@kabyeon/nexusjs 0.6.5

package/dist/session/index.js

@@ -0,0 +1,1498 @@
+// @bun
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+function __accessProp(key) {
+  return this[key];
+}
+var __toCommonJS = (from) => {
+  var entry = (__moduleCache ??= new WeakMap).get(from), desc;
+  if (entry)
+    return entry;
+  entry = __defProp({}, "__esModule", { value: true });
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (var key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(entry, key))
+        __defProp(entry, key, {
+          get: __accessProp.bind(from, key),
+          enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+        });
+  }
+  __moduleCache.set(from, entry);
+  return entry;
+};
+var __moduleCache;
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: __exportSetter.bind(all, name)
+    });
+};
+var __legacyDecorateClassTS = function(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function")
+    r = Reflect.decorate(decorators, target, key, desc);
+  else
+    for (var i = decorators.length - 1;i >= 0; i--)
+      if (d = decorators[i])
+        r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __legacyDecorateParamTS = (index, decorator) => (target, key) => decorator(target, key, index);
+var __legacyMetadataTS = (k, v) => {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function")
+    return Reflect.metadata(k, v);
+};
+var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+var __require = import.meta.require;
+
+// src/session/backends/drizzle.ts
+var exports_drizzle = {};
+__export(exports_drizzle, {
+  DrizzleSessionStorage: () => DrizzleSessionStorage
+});
+
+class DrizzleSessionStorage {
+  name = "database";
+  db;
+  tableName;
+  cols;
+  constructor(options) {
+    this.db = options.db;
+    this.tableName = options.tableName ?? "nexus_sessions";
+    this.cols = {
+      id: options.columns?.id ?? "id",
+      userId: options.columns?.userId ?? "user_id",
+      data: options.columns?.data ?? "data",
+      createdAt: options.columns?.createdAt ?? "created_at",
+      lastSeenAt: options.columns?.lastSeenAt ?? "last_seen_at",
+      expiresAt: options.columns?.expiresAt ?? "expires_at",
+      absoluteExpiresAt: options.columns?.absoluteExpiresAt ?? "absolute_expires_at",
+      metadata: options.columns?.metadata ?? "metadata"
+    };
+  }
+  async create(opts) {
+    const now = new Date;
+    const record = {
+      id: opts.id ?? randomId3(),
+      userId: null,
+      data: opts.data ?? {},
+      createdAt: now,
+      lastSeenAt: now,
+      expiresAt: new Date(now.getTime() + (opts.ttlSeconds ?? 60 * 60 * 24 * 7) * 1000)
+    };
+    if (opts.absoluteTtlSeconds) {
+      record.absoluteExpiresAt = new Date(now.getTime() + opts.absoluteTtlSeconds * 1000);
+    }
+    if (opts.metadata)
+      record.metadata = opts.metadata;
+    await this.db.rawQuery(`INSERT INTO ${this.tableName} (${this.cols.id}, ${this.cols.userId}, ${this.cols.data}, ${this.cols.createdAt}, ${this.cols.lastSeenAt}, ${this.cols.expiresAt}, ${this.cols.absoluteExpiresAt}, ${this.cols.metadata})
+			 VALUES (?, ?, ?, ?, ?, ?, ?, ?)`, [
+      record.id,
+      record.userId,
+      JSON.stringify(record.data),
+      toTimestamp(record.createdAt),
+      toTimestamp(record.lastSeenAt),
+      toTimestamp(record.expiresAt),
+      record.absoluteExpiresAt ? toTimestamp(record.absoluteExpiresAt) : null,
+      record.metadata ? JSON.stringify(record.metadata) : null
+    ]);
+    return record;
+  }
+  async read(id) {
+    const rows = await this.db.rawQuery(`SELECT * FROM ${this.tableName} WHERE ${this.cols.id} = ? LIMIT 1`, [id]);
+    return rows[0] ? this.rowToRecord(rows[0]) : null;
+  }
+  async readMany(query = {}) {
+    const where = [];
+    const params = [];
+    if (query.userId !== undefined) {
+      where.push(`${this.cols.userId} = ?`);
+      params.push(query.userId);
+    }
+    const whereSql = where.length > 0 ? `WHERE ${where.join(" AND ")}` : "";
+    const limit = query.limit ?? 1000;
+    const rows = await this.db.rawQuery(`SELECT * FROM ${this.tableName} ${whereSql} ORDER BY ${this.cols.createdAt} DESC LIMIT ?`, [...params, limit]);
+    return rows.map((r) => this.rowToRecord(r));
+  }
+  async update(id, opts) {
+    const sets = [];
+    const params = [];
+    if (opts.dataPatch !== undefined) {
+      sets.push(`${this.cols.data} = ?`);
+      params.push(JSON.stringify(opts.dataPatch));
+    }
+    if (opts.extendSeconds !== undefined) {
+      sets.push(`${this.cols.expiresAt} = ?`);
+      params.push(toTimestamp(new Date(Date.now() + opts.extendSeconds * 1000)));
+    }
+    if (sets.length === 0)
+      return this.read(id);
+    sets.push(`${this.cols.lastSeenAt} = ?`);
+    params.push(toTimestamp(new Date));
+    params.push(id);
+    await this.db.rawQuery(`UPDATE ${this.tableName} SET ${sets.join(", ")} WHERE ${this.cols.id} = ?`, params);
+    return this.read(id);
+  }
+  async touch(id) {
+    await this.db.rawQuery(`UPDATE ${this.tableName} SET ${this.cols.lastSeenAt} = ? WHERE ${this.cols.id} = ?`, [toTimestamp(new Date), id]);
+    return this.read(id);
+  }
+  async destroy(id) {
+    const existing = await this.read(id);
+    if (!existing)
+      return false;
+    await this.db.rawQuery(`DELETE FROM ${this.tableName} WHERE ${this.cols.id} = ?`, [id]);
+    return true;
+  }
+  async destroyMany(query = {}) {
+    const where = [];
+    const params = [];
+    if (query.userId !== undefined) {
+      where.push(`${this.cols.userId} = ?`);
+      params.push(query.userId);
+    }
+    const whereSql = where.length > 0 ? `WHERE ${where.join(" AND ")}` : "";
+    await this.db.rawQuery(`DELETE FROM ${this.tableName} ${whereSql}`, params);
+    return 0;
+  }
+  async gc() {
