@johntalton/http-util 1.0.1 → 2.0.2

package/package.json

@@ -1,16 +1,18 @@
 {
   "name": "@johntalton/http-util",
-  "version": "1.0.1",
+  "version": "2.0.2",
   "license": "MIT",
   "type": "module",
   "exports": {
     ".": "./src/index.js",
     "./headers": "./src/index.js",
     "./body": "./src/body.js",
-    "./response": "./src/handle-stream-util.js"
+    "./response": "./src/response/index.js",
+    "./response/object": "./src/response/response.js"
   },
   "files": [
-    "src/*.js"
+    "src/*.js",
+    "src/response/*.js"
   ],
   "repository": {
     "url": "https://github.com/johntalton/http-util"

package/src/content-type.js

@@ -6,6 +6,7 @@ export const MIME_TYPE_XML = 'application/xml'
 export const MIME_TYPE_URL_FORM_DATA = 'application/x-www-form-urlencoded'
 export const MIME_TYPE_MULTIPART_FORM_DATA = 'multipart/form-data'
 export const MIME_TYPE_OCTET_STREAM = 'application/octet-stream'
+export const MIME_TYPE_MESSAGE_HTTP = 'message/http'
 
 export const KNOWN_CONTENT_TYPES = [
 	'application', 'audio', 'image', 'message',

package/src/response/accepted.js

@@ -0,0 +1,34 @@
+import http2 from 'node:http2'
+import {
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	HTTP_HEADER_SERVER_TIMING,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+  HTTP_STATUS_ACCEPTED
+} = http2.constants
+
+const {
+  HTTP2_HEADER_STATUS,
+  HTTP2_HEADER_SERVER,
+  HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Metadata} meta
+ */
+export function sendAccepted(stream, meta) {
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_ACCEPTED,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance)
+	})
+	stream.end()
+}

package/src/response/created.js

@@ -0,0 +1,37 @@
+import http2 from 'node:http2'
+import {
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	HTTP_HEADER_SERVER_TIMING,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP_STATUS_CREATED
+} = http2.constants
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_SERVER,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_LOCATION
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {URL} location
+ * @param {Metadata} meta
+ */
+export function sendCreated(stream, location, meta) {
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_CREATED,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP2_HEADER_LOCATION]: location.href,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance),
+	})
+	stream.end()
+}

package/src/response/defs.js

@@ -0,0 +1,34 @@
+
+export const HTTP_HEADER_ORIGIN = 'origin'
+export const HTTP_HEADER_USER_AGENT = 'user-agent'
+export const HTTP_HEADER_FORWARDED = 'forwarded'
+export const HTTP_HEADER_SEC_CH_UA = 'sec-ch-ua'
+export const HTTP_HEADER_SEC_CH_PLATFORM = 'sec-ch-ua-platform'
+export const HTTP_HEADER_SEC_CH_MOBILE = 'sec-ch-ua-mobile'
+export const HTTP_HEADER_SEC_FETCH_SITE = 'sec-fetch-site'
+export const HTTP_HEADER_SEC_FETCH_MODE = 'sec-fetch-mode'
+export const HTTP_HEADER_SEC_FETCH_DEST = 'sec-fetch-dest'
+export const HTTP_HEADER_ACCEPT_POST = 'accept-post'
+
+export const DEFAULT_METHODS = [ 'HEAD', 'GET', 'POST', 'PATCH', 'DELETE' ]
+
+export const HTTP2_HEADER_ACCESS_CONTROL_MAX_AGE = 'access-control-max-age'
+export const PREFLIGHT_AGE_SECONDS = '500'
+
+
+/** @import { TimingsInfo } from '../server-timing.js' */
+
+/**
+ * @typedef {Object} Metadata
+ * @property {Array<TimingsInfo>} performance
+ * @property {string|undefined} servername
+ * @property {string|undefined} origin
+ * @property {string|undefined} [etag]
+ */
+
+/**
+ * @typedef {Object} SSEOptions
+ * @property {boolean} [active]
+ * @property {boolean} [bom]
+ */
+

