@h3ravel/session 0.1.0-alpha.1

package/dist/index.js

@@ -0,0 +1,1391 @@
+import { ServiceProvider, safeDot, setNested } from "@h3ravel/support";
+import { DB } from "@h3ravel/database";
+import crypto$1, { createHash, createHmac, randomBytes } from "crypto";
+import { ConfigException } from "@h3ravel/foundation";
+import { IHttpContext, ISessionDriver, ISessionManager } from "@h3ravel/contracts";
+import { existsSync, mkdirSync, readFileSync, rmSync, writeFileSync } from "fs";
+import path from "path";
+import { Command } from "@h3ravel/musket";
+
+//#region src/Encryption.ts
+var Encryption = class {
+	key;
+	constructor() {
+		const appKey = process.env.APP_KEY;
+		if (!appKey) throw new ConfigException("APP_KEY not set in env");
+		this.key = createHash("sha256").update(Buffer.from(appKey, "base64")).digest();
+	}
+	/**
+	* Encrypt session data using AES-256-CBC and the APP_KEY.
+	*/
+	encrypt(value) {
+		value = typeof value === "string" ? value : JSON.stringify(value);
+		const iv = crypto$1.randomBytes(16);
+		const cipher = crypto$1.createCipheriv("aes-256-cbc", this.key, iv);
+		const encrypted = Buffer.concat([cipher.update(value, "utf8"), cipher.final()]);
+		return iv.toString("hex") + ":" + encrypted.toString("hex");
+	}
+	/**
+	* Decrypt session data.
+	*/
+	decrypt(value) {
+		const [ivHex, encryptedHex] = value.split(":");
+		const iv = Buffer.from(ivHex, "hex");
+		const encrypted = Buffer.from(encryptedHex, "hex");
+		const decipher = crypto$1.createDecipheriv("aes-256-cbc", this.key, iv);
+		const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]).toString("utf8");
+		try {
+			return JSON.parse(decrypted);
+		} catch {
+			return decrypted;
+		}
+	}
+};
+
+//#endregion
+//#region src/FlashBag.ts
+/**
+* FlashBag
+* 
+* Manages flash data for session management, handling temporary data 
+* that persists for one request cycle.
+*/
+var FlashBag = class {
+	/**
+	* Storage for flash data
+	* 
+	* Structure:
+	* {
+	*   new: { key1: value1, key2: value2 },
+	*   old: { key3: value3, key4: value4 }
+	* }
+	*/
+	flashData = {
+		new: {},
+		old: {}
+	};
+	/**
+	* Flash a value for the next request
+	* 
+	* @param key Key to store in flash
+	* @param value Value to be flashed
+	*/
+	flash(key, value) {
+		this.flashData.new[key] = value;
+	}
+	/**
+	* Store a temporary value for the current request only
+	* 
+	* @param key Key to store
+	* @param value Value to store
+	*/
+	now(key, value) {
+		this.flashData.new[key] = value;
+	}
+	/**
+	* Reflash all current flash data for another request cycle
+	*/
+	reflash() {
+		this.flashData.old = { ...this.flashData.new };
+	}
+	/**
+	* Keep only specific flash keys for the next request
+	* 
+	* @param keys Keys to keep
+	*/
+	keep(keys) {
+		const keptNew = {};
+		const keptOld = {};
+		keys.forEach((key) => {
+			if (this.flashData.new[key] !== void 0) keptNew[key] = this.flashData.new[key];
+			if (this.flashData.old[key] !== void 0) keptOld[key] = this.flashData.old[key];
+		});
+		this.flashData.new = keptNew;
+		this.flashData.old = keptOld;
+	}
+	/**
+	* Age flash data at the end of the request
+	* 
+	* - Removes old flash data
+	* - Moves new flash data to old
+	* - Clears new flash data
+	*/
+	ageFlashData() {
+		this.flashData.old = {};
+		this.flashData.old = { ...this.flashData.new };
+		this.flashData.new = {};
+	}
+	/**
+	* Get a flash value
+	* 
+	* @param key Key to retrieve
+	* @param defaultValue Default value if key doesn't exist
+	* @returns Flash value or default
+	*/
+	get(key, defaultValue) {
+		return this.flashData.new[key] ?? this.flashData.old[key] ?? defaultValue;
+	}
+	/**
+	* Check if a flash key exists
+	* 
+	* @param key Key to check
+	* @returns Boolean indicating existence
+	*/
+	has(key) {
+		return key in this.flashData.new || key in this.flashData.old;
+	}
+	/**
+	* Get all flash data
+	* 
+	* @returns Combined flash data
+	*/
+	all() {
+		return {
+			...this.flashData.old,
+			...this.flashData.new
+		};
+	}
+	/**
+	* Get all flash data keys
+	* 
+	* @returns Combined flash data
+	*/
+	keys() {
+		return Object.keys({
+			...this.flashData.old,
+			...this.flashData.new
+		});
+	}
+	/**
+	* Get the raww flash data
+	* 
+	* @returns raw flash data
+	*/
+	raw() {
+		return this.flashData;
+	}
+	/**
+	* Clear all flash data
+	*/
+	clear() {
+		this.flashData.new = {};
+		this.flashData.old = {};
+	}
+};
+
+//#endregion
+//#region src/drivers/Driver.ts
+/**
+* Driver
+*
+* Base Session driver.