+    await this.db.rawQuery(`DELETE FROM ${this.tableName} WHERE ${this.cols.expiresAt} < ?`, [toTimestamp(new Date)]);
+    return 0;
+  }
+  async clear() {
+    await this.db.rawQuery(`DELETE FROM ${this.tableName}`);
+  }
+  async start() {}
+  async stop() {}
+  rowToRecord(row) {
+    const r = {
+      id: String(row[this.cols.id]),
+      userId: row[this.cols.userId],
+      data: parseJson(row[this.cols.data]) ?? {},
+      createdAt: fromTimestamp(row[this.cols.createdAt]),
+      lastSeenAt: fromTimestamp(row[this.cols.lastSeenAt]),
+      expiresAt: fromTimestamp(row[this.cols.expiresAt])
+    };
+    const abs = row[this.cols.absoluteExpiresAt];
+    if (abs)
+      r.absoluteExpiresAt = fromTimestamp(abs);
+    const meta = row[this.cols.metadata];
+    if (meta)
+      r.metadata = parseJson(meta);
+    return r;
+  }
+}
+function toTimestamp(d) {
+  return d.toISOString();
+}
+function fromTimestamp(v) {
+  if (v instanceof Date)
+    return v;
+  if (typeof v === "string")
+    return new Date(v);
+  if (typeof v === "number")
+    return new Date(v);
+  return new Date;
+}
+function parseJson(v) {
+  if (typeof v !== "string")
+    return v;
+  try {
+    return JSON.parse(v);
+  } catch {
+    return null;
+  }
+}
+function randomId3(bytes = 24) {
+  const arr = new Uint8Array(bytes);
+  crypto.getRandomValues(arr);
+  return Buffer.from(arr).toString("base64url");
+}
+
+// src/core/constants.ts
+var METADATA_KEY, PARAM_TYPES, HTTP_METHODS;
+var init_constants = __esm(() => {
+  METADATA_KEY = {
+    CONTROLLER: "nexus:controller",
+    INJECTABLE: "nexus:injectable",
+    REPOSITORY: "nexus:repository",
+    MODULE: "nexus:module",
+    ROUTES: "nexus:routes",
+    PARAMS: "nexus:params",
+    VALIDATE: "nexus:validate",
+    PARAMTYPES: "design:paramtypes",
+    TYPE: "design:type",
+    RETURNTYPE: "design:returntype",
+    INJECT: "nexus:inject"
+  };
+  PARAM_TYPES = {
+    REQUEST: 0,
+    RESPONSE: 1,
+    NEXT: 2,
+    BODY: 3,
+    QUERY: 4,
+    PARAM: 5,
+    HEADERS: 6,
+    CTX: 7,
+    USER: 8
+  };
+  HTTP_METHODS = [
+    "GET",
+    "POST",
+    "PUT",
+    "DELETE",
+    "PATCH",
+    "OPTIONS",
+    "HEAD"
+  ];
+});
+
+// src/core/decorators/controller.ts
+import"reflect-metadata";
+function Controller(prefix = "/") {
+  return (target) => {
+    const normalized = normalizePrefix(prefix);
+    const meta = { prefix: normalized };
+    Reflect.defineMetadata(METADATA_KEY.CONTROLLER, meta, target);
+  };
+}
+function getControllerMetadata(target) {
+  return Reflect.getMetadata(METADATA_KEY.CONTROLLER, target) ?? { prefix: "/" };
+}
+function isController(target) {
+  return Reflect.hasMetadata(METADATA_KEY.CONTROLLER, target);
+}
+function normalizePrefix(prefix) {
+  if (!prefix)
+    return "";
+  if (prefix !== "/" && prefix.endsWith("/")) {
+    return prefix.slice(0, -1);
+  }
+  return prefix;
+}
+var init_controller = __esm(() => {
+  init_constants();
+});
+
+// src/core/decorators/http-methods.ts
+import"reflect-metadata";
+function defineRoute(method, path) {
+  return (target, propertyKey, descriptor) => {
+    const routes = Reflect.getMetadata(METADATA_KEY.ROUTES, target.constructor) ?? [];
+    routes.push({
+      method,
+      path: normalizePath(path),
+      propertyKey,
+      handler: descriptor.value
+    });
+    Reflect.defineMetadata(METADATA_KEY.ROUTES, routes, target.constructor);
+  };
+}
+function normalizePath(path) {
+  if (!path || path === "/")
+    return "/";
+  return path.startsWith("/") ? path : `/${path}`;
+}
+function getRoutes(target) {
+  return Reflect.getMetadata(METADATA_KEY.ROUTES, target) ?? [];
+}
+var Get = (path = "/") => defineRoute("GET", path), Post = (path = "/") => defineRoute("POST", path), Put = (path = "/") => defineRoute("PUT", path), Delete = (path = "/") => defineRoute("DELETE", path), Patch = (path = "/") => defineRoute("PATCH", path), Options = (path = "/") => defineRoute("OPTIONS", path), Head = (path = "/") => defineRoute("HEAD", path);
+var init_http_methods = __esm(() => {
+  init_constants();
+});
+
+// src/core/decorators/params.ts
+import"reflect-metadata";
+function createParamDecorator(type, data) {
+  return (target, propertyKey, parameterIndex) => {
+    if (propertyKey !== undefined) {
+      const params = Reflect.getMetadata(METADATA_KEY.PARAMS, target, propertyKey) ?? [];
+      params.push({
+        index: parameterIndex,
+        type,
+        name: typeof data === "string" ? data : undefined,
+        data: typeof data === "object" ? data : undefined
+      });
+      Reflect.defineMetadata(METADATA_KEY.PARAMS, params, target, propertyKey);
+    } else {
+      const params = Reflect.getMetadata(METADATA_KEY.PARAMS, target) ?? [];
+      params.push({
+        index: parameterIndex,
+        type,
+        name: typeof data === "string" ? data : undefined,
+        data: typeof data === "object" ? data : undefined
+      });
+      Reflect.defineMetadata(METADATA_KEY.PARAMS, params, target);
+    }
+  };
+}
+function getParamMetadata(target, propertyKey) {
+  return Reflect.getMetadata(METADATA_KEY.PARAMS, target, propertyKey) ?? [];
+}
+var Req = () => createParamDecorator(PARAM_TYPES.REQUEST), Res = () => createParamDecorator(PARAM_TYPES.RESPONSE), Next = () => createParamDecorator(PARAM_TYPES.NEXT), Body = (key) => createParamDecorator(PARAM_TYPES.BODY, key), Query = (key) => createParamDecorator(PARAM_TYPES.QUERY, key), Param = (key) => createParamDecorator(PARAM_TYPES.PARAM, key), Headers = (key) => createParamDecorator(PARAM_TYPES.HEADERS, key), Ctx = () => createParamDecorator(PARAM_TYPES.CTX), User = () => createParamDecorator(PARAM_TYPES.USER);
+var init_params = __esm(() => {
+  init_constants();
+});
+
+// src/core/decorators/validate.ts
+import"reflect-metadata";
+function Validate(options) {
