@lastshotlabs/bunshot 0.0.27 → 0.0.28

package/dist/src/framework/lib/ws.js

@@ -0,0 +1,130 @@
+import { wsEndpointKey } from './wsNamespace';
+import { addPresence, cleanupPresence, removePresence } from './wsPresence';
+const MAX_ROOM_ACTION_SIZE = 4096;
+function isValidRoomName(room) {
+    return typeof room === 'string' && /^[a-zA-Z0-9_:./\-]{1,128}$/.test(room);
+}
+export const publish = (state, endpoint, room, data) => {
+    const key = wsEndpointKey(endpoint, room);
+    const msg = JSON.stringify(data);
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    state.server?.publish?.(key, msg);
+    if (state.transport) {
+        state.transport
+            .publish(endpoint, room, msg, state.instanceId)
+            .catch(e => console.error('[ws-transport] publish error:', e));
+    }
+};
+export const getRooms = (state, endpoint) => {
+    const prefix = encodeURIComponent(endpoint) + ':';
+    const rooms = [];
+    for (const key of state.roomRegistry.keys()) {
+        if (key.startsWith(prefix)) {
+            const colonIdx = key.indexOf(':');
+            rooms.push(decodeURIComponent(key.slice(colonIdx + 1)));
+        }
+    }
+    return rooms;
+};
+export const getRoomSubscribers = (state, endpoint, room) => [
+    ...(state.roomRegistry.get(wsEndpointKey(endpoint, room)) ?? []),
+];
+export const handleRoomActions = async (state, ws, message, onSubscribe) => {
+    try {
+        const raw = typeof message === 'string' ? message : Buffer.from(message).toString();
+        if (raw.length > MAX_ROOM_ACTION_SIZE)
+            return false;
+        const data = JSON.parse(raw);
+        if (data.action === 'subscribe' && typeof data.room === 'string') {
+            if (!isValidRoomName(data.room))
+                return true;
+            if (onSubscribe) {
+                let allowed;
+                try {
+                    allowed = await onSubscribe(ws, data.room);
+                }
+                catch (e) {
+                    console.error(`[ws] onRoomSubscribe guard error for room "${data.room}":`, e);
+                    allowed = false;
+                }
+                if (!allowed) {
+                    ws.send(JSON.stringify({ event: 'subscribe_denied', room: data.room }));
+                    return true;
+                }
+            }
+            subscribe(state, ws, data.room);
+            ws.send(JSON.stringify({ event: 'subscribed', room: data.room }));
+            return true;
+        }
+        if (data.action === 'unsubscribe' && typeof data.room === 'string') {
+            if (!isValidRoomName(data.room))
+                return true;
+            unsubscribe(state, ws, data.room);
+            ws.send(JSON.stringify({ event: 'unsubscribed', room: data.room }));
+            return true;
+        }
+    }
+    catch {
+        // not JSON
+    }
+    return false;
+};
+export const subscribe = (state, ws, room) => {
+    const key = wsEndpointKey(ws.data.endpoint, room);
+    ws.subscribe(key);
+    ws.data.rooms.add(room);
+    if (!state.roomRegistry.has(key))
+        state.roomRegistry.set(key, new Set());
+    state.roomRegistry.get(key).add(ws.data.id);
+    if (state.presenceEnabled) {
+        const result = addPresence(state, ws.data.id, ws.data.endpoint, room);
+        if (result?.isNewUser) {
+            publish(state, ws.data.endpoint, room, {
+                event: 'presence_join',
+                room,
+                userId: result.userId,
+            });
+        }
+    }
+};
+export const unsubscribe = (state, ws, room) => {
+    const key = wsEndpointKey(ws.data.endpoint, room);
+    ws.unsubscribe(key);
+    ws.data.rooms.delete(room);
+    const ids = state.roomRegistry.get(key);
+    if (ids) {
+        ids.delete(ws.data.id);
+        if (ids.size === 0)
+            state.roomRegistry.delete(key);
+    }
+    if (state.presenceEnabled) {
+        const result = removePresence(state, ws.data.id, ws.data.endpoint, room);
+        if (result?.isLastSocket) {
+            publish(state, ws.data.endpoint, room, {
+                event: 'presence_leave',
+                room,
+                userId: result.userId,
+            });
+        }
+    }
+};
+export const getSubscriptions = (ws) => [
+    ...ws.data.rooms,
+];
+export const cleanupSocket = (state, ws) => {
+    if (state.presenceEnabled) {
+        const departed = cleanupPresence(state, ws.data.id, ws.data.endpoint, ws.data.rooms);
+        for (const { room, userId } of departed) {
+            publish(state, ws.data.endpoint, room, { event: 'presence_leave', room, userId });
+        }
+    }
+    for (const room of ws.data.rooms) {
+        const key = wsEndpointKey(ws.data.endpoint, room);
+        const ids = state.roomRegistry.get(key);
+        if (ids) {
+            ids.delete(ws.data.id);
+            if (ids.size === 0)
+                state.roomRegistry.delete(key);
+        }
+    }
+};

