@johntalton/http-util 2.0.0 → 2.0.3

package/src/response/json.js

@@ -0,0 +1,78 @@
+import http2 from 'node:http2'
+import { brotliCompressSync, deflateSync, gzipSync, zstdCompressSync } from 'node:zlib'
+import { ServerTiming, HTTP_HEADER_SERVER_TIMING, HTTP_HEADER_TIMING_ALLOW_ORIGIN } from '../server-timing.js'
+import {
+	CHARSET_UTF8,
+	CONTENT_TYPE_JSON
+} from '../content-type.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+/** @typedef { (data: string, charset: BufferEncoding) => Buffer } EncoderFun */
+
+const {
+  HTTP2_HEADER_STATUS,
+  HTTP2_HEADER_CONTENT_TYPE,
+  HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+  HTTP2_HEADER_SERVER,
+  HTTP2_HEADER_CONTENT_ENCODING,
+  HTTP2_HEADER_VARY,
+  HTTP2_HEADER_CACHE_CONTROL,
+  HTTP2_HEADER_ETAG
+} = http2.constants
+
+const {
+  HTTP_STATUS_OK
+} = http2.constants
+
+/** @type {Map<string, EncoderFun>} */
+export const ENCODER_MAP = new Map([
+	[ 'br', (data, charset) => brotliCompressSync(Buffer.from(data, charset)) ],
+	[ 'gzip', (data, charset) => gzipSync(Buffer.from(data, charset)) ],
+	[ 'deflate', (data, charset) => deflateSync(Buffer.from(data, charset)) ],
+	[ 'zstd', (data, charset) => zstdCompressSync(Buffer.from(data, charset)) ]
+])
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Object} obj
+ * @param {string|undefined} encoding
+ * @param {Metadata} meta
+ */
+export function sendJSON_Encoded(stream, obj, encoding, meta) {
+	if(stream.closed) { return }
+
+	const json = JSON.stringify(obj)
+
+	const useIdentity = encoding === 'identity'
+	const encoder = encoding !== undefined ? ENCODER_MAP.get(encoding) : undefined
+	const hasEncoder = encoder !== undefined
+	const actualEncoding = hasEncoder ? encoding : undefined
+
+	const encodeStart = performance.now()
+	const encodedData = hasEncoder && !useIdentity ? encoder(json, CHARSET_UTF8) : json
+	const encodeEnd = performance.now()
+
+	meta.performance.push(
+		{ name: 'encode', duration: encodeEnd - encodeStart }
+	)
+
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_JSON,
+		[HTTP2_HEADER_CONTENT_ENCODING]: actualEncoding,
+		[HTTP2_HEADER_VARY]: 'Accept, Accept-Encoding',
+		[HTTP2_HEADER_CACHE_CONTROL]: 'private',
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_OK,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance),
+		[HTTP2_HEADER_ETAG]: `"${meta.etag}"`
+		// [HTTP2_HEADER_AGE]: age
+	})
+
+	// stream.write(encodedData)
+	stream.end(encodedData)
+}
+

package/src/response/no-content.js

@@ -0,0 +1,36 @@
+import http2 from 'node:http2'
+import {
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	HTTP_HEADER_SERVER_TIMING,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP_STATUS_NO_CONTENT
+} = http2.constants
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_SERVER,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_ETAG
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Metadata} meta
+ */
+export function sendNoContent(stream, meta) {
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_NO_CONTENT,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance),
+		[HTTP2_HEADER_ETAG]: `"${meta.etag}"`
+	})
+	stream.end()
+}

package/src/response/not-acceptable.js

@@ -0,0 +1,46 @@
+import http2 from 'node:http2'
+import { MIME_TYPE_JSON } from '../content-type.js'
+import {
+	HTTP_HEADER_SERVER_TIMING,
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP_STATUS_NOT_ACCEPTABLE
+} = http2.constants
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_SERVER,
+	HTTP2_HEADER_CONTENT_TYPE,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Array<string>|string} supportedTypes
+ * @param {Metadata} meta
+ */
+export function sendNotAcceptable(stream, supportedTypes, meta) {
+	const supportedTypesList = Array.isArray(supportedTypes) ? supportedTypes : [ supportedTypes ]
+	const has = supportedTypesList.length !== 0
+
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_NOT_ACCEPTABLE,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP2_HEADER_CONTENT_TYPE]: has ? MIME_TYPE_JSON : undefined,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance),
+	})
+
+	if(has) {
+		stream.write(JSON.stringify(supportedTypes))
+	}
+
+	stream.end()
+}

