@interopio/gateway-server 0.7.0-beta → 0.8.0-beta

package/dist/index.cjs

@@ -40,11 +40,10 @@ var server_exports = {};
 __export(server_exports, {
   Factory: () => Factory
 });
-var ws = __toESM(require("ws"), 1);
 var import_node_http2 = __toESM(require("node:http"), 1);
 var import_node_https = __toESM(require("node:https"), 1);
 var import_node_fs = require("node:fs");
-var import_node_async_hooks2 = require("node:async_hooks");
+var import_node_async_hooks4 = require("node:async_hooks");
 var import_gateway6 = require("@interopio/gateway");
 
 // src/logger.ts
@@ -52,13 +51,41 @@ var import_gateway = require("@interopio/gateway");
 function getLogger(name) {
   return import_gateway.IOGateway.Logging.getLogger(`gateway.server.${name}`);
 }
+function regexAwareReplacer(_key, value) {
+  return value instanceof RegExp ? value.toString() : value;
+}
 
 // src/gateway/ws/core.ts
 var import_gateway2 = require("@interopio/gateway");
+var import_node_async_hooks = require("node:async_hooks");
 var GatewayEncoders = import_gateway2.IOGateway.Encoding;
 var log = getLogger("ws");
 var codec = GatewayEncoders.json();
-function initClient(socket, authenticationPromise, key, host) {
+function principalName(authentication) {
+  let name;
+  if (authentication.authenticated) {
+    name = authentication.name;
+    if (name === void 0) {
+      if (authentication["principal"] !== void 0) {
+        const principal = authentication["principal"];
+        if (typeof principal === "object") {
+          name = principal.name;
+        }
+        if (name === void 0) {
+          if (principal === void 0) {
+            name = "";
+          } else {
+            name = String(principal);
+          }
+        }
+      }
+    }
+  }
+  return name;
+}
+function initClient(socket, authenticationPromise, remoteAddress) {
+  const key = `${remoteAddress?.address}:${remoteAddress?.port}`;
+  const host = remoteAddress?.address ?? "<unknown>";
   const opts = {
     key,
     host,
@@ -66,7 +93,7 @@ function initClient(socket, authenticationPromise, key, host) {
     onAuthenticate: async () => {
       const authentication = await authenticationPromise();
       if (authentication?.authenticated) {
-        return { type: "success", user: authentication.name };
+        return { type: "success", user: principalName(authentication) };
       }
       throw new Error(`no valid client authentication ${key}`);
     },
@@ -99,30 +126,34 @@ function initClient(socket, authenticationPromise, key, host) {
     log.warn(`${key} failed to create client`, err);
   }
 }
-async function create(server) {
-  log.info(`starting gateway on ${server.endpoint}`);
-  await this.start({ endpoint: server.endpoint });
-  return async (socket, handshake) => {
-    const key = handshake.logPrefix;
-    const host = handshake.remoteAddress;
-    log.info(`${key} connected on gw from ${host}`);
-    const client = initClient.call(this, socket, handshake.principal, key, host);
+async function create(environment) {
+  log.info(`starting gateway on ${environment.endpoint}`);
+  await this.start(environment);
+  return async ({ socket, handshake }) => {
+    const { logPrefix, remoteAddress, principal: principalPromise } = handshake;
+    log.info(`${logPrefix}connected on gw using ${remoteAddress?.address}`);
+    const client = initClient.call(this, socket, principalPromise, remoteAddress);
     if (!client) {
-      log.error(`${key} gw client init failed`);
+      log.error(`${logPrefix}gw client init failed`);
       socket.terminate();
       return;
     }
     socket.on("error", (err) => {
-      log.error(`${key} websocket error: ${err}`, err);
+      log.error(`${logPrefix}websocket error: ${err}`, err);
     });
+    const contextFn = environment.storage !== void 0 ? import_node_async_hooks.AsyncLocalStorage.snapshot() : void 0;
     socket.on("message", (data, _isBinary) => {
       if (Array.isArray(data)) {
         data = Buffer.concat(data);
       }
-      client.send(data);
+      if (contextFn !== void 0) {
+        contextFn(() => client.send(data));
+      } else {
+        client.send(data);
+      }
     });
     socket.on("close", (code) => {
-      log.info(`${key} disconnected from gw. code: ${code}`);
+      log.info(`${logPrefix}disconnected from gw. code: ${code}`);
       client.close();
     });
   };
@@ -141,61 +172,50 @@ function compose(...middleware) {
     }
   }
   return async function(ctx, next) {
-    const dispatch = async (i) => {
+    const dispatch = async (i, dispatchedCtx) => {
       const fn = i === fns.length ? next : fns[i];
       if (fn === void 0) {
         return;
       }
       let nextCalled = false;
       let nextResolved = false;
-      const nextFn = async () => {
+      const nextFn = async (nextCtx) => {
         if (nextCalled) {
           throw new Error("next() called multiple times");
         }
         nextCalled = true;
         try {
-          return await dispatch(i + 1);
+          return await dispatch(i + 1, nextCtx ?? dispatchedCtx);
         } finally {
           nextResolved = true;
         }
       };
-      const result = await fn(ctx, nextFn);
+      const result = await fn(dispatchedCtx, nextFn);
       if (nextCalled && !nextResolved) {
         throw new Error("middleware resolved before downstream.\n	 You are probably missing an await or return statement in your middleware function.");
       }
       return result;
     };
-    return dispatch(0);
+    return dispatch(0, ctx);
   };
 }
 
