@irvinebroque/http-rfc-utils 0.1.0

package/dist/header-utils.js

@@ -0,0 +1,143 @@
+/**
+ * Shared HTTP header parsing utilities.
+ * Common patterns per RFC 9110 §5.6.2 (tokens), §5.6.4 (quoted-strings).
+ * @internal - not exported from the public API
+ * @see https://www.rfc-editor.org/rfc/rfc9110.html#section-5.6
+ */
+/**
+ * RFC 9110 §5.6.2: token characters.
+ * token = 1*tchar
+ * tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." /
+ *         "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
+ */
+export const TOKEN_CHARS = /^[!#$%&'*+\-.^_`|~A-Za-z0-9]+$/;
+/**
+ * RFC 9110 §12.4.2: q-value grammar.
+ * qvalue = ( "0" [ "." 0*3DIGIT ] ) / ( "1" [ "." 0*3("0") ] )
+ */
+export const QVALUE_REGEX = /^(?:0(?:\.\d{0,3})?|1(?:\.0{0,3})?)$/;
+/**
+ * Check if a header value is empty or whitespace-only.
+ *
+ * @param header - The header value to check
+ * @returns True if the header is null, undefined, empty, or whitespace-only
+ */
+export function isEmptyHeader(header) {
+    return !header || !header.trim();
+}
+/**
+ * Split a header value by delimiter, respecting quoted strings.
+ * Handles escape sequences within quoted strings per RFC 9110 §5.6.4.
+ *
+ * RFC 9110 §5.6.4: quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE
+ *
+ * @param value - The header value to split
+ * @param delimiter - The delimiter character (typically ',' or ';')
+ * @returns Array of split parts (not trimmed)
+ */
+// RFC 9110 §5.6.4: quoted-string and quoted-pair handling.
+export function splitQuotedValue(value, delimiter) {
+    const parts = [];
+    let current = '';
+    let inQuotes = false;
+    let escaped = false;
+    for (const char of value) {
+        if (escaped) {
+            current += char;
+            escaped = false;
+            continue;
+        }
+        if (char === '\\' && inQuotes) {
+            current += char;
+            escaped = true;
+            continue;
+        }
+        if (char === '"') {
+            inQuotes = !inQuotes;
+            current += char;
+            continue;
+        }
+        if (char === delimiter && !inQuotes) {
+            parts.push(current);
+            current = '';
+            continue;
+        }
+        current += char;
+    }
+    parts.push(current);
+    return parts;
+}
+/**
+ * Simple comma-split for headers that don't contain quoted values.
+ * Use this for simple list headers like Accept-Language, Accept-Encoding.
+ *
+ * @param value - The header value to split
+ * @returns Array of trimmed, non-empty parts
+ */
+export function splitListValue(value) {
+    return value.split(',').map(part => part.trim()).filter(Boolean);
+}
+/**
+ * Unquote a quoted-string value, handling escape sequences.
+ * If the value is not quoted, returns it trimmed.
+ *
+ * RFC 9110 §5.6.4: quoted-pair = "\" ( HTAB / SP / VCHAR / obs-text )
+ *
+ * @param value - The potentially quoted value
+ * @returns Unquoted value with escapes resolved
+ */
+// RFC 9110 §5.6.4: quoted-string unescaping.
+export function unquote(value) {
+    const trimmed = value.trim();
+    if (!trimmed.startsWith('"') || !trimmed.endsWith('"') || trimmed.length < 2) {
+        return trimmed;
+    }
+    const inner = trimmed.slice(1, -1);
+    let result = '';
+    let i = 0;
+    while (i < inner.length) {
+        if (inner[i] === '\\' && i + 1 < inner.length) {
+            result += inner[i + 1];
+            i += 2;
+        }
+        else {
+            result += inner[i];
+            i++;
+        }
+    }
+    return result;
+}
+/**
+ * Quote a value if it contains non-token characters.
+ * Escapes backslashes and double quotes within the value.
+ *
+ * @param value - The value to potentially quote
+ * @returns Token value as-is, or quoted-string if needed
+ */
+// RFC 9110 §5.6.2, §5.6.4: token vs quoted-string selection.
+export function quoteIfNeeded(value) {
+    if (value === '') {
+        return '""';
+    }
+    if (TOKEN_CHARS.test(value)) {
+        return value;
+    }
+    const escaped = value.replace(/\\/g, '\\\\').replace(/"/g, '\\"');
+    return `"${escaped}"`;
+}
+/**
+ * Parse a q-value (quality value) from a string.
+ * Returns null if the value is invalid per RFC 9110 §12.4.2.
+ *
+ * @param value - The q-value string (e.g., "0.9", "1", "0.123")
+ * @returns Parsed number between 0 and 1, or null if invalid
+ */
+// RFC 9110 §12.4.2: qvalue parsing.
+export function parseQValue(value) {
+    const trimmed = value.trim();
+    if (!QVALUE_REGEX.test(trimmed)) {
+        return null;
+    }
+    return Number(trimmed);
+}
+//# sourceMappingURL=header-utils.js.map

