@interopio/gateway-server 0.14.1 → 0.16.0

package/dist/index.js

@@ -1,3282 +1,3 @@
-var __defProp = Object.defineProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-
-// src/server.ts
-var server_exports = {};
-__export(server_exports, {
-  Factory: () => Factory
-});
-import http2 from "node:http";
-import https from "node:https";
-import { readFileSync } from "node:fs";
-import { AsyncLocalStorage as AsyncLocalStorage4 } from "node:async_hooks";
-import { IOGateway as IOGateway6 } from "@interopio/gateway";
-
-// src/logger.ts
-import * as GatewayLogging from "@interopio/gateway/logging/core";
-function getLogger2(name) {
-  return GatewayLogging.getLogger(`gateway.server.${name}`);
-}
-function regexAwareReplacer(_key, value) {
-  return value instanceof RegExp ? value.toString() : value;
-}
-
-// src/gateway/ws/core.ts
-import { IOGateway } from "@interopio/gateway";
-import { AsyncLocalStorage } from "node:async_hooks";
-var GatewayEncoders = IOGateway.Encoding;
-var log = getLogger2("ws");
-var codec = GatewayEncoders.json();
-function principalName(authentication) {
-  let name;
-  if (authentication.authenticated) {
-    name = authentication.name;
-    if (name === void 0) {
-      if (authentication["principal"] !== void 0) {
-        const principal = authentication["principal"];
-        if (typeof principal === "object") {
-          name = principal.name;
-        }
-        if (name === void 0) {
-          if (principal === void 0) {
-            name = "";
-          } else {
-            name = String(principal);
-          }
-        }
-      }
-    }
-  }
-  return name;
-}
-function initClient(socket, authenticationPromise, remoteAddress) {
-  const key = `${remoteAddress?.address}:${remoteAddress?.port}`;
-  const host = remoteAddress?.address ?? "<unknown>";
-  const opts = {
-    key,
-    host,
-    codec,
-    onAuthenticate: async () => {
-      const authentication = await authenticationPromise();
-      if (authentication?.authenticated) {
-        return { type: "success", user: principalName(authentication) };
-      }
-      throw new Error(`no valid client authentication ${key}`);
-    },
-    onPing: () => {
-      socket.ping((err) => {
-        if (err) {
-          log.warn(`failed to ping ${key}`, err);
-        } else {
-          log.info(`ping sent to ${key}`);
-        }
-      });
-    },
-    onDisconnect: (reason) => {
-      switch (reason) {
-        case "inactive": {
-          log.warn(`no heartbeat (ping) received from ${key}, closing socket`);
-          socket.close(4001, "ping expected");
-          break;
-        }
-        case "shutdown": {
-          socket.close(1001, "shutdown");
-          break;
-        }
-      }
-    }
-  };
-  try {
-    return this.client((data) => socket.send(data), opts);
-  } catch (err) {
-    log.warn(`${key} failed to create client`, err);
-  }
-}
-async function create(environment) {
-  log.info(`starting gateway on ${environment.endpoint}`);
-  await this.start(environment);
-  return async ({ socket, handshake }) => {
-    const { logPrefix, remoteAddress, principal: principalPromise } = handshake;
-    log.info(`${logPrefix}connected on gw using ${remoteAddress?.address}`);
-    const client = initClient.call(this, socket, principalPromise, remoteAddress);
-    if (!client) {
-      log.error(`${logPrefix}gw client init failed`);
-      socket.terminate();
-      return;
-    }
-    socket.on("error", (err) => {
-      log.error(`${logPrefix}websocket error: ${err}`, err);
-    });
-    const contextFn = environment.storage !== void 0 ? AsyncLocalStorage.snapshot() : void 0;
-    socket.on("message", (data, _isBinary) => {
-      if (Array.isArray(data)) {
-        data = Buffer.concat(data);
-      }
-      if (contextFn !== void 0) {
-        contextFn(() => client.send(data));
-      } else {
-        client.send(data);
-      }
-    });
-    socket.on("close", (code) => {
-      log.info(`${logPrefix}disconnected from gw. code: ${code}`);
-      client.close();
-    });
-  };
-}
-var core_default = create;
-
-// src/common/compose.ts
-function compose(...middleware) {
-  if (!Array.isArray(middleware)) {
-    throw new Error("middleware must be array!");
-  }
-  const fns = middleware.flat();
-  for (const fn of fns) {
-    if (typeof fn !== "function") {
-      throw new Error("middleware must be compose of functions!");
-    }
-  }
-  return async function(ctx, next) {
-    const dispatch = async (i, dispatchedCtx) => {
-      const fn = i === fns.length ? next : fns[i];
-      if (fn === void 0) {
-        return;
-      }
-      let nextCalled = false;
-      let nextResolved = false;
-      const nextFn = async (nextCtx) => {
-        if (nextCalled) {
-          throw new Error("next() called multiple times");
-        }
-        nextCalled = true;
-        try {
-          return await dispatch(i + 1, nextCtx ?? dispatchedCtx);
-        } finally {
-          nextResolved = true;
-        }
-      };
-      const result = await fn(dispatchedCtx, nextFn);
-      if (nextCalled && !nextResolved) {
-        throw new Error("middleware resolved before downstream.\n	 You are probably missing an await or return statement in your middleware function.");
-      }
-      return result;
-    };
-    return dispatch(0, ctx);
-  };
-}
-
-// src/http/exchange.ts
-import { Cookie } from "tough-cookie";
-function parseHost(headers2, defaultHost) {
-  let host = headers2.get("x-forwarded-for");
-  if (host === void 0) {
-    host = headers2.get("x-forwarded-host");
-    if (Array.isArray(host)) {
-      host = host[0];
-    }
-    if (host) {
-      const port = headers2.one("x-forwarded-port");
-      if (port) {
-        host = `${host}:${port}`;
-      }
-    }
-    host ??= headers2.one("host");
-  }
-  if (Array.isArray(host)) {
-    host = host[0];
-  }
-  if (host) {
-    return host.split(",", 1)[0].trim();
-  }
-  return defaultHost;
-}
-function parseProtocol(headers2, defaultProtocol) {
-  let proto = headers2.get("x-forwarded-proto");
-  if (Array.isArray(proto)) {
-    proto = proto[0];
-  }
-  if (proto !== void 0) {
-    return proto.split(",", 1)[0].trim();
-  }
-  return defaultProtocol;
-}
-var AbstractHttpMessage = class {
-  #headers;
-  constructor(headers2) {
-    this.#headers = headers2;
-  }
-  get headers() {
-    return this.#headers;
-  }
-};
-var AbstractHttpRequest = class _AbstractHttpRequest extends AbstractHttpMessage {
-  static logIdCounter = 0;
-  #id;
-  get id() {
-    if (this.#id === void 0) {
-      this.#id = `${this.initId()}-${++_AbstractHttpRequest.logIdCounter}`;
-    }
-    return this.#id;
-  }
-  initId() {
-    return "request";
-  }
-  get cookies() {
-    return parseCookies(this.headers);
-  }
-  parseHost(defaultHost) {
-    return parseHost(this.headers, defaultHost);
-  }
-  parseProtocol(defaultProtocol) {
-    return parseProtocol(this.headers, defaultProtocol);
-  }
-};
-var AbstractHttpResponse = class extends AbstractHttpMessage {
-  get cookies() {
-    return parseResponseCookies(this.headers);
-  }
-  setCookieValue(responseCookie) {
-    const cookie = new Cookie({
-      key: responseCookie.name,
-      value: responseCookie.value,
-      maxAge: responseCookie.maxAge,
-      domain: responseCookie.domain,
-      path: responseCookie.path,
-      secure: responseCookie.secure,
-      httpOnly: responseCookie.httpOnly,
-      sameSite: responseCookie.sameSite
-    });
-    return cookie.toString();
-  }
-};
-function parseHeader(value) {
-  const list = [];
-  {
-    let start2 = 0;
-    let end = 0;
-    for (let i = 0; i < value.length; i++) {
-      switch (value.charCodeAt(i)) {
-        case 32:
-          if (start2 === end) {
-            start2 = end = i + 1;
-          }
-          break;
-        case 44:
-          list.push(value.slice(start2, end));
-          start2 = end = i + 1;
-          break;
-        default:
-          end = end + 1;
-          break;
-      }
-    }
-    list.push(value.slice(start2, end));
-  }
-  return list;
-}
-function toList(values) {
-  if (typeof values === "string") {
-    values = [values];
-  }
-  if (typeof values === "number") {
-    values = [String(values)];
-  }
-  const list = [];
-  if (values) {
-    for (const value of values) {
-      if (value) {
-        list.push(...parseHeader(value));
-      }
-    }
-  }
-  return list;
-}
-function parseCookies(headers2) {
-  return headers2.list("cookie").map((s) => s.split(";").map((cs) => Cookie.parse(cs))).flat(1).filter((tc) => tc !== void 0).map((tc) => {
-    const result = Object.freeze({ name: tc.key, value: tc.value });
-    return result;
-  });
-}
-function parseResponseCookies(headers2) {
-  return headers2.list("set-cookie").map((cookie) => {
-    const parsed = Cookie.parse(cookie);
-    if (parsed) {
-      const result = { name: parsed.key, value: parsed.value, maxAge: Number(parsed.maxAge ?? -1) };
-      if (parsed.httpOnly) result.httpOnly = true;
-      if (parsed.domain) result.domain = parsed.domain;
-      if (parsed.path) result.path = parsed.path;
-      if (parsed.secure) result.secure = true;
-      if (parsed.httpOnly) result.httpOnly = true;
-      if (parsed.sameSite) result.sameSite = parsed.sameSite;
-      return Object.freeze(result);
-    }
-  }).filter((cookie) => cookie !== void 0);
-}
-var AbstractHttpHeaders = class {
-  constructor() {
-  }
-  toList(name) {
-    const values = this.get(name);
-    return toList(values);
-  }
-};
-var MapHttpHeaders = class extends Map {
-  get(name) {
-    return super.get(name.toLowerCase());
-  }
-  one(name) {
-    return this.get(name)?.[0];
-  }
-  list(name) {
-    const values = super.get(name.toLowerCase());
-    return toList(values);
-  }
-  set(name, value) {
-    if (typeof value === "number") {
-      value = String(value);
-    }
-    if (typeof value === "string") {
-      value = [value];
-    }
-    if (value) {
-      return super.set(name.toLowerCase(), value);
-    } else {
-      super.delete(name.toLowerCase());
-      return this;
-    }
-  }
-  add(name, value) {
-    const prev = super.get(name.toLowerCase());
-    if (typeof value === "string") {
-      value = [value];
-    }
-    if (prev) {
-      value = prev.concat(value);
-    }
-    this.set(name, value);
-    return this;
-  }
-};
-
-// src/http/status.ts
-var DefaultHttpStatusCode = class {
-  #value;
-  constructor(value) {
-    this.#value = value;
-  }
-  get value() {
-    return this.#value;
-  }
-  toString() {
-    return this.#value.toString();
-  }
-};
-var HttpStatus = class _HttpStatus {
-  static CONTINUE = new _HttpStatus(100, "Continue");
-  static SWITCHING_PROTOCOLS = new _HttpStatus(101, "Switching Protocols");
-  // 2xx Success
-  static OK = new _HttpStatus(200, "OK");
-  static CREATED = new _HttpStatus(201, "Created");
-  static ACCEPTED = new _HttpStatus(202, "Accepted");
-  static NON_AUTHORITATIVE_INFORMATION = new _HttpStatus(203, "Non-Authoritative Information");
-  static NO_CONTENT = new _HttpStatus(204, "No Content");
-  static RESET_CONTENT = new _HttpStatus(205, "Reset Content");
-  static PARTIAL_CONTENT = new _HttpStatus(206, "Partial Content");
-  static MULTI_STATUS = new _HttpStatus(207, "Multi-Status");
-  static IM_USED = new _HttpStatus(226, "IM Used");
-  // 3xx Redirection
-  static MULTIPLE_CHOICES = new _HttpStatus(300, "Multiple Choices");
-  static MOVED_PERMANENTLY = new _HttpStatus(301, "Moved Permanently");
-  // 4xx Client Error
-  static BAD_REQUEST = new _HttpStatus(400, "Bad Request");
-  static UNAUTHORIZED = new _HttpStatus(401, "Unauthorized");
-  static FORBIDDEN = new _HttpStatus(403, "Forbidden");
-  static NOT_FOUND = new _HttpStatus(404, "Not Found");
-  static METHOD_NOT_ALLOWED = new _HttpStatus(405, "Method Not Allowed");
-  static NOT_ACCEPTABLE = new _HttpStatus(406, "Not Acceptable");
-  static PROXY_AUTHENTICATION_REQUIRED = new _HttpStatus(407, "Proxy Authentication Required");
-  static REQUEST_TIMEOUT = new _HttpStatus(408, "Request Timeout");
-  static CONFLICT = new _HttpStatus(409, "Conflict");
-  static GONE = new _HttpStatus(410, "Gone");
-  static LENGTH_REQUIRED = new _HttpStatus(411, "Length Required");
-  static PRECONDITION_FAILED = new _HttpStatus(412, "Precondition Failed");
-  static PAYLOAD_TOO_LARGE = new _HttpStatus(413, "Payload Too Large");
-  static URI_TOO_LONG = new _HttpStatus(414, "URI Too Long");
-  static UNSUPPORTED_MEDIA_TYPE = new _HttpStatus(415, "Unsupported Media Type");
-  static EXPECTATION_FAILED = new _HttpStatus(417, "Expectation Failed");
-  static IM_A_TEAPOT = new _HttpStatus(418, "I'm a teapot");
-  static TOO_EARLY = new _HttpStatus(425, "Too Early");
-  static UPGRADE_REQUIRED = new _HttpStatus(426, "Upgrade Required");
-  static PRECONDITION_REQUIRED = new _HttpStatus(428, "Precondition Required");
-  static TOO_MANY_REQUESTS = new _HttpStatus(429, "Too Many Requests");
-  static REQUEST_HEADER_FIELDS_TOO_LARGE = new _HttpStatus(431, "Request Header Fields Too Large");
-  static UNAVAILABLE_FOR_LEGAL_REASONS = new _HttpStatus(451, "Unavailable For Legal Reasons");
-  // 5xx Server Error
-  static INTERNAL_SERVER_ERROR = new _HttpStatus(500, "Internal Server Error");
-  static NOT_IMPLEMENTED = new _HttpStatus(501, "Not Implemented");
-  static BAD_GATEWAY = new _HttpStatus(502, "Bad Gateway");
-  static SERVICE_UNAVAILABLE = new _HttpStatus(503, "Service Unavailable");
-  static GATEWAY_TIMEOUT = new _HttpStatus(504, "Gateway Timeout");
-  static HTTP_VERSION_NOT_SUPPORTED = new _HttpStatus(505, "HTTP Version Not Supported");
-  static VARIANT_ALSO_NEGOTIATES = new _HttpStatus(506, "Variant Also Negotiates");
-  static INSUFFICIENT_STORAGE = new _HttpStatus(507, "Insufficient Storage");
-  static LOOP_DETECTED = new _HttpStatus(508, "Loop Detected");
-  static NOT_EXTENDED = new _HttpStatus(510, "Not Extended");
-  static NETWORK_AUTHENTICATION_REQUIRED = new _HttpStatus(511, "Network Authentication Required");
-  static #VALUES = [];
-  static {
-    Object.keys(_HttpStatus).filter((key) => key !== "VALUES" && key !== "resolve").forEach((key) => {
-      const value = _HttpStatus[key];
-      if (value instanceof _HttpStatus) {
-        Object.defineProperty(value, "name", { enumerable: true, value: key, writable: false });
-        _HttpStatus.#VALUES.push(value);
-      }
-    });
-  }
-  static resolve(code) {
-    for (const status of _HttpStatus.#VALUES) {
-      if (status.value === code) {
-        return status;
-      }
-    }
-  }
-  #value;
-  #phrase;
-  constructor(value, phrase) {
-    this.#value = value;
-    this.#phrase = phrase;
-  }
-  get value() {
-    return this.#value;
-  }
-  get phrase() {
-    return this.#phrase;
-  }
-  toString() {
-    return `${this.#value} ${this["name"]}`;
-  }
-};
-function httpStatusCode(value) {
-  if (typeof value === "number") {
-    if (value < 100 || value > 999) {
-      throw new Error(`status code ${value} should be in range 100-999`);
-    }
-    const status = HttpStatus.resolve(value);
-    if (status !== void 0) {
-      return status;
-    }
-    return new DefaultHttpStatusCode(value);
-  }
-  return value;
-}
-
-// src/server/exchange.ts
-import http from "node:http";
-var ExtendedHttpIncomingMessage = class extends http.IncomingMessage {
-  // circular reference to the exchange
-  exchange;
-  upgradeHead;
-  get urlBang() {
-    return this.url;
-  }
-  get socketEncrypted() {
-    return this.socket["encrypted"] === true;
-  }
-};
-var ExtendedHttpServerResponse = class extends http.ServerResponse {
-  markHeadersSent() {
-    this["_header"] = true;
-  }
-  getRawHeaderNames() {
-    return super["getRawHeaderNames"]();
-  }
-};
-var AbstractServerHttpRequest = class extends AbstractHttpRequest {
-};
-var AbstractServerHttpResponse = class extends AbstractHttpResponse {
-  #cookies = [];
-  #statusCode;
-  #state = "new";
-  #commitActions = [];
-  setStatusCode(statusCode) {
-    if (this.#state === "committed") {
-      return false;
-    } else {
-      this.#statusCode = statusCode;
-      return true;
-    }
-  }
-  setRawStatusCode(statusCode) {
-    return this.setStatusCode(statusCode === void 0 ? void 0 : httpStatusCode(statusCode));
-  }
-  get statusCode() {
-    return this.#statusCode;
-  }
-  addCookie(cookie) {
-    if (this.#state === "committed") {
-      throw new Error(`Cannot add cookie ${JSON.stringify(cookie)} because HTTP response has already been committed`);
-    }
-    this.#cookies.push(cookie);
-    return this;
-  }
-  beforeCommit(action) {
-    this.#commitActions.push(action);
-  }
-  get commited() {
-    const state = this.#state;
-    return state !== "new" && state !== "commit-action-failed";
-  }
-  async body(body) {
-    if (body instanceof ReadableStream) {
-      throw new Error("ReadableStream body not supported yet");
-    }
-    const buffer = await body;
-    try {
-      return await this.doCommit(async () => {
-        return await this.bodyInternal(Promise.resolve(buffer));
-      }).catch((error) => {
-        throw error;
-      });
-    } catch (error) {
-      throw error;
-    }
-  }
-  async end() {
-    if (!this.commited) {
-      return this.doCommit(async () => {
-        return await this.bodyInternal(Promise.resolve());
-      });
-    } else {
-      return Promise.resolve(false);
-    }
-  }
-  doCommit(writeAction) {
-    const state = this.#state;
-    let allActions = Promise.resolve();
-    if (state === "new") {
-      this.#state = "committing";
-      if (this.#commitActions.length > 0) {
-        allActions = this.#commitActions.reduce(
-          (acc, cur) => acc.then(() => cur()),
-          Promise.resolve()
-        ).catch((error) => {
-          const state2 = this.#state;
-          if (state2 === "committing") {
-            this.#state = "commit-action-failed";
-          }
-        });
-      }
-    } else if (state === "commit-action-failed") {
-      this.#state = "committing";
-    } else {
-      return Promise.resolve(false);
-    }
-    allActions = allActions.then(() => {
-      this.applyStatusCode();
-      this.applyHeaders();
-      this.applyCookies();
-      this.#state = "committed";
-    });
-    return allActions.then(async () => {
-      return writeAction !== void 0 ? await writeAction() : true;
-    });
-  }
-  applyStatusCode() {
-  }
-  applyHeaders() {
-  }
-  applyCookies() {
-  }
-};
-var HttpServerRequest = class extends AbstractServerHttpRequest {
-  #url;
-  #cookies;
-  #req;
-  constructor(req) {
-    super(new IncomingMessageHeaders(req));
-    this.#req = req;
-  }
-  getNativeRequest() {
-    return this.#req;
-  }
-  get upgrade() {
-    return this.#req["upgrade"];
-  }
-  get http2() {
-    return this.#req.httpVersionMajor >= 2;
-  }
-  get path() {
-    return this.URL?.pathname;
-  }
-  get URL() {
-    this.#url ??= new URL(this.#req.urlBang, `${this.protocol}://${this.host}`);
-    return this.#url;
-  }
-  get query() {
-    return this.URL?.search;
-  }
-  get method() {
-    return this.#req.method;
-  }
-  get host() {
-    let dh = void 0;
-    if (this.#req.httpVersionMajor >= 2) {
-      dh = this.#req.headers[":authority"];
-    }
-    dh ??= this.#req.socket.remoteAddress;
-    return super.parseHost(dh);
-  }
-  get protocol() {
-    let dp = void 0;
-    if (this.#req.httpVersionMajor > 2) {
-      dp = this.#req.headers[":scheme"];
-    }
-    dp ??= this.#req.socketEncrypted ? "https" : "http";
-    return super.parseProtocol(dp);
-  }
-  get socket() {
-    return this.#req.socket;
-  }
-  get remoteAddress() {
-    const family = this.#req.socket.remoteFamily;
-    const address = this.#req.socket.remoteAddress;
-    const port = this.#req.socket.remotePort;
-    if (!family || !address || !port) {
-      return void 0;
-    }
-    return { family, address, port };
-  }
-  get cookies() {
-    this.#cookies ??= super.cookies;
-    return this.#cookies;
-  }
-  get body() {
-    return http.IncomingMessage.toWeb(this.#req);
-  }
-  async blob() {
-    const chunks = [];
-    if (this.body !== void 0) {
-      for await (const chunk of this.body) {
-        chunks.push(chunk);
-      }
-    }
-    return new Blob(chunks, { type: this.headers.one("content-type") || "application/octet-stream" });
-  }
-  async text() {
-    const blob = await this.blob();
-    return await blob.text();
-  }
-  async formData() {
-    const blob = await this.blob();
-    const text = await blob.text();
-    return new URLSearchParams(text);
-  }
-  async json() {
-    const blob = await this.blob();
-    if (blob.size === 0) {
-      return void 0;
-    }
-    const text = await blob.text();
-    return JSON.parse(text);
-  }
-  initId() {
-    const remoteIp = this.#req.socket.remoteAddress;
-    if (!remoteIp) {
-      throw new Error("Socket has no remote address");
-    }
-    return `${remoteIp}:${this.#req.socket.remotePort}`;
-  }
-};
-var IncomingMessageHeaders = class extends AbstractHttpHeaders {
-  #msg;
-  constructor(msg) {
-    super();
-    this.#msg = msg;
-  }
-  has(name) {
-    return this.#msg.headers[name] !== void 0;
-  }
-  get(name) {
-    return this.#msg.headers[name];
-  }
-  list(name) {
-    return super.toList(name);
-  }
-  one(name) {
-    const value = this.#msg.headers[name];
-    if (Array.isArray(value)) {
-      return value[0];
-    }
-    return value;
-  }
-  keys() {
-    return Object.keys(this.#msg.headers).values();
-  }
-};
-var OutgoingMessageHeaders = class extends AbstractHttpHeaders {
-  #msg;
-  constructor(msg) {
-    super();
-    this.#msg = msg;
-  }
-  has(name) {
-    return this.#msg.hasHeader(name);
-  }
-  keys() {
-    return this.#msg.getHeaderNames().values();
-  }
-  get(name) {
-    return this.#msg.getHeader(name);
-  }
-  one(name) {
-    const value = this.#msg.getHeader(name);
-    if (Array.isArray(value)) {
-      return value[0];
-    }
-    return value;
-  }
-  set(name, value) {
-    if (!this.#msg.headersSent) {
-      if (Array.isArray(value)) {
-        value = value.map((v) => typeof v === "number" ? String(v) : v);