+  return (target, propertyKey, descriptor) => {
+    Reflect.defineMetadata(METADATA_KEY.VALIDATE, options, target.constructor, propertyKey);
+  };
+}
+function getValidationMetadata(target, propertyKey) {
+  return Reflect.getMetadata(METADATA_KEY.VALIDATE, target, propertyKey);
+}
+var init_validate = __esm(() => {
+  init_constants();
+});
+// src/session/backends/memory.ts
+function randomId(bytes = 24) {
+  const arr = new Uint8Array(bytes);
+  crypto.getRandomValues(arr);
+  return Buffer.from(arr).toString("base64url");
+}
+
+class MemorySessionStorage {
+  name = "memory";
+  #sessions = new Map;
+  #gcHandle = null;
+  #maxSessions;
+  #gcIntervalMs;
+  constructor(options = {}) {
+    this.#maxSessions = options.maxSessions ?? 1e5;
+    this.#gcIntervalMs = options.gcIntervalMs ?? 60000;
+  }
+  start() {
+    if (this.#gcHandle)
+      return;
+    this.#gcHandle = setInterval(() => void this.gc(), this.#gcIntervalMs);
+    const h = this.#gcHandle;
+    if (typeof h.unref === "function")
+      h.unref();
+  }
+  async stop() {
+    if (this.#gcHandle)
+      clearInterval(this.#gcHandle);
+    this.#gcHandle = null;
+  }
+  async create(opts) {
+    const now = new Date;
+    const ttl = (opts.ttlSeconds ?? 60 * 60 * 24 * 7) * 1000;
+    const record = {
+      id: opts.id ?? randomId(),
+      userId: null,
+      data: opts.data ?? {},
+      createdAt: now,
+      lastSeenAt: now,
+      expiresAt: new Date(now.getTime() + ttl)
+    };
+    if (opts.absoluteTtlSeconds) {
+      record.absoluteExpiresAt = new Date(now.getTime() + opts.absoluteTtlSeconds * 1000);
+    }
+    if (opts.metadata)
+      record.metadata = opts.metadata;
+    this.#sessions.set(record.id, record);
+    this.#evictIfFull();
+    return record;
+  }
+  async read(id) {
+    const r = this.#sessions.get(id);
+    if (!r)
+      return null;
+    if (this.#isExpired(r)) {
+      this.#sessions.delete(id);
+      return null;
+    }
+    const now = new Date;
+    r.lastSeenAt = now;
+    r.expiresAt = new Date(now.getTime() + Math.max(60000, r.expiresAt.getTime() - r.lastSeenAt.getTime()));
+    this.#sessions.set(id, r);
+    return r;
+  }
+  async readMany(query = {}) {
+    const now = Date.now();
+    const list = [];
+    for (const r of this.#sessions.values()) {
+      if (this.#isExpired(r))
+        continue;
+      if (query.userId !== undefined && r.userId !== query.userId)
+        continue;
+      if (query.metadata) {
+        if (query.metadata.ipAddress && r.metadata?.ipAddress !== query.metadata.ipAddress)
+          continue;
+        if (query.metadata.userAgent && r.metadata?.userAgent !== query.metadata.userAgent)
+          continue;
+      }
+      list.push(r);
+      if (query.limit && list.length >= (query.offset ?? 0) + query.limit)
+        break;
+    }
+    const offset = query.offset ?? 0;
+    const limit = query.limit ?? list.length;
+    return list.slice(offset, offset + limit);
+  }
+  async update(id, opts) {
+    const r = this.#sessions.get(id);
+    if (!r)
+      return null;
+    if (this.#isExpired(r)) {
+      this.#sessions.delete(id);
+      return null;
+    }
+    if (opts.dataPatch) {
+      r.data = { ...r.data, ...opts.dataPatch };
+    }
+    if (opts.extendSeconds !== undefined) {
+      const newExpiry = Date.now() + opts.extendSeconds * 1000;
+      if (!r.absoluteExpiresAt || newExpiry < r.absoluteExpiresAt.getTime()) {
+        r.expiresAt = new Date(newExpiry);
+      }
+    }
+    r.lastSeenAt = new Date;
+    this.#sessions.set(id, r);
+    return r;
+  }
+  async destroy(id) {
+    return this.#sessions.delete(id);
+  }
+  async destroyMany(query) {
+    const ids = [];
+    for (const [id, r] of this.#sessions) {
+      if (query.userId !== undefined && r.userId !== query.userId)
+        continue;
+      ids.push(id);
+    }
+    for (const id of ids)
+      this.#sessions.delete(id);
+    return ids.length;
+  }
+  async touch(id) {
+    return this.read(id);
+  }
+  async gc() {
+    const now = Date.now();
+    let removed = 0;
+    for (const [id, r] of this.#sessions) {
+      if (this.#isExpired(r, now)) {
+        this.#sessions.delete(id);
+        removed++;
+      }
+    }
+    return removed;
+  }
+  async clear() {
+    this.#sessions.clear();
+  }
+  #isExpired(r, now = Date.now()) {
+    if (r.expiresAt.getTime() <= now)
+      return true;
+    if (r.absoluteExpiresAt && r.absoluteExpiresAt.getTime() <= now)
+      return true;
+    return false;
+  }
+  #evictIfFull() {
+    if (this.#sessions.size <= this.#maxSessions)
+      return;
+    const oldest = this.#sessions.keys().next().value;
+    if (oldest)
+      this.#sessions.delete(oldest);
+  }
+}
+// src/crypto/encryption.ts
+import {
+  createCipheriv,
+  createDecipheriv,
+  createHmac,
+  hkdfSync,
+  randomBytes,
+  timingSafeEqual
+} from "crypto";
+var VERSION = "v1";
+var IV_BYTES = 12;
+var TAG_BYTES = 16;
+
+class EncryptionService {
+  aesKey;
+  hmacKey;
+  constructor(masterKey) {
+    const derived = deriveKeys(masterKey);
+    this.aesKey = derived.aes;
+    this.hmacKey = derived.hmac;
+  }
+  encrypt(value, options = {}) {
+    const iv = randomBytes(IV_BYTES);
+    const cipher = createCipheriv("aes-256-gcm", this.aesKey, iv);
+    const plaintext = Buffer.from(value, "utf8");
+    const ciphertext = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    const expiry = encodeExpiry(options.expiresAt);
+    const purposeBuf = Buffer.from(options.purpose ?? "", "utf8");
+    const mac = this.macOver([VERSION, iv, tag, ciphertext, expiry, purposeBuf]);
+    return [
+      VERSION,
+      b64(iv),
+      b64(tag),
+      b64(ciphertext),
+      b64(expiry),
+      b64(purposeBuf),
+      b64(mac)
+    ].join(".");
+  }
+  decrypt(payload) {
+    const parsed = parseV1(payload);