package/dist/src/framework/lib/wsHeartbeat.d.ts

@@ -0,0 +1,12 @@
+import type { ServerWebSocket } from 'bun';
+import type { WsState } from '../../../packages/bunshot-core/src/index.js';
+export interface HeartbeatConfig {
+    intervalMs?: number;
+    timeoutMs?: number;
+}
+export declare const registerSocket: (state: WsState, ws: ServerWebSocket<any>, socketId: string, endpoint: string) => void;
+export declare const deregisterSocket: (state: WsState, id: string) => void;
+export declare const handlePong: (state: WsState, id: string) => void;
+export declare const startHeartbeat: (state: WsState, configs: Record<string, HeartbeatConfig | boolean>) => void;
+export declare const stopHeartbeat: (state: WsState) => void;
+export declare const clearHeartbeatState: (state: WsState) => void;

package/dist/src/framework/lib/wsHeartbeat.js

@@ -0,0 +1,53 @@
+const DEFAULT_INTERVAL_MS = 30_000;
+const DEFAULT_TIMEOUT_MS = 10_000;
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const registerSocket = (state, ws, socketId, endpoint) => {
+    const timeoutMs = state.heartbeatEndpointConfigs.get(endpoint)?.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    state.heartbeatSockets.set(socketId, { ws, endpoint, timeoutAt: Date.now() + timeoutMs });
+};
+export const deregisterSocket = (state, id) => {
+    state.heartbeatSockets.delete(id);
+};
+export const handlePong = (state, id) => {
+    const entry = state.heartbeatSockets.get(id);
+    if (!entry)
+        return;
+    const timeoutMs = state.heartbeatEndpointConfigs.get(entry.endpoint)?.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    entry.timeoutAt = Date.now() + timeoutMs;
+};
+export const startHeartbeat = (state, configs) => {
+    if (state.heartbeatTimer)
+        return;
+    for (const [endpoint, cfg] of Object.entries(configs)) {
+        const opts = typeof cfg === 'object' ? cfg : {};
+        state.heartbeatEndpointConfigs.set(endpoint, {
+            intervalMs: opts.intervalMs ?? DEFAULT_INTERVAL_MS,
+            timeoutMs: opts.timeoutMs ?? DEFAULT_TIMEOUT_MS,
+        });
+    }
+    const minInterval = Math.min(...[...state.heartbeatEndpointConfigs.values()].map(c => c.intervalMs ?? DEFAULT_INTERVAL_MS));
+    state.heartbeatTimer = setInterval(() => {
+        const now = Date.now();
+        for (const [, entry] of state.heartbeatSockets) {
+            if (now >= entry.timeoutAt) {
+                // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                entry.ws.close(1001, 'Heartbeat timeout');
+            }
+            else {
+                // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                entry.ws.ping();
+            }
+        }
+    }, minInterval);
+};
+export const stopHeartbeat = (state) => {
+    if (state.heartbeatTimer) {
+        clearInterval(state.heartbeatTimer);
+        state.heartbeatTimer = null;
+    }
+};
+export const clearHeartbeatState = (state) => {
+    stopHeartbeat(state);
+    state.heartbeatSockets.clear();
+    state.heartbeatEndpointConfigs.clear();
+};