package/dist/header-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"header-utils.js","sourceRoot":"","sources":["../src/header-utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,gCAAgC,CAAC;AAE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,sCAAsC,CAAC;AAEnE;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,MAAiC;IAC3D,OAAO,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;AACrC,CAAC;AAED;;;;;;;;;GASG;AACH,2DAA2D;AAC3D,MAAM,UAAU,gBAAgB,CAAC,KAAa,EAAE,SAAiB;IAC7D,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACvB,IAAI,OAAO,EAAE,CAAC;YACV,OAAO,IAAI,IAAI,CAAC;YAChB,OAAO,GAAG,KAAK,CAAC;YAChB,SAAS;QACb,CAAC;QAED,IAAI,IAAI,KAAK,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC5B,OAAO,IAAI,IAAI,CAAC;YAChB,OAAO,GAAG,IAAI,CAAC;YACf,SAAS;QACb,CAAC;QAED,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACf,QAAQ,GAAG,CAAC,QAAQ,CAAC;YACrB,OAAO,IAAI,IAAI,CAAC;YAChB,SAAS;QACb,CAAC;QAED,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACpB,OAAO,GAAG,EAAE,CAAC;YACb,SAAS;QACb,CAAC;QAED,OAAO,IAAI,IAAI,CAAC;IACpB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpB,OAAO,KAAK,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa;IACxC,OAAO,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AACrE,CAAC;AAED;;;;;;;;GAQG;AACH,6CAA6C;AAC7C,MAAM,UAAU,OAAO,CAAC,KAAa;IACjC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3E,OAAO,OAAO,CAAC;IACnB,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC,GAAG,CAAC,CAAC;IAEV,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;QACtB,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,CAAC,IAAI,CAAC,CAAC;QACX,CAAC;aAAM,CAAC;YACJ,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;YACnB,CAAC,EAAE,CAAC;QACR,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC;AAClB,CAAC;AAED;;;;;;GAMG;AACH,6DAA6D;AAC7D,MAAM,UAAU,aAAa,CAAC,KAAa;IACvC,IAAI,KAAK,KAAK,EAAE,EAAE,CAAC;QACf,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACjB,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAClE,OAAO,IAAI,OAAO,GAAG,CAAC;AAC1B,CAAC;AAED;;;;;;GAMG;AACH,oCAAoC;AACpC,MAAM,UAAU,WAAW,CAAC,KAAa;IACrC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC;AAC3B,CAAC"}

