@harborclient/http 0.1.1

package/dist/Requester.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Requester.d.ts","sourceRoot":"","sources":["../src/Requester.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAKV,gBAAgB,EAChB,UAAU,EAEX,MAAM,YAAY,CAAC;AACpB,OAAO,EAA4B,KAAK,eAAe,EAAE,MAAM,eAAe,CAAC;AAE/E,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAM5D,sEAAsE;AACtE,eAAO,MAAM,iBAAiB,aAAqC,CAAC;AAEpE,uDAAuD;AACvD,eAAO,MAAM,aAAa,KAAK,CAAC;AAmBhC;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,CAAC,EAAE,YAAY,CAAC;IAC3B,OAAO,CAAC,EAAE,QAAQ,CAAC;IACnB,IAAI,CAAC,EAAE,KAAK,CAAC;IACb,cAAc,CAAC,EAAE,eAAe,CAAC;CAClC;AAsHD;;GAEG;AACH,qBAAa,SAAU,YAAW,UAAU;IAC1C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAe;IAC3C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAQ;IAC7B,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAkB;IAEjD;;;;OAIG;gBACS,IAAI,GAAE,aAAkB;IAOpC;;;;;OAKG;IACH,OAAO,CAAC,oBAAoB;IAqB5B;;;;;OAKG;IACH,OAAO,CAAC,aAAa;IAarB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAK7B;;;;;;;;OAQG;IACH,OAAO,CAAC,WAAW;IAoBnB;;;;;;;OAOG;IACH,OAAO,CAAC,kBAAkB;IAW1B;;;;;;OAMG;YACW,gBAAgB;IAwB9B;;;;OAIG;IACH,OAAO,CAAC,iBAAiB;IAUzB;;;;;;;;;;;OAWG;IACG,cAAc,CAClB,KAAK,EAAE,gBAAgB,EACvB,QAAQ,GAAE,eAA0C,EACpD,MAAM,CAAC,EAAE,WAAW,EACpB,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,UAAU,CAAC;CA+KvB"}

