@nattyjs/core 0.0.1-beta.7 → 0.0.1-beta.70

package/dist/index.cjs

@@ -1,8 +1,13 @@
 'use strict';
 
 const common = require('@nattyjs/common');
-const tsyringe = require('tsyringe');
 const pathToRegexp = require('path-to-regexp');
+const path = require('node:path');
+require('reflect-metadata');
+
+function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e.default : e; }
+
+const path__default = /*#__PURE__*/_interopDefaultCompat(path);
 
 function defineNattyConfig(config) {
   return config;
@@ -27,6 +32,12 @@ function route(path) {
 const CONTROLLER = "controller";
 const INVALID_VALUE = "INVALID_VALUE";
 const BLANK = "";
+const DENY_BY_DEFAULT = {
+  type: "https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html#deny-by-default",
+  title: "Deny-by-default",
+  description: `Zero Trust Architecture (NIST SP 800-207) \u2014 Core principle is "never trust, always verify," which translates to deny-by-default behavior. OWASP Secure Defaults Principle \u2014 \u201CSecurity should be a default setting, and everything should be locked down unless explicitly permitted.\u201D`,
+  solution: `Please implement proper authentication and authorization checks. If this API needs to be accessed anonymously, add the @anonymous() decorator above the HTTP action.`
+};
 
 function get(path) {
   return function(target, propertyKey, descriptor) {
@@ -48,6 +59,7 @@ function Delete() {
   };
 }
 
+const HTTP_METHODS = ["get", "post", "put", "delete"];
 const _StaticContainer = class {
   setup(types) {
     _StaticContainer.types = types;
@@ -59,11 +71,101 @@ const nattyContainer = new class {
   constructor() {
     this.container = /* @__PURE__ */ new Map();
     this.containerState = /* @__PURE__ */ new Map();
+    this.compiledRoutes = {};
   }
-  setup(config, routes, types) {
+  get types() {
+    return common.commonContainer.types;
+  }
+  setup(config, routes, resolver) {
     this.config = config;
+    this.resolver = resolver;
+    this.applyRouteSnapshot(routes);
+  }
+  replaceRoutes(manifest) {
+    if (manifest.resolver)
+      this.resolver = manifest.resolver;
+    this.applyRouteSnapshot(manifest.routes);
+  }
+  applyRouteSnapshot(routes) {
     this.routes = routes;
-    this.types = types;
+    this.compiledRoutes = this.createCompiledRoutes(routes);
+  }
+  createCompiledRoutes(routes) {
+    const compiledRoutes = {};
+    let declarationOrder = 0;
+    for (const method of HTTP_METHODS)
+      compiledRoutes[method] = [];
+    for (const [rootPath, routeConfig] of Object.entries(routes)) {
+      for (const method of HTTP_METHODS) {
+        const childRoutes = routeConfig[method];
+        if (!childRoutes)
+          continue;
+        for (const [childRoutePath, routeInfo] of Object.entries(childRoutes)) {
+          const childPath = this.normalizeChildPath(childRoutePath);
+          const configuredRoutePath = `${rootPath}${childPath}`;
+          compiledRoutes[method].push({
+            declarationOrder: declarationOrder++,
+            requestMethod: method,
+            configuredRoutePath,
+            matcher: pathToRegexp.match(configuredRoutePath, { decode: decodeURIComponent }),
+            routeConfig,
+            methodInfo: routeInfo,
+            specificity: this.getRouteSpecificity(configuredRoutePath)
+          });
+        }
+      }
+    }
+    const sortedCompiledRoutes = {};
+    for (const method of HTTP_METHODS) {
+      sortedCompiledRoutes[method] = compiledRoutes[method].sort((routeA, routeB) => this.compareCompiledRoutes(routeA, routeB)).map(({ declarationOrder: declarationOrder2, specificity, ...route }) => route);
+    }
+    return sortedCompiledRoutes;
+  }
+  normalizeChildPath(childRoutePath) {
+    if (childRoutePath.indexOf("/") === 0)
+      return childRoutePath === "/" ? BLANK : childRoutePath;
+    return `/${childRoutePath}`;
+  }
+  getRouteSpecificity(routePath) {
+    const segments = routePath.split("/").filter(Boolean);
+    const segmentKinds = segments.map((segment) => this.getSegmentKind(segment));
+    return {
+      segments,
+      segmentKinds,
+      staticSegmentCount: segmentKinds.filter((kind) => kind === 2).length,
+      dynamicSegmentCount: segmentKinds.filter((kind) => kind === 1).length,
+      literalLength: segments.filter((segment) => !segment.startsWith(":")).reduce((length, segment) => length + segment.length, 0)
+    };
+  }
+  getSegmentKind(segment) {
+    if (!segment)
+      return 0;
+    if (segment.startsWith(":"))
+      return 1;
+    return 2;
+  }
+  compareCompiledRoutes(routeA, routeB) {
+    const bySegmentSpecificity = this.compareSegmentSpecificity(routeA.specificity, routeB.specificity);
+    if (bySegmentSpecificity !== 0)
+      return bySegmentSpecificity;
+    if (routeA.specificity.staticSegmentCount !== routeB.specificity.staticSegmentCount)
+      return routeB.specificity.staticSegmentCount - routeA.specificity.staticSegmentCount;
+    if (routeA.specificity.dynamicSegmentCount !== routeB.specificity.dynamicSegmentCount)
+      return routeA.specificity.dynamicSegmentCount - routeB.specificity.dynamicSegmentCount;
+    if (routeA.specificity.literalLength !== routeB.specificity.literalLength)
+      return routeB.specificity.literalLength - routeA.specificity.literalLength;
+    return routeA.declarationOrder - routeB.declarationOrder;
+  }
+  compareSegmentSpecificity(routeA, routeB) {
+    const maxSharedSegments = Math.min(routeA.segmentKinds.length, routeB.segmentKinds.length);
+    for (let index = 0; index < maxSharedSegments; index++) {
+      if (routeA.segmentKinds[index] !== routeB.segmentKinds[index])
+        return routeB.segmentKinds[index] - routeA.segmentKinds[index];
+    }
+    return 0;
+  }
+  getCompiledRoutes(method) {
+    return this.compiledRoutes[method] || [];
   }
   getTypes() {
     return StaticContainer.types;
@@ -113,57 +215,133 @@ const nattyContainer = new class {
   }
 }();
 
+function startWebSchedules(schedules) {
+  if (schedules && Array.isArray(schedules)) {
+    for (const schedule of schedules)
+      startWebSchedule(schedule);
+  }
+}
+async function startWebSchedule(config) {
+  if (config) {
+    const interval = setInterval(async () => {
+      try {
+        clearInterval(interval);
+        await config.scheduleFunction();
+        startWebSchedule(config);
+      } catch (ex) {
+        startWebSchedule(config);
+      }
+    }, config.interval);
+  }
+}
+
 function init(config, appConfig) {
   common.commonContainer.setupConfig(config);
   common.commonContainer.setEnvTsDefinition(appConfig.envTsDefinition);
-  nattyContainer.setup(config, appConfig.routes, appConfig.types);
-  return initializeModule(config);
+  setupLegacyTypes(appConfig.types);
+  nattyContainer.setup(config, appConfig.routes, appConfig.resolver || defaultResolver);
+  callLifeCycleEvents(config, true);
+  const result = initializeModule(config);
+  callLifeCycleEvents(config);
+  startWebSchedules(config.webSchedules);
+  return result;
+}
+function setupLegacyTypes(types) {
+  if (types) {
+    common.commonContainer.types = {};
+    for (const [name, type] of Object.entries(types))
+      common.commonContainer.registerType({ name, ...type });
+  }
+}
+function defaultResolver(path) {
+  if (typeof path === "function")
+    return path();
+  if (typeof path === "string") {
+    const normalizedPath = path.startsWith("/") ? `.${path}` : path;
+    return require(normalizedPath);
+  }
+  return {};
 }
 function initializeModule(config) {
   if (config.app) {
     return config.app.init(config);
   }
 }
-
-function getPreResponseBody(body) {
-  let bodyInfo;
-  if (body) {
-    if (common.isObject(body) || Array.isArray(body))
-      bodyInfo = { json: body };
-    const typeText = typeof body;
-    switch (typeText) {
-      case "string":
-        bodyInfo = { string: body };
-        break;
-      case "number":
-        bodyInfo = { number: body };
-        break;
-      case "boolean":
-        bodyInfo = { boolean: body };
-        break;
+async function callLifeCycleEvents(config, isPreInit = false) {
+  if (config.lifeCycle) {
+    if (config.lifeCycle.preInit && isPreInit) {
+      const preInit = config.lifeCycle.preInit();
+      if (preInit) {
+        if (preInit.cors) {
+          if (!config.cors) {
+            const jObject = { origin: [] };
+            config.cors = jObject;
+          } else if (!config.cors.origin)
+            config.cors.origin = [];
+          if (preInit.cors.origin)
+            preInit.cors.origin.forEach((t) => {
+              config.cors?.origin.push(t);
+            });
+          if (preInit.cors.methods)
+            config.cors.methods = preInit.cors.methods;
+          if (preInit.cors.optionsSuccessStatus)
+            config.cors.optionsSuccessStatus = preInit.cors.optionsSuccessStatus;
+          if (preInit.cors.preflightContinue)
+            config.cors.preflightContinue = preInit.cors.preflightContinue;
+        }
+      }
     }
+    if (config.lifeCycle.onStart) {
+      config.lifeCycle.onStart();
+    }
+  }
+}
+
+function getPreResponseBody(body, isBuffer = false) {
+  if (body === void 0 || body === null)
+    return void 0;
+  if (isBuffer)
+    return { buffer: body };
+  if (common.isObject(body) || Array.isArray(body))
+    return { json: body };
+  switch (typeof body) {
+    case "string":
+      return { string: body };
+    case "number":
+      return { number: body };
+    case "boolean":
+      return { boolean: body };
+    default:
+      return { json: body };
   }
-  return bodyInfo;
 }
 