-      } else if (typeof value === "number") {
-        value = String(value);
-      }
-      if (value) {
-        this.#msg.setHeader(name, value);
-      } else {
-        this.#msg.removeHeader(name);
-      }
-    }
-    return this;
-  }
-  add(name, value) {
-    if (!this.#msg.headersSent) {
-      this.#msg.appendHeader(name, value);
-    }
-    return this;
-  }
-  list(name) {
-    return super.toList(name);
-  }
-};
-var HttpServerResponse = class extends AbstractServerHttpResponse {
-  #res;
-  constructor(res) {
-    super(new OutgoingMessageHeaders(res));
-    this.#res = res;
-  }
-  getNativeResponse() {
-    return this.#res;
-  }
-  get statusCode() {
-    const status = super.statusCode;
-    return status ?? { value: this.#res.statusCode };
-  }
-  applyStatusCode() {
-    const status = super.statusCode;
-    if (status !== void 0) {
-      this.#res.statusCode = status.value;
-    }
-  }
-  addCookie(cookie) {
-    this.headers.add("Set-Cookie", super.setCookieValue(cookie));
-    return this;
-  }
-  async bodyInternal(body) {
-    if (!this.#res.headersSent) {
-      if (body instanceof ReadableStream) {
-        throw new Error("ReadableStream body not supported in response");
-      } else {
-        const chunk = await body;
-        return await new Promise((resolve, reject) => {
-          try {
-            if (chunk === void 0) {
-              this.#res.end(() => {
-                resolve(true);
-              });
-            } else {
-              if (!this.headers.has("content-length")) {
-                if (typeof chunk === "string") {
-                  this.headers.set("content-length", Buffer.byteLength(chunk));
-                } else if (chunk instanceof Blob) {
-                  this.headers.set("content-length", chunk.size);
-                } else {
-                  this.headers.set("content-length", chunk.byteLength);
-                }
-              }
-              this.#res.end(chunk, () => {
-                resolve(true);
-              });
-            }
-          } catch (e) {
-            reject(e instanceof Error ? e : new Error(`end failed: ${e}`));
-          }
-        });
-      }
-    } else {
-      return false;
-    }
-  }
-};
-var ServerHttpRequestDecorator = class _ServerHttpRequestDecorator {
-  #delegate;
-  constructor(request) {
-    this.#delegate = request;
-  }
-  get delegate() {
-    return this.#delegate;
-  }
-  get id() {
-    return this.#delegate.id;
-  }
-  get method() {
-    return this.#delegate.method;
-  }
-  get path() {
-    return this.#delegate.path;
-  }
-  get protocol() {
-    return this.#delegate.protocol;
-  }
-  get host() {
-    return this.#delegate.host;
-  }
-  get URL() {
-    return this.#delegate.URL;
-  }
-  get headers() {
-    return this.#delegate.headers;
-  }
-  get cookies() {
-    return this.#delegate.cookies;
-  }
-  get remoteAddress() {
-    return this.#delegate.remoteAddress;
-  }
-  get upgrade() {
-    return this.#delegate.upgrade;
-  }
-  get body() {
-    return this.#delegate.body;
-  }
-  async blob() {
-    return await this.#delegate.blob();
-  }
-  async text() {
-    return await this.#delegate.text();
-  }
-  async formData() {
-    return await this.#delegate.formData();
-  }
-  async json() {
-    return await this.#delegate.json();
-  }
-  toString() {
-    return `${_ServerHttpRequestDecorator.name} [delegate: ${this.delegate.toString()}]`;
-  }
-  static getNativeRequest(request) {
-    if (request instanceof AbstractServerHttpRequest) {
-      return request.getNativeRequest();
-    } else if (request instanceof _ServerHttpRequestDecorator) {
-      return _ServerHttpRequestDecorator.getNativeRequest(request.delegate);
-    } else {
-      throw new Error(`Cannot get native request from ${request.constructor.name}`);
-    }
-  }
-};
-var ServerHttpResponseDecorator = class _ServerHttpResponseDecorator {
-  #delegate;
-  constructor(response) {
-    this.#delegate = response;
-  }
-  get delegate() {
-    return this.#delegate;
-  }
-  setStatusCode(statusCode) {
-    return this.delegate.setStatusCode(statusCode);
-  }
-  setRawStatusCode(statusCode) {
-    return this.delegate.setRawStatusCode(statusCode);
-  }
-  get statusCode() {
-    return this.delegate.statusCode;
-  }
-  get cookies() {
-    return this.delegate.cookies;
-  }
-  addCookie(cookie) {
-    this.delegate.addCookie(cookie);
-    return this;
-  }
-  async end() {
-    return await this.delegate.end();
-  }
-  async body(body) {
-    return await this.#delegate.body(body);
-  }
-  get headers() {
-    return this.#delegate.headers;
-  }
-  toString() {
-    return `${_ServerHttpResponseDecorator.name} [delegate: ${this.delegate.toString()}]`;
-  }
-  static getNativeResponse(response) {
-    if (response instanceof AbstractServerHttpResponse) {
-      return response.getNativeResponse();
-    } else if (response instanceof _ServerHttpResponseDecorator) {
-      return _ServerHttpResponseDecorator.getNativeResponse(response.delegate);
-    } else {
-      throw new Error(`Cannot get native response from ${response.constructor.name}`);
-    }
-  }
-};
-var ServerWebExchangeDecorator = class _ServerWebExchangeDecorator {
-  #delegate;
-  constructor(exchange) {
-    this.#delegate = exchange;
-  }
-  get delegate() {
-    return this.#delegate;
-  }
-  get request() {
-    return this.#delegate.request;
-  }
-  get response() {
-    return this.#delegate.response;
-  }
-  attribute(name) {
-    return this.#delegate.attribute(name);
-  }
-  principal() {
-    return this.#delegate.principal();
-  }
-  get logPrefix() {
-    return this.#delegate.logPrefix;
-  }
-  toString() {
-    return `${_ServerWebExchangeDecorator.name} [delegate: ${this.delegate}]`;
-  }
-};
-var DefaultWebExchange = class {
-  request;
-  response;
-  #attributes = {};
-  #logId;
-  #logPrefix = "";
-  constructor(request, response) {
-    this.#attributes[LOG_ID_ATTRIBUTE] = request.id;
-    this.request = request;
-    this.response = response;
-  }
-  get method() {
-    return this.request.method;
-  }
-  get path() {
-    return this.request.path;
-  }
-  get attributes() {
-    return this.#attributes;
-  }
-  attribute(name) {
-    return this.attributes[name];
-  }
-  principal() {
-    return Promise.resolve(void 0);
-  }
-  get logPrefix() {
-    const value = this.attribute(LOG_ID_ATTRIBUTE);
-    if (this.#logId !== value) {
-      this.#logId = value;
-      this.#logPrefix = value !== void 0 ? `[${value}] ` : "";
-    }
-    return this.#logPrefix;
-  }
-};
-var LOG_ID_ATTRIBUTE = "io.interop.gateway.server.log_id";
-
-// src/server/address.ts
-import { networkInterfaces } from "node:os";
-var PORT_RANGE_MATCHER = /^(\d+|(0x[\da-f]+))(-(\d+|(0x[\da-f]+)))?$/i;
-function validPort(port) {
-  if (port > 65535) throw new Error(`bad port ${port}`);
-  return port;
-}
-function* portRange(port) {
-  if (typeof port === "string") {
-    for (const portRange2 of port.split(",")) {
-      const trimmed = portRange2.trim();
-      const matchResult = PORT_RANGE_MATCHER.exec(trimmed);
-      if (matchResult) {
-        const start2 = parseInt(matchResult[1]);
-        const end = parseInt(matchResult[4] ?? matchResult[1]);
-        for (let i = validPort(start2); i < validPort(end) + 1; i++) {
-          yield i;
-        }
-      } else {
-        throw new Error(`'${portRange2}' is not a valid port or range.`);
-      }
-    }
-  } else {
-    yield validPort(port);
-  }
-}
-var localIp = (() => {
-  function first(a) {
-    return a.length > 0 ? a[0] : void 0;
-  }
-  const addresses = Object.values(networkInterfaces()).flatMap((details) => {
-    return (details ?? []).filter((info2) => info2.family === "IPv4");
-  }).reduce((acc, info2) => {
-    acc[info2.internal ? "internal" : "external"].push(info2);
-    return acc;
-  }, { internal: [], external: [] });
-  return (first(addresses.internal) ?? first(addresses.external))?.address;
-})();
-
-// src/server/monitoring.ts
-import { getHeapStatistics, writeHeapSnapshot } from "node:v8";
-import { access, mkdir, rename, unlink } from "node:fs/promises";
-var log2 = getLogger2("monitoring");
-var DEFAULT_OPTIONS = {
-  memoryLimit: 1024 * 1024 * 1024,
-  // 1GB
-  reportInterval: 10 * 60 * 1e3,
-  // 10 min
-  dumpLocation: ".",
-  // current folder
-  maxBackups: 10,
-  dumpPrefix: "Heap"
-};
-function fetchStats() {
-  return getHeapStatistics();
-}
-async function dumpHeap(opts) {
-  const prefix = opts.dumpPrefix ?? "Heap";
-  const target = `${opts.dumpLocation}/${prefix}.heapsnapshot`;
-  if (log2.enabledFor("debug")) {
-    log2.debug(`starting heap dump in ${target}`);
-  }
-  await fileExists(opts.dumpLocation).catch(async (_) => {
-    if (log2.enabledFor("debug")) {
-      log2.debug(`dump location  ${opts.dumpLocation} does not exists. Will try to create it`);
-    }
-    try {
-      await mkdir(opts.dumpLocation, { recursive: true });
-      log2.info(`dump location dir ${opts.dumpLocation} successfully created`);
-    } catch (e) {
-      log2.error(`failed to create dump location ${opts.dumpLocation}`);
-    }
-  });
-  const dumpFileName = writeHeapSnapshot(target);
-  log2.info(`heap dumped`);
-  try {
-    log2.debug(`rolling snapshot backups`);
-    const lastFileName = `${opts.dumpLocation}/${prefix}.${opts.maxBackups}.heapsnapshot`;
-    await fileExists(lastFileName).then(async () => {
-      if (log2.enabledFor("debug")) {
-        log2.debug(`deleting ${lastFileName}`);
-      }
-      try {
-        await unlink(lastFileName);
-      } catch (e) {
-        log2.warn(`failed to delete ${lastFileName}`, e);
-      }
-    }).catch(() => {
-    });
-    for (let i = opts.maxBackups - 1; i > 0; i--) {
-      const currentFileName = `${opts.dumpLocation}/${prefix}.${i}.heapsnapshot`;
-      const nextFileName = `${opts.dumpLocation}/${prefix}.${i + 1}.heapsnapshot`;
-      await fileExists(currentFileName).then(async () => {
-        try {
-          await rename(currentFileName, nextFileName);
-        } catch (e) {
-          log2.warn(`failed to rename ${currentFileName} to ${nextFileName}`, e);
-        }
-      }).catch(() => {
-      });
-    }
-    const firstFileName = `${opts.dumpLocation}/${prefix}.${1}.heapsnapshot`;
-    try {
-      await rename(dumpFileName, firstFileName);
-    } catch (e) {
-      log2.warn(`failed to rename ${dumpFileName} to ${firstFileName}`, e);
-    }
-    log2.debug("snapshots rolled");
-  } catch (e) {
-    log2.error("error rolling backups", e);
-    throw e;
-  }
-}
-async function fileExists(path) {
-  if (log2.enabledFor("trace")) {
-    log2.debug(`checking file ${path}`);
-  }
-  await access(path);
-}
-async function processStats(stats, state, opts) {
-  if (log2.enabledFor("debug")) {
-    log2.debug(`processing heap stats ${JSON.stringify(stats)}`);
-  }
-  const limit = Math.min(opts.memoryLimit, 0.95 * stats.heap_size_limit);
-  const used = stats.used_heap_size;
-  log2.info(`heap stats ${JSON.stringify(stats)}`);
-  if (used >= limit) {
-    log2.warn(`used heap ${used} bytes exceeds memory limit ${limit} bytes`);
-    if (state.memoryLimitExceeded) {
-      delete state.snapshot;
-    } else {
-      state.memoryLimitExceeded = true;
-      state.snapshot = true;
-    }
-    await dumpHeap(opts);
-  } else {
-    state.memoryLimitExceeded = false;
-    delete state.snapshot;
-  }
-}
-function start(opts) {
-  const merged = { ...DEFAULT_OPTIONS, ...opts };
-  let stopped = false;
-  const state = { memoryLimitExceeded: false };
-  const report = async () => {
-    const stats = fetchStats();
-    await processStats(stats, state, merged);
-  };
-  const interval = setInterval(report, merged.reportInterval);
-  const channel = async (command) => {
-    if (!stopped) {
-      command ??= "run";
-      switch (command) {
-        case "run": {
-          await report();
-          break;
-        }
-        case "dump": {
-          await dumpHeap(merged);
-          break;
-        }
-        case "stop": {
-          stopped = true;
-          clearInterval(interval);
-          log2.info("exit memory diagnostic");
-          break;
-        }
-      }
-    }
-    return stopped;
-  };
-  return { ...merged, channel };
-}
-async function run({ channel }, command) {
-  if (!await channel(command)) {
-    log2.warn(`cannot execute command "${command}" already closed`);
-  }
-}
-async function stop(m) {
-  return await run(m, "stop");
-}
-
-// src/server/server-header.ts
-import info from "@interopio/gateway-server/package.json" with { type: "json" };
-var serverHeader = (server) => {
-  server ??= `${info.name} - v${info.version}`;
-  return async ({ response }, next) => {
-    if (server !== false && !response.headers.has("server")) {
-      response.headers.set("Server", server);
-    }
-    await next();
-  };
-};
-var server_header_default = (server) => serverHeader(server);
-
-// src/server/ws-client-verify.ts
-import { IOGateway as IOGateway2 } from "@interopio/gateway";
-var log3 = getLogger2("gateway.ws.client-verify");
-function acceptsMissing(originFilters) {
-  switch (originFilters.missing) {
-    case "allow":
-    // fall-through
-    case "whitelist":
-      return true;
-    case "block":
-    // fall-through
-    case "blacklist":
-      return false;
-    default:
-      return false;
-  }
-}
-function tryMatch(originFilters, origin) {
-  const block = originFilters.block ?? originFilters["blacklist"];
-  const allow = originFilters.allow ?? originFilters["whitelist"];
-  if (block.length > 0 && IOGateway2.Filtering.valuesMatch(block, origin)) {
-    log3.warn(`origin ${origin} matches block filter`);
-    return false;
-  } else if (allow.length > 0 && IOGateway2.Filtering.valuesMatch(allow, origin)) {
-    if (log3.enabledFor("debug")) {
-      log3.debug(`origin ${origin} matches allow filter`);
-    }
-    return true;
-  }
-}
-function acceptsNonMatched(originFilters) {
-  switch (originFilters.non_matched) {
-    case "allow":
-    // fall-through
-    case "whitelist":
-      return true;
-    case "block":
-    // fall-through
-    case "blacklist":
-      return false;
-    default:
-      return false;
-  }
-}
-function acceptsOrigin(origin, originFilters) {
-  if (!originFilters) {
-    return true;
-  }
-  if (!origin) {
-    return acceptsMissing(originFilters);
-  } else {
-    const matchResult = tryMatch(originFilters, origin);
-    if (matchResult) {
-      return matchResult;
-    } else {
-      return acceptsNonMatched(originFilters);
-    }
-  }
-}
-function regexifyOriginFilters(originFilters) {
-  if (originFilters) {
-    const block = (originFilters.block ?? originFilters.blacklist ?? []).map(IOGateway2.Filtering.regexify);
-    const allow = (originFilters.allow ?? originFilters.whitelist ?? []).map(IOGateway2.Filtering.regexify);
-    return {
-      non_matched: originFilters.non_matched ?? "allow",
-      missing: originFilters.missing ?? "allow",
-      allow,
-      block
-    };
-  }
-}
-
-// src/server/util/matchers.ts
-var or = (matchers) => {
-  return async (exchange) => {
-    for (const matcher of matchers) {
-      const result = await matcher(exchange);
-      if (result.match) {
-        return match();
-      }
-    }
-    return NO_MATCH;
-  };
-};
-var and = (matchers) => {
-  const matcher = async (exchange) => {
-    for (const matcher2 of matchers) {
-      const result = await matcher2(exchange);
-      if (!result.match) {
-        return NO_MATCH;
-      }
-    }
-    return match();
-  };
-  matcher.toString = () => `and(${matchers.map((m) => m.toString()).join(", ")})`;
-  return matcher;
-};
-var not = (matcher) => {
-  return async (exchange) => {
-    const result = await matcher(exchange);
-    return result.match ? NO_MATCH : match();
-  };
-};
-var anyExchange = async (_exchange) => {
-  return match();
-};
-anyExchange.toString = () => "any-exchange";
-var EMPTY_OBJECT = Object.freeze({});
-var NO_MATCH = Object.freeze({ match: false, variables: EMPTY_OBJECT });
-var match = (variables = EMPTY_OBJECT) => {
-  return { match: true, variables };
-};
-var pattern = (pattern2, opts) => {
-  const method = opts?.method;
-  const matcher = async (exchange) => {
-    const request = exchange.request;
-    const path = request.path;
-    if (method !== void 0 && request.method !== method) {
-      return NO_MATCH;
-    }
-    if (typeof pattern2 === "string") {
-      if (path === pattern2) {
-        return match();
-      }
-      return NO_MATCH;
-    } else {
-      const match2 = pattern2.exec(path);
-      if (match2 === null) {
-        return NO_MATCH;
-      }
-      return { match: true, variables: { ...match2.groups } };
-    }
-  };
-  matcher.toString = () => {
-    return `pattern(${pattern2.toString()}, method=${method ?? "<any>"})`;
-  };
-  return matcher;
-};
-var mediaType = (opts) => {
-  const shouldIgnore = (requestedMediaType) => {
-    if (opts.ignoredMediaTypes !== void 0) {
-      for (const ignoredMediaType of opts.ignoredMediaTypes) {
-        if (requestedMediaType === ignoredMediaType || ignoredMediaType === "*/*") {
-          return true;
-        }
-      }
-    }
-    return false;
-  };
-  return async (exchange) => {
-    const request = exchange.request;
-    let requestMediaTypes;
-    try {
-      requestMediaTypes = request.headers.list("accept");
-    } catch (e) {
-      return NO_MATCH;
-    }
-    for (const requestedMediaType of requestMediaTypes) {
-      if (shouldIgnore(requestedMediaType)) {
-        continue;
-      }
-      for (const mediaType2 of opts.mediaTypes) {
-        if (requestedMediaType.startsWith(mediaType2)) {
-          return match();
-        }
-      }
-    }
-    return NO_MATCH;
-  };
-};
-var upgradeMatcher = async ({ request }) => {
-  const upgrade = request.upgrade && request.headers.one("upgrade")?.toLowerCase() === "websocket";
-  return upgrade ? match() : NO_MATCH;
-};
-upgradeMatcher.toString = () => "websocket upgrade";
-
-// src/app/route.ts
-import { IOGateway as IOGateway3 } from "@interopio/gateway";
-async function configure(app, config, routes) {
-  const applyCors = (request, options) => {
-    if (options?.cors) {
-      const cors = options.cors === true ? {
-        allowOrigins: options.origins?.allow?.map(IOGateway3.Filtering.regexify),
-        allowMethods: request.method === void 0 ? ["*"] : [request.method],
-        allowCredentials: options.authorize?.access !== "permitted" ? true : void 0
-      } : options.cors;
-      const path = request.path;
-      routes.cors.push([path, cors]);
-    }
-  };
-  const configurer = new class {
-    handle(...handlers) {
-      handlers.forEach(({ request, options, handler }) => {
-        const matcher = pattern(IOGateway3.Filtering.regexify(request.path), { method: request.method });
-        if (options?.authorize) {
-          routes.authorize.push([matcher, options.authorize]);
-        }
-        applyCors(request, options);
-        const middleware = async (exchange, next) => {
-          const { match: match2, variables } = await matcher(exchange);
-          if (match2) {
-            await handler(exchange, variables);
-          } else {
-            await next();
-          }
-        };
-        routes.middleware.push(middleware);
-      });
-    }
-    socket(...sockets) {
-      for (const { path, factory, options } of sockets) {
-        const route = path ?? "/";
-        routes.sockets.set(route, {
-          default: path === void 0,
-          ping: options?.ping,
-          factory,
-          maxConnections: options?.maxConnections,
-          authorize: options?.authorize,
-          originFilters: regexifyOriginFilters(options?.origins)
-        });
-      }
-    }
-  }();
-  await app(configurer, config);
-}
-
-// src/server/cors.ts
-import { IOGateway as IOGateway4 } from "@interopio/gateway";
-function isSameOrigin(request) {
-  const origin = request.headers.one("origin");
-  if (origin === void 0) {
-    return true;
-  }
-  const url = request.URL;
-  const actualProtocol = url.protocol;
-  const actualHost = url.host;
-  const originUrl = URL.parse(origin);
-  const originHost = originUrl?.host;
-  const originProtocol = originUrl?.protocol;
-  return actualProtocol === originProtocol && actualHost === originHost;
-}
-function isCorsRequest(request) {
-  return request.headers.has("origin") && !isSameOrigin(request);
-}
-function isPreFlightRequest(request) {
-  return request.method === "OPTIONS" && request.headers.has("origin") && request.headers.has("access-control-request-method");
-}
-var VARY_HEADERS = ["Origin", "Access-Control-Request-Method", "Access-Control-Request-Headers"];
-var processRequest = (exchange, config) => {
-  const { request, response } = exchange;
-  const responseHeaders = response.headers;
-  if (!responseHeaders.has("Vary")) {
-    responseHeaders.set("Vary", VARY_HEADERS.join(", "));
-  } else {
-    const varyHeaders = responseHeaders.list("Vary");
-    for (const header of VARY_HEADERS) {
-      if (!varyHeaders.find((h) => h === header)) {
-        varyHeaders.push(header);
-      }
-    }
-    responseHeaders.set("Vary", varyHeaders.join(", "));
-  }
-  try {
-    if (!isCorsRequest(request)) {
-      return true;
-    }
-  } catch (e) {
-    if (logger.enabledFor("debug")) {
-      logger.debug(`reject: origin is malformed`);
-    }
-    rejectRequest(response);
-    return false;
-  }
-  if (responseHeaders.has("access-control-allow-origin")) {
-    if (logger.enabledFor("trace")) {
-      logger.debug(`skip: already contains "Access-Control-Allow-Origin"`);
-    }
-    return true;
-  }
-  const preFlightRequest = isPreFlightRequest(request);
-  if (config) {
-    return handleInternal(exchange, config, preFlightRequest);
-  }
-  if (preFlightRequest) {
-    rejectRequest(response);
-    return false;
-  }
-  return true;
-};
-var DEFAULT_PERMIT_ALL = ["*"];
-var DEFAULT_PERMIT_METHODS = ["GET", "HEAD", "POST"];
-var PERMIT_DEFAULT_CONFIG = {
-  allowOrigins: DEFAULT_PERMIT_ALL,
-  allowMethods: DEFAULT_PERMIT_METHODS,
-  allowHeaders: DEFAULT_PERMIT_ALL,
-  maxAge: 1800