-// src/server/exchange.ts
-var import_node_http = __toESM(require("node:http"), 1);
+// src/http/exchange.ts
 var import_tough_cookie = require("tough-cookie");
-function requestToProtocol(request, defaultProtocol) {
-  let proto = request.headers.get("x-forwarded-proto");
-  if (Array.isArray(proto)) {
-    proto = proto[0];
-  }
-  if (proto !== void 0) {
-    return proto.split(",", 1)[0].trim();
-  }
-  return defaultProtocol;
-}
-function requestToHost(request, defaultHost) {
-  let host = request.headers.get("x-forwarded-for");
+function parseHost(headers2, defaultHost) {
+  let host = headers2.get("x-forwarded-for");
   if (host === void 0) {
-    host = request.headers.get("x-forwarded-host");
+    host = headers2.get("x-forwarded-host");
     if (Array.isArray(host)) {
       host = host[0];
     }
     if (host) {
-      const port = request.headers.one("x-forwarded-port");
+      const port = headers2.one("x-forwarded-port");
       if (port) {
         host = `${host}:${port}`;
       }
     }
-    host ??= request.headers.one("host");
+    host ??= headers2.one("host");
   }
   if (Array.isArray(host)) {
     host = host[0];
@@ -205,15 +225,180 @@ function requestToHost(request, defaultHost) {
   }
   return defaultHost;
 }
-function parseCookies(request) {
-  return request.headers.list("cookie").map((s) => s.split(";").map((cs) => import_tough_cookie.Cookie.parse(cs))).flat(1).filter((tc) => tc !== void 0).map((tc) => {
-    const result = { name: tc.key, value: tc.value };
+function parseProtocol(headers2, defaultProtocol) {
+  let proto = headers2.get("x-forwarded-proto");
+  if (Array.isArray(proto)) {
+    proto = proto[0];
+  }
+  if (proto !== void 0) {
+    return proto.split(",", 1)[0].trim();
+  }
+  return defaultProtocol;
+}
+var AbstractHttpMessage = class {
+  #headers;
+  constructor(headers2) {
+    this.#headers = headers2;
+  }
+  get headers() {
+    return this.#headers;
+  }
+};
+var AbstractHttpRequest = class _AbstractHttpRequest extends AbstractHttpMessage {
+  static logIdCounter = 0;
+  #id;
+  get id() {
+    if (this.#id === void 0) {
+      this.#id = `${this.initId()}-${++_AbstractHttpRequest.logIdCounter}`;
+    }
+    return this.#id;
+  }
+  initId() {
+    return "request";
+  }
+  get cookies() {
+    return parseCookies(this.headers);
+  }
+  parseHost(defaultHost) {
+    return parseHost(this.headers, defaultHost);
+  }
+  parseProtocol(defaultProtocol) {
+    return parseProtocol(this.headers, defaultProtocol);
+  }
+};
+var AbstractHttpResponse = class extends AbstractHttpMessage {
+  get cookies() {
+    return parseResponseCookies(this.headers);
+  }
+  setCookieValue(responseCookie) {
+    const cookie = new import_tough_cookie.Cookie({
+      key: responseCookie.name,
+      value: responseCookie.value,
+      maxAge: responseCookie.maxAge,
+      domain: responseCookie.domain,
+      path: responseCookie.path,
+      secure: responseCookie.secure,
+      httpOnly: responseCookie.httpOnly,
+      sameSite: responseCookie.sameSite
+    });
+    return cookie.toString();
+  }
+};
+function parseHeader(value) {
+  const list = [];
+  {
+    let start2 = 0;
+    let end = 0;
+    for (let i = 0; i < value.length; i++) {
+      switch (value.charCodeAt(i)) {
+        case 32:
+          if (start2 === end) {
+            start2 = end = i + 1;
+          }
+          break;
+        case 44:
+          list.push(value.slice(start2, end));
+          start2 = end = i + 1;
+          break;
+        default:
+          end = end + 1;
+          break;
+      }
+    }
+    list.push(value.slice(start2, end));
+  }
+  return list;
+}
+function toList(values) {
+  if (typeof values === "string") {
+    values = [values];
+  }
+  if (typeof values === "number") {
+    values = [String(values)];
+  }
+  const list = [];
+  if (values) {
+    for (const value of values) {
+      if (value) {
+        list.push(...parseHeader(value));
+      }
+    }
+  }
+  return list;
+}
+function parseCookies(headers2) {
+  return headers2.list("cookie").map((s) => s.split(";").map((cs) => import_tough_cookie.Cookie.parse(cs))).flat(1).filter((tc) => tc !== void 0).map((tc) => {
+    const result = Object.freeze({ name: tc.key, value: tc.value });
     return result;
   });
 }
+function parseResponseCookies(headers2) {
+  return headers2.list("set-cookie").map((cookie) => {
+    const parsed = import_tough_cookie.Cookie.parse(cookie);
+    if (parsed) {
+      const result = { name: parsed.key, value: parsed.value, maxAge: Number(parsed.maxAge ?? -1) };
+      if (parsed.httpOnly) result.httpOnly = true;
+      if (parsed.domain) result.domain = parsed.domain;
+      if (parsed.path) result.path = parsed.path;
+      if (parsed.secure) result.secure = true;
+      if (parsed.httpOnly) result.httpOnly = true;
+      if (parsed.sameSite) result.sameSite = parsed.sameSite;
+      return Object.freeze(result);
+    }
+  }).filter((cookie) => cookie !== void 0);
+}
+var AbstractHttpHeaders = class {
+  constructor() {
+  }
+  toList(name) {
+    const values = this.get(name);
+    return toList(values);
+  }
+};
+var MapHttpHeaders = class extends Map {
+  get(name) {
+    return super.get(name.toLowerCase());
+  }
+  one(name) {
+    return this.get(name)?.[0];
+  }
+  list(name) {
+    const values = super.get(name.toLowerCase());
+    return toList(values);
+  }
+  set(name, value) {
+    if (typeof value === "number") {
+      value = String(value);
+    }
+    if (typeof value === "string") {
+      value = [value];
+    }
+    if (value) {
+      return super.set(name.toLowerCase(), value);
+    } else {
+      super.delete(name.toLowerCase());
+      return this;
+    }
+  }
+  add(name, value) {
+    const prev = super.get(name.toLowerCase());
+    if (typeof value === "string") {
+      value = [value];
+    }
+    if (prev) {
+      value = prev.concat(value);
+    }
+    this.set(name, value);
+    return this;
+  }
+};
+
+// src/server/exchange.ts
+var import_node_http = __toESM(require("node:http"), 1);
 var ExtendedHttpIncomingMessage = class extends import_node_http.default.IncomingMessage {
   // circular reference to the exchange
   exchange;
+  upgradeHead;
   get urlBang() {
     return this.url;
   }
@@ -221,29 +406,115 @@ var ExtendedHttpIncomingMessage = class extends import_node_http.default.Incomin
     return this.socket["encrypted"] === true;
   }
 };
-var ExtendedHttpServerResponse = class _ExtendedHttpServerResponse extends import_node_http.default.ServerResponse {
-  static forUpgrade(req, socket, head) {
-    const res = new _ExtendedHttpServerResponse(req);
-    res.upgradeHead = head;
-    res.assignSocket(socket);
-    return res;
-  }
-  upgradeHead;
+var ExtendedHttpServerResponse = class extends import_node_http.default.ServerResponse {
   markHeadersSent() {
     this["_header"] = true;
   }
+  getRawHeaderNames() {
+    return super["getRawHeaderNames"]();
+  }
 };
-var HttpServerRequest = class {
-  _body;
-  _url;
-  _cookies;
-  #headers;
+var AbstractServerHttpRequest = class extends AbstractHttpRequest {
+};
+var AbstractServerHttpResponse = class extends AbstractHttpResponse {
+  #cookies = [];
+  #statusCode;
+  #state = "new";
+  #commitActions = [];
+  setStatusCode(statusCode) {
+    if (this.#state === "committed") {
+      return false;
+    } else {
+      this.#statusCode = statusCode;
+      return true;
+    }
+  }
+  get statusCode() {
+    return this.#statusCode;
+  }
+  addCookie(cookie) {
+    if (this.#state === "committed") {
+      throw new Error(`Cannot add cookie ${JSON.stringify(cookie)} because HTTP response has already been committed`);
+    }
+    this.#cookies.push(cookie);
+    return this;
+  }
+  beforeCommit(action) {
+    this.#commitActions.push(action);
+  }
+  get commited() {
+    const state = this.#state;
+    return state !== "new" && state !== "commit-action-failed";
+  }
+  async body(body) {
+    if (body instanceof ReadableStream) {
+      throw new Error("ReadableStream body not supported yet");
+    }
+    const buffer = await body;
+    try {
+      return await this.doCommit(async () => {
+        return await this.bodyInternal(Promise.resolve(buffer));
+      }).catch((error) => {
+        throw error;
+      });
+    } catch (error) {
+      throw error;
+    }
+  }
+  async end() {
+    if (!this.commited) {
+      return this.doCommit();
+    } else {
+      return Promise.resolve(false);
+    }
+  }
+  doCommit(writeAction) {
+    const state = this.#state;
+    let allActions = Promise.resolve();
+    if (state === "new") {
+      this.#state = "committing";
+      if (this.#commitActions.length > 0) {
+        allActions = this.#commitActions.reduce(
+          (acc, cur) => acc.then(() => cur()),
+          Promise.resolve()
+        ).catch((error) => {
+          const state2 = this.#state;
+          if (state2 === "committing") {
+            this.#state = "commit-action-failed";
+          }
+        });
+      }
+    } else if (state === "commit-action-failed") {
+      this.#state = "committing";
+    } else {
+      return Promise.resolve(false);
+    }
+    allActions = allActions.then(() => {
+      this.applyStatusCode();
+      this.applyHeaders();
+      this.applyCookies();
+      this.#state = "committed";
+    });
+    return allActions.then(async () => {
+      return writeAction !== void 0 ? await writeAction() : true;
+    });
+  }
+  applyStatusCode() {
+  }
+  applyHeaders() {
+  }
+  applyCookies() {
+  }
+};
+var HttpServerRequest = class extends AbstractServerHttpRequest {
+  #url;
+  #cookies;
   #req;
   constructor(req) {
+    super(new IncomingMessageHeaders(req));
     this.#req = req;
-    this.#headers = new IncomingMessageHeaders(this.#req);
   }
-  get unsafeIncomingMessage() {
+  getNativeRequest() {
     return this.#req;
   }
   get upgrade() {
@@ -252,15 +523,12 @@ var HttpServerRequest = class {
   get http2() {
     return this.#req.httpVersionMajor >= 2;
   }
-  get headers() {
-    return this.#headers;
-  }
   get path() {
     return this.URL?.pathname;
   }
   get URL() {
-    this._url ??= new URL(this.#req.urlBang, `${this.protocol}://${this.host}`);
-    return this._url;
+    this.#url ??= new URL(this.#req.urlBang, `${this.protocol}://${this.host}`);
+    return this.#url;
   }
   get query() {
     return this.URL?.search;
@@ -274,7 +542,7 @@ var HttpServerRequest = class {
       dh = this.#req.headers[":authority"];
     }
     dh ??= this.#req.socket.remoteAddress;
-    return requestToHost(this, dh);
+    return super.parseHost(dh);
   }
   get protocol() {
     let dp = void 0;
@@ -282,47 +550,65 @@ var HttpServerRequest = class {
       dp = this.#req.headers[":scheme"];
     }
     dp ??= this.#req.socketEncrypted ? "https" : "http";
-    return requestToProtocol(this, dp);
+    return super.parseProtocol(dp);
   }
   get socket() {
     return this.#req.socket;
   }
+  get remoteAddress() {
+    const family = this.#req.socket.remoteFamily;
+    const address = this.#req.socket.remoteAddress;
+    const port = this.#req.socket.remotePort;
+    if (!family || !address || !port) {
+      return void 0;
+    }
+    return { family, address, port };
+  }
   get cookies() {
-    this._cookies ??= parseCookies(this);
-    return this._cookies;
+    this.#cookies ??= super.cookies;
+    return this.#cookies;
   }
   get body() {
-    this._body ??= new Promise((resolve, reject) => {
-      const chunks = [];
-      this.#req.on("error", (err) => reject(err)).on("data", (chunk) => chunks.push(chunk)).on("end", () => {
-        resolve(new Blob(chunks, { type: this.headers.one("content-type") }));
-      });
-    });
-    return this._body;
+    return import_node_http.default.IncomingMessage.toWeb(this.#req);
+  }
+  async blob() {
+    const chunks = [];
+    if (this.body !== void 0) {
+      for await (const chunk of this.body) {
+        chunks.push(chunk);
+      }
+    }
+    return new Blob(chunks, { type: this.headers.one("content-type") || "application/octet-stream" });
   }
-  get text() {
-    return this.body.then(async (blob) => await blob.text());
+  async text() {
+    const blob = await this.blob();
+    return await blob.text();
   }
-  get formData() {
-    return this.body.then(async (blob) => {
-      const text = await blob.text();
-      const formData = new URLSearchParams(text);
-      return formData;
-    });
+  async formData() {
+    const blob = await this.blob();
+    const text = await blob.text();
+    return new URLSearchParams(text);
   }
-  get json() {
-    return this.body.then(async (blob) => {
-      if (blob.size === 0) {
-        return void 0;
-      }
-      const text = await blob.text();
-      return JSON.parse(text);
-    });
+  async json() {
+    const blob = await this.blob();
+    if (blob.size === 0) {
+      return void 0;
+    }
+    const text = await blob.text();
+    return JSON.parse(text);
+  }
+  initId() {
+    const remoteIp = this.#req.socket.remoteAddress;
+    if (!remoteIp) {
+      throw new Error("Socket has no remote address");
+    }
+    return `${remoteIp}:${this.#req.socket.remotePort}`;
   }
 };
-var IncomingMessageHeaders = class {
+var IncomingMessageHeaders = class extends AbstractHttpHeaders {
   #msg;
   constructor(msg) {
