters
+        );
+        return ctx.redirect(authorizationUrl);
+      });
+      app2.get(logoutPath, async (ctx) => {
+        deleteCookie(ctx, "pylon-auth");
+        return ctx.redirect("/");
+      });
+      app2.get(callbackPath, async (ctx) => {
+        const openidConfig = ctx.get("auth").openidConfig;
+        const params = ctx.req.query();
+        const code = params.code;
+        const state = params.state;
+        if (!code || !state) {
+          throw new PylonAuthException(400, {
+            message: "Missing authorization code or state"
+          });
+        }
+        const codeVerifier = getCookie(ctx, "pylon_code_verifier");
+        if (!codeVerifier) {
+          throw new PylonAuthException(400, {
+            message: "Missing code verifier"
+          });
+        }
+        try {
+          const cbUrl = new URL(ctx.req.url);
+          let tokenSet = await openid.authorizationCodeGrant(
+            openidConfig,
+            cbUrl,
+            {
+              pkceCodeVerifier: codeVerifier,
+              expectedState: state
+            },
+            cbUrl.searchParams
+          );
+          setCookie(ctx, `pylon-auth`, tokenSet.access_token, {
+            httpOnly: true,
+            maxAge: tokenSet.expires_in || 3600
+            // Default to 1 hour if not specified
+          });
+          return ctx.redirect("/");
+        } catch (error) {
+          console.error("Error during token exchange:", error);
+          return ctx.text("Authentication failed!", 500);
+        }
+      });
+    }
+  };
+}
+
+// src/plugins/use-auth/auth-require.ts
+import { env as env2 } from "hono/adapter";
+import { HTTPException as HTTPException2 } from "hono/http-exception";
 
 // src/create-decorator.ts
 import { sendFunctionEvent as sendFunctionEvent2 } from "@getcronit/pylon-telemetry";
@@ -335,20 +563,47 @@ function createDecorator(callback) {
   return MyDecorator;
 }
 
-// src/auth/decorators/requireAuth.ts
+// src/plugins/use-auth/auth-require.ts
+var authMiddleware = (checks = {}) => {
+  const middleware = async (ctx, next) => {
+    const AUTH_PROJECT_ID = env2(ctx).AUTH_PROJECT_ID;
+    const auth = ctx.get("auth");
+    if (!auth) {
+      throw new HTTPException2(401, {
+        message: "Authentication required"
+      });
+    }
+    if (checks.roles && auth.user) {
+      const roles = auth.user.roles;
+      const hasRole = checks.roles.some((role) => {
+        return roles.includes(role) || roles.includes(`${AUTH_PROJECT_ID}:${role}`);
+      });
+      if (!hasRole) {
+        const resError = new Response("Forbidden", {
+          status: 403,
+          statusText: "Forbidden",
+          headers: {
+            "Missing-Roles": checks.roles.join(","),
+            "Obtained-Roles": roles.join(",")
+          }
+        });
+        throw new HTTPException2(resError.status, {
+          res: resError
+        });
+      }
+    }
+    return next();
+  };
+  return middleware;
+};
 function requireAuth(checks) {
-  sendFunctionEvent3({
-    name: "requireAuth",
-    duration: 0
-  }).then(() => {
-  });
   const checkAuth = async (c) => {
     const ctx = await c;
     try {
-      await auth.require(checks)(ctx, async () => {
+      await authMiddleware(checks)(ctx, async () => {
       });
     } catch (e) {
-      if (e instanceof HTTPException) {
+      if (e instanceof HTTPException2) {
         if (e.status === 401) {
           throw new ServiceError(e.message, {
             statusCode: 401,
@@ -377,214 +632,11 @@ function requireAuth(checks) {
   });
 }
 
-// src/auth/index.ts
-var authInitialize = () => {
-  const authKeyFilePath = path.join(process.cwd(), "key.json");
-  let API_PRIVATE_KEY_FILE = void 0;
-  if (existsSync(authKeyFilePath)) {
-    try {
-      API_PRIVATE_KEY_FILE = JSON.parse(readFileSync(authKeyFilePath, "utf-8"));
-    } catch (error) {
-      throw new Error(
-        "Error while reading key file. Make sure it is valid JSON"
-      );
-    }
-  }
-  const middleware = Sentry2.startSpan(
-    {
-      name: "AuthMiddleware",
-      op: "auth"
-    },
-    () => async function(ctx, next) {
-      const AUTH_ISSUER = env2(ctx).AUTH_ISSUER;
-      if (!AUTH_ISSUER) {
-        throw new Error("AUTH_ISSUER is not set");
-      }
-      if (!API_PRIVATE_KEY_FILE) {
-        const AUTH_KEY = env2(ctx).AUTH_KEY;
-        API_PRIVATE_KEY_FILE = AUTH_KEY ? JSON.parse(AUTH_KEY) : void 0;