+*/
+var Driver = class extends ISessionDriver {
+	encryptor = new Encryption();
+	sessionId;
+	flashBag = new FlashBag();
+	/**
+	* Save the raw session payload (session + flash)
+	*/
+	saveRawPayload() {
+		this.savePayload(Object.assign({}, this.fetchPayload(), { _flash: this.flashBag.raw() }));
+	}
+	/**
+	* Retrieve all data from the session including flash
+	* 
+	* @returns 
+	*/
+	getAll() {
+		const payload = this.fetchPayload();
+		const flash = payload._flash ?? {
+			old: {},
+			new: {}
+		};
+		return {
+			...payload,
+			...flash.old,
+			...flash.new
+		};
+	}
+	/**
+	* Retrieve a value from the session
+	* 
+	* @param key 
+	* @param defaultValue 
+	* @returns 
+	*/
+	get(key, defaultValue) {
+		return safeDot(this.getAll(), key) || defaultValue;
+	}
+	/** 
+	* Store a value in the session
+	* 
+	* @param key 
+	* @param value 
+	*/
+	set(value) {
+		const payload = this.fetchPayload();
+		Object.assign(payload, value);
+		return this.savePayload(payload);
+	}
+	/** 
+	* Store multiple key/value pairs
+	* 
+	* @param values 
+	*/
+	put(key, value) {
+		const payload = this.fetchPayload();
+		setNested(payload, key, value);
+		return this.savePayload(payload);
+	}
+	/** 
+	* Append a value to an array key
+	* 
+	* @param key 
+	* @param value 
+	*/
+	push(key, value) {
+		const payload = this.fetchPayload();
+		if (!Array.isArray(payload[key])) payload[key] = [];
+		payload[key].push(value);
+		return this.savePayload(payload);
+	}
+	/** 
+	* Remove a key from the session
+	* 
+	* @param key 
+	*/
+	forget(key) {
+		const payload = this.fetchPayload();
+		delete payload[key];
+		return this.savePayload(payload);
+	}
+	/** 
+	* Retrieve all session data
+	* 
+	* @returns 
+	*/
+	all() {
+		return this.fetchPayload();
+	}
+	/** 
+	* Determine if a key exists (even if null).
+	* 
+	* @param key 
+	* @returns 
+	*/
+	exists(key) {
+		const data = this.getAll();
+		return Object.prototype.hasOwnProperty.call(data, key);
+	}
+	/** 
+	* Determine if a key has a non-null value.
+	* 
+	* @param key 
+	* @returns 
+	*/
+	has(key) {
+		const data = this.getAll();
+		return data[key] !== void 0 && data[key] !== null;
+	}
+	/**
+	* Get only specific keys.
+	* 
+	* @param keys 
+	* @returns 
+	*/
+	only(keys) {
+		const data = this.fetchPayload();
+		const result = {};
+		keys.forEach((k) => {
+			if (k in data) result[k] = data[k];
+		});
+		return result;
+	}
+	/**
+	* Return all keys except the specified ones.
+	* 
+	* @param keys 
+	* @returns 
+	*/
+	except(keys) {
+		const data = this.fetchPayload();
+		keys.forEach((k) => delete data[k]);
+		return data;
+	}
+	/**
+	* Return and delete a key from the session.
+	* 
+	* @param key 
+	* @param defaultValue 
+	* @returns 
+	*/
+	pull(key, defaultValue = null) {
+		const data = this.fetchPayload();
+		const value = data[key] ?? defaultValue;
+		delete data[key];
+		this.savePayload(data);
+		return value;
+	}
+	/**
+	* Increment a numeric value by amount (default 1).
+	* 
+	* @param key 
+	* @param amount 
+	* @returns 
+	*/
+	increment(key, amount = 1) {
+		const data = this.fetchPayload();
+		const newVal = (parseFloat(data[key]) || 0) + amount;
+		data[key] = newVal;
+		this.savePayload(data);
+		return newVal;
+	}
+	/**
+	* Decrement a numeric value by amount (default 1).
+	* 
+	* @param key 
+	* @param amount 
+	* @returns 
+	*/
+	decrement(key, amount = 1) {
+		return this.increment(key, -amount);
+	}
+	/**
+	* Flash a value for next request only.
+	* 
+	* @param key 
+	* @param value 
+	*/
+	flash(key, value) {
+		this.flashBag.flash(key, value);
+		this.saveRawPayload();
+	}
+	/**
+	* Reflash all flash data for one more cycle.