package/dist/Requester.js

@@ -0,0 +1,403 @@
+import { Agent, ProxyAgent } from 'undici';
+import { DEFAULT_REQUEST_SETTINGS } from './settings.js';
+import { isVeryVerbose, logRequest } from './logger.js';
+import { Body } from './Body.js';
+import { Headers } from './Headers.js';
+import { QueryString } from './QueryString.js';
+import { ResponseReader } from './ResponseReader.js';
+/** HTTP status codes treated as redirects when following manually. */
+export const REDIRECT_STATUSES = new Set([301, 302, 303, 307, 308]);
+/** Maximum redirect hops before returning an error. */
+export const MAX_REDIRECTS = 20;
+/** Request-body headers removed when a redirect converts the method to GET. */
+const REQUEST_BODY_HEADER_NAMES = [
+    'content-type',
+    'content-length',
+    'content-encoding',
+    'content-language',
+    'content-location'
+];
+/** Headers stripped when the redirect target is cross-origin. */
+const CROSS_ORIGIN_HEADER_NAMES = [
+    'authorization',
+    'proxy-authorization',
+    'cookie',
+    'host'
+];
+let insecureDispatcher;
+let cachedProxyDispatcher;
+let cachedProxyDispatcherKey = '';
+/**
+ * Returns a cache key for proxy dispatcher configuration.
+ *
+ * @param proxy - Normalized proxy settings.
+ * @param verifySsl - Whether TLS certificates are verified for the origin request.
+ */
+function proxyDispatcherCacheKey(proxy, verifySsl) {
+    return JSON.stringify({ proxy, verifySsl });
+}
+/**
+ * Returns a shared undici ProxyAgent for the given proxy configuration.
+ *
+ * @param proxy - Normalized proxy settings with a non-empty host.
+ * @param verifySsl - When false, origin TLS verification is disabled through the proxy.
+ */
+function getProxyDispatcher(proxy, verifySsl) {
+    const key = proxyDispatcherCacheKey(proxy, verifySsl);
+    if (cachedProxyDispatcher && cachedProxyDispatcherKey === key) {
+        return cachedProxyDispatcher;
+    }
+    void cachedProxyDispatcher?.close();
+    const uri = `${proxy.protocol}://${proxy.host.trim()}:${proxy.port}`;
+    const options = { uri };
+    if (proxy.authEnabled && proxy.username) {
+        options.token = `Basic ${Buffer.from(`${proxy.username}:${proxy.password}`).toString('base64')}`;
+    }
+    if (!verifySsl) {
+        options.requestTls = { rejectUnauthorized: false };
+    }
+    cachedProxyDispatcher = new ProxyAgent(options);
+    cachedProxyDispatcherKey = key;
+    return cachedProxyDispatcher;
+}
+/**
+ * Removes a header from a map using case-insensitive name matching.
+ *
+ * @param headers - Mutable header map.
+ * @param name - Header name to remove.
+ */
+function deleteHeader(headers, name) {
+    const lower = name.toLowerCase();
+    for (const key of Object.keys(headers)) {
+        if (key.toLowerCase() === lower) {
+            delete headers[key];
+        }
+    }
+}
+/**
+ * Returns whether a redirect response should convert the next request to GET.
+ *
+ * @param status - Redirect response status code.
+ * @param method - Method used for the redirect response request.
+ */
+function shouldConvertRedirectToGet(status, method) {
+    return (([301, 302].includes(status) && method === 'POST') ||
+        (status === 303 && method !== 'GET' && method !== 'HEAD'));
+}
+/**
+ * Applies fetch redirect transition rules to the next hop's method, body flag, and headers.
+ *
+ * @param status - Redirect response status code.
+ * @param currentUrl - URL of the redirect response request.
+ * @param nextUrl - Resolved Location URL for the next hop.
+ * @param method - Current method; updated in place when converted to GET.
+ * @param headers - Mutable headers for the next hop.
+ * @returns Whether the next hop should include a request body.
+ */
+function applyRedirectTransition(status, currentUrl, nextUrl, method, headers) {
+    let shouldSendBody = method.value !== 'GET' && method.value !== 'HEAD';
+    if (shouldConvertRedirectToGet(status, method.value)) {
+        method.value = 'GET';
+        shouldSendBody = false;
+        for (const headerName of REQUEST_BODY_HEADER_NAMES) {
+            deleteHeader(headers, headerName);
+        }
+    }
+    try {
+        const fromOrigin = new URL(currentUrl).origin;
+        const toOrigin = new URL(nextUrl).origin;
+        if (fromOrigin !== toOrigin) {
+            for (const headerName of CROSS_ORIGIN_HEADER_NAMES) {
+                deleteHeader(headers, headerName);
+            }
+        }
+    }
+    catch {
+        // Invalid URL; leave headers unchanged.
+    }
+    return shouldSendBody;
+}
+/**
+ * Executes outbound HTTP requests via fetch with configurable collaborators.
+ */
+export class Requester {
+    queryString;
+    headers;
+    body;
+    responseReader;
+    /**
+     * Creates a requester with optional collaborators defaulting to the standard implementations.
+     *
+     * @param deps - Optional query string, header, body, and response reader implementations.
+     */
+    constructor(deps = {}) {
+        this.queryString = deps.queryString ?? new QueryString();
+        this.headers = deps.headers ?? new Headers();
+        this.body = deps.body ?? new Body();
+        this.responseReader = deps.responseReader ?? new ResponseReader();
+    }
+    /**
+     * Combines optional cancel and timeout signals for fetch.
+     *
+     * @param signal - Optional user cancel signal.
+     * @param timeoutMs - Request timeout in milliseconds; 0 disables timeout.