-  // 30 minutes
-};
-function validateCorsConfig(config) {
-  if (config) {
-    const allowHeaders = config.allowHeaders;
-    if (allowHeaders && allowHeaders !== ALL) {
-      config = {
-        ...config,
-        allowHeaders: allowHeaders.map((header) => header.toLowerCase())
-      };
-    }
-    const allowOrigins = config.allowOrigins;
-    if (allowOrigins) {
-      if (allowOrigins === "*") {
-        validateAllowCredentials(config);
-        validateAllowPrivateNetwork(config);
-      } else {
-        config = {
-          ...config,
-          allowOrigins: allowOrigins.map((origin) => {
-            if (typeof origin === "string" && origin !== ALL) {
-              origin = IOGateway4.Filtering.regexify(origin);
-              if (typeof origin === "string") {
-                return trimTrailingSlash(origin).toLowerCase();
-              }
-            }
-            return origin;
-          })
-        };
-      }
-    }
-    return config;
-  }
-}
-function combine(source, other) {
-  if (other === void 0) {
-    return source !== void 0 ? source === ALL ? [ALL] : source : [];
-  }
-  if (source === void 0) {
-    return other === ALL ? [ALL] : other;
-  }
-  if (source == DEFAULT_PERMIT_ALL || source === DEFAULT_PERMIT_METHODS) {
-    return other === ALL ? [ALL] : other;
-  }
-  if (other == DEFAULT_PERMIT_ALL || other === DEFAULT_PERMIT_METHODS) {
-    return source === ALL ? [ALL] : source;
-  }
-  if (source === ALL || source.includes(ALL) || other === ALL || other.includes(ALL)) {
-    return [ALL];
-  }
-  const combined = /* @__PURE__ */ new Set();
-  source.forEach((v) => combined.add(v));
-  other.forEach((v) => combined.add(v));
-  return Array.from(combined);
-}
-var combineCorsConfig = (source, other) => {
-  if (other === void 0) {
-    return source;
-  }
-  const config = {
-    allowOrigins: combine(source.allowOrigins, other?.allowOrigins),
-    allowMethods: combine(source.allowMethods, other?.allowMethods),
-    allowHeaders: combine(source.allowHeaders, other?.allowHeaders),
-    exposeHeaders: combine(source.exposeHeaders, other?.exposeHeaders),
-    allowCredentials: other?.allowCredentials ?? source.allowCredentials,
-    allowPrivateNetwork: other?.allowPrivateNetwork ?? source.allowPrivateNetwork,
-    maxAge: other?.maxAge ?? source.maxAge
-  };
-  return config;
-};
-var corsFilter = (opts) => {
-  const source = opts.corsConfigSource;
-  const processor = opts.corsProcessor ?? processRequest;
-  return async (ctx, next) => {
-    const config = await source(ctx);
-    const isValid = processor(ctx, config);
-    if (!isValid || isPreFlightRequest(ctx.request)) {
-      return;
-    } else {
-      await next();
-    }
-  };
-};
-var cors_default = corsFilter;
-var logger = getLogger2("cors");
-function rejectRequest(response) {
-  response.setStatusCode(HttpStatus.FORBIDDEN);
-}
-function handleInternal(exchange, config, preFlightRequest) {
-  const { request, response } = exchange;
-  const responseHeaders = response.headers;
-  const requestOrigin = request.headers.one("origin");
-  const allowOrigin = checkOrigin(config, requestOrigin);
-  if (allowOrigin === void 0) {
-    if (logger.enabledFor("debug")) {
-      logger.debug(`reject: '${requestOrigin}' origin is not allowed`);
-    }
-    rejectRequest(response);
-    return false;
-  }
-  const requestMethod = getMethodToUse(request, preFlightRequest);
-  const allowMethods = checkMethods(config, requestMethod);
-  if (allowMethods === void 0) {
-    if (logger.enabledFor("debug")) {
-      logger.debug(`reject: HTTP '${requestMethod}' is not allowed`);
-    }
-    rejectRequest(response);
-    return false;
-  }
-  const requestHeaders = getHeadersToUse(request, preFlightRequest);
-  const allowHeaders = checkHeaders(config, requestHeaders);
-  if (preFlightRequest && allowHeaders === void 0) {
-    if (logger.enabledFor("debug")) {
-      logger.debug(`reject: headers '${requestHeaders}' are not allowed`);
-    }
-    rejectRequest(response);
-    return false;
-  }
-  responseHeaders.set("Access-Control-Allow-Origin", allowOrigin);
-  if (preFlightRequest) {
-    responseHeaders.set("Access-Control-Allow-Methods", allowMethods.join(","));
-  }
-  if (preFlightRequest && allowHeaders !== void 0 && allowHeaders.length > 0) {
-    responseHeaders.set("Access-Control-Allow-Headers", allowHeaders.join(", "));
-  }
-  const exposeHeaders = config.exposeHeaders;
-  if (exposeHeaders && exposeHeaders.length > 0) {
-    responseHeaders.set("Access-Control-Expose-Headers", exposeHeaders.join(", "));
-  }
-  if (config.allowCredentials) {
-    responseHeaders.set("Access-Control-Allow-Credentials", "true");
-  }
-  if (config.allowPrivateNetwork && request.headers.one("access-control-request-private-network") === "true") {
-    responseHeaders.set("Access-Control-Allow-Private-Network", "true");
-  }
-  if (preFlightRequest && config.maxAge !== void 0) {
-    responseHeaders.set("Access-Control-Max-Age", config.maxAge.toString());
-  }
-  return true;
-}
-var ALL = "*";
-var DEFAULT_METHODS = ["GET", "HEAD"];
-function validateAllowCredentials(config) {
-  if (config.allowCredentials === true && config.allowOrigins === ALL) {
-    throw new Error(`when allowCredentials is true allowOrigins cannot be "*"`);
-  }
-}
-function validateAllowPrivateNetwork(config) {
-  if (config.allowPrivateNetwork === true && config.allowOrigins === ALL) {
-    throw new Error(`when allowPrivateNetwork is true allowOrigins cannot be "*"`);
-  }
-}
-function checkOrigin(config, origin) {
-  if (origin) {
-    const allowedOrigins = config.allowOrigins;
-    if (allowedOrigins) {
-      if (allowedOrigins === ALL) {
-        validateAllowCredentials(config);
-        validateAllowPrivateNetwork(config);
-        return ALL;
-      }
-      const originToCheck = trimTrailingSlash(origin.toLowerCase());
-      for (const allowedOrigin of allowedOrigins) {
-        if (allowedOrigin === ALL || IOGateway4.Filtering.valueMatches(allowedOrigin, originToCheck)) {
-          return origin;
-        }
-      }
-    }
-  }
-}
-function checkMethods(config, requestMethod) {
-  if (requestMethod) {
-    const allowedMethods = config.allowMethods ?? DEFAULT_METHODS;
-    if (allowedMethods === ALL) {
-      return [requestMethod];
-    }
-    if (IOGateway4.Filtering.valuesMatch(allowedMethods, requestMethod)) {
-      return allowedMethods;
-    }
-  }
-}
-function checkHeaders(config, requestHeaders) {
-  if (requestHeaders === void 0) {
-    return;
-  }
-  if (requestHeaders.length == 0) {
-    return [];
-  }
-  const allowedHeaders = config.allowHeaders;
-  if (allowedHeaders === void 0) {
-    return;
-  }
-  const allowAnyHeader = allowedHeaders === ALL || allowedHeaders.includes(ALL);
-  const result = [];
-  for (const requestHeader of requestHeaders) {
-    const value = requestHeader?.trim();
-    if (value) {
-      if (allowAnyHeader) {
-        result.push(value);
-      } else {
-        for (const allowedHeader of allowedHeaders) {
-          if (value.toLowerCase() === allowedHeader) {
-            result.push(value);
-            break;
-          }
-        }
-      }
-    }
-  }
-  if (result.length > 0) {
-    return result;
-  }
-}
-function trimTrailingSlash(origin) {
-  return origin.endsWith("/") ? origin.slice(0, -1) : origin;
-}
-function getMethodToUse(request, isPreFlight) {
-  return isPreFlight ? request.headers.one("access-control-request-method") : request.method;
-}
-function getHeadersToUse(request, isPreFlight) {
-  const headers2 = request.headers;
-  return isPreFlight ? headers2.list("access-control-request-headers") : Array.from(headers2.keys());
-}
-var matchingCorsConfigSource = (opts) => {
-  return async (exchange) => {
-    for (const [matcher, config] of opts.mappings) {
-      if ((await matcher(exchange)).match) {
-        logger.debug(`resolved cors config on '${exchange.request.path}' using ${matcher}: ${JSON.stringify(config)}`);
-        return config;
-      }
-    }
-  };
-};
-
-// src/app/cors.ts
-import { IOGateway as IOGateway5 } from "@interopio/gateway";
-function createCorsConfigSource(context) {
-  const { sockets: routes, cors } = context;
-  const defaultCorsConfig = context.corsConfig === false ? void 0 : combineCorsConfig(PERMIT_DEFAULT_CONFIG, context.corsConfig);
-  const validatedConfigs = [];
-  for (const [path, route] of routes) {
-    let routeCorsConfig = defaultCorsConfig;
-    for (const [matcher, config2] of cors) {
-      if (IOGateway5.Filtering.valueMatches(matcher, path)) {
-        if (config2 === void 0) {
-          routeCorsConfig = void 0;
-        } else {
-          routeCorsConfig = routeCorsConfig === void 0 ? config2 : combineCorsConfig(routeCorsConfig, config2);
-        }
-      }
-    }
-    const config = context.corsConfig === false ? void 0 : {
-      allowOrigins: route.originFilters?.allow,
-      allowMethods: ["GET", "CONNECT", "OPTIONS"],
-      allowHeaders: [
-        "Upgrade",
-        "Connection",
-        "Origin",
-        "Sec-Websocket-Key",
-        "Sec-Websocket-Version",
-        "Sec-Websocket-Protocol",
-        "Sec-Websocket-Extensions"
-      ],
-      exposeHeaders: ["Sec-Websocket-Accept", "Sec-Websocket-Protocol", "Sec-Websocket-Extensions"],
-      allowCredentials: route.authorize?.access !== "permitted" ? true : void 0
-    };
-    routeCorsConfig = routeCorsConfig === void 0 ? config : combineCorsConfig(routeCorsConfig, config);
-    validatedConfigs.push([
-      and([upgradeMatcher, pattern(path)]),
-      validateCorsConfig(routeCorsConfig)
-    ]);
-  }
-  const appConfigs = [];
-  for (const [matcher, config] of cors) {
-    let [, routeCorsConfig] = appConfigs.find(([m]) => String(m) === String(matcher)) ?? [matcher, defaultCorsConfig];
-    routeCorsConfig = routeCorsConfig === void 0 ? config : combineCorsConfig(routeCorsConfig, config);
-    let added = false;
-    for (const entry of appConfigs) {
-      if (String(entry[0]) === String(matcher)) {
-        entry[1] = routeCorsConfig;
-        added = true;
-        break;
-      }
-    }
-    if (!added) {
-      appConfigs.push([matcher, routeCorsConfig]);
-    }
-  }
-  for (const [matcher, config] of appConfigs) {
-    validatedConfigs.push([pattern(matcher), validateCorsConfig(config)]);
-  }
-  validatedConfigs.push([pattern(/\/api\/.*/), validateCorsConfig(defaultCorsConfig)]);
-  return matchingCorsConfigSource({ mappings: validatedConfigs });
-}
-
-// src/server/security/types.ts
-function isAuthentication(principal) {
-  return principal !== void 0 && typeof principal["type"] === "string" && typeof principal["authenticated"] === "boolean";
-}
-var AuthenticationError = class extends Error {
-  _authentication;
-  get authentication() {
-    return this._authentication;
-  }
-  set authentication(value) {
-    if (value === void 0) {
-      throw new TypeError("Authentication cannot be undefined");
-    }
-    this._authentication = value;
-  }
-};
-var InsufficientAuthenticationError = class extends AuthenticationError {
-};
-var BadCredentialsError = class extends AuthenticationError {
-};
-var AccessDeniedError = class extends Error {
-};
-var AuthorizationDecision = class {
-  constructor(granted) {
-    this.granted = granted;
-  }
-  granted;
-};
-var DefaultAuthorizationManager = class {
-  #check;
-  constructor(check) {
-    this.#check = check;
-  }
-  async verify(authentication, object) {
-    const decision = await this.#check(authentication, object);
-    if (!decision?.granted) {
-      throw new AccessDeniedError("Access denied");
-    }
-  }
-  async authorize(authentication, object) {
-    return await this.#check(authentication, object);
-  }
-};
-var AuthenticationServiceError = class extends AuthenticationError {
-};
-
-// src/server/security/http-headers.ts
-var staticServerHttpHeadersWriter = (headers2) => {
-  return async (exchange) => {
-    let containsNoHeaders = true;
-    const { response } = exchange;
-    for (const name of headers2.keys()) {
-      if (response.headers.has(name)) {
-        containsNoHeaders = false;
-      }
-    }
-    if (containsNoHeaders) {
-      for (const [name, value] of headers2) {
-        response.headers.set(name, value);
-      }
-    }
-  };
-};
-var cacheControlServerHttpHeadersWriter = () => staticServerHttpHeadersWriter(
-  new MapHttpHeaders().add("cache-control", "no-cache, no-store, max-age=0, must-revalidate").add("pragma", "no-cache").add("expires", "0")
-);
-var contentTypeServerHttpHeadersWriter = () => staticServerHttpHeadersWriter(
-  new MapHttpHeaders().add("x-content-type-options", "nosniff")
-);
-var strictTransportSecurityServerHttpHeadersWriter = (maxAgeInSeconds, includeSubDomains, preload) => {
-  let headerValue = `max-age=${maxAgeInSeconds}`;
-  if (includeSubDomains) {
-    headerValue += " ; includeSubDomains";
-  }
-  if (preload) {
-    headerValue += " ; preload";
-  }
-  const delegate = staticServerHttpHeadersWriter(
-    new MapHttpHeaders().add("strict-transport-security", headerValue)
-  );
-  const isSecure = (exchange) => {
-    const protocol = exchange.request.URL.protocol;
-    return protocol === "https:";
-  };
-  return async (exchange) => {
-    if (isSecure(exchange)) {
-      await delegate(exchange);
-    }
-  };
-};
-var frameOptionsServerHttpHeadersWriter = (mode) => {
-  return staticServerHttpHeadersWriter(
-    new MapHttpHeaders().add("x-frame-options", mode)
-  );
-};
-var xssProtectionServerHttpHeadersWriter = (headerValue) => staticServerHttpHeadersWriter(
-  new MapHttpHeaders().add("x-xss-protection", headerValue)
-);
-var permissionsPolicyServerHttpHeadersWriter = (policyDirectives) => {
-  const delegate = policyDirectives === void 0 ? void 0 : staticServerHttpHeadersWriter(
-    new MapHttpHeaders().add("permissions-policy", policyDirectives)
-  );
-  return async (exchange) => {
-    if (delegate !== void 0) {
-      await delegate(exchange);
-    }
-  };
-};
-var contentSecurityPolicyServerHttpHeadersWriter = (policyDirectives, reportOnly) => {
-  const headerName = reportOnly ? "content-security-policy-report-only" : "content-security-policy";
-  const delegate = policyDirectives === void 0 ? void 0 : staticServerHttpHeadersWriter(
-    new MapHttpHeaders().add(headerName, policyDirectives)
-  );
-  return async (exchange) => {
-    if (delegate !== void 0) {
-      await delegate(exchange);
-    }
-  };
-};
-var refererPolicyServerHttpHeadersWriter = (policy = "no-referrer") => {
-  return staticServerHttpHeadersWriter(
-    new MapHttpHeaders().add("referer-policy", policy)
-  );
-};
-var crossOriginOpenerPolicyServerHttpHeadersWriter = (policy) => {
-  const delegate = policy === void 0 ? void 0 : staticServerHttpHeadersWriter(
-    new MapHttpHeaders().add("cross-origin-opener-policy", policy)
-  );
-  return async (exchange) => {
-    if (delegate !== void 0) {
-      await delegate(exchange);
-    }
-  };
-};
-var crossOriginEmbedderPolicyServerHttpHeadersWriter = (policy) => {
-  const delegate = policy === void 0 ? void 0 : staticServerHttpHeadersWriter(
-    new MapHttpHeaders().add("cross-origin-embedder-policy", policy)
-  );
-  return async (exchange) => {
-    if (delegate !== void 0) {
-      await delegate(exchange);
-    }
-  };
-};
-var crossOriginResourcePolicyServerHttpHeadersWriter = (policy) => {
-  const delegate = policy === void 0 ? void 0 : staticServerHttpHeadersWriter(
-    new MapHttpHeaders().add("cross-origin-resource-policy", policy)
-  );
-  return async (exchange) => {
-    if (delegate !== void 0) {
-      await delegate(exchange);
-    }
-  };
-};
-var compositeServerHttpHeadersWriter = (...writers) => {
-  return async (exchange) => {
-    for (const writer of writers) {
-      await writer(exchange);
-    }
-  };
-};
-function headers(opts) {
-  const writers = [];
-  if (!opts?.cache?.disabled) {
-    writers.push(cacheControlServerHttpHeadersWriter());
-  }
-  if (!opts?.contentType?.disabled) {
-    writers.push(contentTypeServerHttpHeadersWriter());
-  }
-  if (!opts?.hsts?.disabled) {
-    writers.push(strictTransportSecurityServerHttpHeadersWriter(opts?.hsts?.maxAge ?? 365 * 24 * 60 * 60, opts?.hsts?.includeSubDomains ?? true, opts?.hsts?.preload ?? false));
-  }
-  if (!opts?.frameOptions?.disabled) {
-    writers.push(frameOptionsServerHttpHeadersWriter(opts?.frameOptions?.mode ?? "DENY"));
-  }
-  if (!opts?.xss?.disabled) {
-    writers.push(xssProtectionServerHttpHeadersWriter(opts?.xss?.headerValue ?? "0"));
-  }
-  if (!opts?.permissionsPolicy?.disabled) {
-    writers.push(permissionsPolicyServerHttpHeadersWriter(opts?.permissionsPolicy?.policyDirectives));
-  }
-  if (!opts?.contentSecurityPolicy?.disabled) {
-    writers.push(contentSecurityPolicyServerHttpHeadersWriter(opts?.contentSecurityPolicy?.policyDirectives ?? "default-src 'self'", opts?.contentSecurityPolicy?.reportOnly));
-  }
-  if (!opts?.refererPolicy?.disabled) {
-    writers.push(refererPolicyServerHttpHeadersWriter(opts?.refererPolicy?.policy ?? "no-referrer"));
-  }
-  if (!opts?.crossOriginOpenerPolicy?.disabled) {
-    writers.push(crossOriginOpenerPolicyServerHttpHeadersWriter(opts?.crossOriginOpenerPolicy?.policy));
-  }
-  if (!opts?.crossOriginEmbedderPolicy?.disabled) {
-    writers.push(crossOriginEmbedderPolicyServerHttpHeadersWriter(opts?.crossOriginEmbedderPolicy?.policy));
-  }
-  if (!opts?.crossOriginResourcePolicy?.disabled) {
-    writers.push(crossOriginResourcePolicyServerHttpHeadersWriter(opts?.crossOriginResourcePolicy?.policy));
-  }
-  if (opts?.writers) {
-    writers.push(...opts.writers);
-  }
-  const writer = compositeServerHttpHeadersWriter(...writers);
-  return async (exchange, next) => {
-    await writer(exchange);
-    await next();
-  };
-}
-
-// src/server/security/entry-point-failure-handler.ts
-var serverAuthenticationEntryPointFailureHandler = (opts) => {
-  const entryPoint = opts.entryPoint;
-  const rethrowAuthenticationServiceError = opts?.rethrowAuthenticationServiceError ?? true;
-  return async ({ exchange }, error) => {
-    if (!rethrowAuthenticationServiceError) {
-      return entryPoint(exchange, error);
-    }
-    if (!(error instanceof AuthenticationServiceError)) {
-      return entryPoint(exchange, error);
-    }
-    throw error;
-  };
-};
-
-// src/server/security/http-basic-entry-point.ts
-var DEFAULT_REALM = "Realm";
-var createHeaderValue = (realm) => {
-  return `Basic realm="${realm}"`;
-};
-var httpBasicEntryPoint = (opts) => {
-  const headerValue = createHeaderValue(opts?.realm ?? DEFAULT_REALM);
-  return async (exchange, _error) => {
-    const { response } = exchange;
-    response.setStatusCode(HttpStatus.UNAUTHORIZED);
-    response.headers.set("WWW-Authenticate", headerValue);
-  };
-};
-
-// src/server/security/http-basic-converter.ts
-var BASIC = "Basic ";
-var httpBasicAuthenticationConverter = (opts) => {
-  return async (exchange) => {
-    const { request } = exchange;
-    const authorization = request.headers.one("authorization");
-    if (!authorization || !/basic/i.test(authorization.substring(0))) {
-      return;
-    }
-    const credentials = authorization.length <= BASIC.length ? "" : authorization.substring(BASIC.length);
-    const decoded = Buffer.from(credentials, "base64").toString(opts?.credentialsEncoding ?? "utf-8");
-    const parts = decoded.split(":", 2);
-    if (parts.length !== 2) {
-      return void 0;
-    }
-    return {
-      type: "UsernamePassword",
-      authenticated: false,
-      principal: parts[0],
-      credentials: parts[1]
-    };
-  };
-};
-
-// src/server/security/security-context.ts
-import { AsyncLocalStorage as AsyncLocalStorage2 } from "node:async_hooks";
-var AsyncStorageSecurityContextHolder = class _AsyncStorageSecurityContextHolder {
-  static hasSecurityContext(storage) {
-    return storage.getStore()?.securityContext !== void 0;
-  }
-  static async getSecurityContext(storage) {
-    return await storage.getStore()?.securityContext;
-  }
-  static clearSecurityContext(storage) {
-    delete storage.getStore()?.securityContext;
-  }
-  static withSecurityContext(securityContext) {
-    return (storage = new AsyncLocalStorage2()) => {
-      storage.getStore().securityContext = securityContext;
-      return storage;
-    };
-  }
-  static withAuthentication(authentication) {
-    return _AsyncStorageSecurityContextHolder.withSecurityContext(Promise.resolve({ authentication }));
-  }
-  static async getContext(storage) {
-    if (_AsyncStorageSecurityContextHolder.hasSecurityContext(storage)) {
-      return _AsyncStorageSecurityContextHolder.getSecurityContext(storage);
-    }
-  }
-};
-
-// src/server/security/authentication-filter.ts
-async function authenticate(exchange, next, token, managerResolver, successHandler, storage) {
-  const authManager = await managerResolver(exchange);
-  const authentication = await authManager?.(token);
-  if (authentication === void 0) {
-    throw new Error("No authentication manager found for the exchange");
-  }
-  try {
-    await onAuthenticationSuccess(authentication, { exchange, next }, successHandler, storage);
-  } catch (e) {
-    if (e instanceof AuthenticationError) {
-    }
-    throw e;
-  }
-}
-async function onAuthenticationSuccess(authentication, filterExchange, successHandler, storage) {
-  AsyncStorageSecurityContextHolder.withAuthentication(authentication)(storage);
-  await successHandler(filterExchange, authentication);
-}
-function authenticationFilter(opts) {
-  const auth = {
-    matcher: anyExchange,
-    successHandler: async ({ next }) => {
-      await next();
-    },
-    converter: httpBasicAuthenticationConverter({}),
-    failureHandler: serverAuthenticationEntryPointFailureHandler({ entryPoint: httpBasicEntryPoint({}) }),
-    ...opts
-  };
-  let managerResolver = auth.managerResolver;
-  if (managerResolver === void 0 && auth.manager !== void 0) {
-    const manager = auth.manager;
-    managerResolver = async (_exchange) => {
-      return manager;
-    };
-  }
-  if (managerResolver === void 0) {