+	* 
+	* @returns 
+	*/
+	reflash() {
+		this.flashBag.reflash();
+		this.saveRawPayload();
+	}
+	/**
+	* Keep only selected flash data.
+	* 
+	* @param keys 
+	* @returns 
+	*/
+	keep(keys) {
+		this.flashBag.keep(keys);
+		this.saveRawPayload();
+	}
+	/**
+	* Store a temporary value (flash) for this request only (not persisted)
+	* 
+	* @param key 
+	* @param value 
+	*/
+	now(key, value) {
+		this.flashBag.now(key, value);
+		this.saveRawPayload();
+	}
+	/**
+	* Regenerate session ID and persist data under new ID.
+	*/
+	regenerate() {
+		const oldData = this.fetchPayload();
+		this.sessionId = crypto.randomUUID();
+		this.savePayload(oldData);
+	}
+	/**
+	* Age flash data at the end of the request lifecycle.
+	*/
+	ageFlashData() {
+		const data = this.flashBag.ageFlashData();
+		this.saveRawPayload();
+		return data;
+	}
+	/** 
+	* Determine if an item is not present in the session. 
+	* 
+	* @param key 
+	* @returns 
+	*/
+	missing(key) {
+		return !this.exists(key);
+	}
+	/** 
+	* Flush all session data
+	*/
+	flush() {
+		return this.savePayload({});
+	}
+};
+
+//#endregion
+//#region src/drivers/DatabaseDriver.ts
+/**
+* DatabaseDriver
+*
+* Stores sessions in a database table. Each session ID maps to a row.
+* The `payload` column contains all session key/value pairs as JSON.
+*/
+var DatabaseDriver = class extends Driver {
+	/**
+	* 
+	* @param sessionId The current session ID
+	* @param table 
+	*/
+	constructor(sessionId, table = "sessions") {
+		super();
+		this.sessionId = sessionId;
+		this.table = table;
+	}
+	/**
+	* Get the query builder for this table
+	*/
+	query() {
+		return DB.table(this.table).where("id", this.sessionId);
+	}
+	/**
+	* Fetch the session payload
+	*/
+	async fetchPayload() {
+		const row = await this.query().first();
+		if (!row) return {};
+		try {
+			const decrypted = this.encryptor.decrypt(row.payload);
+			return typeof decrypted === "string" ? JSON.parse(decrypted) : decrypted;
+		} catch {
+			return {};
+		}
+	}
+	/**
+	* Save the session payload back to DB
+	*/
+	async savePayload(payload) {
+		const now = Math.floor(Date.now() / 1e3);
+		const exists = await this.query().exists();
+		const encrypted = this.encryptor.encrypt(JSON.stringify(payload));
+		if (exists) await this.query().update({
+			payload: encrypted,
+			last_activity: now
+		});
+		else await DB.table(this.table).insert({
+			id: this.sessionId,
+			payload: encrypted,
+			last_activity: now
+		});
+	}
+	/**
+	* Retrieve all data from the session including flash
+	*/
+	async getAll() {
+		const payload = await this.fetchPayload();
+		const flash = payload._flash ?? {
+			old: {},
+			new: {}
+		};
+		return {
+			...payload,
+			...flash.old,
+			...flash.new
+		};
+	}
+	/**
+	* Get a value from the session
+	*/
+	async get(key, defaultValue) {
+		return safeDot(await this.getAll(), key) || defaultValue;
+	}
+	/**
+	* Set one or multiple session values
+	*/
+	async set(values) {
+		const payload = await this.fetchPayload();
+		Object.assign(payload, values);
+		await this.savePayload(payload);
+	}
+	/**
+	* Store a single key/value pair
+	*/
+	async put(key, value) {
+		const payload = await this.fetchPayload();
+		setNested(payload, key, value);
+		await this.savePayload(payload);
+	}
+	/**
+	* Append a value to an array key
+	*/
+	async push(key, value) {
+		const payload = await this.fetchPayload();
+		if (!Array.isArray(payload[key])) payload[key] = [];
+		payload[key].push(value);
+		await this.savePayload(payload);
+	}
+	/**
+	* Forget a session key
+	*/
+	async forget(key) {
+		const payload = await this.fetchPayload();
+		delete payload[key];
+		await this.savePayload(payload);
+	}
+	/**
+	* Retrieve all session data (excluding flash)
+	*/
+	async all() {
+		return this.fetchPayload();
+	}
+	/**
+	* Determine if a key exists (even if null)
+	*/
+	async exists(key) {
+		const data = await this.getAll();
+		return Object.prototype.hasOwnProperty.call(data, key);
+	}
+	/**
+	* Determine if a key has a non-null value
+	*/
+	async has(key) {
+		const data = await this.getAll();
+		return data[key] !== void 0 && data[key] !== null;
+	}
+	/**
+	* Get only specific keys
+	*/
+	async only(keys) {
+		const data = await this.fetchPayload();
+		const result = {};