+    super();
     this.#msg = msg;
   }
   has(name) {
@@ -332,7 +618,7 @@ var IncomingMessageHeaders = class {
     return this.#msg.headers[name];
   }
   list(name) {
-    return toList(this.#msg.headers[name]);
+    return super.toList(name);
   }
   one(name) {
     const value = this.#msg.headers[name];
@@ -345,9 +631,10 @@ var IncomingMessageHeaders = class {
     return Object.keys(this.#msg.headers).values();
   }
 };
-var OutgoingMessageHeaders = class {
+var OutgoingMessageHeaders = class extends AbstractHttpHeaders {
   #msg;
   constructor(msg) {
+    super();
     this.#msg = msg;
   }
   has(name) {
@@ -388,277 +675,238 @@ var OutgoingMessageHeaders = class {
     return this;
   }
   list(name) {
-    const values = this.get(name);
-    return toList(values);
+    return super.toList(name);
   }
 };
-var HttpServerResponse = class {
-  #headers;
+var HttpServerResponse = class extends AbstractServerHttpResponse {
   #res;
   constructor(res) {
+    super(new OutgoingMessageHeaders(res));
     this.#res = res;
-    this.#headers = new OutgoingMessageHeaders(res);
-  }
-  get unsafeServerResponse() {
-    return this.#res;
-  }
-  get statusCode() {
-    return this.#res.statusCode;
-  }
-  set statusCode(value) {
-    if (this.#res.headersSent) {
-      return;
-    }
-    this.#res.statusCode = value;
-  }
-  set statusMessage(value) {
-    this.#res.statusMessage = value;
-  }
-  get headers() {
-    return this.#headers;
-  }
-  get cookies() {
-    return this.headers.list("set-cookie").map((cookie) => {
-      const parsed = import_tough_cookie.Cookie.parse(cookie);
-      if (parsed) {
-        const result = { name: parsed.key, value: parsed.value, maxAge: Number(parsed.maxAge ?? -1) };
-        if (parsed.httpOnly) result.httpOnly = true;
-        if (parsed.domain) result.domain = parsed.domain;
-        if (parsed.path) result.path = parsed.path;
-        if (parsed.secure) result.secure = true;
-        if (parsed.httpOnly) result.httpOnly = true;
-        if (parsed.sameSite) result.sameSite = parsed.sameSite;
-        return result;
-      }
-    }).filter((cookie) => cookie !== void 0);
-  }
-  end(chunk) {
-    if (!this.#res.headersSent) {
-      return new Promise((resolve, reject) => {
-        try {
-          if (chunk === void 0) {
-            this.#res.end(() => {
-              resolve(true);
-            });
-          } else {
-            this.#res.end(chunk, () => {
-              resolve(true);
-            });
-          }
-        } catch (e) {
-          reject(e instanceof Error ? e : new Error(`end failed: ${e}`));
-        }
-      });
-    } else {
-      return Promise.resolve(false);
-    }
-  }
-  addCookie(cookie) {
-    this.headers.add("set-cookie", new import_tough_cookie.Cookie({
-      key: cookie.name,
-      value: cookie.value,
-      maxAge: cookie.maxAge,
-      domain: cookie.domain,
-      path: cookie.path,
-      secure: cookie.secure,
-      httpOnly: cookie.httpOnly,
-      sameSite: cookie.sameSite
-    }).toString());
-    return this;
-  }
-};
-var DefaultWebExchange = class {
-  request;
-  response;
-  constructor(request, response) {
-    this.request = request;
-    this.response = response;
-  }
-  get method() {
-    return this.request.method;
-  }
-  get path() {
-    return this.request.path;
-  }
-  principal() {
-    return Promise.resolve(void 0);
-  }
-};
-function toList(values) {
-  if (typeof values === "string") {
-    values = [values];
-  }
-  if (typeof values === "number") {
-    values = [String(values)];
-  }
-  const list = [];
-  if (values) {
-    for (const value of values) {
-      if (value) {
-        list.push(...parseHeader(value));
-      }
-    }
-  }
-  return list;
-}
-function parseHeader(value) {
-  const list = [];
-  {
-    let start2 = 0;
-    let end = 0;
-    for (let i = 0; i < value.length; i++) {
-      switch (value.charCodeAt(i)) {
-        case 32:
-          if (start2 === end) {
-            start2 = end = i + 1;
-          }
-          break;
-        case 44:
-          list.push(value.slice(start2, end));
-          start2 = end = i + 1;
-          break;
-        default:
-          end = end + 1;
-          break;
-      }
-    }
-    list.push(value.slice(start2, end));
-  }
-  return list;
-}
-var MapHttpHeaders = class extends Map {
-  get(name) {
-    return super.get(name.toLowerCase());
-  }
-  one(name) {
-    return this.get(name)?.[0];
-  }
-  list(name) {
-    const values = super.get(name.toLowerCase());
-    return toList(values);
-  }
-  set(name, value) {
-    if (typeof value === "number") {
-      value = String(value);
-    }
-    if (typeof value === "string") {
-      value = [value];
-    }
-    if (value) {
-      return super.set(name.toLowerCase(), value);
-    } else {
-      super.delete(name.toLowerCase());
-      return this;
-    }
   }
-  add(name, value) {
-    const prev = super.get(name.toLowerCase());
-    if (typeof value === "string") {
-      value = [value];
-    }
-    if (prev) {
-      value = prev.concat(value);
+  getNativeResponse() {
+    return this.#res;
+  }
+  get statusCode() {
+    const status = super.statusCode;
+    return status ?? { value: this.#res.statusCode };
+  }
+  applyStatusCode() {
+    const status = super.statusCode;
+    if (status !== void 0) {
+      this.#res.statusCode = status.value;
     }
-    this.set(name, value);
+  }
+  addCookie(cookie) {
+    this.headers.add("Set-Cookie", super.setCookieValue(cookie));
     return this;
   }
-};
-var MockHttpRequest = class {
-  #url;
-  #body;
-  headers = new MapHttpHeaders();
-  upgrade = false;
-  constructor(url, method) {
-    if (typeof url === "string") {
-      if (URL.canParse(url)) {
-        url = new URL(url);
-      } else if (URL.canParse(url, "http://localhost")) {
-        url = new URL(url, "http://localhost");
+  async bodyInternal(body) {
+    if (!this.#res.headersSent) {
+      if (body instanceof ReadableStream) {
+        throw new Error("ReadableStream body not supported in response");
       } else {
-        throw new TypeError("URL cannot parse url");
+        const chunk = await body;
+        return await new Promise((resolve, reject) => {
+          try {
+            if (chunk === void 0) {
+              this.#res.end(() => {
+                resolve(true);
+              });
+            } else {
+              if (!this.headers.has("content-length")) {
+                if (typeof chunk === "string") {
+                  this.headers.set("content-length", Buffer.byteLength(chunk));
+                } else {
+                  this.headers.set("content-length", chunk.byteLength);
+                }
+              }
+              this.#res.end(chunk, () => {
+                resolve(true);
+              });
+            }
+          } catch (e) {
+            reject(e instanceof Error ? e : new Error(`end failed: ${e}`));
+          }
+        });
       }
+    } else {
+      return false;
     }
-    this.#url = url;
-    this.method = method ?? "GET";
-    this.headers.set("Host", this.#url.hostname);
-    this.path = this.#url.pathname ?? "/";
   }
-  method;
-  path;
-  get host() {
-    return requestToHost(this, this.#url.host);
+};
+var ServerHttpRequestDecorator = class _ServerHttpRequestDecorator {
+  #delegate;
+  constructor(request) {
+    this.#delegate = request;
+  }
+  get delegate() {
+    return this.#delegate;
+  }
+  get id() {
+    return this.#delegate.id;
+  }
+  get method() {
+    return this.#delegate.method;
+  }
+  get path() {
+    return this.#delegate.path;
   }
   get protocol() {
-    return requestToProtocol(this, this.#url.protocol.slice(0, -1));
+    return this.#delegate.protocol;
+  }
+  get host() {
+    return this.#delegate.host;
+  }
+  get URL() {
+    return this.#delegate.URL;
+  }
+  get headers() {
+    return this.#delegate.headers;
   }
   get cookies() {
-    return parseCookies(this);
+    return this.#delegate.cookies;
+  }
+  get remoteAddress() {
+    return this.#delegate.remoteAddress;
+  }
+  get upgrade() {
+    return this.#delegate.upgrade;
   }
   get body() {
-    const body = this.#body;
-    return body ? Promise.resolve(body) : Promise.reject(new Error(`no body set`));
+    return this.#delegate.body;
   }
-  get json() {
-    return this.body.then(async (blob) => JSON.parse(await blob.text()));
+  async blob() {
+    return await this.#delegate.blob();
   }
-  get text() {
-    return this.body.then(async (blob) => await blob.text());
+  async text() {
+    return await this.#delegate.text();
   }
-  set body(value) {
-    this.#body = value;
-    if (!this.headers.has("content-type")) {
-      this.headers.set("content-type", value.type || "application/octet-stream");
-    }
+  async formData() {
+    return await this.#delegate.formData();
   }
-  get formData() {
-    return this.body.then(async (b) => new URLSearchParams(await b.text()));
+  async json() {
+    return await this.#delegate.json();
   }
-  get URL() {
-    return new URL(this.path + this.#url.search + this.#url.hash, `${this.protocol}://${this.host}`);
+  toString() {
+    return `${_ServerHttpRequestDecorator.name} [delegate: ${this.delegate.toString()}]`;
+  }
+  static getNativeRequest(request) {
+    if (request instanceof AbstractServerHttpRequest) {
+      return request.getNativeRequest();
+    } else if (request instanceof _ServerHttpRequestDecorator) {
+      return _ServerHttpRequestDecorator.getNativeRequest(request.delegate);
+    } else {
+      throw new Error(`Cannot get native request from ${request.constructor.name}`);
+    }
   }
 };
-var MockHttpResponse = class {
-  statusCode;
-  headers = new MapHttpHeaders();
-  cookies = [];
+var ServerHttpResponseDecorator = class _ServerHttpResponseDecorator {
+  #delegate;
+  constructor(response) {
+    this.#delegate = response;
+  }
+  get delegate() {
+    return this.#delegate;
+  }
+  setStatusCode(statusCode) {
+    return this.#delegate.setStatusCode(statusCode);
+  }
+  get statusCode() {
+    return this.#delegate.statusCode;
+  }
+  get cookies() {
+    return this.#delegate.cookies;
+  }
   addCookie(cookie) {
-    this.cookies.push(cookie);
+    this.#delegate.addCookie(cookie);
     return this;
   }
-  _body;
-  async end(chunk) {
-    if (this._body) {
-      return false;
-    }
-    switch (typeof chunk) {
-      case "string":
-        this._body = new Blob([chunk], { type: "text/plain" });
-        break;
-      case "object":
-        if (chunk instanceof Blob) {
-          this._body = chunk;
-        } else if (chunk !== null) {
-          this._body = new Blob([JSON.stringify(chunk)], { type: "application/json" });
-        }
-        break;
-      case "undefined":
-        this._body = new Blob([]);
-        break;
-      default:
-        throw new Error(`Unsupported chunk type: ${typeof chunk}`);
+  async end() {
+    return await this.#delegate.end();
+  }
+  async body(body) {
+    return await this.#delegate.body(body);
+  }
+  get headers() {
+    return this.#delegate.headers;
+  }
+  toString() {
+    return `${_ServerHttpResponseDecorator.name} [delegate: ${this.delegate.toString()}]`;
+  }
+  static getNativeResponse(response) {
+    if (response instanceof AbstractServerHttpResponse) {
+      return response.getNativeResponse();
+    } else if (response instanceof _ServerHttpResponseDecorator) {
+      return _ServerHttpResponseDecorator.getNativeResponse(response.delegate);
+    } else {
+      throw new Error(`Cannot get native response from ${response.constructor.name}`);
     }
-    return true;
   }
 };
-
-// src/utils.ts
-function socketKey(socket) {
-  const remoteIp = socket.remoteAddress;
-  if (!remoteIp) {
-    throw new Error("Socket has no remote address");
+var ServerWebExchangeDecorator = class _ServerWebExchangeDecorator {
+  #delegate;
+  constructor(exchange) {
+    this.#delegate = exchange;
   }
-  return `${remoteIp}:${socket.remotePort}`;
-}
+  get delegate() {
+    return this.#delegate;
+  }
+  get request() {
+    return this.#delegate.request;
+  }
+  get response() {
+    return this.#delegate.response;
+  }
+  attribute(name) {
+    return this.#delegate.attribute(name);
+  }
+  principal() {
+    return this.#delegate.principal();
+  }
+  get logPrefix() {
+    return this.#delegate.logPrefix;
+  }
+  toString() {
+    return `${_ServerWebExchangeDecorator.name} [delegate: ${this.delegate}]`;
+  }
+};
+var DefaultWebExchange = class {
+  request;
+  response;
+  #attributes = {};
+  #logId;
+  #logPrefix = "";
+  constructor(request, response) {
+    this.#attributes[LOG_ID_ATTRIBUTE] = request.id;
+    this.request = request;
+    this.response = response;
+  }
+  get method() {
+    return this.request.method;
+  }
+  get path() {
+    return this.request.path;
+  }
+  get attributes() {
+    return this.#attributes;
+  }
+  attribute(name) {
+    return this.attributes[name];
+  }
+  principal() {
+    return Promise.resolve(void 0);
+  }
+  get logPrefix() {
+    const value = this.attribute(LOG_ID_ATTRIBUTE);
+    if (this.#logId !== value) {
+      this.#logId = value;
+      this.#logPrefix = value !== void 0 ? `[${value}] ` : "";
+    }
+    return this.#logPrefix;
+  }
+};
+var LOG_ID_ATTRIBUTE = "io.interop.gateway.server.log_id";
 