package/src/response/not-allowed.js

@@ -0,0 +1,30 @@
+import http2 from 'node:http2'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_SERVER,
+	HTTP2_HEADER_ALLOW
+} = http2.constants
+
+const {
+	HTTP_STATUS_METHOD_NOT_ALLOWED
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Array<string>} methods
+ * @param {Metadata} meta
+ */
+export function sendNotAllowed(stream, methods, meta) {
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_METHOD_NOT_ALLOWED,
+		[HTTP2_HEADER_ALLOW]: methods.join(','),
+		[HTTP2_HEADER_SERVER]: meta.servername
+	})
+	stream.end()
+}

package/src/response/not-found.js

@@ -0,0 +1,37 @@
+import http2 from 'node:http2'
+import {
+	CONTENT_TYPE_TEXT
+} from '../content-type.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_CONTENT_TYPE,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_SERVER
+} = http2.constants
+
+const {
+	HTTP_STATUS_NOT_FOUND
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {string} message
+ * @param {Metadata} meta
+ */
+export function sendNotFound(stream, message, meta) {
+	console.log('404', message)
+
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_NOT_FOUND,
+		[HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_TEXT,
+		[HTTP2_HEADER_SERVER]: meta.servername
+	})
+
+	if(message !== undefined) { stream.write(message) }
+	stream.end()
+}

package/src/response/not-modified.js

@@ -0,0 +1,43 @@
+import http2 from 'node:http2'
+import {
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	HTTP_HEADER_SERVER_TIMING,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP_STATUS_NOT_MODIFIED
+} = http2.constants
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_SERVER,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_AGE,
+	HTTP2_HEADER_ETAG,
+	HTTP2_HEADER_VARY,
+	HTTP2_HEADER_CACHE_CONTROL
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {number} age
+ * @param {Metadata} meta
+ */
+export function sendNotModified(stream, age, meta) {
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_NOT_MODIFIED,
+		[HTTP2_HEADER_VARY]: 'Accept, Accept-Encoding',
+		[HTTP2_HEADER_CACHE_CONTROL]: 'private',
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance),
+		[HTTP2_HEADER_ETAG]: `"${meta.etag}"`,
+		[HTTP2_HEADER_AGE]: age
+	})
+	stream.end()
+}

package/src/response/preflight.js

@@ -0,0 +1,38 @@
+import http2 from 'node:http2'
+import {
+	HTTP2_HEADER_ACCESS_CONTROL_MAX_AGE,
+	PREFLIGHT_AGE_SECONDS
+} from './defs.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_CONTENT_TYPE,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_METHODS,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_HEADERS,
+	HTTP2_HEADER_SERVER
+} = http2.constants
+
+const {
+	HTTP_STATUS_OK
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Array<string>} methods
+ * @param {Metadata} meta
+ */
+export function sendPreflight(stream, methods, meta) {
+	stream.respond({
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_OK,
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_METHODS]: methods.join(','),
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_HEADERS]: ['Authorization', HTTP2_HEADER_CONTENT_TYPE].join(','),
+		[HTTP2_HEADER_ACCESS_CONTROL_MAX_AGE]: PREFLIGHT_AGE_SECONDS,
+		[HTTP2_HEADER_SERVER]: meta.servername
+	})
+	stream.end()
+}