+		keys.forEach((k) => {
+			if (k in data) result[k] = data[k];
+		});
+		return result;
+	}
+	/**
+	* Return all except specific keys
+	*/
+	async except(keys) {
+		const data = await this.fetchPayload();
+		keys.forEach((k) => delete data[k]);
+		return data;
+	}
+	/**
+	* Retrieve and delete a value
+	*/
+	async pull(key, defaultValue = null) {
+		const data = await this.fetchPayload();
+		const value = data[key] ?? defaultValue;
+		delete data[key];
+		await this.savePayload(data);
+		return value;
+	}
+	/**
+	* Increment a numeric value
+	*/
+	async increment(key, amount = 1) {
+		const data = await this.fetchPayload();
+		const newVal = (parseFloat(data[key]) || 0) + amount;
+		data[key] = newVal;
+		await this.savePayload(data);
+		return newVal;
+	}
+	/**
+	* Decrement a numeric value
+	*/
+	async decrement(key, amount = 1) {
+		return this.increment(key, -amount);
+	}
+	/**
+	* Flash a value for next request only
+	*/
+	async flash(key, value) {
+		this.flashBag.flash(key, value);
+	}
+	/**
+	* Reflash all flash data for one more cycle
+	*/
+	async reflash() {
+		this.flashBag.reflash();
+	}
+	/**
+	* Keep only specific flash keys
+	*/
+	async keep(keys) {
+		this.flashBag.keep(keys);
+	}
+	/**
+	* Store a temporary value (flash) for this request only (not persisted)
+	*/
+	async now(key, value) {
+		this.flashBag.now(key, value);
+	}
+	/**
+	* Regenerate session ID with same data
+	*/
+	async regenerate() {
+		const oldData = await this.fetchPayload();
+		this.sessionId = crypto.randomUUID();
+		await this.savePayload(oldData);
+	}
+	/**
+	* Check if a key is missing
+	*/
+	async missing(key) {
+		return !await this.exists(key);
+	}
+	/**
+	* Flush all session data
+	*/
+	async flush() {
+		await this.savePayload({});
+	}
+	/**
+	* Invalidate the session and regenerate
+	*/
+	async invalidate() {
+		await DB.table(this.table).where("id", this.sessionId).delete();
+		this.sessionId = crypto.randomUUID();
+		this.flashBag = new FlashBag();
+		await this.savePayload({});
+	}
+	/**
+	* Age flash data at the end of the request lifecycle.
+	*/
+	async ageFlashData() {
+		this.flashBag.ageFlashData();
+	}
+};
+
+//#endregion
+//#region src/drivers/FileDriver.ts
+/**
+* FileDriver
+*
+* Stores session data as encrypted JSON files.
+* Each session is stored in its own file named after the session ID.
+* Ideal for local development or low-scale deployments.
+*/
+var FileDriver = class extends Driver {
+	constructor(sessionId, sessionDir = path.resolve(".sessions"), cwd = process.cwd()) {
+		super();
+		this.sessionId = sessionId;
+		this.sessionDir = sessionDir;
+		this.cwd = cwd;
+		this.sessionDir = path.join(this.cwd, sessionDir);
+		this.sessionId = sessionId;
+		if (!existsSync(this.sessionDir)) mkdirSync(this.sessionDir, { recursive: true });
+		this.ensureSessionFile();
+	}
+	/**
+	* Ensures the session file exists and is initialized.
+	*/
+	ensureSessionFile() {
+		if (!existsSync(this.sessionFilePath())) this.savePayload({});
+	}
+	/**
+	* Get the absolute path for the current session file.
+	*/
+	sessionFilePath() {
+		return path.join(this.sessionDir, this.sessionId);
+	}
+	/**
+	* Read raw decrypted payload (including _flash).
+	*/
+	readRawPayload() {
+		const file = this.sessionFilePath();
+		if (!existsSync(file)) return {};
+		const content = readFileSync(file, "utf8");
+		try {
+			return this.encryptor.decrypt(content);
+		} catch {
+			return {};
+		}
+	}
+	/**
+	* Fetch decrypted payload and strip out flash metadata.
+	*/
+	fetchPayload() {
+		return this.readRawPayload();
+	}
+	/**
+	* Write and encrypt session data to file.
+	* Always persists flash state.
+	*
+	* @param data 
+	*/
+	savePayload(payload) {
+		writeFileSync(this.sessionFilePath(), this.encryptor.encrypt(payload), "utf8");
+	}
+	/**
+	* Completely invalidate the current session and regenerate a new one.
+	*/
+	invalidate() {
+		const file = this.sessionFilePath();
+		if (existsSync(file)) rmSync(file, { recursive: true });
+		this.sessionId = crypto.randomUUID();
+		this.flashBag = new FlashBag();
+		this.savePayload({});
+	}
+};
+
+//#endregion
+//#region src/drivers/MemoryDriver.ts
+/**
+* MemoryDriver
+*
+* Lightweight, ephemeral session storage.
+* Intended for tests, local development, or short-lived apps.