 // src/server/address.ts
 var import_node_os = require("node:os");
@@ -840,7 +1088,20 @@ async function stop(m) {
   return await run(m, "stop");
 }
 
-// src/app/ws-client-verify.ts
+// src/server/server-header.ts
+var import_package = __toESM(require("@interopio/gateway-server/package.json"), 1);
+var serverHeader = (server) => {
+  server ??= `${import_package.default.name} - v${import_package.default.version}`;
+  return async ({ response }, next) => {
+    if (server !== false && !response.headers.has("server")) {
+      response.headers.set("Server", server);
+    }
+    await next();
+  };
+};
+var server_header_default = (server) => serverHeader(server);
+
+// src/server/ws-client-verify.ts
 var import_gateway3 = require("@interopio/gateway");
 var log3 = getLogger("gateway.ws.client-verify");
 function acceptsMissing(originFilters) {
@@ -912,19 +1173,6 @@ function regexifyOriginFilters(originFilters) {
   }
 }
 
-// src/server/server-header.ts
-var import_package = __toESM(require("@interopio/gateway-server/package.json"), 1);
-var serverHeader = (server) => {
-  server ??= `${import_package.default.name} - v${import_package.default.version}`;
-  return async ({ response }, next) => {
-    if (server !== false && !response.headers.has("server")) {
-      response.headers.set("Server", server);
-    }
-    await next();
-  };
-};
-var server_header_default = (server) => serverHeader(server);
-
 // src/server/util/matchers.ts
 var or = (matchers) => {
   return async (exchange) => {
@@ -1031,15 +1279,6 @@ upgradeMatcher.toString = () => "websocket upgrade";
 
 // src/app/route.ts
 var import_gateway4 = require("@interopio/gateway");
-function findSocketRoute({ request }, { sockets: routes }) {
-  const path = request.path ?? "/";
-  const route = routes.get(path) ?? Array.from(routes.values()).find((route2) => {
-    if (path === "/" && route2.default === true) {
-      return true;
-    }
-  });
-  return [route, path];
-}
 async function configure(app, config, routes) {
   const applyCors = (matcher, requestMethod, options) => {
     if (options?.cors) {
@@ -1087,6 +1326,93 @@ async function configure(app, config, routes) {
   await app(configurer, config);
 }
 