-      }
-      if (!API_PRIVATE_KEY_FILE) {
-        throw new Error(
-          "You have initialized the auth middleware without a private key file"
-        );
-      }
-      const AUTH_PROJECT_ID = env2(ctx).AUTH_PROJECT_ID;
-      const ZITADEL_INTROSPECTION_URL = `${AUTH_ISSUER}/oauth/v2/introspect`;
-      async function getRolesFromToken(tokenString) {
-        const response = await fetch(
-          `${AUTH_ISSUER}/auth/v1/usergrants/me/_search`,
-          {
-            method: "POST",
-            headers: {
-              "Content-Type": "application/json",
-              Authorization: `Bearer ${tokenString}`
-            }
-          }
-        );
-        const data = await response.json();
-        const userRoles = data.result?.map((grant) => {
-          return (grant.roles || []).map((role) => {
-            return `${grant.projectId}:${role}`;
-          });
-        }) || [];
-        const projectScopedRoles = userRoles.flat();
-        const rolesSet = new Set(projectScopedRoles);
-        if (AUTH_PROJECT_ID) {
-          for (const role of projectScopedRoles) {
-            const [projectId, ...roleNameParts] = role.split(":");
-            const roleName = roleNameParts.join(":");
-            if (projectId === AUTH_PROJECT_ID) {
-              rolesSet.add(roleName);
-            }
-          }
-        }
-        return Array.from(rolesSet);
-      }
-      async function introspectToken(tokenString) {
-        if (!API_PRIVATE_KEY_FILE) {
-          throw new Error("Internal error: API_PRIVATE_KEY_FILE is not set");
-        }
-        const payload = {
-          iss: API_PRIVATE_KEY_FILE.clientId,
-          sub: API_PRIVATE_KEY_FILE.clientId,
-          aud: AUTH_ISSUER,
-          exp: Math.floor(Date.now() / 1e3) + 60 * 60,
-          // Expires in 1 hour
-          iat: Math.floor(Date.now() / 1e3)
-        };
-        const headers = {
-          alg: "RS256",
-          kid: API_PRIVATE_KEY_FILE.keyId
-        };
-        const jwtToken = jwt.sign(payload, API_PRIVATE_KEY_FILE.key, {
-          algorithm: "RS256",
-          header: headers
-        });
-        const scopeSet = /* @__PURE__ */ new Set();
-        scopeSet.add("openid");
-        scopeSet.add("profile");
-        scopeSet.add("email");
-        if (AUTH_PROJECT_ID) {
-          scopeSet.add(
-            `urn:zitadel:iam:org:project:id:${AUTH_PROJECT_ID}:aud`
-          );
-        }
-        const scope = Array.from(scopeSet).join(" ");
-        const body = new URLSearchParams({
-          client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
-          client_assertion: jwtToken,
-          token: tokenString,
-          scope
-        }).toString();
-        try {
-          const response = await fetch(ZITADEL_INTROSPECTION_URL, {
-            method: "POST",
-            headers: { "Content-Type": "application/x-www-form-urlencoded" },
-            body
-          });
-          if (!response.ok) {
-            throw new Error("Network response was not ok");
-          }
-          const tokenData = await response.json();
-          const roles = await getRolesFromToken(tokenString);
-          const state = {
-            ...tokenData,
-            roles
-          };
-          return state;
-        } catch (error) {
-          console.error("Error while introspecting token", error);
-          throw new Error("Token introspection failed");
-        }
-      }
-      let token = void 0;
-      if (ctx.req.header("Authorization")) {
-        const authHeader = ctx.req.header("Authorization");
-        if (authHeader) {
-          const parts = authHeader.split(" ");
-          if (parts.length === 2 && parts[0] === "Bearer") {
-            token = parts[1];
-          }
-        }
-      }
-      if (!token) {
-        const queryToken = ctx.req.query("token");
-        if (queryToken) {
-          token = queryToken;
-        }
-      }
-      if (token) {
-        const auth2 = await introspectToken(token);
-        if (auth2.active) {
-          ctx.set("auth", auth2);
-          Sentry2.setUser({
-            id: auth2.sub,
-            username: auth2.preferred_username,
-            email: auth2.email,
-            details: auth2
-          });
-        }
-      }
-      return next();
-    }
-  );
-  sendFunctionEvent4({
-    name: "authInitialize",
-    duration: 0
-  }).then(() => {