package/src/response/response.js

@@ -0,0 +1,39 @@
+import { sendAccepted } from './accepted.js'
+import { sendConflict } from './conflict.js'
+import { sendCreated } from './created.js'
+import { sendError } from './error.js'
+import { sendJSON_Encoded } from './json.js'
+import { sendNoContent } from './no-content.js'
+import { sendNotAcceptable } from './not-acceptable.js'
+import { sendNotAllowed } from './not-allowed.js'
+import { sendNotFound } from './not-found.js'
+import { sendNotModified } from './not-modified.js'
+import { sendPreflight } from './preflight.js'
+import { sendSSE } from './sse.js'
+import { sendTimeout } from './timeout.js'
+import { sendTooManyRequests } from './too-many-requests.js'
+import { sendTrace } from './trace.js'
+import { sendUnauthorized } from './unauthorized.js'
+import { sendUnsupportedMediaType } from './unsupported-media.js'
+import { sendUnprocessable } from './unprocessable.js'
+
+export const Response = {
+	accepted: sendAccepted,
+	conflict: sendConflict,
+	created: sendCreated,
+	error: sendError,
+	noContent: sendNoContent,
+	json: sendJSON_Encoded,
+	notAcceptable: sendNotAcceptable,
+	notAllowed: sendNotAllowed,
+	notFound: sendNotFound,
+	notModified: sendNotModified,
+	preflight: sendPreflight,
+	sse: sendSSE,
+	timeout: sendTimeout,
+	tooManyRequests: sendTooManyRequests,
+	trace: sendTrace,
+	unauthorized: sendUnauthorized,
+	unsupportedMediaType: sendUnsupportedMediaType,
+	unprocessable: sendUnprocessable
+}

package/src/response/sse.js

@@ -0,0 +1,57 @@
+import http2 from 'node:http2'
+import {
+	SSE_MIME,
+	SSE_INACTIVE_STATUS_CODE,
+	SSE_BOM,
+	ENDING,
+} from '@johntalton/sse-util'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata, SSEOptions } from './defs.js' */
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_CONTENT_TYPE,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_SERVER
+} = http2.constants
+
+const {
+	HTTP_STATUS_OK,
+	HTTP_STATUS_NO_CONTENT
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {SSEOptions & Metadata} meta
+ */
+export function sendSSE(stream, meta) {
+	// stream.setTimeout(0)
+	// stream.session?.setTimeout(0)
+	// stream.session?.socket.setTimeout(0)
+	// stream.session.socket.setNoDelay(true)
+	// stream.session.socket.setKeepAlive(true)
+
+	// stream.on('close', () => console.log('SSE stream closed'))
+	// stream.on('aborted', () => console.log('SSE stream aborted'))
+
+	const activeStream = meta.active ?? true
+	const sendBOM = meta.bom ?? true
+
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_CONTENT_TYPE]: SSE_MIME,
+		[HTTP2_HEADER_STATUS]: activeStream ? HTTP_STATUS_OK : HTTP_STATUS_NO_CONTENT, // SSE_INACTIVE_STATUS_CODE
+		// [HTTP2_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS]: 'true'
+		[HTTP2_HEADER_SERVER]: meta.servername
+	 })
+
+	 if(!activeStream) {
+		stream.end()
+		return
+	 }
+
+	if(sendBOM) {
+		stream.write(SSE_BOM + ENDING.CRLF)
+	}
+}

package/src/response/timeout.js

@@ -0,0 +1,41 @@
+import http2 from 'node:http2'
+import { CONTENT_TYPE_JSON } from '../content-type.js'
+import {
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	HTTP_HEADER_SERVER_TIMING,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP_STATUS_REQUEST_TIMEOUT
+} = http2.constants
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_SERVER,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_CONNECTION
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Metadata} meta
+ */
+export function sendTimeout(stream, meta) {
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_REQUEST_TIMEOUT,
+		// [HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_JSON,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance),
+		[HTTP2_HEADER_CONNECTION]: 'close'
+	})
+
+	// stream.write(JSON.stringify( ... ))
+
+	stream.end()
+}

package/src/response/too-many-requests.js

@@ -0,0 +1,47 @@
+import http2 from 'node:http2'
+import { CONTENT_TYPE_TEXT } from '../content-type.js'
+import {
+	HTTP_HEADER_RATE_LIMIT,
+	HTTP_HEADER_RATE_LIMIT_POLICY,
+	RateLimit,
+	RateLimitPolicy
+} from '../rate-limit.js'
+
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_SERVER,
+	HTTP2_HEADER_RETRY_AFTER,
+	HTTP2_HEADER_CONTENT_TYPE
+} = http2.constants
+
+const {
+	HTTP_STATUS_TOO_MANY_REQUESTS
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {*} limitInfo
+ * @param {Array<any>} policies
+ * @param {Metadata} meta
+ */
+export function sendTooManyRequests(stream, limitInfo, policies, meta) {
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_TOO_MANY_REQUESTS,
+		[HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_TEXT,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP2_HEADER_RETRY_AFTER]: limitInfo.retryAfterS,
+		[HTTP_HEADER_RATE_LIMIT]: RateLimit.from(limitInfo),
+		[HTTP_HEADER_RATE_LIMIT_POLICY]: RateLimitPolicy.from(...policies)
+	})
+
+	stream.write(`Retry After ${limitInfo.retryAfterS} Seconds`)
+
+	stream.end()
+}
+