+     */
+    buildEffectiveSignal(signal, timeoutMs) {
+        const signals = [];
+        if (signal) {
+            signals.push(signal);
+        }
+        if (timeoutMs > 0) {
+            signals.push(AbortSignal.timeout(timeoutMs));
+        }
+        if (signals.length === 0) {
+            return undefined;
+        }
+        if (signals.length === 1) {
+            return signals[0];
+        }
+        return AbortSignal.any(signals);
+    }
+    /**
+     * Maps fetch errors to user-facing messages.
+     *
+     * @param err - Thrown fetch error.
+     * @param timeoutMs - Configured request timeout in milliseconds.
+     */
+    mapFetchError(err, timeoutMs) {
+        if (err instanceof Error && err.name === 'AbortError') {
+            return 'Request canceled';
+        }
+        if (err instanceof Error && err.name === 'TimeoutError') {
+            return `Request timed out after ${timeoutMs} ms`;
+        }
+        if (err instanceof Error) {
+            return err.message;
+        }
+        return 'Unknown error';
+    }
+    /**
+     * Returns a shared undici Agent that skips TLS certificate verification.
+     */
+    getInsecureDispatcher() {
+        insecureDispatcher ??= new Agent({ connect: { rejectUnauthorized: false } });
+        return insecureDispatcher;
+    }
+    /**
+     * Builds a failed {@link SendResult} with consistent error fields.
+     *
+     * @param error - User-facing error message.
+     * @param request - Sent request metadata captured before or during the attempt.
+     * @param timeMs - Elapsed time in milliseconds.
+     * @param responseHeaders - Optional response headers when available before failure.
+     * @param setCookieHeaders - Optional Set-Cookie headers from the response.
+     */
+    errorResult(error, request, timeMs, responseHeaders = {}, setCookieHeaders) {
+        return {
+            status: 0,
+            statusText: 'Error',
+            headers: responseHeaders,
+            body: '',
+            timeMs,
+            sizeBytes: 0,
+            error,
+            setCookieHeaders,
+            request
+        };
+    }
+    /**
+     * Logs the outbound request when very-verbose mode is enabled.
+     *
+     * Records the HTTP verb, resolved URL, request headers, body type, and request
+     * body. Response headers and response bodies are intentionally omitted.
+     *
+     * @param request - Final request metadata sent to fetch.
+     */
+    logOutgoingRequest(request) {
+        if (!isVeryVerbose)
+            return;
+        logRequest(`${request.method} ${request.url}`);
+        logRequest('headers:', request.headers);
+        logRequest('bodyType:', request.bodyType);
+        if (request.body) {
+            logRequest('body:', request.body);
+        }
+    }
+    /**
+     * Builds the fetch request body for one hop.
+     *
+     * @param input - Original send input (body source).
+     * @param bodyType - Body type for this hop.
+     * @param shouldSendBody - Whether a body should be attached.
+     */
+    async buildRequestBody(input, bodyType, shouldSendBody) {
+        if (!shouldSendBody || bodyType === 'none') {
+            return {};
+        }
+        if (bodyType === 'multipart') {
+            const multipartResult = await this.body.buildMultipart(input.body);
+            if ('error' in multipartResult) {
+                return { error: multipartResult.error };
+            }
+            return { body: multipartResult.formData };
+        }
+        if (bodyType === 'urlencoded') {
+            return { body: this.body.buildUrlEncoded(input.body) };
+        }
+        return { body: input.body };
+    }
+    /**
+     * Resolves the fetch dispatcher from general settings.
+     *
+     * @param settings - General request settings.
+     */
+    resolveDispatcher(settings) {
+        if (settings.proxy.enabled && settings.proxy.host.trim()) {
+            return getProxyDispatcher(settings.proxy, settings.verifySsl);
+        }
+        if (!settings.verifySsl) {
+            return this.getInsecureDispatcher();
+        }
+        return undefined;
+    }
+    /**
+     * Executes an HTTP request via fetch and returns timing and response metadata.
+     *
+     * When redirect following is enabled, 3xx responses are followed manually so
+     * each hop can be recorded in {@link SendResult.redirects}.
+     *
+     * @param input - Method, URL, headers, params, body, and body type.
+     * @param settings - General request settings for timeout, size limits, SSL verification, and redirect following.
+     * @param signal - Optional abort signal to cancel the in-flight request.
+     * @param cookieHeader - Optional Cookie header value from the cookie jar.
+     * @returns Response status, headers, body, timing, size, and optional redirect chain; error field on failure.
+     */
+    async executeRequest(input, settings = DEFAULT_REQUEST_SETTINGS, signal, cookieHeader) {
+        const url = this.queryString.buildUrl(input.url, input.params);
+        const sentRequest = {
+            method: input.method,
+            url: input.url,
+            headers: {},
+            body: '',
+            bodyType: input.bodyType
+        };
+        const builtHeaders = this.headers.build(input.headers, input.bodyType);
+        if (!builtHeaders.ok) {
+            return this.errorResult(builtHeaders.error, sentRequest, 0);