package/src/response/error.js

@@ -0,0 +1,48 @@
+import http2 from 'node:http2'
+
+import {
+	CONTENT_TYPE_TEXT
+} from '../content-type.js'
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_CONTENT_TYPE,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_SERVER
+} = http2.constants
+
+const {
+	HTTP_STATUS_INTERNAL_SERVER_ERROR
+} = http2.constants
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {string} message
+ * @param {Metadata} meta
+ */
+export function sendError(stream, message, meta) {
+	console.error('500', message)
+
+	if(stream === undefined) { return }
+	if(stream.closed) { return }
+
+	if(!stream.headersSent) {
+		stream.respond({
+			[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+			[HTTP2_HEADER_STATUS]: HTTP_STATUS_INTERNAL_SERVER_ERROR,
+			[HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_TEXT,
+			[HTTP2_HEADER_SERVER]: meta.servername
+		})
+	}
+
+	// protect against HEAD calls
+	if(stream.writable) {
+		if(message !== undefined) { stream.write(message) }
+	}
+
+	stream.end()
+	if(!stream.closed) { stream.close() }
+}

package/src/response/index.js

@@ -0,0 +1,16 @@
+export * from './defs.js'
+
+export * from './accepted.js'
+export * from './created.js'
+export * from './error.js'
+export * from './json.js'
+export * from './not-acceptable.js'
+export * from './not-allowed.js'
+export * from './not-found.js'
+export * from './not-modified.js'
+export * from './preflight.js'
+export * from './sse.js'
+export * from './too-many-requests.js'
+export * from './trace.js'
+export * from './unauthorized.js'
+export * from './unsupported-media.js'

package/src/response/json.js

@@ -0,0 +1,78 @@
+import http2 from 'node:http2'
+import { brotliCompressSync, deflateSync, gzipSync, zstdCompressSync } from 'node:zlib'
+import { ServerTiming, HTTP_HEADER_SERVER_TIMING, HTTP_HEADER_TIMING_ALLOW_ORIGIN } from '../server-timing.js'
+import {
+	CHARSET_UTF8,
+	CONTENT_TYPE_JSON
+} from '../content-type.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+/** @typedef { (data: string, charset: BufferEncoding) => Buffer } EncoderFun */
+
+const {
+  HTTP2_HEADER_STATUS,
+  HTTP2_HEADER_CONTENT_TYPE,
+  HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+  HTTP2_HEADER_SERVER,
+  HTTP2_HEADER_CONTENT_ENCODING,
+  HTTP2_HEADER_VARY,
+  HTTP2_HEADER_CACHE_CONTROL,
+  HTTP2_HEADER_ETAG
+} = http2.constants
+
+const {
+  HTTP_STATUS_OK
+} = http2.constants
+
+/** @type {Map<string, EncoderFun>} */
+export const ENCODER_MAP = new Map([
+	[ 'br', (data, charset) => brotliCompressSync(Buffer.from(data, charset)) ],
+	[ 'gzip', (data, charset) => gzipSync(Buffer.from(data, charset)) ],
+	[ 'deflate', (data, charset) => deflateSync(Buffer.from(data, charset)) ],
+	[ 'zstd', (data, charset) => zstdCompressSync(Buffer.from(data, charset)) ]
+])
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Object} obj
+ * @param {string|undefined} encoding
+ * @param {Metadata} meta
+ */
+export function sendJSON_Encoded(stream, obj, encoding, meta) {
+	if(stream.closed) { return }
+
+	const json = JSON.stringify(obj)
+
+	const useIdentity = encoding === 'identity'
+	const encoder = encoding !== undefined ? ENCODER_MAP.get(encoding) : undefined
+	const hasEncoder = encoder !== undefined
+	const actualEncoding = hasEncoder ? encoding : undefined
+
+	const encodeStart = performance.now()
+	const encodedData = hasEncoder && !useIdentity ? encoder(json, CHARSET_UTF8) : json
+	const encodeEnd = performance.now()
+
+	meta.performance.push(
+		{ name: 'encode', duration: encodeEnd - encodeStart }
+	)
+
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_JSON,
+		[HTTP2_HEADER_CONTENT_ENCODING]: actualEncoding,
+		[HTTP2_HEADER_VARY]: 'Accept, Accept-Encoding',
+		[HTTP2_HEADER_CACHE_CONTROL]: 'private',
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_OK,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance),
+		[HTTP2_HEADER_ETAG]: `"${meta.etag}"`
+		// [HTTP2_HEADER_AGE]: age
+	})
+
+	// stream.write(encodedData)
+	stream.end(encodedData)
+}
+

