@hot-updater/cloudflare 0.20.11 → 0.20.12

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@hot-updater/cloudflare",
   "type": "module",
-  "version": "0.20.11",
+  "version": "0.20.12",
   "description": "React Native OTA solution for self-hosted",
   "main": "dist/index.cjs",
   "module": "dist/index.js",
@@ -40,9 +40,9 @@
   ],
   "dependencies": {
     "cloudflare": "4.2.0",
-    "@hot-updater/core": "0.20.11",
-    "@hot-updater/js": "0.20.11",
-    "@hot-updater/plugin-core": "0.20.11"
+    "@hot-updater/js": "0.20.12",
+    "@hot-updater/core": "0.20.12",
+    "@hot-updater/plugin-core": "0.20.12"
   },
   "devDependencies": {
     "@clack/prompts": "0.10.0",

package/sql/prepareSql.ts

@@ -1,5 +1,5 @@
-import path from "path";
 import fs from "fs/promises";
+import path from "path";
 
 export const prepareSql = async () => {
   const files = await fs.readdir(__dirname);

package/worker/dist/README.md

@@ -1 +1 @@
-This folder contains the built output assets for the worker "hot-updater" generated at 2025-09-15T01:29:53.413Z.
+This folder contains the built output assets for the worker "hot-updater" generated at 2025-10-09T07:31:43.509Z.