+        }
+        const headers = builtHeaders.headers;
+        sentRequest.headers = headers;
+        const cookieResult = this.headers.applyCookie(headers, cookieHeader);
+        if (!cookieResult.ok) {
+            return this.errorResult(cookieResult.error, sentRequest, 0);
+        }
+        const shouldSendBody = input.bodyType !== 'none' && input.method !== 'GET' && input.method !== 'HEAD';
+        const sentBody = shouldSendBody
+            ? input.bodyType === 'multipart'
+                ? this.body.summarizeFormParts(input.body)
+                : input.bodyType === 'urlencoded'
+                    ? this.body.buildUrlEncoded(input.body)
+                    : input.body
+            : '';
+        sentRequest.body = sentBody;
+        if (!url.trim()) {
+            return this.errorResult('URL is required', sentRequest, 0);
+        }
+        if (!this.queryString.isValidRequestUrl(url)) {
+            return this.errorResult('Invalid URL', sentRequest, 0);
+        }
+        sentRequest.url = url;
+        const start = performance.now();
+        const effectiveSignal = this.buildEffectiveSignal(signal, settings.requestTimeoutMs);
+        const dispatcher = this.resolveDispatcher(settings);
+        this.logOutgoingRequest(sentRequest);
+        let currentUrl = url;
+        let currentMethod = input.method;
+        const currentHeaders = { ...headers };
+        const currentBodyType = input.bodyType;
+        let currentShouldSendBody = shouldSendBody;
+        const redirects = [];
+        try {
+            let response;
+            while (true) {
+                const init = {
+                    method: currentMethod,
+                    headers: currentHeaders,
+                    signal: effectiveSignal,
+                    redirect: 'manual'
+                };
+                if (dispatcher) {
+                    init.dispatcher = dispatcher;
+                }
+                const bodyResult = await this.buildRequestBody(input, currentBodyType, currentShouldSendBody);
+                if (bodyResult.error) {
+                    const timeMs = Math.round(performance.now() - start);
+                    return this.errorResult(bodyResult.error, sentRequest, timeMs);
+                }
+                if (bodyResult.body !== undefined) {
+                    init.body = bodyResult.body;
+                }
+                response = await fetch(currentUrl, init);
+                if (!settings.followRedirects ||
+                    !REDIRECT_STATUSES.has(response.status) ||
+                    !response.headers.get('location')) {
+                    break;
+                }
+                const rawLocation = response.headers.get('location');
+                let location;
+                try {
+                    location = new URL(rawLocation, currentUrl).toString();
+                }
+                catch {
+                    break;
+                }
+                redirects.push({
+                    status: response.status,
+                    statusText: response.statusText,
+                    url: currentUrl,
+                    location,
+                    method: currentMethod
+                });
+                await response.body?.cancel();
+                if (redirects.length > MAX_REDIRECTS) {
+                    const timeMs = Math.round(performance.now() - start);
+                    return this.errorResult('Too many redirects', sentRequest, timeMs);
+                }
+                const methodRef = { value: currentMethod };
+                currentShouldSendBody = applyRedirectTransition(response.status, currentUrl, location, methodRef, currentHeaders);
+                currentMethod = methodRef.value;
+                currentUrl = location;
+            }
+            if (!response) {
+                const timeMs = Math.round(performance.now() - start);
+                return this.errorResult('No response received', sentRequest, timeMs);
+            }
+            const setCookieHeaders = typeof response.headers.getSetCookie === 'function' ? response.headers.getSetCookie() : [];
+            const readResult = await this.responseReader.read(response, settings.maxResponseSizeMb);
+            const timeMs = Math.round(performance.now() - start);
+            const responseHeaders = {};
+            response.headers.forEach((value, key) => {
+                responseHeaders[key] = value;
+            });
+            if ('error' in readResult) {
+                return this.errorResult(readResult.error, sentRequest, timeMs, responseHeaders, setCookieHeaders);
+            }
+            return {
+                status: response.status,
+                statusText: response.statusText,
+                headers: responseHeaders,
+                body: readResult.body,
+                ...(readResult.bodyBase64 ? { bodyBase64: readResult.bodyBase64 } : {}),
+                timeMs,
+                sizeBytes: readResult.sizeBytes,
+                setCookieHeaders,
+                request: sentRequest,
+                ...(redirects.length > 0 ? { redirects } : {})
+            };
+        }
+        catch (err) {
+            const timeMs = Math.round(performance.now() - start);
+            return this.errorResult(this.mapFetchError(err, settings.requestTimeoutMs), sentRequest, timeMs);
+        }
+    }
+}