package/src/response/not-acceptable.js

@@ -0,0 +1,46 @@
+import http2 from 'node:http2'
+import { MIME_TYPE_JSON } from '../content-type.js'
+import {
+	HTTP_HEADER_SERVER_TIMING,
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP_STATUS_NOT_ACCEPTABLE
+} = http2.constants
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_SERVER,
+	HTTP2_HEADER_CONTENT_TYPE,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Array<string>|string} supportedTypes
+ * @param {Metadata} meta
+ */
+export function sendNotAcceptable(stream, supportedTypes, meta) {
+	const supportedTypesList = Array.isArray(supportedTypes) ? supportedTypes : [ supportedTypes ]
+	const has = supportedTypesList.length !== 0
+
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_NOT_ACCEPTABLE,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP2_HEADER_CONTENT_TYPE]: has ? MIME_TYPE_JSON : undefined,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance),
+	})
+
+	if(has) {
+		stream.write(JSON.stringify(supportedTypes))
+	}
+
+	stream.end()
+}

package/src/response/not-allowed.js

@@ -0,0 +1,28 @@
+import http2 from 'node:http2'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_SERVER,
+	HTTP2_HEADER_ALLOW
+} = http2.constants
+
+const {
+	HTTP_STATUS_METHOD_NOT_ALLOWED
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Array<string>} methods
+ * @param {Metadata} meta
+ */
+export function sendNotAllowed(stream, methods, meta) {
+	stream.respond({
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_METHOD_NOT_ALLOWED,
+		[HTTP2_HEADER_ALLOW]: methods.join(','),
+		[HTTP2_HEADER_SERVER]: meta.servername
+	})
+	stream.end()
+}

package/src/response/not-found.js

@@ -0,0 +1,36 @@
+import http2 from 'node:http2'
+import {
+	CONTENT_TYPE_TEXT
+} from '../content-type.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_CONTENT_TYPE,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_SERVER
+} = http2.constants
+
+const {
+	HTTP_STATUS_NOT_FOUND
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {string} message
+ * @param {Metadata} meta
+ */
+export function sendNotFound(stream, message, meta) {
+	console.log('404', message)
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_NOT_FOUND,
+		[HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_TEXT,
+		[HTTP2_HEADER_SERVER]: meta.servername
+	})
+
+	if(message !== undefined) { stream.write(message) }
+	stream.end()
+}

package/src/response/not-modified.js

@@ -0,0 +1,43 @@
+import http2 from 'node:http2'
+import {
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	HTTP_HEADER_SERVER_TIMING,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP_STATUS_NOT_MODIFIED
+} = http2.constants
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_SERVER,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_AGE,
+	HTTP2_HEADER_ETAG,
+	HTTP2_HEADER_VARY,
+	HTTP2_HEADER_CACHE_CONTROL
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {number} age
+ * @param {Metadata} meta
+ */
+export function sendNotModified(stream, age, meta) {
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_NOT_MODIFIED,
+		[HTTP2_HEADER_VARY]: 'Accept, Accept-Encoding',
+		[HTTP2_HEADER_CACHE_CONTROL]: 'private',
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance),
+		[HTTP2_HEADER_ETAG]: `"${meta.etag}"`,
+		[HTTP2_HEADER_AGE]: age
+	})
+	stream.end()
+}

package/src/response/preflight.js

@@ -0,0 +1,38 @@
+import http2 from 'node:http2'
+import {
+	HTTP2_HEADER_ACCESS_CONTROL_MAX_AGE,
+	PREFLIGHT_AGE_SECONDS
+} from './defs.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_CONTENT_TYPE,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_METHODS,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_HEADERS,
+	HTTP2_HEADER_SERVER
+} = http2.constants
+
+const {
+	HTTP_STATUS_OK
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Array<string>} methods
+ * @param {Metadata} meta
+ */
+export function sendPreflight(stream, methods, meta) {
+	stream.respond({
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_OK,
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_METHODS]: methods.join(','),
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_HEADERS]: ['Authorization', HTTP2_HEADER_CONTENT_TYPE].join(','),
+		[HTTP2_HEADER_ACCESS_CONTROL_MAX_AGE]: PREFLIGHT_AGE_SECONDS,
+		[HTTP2_HEADER_SERVER]: meta.servername
+	})
+	stream.end()
+}

