@johntalton/http-util 2.0.2 → 2.0.3

package/README.md

@@ -16,29 +16,89 @@ Set of utilities to aid in building from-scratch [node:http2](https://nodejs.org
 - Forwarded - `parse` with select-right-most helper
 - Multipart - parse into `FormData`
 - Content Disposition - for use inside of Multipart
+- Conditionals - Etag / FixDate for IfMatch, IfModifiedSince etc
 
 ### Server Sent:
 - Rate Limit
 - Server Timing
 
+
+```javascript
+import {
+  Accept,
+  MIME_TYPE_JSON,
+  MIME_TYPE_TEXT
+} from '@johntalton/http-util/headers'
+
+// assuming our path/method/server supports content in json or text
+const supportedType = [ MIME_TYPE_JSON, MIME_TYPE_TEXT ]
+
+// from request.header.accept (client prefers json)
+const acceptHeader = 'application/json;q=.5, */*;q.4'
+
+const bestMatchingType = Accept.select(acceptHeader, supportedType)
+// bestMatchingType === 'application/json'
+```
+
 ## Response
 
 All responders take in a `stream` as well as a metadata object to hint on servername and origin strings etc.
 
+- `sendAccepted`
+- `sendConflict`
+- `sendCreated`
 - `sendError` - 500
-- `sendPreflight` - Response to OPTIONS with CORS headers
-- `sendUnauthorized` - Unauthorized
+- `sendJSON_Encoded` - Standard Ok response with encoding
+- `sendNoContent`
+- `sendNotAcceptable`
+- `sendNotAllowed` - Method not supported / allowed
 - `sendNotFound` - 404
+- `sendNotModified`
+- `sendPreflight` - Response to OPTIONS with CORS headers
+- `sendTimeout`
 - `sendTooManyRequests` - Rate limit response (429)
-- `sendJSON_Encoded` - Standard Ok response with encoding
+- `sendTrace`
+- `sendUnauthorized` - Unauthorized
+- `sendUnprocessable`
+- `sendUnsupportedMediaType`
 - `sendSSE` - SSE header (leave the `stream` open)
 
 Responses allow for optional CORS headers as well as Server Timing meta data.
 
+## Response Object
+
+The response methods `sendXYZ` are also wrapped in a `Response` object which can make imports simpler and help organize code.
+
+```js
+import { Response } from '@johntalton/http-util/response/object'
+
+// ... sendNotFound becomes .notFound
+Response.notFound(stream, meta)
+```
+
 ## Body
 
 The `requestBody` method returns a `fetch`-like response.  Including methods `blob`, `arrayBuffer`, `bytes`, `text`, `formData`, `json` as well as a `body` as a `ReadableStream`.
 
 The return is a deferred response that does NOT consume the `steam` until calling one of the above methods.
 
-Optional `byteLimit`, `contentLength` and `contentType` can be provided to hint the parser, as well as a `AbortSignal` to abandoned the reader.
+Optional `byteLimit`, `contentLength` and `contentType` can be provided to hint the parser, as well as a `AbortSignal` to abandoned the reader.
+
+```js
+import { requestBody } from '@johntalton/http-util/body'
+
+const signal = // from someplace like a timeout for the overall request
+
+// limit time and size for the body
+// note: this does not consume the stream
+const futureBody = requestBody(stream, {
+  byteLimit: 1000 * 1000,
+  signal
+})
+
+// ... a few moments later ...
+
+// consume the stream
+const body = futureBody.json()
+
+```

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@johntalton/http-util",
-  "version": "2.0.2",
+  "version": "2.0.3",
   "license": "MIT",
   "type": "module",
   "exports": {

package/src/body.js

@@ -228,6 +228,9 @@ export async function bodyArrayBuffer(reader) {
  * @param {ReadableStream} reader
  */
 export async function bodyUint8Array(reader) {
+	// const blob = await bodyBlob(reader)
+	// return blob.bytes()
+
 	const buffer = await bodyArrayBuffer(reader)
 	return new Uint8Array(buffer)
 