package/dist/ResponseReader.d.ts

@@ -0,0 +1,24 @@
+import type { IResponseReader, ReadResponseBodyResult } from './IResponseReader.js';
+/**
+ * Reads fetch response bodies with user and hard size limits.
+ */
+export declare class ResponseReader implements IResponseReader {
+    /**
+     * Resolves the effective response size limit in megabytes.
+     *
+     * @param maxResponseSizeMb - User setting; 0 means no configurable limit.
+     * @returns The user limit when positive, otherwise {@link HARD_MAX_RESPONSE_SIZE_MB}.
+     */
+    resolveMaxResponseSizeMb(maxResponseSizeMb: number): number;
+    /**
+     * Reads a response body, enforcing a max size in megabytes.
+     *
+     * When {@link maxResponseSizeMb} is 0, the user-configurable limit is disabled but
+     * {@link HARD_MAX_RESPONSE_SIZE_MB} still applies as a safety ceiling.
+     *
+     * @param response - Fetch response to read.
+     * @param maxResponseSizeMb - Maximum body size in MB; 0 uses the hard cap only.
+     */
+    read(response: Response, maxResponseSizeMb: number): Promise<ReadResponseBodyResult>;
+}
+//# sourceMappingURL=ResponseReader.d.ts.map

package/dist/ResponseReader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ResponseReader.d.ts","sourceRoot":"","sources":["../src/ResponseReader.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAEpF;;GAEG;AACH,qBAAa,cAAe,YAAW,eAAe;IACpD;;;;;OAKG;IACH,wBAAwB,CAAC,iBAAiB,EAAE,MAAM,GAAG,MAAM;IAI3D;;;;;;;;OAQG;IACG,IAAI,CAAC,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC;CAkD3F"}