package/src/response/response.js

@@ -0,0 +1,31 @@
+import { sendAccepted } from './accepted.js'
+import { sendCreated } from './created.js'
+import { sendError } from './error.js'
+import { sendJSON_Encoded } from './json.js'
+import { sendNotAcceptable } from './not-acceptable.js'
+import { sendNotAllowed } from './not-allowed.js'
+import { sendNotFound } from './not-found.js'
+import { sendNotModified } from './not-modified.js'
+import { sendPreflight } from './preflight.js'
+import { sendSSE } from './sse.js'
+import { sendTooManyRequests } from './too-many-requests.js'
+import { sendTrace } from './trace.js'
+import { sendUnauthorized } from './unauthorized.js'
+import { sendUnsupportedMediaType } from './unsupported-media.js'
+
+export const Response = {
+	accepted: sendAccepted,
+	created: sendCreated,
+	error: sendError,
+	json: sendJSON_Encoded,
+	notAcceptable: sendNotAcceptable,
+	notAllowed: sendNotAllowed,
+	notFound: sendNotFound,
+	notModified: sendNotModified,
+	preflight: sendPreflight,
+	sse: sendSSE,
+	tooManyRequests: sendTooManyRequests,
+	trace: sendTrace,
+	unauthorized: sendUnauthorized,
+	unsupportedMediaType: sendUnsupportedMediaType
+}

package/src/response/sse.js

@@ -0,0 +1,57 @@
+import http2 from 'node:http2'
+import {
+	SSE_MIME,
+	SSE_INACTIVE_STATUS_CODE,
+	SSE_BOM,
+	ENDING,
+} from '@johntalton/sse-util'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata, SSEOptions } from './defs.js' */
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_CONTENT_TYPE,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_SERVER
+} = http2.constants
+
+const {
+	HTTP_STATUS_OK,
+	HTTP_STATUS_NO_CONTENT
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {SSEOptions & Metadata} meta
+ */
+export function sendSSE(stream, meta) {
+	// stream.setTimeout(0)
+	// stream.session?.setTimeout(0)
+	// stream.session?.socket.setTimeout(0)
+	// stream.session.socket.setNoDelay(true)
+	// stream.session.socket.setKeepAlive(true)
+
+	// stream.on('close', () => console.log('SSE stream closed'))
+	// stream.on('aborted', () => console.log('SSE stream aborted'))
+
+	const activeStream = meta.active ?? true
+	const sendBOM = meta.bom ?? true
+
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_CONTENT_TYPE]: SSE_MIME,
+		[HTTP2_HEADER_STATUS]: activeStream ? HTTP_STATUS_OK : HTTP_STATUS_NO_CONTENT, // SSE_INACTIVE_STATUS_CODE
+		// [HTTP2_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS]: 'true'
+		[HTTP2_HEADER_SERVER]: meta.servername
+	 })
+
+	 if(!activeStream) {
+		stream.end()
+		return
+	 }
+
+	if(sendBOM) {
+		stream.write(SSE_BOM + ENDING.CRLF)
+	}
+}

package/src/response/too-many-requests.js

@@ -0,0 +1,43 @@
+import http2 from 'node:http2'
+import {
+	HTTP_HEADER_RATE_LIMIT,
+	HTTP_HEADER_RATE_LIMIT_POLICY,
+	RateLimit,
+	RateLimitPolicy
+} from '../rate-limit.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_SERVER,
+	HTTP2_HEADER_RETRY_AFTER
+} = http2.constants
+
+const {
+	HTTP_STATUS_TOO_MANY_REQUESTS
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {*} limitInfo
+ * @param {Array<any>} policies
+ * @param {Metadata} meta
+ */
+export function sendTooManyRequests(stream, limitInfo, policies, meta) {
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_TOO_MANY_REQUESTS,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+
+		[HTTP2_HEADER_RETRY_AFTER]: limitInfo.retryAfterS,
+		[HTTP_HEADER_RATE_LIMIT]: RateLimit.from(limitInfo),
+		[HTTP_HEADER_RATE_LIMIT_POLICY]: RateLimitPolicy.from(...policies)
+	})
+
+	stream.write(`Retry After ${limitInfo.retryAfterS} Seconds`)
+	stream.end()
+}
+