+*/
+var MemoryDriver = class MemoryDriver extends Driver {
+	static store = {};
+	constructor(sessionId) {
+		super();
+		this.sessionId = sessionId;
+		this.sessionId = sessionId;
+		if (!MemoryDriver.store[this.sessionId]) MemoryDriver.store[this.sessionId] = {};
+	}
+	/**
+	* Fetch and return session payload.
+	* 
+	* @returns Decrypted and usable payload
+	*/
+	fetchPayload() {
+		return { ...MemoryDriver.store[this.sessionId] };
+	}
+	/**
+	* Persist session payload and flash bag state.
+	* 
+	* @param data 
+	*/
+	savePayload(payload) {
+		MemoryDriver.store[this.sessionId] = { ...payload };
+	}
+	/**
+	* Invalidate current session and regenerate new session ID.
+	*/
+	invalidate() {
+		delete MemoryDriver.store[this.sessionId];
+		this.sessionId = crypto$1.randomUUID();
+		this.flashBag = new FlashBag();
+		this.savePayload({});
+	}
+};
+
+//#endregion
+//#region src/drivers/RedisDriver.ts
+/**
+* RedisDriver (placeholder)
+*/
+var RedisDriver = class extends Driver {
+	static store = {};
+	constructor(sessionId, redisClient, prefix) {
+		super();
+		this.sessionId = sessionId;
+		this.redisClient = redisClient;
+		this.prefix = prefix;
+	}
+	/**
+	* Fetch and return session payload.
+	* 
+	* @returns Decrypted and usable payload
+	*/
+	fetchPayload() {
+		return {};
+	}
+	/**
+	* Persist session payload and flash bag state.
+	* 
+	* @param data 
+	*/
+	savePayload(_payload) {}
+	/**
+	* Invalidate current session and regenerate new session ID.
+	*/
+	invalidate() {
+		this.flashBag = new FlashBag();
+		this.savePayload({});
+	}
+};
+
+//#endregion
+//#region src/adapters.ts
+/**
+* FileDriver builder
+* constructor(sessionId: string, sessionDir?: string, cwd?: string)
+*/
+const fileBuilder = (sessionId, options = {}) => {
+	return new FileDriver(sessionId, options.sessionDir ?? options.dir ?? "./storage/sessions", options.cwd ?? process.cwd());
+};
+/**
+* DatabaseDriver builder
+* constructor(sessionId: string, table?: string)
+*/
+const dbBuilder = (sessionId, options = {}) => {
+	const table = options.table ?? "sessions";
+	return new DatabaseDriver(options.sessionId ?? sessionId, table);
+};
+/**
+* MemoryDriver builder
+* constructor(sessionId: string)
+*/
+const memoryBuilder = (sessionId) => {
+	return new MemoryDriver(sessionId);
+};
+/**
+* RedisDriver builder
+* constructor(sessionId: string, redisClient?: RedisClient, prefix?: string)
+*/
+const redisBuilder = (sessionId, options = {}) => {
+	const client = options.client;
+	return new RedisDriver(sessionId, client, options.prefix ?? "h3ravel:sessions:");
+};
+
+//#endregion
+//#region src/Commands/MakeSessionTableCommand.ts
+var MakeSessionTableCommand = class extends Command {
+	/**
+	* The name and signature of the console command.
+	*
+	* @var string
+	*/
+	signature = "make:session-table";
+	/**
+	* The console command description.
+	*
+	* @var string
+	*/
+	description = "Create a migration for the session database table";
+	async handle() {
+		await DB.instance().schema.hasTable("sessions").then(async function(exists) {
+			if (!exists) return DB.instance().schema.createTable("sessions", (table) => {
+				table.string("id", 255).primary();
+				table.bigInteger("user_id").nullable().index();
+				table.string("ip_address", 45).nullable();
+				table.text("user_agent").nullable();
+				table.text("payload", "longtext").nullable();
+				table.integer("last_activity").index();
+			});
+		});
+		this.info("INFO: session table created successfully.");
+	}
+};
+
+//#endregion
+//#region ../../node_modules/.pnpm/h3@2.0.1-rc.5/node_modules/h3/dist/h3.mjs
+const kEventNS = "h3.internal.event.";
+const kEventRes = /* @__PURE__ */ Symbol.for(`${kEventNS}res`);
+const kEventResHeaders = /* @__PURE__ */ Symbol.for(`${kEventNS}res.headers`);
+function parse(str, options) {
+	if (typeof str !== "string") throw new TypeError("argument str must be a string");
+	const obj = {};
+	const opt = options || {};
+	const dec = opt.decode || decode;
+	let index = 0;
+	while (index < str.length) {
+		const eqIdx = str.indexOf("=", index);
+		if (eqIdx === -1) break;
+		let endIdx = str.indexOf(";", index);
+		if (endIdx === -1) endIdx = str.length;