package/worker/dist/index.js

@@ -1298,8 +1298,7 @@ var require_diff = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/semver
     const highVersion = v1Higher ? v1 : v2;
     const lowVersion = v1Higher ? v2 : v1;
     const highHasPre = !!highVersion.prerelease.length;
-    const lowHasPre = !!lowVersion.prerelease.length;
-    if (lowHasPre && !highHasPre) {
+    if (!!lowVersion.prerelease.length && !highHasPre) {
       if (!lowVersion.patch && !lowVersion.minor) return "major";
       if (lowVersion.compareMain(highVersion) === 0) {
         if (lowVersion.minor && !lowVersion.patch) return "minor";
@@ -1460,11 +1459,7 @@ var require_coerce = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/semv
     }
     if (match === null) return null;
     const major$2 = match[2];
-    const minor$2 = match[3] || "0";
-    const patch$2 = match[4] || "0";
-    const prerelease$2 = options.includePrerelease && match[5] ? `-${match[5]}` : "";
-    const build = options.includePrerelease && match[6] ? `+${match[6]}` : "";
-    return parse$1(`${major$2}.${minor$2}.${patch$2}${prerelease$2}${build}`, options);
+    return parse$1(`${major$2}.${match[3] || "0"}.${match[4] || "0"}${options.includePrerelease && match[5] ? `-${match[5]}` : ""}${options.includePrerelease && match[6] ? `+${match[6]}` : ""}`, options);
   }, "coerce$1");
   module.exports = coerce$1;
 }, "../../node_modules/.pnpm/semver@7.7.2/node_modules/semver/functions/coerce.js") });
@@ -1479,7 +1474,7 @@ var require_lrucache = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/se
     }
     get(key) {
       const value = this.map.get(key);
-      if (value === void 0) return void 0;
+      if (value === void 0) return;
       else {
         this.map.delete(key);
         this.map.set(key, value);
@@ -1490,8 +1485,7 @@ var require_lrucache = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/se
       return this.map.delete(key);
     }
     set(key, value) {
-      const deleted = this.delete(key);
-      if (!deleted && value !== void 0) {
+      if (!this.delete(key) && value !== void 0) {
         if (this.map.size >= this.max) {
           const firstKey = this.map.keys().next().value;
           this.delete(firstKey);
@@ -1559,8 +1553,7 @@ var require_range = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/semve
       return this.range;
     }
     parseRange(range) {
-      const memoOpts = (this.options.includePrerelease && FLAG_INCLUDE_PRERELEASE) | (this.options.loose && FLAG_LOOSE);
-      const memoKey = memoOpts + ":" + range;
+      const memoKey = ((this.options.includePrerelease && FLAG_INCLUDE_PRERELEASE) | (this.options.loose && FLAG_LOOSE)) + ":" + range;
       const cached = cache$1.get(memoKey);
       if (cached) return cached;
       const loose = this.options.loose;
@@ -1614,8 +1607,7 @@ var require_range = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/semve
     }
   };
   module.exports = Range$11;
-  const LRU = require_lrucache();
-  const cache$1 = new LRU();
+  const cache$1 = new (require_lrucache())();
   const parseOptions$1 = require_parse_options();
   const Comparator$4 = require_comparator();
   const debug$1 = require_debug();
@@ -2044,16 +2036,13 @@ var require_simplify = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/se
     let first = null;
     let prev = null;
     const v = versions2.sort((a, b) => compare$2(a, b, options));
-    for (const version2 of v) {
-      const included = satisfies$2(version2, range, options);
-      if (included) {
-        prev = version2;
-        if (!first) first = version2;
-      } else {
-        if (prev) set.push([first, prev]);
-        prev = null;
-        first = null;
-      }
+    for (const version2 of v) if (satisfies$2(version2, range, options)) {
+      prev = version2;
+      if (!first) first = version2;
+    } else {
+      if (prev) set.push([first, prev]);
+      prev = null;
+      first = null;
     }
     if (first) set.push([first, null]);
     const ranges = [];
@@ -2257,8 +2246,7 @@ var semverSatisfies = /* @__PURE__ */ __name((targetAppVersion, currentVersion)
   return import_semver.default.satisfies(currentCoerce.version, targetAppVersion);
 }, "semverSatisfies");
 var filterCompatibleAppVersions = /* @__PURE__ */ __name((targetAppVersionList, currentVersion) => {
-  const compatibleAppVersionList = targetAppVersionList.filter((version2) => semverSatisfies(version2, currentVersion));
-  return compatibleAppVersionList.sort((a, b) => b.localeCompare(a));
+  return targetAppVersionList.filter((version2) => semverSatisfies(version2, currentVersion)).sort((a, b) => b.localeCompare(a));
 }, "filterCompatibleAppVersions");
 var encoder = new TextEncoder();
 var decoder = new TextDecoder();
@@ -2438,8 +2426,7 @@ function checkSigCryptoKey(key, alg, usage) {
     case "HS512": {