+// src/http/status.ts
+var HttpStatus = class _HttpStatus {
+  static CONTINUE = new _HttpStatus(100, "Continue");
+  static SWITCHING_PROTOCOLS = new _HttpStatus(101, "Switching Protocols");
+  // 2xx Success
+  static OK = new _HttpStatus(200, "OK");
+  static CREATED = new _HttpStatus(201, "Created");
+  static ACCEPTED = new _HttpStatus(202, "Accepted");
+  static NON_AUTHORITATIVE_INFORMATION = new _HttpStatus(203, "Non-Authoritative Information");
+  static NO_CONTENT = new _HttpStatus(204, "No Content");
+  static RESET_CONTENT = new _HttpStatus(205, "Reset Content");
+  static PARTIAL_CONTENT = new _HttpStatus(206, "Partial Content");
+  static MULTI_STATUS = new _HttpStatus(207, "Multi-Status");
+  static IM_USED = new _HttpStatus(226, "IM Used");
+  // 3xx Redirection
+  static MULTIPLE_CHOICES = new _HttpStatus(300, "Multiple Choices");
+  static MOVED_PERMANENTLY = new _HttpStatus(301, "Moved Permanently");
+  // 4xx Client Error
+  static BAD_REQUEST = new _HttpStatus(400, "Bad Request");
+  static UNAUTHORIZED = new _HttpStatus(401, "Unauthorized");
+  static FORBIDDEN = new _HttpStatus(403, "Forbidden");
+  static NOT_FOUND = new _HttpStatus(404, "Not Found");
+  static METHOD_NOT_ALLOWED = new _HttpStatus(405, "Method Not Allowed");
+  static NOT_ACCEPTABLE = new _HttpStatus(406, "Not Acceptable");
+  static PROXY_AUTHENTICATION_REQUIRED = new _HttpStatus(407, "Proxy Authentication Required");
+  static REQUEST_TIMEOUT = new _HttpStatus(408, "Request Timeout");
+  static CONFLICT = new _HttpStatus(409, "Conflict");
+  static GONE = new _HttpStatus(410, "Gone");
+  static LENGTH_REQUIRED = new _HttpStatus(411, "Length Required");
+  static PRECONDITION_FAILED = new _HttpStatus(412, "Precondition Failed");
+  static PAYLOAD_TOO_LARGE = new _HttpStatus(413, "Payload Too Large");
+  static URI_TOO_LONG = new _HttpStatus(414, "URI Too Long");
+  static UNSUPPORTED_MEDIA_TYPE = new _HttpStatus(415, "Unsupported Media Type");
+  static EXPECTATION_FAILED = new _HttpStatus(417, "Expectation Failed");
+  static IM_A_TEAPOT = new _HttpStatus(418, "I'm a teapot");
+  static TOO_EARLY = new _HttpStatus(425, "Too Early");
+  static UPGRADE_REQUIRED = new _HttpStatus(426, "Upgrade Required");
+  static PRECONDITION_REQUIRED = new _HttpStatus(428, "Precondition Required");
+  static TOO_MANY_REQUESTS = new _HttpStatus(429, "Too Many Requests");
+  static REQUEST_HEADER_FIELDS_TOO_LARGE = new _HttpStatus(431, "Request Header Fields Too Large");
+  static UNAVAILABLE_FOR_LEGAL_REASONS = new _HttpStatus(451, "Unavailable For Legal Reasons");
+  // 5xx Server Error
+  static INTERNAL_SERVER_ERROR = new _HttpStatus(500, "Internal Server Error");
+  static NOT_IMPLEMENTED = new _HttpStatus(501, "Not Implemented");
+  static BAD_GATEWAY = new _HttpStatus(502, "Bad Gateway");
+  static SERVICE_UNAVAILABLE = new _HttpStatus(503, "Service Unavailable");
+  static GATEWAY_TIMEOUT = new _HttpStatus(504, "Gateway Timeout");
+  static HTTP_VERSION_NOT_SUPPORTED = new _HttpStatus(505, "HTTP Version Not Supported");
+  static VARIANT_ALSO_NEGOTIATES = new _HttpStatus(506, "Variant Also Negotiates");
+  static INSUFFICIENT_STORAGE = new _HttpStatus(507, "Insufficient Storage");
+  static LOOP_DETECTED = new _HttpStatus(508, "Loop Detected");
+  static NOT_EXTENDED = new _HttpStatus(510, "Not Extended");
+  static NETWORK_AUTHENTICATION_REQUIRED = new _HttpStatus(511, "Network Authentication Required");
+  static #VALUES = [];
+  static {
+    Object.keys(_HttpStatus).filter((key) => key !== "VALUES" && key !== "resolve").forEach((key) => {
+      const value = _HttpStatus[key];
+      if (value instanceof _HttpStatus) {
+        Object.defineProperty(value, "name", { enumerable: true, value: key, writable: false });
+        _HttpStatus.#VALUES.push(value);
+      }
+    });
+  }
+  static resolve(code) {
+    for (const status of _HttpStatus.#VALUES) {
+      if (status.value === code) {
+        return status;
+      }
+    }
+  }
+  #value;
+  #phrase;
+  constructor(value, phrase) {
+    this.#value = value;
+    this.#phrase = phrase;
+  }
+  get value() {
+    return this.#value;
+  }
+  get phrase() {
+    return this.#phrase;
+  }
+  toString() {
+    return `${this.#value} ${this["name"]}`;
+  }
+};
+
 // src/server/cors.ts
 var import_gateway5 = require("@interopio/gateway");
 function isSameOrigin(request) {
@@ -1241,7 +1567,7 @@ var corsFilter = (opts) => {
 var cors_default = corsFilter;
 var logger = getLogger("cors");
 function rejectRequest(response) {
-  response.statusCode = 403;
+  response.setStatusCode(HttpStatus.FORBIDDEN);
 }
 function handleInternal(exchange, config, preFlightRequest) {
   const { request, response } = exchange;
@@ -1331,70 +1657,243 @@ function checkMethods(config, requestMethod) {
     if (allowedMethods === ALL) {
       return [requestMethod];
     }
-    if (import_gateway5.IOGateway.Filtering.valuesMatch(allowedMethods, requestMethod)) {
-      return allowedMethods;
+    if (import_gateway5.IOGateway.Filtering.valuesMatch(allowedMethods, requestMethod)) {
+      return allowedMethods;
+    }
+  }
+}
+function checkHeaders(config, requestHeaders) {
+  if (requestHeaders === void 0) {
+    return;
+  }
+  if (requestHeaders.length == 0) {
+    return [];
+  }
+  const allowedHeaders = config.allowHeaders;
+  if (allowedHeaders === void 0) {
+    return;
+  }
+  const allowAnyHeader = allowedHeaders === ALL || allowedHeaders.includes(ALL);
+  const result = [];
+  for (const requestHeader of requestHeaders) {
+    const value = requestHeader?.trim();
+    if (value) {
+      if (allowAnyHeader) {
+        result.push(value);
+      } else {
+        for (const allowedHeader of allowedHeaders) {
+          if (value.toLowerCase() === allowedHeader) {
+            result.push(value);
+            break;
+          }
+        }
+      }
+    }
+  }
+  if (result.length > 0) {
+    return result;
+  }
+}
+function trimTrailingSlash(origin) {
+  return origin.endsWith("/") ? origin.slice(0, -1) : origin;
+}
+function getMethodToUse(request, isPreFlight) {
+  return isPreFlight ? request.headers.one("access-control-request-method") : request.method;
+}
+function getHeadersToUse(request, isPreFlight) {
+  const headers2 = request.headers;
+  return isPreFlight ? headers2.list("access-control-request-headers") : Array.from(headers2.keys());
+}
+var matchingCorsConfigSource = (opts) => {
+  return async (exchange) => {
+    for (const [matcher, config] of opts.mappings) {
+      if ((await matcher(exchange)).match) {
+        logger.debug(`resolved cors config on '${exchange.request.path}' using ${matcher}: ${JSON.stringify(config)}`);
+        return config;
+      }
+    }
+  };
+};
+
+// src/mock/server/exchange.ts
+var import_web = __toESM(require("node:stream/web"), 1);
+var MockServerHttpRequest = class extends AbstractHttpRequest {
+  #url;
+  #body;
+  upgrade = false;
+  constructor(url, method) {
+    super(new MapHttpHeaders());
+    if (typeof url === "string") {
+      if (URL.canParse(url)) {
+        url = new URL(url);
+      } else if (URL.canParse(url, "http://localhost")) {
+        url = new URL(url, "http://localhost");
+      } else {
+        throw new TypeError("URL cannot parse url");
+      }
+    }
+    this.#url = url;
+    this.method = method ?? "GET";
+    this.setHeader("Host", this.#url.hostname);
+    this.path = this.#url.pathname ?? "/";
+  }
+  method;
+  path;
+  get host() {
+    return super.parseHost(this.#url.host);
+  }
+  get protocol() {
+    return super.parseProtocol(this.#url.protocol.slice(0, -1));
+  }
+  get body() {
+    if (this.#body !== void 0) {
+      const blob = this.#body;
+      const asyncIterator = async function* () {
+        const bytes = await blob.bytes();
+        yield bytes;
+      }();
+      return import_web.default.ReadableStream.from(asyncIterator);
+    }
+  }
+  blob() {
+    const body = this.#body;
+    return body ? Promise.resolve(body) : Promise.reject(new Error(`no body set`));
+  }
+  async text() {
+    const blob = await this.blob();
+    return await blob.text();
+  }
+  async formData() {
+    const blob = await this.blob();
+    const text = await blob.text();
+    return new URLSearchParams(text);
+  }
+  async json() {
+    const blob = await this.blob();
+    if (blob.size === 0) {
+      return void 0;
+    }
+    const text = await blob.text();
+    return JSON.parse(text);
+  }
+  async writeBody(body) {
+    if (body === void 0) {
+      this.#body = new Blob([]);
+      return;
+    }
+    if (body instanceof ReadableStream) {
+      const chunks = [];
+      const reader = body.getReader();
+      let done = false;
+      while (!done) {
+        const { value, done: readDone } = await reader.read();
+        if (readDone) {
+          done = true;
+        } else {
+          chunks.push(value);
+        }
+      }
+      this.#body = new Blob(chunks);
+    } else {
+      body = await body;
+      if (typeof body === "string") {
+        this.#body = new Blob([body], { type: "text/plain" });
+      } else {
+        this.#body = new Blob([body]);
+      }
+    }
+    if (!this.headers.has("content-type")) {
+      this.setHeader("Content-Type", this.#body.type || "application/octet-stream");
     }
   }
-}
-function checkHeaders(config, requestHeaders) {
-  if (requestHeaders === void 0) {
-    return;
+  get URL() {
+    return new URL(this.path + this.#url.search + this.#url.hash, `${this.protocol}://${this.host}`);
   }
-  if (requestHeaders.length == 0) {
-    return [];
+  addHeader(name, value) {
+    this.headers.add(name, value);
+    return this;
   }
-  const allowedHeaders = config.allowHeaders;
-  if (allowedHeaders === void 0) {
-    return;
+  setHeader(name, value) {
+    this.headers.set(name, value);
+    return this;
   }
-  const allowAnyHeader = allowedHeaders === ALL || allowedHeaders.includes(ALL);
-  const result = [];
-  for (const requestHeader of requestHeaders) {
-    const value = requestHeader?.trim();
-    if (value) {
-      if (allowAnyHeader) {
-        result.push(value);
-      } else {
-        for (const allowedHeader of allowedHeaders) {
-          if (value.toLowerCase() === allowedHeader) {
-            result.push(value);
-            break;
-          }
+};
+var MockServerHttpResponse = class extends AbstractServerHttpResponse {
+  #writeHandler;
+  #body = () => {
+    throw new Error("No content was written to the response body nor end was called on this response.");
+  };
+  constructor() {
+    super(new MapHttpHeaders());
+    this.#writeHandler = async (body) => {
+      const chunks = [];
+      let bodyStream;
+      this.#body = () => {
+        bodyStream ??= import_web.default.ReadableStream.from(chunks);
+        return bodyStream;
+      };
+      const reader = body.getReader();
+      let done = false;
+      do {
+        const { value, done: readDone } = await reader.read();
+        if (readDone) {
+          done = true;
+        } else {
+          chunks.push(value);
         }
-      }
-    }
+      } while (!done);
+      return true;
+    };
   }
-  if (result.length > 0) {
-    return result;
+  get statusCode() {
+    return super.statusCode;
   }
-}
-function trimTrailingSlash(origin) {
-  return origin.endsWith("/") ? origin.slice(0, -1) : origin;
-}
-function getMethodToUse(request, isPreFlight) {
-  return isPreFlight ? request.headers.one("access-control-request-method") : request.method;
-}
-function getHeadersToUse(request, isPreFlight) {
-  const headers2 = request.headers;
-  return isPreFlight ? headers2.list("access-control-request-headers") : Array.from(headers2.keys());
-}
-var matchingCorsConfigSource = (opts) => {
-  return async (exchange) => {
-    for (const [matcher, config] of opts.mappings) {
-      if ((await matcher(exchange)).match) {
-        logger.debug(`resolved cors config on '${exchange.request.path}' using ${matcher}: ${JSON.stringify(config)}`);
-        return config;
-      }
+  set writeHandler(handler) {
+    this.#body = () => {
+      throw new Error("Not available with custom write handler");
+    };
+    this.#writeHandler = handler;
+  }
+  getNativeResponse() {
+    throw new Error("This is a mock. No running server, no native response.");
+  }
+  applyStatusCode() {
+  }
+  applyHeaders() {
+  }
+  applyCookies() {
+    for (const cookie of this.cookies) {
+      this.headers.add("Set-Cookie", super.setCookieValue(cookie));
     }
-  };
+  }
+  bodyInternal(body) {
+    const it = async function* () {
+      const resolved = await body;
+      if (resolved === void 0) {
+        return;
+      }
+      yield resolved;
+    }();
+    return this.#writeHandler(import_web.default.ReadableStream.from(it));
+  }
+  async end() {
+    return this.doCommit(async () => {
+      return await new Promise((resolve, reject) => {
+        this.#writeHandler(import_web.default.ReadableStream.from([]));
+      });
+    });
+  }
+  getBody() {
+    return this.#body();
+  }
 };
 
 // src/app/cors.ts
 function mockUpgradeExchange(path) {
-  const request = new MockHttpRequest(path, "GET");
-  request.headers.set("Upgrade", "websocket");
+  const request = new MockServerHttpRequest(path, "GET");
+  request.setHeader("Upgrade", "websocket");
   request.upgrade = true;
-  return new DefaultWebExchange(request, new MockHttpResponse());
+  return new DefaultWebExchange(request, new MockServerHttpResponse());
 }
 async function createCorsConfigSource(context) {
   const { sockets: routes, cors } = context;
@@ -1411,8 +1910,8 @@ async function createCorsConfigSource(context) {
     routeCorsConfig = combineCorsConfig(routeCorsConfig, {
       allowOrigins: route.originFilters?.allow,
       allowMethods: ["GET", "CONNECT"],
-      allowHeaders: ["upgrade", "connection", "origin", "sec-websocket-key", "sec-websocket-version", "sec-websocket-protocol", "sec-websocket-extensions"],
-      exposeHeaders: ["sec-websocket-accept", "sec-websocket-protocol", "sec-websocket-extensions"],
+      allowHeaders: ["Upgrade", "Connection", "Origin", "Sec-Websocket-Key", "Sec-Websocket-Version", "Sec-Websocket-Protocol", "Sec-Websocket-Extensions"],
+      exposeHeaders: ["Sec-Websocket-Accept", "Sec-Websocket-Protocol", "Sec-Websocket-Extensions"],
       allowCredentials: route.authorize?.access !== "permitted"
     });
     validatedConfigs.push([and([upgradeMatcher, pattern(path)]), validateCorsConfig(routeCorsConfig)]);
@@ -1655,7 +2154,7 @@ var httpBasicEntryPoint = (opts) => {
   const headerValue = createHeaderValue(opts?.realm ?? DEFAULT_REALM);
   return async (exchange, _error) => {
     const { response } = exchange;
-    response.statusCode = 401;
+    response.setStatusCode(HttpStatus.UNAUTHORIZED);
     response.headers.set("WWW-Authenticate", headerValue);
   };
 };
@@ -1675,12 +2174,17 @@ var httpBasicAuthenticationConverter = (opts) => {
     if (parts.length !== 2) {
       return void 0;
     }
-    return { type: "UsernamePassword", authenticated: false, principal: parts[0], credentials: parts[1] };
+    return {
+      type: "UsernamePassword",
+      authenticated: false,
+      principal: parts[0],
+      credentials: parts[1]
+    };
   };
 };
 
 // src/server/security/security-context.ts
-var import_node_async_hooks = require("node:async_hooks");
+var import_node_async_hooks2 = require("node:async_hooks");
 var AsyncStorageSecurityContextHolder = class _AsyncStorageSecurityContextHolder {
   static hasSecurityContext(storage) {
     return storage.getStore()?.securityContext !== void 0;
@@ -1692,7 +2196,7 @@ var AsyncStorageSecurityContextHolder = class _AsyncStorageSecurityContextHolder
     delete storage.getStore()?.securityContext;
   }
   static withSecurityContext(securityContext) {
-    return (storage = new import_node_async_hooks.AsyncLocalStorage()) => {
+    return (storage = new import_node_async_hooks2.AsyncLocalStorage()) => {
       storage.getStore().securityContext = securityContext;
       return storage;
     };
@@ -1769,8 +2273,7 @@ function authenticationFilter(opts) {
 var httpStatusEntryPoint = (opts) => {
   return async (exchange, _error) => {
     const response = exchange.response;
-    response.statusCode = opts.httpStatus.code;
-    response.statusMessage = opts.httpStatus.message;
+    response.setStatusCode(opts.httpStatus);
   };
 };
 