-  });
-  return middleware;
-};
-var authRequire = (checks = {}) => {
-  sendFunctionEvent4({
-    name: "authRequire",
-    duration: 0
-  }).then(() => {
-  });
-  const middleware = async (ctx, next) => {
-    const AUTH_PROJECT_ID = env2(ctx).AUTH_PROJECT_ID;
-    const auth2 = ctx.get("auth");
-    if (!auth2) {
-      throw new HTTPException2(401, {
-        message: "Authentication required"
-      });
-    }
-    if (checks.roles) {
-      const roles = auth2.roles;
-      const hasRole = checks.roles.some((role) => {
-        return roles.includes(role) || roles.includes(`${AUTH_PROJECT_ID}:${role}`);
-      });
-      if (!hasRole) {
-        const resError = new Response("Forbidden", {
-          status: 403,
-          statusText: "Forbidden",
-          headers: {
-            "Missing-Roles": checks.roles.join(","),
-            "Obtained-Roles": roles.join(",")
-          }
-        });
-        throw new HTTPException2(resError.status, { res: resError });
-      }
-    }
-    return next();
-  };
-  sendFunctionEvent4({
-    name: "authRequire",
-    duration: 0
-  }).then(() => {
-  });
-  return middleware;
-};
-var auth = {
-  initialize: authInitialize,
-  require: authRequire
-};
-
 // src/app/index.ts
 import { Hono } from "hono";
 import { logger } from "hono/logger";
 import { sentry } from "@hono/sentry";
+import { except } from "hono/combine";
 var app = new Hono();
 app.use("*", sentry());
 app.use("*", async (c, next) => {
@@ -598,7 +650,7 @@ app.use("*", async (c, next) => {
     });
   });
 });
-app.use("*", logger());
+app.use("*", except(["/__pylon/static/*"], logger()));
 app.use((c, next) => {
   c.req.id = crypto.randomUUID();
   return next();
@@ -633,7 +685,7 @@ import {
   handleStreamOrSingleExecutionResult,
   isOriginalGraphQLError
 } from "@envelop/core";
-import * as Sentry3 from "@sentry/node";
+import * as Sentry2 from "@sentry/node";
 var defaultSkipError = isOriginalGraphQLError;
 var useSentry = (options = {}) => {
   function pick(key, defaultValue) {
@@ -673,7 +725,7 @@ var useSentry = (options = {}) => {
         ...addedTags
       };
       if (options.configureScope) {
-        options.configureScope(args, Sentry3.getCurrentScope());
+        options.configureScope(args, Sentry2.getCurrentScope());
       }
       return {
         onExecuteDone(payload) {
@@ -681,7 +733,7 @@ var useSentry = (options = {}) => {
             result,
             setResult
           }) => {
-            Sentry3.startSpanManual(
+            Sentry2.startSpanManual(
               {
                 op,
                 name: opName,
@@ -696,7 +748,7 @@ var useSentry = (options = {}) => {
                   span.setAttribute("result", JSON.stringify(result));
                 }
                 if (result.errors && result.errors.length > 0) {
-                  Sentry3.withScope((scope) => {
+                  Sentry2.withScope((scope) => {
                     scope.setTransactionName(opName);
                     scope.setTag("operation", operationType);
                     scope.setTag("operationName", opName);
@@ -722,7 +774,7 @@ var useSentry = (options = {}) => {
                           level: "debug"
                         });
                       }
-                      const eventId = Sentry3.captureException(
+                      const eventId = Sentry2.captureException(
                         err.originalError,
                         {
                           fingerprint: [
@@ -760,7 +812,7 @@ var useSentry = (options = {}) => {
 };
 
 // src/app/pylon-handler.ts
-import { readFileSync as readFileSync2 } from "fs";
+import { readFileSync } from "fs";
 import path2 from "path";
 
 // src/plugins/use-viewer.ts
@@ -1055,7 +1107,7 @@ var handler = (options) => {
   if (!typeDefs) {
     const schemaPath = path2.join(process.cwd(), ".pylon", "schema.graphql");
     if (schemaPath) {
-      typeDefs = readFileSync2(schemaPath, "utf-8");
+      typeDefs = readFileSync(schemaPath, "utf-8");
     }
   }
   if (!typeDefs) {
@@ -1134,18 +1186,20 @@ var handler = (options) => {
 };
 
 // src/get-env.ts
-import { sendFunctionEvent as sendFunctionEvent5 } from "@getcronit/pylon-telemetry";
+import { sendFunctionEvent as sendFunctionEvent3 } from "@getcronit/pylon-telemetry";
 function getEnv() {
   const start = Date.now();
   const skipTracing = arguments[0] === true;
   try {