 class HttpResponse {
   constructor(response) {
-    this._cookies = new Array();
+    this._cookies = [];
     this._headers = new Headers();
+    this._isBuffer = false;
     this.setValues(response);
   }
   setValues(responseInit) {
-    if (responseInit) {
-      if (responseInit.headers)
-        for (const [key, value] of Object.entries(responseInit.headers))
-          this.headers.append(key, value);
-      if (responseInit.cookies)
-        for (const cookie of responseInit.cookies)
-          this.addCookie(cookie);
-      if (responseInit.status)
-        this.status = responseInit.status;
-      if (responseInit.body)
-        this.body = responseInit.body;
+    if (!responseInit)
+      return;
+    if ("isBuffer" in responseInit)
+      this._isBuffer = !!responseInit.isBuffer;
+    if (responseInit.headers) {
+      for (const [key, value] of Object.entries(responseInit.headers)) {
+        this.headers.append(key, String(value));
+      }
+    }
+    if (responseInit.cookies) {
+      for (const cookie of responseInit.cookies)
+        this.addCookie(cookie);
+    }
+    if ("status" in responseInit && responseInit.status !== void 0) {
+      this.status = responseInit.status;
+    }
+    if ("body" in responseInit) {
+      this.body = responseInit.body;
     }
   }
   addCookie(cookie) {
@@ -173,7 +351,7 @@ class HttpResponse {
     return this._cookies;
   }
   get status() {
-    return this._status;
+    return this._status ?? 200;
   }
   set status(value) {
     this._status = value;
@@ -185,22 +363,62 @@ class HttpResponse {
     return this._body;
   }
   set body(value) {
-    this._body = getPreResponseBody(value);
+    this._body = getPreResponseBody(value, this._isBuffer);
   }
   write(responseInit) {
     this.setValues(responseInit);
   }
 }
 
-class HttpException {
-  constructor(response) {
+class HttpException extends Error {
+  constructor(response, message) {
+    const bodyMsg = response?.body?.message;
+    const msg = message ?? (typeof bodyMsg === "string" && bodyMsg.trim() ? bodyMsg : `HTTP ${response.status ?? 500}`);
+    super(msg);
+    this.name = this.constructor.name;
     this.httpResponse = new HttpResponse(response);
+    const anyErr = Error;
+    if (typeof anyErr.captureStackTrace === "function") {
+      anyErr.captureStackTrace(this, this.constructor);
+    }
   }
   getResponse() {
     return this.httpResponse;
   }
 }
 
+class HttpRequest {
+  constructor(http) {
+    this.httpRequest = http;
+  }
+  get cookies() {
+    return this.httpRequest.cookies;
+  }
+  get url() {
+    return this.httpRequest.url;
+  }
+  get method() {
+    return this.httpRequest.method;
+  }
+  get headers() {
+    return this.httpRequest.headers;
+  }
+  get user() {
+    return null;
+  }
+  get body() {
+    return this.httpRequest.body;
+  }
+}
+
+class HttpContext {
+  constructor(request, context) {
+    this.request = new HttpRequest(request);
+    this.response = new HttpResponse();
+    this.context = context;
+  }
+}
+
 var RequestPipeline = /* @__PURE__ */ ((RequestPipeline2) => {
   RequestPipeline2[RequestPipeline2["onAuthentication"] = 0] = "onAuthentication";
   RequestPipeline2[RequestPipeline2["onAuthorization"] = 1] = "onAuthorization";
@@ -327,20 +545,24 @@ class HttpNotFoundException extends HttpException {
 var HttpStatusCode = /* @__PURE__ */ ((HttpStatusCode2) => {
   HttpStatusCode2[HttpStatusCode2["success"] = 200] = "success";
   HttpStatusCode2[HttpStatusCode2["created"] = 201] = "created";
+  HttpStatusCode2[HttpStatusCode2["accepted"] = 202] = "accepted";
   HttpStatusCode2[HttpStatusCode2["noContent"] = 204] = "noContent";
-  HttpStatusCode2[HttpStatusCode2["notFound"] = 404] = "notFound";
+  HttpStatusCode2[HttpStatusCode2["movedPermanently"] = 301] = "movedPermanently";
+  HttpStatusCode2[HttpStatusCode2["found"] = 302] = "found";
+  HttpStatusCode2[HttpStatusCode2["badRequest"] = 400] = "badRequest";
   HttpStatusCode2[HttpStatusCode2["unAuthorized"] = 401] = "unAuthorized";
   HttpStatusCode2[HttpStatusCode2["forbiddenAccess"] = 403] = "forbiddenAccess";
-  HttpStatusCode2[HttpStatusCode2["badRequest"] = 400] = "badRequest";
+  HttpStatusCode2[HttpStatusCode2["notFound"] = 404] = "notFound";
+  HttpStatusCode2[HttpStatusCode2["conflict"] = 409] = "conflict";
+  HttpStatusCode2[HttpStatusCode2["unprocessableEntity"] = 422] = "unprocessableEntity";
+  HttpStatusCode2[HttpStatusCode2["tooManyRequests"] = 429] = "tooManyRequests";
   HttpStatusCode2[HttpStatusCode2["serverError"] = 500] = "serverError";
   return HttpStatusCode2;
 })(HttpStatusCode || {});
 
 class BaseResult {
-  constructor(response, responseHeaders) {
-    this.response = response;
-    if (responseHeaders)
-      this.response = { ...this.response, ...responseHeaders };
+  constructor(response, extras) {
+    this.response = extras ? { ...response, ...extras } : response;
   }
   getResponse() {
     return this.response;
@@ -348,6 +570,7 @@ class BaseResult {
 }
 
 function getResponseBodyObject(body, props) {
+  const sensitiveProps = common.commonContainer.nattyConfig?.secure?.sensitiveProps;
   if (body instanceof common.List)
     return getResponseBodyObject(body.values, body.props);
   if (Array.isArray(body)) {
@@ -361,7 +584,8 @@ function getResponseBodyObject(body, props) {
     const keys = Object.keys(body);
     const getterProps = props ? Object.keys(props).map((key) => props[key]) : [];
     for (const key of [...keys, ...getterProps])
-      jObject[key] = getResponseBodyObject(body[key]);
+      if (!sensitiveProps || sensitiveProps.filter((t) => t == key.toLowerCase()).length == 0)
+        jObject[key] = getResponseBodyObject(body[key]);
     return jObject;
   }
   return body;
@@ -385,10 +609,19 @@ class BaseResponse {
   notFound() {
     throw new HttpNotFoundException({});
   }
+  normalizeHttpResponse(result) {
+    if (result instanceof HttpResponse)
+      return result;
+    if (result instanceof HttpException)
+      return result.getResponse();
+    if (result && typeof result === "object" && ("status" in result || "body" in result || "headers" in result || "cookies" in result || "isBuffer" in result))
+      return new HttpResponse(result);
+    return result;
+  }
 }
 
 function getTypedErrorMessage(type, value) {
-  const message = common.commonContainer.nattyConfig.modelBinding.errorMessage.typed[type];
+  const message = common.commonContainer.nattyConfig?.modelBinding?.errorMessage?.typed ? common.commonContainer.nattyConfig?.modelBinding?.errorMessage?.typed[type] : "";
   return parseMessage(message, [value]);
 }
 function parseMessage(message, value) {
@@ -455,7 +688,7 @@ const entityContainer = new class {
   }
   getPropertyValidators(entityName, propName) {
     const entityInfo = this.entityConfig[entityName];
-    const propertyInfo = entityInfo.properties[propName];
+    const propertyInfo = entityInfo ? entityInfo.properties[propName] : void 0;
     return propertyInfo ? propertyInfo.validators : {};
   }
   getProperties(entityName) {
@@ -464,6 +697,115 @@ const entityContainer = new class {
   }
 }();
 