package/src/response/trace.js

@@ -0,0 +1,63 @@
+import http2 from 'node:http2'
+import {
+	MIME_TYPE_MESSAGE_HTTP
+} from '../content-type.js'
+import {
+	HTTP_HEADER_SERVER_TIMING,
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { IncomingHttpHeaders } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_CONTENT_TYPE,
+	HTTP2_HEADER_SERVER
+} = http2.constants
+
+const {
+	HTTP_STATUS_OK
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {string} method
+ * @param {URL} url
+ * @param {IncomingHttpHeaders} headers
+ * @param {Metadata} meta
+ */
+export function sendTrace(stream, method, url, headers, meta) {
+	const FILTER_KEYS = [ 'authorization', 'cookie' ]
+	const HTTP_VERSION = new Map([
+		[ 'h2', 'HTTP/2' ],
+		[ 'h2c', 'HTTP/2'],
+		[ 'http/1.1', 'HTTP/1.1']
+	])
+
+	const version = HTTP_VERSION.get(stream.session?.alpnProtocol ?? 'h2')
+
+	stream.respond({
+		[HTTP2_HEADER_CONTENT_TYPE]: MIME_TYPE_MESSAGE_HTTP,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_OK,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance),
+	})
+
+	const reconstructed = [
+		`${method} ${url.pathname}${url.search} ${version}`,
+		Object.entries(headers)
+			.filter(([ key ]) => !key.startsWith(':'))
+			.filter(([ key ]) => !FILTER_KEYS.includes(key))
+			.map(([ key, value ]) => `${key}: ${value}`)
+			.join('\n'),
+		'\n'
+		]
+		.join('\n')
+
+	stream.end(reconstructed)
+}
+

package/src/response/unauthorized.js

@@ -0,0 +1,30 @@
+import http2 from 'node:http2'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_SERVER
+} = http2.constants
+
+const {
+	HTTP_STATUS_UNAUTHORIZED
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Metadata} meta
+ */
+export function sendUnauthorized(stream, meta) {
+	console.log('Unauthorized')
+
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_UNAUTHORIZED,
+		[HTTP2_HEADER_SERVER]: meta.servername
+		//  WWW-Authenticate
+	})
+	stream.end()
+}

package/src/response/unprocessable.js

@@ -0,0 +1,39 @@
+import http2 from 'node:http2'
+import { CONTENT_TYPE_JSON } from '../content-type.js'
+import {
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	HTTP_HEADER_SERVER_TIMING,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+  HTTP_STATUS_UNPROCESSABLE_ENTITY
+} = http2.constants
+
+const {
+  HTTP2_HEADER_STATUS,
+  HTTP2_HEADER_SERVER,
+  HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Metadata} meta
+ */
+export function sendUnprocessable(stream, meta) {
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_UNPROCESSABLE_ENTITY,
+		// [HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_JSON,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance)
+	})
+
+	// stream.write(JSON.stringify( ... ))
+
+	stream.end()
+}

package/src/response/unsupported-media.js

@@ -0,0 +1,40 @@
+import http2 from 'node:http2'
+import { HTTP_HEADER_ACCEPT_POST } from './defs.js'
+import {
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	HTTP_HEADER_SERVER_TIMING,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP_STATUS_UNSUPPORTED_MEDIA_TYPE
+} = http2.constants
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_SERVER,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Array<string>|string} acceptableMediaType
+ * @param {Metadata} meta
+ */
+export function sendUnsupportedMediaType(stream, acceptableMediaType, meta) {
+	const acceptable = Array.isArray(acceptableMediaType) ? acceptableMediaType : [ acceptableMediaType ]
+
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_UNSUPPORTED_MEDIA_TYPE,
+		[HTTP_HEADER_ACCEPT_POST]: acceptable.join(','),
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance),
+	})
+
+	stream.end()
+}