+		else if (endIdx < eqIdx) {
+			index = str.lastIndexOf(";", eqIdx - 1) + 1;
+			continue;
+		}
+		const key = str.slice(index, eqIdx).trim();
+		if (opt?.filter && !opt?.filter(key)) {
+			index = endIdx + 1;
+			continue;
+		}
+		if (void 0 === obj[key]) {
+			let val = str.slice(eqIdx + 1, endIdx).trim();
+			if (val.codePointAt(0) === 34) val = val.slice(1, -1);
+			obj[key] = tryDecode(val, dec);
+		}
+		index = endIdx + 1;
+	}
+	return obj;
+}
+function decode(str) {
+	return str.includes("%") ? decodeURIComponent(str) : str;
+}
+function tryDecode(str, decode2) {
+	try {
+		return decode2(str);
+	} catch {
+		return str;
+	}
+}
+const fieldContentRegExp = /^[\u0009\u0020-\u007E\u0080-\u00FF]+$/;
+function serialize(name, value, options) {
+	const opt = options || {};
+	const enc = opt.encode || encodeURIComponent;
+	if (typeof enc !== "function") throw new TypeError("option encode is invalid");
+	if (!fieldContentRegExp.test(name)) throw new TypeError("argument name is invalid");
+	const encodedValue = enc(value);
+	if (encodedValue && !fieldContentRegExp.test(encodedValue)) throw new TypeError("argument val is invalid");
+	let str = name + "=" + encodedValue;
+	if (void 0 !== opt.maxAge && opt.maxAge !== null) {
+		const maxAge = opt.maxAge - 0;
+		if (Number.isNaN(maxAge) || !Number.isFinite(maxAge)) throw new TypeError("option maxAge is invalid");
+		str += "; Max-Age=" + Math.floor(maxAge);
+	}
+	if (opt.domain) {
+		if (!fieldContentRegExp.test(opt.domain)) throw new TypeError("option domain is invalid");
+		str += "; Domain=" + opt.domain;
+	}
+	if (opt.path) {
+		if (!fieldContentRegExp.test(opt.path)) throw new TypeError("option path is invalid");
+		str += "; Path=" + opt.path;
+	}
+	if (opt.expires) {
+		if (!isDate(opt.expires) || Number.isNaN(opt.expires.valueOf())) throw new TypeError("option expires is invalid");
+		str += "; Expires=" + opt.expires.toUTCString();
+	}
+	if (opt.httpOnly) str += "; HttpOnly";
+	if (opt.secure) str += "; Secure";
+	if (opt.priority) switch (typeof opt.priority === "string" ? opt.priority.toLowerCase() : opt.priority) {
+		case "low":
+			str += "; Priority=Low";
+			break;
+		case "medium":
+			str += "; Priority=Medium";
+			break;
+		case "high":
+			str += "; Priority=High";
+			break;
+		default: throw new TypeError("option priority is invalid");
+	}
+	if (opt.sameSite) switch (typeof opt.sameSite === "string" ? opt.sameSite.toLowerCase() : opt.sameSite) {
+		case true:
+			str += "; SameSite=Strict";
+			break;
+		case "lax":
+			str += "; SameSite=Lax";
+			break;
+		case "strict":
+			str += "; SameSite=Strict";
+			break;
+		case "none":
+			str += "; SameSite=None";
+			break;
+		default: throw new TypeError("option sameSite is invalid");
+	}
+	if (opt.partitioned) str += "; Partitioned";
+	return str;
+}
+function isDate(val) {
+	return Object.prototype.toString.call(val) === "[object Date]" || val instanceof Date;
+}
+function parseSetCookie(setCookieValue, options) {
+	const parts = (setCookieValue || "").split(";").filter((str) => typeof str === "string" && !!str.trim());
+	const parsed = _parseNameValuePair(parts.shift() || "");
+	const name = parsed.name;
+	let value = parsed.value;
+	try {
+		value = options?.decode === false ? value : (options?.decode || decodeURIComponent)(value);
+	} catch {}
+	const cookie = {
+		name,
+		value
+	};
+	for (const part of parts) {
+		const sides = part.split("=");
+		const partKey = (sides.shift() || "").trimStart().toLowerCase();
+		const partValue = sides.join("=");
+		switch (partKey) {
+			case "expires":
+				cookie.expires = new Date(partValue);
+				break;
+			case "max-age":
+				cookie.maxAge = Number.parseInt(partValue, 10);
+				break;
+			case "secure":
+				cookie.secure = true;
+				break;
+			case "httponly":
+				cookie.httpOnly = true;
+				break;
+			case "samesite":
+				cookie.sameSite = partValue;
+				break;
+			default: cookie[partKey] = partValue;
+		}
+	}
+	return cookie;
+}
+function _parseNameValuePair(nameValuePairStr) {
+	let name = "";
+	let value = "";
+	const nameValueArr = nameValuePairStr.split("=");
+	if (nameValueArr.length > 1) {
+		name = nameValueArr.shift();