+class ForbiddenAccessException extends HttpException {
+  constructor(data) {
+    super({
+      body: data,
+      status: 403
+    });
+  }
+}
+
+class UnauthorizedAccessException extends HttpException {
+  constructor(data) {
+    super({
+      body: data,
+      status: 401
+    });
+  }
+}
+
+class AcceptedException extends HttpException {
+  constructor(data) {
+    super({ body: data, status: HttpStatusCode.accepted });
+  }
+}
+
+class HttpConflictException extends HttpException {
+  constructor(data) {
+    super({ body: data, status: HttpStatusCode.conflict });
+  }
+}
+
+class HttpUnprocessableEntityException extends HttpException {
+  constructor(data) {
+    super({ body: data, status: HttpStatusCode.unprocessableEntity });
+  }
+}
+
+function formatRetryAfter(value) {
+  if (typeof value === "number")
+    return String(Math.max(0, Math.floor(value)));
+  if (value instanceof Date)
+    return value.toUTCString();
+  return String(value);
+}
+class TooManyRequestsException extends HttpException {
+  constructor(data, retryAfter) {
+    super({
+      body: data,
+      status: HttpStatusCode.tooManyRequests,
+      headers: retryAfter !== void 0 ? { "Retry-After": formatRetryAfter(retryAfter) } : void 0
+    });
+  }
+}
+
+class RedirectException extends HttpException {
+  constructor(location, data) {
+    super({
+      body: data,
+      status: HttpStatusCode.found,
+      headers: { Location: location }
+    });
+  }
+}
+
+class RedirectPermanentException extends HttpException {
+  constructor(location, data) {
+    super({
+      body: data,
+      status: HttpStatusCode.movedPermanently,
+      headers: { Location: location }
+    });
+  }
+}
+
+class ProblemDetailsException extends HttpException {
+  constructor(problem, status, headers) {
+    const resolvedStatus = status ?? problem.status ?? 500;
+    super({
+      status: resolvedStatus,
+      body: { ...problem, status: resolvedStatus },
+      headers: {
+        "Content-Type": "application/problem+json; charset=utf-8",
+        ...headers ?? {}
+      }
+    });
+  }
+}
+class ValidationProblemDetailsException extends ProblemDetailsException {
+  constructor(errors, detail, status = 400) {
+    super(
+      {
+        type: "https://tools.ietf.org/html/rfc7231#section-6.5.1",
+        title: "One or more validation errors occurred.",
+        status,
+        detail,
+        errors
+      },
+      status
+    );
+  }
+}
+
+function CreateProblemDetail(modelName, detail) {
+  return {
+    type: "https://tools.ietf.org/html/rfc7231#section-6.5.1",
+    title: `The specified ${modelName} model props are invalid.`,
+    detail
+  };
+}
+
 class ParameterTypeConverter extends BaseResponse {
   constructor() {
     super(...arguments);
@@ -524,12 +866,14 @@ class ParameterTypeConverter extends BaseResponse {
         } else {
           if (this.isArrayType(property.type) && Array.isArray(value)) {
             let arrayValue = body[property.name] = [];
-            let arrayInvalidProps = invalidProps[property.name] = [];
             for (const item of value) {
               const sanitizeValue = this.sanitizer[property.type.toLowerCase()] ? this.sanitizer[property.type.toLowerCase()](item) : item;
-              if (sanitizeValue === INVALID_VALUE)
+              if (sanitizeValue === INVALID_VALUE) {
+                let arrayInvalidProps = invalidProps[property.name];
+                if (!arrayInvalidProps)
+                  arrayInvalidProps = invalidProps[property.name] = [];
                 arrayInvalidProps.push(property);
-              else
+              } else
                 arrayValue.push(sanitizeValue);
             }
           } else
@@ -550,14 +894,17 @@ class ParameterTypeConverter extends BaseResponse {
     for (const parameterInfo of methodInfo.parameters) {
       const value = jObject[parameterInfo.name];
       if (value !== void 0) {
-        jObject[parameterInfo.name] = SANITIZERS[parameterInfo.type](value);
+        const sanitizedValue = SANITIZERS[parameterInfo.type](value);
+        if (sanitizedValue === null && sanitizedValue != value)
+          throw new HttpBadRequestException(CreateProblemDetail(parameterInfo.type, [{ [parameterInfo.name]: `The supplied data type must be  "${parameterInfo.type}"` }]));
+        jObject[parameterInfo.name] = sanitizedValue;
       }
     }
     return jObject;
   }
   convertToInstance(entityName, data) {
     const typesInfo = this.types[entityName];
-    const target = this.getClassTarget(typesInfo.path) || entityContainer.getTarget(entityName);
+    const target = this.getClassTarget(typesInfo.path, entityName) || entityContainer.getTarget(entityName);
     let instance = null;
     if (target) {
       instance = new target();
@@ -566,11 +913,10 @@ class ParameterTypeConverter extends BaseResponse {
       instance = data;
     return instance;
   }
-  getClassTarget(resolver) {
-    if (resolver) {
-      const classInfo = resolver();
-      const name = Object.keys(classInfo)[0];
-      return classInfo[name];
+  getClassTarget(path, entityName) {
+    if (path) {
+      const classInfo = nattyContainer.resolver(path);
+      return classInfo[entityName];
     }
     return void 0;
   }
@@ -606,8 +952,8 @@ class RouteParser extends ParameterTypeConverter {
   get httpMethod() {
     return this.httpContext.request.method.toLowerCase();
   }
-  get appRoutes() {
-    return nattyContainer.routes;
+  get compiledRoutes() {
+    return nattyContainer.getCompiledRoutes(this.httpMethod);
   }
   init() {
     const isMatched = this.matchRoute();
@@ -620,47 +966,46 @@ class RouteParser extends ParameterTypeConverter {
     return controllerInfo[name];
   }
   matchRoute() {
-    let isMatched = false;
-    const requestPathname = this.getRequestPathname();
-    for (const [key, value] of Object.entries(this.appRoutes)) {
-      const rootPath = key;
-      const routeConfig = value;
-      const childRoutes = routeConfig[this.httpMethod];
-      if (childRoutes) {
-        for (const [key2, value2] of Object.entries(childRoutes)) {
-          const childPath = key2.indexOf(common.RIGHT_SLASH) == 0 ? key2 === common.RIGHT_SLASH ? common.BLANK : key2 : `/${key2}`;
-          const methodInfo = value2;
-          const configuredRoutePath = `${rootPath}${childPath}`;
-          const routeMatch = pathToRegexp.match(`${rootPath}${childPath}`, { decode: decodeURIComponent });
-          const matched = routeMatch(requestPathname);
-          if (matched) {
-            isMatched = true;
-            this.routeInfo = {
-              path: `${common.commonContainer.nattyConfig.api.rootPath}/${requestPathname}`,
-              configuredRoutePath: `${common.commonContainer.nattyConfig.api.rootPath}/${configuredRoutePath}`,
-              controller: this.getController(routeConfig),
-              parameters: routeConfig.parameters,
-              methodInfo,
-              params: this.convert(methodInfo, matched.params),
-              queryParams: this.getQueryParams()
-            };
-            break;
-          }
-        }
+    const requestUrl = this.getRequestUrl();
+    const requestPathname = this.getRequestPathname(requestUrl);
+    for (const route of this.compiledRoutes) {
+      const matched = route.matcher(requestPathname);
+      if (matched) {
+        this.routeInfo = {
+          path: `${common.commonContainer.nattyConfig.api.rootPath}/${requestPathname}`,
+          configuredRoutePath: `${common.commonContainer.nattyConfig.api.rootPath}/${route.configuredRoutePath}`,
+          controller: this.getController(route.routeConfig),
+          parameters: route.routeConfig.parameters,
+          methodInfo: route.methodInfo,
+          params: this.convert(route.methodInfo, matched.params),
+          queryParams: this.getQueryParams(requestUrl)
+        };
+        return true;
       }
     }
-    return isMatched;
-  }
-  getRequestPathname() {
-    const apiRootPath = common.commonContainer.nattyConfig.api.rootPath;
-    const url = new URL(this.httpContext.request.url);
-    let splitUrl = url.pathname.split(`${apiRootPath}/`);
-    if (splitUrl.length > 1)
-      return splitUrl[1];
-    return url.pathname;
-  }
-  getQueryParams() {
-    const url = new URL(this.httpContext.request.url);
+    return false;
+  }
+  getRequestUrl() {
+    if (!this.parsedRequestUrl)
+      this.parsedRequestUrl = new URL(this.httpContext.request.url);
+    return this.parsedRequestUrl;
+  }
+  getRequestPathname(url) {
+    const apiRootPath = String(common.commonContainer.nattyConfig.api.rootPath || "").replace(/^\/+|\/+$/g, "");
+    const normalizedPathname = url.pathname.replace(/^\/+/, "");
+    if (!apiRootPath) {
+      return normalizedPathname;
+    }
+    if (normalizedPathname === apiRootPath) {
+      return "";
+    }
+    const apiPrefix = `${apiRootPath}/`;
+    if (normalizedPathname.startsWith(apiPrefix)) {
+      return normalizedPathname.slice(apiPrefix.length);
+    }
+    return normalizedPathname;
+  }
+  getQueryParams(url) {
     const queryParams = {};
     for (const param of url.searchParams.keys())
       queryParams[param] = url.searchParams.get(param);
@@ -668,20 +1013,13 @@ class RouteParser extends ParameterTypeConverter {
   }
 }
 