package/dist/headers.d.ts

@@ -0,0 +1,71 @@
+/**
+ * Misc header utilities per RFC 9110, RFC 8594.
+ * RFC 9110 §10.2.3, §12.5.5.
+ * RFC 8594 §3 (Sunset header).
+ * @see https://www.rfc-editor.org/rfc/rfc8594.html#section-3
+ */
+import type { RetryAfterValue } from './types.js';
+/**
+ * Parse Retry-After header value.
+ */
+export declare function parseRetryAfter(value: string): RetryAfterValue | null;
+/**
+ * Format Retry-After header value.
+ */
+export declare function formatRetryAfter(value: Date | number): string;
+/**
+ * Merge Vary header values, preserving order and handling '*'.
+ */
+export declare function mergeVary(existing: string | null, add: string | string[]): string;
+/**
+ * Parse Sunset header value.
+ *
+ * The Sunset header indicates when a resource is expected to become
+ * unresponsive. Returns null for invalid or missing values.
+ *
+ * Per RFC 8594 Section 3, timestamps in the past mean the resource
+ * is expected to become unavailable at any time.
+ *
+ * @example
+ * ```ts
+ * const sunset = parseSunset('Wed, 11 Nov 2026 11:11:11 GMT');
+ * if (sunset && sunset < new Date()) {
+ *     console.warn('Resource sunset has passed');
+ * }
+ * ```
+ */
+export declare function parseSunset(value: string): Date | null;
+/**
+ * Format a Date as a Sunset header value.
+ *
+ * Uses IMF-fixdate format per RFC 9110 Section 5.6.7.
+ *
+ * @example
+ * ```ts
+ * const header = formatSunset(new Date('2026-12-31T23:59:59Z'));
+ * // "Thu, 31 Dec 2026 23:59:59 GMT"
+ * ```
+ */
+export declare function formatSunset(date: Date): string;
+/**
+ * Check if a sunset date is imminent (approaching or past).
+ *
+ * Per RFC 8594 Section 3, timestamps in the past mean the resource
+ * is expected to become unavailable at any time. This helper checks
+ * if the sunset is within a given threshold of the current time.
+ *
+ * @param sunset - Parsed sunset date (null if no Sunset header)
+ * @param thresholdMs - Threshold in milliseconds (default: 0, meaning only past dates)
+ * @returns true if sunset is null-safe past or within threshold
+ *
+ * @example
+ * ```ts
+ * const sunset = parseSunset(response.headers.get('Sunset') ?? '');
+ * // Check if sunset is within 7 days
+ * if (isSunsetImminent(sunset, 7 * 24 * 60 * 60 * 1000)) {
+ *     console.warn('Resource will sunset within 7 days');
+ * }
+ * ```
+ */
+export declare function isSunsetImminent(sunset: Date | null, thresholdMs?: number): boolean;
+//# sourceMappingURL=headers.d.ts.map

package/dist/headers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"headers.d.ts","sourceRoot":"","sources":["../src/headers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAGlD;;GAEG;AAEH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI,CAiBrE;AAED;;GAEG;AAEH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,IAAI,GAAG,MAAM,GAAG,MAAM,CAO7D;AAED;;GAEG;AAEH,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,MAAM,CA8BjF;AAED;;;;;;;;;;;;;;;;GAgBG;AAEH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI,CAMtD;AAED;;;;;;;;;;GAUG;AAEH,wBAAgB,YAAY,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,CAE/C;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,IAAI,GAAG,IAAI,EAAE,WAAW,GAAE,MAAU,GAAG,OAAO,CAMtF"}