package/src/response/trace.js

@@ -0,0 +1,63 @@
+import http2 from 'node:http2'
+import {
+	MIME_TYPE_MESSAGE_HTTP
+} from '../content-type.js'
+import {
+	HTTP_HEADER_SERVER_TIMING,
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { IncomingHttpHeaders } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_CONTENT_TYPE,
+	HTTP2_HEADER_SERVER
+} = http2.constants
+
+const {
+	HTTP_STATUS_OK
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {string} method
+ * @param {URL} url
+ * @param {IncomingHttpHeaders} headers
+ * @param {Metadata} meta
+ */
+export function sendTrace(stream, method, url, headers, meta) {
+	const FILTER_KEYS = [ 'authorization', 'cookie' ]
+	const HTTP_VERSION = new Map([
+		[ 'h2', 'HTTP/2' ],
+		[ 'h2c', 'HTTP/2'],
+		[ 'http/1.1', 'HTTP/1.1']
+	])
+
+	const version = HTTP_VERSION.get(stream.session?.alpnProtocol ?? 'h2')
+
+	stream.respond({
+		[HTTP2_HEADER_CONTENT_TYPE]: MIME_TYPE_MESSAGE_HTTP,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_OK,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance),
+	})
+
+	const reconstructed = [
+		`${method} ${url.pathname}${url.search} ${version}`,
+		Object.entries(headers)
+			.filter(([ key ]) => !key.startsWith(':'))
+			.filter(([ key ]) => !FILTER_KEYS.includes(key))
+			.map(([ key, value ]) => `${key}: ${value}`)
+			.join('\n'),
+		'\n'
+		]
+		.join('\n')
+
+	stream.end(reconstructed)
+}
+

package/src/response/unauthorized.js

@@ -0,0 +1,29 @@
+import http2 from 'node:http2'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_SERVER
+} = http2.constants
+
+const {
+	HTTP_STATUS_UNAUTHORIZED
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Metadata} meta
+ */
+export function sendUnauthorized(stream, meta) {
+	console.log('Unauthorized')
+
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_UNAUTHORIZED,
+		[HTTP2_HEADER_SERVER]: meta.servername
+	})
+	stream.end()
+}

package/src/response/unsupported-media.js

@@ -0,0 +1,40 @@
+import http2 from 'node:http2'
+import { HTTP_HEADER_ACCEPT_POST } from './defs.js'
+import {
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	HTTP_HEADER_SERVER_TIMING,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP_STATUS_UNSUPPORTED_MEDIA_TYPE
+} = http2.constants
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_SERVER,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Array<string>|string} acceptableMediaType
+ * @param {Metadata} meta
+ */
+export function sendUnsupportedMediaType(stream, acceptableMediaType, meta) {
+	const acceptable = Array.isArray(acceptableMediaType) ? acceptableMediaType : [ acceptableMediaType ]
+
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_UNSUPPORTED_MEDIA_TYPE,
+		[HTTP_HEADER_ACCEPT_POST]: acceptable.join(','),
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance),
+	})
+
+	stream.end()
+}