+    if (!parsed)
+      throw new Error("Encrypted payload is malformed");
+    const expectedMac = this.macOver([
+      VERSION,
+      parsed.iv,
+      parsed.tag,
+      parsed.ciphertext,
+      parsed.expiry,
+      parsed.purpose
+    ]);
+    if (!constantTimeEqual(expectedMac, parsed.mac)) {
+      throw new Error("Encrypted payload failed integrity check");
+    }
+    if (parsed.expiry.length > 0) {
+      const expiryMs = parseExpiry(parsed.expiry.toString("utf8"));
+      if (expiryMs > 0 && Date.now() > expiryMs) {
+        throw new Error("Encrypted payload has expired");
+      }
+    }
+    const decipher = createDecipheriv("aes-256-gcm", this.aesKey, parsed.iv);
+    decipher.setAuthTag(parsed.tag);
+    const plaintext = Buffer.concat([
+      decipher.update(parsed.ciphertext),
+      decipher.final()
+    ]);
+    return plaintext.toString("utf8");
+  }
+  isEncrypted(value) {
+    if (typeof value !== "string")
+      return false;
+    return value.startsWith(VERSION + ".");
+  }
+  sign(value, purpose = "") {
+    const mac = createHmac("sha256", this.hmacKey).update(purpose).update("|").update(value).digest();
+    return `${b64(Buffer.from(value, "utf8"))}.${b64(mac)}`;
+  }
+  signRaw(value, purpose = "") {
+    const mac = createHmac("sha256", this.hmacKey).update(purpose).update("|").update(value).digest();
+    return b64(mac);
+  }
+  verifyRaw(value, signature, purpose = "") {
+    const expected = createHmac("sha256", this.hmacKey).update(purpose).update("|").update(value).digest();
+    const given = fromB64(signature);
+    if (!given)
+      return false;
+    return constantTimeEqual(given, expected);
+  }
+  unsign(signed, purpose = "") {
+    const dot = signed.lastIndexOf(".");
+    if (dot < 1 || dot === signed.length - 1)
+      return null;
+    const valueB64 = signed.slice(0, dot);
+    const macB64 = signed.slice(dot + 1);
+    const value = fromB64(valueB64);
+    const mac = fromB64(macB64);
+    if (!value || !mac)
+      return null;
+    const expected = createHmac("sha256", this.hmacKey).update(purpose).update("|").update(value).digest();
+    if (!constantTimeEqual(mac, expected))
+      return null;
+    return value.toString("utf8");
+  }
+  macOver(parts) {
+    const h = createHmac("sha256", this.hmacKey);
+    for (const p of parts) {
+      h.update("|");
+      h.update(p);
+    }
+    return h.digest();
+  }
+}
+function b64(buf) {
+  return buf.toString("base64url");
+}
+function fromB64(s) {
+  try {
+    return Buffer.from(s, "base64url");
+  } catch {
+    return null;
+  }
+}
+function constantTimeEqual(a, b) {
+  if (a.length !== b.length)
+    return false;
+  return timingSafeEqual(a, b);
+}
+function encodeExpiry(expiresAt) {
+  if (expiresAt === undefined)
+    return Buffer.alloc(0);
+  let ms;
+  if (typeof expiresAt === "number") {
+    ms = expiresAt > 1000000000000 ? expiresAt : Date.now() + expiresAt * 1000;
+  } else if (typeof expiresAt === "string") {
+    const asNum = Number(expiresAt);
+    if (!isNaN(asNum) && asNum > 0) {
+      ms = asNum > 1000000000000 ? asNum : Date.now() + asNum * 1000;
+    } else {
+      ms = Date.parse(expiresAt);
+    }
+  } else {
+    ms = expiresAt.getTime();
+  }
+  if (!isFinite(ms))
+    return Buffer.alloc(0);
+  return Buffer.from(String(ms), "utf8");
+}
+function parseExpiry(s) {
+  const n = Number(s);
+  return isFinite(n) ? n : 0;
+}
+function parseV1(s) {
+  if (typeof s !== "string" || !s.startsWith(VERSION + "."))
+    return null;
+  const parts = s.split(".");
+  if (parts.length !== 7)
+    return null;
+  const [, ivB64, tagB64, ctB64, expB64, purposeB64, macB64] = parts;
+  const iv = fromB64(ivB64);
+  const tag = fromB64(tagB64);
+  const ct = fromB64(ctB64);
+  const exp = fromB64(expB64);
+  const purpose = fromB64(purposeB64);
+  const mac = fromB64(macB64);
+  if (!iv || !tag || !ct || !exp || !purpose || !mac)
+    return null;
+  if (iv.length !== IV_BYTES)
+    return null;
+  if (tag.length !== TAG_BYTES)
+    return null;
+  return { iv, tag, ciphertext: ct, expiry: exp, purpose, mac };
+}
+function deriveKeys(masterKey) {
+  let input;
+  try {
+    const decoded = Buffer.from(masterKey, "base64");
+    if (decoded.length >= 32 && masterKey.length % 4 === 0) {
+      input = decoded;
+    } else {
+      input = Buffer.from(masterKey, "utf8");
+    }
+  } catch {
+    input = Buffer.from(masterKey, "utf8");
+  }
+  const ikm = input.length < 32 ? padKey(input) : input;
+  const out = hkdfSync("sha256", ikm, Buffer.alloc(0), "nexus:crypto:v1", 64);
+  const outBuf = Buffer.from(out);
+  return {
+    aes: Buffer.from(outBuf.subarray(0, 32)),
+    hmac: Buffer.from(outBuf.subarray(32, 64))
+  };
+}
+function padKey(input) {
+  const hash = createHmac("sha256", "nexus:crypto:pad").update(input).digest();
+  const out = Buffer.alloc(32);
+  input.copy(out, 0, 0, Math.min(input.length, 32));
+  hash.copy(out, input.length < 32 ? input.length : 0, 0, 32 - Math.min(input.length, 32));
+  return out;
+}
+
+// src/session/backends/cookie.ts
+function b64urlEncode(buf) {
+  const b = typeof buf === "string" ? Buffer.from(buf, "utf8") : buf;
+  return b.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function b64urlDecode(s) {
+  const padded = s + "=".repeat((4 - s.length % 4) % 4);
+  return Buffer.from(padded.replace(/-/g, "+").replace(/_/g, "/"), "base64");
+}
+function randomId2(bytes = 24) {
+  const arr = new Uint8Array(bytes);
+  crypto.getRandomValues(arr);
+  return b64urlEncode(Buffer.from(arr));
+}
+function encodeSessionCookie(record, secret) {
+  const enc = new EncryptionService(secret);
+  const payload = b64urlEncode(JSON.stringify({
+    id: record.id,
+    userId: record.userId,
+    data: record.data,
+    createdAt: record.createdAt.toISOString(),