package/dist/ResponseReader.js

@@ -0,0 +1,66 @@
+import { HARD_MAX_RESPONSE_SIZE_MB } from './settings.js';
+/**
+ * Reads fetch response bodies with user and hard size limits.
+ */
+export class ResponseReader {
+    /**
+     * Resolves the effective response size limit in megabytes.
+     *
+     * @param maxResponseSizeMb - User setting; 0 means no configurable limit.
+     * @returns The user limit when positive, otherwise {@link HARD_MAX_RESPONSE_SIZE_MB}.
+     */
+    resolveMaxResponseSizeMb(maxResponseSizeMb) {
+        return maxResponseSizeMb > 0 ? maxResponseSizeMb : HARD_MAX_RESPONSE_SIZE_MB;
+    }
+    /**
+     * Reads a response body, enforcing a max size in megabytes.
+     *
+     * When {@link maxResponseSizeMb} is 0, the user-configurable limit is disabled but
+     * {@link HARD_MAX_RESPONSE_SIZE_MB} still applies as a safety ceiling.
+     *
+     * @param response - Fetch response to read.
+     * @param maxResponseSizeMb - Maximum body size in MB; 0 uses the hard cap only.
+     */
+    async read(response, maxResponseSizeMb) {
+        const effectiveMaxMb = this.resolveMaxResponseSizeMb(maxResponseSizeMb);
+        const maxBytes = effectiveMaxMb * 1024 * 1024;
+        const bodyStream = response.body ??
+            new ReadableStream({
+                start(controller) {
+                    controller.close();
+                }
+            });
+        const reader = bodyStream.getReader();
+        const chunks = [];
+        let totalBytes = 0;
+        while (true) {
+            const { done, value } = await reader.read();
+            if (done) {
+                break;
+            }
+            if (value) {
+                totalBytes += value.length;
+                if (totalBytes > maxBytes) {
+                    await reader.cancel();
+                    const error = maxResponseSizeMb > 0
+                        ? `Response exceeded max size of ${maxResponseSizeMb} MB`
+                        : `Response exceeded the maximum allowed size of ${HARD_MAX_RESPONSE_SIZE_MB} MB`;
+                    return { error };
+                }
+                chunks.push(value);
+            }
+        }
+        const combined = new Uint8Array(totalBytes);
+        let offset = 0;
+        for (const chunk of chunks) {
+            combined.set(chunk, offset);
+            offset += chunk.length;
+        }
+        const body = new TextDecoder().decode(combined);
+        const contentType = response.headers.get('content-type')?.toLowerCase() ?? '';
+        const bodyBase64 = contentType.startsWith('image/')
+            ? Buffer.from(combined).toString('base64')
+            : undefined;
+        return { body, sizeBytes: totalBytes, ...(bodyBase64 ? { bodyBase64 } : {}) };
+    }
+}

package/dist/formData.d.ts

@@ -0,0 +1,27 @@
+import type { FormDataPart } from './types.js';
+/**
+ * Returns a blank multipart form part with enabled set to true.
+ */
+export declare function emptyFormPart(): FormDataPart;
+/**
+ * Coerces a partial or legacy form part record to the full FormDataPart shape.
+ *
+ * @param part - Raw part fields from storage or import.
+ * @returns Normalized form part with defaults for missing fields.
+ */
+export declare function normalizeFormPart(part: Partial<FormDataPart>): FormDataPart;
+/**
+ * Parses a serialized multipart body string into form parts.
+ *
+ * @param body - JSON array stored in the request body field.
+ * @returns Parsed form parts, or an empty array when body is empty or invalid.
+ */
+export declare function parseFormParts(body: string): FormDataPart[];
+/**
+ * Serializes form parts for storage in the request body field.
+ *
+ * @param parts - Multipart form parts to serialize.
+ * @returns JSON string, or an empty string when there are no parts.
+ */
+export declare function serializeFormParts(parts: FormDataPart[]): string;
+//# sourceMappingURL=formData.d.ts.map

package/dist/formData.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"formData.d.ts","sourceRoot":"","sources":["../src/formData.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAoB,MAAM,YAAY,CAAC;AAEjE;;GAEG;AACH,wBAAgB,aAAa,IAAI,YAAY,CAE5C;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG,YAAY,CAW3E;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,YAAY,EAAE,CAe3D;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,YAAY,EAAE,GAAG,MAAM,CAKhE"}