package/src/handle-stream-util.js

@@ -1,262 +0,0 @@
-import http2 from 'node:http2'
-import { brotliCompressSync, deflateSync, gzipSync, zstdCompressSync } from 'node:zlib'
-
-import {
-	SSE_MIME,
-	SSE_INACTIVE_STATUS_CODE,
-	SSE_BOM,
-	ENDING,
-} from '@johntalton/sse-util'
-
-import { CHARSET_UTF8, CONTENT_TYPE_JSON, CONTENT_TYPE_TEXT } from './content-type.js'
-import { ServerTiming, HTTP_HEADER_SERVER_TIMING, HTTP_HEADER_TIMING_ALLOW_ORIGIN } from './server-timing.js'
-import { HTTP_HEADER_RATE_LIMIT, HTTP_HEADER_RATE_LIMIT_POLICY, RateLimit, RateLimitPolicy } from './rate-limit.js'
-
-const {
-	HTTP2_HEADER_STATUS,
-	HTTP2_HEADER_CONTENT_TYPE,
-	HTTP2_HEADER_CONTENT_ENCODING,
-	HTTP2_HEADER_VARY,
-	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
-	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_METHODS,
-	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_HEADERS,
-	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS,
-	HTTP2_HEADER_SERVER,
-	HTTP2_HEADER_RETRY_AFTER,
-	HTTP2_HEADER_CACHE_CONTROL
-} = http2.constants
-
-const {
-	HTTP_STATUS_OK,
-	HTTP_STATUS_NOT_FOUND,
-	HTTP_STATUS_UNAUTHORIZED,
-	HTTP_STATUS_NO_CONTENT,
-	HTTP_STATUS_INTERNAL_SERVER_ERROR,
-	HTTP_STATUS_TOO_MANY_REQUESTS
-} = http2.constants
-
-export const HTTP_HEADER_ORIGIN = 'origin'
-export const HTTP_HEADER_USER_AGENT = 'user-agent'
-export const HTTP_HEADER_FORWARDED = 'forwarded'
-export const HTTP_HEADER_SEC_CH_UA = 'sec-ch-ua'
-export const HTTP_HEADER_SEC_CH_PLATFORM = 'sec-ch-ua-platform'
-export const HTTP_HEADER_SEC_CH_MOBILE = 'sec-ch-ua-mobile'
-export const HTTP_HEADER_SEC_FETCH_SITE = 'sec-fetch-site'
-export const HTTP_HEADER_SEC_FETCH_MODE = 'sec-fetch-mode'
-export const HTTP_HEADER_SEC_FETCH_DEST = 'sec-fetch-dest'
-
-export const DEFAULT_METHODS = [ 'HEAD', 'GET', 'POST', 'PATCH', 'DELETE' ]
-
-export const HTTP2_HEADER_ACCESS_CONTROL_MAX_AGE = 'access-control-max-age'
-export const PREFLIGHT_AGE_SECONDS = '500'
-
-/**
- * @import { ServerHttp2Stream } from 'node:http2'
- */
-
-/**
- * @import { TimingsInfo } from './server-timing.js'
- */
-
-/**
- * @typedef {Object} Metadata
- * @property {Array<TimingsInfo>} performance
- * @property {string|undefined} servername
- * @property {string|undefined} origin
- */
-
-/**
- * @typedef {Object} SSEOptions
- * @property {boolean} [active]
- * @property {boolean} [bom]
- */
-
-/**
- * @param {ServerHttp2Stream} stream
- * @param {string} message
- * @param {Metadata} meta
- */
-export function sendError(stream, message, meta) {
-	console.error('500', message)
-
-	if(stream === undefined) { return }
-	if(stream.closed) { return }
-
-	if(!stream.headersSent) {
-		stream.respond({
-			[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
-			[HTTP2_HEADER_STATUS]: HTTP_STATUS_INTERNAL_SERVER_ERROR,
-			[HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_TEXT,
-			[HTTP2_HEADER_SERVER]: meta.servername
-		})
-	}
-
-	// protect against HEAD calls
-	if(stream.writable) {
-		if(message !== undefined) { stream.write(message) }
-	}
-
-	stream.end()
-	if(!stream.closed) { stream.close() }
-}
-
-/**
- * @param {ServerHttp2Stream} stream
- * @param {string|undefined} allowedOrigin
- * @param {Array<string>} methods
- * @param {Metadata} meta
- */
-export function sendPreflight(stream, allowedOrigin, methods, meta) {
-	stream.respond({
-		[HTTP2_HEADER_STATUS]: HTTP_STATUS_OK,
-		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: allowedOrigin,
-		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_METHODS]: methods.join(','),
-		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_HEADERS]: ['Authorization', HTTP2_HEADER_CONTENT_TYPE].join(','),
-		[HTTP2_HEADER_ACCESS_CONTROL_MAX_AGE]: PREFLIGHT_AGE_SECONDS,
-		[HTTP2_HEADER_SERVER]: meta.servername
-	})
-	stream.end()
-}
-
-/**
- * @param {ServerHttp2Stream} stream
- * @param {Metadata} meta
- */
-export function sendUnauthorized(stream, meta) {
-	console.log('Unauthorized')
-
-	stream.respond({
-		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
-		[HTTP2_HEADER_STATUS]: HTTP_STATUS_UNAUTHORIZED,
-		[HTTP2_HEADER_SERVER]: meta.servername
-	})