       if (!isAlgorithm(key.algorithm, "HMAC")) throw unusable("HMAC");
       const expected = parseInt(alg.slice(2), 10);
-      const actual = getHashLength(key.algorithm.hash);
-      if (actual !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
+      if (getHashLength(key.algorithm.hash) !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
       break;
     }
     case "RS256":
@@ -2447,8 +2434,7 @@ function checkSigCryptoKey(key, alg, usage) {
     case "RS512": {
       if (!isAlgorithm(key.algorithm, "RSASSA-PKCS1-v1_5")) throw unusable("RSASSA-PKCS1-v1_5");
       const expected = parseInt(alg.slice(2), 10);
-      const actual = getHashLength(key.algorithm.hash);
-      if (actual !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
+      if (getHashLength(key.algorithm.hash) !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
       break;
     }
     case "PS256":
@@ -2456,8 +2442,7 @@ function checkSigCryptoKey(key, alg, usage) {
     case "PS512": {
       if (!isAlgorithm(key.algorithm, "RSA-PSS")) throw unusable("RSA-PSS");
       const expected = parseInt(alg.slice(2), 10);
-      const actual = getHashLength(key.algorithm.hash);
-      if (actual !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
+      if (getHashLength(key.algorithm.hash) !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
       break;
     }
     case "Ed25519":
@@ -2469,8 +2454,7 @@ function checkSigCryptoKey(key, alg, usage) {
     case "ES512": {
       if (!isAlgorithm(key.algorithm, "ECDSA")) throw unusable("ECDSA");
       const expected = getNamedCurve(alg);
-      const actual = key.algorithm.namedCurve;
-      if (actual !== expected) throw unusable(expected, "algorithm.namedCurve");
+      if (key.algorithm.namedCurve !== expected) throw unusable(expected, "algorithm.namedCurve");
       break;
     }
     default:
@@ -2672,7 +2656,7 @@ var validate_crit_default = /* @__PURE__ */ __name((Err, recognizedDefault, reco
 }, "validate_crit_default");
 var validate_algorithms_default = /* @__PURE__ */ __name((option, algorithms) => {
   if (algorithms !== void 0 && (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== "string"))) throw new TypeError(`"${option}" option must be an array of strings`);
-  if (!algorithms) return void 0;
+  if (!algorithms) return;
   return new Set(algorithms);
 }, "validate_algorithms_default");
 function isJWK(key) {
@@ -2762,12 +2746,11 @@ var handleKeyObject = /* @__PURE__ */ __name((keyObject, alg) => {
     }, extractable, [isPublic ? "verify" : "sign"]);
   }
   if (keyObject.asymmetricKeyType === "ec") {
-    const nist = /* @__PURE__ */ new Map([
+    const namedCurve = (/* @__PURE__ */ new Map([
       ["prime256v1", "P-256"],
       ["secp384r1", "P-384"],
       ["secp521r1", "P-521"]
-    ]);
-    const namedCurve = nist.get(keyObject.asymmetricKeyDetails?.namedCurve);
+    ])).get(keyObject.asymmetricKeyDetails?.namedCurve);
     if (!namedCurve) throw new TypeError("given KeyObject instance cannot be used for this algorithm");
     if (alg === "ES256" && namedCurve === "P-256") cryptoKey = keyObject.toCryptoKey({
       name: "ECDSA",
@@ -2801,8 +2784,7 @@ var normalize_key_default = /* @__PURE__ */ __name(async (key, alg) => {
     } catch (err) {
       if (err instanceof TypeError) throw err;
     }
-    let jwk = key.export({ format: "jwk" });
-    return handleJWK(key, jwk, alg);
+    return handleJWK(key, key.export({ format: "jwk" }), alg);
   }
   if (isJWK(key)) {
     if (key.k) return decode(key.k);
@@ -2893,8 +2875,7 @@ var asymmetricTypeCheck = /* @__PURE__ */ __name((alg, key, usage) => {
   }
 }, "asymmetricTypeCheck");
 var check_key_type_default = /* @__PURE__ */ __name((alg, key, usage) => {
-  const symmetric = alg.startsWith("HS") || alg === "dir" || alg.startsWith("PBES2") || /^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(alg) || /^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(alg);
-  if (symmetric) symmetricTypeCheck(alg, key, usage);
+  if (alg.startsWith("HS") || alg === "dir" || alg.startsWith("PBES2") || /^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(alg) || /^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(alg)) symmetricTypeCheck(alg, key, usage);
   else asymmetricTypeCheck(alg, key, usage);
 }, "check_key_type_default");
 var subtle_dsa_default = /* @__PURE__ */ __name((alg, algorithm) => {
@@ -3004,8 +2985,7 @@ async function flattenedVerify(jws, key, options) {
     throw new JWSInvalid("Failed to base64url decode the signature");
   }
   const k = await normalize_key_default(key, alg);
-  const verified = await verify_default(alg, k, signature, data);
-  if (!verified) throw new JWSSignatureVerificationFailed();
+  if (!await verify_default(alg, k, signature, data)) throw new JWSSignatureVerificationFailed();
   let payload;
   if (b64) try {
     payload = decode(jws.payload);
@@ -3214,9 +3194,8 @@ var JWTClaimsBuilder = class {