-class UnauthorizedAccessException extends HttpException {
-  constructor(data) {
-    super({
-      body: data,
-      status: 401
-    });
-  }
-}
-
 const decoratorStateContainer = new class {
   constructor() {
     this.controllerConfig = {};
+    this.controllerSources = /* @__PURE__ */ new Map();
+    this.sourceControllers = /* @__PURE__ */ new Map();
   }
-  register(params, type, additionalConfig) {
+  register(params, type, additionalConfig, sourceFile) {
     const name = params.target.name || params.target.constructor.name;
     let controllerInfo = this.controllerConfig[name] || null;
     let controllerMethodInfo = null;
@@ -694,6 +1032,9 @@ const decoratorStateContainer = new class {
       controllerMethodInfo[type] = additionalConfig;
     } else
       controllerInfo.config[type] = additionalConfig;
+    if (sourceFile) {
+      this.trackControllerSource(name, sourceFile);
+    }
   }
   getInfo(controllerName, methodName, type) {
     const controllerInfo = this.controllerConfig[controllerName];
@@ -706,6 +1047,55 @@ const decoratorStateContainer = new class {
       methodConfig = methodInfo[type];
     return { controllerConfig, methodConfig };
   }
+  clearFromSource(sourceFile) {
+    const normalizedSourceFile = this.normalizeFilePath(sourceFile);
+    const controllerNames = Array.from(
+      this.sourceControllers.get(normalizedSourceFile) || []
+    );
+    this.clearControllers(controllerNames);
+    this.sourceControllers.delete(normalizedSourceFile);
+    return controllerNames;
+  }
+  clearControllers(controllerNames) {
+    const removedControllers = [];
+    for (const controllerName of controllerNames) {
+      const previousSource = this.controllerSources.get(controllerName);
+      delete this.controllerConfig[controllerName];
+      this.controllerSources.delete(controllerName);
+      removedControllers.push(controllerName);
+      if (previousSource) {
+        const controllers = this.sourceControllers.get(previousSource);
+        controllers?.delete(controllerName);
+        if (controllers && controllers.size === 0) {
+          this.sourceControllers.delete(previousSource);
+        }
+      }
+    }
+    return removedControllers;
+  }
+  reset() {
+    this.controllerConfig = {};
+    this.controllerSources.clear();
+    this.sourceControllers.clear();
+  }
+  trackControllerSource(controllerName, sourceFile) {
+    const normalizedSourceFile = this.normalizeFilePath(sourceFile);
+    const previousSource = this.controllerSources.get(controllerName);
+    if (previousSource && previousSource !== normalizedSourceFile) {
+      this.sourceControllers.get(previousSource)?.delete(controllerName);
+      if (this.sourceControllers.get(previousSource)?.size === 0) {
+        this.sourceControllers.delete(previousSource);
+      }
+    }
+    this.controllerSources.set(controllerName, normalizedSourceFile);
+    if (!this.sourceControllers.has(normalizedSourceFile)) {
+      this.sourceControllers.set(normalizedSourceFile, /* @__PURE__ */ new Set());
+    }
+    this.sourceControllers.get(normalizedSourceFile)?.add(controllerName);
+  }
+  normalizeFilePath(filePath) {
+    return path__default.resolve(filePath).replace(/\\/g, "/");
+  }
 }();
 
 var DecoratorType = /* @__PURE__ */ ((DecoratorType2) => {
@@ -722,22 +1112,13 @@ var DecoratorType = /* @__PURE__ */ ((DecoratorType2) => {
   return DecoratorType2;
 })(DecoratorType || {});
 
-class ForbiddenAccessException extends HttpException {
-  constructor(data) {
-    super({
-      body: data,
-      status: 403
-    });
-  }
-}
-
 class AbstractExecutionContext {
   constructor(context, routeInfo) {
     this.context = context;
     this.routeInfo = routeInfo;
   }
   resolveService(instance) {
-    return tsyringe.container.resolve(instance);
+    return this.context.services.get(instance);
   }
   get request() {
     return this.context.request;
@@ -760,14 +1141,6 @@ class ActionExecutingContext extends AbstractExecutionContext {
   }
 }
 
-function CreateProblemDetail(modelName, detail) {
-  return {
-    type: "https://tools.ietf.org/html/rfc7231#section-6.5.1",
-    title: `The specified ${modelName} model props are invalid.`,
-    detail
-  };
-}
-
 function runValidators(entityName, value) {
   const typeInfo = nattyContainer.types[entityName];
   let errors = {};
@@ -790,7 +1163,7 @@ function runValidators(entityName, value) {
             errors[propertyInfo.name] = arrayPropErrors.length > 0 ? arrayPropErrors : null;
           } else
             errors[propertyInfo.name] = runValidators(childEntityName, propValue);
-          if (Array.isArray(errors[propertyInfo.name]) && errors[propertyInfo.name].length == 0 || Object.keys(errors[propertyInfo.name]).length == 0)
+          if (Array.isArray(errors[propertyInfo.name]) && errors[propertyInfo.name].length == 0 || Object.keys(errors[propertyInfo.name] ?? {}).length == 0)
             errors[propertyInfo.name] = null;
         }
       } else {
@@ -815,11 +1188,12 @@ function getTypeName(typeName) {
 }
 
 class ModelBindingContext extends ParameterTypeConverter {
-  constructor(type, typeInfo, data) {
+  constructor(type, typeInfo, data, throwOnValidationError = false) {
     super();
     this.type = type;
     this.typeInfo = typeInfo;
     this.data = data;
+    this.throwOnValidationError = throwOnValidationError;
     this.serialize();
   }
   serialize() {
@@ -829,6 +1203,8 @@ class ModelBindingContext extends ParameterTypeConverter {
     else
       this.data = body;
     this.instance = this.convertToInstance(this.type, this.data);
+    if (this.throwOnValidationError && !this.isValid)
+      throw new HttpBadRequestException(CreateProblemDetail(this.type, this.errors));
   }
   get isValid() {
     const errors = runValidators(this.type, this.instance);
@@ -845,6 +1221,17 @@ class ActionExecutedContext extends AbstractExecutionContext {
     super(httpContext, routeInfo);
     this.content = content;
   }
+  get response() {
+    return this.context.response;
+  }
+}
+
+class AuthorizationContext extends AbstractExecutionContext {
+  constructor(models, context, routeInfo, config) {
+    super(context, routeInfo);
+    this.models = models;
+    this.config = config;
+  }
 }
 