package/dist/headers.js

@@ -0,0 +1,134 @@
+/**
+ * Misc header utilities per RFC 9110, RFC 8594.
+ * RFC 9110 §10.2.3, §12.5.5.
+ * RFC 8594 §3 (Sunset header).
+ * @see https://www.rfc-editor.org/rfc/rfc8594.html#section-3
+ */
+import { parseHTTPDate, formatHTTPDate } from './datetime.js';
+/**
+ * Parse Retry-After header value.
+ */
+// RFC 9110 §10.2.3: Retry-After parsing.
+export function parseRetryAfter(value) {
+    if (!value || !value.trim()) {
+        return null;
+    }
+    const trimmed = value.trim();
+    if (/^\d+$/.test(trimmed)) {
+        const seconds = parseInt(trimmed, 10);
+        return { delaySeconds: Math.max(0, seconds) };
+    }
+    const date = parseHTTPDate(trimmed);
+    if (date) {
+        return { date };
+    }
+    return null;
+}
+/**
+ * Format Retry-After header value.
+ */
+// RFC 9110 §10.2.3: Retry-After formatting.
+export function formatRetryAfter(value) {
+    if (typeof value === 'number') {
+        const seconds = Math.max(0, Math.floor(value));
+        return String(seconds);
+    }
+    return formatHTTPDate(value);
+}
+/**
+ * Merge Vary header values, preserving order and handling '*'.
+ */
+// RFC 9110 §12.5.5: Vary field-value combination.
+export function mergeVary(existing, add) {
+    const existingValues = existing ? existing.split(',').map(v => v.trim()).filter(Boolean) : [];
+    const addValues = Array.isArray(add)
+        ? add
+        : add.split(',').map(v => v.trim()).filter(Boolean);
+    if (existingValues.includes('*') || addValues.includes('*')) {
+        return '*';
+    }
+    const seen = new Set();
+    const combined = [];
+    for (const value of existingValues) {
+        const key = value.toLowerCase();
+        if (!seen.has(key)) {
+            seen.add(key);
+            combined.push(value);
+        }
+    }
+    for (const value of addValues) {
+        const key = value.toLowerCase();
+        if (!seen.has(key)) {
+            seen.add(key);
+            combined.push(value);
+        }
+    }
+    return combined.join(', ');
+}
+/**
+ * Parse Sunset header value.
+ *
+ * The Sunset header indicates when a resource is expected to become
+ * unresponsive. Returns null for invalid or missing values.
+ *
+ * Per RFC 8594 Section 3, timestamps in the past mean the resource
+ * is expected to become unavailable at any time.
+ *
+ * @example
+ * ```ts
+ * const sunset = parseSunset('Wed, 11 Nov 2026 11:11:11 GMT');
+ * if (sunset && sunset < new Date()) {
+ *     console.warn('Resource sunset has passed');
+ * }
+ * ```
+ */
+// RFC 8594 §3: Sunset = HTTP-date.
+export function parseSunset(value) {
+    if (!value || !value.trim()) {
+        return null;
+    }
+    return parseHTTPDate(value.trim());
+}
+/**
+ * Format a Date as a Sunset header value.
+ *
+ * Uses IMF-fixdate format per RFC 9110 Section 5.6.7.
+ *
+ * @example
+ * ```ts
+ * const header = formatSunset(new Date('2026-12-31T23:59:59Z'));
+ * // "Thu, 31 Dec 2026 23:59:59 GMT"
+ * ```
+ */
+// RFC 8594 §3: Sunset header uses HTTP-date format.
+export function formatSunset(date) {
+    return formatHTTPDate(date);
+}
+/**
+ * Check if a sunset date is imminent (approaching or past).
+ *
+ * Per RFC 8594 Section 3, timestamps in the past mean the resource
+ * is expected to become unavailable at any time. This helper checks
+ * if the sunset is within a given threshold of the current time.
+ *
+ * @param sunset - Parsed sunset date (null if no Sunset header)
+ * @param thresholdMs - Threshold in milliseconds (default: 0, meaning only past dates)
+ * @returns true if sunset is null-safe past or within threshold
+ *
+ * @example
+ * ```ts
+ * const sunset = parseSunset(response.headers.get('Sunset') ?? '');
+ * // Check if sunset is within 7 days
+ * if (isSunsetImminent(sunset, 7 * 24 * 60 * 60 * 1000)) {
+ *     console.warn('Resource will sunset within 7 days');
+ * }
+ * ```
+ */
+// RFC 8594 §3: Past timestamps mean "now"; helper for threshold checks.
+export function isSunsetImminent(sunset, thresholdMs = 0) {
+    if (!sunset) {
+        return false;
+    }
+    return sunset.getTime() <= Date.now() + thresholdMs;
+}
+//# sourceMappingURL=headers.js.map