package/src/conditional.js

@@ -0,0 +1,260 @@
+export const CONDITION_ETAG_SEPARATOR = ','
+export const CONDITION_ETAG_ANY = '*'
+export const CONDITION_ETAG_WEAK_PREFIX = 'W/'
+export const ETAG_QUOTE = '"'
+
+export const DATE_SPACE = ' '
+export const DATE_DAYS = [ 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat', 'Sun' ]
+export const DATE_MONTHS = [ 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec' ]
+export const DATE_SEPARATOR = ','
+export const DATE_TIME_SEPARATOR = ':'
+export const DATE_ZONE = 'GMT'
+
+/**
+ * @param {string} etag
+ */
+export function isValidEtag(etag) {
+	// %x21 / %x23-7E  and %x80-FF
+	for(const c of etag) {
+		if(c.charCodeAt(0) < 0x21) { return false }
+		if(c.charCodeAt(0) > 0xFF) { return false }
+		if(c === ETAG_QUOTE) { return false }
+	}
+	return true
+}
+
+/**
+ * @param {string} etag
+ */
+export function stripQuotes(etag) {
+	return etag.substring(1, etag.length - 1)
+}
+
+/**
+ * @param {string} etag
+ */
+export function isQuoted(etag) {
+	if(etag.length <= 2) { return false }
+	if(!etag.startsWith(ETAG_QUOTE)) { return false }
+	if(!etag.endsWith(ETAG_QUOTE)) { return false }
+	return true
+}
+
+/**
+ * @typedef {Object} EtagItem
+ * @property {boolean} weak
+ * @property {boolean} any
+ * @property {string} etag
+ */
+
+/**
+ * @typedef {Object} IMFFixDate
+ * @property {typeof DATE_DAYS[number]} dayName
+ * @property {number} day
+ * @property {typeof DATE_MONTHS[number]} month
+ * @property {number} year
+ * @property {number} hour
+ * @property {number} minute
+ * @property {number} second
+ * @property {Date} date
+ */
+
+export class Conditional {
+	/**
+	 * @param {string|undefined} matchHeader
+	 * @returns {Array<EtagItem>}
+	 */
+	static parseEtagList(matchHeader) {
+		if(matchHeader === undefined) { return [] }
+
+		return matchHeader.split(CONDITION_ETAG_SEPARATOR)
+			.map(etag => etag.trim())
+			.map(etag => {
+				if(etag.startsWith(CONDITION_ETAG_WEAK_PREFIX)) {
+					// weak
+					return {
+						weak: true,
+						etag: etag.substring(CONDITION_ETAG_WEAK_PREFIX.length)
+					}
+				}
+
+				// strong
+				return {
+					weak: false,
+					etag
+				}
+			})
+			.map(item => {
+				if(item.etag === CONDITION_ETAG_ANY) {
+					return {
+						...item,
+						any: true
+					}
+				}
+
+				// validated quoted
+				if(!isQuoted(item.etag)) { return undefined }
+				const etag = stripQuotes(item.etag)
+				if(!isValidEtag(etag)) { return undefined }
+				if(etag === CONDITION_ETAG_ANY) { return undefined }
+
+				return {
+					weak: item.weak,
+					any: false,
+					etag
+				}
+			})
+			.filter(item => item !== undefined)
+	}
+
+	/**
+	 * @param {String|string|undefined} matchHeader
+	 * @returns {IMFFixDate|undefined}
+	 */
+	static parseFixDate(matchHeader) {
+		if(matchHeader === undefined || matchHeader === null) { return undefined }
+		// if(!(typeof matchHeader === 'string') && (!(matchHeader instanceof String))) { return undefined }
+
+		// https://www.rfc-editor.org/rfc/rfc5322.html#section-3.3
+		// https://httpwg.org/specs/rfc9110.html#preferred.date.format
+		// <day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT
+		// day-name "," SP date1 SP time-of-day SP GMT
+
+		if(matchHeader.length != 29) { return undefined }
+
+		//
+		const spaces = [
+			matchHeader.substring(4, 5),
+			matchHeader.substring(7, 8),
+			matchHeader.substring(11, 12),
+			matchHeader.substring(16, 17),
+			matchHeader.substring(25, 26)
+		]
+		const comma = matchHeader.substring(3, 4)
+		const timeSeparators = [
+			matchHeader.substring(19, 20),
+			matchHeader.substring(22, 23)
+		]
+		const gmt = matchHeader.substring(26)
+
+		//
+		if(comma !== DATE_SEPARATOR) { return undefined }
+		if(gmt !== DATE_ZONE) { return undefined }