package/dist/src/framework/lib/wsMessages.d.ts

@@ -0,0 +1,25 @@
+import type { RoomPersistenceConfig, StoredMessage, WsMessageDefaults } from '../../../packages/bunshot-core/src/index.js';
+export type { StoredMessage, WsMessageDefaults, RoomPersistenceConfig };
+export type WsMessageStore = 'redis' | 'mongo' | 'sqlite' | 'memory';
+/**
+ * Persist a message to a room. Returns null if room is not configured for persistence.
+ * On store errors, logs a warning and returns null (non-blocking).
+ */
+export declare const persistMessage: (endpoint: string, room: string, data: {
+    senderId?: string | null;
+    payload: unknown;
+}, app: object) => Promise<StoredMessage | null>;
+/**
+ * Get message history for a room.
+ * Cursor-based pagination using message `id` as cursor.
+ */
+export declare const getMessageHistory: (endpoint: string, room: string, opts: {
+    limit?: number;
+    before?: string;
+    after?: string;
+} | undefined, app: object) => Promise<StoredMessage[]>;
+/**
+ * Opt a room into message persistence.
+ * Delegates to persistence.configureRoom() on the context.
+ */
+export declare const configureRoom: (endpoint: string, room: string, options: RoomPersistenceConfig, app: object) => void;

package/dist/src/framework/lib/wsMessages.js

@@ -0,0 +1,45 @@
+import { getContext } from '../../../packages/bunshot-core/src/index.js';
+// ---------------------------------------------------------------------------
+// Public API — requires app context
+// ---------------------------------------------------------------------------
+/**
+ * Persist a message to a room. Returns null if room is not configured for persistence.
+ * On store errors, logs a warning and returns null (non-blocking).
+ */
+export const persistMessage = async (endpoint, room, data, app) => {
+    const ctx = getContext(app);
+    const persistence = ctx.persistence;
+    const config = persistence.getRoomConfig(endpoint, room);
+    if (!config)
+        return null;
+    const message = {
+        id: crypto.randomUUID(),
+        endpoint,
+        room,
+        senderId: data.senderId ?? null,
+        payload: data.payload,
+        createdAt: Date.now(),
+    };
+    try {
+        return await persistence.wsMessages.persist(message, config);
+    }
+    catch (err) {
+        console.warn(`[wsMessages] failed to persist message to ${endpoint}${room}:`, err);
+        return null;
+    }
+};
+/**
+ * Get message history for a room.
+ * Cursor-based pagination using message `id` as cursor.
+ */
+export const getMessageHistory = async (endpoint, room, opts, app) => {
+    return getContext(app).persistence.wsMessages.getHistory(endpoint, room, opts);
+};
+/**
+ * Opt a room into message persistence.
+ * Delegates to persistence.configureRoom() on the context.
+ */
+export const configureRoom = (endpoint, room, options, app) => {
+    const ctx = getContext(app);
+    ctx.persistence.configureRoom(endpoint, room, options);
+};

package/dist/src/framework/lib/wsNamespace.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Produces a collision-safe composite key for scoping rooms to an endpoint.
+ *
+ * Both endpoint and room are percent-encoded before joining with `:`.
+ * Since encodeURIComponent encodes `:` → `%3A`, the literal `:` separator
+ * can only come from this function — not from endpoint or room values.
+ *
+ * Examples:
+ *   wsEndpointKey("/chat", "general")     → "%2Fchat:general"
+ *   wsEndpointKey("/chat", "room:1")      → "%2Fchat:room%3A1"
+ *   wsEndpointKey("/a:b", "c")            → "%2Fa%3Ab:c"
+ *   wsEndpointKey("/notifications", "x")  → "%2Fnotifications:x"
+ *
+ * Used for: in-memory room maps, Redis channel names, Redis message keys.
+ * NOT used for: SQLite or MongoDB schemas (those store endpoint + room separately).
+ */
+export declare function wsEndpointKey(endpoint: string, room: string): string;