+    lastSeenAt: record.lastSeenAt.toISOString(),
+    expiresAt: record.expiresAt.toISOString(),
+    ...record.absoluteExpiresAt ? { absoluteExpiresAt: record.absoluteExpiresAt.toISOString() } : {},
+    ...record.metadata ? { metadata: record.metadata } : {}
+  }));
+  const sig = enc.signRaw(payload, "session");
+  return `${payload}.${sig}`;
+}
+function decodeSessionCookie(cookieValue, secret) {
+  const enc = new EncryptionService(secret);
+  const lastDot = cookieValue.lastIndexOf(".");
+  if (lastDot < 1)
+    return null;
+  const payload = cookieValue.slice(0, lastDot);
+  const sig = cookieValue.slice(lastDot + 1);
+  if (!enc.verifyRaw(payload, sig, "session"))
+    return null;
+  try {
+    const obj = JSON.parse(b64urlDecode(payload).toString("utf8"));
+    const record = {
+      id: String(obj["id"]),
+      userId: obj["userId"] ?? null,
+      data: obj["data"] ?? {},
+      createdAt: new Date(String(obj["createdAt"])),
+      lastSeenAt: new Date(String(obj["lastSeenAt"])),
+      expiresAt: new Date(String(obj["expiresAt"]))
+    };
+    const abs = obj["absoluteExpiresAt"];
+    if (typeof abs === "string")
+      record.absoluteExpiresAt = new Date(abs);
+    const meta = obj["metadata"];
+    if (meta && typeof meta === "object") {
+      record.metadata = meta;
+    }
+    return record;
+  } catch {
+    return null;
+  }
+}
+
+class CookieSessionStorage {
+  name = "cookie";
+  #secret;
+  #cookieName;
+  #defaultTtl;
+  #cookieOptions;
+  constructor(options) {
+    if (!options.secret || options.secret.length < 16) {
+      throw new Error("[session/cookie] secret must be at least 16 chars");
+    }
+    this.#secret = options.secret;
+    this.#cookieName = options.cookieName ?? "nexus.sess";
+    this.#defaultTtl = options.defaultTtlSeconds ?? 60 * 60 * 24 * 7;
+    this.#cookieOptions = options.cookieOptions ?? {};
+  }
+  get cookieName() {
+    return this.#cookieName;
+  }
+  get cookieOptions() {
+    return this.#cookieOptions;
+  }
+  buildSetCookie(record) {
+    const value = encodeSessionCookie(record, this.#secret);
+    const opts = this.#cookieOptions;
+    const parts = [`${this.#cookieName}=${value}`];
+    parts.push(`Path=${opts.path ?? "/"}`);
+    if (opts.domain)
+      parts.push(`Domain=${opts.domain}`);
+    if (opts.httpOnly ?? true)
+      parts.push("HttpOnly");
+    if (opts.secure ?? process.env["NODE_ENV"] === "production")
+      parts.push("Secure");
+    parts.push(`SameSite=${(opts.sameSite ?? "lax").toUpperCase()}`);
+    const maxAge = opts.maxAgeSeconds ?? Math.max(1, Math.floor((record.expiresAt.getTime() - Date.now()) / 1000));
+    parts.push(`Max-Age=${maxAge}`);
+    if (opts.partitioned)
+      parts.push("Partitioned");
+    return parts.join("; ");
+  }
+  buildClearCookie() {
+    const opts = this.#cookieOptions;
+    return [
+      `${this.#cookieName}=`,
+      `Path=${opts.path ?? "/"}`,
+      `Max-Age=0`,
+      opts.domain ? `Domain=${opts.domain}` : ""
+    ].filter(Boolean).join("; ");
+  }
+  async create(opts) {
+    const now = new Date;
+    const ttl = (opts.ttlSeconds ?? this.#defaultTtl) * 1000;
+    const record = {
+      id: opts.id ?? randomId2(),
+      userId: null,
+      data: opts.data ?? {},
+      createdAt: now,
+      lastSeenAt: now,
+      expiresAt: new Date(now.getTime() + ttl)
+    };
+    if (opts.absoluteTtlSeconds) {
+      record.absoluteExpiresAt = new Date(now.getTime() + opts.absoluteTtlSeconds * 1000);
+    }
+    if (opts.metadata)
+      record.metadata = opts.metadata;
+    return record;
+  }
+  async read() {
+    return null;
+  }
+  async readMany(query) {
+    return [];
+  }
+  async update(_id, opts) {
+    return null;
+  }
+  async destroy() {
+    return true;
+  }
+  async destroyMany() {
+    return 0;
+  }
+  async touch() {
+    return null;
+  }
+  async gc() {
+    return 0;
+  }
+  async clear() {}
+  decode(cookieValue) {
+    return decodeSessionCookie(cookieValue, this.#secret);
+  }
+  encode(record) {
+    return encodeSessionCookie(record, this.#secret);
+  }
+}
+// src/session/backends/redis.ts
+var DEFAULT_KEY_PREFIX = "session:";
+
+class RedisSessionStorage {
+  name = "redis";
+  #client;
+  #keyPrefix;
+  constructor(client, options = {}) {
+    this.#client = client;
+    this.#keyPrefix = options.keyPrefix ?? DEFAULT_KEY_PREFIX;
+  }
+  #key(id) {
+    return `${this.#keyPrefix}${id}`;
+  }
+  #indexKey(userId) {
+    return `${this.#keyPrefix}user:${crc32(userId)}`;
+  }
+  #recordToJSON(record) {
+    return JSON.stringify({
+      id: record.id,
+      userId: record.userId,
+      data: record.data,
+      createdAt: record.createdAt.toISOString(),
+      lastSeenAt: record.lastSeenAt.toISOString(),
+      expiresAt: record.expiresAt.toISOString(),
+      ...record.absoluteExpiresAt ? { absoluteExpiresAt: record.absoluteExpiresAt.toISOString() } : {},
+      ...record.metadata ? { metadata: record.metadata } : {}
+    });
+  }
+  #recordFromJSON(s) {
+    try {
+      const obj = JSON.parse(s);
+      const record = {
+        id: String(obj["id"]),
+        userId: obj["userId"] ?? null,
+        data: obj["data"] ?? {},
+        createdAt: new Date(String(obj["createdAt"])),
+        lastSeenAt: new Date(String(obj["lastSeenAt"])),
+        expiresAt: new Date(String(obj["expiresAt"]))
+      };
+      const abs = obj["absoluteExpiresAt"];
+      if (typeof abs === "string")
+        record.absoluteExpiresAt = new Date(abs);
+      const meta = obj["metadata"];
+      if (meta && typeof meta === "object") {
+        record.metadata = meta;
+      }
+      return record;
+    } catch {
+      return null;
+    }
+  }
+  #ttlSeconds(record) {
+    const now = Date.now();
+    const exp = record.expiresAt.getTime();