-    throw new Error("Authentication filter requires a managerResolver or a manager");
-  }
-  return async (exchange, next) => {
-    const matchResult = await auth.matcher(exchange);
-    const token = matchResult.match ? await auth.converter(exchange) : void 0;
-    if (token === void 0) {
-      await next();
-      return;
-    }
-    try {
-      await authenticate(exchange, next, token, managerResolver, auth.successHandler, auth.storage);
-    } catch (error) {
-      if (error instanceof AuthenticationError) {
-        await auth.failureHandler({ exchange, next }, error);
-        return;
-      }
-      throw error;
-    }
-  };
-}
-
-// src/server/security/http-status-entry-point.ts
-var httpStatusEntryPoint = (opts) => {
-  return async (exchange, _error) => {
-    const response = exchange.response;
-    response.setStatusCode(opts.httpStatus);
-  };
-};
-
-// src/server/security/delegating-entry-point.ts
-var logger2 = getLogger2("auth.entry-point");
-var delegatingEntryPoint = (opts) => {
-  const defaultEntryPoint = opts.defaultEntryPoint ?? (async ({ response }, _error) => {
-    response.setStatusCode(HttpStatus.UNAUTHORIZED);
-    await response.end();
-  });
-  return async (exchange, error) => {
-    for (const [matcher, entryPoint] of opts.entryPoints) {
-      if (logger2.enabledFor("debug")) {
-        logger2.debug(`trying to match using: ${matcher}`);
-      }
-      const match2 = await matcher(exchange);
-      if (match2.match) {
-        if (logger2.enabledFor("debug")) {
-          logger2.debug(`match found. using default entry point ${entryPoint}`);
-        }
-        return entryPoint(exchange, error);
-      }
-    }
-    if (logger2.enabledFor("debug")) {
-      logger2.debug(`no match found. using default entry point ${defaultEntryPoint}`);
-    }
-    return defaultEntryPoint(exchange, error);
-  };
-};
-
-// src/server/security/delegating-success-handler.ts
-var delegatingSuccessHandler = (handlers) => {
-  return async ({ exchange, next }, authentication) => {
-    for (const handler of handlers) {
-      await handler({ exchange, next }, authentication);
-    }
-  };
-};
-
-// src/server/security/http-basic.ts
-function httpBasic(opts) {
-  const xhrMatcher = async (exchange) => {
-    const headers2 = exchange.request.headers;
-    const h = headers2.list("X-Requested-With");
-    if (h.includes("XMLHttpRequest")) {
-      return match();
-    }
-    return NO_MATCH;
-  };
-  const defaultEntryPoint = delegatingEntryPoint({
-    entryPoints: [[xhrMatcher, httpStatusEntryPoint({ httpStatus: HttpStatus.UNAUTHORIZED })]],
-    defaultEntryPoint: httpBasicEntryPoint({})
-  });
-  const entryPoint = opts.entryPoint ?? defaultEntryPoint;
-  const manager = opts.manager;
-  const restMatcher = mediaType({
-    mediaTypes: [
-      "application/atom+xml",
-      "application/x-www-form-urlencoded",
-      "application/json",
-      "application/octet-stream",
-      "application/xml",
-      "multipart/form-data",
-      "text/xml"
-    ],
-    ignoredMediaTypes: ["*/*"]
-  });
-  const notHtmlMatcher = not(mediaType({ mediaTypes: ["text/html"] }));
-  const restNoHtmlMatcher = and([notHtmlMatcher, restMatcher]);
-  const preferredMatcher = or([xhrMatcher, restNoHtmlMatcher]);
-  opts.defaultEntryPoints.push([preferredMatcher, entryPoint]);
-  const failureHandler = opts.failureHandler ?? serverAuthenticationEntryPointFailureHandler({ entryPoint });
-  const successHandler = delegatingSuccessHandler(opts.successHandlers ?? opts.defaultSuccessHandlers);
-  const converter = httpBasicAuthenticationConverter({});
-  return authenticationFilter({
-    storage: opts.storage,
-    manager,
-    failureHandler,
-    successHandler,
-    converter
-  });
-}
-
-// src/server/security/oauth2/token-error.ts
-var BearerTokenErrorCodes = {
-  invalid_request: "invalid_request",
-  invalid_token: "invalid_token",
-  insufficient_scope: "insufficient_scope"
-};
-var DEFAULT_URI = "https://tools.ietf.org/html/rfc6750#section-3.1";
-function invalidToken(message) {
-  return {
-    errorCode: BearerTokenErrorCodes.invalid_token,
-    httpStatus: HttpStatus.UNAUTHORIZED,
-    description: message,
-    uri: DEFAULT_URI
-  };
-}
-function invalidRequest(message) {
-  return {
-    errorCode: BearerTokenErrorCodes.invalid_request,
-    httpStatus: HttpStatus.BAD_REQUEST,
-    description: message,
-    uri: DEFAULT_URI
-  };
-}
-
-// src/server/security/oauth2/token-converter.ts
-var ACCESS_TOKEN_PARAMETER_NAME = "access_token";
-var authorizationPattern = /^Bearer\s+(?<token>[a-zA-Z0-9-._~+/]+=*)$/i;
-var Oauth2AuthenticationError = class extends AuthenticationError {
-  error;
-  constructor(error, message, options) {
-    super(message ?? (typeof error === "string" ? void 0 : error.description), options);
-    this.error = typeof error === "string" ? { errorCode: error } : error;
-  }
-};
-var isBearerTokenAuthenticationToken = (authentication) => {
-  return authentication.type === "BearerToken";
-};
-var serverBearerTokenAuthenticationConverter = (opts) => {
-  return async (exchange) => {
-    const { request } = exchange;
-    return Promise.all([
-      resolveFromAuthorizationHeader(request.headers, opts?.headerName).then((token) => token !== void 0 ? [token] : void 0),
-      resolveFromQueryString(request, opts?.uriQueryParameter),
-      resolveFromBody(exchange, opts?.formEncodedBodyParameter)
-    ]).then((rs) => rs.filter((r) => r !== void 0).flat(1)).then(resolveToken).then((token) => {
-      if (token) return { authenticated: false, type: "BearerToken", token };
-    });
-  };
-};
-async function resolveToken(accessTokens) {
-  if (accessTokens.length === 0) {
-    return;
-  }
-  if (accessTokens.length > 1) {
-    const error = invalidRequest("Found multiple access tokens in the request");
-    throw new Oauth2AuthenticationError(error);
-  }
-  const accessToken = accessTokens[0];
-  if (!accessToken || accessToken.length === 0) {
-    const error = invalidRequest("The requested access token parameter is an empty string");
-    throw new Oauth2AuthenticationError(error);
-  }
-  return accessToken;
-}
-async function resolveFromAuthorizationHeader(headers2, headerName = "authorization") {
-  const authorization = headers2.one(headerName);
-  if (!authorization || !/bearer/i.test(authorization.substring(0))) {
-    return;
-  }
-  const match2 = authorizationPattern.exec(authorization);
-  if (match2 === null) {
-    const error = invalidToken("Bearer token is malformed");
-    throw new Oauth2AuthenticationError(error);
-  }
-  return match2.groups?.token;
-}
-async function resolveTokens(parameters) {
-  const accessTokens = parameters.getAll(ACCESS_TOKEN_PARAMETER_NAME);
-  if (accessTokens.length === 0) {
-    return;
-  }
-  return accessTokens;
-}
-async function resolveFromQueryString(request, allow = false) {
-  if (!allow || request.method !== "GET") {
-    return;
-  }
-  return resolveTokens(request.URL.searchParams);
-}
-async function resolveFromBody(exchange, allow = false) {
-  const { request } = exchange;
-  if (!allow || "application/x-www-form-urlencoded" !== request.headers.one("content-type") || request.method !== "POST") {
-    return;
-  }
-  const parameters = await exchange.request.formData();
-  if (parameters) {
-    return resolveTokens(parameters);
-  }
-}
-var token_converter_default = serverBearerTokenAuthenticationConverter;
-
-// src/server/security/oauth2/token-entry-point.ts
-function computeWWWAuthenticate(parameters) {
-  let wwwAuthenticate = "Bearer";
-  if (parameters.size !== 0) {
-    wwwAuthenticate += " ";
-    let i = 0;
-    for (const [key, value] of parameters) {
-      wwwAuthenticate += `${key}="${value}"`;
-      if (i !== parameters.size - 1) {
-        wwwAuthenticate += ", ";
-      }
-      i++;
-    }
-  }
-  return wwwAuthenticate;
-}
-var isBearerTokenError = (error) => {
-  return error.httpStatus !== void 0;
-};
-function getStatus(authError) {
-  if (authError instanceof Oauth2AuthenticationError) {
-    const { error } = authError;
-    if (isBearerTokenError(error)) {
-      return error.httpStatus;
-    }
-  }
-  return HttpStatus.UNAUTHORIZED;
-}
-function createParameters(authError, realm) {
-  const parameters = /* @__PURE__ */ new Map();
-  if (realm) {
-    parameters.set("realm", realm);
-  }
-  if (authError instanceof Oauth2AuthenticationError) {
-    const { error } = authError;
-    parameters.set("error", error.errorCode);
-    if (error.description) {
-      parameters.set("error_description", error.description);
-    }
-    if (error.uri) {
-      parameters.set("error_uri", error.uri);
-    }
-    if (isBearerTokenError(error) && error.scope) {
-      parameters.set("scope", error.scope);
-    }
-  }
-  return parameters;
-}
-var bearerTokenServerAuthenticationEntryPoint = (opts) => {
-  return async (exchange, error) => {
-    const status = getStatus(error);
-    const parameters = createParameters(error, opts?.realmName);
-    const wwwAuthenticate = computeWWWAuthenticate(parameters);
-    const { response } = exchange;
-    response.headers.set("WWW-Authenticate", wwwAuthenticate);
-    response.setStatusCode(status);
-    await response.end();
-  };
-};
-var token_entry_point_default = bearerTokenServerAuthenticationEntryPoint;
-
-// src/server/security/oauth2/jwt-auth-manager.ts
-var jwtAuthConverter = (opts) => {
-  const principalClaimName = opts?.principalClaimName ?? "sub";
-  return (jwt) => {
-    const name = jwt.getClaimAsString(principalClaimName);
-    return { type: "JwtToken", authenticated: true, name };
-  };
-};
-var asyncJwtConverter = (converter) => {
-  return async (jwt) => {
-    return converter(jwt);
-  };
-};
-var JwtError = class extends Error {
-};
-var BadJwtError = class extends JwtError {
-};
-function onError(error) {
-  if (error instanceof BadJwtError) {
-    return new Oauth2AuthenticationError(invalidToken(error.message), error.message, { cause: error });
-  }
-  throw new AuthenticationServiceError(error.message, { cause: error });
-}
-function jwtAuthManager(opts) {
-  const decoder = opts.decoder;
-  const authConverter = opts.authConverter ?? asyncJwtConverter(jwtAuthConverter({}));
-  return async (authentication) => {
-    if (isBearerTokenAuthenticationToken(authentication)) {
-      const token = authentication.token;
-      try {
-        const jwt = await decoder(token);
-        return await authConverter(jwt);
-      } catch (e) {
-        if (e instanceof JwtError) {
-          throw onError(e);
-        }
-        throw e;
-      }
-    }
-  };
-}
-
-// src/server/security/oauth2-resource-server.ts
-function resourceServer(opts) {
-  const entryPoint = opts.entryPoint ?? token_entry_point_default({});
-  const converter = opts?.converter ?? token_converter_default({});
-  const failureHandler = opts.failureHandler ?? serverAuthenticationEntryPointFailureHandler({ entryPoint });
-  if (opts.managerResolver !== void 0) {
-    return authenticationFilter({
-      storage: opts.storage,
-      converter,
-      failureHandler,
-      managerResolver: opts.managerResolver
-    });
-  }
-  if (opts.jwt !== void 0) {
-    const manager = opts.jwt.manager ?? jwtAuthManager(opts.jwt);
-    return authenticationFilter({
-      storage: opts.storage,
-      converter,
-      failureHandler,
-      managerResolver: async (_exchange) => {
-        return manager;
-      }
-    });
-  }
-  throw new Error("Invalid resource server configuration: either managerResolver or jwt must be provided");
-}
-
-// src/server/security/config.ts
-import { jwtVerifier, JwtVerifyError } from "@interopio/gateway/jose/jwt";
-
-// src/server/security/error-filter.ts
-async function commenceAuthentication(exchange, authentication, entryPoint) {
-  const cause = new InsufficientAuthenticationError(`Full authentication is required to access this resource.`);
-  const e = new AuthenticationError("Access Denied", { cause });
-  if (authentication) {
-    e.authentication = authentication;
-  }
-  await entryPoint(exchange, e);
-}
-function httpStatusAccessDeniedHandler(httpStatus) {
-  return async (exchange, _error) => {
-    exchange.response.setStatusCode(httpStatus);
-    exchange.response.headers.set("Content-Type", "text/plain; charset=utf-8");
-    const buffer = Buffer.from("Access Denied", "utf-8");
-    exchange.response.headers.set("Content-Length", buffer.length);
-    await exchange.response.body(buffer);
-  };
-}
-var errorFilter = (opts) => {
-  const accessDeniedHandler = httpStatusAccessDeniedHandler(HttpStatus.FORBIDDEN);
-  const authenticationEntryPoint = opts.authenticationEntryPoint ?? httpBasicEntryPoint();
-  return async (exchange, next) => {
-    try {
-      await next();
-    } catch (error) {
-      if (error instanceof AccessDeniedError) {
-        const principal = await exchange.principal();
-        if (!isAuthentication(principal)) {
-          await commenceAuthentication(exchange, void 0, authenticationEntryPoint);
-        } else {
-          if (!principal.authenticated) {
-            await accessDeniedHandler(exchange, error);
-          }
-          await commenceAuthentication(exchange, principal, authenticationEntryPoint);
-        }
-        return;
-      }
-      throw error;
-    }
-  };
-};
-
-// src/server/security/delegating-authorization-manager.ts
-var logger3 = getLogger2("security.auth");
-function delegatingAuthorizationManager(opts) {
-  const check = async (authentication, exchange) => {
-    let decision;
-    for (const [matcher, manager] of opts.mappings) {
-      if ((await matcher(exchange))?.match) {
-        logger3.debug(`checking authorization on '${exchange.request.path}' using [${matcher}, ${manager}]`);
-        const checkResult = await manager.authorize(authentication, { exchange });
-        if (checkResult !== void 0) {
-          decision = checkResult;
-          break;
-        }
-      }
-    }
-    decision ??= new AuthorizationDecision(false);
-    return decision;
-  };
-  return new DefaultAuthorizationManager(check);
-}
-
-// src/server/security/authorization-filter.ts
-var logger4 = getLogger2("security.auth");
-function authorizationFilter(opts) {
-  const { manager, storage } = opts;
-  return async (exchange, next) => {
-    const promise = AsyncStorageSecurityContextHolder.getContext(storage).then((c) => c?.authentication);
-    try {
-      await manager.verify(promise, exchange);
-      if (logger4.enabledFor("debug")) {
-        logger4.debug("authorization successful");
-      }
-    } catch (error) {
-      if (error instanceof AccessDeniedError) {
-        if (logger4.enabledFor("debug")) {
-          logger4.debug(`authorization failed: ${error.message}`);
-        }
-      }
-      throw error;
-    }
-    await next();
-  };
-}
-
-// src/server/security/exchange-filter.ts
-var SecurityContextServerWebExchange = class extends ServerWebExchangeDecorator {
-  #context;
-  constructor(exchange, context) {
-    super(exchange);
-    this.#context = context;
-  }
-  async principal() {
-    const context = await this.#context();
-    return context?.authentication;
-  }
-};
-var exchangeFilter = (opts) => {
-  const storage = opts.storage;
-  return async (exchange, next) => {
-    await next(new SecurityContextServerWebExchange(exchange, async () => await AsyncStorageSecurityContextHolder.getContext(storage)));
-  };
-};
-
-// src/server/security/config.ts
-var filterOrder = {
-  first: Number.MAX_SAFE_INTEGER,
-  http_headers: 1 * 100,
-  https_redirect: 2 * 100,
-  cors: 3 * 100,
-  http_basic: 6 * 100,
-  authentication: 8 * 100,
-  security_context_server_web_exchange: 15 * 100,
-  error_translation: 18 * 100,
-  authorization: 19 * 100,
-  last: Number.MAX_SAFE_INTEGER
-};
-var filterOrderSymbol = Symbol.for("filterOrder");
-var config_default = (config, context) => {
-  const middleware = [];
-  class ServerHttpSecurity {
-    #authenticationEntryPoint;
-    #defaultEntryPoints = [];
-    manager;
-    get authenticationEntryPoint() {
-      if (this.#authenticationEntryPoint !== void 0 || this.#defaultEntryPoints.length === 0) {
-        return this.#authenticationEntryPoint;
-      }
-      if (this.#defaultEntryPoints.length === 1) {
-        return this.#defaultEntryPoints[0][1];
-      }
-      return delegatingEntryPoint({
-        entryPoints: this.#defaultEntryPoints,
-        defaultEntryPoint: this.#defaultEntryPoints[this.#defaultEntryPoints.length - 1][1]
-      });
-    }
-    build() {
-      if (config.headers !== void 0 && config.headers.disabled !== true) {
-        const writer = headers(config.headers);
-        writer[filterOrderSymbol] = filterOrder.http_headers;
-        middleware.push(writer);
-      }
-      if (config.cors?.disabled !== true && context.corsConfigSource !== void 0) {
-        const filter = cors_default({ corsConfigSource: context.corsConfigSource });
-        filter[filterOrderSymbol] = filterOrder.cors;
-        middleware.push(filter);
-      }
-      if (config.basic !== void 0 && config.basic?.disabled !== true) {
-        const username = config.basic.user?.name.toLowerCase();
-        const password = config.basic.user?.password ?? "";
-        const authorities = config.basic.user?.authorities ?? [];
-        const manager = async (auth) => {
-          const principal = auth["principal"];
-          const credentials = auth["credentials"];
-          if (principal.toLowerCase() !== username || credentials !== password) {
-            throw new BadCredentialsError("Invalid username or password");
-          }
-          return { type: "UsernamePassword", authenticated: true, principal, credentials, authorities: [...authorities] };
-        };
-        const defaultSuccessHandlers = [
-          async ({ exchange: _, next }, _authentication) => {
-            return next();
-          }
-        ];
-        const filter = httpBasic({
-          storage: context.storage,
-          manager,
-          defaultEntryPoints: this.#defaultEntryPoints,
-          defaultSuccessHandlers
-        });
-        filter[filterOrderSymbol] = filterOrder.http_basic;
-        middleware.push(filter);
-      }
-      if (config.jwt !== void 0 && config.jwt.disabled !== true) {
-        const verifier = jwtVerifier({
-          issuerBaseUri: config.jwt.issuerUri,
-          issuer: config.jwt.issuer,
-          audience: config.jwt.audience
-        });
-        const decoder = async (token) => {
-          try {
-            const { payload } = await verifier(token);
-            return {
-              subject: payload.sub,
-              getClaimAsString(claim) {
-                return payload[claim];
-              }
-            };
-          } catch (e) {
-            if (e instanceof JwtVerifyError) {
-              throw new BadJwtError(e.message, { cause: e });
-            }
-            throw new JwtError("error occurred while attempting to decoding jwt", { cause: e });
-          }
-        };
-        const authenticationConverter = token_converter_default({ uriQueryParameter: true });
-        const authenticationConverterMatcher = async (exchange) => {
-          try {
-            const a = await authenticationConverter(exchange);
-            if (a === void 0) {
-              return NO_MATCH;
-            }
-            return match();
-          } catch (e) {
-            return NO_MATCH;
-          }
-        };
-        const entryPoint = token_entry_point_default({});
-        this.#defaultEntryPoints.push([authenticationConverterMatcher, entryPoint]);
-        const filter = resourceServer({
-          storage: context.storage,
-          entryPoint,
-          converter: authenticationConverter,
-          jwt: { decoder }
-        });
-        filter[filterOrderSymbol] = filterOrder.authentication;
-        middleware.push(filter);
-      }
-      const exchangeF = exchangeFilter({ storage: context.storage });
-      middleware.push(exchangeF);
-      exchangeF[filterOrderSymbol] = filterOrder.security_context_server_web_exchange;
-      if (config.authorize !== void 0) {
-        const errorFf = errorFilter({ authenticationEntryPoint: this.authenticationEntryPoint });
-        errorFf[filterOrderSymbol] = filterOrder.error_translation;
-        middleware.push(errorFf);
-        const buildAuthorizationManager = (authorize) => {
-          const mappings = [];
-          let anyExchangeRegistered = false;
-          for (const [matcher, access2] of authorize ?? []) {
-            let serverMatcher;
-            if (matcher === "any-exchange") {
-              anyExchangeRegistered = true;
-              serverMatcher = anyExchange;
-            } else if (anyExchangeRegistered) {
-              throw new Error("Cannot register other matchers after 'any-exchange' matcher");
-            } else {
-              serverMatcher = matcher;
-            }
-            let manager2;
-            if (access2.access === "permitted") {
-              manager2 = new DefaultAuthorizationManager(async () => new AuthorizationDecision(true));
-              manager2.toString = () => "AuthorizationManager[permitted]";
-            } else if (access2.access === "denied") {
-              manager2 = new DefaultAuthorizationManager(async () => new AuthorizationDecision(false));
-              manager2.toString = () => "AuthorizationManager[denied]";
-            } else if (access2.access === "authenticated") {
-              manager2 = new DefaultAuthorizationManager(async (p) => {
-                const authentication = await p;
-                if (authentication !== void 0) {
-                  return new AuthorizationDecision(authentication.authenticated);
-                }
-                return new AuthorizationDecision(false);
-              });
-              manager2.toString = () => "AuthorizationManager[authenticated]";
-            } else {
-              throw new Error(`Unknown access type: ${JSON.stringify(access2)}`);
-            }
-            mappings.push([serverMatcher, manager2]);
-          }
-          return delegatingAuthorizationManager({ mappings });
-        };