+		value = nameValueArr.join("=");
+	} else value = nameValuePairStr;
+	return {
+		name,
+		value
+	};
+}
+function parseCookies(event) {
+	return parse(event.req.headers.get("cookie") || "");
+}
+function getCookie(event, name) {
+	return parseCookies(event)[name];
+}
+function setCookie(event, name, value, options) {
+	const newCookie = serialize(name, value, {
+		path: "/",
+		...options
+	});
+	const currentCookies = event.res.headers.getSetCookie();
+	if (currentCookies.length === 0) {
+		event.res.headers.set("set-cookie", newCookie);
+		return;
+	}
+	const newCookieKey = _getDistinctCookieKey(name, options || {});
+	event.res.headers.delete("set-cookie");
+	for (const cookie of currentCookies) {
+		if (_getDistinctCookieKey(cookie.split("=")?.[0], parseSetCookie(cookie)) === newCookieKey) continue;
+		event.res.headers.append("set-cookie", cookie);
+	}
+	event.res.headers.append("set-cookie", newCookie);
+}
+function _getDistinctCookieKey(name, options) {
+	return [
+		name,
+		options.domain || "",
+		options.path || "/"
+	].join(";");
+}
+
+//#endregion
+//#region src/SessionStore.ts
+/**
+* SessionStore (Driver registry)
+*
+* Register driver builders under a name and then create instances using:
+*   SessionStore.make('file', sessionId, options)
+*/
+var SessionStore = class {
+	static registry = /* @__PURE__ */ new Map();
+	/**
+	* Register a driver builder under a key (e.g. 'file', 'database', 'memory').
+	*/
+	static register(name, builder) {
+		this.registry.set(name, builder);
+	}
+	/**
+	* Create a driver instance for the given sessionId using the named builder.
+	*
+	* If driver not found, throws. Options is a simple key/value bag passed to the builder.
+	*/
+	static make(name, sessionId, options = {}) {
+		const builder = this.registry.get(name);
+		if (!builder) throw new Error(`Session driver "${name}" is not registered`);
+		return builder(sessionId, options);
+	}
+};
+
+//#endregion
+//#region src/SessionManager.ts
+/**
+* SessionManager
+*
+* Handles session initialization, ID generation, and encryption.
+* Each request gets a unique session namespace tied to its ID.
+*/
+var SessionManager = class SessionManager extends ISessionManager {
+	app;
+	ctx;
+	driver;
+	appKey;
+	sessionId;
+	request;
+	flashBag;
+	constructor(app, driverName = "file", driverOptions = {}) {
+		super();
+		this.appKey = process.env.APP_KEY;
+		if (app instanceof IHttpContext) {
+			this.request = app.request;
+			this.ctx = app;
+			this.app = app.app;
+		} else {
+			this.app = app;
+			this.ctx = app.make("http.context");
+			this.request = this.ctx.request;
+		}
+		this.sessionId = this.resolveSessionId();
+		this.driver = SessionStore.make(driverName, driverOptions.sessionId ?? this.sessionId, driverOptions);
+		this.flashBag = this.driver.flashBag;
+	}
+	/**
+	* Initialize the Session Manager
+	* 
+	* @param ctx 
+	* @returns 
+	*/
+	static init(app) {
+		return new SessionManager(app, config("session.driver", "file"), {
+			cwd: config("session.files"),
+			sessionDir: "/",
+			dir: "/",
+			table: config("session.table"),
+			prefix: config("database.connections.redis.options.prefix"),
+			client: config(`database.connections.${config("session.driver", "file")}.client`)
+		});
+	}
+	/**
+	* Generate a secure session ID unique to the user device.
+	*/
+	generateSessionId() {
+		const userAgent = this.request.getHeader("user-agent") || "";
+		const ip = this.request.getHeader("x-forwarded-for") || this.request.ip() || "";
+		const random = randomBytes(32).toString("hex");
+		const fingerprint = createHash("sha256").update(`${userAgent}-${ip}`).digest("hex");
+		return createHmac("sha256", this.appKey).update(`${fingerprint}-${random}`).digest("hex");
+	}
+	/**
+	* Resolve the session ID from cookie, header, or create a new one.
+	*/
+	resolveSessionId() {
+		const cookieSession = getCookie(this.ctx.event, "h3ravel_session");
+		if (cookieSession) return cookieSession;
+		const newId = this.generateSessionId();
+		setCookie(this.ctx.event, "h3ravel_session", newId, {
+			httpOnly: true,
+			secure: true,
+			sameSite: "lax",
+			maxAge: 3600 * 24 * 7
+		});
+		return newId;
+	}
+	/**
+	* Access the current session ID.