     const context = asyncContext.getStore();
-    return context.env || process.env || {};
+    const ctx = context.env || process.env || {};
+    ctx.NODE_ENV = ctx.NODE_ENV || process.env.NODE_ENV || "development";
+    return ctx;
   } catch {
     return process.env;
   } finally {
     if (!skipTracing) {
-      sendFunctionEvent5({
+      sendFunctionEvent3({
         name: "getEnv",
         duration: Date.now() - start
       }).then(() => {
@@ -1156,17 +1210,660 @@ function getEnv() {
 
 // src/index.ts
 import { createPubSub } from "graphql-yoga";
+
+// src/plugins/use-pages/setup/index.tsx
+import fs2 from "fs";
+import path3 from "path";
+import reactServer from "react-dom/server";
+import { Readable } from "stream";
+
+// src/plugins/use-pages/setup/app-loader.tsx
+import { useMemo } from "react";
+import { jsx } from "react/jsx-runtime";
+var AppLoader = (props) => {
+  props.client.useHydrateCache({ cacheSnapshot: props.pylonData.cacheSnapshot });
+  const data = props.client.useQuery();
+  const page = useMemo(() => {
+    const page2 = /* @__PURE__ */ jsx(
+      props.App,
+      {
+        pageProps: {
+          ...props.pylonData.pageProps,
+          data
+        }
+      }
+    );
+    return page2;
+  }, [props]);
+  return /* @__PURE__ */ jsx(props.Router, { ...props.routerProps, children: page });
+};
+
+// src/plugins/use-pages/setup/index.tsx
+import { trimTrailingSlash } from "hono/trailing-slash";
+import { StaticRouter } from "react-router";
+import sharp from "sharp";
+import { createHash } from "crypto";
+import { tmpdir } from "os";
+import { pipeline } from "stream/promises";
+import { jsx as jsx2 } from "react/jsx-runtime";
+var disableCacheMiddleware = async (c, next) => {
+  if (c.env.NODE_ENV === "development") {
+    c.header(
+      "Cache-Control",
+      "no-store, no-cache, must-revalidate, proxy-revalidate"
+    );
+    c.header("Pragma", "no-cache");
+    c.header("Expires", "0");
+    c.header("Surrogate-Control", "no-store");
+  }
+  return next();
+};
+var setup = (app2) => {
+  const pagesFilePath = path3.resolve(process.cwd(), ".pylon", "pages.json");
+  let pageRoutes = [];
+  try {
+    pageRoutes = JSON.parse(fs2.readFileSync(pagesFilePath, "utf-8"));
+  } catch (error) {
+    console.error("Error reading pages.json", error);
+  }
+  app2.use(trimTrailingSlash());
+  let App = void 0;
+  let client = void 0;
+  app2.on(
+    "GET",
+    pageRoutes.map((pageRoute) => pageRoute.slug),
+    disableCacheMiddleware,
+    async (c) => {
+      if (!App) {
+        const module = await import(`${process.cwd()}/.pylon/__pylon/pages/app.js`);
+        App = module.default;
+      }
+      if (!client) {
+        client = await import(`${process.cwd()}/.pylon/client`);
+      }
+      const pageProps = {
+        params: c.req.param(),
+        searchParams: c.req.query(),
+        path: c.req.path
+      };
+      let cacheSnapshot = void 0;
+      const prepared = await client.prepareReactRender(
+        /* @__PURE__ */ jsx2(
+          AppLoader,
+          {
+            Router: StaticRouter,
+            routerProps: {
+              location: c.req.path
+            },
+            App,
+            client,
+            pylonData: {
+              pageProps,
+              cacheSnapshot: void 0
+            }
+          }
+        )
+      );
+      cacheSnapshot = prepared.cacheSnapshot;
+      const stream = await reactServer.renderToReadableStream(
+        /* @__PURE__ */ jsx2(
+          AppLoader,
+          {
+            Router: StaticRouter,
+            routerProps: {
+              location: c.req.path
+            },
+            App,
+            client,
+            pylonData: {
+              pageProps,
+              cacheSnapshot: prepared.cacheSnapshot
+            }
+          }
+        ),
+        {
+          bootstrapModules: ["/__pylon/static/app.js"],
+          bootstrapScriptContent: `window.__PYLON_DATA__ = ${JSON.stringify({
+            pageProps,
+            cacheSnapshot
+          })}`
+        }
+      );
+      return c.body(stream);
+    }
+  );
+  app2.get("/__pylon/static/*", disableCacheMiddleware, async (c) => {
+    const filePath = path3.resolve(
+      process.cwd(),
+      ".pylon",
+      "__pylon",
+      "static",
+      c.req.path.replace("/__pylon/static/", "")
+    );
+    if (!fs2.existsSync(filePath)) {
+      throw new Error("File not found");