-        const manager = buildAuthorizationManager(config.authorize);
-        const filter = authorizationFilter({ manager, storage: context.storage });
-        filter[filterOrderSymbol] = filterOrder.authorization;
-        middleware.push(filter);
-      }
-      middleware.sort((a, b) => {
-        const aOrder = a[filterOrderSymbol] ?? filterOrder.last;
-        const bOrder = b[filterOrderSymbol] ?? filterOrder.last;
-        return aOrder - bOrder;
-      });
-    }
-  }
-  const security = new ServerHttpSecurity();
-  security.build();
-  return middleware;
-};
-
-// src/app/auth.ts
-function createSecurityConfig(context) {
-  const authorize = [];
-  const defaultAccess = { access: context.authConfig?.type !== "none" ? "authenticated" : "permitted" };
-  for (const [path, route] of context.sockets) {
-    const rule = route.authorize ?? defaultAccess;
-    let matcher = pattern(path, { method: "GET" });
-    matcher = and([upgradeMatcher, matcher]);
-    authorize.push([matcher, rule]);
-  }
-  authorize.push([pattern("/", { method: "GET" }), { access: "permitted" }]);
-  authorize.push([pattern("/favicon.ico", { method: "GET" }), { access: "permitted" }]);
-  authorize.push([pattern("/health", { method: "GET" }), { access: "permitted" }]);
-  if (context.authorize.length > 0) {
-    authorize.push(...context.authorize);
-  }
-  authorize.push(["any-exchange", defaultAccess]);
-  return {
-    authorize,
-    cors: {
-      disabled: context.corsConfig === false
-    },
-    basic: {
-      disabled: context.authConfig?.type !== "basic",
-      ...context.authConfig?.basic
-    },
-    jwt: {
-      disabled: context.authConfig?.type !== "oauth2",
-      ...context.authConfig?.oauth2?.jwt
-    }
-  };
-}
-async function httpSecurity(context) {
-  const corsConfigSource = createCorsConfigSource(context);
-  const config = createSecurityConfig(context);
-  const { storage } = context;
-  return config_default(config, { storage, corsConfigSource });
-}
-
-// src/server/handler.ts
-import { AsyncLocalStorage as AsyncLocalStorage3 } from "node:async_hooks";
-var HttpHeadResponseDecorator = class extends ServerHttpResponseDecorator {
-};
-var HandlerAdapter = class {
-  #logger;
-  #enableLoggingRequestDetails = false;
-  #delegate;
-  #storage;
-  constructor(logger7, delegate) {
-    this.#logger = logger7;
-    this.#delegate = delegate;
-  }
-  createExchange(request, response) {
-    const exchange = new DefaultWebExchange(request, response);
-    return exchange;
-  }
-  set storage(storage) {
-    this.#storage = storage;
-  }
-  set enableLoggingRequestDetails(value) {
-    this.#enableLoggingRequestDetails = value;
-  }
-  formatHeaders(headers2) {
-    let result = "{";
-    for (const key of headers2.keys()) {
-      if (!this.#enableLoggingRequestDetails) {
-        result += "masked, ";
-        break;
-      } else {
-        const value = headers2.get(key);
-        result += `"${key}": "${value}", `;
-      }
-    }
-    if (result.endsWith(", ")) {
-      result = result.slice(0, -2);
-    }
-    result += "}";
-    return result;
-  }
-  formatRequest(request) {
-    const query = request.URL.search;
-    return `HTTP ${request.method} "${request.path}${query}`;
-  }
-  logRequest(exchange) {
-    if (this.#logger.enabledFor("debug")) {
-      const trace = this.#logger.enabledFor("trace");
-      this.#logger.debug(`${exchange.logPrefix}${this.formatRequest(exchange.request)}${trace ? `, headers: ${this.formatHeaders(exchange.request.headers)}` : ""}"`);
-    }
-  }
-  logResponse(exchange) {
-    if (this.#logger.enabledFor("debug")) {
-      const trace = this.#logger.enabledFor("trace");
-      const status = exchange.response.statusCode;
-      this.#logger.debug(`${exchange.logPrefix}Completed ${status ?? "200 OK"}${trace ? `, headers: ${this.formatHeaders(exchange.response.headers)}` : ""}"`);
-    }
-  }
-  handleUnresolvedError(exchange, error) {
-    const { request, response, logPrefix } = exchange;
-    if (response.setStatusCode(HttpStatus.INTERNAL_SERVER_ERROR)) {
-      this.#logger.error(`${logPrefix}500 Server Error for ${this.formatRequest(request)}`, error);
-      return;
-    }
-    this.#logger.error(`${logPrefix}Error [${error.message} for ${this.formatRequest(request)}, but already ended (${response.statusCode})`, error);
-    throw error;
-  }
-  async web(exchange) {
-    return await this.#delegate(exchange);
-  }
-  async http(request, response) {
-    const exchange = this.createExchange(request, response);
-    const callback = () => {
-      this.logRequest(exchange);
-      return this.web(exchange).then(() => {
-        this.logResponse(exchange);
-      }).catch((error) => {
-        this.handleUnresolvedError(exchange, error);
-      }).then(async () => {
-        await exchange.response.end();
-      });
-    };
-    await new Promise((resolve, reject) => {
-      if (this.#storage !== void 0) {
-        this.#storage.run({ exchange }, () => {
-          callback().then(() => resolve()).catch((error) => reject(error));
-        });
-      } else {
-        callback().then(() => resolve()).catch((error) => reject(error));
-      }
-    });
-  }
-};
-var WebHttpHandlerBuilder = class {
-  #webHandler;
-  #storage = new AsyncLocalStorage3();
-  #handlerDecorator;
-  storage(storage) {
-    this.#storage = storage;
-    return this;
-  }
-  httpHandlerDecorator(decorator) {
-    if (this.#handlerDecorator === void 0) {
-      this.#handlerDecorator = decorator;
-    } else {
-      const previousDecorator = this.#handlerDecorator;
-      this.#handlerDecorator = (handler) => {
-        handler = previousDecorator(handler);
-        return decorator(handler);
-      };
-    }
-    return this;
-  }
-  constructor(webHandler) {
-    this.#webHandler = webHandler;
-  }
-  build() {
-    const logger7 = getLogger2("http");
-    const adapter = new HandlerAdapter(logger7, this.#webHandler);
-    if (this.#storage !== void 0) adapter.storage = this.#storage;
-    adapter.enableLoggingRequestDetails = false;
-    const adapted = async (request, response) => adapter.http(request, response);
-    return this.#handlerDecorator ? this.#handlerDecorator(adapted) : adapted;
-  }
-};
-
-// src/server/ws.ts
-import { WebSocket, WebSocketServer } from "ws";
-
-// src/server/socket.ts
-function createHandshakeInfo(req, protocol) {
-  const exchange = req?.exchange;
-  const request = exchange?.request ?? new HttpServerRequest(req);
-  const principalPromiseProvider = exchange?.principal;
-  const principal = principalPromiseProvider ? principalPromiseProvider.bind(exchange) : async function principal2() {
-    return void 0;
-  };
-  const url = request.URL;
-  const headers2 = new MapHttpHeaders();
-  for (const key of request.headers.keys()) {
-    headers2.set(key, request.headers.list(key));
-  }
-  const cookies = request.cookies;
-  const logPrefix = exchange?.logPrefix ?? `[${request.id}] `;
-  const remoteAddress = request.remoteAddress;
-  const handshake = {
-    url,
-    headers: headers2,
-    cookies,
-    principal,
-    protocol,
-    remoteAddress,
-    logPrefix
-  };
-  return handshake;
-}
-function webSockets(context) {
-  const sockets = async (exchange, next) => {
-    const request = exchange.request;
-    const path = request.path ?? "/";
-    const routes = context.sockets;
-    const route = routes.get(path) ?? Array.from(routes.values()).find((route2) => {
-      if (path === "/" && route2.default === true) {
-        return true;
-      }
-    });
-    if (route !== void 0) {
-      const { request: request2, response } = exchange;
-      const upgradeMatchResult = await upgradeMatcher(exchange);
-      if ((request2.method === "GET" || request2.method === "CONNECT") && upgradeMatchResult.match) {
-        if (route.upgradeStrategy !== void 0) {
-          route.upgradeStrategy(exchange);
-          return;
-        } else {
-          throw new Error(`No upgrade strategy defined for route on ${path}`);
-        }
-      } else {
-        if (route.default) {
-          await next();
-          return;
-        }
-        response.setStatusCode(HttpStatus.UPGRADE_REQUIRED);
-        response.headers.set("Upgrade", "websocket").set("Connection", "Upgrade").set("Content-Type", "text/plain");
-        const buffer = Buffer.from(`This service [${request2.path}] requires use of the websocket protocol.`, "utf-8");
-        await response.body(buffer);
-      }
-    } else {
-      await next();
-    }
-  };
-  return [sockets];
-}
-
-// src/server/ws.ts
-var ExtendedWebSocket = class extends WebSocket {
-  constructor(first, second, options) {
-    super(null, void 0, options);
-  }
-  connected;
-};
-var logger5 = getLogger2("ws");
-function upgradeStrategy(path, route, wss, onSocketError) {
-  return (exchange) => {
-    const { logPrefix, request } = exchange;
-    const req = ServerHttpRequestDecorator.getNativeRequest(request);
-    req.exchange = exchange;
-    const { socket, upgradeHead } = req;
-    const host = request.host;
-    socket.removeListener("error", onSocketError);
-    if (route.maxConnections !== void 0 && wss.clients?.size >= route.maxConnections) {
-      logger5.warn(`${logPrefix}dropping ws connection request on ${host}${path}. max connections exceeded.`);
-      socket.destroy();
-      return;
-    }
-    const origin = request.headers.one("origin");
-    if (!acceptsOrigin(origin, route.originFilters)) {
-      if (logger5.enabledFor("info")) {
-        logger5.info(`${logPrefix}dropping ws connection request on ${host}${path}. origin ${origin ?? "<missing>"}`);
-      }
-      socket.destroy();
-      return;
-    }
-    if (logger5.enabledFor("debug")) {
-      logger5.debug(`${logPrefix}accepted new ws connection request on ${host}${path}`);
-    }
-    wss.handleUpgrade(req, socket, upgradeHead, (client, req2) => {
-      wss.emit("connection", client, req2);
-    });
-  };
-}
-function applyHandshakeHeaders(headers2, response) {
-  const seen = /* @__PURE__ */ new Set();
-  headers2.forEach((header, index) => {
-    if (index === 0 && header.startsWith("HTTP/1.1 101 ")) {
-      response.setStatusCode(HttpStatus.SWITCHING_PROTOCOLS);
-      return;
-    }
-    const [name, value] = header.split(": ");
-    if (response.headers.has(name)) {
-      headers2[index] = `${name}: ${response.headers.one(name)}`;
-    } else {
-      response.headers.set(name, value);
-    }
-    seen.add(name.toLowerCase());
-  });
-  const nativeResponse = ServerHttpResponseDecorator.getNativeResponse(response);
-  for (const name of nativeResponse.getRawHeaderNames()) {
-    const nameLowerCase = name.toLowerCase();
-    if (!seen.has(nameLowerCase)) {
-      const value = response.headers.get(nameLowerCase);
-      if (value !== void 0) {
-        headers2.push(`${name}: ${value}`);
-      }
-    }
-  }
-  nativeResponse.markHeadersSent();
-}
-async function initRoute(path, route, endpoint, storage, onSocketError) {
-  try {
-    logger5.info(`creating ws server for [${path}]. max connections: ${route.maxConnections ?? "<unlimited>"}, origin filters: ${route.originFilters ? JSON.stringify(route.originFilters, regexAwareReplacer) : "<none>"}`);
-    const wss = new WebSocketServer({
-      noServer: true,
-      WebSocket: ExtendedWebSocket,
-      autoPong: false
-    });
-    const handler = await route.factory({ endpoint, storage });
-    wss.on("error", (err) => {
-      logger5.error(`error starting the ws server for [${path}]`, err);
-    }).on("listening", () => {
-      logger5.info(`ws server for [${path}] is listening`);
-    }).on("headers", (headers2, request) => {
-      if (request.exchange !== void 0) {
-        const { response } = request.exchange;
-        applyHandshakeHeaders(headers2, response);
-      }
-    }).on("connection", (socket, request) => {
-      const handshake = createHandshakeInfo(request, socket.protocol);
-      socket.on("pong", () => socket.connected = true);
-      socket.on("ping", () => {
-      });
-      handler({ socket, handshake });
-    });
-    const pingInterval = route.ping;
-    if (pingInterval) {
-      const pingIntervalId = setInterval(() => {
-        for (const client of wss.clients) {
-          if (client.connected === false) {
-            client.terminate();
-          }
-          client.connected = false;
-          client.ping();
-        }
-      }, pingInterval);
-      wss.on("close", () => {
-        clearInterval(pingIntervalId);
-      });
-    }
-    route.upgradeStrategy = upgradeStrategy(path, route, wss, onSocketError);
-    route.close = async () => {
-      await handler.close?.call(handler);
-      logger5.info(`stopping ws server for [${path}]. clients: ${wss.clients?.size ?? 0}`);
-      wss.clients?.forEach((client) => {
-        client.terminate();
-      });
-      wss.close();
-    };
-  } catch (e) {
-    logger5.warn(`failed to init route ${path}`, e);
-  }
-}
-
-// src/server.ts
-var logger6 = getLogger2("app");
-function secureContextOptions(ssl) {
-  const options = {};
-  if (ssl.key) options.key = readFileSync(ssl.key);
-  if (ssl.cert) options.cert = readFileSync(ssl.cert);
-  if (ssl.ca) options.ca = readFileSync(ssl.ca);
-  return options;
-}
-async function createListener(builder, onSocketError) {
-  const httpHandler = builder.build();
-  return async (req, resOrUpgradeHead) => {
-    req.socket.addListener("error", onSocketError);
-    let res;
-    if (resOrUpgradeHead instanceof ExtendedHttpServerResponse) {
-      res = resOrUpgradeHead;
-    } else {
-      req.upgradeHead = resOrUpgradeHead;
-      res = new ExtendedHttpServerResponse(req);
-      res.assignSocket(req.socket);
-    }
-    const request = new HttpServerRequest(req);
-    const response = new HttpServerResponse(res);
-    const decoratedResponse = request.method === "HEAD" ? new HttpHeadResponseDecorator(response) : response;
-    await httpHandler(request, decoratedResponse);
-  };
-}
-function promisify(fn) {
-  return new Promise((resolve, reject) => {
-    const r = fn((err) => {
-      if (err) {
-        reject(err);
-      } else {
-        resolve(r);
-      }
-    });
-  });
-}
-function memoryMonitor(config) {
-  if (config) {
-    return start({
-      memoryLimit: config.memory_limit,
-      dumpLocation: config.dump_location,
-      dumpPrefix: config.dump_prefix,
-      reportInterval: config.report_interval,
-      maxBackups: config.max_backups
-    });
-  }
-}
-async function initBuilder(context) {
-  const storage = context.storage;
-  const security = await httpSecurity(context);
-  const sockets = webSockets(context);
-  const handler = compose(
-    server_header_default(context.serverHeader),
-    ...security,
-    ...sockets,
-    ...context.middleware,
-    // health check
-    async ({ request, response }, next) => {
-      if (request.method === "GET" && request.path === "/health") {
-        response.setStatusCode(HttpStatus.OK);
-        const buffer = Buffer.from("UP", "utf-8");
-        response.headers.set("Content-Type", "text/plain; charset=utf-8");
-        await response.body(buffer);
-      } else {
-        await next();
-      }
-    },
-    // home page
-    async ({ request, response }, next) => {
-      if (request.method === "GET" && request.path === "/") {
-        response.setStatusCode(HttpStatus.OK);
-        const buffer = Buffer.from("io.Gateway Server", "utf-8");
-        response.headers.set("Content-Type", "text/plain; charset=utf-8");
-        await response.body(buffer);
-      } else {
-        await next();
-      }
-    },
-    // not found
-    async ({ response }, _next) => {
-      response.setStatusCode(HttpStatus.NOT_FOUND);
-      await response.end();
-    }
-  );
-  return new WebHttpHandlerBuilder(handler).storage(storage);
-}
-var Factory = async (options) => {
-  const ssl = options.ssl;
-  const createServer = ssl ? (options2, handler) => https.createServer({ ...options2, ...secureContextOptions(ssl) }, handler) : (options2, handler) => http2.createServer(options2, handler);
-  const monitor = memoryMonitor(options.memory);
-  const context = {
-    middleware: [],
-    corsConfig: options.cors,
-    cors: [],
-    authConfig: options.auth,
-    authorize: [],
-    storage: new AsyncLocalStorage4(),
-    sockets: /* @__PURE__ */ new Map()
-  };
-  const gw = IOGateway6.Factory({ ...options.gateway });
-  if (options.gateway) {
-    const config = options.gateway;
-    await configure(async (configurer) => {
-      configurer.socket({ path: config.route, factory: core_default.bind(gw), options: config });
-    }, options, context);
-  }
-  if (options.app) {
-    await configure(options.app, options, context);
-  }
-  const ports = portRange(options.port ?? 0);
-  const host = options.host;
-  const onSocketError = (err) => logger6.error(`socket error: ${err}`, err);
-  const builder = await initBuilder(context);
-  const listener = await createListener(builder, onSocketError);
-  const serverP = new Promise((resolve, reject) => {
-    const server2 = createServer({
-      IncomingMessage: ExtendedHttpIncomingMessage,
-      ServerResponse: ExtendedHttpServerResponse,
-      ...options.http
-    }, listener);
-    server2.on("error", (e) => {
-      if (e["code"] === "EADDRINUSE") {
-        logger6.debug(`port ${e["port"]} already in use on address ${e["address"]}`);
-        const { value: port } = ports.next();
-        if (port) {
-          logger6.info(`retry starting server on port ${port} and host ${host ?? "<unspecified>"}`);
-          server2.close();
-          server2.listen(port, host);
-        } else {
-          logger6.warn(`all configured port(s) ${options.port} are in use. closing...`);
-          server2.close();
-          reject(e);
-        }
-      } else {
-        logger6.error(`server error: ${e.message}`, e);
-        reject(e);
-      }
-    });
-    server2.on("listening", async () => {
-      const info2 = server2.address();
-      for (const [path, route] of context.sockets) {
-        const endpoint = `${ssl ? "wss" : "ws"}://${localIp}:${info2.port}${path}`;
-        await initRoute(path, route, endpoint, context.storage, onSocketError);
-      }
-      logger6.info(`http server listening on ${info2.address}:${info2.port}`);
-      resolve(server2);
-    });
-    server2.on("upgrade", (req, _socket, head) => {
-      try {
-        listener(req, head);
-      } catch (err) {
-        logger6.error(`upgrade error: ${err}`, err);
-      }
-    }).on("close", async () => {
-      logger6.info(`http server closed.`);
-    });
-    try {
-      const { value: port } = ports.next();
-      server2.listen(port, host);
-    } catch (e) {
-      logger6.error(`error starting web socket server`, e);
-      reject(e instanceof Error ? e : new Error(`listen failed: ${e}`));
-    }
-  });
-  const server = await serverP;
-  return new class {
-    gateway = gw;
-    async close() {
-      for (const [path, route] of context.sockets) {
-        try {
-          if (route.close !== void 0) {
-            await route.close();
-          }
-        } catch (e) {
-          logger6.warn(`error closing route ${path}`, e);
-        }
-      }
-      await promisify((cb) => {
-        server.closeAllConnections();
-        server.close(cb);
-      });
-      if (monitor) {
-        await stop(monitor);
-      }
-      if (gw) {
-        await gw.stop();
-      }
-    }
-  }();
-};
-
-// src/index.ts
-var index_default = Factory;
-export {
-  server_exports as GatewayServer,
-  index_default as default
-};
+var jt=Object.defineProperty;var Vt=(t,e)=>{for(var r in e)jt(t,r,{get:e[r],enumerable:!0})};var Gt={};Vt(Gt,{Factory:()=>Xe});import En from"node:http";import Cn from"node:https";import{readFileSync as Ke}from"node:fs";import{AsyncLocalStorage as An}from"node:async_hooks";import{IOGateway as Hn}from"@interopio/gateway";import*as Te from"@interopio/gateway/logging/core";function b(t){return Te.getLogger(`gateway.server.${t}`)}function Ze(t,e){return e instanceof RegExp?e.toString():e}import{IOGateway as Jt}from"@interopio/gateway";import{AsyncLocalStorage as Yt}from"node:async_hooks";var Qt=Jt.Encoding,M=b("ws"),Kt=Qt.json();function Xt(t){let e;if(t.authenticated&&(e=t.name,e===void 0&&t.principal!==void 0)){let r=t.principal;typeof r=="object"&&(e=r.name),e===void 0&&(r===void 0?e="":e=String(r))}return e}function Zt(t,e,r){let n=`${r?.address}:${r?.port}`,o=r?.address??"<unknown>",s={key:n,host:o,codec:Kt,onAuthenticate:async()=>{let i=await e();if(i?.authenticated)return{type:"success",user:Xt(i)};throw new Error(`no valid client authentication ${n}`)},onPing:()=>{t.ping(i=>{i?M.warn(`failed to ping ${n}`,i):M.info(`ping sent to ${n}`)})},onDisconnect:i=>{switch(i){case"inactive":{M.warn(`no heartbeat (ping) received from ${n}, closing socket`),t.close(4001,"ping expected");break}case"shutdown":{t.close(1001,"shutdown");break}}}};try{return this.client(i=>t.send(i),s)}catch(i){M.warn(`${n} failed to create client`,i)}}async function er(t){return M.info(`starting gateway on ${t.endpoint}`),await this.start(t),async({socket:e,handshake:r})=>{let{logPrefix:n,remoteAddress:o,principal:s}=r;M.info(`${n}connected on gw using ${o?.address}`);let i=Zt.call(this,e,s,o);if(!i){M.error(`${n}gw client init failed`),e.terminate();return}e.on("error",c=>{M.error(`${n}websocket error: ${c}`,c)});let a=t.storage!==void 0?Yt.snapshot():void 0;e.on("message",(c,d)=>{Array.isArray(c)&&(c=Buffer.concat(c)),a!==void 0?a(()=>i.send(c)):i.send(c)}),e.on("close",c=>{M.info(`${n}disconnected from gw. code: ${c}`),i.close()})}}var et=er;function tt(...t){if(!Array.isArray(t))throw new Error("middleware must be array!");let e=t.flat();for(let r of e)if(typeof r!="function")throw new Error("middleware must be compose of functions!");return async function(r,n){let o=async(s,i)=>{let a=s===e.length?n:e[s];if(a===void 0)return;let c=!1,d=!1,l=await a(i,async g=>{if(c)throw new Error("next() called multiple times");c=!0;try{return await o(s+1,g??i)}finally{d=!0}});if(c&&!d)throw new Error(`middleware resolved before downstream.