 class RequestProcessor extends RouteParser {
@@ -857,13 +1244,10 @@ class RequestProcessor extends RouteParser {
       case RequestPipeline.onAuthentication:
         await this.onAuthentication();
         break;
-      case RequestPipeline.onAuthorization:
-        await this.onAuthorization();
-        break;
     }
   }
   resolveFilter(instance) {
-    return tsyringe.container.resolve(instance);
+    return this.httpContext.services.get(instance);
   }
   getAuthenticationClass() {
     let authentication = void 0;
@@ -880,26 +1264,37 @@ class RequestProcessor extends RouteParser {
     const authentication = this.getAuthenticationClass();
     const authenticationFilter = authentication ? this.resolveFilter(authentication) : void 0;
     const anonymousInfo = decoratorStateContainer.getInfo(this.routeInfo.controller.name, this.routeInfo.methodInfo.name, DecoratorType.anonymous);
+    if (!authenticationFilter) {
+      if (common.commonContainer.nattyConfig?.secure?.denyByDefault && !anonymousInfo.controllerConfig && !anonymousInfo.methodConfig)
+        throw new UnauthorizedAccessException(DENY_BY_DEFAULT);
+      return;
+    }
     if (authenticationFilter) {
       const result = await authenticationFilter.onAuthentication(this.httpContext);
       this.httpContext.user = result;
       if (!result.isAuthenticate && !anonymousInfo.controllerConfig && !anonymousInfo.methodConfig)
         throw new UnauthorizedAccessException(authenticationFilter.onFailedResponse());
-      await this.onAuthorization();
     }
   }
-  async onAuthorization() {
+  async onAuthorization(methodParameters) {
     const authorization = common.commonContainer.globalConfig.authorization;
     const authorizationFilter = authorization ? this.resolveFilter(authorization) : void 0;
     const authorizeConfig = decoratorStateContainer.getInfo(this.routeInfo.controller.name, this.routeInfo.methodInfo.name, DecoratorType.authorize);
     const authenticationOnly = decoratorStateContainer.getInfo(this.routeInfo.controller.name, this.routeInfo.methodInfo.name, DecoratorType.authenticationOnly);
-    if (this.httpContext.user?.isAuthenticate && authorizationFilter && (!authenticationOnly.controllerConfig && !authenticationOnly.methodConfig)) {
-      const result = await authorizationFilter.onAuthorization(this.httpContext, authorizeConfig.methodConfig || authorizeConfig.controllerConfig);
+    if (this.httpContext.user?.isAuthenticate && authorizationFilter && (authorizeConfig.controllerConfig || authorizeConfig.methodConfig) && (!authenticationOnly.controllerConfig && !authenticationOnly.methodConfig)) {
+      const authorizationContext = new AuthorizationContext(
+        methodParameters.filter((t) => t instanceof ModelBindingContext),
+        this.httpContext,
+        this.routeInfo,
+        authorizeConfig.methodConfig || authorizeConfig.controllerConfig
+      );
+      const result = await authorizationFilter.onAuthorization(authorizationContext, authorizationContext.config);
       if (!result)
         throw new ForbiddenAccessException(authorizationFilter.onFailedAuthorization());
     }
   }
   async onActionExecuting(methodParameters) {
+    await this.onAuthorization(methodParameters);
     let actionFilters = common.commonContainer.globalConfig.actionFilters || [];
     const actionFiltersConfig = decoratorStateContainer.getInfo(this.routeInfo.controller.name, this.routeInfo.methodInfo.name, DecoratorType.useFilter);
     actionFilters = [...actionFilters, ...actionFiltersConfig.controllerConfig?.actionFilters || [], ...actionFiltersConfig.methodConfig?.actionFilters || []];
@@ -929,9 +1324,227 @@ class RequestProcessor extends RouteParser {
   }
 }
 
+const PARAM_TOKENS_KEY = Symbol.for("natty:di:paramtokens");
+function getParamTokens(Cls) {
+  return Reflect.getMetadata(PARAM_TOKENS_KEY, Cls);
+}
+
+function isClassToken(x) {
+  return typeof x === "function";
+}
+
+var Lifetime = /* @__PURE__ */ ((Lifetime2) => {
+  Lifetime2["Singleton"] = "singleton";
+  Lifetime2["Scoped"] = "scoped";
+  Lifetime2["Transient"] = "transient";
+  return Lifetime2;
+})(Lifetime || {});
+
+function isDisposable(x) {
+  return x && typeof x.dispose === "function";
+}
+
+class NattyScope {
+  constructor(root) {
+    this.root = root;
+    this.scoped = /* @__PURE__ */ new Map();
+    this.disposables = [];
+  }
+  createScope() {
+    return new NattyScope(this.root);
+  }
+  set(token, value) {
+    this.scoped.set(token, value);
+    if (isDisposable(value))
+      this.disposables.push(value);
+  }
+  tryGet(token) {
+    try {
+      return this.get(token);
+    } catch {
+      return void 0;
+    }
+  }
+  get(token) {
+    if (this.scoped.has(token))
+      return this.scoped.get(token);
+    const desc = this.root._getDescriptor(token);
+    if (!desc) {
+      if (typeof token === "function")
+        return this.root.construct(token, this);
+      throw new Error(`DI: No registration for token: ${String(token)}`);
+    }
+    if (desc.lifetime === Lifetime.Singleton) {
+      return this.root.get(token);
+    }
+    if (desc.lifetime === Lifetime.Scoped) {
+      const created = desc.useFactory ? desc.useFactory(this) : this.root.construct(desc.useClass, this);
+      this.scoped.set(token, created);
+      if (isDisposable(created))
+        this.disposables.push(created);
+      return created;
+    }
+    return desc.useFactory ? desc.useFactory(this) : this.root.construct(desc.useClass, this);
+  }
+  async dispose() {
+    for (let i = this.disposables.length - 1; i >= 0; i--) {
+      const d = this.disposables[i];
+      await d.dispose();
+    }
+    this.disposables.length = 0;
+    this.scoped.clear();
+  }
+}
+
+function normalizeFilePath$1(filePath) {
+  return path__default.resolve(filePath).replace(/\\/g, "/");
+}
+class NattyContainer {
+  constructor() {
+    this.regs = /* @__PURE__ */ new Map();
+    this.singletons = /* @__PURE__ */ new Map();
+    this.tokenSources = /* @__PURE__ */ new Map();
+    this.sourceTokens = /* @__PURE__ */ new Map();
+    this.metadataKeySources = /* @__PURE__ */ new Map();
+    this.sourceMetadataKeys = /* @__PURE__ */ new Map();
+  }
+  register(token, desc, sourceFile) {
+    this.regs.set(token, desc);
+    if (sourceFile) {
+      this.trackTokenSource(token, sourceFile);
+    }
+  }
+  addTransient(token, useClass, useFactory, sourceFile) {
+    this.register(
+      token,
+      { lifetime: Lifetime.Transient, useClass: useClass ?? token, useFactory },
+      sourceFile
+    );
+  }
+  addScoped(token, useClass, useFactory, sourceFile) {
+    this.register(
+      token,
+      { lifetime: Lifetime.Scoped, useClass: useClass ?? token, useFactory },
+      sourceFile
+    );
+  }
+  addSingleton(token, useClass, useFactory, sourceFile) {
+    this.register(
+      token,
+      { lifetime: Lifetime.Singleton, useClass: useClass ?? token, useFactory },
+      sourceFile
+    );
+  }
+  addInstance(token, value, sourceFile) {
+    this.register(token, { lifetime: Lifetime.Singleton, useValue: value }, sourceFile);
+    this.singletons.set(token, value);
+  }
+  createScope() {
+    return new NattyScope(this);
+  }
+  set(_token, _value) {
+    throw new Error("Use scope.set(token, value) for per-request instances.");
+  }
+  tryGet(token) {
+    try {
+      return this.get(token);
+    } catch {
+      return void 0;
+    }
+  }
+  get(token) {
+    const desc = this.regs.get(token);
+    if (!desc) {
+      if (isClassToken(token))
+        return this.construct(token, this);
+      throw new Error(`DI: No registration for token: ${String(token)}`);
+    }
+    if (desc.lifetime === Lifetime.Singleton) {
+      if (desc.useValue !== void 0)
+        return desc.useValue;
+      if (this.singletons.has(token))
+        return this.singletons.get(token);
+      const created = desc.useFactory ? desc.useFactory(this) : this.construct(desc.useClass, this);
+      this.singletons.set(token, created);
+      return created;
+    }
+    throw new Error(
+      `DI: Tried to resolve ${desc.lifetime} service from root container. Use httpContext.services.get(...)`
+    );
+  }
+  construct(Cls, sp) {
+    const paramTypes = Reflect.getMetadata("design:paramtypes", Cls) || [];
+    const overrideTokens = getParamTokens(Cls) || [];
+    const args = paramTypes.map((t, i) => sp.get(overrideTokens[i] ?? t));
+    return new Cls(...args);
+  }
+  _getDescriptor(token) {
+    return this.regs.get(token);
+  }
+  trackMetadataKey(sourceFile, key) {
+    const normalizedSourceFile = normalizeFilePath$1(sourceFile);
+    const previousSource = this.metadataKeySources.get(key);
+    if (previousSource && previousSource !== normalizedSourceFile) {
+      this.sourceMetadataKeys.get(previousSource)?.delete(key);
+      if (this.sourceMetadataKeys.get(previousSource)?.size === 0) {
+        this.sourceMetadataKeys.delete(previousSource);
+      }
+    }
+    this.metadataKeySources.set(key, normalizedSourceFile);
+    if (!this.sourceMetadataKeys.has(normalizedSourceFile)) {
+      this.sourceMetadataKeys.set(normalizedSourceFile, /* @__PURE__ */ new Set());
+    }
+    this.sourceMetadataKeys.get(normalizedSourceFile)?.add(key);
+  }
+  clearRegistrationsFromSource(sourceFile) {
+    const normalizedSourceFile = normalizeFilePath$1(sourceFile);
+    const tokens = Array.from(this.sourceTokens.get(normalizedSourceFile) || []);
+    const metadataKeys = Array.from(
+      this.sourceMetadataKeys.get(normalizedSourceFile) || []
+    );
+    for (const token of tokens) {
+      this.regs.delete(token);
+      this.singletons.delete(token);
+      this.tokenSources.delete(token);
+    }
+    for (const metadataKey of metadataKeys) {
+      this.metadataKeySources.delete(metadataKey);
+    }
+    this.sourceTokens.delete(normalizedSourceFile);
+    this.sourceMetadataKeys.delete(normalizedSourceFile);
+    return {
+      metadataKeys,
+      tokens
+    };
+  }
+  trackTokenSource(token, sourceFile) {
+    const normalizedSourceFile = normalizeFilePath$1(sourceFile);
+    const previousSource = this.tokenSources.get(token);
+    if (previousSource && previousSource !== normalizedSourceFile) {
+      this.sourceTokens.get(previousSource)?.delete(token);
+      if (this.sourceTokens.get(previousSource)?.size === 0) {
+        this.sourceTokens.delete(previousSource);
+      }
+    }
+    this.tokenSources.set(token, normalizedSourceFile);
+    if (!this.sourceTokens.has(normalizedSourceFile)) {
+      this.sourceTokens.set(normalizedSourceFile, /* @__PURE__ */ new Set());
+    }
+    this.sourceTokens.get(normalizedSourceFile)?.add(token);
+  }
+}
+
+const nattyServiceResolver = new NattyContainer();
+
 class Resolver extends RequestProcessor {
   constructor(httpContext) {
     super(httpContext);
+    this.registerDependency();
+  }
+  registerDependency() {
+    this.httpContext.services = nattyServiceResolver.createScope();
+    common.commonContainer.setMetadata(HttpContext.name, HttpContext, "services");
+    this.httpContext.services.set(HttpContext, this.httpContext);
   }
   getControllerInstance() {
     const controller = this.routeInfo.controller;
@@ -939,18 +1552,27 @@ class Resolver extends RequestProcessor {
     const instance = new controller(...parameters);
     return instance;
   }
-  resolveClass(classConstruct) {
-    return tsyringe.container.resolve(classConstruct);
+  resolveClass(token) {
+    return this.httpContext.services.get(token);
   }
   resolveConstructorParameters() {
     let parameters = [];
     for (const parameter of this.routeInfo.parameters) {
-      const classConstruct = this.getClass(parameter.type);
-      if (classConstruct)
-        parameters.push(this.resolveClass(classConstruct));
+      const token = this.getConstructorParameterToken(parameter);
+      if (token)
+        parameters.push(this.resolveClass(token));
     }
     return parameters;
   }
+  getConstructorParameterToken(parameter) {
+    if (parameter.tokenKey) {
+      return Symbol.for(parameter.tokenKey);
+    }
+    if (parameter.type) {
+      return this.getClass(parameter.type);
+    }
+    return void 0;
+  }
   getMethodParameters() {
     const parameters = new Array();
     for (const parameter of this.routeInfo.methodInfo.parameters) {
@@ -962,7 +1584,7 @@ class Resolver extends RequestProcessor {
       else if (queryParams[parameter.name] !== void 0)
         parameters.push(queryParams[parameter.name]);
       else if (typeInfo && this.httpContext.request.body.json) {
-        const context = new ModelBindingContext(parameter.type, typeInfo.props, this.httpContext.request.body.json);
+        const context = new ModelBindingContext(parameter.type, typeInfo.props, this.httpContext.request.body.json, true);
         parameters.push(context);
       }
     }
@@ -1015,14 +1637,14 @@ class Resolver extends RequestProcessor {
       if (onException) {
         const instance = this.resolveClass(onException);
         if (instance.onException)
-          result = instance.onException({
+          result = this.normalizeHttpResponse(instance.onException({
             error: ex,
             request: this.httpContext.request,
             routeInfo: this.routeInfo
-          });
+          }));
       } else
         result = new HttpException({
-          body: getPreResponseBody({ message: ex.message, stack: ex.stack }),
+          body: { message: ex.message, stack: ex.stack },
           status: HttpStatusCode.serverError
         }).getResponse();
     }
@@ -1050,14 +1672,17 @@ class RequestHandler extends Resolver {
       if (onException) {
         const instance = this.resolveClass(onException);
         if (instance.onException)
-          return instance.onException({
+          return this.normalizeHttpResponse(instance.onException({
             error: ex,
             request: this.httpContext.request,
             routeInfo: this.routeInfo
-          });
+          }));
       } else
         return new HttpException({
-          body: ex,
+          body: {
+            message: ex?.message,
+            stack: ex?.stack
+          },
           status: HttpStatusCode.serverError
         });
     }
@@ -1070,46 +1695,59 @@ class HttpHandler {
   async processRequest(httpContext) {
     const requestProcessor = new RequestHandler(httpContext);
     const result = await requestProcessor.onRequest();
-    return result;
+    if (result instanceof HttpResponse) {
+      return result;
+    }
+    if (result instanceof HttpException) {
+      return result.getResponse();
+    }
+    return new HttpResponse({ body: result });
   }
 }
 