package/dist/src/framework/lib/wsNamespace.js

@@ -0,0 +1,19 @@
+/**
+ * Produces a collision-safe composite key for scoping rooms to an endpoint.
+ *
+ * Both endpoint and room are percent-encoded before joining with `:`.
+ * Since encodeURIComponent encodes `:` → `%3A`, the literal `:` separator
+ * can only come from this function — not from endpoint or room values.
+ *
+ * Examples:
+ *   wsEndpointKey("/chat", "general")     → "%2Fchat:general"
+ *   wsEndpointKey("/chat", "room:1")      → "%2Fchat:room%3A1"
+ *   wsEndpointKey("/a:b", "c")            → "%2Fa%3Ab:c"
+ *   wsEndpointKey("/notifications", "x")  → "%2Fnotifications:x"
+ *
+ * Used for: in-memory room maps, Redis channel names, Redis message keys.
+ * NOT used for: SQLite or MongoDB schemas (those store endpoint + room separately).
+ */
+export function wsEndpointKey(endpoint, room) {
+    return `${encodeURIComponent(endpoint)}:${encodeURIComponent(room)}`;
+}

package/dist/src/framework/lib/wsPresence.d.ts

@@ -0,0 +1,17 @@
+import type { WsState } from '../../../packages/bunshot-core/src/index.js';
+export declare const trackSocket: (state: WsState, socketId: string, userId: string | null) => void;
+export declare const untrackSocket: (state: WsState, socketId: string) => void;
+export declare const addPresence: (state: WsState, socketId: string, endpoint: string, room: string) => {
+    userId: string;
+    isNewUser: boolean;
+} | null;
+export declare const removePresence: (state: WsState, socketId: string, endpoint: string, room: string) => {
+    userId: string;
+    isLastSocket: boolean;
+} | null;
+export declare const cleanupPresence: (state: WsState, socketId: string, endpoint: string, rooms: Set<string>) => Array<{
+    room: string;
+    userId: string;
+}>;
+export declare const getRoomPresence: (state: WsState, endpoint: string, room: string) => string[];
+export declare const getUserPresence: (state: WsState, userId: string) => string[];