+		for(const colon of timeSeparators) {
+			if(colon !== DATE_TIME_SEPARATOR) { return undefined }
+		}
+		for(const space of spaces) {
+			if(space !== DATE_SPACE) { return undefined }
+		}
+
+		//
+		const dayName = matchHeader.substring(0, 3)
+		const day = parseInt(matchHeader.substring(5, 7))
+		const month = matchHeader.substring(8, 11)
+		const year = parseInt(matchHeader.substring(12, 16))
+		const hour = parseInt(matchHeader.substring(17, 19))
+		const minute = parseInt(matchHeader.substring(20, 22))
+		const second = parseInt(matchHeader.substring(23, 25))
+
+		//
+		if(!DATE_DAYS.includes(dayName)) { return undefined }
+		if(!DATE_MONTHS.includes(month)) { return undefined }
+		if(!Number.isInteger(day)) { return undefined }
+		if(!Number.isInteger(year)) { return undefined }
+		if(!Number.isInteger(hour)) { return undefined }
+		if(!Number.isInteger(minute)) { return undefined }
+		if(!Number.isInteger(second)) { return undefined }
+
+		//
+		if(day > 31 || day <= 0) { return undefined }
+		if(year < 1900) { return undefined }
+		if(hour > 24 || hour < 0) { return undefined }
+		if(minute > 60 || minute < 0) { return undefined }
+		if(second > 60 || second < 0) { return undefined }
+
+		//
+		return {
+			dayName,
+			day,
+			month,
+			year,
+			hour,
+			minute,
+			second,
+			date: new Date(Date.UTC(year, DATE_MONTHS.indexOf(month), day, hour, minute, second)),
+			// temporal:
+		}
+	}
+}
+
+// Ok
+// console.log(Conditional.parseEtagList('"bfc13a64729c4290ef5b2c2730249c88ca92d82d"'))
+// console.log(Conditional.parseEtagList('W/"67ab43", "54ed21", "7892dd"'))
+// console.log(Conditional.parseEtagList('*'))
+// console.log(Conditional.parseEtagList('"!ÿ©"'))
+// console.log(Conditional.parseEtagList('"!","ÿ", "©"'))
+// console.log(Conditional.parseEtagList('"!","ÿ"   ,\t"©"'))
+
+// Error
+console.log(Conditional.parseEtagList('"*"'))
+// console.log(Conditional.parseEtagList('W/'))
+// console.log(Conditional.parseEtagList('W/"'))
+// console.log(Conditional.parseEtagList('W/""'))
+// console.log(Conditional.parseEtagList(''))
+// console.log(Conditional.parseEtagList('"'))
+// console.log(Conditional.parseEtagList('""'))
+// console.log(Conditional.parseEtagList('"""'))
+// console.log(Conditional.parseEtagList('" "'))
+// console.log(Conditional.parseEtagList('"\n"'))
+// console.log(Conditional.parseEtagList('"\t"'))
+
+//
+// const testsOk = [
+// 	'Sun, 06 Nov 1994 08:49:37 GMT',
+// 	'Sun, 06 Nov 1994 00:00:00 GMT',
+// 	'Tue, 01 Nov 1994 00:00:00 GMT',
+// 	'Thu, 06 Nov 3000 08:49:37 GMT',
+// 	'Sun, 06 Nov 1994 23:59:59 GMT',
+// 	new String('Sun, 06 Nov 1994 08:49:37 GMT'),
+// ]
+// for(const test of testsOk) {
+// 	const result = Conditional.parseFixDate(test)
+// 	if(result?.date.toUTCString() !== test.toString()) {
+// 		console.log('🛑', test, result, result?.date.toUTCString())
+// 		break
+// 	}
+// }
+
+// const testBad = [
+// 	undefined,
+// 	null,
+// 	{},
+// 	new String(),
+// 	'',
+// 	'Anything',
+// 	'   ,               :  :   GMT',
+// 	'Sun,    Nov        :  :   GMT',
+// 	'Sun, 00 Nov 0000 00:00:00 GMT',
+// 	'Sun, 06 Nov 1994 08-49-37 GMT',
+// 	'Sun  06 Nov 1994 08:49:37 GMT',
+// 	'FOO, 06 Nov 1994 08:49:37 GMT',
+// 	'Sun, 32 Nov 1994 08:49:37 GMT',
+// 	'Sun, 00 Nov 1994 08:49:37 GMT',
+// 	'Sun, 06 Nov 0900 08:49:37 GMT',
+// 	'Sun, 06 Nov 1994 08:49:37 UTC',
+// 	'Sun, 06 Nov 1994 30:49:37 GMT',
+// 	'Sun,\t06 Nov 1994 08:49:37 GMT',
+
+// 	'Sunday, 06-Nov-94 08:49:37 GMT',
+// 	'Sun Nov  6 08:49:37 1994',
+// 	'Sun Nov  6 08:49:37 1994      ',
+
+// ]
+// for(const test of testBad) {
+// 	const result = Conditional.parseFixDate(test)
+// 	if(result !== undefined) {
+// 		console.log('🛑', test, result)
+// 		break
+// 	}
+// }
+