+	 You are probably missing an await or return statement in your middleware function.`);return l};return o(0,r)}}import{Cookie as ke}from"tough-cookie";function tr(t,e){let r=t.get("x-forwarded-for");if(r===void 0){if(r=t.get("x-forwarded-host"),Array.isArray(r)&&(r=r[0]),r){let n=t.one("x-forwarded-port");n&&(r=`${r}:${n}`)}r??=t.one("host")}return Array.isArray(r)&&(r=r[0]),r?r.split(",",1)[0].trim():e}function rr(t,e){let r=t.get("x-forwarded-proto");return Array.isArray(r)&&(r=r[0]),r!==void 0?r.split(",",1)[0].trim():e}var ne=class{#e;constructor(e){this.#e=e}get headers(){return this.#e}},oe=class t extends ne{static logIdCounter=0;#e;get id(){return this.#e===void 0&&(this.#e=`${this.initId()}-${++t.logIdCounter}`),this.#e}initId(){return"request"}get cookies(){return or(this.headers)}parseHost(e){return tr(this.headers,e)}parseProtocol(e){return rr(this.headers,e)}},ie=class extends ne{get cookies(){return ir(this.headers)}setCookieValue(e){return new ke({key:e.name,value:e.value,maxAge:e.maxAge,domain:e.domain,path:e.path,secure:e.secure,httpOnly:e.httpOnly,sameSite:e.sameSite}).toString()}};function nr(t){let e=[];{let r=0,n=0;for(let o=0;o<t.length;o++)switch(t.charCodeAt(o)){case 32:r===n&&(r=n=o+1);break;case 44:e.push(t.slice(r,n)),r=n=o+1;break;default:n=n+1;break}e.push(t.slice(r,n))}return e}function rt(t){typeof t=="string"&&(t=[t]),typeof t=="number"&&(t=[String(t)]);let e=[];if(t)for(let r of t)r&&e.push(...nr(r));return e}function or(t){return t.list("cookie").map(e=>e.split(";").map(r=>ke.parse(r))).flat(1).filter(e=>e!==void 0).map(e=>Object.freeze({name:e.key,value:e.value}))}function ir(t){return t.list("set-cookie").map(e=>{let r=ke.parse(e);if(r){let n={name:r.key,value:r.value,maxAge:Number(r.maxAge??-1)};return r.httpOnly&&(n.httpOnly=!0),r.domain&&(n.domain=r.domain),r.path&&(n.path=r.path),r.secure&&(n.secure=!0),r.httpOnly&&(n.httpOnly=!0),r.sameSite&&(n.sameSite=r.sameSite),Object.freeze(n)}}).filter(e=>e!==void 0)}var X=class{constructor(){}toList(e){let r=this.get(e);return rt(r)}},v=class extends Map{get(e){return super.get(e.toLowerCase())}one(e){return this.get(e)?.[0]}list(e){let r=super.get(e.toLowerCase());return rt(r)}set(e,r){return typeof r=="number"&&(r=String(r)),typeof r=="string"&&(r=[r]),r?super.set(e.toLowerCase(),r):(super.delete(e.toLowerCase()),this)}add(e,r){let n=super.get(e.toLowerCase());return typeof r=="string"&&(r=[r]),n&&(r=n.concat(r)),this.set(e,r),this}};var Oe=class{#e;constructor(e){this.#e=e}get value(){return this.#e}toString(){return this.#e.toString()}},f=class t{static CONTINUE=new t(100,"Continue");static SWITCHING_PROTOCOLS=new t(101,"Switching Protocols");static OK=new t(200,"OK");static CREATED=new t(201,"Created");static ACCEPTED=new t(202,"Accepted");static NON_AUTHORITATIVE_INFORMATION=new t(203,"Non-Authoritative Information");static NO_CONTENT=new t(204,"No Content");static RESET_CONTENT=new t(205,"Reset Content");static PARTIAL_CONTENT=new t(206,"Partial Content");static MULTI_STATUS=new t(207,"Multi-Status");static IM_USED=new t(226,"IM Used");static MULTIPLE_CHOICES=new t(300,"Multiple Choices");static MOVED_PERMANENTLY=new t(301,"Moved Permanently");static BAD_REQUEST=new t(400,"Bad Request");static UNAUTHORIZED=new t(401,"Unauthorized");static FORBIDDEN=new t(403,"Forbidden");static NOT_FOUND=new t(404,"Not Found");static METHOD_NOT_ALLOWED=new t(405,"Method Not Allowed");static NOT_ACCEPTABLE=new t(406,"Not Acceptable");static PROXY_AUTHENTICATION_REQUIRED=new t(407,"Proxy Authentication Required");static REQUEST_TIMEOUT=new t(408,"Request Timeout");static CONFLICT=new t(409,"Conflict");static GONE=new t(410,"Gone");static LENGTH_REQUIRED=new t(411,"Length Required");static PRECONDITION_FAILED=new t(412,"Precondition Failed");static PAYLOAD_TOO_LARGE=new t(413,"Payload Too Large");static URI_TOO_LONG=new t(414,"URI Too Long");static UNSUPPORTED_MEDIA_TYPE=new t(415,"Unsupported Media Type");static EXPECTATION_FAILED=new t(417,"Expectation Failed");static IM_A_TEAPOT=new t(418,"I'm a teapot");static TOO_EARLY=new t(425,"Too Early");static UPGRADE_REQUIRED=new t(426,"Upgrade Required");static PRECONDITION_REQUIRED=new t(428,"Precondition Required");static TOO_MANY_REQUESTS=new t(429,"Too Many Requests");static REQUEST_HEADER_FIELDS_TOO_LARGE=new t(431,"Request Header Fields Too Large");static UNAVAILABLE_FOR_LEGAL_REASONS=new t(451,"Unavailable For Legal Reasons");static INTERNAL_SERVER_ERROR=new t(500,"Internal Server Error");static NOT_IMPLEMENTED=new t(501,"Not Implemented");static BAD_GATEWAY=new t(502,"Bad Gateway");static SERVICE_UNAVAILABLE=new t(503,"Service Unavailable");static GATEWAY_TIMEOUT=new t(504,"Gateway Timeout");static HTTP_VERSION_NOT_SUPPORTED=new t(505,"HTTP Version Not Supported");static VARIANT_ALSO_NEGOTIATES=new t(506,"Variant Also Negotiates");static INSUFFICIENT_STORAGE=new t(507,"Insufficient Storage");static LOOP_DETECTED=new t(508,"Loop Detected");static NOT_EXTENDED=new t(510,"Not Extended");static NETWORK_AUTHENTICATION_REQUIRED=new t(511,"Network Authentication Required");static#e=[];static{Object.keys(t).filter(e=>e!=="VALUES"&&e!=="resolve").forEach(e=>{let r=t[e];r instanceof t&&(Object.defineProperty(r,"name",{enumerable:!0,value:e,writable:!1}),t.#e.push(r))})}static resolve(e){for(let r of t.#e)if(r.value===e)return r}#r;#t;constructor(e,r){this.#r=e,this.#t=r}get value(){return this.#r}get phrase(){return this.#t}toString(){return`${this.#r} ${this.name}`}};function nt(t){if(typeof t=="number"){if(t<100||t>999)throw new Error(`status code ${t} should be in range 100-999`);let e=f.resolve(t);return e!==void 0?e:new Oe(t)}return t}import Le from"node:http";var se=class extends Le.IncomingMessage{exchange;upgradeHead;get urlBang(){return this.url}get socketEncrypted(){return this.socket.encrypted===!0}},U=class extends Le.ServerResponse{markHeadersSent(){this._header=!0}getRawHeaderNames(){return super.getRawHeaderNames()}},ae=class extends oe{},ce=class extends ie{#e=[];#r;#t="new";#o=[];setStatusCode(e){return this.#t==="committed"?!1:(this.#r=e,!0)}setRawStatusCode(e){return this.setStatusCode(e===void 0?void 0:nt(e))}get statusCode(){return this.#r}addCookie(e){if(this.#t==="committed")throw new Error(`Cannot add cookie ${JSON.stringify(e)} because HTTP response has already been committed`);return this.#e.push(e),this}beforeCommit(e){this.#o.push(e)}get commited(){let e=this.#t;return e!=="new"&&e!=="commit-action-failed"}async body(e){if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported yet");let r=await e;try{return await this.doCommit(async()=>await this.bodyInternal(Promise.resolve(r))).catch(n=>{throw n})}catch(n){throw n}}async end(){return this.commited?Promise.resolve(!1):this.doCommit(async()=>await this.bodyInternal(Promise.resolve()))}doCommit(e){let r=this.#t,n=Promise.resolve();if(r==="new")this.#t="committing",this.#o.length>0&&(n=this.#o.reduce((o,s)=>o.then(()=>s()),Promise.resolve()).catch(o=>{this.#t==="committing"&&(this.#t="commit-action-failed")}));else if(r==="commit-action-failed")this.#t="committing";else return Promise.resolve(!1);return n=n.then(()=>{this.applyStatusCode(),this.applyHeaders(),this.applyCookies(),this.#t="committed"}),n.then(async()=>e!==void 0?await e():!0)}applyStatusCode(){}applyHeaders(){}applyCookies(){}},q=class extends ae{#e;#r;#t;constructor(e){super(new Me(e)),this.#t=e}getNativeRequest(){return this.#t}get upgrade(){return this.#t.upgrade}get http2(){return this.#t.httpVersionMajor>=2}get path(){return this.URL?.pathname}get URL(){return this.#e??=new URL(this.#t.urlBang,`${this.protocol}://${this.host}`),this.#e}get query(){return this.URL?.search}get method(){return this.#t.method}get host(){let e;return this.#t.httpVersionMajor>=2&&(e=this.#t.headers[":authority"]),e??=this.#t.socket.remoteAddress,super.parseHost(e)}get protocol(){let e;return this.#t.httpVersionMajor>2&&(e=this.#t.headers[":scheme"]),e??=this.#t.socketEncrypted?"https":"http",super.parseProtocol(e)}get socket(){return this.#t.socket}get remoteAddress(){let e=this.#t.socket.remoteFamily,r=this.#t.socket.remoteAddress,n=this.#t.socket.remotePort;if(!(!e||!r||!n))return{family:e,address:r,port:n}}get cookies(){return this.#r??=super.cookies,this.#r}get body(){return Le.IncomingMessage.toWeb(this.#t)}async blob(){let e=[];if(this.body!==void 0)for await(let r of this.body)e.push(r);return new Blob(e,{type:this.headers.one("content-type")||"application/octet-stream"})}async text(){return await(await this.blob()).text()}async formData(){let r=await(await this.blob()).text();return new URLSearchParams(r)}async json(){let e=await this.blob();if(e.size===0)return;let r=await e.text();return JSON.parse(r)}initId(){let e=this.#t.socket.remoteAddress;if(!e)throw new Error("Socket has no remote address");return`${e}:${this.#t.socket.remotePort}`}},Me=class extends X{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.headers[e]!==void 0}get(e){return this.#e.headers[e]}list(e){return super.toList(e)}one(e){let r=this.#e.headers[e];return Array.isArray(r)?r[0]:r}keys(){return Object.keys(this.#e.headers).values()}},We=class extends X{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.hasHeader(e)}keys(){return this.#e.getHeaderNames().values()}get(e){return this.#e.getHeader(e)}one(e){let r=this.#e.getHeader(e);return Array.isArray(r)?r[0]:r}set(e,r){return this.#e.headersSent||(Array.isArray(r)?r=r.map(n=>typeof n=="number"?String(n):n):typeof r=="number"&&(r=String(r)),r?this.#e.setHeader(e,r):this.#e.removeHeader(e)),this}add(e,r){return this.#e.headersSent||this.#e.appendHeader(e,r),this}list(e){return super.toList(e)}},de=class extends ce{#e;constructor(e){super(new We(e)),this.#e=e}getNativeResponse(){return this.#e}get statusCode(){return super.statusCode??{value:this.#e.statusCode}}applyStatusCode(){let e=super.statusCode;e!==void 0&&(this.#e.statusCode=e.value)}addCookie(e){return this.headers.add("Set-Cookie",super.setCookieValue(e)),this}async bodyInternal(e){if(this.#e.headersSent)return!1;if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported in response");{let r=await e;return await new Promise((n,o)=>{try{r===void 0?this.#e.end(()=>{n(!0)}):(this.headers.has("content-length")||(typeof r=="string"?this.headers.set("content-length",Buffer.byteLength(r)):r instanceof Blob?this.headers.set("content-length",r.size):this.headers.set("content-length",r.byteLength)),this.#e.end(r,()=>{n(!0)}))}catch(s){o(s instanceof Error?s:new Error(`end failed: ${s}`))}})}}},ue=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get id(){return this.#e.id}get method(){return this.#e.method}get path(){return this.#e.path}get protocol(){return this.#e.protocol}get host(){return this.#e.host}get URL(){return this.#e.URL}get headers(){return this.#e.headers}get cookies(){return this.#e.cookies}get remoteAddress(){return this.#e.remoteAddress}get upgrade(){return this.#e.upgrade}get body(){return this.#e.body}async blob(){return await this.#e.blob()}async text(){return await this.#e.text()}async formData(){return await this.#e.formData()}async json(){return await this.#e.json()}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeRequest(e){if(e instanceof ae)return e.getNativeRequest();if(e instanceof t)return t.getNativeRequest(e.delegate);throw new Error(`Cannot get native request from ${e.constructor.name}`)}},_=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}setStatusCode(e){return this.delegate.setStatusCode(e)}setRawStatusCode(e){return this.delegate.setRawStatusCode(e)}get statusCode(){return this.delegate.statusCode}get cookies(){return this.delegate.cookies}addCookie(e){return this.delegate.addCookie(e),this}async end(){return await this.delegate.end()}async body(e){return await this.#e.body(e)}get headers(){return this.#e.headers}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeResponse(e){if(e instanceof ce)return e.getNativeResponse();if(e instanceof t)return t.getNativeResponse(e.delegate);throw new Error(`Cannot get native response from ${e.constructor.name}`)}},le=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get request(){return this.#e.request}get response(){return this.#e.response}attribute(e){return this.#e.attribute(e)}principal(){return this.#e.principal()}get logPrefix(){return this.#e.logPrefix}toString(){return`${t.name} [delegate: ${this.delegate}]`}},he=class{request;response;#e={};#r;#t="";constructor(e,r){this.#e[ot]=e.id,this.request=e,this.response=r}get method(){return this.request.method}get path(){return this.request.path}get attributes(){return this.#e}attribute(e){return this.attributes[e]}principal(){return Promise.resolve(void 0)}get logPrefix(){let e=this.attribute(ot);return this.#r!==e&&(this.#r=e,this.#t=e!==void 0?`[${e}] `:""),this.#t}},ot="io.interop.gateway.server.log_id";import{networkInterfaces as sr}from"node:os";var ar=/^(\d+|(0x[\da-f]+))(-(\d+|(0x[\da-f]+)))?$/i;function Ie(t){if(t>65535)throw new Error(`bad port ${t}`);return t}function*it(t){if(typeof t=="string")for(let e of t.split(",")){let r=e.trim(),n=ar.exec(r);if(n){let o=parseInt(n[1]),s=parseInt(n[4]??n[1]);for(let i=Ie(o);i<Ie(s)+1;i++)yield i}else throw new Error(`'${e}' is not a valid port or range.`)}else yield Ie(t)}var st=(()=>{function t(r){return r.length>0?r[0]:void 0}let e=Object.values(sr()).flatMap(r=>(r??[]).filter(n=>n.family==="IPv4")).reduce((r,n)=>(r[n.internal?"internal":"external"].push(n),r),{internal:[],external:[]});return(t(e.internal)??t(e.external))?.address})();import{getHeapStatistics as cr,writeHeapSnapshot as dr}from"node:v8";import{access as ur,mkdir as lr,rename as at,unlink as hr}from"node:fs/promises";var y=b("monitoring"),pr={memoryLimit:1024*1024*1024,reportInterval:600*1e3,dumpLocation:".",maxBackups:10,dumpPrefix:"Heap"};function fr(){return cr()}async function ct(t){let e=t.dumpPrefix??"Heap",r=`${t.dumpLocation}/${e}.heapsnapshot`;y.enabledFor("debug")&&y.debug(`starting heap dump in ${r}`),await $e(t.dumpLocation).catch(async o=>{y.enabledFor("debug")&&y.debug(`dump location  ${t.dumpLocation} does not exists. Will try to create it`);try{await lr(t.dumpLocation,{recursive:!0}),y.info(`dump location dir ${t.dumpLocation} successfully created`)}catch{y.error(`failed to create dump location ${t.dumpLocation}`)}});let n=dr(r);y.info("heap dumped");try{y.debug("rolling snapshot backups");let o=`${t.dumpLocation}/${e}.${t.maxBackups}.heapsnapshot`;await $e(o).then(async()=>{y.enabledFor("debug")&&y.debug(`deleting ${o}`);try{await hr(o)}catch(i){y.warn(`failed to delete ${o}`,i)}}).catch(()=>{});for(let i=t.maxBackups-1;i>0;i--){let a=`${t.dumpLocation}/${e}.${i}.heapsnapshot`,c=`${t.dumpLocation}/${e}.${i+1}.heapsnapshot`;await $e(a).then(async()=>{try{await at(a,c)}catch(d){y.warn(`failed to rename ${a} to ${c}`,d)}}).catch(()=>{})}let s=`${t.dumpLocation}/${e}.1.heapsnapshot`;try{await at(n,s)}catch(i){y.warn(`failed to rename ${n} to ${s}`,i)}y.debug("snapshots rolled")}catch(o){throw y.error("error rolling backups",o),o}}async function $e(t){y.enabledFor("trace")&&y.debug(`checking file ${t}`),await ur(t)}async function gr(t,e,r){y.enabledFor("debug")&&y.debug(`processing heap stats ${JSON.stringify(t)}`);let n=Math.min(r.memoryLimit,.95*t.heap_size_limit),o=t.used_heap_size;y.info(`heap stats ${JSON.stringify(t)}`),o>=n?(y.warn(`used heap ${o} bytes exceeds memory limit ${n} bytes`),e.memoryLimitExceeded?delete e.snapshot:(e.memoryLimitExceeded=!0,e.snapshot=!0),await ct(r)):(e.memoryLimitExceeded=!1,delete e.snapshot)}function dt(t){let e={...pr,...t},r=!1,n={memoryLimitExceeded:!1},o=async()=>{let a=fr();await gr(a,n,e)},s=setInterval(o,e.reportInterval);return{...e,channel:async a=>{if(!r)switch(a??="run",a){case"run":{await o();break}case"dump":{await ct(e);break}case"stop":{r=!0,clearInterval(s),y.info("exit memory diagnostic");break}}return r}}}async function mr({channel:t},e){await t(e)||y.warn(`cannot execute command "${e}" already closed`)}async function ut(t){return await mr(t,"stop")}import lt from"@interopio/gateway-server/package.json"with{type:"json"};var Sr=t=>(t??=`${lt.name} - v${lt.version}`,async({response:e},r)=>{t!