package/dist/formData.js

@@ -0,0 +1,58 @@
+/**
+ * Returns a blank multipart form part with enabled set to true.
+ */
+export function emptyFormPart() {
+    return { key: '', value: '', enabled: true, type: 'text', files: [] };
+}
+/**
+ * Coerces a partial or legacy form part record to the full FormDataPart shape.
+ *
+ * @param part - Raw part fields from storage or import.
+ * @returns Normalized form part with defaults for missing fields.
+ */
+export function normalizeFormPart(part) {
+    const type = part.type === 'file' ? 'file' : 'text';
+    return {
+        key: typeof part.key === 'string' ? part.key : '',
+        value: typeof part.value === 'string' ? part.value : '',
+        enabled: part.enabled !== false,
+        type,
+        files: Array.isArray(part.files)
+            ? part.files.filter((file) => typeof file === 'string')
+            : []
+    };
+}
+/**
+ * Parses a serialized multipart body string into form parts.
+ *
+ * @param body - JSON array stored in the request body field.
+ * @returns Parsed form parts, or an empty array when body is empty or invalid.
+ */
+export function parseFormParts(body) {
+    const trimmed = body.trim();
+    if (!trimmed) {
+        return [];
+    }
+    try {
+        const parsed = JSON.parse(trimmed);
+        if (!Array.isArray(parsed)) {
+            return [];
+        }
+        return parsed.map((part) => normalizeFormPart(part));
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Serializes form parts for storage in the request body field.
+ *
+ * @param parts - Multipart form parts to serialize.
+ * @returns JSON string, or an empty string when there are no parts.
+ */
+export function serializeFormParts(parts) {
+    if (parts.length === 0) {
+        return '';
+    }
+    return JSON.stringify(parts.map((part) => normalizeFormPart(part)));
+}

package/dist/httpHeaders.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Returns whether a header field contains control characters or other bytes
+ * unsafe for HTTP header serialization (including CR and LF).
+ *
+ * @param value - Header name or value to inspect.
+ */
+export declare function hasUnsafeHeaderFieldChars(value: string): boolean;
+/**
+ * Validates a request header name and value before passing them to fetch.
+ *
+ * @param name - Header field name (already trimmed when supplied from buildHeaders).
+ * @param value - Header field value.
+ * @returns An error message when invalid, otherwise null.
+ */
+export declare function validateHeaderField(name: string, value: string): string | null;
+/**
+ * Validates a header map and returns the first validation error, if any.
+ *
+ * @param headers - Header map ready for fetch.
+ * @returns An error message when a field is invalid, otherwise null.
+ */
+export declare function validateHeaders(headers: Record<string, string>): string | null;
+//# sourceMappingURL=httpHeaders.d.ts.map

package/dist/httpHeaders.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"httpHeaders.d.ts","sourceRoot":"","sources":["../src/httpHeaders.ts"],"names":[],"mappings":"AAaA;;;;;GAKG;AACH,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAQhE;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAc9E;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,GAAG,IAAI,CAQ9E"}

package/dist/httpHeaders.js

@@ -0,0 +1,61 @@
+/**
+ * Hop-by-hop headers that must not be set from user or script input.
+ */
+const FORBIDDEN_HEADER_NAMES = new Set([
+    'connection',
+    'keep-alive',
+    'proxy-connection',
+    'te',
+    'trailer',
+    'transfer-encoding',
+    'upgrade'
+]);
+/**
+ * Returns whether a header field contains control characters or other bytes
+ * unsafe for HTTP header serialization (including CR and LF).
+ *
+ * @param value - Header name or value to inspect.
+ */
+export function hasUnsafeHeaderFieldChars(value) {
+    for (let index = 0; index < value.length; index += 1) {
+        const code = value.charCodeAt(index);
+        if (code <= 0x1f || code === 0x7f) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Validates a request header name and value before passing them to fetch.
+ *
+ * @param name - Header field name (already trimmed when supplied from buildHeaders).
+ * @param value - Header field value.
+ * @returns An error message when invalid, otherwise null.
+ */
+export function validateHeaderField(name, value) {
+    if (FORBIDDEN_HEADER_NAMES.has(name.toLowerCase())) {
+        return `Forbidden header: ${name}`;
+    }
+    if (hasUnsafeHeaderFieldChars(name)) {
+        return `Invalid header name: control characters are not allowed`;
+    }
+    if (hasUnsafeHeaderFieldChars(value)) {
+        return `Invalid header value for "${name}": control characters are not allowed`;
+    }
+    return null;
+}
+/**
+ * Validates a header map and returns the first validation error, if any.
+ *
+ * @param headers - Header map ready for fetch.
+ * @returns An error message when a field is invalid, otherwise null.
+ */
+export function validateHeaders(headers) {
+    for (const [name, value] of Object.entries(headers)) {
+        const error = validateHeaderField(name, value);
+        if (error) {
+            return error;
+        }
+    }
+    return null;
+}