package/src/index.js

@@ -2,9 +2,10 @@ export * from './accept-encoding.js'
 export * from './accept-language.js'
 export * from './accept-util.js'
 export * from './accept.js'
+export * from './conditional.js'
 export * from './content-disposition.js'
 export * from './content-type.js'
 export * from './forwarded.js'
 export * from './multipart.js'
 export * from './rate-limit.js'
-export * from './server-timing.js'
+export * from './server-timing.js'

package/src/response/accepted.js

@@ -1,4 +1,5 @@
 import http2 from 'node:http2'
+import { CONTENT_TYPE_JSON } from '../content-type.js'
 import {
 	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
 	HTTP_HEADER_SERVER_TIMING,
@@ -26,9 +27,13 @@ export function sendAccepted(stream, meta) {
 	stream.respond({
 		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
 		[HTTP2_HEADER_STATUS]: HTTP_STATUS_ACCEPTED,
+		// [HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_JSON,
 		[HTTP2_HEADER_SERVER]: meta.servername,
 		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
 		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance)
 	})
+
+	// stream.write(JSON.stringify( ... ))
+
 	stream.end()
 }

package/src/response/conflict.js

@@ -0,0 +1,39 @@
+import http2 from 'node:http2'
+import { CONTENT_TYPE_JSON } from '../content-type.js'
+import {
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	HTTP_HEADER_SERVER_TIMING,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP_STATUS_CONFLICT
+} = http2.constants
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_SERVER,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Metadata} meta
+ */
+export function sendConflict(stream, meta) {
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_CONFLICT,
+		// [HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_JSON,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance)
+	})
+
+	// stream.write(JSON.stringify( ... ))
+
+	stream.end()
+}

package/src/response/created.js

@@ -1,4 +1,5 @@
 import http2 from 'node:http2'
+import { CONTENT_TYPE_JSON } from '../content-type.js'
 import {
 	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
 	HTTP_HEADER_SERVER_TIMING,
@@ -28,10 +29,14 @@ export function sendCreated(stream, location, meta) {
 	stream.respond({
 		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
 		[HTTP2_HEADER_STATUS]: HTTP_STATUS_CREATED,
+		// [HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_JSON,
 		[HTTP2_HEADER_SERVER]: meta.servername,
 		[HTTP2_HEADER_LOCATION]: location.href,
 		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
 		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance),
 	})
+
+	// stream.write(JSON.stringify( ... ))
+
 	stream.end()
 }

package/src/response/error.js

@@ -1,5 +1,4 @@
 import http2 from 'node:http2'
-
 import {
 	CONTENT_TYPE_TEXT
 } from '../content-type.js'

package/src/response/index.js

@@ -1,16 +1,20 @@
 export * from './defs.js'
 