+    }
+    if (filePath.endsWith(".js")) {
+      c.res.headers.set("Content-Type", "text/javascript");
+    } else if (filePath.endsWith(".css")) {
+      c.res.headers.set("Content-Type", "text/css");
+    } else if (filePath.endsWith(".html")) {
+      c.res.headers.set("Content-Type", "text/html");
+    } else if (filePath.endsWith(".json")) {
+      c.res.headers.set("Content-Type", "application/json");
+    } else if (filePath.endsWith(".png")) {
+      c.res.headers.set("Content-Type", "image/png");
+    } else if (filePath.endsWith(".jpg") || filePath.endsWith(".jpeg")) {
+      c.res.headers.set("Content-Type", "image/jpeg");
+    } else if (filePath.endsWith(".gif")) {
+      c.res.headers.set("Content-Type", "image/gif");
+    } else if (filePath.endsWith(".svg")) {
+      c.res.headers.set("Content-Type", "image/svg+xml");
+    } else if (filePath.endsWith(".ico")) {
+      c.res.headers.set("Content-Type", "image/x-icon");
+    }
+    const stream = fs2.createReadStream(filePath);
+    const a = Readable.toWeb(stream);
+    return c.body(a);
+  });
+  app2.get("/__pylon/image", async (c) => {
+    console.log("image optimization route");
+    try {
+      const { src, w, h, q = "75", format = "webp" } = c.req.query();
+      const queryStringHash = createHash("sha256").update(JSON.stringify(c.req.query())).digest("hex");
+      if (!src) {
+        return c.json({ error: "Missing parameters." }, 400);
+      }
+      let imagePath = path3.join(process.cwd(), ".pylon", src);
+      if (src.startsWith("http://") || src.startsWith("https://")) {
+        imagePath = await downloadImage(src);
+      }
+      try {
+        console.log("imagePath", imagePath);
+        await fs2.promises.access(imagePath);
+      } catch {
+        return c.json({ error: "Image not found" }, 404);
+      }
+      const metadata = await sharp(imagePath).metadata();
+      if (!metadata.width || !metadata.height) {
+        return c.json(
+          {
+            error: "Invalid image metadata. Width and height are required for resizing."
+          },
+          400
+        );
+      }
+      const { width: finalWidth, height: finalHeight } = calculateDimensions(
+        metadata.width,
+        metadata.height,
+        w ? parseInt(w) : void 0,
+        h ? parseInt(h) : void 0
+      );
+      const cachePath = path3.join(IMAGE_CACHE_DIR, queryStringHash);
+      let imageFormat = format.toLowerCase();
+      if (!isSupportedFormat(imageFormat)) {
+        throw new Error("Unsupported image format");
+      }
+      const quality = parseInt(q);
+      console.log("quality", quality);
+      const image = await sharp(imagePath).resize(finalWidth, finalHeight).toFormat(imageFormat, {
+        quality
+      }).toFile(cachePath);
+      console.log("image", image);
+      c.res.headers.set("Content-Type", getContentType(image.format));
+      return c.body(
+        Readable.toWeb(fs2.createReadStream(cachePath))
+      );
+    } catch (error) {
+      console.error("Error processing the image:", error);
+      return c.json({ error: "Error processing the image" }, 500);
+    }
+  });
+};
+var IMAGE_CACHE_DIR = path3.join(process.cwd(), ".cache/__pylon/images");
+fs2.promises.mkdir(IMAGE_CACHE_DIR, { recursive: true });
+var calculateDimensions = (originalWidth, originalHeight, width, height) => {
+  if (!width && !height) {
+    return { width: originalWidth, height: originalHeight };
+  }
+  if (width && !height) {
+    height = Math.round(width * originalHeight / originalWidth);
+  } else if (height && !width) {
+    width = Math.round(height * originalWidth / originalHeight);
+  }
+  return { width, height };
+};
+function isSupportedFormat(format) {
+  const supportedFormats = sharp.format;
+  return Object.keys(supportedFormats).includes(format);
+}
+var getContentType = (format) => {
+  switch (format.toLowerCase()) {
+    case "webp":
+      return "image/webp";
+    case "jpeg":
+    case "jpg":
+      return "image/jpeg";
+    case "png":
+      return "image/png";
+    case "gif":
+      return "image/gif";
+    case "svg":
+      return "image/svg+xml";
+    default:
+      return "application/octet-stream";
+  }
+};
+var downloadImage = async (url) => {
+  const response = await fetch(url);
+  if (!response.ok)
+    throw new Error(`Failed to download image: ${response.statusText}`);
+  const ext = path3.extname(new URL(url).pathname) || ".jpg";