-class HttpRequest {
-  constructor(http) {
-    this.httpRequest = http;
-  }
-  get cookies() {
-    return this.httpRequest.cookies;
-  }
-  get url() {
-    return this.httpRequest.url;
-  }
-  get method() {
-    return this.httpRequest.method;
-  }
-  get headers() {
-    return this.httpRequest.headers;
-  }
-  get user() {
-    return null;
-  }
-  get body() {
-    return this.httpRequest.body;
-  }
+const STACK_PATH_REGEX = /\bat (?:(?:.+?) \()?(.+):(\d+):(\d+)\)?$/;
+function normalizeFilePath(filePath) {
+  return path__default.resolve(filePath).replace(/\\/g, "/");
 }
-
-class HttpContext {
-  constructor(request, context) {
-    this.request = new HttpRequest(request);
-    this.response = new HttpResponse();
-    this.context = context;
+function isInternalRegistrationFrame(filePath) {
+  const normalizedPath = normalizeFilePath(filePath);
+  return normalizedPath.includes("/packages/core/decorators/") || normalizedPath.includes("/packages/core/functions/") || normalizedPath.includes("/packages/core/domain/di/") || normalizedPath.includes("/packages/core/const/") || normalizedPath.includes("/packages/core/dist/") || normalizedPath.includes("/node_modules/@nattyjs/core/dist/");
+}
+function getRegistrationSourceFile() {
+  const stack = new Error().stack;
+  return getRegistrationSourceFileFromStack(stack);
+}
+function getRegistrationSourceFileFromStack(stack) {
+  if (!stack) {
+    return void 0;
+  }
+  const lines = stack.split("\n").slice(1);
+  for (const line of lines) {
+    const match = line.trim().match(STACK_PATH_REGEX);
+    if (!match) {
+      continue;
+    }
+    const filePath = normalizeFilePath(match[1]);
+    if (!isInternalRegistrationFrame(filePath)) {
+      return filePath;
+    }
   }
+  return void 0;
 }
 
 function injectable(options = {}) {
   return (targetConstructor) => {
-    tsyringe.injectable()(targetConstructor);
+    const lt = options.lifetime ?? Lifetime.Transient;
+    const sourceFile = getRegistrationSourceFile();
+    if (lt === Lifetime.Singleton)
+      nattyServiceResolver.addSingleton(targetConstructor, void 0, void 0, sourceFile);
+    else if (lt === Lifetime.Scoped)
+      nattyServiceResolver.addScoped(targetConstructor, void 0, void 0, sourceFile);
+    else
+      nattyServiceResolver.addTransient(targetConstructor, void 0, void 0, sourceFile);
     common.commonContainer.setMetadata(targetConstructor.name, targetConstructor, "services");
+    if (sourceFile)
+      nattyServiceResolver.trackMetadataKey(sourceFile, targetConstructor.name);
   };
 }
 
@@ -1121,7 +1759,7 @@ function $request(request) {
 
 function filter(config) {
   return (targetConstructor) => {
-    tsyringe.injectable()(targetConstructor);
+    injectable({ lifetime: Lifetime.Transient })(targetConstructor);
   };
 }
 