 async function jwtVerify(jwt, key, options) {
   const verified = await compactVerify(jwt, key, options);
   if (verified.protectedHeader.crit?.includes("b64") && verified.protectedHeader.b64 === false) throw new JWTInvalid("JWTs MUST NOT use unencoded payload");
-  const payload = validateClaimsSet(verified.protectedHeader, verified.payload, options);
   const result = {
-    payload,
+    payload: validateClaimsSet(verified.protectedHeader, verified.payload, options),
     protectedHeader: verified.protectedHeader
   };
   if (typeof key === "function") return {
@@ -3275,10 +3254,8 @@ var FlattenedSign = class {
     if (this.#protectedHeader) protectedHeader = encoder.encode(encode(JSON.stringify(this.#protectedHeader)));
     else protectedHeader = encoder.encode("");
     const data = concat(protectedHeader, encoder.encode("."), payload);
-    const k = await normalize_key_default(key, alg);
-    const signature = await sign_default(alg, k, data);
     const jws = {
-      signature: encode(signature),
+      signature: encode(await sign_default(alg, await normalize_key_default(key, alg), data)),
       payload: ""
     };
     if (b64) jws.payload = decoder.decode(payload);
@@ -3353,29 +3330,6 @@ var SignJWT = class {
     return sig.sign(key, options);
   }
 };
-var withJwtSignedUrl = /* @__PURE__ */ __name(async ({ data, reqUrl, jwtSecret }) => {
-  if (!data) return null;
-  const { storageUri, ...rest } = data;
-  if (data.id === NIL_UUID || !storageUri) return {
-    ...rest,
-    fileUrl: null
-  };
-  const storageUrl = new URL(storageUri);
-  const key = `${storageUrl.host}${storageUrl.pathname}`;
-  const token = await signToken(key, jwtSecret);
-  const url = new URL(reqUrl);
-  url.pathname = key;
-  url.searchParams.set("token", token);
-  return {
-    ...rest,
-    fileUrl: url.toString()
-  };
-}, "withJwtSignedUrl");
-var signToken = /* @__PURE__ */ __name(async (key, jwtSecret) => {
-  const secretKey = new TextEncoder().encode(jwtSecret);
-  const token = await new SignJWT({ key }).setProtectedHeader({ alg: "HS256" }).setExpirationTime("60s").sign(secretKey);
-  return token;
-}, "signToken");
 var verifyJwtToken = /* @__PURE__ */ __name(async ({ path, token, jwtSecret }) => {
   const key = path.replace(/^\/+/, "");
   if (!token) return {
@@ -3383,8 +3337,7 @@ var verifyJwtToken = /* @__PURE__ */ __name(async ({ path, token, jwtSecret }) =
     error: "Missing token"
   };
   try {
-    const secretKey = new TextEncoder().encode(jwtSecret);
-    const { payload } = await jwtVerify(token, secretKey);
+    const { payload } = await jwtVerify(token, new TextEncoder().encode(jwtSecret));
     if (!payload || payload.key !== key) return {
       valid: false,
       error: "Token does not match requested file"
@@ -3393,7 +3346,7 @@ var verifyJwtToken = /* @__PURE__ */ __name(async ({ path, token, jwtSecret }) =
       valid: true,
       key
     };
-  } catch (error3) {
+  } catch {
     return {
       valid: false,
       error: "Invalid or expired token"
@@ -3408,13 +3361,12 @@ var getFileResponse = /* @__PURE__ */ __name(async ({ key, handler }) => {
   };
   const pathParts = key.split("/");
   const fileName = pathParts[pathParts.length - 1];
-  const headers = {
-    "Content-Type": object.contentType || "application/octet-stream",
-    "Content-Disposition": `attachment; filename=${fileName}`
-  };
   return {
     status: 200,
-    responseHeaders: headers,
+    responseHeaders: {
+      "Content-Type": object.contentType || "application/octet-stream",
+      "Content-Disposition": `attachment; filename=${fileName}`
+    },
     responseBody: object.body
   };
 }, "getFileResponse");
@@ -3439,6 +3391,28 @@ var verifyJwtSignedUrl = /* @__PURE__ */ __name(async ({ path, token, jwtSecret,
     handler
   });
 }, "verifyJwtSignedUrl");
+var withJwtSignedUrl = /* @__PURE__ */ __name(async ({ data, reqUrl, jwtSecret }) => {
+  if (!data) return null;
+  const { storageUri, ...rest } = data;
+  if (data.id === NIL_UUID || !storageUri) return {
+    ...rest,
+    fileUrl: null
+  };
+  const storageUrl = new URL(storageUri);
+  const key = `${storageUrl.host}${storageUrl.pathname}`;
+  const token = await signToken(key, jwtSecret);
+  const url = new URL(reqUrl);
+  url.pathname = key;
+  url.searchParams.set("token", token);
+  return {
+    ...rest,
+    fileUrl: url.toString()
+  };
+}, "withJwtSignedUrl");
+var signToken = /* @__PURE__ */ __name(async (key, jwtSecret) => {
+  const secretKey = new TextEncoder().encode(jwtSecret);
+  return await new SignJWT({ key }).setProtectedHeader({ alg: "HS256" }).setExpirationTime("60s").sign(secretKey);
+}, "signToken");
 
 // ../../node_modules/.pnpm/hono@4.6.3/node_modules/hono/dist/utils/body.js
 var parseBody = /* @__PURE__ */ __name(async (request, options = /* @__PURE__ */ Object.create(null)) => {