+	*/
+	id() {
+		return this.sessionId;
+	}
+	/**
+	* Get the current session driver
+	*/
+	getDriver() {
+		return this.driver;
+	}
+	/**
+	* Retrieve a value from the session
+	* 
+	* @param key 
+	* @param defaultValue
+	* @returns 
+	*/
+	get(key, defaultValue) {
+		return this.driver.get(key, defaultValue);
+	}
+	/** 
+	* Store a value in the session
+	* 
+	* @param key 
+	* @param value 
+	*/
+	set(value) {
+		return this.driver.set(value);
+	}
+	/** 
+	* Store multiple key/value pairs
+	* 
+	* @param values 
+	*/
+	put(key, value) {
+		return this.driver.put(key, value);
+	}
+	/** 
+	* Append a value to an array key
+	* 
+	* @param key 
+	* @param value 
+	*/
+	push(key, value) {
+		return this.driver.push(key, value);
+	}
+	/** 
+	* Remove a key from the session
+	* 
+	* @param key 
+	*/
+	forget(key) {
+		return this.driver.forget(key);
+	}
+	/** 
+	* Retrieve all session data
+	* 
+	* @returns 
+	*/
+	all() {
+		return this.driver.all();
+	}
+	/** 
+	* Determine if a key exists (even if null).
+	* 
+	* @param key 
+	* @returns 
+	*/
+	exists(key) {
+		return this.driver.exists(key);
+	}
+	/** 
+	* Determine if a key has a non-null value.
+	* 
+	* @param key 
+	* @returns 
+	*/
+	has(key) {
+		return this.driver.has(key);
+	}
+	/**
+	* Get only specific keys.
+	* 
+	* @param keys 
+	* @returns 
+	*/
+	only(keys) {
+		return this.driver.only(keys);
+	}
+	/**
+	* Return all keys except the specified ones.
+	* 
+	* @param keys 
+	* @returns 
+	*/
+	except(keys) {
+		return this.driver.except(keys);
+	}
+	/**
+	* Return and delete a key from the session.
+	* 
+	* @param key 
+	* @param defaultValue 
+	* @returns 
+	*/
+	pull(key, defaultValue = null) {
+		return this.driver.pull(key, defaultValue);
+	}
+	/**
+	* Increment a numeric value by amount (default 1).
+	* 
+	* @param key 
+	* @param amount 
+	* @returns 
+	*/
+	increment(key, amount = 1) {
+		return this.driver.increment(key, amount);
+	}
+	/**
+	* Decrement a numeric value by amount (default 1).
+	* 
+	* @param key 
+	* @param amount 
+	* @returns 
+	*/
+	decrement(key, amount = 1) {
+		return this.driver.decrement(key, amount);
+	}
+	/**
+	* Flash a value for next request only.
+	* 
+	* @param key 
+	* @param value 
+	*/
+	flash(key, value) {
+		return this.driver.flash(key, value);
+	}
+	/**
+	* Reflash all flash data for one more cycle.
+	* 
+	* @returns 
+	*/
+	reflash() {
+		return this.driver.reflash();
+	}
+	/**
+	* Keep only selected flash data.
+	* 
+	* @param keys 
+	* @returns 
+	*/
+	keep(keys) {
+		return this.driver.keep(keys);
+	}
+	/**
+	* Store data only for current request cycle (not persisted).
+	* 
+	* @param key 
+	* @param value 
+	*/
+	now(key, value) {
+		return this.driver.now(key, value);
+	}
+	/**
+	* Regenerate session ID and persist data under new ID.
+	*/
+	regenerate() {
+		return this.driver.regenerate();
+	}
+	/** 
+	* Determine if an item is not present in the session. 
+	* 
+	* @param key 
+	* @returns 
+	*/
+	missing(key) {
+		return this.driver.missing(key);
+	}
+	/** 
+	* Flush all session data
+	*/
+	flush() {
+		return this.driver.flush();
+	}
+	/**
+	* Invalidate the session completely and regenerate ID.
+	* 
+	* @returns 
+	*/
+	invalidate() {
+		return this.driver.invalidate();
+	}
+	/**
+	* Age flash data at the end of the request lifecycle.
+	* 
+	* @returns 
+	*/
+	ageFlashData() {
+		return this.driver.ageFlashData();
+	}
+};
+
+//#endregion
+//#region src/Providers/SessionServiceProvider.ts
+var SessionServiceProvider = class extends ServiceProvider {
+	static priority = 895;
+	static order = "before:HttpServiceProvider";
+	register() {
+		/**
+		* Register default drivers.
+		*/
+		SessionStore.register("file", fileBuilder);
+		SessionStore.register("database", dbBuilder);
+		SessionStore.register("memory", memoryBuilder);
+		SessionStore.register("redis", redisBuilder);
+		this.app.singleton("session", (app) => {
+			return SessionManager.init(app);
+		});
+		this.app.singleton("session.store", (app) => {
+			return app.make("session").getDriver();
+		});
+		this.registerCommands([MakeSessionTableCommand]);
+	}
+};
+
+//#endregion
+export { DatabaseDriver, Driver, Encryption, FileDriver, FlashBag, MakeSessionTableCommand, MemoryDriver, RedisDriver, SessionManager, SessionServiceProvider, SessionStore, dbBuilder, fileBuilder, memoryBuilder, redisBuilder };