@@ -1778,7 +2281,7 @@ var httpStatusEntryPoint = (opts) => {
 var logger2 = getLogger("auth.entry-point");
 var delegatingEntryPoint = (opts) => {
   const defaultEntryPoint = opts.defaultEntryPoint ?? (async ({ response }, _error) => {
-    response.statusCode = 401;
+    response.setStatusCode(HttpStatus.UNAUTHORIZED);
     await response.end();
   });
   return async (exchange, error) => {
@@ -1816,12 +2319,12 @@ function httpBasic(opts) {
     const headers2 = exchange.request.headers;
     const h = headers2.list("X-Requested-With");
     if (h.includes("XMLHttpRequest")) {
-      return { match: true };
+      return match();
     }
-    return { match: false };
+    return NO_MATCH;
   };
   const defaultEntryPoint = delegatingEntryPoint({
-    entryPoints: [[xhrMatcher, httpStatusEntryPoint({ httpStatus: { code: 401 } })]],
+    entryPoints: [[xhrMatcher, httpStatusEntryPoint({ httpStatus: HttpStatus.UNAUTHORIZED })]],
     defaultEntryPoint: httpBasicEntryPoint({})
   });
   const entryPoint = opts.entryPoint ?? defaultEntryPoint;
@@ -1864,7 +2367,7 @@ var DEFAULT_URI = "https://tools.ietf.org/html/rfc6750#section-3.1";
 function invalidToken(message) {
   return {
     errorCode: BearerTokenErrorCodes.invalid_token,
-    httpStatus: 401,
+    httpStatus: HttpStatus.UNAUTHORIZED,
     description: message,
     uri: DEFAULT_URI
   };
@@ -1872,7 +2375,7 @@ function invalidToken(message) {
 function invalidRequest(message) {
   return {
     errorCode: BearerTokenErrorCodes.invalid_request,
-    httpStatus: 400,
+    httpStatus: HttpStatus.BAD_REQUEST,
     description: message,
     uri: DEFAULT_URI
   };
@@ -1948,7 +2451,10 @@ async function resolveFromBody(exchange, allow = false) {
   if (!allow || "application/x-www-form-urlencoded" !== request.headers.one("content-type") || request.method !== "POST") {
     return;
   }
-  return resolveTokens(await exchange.request.formData);
+  const parameters = await exchange.request.formData();
+  if (parameters) {
+    return resolveTokens(parameters);
+  }
 }
 var token_converter_default = serverBearerTokenAuthenticationConverter;
 
@@ -1978,7 +2484,7 @@ function getStatus(authError) {
       return error.httpStatus;
     }
   }
-  return 401;
+  return HttpStatus.UNAUTHORIZED;
 }
 function createParameters(authError, realm) {
   const parameters = /* @__PURE__ */ new Map();
@@ -2007,7 +2513,7 @@ var bearerTokenServerAuthenticationEntryPoint = (opts) => {
     const wwwAuthenticate = computeWWWAuthenticate(parameters);
     const { response } = exchange;
     response.headers.set("WWW-Authenticate", wwwAuthenticate);
-    response.statusCode = status;
+    response.setStatusCode(status);
     await response.end();
   };
 };
@@ -2094,18 +2600,17 @@ async function commenceAuthentication(exchange, authentication, entryPoint) {
   }
   await entryPoint(exchange, e);
 }
-function httpStatusAccessDeniedHandler(status, message) {
+function httpStatusAccessDeniedHandler(httpStatus) {
   return async (exchange, _error) => {
-    exchange.response.statusCode = status;
-    exchange.response.statusMessage = message;
-    exchange.response.headers.set("Content-Type", "text/plain");
-    const bytes = Buffer.from("Access Denied", "utf-8");
-    exchange.response.headers.set("Content-Length", bytes.length);
-    await exchange.response.end(bytes);
+    exchange.response.setStatusCode(httpStatus);
+    exchange.response.headers.set("Content-Type", "text/plain; charset=utf-8");
+    const buffer = Buffer.from("Access Denied", "utf-8");
+    exchange.response.headers.set("Content-Length", buffer.length);
+    await exchange.response.body(buffer);
   };
 }
 var errorFilter = (opts) => {
-  const accessDeniedHandler = httpStatusAccessDeniedHandler(403, "Forbidden");
+  const accessDeniedHandler = httpStatusAccessDeniedHandler(HttpStatus.FORBIDDEN);
   const authenticationEntryPoint = opts.authenticationEntryPoint ?? httpBasicEntryPoint();
   return async (exchange, next) => {
     try {
@@ -2117,17 +2622,19 @@ var errorFilter = (opts) => {
           await commenceAuthentication(exchange, void 0, authenticationEntryPoint);
         } else {
           if (!principal.authenticated) {
-            return accessDeniedHandler(exchange, error);
+            await accessDeniedHandler(exchange, error);
           }
           await commenceAuthentication(exchange, principal, authenticationEntryPoint);
         }
+        return;
       }
+      throw error;
     }
   };
 };
 
 // src/server/security/delegating-authorization-manager.ts
-var logger3 = getLogger("auth");
+var logger3 = getLogger("security.auth");
 function delegatingAuthorizationManager(opts) {
   const check = async (authentication, exchange) => {
     let decision;
@@ -2170,6 +2677,25 @@ function authorizationFilter(opts) {
   };
 }
 
+// src/server/security/exchange-filter.ts
+var SecurityContextServerWebExchange = class extends ServerWebExchangeDecorator {
+  #context;
+  constructor(exchange, context) {
+    super(exchange);
+    this.#context = context;
+  }
+  async principal() {
+    const context = await this.#context();
+    return context?.authentication;
+  }
+};
+var exchangeFilter = (opts) => {
+  const storage = opts.storage;
+  return async (exchange, next) => {
+    await next(new SecurityContextServerWebExchange(exchange, async () => await AsyncStorageSecurityContextHolder.getContext(storage)));
+  };
+};
+
 // src/server/security/config.ts
 var filterOrder = {
   first: Number.MAX_SAFE_INTEGER,
@@ -2178,6 +2704,7 @@ var filterOrder = {
   cors: 3 * 100,
   http_basic: 6 * 100,
   authentication: 8 * 100,
+  security_context_server_web_exchange: 15 * 100,
   error_translation: 18 * 100,
   authorization: 19 * 100,
   last: Number.MAX_SAFE_INTEGER
@@ -2264,9 +2791,12 @@ var config_default = (config, context) => {
         const authenticationConverterMatcher = async (exchange) => {
           try {
             const a = await authenticationConverter(exchange);
-            return { match: a !== void 0 };
+            if (a === void 0) {
+              return NO_MATCH;
+            }
+            return match();
           } catch (e) {
-            return { match: false };
+            return NO_MATCH;
           }
         };
         const entryPoint = token_entry_point_default({});
@@ -2280,6 +2810,9 @@ var config_default = (config, context) => {
         filter[filterOrderSymbol] = filterOrder.authentication;
         middleware.push(filter);
       }
+      const exchangeF = exchangeFilter({ storage: context.storage });
+      middleware.push(exchangeF);
+      exchangeF[filterOrderSymbol] = filterOrder.security_context_server_web_exchange;
       if (config.authorize !== void 0) {
         const errorFf = errorFilter({ authenticationEntryPoint: this.authenticationEntryPoint });
         errorFf[filterOrderSymbol] = filterOrder.error_translation;
@@ -2373,121 +2906,341 @@ async function httpSecurity(context) {
   return config_default(config, { storage, corsConfigSource });
 }
 