 export * from './accepted.js'
+export * from './conflict.js'
 export * from './created.js'
 export * from './error.js'
 export * from './json.js'
+export * from './no-content.js'
 export * from './not-acceptable.js'
 export * from './not-allowed.js'
 export * from './not-found.js'
 export * from './not-modified.js'
 export * from './preflight.js'
 export * from './sse.js'
+export * from './timeout.js'
 export * from './too-many-requests.js'
 export * from './trace.js'
 export * from './unauthorized.js'
 export * from './unsupported-media.js'
+export * from './unprocessable.js'

package/src/response/no-content.js

@@ -0,0 +1,36 @@
+import http2 from 'node:http2'
+import {
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	HTTP_HEADER_SERVER_TIMING,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP_STATUS_NO_CONTENT
+} = http2.constants
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_SERVER,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_ETAG
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Metadata} meta
+ */
+export function sendNoContent(stream, meta) {
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_NO_CONTENT,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance),
+		[HTTP2_HEADER_ETAG]: `"${meta.etag}"`
+	})
+	stream.end()
+}

package/src/response/not-allowed.js

@@ -5,6 +5,7 @@ import http2 from 'node:http2'
 
 const {
 	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
 	HTTP2_HEADER_SERVER,
 	HTTP2_HEADER_ALLOW
 } = http2.constants
@@ -20,6 +21,7 @@ const {
  */
 export function sendNotAllowed(stream, methods, meta) {
 	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
 		[HTTP2_HEADER_STATUS]: HTTP_STATUS_METHOD_NOT_ALLOWED,
 		[HTTP2_HEADER_ALLOW]: methods.join(','),
 		[HTTP2_HEADER_SERVER]: meta.servername

package/src/response/not-found.js

@@ -24,6 +24,7 @@ const {
  */
 export function sendNotFound(stream, message, meta) {
 	console.log('404', message)
+
 	stream.respond({
 		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
 		[HTTP2_HEADER_STATUS]: HTTP_STATUS_NOT_FOUND,

package/src/response/response.js

@@ -1,22 +1,28 @@
 import { sendAccepted } from './accepted.js'
+import { sendConflict } from './conflict.js'
 import { sendCreated } from './created.js'
 import { sendError } from './error.js'
 import { sendJSON_Encoded } from './json.js'
+import { sendNoContent } from './no-content.js'
 import { sendNotAcceptable } from './not-acceptable.js'
 import { sendNotAllowed } from './not-allowed.js'
 import { sendNotFound } from './not-found.js'
 import { sendNotModified } from './not-modified.js'
 import { sendPreflight } from './preflight.js'
 import { sendSSE } from './sse.js'
+import { sendTimeout } from './timeout.js'
 import { sendTooManyRequests } from './too-many-requests.js'
 import { sendTrace } from './trace.js'
 import { sendUnauthorized } from './unauthorized.js'
 import { sendUnsupportedMediaType } from './unsupported-media.js'
+import { sendUnprocessable } from './unprocessable.js'
 
 export const Response = {
 	accepted: sendAccepted,
+	conflict: sendConflict,
 	created: sendCreated,
 	error: sendError,
+	noContent: sendNoContent,
 	json: sendJSON_Encoded,
 	notAcceptable: sendNotAcceptable,
 	notAllowed: sendNotAllowed,
@@ -24,8 +30,10 @@ export const Response = {
 	notModified: sendNotModified,
 	preflight: sendPreflight,
 	sse: sendSSE,
+	timeout: sendTimeout,
 	tooManyRequests: sendTooManyRequests,
 	trace: sendTrace,
 	unauthorized: sendUnauthorized,
-	unsupportedMediaType: sendUnsupportedMediaType
+	unsupportedMediaType: sendUnsupportedMediaType,
+	unprocessable: sendUnprocessable
 }