+    return Math.max(1, Math.floor((exp - now) / 1000));
+  }
+  async create(opts) {
+    const now = new Date;
+    const ttl = (opts.ttlSeconds ?? 60 * 60 * 24 * 7) * 1000;
+    const record = {
+      id: opts.id ?? randomId4(),
+      userId: null,
+      data: opts.data ?? {},
+      createdAt: now,
+      lastSeenAt: now,
+      expiresAt: new Date(now.getTime() + ttl)
+    };
+    if (opts.absoluteTtlSeconds) {
+      record.absoluteExpiresAt = new Date(now.getTime() + opts.absoluteTtlSeconds * 1000);
+    }
+    if (opts.userId !== undefined)
+      record.userId = opts.userId;
+    if (opts.metadata)
+      record.metadata = opts.metadata;
+    await this.#client.set(this.#key(record.id), this.#recordToJSON(record), {
+      ex: Math.max(1, Math.floor((record.expiresAt.getTime() - Date.now()) / 1000))
+    });
+    if (record.userId)
+      await this.#addToIndex(record.userId, record.id);
+    return record;
+  }
+  async read(id) {
+    const raw = await this.#client.get(this.#key(id));
+    if (raw === null)
+      return null;
+    const record = this.#recordFromJSON(raw);
+    if (!record)
+      return null;
+    if (record.absoluteExpiresAt && record.absoluteExpiresAt.getTime() <= Date.now()) {
+      await this.#client.del(this.#key(id));
+      return null;
+    }
+    return record;
+  }
+  async readMany(query) {
+    if (query?.userId) {
+      const idxKey = this.#indexKey(query.userId);
+      const idx = await this.#client.get(idxKey);
+      const ids = idx ? safeParseStringArray(idx) : [];
+      const out2 = [];
+      for (const id of ids) {
+        const r = await this.read(id);
+        if (r)
+          out2.push(r);
+        else if (query.metadata === undefined) {
+          await this.#removeFromIndex(query.userId, id);
+        }
+      }
+      return applyPagination(out2, query);
+    }
+    const out = [];
+    let cursor = "0";
+    do {
+      const res = await this.#client.scan({
+        match: `${this.#keyPrefix}*`,
+        cursor,
+        count: 100
+      });
+      for (const k of res.keys) {
+        if (k.startsWith(`${this.#keyPrefix}user:`))
+          continue;
+        const id = k.startsWith(this.#keyPrefix) ? k.slice(this.#keyPrefix.length) : k;
+        const r = await this.read(id);
+        if (r)
+          out.push(r);
+      }
+      cursor = res.cursor;
+    } while (cursor !== "0" && cursor !== 0);
+    return applyPagination(out, query);
+  }
+  async update(id, opts) {
+    const existing = await this.read(id);
+    if (!existing)
+      return null;
+    const next = {
+      ...existing,
+      lastSeenAt: new Date
+    };
+    if (opts.dataPatch) {
+      next.data = { ...existing.data, ...opts.dataPatch };
+    }
+    if (opts.extendSeconds !== undefined) {
+      const newExpiry = Date.now() + opts.extendSeconds * 1000;
+      if (!next.absoluteExpiresAt || newExpiry < next.absoluteExpiresAt.getTime()) {
+        next.expiresAt = new Date(newExpiry);
+      }
+    }
+    const userIdChanged = opts.userId !== undefined && opts.userId !== existing.userId;
+    if (opts.userId !== undefined)
+      next.userId = opts.userId;
+    await this.#client.set(this.#key(id), this.#recordToJSON(next), {
+      ex: this.#ttlSeconds(next)
+    });
+    if (userIdChanged) {
+      await this.#removeFromIndex(existing.userId, id);
+    }
+    if (next.userId)
+      await this.#addToIndex(next.userId, id);
+    return next;
+  }
+  async destroy(id) {
+    const existing = await this.read(id);
+    if (!existing)
+      return false;
+    if (existing.userId)
+      await this.#removeFromIndex(existing.userId, id);
+    await this.#client.del(this.#key(id));
+    return true;
+  }
+  async destroyMany(query) {
+    const sessions = await this.readMany(query);
+    for (const s of sessions)
+      await this.destroy(s.id);
+    return sessions.length;
+  }
+  async touch(id) {
+    const existing = await this.read(id);
+    if (!existing)
+      return null;
+    const next = {
+      ...existing,
+      lastSeenAt: new Date,
+      expiresAt: new Date(Date.now() + 60 * 60 * 24 * 7 * 1000)
+    };
+    await this.#client.set(this.#key(id), this.#recordToJSON(next), {
+      ex: this.#ttlSeconds(next)
+    });
+    return next;
+  }
+  async gc() {
+    let cursor = "0";
+    let removed = 0;
+    do {
+      const res = await this.#client.scan({
+        match: `${this.#keyPrefix}user:*`,
+        cursor,
+        count: 100
+      });
+      for (const k of res.keys) {
+        const raw = await this.#client.get(this.#keyPrefix + k);
+        const ids = raw ? safeParseStringArray(raw) : [];
+        const live = [];
+        for (const id of ids) {
+          if (await this.read(id))
+            live.push(id);
+        }
+        if (live.length === 0) {
+          await this.#client.del(this.#keyPrefix + k);
+          removed++;
+        } else if (live.length !== ids.length) {
+          await this.#client.set(this.#keyPrefix + k, JSON.stringify(live));
+        }
+      }
+      cursor = res.cursor;
+    } while (cursor !== "0" && cursor !== 0);
+    return removed;
+  }
+  async clear() {
+    let cursor = "0";
+    do {
+      const res = await this.#client.scan({
+        match: `${this.#keyPrefix}*`,
+        cursor,
+        count: 100
+      });
+      for (const k of res.keys) {
+        await this.#client.del(this.#keyPrefix + k);
+      }
+      cursor = res.cursor;
+    } while (cursor !== "0" && cursor !== 0);
+  }
+  async stop() {
+    await this.#client.close();
+  }
+  async#addToIndex(userId, sessionId) {
+    const k = this.#indexKey(userId);
+    const raw = await this.#client.get(k);
+    const ids = raw ? safeParseStringArray(raw) : [];
+    if (!ids.includes(sessionId))
+      ids.push(sessionId);
+    await this.#client.set(k, JSON.stringify(ids));