==!1&&!e.headers.has("server")&&e.headers.set("Server",t),await r()}),ht=t=>Sr(t);import{IOGateway as pe}from"@interopio/gateway";var Ne=b("gateway.ws.client-verify");function wr(t){switch(t.missing){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function br(t,e){let r=t.block??t.blacklist,n=t.allow??t.whitelist;if(r.length>0&&pe.Filtering.valuesMatch(r,e))return Ne.warn(`origin ${e} matches block filter`),!1;if(n.length>0&&pe.Filtering.valuesMatch(n,e))return Ne.enabledFor("debug")&&Ne.debug(`origin ${e} matches allow filter`),!0}function vr(t){switch(t.non_matched){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function pt(t,e){if(!e)return!0;if(t){let r=br(e,t);return r||vr(e)}else return wr(e)}function ft(t){if(t){let e=(t.block??t.blacklist??[]).map(pe.Filtering.regexify),r=(t.allow??t.whitelist??[]).map(pe.Filtering.regexify);return{non_matched:t.non_matched??"allow",missing:t.missing??"allow",allow:r,block:e}}}var gt=t=>async e=>{for(let r of t)if((await r(e)).match)return A();return E},z=t=>{let e=async r=>{for(let n of t)if(!(await n(r)).match)return E;return A()};return e.toString=()=>`and(${t.map(r=>r.toString()).join(", ")})`,e},mt=t=>async e=>(await t(e)).match?E:A(),Z=async t=>A();Z.toString=()=>"any-exchange";var yt=Object.freeze({}),E=Object.freeze({match:!1,variables:yt}),A=(t=yt)=>({match:!0,variables:t}),H=(t,e)=>{let r=e?.method,n=async o=>{let s=o.request,i=s.path;if(r!==void 0&&s.method!==r)return E;if(typeof t=="string")return i===t?A():E;{let a=t.exec(i);return a===null?E:{match:!0,variables:{...a.groups}}}};return n.toString=()=>`pattern(${t.toString()}, method=${r??"<any>"})`,n},Fe=t=>{let e=r=>{if(t.ignoredMediaTypes!==void 0){for(let n of t.ignoredMediaTypes)if(r===n||n==="*/*")return!0}return!1};return async r=>{let n=r.request,o;try{o=n.headers.list("accept")}catch{return E}for(let s of o)if(!e(s)){for(let i of t.mediaTypes)if(s.startsWith(i))return A()}return E}},B=async({request:t})=>t.upgrade&&t.headers.one("upgrade")?.toLowerCase()==="websocket"?A():E;B.toString=()=>"websocket upgrade";import{IOGateway as St}from"@interopio/gateway";async function Be(t,e,r){let n=(s,i)=>{if(i?.cors){let a=i.cors===!0?{allowOrigins:i.origins?.allow?.map(St.Filtering.regexify),allowMethods:s.method===void 0?["*"]:[s.method],allowCredentials:i.authorize?.access!=="permitted"?!0:void 0}:i.cors,c=s.path;r.cors.push([c,a])}},o=new class{handle(...s){s.forEach(({request:i,options:a,handler:c})=>{let d=H(St.Filtering.regexify(i.path),{method:i.method});a?.authorize&&r.authorize.push([d,a.authorize]),n(i,a);let u=async(l,g)=>{let{match:p,variables:h}=await d(l);p?await c(l,h):await g()};r.middleware.push(u)})}socket(...s){for(let{path:i,factory:a,options:c}of s){let d=i??"/";r.sockets.set(d,{default:i===void 0,ping:c?.ping,factory:a,maxConnections:c?.maxConnections,authorize:c?.authorize,originFilters:ft(c?.origins)})}}};await t(o,e)}import{IOGateway as Ue}from"@interopio/gateway";function Er(t){let e=t.headers.one("origin");if(e===void 0)return!0;let r=t.URL,n=r.protocol,o=r.host,s=URL.parse(e),i=s?.host,a=s?.protocol;return n===a&&o===i}function Cr(t){return t.headers.has("origin")&&!Er(t)}function bt(t){return t.method==="OPTIONS"&&t.headers.has("origin")&&t.headers.has("access-control-request-method")}var wt=["Origin","Access-Control-Request-Method","Access-Control-Request-Headers"],Ar=(t,e)=>{let{request:r,response:n}=t,o=n.headers;if(!o.has("Vary"))o.set("Vary",wt.join(", "));else{let i=o.list("Vary");for(let a of wt)i.find(c=>c===a)||i.push(a);o.set("Vary",i.join(", "))}try{if(!Cr(r))return!0}catch{return P.enabledFor("debug")&&P.debug("reject: origin is malformed"),ee(n),!1}if(o.has("access-control-allow-origin"))return P.enabledFor("trace")&&P.debug('skip: already contains "Access-Control-Allow-Origin"'),!0;let s=bt(r);return e?Pr(t,e,s):s?(ee(n),!1):!0},ge=["*"],De=["GET","HEAD","POST"],vt={allowOrigins:ge,allowMethods:De,allowHeaders:ge,maxAge:1800};function me(t){if(t){let e=t.allowHeaders;e&&e!==S&&(t={...t,allowHeaders:e.map(n=>n.toLowerCase())});let r=t.allowOrigins;return r&&(r==="*"?(Et(t),Ct(t)):t={...t,allowOrigins:r.map(n=>typeof n=="string"&&n!==S&&(n=Ue.Filtering.regexify(n),typeof n=="string")?At(n).toLowerCase():n)}),t}}function fe(t,e){if(e===void 0)return t!==void 0?t===S?[S]:t:[];if(t===void 0)return e===S?[S]:e;if(t==ge||t===De)return e===S?[S]:e;if(e==ge||e===De)return t===S?[S]:t;if(t===S||t.includes(S)||e===S||e.includes(S))return[S];let r=new Set;return t.forEach(n=>r.add(n)),e.forEach(n=>r.add(n)),Array.from(r)}var te=(t,e)=>e===void 0?t:{allowOrigins:fe(t.allowOrigins,e?.allowOrigins),allowMethods:fe(t.allowMethods,e?.allowMethods),allowHeaders:fe(t.allowHeaders,e?.allowHeaders),exposeHeaders:fe(t.exposeHeaders,e?.exposeHeaders),allowCredentials:e?.allowCredentials??t.allowCredentials,allowPrivateNetwork:e?.allowPrivateNetwork??t.allowPrivateNetwork,maxAge:e?.maxAge??t.maxAge},Hr=t=>{let e=t.corsConfigSource,r=t.corsProcessor??Ar;return async(n,o)=>{let s=await e(n);!r(n,s)||bt(n.request)||await o()}},xt=Hr,P=b("cors");function ee(t){t.setStatusCode(f.FORBIDDEN)}function Pr(t,e,r){let{request:n,response:o}=t,s=o.headers,i=n.headers.one("origin"),a=Tr(e,i);if(a===void 0)return P.enabledFor("debug")&&P.debug(`reject: '${i}' origin is not allowed`),ee(o),!1;let c=Mr(n,r),d=kr(e,c);if(d===void 0)return P.enabledFor("debug")&&P.debug(`reject: HTTP '${c}' is not allowed`),ee(o),!1;let u=Wr(n,r),l=Or(e,u);if(r&&l===void 0)return P.enabledFor("debug")&&P.debug(`reject: headers '${u}' are not allowed`),ee(o),!1;s.set("Access-Control-Allow-Origin",a),r&&s.set("Access-Control-Allow-Methods",d.join(",")),r&&l!==void 0&&l.length>0&&s.set("Access-Control-Allow-Headers",l.join(", "));let g=e.exposeHeaders;return g&&g.length>0&&s.set("Access-Control-Expose-Headers",g.join(", ")),e.allowCredentials&&s.set("Access-Control-Allow-Credentials","true"),e.allowPrivateNetwork&&n.headers.one("access-control-request-private-network")==="true"&&s.set("Access-Control-Allow-Private-Network","true"),r&&e.maxAge!==void 0&&s.set("Access-Control-Max-Age",e.maxAge.toString()),!0}var S="*",Rr=["GET","HEAD"];function Et(t){if(t.allowCredentials===!0&&t.allowOrigins===S)throw new Error('when allowCredentials is true allowOrigins cannot be "*"')}function Ct(t){if(t.allowPrivateNetwork===!0&&t.allowOrigins===S)throw new Error('when allowPrivateNetwork is true allowOrigins cannot be "*"')}function Tr(t,e){if(e){let r=t.allowOrigins;if(r){if(r===S)return Et(t),Ct(t),S;let n=At(e.toLowerCase());for(let o of r)if(o===S||Ue.Filtering.valueMatches(o,n))return e}}}function kr(t,e){if(e){let r=t.allowMethods??Rr;if(r===S)return[e];if(Ue.Filtering.valuesMatch(r,e))return r}}function Or(t,e){if(e===void 0)return;if(e.length==0)return[];let r=t.allowHeaders;if(r===void 0)return;let n=r===S||r.includes(S),o=[];for(let s of e){let i=s?.trim();if(i){if(n)o.push(i);else for(let a of r)if(i.toLowerCase()===a){o.push(i);break}}}if(o.length>0)return o}function At(t){return t.endsWith("/")?t.slice(0,-1):t}function Mr(t,e){return e?t.headers.one("access-control-request-method"):t.method}function Wr(t,e){let r=t.headers;return e?r.list("access-control-request-headers"):Array.from(r.keys())}var Ht=t=>async e=>{for(let[r,n]of t.mappings)if((await r(e)).match)return P.debug(`resolved cors config on '${e.request.path}' using ${r}: ${JSON.stringify(n)}`),n};import{IOGateway as Lr}from"@interopio/gateway";function Pt(t){let{sockets:e,cors:r}=t,n=t.corsConfig===!1?void 0:te(vt,t.corsConfig),o=[];for(let[i,a]of e){let c=n;for(let[u,l]of r)Lr.Filtering.valueMatches(u,i)&&(l===void 0?c=void 0:c=c===void 0?l:te(c,l));let d=t.corsConfig===!1?void 0:{allowOrigins:a.originFilters?.allow,allowMethods:["GET","CONNECT","OPTIONS"],allowHeaders:["Upgrade","Connection","Origin","Sec-Websocket-Key","Sec-Websocket-Version","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],exposeHeaders:["Sec-Websocket-Accept","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],allowCredentials:a.authorize?.access!=="permitted"?!0:void 0};c=c===void 0?d:te(c,d),o.push([z([B,H(i)]),me(c)])}let s=[];for(let[i,a]of r){let[,c]=s.find(([u])=>String(u)===String(i))??[i,n];c=c===void 0?a:te(c,a);let d=!1;for(let u of s)if(String(u[0])===String(i)){u[1]=c,d=!0;break}d||s.push([i,c])}for(let[i,a]of s)o.push([H(i),me(a)]);return o.push([H(/\/api\/.*/),me(n)]),Ht({mappings:o})}function Rt(t){return t!==void 0&&typeof t.type=="string"&&typeof t.authenticated=="boolean"}var C=class extends Error{_authentication;get authentication(){return this._authentication}set authentication(e){if(e===void 0)throw new TypeError("Authentication cannot be undefined");this._authentication=e}},ye=class extends C{},Se=class extends C{};var D=class extends Error{},W=class{constructor(e){this.granted=e}granted},$=class{#e;constructor(e){this.#e=e}async verify(e,r){if(!(await this.#e(e,r))?.granted)throw new D("Access denied")}async authorize(e,r){return await this.#e(e,r)}},G=class extends C{};var R=t=>async e=>{let r=!0,{response:n}=e;for(let o of t.keys())n.headers.has(o)&&(r=!1);if(r)for(let[o,s]of t)n.headers.set(o,s)},Ir=()=>R(new v().add("cache-control","no-cache, no-store, max-age=0, must-revalidate").add("pragma","no-cache").add("expires","0")),$r=()=>R(new v().add("x-content-type-options","nosniff")),Nr=(t,e,r)=>{let n=`max-age=${t}`;e&&(n+=" ; includeSubDomains"),r&&(n+=" ; preload");let o=R(new v().add("strict-transport-security",n)),s=i=>i.request.URL.protocol==="https:";return async i=>{s(i)&&await o(i)}},Fr=t=>R(new v().add("x-frame-options",t)),Br=t=>R(new v().add("x-xss-protection",t)),Dr=t=>{let e=t===void 0?void 0:R(new v().add("permissions-policy",t));return async r=>{e!==void 0&&await e(r)}},Ur=(t,e)=>{let r=e?"content-security-policy-report-only":"content-security-policy",n=t===void 0?void 0:R(new v().add(r,t));return async o=>{n!==void 0&&await n(o)}},qr=(t="no-referrer")=>R(new v().add("referer-policy",t)),_r=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-opener-policy",t));return async r=>{e!==void 0&&await e(r)}},zr=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-embedder-policy",t));return async r=>{e!==void 0&&await e(r)}},Gr=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-resource-policy",t));return async r=>{e!==void 0&&await e(r)}},jr=(...t)=>async e=>{for(let r of t)await r(e)};function qe(t){let e=[];t?.cache?.disabled||e.push(Ir()),t?.contentType?.disabled||e.push($r()),t?.hsts?.disabled||e.push(Nr(t?.hsts?.maxAge??365*24*60*60,t?.hsts?.includeSubDomains??!0,t?.hsts?.preload??!1)),t?.frameOptions?.disabled||e.push(Fr(t?.frameOptions?.mode??"DENY")),t?.xss?.disabled||e.push(Br(t?.xss?.headerValue??"0")),t?.permissionsPolicy?.disabled||e.push(Dr(t?.permissionsPolicy?.policyDirectives)),t?.contentSecurityPolicy?.disabled||e.push(Ur(t?.contentSecurityPolicy?.policyDirectives??"default-src 'self'",t?.contentSecurityPolicy?.reportOnly)),t?.refererPolicy?.disabled||e.push(qr(t?.refererPolicy?.policy??"no-referrer")),t?.crossOriginOpenerPolicy?.disabled||e.push(_r(t?.crossOriginOpenerPolicy?.policy)),t?.crossOriginEmbedderPolicy?.disabled||e.push(zr(t?.crossOriginEmbedderPolicy?.policy)),t?.crossOriginResourcePolicy?.disabled||e.push(Gr(t?.crossOriginResourcePolicy?.policy)),t?.writers&&e.push(...t.writers);let r=jr(...e);return async(n,o)=>{await r(n),await o()}}var j=t=>{let e=t.entryPoint,r=t?.rethrowAuthenticationServiceError??!0;return async({exchange:n},o)=>{if(!r||!(o instanceof G))return e(n,o);throw o}};var Vr="Realm",Jr=t=>`Basic realm="${t}"`,V=t=>{let e=Jr(t?.realm??Vr);return async(r,n)=>{let{response:o}=r;o.setStatusCode(f.UNAUTHORIZED),o.headers.set("WWW-Authenticate",e)}};var Tt="Basic ",we=t=>async e=>{let{request:r}=e,n=r.headers.one("authorization");if(!n||!/basic/i.test(n.substring(0)))return;let o=n.length<=Tt.length?"":n.substring(Tt.length),i=Buffer.from(o,"base64").toString(t?.credentialsEncoding??"utf-8").split(":",2);if(i.length===2)return{type:"UsernamePassword",authenticated:!1,principal:i[0],credentials:i[1]}};import{AsyncLocalStorage as Qr}from"node:async_hooks";var N=class t{static hasSecurityContext(e){return e.getStore()?.securityContext!==void 0}static async getSecurityContext(e){return await e.getStore()?.securityContext}static clearSecurityContext(e){delete e.getStore()?.securityContext}static withSecurityContext(e){return(r=new Qr)=>(r.getStore().securityContext=e,r)}static withAuthentication(e){return t.withSecurityContext(Promise.resolve({authentication:e}))}static async getContext(e){if(t.hasSecurityContext(e))return t.getSecurityContext(e)}};async function Yr(t,e,r,n,o,s){let a=await(await n(t))?.(r);if(a===void 0)throw new Error("No authentication manager found for the exchange");try{await Kr(a,{exchange:t,next:e},o,s)}catch(c){throw c instanceof C,c}}async function Kr(t,e,r,n){N.withAuthentication(t)(n),await r(e,t)}function J(t){let e={matcher:Z,successHandler:async({next:n})=>{await n()},converter:we({}),failureHandler:j({entryPoint:V({})}),...t},r=e.managerResolver;if(r===void 0&&e.manager!==void 0){let n=e.manager;r=async o=>n}if(r===void 0)throw new Error("Authentication filter requires a managerResolver or a manager");return async(n,o)=>{let i=(await e.matcher(n)).match?await e.converter(n):void 0;if(i===void 0){await o();return}try{await Yr(n,o,i,r,e.successHandler,e.storage)}catch(a){if(a instanceof C){await e.failureHandler({exchange:n,next:o},a);return}throw a}}}var kt=t=>async(e,r)=>{e.response.setStatusCode(t.httpStatus)};var Q=b("auth.entry-point"),be=t=>{let e=t.defaultEntryPoint??(async({response:r},n)=>{r.setStatusCode(f.UNAUTHORIZED),await r.end()});return async(r,n)=>{for(let[o,s]of t.entryPoints)if(Q.enabledFor("debug")&&Q.debug(`trying to match using: ${o}`),(await o(r)).match)return Q.enabledFor("debug")&&Q.debug(`match found. using default entry point ${s}`),s(r,n);return Q.enabledFor("debug")&&Q.debug(`no match found. using default entry point ${e}`),e(r,n)}};var Ot=t=>async({exchange:e,next:r},n)=>{for(let o of t)await o({exchange:e,next:r},n)};function _e(t){let e=async g=>g.request.headers.list("X-Requested-With").includes("XMLHttpRequest")?A():E,r=be({entryPoints:[[e,kt({httpStatus:f.UNAUTHORIZED})]],defaultEntryPoint:V({})}),n=t.entryPoint??r,o=t.manager,s=Fe({mediaTypes:["application/atom+xml","application/x-www-form-urlencoded","application/json","application/octet-stream","application/xml","multipart/form-data","text/xml"],ignoredMediaTypes:["*/*"]}),i=mt(Fe({mediaTypes:["text/html"]})),a=z([i,s]),c=gt([e,a]);t.defaultEntryPoints.push([c,n]);let d=t.failureHandler??j({entryPoint:n}),u=Ot(t.successHandlers??t.defaultSuccessHandlers),l=we({});return J({storage:t.storage,manager:o,failureHandler:d,successHandler:u,converter:l})}var Mt={invalid_request:"invalid_request",invalid_token:"invalid_token",insufficient_scope:"insufficient_scope"},Wt="https://tools.ietf.org/html/rfc6750#section-3.1";function ve(t){return{errorCode:Mt.invalid_token,httpStatus:f.UNAUTHORIZED,description:t,uri:Wt}}function ze(t){return{errorCode:Mt.invalid_request,httpStatus:f.BAD_REQUEST,description:t,uri:Wt}}var Xr="access_token",Zr=/^Bearer\s+(?<token>[a-zA-Z0-9-._~+/]+=*)$/i,k=class extends C{error;constructor(e,r,n){super(r??(typeof e=="string"?void 0:e.description),n),this.error=typeof e=="string"?{errorCode:e}:e}},Lt=t=>t.type==="BearerToken",en=t=>async e=>{let{request:r}=e;return Promise.all([rn(r.headers,t?.headerName).then(n=>n!==void 0?[n]:void 0),nn(r,t?.uriQueryParameter),on(e,t?.formEncodedBodyParameter)]).then(n=>n.filter(o=>o!==void 0).flat(1)).then(tn).then(n=>{if(n)return{authenticated:!1,type:"BearerToken",token:n}})};async function tn(t){if(t.length===0)return;if(t.length>1){let r=ze("Found multiple access tokens in the request");throw new k(r)}let e=t[0];if(!e||e.length===0){let r=ze("The requested access token parameter is an empty string");throw new k(r)}return e}async function rn(t,e="authorization"){let r=t.one(e);if(!r||!/bearer/i.test(r.substring(0)))return;let n=Zr.exec(r);if(n===null){let o=ve("Bearer token is malformed");throw new k(o)}return n.groups?.token}async function It(t){let e=t.getAll(Xr);if(e.length!==0)return e}async function nn(t,e=!1){if(!(!e||t.method!=="GET"))return It(t.URL.searchParams)}async function on(t,e=!1){let{request:r}=t;if(!e||r.headers.one("content-type")!=="application/x-www-form-urlencoded"||r.method!=="POST")return;let n=await t.request.formData();if(n)return It(n)}var xe=en;function sn(t){let e="Bearer";if(t.size!==0){e+=" ";let r=0;for(let[n,o]of t)e+=`${n}="${o}"`,r!==t.size-1&&(e+=", "),r++}return e}var $t=t=>t.httpStatus!