-	stream.end()
-}
-
-/**
- * @param {ServerHttp2Stream} stream
- * @param {string} message
- * @param {Metadata} meta
- */
-export function sendNotFound(stream, message, meta) {
-	console.log('404', message)
-	stream.respond({
-		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
-		[HTTP2_HEADER_STATUS]: HTTP_STATUS_NOT_FOUND,
-		[HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_TEXT,
-		[HTTP2_HEADER_SERVER]: meta.servername
-	})
-
-	if(message !== undefined) { stream.write(message) }
-	stream.end()
-}
-
-/**
- * @param {ServerHttp2Stream} stream
- * @param {*} limitInfo
- * @param {Array<any>} policies
- * @param {Metadata} meta
- */
-export function sendTooManyRequests(stream, limitInfo, policies, meta) {
-	stream.respond({
-		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
-		[HTTP2_HEADER_STATUS]: HTTP_STATUS_TOO_MANY_REQUESTS,
-		[HTTP2_HEADER_SERVER]: meta.servername,
-
-		[HTTP2_HEADER_RETRY_AFTER]: limitInfo.retryAfterS,
-		[HTTP_HEADER_RATE_LIMIT]: RateLimit.from(limitInfo),
-		[HTTP_HEADER_RATE_LIMIT_POLICY]: RateLimitPolicy.from(...policies)
-	})
-
-	stream.write(`Retry After ${limitInfo.retryAfterS} Seconds`)
-	stream.end()
-}
-
-/**
- * @typedef { (data: string, charset: BufferEncoding) => Buffer } EncoderFun
- */
-
-/** @type {Map<string, EncoderFun>} */
-export const ENCODER_MAP = new Map([
-	[ 'br', (data, charset) => brotliCompressSync(Buffer.from(data, charset)) ],
-	[ 'gzip', (data, charset) => gzipSync(Buffer.from(data, charset)) ],
-	[ 'deflate', (data, charset) => deflateSync(Buffer.from(data, charset)) ],
-	[ 'zstd', (data, charset) => zstdCompressSync(Buffer.from(data, charset)) ]
-])
-
-/**
- * @param {ServerHttp2Stream} stream
- * @param {Object} obj
- * @param {string|undefined} encoding
- * @param {string|undefined} allowedOrigin
- * @param {Metadata} meta
- */
-export function sendJSON_Encoded(stream, obj, encoding, allowedOrigin, meta) {
-	if(stream.closed) { return }
-
-	const json = JSON.stringify(obj)
-
-	const useIdentity = encoding === 'identity'
-	const encoder = encoding !== undefined ? ENCODER_MAP.get(encoding) : undefined
-	const hasEncoder = encoder !== undefined
-	const actualEncoding = hasEncoder ? encoding : undefined
-
-	const encodeStart = performance.now()
-	const encodedData = hasEncoder && !useIdentity ? encoder(json, CHARSET_UTF8) : json
-	const encodeEnd = performance.now()
-
-	meta.performance.push(
-		{ name: 'encode', duration: encodeEnd - encodeStart }
-	)
-
-	stream.respond({
-		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: allowedOrigin,
-		[HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_JSON,
-		[HTTP2_HEADER_CONTENT_ENCODING]: actualEncoding,
-		[HTTP2_HEADER_VARY]: 'Accept, Accept-Encoding',
-		[HTTP2_HEADER_CACHE_CONTROL]: 'private',
-		[HTTP2_HEADER_STATUS]: HTTP_STATUS_OK,
-		[HTTP2_HEADER_SERVER]: meta.servername,
-		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: allowedOrigin,
-		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance)
-	})
-
-	// stream.write(encodedData)
-	stream.end(encodedData)
-}
-
-/**
- * @param {ServerHttp2Stream} stream
- * @param {string|undefined} allowedOrigin
- * @param {SSEOptions & Metadata} meta
- */
-export function sendSSE(stream, allowedOrigin, meta) {
-	// stream.setTimeout(0)
-	// stream.session?.setTimeout(0)
-	// stream.session?.socket.setTimeout(0)
-	// stream.session.socket.setNoDelay(true)
-	// stream.session.socket.setKeepAlive(true)
-
-	// stream.on('close', () => console.log('SSE stream closed'))
-	// stream.on('aborted', () => console.log('SSE stream aborted'))
-
-	const activeStream = meta.active ?? true
-	const sendBOM = meta.bom ?? true
-
-	stream.respond({
-		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: allowedOrigin,
-		[HTTP2_HEADER_CONTENT_TYPE]: SSE_MIME,
-		[HTTP2_HEADER_STATUS]: activeStream ? HTTP_STATUS_OK : HTTP_STATUS_NO_CONTENT, // SSE_INACTIVE_STATUS_CODE
-		// [HTTP2_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS]: 'true'
-		[HTTP2_HEADER_SERVER]: meta.servername
-	 })
-
-	 if(!activeStream) {
-		stream.end()
-		return
-	 }
-
-	if(sendBOM) {
-		stream.write(SSE_BOM + ENDING.CRLF)
-	}
-}