+  }
+  async#removeFromIndex(userId, sessionId) {
+    if (!userId)
+      return;
+    const k = this.#indexKey(userId);
+    const raw = await this.#client.get(k);
+    if (!raw)
+      return;
+    const ids = safeParseStringArray(raw).filter((id) => id !== sessionId);
+    if (ids.length === 0) {
+      await this.#client.del(k);
+    } else {
+      await this.#client.set(k, JSON.stringify(ids));
+    }
+  }
+}
+
+class CloudflareKVSessionStorage extends RedisSessionStorage {
+  name = "cloudflare-kv";
+}
+function randomId4(bytes = 24) {
+  const arr = new Uint8Array(bytes);
+  crypto.getRandomValues(arr);
+  let s = "";
+  for (const b of arr)
+    s += String.fromCharCode(b);
+  return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function safeParseStringArray(raw) {
+  try {
+    const v = JSON.parse(raw);
+    return Array.isArray(v) ? v.filter((x) => typeof x === "string") : [];
+  } catch {
+    return [];
+  }
+}
+function applyPagination(list, query) {
+  if (!query)
+    return list;
+  const offset = query.offset ?? 0;
+  const limit = query.limit ?? list.length;
+  return list.slice(offset, offset + limit);
+}
+function crc32(s) {
+  let c = 4294967295;
+  for (let i = 0;i < s.length; i++) {
+    c ^= s.charCodeAt(i);
+    for (let k = 0;k < 8; k++) {
+      c = c & 1 ? 3988292384 ^ c >>> 1 : c >>> 1;
+    }
+  }
+  return (c ^ 4294967295).toString(16);
+}
+// src/core/decorators/module.ts
+init_constants();
+import"reflect-metadata";
+function Module(options = {}) {
+  return (target) => {
+    Reflect.defineMetadata(METADATA_KEY.MODULE, options, target);
+  };
+}
+function getModuleOptions(target) {
+  return Reflect.getMetadata(METADATA_KEY.MODULE, target) ?? {};
+}
+
+// src/core/decorators/index.ts
+init_controller();
+
+// src/core/decorators/injectable.ts
+init_constants();
+import"reflect-metadata";
+function Injectable(options = {}) {
+  return (target) => {
+    Reflect.defineMetadata(METADATA_KEY.INJECTABLE, true, target);
+    if (options.scope) {
+      Reflect.defineMetadata("nexus:di:scope", options.scope, target);
+    }
+  };
+}
+function isInjectable(target) {
+  return Reflect.hasMetadata(METADATA_KEY.INJECTABLE, target);
+}
+function getScope(target) {
+  return Reflect.getMetadata("nexus:di:scope", target);
+}
+function Inject(token) {
+  return (target, propertyKey, parameterIndex) => {
+    const existing = Reflect.getMetadata(METADATA_KEY.INJECT, target) ?? new Map;
+    existing.set(parameterIndex, token);
+    Reflect.defineMetadata(METADATA_KEY.INJECT, existing, target);
+  };
+}
+
+// src/core/decorators/index.ts
+init_http_methods();
+init_params();
+init_validate();
+
+// src/core/decorators/repository.ts
+init_constants();
+import"reflect-metadata";
+function Repository(entityToken) {
+  return (target) => {
+    Reflect.defineMetadata(METADATA_KEY.REPOSITORY, { entity: entityToken }, target);
+    Reflect.defineMetadata(METADATA_KEY.INJECTABLE, true, target);
+  };
+}
+function getRepositoryMetadata(target) {
+  return Reflect.getMetadata(METADATA_KEY.REPOSITORY, target);
+}
+function isRepository(target) {
+  return Reflect.hasMetadata(METADATA_KEY.REPOSITORY, target);
+}
+// src/core/decorators/metadata.ts
+init_constants();
+// src/session/session.service.ts
+class SessionService {
+  config;
+  static TOKEN = Symbol.for("nexus:SessionService");
+  storage;
+  #listeners = new Set;
+  #memory = null;
+  #cookie = null;
+  constructor(config = {}) {
+    this.config = config;
+    this.storage = this.#createBackend(config);
+  }
+  async start() {
+    if (this.#memory)
+      this.#memory.start();
+  }
+  async stop() {
+    if (this.#memory)
+      await this.#memory.stop();
+    if (this.storage.stop)
+      await this.storage.stop();
+  }
+  async create(opts = {}) {
+    const merged = {
+      ttlSeconds: this.config.defaults?.ttlSeconds,
+      absoluteTtlSeconds: this.config.defaults?.absoluteTtlSeconds,
+      ...opts
+    };
+    const record = await this.storage.create(merged);
+    this.#emit({ kind: "session:created", id: record.id, userId: record.userId });
+    return record;
+  }
+  async read(id) {
+    const record = await this.storage.read(id);
+    this.#emit({ kind: "session:read", id });
+    return record;
+  }
+  async readMany(query) {
+    return this.storage.readMany(query);
+  }
+  async update(id, opts) {
+    const updated = await this.storage.update(id, opts);
+    if (updated)
+      this.#emit({ kind: "session:updated", id });
+    return updated;
+  }
+  async destroy(id, reason = "logout") {
+    const record = await this.storage.read(id);
+    const ok = await this.storage.destroy(id);
+    if (ok) {
+      this.#emit({
+        kind: "session:destroyed",
+        id,
+        userId: record?.userId ?? null,
+        reason
+      });
+    }
+    return ok;
+  }
+  async destroyMany(query) {
+    return this.storage.destroyMany(query);
+  }
+  async gc() {
+    return this.storage.gc();
+  }
+  async clear() {
+    await this.storage.clear();
+  }
+  buildSetCookie(record) {
+    if (!this.#cookie)
+      return null;
+    return this.#cookie.buildSetCookie(record);
+  }
+  buildClearCookie() {
+    if (!this.#cookie)
+      return null;
+    return this.#cookie.buildClearCookie();
+  }
+  get cookieName() {
+    return this.#cookie?.cookieName ?? null;
+  }
+  decodeCookie(cookieValue) {
+    if (!this.#cookie)
+      return null;
+    const record = this.#cookie.decode(cookieValue);
+    if (!record)
+      return null;
+    if (record.expiresAt.getTime() <= Date.now()) {
+      this.#emit({
+        kind: "session:destroyed",
+        id: record.id,
+        userId: record.userId,
+        reason: "expired"
+      });
+      return null;
+    }
+    return record;
+  }