@@ -1150,63 +1788,257 @@ class BaseController {
 }
 
 class OkResult extends BaseResult {
-  constructor(value, response) {
-    super({ ...{ body: getResponseBodyObject(value) }, ...{ status: HttpStatusCode.success } }, response);
-    this.value = value;
+  constructor(value, extras) {
+    super(
+      {
+        status: HttpStatusCode.success,
+        body: getResponseBodyObject(value ?? common.BLANK)
+      },
+      extras
+    );
   }
 }
-function ok(value, response) {
-  return new OkResult(value || common.BLANK, response);
+function ok(value, extras) {
+  return new OkResult(value, extras);
 }
 
-class NotFoundResult extends BaseResult {
-  constructor(response) {
-    super({ ...{ body: common.BLANK }, ...{ status: HttpStatusCode.notFound } }, response);
+class CreatedResult extends BaseResult {
+  constructor(value, extras) {
+    super({ status: HttpStatusCode.created, body: getResponseBodyObject(value ?? common.BLANK) }, extras);
+  }
+}
+function created(value, extras) {
+  return new CreatedResult(value, extras);
+}
+function createdWith(location, value, extras) {
+  const merged = {
+    ...extras ?? {},
+    headers: { ...extras?.headers ?? {}, Location: location }
+  };
+  return new CreatedResult(value, merged);
+}
+function createdAt(location, value, extras) {
+  return createdWith(location, value, extras);
+}
+
+class AcceptedResult extends BaseResult {
+  constructor(value, extras) {
+    super({ status: HttpStatusCode.accepted, body: getResponseBodyObject(value ?? common.BLANK) }, extras);
+    this.value = value;
   }
 }
-function notFound(response) {
-  return new NotFoundResult(response);
+function accepted(value, extras) {
+  return new AcceptedResult(value, extras);
 }
 
 class NoContentResult extends BaseResult {
-  constructor(response) {
-    super({ ...{ body: common.BLANK }, ...{ status: HttpStatusCode.noContent } }, response);
+  constructor(extras) {
+    super(
+      {
+        status: HttpStatusCode.noContent,
+        body: void 0
+      },
+      extras
+    );
+  }
+}
+function noContent(extras) {
+  return new NoContentResult(extras);
+}
+
+class BadRequestResult extends BaseResult {
+  constructor(value, extras) {
+    super({ status: HttpStatusCode.badRequest, body: getResponseBodyObject(value ?? common.BLANK) }, extras);
+    this.value = value;
+  }
+}
+function badRequest(value, extras) {
+  return new BadRequestResult(value, extras);
+}
+
+class UnAuthorizedResult extends BaseResult {
+  constructor(value, extras) {
+    super({ status: HttpStatusCode.unAuthorized, body: getResponseBodyObject(value ?? common.BLANK) }, extras);
+    this.value = value;
   }
 }
-function noContent(response) {
-  return new NoContentResult(response);
+function unAuthorized(value, extras) {
+  return new UnAuthorizedResult(value, extras);
 }
 
 class ForbiddenAccessInfoResult extends BaseResult {
-  constructor(value, response) {
-    super({ ...{ body: value }, ...{ status: HttpStatusCode.forbiddenAccess } }, response);
+  constructor(value, extras) {
+    super(
+      {
+        status: HttpStatusCode.forbiddenAccess,
+        body: getResponseBodyObject(value ?? common.BLANK)
+      },
+      extras
+    );
   }
 }
-function forbiddenAccessInfo(value, response) {
-  return new ForbiddenAccessInfoResult(value, response);
+function forbiddenAccessInfo(value, extras) {
+  return new ForbiddenAccessInfoResult(value, extras);
+}
+function forbiddenAccess(value, extras) {
+  return new ForbiddenAccessInfoResult(value, extras);
 }
 
-class CreatedResult extends BaseResult {
-  constructor(response) {
-    super({ ...{ body: common.BLANK }, ...{ status: HttpStatusCode.created } }, response);
+class NotFoundResult extends BaseResult {
+  constructor(value, extras) {
+    super(
+      {
+        status: HttpStatusCode.notFound,
+        body: getResponseBodyObject(value ?? common.BLANK)
+      },
+      extras
+    );
   }
 }
-function created(response) {
-  return new CreatedResult(response);
+function notFound(extras) {
+  return new NotFoundResult(common.BLANK, extras);
+}
+function notFoundWith(value, extras) {
+  return new NotFoundResult(value, extras);
 }
 
-class BadRequestResult extends BaseResult {
-  constructor(value, response) {
-    super({ ...{ body: value }, ...{ status: HttpStatusCode.badRequest } }, response);
+class ConflictResult extends BaseResult {
+  constructor(value, extras) {
+    super({ status: HttpStatusCode.conflict, body: getResponseBodyObject(value ?? common.BLANK) }, extras);
     this.value = value;
   }
 }
-function badRequest(value, response) {
-  return new BadRequestResult(value || common.BLANK, response);
+function conflict(value, extras) {
+  return new ConflictResult(value, extras);
+}
+
+class UnprocessableEntityResult extends BaseResult {
+  constructor(value, extras) {
+    super({ status: HttpStatusCode.unprocessableEntity, body: getResponseBodyObject(value ?? common.BLANK) }, extras);
+    this.value = value;
+  }
+}
+function unprocessableEntity(value, extras) {
+  return new UnprocessableEntityResult(value, extras);
+}
+
+class TooManyRequestsResult extends BaseResult {
+  constructor(value, retryAfterSeconds, extras) {
+    const merged = {
+      ...extras ?? {},
+      headers: {
+        ...extras?.headers ?? {},
+        ...retryAfterSeconds != null ? { "Retry-After": String(retryAfterSeconds) } : {}
+      }
+    };
+    super({ status: HttpStatusCode.tooManyRequests, body: getResponseBodyObject(value ?? common.BLANK) }, merged);
+    this.value = value;
+  }
+}
+function tooManyRequests(value, retryAfterSeconds, extras) {
+  return new TooManyRequestsResult(value, retryAfterSeconds, extras);
+}
+
+class RedirectResult extends BaseResult {
+  constructor(location, permanent = false, extras) {
+    const merged = {
+      ...extras ?? {},
+      headers: { ...extras?.headers ?? {}, Location: location }
+    };
+    super({ status: permanent ? HttpStatusCode.movedPermanently : HttpStatusCode.found, body: void 0 }, merged);
+  }
+}
+function redirect(location, extras) {
+  return new RedirectResult(location, false, extras);
+}
+function redirectPermanent(location, extras) {
+  return new RedirectResult(location, true, extras);
+}
+
+class ProblemResult extends BaseResult {
+  constructor(problem2, extras) {
+    const status = problem2.status ?? HttpStatusCode.serverError;
+    const merged = {
+      ...extras ?? {},
+      headers: { ...extras?.headers ?? {}, "Content-Type": "application/problem+json; charset=utf-8" }
+    };
+    super({ status, body: { ...problem2, status } }, merged);
+  }
+}
+function problem(problem2, extras) {
+  return new ProblemResult(problem2, extras);
+}
+function validationProblem(errors, detail, extras) {
+  return new ProblemResult(
+    {
+      type: "https://tools.ietf.org/html/rfc7231#section-6.5.1",
+      title: "One or more validation errors occurred.",
+      status: HttpStatusCode.badRequest,
+      detail,
+      errors
+    },
+    extras
+  );
+}
+
+class FileResult extends BaseResult {
+  constructor(buffer, extras) {
+    super({ status: HttpStatusCode.success, body: buffer, isBuffer: true }, extras);
+  }
+}
+function file(buffer, extras) {
+  return new FileResult(buffer, extras);
+}
+
+class StatusCodeResult extends BaseResult {
+  constructor(status, value, extras) {
+    super(
+      {
+        status,
+        body: getResponseBodyObject(value ?? common.BLANK)
+      },
+      extras
+    );
+  }
+}
+function statusCode(status, value, extras) {
+  return new StatusCodeResult(status, value, extras);
 }
 
+const Results = {
+  // 2xx
+  ok: (value, extras) => ok(value, extras),
+  created: (value, extras) => created(value, extras),
+  createdWith: (location, value, extras) => createdWith(location, value, extras),
+  createdAt: (location, value, extras) => createdAt(location, value, extras),
+  accepted: (value, extras) => accepted(value, extras),
+  noContent: (extras) => noContent(extras),
+  file: (buffer, extras) => file(buffer, extras),
+  statusCode: (status, value, extras) => statusCode(status, value, extras),
+  // 4xx
+  badRequest: (value, extras) => badRequest(value, extras),
+  notFound: (extras) => notFound(extras),
+  notFoundWith: (value, extras) => notFoundWith(value, extras),
+  unAuthorized: (value, extras) => unAuthorized(value, extras),
+  forbid: (value, extras) => forbiddenAccess(value, extras),
+  conflict: (value, extras) => conflict(value, extras),
+  unprocessableEntity: (value, extras) => unprocessableEntity(value, extras),
+  tooManyRequests: (value, retryAfterSeconds, extras) => tooManyRequests(value, retryAfterSeconds, extras),
+  // 3xx
+  redirect: (location, extras) => redirect(location, extras),
+  redirectPermanent: (location, extras) => redirectPermanent(location, extras),
+  // problem
+  problem: (p, extras) => problem(p, extras),
+  validationProblem: (errors, detail, extras) => validationProblem(errors, detail, extras)
+};
+
 function base(params, type, additionaConfig) {
-  decoratorStateContainer.register(params, type, additionaConfig);
+  decoratorStateContainer.register(
+    params,
+    type,
+    additionaConfig,
+    getRegistrationSourceFile()
+  );
 }
 
 function useFilter(config) {
@@ -1231,42 +2063,205 @@ function authenticationOnly() {
   };
 }
 