==void 0;function an(t){if(t instanceof k){let{error:e}=t;if($t(e))return e.httpStatus}return f.UNAUTHORIZED}function cn(t,e){let r=new Map;if(e&&r.set("realm",e),t instanceof k){let{error:n}=t;r.set("error",n.errorCode),n.description&&r.set("error_description",n.description),n.uri&&r.set("error_uri",n.uri),$t(n)&&n.scope&&r.set("scope",n.scope)}return r}var dn=t=>async(e,r)=>{let n=an(r),o=cn(r,t?.realmName),s=sn(o),{response:i}=e;i.headers.set("WWW-Authenticate",s),i.setStatusCode(n),await i.end()},Ee=dn;var un=t=>{let e=t?.principalClaimName??"sub";return r=>({type:"JwtToken",authenticated:!0,name:r.getClaimAsString(e)})},ln=t=>async e=>t(e),Y=class extends Error{},re=class extends Y{};function hn(t){if(t instanceof re)return new k(ve(t.message),t.message,{cause:t});throw new G(t.message,{cause:t})}function Ge(t){let e=t.decoder,r=t.authConverter??ln(un({}));return async n=>{if(Lt(n)){let o=n.token;try{let s=await e(o);return await r(s)}catch(s){throw s instanceof Y?hn(s):s}}}}function je(t){let e=t.entryPoint??Ee({}),r=t?.converter??xe({}),n=t.failureHandler??j({entryPoint:e});if(t.managerResolver!==void 0)return J({storage:t.storage,converter:r,failureHandler:n,managerResolver:t.managerResolver});if(t.jwt!==void 0){let o=t.jwt.manager??Ge(t.jwt);return J({storage:t.storage,converter:r,failureHandler:n,managerResolver:async s=>o})}throw new Error("Invalid resource server configuration: either managerResolver or jwt must be provided")}import{jwtVerifier as gn,JwtVerifyError as mn}from"@interopio/gateway/jose/jwt";async function Nt(t,e,r){let n=new ye("Full authentication is required to access this resource."),o=new C("Access Denied",{cause:n});e&&(o.authentication=e),await r(t,o)}function pn(t){return async(e,r)=>{e.response.setStatusCode(t),e.response.headers.set("Content-Type","text/plain; charset=utf-8");let n=Buffer.from("Access Denied","utf-8");e.response.headers.set("Content-Length",n.length),await e.response.body(n)}}var Ft=t=>{let e=pn(f.FORBIDDEN),r=t.authenticationEntryPoint??V();return async(n,o)=>{try{await o()}catch(s){if(s instanceof D){let i=await n.principal();Rt(i)?(i.authenticated||await e(n,s),await Nt(n,i,r)):await Nt(n,void 0,r);return}throw s}}};var fn=b("security.auth");function Ve(t){let e=async(r,n)=>{let o;for(let[s,i]of t.mappings)if((await s(n))?.match){fn.debug(`checking authorization on '${n.request.path}' using [${s}, ${i}]`);let a=await i.authorize(r,{exchange:n});if(a!==void 0){o=a;break}}return o??=new W(!1),o};return new $(e)}var Ce=b("security.auth");function Je(t){let{manager:e,storage:r}=t;return async(n,o)=>{let s=N.getContext(r).then(i=>i?.authentication);try{await e.verify(s,n),Ce.enabledFor("debug")&&Ce.debug("authorization successful")}catch(i){throw i instanceof D&&Ce.enabledFor("debug")&&Ce.debug(`authorization failed: ${i.message}`),i}await o()}}var Qe=class extends le{#e;constructor(e,r){super(e),this.#e=r}async principal(){return(await this.#e())?.authentication}},Bt=t=>{let e=t.storage;return async(r,n)=>{await n(new Qe(r,async()=>await N.getContext(e)))}};var L={first:Number.MAX_SAFE_INTEGER,http_headers:100,https_redirect:200,cors:300,http_basic:600,authentication:800,security_context_server_web_exchange:1500,error_translation:1800,authorization:1900,last:Number.MAX_SAFE_INTEGER},I=Symbol.for("filterOrder"),Dt=(t,e)=>{let r=[];class n{#e;#r=[];manager;get authenticationEntryPoint(){return this.#e!==void 0||this.#r.length===0?this.#e:this.#r.length===1?this.#r[0][1]:be({entryPoints:this.#r,defaultEntryPoint:this.#r[this.#r.length-1][1]})}build(){if(t.headers!==void 0&&t.headers.disabled!==!0){let a=qe(t.headers);a[I]=L.http_headers,r.push(a)}if(t.cors?.disabled!==!0&&e.corsConfigSource!==void 0){let a=xt({corsConfigSource:e.corsConfigSource});a[I]=L.cors,r.push(a)}if(t.basic!==void 0&&t.basic?.disabled!==!0){let a=t.basic.user?.name.toLowerCase(),c=t.basic.user?.password??"",d=t.basic.user?.authorities??[],u=async p=>{let h=p.principal,w=p.credentials;if(h.toLowerCase()!==a||w!==c)throw new Se("Invalid username or password");return{type:"UsernamePassword",authenticated:!0,principal:h,credentials:w,authorities:[...d]}},l=[async({exchange:p,next:h},w)=>h()],g=_e({storage:e.storage,manager:u,defaultEntryPoints:this.#r,defaultSuccessHandlers:l});g[I]=L.http_basic,r.push(g)}if(t.jwt!==void 0&&t.jwt.disabled!==!0){let a=gn({issuerBaseUri:t.jwt.issuerUri,issuer:t.jwt.issuer,audience:t.jwt.audience}),c=async p=>{try{let{payload:h}=await a(p);return{subject:h.sub,getClaimAsString(w){return h[w]}}}catch(h){throw h instanceof mn?new re(h.message,{cause:h}):new Y("error occurred while attempting to decoding jwt",{cause:h})}},d=xe({uriQueryParameter:!0}),u=async p=>{try{return await d(p)===void 0?E:A()}catch{return E}},l=Ee({});this.#r.push([u,l]);let g=je({storage:e.storage,entryPoint:l,converter:d,jwt:{decoder:c}});g[I]=L.authentication,r.push(g)}let i=Bt({storage:e.storage});if(r.push(i),i[I]=L.security_context_server_web_exchange,t.authorize!==void 0){let a=Ft({authenticationEntryPoint:this.authenticationEntryPoint});a[I]=L.error_translation,r.push(a);let d=(l=>{let g=[],p=!1;for(let[h,w]of l??[]){let m;if(h==="any-exchange")p=!0,m=Z;else{if(p)throw new Error("Cannot register other matchers after 'any-exchange' matcher");m=h}let x;if(w.access==="permitted")x=new $(async()=>new W(!0)),x.toString=()=>"AuthorizationManager[permitted]";else if(w.access==="denied")x=new $(async()=>new W(!1)),x.toString=()=>"AuthorizationManager[denied]";else if(w.access==="authenticated")x=new $(async K=>{let F=await K;return F!==void 0?new W(F.authenticated):new W(!1)}),x.toString=()=>"AuthorizationManager[authenticated]";else throw new Error(`Unknown access type: ${JSON.stringify(w)}`);g.push([m,x])}return Ve({mappings:g})})(t.authorize),u=Je({manager:d,storage:e.storage});u[I]=L.authorization,r.push(u)}r.sort((a,c)=>{let d=a[I]??L.last,u=c[I]??L.last;return d-u})}}return new n().build(),r};function yn(t){let e=[],r={access:t.authConfig?.type!=="none"?"authenticated":"permitted"};for(let[n,o]of t.sockets){let s=o.authorize??r,i=H(n,{method:"GET"});i=z([B,i]),e.push([i,s])}return e.push([H("/",{method:"GET"}),{access:"permitted"}]),e.push([H("/favicon.ico",{method:"GET"}),{access:"permitted"}]),e.push([H("/health",{method:"GET"}),{access:"permitted"}]),t.authorize.length>0&&e.push(...t.authorize),e.push(["any-exchange",r]),{authorize:e,cors:{disabled:t.corsConfig===!1},basic:{disabled:t.authConfig?.type!=="basic",...t.authConfig?.basic},jwt:{disabled:t.authConfig?.type!=="oauth2",...t.authConfig?.oauth2?.jwt}}}async function Ut(t){let e=Pt(t),r=yn(t),{storage:n}=t;return Dt(r,{storage:n,corsConfigSource:e})}import{AsyncLocalStorage as Sn}from"node:async_hooks";var Ae=class extends _{},Ye=class{#e;#r=!1;#t;#o;constructor(e,r){this.#e=e,this.#t=r}createExchange(e,r){return new he(e,r)}set storage(e){this.#o=e}set enableLoggingRequestDetails(e){this.#r=e}formatHeaders(e){let r="{";for(let n of e.keys())if(this.#r){let o=e.get(n);r+=`"${n}": "${o}", `}else{r+="masked, ";break}return r.endsWith(", ")&&(r=r.slice(0,-2)),r+="}",r}formatRequest(e){let r=e.URL.search;return`HTTP ${e.method} "${e.path}${r}`}logRequest(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace");this.#e.debug(`${e.logPrefix}${this.formatRequest(e.request)}${r?`, headers: ${this.formatHeaders(e.request.headers)}`:""}"`)}}logResponse(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace"),n=e.response.statusCode;this.#e.debug(`${e.logPrefix}Completed ${n??"200 OK"}${r?`, headers: ${this.formatHeaders(e.response.headers)}`:""}"`)}}handleUnresolvedError(e,r){let{request:n,response:o,logPrefix:s}=e;if(o.setStatusCode(f.INTERNAL_SERVER_ERROR)){this.#e.error(`${s}500 Server Error for ${this.formatRequest(n)}`,r);return}throw this.#e.error(`${s}Error [${r.message} for ${this.formatRequest(n)}, but already ended (${o.statusCode})`,r),r}async web(e){return await this.#t(e)}async http(e,r){let n=this.createExchange(e,r),o=()=>(this.logRequest(n),this.web(n).then(()=>{this.logResponse(n)}).catch(s=>{this.handleUnresolvedError(n,s)}).then(async()=>{await n.response.end()}));await new Promise((s,i)=>{this.#o!==void 0?this.#o.run({exchange:n},()=>{o().then(()=>s()).catch(a=>i(a))}):o().then(()=>s()).catch(a=>i(a))})}},He=class{#e;#r=new Sn;#t;storage(e){return this.#r=e,this}httpHandlerDecorator(e){if(this.#t===void 0)this.#t=e;else{let r=this.#t;this.#t=n=>(n=r(n),e(n))}return this}constructor(e){this.#e=e}build(){let e=b("http"),r=new Ye(e,this.#e);this.#r!==void 0&&(r.storage=this.#r),r.enableLoggingRequestDetails=!1;let n=async(o,s)=>r.http(o,s);return this.#t?this.#t(n):n}};import{WebSocketServer as bn}from"ws";function qt(t,e){let r=t?.exchange,n=r?.request??new q(t),o=r?.principal,s=o?o.bind(r):async function(){},i=n.URL,a=new v;for(let g of n.headers.keys())a.set(g,n.headers.list(g));let c=n.cookies,d=r?.logPrefix??`[${n.id}] `,u=n.remoteAddress;return{url:i,headers:a,cookies:c,principal:s,protocol:e,remoteAddress:u,logPrefix:d}}function _t(t){return[async(r,n)=>{let s=r.request.path??"/",i=t.sockets,a=i.get(s)??Array.from(i.values()).find(c=>{if(s==="/"&&c.default===!0)return!0});if(a!==void 0){let{request:c,response:d}=r,u=await B(r);if((c.method==="GET"||c.method==="CONNECT")&&u.match)if(a.upgradeStrategy!==void 0){a.upgradeStrategy(r);return}else throw new Error(`No upgrade strategy defined for route on ${s}`);else{if(a.default){await n();return}d.setStatusCode(f.UPGRADE_REQUIRED),d.headers.set("Upgrade","websocket").set("Connection","Upgrade").set("Content-Type","text/plain");let l=Buffer.from(`This service [${c.path}] requires use of the websocket protocol.`,"utf-8");await d.body(l)}}else await n()}]}import{WebSocket as wn}from"ws";var Pe=class extends wn{constructor(e,r,n){super(null,void 0,n)}connected},Re=class t{static#e=Buffer.alloc(0);static#r=[0,Buffer.alloc(8)];#t;#o;#i;#s=!1;#n;constructor(e,r,n){this.#n=e,this.#o=typeof n=="number"?n:n?.interval,this.#t=typeof n=="number"||n?.data==="timestamp"?()=>t.#d(Date.now()):()=>t.#e,this.#o&&(this.#i=setInterval(()=>{let[o,s]=r();for(let i of s)this.#a(i,o)||this.#c(i,o)},this.#o))}#a(e,r){return e.connected===!1?(this.#n.enabledFor("debug")&&this.#n.debug(`terminating unresponsive ws client on [${r}]`),e.terminate(),!1):!0}#c(e,r){e.connected=!1;let n=this.#t();this.#n.enabledFor("trace")&&this.#n.trace(`pinging ws client on [${r}]`),e.ping(n,this.#s,o=>{o&&this.#n.enabledFor("warn")&&this.#n.warn(`failed to ping ws client on [${r}]`,o)})}static#d(e=Date.now()){if(e-t.#r[0]>0){let r=Buffer.allocUnsafe(8);r.writeBigInt64BE(BigInt(e),0),t.#r=[e,r]}return t.#r[1]}static#u(e){return e.length===8?Number(e.readBigInt64BE(0)):0}close(){clearInterval(this.#i)}handlePing(e,r,n){r.connected=!0,r.pong(n,!1,o=>{o&&this.#n.enabledFor("warn")&&this.#n.warn(`${e.logPrefix}failed to pong ws client [${e.remoteAddress?.address}:${e.remoteAddress?.port}]`,o)})}handlePong(e,r,n){if(r.connected=!0,this.#n.enabledFor("warn")){let o=t.#u(n);if(o>0){let s=Date.now()-o;this.#n.enabledFor("debug")&&this.#n.debug(`${e.logPrefix}ws client [${e.remoteAddress?.address}:${e.remoteAddress?.port}] ping-pong latency: ${s}ms`),this.#o&&s>this.#o/2&&this.#n.enabledFor("warn")&&this.#n.warn(`${e.logPrefix}ws client [${e.remoteAddress?.address}:${e.remoteAddress?.port}] high ping-pong latency: ${s}ms`)}}}};var T=b("ws");function vn(t,e,r,n){return o=>{let{logPrefix:s,request:i}=o,a=ue.getNativeRequest(i);a.exchange=o;let{socket:c,upgradeHead:d}=a,u=i.host;if(c.removeListener("error",n),e.maxConnections!==void 0&&r.clients?.size>=e.maxConnections){T.warn(`${s}dropping ws connection request on ${u}${t}. max connections exceeded.`),c.destroy();return}let l=i.headers.one("origin");if(!pt(l,e.originFilters)){T.enabledFor("info")&&T.info(`${s}dropping ws connection request on ${u}${t}. origin ${l??"<missing>"}`),c.destroy();return}T.enabledFor("debug")&&T.debug(`${s}accepted new ws connection request on ${u}${t}`),r.handleUpgrade(a,c,d,(g,p)=>{r.emit("connection",g,p)})}}function xn(t,e){let r=new Set;t.forEach((o,s)=>{if(s===0&&o.startsWith("HTTP/1.1 101 ")){e.setStatusCode(f.SWITCHING_PROTOCOLS);return}let[i,a]=o.split(": ");e.headers.has(i)?t[s]=`${i}: ${e.headers.one(i)}`:e.headers.set(i,a),r.add(i.toLowerCase())});let n=_.getNativeResponse(e);for(let o of n.getRawHeaderNames()){let s=o.toLowerCase();if(!r.has(s)){let i=e.headers.get(s);i!==void 0&&t.push(`${o}: ${i}`)}}n.markHeadersSent()}async function zt(t,e,r,n,o){try{T.info(`creating ws server for [${t}]. max connections: ${e.maxConnections??"<unlimited>"}, origin filters: ${e.originFilters?JSON.stringify(e.originFilters,Ze):"<none>"}, ping: ${typeof e.ping=="number"?e.ping+"ms":e.ping?JSON.stringify(e.ping):"<none>"}`);let s=new bn({noServer:!0,WebSocket:Pe,autoPong:!1}),i=new Re(T.child("pings"),()=>[t,s.clients],e.ping),a=await e.factory({endpoint:r,storage:n});s.on("error",c=>{T.error(`error starting the ws server for [${t}]`,c)}).on("listening",()=>{T.info(`ws server for [${t}] is listening`)}).on("headers",(c,d)=>{if(d.exchange!==void 0){let{response:u}=d.exchange;xn(c,u)}}).on("connection",(c,d)=>{let u=qt(d,c.protocol);c.on("pong",l=>{i.handlePong(u,c,l)}),c.on("ping",l=>{i.handlePing(u,c,l)}),a({socket:c,handshake:u})}),s.on("close",()=>{i.close()}),e.upgradeStrategy=vn(t,e,s,o),e.close=async()=>{await a.close?.call(a),T.info(`stopping ws server for [${t}]. clients: ${s.clients?.size??0}`),s.clients?.forEach(c=>{c.terminate()}),s.close()}}catch(s){T.warn(`failed to init route ${t}`,s)}}var O=b("app");function Pn(t){let e={};return t.key&&(e.key=Ke(t.key)),t.cert&&(e.cert=Ke(t.cert)),t.ca&&(e.ca=Ke(t.ca)),e}async function Rn(t,e){let r=t.build();return async(n,o)=>{n.socket.addListener("error",e);let s;o instanceof U?s=o:(n.upgradeHead=o,s=new U(n),s.assignSocket(n.socket));let i=new q(n),a=new de(s),c=i.method==="HEAD"?new Ae(a):a;await r(i,c)}}function Tn(t){return new Promise((e,r)=>{let n=t(o=>{o?r(o):e(n)})})}function kn(t){if(t)return dt({memoryLimit:t.memory_limit,dumpLocation:t.dump_location,dumpPrefix:t.dump_prefix,reportInterval:t.report_interval,maxBackups:t.max_backups})}async function On(t){let e=t.storage,r=await Ut(t),n=_t(t),o=tt(ht(t.serverHeader),...r,...n,...t.middleware,async({request:s,response:i},a)=>{if(s.method==="GET"&&s.path==="/health"){i.setStatusCode(f.OK);let c=Buffer.from("UP","utf-8");i.headers.set("Content-Type","text/plain; charset=utf-8"),await i.body(c)}else await a()},async({request:s,response:i},a)=>{if(s.method==="GET"&&s.path==="/"){i.setStatusCode(f.OK);let c=Buffer.from("io.Gateway Server","utf-8");i.headers.set("Content-Type","text/plain; charset=utf-8"),await i.body(c)}else await a()},async({response:s},i)=>{s.setStatusCode(f.NOT_FOUND),await s.end()});return new He(o).storage(e)}var Xe=async t=>{let e=t.ssl,r=e?(p,h)=>Cn.createServer({...p,...Pn(e)},h):(p,h)=>En.createServer(p,h),n=kn(t.memory),o={middleware:[],corsConfig:t.cors,cors:[],authConfig:t.auth,authorize:[],storage:new An,sockets:new Map},s=Hn.Factory({...t.gateway});if(t.gateway){let p=t.gateway;await Be(async h=>{h.socket({path:p.route,factory:et.bind(s),options:p})},t,o)}t.app&&await Be(t.app,t,o);let i=it(t.port??0),a=t.host,c=p=>O.error(`socket error: ${p}`,p),d=await On(o),u=await Rn(d,c),g=await new Promise((p,h)=>{let w=r({IncomingMessage:se,ServerResponse:U,...t.http},u);w.on("error",m=>{if(m.code==="EADDRINUSE"){O.debug(`port ${m.port} already in use on address ${m.address}`);let{value:x}=i.next();x?(O.info(`retry starting server on port ${x} and host ${a??"<unspecified>"}`),w.close(),w.listen(x,a)):(O.warn(`all configured port(s) ${t.port} are in use. closing...`),w.close(),h(m))}else O.error(`server error: ${m.message}`,m),h(m)}),w.on("listening",async()=>{let m=w.address();for(let[x,K]of o.sockets){let F=`${e?"wss":"ws"}://${st}:${m.port}${x}`;await zt(x,K,F,o.storage,c)}O.info(`http server listening on ${m.address}:${m.port}`),p(w)}),w.on("upgrade",(m,x,K)=>{try{u(m,K)}catch(F){O.error(`upgrade error: ${F}`,F)}}).on("close",async()=>{O.info("http server closed.")});try{let{value:m}=i.next();w.listen(m,a)}catch(m){O.error("error starting web socket server",m),h(m instanceof Error?m:new Error(`listen failed: ${m}`))}});return new class{gateway=s;async close(){for(let[p,h]of o.sockets)try{h.close!==void 0&&await h.close()}catch(w){O.warn(`error closing route ${p}`,w)}await Tn(p=>{g.closeAllConnections(),g.close(p)}),n&&await ut(n),s&&await s.stop()}}};var Zs=Xe;export{Gt as GatewayServer,Zs as default};
 //# sourceMappingURL=index.js.map