package/dist/src/framework/lib/wsPresence.js

@@ -0,0 +1,84 @@
+import { wsEndpointKey } from './wsNamespace';
+export const trackSocket = (state, socketId, userId) => {
+    if (!userId)
+        return;
+    state.socketUsers.set(socketId, userId);
+};
+export const untrackSocket = (state, socketId) => {
+    state.socketUsers.delete(socketId);
+};
+export const addPresence = (state, socketId, endpoint, room) => {
+    const userId = state.socketUsers.get(socketId);
+    if (!userId)
+        return null;
+    const key = wsEndpointKey(endpoint, room);
+    if (!state.roomPresence.has(key))
+        state.roomPresence.set(key, new Map());
+    const roomMap = state.roomPresence.get(key);
+    const isNewUser = !roomMap.has(userId) || roomMap.get(userId).size === 0;
+    if (!roomMap.has(userId))
+        roomMap.set(userId, new Set());
+    roomMap.get(userId).add(socketId);
+    return { userId, isNewUser };
+};
+export const removePresence = (state, socketId, endpoint, room) => {
+    const userId = state.socketUsers.get(socketId);
+    if (!userId)
+        return null;
+    const key = wsEndpointKey(endpoint, room);
+    const roomMap = state.roomPresence.get(key);
+    if (!roomMap)
+        return null;
+    const sockets = roomMap.get(userId);
+    if (!sockets)
+        return null;
+    sockets.delete(socketId);
+    const isLastSocket = sockets.size === 0;
+    if (isLastSocket) {
+        roomMap.delete(userId);
+        if (roomMap.size === 0)
+            state.roomPresence.delete(key);
+    }
+    return { userId, isLastSocket };
+};
+export const cleanupPresence = (state, socketId, endpoint, rooms) => {
+    const userId = state.socketUsers.get(socketId);
+    if (!userId)
+        return [];
+    const departed = [];
+    for (const room of rooms) {
+        const key = wsEndpointKey(endpoint, room);
+        const roomMap = state.roomPresence.get(key);
+        if (!roomMap)
+            continue;
+        const sockets = roomMap.get(userId);
+        if (!sockets)
+            continue;
+        sockets.delete(socketId);
+        if (sockets.size === 0) {
+            roomMap.delete(userId);
+            if (roomMap.size === 0)
+                state.roomPresence.delete(key);
+            departed.push({ room, userId });
+        }
+    }
+    return departed;
+};
+export const getRoomPresence = (state, endpoint, room) => {
+    const roomMap = state.roomPresence.get(wsEndpointKey(endpoint, room));
+    if (!roomMap)
+        return [];
+    return [...roomMap.keys()];
+};
+export const getUserPresence = (state, userId) => {
+    const rooms = [];
+    for (const [key, roomMap] of state.roomPresence) {
+        const sockets = roomMap.get(userId);
+        if (sockets && sockets.size > 0) {
+            const colonIdx = key.indexOf(':');
+            if (colonIdx !== -1)
+                rooms.push(decodeURIComponent(key.slice(colonIdx + 1)));
+        }
+    }
+    return rooms;
+};

package/dist/src/framework/lib/wsTransport.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Pluggable transport for cross-instance WebSocket message delivery.
+ *
+ * `publish()` is called on every room broadcast — the transport fans out
+ * the message to other server instances (e.g. via Redis pub/sub).
+ *
+ * `connect()` is called once at server startup. The `onMessage` callback
+ * should be invoked when a message arrives from another instance —
+ * it will be delivered to local sockets via Bun's native `server.publish()`.
+ *
+ * `disconnect()` is called on graceful shutdown.
+ */
+export interface WsTransportAdapter {
+    /**
+     * Fan out a message to other instances.
+     * Called on every `publish()` in ws.ts — must be non-blocking.
+     * Errors are caught and logged by the caller; they never break local delivery.
+     * @param origin — unique ID of the publishing instance (for self-echo filtering)
+     */
+    publish(endpoint: string, room: string, message: string, origin: string): Promise<void>;
+    /**
+     * Connect to the transport backend.
+     * @param onMessage — call this when a message arrives from the transport.
+     *   Includes `origin` so the caller can skip self-echo.
+     */
+    connect(onMessage: (endpoint: string, room: string, message: string, origin: string) => void): Promise<void>;
+    /** Disconnect from the transport backend. Called on SIGTERM/SIGINT. */
+    disconnect(): Promise<void>;
+}
+/**
+ * Default no-op transport. Single-instance — all messages go through
+ * Bun's native `server.publish()` only. No cross-instance delivery.
+ */
+export declare class InMemoryTransport implements WsTransportAdapter {
+    publish(_endpoint: string, _room: string, _message: string, _origin: string): Promise<void>;
+    connect(_onMessage: (endpoint: string, room: string, message: string, origin: string) => void): Promise<void>;
+    disconnect(): Promise<void>;
+}

package/dist/src/framework/lib/wsTransport.js

@@ -0,0 +1,9 @@
+/**
+ * Default no-op transport. Single-instance — all messages go through
+ * Bun's native `server.publish()` only. No cross-instance delivery.
+ */
+export class InMemoryTransport {
+    async publish(_endpoint, _room, _message, _origin) { }
+    async connect(_onMessage) { }
+    async disconnect() { }
+}