package/dist/headers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"headers.js","sourceRoot":"","sources":["../src/headers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE9D;;GAEG;AACH,yCAAyC;AACzC,MAAM,UAAU,eAAe,CAAC,KAAa;IACzC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACtC,OAAO,EAAE,YAAY,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,CAAC;IAClD,CAAC;IAED,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IACpC,IAAI,IAAI,EAAE,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,CAAC;IACpB,CAAC;IAED,OAAO,IAAI,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,4CAA4C;AAC5C,MAAM,UAAU,gBAAgB,CAAC,KAAoB;IACjD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;QAC/C,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAED,OAAO,cAAc,CAAC,KAAK,CAAC,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,kDAAkD;AAClD,MAAM,UAAU,SAAS,CAAC,QAAuB,EAAE,GAAsB;IACrE,MAAM,cAAc,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC9F,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAChC,CAAC,CAAC,GAAG;QACL,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAExD,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1D,OAAO,GAAG,CAAC;IACf,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;QACjC,MAAM,GAAG,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;QAChC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACjB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACL,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;QAChC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACjB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC/B,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,mCAAmC;AACnC,MAAM,UAAU,WAAW,CAAC,KAAa;IACrC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,OAAO,aAAa,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;AACvC,CAAC;AAED;;;;;;;;;;GAUG;AACH,oDAAoD;AACpD,MAAM,UAAU,YAAY,CAAC,IAAU;IACnC,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wEAAwE;AACxE,MAAM,UAAU,gBAAgB,CAAC,MAAmB,EAAE,cAAsB,CAAC;IACzE,IAAI,CAAC,MAAM,EAAE,CAAC;QACV,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;AACxD,CAAC"}

package/dist/hsts.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Strict-Transport-Security utilities per RFC 6797.
+ * RFC 6797 §6.1, §6.1.1, §6.1.2, §8.1.
+ * @see https://www.rfc-editor.org/rfc/rfc6797.html#section-6.1
+ */
+import type { StrictTransportSecurityOptions } from './types.js';
+/**
+ * Parse Strict-Transport-Security header value.
+ */
+export declare function parseStrictTransportSecurity(header: string): StrictTransportSecurityOptions | null;
+/**
+ * Format Strict-Transport-Security header value.
+ */
+export declare function formatStrictTransportSecurity(options: StrictTransportSecurityOptions): string;
+//# sourceMappingURL=hsts.d.ts.map

package/dist/hsts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hsts.d.ts","sourceRoot":"","sources":["../src/hsts.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,8BAA8B,EAAE,MAAM,YAAY,CAAC;AAgCjE;;GAEG;AAEH,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,MAAM,GAAG,8BAA8B,GAAG,IAAI,CAiElG;AAED;;GAEG;AAEH,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,8BAA8B,GAAG,MAAM,CAO7F"}