+  static encodeCookie(record, secret) {
+    return encodeSessionCookie(record, secret);
+  }
+  static decodeCookie(cookieValue, secret) {
+    return decodeSessionCookie(cookieValue, secret);
+  }
+  on(listener) {
+    this.#listeners.add(listener);
+    return () => this.#listeners.delete(listener);
+  }
+  async rotate(id) {
+    const old = await this.storage.read(id);
+    if (!old)
+      return null;
+    const fresh = await this.storage.create({
+      ttlSeconds: Math.max(60, Math.floor((old.expiresAt.getTime() - Date.now()) / 1000)),
+      absoluteTtlSeconds: old.absoluteExpiresAt ? Math.max(60, Math.floor((old.absoluteExpiresAt.getTime() - Date.now()) / 1000)) : undefined,
+      data: old.data,
+      metadata: old.metadata
+    });
+    fresh.userId = old.userId;
+    await this.storage.destroy(id);
+    this.#emit({ kind: "session:rotated", oldId: id, newId: fresh.id });
+    return fresh;
+  }
+  #createBackend(config) {
+    switch (config.backend ?? "cookie") {
+      case "memory": {
+        const backend = new MemorySessionStorage({
+          gcIntervalMs: config.memory?.gcIntervalMs,
+          maxSessions: config.memory?.maxSessions
+        });
+        this.#memory = backend;
+        return backend;
+      }
+      case "cookie": {
+        if (!config.cookie) {
+          throw new Error("[session] backend=cookie requires `cookie.secret` in config.");
+        }
+        const backend = new CookieSessionStorage(config.cookie);
+        this.#cookie = backend;
+        return backend;
+      }
+      case "redis": {
+        if (!config.redis) {
+          throw new Error("[session] backend=redis requires `redis` in config. " + "Provide `{ client: RedisClient, keyPrefix?: string }`. " + "Use `createRedisClient({ ... })` from `nexusjs/redis`.");
+        }
+        return new RedisSessionStorage(config.redis.client, {
+          keyPrefix: config.redis.keyPrefix
+        });
+      }
+      case "cloudflare-kv": {
+        if (!config.cloudflareKv) {
+          throw new Error("[session] backend=cloudflare-kv requires `cloudflareKv` in config. " + "Provide `{ client: RedisClient, keyPrefix?: string }` where " + "`client` is a `CloudflareKVAdapter` from `nexusjs/redis`.");
+        }
+        return new CloudflareKVSessionStorage(config.cloudflareKv.client, {
+          keyPrefix: config.cloudflareKv.keyPrefix
+        });
+      }
+      case "database": {
+        if (!config.database) {
+          throw new Error("[session] backend=database requires `database` in config. " + "Provide `{ db: DrizzleService, tableName?: string }`.");
+        }
+        const { DrizzleSessionStorage: DrizzleSessionStorage2 } = __toCommonJS(exports_drizzle);
+        const backend = new DrizzleSessionStorage2({
+          db: config.database.db,
+          tableName: config.database.tableName
+        });
+        return backend;
+      }
+    }
+  }
+  #emit(event) {
+    for (const l of this.#listeners) {
+      Promise.resolve(l(event));
+    }
+  }
+}
+SessionService = __legacyDecorateClassTS([
+  Injectable(),
+  __legacyDecorateParamTS(0, Inject("SESSION_CONFIG")),
+  __legacyMetadataTS("design:paramtypes", [
+    typeof SessionConfig === "undefined" ? Object : SessionConfig
+  ])
+], SessionService);
+// src/session/session.module.ts
+import"reflect-metadata";
+class SessionModule {
+  static forRoot(config = {}) {
+    class ConfiguredSessionModule {
+    }
+    ConfiguredSessionModule = __legacyDecorateClassTS([
+      Module({
+        providers: [
+          SessionService,
+          { provide: SessionService.TOKEN, useExisting: SessionService },
+          { provide: "SESSION_CONFIG", useValue: config }
+        ],
+        exports: [SessionService, SessionService.TOKEN]
+      })
+    ], ConfiguredSessionModule);
+    Object.defineProperty(ConfiguredSessionModule, "name", {
+      value: "ConfiguredSessionModule"
+    });
+    return ConfiguredSessionModule;
+  }
+}
+SessionModule = __legacyDecorateClassTS([
+  Module({
+    providers: [
+      SessionService,
+      { provide: SessionService.TOKEN, useExisting: SessionService }
+    ],
+    exports: [SessionService, SessionService.TOKEN]
+  })
+], SessionModule);
+// src/session/decorators/current-session.ts
+init_params();
+init_constants();
+import"reflect-metadata";
+function Session(options = {}) {
+  return createParamDecorator(PARAM_TYPES.USER, options);
+}
+
+class UnauthenticatedError extends Error {
+  status = 401;
+  constructor(message = "Authentication required.") {
+    super(message);
+    this.name = "UnauthenticatedError";
+  }
+}
+
+class SessionForbiddenError extends Error {
+  status = 403;
+  constructor(message = "Insufficient permissions.") {
+    super(message);
+    this.name = "SessionForbiddenError";
+  }
+}
+// src/session/session-middleware.ts
+function sessionMiddleware(sessions, options = {}) {
+  const cookieName = options.cookieName ?? "sid";
+  return async (c, next) => {
+    const cookie = c.req.header("cookie") ?? "";
+    const escaped = cookieName.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+    const re = new RegExp(`(?:^|;\\s*)${escaped}=([^;]+)`);
+    const match = cookie.match(re);
+    if (match) {
+      try {
+        const record = sessions.decodeCookie(decodeURIComponent(match[1]));
+        if (record) {
+          c.set("nexus", { user: record });
+        }
+      } catch {}
+    }
+    await next();
+  };
+}
+export {
+  sessionMiddleware,
+  encodeSessionCookie,
+  decodeSessionCookie,
+  UnauthenticatedError,
+  SessionService,
+  SessionModule,
+  SessionForbiddenError,
+  Session,
+  RedisSessionStorage,
+  MemorySessionStorage,
+  CookieSessionStorage,
+  CloudflareKVSessionStorage
+};
+
+//# debugId=78B3D5568F05BB1064756E2164756E21
+//# sourceMappingURL=index.js.map