+function onException(exceptionFilter) {
+  return function(target, propertyKey, descriptor) {
+    base({ target, propertyKey, descriptor }, DecoratorType.onException, exceptionFilter);
+  };
+}
+
+function setEnvInfo(envTsDefinition, envValueInfo) {
+  if (envTsDefinition && envValueInfo) {
+    common.commonContainer.setEnvTsDefinition(envTsDefinition);
+    Object.keys(envValueInfo).forEach((key) => {
+      if (envValueInfo[key])
+        process.env[key] = envValueInfo[key];
+    });
+  }
+}
+
+function authorize(permission) {
+  return function(target, propertyKey, descriptor) {
+    base({
+      target,
+      propertyKey,
+      descriptor
+    }, DecoratorType.authorize, permission);
+  };
+}
+
+function scoped(token) {
+  return injectable({ lifetime: Lifetime.Scoped, token });
+}
+
+function transient(token) {
+  return injectable({ lifetime: Lifetime.Transient, token });
+}
+
+function singleton(token) {
+  return injectable({ lifetime: Lifetime.Singleton, token });
+}
+
+function getTokenTypeName(token) {
+  if (typeof token !== "symbol") {
+    return void 0;
+  }
+  const key = Symbol.keyFor(token);
+  if (!key) {
+    return void 0;
+  }
+  const separatorIndex = key.lastIndexOf("#");
+  if (separatorIndex < 0 || separatorIndex === key.length - 1) {
+    return void 0;
+  }
+  return key.slice(separatorIndex + 1);
+}
+
+function registerLifetime(targetConstructor, sourceFile, lifetime) {
+  if (lifetime === Lifetime.Singleton) {
+    nattyServiceResolver.addSingleton(targetConstructor, void 0, void 0, sourceFile);
+    return;
+  }
+  if (lifetime === Lifetime.Scoped) {
+    nattyServiceResolver.addScoped(targetConstructor, void 0, void 0, sourceFile);
+    return;
+  }
+  if (lifetime === Lifetime.Transient) {
+    nattyServiceResolver.addTransient(targetConstructor, void 0, void 0, sourceFile);
+  }
+}
+function registerAliasTypeName(token, sourceFile) {
+  const typeName = getTokenTypeName(token);
+  if (typeName) {
+    common.commonContainer.setMetadata(typeName, token, "services");
+    if (sourceFile)
+      nattyServiceResolver.trackMetadataKey(sourceFile, typeName);
+  }
+}
+function registerDiToken(targetConstructor, token, options = {}) {
+  const sourceFile = getRegistrationSourceFile();
+  common.commonContainer.setMetadata(targetConstructor.name, targetConstructor, "services");
+  if (sourceFile)
+    nattyServiceResolver.trackMetadataKey(sourceFile, targetConstructor.name);
+  registerAliasTypeName(token, sourceFile);
+  registerLifetime(targetConstructor, sourceFile, options.lifetime);
+  nattyServiceResolver.addTransient(
+    token,
+    void 0,
+    (serviceProvider) => serviceProvider.get(targetConstructor),
+    sourceFile
+  );
+}
+
+function di(token, options = {}) {
+  return (targetConstructor) => {
+    registerDiToken(targetConstructor, token, options);
+  };
+}
+
+function createServiceScope() {
+  return nattyServiceResolver.createScope();
+}
+
+function clearHotReloadRegistrations(files) {
+  for (const filePath of files || []) {
+    const result = nattyServiceResolver.clearRegistrationsFromSource(filePath);
+    decoratorStateContainer.clearFromSource(filePath);
+    for (const metadataKey of result.metadataKeys) {
+      common.commonContainer.deleteMetadataValue(metadataKey, "services");
+    }
+  }
+}
+
+function clearHotReloadControllerMetadata(controllerNames) {
+  decoratorStateContainer.clearControllers(controllerNames || []);
+}
+
+function replaceRoutes(manifest) {
+  nattyContainer.replaceRoutes(manifest);
+}
+
 exports.$request = $request;
 exports.AbstractModelState = AbstractModelState;
+exports.AcceptedException = AcceptedException;
+exports.AcceptedResult = AcceptedResult;
 exports.BadRequestResult = BadRequestResult;
 exports.BaseController = BaseController;
+exports.BaseResult = BaseResult;
+exports.ConflictResult = ConflictResult;
+exports.CreateProblemDetail = CreateProblemDetail;
 exports.CreatedResult = CreatedResult;
 exports.Delete = Delete;
+exports.FileResult = FileResult;
 exports.ForbiddenAccessException = ForbiddenAccessException;
 exports.ForbiddenAccessInfoResult = ForbiddenAccessInfoResult;
 exports.HttpBadRequestException = HttpBadRequestException;
+exports.HttpConflictException = HttpConflictException;
 exports.HttpContext = HttpContext;
 exports.HttpException = HttpException;
 exports.HttpHandler = HttpHandler;
 exports.HttpNotFoundException = HttpNotFoundException;
 exports.HttpResponse = HttpResponse;
+exports.HttpStatusCode = HttpStatusCode;
+exports.HttpUnprocessableEntityException = HttpUnprocessableEntityException;
+exports.Lifetime = Lifetime;
 exports.ModelBindingContext = ModelBindingContext;
 exports.NoContentResult = NoContentResult;
 exports.NotFoundResult = NotFoundResult;
 exports.OkResult = OkResult;
+exports.ProblemDetailsException = ProblemDetailsException;
+exports.ProblemResult = ProblemResult;
+exports.RedirectException = RedirectException;
+exports.RedirectPermanentException = RedirectPermanentException;
+exports.RedirectResult = RedirectResult;
+exports.Results = Results;
 exports.RunOn = RunOn;
+exports.TooManyRequestsException = TooManyRequestsException;
+exports.TooManyRequestsResult = TooManyRequestsResult;
+exports.UnAuthorizedResult = UnAuthorizedResult;
 exports.UnauthorizedAccessException = UnauthorizedAccessException;
+exports.UnprocessableEntityResult = UnprocessableEntityResult;
+exports.ValidationProblemDetailsException = ValidationProblemDetailsException;
+exports.accepted = accepted;
 exports.anonymous = anonymous;
 exports.authenticationOnly = authenticationOnly;
+exports.authorize = authorize;
 exports.badRequest = badRequest;
+exports.clearHotReloadControllerMetadata = clearHotReloadControllerMetadata;
+exports.clearHotReloadRegistrations = clearHotReloadRegistrations;
+exports.conflict = conflict;
+exports.createServiceScope = createServiceScope;
 exports.created = created;
+exports.createdAt = createdAt;
+exports.createdWith = createdWith;
 exports.defineNattyConfig = defineNattyConfig;
+exports.di = di;
 exports.entityContainer = entityContainer;
+exports.file = file;
 exports.filter = filter;
+exports.forbiddenAccess = forbiddenAccess;
 exports.forbiddenAccessInfo = forbiddenAccessInfo;
 exports.get = get;
 exports.init = init;
 exports.injectable = injectable;
 exports.noContent = noContent;
 exports.notFound = notFound;
+exports.notFoundWith = notFoundWith;
 exports.ok = ok;
+exports.onException = onException;
 exports.post = post;
+exports.problem = problem;
 exports.put = put;
+exports.redirect = redirect;
+exports.redirectPermanent = redirectPermanent;
 exports.registerDecorator = registerDecorator;
+exports.replaceRoutes = replaceRoutes;
 exports.route = route;
+exports.scoped = scoped;
+exports.setEnvInfo = setEnvInfo;
+exports.singleton = singleton;
+exports.tooManyRequests = tooManyRequests;
+exports.transient = transient;
+exports.unAuthorized = unAuthorized;
+exports.unprocessableEntity = unprocessableEntity;
 exports.useFilter = useFilter;
+exports.validationProblem = validationProblem;