package/dist/hsts.js

@@ -0,0 +1,106 @@
+/**
+ * Strict-Transport-Security utilities per RFC 6797.
+ * RFC 6797 §6.1, §6.1.1, §6.1.2, §8.1.
+ * @see https://www.rfc-editor.org/rfc/rfc6797.html#section-6.1
+ */
+import { TOKEN_CHARS, isEmptyHeader, splitQuotedValue, unquote } from './header-utils.js';
+/**
+ * Unquote strictly - returns null if not a valid quoted string.
+ * Used for HSTS directive values where unquoted values are expected.
+ */
+function unquoteStrict(value) {
+    const trimmed = value.trim();
+    if (!trimmed.startsWith('"') || !trimmed.endsWith('"') || trimmed.length < 2) {
+        return null;
+    }
+    return unquote(trimmed);
+}
+function parseDirectiveValue(value) {
+    const trimmed = value.trim();
+    if (!trimmed) {
+        return null;
+    }
+    if (trimmed.startsWith('"')) {
+        return unquoteStrict(trimmed);
+    }
+    if (!TOKEN_CHARS.test(trimmed)) {
+        return null;
+    }
+    return trimmed;
+}
+/**
+ * Parse Strict-Transport-Security header value.
+ */
+// RFC 6797 §6.1, §6.1.1, §6.1.2, §8.1: STS parsing and invalid header handling.
+export function parseStrictTransportSecurity(header) {
+    if (isEmptyHeader(header)) {
+        return null;
+    }
+    const directives = splitQuotedValue(header, ';');
+    const seen = new Set();
+    let maxAge = null;
+    let includeSubDomains = false;
+    for (const directive of directives) {
+        const trimmed = directive.trim();
+        if (!trimmed) {
+            continue;
+        }
+        const eqIndex = trimmed.indexOf('=');
+        const name = (eqIndex === -1 ? trimmed : trimmed.slice(0, eqIndex)).trim();
+        if (!name || !TOKEN_CHARS.test(name)) {
+            return null;
+        }
+        const lowerName = name.toLowerCase();
+        if (seen.has(lowerName)) {
+            return null;
+        }
+        seen.add(lowerName);
+        if (eqIndex === -1) {
+            if (lowerName === 'includesubdomains') {
+                includeSubDomains = true;
+            }
+            else if (lowerName === 'max-age') {
+                return null;
+            }
+            continue;
+        }
+        const rawValue = trimmed.slice(eqIndex + 1).trim();
+        const value = parseDirectiveValue(rawValue);
+        if (value === null) {
+            return null;
+        }
+        if (lowerName === 'max-age') {
+            if (!/^\d+$/.test(value)) {
+                return null;
+            }
+            const parsed = Number(value);
+            if (!Number.isFinite(parsed)) {
+                return null;
+            }
+            maxAge = parsed;
+        }
+        else if (lowerName === 'includesubdomains') {
+            return null;
+        }
+    }
+    if (maxAge === null) {
+        return null;
+    }
+    return {
+        maxAge,
+        includeSubDomains: includeSubDomains ? true : undefined,
+    };
+}
+/**
+ * Format Strict-Transport-Security header value.
+ */
+// RFC 6797 §6.1: STS field-value formatting.
+export function formatStrictTransportSecurity(options) {
+    const maxAge = Math.max(0, Math.floor(options.maxAge));
+    const parts = [`max-age=${maxAge}`];
+    if (options.includeSubDomains) {
+        parts.push('includeSubDomains');
+    }
+    return parts.join('; ');
+}
+//# sourceMappingURL=hsts.js.map

package/dist/hsts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hsts.js","sourceRoot":"","sources":["../src/hsts.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAE1F;;;GAGG;AACH,SAAS,aAAa,CAAC,KAAa;IAChC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3E,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,OAAO,OAAO,CAAC,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAa;IACtC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;QACX,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,aAAa,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,OAAO,OAAO,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,gFAAgF;AAChF,MAAM,UAAU,4BAA4B,CAAC,MAAc;IACvD,IAAI,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,MAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACjD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,IAAI,MAAM,GAAkB,IAAI,CAAC;IACjC,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAE9B,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;QACjC,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,SAAS;QACb,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,IAAI,GAAG,CAAC,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3E,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACrC,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAEpB,IAAI,OAAO,KAAK,CAAC,CAAC,EAAE,CAAC;YACjB,IAAI,SAAS,KAAK,mBAAmB,EAAE,CAAC;gBACpC,iBAAiB,GAAG,IAAI,CAAC;YAC7B,CAAC;iBAAM,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBACjC,OAAO,IAAI,CAAC;YAChB,CAAC;YACD,SAAS;QACb,CAAC;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACnD,MAAM,KAAK,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC;YAChB,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC3B,OAAO,IAAI,CAAC;YAChB,CAAC;YACD,MAAM,GAAG,MAAM,CAAC;QACpB,CAAC;aAAM,IAAI,SAAS,KAAK,mBAAmB,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAED,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,OAAO;QACH,MAAM;QACN,iBAAiB,EAAE,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;KAC1D,CAAC;AACN,CAAC;AAED;;GAEG;AACH,6CAA6C;AAC7C,MAAM,UAAU,6BAA6B,CAAC,OAAuC;IACjF,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,CAAC,WAAW,MAAM,EAAE,CAAC,CAAC;IACpC,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC"}