+  const tempFilePath = path3.join(tmpdir(), `image-${Date.now()}${ext}`);
+  const fileStream = fs2.createWriteStream(tempFilePath);
+  await pipeline(response.body, fileStream);
+  return tempFilePath;
+};
+
+// src/plugins/use-pages/build/index.ts
+import path7 from "path";
+
+// src/plugins/use-pages/build/app-utils.ts
+import path4 from "path";
+import glob from "tiny-glob";
+function fnv1aHash(str) {
+  let hash = 2166136261;
+  for (let i = 0; i < str.length; i++) {
+    hash ^= str.charCodeAt(i);
+    hash += (hash << 1) + (hash << 4) + (hash << 7) + (hash << 8) + (hash << 24);
+  }
+  return (hash >>> 0).toString(16);
+}
+var APP_DIR = path4.join(process.cwd(), "pages");
+async function getPageRoutes(dir = APP_DIR) {
+  const routes = [];
+  const pagePattern = path4.join(dir, "**/page.{ts,tsx,js}");
+  const layoutPattern = path4.join(dir, "**/layout.tsx");
+  const pageFiles = await glob(pagePattern);
+  const layoutFiles = await glob(layoutPattern);
+  for (const pagePath of pageFiles) {
+    const relativePagePath = path4.relative(APP_DIR, pagePath);
+    let slug = "/" + relativePagePath.replace(/page\.(ts|tsx|js)$/, "").replace(/\[([\w-]+)\]/g, ":$1");
+    slug = slug.replace(/\/$/, "");
+    const layouts = layoutFiles.filter((layout) => {
+      return pagePath.startsWith(layout.replace("layout.tsx", ""));
+    });
+    const layoutsWithoutRootLayout = layouts.slice(1);
+    routes.push({
+      pagePath,
+      slug: slug || "/",
+      layouts: layoutsWithoutRootLayout
+    });
+  }
+  return routes;
+}
+var generateAppFile = (pageRoutes) => {
+  const makePageMap = (routes) => {
+    const pageMap2 = {};
+    for (const route of routes) {
+      pageMap2[route.pagePath] = `Page${fnv1aHash(route.pagePath)}`;
+    }
+    return pageMap2;
+  };
+  const makeLayoutMap = (routes) => {
+    const layoutMap2 = {};
+    for (const route of routes) {
+      for (const layout of route.layouts) {
+        layoutMap2[layout] = `Layout${fnv1aHash(layout)}`;
+      }
+    }
+    return layoutMap2;
+  };
+  const pageMap = makePageMap(pageRoutes);
+  const layoutMap = makeLayoutMap(pageRoutes);
+  const importPages = Object.keys(pageMap).map((pagePath, index) => {
+    const importLocation = `../${pagePath}`.replace(".tsx", ".js");
+    const componentName = pageMap[pagePath];
+    return `const ${componentName} = lazy(() => import('${importLocation}'))
+      `;
+  }).join("\n");
+  const importLayouts = Object.keys(layoutMap).map((layoutPath, index) => {
+    const importLocation = `../${layoutPath}`.replace(".tsx", ".js");
+    const componentName = layoutMap[layoutPath];
+    return `const ${componentName} = lazy(() => import('${importLocation}'))
+      `;
+  }).join("\n");
+  const appComponent = `"use client";
+  import {lazy, Suspense} from 'react'
+  import { Routes, Route } from 'react-router';
+  ${importPages}
+  const RootLayout = lazy(() => import('../pages/layout.js'))
+  ${importLayouts}
+  
+  const App: React.FC<{pageProps: any}> = ({pageProps}) => (
+  <RootLayout>
+      <meta charSet="utf-8" />
+      <meta name="viewport" content="width=device-width, initial-scale=1" />
+      <link rel="stylesheet" href="/__pylon/static/app.css" />
+         <Routes>
+        ${pageRoutes.map((route, index) => {
+    return `<Route key={${index}} index={${index === 0 ? "true" : "false"}} path="${route.slug}" element={
+         <Suspense fallback={<div>...</div>}>
+            ${route.layouts.reduceRight((child, layoutPath, layoutIndex) => {
+      const layoutName = layoutMap[layoutPath];
+      return `<${layoutName}>${child}</${layoutName}>`;
+    }, `<${pageMap[route.pagePath]} {...pageProps} />`)}
+
+         </Suspense>} />`;
+  }).join("\n")}
+    </Routes>
+    </RootLayout>
+  );
+  
+  export default App;
+    `;
+  return appComponent;
+};
+
+// src/plugins/use-pages/build/index.ts
+import chokidar from "chokidar";
+import fs6 from "fs/promises";
+import esbuild from "esbuild";
+
+// src/plugins/use-pages/build/plugins/inject-app-hydration.ts
+import path5 from "path";
+import fs3 from "fs/promises";
+var injectAppHydrationPlugin = {
+  name: "inject-hydration",
+  setup(build2) {
+    build2.onLoad({ filter: /.*/, namespace: "file" }, async (args) => {
+      if (args.path === path5.resolve(process.cwd(), ".pylon", "app.tsx")) {
+        let contents = await fs3.readFile(args.path, "utf-8");