package/src/response/timeout.js

@@ -0,0 +1,41 @@
+import http2 from 'node:http2'
+import { CONTENT_TYPE_JSON } from '../content-type.js'
+import {
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	HTTP_HEADER_SERVER_TIMING,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+	HTTP_STATUS_REQUEST_TIMEOUT
+} = http2.constants
+
+const {
+	HTTP2_HEADER_STATUS,
+	HTTP2_HEADER_SERVER,
+	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+	HTTP2_HEADER_CONNECTION
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Metadata} meta
+ */
+export function sendTimeout(stream, meta) {
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_REQUEST_TIMEOUT,
+		// [HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_JSON,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance),
+		[HTTP2_HEADER_CONNECTION]: 'close'
+	})
+
+	// stream.write(JSON.stringify( ... ))
+
+	stream.end()
+}

package/src/response/too-many-requests.js

@@ -1,4 +1,5 @@
 import http2 from 'node:http2'
+import { CONTENT_TYPE_TEXT } from '../content-type.js'
 import {
 	HTTP_HEADER_RATE_LIMIT,
 	HTTP_HEADER_RATE_LIMIT_POLICY,
@@ -6,6 +7,7 @@ import {
 	RateLimitPolicy
 } from '../rate-limit.js'
 
+
 /** @import { ServerHttp2Stream } from 'node:http2' */
 /** @import { Metadata } from './defs.js' */
 
@@ -13,7 +15,8 @@ const {
 	HTTP2_HEADER_STATUS,
 	HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
 	HTTP2_HEADER_SERVER,
-	HTTP2_HEADER_RETRY_AFTER
+	HTTP2_HEADER_RETRY_AFTER,
+	HTTP2_HEADER_CONTENT_TYPE
 } = http2.constants
 
 const {
@@ -30,14 +33,15 @@ export function sendTooManyRequests(stream, limitInfo, policies, meta) {
 	stream.respond({
 		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
 		[HTTP2_HEADER_STATUS]: HTTP_STATUS_TOO_MANY_REQUESTS,
+		[HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_TEXT,
 		[HTTP2_HEADER_SERVER]: meta.servername,
-
 		[HTTP2_HEADER_RETRY_AFTER]: limitInfo.retryAfterS,
 		[HTTP_HEADER_RATE_LIMIT]: RateLimit.from(limitInfo),
 		[HTTP_HEADER_RATE_LIMIT_POLICY]: RateLimitPolicy.from(...policies)
 	})
 
 	stream.write(`Retry After ${limitInfo.retryAfterS} Seconds`)
+
 	stream.end()
 }
 

package/src/response/unauthorized.js

@@ -24,6 +24,7 @@ export function sendUnauthorized(stream, meta) {
 		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
 		[HTTP2_HEADER_STATUS]: HTTP_STATUS_UNAUTHORIZED,
 		[HTTP2_HEADER_SERVER]: meta.servername
+		//  WWW-Authenticate
 	})
 	stream.end()
 }

package/src/response/unprocessable.js

@@ -0,0 +1,39 @@
+import http2 from 'node:http2'
+import { CONTENT_TYPE_JSON } from '../content-type.js'
+import {
+	HTTP_HEADER_TIMING_ALLOW_ORIGIN,
+	HTTP_HEADER_SERVER_TIMING,
+	ServerTiming
+} from '../server-timing.js'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { Metadata } from './defs.js' */
+
+const {
+  HTTP_STATUS_UNPROCESSABLE_ENTITY
+} = http2.constants
+
+const {
+  HTTP2_HEADER_STATUS,
+  HTTP2_HEADER_SERVER,
+  HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN
+} = http2.constants
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {Metadata} meta
+ */
+export function sendUnprocessable(stream, meta) {
+	stream.respond({
+		[HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN]: meta.origin,
+		[HTTP2_HEADER_STATUS]: HTTP_STATUS_UNPROCESSABLE_ENTITY,
+		// [HTTP2_HEADER_CONTENT_TYPE]: CONTENT_TYPE_JSON,
+		[HTTP2_HEADER_SERVER]: meta.servername,
+		[HTTP_HEADER_TIMING_ALLOW_ORIGIN]: meta.origin,
+		[HTTP_HEADER_SERVER_TIMING]: ServerTiming.encode(meta.performance)
+	})
+
+	// stream.write(JSON.stringify( ... ))
+
+	stream.end()
+}