package/dist/{lib → src/framework/lib}/zodToMongoose.d.ts

@@ -1,4 +1,4 @@
-import type { Schema as SchemaType } from "mongoose";
+import type { Schema as SchemaType } from 'mongoose';
 type ZodSchema = any;
 export type ZodToMongooseRefConfig = {
     /** DB field name (e.g., "account") */

package/dist/{lib → src/framework/lib}/zodToMongoose.js

@@ -1,19 +1,19 @@
-import { mongoose } from "./mongo";
+import { getMongooseModule } from '../../lib/mongo';
 /** Unwrap nullable, optional, and default wrappers to get the core Zod type */
 function unwrap(zodType) {
     let t = zodType;
     let required = true;
     while (true) {
         const defType = t._zod?.def?.type;
-        if (defType === "nullable") {
+        if (defType === 'nullable') {
             t = t._zod.def.innerType;
             required = false;
         }
-        else if (defType === "optional") {
+        else if (defType === 'optional') {
             t = t._zod.def.innerType;
             required = false;
         }
-        else if (defType === "default") {
+        else if (defType === 'default') {
             t = t._zod.def.innerType;
             required = false;
         }
@@ -24,21 +24,21 @@ function unwrap(zodType) {
 }
 /** Lazily access the Mongoose Schema class (avoids top-level require of mongoose) */
 function getSchema() {
-    return mongoose.Schema;
+    return getMongooseModule().Schema;
 }
 /** Convert a single Zod type to a Mongoose field definition */
 function toMongooseField(zodType) {
     const { core, required } = unwrap(zodType);
     const defType = core._zod?.def?.type;
-    if (defType === "string")
+    if (defType === 'string')
         return { type: String, required };
-    if (defType === "number")
+    if (defType === 'number')
         return { type: Number, required };
-    if (defType === "boolean")
+    if (defType === 'boolean')
         return { type: Boolean, required };
-    if (defType === "date")
+    if (defType === 'date')
         return { type: Date, required };
-    if (defType === "enum")
+    if (defType === 'enum')
         return { type: String, enum: core.options, required };
     return { type: getSchema().Types.Mixed, required };
 }
@@ -64,7 +64,7 @@ export function zodToMongoose(zodSchema, config = {}) {
     const shape = zodSchema.shape;
     const fields = {};
     for (const [apiField, zodType] of Object.entries(shape)) {
-        if (apiField === "id")
+        if (apiField === 'id')
             continue;
         if (config.refs?.[apiField]) {
             const { dbField, ref } = config.refs[apiField];

package/dist/{middleware → src/framework/middleware}/auditLog.d.ts

@@ -1,7 +1,8 @@
-import type { MiddlewareHandler, Context } from "hono";
-import type { AppEnv } from "../lib/context";
-import type { AuditLogEntry, AuditLogOptions } from "../lib/auditLog";
+import type { AuditLogOptions } from '../lib/auditLog';
+import type { Context, MiddlewareHandler } from 'hono';
+import type { AppEnv, AuditLogEntry, AuditLogProvider } from '../../../packages/bunshot-core/src/index.js';
 export interface AuditLogMiddlewareOptions extends AuditLogOptions {
+    provider?: AuditLogProvider;
     exclude?: {
         /** Skip logging for requests with these HTTP methods (e.g. `["GET", "HEAD"]`). */
         methods?: string[];