-// src/server.ts
-var logger5 = getLogger("app");
-function secureContextOptions(ssl) {
-  const options = {};
-  if (ssl.key) options.key = (0, import_node_fs.readFileSync)(ssl.key);
-  if (ssl.cert) options.cert = (0, import_node_fs.readFileSync)(ssl.cert);
-  if (ssl.ca) options.ca = (0, import_node_fs.readFileSync)(ssl.ca);
-  return options;
-}
-async function createListener(context, onSocketError) {
-  const storage = context.storage;
-  const security = await httpSecurity(context);
-  const listener = compose(
-    server_header_default(context.serverHeader),
-    ...security,
-    // websocket upgrade handler
-    async (exchange, next) => {
-      const [route, path] = findSocketRoute(exchange, context);
-      if (route !== void 0) {
-        const { request, response } = exchange;
-        const upgradeMatchResult = await upgradeMatcher(exchange);
-        if ((request.method === "GET" || request.method === "CONNECT") && upgradeMatchResult.match) {
-          const socket = response.unsafeServerResponse.socket;
-          const host = request.host;
-          const info2 = socketKey(socket);
-          if (route.wss) {
-            socket.removeListener("error", onSocketError);
-            const wss = route.wss;
-            if (route.maxConnections !== void 0 && wss.clients?.size >= route.maxConnections) {
-              logger5.warn(`${info2} dropping ws connection request from ${host} on ${path}. max connections exceeded.`);
-              socket.destroy();
-              return;
-            }
-            const origin = request.headers.one("origin");
-            if (!acceptsOrigin(origin, route.originFilters)) {
-              logger5.info(`${info2} dropping ws connection request from ${host} on ${path}. origin ${origin ?? "<missing>"}`);
-              socket.destroy();
-              return;
-            }
-            if (logger5.enabledFor("debug")) {
-              logger5.debug(`${info2} accepted new ws connection request from ${host} on ${path}`);
-            }
-            const upgradeHead = response.unsafeServerResponse.upgradeHead;
-            wss.handleUpgrade(request.unsafeIncomingMessage, socket, upgradeHead, (ws2) => {
-              response.unsafeServerResponse.markHeadersSent();
-              ws2.on("pong", () => ws2["connected"] = true);
-              ws2.on("ping", () => {
-              });
-              wss.emit("connection", ws2, request.unsafeIncomingMessage);
-            });
-          } else {
-            logger5.warn(`${info2} rejected upgrade request from ${host} on ${path}`);
-            socket.destroy();
-          }
-        } else {
-          if (route.default) {
-            await next();
-            return;
-          }
-          if (logger5.enabledFor("debug")) {
-            logger5.debug(`rejecting request for ${path} with method ${request.method} from ${request.socket.remoteAddress}:${request.socket.remotePort} with headers: ${JSON.stringify(request.headers)}`);
-          }
-          response.statusCode = 426;
-          response.headers.set("Upgrade", "websocket").set("Connection", "Upgrade").set("Content-Type", "text/plain");
-          await response.end(`This service [${request.path}] requires use of the websocket protocol.`);
-        }
+// src/server/handler.ts
+var import_node_async_hooks3 = require("node:async_hooks");
+var HttpHeadResponseDecorator = class extends ServerHttpResponseDecorator {
+};
+var HandlerAdapter = class {
+  #logger;
+  #enableLoggingRequestDetails = false;
+  #delegate;
+  #storage;
+  constructor(logger7, delegate) {
+    this.#logger = logger7;
+    this.#delegate = delegate;
+  }
+  createExchange(request, response) {
+    const exchange = new DefaultWebExchange(request, response);
+    return exchange;
+  }
+  set storage(storage) {
+    this.#storage = storage;
+  }
+  set enableLoggingRequestDetails(value) {
+    this.#enableLoggingRequestDetails = value;
+  }
+  formatHeaders(headers2) {
+    let result = "{";
+    for (const key of headers2.keys()) {
+      if (!this.#enableLoggingRequestDetails) {
+        result += "masked, ";
+        break;
       } else {
-        await next();
+        const value = headers2.get(key);
+        result += `"${key}": "${value}", `;
       }
-    },
-    ...context.middleware,
-    // health check
-    async ({ request, response }, next) => {
-      if (request.method === "GET" && request.path === "/health") {
-        response.statusCode = 200;
-        await response.end(import_node_http2.default.STATUS_CODES[200]);
+    }
+    if (result.endsWith(", ")) {
+      result = result.slice(0, -2);
+    }
+    result += "}";
+    return result;
+  }
+  formatRequest(request) {
+    const query = request.URL.search;
+    return `HTTP ${request.method} "${request.path}${query}`;
+  }
+  logRequest(exchange) {
+    if (this.#logger.enabledFor("debug")) {
+      const trace = this.#logger.enabledFor("trace");
+      this.#logger.debug(`${exchange.logPrefix}${this.formatRequest(exchange.request)}${trace ? `, headers: ${this.formatHeaders(exchange.request.headers)}` : ""}"`);
+    }
+  }
+  logResponse(exchange) {
+    if (this.#logger.enabledFor("debug")) {
+      const trace = this.#logger.enabledFor("trace");
+      const status = exchange.response.statusCode;
+      this.#logger.debug(`${exchange.logPrefix}Completed ${status ?? "200 OK"}${trace ? `, headers: ${this.formatHeaders(exchange.response.headers)}` : ""}"`);
+    }
+  }
+  handleUnresolvedError(exchange, error) {
+    const { request, response, logPrefix } = exchange;
+    if (response.setStatusCode(HttpStatus.INTERNAL_SERVER_ERROR)) {
+      this.#logger.error(`${logPrefix}500 Server Error for ${this.formatRequest(request)}`, error);
+      return;
+    }
+    this.#logger.error(`${logPrefix}Error [${error.message} for ${this.formatRequest(request)}, but already ended (${response.statusCode})`, error);
+    throw error;
+  }
+  async web(exchange) {
+    return await this.#delegate(exchange);
+  }
+  async http(request, response) {
+    const exchange = this.createExchange(request, response);
+    const callback = () => {
+      this.logRequest(exchange);
+      return this.web(exchange).then(() => {
+        this.logResponse(exchange);
+      }).catch((error) => {
+        this.handleUnresolvedError(exchange, error);
+      }).then(async () => {
+        await exchange.response.end();
+      });
+    };
+    await new Promise((resolve, reject) => {
+      if (this.#storage !== void 0) {
+        this.#storage.run({ exchange }, () => {
+          callback().then(() => resolve()).catch((error) => reject(error));
+        });
       } else {
-        await next();
+        callback().then(() => resolve()).catch((error) => reject(error));
       }
-    },
-    // home page
-    async ({ request, response }, next) => {
-      if (request.method === "GET" && request.path === "/") {
-        await response.end(`io.Gateway Server`);
+    });
+  }
+};
+var WebHttpHandlerBuilder = class {
+  #webHandler;
+  #storage = new import_node_async_hooks3.AsyncLocalStorage();
+  #handlerDecorator;
+  storage(storage) {
+    this.#storage = storage;
+    return this;
+  }
+  httpHandlerDecorator(decorator) {
+    if (this.#handlerDecorator === void 0) {
+      this.#handlerDecorator = decorator;
+    } else {
+      const previousDecorator = this.#handlerDecorator;
+      this.#handlerDecorator = (handler) => {
+        handler = previousDecorator(handler);
+        return decorator(handler);
+      };
+    }
+    return this;
+  }
+  constructor(webHandler) {
+    this.#webHandler = webHandler;
+  }
+  build() {
+    const logger7 = getLogger("http");
+    const adapter = new HandlerAdapter(logger7, this.#webHandler);
+    if (this.#storage !== void 0) adapter.storage = this.#storage;
+    adapter.enableLoggingRequestDetails = false;
+    const adapted = async (request, response) => adapter.http(request, response);
+    return this.#handlerDecorator ? this.#handlerDecorator(adapted) : adapted;
+  }
+};
+
+// src/server/ws.ts
+var import_ws = require("ws");
+
+// src/server/socket.ts
+function createHandshakeInfo(req, protocol) {
+  const exchange = req?.exchange;
+  const request = exchange?.request ?? new HttpServerRequest(req);
+  const principalPromiseProvider = exchange?.principal;
+  const principal = principalPromiseProvider ? principalPromiseProvider.bind(exchange) : async function principal2() {
+    return void 0;
+  };
+  const url = request.URL;
+  const headers2 = new MapHttpHeaders();
+  for (const key of request.headers.keys()) {
+    headers2.set(key, request.headers.list(key));
+  }
+  const cookies = request.cookies;
+  const logPrefix = exchange?.logPrefix ?? `[${request.id}] `;
+  const remoteAddress = request.remoteAddress;
+  const handshake = {
+    url,
+    headers: headers2,
+    cookies,
+    principal,
+    protocol,
+    remoteAddress,
+    logPrefix
+  };
+  return handshake;
+}
+function webSockets(context) {
+  const sockets = async (exchange, next) => {
+    const request = exchange.request;
+    const path = request.path ?? "/";
+    const routes = context.sockets;
+    const route = routes.get(path) ?? Array.from(routes.values()).find((route2) => {
+      if (path === "/" && route2.default === true) {
+        return true;
+      }
+    });
+    if (route !== void 0) {
+      const { request: request2, response } = exchange;
+      const upgradeMatchResult = await upgradeMatcher(exchange);
+      if ((request2.method === "GET" || request2.method === "CONNECT") && upgradeMatchResult.match) {
+        if (route.upgradeStrategy !== void 0) {
+          route.upgradeStrategy(exchange);
+          return;
+        } else {
+          throw new Error(`No upgrade strategy defined for route on ${path}`);
+        }
       } else {
-        await next();
+        if (route.default) {
+          await next();
+          return;
+        }
+        response.setStatusCode(HttpStatus.UPGRADE_REQUIRED);
+        response.headers.set("Upgrade", "websocket").set("Connection", "Upgrade").set("Content-Type", "text/plain");
+        const buffer = Buffer.from(`This service [${request2.path}] requires use of the websocket protocol.`, "utf-8");
+        await response.body(buffer);
       }
-    },
-    // not found
-    async ({ response }, _next) => {
-      response.statusCode = 404;
-      await response.end(import_node_http2.default.STATUS_CODES[404]);
+    } else {
+      await next();
     }
-  );
-  return async (request, response) => {
-    request.socket.addListener("error", onSocketError);
-    const exchange = new DefaultWebExchange(new HttpServerRequest(request), new HttpServerResponse(response));
-    request.exchange = exchange;
-    return await storage.run({ exchange }, async () => {
-      if (logger5.enabledFor("debug")) {
-        const socket = exchange.request.socket;
-        if (logger5.enabledFor("debug")) {
-          logger5.debug(`received ${exchange.method} request for ${exchange.path} from ${socket.remoteAddress}:${socket.remotePort}`);
-        }
+  };
+  return [sockets];
+}
+
+// src/server/ws.ts
+var ExtendedWebSocket = class extends import_ws.WebSocket {
+  constructor(first, second, options) {
+    super(null, void 0, options);
+  }
+  connected;
+};
+var logger5 = getLogger("ws");
+function upgradeStrategy(path, route, wss, onSocketError) {
+  return (exchange) => {
+    const { logPrefix, request } = exchange;
+    const req = ServerHttpRequestDecorator.getNativeRequest(request);
+    req.exchange = exchange;
+    const { socket, upgradeHead } = req;
+    const host = request.host;
+    socket.removeListener("error", onSocketError);
+    if (route.maxConnections !== void 0 && wss.clients?.size >= route.maxConnections) {
+      logger5.warn(`${logPrefix}dropping ws connection request on ${host}${path}. max connections exceeded.`);
+      socket.destroy();
+      return;
+    }
+    const origin = request.headers.one("origin");
+    if (!acceptsOrigin(origin, route.originFilters)) {
+      if (logger5.enabledFor("info")) {
+        logger5.info(`${logPrefix}dropping ws connection request on ${host}${path}. origin ${origin ?? "<missing>"}`);
       }
-      try {
-        return await listener(exchange);
-      } catch (e) {
-        if (logger5.enabledFor("warn")) {
-          logger5.warn(`error processing request for ${exchange.path}`, e);
-        }
-      } finally {
-        await exchange.response.end();