+        const clientPath = path5.resolve(process.cwd(), ".pylon/client");
+        const pathToClient = path5.relative(path5.dirname(args.path), clientPath);
+        contents += `
+          import {hydrateRoot} from 'react-dom/client'
+          import * as client from './${pathToClient}'
+          import {BrowserRouter} from 'react-router'
+          import React, {useMemo} from 'react'
+
+          const pylonData = window.__PYLON_DATA__
+
+          console.log('pylonData', pylonData)
+
+          const AppLoader = (props: {
+            client: any
+            pylonData: {
+              pageProps: Omit<PageProps, 'data'>
+              cacheSnapshot?: any
+            }
+            App: React.FC<{
+              pageProps: PageProps
+            }>
+            Router: React.FC<any>
+            routerProps: any
+          }) => {
+            props.client.useHydrateCache({cacheSnapshot: props.pylonData.cacheSnapshot})
+          
+            const data = props.client.useQuery()
+            const page = useMemo(() => {
+              const page = (
+                <props.App
+                  pageProps={{
+                    ...props.pylonData.pageProps,
+                    data
+                  }}
+                />
+              )
+          
+              return page
+            }, [props])
+          
+            return <props.Router {...props.routerProps}>{page}</props.Router>
+          }
+          
+
+          hydrateRoot(
+          document,
+            <AppLoader Router={BrowserRouter} client={client} pylonData={pylonData} App={App} />
+          )
+          `;
+        return {
+          loader: "tsx",
+          contents
+        };
+      }
+    });
+  }
+};
+
+// src/plugins/use-pages/build/plugins/image-plugin.ts
+import { createHash as createHash2 } from "crypto";
+import path6 from "path";
+import sharp2 from "sharp";
+import fs4 from "fs/promises";
+var imagePlugin = {
+  name: "image-plugin",
+  setup(build2) {
+    const outdir = build2.initialOptions.outdir;
+    const publicPath = build2.initialOptions.publicPath;
+    if (!outdir || !publicPath) {
+      throw new Error("outdir and publicPath must be set in esbuild options");
+    }
+    build2.onResolve({ filter: /\.(png|jpe?g)$/ }, async (args) => {
+      const filePath = path6.resolve(args.resolveDir, args.path);
+      const fileName = path6.basename(filePath);
+      const extname = path6.extname(filePath);
+      const hash = createHash2("md5").update(filePath + await fs4.readFile(filePath)).digest("hex").slice(0, 8);
+      const newFilename = `${fileName}-${hash}${extname}`;
+      const newFilePath = path6.join(outdir, "media", newFilename);
+      await fs4.mkdir(path6.dirname(newFilePath), { recursive: true });
+      await fs4.copyFile(filePath, newFilePath);
+      return {
+        path: newFilePath,
+        namespace: "image"
+      };
+    });
+    build2.onLoad({ filter: /\.png$|\.jpg$/ }, async (args) => {
+      const image = sharp2(args.path);
+      const metadata = await image.metadata();
+      const url = `${publicPath}/media/${path6.basename(args.path)}`;
+      const searchParams = new URLSearchParams({});
+      if (metadata.width) {
+        searchParams.set("w", metadata.width.toString());
+      }
+      if (metadata.height) {
+        searchParams.set("h", metadata.height.toString());
+      }
+      const output = image.resize({
+        width: Math.min(metadata.width ?? 16, 16),
+        height: Math.min(metadata.height ?? 16, 16),
+        fit: "inside"
+      }).toFormat("webp", {
+        quality: 20,
+        alphaQuality: 20,
+        smartSubsample: true
+      });
+      const { data, info } = await output.toBuffer({ resolveWithObject: true });
+      const dataURIBase64 = `data:image/${info.format};base64,${data.toString(
+        "base64"
+      )}`;
+      if (dataURIBase64) {
+        searchParams.set("blurDataURL", dataURIBase64);
+      }
+      return {
+        contents: `${url}?${searchParams.toString()}`,
+        loader: "text"
+      };
+    });
+  }
+};
+
+// src/plugins/use-pages/build/plugins/postcss-plugin.ts
+import fs5 from "fs/promises";
+import loadConfig from "postcss-load-config";
+import postcss from "postcss";
+var postcssPlugin = {
+  name: "postcss-plugin",
+  setup(build2) {
+    build2.onLoad({ filter: /.css$/, namespace: "file" }, async (args) => {