package/dist/src/framework/middleware/auditLog.js

@@ -0,0 +1,42 @@
+import { createAuditLogProvider } from '../lib/auditLog';
+import { getClientIp } from '../../../packages/bunshot-core/src/index.js';
+export const auditLog = (options) => {
+    const provider = options.provider ?? createAuditLogProvider(options);
+    return async (c, next) => {
+        await next();
+        // Exclusion checks run after next() intentionally — c.res.status is only available
+        // after the route handler runs. The route still executes; we're only skipping the log write.
+        if (options.exclude?.methods?.includes(c.req.method))
+            return;
+        // Note: if exclude.paths grows large, regex evaluation on every request adds up.
+        // For high-traffic exclusions, prefer string matching over regex.
+        const path = c.req.path;
+        if (options.exclude?.paths?.some(p => (typeof p === 'string' ? p === path : p.test(path))))
+            return;
+        let entry = {
+            id: crypto.randomUUID(),
+            requestId: c.get('requestId') ?? undefined,
+            userId: c.get('authUserId') ?? null,
+            sessionId: c.get('sessionId') ?? null,
+            tenantId: c.get('tenantId') ?? null,
+            method: c.req.method,
+            path,
+            status: c.res.status,
+            ip: getClientIp(c),
+            userAgent: c.req.header('user-agent') ?? null,
+            createdAt: new Date().toISOString(),
+        };
+        if (options.onEntry) {
+            try {
+                entry = await options.onEntry(entry, c);
+            }
+            catch (err) {
+                console.error('[auditLog] onEntry hook threw:', err);
+            }
+        }
+        // Fire-and-forget — never block the response; logAuditEntry also swallows errors internally
+        provider.logEntry(entry).catch((err) => {
+            console.error('[auditLog] write failed:', err);
+        });
+    };
+};

package/dist/{middleware → src/framework/middleware}/botProtection.d.ts

@@ -1,4 +1,4 @@
-import type { MiddlewareHandler } from "hono";
+import type { MiddlewareHandler } from 'hono';
 export interface BotProtectionOptions {
     /**
      * List of IPv4 CIDRs (e.g. "198.51.100.0/24"), IPv4 exact addresses,
@@ -6,4 +6,4 @@ export interface BotProtectionOptions {
      */
     blockList?: string[];
 }
-export declare const botProtection: ({ blockList, }: BotProtectionOptions) => MiddlewareHandler;
+export declare const botProtection: ({ blockList }: BotProtectionOptions) => MiddlewareHandler;

package/dist/{middleware → src/framework/middleware}/botProtection.js

@@ -1,14 +1,13 @@
-import { getClientIp } from "../lib/clientIp";
+import { getClientIp } from '../../../packages/bunshot-core/src/index.js';
 // ---------------------------------------------------------------------------
 // CIDR helpers (IPv4 only; IPv6 exact-match supported)
 // ---------------------------------------------------------------------------
 function ipv4ToUint32(ip) {
-    const parts = ip.split(".").map(Number);
-    return (((parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8) | parts[3]) >>>
-        0);
+    const parts = ip.split('.').map(Number);
+    return ((parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8) | parts[3]) >>> 0;
 }
 function cidrMatchesIpv4(cidr, ip) {
-    const slash = cidr.indexOf("/");
+    const slash = cidr.indexOf('/');
     const network = slash === -1 ? cidr : cidr.slice(0, slash);
     const prefixLen = slash === -1 ? 32 : parseInt(cidr.slice(slash + 1), 10);
     const mask = prefixLen === 0 ? 0 : (~0 << (32 - prefixLen)) >>> 0;
@@ -17,7 +16,7 @@ function cidrMatchesIpv4(cidr, ip) {
 const IPV4_RE = /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/;
 function normalizeIp(ip) {
     // Strip IPv4-mapped IPv6 prefix (::ffff:1.2.3.4)
-    if (ip.startsWith("::ffff:"))
+    if (ip.startsWith('::ffff:'))
         return ip.slice(7);
     return ip;
 }
@@ -37,13 +36,13 @@ function isBlocked(ip, blockList) {
     }
     return false;
 }
-export const botProtection = ({ blockList = [], }) => {
+export const botProtection = ({ blockList = [] }) => {
     if (blockList.length === 0)
         return (_c, next) => next();
     return async (c, next) => {
         const ip = getClientIp(c);
-        if (ip !== "unknown" && isBlocked(ip, blockList)) {
-            return c.json({ error: "Forbidden" }, 403);
+        if (ip !== 'unknown' && isBlocked(ip, blockList)) {
+            return c.json({ error: 'Forbidden' }, 403);
         }
         await next();
     };