+      socket.destroy();
+      return;
+    }
+    if (logger5.enabledFor("debug")) {
+      logger5.debug(`${logPrefix}accepted new ws connection request on ${host}${path}`);
+    }
+    wss.handleUpgrade(req, socket, upgradeHead, (client, req2) => {
+      wss.emit("connection", client, req2);
+    });
+  };
+}
+function applyHandshakeHeaders(headers2, response) {
+  const seen = /* @__PURE__ */ new Set();
+  headers2.forEach((header, index) => {
+    if (index === 0 && header.startsWith("HTTP/1.1 101 ")) {
+      response.setStatusCode(HttpStatus.SWITCHING_PROTOCOLS);
+      return;
+    }
+    const [name, value] = header.split(": ");
+    if (response.headers.has(name)) {
+      headers2[index] = `${name}: ${response.headers.one(name)}`;
+    } else {
+      response.headers.set(name, value);
+    }
+    seen.add(name.toLowerCase());
+  });
+  const nativeResponse = ServerHttpResponseDecorator.getNativeResponse(response);
+  for (const name of nativeResponse.getRawHeaderNames()) {
+    const nameLowerCase = name.toLowerCase();
+    if (!seen.has(nameLowerCase)) {
+      const value = response.headers.get(nameLowerCase);
+      if (value !== void 0) {
+        headers2.push(`${name}: ${value}`);
+      }
+    }
+  }
+  nativeResponse.markHeadersSent();
+}
+async function initRoute(path, route, endpoint, storage, onSocketError) {
+  try {
+    logger5.info(`creating ws server for [${path}]. max connections: ${route.maxConnections ?? "<unlimited>"}, origin filters: ${route.originFilters ? JSON.stringify(route.originFilters, regexAwareReplacer) : "<none>"}`);
+    const wss = new import_ws.WebSocketServer({
+      noServer: true,
+      WebSocket: ExtendedWebSocket,
+      autoPong: false
+    });
+    const handler = await route.factory({ endpoint, storage });
+    wss.on("error", (err) => {
+      logger5.error(`error starting the ws server for [${path}]`, err);
+    }).on("listening", () => {
+      logger5.info(`ws server for [${path}] is listening`);
+    }).on("headers", (headers2, request) => {
+      if (request.exchange !== void 0) {
+        const { response } = request.exchange;
+        applyHandshakeHeaders(headers2, response);
       }
+    }).on("connection", (socket, request) => {
+      const handshake = createHandshakeInfo(request, socket.protocol);
+      socket.on("pong", () => socket.connected = true);
+      socket.on("ping", () => {
+      });
+      handler({ socket, handshake });
     });
+    const pingInterval = route.ping;
+    if (pingInterval) {
+      const pingIntervalId = setInterval(() => {
+        for (const client of wss.clients) {
+          if (client.connected === false) {
+            client.terminate();
+          }
+          client.connected = false;
+          client.ping();
+        }
+      }, pingInterval);
+      wss.on("close", () => {
+        clearInterval(pingIntervalId);
+      });
+    }
+    route.upgradeStrategy = upgradeStrategy(path, route, wss, onSocketError);
+    route.close = async () => {
+      await handler.close?.call(handler);
+      logger5.info(`stopping ws server for [${path}]. clients: ${wss.clients?.size ?? 0}`);
+      wss.clients?.forEach((client) => {
+        client.terminate();
+      });
+      wss.close();
+    };
+  } catch (e) {
+    logger5.warn(`failed to init route ${path}`, e);
+  }
+}
+
+// src/server.ts
+var logger6 = getLogger("app");
+function secureContextOptions(ssl) {
+  const options = {};
+  if (ssl.key) options.key = (0, import_node_fs.readFileSync)(ssl.key);
+  if (ssl.cert) options.cert = (0, import_node_fs.readFileSync)(ssl.cert);
+  if (ssl.ca) options.ca = (0, import_node_fs.readFileSync)(ssl.ca);
+  return options;
+}
+async function createListener(builder, onSocketError) {
+  const httpHandler = builder.build();
+  return async (req, resOrUpgradeHead) => {
+    req.socket.addListener("error", onSocketError);
+    let res;
+    if (resOrUpgradeHead instanceof ExtendedHttpServerResponse) {
+      res = resOrUpgradeHead;
+    } else {
+      req.upgradeHead = resOrUpgradeHead;
+      res = new ExtendedHttpServerResponse(req);
+      res.assignSocket(req.socket);
+    }
+    const request = new HttpServerRequest(req);
+    const response = new HttpServerResponse(res);
+    const decoratedResponse = request.method === "HEAD" ? new HttpHeadResponseDecorator(response) : response;
+    await httpHandler(request, decoratedResponse);
   };
 }
 function promisify(fn) {
@@ -2512,8 +3265,44 @@ function memoryMonitor(config) {
     });
   }
 }
-function regexAwareReplacer(_key, value) {
-  return value instanceof RegExp ? value.toString() : value;
+async function initBuilder(context) {
+  const storage = context.storage;
+  const security = await httpSecurity(context);
+  const sockets = webSockets(context);
+  const handler = compose(
+    server_header_default(context.serverHeader),
+    ...security,
+    ...sockets,
+    ...context.middleware,
+    // health check
+    async ({ request, response }, next) => {
+      if (request.method === "GET" && request.path === "/health") {
+        response.setStatusCode(HttpStatus.OK);
+        const buffer = Buffer.from("UP", "utf-8");
+        response.headers.set("Content-Type", "text/plain; charset=utf-8");
+        await response.body(buffer);
+      } else {
+        await next();
+      }
+    },
+    // home page
+    async ({ request, response }, next) => {
+      if (request.method === "GET" && request.path === "/") {
+        response.setStatusCode(HttpStatus.OK);
+        const buffer = Buffer.from("io.Gateway Server", "utf-8");
+        response.headers.set("Content-Type", "text/plain; charset=utf-8");
+        await response.body(buffer);
+      } else {
+        await next();
+      }
+    },
+    // not found
+    async ({ response }, _next) => {
+      response.setStatusCode(HttpStatus.NOT_FOUND);
+      await response.end();
+    }
+  );
+  return new WebHttpHandlerBuilder(handler).storage(storage);
 }
 var Factory = async (options) => {
   const ssl = options.ssl;
@@ -2525,7 +3314,7 @@ var Factory = async (options) => {
     cors: [],
     authConfig: options.auth,
     authorize: [],
-    storage: new import_node_async_hooks2.AsyncLocalStorage(),
+    storage: new import_node_async_hooks4.AsyncLocalStorage(),
     sockets: /* @__PURE__ */ new Map()
   };
   const gw = import_gateway6.IOGateway.Factory({ ...options.gateway });
@@ -2540,8 +3329,9 @@ var Factory = async (options) => {
   }
   const ports = portRange(options.port ?? 0);
   const host = options.host;
-  const onSocketError = (err) => logger5.error(`socket error: ${err}`, err);
-  const listener = await createListener(context, onSocketError);
+  const onSocketError = (err) => logger6.error(`socket error: ${err}`, err);
+  const builder = await initBuilder(context);
+  const listener = await createListener(builder, onSocketError);
   const serverP = new Promise((resolve, reject) => {
     const server2 = createServer({
       IncomingMessage: ExtendedHttpIncomingMessage,
@@ -2549,95 +3339,45 @@ var Factory = async (options) => {
     }, listener);
     server2.on("error", (e) => {
       if (e["code"] === "EADDRINUSE") {
-        logger5.debug(`port ${e["port"]} already in use on address ${e["address"]}`);
+        logger6.debug(`port ${e["port"]} already in use on address ${e["address"]}`);
         const { value: port } = ports.next();
         if (port) {
-          logger5.info(`retry starting server on port ${port} and host ${host ?? "<unspecified>"}`);
+          logger6.info(`retry starting server on port ${port} and host ${host ?? "<unspecified>"}`);
           server2.close();
           server2.listen(port, host);
         } else {
-          logger5.warn(`all configured port(s) ${options.port} are in use. closing...`);
+          logger6.warn(`all configured port(s) ${options.port} are in use. closing...`);
           server2.close();
           reject(e);
         }
       } else {
-        logger5.error(`server error: ${e.message}`, e);
+        logger6.error(`server error: ${e.message}`, e);
         reject(e);
       }
     });
     server2.on("listening", async () => {
       const info2 = server2.address();
       for (const [path, route] of context.sockets) {
-        try {
-          logger5.info(`creating ws server for [${path}]. max connections: ${route.maxConnections ?? "<unlimited>"}, origin filters: ${route.originFilters ? JSON.stringify(route.originFilters, regexAwareReplacer) : "<none>"}`);
-          const wss = new ws.WebSocketServer({ noServer: true });
-          const endpoint = `${ssl ? "wss" : "ws"}://${localIp}:${info2.port}${path}`;
-          const handler = await route.factory({ endpoint });
-          wss.on("error", (err) => {
-            logger5.error(`error starting the ws server for [${path}]`, err);
-          }).on("listening", () => {
-            logger5.info(`ws server for [${path}] is listening`);
-          }).on("connection", (socket, req) => {
-            const { request, principal } = req.exchange;
-            const url = request.URL;
-            const headers2 = new MapHttpHeaders();
-            for (const key of request.headers.keys()) {
-              headers2.set(key, request.headers.get(key));
-            }
-            const cookies = request.cookies;
-            const handshake = {
-              url,
-              headers: headers2,
-              cookies,
-              principal,
-              protocol: socket.protocol,
-              remoteAddress: request.socket.remoteAddress,
-              remoteFamily: request.socket.remoteFamily,
-              remotePort: request.socket.remotePort,
-              logPrefix: socketKey(request.socket)
-            };
-            handler(socket, handshake);
-          });
-          const pingInterval = route.ping;
-          if (pingInterval) {
-            const pingIntervalId = setInterval(() => {
-              for (const client of wss.clients) {
-                if (client["connected"] === false) {
-                  client.terminate();
-                }
-                client["connected"] = false;
-                client.ping();
-              }
-            }, pingInterval);
-            wss.on("close", () => {
-              clearInterval(pingIntervalId);
-            });
-          }
-          route.wss = wss;
-          route.close = handler.close?.bind(handler);
-        } catch (e) {
-          logger5.warn(`failed to init route ${path}`, e);
-        }
+        const endpoint = `${ssl ? "wss" : "ws"}://${localIp}:${info2.port}${path}`;
+        await initRoute(path, route, endpoint, context.storage, onSocketError);
       }
-      logger5.info(`http server listening on ${info2.address}:${info2.port}`);
+      logger6.info(`http server listening on ${info2.address}:${info2.port}`);
       resolve(server2);
     });
-    server2.on("upgrade", (req, socket, head) => {
-      socket.on("error", onSocketError);
+    server2.on("upgrade", (req, _socket, head) => {
       try {
-        const res = ExtendedHttpServerResponse.forUpgrade(req, socket, head);
-        listener(req, res);
+        listener(req, head);
       } catch (err) {
-        logger5.error(`upgrade error: ${err}`, err);
+        logger6.error(`upgrade error: ${err}`, err);
       }
     }).on("close", async () => {
-      logger5.info(`http server closed.`);
+      logger6.info(`http server closed.`);
     });
     try {
       const { value: port } = ports.next();
       server2.listen(port, host);
     } catch (e) {
-      logger5.error(`error starting web socket server`, e);
+      logger6.error(`error starting web socket server`, e);
       reject(e instanceof Error ? e : new Error(`listen failed: ${e}`));
     }
   });
@@ -2647,16 +3387,11 @@ var Factory = async (options) => {
     async close() {
       for (const [path, route] of context.sockets) {
         try {
-          if (route.close) {
+          if (route.close !== void 0) {
             await route.close();
           }
-          logger5.info(`stopping ws server for [${path}]. clients: ${route.wss?.clients?.size ?? 0}`);
-          route.wss?.clients?.forEach((client) => {
-            client.terminate();
-          });
-          route.wss?.close();
         } catch (e) {
-          logger5.warn(`error closing route ${path}`, e);
+          logger6.warn(`error closing route ${path}`, e);
         }
       }
       await promisify((cb) => {