+      const { plugins, options } = await loadConfig();
+      const css = await fs5.readFile(args.path, "utf-8");
+      const result = await postcss(plugins).process(css, {
+        ...options,
+        from: args.path
+      }).then((result2) => result2);
+      return {
+        contents: result.css,
+        loader: "css"
+      };
+    });
+  }
+};
+
+// src/plugins/use-pages/build/index.ts
+var DIST_STATIC_DIR = path7.join(process.cwd(), ".pylon/__pylon/static");
+var DIST_PAGES_DIR = path7.join(process.cwd(), ".pylon/__pylon/pages");
+async function updateFileIfChanged(path8, newContent) {
+  try {
+    const currentContent = await fs6.readFile(path8, "utf8");
+    if (currentContent === newContent) {
+      return false;
+    }
+  } catch (err) {
+    if (err.code !== "ENOENT") throw err;
+  }
+  await fs6.writeFile(path8, newContent, "utf8");
+  return true;
+}
+var build = async () => {
+  const buildAppFile = async () => {
+    const pagesRoutes = await getPageRoutes();
+    const appContent = generateAppFile(pagesRoutes);
+    const appFilePath = path7.resolve(process.cwd(), ".pylon", "app.tsx");
+    const state = await updateFileIfChanged(appFilePath, appContent);
+    if (state) {
+      console.log("Updated app file");
+    }
+  };
+  const writeOnEndPlugin = {
+    name: "write-on-end",
+    setup(build2) {
+      build2.onEnd(async (result) => {
+        result.outputFiles?.forEach(async (file) => {
+          await fs6.mkdir(path7.dirname(file.path), { recursive: true });
+          await updateFileIfChanged(file.path, file.text);
+        });
+      });
+    }
+  };
+  let pagesWatcher = null;
+  const clientCtx = await esbuild.context({
+    write: false,
+    metafile: true,
+    absWorkingDir: process.cwd(),
+    plugins: [
+      injectAppHydrationPlugin,
+      imagePlugin,
+      postcssPlugin,
+      writeOnEndPlugin
+    ],
+    publicPath: "/__pylon/static",
+    assetNames: "assets/[name]-[hash]",
+    chunkNames: "chunks/[name]-[hash]",
+    format: "esm",
+    platform: "browser",
+    entryPoints: [".pylon/app.tsx"],
+    outdir: DIST_STATIC_DIR,
+    bundle: true,
+    splitting: true,
+    minify: false,
+    loader: {
+      // Map file extensions to the file loader
+      ".svg": "file",
+      ".woff": "file",
+      ".woff2": "file"
+    },
+    define: {
+      "process.env.NODE_ENV": '"production"'
+    },
+    mainFields: ["browser", "module", "main"]
+  });
+  const serverCtx = await esbuild.context({
+    write: false,
+    absWorkingDir: process.cwd(),
+    plugins: [imagePlugin, postcssPlugin, writeOnEndPlugin],
+    publicPath: "/__pylon/static",
+    assetNames: "assets/[name]-[hash]",
+    chunkNames: "chunks/[name]-[hash]",
+    format: "esm",
+    platform: "node",
+    entryPoints: [".pylon/app.tsx"],
+    outdir: DIST_PAGES_DIR,
+    bundle: true,
+    packages: "external",
+    splitting: false,
+    minify: false,
+    loader: {
+      // Map file extensions to the file loader
+      ".svg": "file",
+      ".woff": "file",
+      ".woff2": "file"
+    }
+  });
+  return {
+    watch: async () => {
+      console.log("Watching pages directory...");
+      pagesWatcher = chokidar.watch("pages", { ignoreInitial: false });
+      pagesWatcher.on("all", (event, path8) => {
+        if (["add", "change", "unlink"].includes(event)) {
+          buildAppFile();
+        }
+      });
+      await Promise.all([clientCtx.watch(), serverCtx.watch()]);
+    },
+    dispose: async () => {
+      console.log("Disposing pages");
+      if (pagesWatcher) {
+        pagesWatcher.close();
+      }
+      Promise.all([clientCtx.dispose(), serverCtx.dispose()]);
+    },
+    rebuild: async () => {
+      console.log("Rebuilding pages");
+      await buildAppFile();
+      await Promise.all([clientCtx.rebuild(), serverCtx.rebuild()]);
+      return {};
+    },
+    cancel: async () => {
+      if (pagesWatcher) {
+        await pagesWatcher.close();
+      }
+      await Promise.all([clientCtx.cancel(), serverCtx.cancel()]);
+    }
+  };
+};
+
+// src/plugins/use-pages/index.ts
+function usePages() {
+  return {
+    setup,
+    build
+  };
+}
 export {
   ServiceError,
   app,
   asyncContext,
-  auth,
+  authMiddleware,
   createDecorator,
   createPubSub as experimentalCreatePubSub,
   getContext,
   getEnv,
   handler,
   requireAuth,
-  setContext
+  setContext,
+  useAuth,
+  usePages
 };
 //# sourceMappingURL=index.js.map